Gary Davis – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Tue, 26 Mar 2019 15:00:36 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Gary Davis – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 Facebook Users: Here are Proactive Tips to Keep Your Data Safe https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/#respond Fri, 22 Mar 2019 23:40:42 +0000 https://securingtomorrow.mcafee.com/?p=94766

Social media has become extremely popular over the years, providing users with an easy way to communicate with their friends and family. As social media users, we put a lot of faith and trust in these platforms to maintain the security of our private information. But what happens when our private information is mishandled? The […]

The post Facebook Users: Here are Proactive Tips to Keep Your Data Safe appeared first on McAfee Blogs.

]]>

Social media has become extremely popular over the years, providing users with an easy way to communicate with their friends and family. As social media users, we put a lot of faith and trust in these platforms to maintain the security of our private information. But what happens when our private information is mishandled? The reality is that these incidents happen and users need to be prepared. Yesterday, Facebook announced that it did not properly mask the passwords of hundreds of millions of its users, primarily those associated with Facebook Lite.

You might be wondering how exactly this happened. It appears that many user passwords for Facebook, Facebook Lite, and Instagram were stored in plaintext in an internal company database. This means that thousands of Facebook employees had access to the database and could have potentially searched through these user passwords. Thankfully, no cases of data misuse were reported in the investigation, and these passwords were never visible to anyone outside of the company. According to Facebook software engineer Scott Renfro, Facebook is in the process of investigating long-term infrastructure changes to prevent these security issues going forward.

According to Facebook’s vice president of engineering, security, and privacy, the company has corrected the password logging bug and plans to notify the users whose passwords may have been exposed. But what can users do to better protect their data when an incident like this occurs? Check out the following tips:

  • Change your password. As a precautionary step, update your Facebook and Instagram passwords by going into the platforms’ security and privacy settings. Make sure your passwords are unique and complex.
  • Use multi-factor authentication. While this shouldn’t be your be-all and end-all security solution, it can help protect your credentials in the case of data exposure.
  • Set up a password manager. Using a password manager is one of the easiest ways to keep track of and manage your passwords so you can easily change them after these types of incidents occur.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Users: Here are Proactive Tips to Keep Your Data Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/feed/ 0
How Online Scams Drive College Basketball Fans Mad https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/#respond Wed, 20 Mar 2019 10:00:54 +0000 https://securingtomorrow.mcafee.com/?p=94656

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most […]

The post How Online Scams Drive College Basketball Fans Mad appeared first on McAfee Blogs.

]]>

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most popular techniques cybercriminals use to gain access to passwords and financial information, as well as encourage victims to click on suspicious links.

Online betting provides cybercriminals with a wealth of opportunities to steal personal and financial information from users looking to engage with the games while potentially making a few extra bucks. The American Gaming Association (AGA) estimates that consumers will wager $8.5 billion on the 2019 NCAA men’s basketball tournament. What many users don’t realize is that online pools that ask for your personal and credit card information create a perfect opportunity for cybercriminals to take advantage of unsuspecting fans.

In addition to online betting scams, users should also be on the lookout for malicious streaming sites. As fewer and fewer homes have cable, many users look to online streaming sites to keep up with all of the games. However, even seemingly reputable sites could contain malicious phishing links. If a streaming site asks you to download a “player” to watch the games, there’s a possibility that you could end up with a nasty malware on your computer.

Ticket scammers are also on the prowl during March, distributing fake tickets on classified sites they’ve designed to look just like the real thing. Of course, these fake tickets all have the same barcode. With these scams floating around the internet, users looking for cheap tickets to the games may be more susceptible to buying counterfeit tickets if they are just looking for the best deal online and are too hasty in their purchase.

So, if you’re a college basketball fan hoping to partake in this exciting month – what next? In order to enjoy the fun that comes with the NCAA tournament without the risk of cyberthreats, check out the following tips to help you box out cybercriminals this March:

  • Verify the legitimacy of gambling sites. Before creating a new account or providing any personal information on an online gambling website, poke around and look for information any legitimate site would have. Most gambling sites will have information about the site rules (i.e., age requirements) and contact information. If you can’t find such information, you’re better off not using the site.
  • Be leery of free streaming websites. The content on some of these free streaming websites is likely stolen and hosted in a suspicious manner, as well as potentially contains malware. So, if you’re going to watch the games online, it’s best to purchase a subscription from a legitimate streaming service.
  • Stay cautious on popular sports sites and apps. Cybercriminals know that millions of loyal fans will be logging on to popular sports sites and apps to stay updated on the scores. Be careful when you’re visiting these sites you’re not clicking on any conspicuous ads or links that could contain malware. If you see an offer that interests you in an online ad, you’re better off going directly to the website from the company displaying the ad as opposed to clicking on the ad from the sports site or app.
  • Beware of online ticket scams. Scammers will be looking to steal payment information from fans in search of last-minute tickets to the games. To avoid this, it’s best to buy directly from the venue whenever possible. If you decide to purchase from a reseller, make sure to do your research and only buy from trusted vendors.
  • Use comprehensive security software. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious. It will provide visual warnings if you’re about to go to a suspicious site.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How Online Scams Drive College Basketball Fans Mad appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/feed/ 0
Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/#respond Wed, 13 Mar 2019 22:23:02 +0000 https://securingtomorrow.mcafee.com/?p=94598

Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for […]

The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.

]]>

Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for a very expensive service plan to use basic tool functionalities like voice recording and opening zip files.

The two apps being called into question, “Voice recorder free” and “Zip File Reader,” have been downloaded over 600,000 times combined. So at first glance, users may assume that these are reputable apps. Once installed, they offer the user an option to use a “Free trial” or to “Pay now.” If the user selects the trial version, they are presented with a subscription page to enter their credit card details for when the three-day trial is over. However, these apps charge a ridiculously high amount once the trial is up. “Voice recorder free” charges a whopping $242 a month and “Zip File Reader” charges $160 a week.

Users who have downloaded these apps and then deleted them after their free trial may be surprised to know that uninstalling the app will not cancel the subscription, so they could still be charged these astronomical amounts for weeks without realizing it. While this is not technically illegal, it is a deceptive tactic that app developers are using to try to make an easy profit off of consumers who might forget to cancel their free trial.

With that said, there are a few things users can do to avoid becoming victim to deceptive schemes such as these in the future. Here are some tips to keep in mind when it comes to downloading free apps:

  • Be vigilant and read app reviews. Even if an app has a lot of downloads, make sure to comb through all of the reviews and read up before downloading anything to your device.
  • Read the fine print. If you decide to install an app with a free trial, make sure you understand what fees you will be charged if you keep the subscription.
  • Remember to cancel your subscription. If you find a reputable free app that you’ve researched and want to use for a trial period, remember to cancel the subscription before uninstalling the app off your device. Instructions on canceling, pausing, and changing a subscription can be found on Google Play’s Help page.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/feed/ 0
5 Tips For Creating Bulletproof Passwords https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/#respond Tue, 12 Mar 2019 22:13:56 +0000 https://securingtomorrow.mcafee.com/?p=94589

While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives. This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can […]

The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blogs.

]]>

While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.

This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.

Remember, simple is not safe

Every year surveys find that the most popular passwords are as simple as  “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.

When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.

Tricks:

  • Make sure that your passwords are at least 12 characters long and include numbers, symbols, and upper and lowercase letters.
  • Try substituting numbers and symbols for letters, such as zero for “O”, or @ for “A”.
  • If you’re using internet-connected devices, like IP cameras and interactive speakers, make sure to change the default passwords to something unique, since hackers often know the manufacturer’s default settings.

Keep it impersonal

Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.

Tricks:

  • Try making your password a phrase, with random numbers and characters. For instance, if you love crime novels you might pick the phrase: ILoveBooksOnCrime
    Then you would substitute some letters for numbers and characters, and put a portion in all caps to make it even stronger, such as: 1L0VEBook$oNcRIM3!
  • If you do need to use personal information when setting up security questions, choose answers that are not easy to find online.
  • Keep all your passwords and passphrases private.

Never reuse passwords

If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.

Tricks:

  • Use unique passwords for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. These too can be compromised, and if you use the same password for more sensitive accounts, they too are at risk.
  • If a website or monitoring service you use warns you that your details may have been exposed, change your password immediately.

Employ a password manager

If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.

Tricks:

  • Look for security software that includes a password manager
  • Make sure your password manager uses multi-factor authentication, meaning it uses multiple pieces of information to identify you, such as facial recognition, a fingerprint, and a password.

Boost your overall security

Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.

Tricks:

  • Keep you software up-to-date and consider using a web advisor that protects you from accidentally typing passwords into phishing sites.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/feed/ 0
809 Million Records Left Exposed: How Users Can Protect Their Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/#respond Fri, 08 Mar 2019 21:41:42 +0000 https://securingtomorrow.mcafee.com/?p=94522

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection […]

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

]]>

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection #1 data breach exposed 773 million email addresses, it seems we have another massive data dump in our midst. Last week, researchers discovered a 150-gigabyte database containing 809 million records exposed by the email validation firm, Verifications.io.

You may be wondering how Verifications.io had so much data left to be exposed. Most people have heard of email marketing, but very few realize that these companies often vet user email addresses to ensure their validity. Enter Verifications.io. This company serves as a way email marketing firms can outsource the extensive work involved with validating mass amounts of emails and avoid the risk of having their infrastructure blacklisted by spam filters. Verifications.io was entrusted with a lot of data provided by email marketing firms looking to streamline their processes, creating an information-heavy database.

This unusual data trove contains tons of sensitive information like names, email addresses, phone numbers, physical addresses, gender, date of birth, personal mortgage amounts, interest rates, social media accounts, and characterizations of people’s credit scores. While the data doesn’t contain Social Security Numbers or credit card information, that amount of aggregated data makes it much easier for cybercriminals to run new social engineering scams or expand their target audience. According to security researcher Troy Hunt, owner of HaveIBeenPwned, 35% of the data exposed by Verifications.io is new to his database. With that said, it was the second largest data dump added in terms of email addresses to Hunt’s website, which allows users to check whether their data has been exposed or breached.

Upon discovery, the firm was made aware of the incident. And while proper security measures were taken, users can take various steps themselves to protect their information in the event of largescale data exposure. Check out the following tips:

  • Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
  • Use strong, unique passwords. Make sure to use complex passwords for each of your individual accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords on a consistent basis to further protect your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/feed/ 0
Don’t Let Thunderclap Flaws Strike Your Device https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/#respond Fri, 08 Mar 2019 19:15:19 +0000 https://securingtomorrow.mcafee.com/?p=94515

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial […]

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

]]>

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial information, or run detrimental code on the system if a malicious device is plugged into a machine’s port while it’s running.

So, how can attackers exploit this flaw? Thunderbolt accessories are granted direct-memory access (DMA), which is a method of transferring data from a computer’s random-access memory (RAM) to another part of the computer without it needing to pass through the central processing unit (CPU). DMA can save processing time and is a more efficient way to move data from the computer’s memory to other devices. However, attackers with physical access to the computer can take advantage of DMA by running arbitrary code on the device plugged into the Thunderbolt port. This allows criminals to steal sensitive data from the computer. Mind you, Thunderclap vulnerabilities also provide cybercriminals with direct and unlimited access to the machine’s memory, allowing for greater malicious activity.

Thunderclap-based attacks can be carried out with either specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to. What’s more, they can compromise a vulnerable computer in just a matter of seconds. Researchers who discovered this vulnerability informed manufacturers and fixes have been deployed, but it’s always good to take extra precautions. So, here are some ways users can defend themselves against these flaws:

  • Disable the Thunderbolt interface on your computer. To remove Thunderbolt accessibility on a Mac, go to the Network Preference panel, click “OK” on the New Interface Detected dialog, and select “Thunderbolt Bridge” from the sidebar. Click the [-] button to delete the option as a networking interface and choose “Apply.” PCs often allow users to disable Thunderbolt in BIOS or UEFI firmware settings, which connect a computer’s firmware to its operating system.
  • Don’t leave your computer unattended. Because this flaw requires a cybercriminal to have physical access to your device, make sure you keep a close eye on your laptop or PC to ensure no one can plug anything into your machine without permission.
  • Don’t borrow chargers or use publicly available charging stations. Public chargers may have been maliciously altered without your knowledge, so always use your own computer accessories.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/feed/ 0
How To Secure Your Smart Home https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/#respond Thu, 07 Mar 2019 01:00:41 +0000 https://securingtomorrow.mcafee.com/?p=94485

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by […]

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

]]>

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by giving cybercrooks new opportunities to access our information, and even launch attacks.

You may remember a couple of years ago when thousands of infected devices were used to take down the websites of internet giants like Twitter and Netflix by overwhelming them with traffic. The owners of those devices were regular consumers, who had no idea that their IP cameras and DVRs had been compromised. You may also have heard stories of people who were eavesdropped on via their baby monitors, digital assistants, and webcams when their private networks were breached.

Unfortunately, these are not rare cases. In recent months, the “Internet of Things” (IoT) has been used repeatedly to spy on businesses, launch attacks, or even deliver cryptojacking malware or ransomware.

Still, given the benefits we get from these devices, they are probably here to stay.  We just need to acknowledge that today’s “smart” devices can be a little “dumb” when it comes to security. Many lack built-in security protections, and consumers are still learning about the risks they can pose. This is particularly concerning since the market for smart devices is large and growing. There are currently 7 billion IoT devices being used worldwide, and that number is expected to grow to 22 billion by 2025.

Cybercrooks have already taken note of these opportunities since malware attacks on smart devices have escalated rapidly. In fact, McAfee reported that malware directed at IoT devices was up 73%in the third quarter of 2018 alone.

So, whether you have one IoT device, or many, it’s worth learning how to use them safely.

Follow these smart home safety tips:

  • Research before you buy—Although most IoT devices don’t have built-in protection, some are safer than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks many of these features, consider upgrading it.
  • Safeguard your devices—Before you connect a new IoT device to your home network — allowing it to potentially connect with other data-rich devices, like smartphones and computers— change the default username and password to something strong, and unique. Hackers often know the default settings and share them online.Then, turn off any manufacturer settings that do not benefit you, like remote access. This is a feature some manufacturers use to monitor their products, but it could also be used by cybercrooks to access your system. Finally, make sure that your device software is up-to-date by checking the manufacturer’s website. This ensures that you are protected from any known vulnerabilities.
  • Secure your network—Your router is the central hub that connects all of the devices in your home, so you need to make sure that it’s secure. If you haven’t already, change the default password and name of your router. Make sure your network name does not give away your address, so hackers can’t locate it. Then check that your router is using an encryption method, like WPA2, which will keep your communications secure. Consider setting up a “guest network” for your IoT devices. This is a second network on your router that allows you to keep your computers and smartphones separate from IoT devices. So, if a device is compromised, a hacker still cannot get to all the valuable information that is saved on your computers. Check your router’s manual for instructions on how to set up a guest network. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
  • Install comprehensive security software –Finally, use comprehensive security software that can safeguard all your devices and data from known vulnerabilities and emerging threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/feed/ 0
How to Steer Clear of Tax Season Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/#respond Wed, 06 Mar 2019 17:27:04 +0000 https://securingtomorrow.mcafee.com/?p=94481

*This blog contains research discovered by Elizabeth Farrell It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up […]

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

]]>

*This blog contains research discovered by Elizabeth Farrell

It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.

So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.

In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. Even back in December, we saw a surge of new email phishing scams trying to fool consumers into thinking the message was coming from the IRS or other members of the tax community. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.

Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.

Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:

  • File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
  • Obtain a copy of your credit report. FYI – you’re entitled to a free copy of your credit report from each of the major bureaus once a year. So, make it a habit to request a copy of your file every three to four months, each time from a different credit bureau. That way, you can keep better track of and monitor any suspicious activity and act early if something appears fishy.
  • Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Be wary of strange file attachment names such as “virus-for-you.doc.” Remember: the IRS only contacts people by snail mail, so if you get an email from someone claiming to be from the IRS, stay away.
  • Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
  • Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/feed/ 0
What MWC 2019 Shows Us About the Future of Connectivity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/#respond Thu, 28 Feb 2019 22:18:47 +0000 https://securingtomorrow.mcafee.com/?p=94383

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event: […]

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

]]>

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event:

Foldable Phones Are the Future

 MWC is an opportunity for telecommunications companies, chipmakers, and smartphone firms to show off their latest and greatest innovations, and they sure delivered this year. One particular device that had the show floor buzzing was the Huawei Mate X, a 5G-enabled smartphone that folds out to become an 8-inch tablet. Additionally, Samsung revealed its plans to hold a press event in early April for its foldable smartphone, the Galaxy Fold. Unlike Huawei’s Mate X, the Galaxy Fold bends so that it encloses like a book. Although neither of these devices are available at to the public yet, they’ve definitely made a bold statement when it comes to smartphone design.

Smart Home Technology Goes Mobile

 Google is one company taking advantage of smartphone enhancements by putting its Google Assistant into the Android texting app. Assistant for Android Messages allows slices of Google search results to be laid out for users based on their text messages. For example, if one user texted another asking to grab some lunch, a bubble would pop up authorizing Assistant to share suggestions for nearby restaurant locations. While Assistant for Android currently only works for movies and restaurants, we can imagine how this technology could expand to other facets of consumer lives. This addition also demonstrates how AI is slowly but surely making its way onto almost every high-end phone through its apps and other tools.

Enhancing the Gaming Experience with 5G, VR, and AR

Not to be shown up, gaming developers also made a statement by using 5G technology to bring gamers into a more immersed gaming environment. Mobile game developer Niantic, creator of Pokémon Go and the upcoming Harry Potter: Wizards Uniteapp, is already working on games that will require a 5G upgrade. One such prototype the company showcased, codenamed Neon, allows multiple people in the same place to play an augmented reality (AR) game at the same time. Each players’ phone shows them the game’s graphics superimposed on the real world and allows the players to shoot each other, duck and dodge, and pick up virtual items, all in real-time.

Niantic wasn’t the only one looking to expand the gaming experience with the help of 5G. At the Intel and Nokia booths, Sony set up an Oculus Rift VR game inspired by Marvel and Sony’s upcoming film Spider-Man: Far From Home. Thanks to the low latency and real-time responsiveness of 5G, one player in the Nokia booth was able to race the other player in the Intel booth as if they were swinging through spiderwebs in Manhattan. Players were able to experience how the next-generation of wireless technology will allow them to participate in a highly immersive gaming experience.

Bringing 4G and 5G to the Automotive Industry

Gaming isn’t the only industry that’s getting a facelift from 5G. At the show, Qualcomm announced two new additions to their automotive platform: the Qualcomm Snapdragon Automotive 4G and 5G Platforms. One of the main features of these platforms is vehicle-to-everything communication, or C-V2X, which allows a car to communicate with other vehicles on the road, roadside infrastructure, and more. In addition, the platforms offer a high-precision, multi-frequency global navigation satellite system, which will help enable self-driving implementations. The platforms also include features like multi-gigabit cloud connectivity, high bandwidth low latency teleoperations support, and precise positioning for lane-level navigation accuracy. These advancements in connectivity will potentially help future vehicles to improve safety, communications, and overall in-car experience for consumers.

Securing Consumers On-the-Go

The advancements in mobile connectivity have already made a huge impact on consumer lifestyles, especially given the widespread adoption of IoT devices and smart gadgets. But the rise in popularity of these devices has also caught the interest of malicious actors looking to access users’ networks. According to our latest Mobile Threat Report, cybercriminals look to trusted devices to gain access to other devices on the user’s home network. For example, McAfee researchers recently discovered a vulnerability within a Mr. Coffee brand coffee maker that could allow a malicious actor to access the user’s home network. In addition, they also uncovered a new vulnerability within BoxLock smart padlocks that could enable cybercriminals to unlock the devices within a matter of seconds.

And while consumers must take necessary security steps to combat vulnerabilities such as these, we at McAfee are also doing our part of help users everywhere remain secure. For instance, we’ve recently extended our partnerships with both Samsung and Türk Telekom in order to overcome some of these cybersecurity challenges. Together, we’re working to secure consumers from cyberthreats on Samsung Galaxy S10 smartphones and provide McAfee Safe Family protection for Türk Telekom’s fixed and mobile broadband customers.

While the likes of 5G, bendable smartphones, and VR took this year’s tradeshow by storm, it’s important for consumers to keep the cybersecurity implications of these advancements in mind. As the sun sets on our time here in Barcelona, we will keep working to safeguard every aspect of the consumer lifestyle so they can embrace improvements in mobile connectivity with confidence.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/feed/ 0
MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/#respond Tue, 19 Feb 2019 17:00:10 +0000 https://securingtomorrow.mcafee.com/?p=94185

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize […]

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

]]>

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize on a daily basis. However, as manufacturers continue to push out the latest technology to stay ahead of their competitors, device security isn’t always top-of-mind. As a result, the level of confidence consumers have in their devices is reduced. At McAfee, we understand that the notion of digital trust is imperative to the future of security as we adopt technologies shaped by the likes of 5G networks, the Internet of Things (IoT), artificial intelligence (AI), and big data. And as we head into Mobile World Congress 2019 (MWC), one can’t help but wonder, how will these advancements shape the future of mobile connectivity?

Almost every new device is built to connect, and as our 2019 Threats Predictions Report showed us, our dependence on technology is ubiquitous. Take your smartphone, for example. Everywhere you go, this minicomputer allows you to chat with your friends online, send emails, and look up new information with just the press of a button. Only upping the ante, 5G is set to roll out across the nation, bringing greater speed to handheld devices with more data and lower latency. These benefits will set the stage for more IoT devices, such as your smart refrigerator or smart plug, to connect to the network as well. The ability to control the temperature of your refrigerator from your smartphone is a pretty cool capability. But what happens if your smartphone gets hacked and a cybercriminal remotely disables your refrigerator? You may be left with a bigger problem than some spoiled food.

With all of your smart devices on the same 5G network, malicious actors can gain full access to the data that lives in your smart home technology through just your mobile phone. The increase in devices on the 5G network also increases the risk of Distributed Denial-of-service, or DDoS, attacks. These attacks are caused by cybercriminals flooding a network with so much traffic that it can’t operate or communicate as it normally would. And with more IoT devices operating on the 5G network, the consequences of such a cyberattack could be truly crippling. So, how can we continue to trust the devices we use on a daily basis despite the cybersecurity risks caused by greater connectivity?

Digital trust, or the level of confidence consumers have in their technology and mobile devices, is extremely delicate. And as our experiences with our devices become more and more personalized thanks to intelligent connectivity, it’s important to realize that it can’t be intelligent if there is no trust. That’s why consumers should embrace advancements in mobile technology but remember to keep cybersecurity practices at the forefront.

Whether you’re headed out to Barcelona for MWC 2019 or watching from afar, we here at McAfee are committed to helping you take the necessary precautions required in order to connect with confidence in a world where everything is built to connect.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/feed/ 0
How To Sidestep Popular Social Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/#respond Thu, 14 Feb 2019 22:28:16 +0000 https://securingtomorrow.mcafee.com/?p=94189

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you […]

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

]]>

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you know what to look out for.

Nosy Quizzes & Questionnaires

Quizzes circulating on Facebook, Twitter, and other social platforms may look like a fun way to win free stuff, but often they are phishing attacks in disguise. Many appear to be sponsored by big-name brands such as airlines and major retailers, offering free products or discount tickets if you just answer a few questions. The questions are designed to get you to reveal personal information that can be used to guess your passwords or security questions, such as your mother’s maiden name, or your hometown.

Creepy Crypto Scams 

While cryptocurrencies lost a lot of value over the last year, the same cannot be said for cryptocurrency scams. The majority of them center on distributing crypto mining malware, which allows hackers to access a person’s computer or device without their permission in order to mine for cryptocurrencies. In fact, these scams have been so prolific that at the end of 2018 McAfee reported that coin mining malware had grown more than 4000% in the previous year.

Many of these miners were distributed through phishing emails and websites, using “giveaway” scams on social media, or even via crypto mining chat groups on platforms such as Slack. Cybercrooks enter the chat rooms, pretending to be fellow miners, and encourage users to download malware disguised as “fixes” to crypto issues.

Romance & “Sextortion” Scams 

The meteoric rise of online dating has led to a similar increase in romance scams. These often involve bad actors preying on lonely people who are looking to connect. Scammers build up a sense of trust over online dating and social media platforms, before asking for money. They often claim the money is for an emergency, or a plane ticket to visit. This kind of manipulation works so well that the Better Business Bureau estimates that victims in the U.S. and Canada lost nearly $1 billion to romance scams between 2015 and 2018.

And while romance is one way to manipulate users, another driver is fear. This is certainly the case with the recent rise in so-called “sextortion” scams, which scare users into paying money to prevent incriminating pictures or videos of them from getting out. The bad guys claim that they obtained the embarrassing content by infecting the victim’s device with malware, and often send part of an old, leaked password as proof that they could have accessed their account.

Topical News Hooks

Whenever a major story sweeps the news, chances are the scammers are looking for ways to capitalize on it. This is exactly what happened during the recent U.S. government shutdown, which left 800,000 federal employees out of work for over a month. Since many of these workers were looking for extra income, job scams abounded. Some phony job ads asked workers to fill out detailed job application forms, in order to steal their Social Security numbers and other private information.

In another ruse, scammers sent out phony emails that appeared to be from the IRS, saying that the recipient could get a discount on their tax bills if they paid during the shutdown.

Tried-and-True Scams

Package Delivery— Phony package delivery emails usually spike around the holidays, but in the age of Amazon Prime delivery scams are circulating year-round. Be on the lookout for more recent Amazon scams that come in the form of a phishing email, asking you to review a product to get rewards. If you click on the link it could deliver malware, or even ransomware.

Tech Support— This is one of the oldest, but most persistent scams to date. Phishing websites and phony pop-up warnings that a computer or device is infected have led thousands of people to hand over personal and financial information to fix a problem they don’t really have.

Even though consumers have become savvier about these scams, a recent Microsoft survey found that 3 out of 5 people have been exposed to tech support scams over the last year.

So, now that you know what to look out for, here are our top tips for sidestepping the scammers:

  • Be careful where you click—Don’t open suspicious links and attachments, and never click on pop-up messages from an unknown source. If you get a suspicious login or payment request, go directly to the provider’s official website to see if the request is legitimate.
  • Know how to spot the fake—Phony messages or documents will often look like a simplified version of the real thing, with poor quality graphics, incorrect grammar and spelling, and a generic personal greeting.
  • Keep your personal information private—Avoid online quizzes, and never share personal or financial details with someone you don’t know in real life. Review your privacy and security settings on social sites to make sure that you aren’t leaking information.
  • Be a smart online shopper—Only buy from reputable websites, and steer away from deals that seem too good to be true. Be suspicious of unusual payment requests, such as buying gift cards or using virtual currency.
  • Become a password pro—Choose complex and unique passwords for all of your accounts. Consider using a password manager to help you create and store complicated passwords securely.
  • Protect your computers and devices—Use comprehensive security software that can safeguard you from the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/feed/ 0
How Online Gamers Can Play It Safe https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/#respond Fri, 08 Feb 2019 23:23:47 +0000 https://securingtomorrow.mcafee.com/?p=94146

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk. From malware and phishing scams, to phony […]

The post How Online Gamers Can Play It Safe appeared first on McAfee Blogs.

]]>

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk.

From malware and phishing scams, to phony game hacks, identity theft, and more, gamers of all stripes now face a minefield of obstacles online and in real life. So, if you’re going to play games, it’s best to play it safe.

Here’s what to look out for:

Dodgy Downloads

Gamers who play on their computer or mobile device need to watch out for dangerous links or malicious apps disguised as popular or “free” games. Hackers often use innocent-looking downloads to deliver viruses and spyware, or even sign you up for paid services, without your consent. In one prominent case, more than 2.6 million Android users downloaded fake Minecraft apps that allowed hackers to take control of their devices.

Researchers have even discovered a ransomware threat that targets gamers. TeslaCrypt was designed to encrypt game-play data until a ransom is paid. Originally distributed through a malicious website, it has since been circulating via spam.

And while it’s true that game consoles like PlayStation and Xbox aren’t as vulnerable to viruses, since they are closed systems, that doesn’t mean that their users don’t face other risks.

Social Scams

Players on any platform could wind up with malware, sent directly from other players via chat messages. Some scammers use social engineering tricks, like inviting other players to download “helpful” tools that turn out to be malware instead. When you consider that 62% of kids play games where they speak to others, the odds of a risky interaction with a stranger seems quite real.

Players of the Origin and Steam services, for instance, were targeted by hackers posing as other players, inviting them to play on their teams. Over chat message, they suggested the players download an “audio tool” that turned out to be a keystroke logger, aimed at stealing their access credentials for the game.

Other social scams include malicious YouTube videos or websites, offering game bonuses and currency, for free.

Another widespread social threat is account takeover, or ATO for short. This is when a scammer hacks a real account in order to post spammy links, and scam messages that appear to come from a trusted contact. Some accounts, for games like League of Legends, have even been stolen and sold online for money because they boasted a high level, or rare skins.

Phishing

Finally, be on the lookout for phishing websites, offering free games or bonuses, or phishy emails prompting you to login to your account, with a link leading to a copycat gaming site. Often, these are designed to steal your login credentials or distribute fake games that contain malware.

Players of the wildly popular Fortnite, for example, have been particularly targeted. The latest phishing scam is aimed at stealing the third-party sign-in tokens that allow cybercriminals to access a user’s account, and the payment details associated with it.

So now that you know about a little more about gaming threats, here’s how to win at playing it safe:

  1. Do Your Research—Before downloading any games from the Internet or app stores, make sure to read other users’ reviews first to see that they are safe. This also goes for sites that sell game hacks, credits, patches, or virtual assets typically used to gain rank within a game. Avoid illegal file-sharing sites and “free” downloads, since these are often peppered with malware. It’s always best to go for a safer, paid option from a reputable source.
  2. Play Undercover— Be very careful about sharing personal information, in both your profile information, and your chat messages. Private information, such as your full name, address, pet’s name, school, or work details, could be used to guess your account password clues, or even impersonate you. Consider playing under an alias.
  3. Be Suspicious—Since scammers use the social aspect of games to fool people, you need to keep your guard up when you receive messages from strangers, or even read reviews.
    Some YouTube and social media reviews are placed there to trick users into thinking that the game or asset is legitimate. Dig deep, and avoid looking for free hacks. Ask gamers you know in real life for recommendations that worked for them.
  4. Protect Yourself—Avoid using older versions of games, and make sure that games you do play are updated with patches and fixes. And if you think a gaming account may already have been compromised, change your passwords immediately to something unique and complex.Safeguard your computers and devices from known and emerging threats by investing in comprehensive security software, and keep yourself up-to-date on the latest scams.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1]According to The 2017 Year In Review Report by SuperData

The post How Online Gamers Can Play It Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/feed/ 0
Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/#respond Tue, 05 Feb 2019 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=94069

Integration: it seems to be all the rage. As technology becomes more sophisticated, we sprint to incorporate these new innovations into our everyday lives. But as we celebrate Safer Internet Day, one can’t help but wonder, is all integration good when it comes to information shared online? Major privacy concerns have been raised surrounding Facebook’s […]

The post Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety appeared first on McAfee Blogs.

]]>

Integration: it seems to be all the rage. As technology becomes more sophisticated, we sprint to incorporate these new innovations into our everyday lives. But as we celebrate Safer Internet Day, one can’t help but wonder, is all integration good when it comes to information shared online? Major privacy concerns have been raised surrounding Facebook’s recent plans to merge Messenger, WhatsApp, and Instagram. This integration will allow cross-messaging between the three platforms (which will all still operate as standalone apps), so users could talk to their Messenger-only friends without leaving WhatsApp.

While Facebook’s plans to merge the messaging platforms are not yet finalized, the company is in the process of rebuilding the underlying infrastructure so that users who might utilize only one of the apps will be able to communicate with others within the company’s ecosystem. Facebook plans to include end-to-end encryption for the apps, ensuring that only the participants of a conversation can view the messages being sent. By allowing each app to speak to one another across platforms, Facebook hopes users become more engaged and use this as their primary messaging service.

But Facebook’s messaging changes have greater implications for online safety as consumers become more protective of their data. For example, WhatsApp only requires a phone number to sign up for the app while Facebook asks users to verify their identities. Will this force more data to be shared with WhatsApp, or will its encryption become less secure? While nothing has been finalized, it’s important for users to think about how the information they share online could be affected by this merge.

Although the internet has paved the way for advancements in social media and technology in general, users need to make sure they’re aware of the potential risks involved. And while this merge hasn’t happened yet, Safer Internet Day helps remind us to make good choices when it comes to browsing online. Following these tips can help keep you and your data safe and secure:

  • Get selective about what you share. Although social media is a great way to keep your friends and family in the loop on your daily life, be conservative about the information you put on the internet. Additionally, be cautious of what you send through messaging platforms, especially when it comes to your personally identifiable information.
  • Update your privacy settings. To make sure that you’re sharing your status with just your intended audience, check your privacy settings. Choose which apps you wish to share your location with and turn your profiles to private if you don’t want all users to have access to your information.
  • Keep your apps up-to-date. Keeping your social media apps updated can prevent exposure to threats brought on by software bugs. Turn on automatic updates so you always have the latest security patches, and make sure that your security software is set to run regular scans.
  • Click with caution. Cybercriminals can leverage social media messaging to spread phishing links. Don’t interact with users or messages that seem suspicious and keep your guard up by blocking unfamiliar users who try to send you sketchy content.
  • Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help block malware and phishing sites if you accidentally click on a malicious link. This can help protect you from potential threats when you access your social channels from a desktop or laptop.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/feed/ 0
Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/#respond Fri, 01 Feb 2019 14:00:22 +0000 https://securingtomorrow.mcafee.com/?p=93991

Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a […]

The post Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure appeared first on McAfee Blogs.

]]>

Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a malicious website is attempting to trick users into handing over their McAfee activation keys and personally identifiable information (PII) data by disguising themselves as the official McAfee customer support website.

So how exactly does this cyberthreat work? First, malicious actors advertise the fake website on Twitter. If a user clicks on the ad, they are presented with a “Download McAfee” button. When the user clicks on the download button, they are redirected to a screen prompting them to enter their name, email address, contact number, and product activation key to proceed with the download. However, when the user clicks on the “Start Download” button, they are redirected to a screen stating that their download failed due to an unexpected error.

 

At this point, the site owner has received the user’s personal data, which they could exploit in a variety of ways. And while this scheme may seem tricky to spot, there are a number of ways users can defend themselves from similar scams:

  • Be vigilant when clicking on social media links. Although it may be tempting to click on advertisements on your social media feed, these ads could possibly house sketchy websites developed by cybercriminals. Use caution when interacting with social media ads.
  • Go straight to the source. If you come across an advertisement claiming to be from a company and the link asks for personal data, it’s best to go directly to the company’s website instead. Use the official McAfee customer support page if you require technical support or assistance with your McAfee product.
  • Use security software. A security solution like McAfee WebAdvisor can help you spot suspicious websites and protect you from accidentally clicking on malicious links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/feed/ 0
Apple Users: Here’s What to Do About the Major FaceTime Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/#respond Tue, 29 Jan 2019 19:05:31 +0000 https://securingtomorrow.mcafee.com/?p=93993

FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime […]

The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blogs.

]]>

FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime to hear the audio coming from the recipient’s phone, even before they’ve accepted or denied the call.

Let’s start with how the eavesdropping bug actually works. First, a user would have to start a FaceTime video call with an iPhone contact and while the call is dialing, they must swipe up from the bottom of the screen and tap “Add Person.” Then, they can add their own phone number to the “Add Person” screen. From there, the user can start a group FaceTime call between themselves and the original person dialed, even if that person hasn’t accepted the call. What’s more – if the user presses the volume up or down, the victim’s front-face camera is exposed too.

This bug acts as a reminder that these days your smartphone is just as data rich as your computer. So, as we adopt new technology into our everyday lives, we all must consider how these emerging technology trends could create security risks if we don’t take steps to protect our data.

Therefore, it’s crucial all iOS users that are running iOS 12.1 or later take the right steps now to protect their device and their data. If you’re an Apple user affected by this bug, be sure to follow these helpful security steps:

  • Update, update, update. Speaking of fixes – patches for bugs are included in software updates that come from the provider. Therefore, make sure you always update your device as soon as one is available. Apple has already confirmed that a fix is underway as we speak.
  • Be sure to disable FaceTime in iOS settings now. Until this bug is fixed, it is best to just disable the feature entirely to be sure no one is listening in on you. When a fix does emerge from Apple, you can look into enabling the service again.
  • Apply additional security to your phone. Though the bug will hopefully be patched within the next software update, it doesn’t hurt to always cover your device with an extra layer of security. To protect your phone from any additional mobile threats coming its way, be sure to use a security solution such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/feed/ 0
Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/#respond Mon, 28 Jan 2019 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=93934

It’s 2019 and technology is becoming more sophisticated and prevalent than ever. With more technology comes greater connectivity. In fact, by 2020, there will be more than 20 billion internet-connected devices around the world. This equates to more than four devices per person. As we adopt new technology into our everyday lives, it’s important to consider […]

The post Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy appeared first on McAfee Blogs.

]]>

It’s 2019 and technology is becoming more sophisticated and prevalent than ever. With more technology comes greater connectivity. In fact, by 2020, there will be more than 20 billion internet-connected devices around the world. This equates to more than four devices per person. As we adopt new technology into our everyday lives, it’s important to consider how this emerging technology could lead to greater privacy risks if we don’t take steps to protect our data. That’s why the National Cyber Security Alliance (NCSA) started Data Privacy Day to help create awareness surrounding the importance of recognizing our digital footprints and safeguarding our data. To further investigate the impact of these footprints, let’s take a look at how we perceive the way data is shared and whose responsibility it is to keep our information safe.

The Impact of Social Media

Most of us interact with multiple social media platforms every day. And while social media is a great way to update your friends and family on your daily life, we often forget that these platforms also allow people we don’t really know to glimpse into our personal lives. For example, 82% of online stalkers use social media to find out information about potential victims, such as where they live or where they go to school. In other words, social media could expose your personal information to users beyond your intended audience.

Certain social media trends also bring up issues of privacy in the world of evolving technology. Take Facebook’s 10-year challenge, a recent viral trend encouraging users to post a side-by-side image of their profile pictures from 2009 and 2019. As WIRED reporter Katie O’Neill points out, the images offered in this trending challenge could potentially be used to train facial recognition software for age progression and age recognition. While the potential of this technology is mostly mundane, there is still a risk that this information could be used inequitably.

How to Approach Requests for Personal Data

Whether we’re using social media or other online resources, we all need to be aware of what personal data we’re offering out and consider the consequences of providing the information. While there are some instances where we can’t avoid sharing our personal data, such as for a government document or legal form, there are other areas where we can stand to be a little more conservative with the data that we divulge. For example, many of us have more than just our close family and friends on our social networks. So, if you’re sharing your location on your latest post, every single person who follows you has access to this information. The same goes for those online personality quizzes. While they may be entertaining, they put an unnecessary amount of your personal information out in the open. This is why it’s crucial to be thoughtful of how your data is collected and stored.

So, what steps can you take to better protect your online privacy? Check out the following tips to help safeguard your data:

  • Think before you post. Before tagging your friends on Instagram, sharing your location on Facebook, or enabling facial recognition, consider what this information reveals and how it could be used by a third-party.
  • Set privacy and security settings. If you don’t want the entire World Wide Web to be able to access your social media, turn your profiles to private. You can also go to your device settings and choose which apps or browsers you want to share your location with and which ones you don’t.
  • Enable two-factor authentication. In the chance your data does become exposed, a strong, unique password can help prevent your accounts from being hacked. Furthermore, you can implement two-factor authentication to stay secure. This will help strengthen your online accounts with a unique, one-time code required to log in and access your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/feed/ 0
The Collection #1 Data Breach: Insights and Tips on This Cyberthreat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/#respond Fri, 18 Jan 2019 21:06:22 +0000 https://securingtomorrow.mcafee.com/?p=93887

As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the […]

The post The Collection #1 Data Breach: Insights and Tips on This Cyberthreat appeared first on McAfee Blogs.

]]>

As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the Equifax data breach, a new monster breach now has to become top of mind for us all. Say hello to Collection #1, a data set exposing 772,904,991 unique email addresses and over 21 million unique passwords.

Discovered by security researcher Troy Hunt, Collection #1 first appeared on the popular cloud service called MEGA. The Collection #1 folder held over 12,000 files that weigh in at over 87 gigabytes. When the storage site was taken down, the folder was then transferred to a public hacking site. What’s truly astonishing about this is that the data was not for sale; it was simply available for anyone to take.

You may be wondering, how was all this data collected? It appears that this data was comprised of a breach of breaches, aggregating over 2,000 leaked databases containing cracked passwords, in order to achieve maximum exposure. The sheer volume of this breach makes Collection #1 the second largest in size to Yahoo, and the largest public breach ever (given the data was openly exposed on the internet).

It appears that this data set is designed for use in credential-stuffing attacks, where cybercriminals will use email and password combinations to hack into consumers’ online accounts. The risks could be even greater for those who reuse credentials across multiple accounts. In order to help protect yourself from this threat, it’s vital that users act fast and use the following tips to help protect their data:

  • Use strong, unique passwords. In addition to making sure all of your passwords are strong and unique, never reuse passwords across multiple accounts. You can also enable a password manager to help keep track of your credentials.
  • Change your passwords. Even if it doesn’t appear that your data was breached, it’s better to err on the side of caution and change all of your passwords to better protect yourself.
  • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Collection #1 Data Breach: Insights and Tips on This Cyberthreat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/feed/ 0
Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/#respond Fri, 18 Jan 2019 01:00:35 +0000 https://securingtomorrow.mcafee.com/?p=93861

Epic Games’ Fortnite has risen in popularity rapidly since its debut, and cybercriminals have leveraged that popularity to enact a handful of malicious schemes. Unfortunately, these tricks are showing no signs of slowing, as researchers recently discovered a security flaw that allowed cybercriminals to take over a gamer’s Fortnite account through a malicious link. This attack specifically […]

The post Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts appeared first on McAfee Blogs.

]]>

Epic Games’ Fortnite has risen in popularity rapidly since its debut, and cybercriminals have leveraged that popularity to enact a handful of malicious schemes. Unfortunately, these tricks are showing no signs of slowing, as researchers recently discovered a security flaw that allowed cybercriminals to take over a gamer’s Fortnite account through a malicious link. This attack specifically targeted users who used a third-party website to log in to their Fortnite accounts, such as Facebook, Google, or gaming providers like Microsoft, Nintendo, and Sony. But instead of trying to steal a gamer’s password like many of the hacks we’ve seen, this scheme targeted the special access token the third-party website exchanges with the game when a user logs in.

So, how exactly does this threat work? First, a cybercriminal sends a malicious phishing link to a Fortnite user. To increase the likelihood that a user will click on the link, the cybercriminal would send the link with an enticing message promising perks like free game credits. If the user clicked on the link, they would be redirected to the vulnerable login page. From here, Epic Games would make the request for the SSO (single sign-on) token from the third-party site, given SSO allows a user to leverage one set of login credentials across multiple accounts. This authentication token is usually sent to Fortnite over the back-end, removing the need for the user to remember a password to access the game. However, due to the unsecured login page, the user would be redirected to the attacker’s URL. This allows cybercriminals to intercept the user’s login token and take over their Fortnite account.

After acquiring a login token, a cybercriminal would gain access to a Fortnite user’s personal and financial details. Because Fortnite accounts have partial payment card numbers tied to them, a cybercriminal would be able to make in-game purchases and rack up a slew of charges on the victim’s card.

It’s important for players to understand the realities of gaming security in order to be more prepared for potential cyberthreats such as the Fortnite hack. According to McAfee research, the average gamer has experienced almost five cyberattacks, with 75% of PC gamers worried about the security of gaming. And while Epic Games has thankfully fixed this security flaw, there are a number of techniques players can use to help safeguard their gaming security now and in the future:

  • Go straight to the source70% of breaches start with a phishing email. And phishing scams can be stopped by simply avoiding the email and going straight to the source to be sure you’re working with the real deal. In the case of this particular scheme, you should be able to check your account status on the Fortnite website and determine the legitimacy of the request from there.
  • Use a strong, unique password. If you think your Fortnite account was hacked, err on the side of caution by updating your login credentials. In addition, don’t reuse passwords over multiple accounts. Reusing passwords could allow a cybercriminal to access multiple of your accounts by just hacking into one of them.
  • Stay on top of your financial transactions. Check your bank statements regularly to monitor the activity of the card linked to your Fortnite account. If you see repeat or multiple transactions from your account, or see charges that you don’t recognize, alert your bank to ensure that your funds are protected.
  • Get protection specifically designed for gamers. We’re currently building McAfee Gamer Security to help boost your PC’s performance, while simultaneously safeguarding you from a variety of threats that can disrupt your gaming experience.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/feed/ 0
Children’s Charity or CryptoMix? Details on This Ransomware Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/#respond Wed, 16 Jan 2019 01:22:34 +0000 https://securingtomorrow.mcafee.com/?p=93839

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making […]

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making a donation instead of a ransom payment. While CryptoMix has used this guise in the past, they’ve recently upped the ante by using legitimate information from crowdfunding pages for sick children to further disguise this scheme.

So, how does CryptoMix trick users into making ransom payments? First, the victim receives a ransom note containing multiple email addresses to contact for payment instructions. When the victim contacts one of the email addresses, the “Worldwide Children Charity Community” responds with a message containing the profile of a sick child and a link to the One Time Secret site. This website service allows users to share a post that can only be read once before it’s deleted. CryptoMix’s developers use One Time Secret to distribute payment instructions to the victim and explain how their contribution will be used to provide medical help to sick children. The message claims that the victim’s data will be restored, and their system will be protected from future attacks as soon as the ransom is paid. In order to encourage the victim to act quickly, the note also warns that the ransom price could double in the next 24 hours.

After the victim makes the payment, the ransomware developers send the victim a link to the decryptor. However, they continue to pretend they are an actual charity, thanking the victim for their contribution and ensuring that a sick child will soon receive medical help.

CryptoMix’s scam tactics show how ransomware developers are evolving their techniques to ensure they make a profit. As ransomware threats become stealthier and more sophisticated, it’s important for users to educate themselves on the best techniques to combat these threats. Check out the following tips to help keep your data safe from ransomware:

  • Back up your data. In order to avoid losing access to your important files, make copies of them on an external hard drive or in the cloud. In the event of a ransomware attack, you will be able to wipe your computer or device and reinstall your files from the backup. Backups can’t always prevent ransomware, but they can help mitigate the risks.
  • Never pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments.
  • Use security software. Adding an extra layer of security with a solution such as McAfee Total Protection, which includes Ransom Guard, can help protect your devices from these types of cyberthreats.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/feed/ 0
That’s a Wrap! Read the Top Technology Takeaways From CES 2019 https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/#respond Sat, 12 Jan 2019 00:16:11 +0000 https://securingtomorrow.mcafee.com/?p=93785

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not […]

The post That’s a Wrap! Read the Top Technology Takeaways From CES 2019 appeared first on McAfee Blogs.

]]>

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not disappoint. Here are some of my main takeaways from the event:

5G is the future

It seems that anyone and everyone who attended the event was talking about 5G. However, there wasn’t exactly a definitive answer to when the service would be available to consumers. According to Forbes, 5G is an abbreviation that stands for the fifth generation of the cellular wireless transmission. And while many companies at CES discussed 5G, the number of products that are actually capable of tapping into the network is minimal. This doesn’t mean we shouldn’t get excited about 5G. The faster connection, speed, and responsiveness of the 5G network will help enable IoT, autonomous driving, and technology that hasn’t even been invented yet.

Gaming gets an upgrade

Gamers everywhere are sure to enjoy the exciting new gadgets that launched this year. From wireless charging grips for the Nintendo Switch to curved monitors for better peripheral vision, tech companies across the board seemed to be creating products to better the gaming experience. In addition to products that are enhancing gamer’s capabilities, we also saw gaming products that are bringing the digital world closer to reality. For example, Holoride partnered with Disney and Audi to create a Guardians of the Galaxy virtual reality (VR) experience for car passengers that mimics the movements of the vehicle.

Optimized IoT devices, AI-driven assistants

This year’s event was colored with tons of new smart home and health IoT technology. Although smart home technology made a big splash at last year’s show, CES 2019 focused on bringing more integrated smart home products to consumers. For example, the AtmosControl touch panel acts as a simplified universal remote so consumers can control all of their gadgets from a single interface. We also saw the Bowflex Intelligent Max, a platform that allows consumers to download an app to complete Bowflex’s fitness assessment and adjust their workout plan based on the results.

Voice assistants seemed to dominate this year’s show, as well. Google and Amazon upped the ante with their use of improved AI technology for the Google Assistant and Amazon Alexa. Not only has Google brought Google Assistant to Google Maps, but they’ve also created a Google Assistant Interpreter Mode that works in more than 20 languages. Not to be shown up, Amazon announced some pretty intriguing Alexa-enabled products as well, including the Ring Door View Cam, a smart shower system called U by Moen, and the Numi 2.0 Intelligent Toilet.

The takeoff of autonomous vehicles

Not only did AI guide new innovations in IoT device technology, but it also paved the way for some futuristic upgrades to vehicles. Mercedes showcased their self-driving car called the Vision Urbanetic, an AI-powered concept vehicle that can hold up to 12 people. BMW created a rider-less motorcycle designed to gather data on how to make motorcycles safer on the road. And we can’t forget about Uber’s futuristic flying taxi, created in partnership with Bell Nexus, and expected to take flight in 2020.

Cybersecurity’s role in the evolving technological landscape

At McAfee, we understand the importance of securing all of these newfangled IoT gadgets that make their way into consumers’ homes. To do this, we announced the launch of Secure Home Platform voice commands for the Google Assistant, allowing users to keep track of their entire network through one interface.

To reflect the upgrades in gaming technology, we also launched the beta mode of McAfee Gamer Security. Many antivirus solutions are notorious for slowing down PCs, which can really hinder the gaming experience. This security solution, designed for PC gamers, provides a light but mighty layer of protection that optimizes users’ computing resources.

If there’s one thing we took away from this year’s event, it’s that technological innovations won’t be slowing down any time soon. With all of these new advancements and greater connectivity comes the need for increased cybersecurity protection. All in all, CES 2019 showed us that as software and hardware continues to improve and develop, cybersecurity will also adapt to the needs of everyday consumers.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post That’s a Wrap! Read the Top Technology Takeaways From CES 2019 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/feed/ 0
Level Up Your Cybersecurity: Insights from Our Gaming Survey https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/#respond Wed, 02 Jan 2019 05:30:20 +0000 https://securingtomorrow.mcafee.com/?p=93063

Online gaming has seen a rise in popularity over the years. Many people see it as a way to unwind from a stressful day or complete new challenges. However, just like any other internet-connected channel, online gaming can expose users to a variety of cybersecurity risks. So, to examine the relationship between cybersecurity and gaming, […]

The post Level Up Your Cybersecurity: Insights from Our Gaming Survey appeared first on McAfee Blogs.

]]>

Online gaming has seen a rise in popularity over the years. Many people see it as a way to unwind from a stressful day or complete new challenges. However, just like any other internet-connected channel, online gaming can expose users to a variety of cybersecurity risks. So, to examine the relationship between cybersecurity and gaming, we decided to survey 1,000 U.S. residents ages 18 and over who are frequent gamers. *

Time to Upgrade Your Online Safety

Of those surveyed, 75% of PC gamers chose security as the element that most concerned them about the future of gaming. This makes sense since 64% of our respondents either have or know someone who has been directly affected by a cyberattack. And while 83% of the gamers do use an antivirus software to protect their PCs, we found that gamers still participate in risky online behavior.

Poor Habits Could Mean Game Over for Your Cybersecurity

So, what does this risky behavior look like, exactly? The following sums it up pretty well:

  • 55% of gamers reuse passwords for multiple online accounts, leading to greater risk if their password is cracked.
  • 36% of respondents rely on incognito mode or private browsing to keep their PC safe.
  • 41% read the privacy policies associated with games, though this technique won’t help to keep their device secure.

With these lax habits in place, it’s not hard to believe that 38% of our respondents experienced at least one malicious attack on their PC. And while 92% installed an antivirus software after experiencing a cyberattack, it’s important for gamers to take action against potential threats before they occur.

Level Up Your Gaming Security

Now the question is – what do these gamers need to do to stay safe while they play? Start by following these tips:

  • Do not reuse passwords. Reusing passwords makes it easier for hackers to access more than one of your accounts if they crack one of your logins. Prevent this by using unique login credentials for all of your accounts.
  • Click with caution. Avoid interacting with messages from players you don’t know and don’t click on suspicious links. Cybercriminals can use phishing emails to send gamers malicious files and links that can infect their device with malware.
  • Use a security solution. Using a security service to safeguard your devices can help protect you from a variety of threats that can disrupt your gaming experience. Look out for our newest product McAfee Gamer Security, which we launched just in time for CES 2019. Although this product is still in beta mode, it could be used to combat cyberthreats while optimizing your computing resources.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

*Survey respondents played video games at least four times a month and spent at least $200 annually on gaming.

The post Level Up Your Cybersecurity: Insights from Our Gaming Survey appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/feed/ 0
Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/#respond Sat, 22 Dec 2018 01:35:46 +0000 https://securingtomorrow.mcafee.com/?p=93358

As the Internet of Things works its way into almost every facet of our daily lives, it becomes more important to safeguard the IoT devices we bring into our homes. One device that has become increasingly popular among consumers is the drone. These remote-controlled quadcopters have enhanced the work of photographers and given technology buffs […]

The post Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat appeared first on McAfee Blogs.

]]>

As the Internet of Things works its way into almost every facet of our daily lives, it becomes more important to safeguard the IoT devices we bring into our homes. One device that has become increasingly popular among consumers is the drone. These remote-controlled quadcopters have enhanced the work of photographers and given technology buffs a new hobby, but what happens when these flying robots cause a safety hazard for others? That’s exactly what happened at the Gatwick airport on Wednesday night and again today when two drones were spotted flying over the airfield, causing all departing flights to remain grounded and all arriving flights to be diverted to other airports.

The drones were spotted flying over the Gatwick airport’s perimeter fence into the area where the runway operates from. This disruption affected 10,000 passengers on Wednesday night, 110,000 passengers on Thursday, and 760 flights expected to arrive and depart on Thursday. More than 20 police units were recruited to find the drone’s operator so the device could be disabled. The airport closure resulted in 31.9 hours with no planes taking off or landing between Wednesday and Thursday.

You might be wondering, how could two drones cause an entire airport to shut down for so long? It turns out that drones can cause serious damage to an aircraft. Evidence suggests that drones could inflict more damage than a bird collision and that the lithium-ion batteries that power drones could become lodged in airframes, potentially starting a fire. And while the probability of a collision is small, a drone could still be drawn into an aircraft turbine, putting everyone on board at risk. This is why it’s illegal to fly a drone within one kilometer of an airport or airfield boundary. What’s more, endangering the safety of an aircraft is a criminal offense that could result in a five-year prison sentence.

Now, this is a lesson for all drone owners everywhere to be cognizant of where they fly their devices. But beyond the physical implications that are associated with these devices, there are digital ones too — given they’re internet-connected. In fact, to learn about how vulnerable these devices can be, you can give our latest episode of “Hackable?” a listen, which explores the physical and digital implications of compromised drones,

Therefore, if you get a drone for Christmas this year, remember to follow these cybersecurity tips to ensure you protect them on the digital front.

  • Do your research. There are multiple online communities that disclose bugs and potential vulnerabilities as well as new security patches for different types of drones. Make sure you stay informed to help you avoid potential hacks.
  • Update, update, update! Just as it’s important to update your apps and mobile devices, it’s also important to update the firmware and software for your drone. Always verify the latest updates with your drone manufacturer’s website to make sure it is legitimate.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/feed/ 0
Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/#respond Fri, 21 Dec 2018 19:00:39 +0000 https://securingtomorrow.mcafee.com/?p=93346

With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is […]

The post Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat appeared first on McAfee Blogs.

]]>

With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is actually a stealthy phishing email, which has been circulating the internet, prompting users to click on a link if the transaction was unauthorized.

So how exactly does this phishing campaign work? In this case, the cybercriminals rely on the victim to be thrown off by the email stating that they purchased an app when they know that they didn’t. When the user clicks on the link in the receipt stating that the transaction was unauthorized, they are redirected to a page that looks almost identical to Apple’s legitimate Apple Account management portal. The user is prompted to enter their login credentials, only to receive a message claiming that their account has been locked for security reasons. If the user attempts to unlock their account, they are directed to a page prompting them to fill out personal details including their name, date of birth, and social security number for “account verification.”

Once the victim enters their personal and financial information, they are directed to a temporary page stating that they have been logged out to restore access to their account. The user is then directed to the legitimate Apple ID account management site, stating “this session was timed out for your security,” which only helps this attack seem extra convincing. The victim is led to believe that this process was completely normal, while the cybercriminals now have enough information to perform complete identity theft.

Although this attack does have some sneaky behaviors, there are a number of steps users can take to protect themselves from phishing scams like this one:

  • Be wary of suspicious emails. If you receive an email from an unknown source or notice that the “from” address itself seems peculiar, avoid interacting with the message altogether.
  • Go directly to the source. Be skeptical of emails claiming to be from companies asking to confirm a purchase that you don’t recognize. Instead of clicking on a link within the email, it’s best to go straight to the company’s website to check the status of your account or contact customer service.
  • Use a comprehensive security solution. It can be difficult to determine if a website, link, or file is risky or contains malicious content. Add an extra layer of security with a product like McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/feed/ 0
The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/#respond Thu, 20 Dec 2018 00:39:12 +0000 https://securingtomorrow.mcafee.com/?p=93318

Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have a world of possibilities at our fingertips. But what happens when the bad guys take advantage of our reliance on mobile and IoT technology to threaten our cybersecurity? According to the latest McAfee Labs Threats […]

The post The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite appeared first on McAfee Blogs.

]]>

Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have a world of possibilities at our fingertips. But what happens when the bad guys take advantage of our reliance on mobile and IoT technology to threaten our cybersecurity? According to the latest McAfee Labs Threats Report, cybercriminals are leveraging fake apps and banking trojans to access users’ personal and financial information. In fact, our researchers saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices during the last quarter. Let’s take a look at how these cyberthreats gained traction over the past few months.

While new mobile malware declined by 24% in Q3, our researchers did notice some unusual threats fueled by fake apps. Back in June, we observed a scam where crooks released YouTube videos with fake links disguised as leaked versions of Fortnite’s Android app. If a user clicked on the link to download this phony app, they would be asked to provide mobile verification. This verification process would prompt them to download app after app, putting money right in the cybercriminals’ pockets for increased app downloads.

Another fake app scheme that caught the attention of our researchers was Android/TimpDoor. This SMS phishing campaign tricked users into clicking on a link sent to them via text. The link would direct them to a fabricated web page urging them to download a fake voice messaging app. Once the victim downloaded the fake app, the malware would begin to collect the user’s device information. Android/TimpDoor would then be able to let cybercriminals use the victim’s device to access their home network.

Our researchers also observed some peculiar behavior among banking trojans, a type of malware that disguises itself as a genuine app or software to obtain a user’s banking credentials. In Q3, cybercriminals employed uncommon file types to carry out spam email campaigns, accounting for nearly 500,000 emails sent worldwide. These malicious phishing campaigns used phrases such as “please confirm” or “payment” in the subject line to manipulate users into thinking the emails were of high importance. If a user clicked on the message, the banking malware would be able to bypass the email protection system and infect the device. Banking trojans were also found using two-factor operations in web injects, or packages that can remove web page elements and prevent a user from seeing a security alert. Because these web injects removed the need for two-factor authentication, cybercriminals could easily access a victim’s banking credentials from right under their noses.

But don’t worry – there’s good news. By reflecting on the evolving landscape of cybersecurity, we can better prepare ourselves for potential threats. Therefore, to prepare your devices for schemes such as these, follow these tips:

  • Go directly to the source. Websites like YouTube are often prone to links for fake websites and apps so criminals can make money off of downloads. Avoid falling victim to these frauds and only download software straight from a company’s home page.
  • Click with caution. Only click on links in text messages that are from trusted sources. If you receive a text message from an unknown sender, stay cautious and avoid interacting with the message.
  • Use comprehensive security. Whether you’re using a mobile banking app on your phone or browsing the internet on your desktop, it’s important to safeguard all of your devices with an extra layer of security. Use a robust security software like McAfee Total Protection so you can connect with confidence.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Homeon Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/feed/ 0
How to Stay Secure from the Latest Volkswagen Giveaway Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/#respond Thu, 13 Dec 2018 20:46:19 +0000 https://securingtomorrow.mcafee.com/?p=93089

You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the company will be giving away 20 free vehicles before the end of the year. If you think you’re about to win a new car, think again. This is likely a fake Volkswagen phishing scam, which […]

The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blogs.

]]>

You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the company will be giving away 20 free vehicles before the end of the year. If you think you’re about to win a new car, think again. This is likely a fake Volkswagen phishing scam, which has been circulating social media channels like WhatsApp and Facebook, enticing hopeful users looking to acquire a new ride.

This fake Volkswagen campaign works differently than your typical phishing scam. The targeted user receives the message via WhatsApp or Facebook and is prompted to click on the link to participate in the contest. But instead of attempting to collect personal or financial information, the link simply redirects the victim to what appears to be a standard campaign site in Portuguese. When the victim clicks the buttons on the website, they are redirected to a third-party advertising site asking them to share the contest link with 20 of their friends. The scam authors, under the guise of being associated with Volkswagen, promise to contact the victims via Facebook once this task is completed.

As of now, we haven’t seen indicators that participants have been infected by malicious software or had any personal information stolen as a result of this scam. But because the campaign link redirects users to ad servers, the scam authors are able to maximize revenue for the advertising network. This encourages malicious third-party advertisers to continue these schemes in order to make a profit.

The holidays in particular are a convenient time for cybercriminals to create more scams like this one, as users look to social media for online shopping inspiration. Because schemes such as this could potentially be profitable for cybercriminals, it is unlikely that phishing scams spread via social media will let up. Luckily, we’ve outlined the following tips to help dodge fake online giveaways:

  • Avoid interacting with suspicious messages. If you receive a message from a company asking you to enter a contest or share a certain link, it is safe to assume that the sender is not from the actual company. Err on the side of caution and don’t respond to the message. If you want to see if a company is actually having a sale, it is best to just go directly to their official site to get more information.
  • Be careful what you click on. If you receive a message in an unfamiliar language, one that contains typos, or one that makes claims that seem too good to be true, avoid clicking on any attached links.
  • Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help safeguard you from malware and warn you of phishing attempts so you can connect with confidence.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/feed/ 0
How To Tell If Your Smartphone Has Been Hacked https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/#respond Mon, 10 Dec 2018 17:00:19 +0000 https://securingtomorrow.mcafee.com/?p=92956

Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it. […]

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>

Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it.

Given that our smartphones have become our new wallets, containing a treasure trove of personal and financial information, a breach can leave you at serious risk.

The intruder could log in to your accounts as you, spam your contacts with phishing attacks, or rack up expensive long-distance charges. They could also access any passwords saved on your phone, potentially opening the door to sensitive financial accounts. That’s why it’s important to be able to recognize when your smartphone has been hacked, especially since some of the signs can be subtle.

Here are some helpful clues:

Performance Differences

Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? What about your data plan? Are you exceeding your normal limits? These are all signs that you have malware running in the background, zapping your phone’s resources.

You may have downloaded a bad app, or clicked on a dangerous link in a text message. And malware, like Bitcoin miners, can strain computing power, sometimes causing the phone to heat up, even when you aren’t using it.

Mystery Apps or Data

If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, a hacker is probably in your system. They may be using your device to send premium rate calls or messages, or to spread malware to your contacts.

Pop-ups or Strange Screen Savers

Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.

What To Do

If any of these scenarios sound familiar, it’s time to take action. Start by deleting any apps or games you didn’t download, erasing risky messages, and running mobile security software, if you have it. Warn your contacts that your phone has been compromised, and to ignore any suspicious links or messages coming from you.

If the problem still doesn’t go away, consider restoring your phone to its original settings. Search online for instructions for your particular phone and operating system to learn how.

Now, let’s look at how to avoid getting hacked in the first place.

Secure Smartphone Tips

1. Use mobile security software—These days your smartphone is just as data rich as your computer. Make sure to protect your critical information, and your privacy, by using comprehensive mobile security software that not only protects you from online threats, but offers anti-theft and privacy protection.

2. Lock your device & don’t store passwords—Make sure that you are using a passcode or facial ID to lock your device when you’re not using it. This way, if you lose your phone it will be more difficult for a stranger to access your information.

Also, remember not to save password or login information for banking apps and other sensitive accounts. You don’t want a hacker to be able to automatically login as you if they do gain access to your device.

3. Avoid using public Wi-Fi—Free Wi-Fi networks, like those offered in hotels and airports, are often unsecured. This makes it easy for a hacker to potentially see the information you are sending over the network. Also, be wary of using public charging stations, unless you choose a “charging only” cable that cannot access your data.

 4. Never leave your device unattended in public—While many threats exist online, you still have to be aware of real-world threats, like someone grabbing your device when you’re not looking. Keep your smartphone on you, or within view, while in public.

If you have a “phone visibility” option, turn it off. This setting allows nearby devices to see your phone and exchange data with it.

5. Stay aware—New mobile threats are emerging all the time. Keep up on the latest scams and warning signs, so you know what to look out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/feed/ 0
Attention Red Dead Redemption 2 Players: Dodge This New Download Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/#respond Thu, 06 Dec 2018 17:00:58 +0000 https://securingtomorrow.mcafee.com/?p=92879

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a […]

The post Attention Red Dead Redemption 2 Players: Dodge This New Download Scam appeared first on McAfee Blogs.

]]>

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a profit on these downloads.

You’re probably wondering how exactly this scam works. It first begins with cybercriminals planting their phony download traps in ads on platforms like YouTube, Twitter, and blog postings. With other, less sophisticated scams, a user would be prompted to install several bundled applications at this point, each one generating revenue for the scammer. But this scheme works a little bit differently. When the user clicks on the “download” button, they are presented with a fake install screen showing the progression of the game’s download process.  The fake install takes about an hour to complete, further giving the illusion that a large file is actually being downloaded on the user’s device.

Once the fake installation is complete, the user is asked to enter a nonexistent license key (a pattern of numbers and/or letters provided to licensed users of a software program). If a user clicks on one of the buttons on this screen, they are redirected to a website asking for human verification in the form of surveys and questionnaires. These surveys trick the user into divulging their personal information for the cybercriminal’s disposal. What’s more, the scammer earns revenue for their malicious acts.

Because this scheme tricks users into handing over their personal information, it affects a victim’s overall privacy. Luckily, there are steps users can take to combat this threat:

  • Browse with caution. Many scammers target gamers through popular websites like YouTube and Twitter to push out malicious content. Use discretion when browsing these websites.
  • Only download content from trusted sources. If you come across a download offer that seems too good to be true, it probably is. Only download software from legitimate sources and avoid sites if you can’t tell whether they are trustworthy or not.
  • Use security software to browse the internet. Sometimes, it can be hard to distinguish whether a site is malicious or not. Security solutions like McAfee WebAdvisor can detect the URLs and scam installers associated with this threat.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Red Dead Redemption 2 Players: Dodge This New Download Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/feed/ 0
Software Company WakeNet AB Discovered Spreading PUPs to Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/#respond Tue, 04 Dec 2018 05:01:48 +0000 https://securingtomorrow.mcafee.com/?p=92891

Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, […]

The post Software Company WakeNet AB Discovered Spreading PUPs to Users appeared first on McAfee Blogs.

]]>

Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, as they recently investigated a company that has taken advantage of this software and is using deceptive techniques to spread malicious files. Meet WakeNet AB, a Swedish pay-per-install software developer that has generated a large amount of revenue – even more so than some of the most prevalent ransomware families – from spreading PUPs (potentially unwanted programs).

So, how does WakeNet AB infect users’ devices with PUPs? WakeNet sets up PPI sites to entice affiliate hackers to spread malicious files and adware. WakeNet’s most recent distribution vessel is the site FileCapital. FileCapital provides affiliate hackers with a variety of “marketing tools” such as embedded movies, landing pages, banners, and buttons. These deceptive tools are intended to coax victims into installing bundled applications that house different PUPs. Victims may install these applications because they are disguised as legitimate programs. For example, a user may think they are installing a helpful performance cleaner onto their computer. What they don’t know is that the “performance cleaner” is actually disguising other malicious files that could lead to irritating adverts and decreased computer performance.

As of now, it seems unlikely that PUP development will slow since it helps their distributors earn a considerable amount of money. With that said, it’s important now more than ever for users to be aware of the security risks involved with PUPs like the ones spread by WakeNet’s FileCapital. Check out the following tips to better protect yourself from this threat:

  • Click with caution. Be wary of pop-ups and websites asking you to click on items like movie playbacks and other software downloads. These items could infect your device with annoying adverts and malware.
  • Only download software from trusted sources. If you receive a pop-up asking you to update or install software, be vigilant. Adware and PUPs are often disguised as legitimate sites or software companies. Your best bet is to play it safe and go directly to the source when updating or installing new software.
  • Use a robust security software. Using a security solution like McAfee Total Protection could help protect your device from exposure to PUPs that have been spread by WakeNet’s FileCapital. McAfee Total Protection blocks auto-play videos on websites that decrease computer performance and warns you of risky websites and links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Software Company WakeNet AB Discovered Spreading PUPs to Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/feed/ 0
What To Do When Your Social Media Account Gets Hacked https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/#respond Mon, 03 Dec 2018 17:00:15 +0000 https://securingtomorrow.mcafee.com/?p=92869

You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account has been hacked. What do you do? This is a timely question […]

The post What To Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.

]]>

You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account has been hacked. What do you do?

This is a timely question considering that social media breaches have been on the rise. A recent survey revealed that 22%of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once. And, earlier this year Facebook itself got hacked, exposing the identity information of 50 million users.

Your first move—and a crucial one—is to change your password right away, and notify your connections that your account has been hacked. This way your friends know not to click on any suspicious posts or messages that appear to be coming from you because they might contain malware or phishing attempts. But that’s not all. There may be other, hidden threats to having your social media account hacked.

The risks associated with a hacker poking around your social media have a lot to do with how much personal information you share. Does your account include personal information that could be used to steal your identity, or guess your security questions on other accounts?

These could include your date of birth, address, hometown, or names of family members and pets. Just remember, even if you keep your profile locked down with strong privacy settings, once the hacker logs in as you, everything you have posted is up for grabs.

You should also consider whether the password for the compromised account is being used on any of your other accounts, because if so, you should change those as well. A clever hacker could easily try your email address and known password on a variety of sites to see if they can log in as you, including on banking sites.

Next, you have to address the fact that your account could have been used to spread scams or malware. Hackers often infect accounts so they can profit off clicks using adware, or steal even more valuable information from you and your contacts.

You may have already seen the scam for “discount Ray-Ban” sunglasses that plagued Facebook a couple of years ago, and recently took over Instagram. This piece of malware posts phony ads to the infected user’s account, and then tags their friends in the post. Because the posts appear in a trusted friend’s feed, users are often tricked into clicking on it, which in turn compromises their own account.

So, in addition to warning your contacts not to click on suspicious messages that may have been sent using your account, you should flag the messages as scams to the social media site, and delete them from your profile page.

Finally, you’ll want to check to see if there are any new apps or games installed to your account that you didn’t download. If so, delete them since they may be another attempt to compromise your account.

Now that you know what do to after a social media account is hacked, here’s how to prevent it from happening in the first place.

How To Keep Your Social Accounts Secure

  • Don’t click on suspicious messages or links, even if they appear to be posted by someone you know.
  • Flag any scam posts or messages you encounter on social media to the website, so they can help stop the threat from spreading.
  • Use unique, complicated passwords for all your accounts.
  • If the site offers multi-factor authentication, use it, and choose the highest privacy setting available.
  • Avoid posting any identity information or personal details that might allow a hacker to guess your security questions.
  • Don’t log in to your social accounts while using public Wi-Fi, since these networks are often unsecured and your information could be stolen.
  • Always use comprehensive security software that can keep you protected from the latest threats.
  • Keep up-to-date on the latest scams and malware threats

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What To Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/feed/ 0
Affected by a Data Breach? 6 Security Steps You Should Take https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/#respond Fri, 30 Nov 2018 22:48:01 +0000 https://securingtomorrow.mcafee.com/?p=92893

It’s common for people to share their personal information with companies for multiple reasons. Whether you’re checking into a hotel room, using a credit card to make a purchase at your favorite store, or collecting rewards points at your local coffee shop, companies have more access to your data than you may think. While this […]

The post Affected by a Data Breach? 6 Security Steps You Should Take appeared first on McAfee Blogs.

]]>

It’s common for people to share their personal information with companies for multiple reasons. Whether you’re checking into a hotel room, using a credit card to make a purchase at your favorite store, or collecting rewards points at your local coffee shop, companies have more access to your data than you may think. While this can help you build relationships with your favorite vendors, what happens if their security is compromised?

A high-profile hotel and another popular consumer brand’s perks program recently experienced data breaches that exposed users’ personal information. If you think you were affected by one of these breaches, there are multiple steps you can take to help protect yourself from the potential side effects.

Check out the following tips if you think you may have been affected by a data breach, or just want to take extra precautions:

  • Change your password. Most people will rotate between the same three passwords for all of their personal accounts. While this makes it easier to remember your credentials, it also makes it easier for hackers to access more than one of your accounts. Try using a unique password for every one of your accounts or employ a password manager.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.
  • Update your privacy settings. Be careful with how much of your personal information you share online. Make sure your social media accounts and mobile apps are on private and use multi-factor authentication to prevent your accounts from being hacked.
  • Be vigilant about checking your accounts. If you suspect that your personal data has been compromised, frequently check your bank account and credit activity. Many banks and credit card companies offer free alerts that notify you via email or text messages when new purchases are made, if there’s an unusual charge, or when your account balance drops to a certain level. This will help you stop fraudulent activity in its tracks.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Affected by a Data Breach? 6 Security Steps You Should Take appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/feed/ 0
The Spotify Phishing Scam: How to Reel in This Cyberthreat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/#respond Wed, 28 Nov 2018 18:16:13 +0000 https://securingtomorrow.mcafee.com/?p=92859

Many music-lovers around the world use Spotify to stream all of their favorite tunes. While the music streaming platform is a convenient tool for users to download and listen to their music, hackers are capitalizing on the company’s popularity with a recent phishing campaign. The campaign lures users into giving up their account details, putting […]

The post The Spotify Phishing Scam: How to Reel in This Cyberthreat appeared first on McAfee Blogs.

]]>

Many music-lovers around the world use Spotify to stream all of their favorite tunes. While the music streaming platform is a convenient tool for users to download and listen to their music, hackers are capitalizing on the company’s popularity with a recent phishing campaign. The campaign lures users into giving up their account details, putting innocent Spotify customers’ credentials at risk.

So, how are the account hijackers conducting these phishing attacks? The campaign sends listeners fraudulent emails that appear to be from Spotify, prompting them to confirm their account details. However, the link contained in the email is actually a phishing link. When the user clicks on it, they are redirected to a phony Spotify website where they are prompted to enter their username and password for the hacker’s disposal.

This phishing campaign can lead to a variety of other security risks for victims exposed to the threat. For example, many users include their birthday or other personal information in their password to make it easier to remember. If a hacker gains access to a user’s Spotify password, they are given a glance into the victim’s password creation mindset, which could help them breach other accounts belonging to the user.

Fortunately, there are multiple steps users can take to avoid the Spotify phishing campaign and threats like it. Check out the following tips:

  • Create complex passwords. If a hacker gains access to a victim’s username and password, they will probably analyze these credentials to determine how the victim creates their passwords. It’s best to create passwords that don’t include personal information, such as your birthday or the name of your pet.
  • Avoid reusing passwords. If victims reuse the same password for multiple accounts, this attack could allow cybercriminals to breach additional services and platforms. To prevent hackers from accessing other accounts, create unique usernames and passwords for each online platform you use.
  • Look out for phishing red flags. If you notice that the “from” address in an email is a little sketchy or an unknown source, don’t interact with the message. And if you’re still unsure of whether the email is legitimate or not, hover your mouse over the button prompting you to click on the link (but don’t actually click on it). If the URL preview doesn’t seem to be related to the company, it is most likely a phishing email.
  • Be skeptical of emails claiming to come from legitimate companies. If you receive an email asking to confirm your login credentials, go directly to the company’s website. You should be able to check the status of your account on the company website or under the settings portion of the Spotify app to determine the legitimacy of the request.
  • Use security software to surf the web safely. Make sure you use a website reputation tool like McAfee WebAdvisor to avoid landing on phishing and malicious sites.

And, as always, to stay on top of the latest and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?and ‘Like’ us on Facebook.

The post The Spotify Phishing Scam: How to Reel in This Cyberthreat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/feed/ 0
What Your Password Says About You https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/#respond Fri, 16 Nov 2018 21:50:22 +0000 https://securingtomorrow.mcafee.com/?p=92744

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is […]

The post What Your Password Says About You appeared first on McAfee Blogs.

]]>

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is easy to remember rather than super secure.

The urge to pick simple passwords is understandable given the large number of passwords that are required in our modern lives—for banking, social media, and online services, to simply unlocking our phones. But choosing weak passwords can be a major mistake, opening you up to theft and identity fraud.

Even if you choose complicated passwords, the recent rash of corporate data breaches means you could be at even greater risk by repeating passwords across accounts. When you repeat passwords all a hacker needs to do is breach one service provider to obtain a password that can unlock a string of accounts, including your online banking services. These accounts often include identity information, leaving you open to impersonation. The bad guys could open up fraudulent accounts in your name, for example, or even collect your health benefits.

So, now that you know the risks of weak password security, let’s see what your password says about you. Take this quiz to find out, and don’t forget to review our password safety tips below!

Password Quiz – Answer “Yes” or “No”

  1. Your passwords don’t include your address, birthdate, anniversary, or pet’s name.
  2. You don’t repeat passwords.
  3. Your passwords are at least 8 characters long and include numbers, upper and lower case letters, and characters.
  4. You change default passwords on devices to something hard to guess.
  5. You routinely lock your phone and devices with a passcode or fingerprint.
  6. You don’t share your passwords with people you’re dating or friends.
  7. You use a password manager.
  8. If you write your passwords down, you keep them hidden in a safe place, where no one else can find them.
  9. You get creative with answers to security questions to make them harder to guess. For example, instead of naming the city where you grew up, you name your favorite city, so someone who simply reads your social media profile cannot guess the answer.
  10. You make sure no one is watching when you type in your passwords.
  11. You try to make your passwords memorable by including phrases that have meaning to you.
  12. You use multi-factor authentication.

Now, give yourself 1 point for each question you answered “yes” to, and 0 points for each question you answered “no” to. Add them up to see what your password says about you.

9-12 points:

You’re a Password Pro!

You take password security seriously and know the importance of using unique, complicated passwords for each account. Want to up your password game? Use multi-factor authentication, if you don’t already. This is when you use more than one method to authenticate your identity before logging in to an account, such as typing in a password, as well as a code that is sent to your phone via text message.

4-8 points

You’re a Passable Passworder

You go through the basics, but when it comes to making your accounts as secure as they can be you sometimes skip important steps. Instead of creating complicated passwords yourself—and struggling to remember them—you may want to use a password manager, and let it do the work for you. Soon, you’ll be a pro!

1-3 points

You’re a Hacker’s Helper

Uh oh! It looks like you’re not taking password security seriously enough to ensure that your accounts and data stay safe. Start by reading through the tips below. It’s never too late to upgrade your passwords, so set aside a little time to boost your security.

Key Tips to Become a Password Pro:

  • Always choose unique, complicated passwords—Try to make sure they are at least 8 characters long and include a combination of numbers, letters, and characters. Don’t repeat passwords for critical accounts, like financial and health services, and keep them to yourself.Also, consider using a password manager to help create and store unique passwords for you. This way you don’t have to write passwords down or memorize them. Password managers are sometimes offered as part of security software.
  • Make your password memorable—We know that people continue to choose simple passwords because they are easier to remember, but there are tricks to creating complicated and memorable passwords. For instance, you can string random words together that mean something to you, and intersperse them with numbers and characters. Or, you can choose random letters that comprise a pattern only know to you, such as the fist letter in each word of a sentence in your favorite book.
  • Use comprehensive security software—Remember, a strong password is just the first line of defense. Back it up with robust security softwarethat can detect and stop known threats, help you browse safely, and protect you from identity theft.

For more great password tips, go here.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Your Password Says About You appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/feed/ 0
Don’t Get PWNed by Fake Gaming Currency Sites https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/#respond Fri, 16 Nov 2018 01:34:35 +0000 https://securingtomorrow.mcafee.com/?p=92740

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and […]

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.

]]>

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and time-consuming to complete. As a result, many players look to various websites as an easier way to download more gaming currency. Unfortunately, malicious actors are taking advantage of this trend to scam gamers into downloading malware or PUPs (potentially unwanted programs).

There are a variety of techniques scammers use to trick players into utilizing their malicious sites. The first is fake chat rooms. Scammers will set up seemingly legitimate chat rooms where users can post comments or ask questions. What users don’t know is that a bot is actually answering their inquiries automatically. Scammers also ask these victims for “human interaction” by prompting them to enter their personal information via surveys to complete the currency download. What’s more – the message will show a countdown to create a sense of urgency for the user.

These scammers also use additional techniques to make their sites believable, including fake Facebook comments and “live” recent activity updates. The comments and recent activity shown are actually hard-coded into the scam site, giving the appearance that other players are receiving free gaming currency.

These tactics, along with a handful of others, encourage gamers to use the scam sites so cybercriminals can distribute their malicious PUPs or malware. So, with such deceptive sites existing around the internet, the next question is – what can players do to protect themselves from these scammers? Check out the following tips to avoid this cyberthreat:

  • Exercise caution when clicking on links. If a site for virtual currency is asking you to enter your username, password, or financial information, chances are the website is untrustworthy. Remember, when in doubt, always err on the side of caution and avoid giving your information to a site you’re not 100% sure of.
  • Put the chat room to the test. To determine if a chat site is fake, ask the same question a few times. If you notice the same response, it is likely a phony website.
  • Do a Google search of the Facebook comments. An easy way to check if the Facebook comments that appear on a site are legitimate is to copy and paste them into Google. If you see a lot of similar websites come up with the same comments in the description, this is a good indication that it is a scam site.
  • Use security software to surf the web safely. Products like McAfee WebAdvisor can help block gamers from accessing the malicious sites mentioned in this blog.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/feed/ 0
Preventing WebCobra Malware From Slithering Onto Your System https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/#respond Wed, 14 Nov 2018 21:15:31 +0000 https://securingtomorrow.mcafee.com/?p=92720

Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need […]

The post Preventing WebCobra Malware From Slithering Onto Your System appeared first on McAfee Blogs.

]]>

Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need a ton of computer resources, since successful bitcoin mining requires a large amount of hardware. Unfortunately, these miners can be used for more nefarious purposes if they’re included within malicious software. Enter WebCobra, a malware that exploits victims’ computers to help cybercriminals mine for cryptocurrencies, a method also known as cryptojacking.

How does WebCobra malware work, exactly? First, WebCobra uses droppers (Trojans designed to install malware onto a victim’s device) to check the computer’s system. The droppers let the malware know which cryptocurrency miner to launch. Then, it silently slithers onto a victim’s device via rogue PUP (potentially unwanted program) and installs one of two miners: Cryptonight or Claymore’s Zcash. Depending on the miner, it will drain the victim’s device of its computer processor’s resources or install malicious file folders that are difficult to find.

The most threatening part of WebCobra malware is that it can be very difficult to detect. Often times, the only sign of its presence is decreased computer performance. Plus, when the dropper is scanning the victim’s device, it will also check for security products running on the system. Many security products use APIs, or application programming interfaces, to monitor malware behavior – and WebCobra is able to overwrite some. This means it can essentially unhook the API and disrupt the system’s communication methods, and therefore remain undetected for a long time.

While cryptocurrency mining can be a harmless hobby, users should be cautious of criminal miners with poor intentions. So, what can you do to prevent WebCobra from slithering onto your system? Check out the following tips:

  • If your computer slows down, be cautious. It can be hard to determine if your device is being used for a cryptojacking campaign. One way you can identify the attack – poor performance. If your device is slow or acting strange, start investigating and see if your device may be infected with malware.
  • Use a comprehensive security solution. Having your device infected with malware will not only slow down its performance but could potentially lead to exposed data. To secure your device and help keep your system running smoothly and safely, use a program like McAfee Total Protection. McAfee products are confirmed to detect WebCobra.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Preventing WebCobra Malware From Slithering Onto Your System appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/feed/ 0
“League of Legends” YouTube Cheat Links: Nothing to “LOL” About https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/#comments Fri, 09 Nov 2018 19:27:02 +0000 https://securingtomorrow.mcafee.com/?p=92621 If you’re an avid gamer, you’ve probably come across a game that just seems impossible to complete. That’s because, thanks to the internet, it’s so simple to look for cheats to games on YouTube to help you level up. Most cheats exist in the form of software patches that execute files in order to activate […]

The post “League of Legends” YouTube Cheat Links: Nothing to “LOL” About appeared first on McAfee Blogs.

]]>
If you’re an avid gamer, you’ve probably come across a game that just seems impossible to complete. That’s because, thanks to the internet, it’s so simple to look for cheats to games on YouTube to help you level up. Most cheats exist in the form of software patches that execute files in order to activate the cheat. However, malware and PUP (short for “potentially unwanted program”) authors are using gaming cheats to trick users into downloading their malicious files in order to make a profit. And that’s exactly what YouTube channel owner “LoL Master” has been doing to “League of Legends” players.

So how exactly does this “LoL Master” trick these innocent users? The cybercriminal uploads videos to his or her YouTube channel that demonstrate how to use various cheat files, which also provide links pointing to websites that allegedly distribute cheats and stolen accounts. When players click on these links, however, they’re now exposed to cyberthreats.

When on these sites, players will be prompted to download the cheat files, but the files are actually bundled with other malicious files uploaded by wannabe cybercriminals. If users click download, PUP installers distribute the bundled files and push them onto a victim’s device. “LoL Master” makes a profit on these downloads while the victim’s device suffers from malware.

“League of Legends” players may not pick up on this scheme for a number of reasons. First, the file hosting site falsely claims that the malware analysis software VirusTotal scanned the file. Second, the site attempts to block antimalware scanners from detecting the malicious files by putting them in a password-protected zip file. If the player isn’t using antimalware software, the PUP installer will push adware or other malicious software onto the victim’s device once they unzip the file.

So, what steps can players take to avoid this malicious trick? Check out the following tips to help protect your online security:

  • Browse with caution. Although it may seem harmless to peruse YouTube comments and descriptions, malware and PUP authors use this as a vector to push their malicious downloads. Use discretion when clicking on any links included in these comments.
  • Don’t download something unless it comes from a trusted source. It is one thing to browse around YouTube comments, it is another entirely to download items from sketchy sites. Only download software from legitimate sources, and if you’re unsure if the site is trustworthy, it is best to just avoid it entirely.
  • Use security software to surf the web safely. It can be hard to identify which sites out there are malicious. Get some support by using a tool like McAfee WebAdvisor, which safeguards you from cyberthreats while you browse.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post “League of Legends” YouTube Cheat Links: Nothing to “LOL” About appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/feed/ 2
Connected or Compromised? How to Stay Secure While Using Push Notifications https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/#respond Tue, 06 Nov 2018 19:02:17 +0000 https://securingtomorrow.mcafee.com/?p=92499 You’re probably familiar with push notifications – messages sent by app publishers that pop up on your desktop or mobile device. Browser push notifications are messages from websites that users have granted permission to serve them the latest news without having to open the actual website. While push notifications are a handy way to stay current […]

The post Connected or Compromised? How to Stay Secure While Using Push Notifications appeared first on McAfee Blogs.

]]>
You’re probably familiar with push notifications – messages sent by app publishers that pop up on your desktop or mobile device. Browser push notifications are messages from websites that users have granted permission to serve them the latest news without having to open the actual website. While push notifications are a handy way to stay current with social media and the latest news from your favorite apps, the researchers here at McAfee have observed that these notifications have some compromising features, which impact both Chrome and Firefox browsers.

It turns out there are some real cybersecurity risks involved with taking advantage of the convenience of browser push notifications. That’s because to show push notifications, website owners must utilize pop-up ads that first request permission to show notifications. Essentially, users are tricked into thinking that the request is coming from the host site instead of the pop-up. This feature is currently being exploited by adware companies, which are using it to load unwanted advertisements onto users’ screens. Often times, these ads contain offensive or inappropriate material and users can even be exposed to irritating pop-ups that could potentially lead to viruses and malware.

So, how can users enjoy the convenience of push notifications without putting themselves at risk of a cyberattack? Check out the following tips:

  • Follow Google Chrome’s instructions on how to allow or block notifications. Check out this step-by-step guide to customize which sites you receive push notifications from and which ones you don’t.
  • Customize your Firefox notification options. You can check the status of which sites you have given permission to send notifications your way and choose whether to have the browser always ask for permission, allow or block notifications.
  • Use parental controls.No one wants inappropriate ads, especially parents of young children. To prevent exposing your kids to the inappropriate adverts that could result from push notifications, implement parental controls on your desktop. This additional filtering could prevent your child from accidentally clicking on malicious content that could infect your device.
  • When in doubt, block it out. If you come across a push notification pop-up from a suspicious-looking website or unfamiliar app, click on the ‘Block’ option to stay on the safe side.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Connected or Compromised? How to Stay Secure While Using Push Notifications appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/feed/ 0
Hackable?, the Original Podcast from McAfee, is Back for Season Three https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/#respond Tue, 06 Nov 2018 17:00:23 +0000 https://securingtomorrow.mcafee.com/?p=92467 Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age. But we can’t fight it alone. That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. […]

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age.

But we can’t fight it alone.

That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. The more we can educate and collaborate, the better we can fight cybercrime together.

That’s why I’m so excited to announce that our award-winning podcast “Hackable?” has returned for its third season. I’m proud that its resonated and been downloaded millions of times by loyal listeners.

For two seasons, host Geoff Siskind and cybersecurity expert Bruce Snell have used rich storytelling and expert advice to captivate audiences while raising cybersecurity awareness. Each episode, Geoff invites a white-hat hacker to try and crack a device he is using. These hacks are inspired by TV shows and movies, and in the second season, he put his own passwords and credit cards on the line and was even trapped in an internet-connected car wash.

In the third season, Geoff is going to strap on a hacked virtual reality headset, risk his laptop’s security, investigate if drones are vulnerable and much more.

Thankfully, Bruce is there to provide tips and help make sure that none of this happens to any of the show’s listeners.

After all, internet-connected devices are great. They offer entertainment, utility, and convenience. “Hackable?” isn’t about scaring you from using smart technologies, but about raising awareness so that you can understand where they are susceptible to a cyberattack. Often, a few simple steps are all it takes to protect you, your home, your loved ones, and your personal data.

New episodes of Hackable? will launch every two weeks. Listen on Apple Podcasts, Spotify, Castbox, Stitcher, Google Podcasts, and Radio Public. Don’t forget to rate, review, and subscribe! Check out the podcast site for bonus content, illustrations, and a behind-the-scenes look at each episode.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/feed/ 0
Hackable?, the Original Podcast from McAfee, is Back for Season Three https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/#respond Mon, 05 Nov 2018 19:02:33 +0000 https://securingtomorrow.mcafee.com/?p=92506 Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age. But we can’t fight it alone. That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. […]

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age.

But we can’t fight it alone.

That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. The more we can educate and collaborate, the better we can fight cybercrime together.

That’s why I’m so excited to announce that our award-winning podcast “Hackable?” has returned for its third season. I’m proud that its resonated and been downloaded millions of times by loyal listeners.

For two seasons, host Geoff Siskind and cybersecurity expert Bruce Snell have used rich storytelling and expert advice to captivate audiences while raising cybersecurity awareness. Each episode, Geoff invites a white-hat hacker to try and crack a device he is using. These hacks are inspired by TV shows and movies, and in the second season, he put his own passwords and credit cards on the line and was even trapped in an internet-connected car wash.

In the third season, Geoff is going to strap on a hacked virtual reality headset, risk his laptop’s security, investigate if drones are vulnerable and much more.

Thankfully, Bruce is there to provide tips and help make sure that none of this happens to any of the show’s listeners.

After all, internet-connected devices are great. They offer entertainment, utility, and convenience. “Hackable?” isn’t about scaring you from using smart technologies, but about raising awareness so that you can understand where they are susceptible to a cyberattack. Often, a few simple steps are all it takes to protect you, your home, your loved ones, and your personal data.

New episodes of Hackable? will launch every two weeks. Listen on Apple Podcasts, Spotify, Castbox, Stitcher, Google Podcasts, and Radio Public. Don’t forget to rate, review, and subscribe! Check out the podcast site for bonus content, illustrations, and a behind-the-scenes look at each episode.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.


{
"metadata": {
"id": "cc720909-8437-4fa4-9314-305295d86f6c",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/img_1616344032909327.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/img_1616344032909327.jpg",
"pubDate": "Tue 06 Nov 2018 12:35:48 +0000"
}
}

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/feed/ 0
How to Protect Yourself from Tech Support Imposters https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/#respond Fri, 02 Nov 2018 19:13:30 +0000 https://securingtomorrow.mcafee.com/?p=92410 Many of us rely on our technology throughout our everyday lives. So, when something goes wrong, we look to tech support to save the day. Unfortunately, cybercriminals have used our reliance on tech support to make a profit in the form of tech support scams. And now it appears that a brand new scheme has […]

The post How to Protect Yourself from Tech Support Imposters appeared first on McAfee Blogs.

]]>
Many of us rely on our technology throughout our everyday lives. So, when something goes wrong, we look to tech support to save the day. Unfortunately, cybercriminals have used our reliance on tech support to make a profit in the form of tech support scams. And now it appears that a brand new scheme has emerged, which has disguised itself as a McAfee tech support pop-up and is going after victims’ financial information.

While there have been other tech support scams impersonating McAfee, this one is a bit different. Previous scams would redirect users to McAfee’s site using an affiliate link (site clicks generate commission), whereas this one starts by stating the user’s subscription is about to expire.

If the user believes the faulty expiration messages and clicks on the “Renew Now” button, they will be prompted to enter their credit card and personal information. Once the user submits this information, they will be redirected to a page asking to call a tech support number to set up the service. The so-called “agent” will refer to themselves as “Premium Technical Support” and claim to be either McAfee or a partner of McAfee. They will then request to remotely connect to the user’s device in order to install the software and will tell the user that the credit card information did not go through. At this point, the victim will be prompted to purchase the software through McAfee’s site and connect to what appears to be a McAfee affiliate link – which actually distributes adware and unwanted software.

Essentially, these victims were just tricked into giving up their credit card information to scammers and their device could potentially be infected with malware. They’re now at risk of having even more information swooped and could even be a victim of identity fraud. Fortunately, there are proactive steps these users can take to avoid these scams and keep their data safe. Start by following these tips:

  • Go straight to the source. If you receive a pop-up claiming to be from a company, do not click on it. Instead, go directly to the company’s website. From here you will be able to get in contact with the company’s real tech support and check the status of your subscription. If you are a McAfee customer, you can always reach us at https://service.mcafee.com/.
  • Be extremely cautious about giving out personal information. Before handing over your personal or credit card information, do your homework. Research the company and check the customer reviews. If you decide to make a purchase, make sure it is directly from the company’s website.
  • Be suspicious of callers claiming to be tech support. You need to field each call from a random number with caution, especially if they reached out to you first. Never respond to unsolicited calls or pop-ups warning you of a technical issue, and never let anyone remotely take over your device.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How to Protect Yourself from Tech Support Imposters appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/feed/ 0
Kraken Ransomware Emerges from the Depths: How to Tame the Beast https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/#respond Tue, 30 Oct 2018 21:03:58 +0000 https://securingtomorrow.mcafee.com/?p=92295 Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware. In fact, the attackers behind the ransomware were able to access […]

The post Kraken Ransomware Emerges from the Depths: How to Tame the Beast appeared first on McAfee Blogs.

]]>
Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware. In fact, the attackers behind the ransomware were able to access the website superantispyware.com and distribute the ransomware from there.

So how did this stealthy monster recently gain more traction? The McAfee Advanced Threat Research team, along with the Insikt group from Recorded Future, decided to uncover the mystery. They soon found that the Fallout Exploit kit, a type of toolkit cybercriminals use to take advantage of system vulnerabilities, started delivering Kraken ransomware at the end of September. In fact, this is the same exploit kit used to deliver GandCrab ransomware. With this new partnership between Kraken and Fallout, Kraken now has an extra vessel to employ its malicious tactics.

Now, let’s discuss how Kraken ransomware works to encrypt a victim’s computer. Kraken utilizes a business scheme called Ransomware-as-a-Service, or RaaS, which is a platform tool distributed by hackers to other hackers. This tool gives cybercriminals the ability to hold a victim’s computer files, information, and systems hostage. Once the victim pays the ransom, the hacker sends a percentage of the payment to the RaaS developers in exchange for a decryption code to be forwarded to the victim. However, Kraken wipes files from a computer using external tools, making data recovery nearly impossible for the victim. Essentially, it’s a wiper.

Kraken Cryptor ransomware employs a variety of tactics to keep it from being detected by many antimalware products. For example, hackers are given a new variant of Kraken every 15 days to help it slip under an antimalware solution’s radar. The ransomware also uses an exclusion list, a common method utilized by cybercriminals to avoid prosecution. The exclusion list archives all locations where Kraken cannot be used, suggesting that the cybercriminals behind the ransomware attacks reside in those countries. As you can see, Kraken goes to great lengths to cover its tracks, making it a difficult cyberthreat to fight.

Kraken’s goal is to encourage more wannabe cybercriminals to purchase this RaaS and conduct their own attacks, ultimately leading to more money in the developers’ pockets. Our research team observed that in Version 2 of Kraken, developers decreased their profit percentage by 5%, probably as a tactic to attract more affiliate hackers. The more criminal customers Kraken can onboard, the more attacks they can flesh out, and the more they can profit off of ransom collections.

So, what can users do to defend themselves from this stealthy monstrosity? Here are some proactive steps you can take:

  • Be wary of suspicious emails or pop-ups. Kraken was able to gain access to a legitimate website and other ransomware can too. If you receive a message or pop-up claiming to be from a company you trust but the content seems fishy, don’t click on it. Go directly to the source and contact the company from their customer support line.
  • Backup your files often. With cybercrime on the rise, it’s vital to consistently back up all of your important data. If your device becomes infected with ransomware, there’s no guarantee that you’ll get it back. Stay prepared and protected by backing up your files on an external hard drive or in the cloud.
  • Never pay the ransom. Although you may feel desperate to get your data back, paying does not guarantee that all of your information will be returned to you. Paying the ransom also contributes to the development of more ransomware families, so it’s best to just hold off on making any payments.
  • Use a decryption tool. No More Ransom provides tools to help users free their encrypted data. If your device gets held for ransom, check and see if a decryption tool is available for your specific strain of ransomware.
  • Use a comprehensive security solution. Add an extra layer of security on to all your devices by using a solution such as McAfee Total Protection, which now includes ransom guard and will help you better protect against these types of threats.

Want to learn more about Ransomware and how to defend against it? Visit our dedicated ransomware page.

 

The post Kraken Ransomware Emerges from the Depths: How to Tame the Beast appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/feed/ 0
“Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/#respond Wed, 24 Oct 2018 19:13:48 +0000 https://securingtomorrow.mcafee.com/?p=92249 Over the past two decades, we’ve seen a huge rise in the popularity of online gaming among both children and adults. One particular game that has experienced huge success is “Grand Theft Auto,” or GTA, which has been developed and produced by Rockstar Games. The most recent edition of the game, “Grand Theft Auto V,” […]

The post “Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug appeared first on McAfee Blogs.

]]>
Over the past two decades, we’ve seen a huge rise in the popularity of online gaming among both children and adults. One particular game that has experienced huge success is “Grand Theft Auto,” or GTA, which has been developed and produced by Rockstar Games. The most recent edition of the game, “Grand Theft Auto V,” hit $6 billion in sales as of April 2018, creating a record-breaking impact in the gaming industry. However, the game’s massive success doesn’t mean it’s immune to cyberattacks. A recent vulnerability in “Grand Theft Auto V” allowed malicious trolls to take over users’ games who were entering into single-player mode. By leveraging the flaw, these hackers were not only able to kick gamers off of their single-player session but could also continually kill their avatar.

So how exactly did these trolls carry out these attacks? Beginning last week, reports began to circulate that one popular ‘mod menu,’ or a series of alterations sought out and installed by players, was all the sudden advertising the ability to discover an online player’s Rockstar ID – a problem potentially originating from a bug found in the game’s most recent update. Taking advantage of this opportunity, hackers gained access to users’ Rockstar IDs and took control of their single-player games. Soon enough, legitimate players’ games were hijacked and sabotaged.

It is unclear as to whether this vulnerability came out of Rockstar’s most recent update or if this hack has been around for years and just now found its way to public PC mod menus. Either way, it sheds light on how persistent cyberthreats are in the world of online gaming – even impacting some of the most popular video games out there, such as “Grand Theft Auto V.”

Fortunately, reports are already circulating the bug was quietly patched over the weekend (despite confirmation from the game’s developer) – so to protect against the hack, all users should update their game as soon as possible. However, that doesn’t mean there still aren’t some steps these gamers can take to protect themselves from future hacks and vulnerabilities. Check out the following tips:

  • Limit the personal info on your online profile. Gamers are required to create a user profile in order to access the appropriate console/computer network. When creating your profile, avoid displaying your personal information that could potentially be used against you by hackers, such as your name, address, date of birth, and email address.
  • Create a unique and complex password for your online profile. The more complex the password, the more difficult it will be for a hacker to access your personal information. And, of course, make sure you don’t share your password with other users.
  • Be careful who you chat with. Online games will usually have a built-in messenger service that allows players to contact each other. It’s important to be aware of the risks associated with chatting to strangers. If you choose to use the chat feature in your online game, never give out your account details and avoid opening messages with attached files or links.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post “Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/feed/ 0
How to Squash the Android/TimpDoor SMiShing Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/#respond Wed, 24 Oct 2018 16:00:38 +0000 https://securingtomorrow.mcafee.com/?p=92160 As technology becomes more advanced, so do cybercriminals’ strategies for gaining access to our personal information. And while phishing scams have been around for over two decades, attackers have adapted their methods to “bait” victims through a variety of platforms. In fact, we’re seeing a rise in the popularity of phishing via SMS messages, or […]

The post How to Squash the Android/TimpDoor SMiShing Scam appeared first on McAfee Blogs.

]]>
As technology becomes more advanced, so do cybercriminals’ strategies for gaining access to our personal information. And while phishing scams have been around for over two decades, attackers have adapted their methods to “bait” victims through a variety of platforms. In fact, we’re seeing a rise in the popularity of phishing via SMS messages, or SMiShing. Just recently, the McAfee Mobile Research team discovered active SMiShing campaigns that are tricking users into downloading fake voice-messaging apps, called Android/TimpDoor.

So how does Android/TimpDoor infect a user’s device? When a victim receives the malicious text, the content will include a link. If they click on it, they’ll be directed to a fake web page. The website will then prompt the victim to download the app in order to listen to phony voice messages. Once the app has been downloaded, the malware collects the device information including device ID, brand, model, OS version, mobile carrier, connection type, and public/local IP address. TimpDoor allows cybercriminals to use the infected device as a digital intermediary without the user’s knowledge. Essentially, it creates a backdoor for hackers to access users’ home networks.

According to our team’s research, these fake apps have infected at least 5,000 devices in the U.S. since the end of March. So, the next question is what can users do to defend themselves from these attacks? Check out the following tips to stay alert and protect yourself from SMS phishing:

  • Do not install apps from unknown sources. If you receive a text asking you to download something onto your phone from a given link, make sure to do your homework. Research the app developer name, product title, download statistics, and app reviews. Be on the lookout for typos and grammatical errors in the description. This is usually a sign that the app is fake.
  • Be careful what you click on. Be sure to only click on links in text messages that are from a trusted source. If you don’t recognize the sender, or the SMS content doesn’t seem familiar, stay cautious and avoid interacting with the message.
  • Enable the feature on your mobile device that blocks texts from the Internet. Many spammers send texts from an Internet service in an attempt to hide their identities. Combat this by using this feature to block texts sent from the Internet.
  • Use a mobile security software. Make sure your mobile devices are prepared for TimpDoor or any other threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, as always, to stay up-to-date on the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Squash the Android/TimpDoor SMiShing Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/feed/ 0
Breaking Down the Rapidly Evolving GandCrab Ransomware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/#respond Wed, 17 Oct 2018 00:15:28 +0000 https://securingtomorrow.mcafee.com/?p=92088 Most ransomware strains have the same commonalities – bitter ransom notes, payment demanded in cryptocurrency, and inventive names. A select few, however, can go undetected by a handful of antimalware products. Meet GandCrab ransomware, a strain that somehow manages to accomplish all of the above. Our McAfee Labs team has found that the ransomware, which […]

The post Breaking Down the Rapidly Evolving GandCrab Ransomware appeared first on McAfee Blogs.

]]>
Most ransomware strains have the same commonalities – bitter ransom notes, payment demanded in cryptocurrency, and inventive names. A select few, however, can go undetected by a handful of antimalware products. Meet GandCrab ransomware, a strain that somehow manages to accomplish all of the above. Our McAfee Labs team has found that the ransomware, which first appeared in January, has been updating rapidly during its short lifespan, and now includes a handful of new features, including the ability to remain undetected by some antimalware products.

First and foremost, let’s break down how GandCrab gets its start. The stealthy strain manages to spread in a variety of ways. GandCrab can make its way to users’ devices via remote desktop connections with either weak security or bought in underground forums, phishing emails, legitimate programs that have been infected with the malware, specific exploits kits, botnets, and more.

GandCrab’s goal, just like other ransomware attacks, is to encrypt victims’ files and promise to release them for a fee paid in a form of cryptocurrency (often Dash or Bitcoin). It can also be sold across the dark web as ransomware-as-a-service, or RaaS, which allows wannabe cybercriminals to purchase the strain to conduct an attack of their own.

So, the next question is what can users do to defend against this tricky attack? Thankfully, McAfee gateway and endpoint customers are protected against the latest GandCrab versions but beyond using security software, there are a handful of other things you can do to ensure you’re protected from GandCrab ransomware. Start by following these tips:

  • Don’t pay the ransom. Many ransom notes seem convincing, and many only request small, seemingly doable amounts of money. Doesn’t matter – you still don’t pay. Paying does not promise you’ll get your information back, and many victims often don’t. So, no matter how desperate you are for your files, hold off on paying up.
  • Do a complete backupWith ransomware attacks locking away crucial data, you need to back up the data on all your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption toolsNo More Ransom – an initiative that teams up security firms, including McAfee, and law enforcement – provides tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain.

Want to learn more about ransomware and how to defend against it? Visit our What is Ransomware? page.

The post Breaking Down the Rapidly Evolving GandCrab Ransomware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/feed/ 0
The Dangers of Linking Your Apple ID to Financial Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/#respond Fri, 12 Oct 2018 21:40:07 +0000 https://securingtomorrow.mcafee.com/?p=92037

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers […]

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.

]]>

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers to monitor their accounts carefully, especially those who have linked their Apple IDs to Alipay accounts, WeChat Pay or their digital wallets and credit cards.

While Alipay works with Apple to figure out how this rare security breach happened and how hackers were able to hijack Apple IDs, they’re urging customers to lower their transaction limits to prevent any further losses while this investigation remains ongoing. Because Apple has yet to resolve this issue, any users who have linked their Apple IDs to payment methods including WeChat Pay — the popular digital wallet of WeChat which boasts over a billion users worldwide and can be used to pay for almost anything in China — remain vulnerable to theft. Apple also advises users to change their passwords immediately.

This security breach represents a large-scale example of a trend that continues to rise: the targeting of digital payment services by cybercriminals, who are capitalizing on the growing popularity of these services. Apple IDs represent an easy entry point of attack considering they connect Apple users to all the information, devices and products they care about. That interconnectivity of personal data is a veritable goldmine for cybercriminals if they get their hands on something like an Apple ID. With so much at stake for something as seemingly small as an Apple ID, it’s important for consumers to know how to safeguard their digital identifiers against potential financial theft. Here are some ways they can go about doing so:

  • Make a strong password. Your password is your first line of defense against attack, so you should make it as hard as possible for any potential cybercriminals to penetrate it. Including a combination of uppercase and lowercase letters, numbers, and symbols will help you craft a stronger, more complex password that’s difficult for cybercriminals to crack. Avoid easy to guess passwords like “1234” or “password” at all costs.
  • Change login information for different accounts. An easy trap is using the same email and password across a wide variety of accounts, including Apple IDs. To better protect your Apple ID, especially if it’s linked to your financial accounts, it’s best to create a wholly original and complex password for it.
  • Enable two-factor authentication. While Apple works on identifying how these hackers hijacked Apple IDs, do yourself a favor and add an extra layer of security to your account by enabling two-factor authentication. By having to provide two or more pieces of information to verify your identity before you can log into your account, you place yourself in a better position to avoid attacks.
  • Monitor your financial accounts. When linking credentials like Apple IDs to your financial accounts, it’s important to regularly check your online bank statements and credit card accounts for any suspicious activity or transactions. Most banks and credit cards offer free credit monitoring as well. You could also invest in an identity protection service, which will reimburse you in the case of identity fraud or financial theft.

Stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listening to our podcast Hackable?, and ‘Liking’ us on Facebook.

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/feed/ 0
As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/#respond Wed, 10 Oct 2018 19:22:25 +0000 https://securingtomorrow.mcafee.com/?p=91911 Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more […]

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

]]>
Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more than six million websites with malware scanners to arrive at this figure, noting that there was also a six percent decrease in websites being blacklisted over the previous year.

Many internet users rely on these search engines to flag malicious websites and protect them as they surf the web, but this decline in blacklisting sites is leaving many users just one click away from a potential attack. This disregard of a spam attack kit on search engine results for these infected sites can lead to serious disruption, including a sharp decline in customer trust. Internet users need to be more vigilant than ever now that search engines are dropping the ball on blacklisting infected sites, especially considering that total malware went up to an all-time high in Q2, representing the second highest attack vector from 2017-2018, according to the recent McAfee Labs Threats Report.

Another unsettling finding from the report was that incidents of cryptojacking have doubled in Q2 as well, with cybercriminals continuing to carry out both new and traditional malware attacks. Cryptojacking, the method of hijacking a browser to mine cryptocurrency, saw quite a sizable resurgence in late 2017 and has continued to be a looming threat ever since. McAfee’s Blockchain Threat Report discovered that almost 30,000 websites host the Coinhive code for mining cryptocurrency with or without a user’s consent—and that’s just from non-obfuscated sites.

And then, of course, there are just certain search terms that are more dangerous and leave you more vulnerable to malware than others. For all of you pop culture aficionados, be careful which celebrities you digitally dig up gossip around. For the twelfth year in a row, McAfee researched famous individuals to assess their online risk and which search results could expose people to malicious sites, with this year’s Most Dangerous Celebrity to search for being “Orange is the New Black’s” Ruby Rose.

So, how can internet users protect themselves when searching for the knowledge they crave online, especially considering many of the most popular search engines simply aren’t blacklisting as many bot malware infected sites as they should be? Keep these tips in mind:

  • Turn on safe search settings. Most browsers and search engines have a safe search setting that filters out any inappropriate or malicious content from showing up in search results. Other popular websites like iTunes and YouTube have a safety mode to further protect users from potential harm.
  • Update your browsers consistently. A crucial security rule of thumb is always updating your browsers whenever an update is available, as security patches are usually included with each new version. If you tend to forget to update your browser, an easy hack is to just turn on the automatic update feature.
  • Be vigilant of suspicious-looking sites. It can be challenging to successfully identify malicious sites when you’re using search engines but trusting your gut when something doesn’t look right to you is a great way of playing it safe.
  • Check a website’s safety rating. There are online search tools available that will analyze a given URL in order to ascertain whether it’s a genuinely safe site to browse or a potentially malicious one infected with bot malware and other threats.
  • Browse with security protection. Utilizing solutions like McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, or McAfee Total Protection, a comprehensive security solution that protects devices against malware and other threats, will safeguard you without impacting your browsing performance or experience.

To keep abreast of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/feed/ 0
How To Spot Tech Support Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/#respond Wed, 10 Oct 2018 18:49:25 +0000 https://securingtomorrow.mcafee.com/?p=89474  When something goes wrong with your computer or devices, it can cause a panic. After all, most of us depend on technology not only to work and connect with others, but also to stay on top of our daily lives. That’s why tech support scams are often successful. They appear to offer help when […]

The post How To Spot Tech Support Scams appeared first on McAfee Blogs.

]]>

When something goes wrong with your computer or devices, it can cause a panic. After all, most of us depend on technology not only to work and connect with others, but also to stay on top of our daily lives. That’s why tech support scams are often successful. They appear to offer help when we need it the most. But falling for these scams can put your devices, data, and money at even greater risk.

Although support scams have been around almost as long as the internet, these threats have increased dramatically over the last couple of years, proving to be a reliable way for scammers to make a quick buck.

In fact, the Internet Crime Complaint Center (IC3) said that it received nearly 11,000 tech support related complaints in 2017, leading to losses of $15 million, 90% higher than the losses reported in 2016. Microsoft alone saw a 24% increase in tech scams reported by customers in 2017 over the previous year, with 15% of victims saying they lost money.

Often, scammers convince users that there is a problem with their computer or device by delivering pop-up error messages. These messages encourage the user to “click” to troubleshoot the problem, which can download a piece of malware onto their machine, or prompt them to buy fake security software to fix the issue. In some cases, users wind up downloading ransomware, or paying $200 to $400 for fake software to fix problems they didn’t actually have.

And, in a growing number of instances, scammers pose as legitimate technology companies, offering phony support for real tech issues. Some even promote software installation and activation for a fee, when the service is actually provided for free from the software provider. They do this by posting webpages or paid search results using the names of well-known tech companies. When a user searches for tech help, these phony services can appear at the top of the search results, tricking people into thinking they are the real deal.

Some cybercriminals have even gone so far as to advertise fake services on legitimate online forums, pretending to be real tech companies such as Apple, McAfee, and Amazon. Since forum pages are treated as quality content by search engines, these phony listings rank high in search results, confusing users who are looking for help.

The deception isn’t just online. More and more computer users report phone calls from cybercrooks pretending to be technology providers, warning them about problems with their accounts, and offering to help resolve the issue for a fee. Or worse, the scammer requests access to the victim’s computer to “fix the problem”, with the hopes of grabbing valuable data, such as passwords and identity information. All of these scams leave users vulnerable.

Here’s how to avoid support scams to keep your devices and data safe:

  • If you need help, go straight to the source—Type the address of the company you want to reach directly into the address bar of your browser—not the search bar, which can pull up phony results. If you have recently purchased software and need help, check the packaging the software came in for the correct web address or customer support line. If you are a McAfee customer, you can always reach us at https://service.mcafee.com.
  • Be suspicious—Before you pay for tech support, do your homework. Research the company by looking for other customer’s reviews. Also, check to see if your technology provider already offers the support you need for free.
  • Be wary of callers asking for personal information, especially if they reach out to you first—Situations like this happen all the time, even to institutions like the IRS. McAfee’s own policy is to answer support questions via our website only, and if users need assistance, they should reach out here directly. Never respond to unsolicited phone calls or pop-up messages, warning you about a technical issue, and never let anyone take over your computer or device remotely.
  • Surf Safe—Sometimes it can be hard to determine if search results are safe to click on, or not. Consider using a browser extension that can warn you about suspicious sites right in your search results, and help protect you even if you click on a dangerous link.
  • Keep informed—Stay up-to-date on the latest tech support scams so you know what to watch out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Spot Tech Support Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/feed/ 0
Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/#respond Fri, 05 Oct 2018 18:09:14 +0000 https://securingtomorrow.mcafee.com/?p=91811 Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee […]

The post Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ appeared first on McAfee Blogs.

]]>
Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee Labs Threats Report: September 2018, which features digital assistants, cryptocurrencies, and cybercriminal gangs up to no good. Overall, it’s been an eventful quarter.

So, what are the key takeaways for you? Notably, our team has continued to track a downward trend in new malware attacks for the second successive quarter. Good news on the surface, but that trend may not be indicative of much; as we also saw a spike in new malware in Q4 2017. We’ll continue to watch this into next year. Significantly, we found that a good portion of net new malware is designed for mobile, which increased 27 percent over the previous quarter. In addition, here’s a look at the other trending stories we uncovered.

Digital Assistants

Digital assistants are advanced programs that we can converse with to research, act on our behalf and overall help make our digital lives more comfortable. Siri, Bixby and Google Assistant are few. But one digital assistant, Microsoft’s Cortana, is a little too helpful. The good news, Microsoft quickly rolled out a fix for this vulnerability to protect your Windows 10 computer. Be sure your software is up to date.

Cryptocurrency

The second story involves cryptocurrencies. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain. Blockchains, by their nature, are relatively secure. But an account that is connected to a blockchain — usually, in this case, associated with a cryptocurrency — is not. And that’s where cybercriminals are focusing their efforts, with coin miner malware up 86% in Q2 2018.

Our report found cybercriminals are chasing after access to cryptocurrencies and they’re doing so using familiar tactics. For example, phishing attacks — where cybercriminals pose as someone else online — are popular tools to take over a cryptocurrency-related account. Malicious programs are also deployed to collect passwords and other information related to an account before stealing virtual currency. You can read more about blockchain and cryptocurrency vulnerabilities here. 

Malicious Apps

Finally, the McAfee Mobile Research team found a collection of malicious applications facilitating a scam in the Google Play store. The apps in question siphon money from unwary users through billing-fraud. Billing-fraud collects money from victims for “using” a “premium” service, such as sending texts to a particular number.

In this case, the cybercriminal ring known as the AsiaHitGroup Gang attempted to charge at least 20,000 victims for downloading fake or copied versions of popular applications. To increase its potential, AsiaHitGroup Gang is using geolocation to target vulnerable populations.

So, what can you do to stay safe in the face of these threats? Here are three quick tips:

  • Limit device access. If you can, limit the ability and access a digital assistant has to your device. Often, you can adjust where and how an assistant is activated through your settings. Otherwise, update your software regularly, as many updates contain security fixes.
  • Create strong passwords. If you’re participating in the cryptocurrency market, then make sure you use strong, robust passwords to protect your accounts. This means using upper case, lower case, symbols and numbers for passwords that are 12 characters long. Afraid you might forget the key to your account? Consider using a password manager.
  • Be careful what you download. Always do some light research on the developer of a mobile application. If the information is hard to come across or absent, consider using an alternative program. Additionally, never download mobile applications from third-party app stores. Genuine stores, like Google Play and Apple’s App Store, should provide you with what you need.

And, of course, stay informed. To keep atop of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/feed/ 0
McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/#respond Tue, 02 Oct 2018 04:01:15 +0000 https://securingtomorrow.mcafee.com/?p=91701 Every rose has its thorn, right? Apparently, the same goes for actress Ruby Rose, as her newfound popularity from “Orange is the New Black” has made her both famous, and maybe even dangerous. At least when it comes to online interactions. You heard correctly, the newly announced Batwoman has also been crowned McAfee’s Most Dangerous […]

The post McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage appeared first on McAfee Blogs.

]]>
Every rose has its thorn, right? Apparently, the same goes for actress Ruby Rose, as her newfound popularity from “Orange is the New Black” has made her both famous, and maybe even dangerous. At least when it comes to online interactions. You heard correctly, the newly announced Batwoman has also been crowned McAfee’s Most Dangerous Celebrity this year. For the twelfth year in a row, McAfee researched famous individuals to reveal the riskiest celebrity to search for online, or, which search results could expose fans to malicious sites. Ruby Rose took home the top spot in 2018, but curious about who the runner-ups are? Here’s the full list:

Recent popular reality and sitcom shows have driven some stars (Kristin Cavallari, Debra Messing, Kourtney Kardashian) to the top of our list. Which is one of the few reasons this list is so different than last year’s. Unlike 2017’s list of Most Dangerous Celebrities, musicians ranked low on this year’s list. Adele was the highest ranked musician at No. 21 followed by Shakira (No. 27), 2017’s top celebrity Avril Lavigne (No. 30), and Lady Gaga (No. 35).

So, whether you’re looking up what Ruby did on the latest “Orange is the New Black” episode, or what Kristin Cavallari wore the latest awards show, make sure you’re searching the internet safely. To keep your internet activity secure and danger-free, follow these tips:

  • Be careful what you click. Users looking for a sneak-peek of the CW series, Batwoman starring Ruby Rose should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
  • Apply system and application updates as soon as they are available. Very often the operating system and application updates include security fixes. Applying updates is an important step to help ensure devices stay protected.
  • Browse with security protection. McAfee Total Protection is a comprehensive security solution that can help keep devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can help protect against going to malicious websites.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/feed/ 0
Facebook Announces Security Flaw Found in “View As” Feature https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/#respond Fri, 28 Sep 2018 19:43:57 +0000 https://securingtomorrow.mcafee.com/?p=91683 Another day, another Facebook story. In May, a Facebook Messenger malware named FacexWorm was utilized by cybercriminals to steal user passwords and mine for cryptocurrency. Later that same month, the personal data of 3 million users was exposed by an app on the platform dubbed myPersonality. And in June, millions of the social network’s users […]

The post Facebook Announces Security Flaw Found in “View As” Feature appeared first on McAfee Blogs.

]]>
Another day, another Facebook story. In May, a Facebook Messenger malware named FacexWorm was utilized by cybercriminals to steal user passwords and mine for cryptocurrency. Later that same month, the personal data of 3 million users was exposed by an app on the platform dubbed myPersonality. And in June, millions of the social network’s users may have unwittingly shared private posts publicly due to another new bug. Which brings us to today. Just announced this morning, Facebook revealed they are dealing with yet another security breach, this time involving the “View As” feature.

Facebook users have the ability to view their profiles from another user’s perspective, which is called “View As.” This very feature was found to have a security flaw that has impacted approximately 50 million user accounts, as cybercriminals have exploited this vulnerability to steal Facebook users’ access tokens. Access tokens are digital keys that keep users logged in, and they permit users to bypass the need to enter a password every time. Essentially, this flaw helps cybercriminals take over users’ accounts.

While the access tokens of 50 million accounts were taken, Facebook still doesn’t know if any personal information was gathered or misused from the affected accounts. However, they do suspect that everyone who used the “View As” feature in the last year will have to log back into Facebook, as well as any apps that used a Facebook login. An estimated 90 million Facebook users will have to log back in.

As of now, this story is still developing, as Facebook is still investigating further into this issue. Now, the question is — if you’re an impacted Facebook user, what should you do to stay secure? Start by following these tips:

  • Change your account login information. Since this flaw logged users out, it’s vital you change up your login information. Be sure to make your next password strong and complex, so it will be difficult for cybercriminals to crack. It also might be a good idea to turn on two-factor authentication.
  • Update, update, update. No matter the application, it can’t be stressed enough how important it is to always update an app as soon as an update is available, as fixes are usually included with each version. Facebook has already issued a fix to this vulnerability, so make sure you update immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Announces Security Flaw Found in “View As” Feature appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/feed/ 0
Netflix Users: Don’t Get Hooked by This Tricky Phishing Email https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/#respond Tue, 25 Sep 2018 22:25:54 +0000 https://securingtomorrow.mcafee.com/?p=91938 If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last […]

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last week, fake Netflix emails have been circulating claiming there are issues with users’ accounts. But of course, there is no issue at all – only a phishing scam underway.

The headline in itself should be the first indicator of fraud, as it reads “Update your payment information!” The body of the fake email then claims that there’s an issue with a user’s account or that their account has been suspended. The email states that they need to update their account details in order to resolve the problem, but the link actually leads victims to a genuine-looking Netflix website designed to steal usernames and passwords, as well as payment details. If the victim updates their financial information, they are actually taken to the real Netflix home page, which gives this trick a sense of legitimacy.

In short – this phishing email scheme is convincing and tricky. That means it’s crucial all Netflix users take proactive steps now to protect themselves this stealthy attack. To do just that, follow these tips:

  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Go directly to the source. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal. You should be able to check their account status on the Netflix website, and determine the legitimacy of the request from there. If there’s still anything in question, feel free to call their support line and check about the notice that way as well.
  • Place a fraud alert. If you know your financial data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "8b4876aa-14b9-441d-a8b7-d62cc6a9e821",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1612609358087423-cropped.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1612609358087423-cropped.jpg",
"pubDate": "Tue 25 Sept 2018 12:35:48 +0000"
}
}

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/feed/ 0
Netflix Users: Don’t Get Hooked by This Tricky Phishing Email https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/#comments Tue, 25 Sep 2018 19:35:25 +0000 https://securingtomorrow.mcafee.com/?p=91643 If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last […]

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last week, fake Netflix emails have been circulating claiming there are issues with users’ accounts. But of course, there is no issue at all – only a phishing scam underway.

The headline in itself should be the first indicator of fraud, as it reads “Update your payment information!” The body of the fake email then claims that there’s an issue with a user’s account or that their account has been suspended. The email states that they need to update their account details in order to resolve the problem, but the link actually leads victims to a genuine-looking Netflix website designed to steal usernames and passwords, as well as payment details. If the victim updates their financial information, they are actually taken to the real Netflix home page, which gives this trick a sense of legitimacy.

In short – this phishing email scheme is convincing and tricky. That means it’s crucial all Netflix users take proactive steps now to protect themselves this stealthy attack. To do just that, follow these tips:

  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Go directly to the source. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal. You should be able to check their account status on the Netflix website, and determine the legitimacy of the request from there. If there’s still anything in question, feel free to call their support line and check about the notice that way as well.
  • Place a fraud alert. If you know your financial data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/feed/ 3
5 Ways to Protect Your Finances Online https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/#respond Mon, 24 Sep 2018 23:20:24 +0000 https://securingtomorrow.mcafee.com/?p=91945 Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security. This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. […]

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security.

This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. Regulations simply haven’t kept up, leaving security concerns up to the individual providers, and the consumers who use them.

To deal with issues like protecting customers’ data, privacy, and transactions, today’s fintech companies often use a patchwork of security software and tools. A recent survey found that many major financial service providers use between 100 and 200 disparate security solutions[1]. And these solutions rarely share threat intelligence. This can leave security teams overwhelmed, and customer information more vulnerable to data leaks and hacking.

In fact, research released earlier this year revealed that hackers are using “hidden tunnels” in the infrastructure used to transmit data between financial applications to conceal theft. This means that breaches could go weeks or months without detection, all while customer information is exposed.

Underscoring the problem, the financial services industry was recently named the most targeted sector for cyber attacks for the second year in a row. And, cyber attacks reported to the Financial Conduct Authority grew 80% in the last year.

This isn’t hard to believe given that last year seven of the U.K.’s largest banks, including Santander and HSBC, were forced to reduce operations or shut down systems all together after they were targeted in a coordinated denial of service (DoS) attack aimed at flooding servers with traffic.

Even though new regulations, like the European Union’s General Data Protection Regulation, are aimed at helping companies reduce security risks, and even fine them for privacy violations, there are still challenges when it comes to finding integrated solutions.

This means consumers have to be vigilant when it comes to protecting their money and information.

Here are 5 tips to protect your online finances:

  • Monitor your financial accounts & credit report—Regularly check your online bank statements and credit card accounts for any suspicious transactions.You’ll also want to review your credit scores once a quarter to make sure that no new accounts were opened in your name, without your permission. Check to see if your bank or credit card company offers free credit monitoring. You might also consider investing in an identity protection service, since these often include credit monitoring and will even reimburse you in the case of identity fraud or theft.
  • Use multi-layered security and alerts—Take advantage of advanced security tools if your providers offer them, such as multi-factor authentication. (Multi-factor means you provide two or more pieces of information to verify your identity before you can login to your account, such as typing a password and responding to a text message sent to your smartphone.)Also, many companies now offer free text or email alerts when a new charge is made, or when a change is made to any account information. Sign up for these to help monitor your accounts.
  • Do your homework—Before using a new financial service, make sure to research the Read other user’s reviews, and look into whether the company uses tools like encryption and multi-factor authentication to safeguard your data.
  • Don’t give away too much personal information—When we quickly sign up for accounts, sharing bank or identity information, we make it easy for the bad guys. Only share information that is absolutely necessary for the service you want to use.
  • Use comprehensive security—Just as fintech companies need to do their part, you have to do your part by using comprehensive security software.Make sure that all of your computers and devices are protected, including IoT devices. You may also want to look into new solutions that provide security at the network level.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1] Closing the Cybersecurity Gaps in Financial Services, a global survey from Ovum and sponsored by McAfee


{
"metadata": {
"id": "ba7ae803-1722-4e9f-98e7-8471653df0f5",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1613982001459115.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1613982001459115.jpg",
"pubDate": "Mon 24 Sept 2018 12:35:48 +0000"
}
}

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/feed/ 0
5 Ways to Protect Your Finances Online https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/#respond Mon, 24 Sep 2018 16:00:06 +0000 https://securingtomorrow.mcafee.com/?p=91578 Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security. This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. […]

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security.

This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. Regulations simply haven’t kept up, leaving security concerns up to the individual providers, and the consumers who use them.

To deal with issues like protecting customers’ data, privacy, and transactions, today’s fintech companies often use a patchwork of security software and tools. A recent survey found that many major financial service providers use between 100 and 200 disparate security solutions[1]. And these solutions rarely share threat intelligence. This can leave security teams overwhelmed, and customer information more vulnerable to data leaks and hacking.

In fact, research released earlier this year revealed that hackers are using “hidden tunnels” in the infrastructure used to transmit data between financial applications to conceal theft. This means that breaches could go weeks or months without detection, all while customer information is exposed.

Underscoring the problem, the financial services industry was recently named the most targeted sector for cyber attacks for the second year in a row. And, cyber attacks reported to the Financial Conduct Authority grew 80% in the last year.

This isn’t hard to believe given that last year seven of the U.K.’s largest banks, including Santander and HSBC, were forced to reduce operations or shut down systems all together after they were targeted in a coordinated denial of service (DoS) attack aimed at flooding servers with traffic.

Even though new regulations, like the European Union’s General Data Protection Regulation, are aimed at helping companies reduce security risks, and even fine them for privacy violations, there are still challenges when it comes to finding integrated solutions.

This means consumers have to be vigilant when it comes to protecting their money and information.

Here are 5 tips to protect your online finances:

  • Monitor your financial accounts & credit report—Regularly check your online bank statements and credit card accounts for any suspicious transactions.

    You’ll also want to review your credit scores once a quarter to make sure that no new accounts were opened in your name, without your permission. Check to see if your bank or credit card company offers free credit monitoring. You might also consider investing in an identity protection service, since these often include credit monitoring and will even reimburse you in the case of identity fraud or theft.

  • Use multi-layered security and alerts—Take advantage of advanced security tools if your providers offer them, such as multi-factor authentication. (Multi-factor means you provide two or more pieces of information to verify your identity before you can login to your account, such as typing a password and responding to a text message sent to your smartphone.)

    Also, many companies now offer free text or email alerts when a new charge is made, or when a change is made to any account information. Sign up for these to help monitor your accounts.

  • Do your homework—Before using a new financial service, make sure to research the Read other user’s reviews, and look into whether the company uses tools like encryption and multi-factor authentication to safeguard your data.
  • Don’t give away too much personal information—When we quickly sign up for accounts, sharing bank or identity information, we make it easy for the bad guys. Only share information that is absolutely necessary for the service you want to use.

  • Use comprehensive security—Just as fintech companies need to do their part, you have to do your part by using comprehensive security software.

    Make sure that all of your computers and devices are protected, including IoT devices. You may also want to look into new solutions that provide security at the network level.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1] Closing the Cybersecurity Gaps in Financial Services, a global survey from Ovum and sponsored by McAfee

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/feed/ 0
Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/#respond Tue, 18 Sep 2018 04:01:08 +0000 https://securingtomorrow.mcafee.com/?p=91553 We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all […]

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all now have ransomware campaigns named after them. But just how effective are these politically-themed threats and how do they impact users? Let’s break it down.

Just recently identified, the Obama ransomware campaign is a bit non-traditional in its approach. The threat only targets specific files on a user’s computer and actually attempts to stop some anti-malware products from doing their job. What’s more – the malware also uses a victim’s device to mine for cryptocurrency. Said to be created by the same cybercriminal group behind the Obama ransomware, the Trump ransomware variant is similar in its capabilities to the Obama variant, but is not nearly as developed.

Now, the ransomware campaign named after German leader Angela Merkel encrypts files using an extension dubbed .angelamerkel. It also demands Euros when making its ransom demand, so it stays pretty true to theme.

In short, all these ransomware campaigns are unique in their capabilities and objectives, similar to the politicians they are named for. Now, with all these strains out in the wild, what are the next steps for users wishing to stay protected from a ransomware attack? Start by following these tips:

  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

Want to learn more about Ransomware and how to defend against it? Visit our dedicated ransomware page.

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/feed/ 0
Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/#respond Mon, 17 Sep 2018 23:42:31 +0000 https://securingtomorrow.mcafee.com/?p=91961 We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all […]

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all now have ransomware campaigns named after them. But just how effective are these politically-themed threats and how do they impact users? Let’s break it down.

Just recently identified, the Obama ransomware campaign is a bit non-traditional in its approach. The threat only targets specific files on a user’s computer and actually attempts to stop some anti-malware products from doing their job. What’s more – the malware also uses a victim’s device to mine for cryptocurrency. Said to be created by the same cybercriminal group behind the Obama ransomware, the Trump ransomware variant is similar in its capabilities to the Obama variant, but is not nearly as developed.

Now, the ransomware campaign named after German leader Angela Merkel encrypts files using an extension dubbed .angelamerkel. It also demands Euros when making its ransom demand, so it stays pretty true to theme.

In short, all these ransomware campaigns are unique in their capabilities and objectives, similar to the politicians they are named for. Now, with all these strains out in the wild, what are the next steps for users wishing to stay protected from a ransomware attack? Start by following these tips:

  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "11f9b5ff-5988-404c-80ad-ccf1bea47810",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611908913354303-small.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611908913354303-small.jpg",
"pubDate": "Mon 17 Sept 2018 12:35:48 +0000"
}
}

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/feed/ 0
Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/#respond Fri, 14 Sep 2018 00:14:09 +0000 https://securingtomorrow.mcafee.com/?p=91970 A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. […]

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. And now, this exact scenario has come to life, as news emerged this week about a flaw in both Safari and Microsoft’s Edge browser that could expose users to a cyberattack.

You know how when you type in a URL into your web browser, it can often take a few seconds to load? This flaw relies on exactly that. While a safe URL is loading, a cybercriminal could actually edit and update the address bar and redirect users to a potentially malicious website. Essentially, a hacker could send a user to an attack site of their choosing and make the user believe they’re still accessing a safe site.

Of course, the security researcher who discovered the vulnerability informed both Microsoft and Apple and waited 90 days until publishing his report about the flaw. As of now, Microsoft has issued a fix, but Apple has not.

So, what can internet users do next to ensure they don’t fall victim to a cyberattack that leverages this flaw? Start by following these tips

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a user’s computer. Now that this vulnerability has been disclosed, it’s important that you keep a close eye on your computer until you apply any necessary updates.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Microsoft’s patch is already available, and the Apple patch is hopefully on the way. If you tend to forget to update your browser, a simple trick is just turning on automatic update.
  • Remain alert of malicious sites. It can be challenging to successfully identify malicious sites when you’re on them, especially with a flaw such as this one out there. That’s why you should utilize a solution such as McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, without impacting your browsing performance or experience.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "fc4bf199-a260-4372-942d-dbb74750bf68",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611519512177491-small.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611519512177491-small.jpg",
"pubDate": "Wed 10 Oct 2018 12:35:48 +0000"
}
}

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/feed/ 0
Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/#respond Thu, 13 Sep 2018 18:49:47 +0000 https://securingtomorrow.mcafee.com/?p=91483 A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. […]

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. And now, this exact scenario has come to life, as news emerged this week about a flaw in both Safari and Microsoft’s Edge browser that could expose users to a cyberattack.

You know how when you type in a URL into your web browser, it can often take a few seconds to load? This flaw relies on exactly that. While a safe URL is loading, a cybercriminal could actually edit and update the address bar and redirect users to a potentially malicious website. Essentially, a hacker could send a user to an attack site of their choosing and make the user believe they’re still accessing a safe site.

Of course, the security researcher who discovered the vulnerability informed both Microsoft and Apple and waited 90 days until publishing his report about the flaw. As of now, Microsoft has issued a fix, but Apple has not.

So, what can internet users do next to ensure they don’t fall victim to a cyberattack that leverages this flaw? Start by following these tips

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a user’s computer. Now that this vulnerability has been disclosed, it’s important that you keep a close eye on your computer until you apply any necessary updates.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Microsoft’s patch is already available, and the Apple patch is hopefully on the way. If you tend to forget to update your browser, a simple trick is just turning on automatic update.
  • Remain alert of malicious sites. It can be challenging to successfully identify malicious sites when you’re on them, especially with a flaw such as this one out there. That’s why you should utilize a solution such as McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, without impacting your browsing performance or experience.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/feed/ 0
A Look Back at the Equifax Data Breach, One Year Later https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/#respond Tue, 04 Sep 2018 22:00:23 +0000 https://securingtomorrow.mcafee.com/?p=91417 WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take […]

The post A Look Back at the Equifax Data Breach, One Year Later appeared first on McAfee Blogs.

]]>
WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take a look back on the impact of the Equifax data breach, what it all means for consumers, and the current state of identity theft.

Equifax reported that the breach exposed as many as 147.9 million consumer accounts, potentially compromising information such as names, dates of birth, addresses, and Social Security numbers.

To its credit, Equifax launched a program to alert potentially affected consumers that their data may have been exposed, and offered a free year subscription to its credit monitoring service, TrustID.

Unfortunately, identity theft breaches are not an uncommon occurrence. Such incidents are up 44% overall with 1,579 reports last year, and there are likely even more that went unreported. Exposed records due to data breaches are up 389%. Roughly 179 million records have been stolen, with 14.2 million credit card numbers exposed in 2017, an 88% increase over 2016. What’s more, 158 million Social Security numbers were exposed last year, an increase of more than 8 times from 2016. And all this theft has added up – consumers reported $905 million in total fraud losses last year, a 21% increase. So, it only makes sense that identity theft ranked as roughly 14% of all consumer complaints to the FTC last year.

However, despite all the publicity about major data breaches, consumers have done very little or have changed very little largely due to optimism bias. In fact, a recent McAfee survey shows that despite increased consumer concerns, only 37% of individuals use an identity theft protection solution and 28% have no plans to sign up for an ID theft protection solution.

So now the next question is, what should consumers do to protect themselves against identity theft? Start by following these tips:

  • Place a fraud alert. If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post A Look Back at the Equifax Data Breach, One Year Later appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/feed/ 0
The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/#respond Fri, 31 Aug 2018 16:44:53 +0000 https://securingtomorrow.mcafee.com/?p=91320 When we think about credit cards, we usually think of our own – what we use them for, how our credit is doing, and most importantly, that they remain in our hands and not in that of a cybercriminal. But something many parents forget – the cyberthreats that could potentially impact our financial information could […]

The post The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know appeared first on McAfee Blogs.

]]>
When we think about credit cards, we usually think of our own – what we use them for, how our credit is doing, and most importantly, that they remain in our hands and not in that of a cybercriminal. But something many parents forget – the cyberthreats that could potentially impact our financial information could very well impact our children’s, given they have credit cards of their own. As a matter of fact, there’s a new law that helps parents with exactly that – protecting their kids’ credit, amongst a few other things. It’s called the Economic Growth, Regulatory Relief and Consumer Protection Act, and it takes effect on September 21st of this year.

So, what does this law mean for parents and their kids? With this law, free credit freezes will be available for anyone – including children under the age of 16 – in the country (currently, there may be fees depending on state laws). That way, if a cybercriminal tries to open up an account with a minor’s information, the impacted family can freeze that account immediately. Additionally, it will extend fraud alerts from 90 days to a full year.

As a result of this law, Equifax, Experian, and TransUnion will each set up a web page for requesting fraud alerts and credit freezes. The FTC will also post links to those web pages on IdentityTheft.gov.

So, with this law coming into effect in no time, what next steps should parents take to reap its benefits? Start by following these tips:

  • Find out if your child has a credit report. First and foremost, head here and go to the ‘Child Identity Theft’ section. It will have instructions on how to find out if your child has a credit report. Most young children shouldn’t have credit files, but if they do, the page includes contact information for credit agencies and advice on how to freeze credit.
  • Keep the record of freezes in a safe place. If you do have to freeze a credit report, keep the records stored in a safe place. Make sure your family can find it when needed, and a crook can’t access it.
  • Invest in an identity theft monitoring and recovery solution. The best way to protect you or a family member from identity theft is by being proactive. That’s precisely why you should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/feed/ 0
Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/#respond Wed, 29 Aug 2018 16:44:05 +0000 https://securingtomorrow.mcafee.com/?p=91295 Back in June, Fortnite fans, hopeful for an Android version of the game, were teased with fake apps, which were in turn part of a cybercriminal’s scheme. Fast forward to present day, and their prayers have been answered, as a real Android version of the popular game has been released. However, a recently revealed flaw […]

The post Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability appeared first on McAfee Blogs.

]]>
Back in June, Fortnite fans, hopeful for an Android version of the game, were teased with fake apps, which were in turn part of a cybercriminal’s scheme. Fast forward to present day, and their prayers have been answered, as a real Android version of the popular game has been released. However, a recently revealed flaw in the app is raining on their parade, as Google security researchers have revealed this week that the Fortnite Android app is vulnerable to man-in-the-disk (MitD) attacks.

For some context, a man-in-the-disk (MitD) attack is rooted in an app’s ability to use ‘External Storage,’ which is one of the two types of data storage methods supported by the Android OS. With this attack, a cybercriminal can watch a particular app’s External Storage space and tamper with the data stored in this storage space since its shared by all apps.

Now, you may be wondering how does this work with this new Fortnite Android app vulnerability? This recently disclosed vulnerability allows for malicious apps (that are already installed on a user’s phone) to hijack the Fortnite app’s installation process and download other malicious apps. This means a hacker could essentially install any nasty software they wanted on to a victim’s phone. And according to recent McAfee research, this is precisely what some parents fear when their children game online. In fact, 52% worry about cybercriminals hacking gaming accounts.

Fortunately, Epic Games is already on the case. The major video game company has already released version 2.1.0 of this application, which patches this vulnerability. However, Fortnite users must still take a few important security steps of their own in order to protect themselves from this attack. If you’re a Fortnite gamer, be sure to follow these tips:

  • Update, update, update. No matter the application, it can’t be stressed enough how important it is to always update your app as soon as an update is available. Patches (like the one released by Epic Games) are typically included with every update.
  • Clean house. Given this hack relies on preexisting malicious apps a victim’s phone, do your due diligence and clean up the applications on your device. This means deleting any old apps you don’t use, or ones that you may have downloaded from outside an official app store. If you’re unsure if an application is secure or not, do some research – conduct a quick google search or scan through the app’s review section on an app store and see if it has had any issues with security.
  • Use a mobile security solution. As app vulnerabilities such as this one continue to impact mobile users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/feed/ 0
Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/#respond Wed, 22 Aug 2018 04:01:46 +0000 https://securingtomorrow.mcafee.com/?p=91030 If you use social media, you love posting pictures of your life and all the people in it. More often than not, those people in your posts are your family. In fact, social media has become a way many parents show their pride and document their children as they grow and move through life. In […]

The post Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey appeared first on McAfee Blogs.

]]>
If you use social media, you love posting pictures of your life and all the people in it. More often than not, those people in your posts are your family. In fact, social media has become a way many parents show their pride and document their children as they grow and move through life. In fact, 30% of parents report posting a photo of their child(ren) to social media at least once per day. To find out if parents actually get permission from their kids to post this content, and how that posting affects children’s privacy, we chatted with 1,000 parents of children ages 1 month to 16 years old in the U.S. and conducted what we call our Age of Consent survey*. Let’s take a look at the findings.

As it turns out, most parents (58%) do not ask for permission from their children before posting images of them on social media. Of those parents who do not ask for permission, 22% think that their child is too young to provide permission, and another 19% claim that it’s their own choice, not their child’s choice.

However, almost three quarters (71%) of parents agree that the images they share online could end up in the wrong hands. According to these parents, the biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%). Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

And yet, despite understanding the risks associated with sharing photos and videos online, most of these parents still post all the same. This begs that question – why aren’t these parents taking action to protect their family’s online security? The good news is they can start right now, by following these security tips:

  • Think before you post. Before posting a picture on social media, ensure that there is nothing in the photo that could be used as an identifier like birthdates, visible home addresses, school uniforms, financial details or passwords in the photo. Parents should ask themselves if this is a photo that they would be ok with a stranger seeing. 
  • Watch out for geotagging. Many social networks will tag a user’s location when a photo is uploaded. Parents should ensure this feature is turned off so as not to give away their current location. This is especially important when posting photos away from home.
  • Lock down privacy settings. Parents should make sure to only share photos and other social media posts with their intended audience. Services like Facebook and Instagram have features that allow you to share posts with only the people you are connected to/friends with.
  • Set ground rules with friends and family. Be clear with friends and family about guidelines when posting about your children. These rules can help avoid unwanted situations where a family member has shared photos without explicit permission.
  • Use an identity theft protection service. As the number of reported data breaches continue to rise, so too does the possibility of identity theft. An identity theft protection solution like McAfee Identity Theft Protection can help consumers proactively protect their identity and keep their personal information secured from misuse.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

*Survey Methodology: McAfee commissioned OnePoll to conduct a survey of 1,000 parents of children ages 1 month to 16 years old in the U.S.

The post Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/feed/ 0
McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/#respond Tue, 21 Aug 2018 13:01:43 +0000 https://securingtomorrow.mcafee.com/?p=91083 From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family, but their poor security standards also make them conveniently flawed for someone else: cybercriminals. As a matter of fact, our McAfee Labs […]

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>
From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family, but their poor security standards also make them conveniently flawed for someone else: cybercriminals. As a matter of fact, our McAfee Labs Advanced Threat Research team has uncovered a flaw in one of these IoT devices: the Wemo Insight Smart Plug, which is a Wi-Fi–connected electric outlet.

Once our research team figured out how exactly the device was vulnerable, they leveraged the flaw to test out a few types of cyberattacks. The team soon discovered an attacker could leverage this vulnerability to turn off or overload the switch. What’s more – this smart plug, like many vulnerable IoT devices, creates a gateway for potential hackers to compromise an entire home Wi-Fi network. In fact, using the Wemo as a sort of “middleman,” our team leveraged this open hole in the network to power a smart TV on and off.

Now, our researchers have already reported this vulnerability to Belkin on May 21st. However, regardless if you’re a Wemo user or not, it’s still important you take proactive security steps to safeguard all your IoT devices. Start by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away. If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Keep your firmware up-to-date. Manufacturers often release software updates to protect against these potential vulnerabilities. Set your device to auto-update, if you can, so you always have the latest software. Otherwise, just remember to consistently update your firmware whenever an update is available.
  • Secure your home’s internet at the source. These smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/feed/ 0
Access Denied! New Instagram Hack Kicks Users Out of Their Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/#respond Wed, 15 Aug 2018 16:12:15 +0000 https://securingtomorrow.mcafee.com/?p=90958 Instagram is undoubtedly one of, if not the most popular social media platform among users today. Everyone from celebrities to young teens use it to post images of their day-to-day lives. And now, according to Mashable, hundreds of these users have reported having their Instagram accounts hacked. The attack logs them out of their account […]

The post Access Denied! New Instagram Hack Kicks Users Out of Their Accounts appeared first on McAfee Blogs.

]]>
Instagram is undoubtedly one of, if not the most popular social media platform among users today. Everyone from celebrities to young teens use it to post images of their day-to-day lives. And now, according to Mashable, hundreds of these users have reported having their Instagram accounts hacked. The attack logs them out of their account and changes their personal details on the platform.

This hack started popping up in early August when users began to report all the same issues with their account — they’re suddenly logged out, their handles and profile pictures are changed (usually to a Disney or Pixar character), and their bios are deleted. When these social media fans try to reset their password, they find that the account has been linked to a new email address with a Russian domain and a random phone number has been associated with the account.

This makes it particularly difficult for users to gain control over their accounts, as Instagram’s support messages now go to the new email address. However, beyond locking these people out of their accounts, the hackers haven’t done any other damage, such as deleting old photos or posting any new ones.

From tweeting at Instagram’s official Twitter account to just starting a brand-new account – these unlucky Instagram users are now taking whatever next steps they can to get back on their favorite social media platform. However, there’s still more to be done. To ensure both their online social media activity and personal information remain secure from this attack, these users should follow these security tips:

  • Enable two-factor authentication. Though it’s not known yet how these hackers were able to get inside of these accounts, make note you can always add some extra armor on your online accounts by enabling two-factor authentication. Now, two-factor authentication cannot be treated as the be-all and end-all when it comes to your online security, but it does help. Just by adding the extra layer of security, you’ll put yourself in a better position to avoid attacks such as this one.
  • Change up your login information to other accounts. Some people have a bad habit of using the same password and email combination across multiple accounts. If this is the case for the account login information you use for Instagram, it’s best to go ahead and mix up the login information on any other account that uses either the same email or password.
  • Make your passwords strong. When you’re making your new passwords, make sure they’re strong and difficult to guess in the chance cybercriminals try to come after additional accounts. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Access Denied! New Instagram Hack Kicks Users Out of Their Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/feed/ 0
Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/#respond Fri, 10 Aug 2018 18:46:15 +0000 https://securingtomorrow.mcafee.com/?p=90803 Fore! That’s not a ball hitting the 9th hole, that’s a ransomware attack. You heard correctly – the PGA (Professional Golfers’ Association) was hit with a ransomware attack this week, just days ahead of its annual championship tournament. Specifically, the attack was on the PGA’s computer servers, and is keeping officials from accessing files, such […]

The post Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship appeared first on McAfee Blogs.

]]>
Fore! That’s not a ball hitting the 9th hole, that’s a ransomware attack. You heard correctly – the PGA (Professional Golfers’ Association) was hit with a ransomware attack this week, just days ahead of its annual championship tournament. Specifically, the attack was on the PGA’s computer servers, and is keeping officials from accessing files, such as numerous PGA banners, logos, and signage, for the PGA Championship 2018.

Though it’s unsure how the crooks were able to get inside the PGA’s system, they have made their motives clear. Per Golfweek’s report, the cybercriminals left a message for the PGA staff, stating, “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm.” “Any attempt to break the encryption could cause the loss of all of the work. This may lead to the impossibility of recovery of certain files,” the message threatened. They also included a Bitcoin wallet number for the PGA, however, the organization has yet to put anything in there.

That means, as of now, the PGA is still without access to a few of their promotional materials as their tournament is underway. However, the 2018 championship is still carrying on successfully, as planned.

Now, what can we take away from this situation? The tournament is still running smoothly, even despite the disruption from hackers. So, take a page out of PGA’s book – stand up to cybercriminals and don’t pay the ransom. Beyond not paying the ransom, here are a few additional security tips to follow if you’re ever faced with a ransomware attack on your personal device:

  • Keep your devices up-to-date. Though it’s not exactly known how cybercriminals gained access to the PGA’s systems, usually, ransomware attacks depend on a known vulnerability. So, make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/feed/ 0
5 Tips To Protect Your IoT Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/#respond Thu, 09 Aug 2018 22:45:44 +0000 https://securingtomorrow.mcafee.com/?p=90805 Do you think as yourself as living in a “smart home”? If you look around you may notice that you are surrounded by internet-connected, computing devices, including IP cameras, speakers, doorbells, and even refrigerators. These physical products embedded with electronics and software are generally referred to as the Internet of Things (IoT). IoT products differ […]

The post 5 Tips To Protect Your IoT Devices appeared first on McAfee Blogs.

]]>
Do you think as yourself as living in a “smart home”? If you look around you may notice that you are surrounded by internet-connected, computing devices, including IP cameras, speakers, doorbells, and even refrigerators. These physical products embedded with electronics and software are generally referred to as the Internet of Things (IoT).

IoT products differ from dedicated tech devices, like computers, smartphones and tablets, in that their primary function is to do offline tasks, which are enhanced by connecting to the internet. An internet-enabled car, for instance, is still made for driving, but it can also potentially connect to the driver’s device and home electronics, make phone calls, and display cameras.

There’s no doubt that the Internet of Things can make our lives more convenient (just think how easy it is to ask an interactive speaker to place an order online), but it also opens us up to new risks. This is because most IoT devices lack built-in security features, making them vulnerable to malware and hacking.

Take the 2016 Mirai botnet attack, which took down a large part of the internet on the East Coast. This botnet was actually made up of 2.5 million compromised IoT devices, such as webcams and routers, which were infected by malware programmed to guess default passwords. The combined power of these IoT devices was then used to flood the internet’s Domain Name System servers with traffic, crippling the internet’s address book.

And since Mirai, IoT attacks have increased substantially both in number and sophistication. The IoT_Reaper malware, for instance, leveraged nine different vulnerabilities in webcams and routers to infect millions of devices, creating a massive army of “bots” that could potentially be used to launch attacks.

These threats are increasing at the same time as our thirst for more connected devices is growing. Everything from smart thermostats to interactive eyeglasses are expected to make up the 20.8 billion connected devices that are predicted to exist in consumer homes by 2020.

The more connected devices we have in our homes and lives, the more opportunities cybercriminals have to infiltrate our networks, and reach other data-rich devices. This can potentially put your private and financial information at risk, not to mention your privacy.

So, what can we as consumers do to protect our data and devices, while enjoying all the convenience that IoT brings?

Here are some important IoT Safety Tips:

  • Research before you buy—Look for devices that have built-in security features, when possible, and check other users’ reviews before you buy to see if there are any issues, such as known exploits or vulnerabilities, that you should know about.
  • Change Default Passwords—As soon as you bring a new connected device home make sure you change the default password to something hard to guess. This is because cybercriminals often know these default settings and can use them to access your devices. If the device has advanced security options, take advantage of them.
  • Keep them separate—Consider setting up a separate network just for your IoT devices. This way, even if a device is compromised the attacker will not be able to leapfrog to other data-rich devices on the same network, like computers and smartphones. Check your router’s user manual to learn how to setup a second, or “guest” network. Or, consider investing in a network that has built-in protection for IoT devices. Security is now being integrated into home routers, providing first-line protection for all the devices connected to the network.
  • Keep your firmware up-to-date—Manufacturers often release software updates to protect against potential vulnerabilities and upgrade features. Set your device to auto-update, if you can, so you always have the latest software.
  • Use comprehensive security software—Keep all your computers and devices protected by using robust security software that can help safeguard your private information and stop known threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips To Protect Your IoT Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/feed/ 0
Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/#respond Wed, 08 Aug 2018 00:46:45 +0000 https://securingtomorrow.mcafee.com/?p=90774 Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive […]

The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.

]]>
Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive cryptojacking campaign that’s targeting MikroTik routers.

The attack first finds its footing by taking advantage of a vulnerability within MikroTik routers. Once it leverages the flaw, the attack changes the devices’ configuration to inject Coinhive cryptocurrency mining malware into users’ web traffic. For context, Coinhive is a cryptocurrency mining service. Set up as a legitimate service, Coinhive is unfortunately often used by cybercriminals to hack websites and cryptojack users, aka steal the processing power of their devices to mine for cryptocurrency without their consent.

Which is precisely what’s happening to over 200,000 MikroTik customers, largely in Latin America. However, the attack has the potential to start spreading all over the world, given there are 1.7 million MikroTik routers all over.

Now, the next question is – what can these MikroTik users do to protect themselves from this attack? Start by following these proactive security tips:

  • Update your router’s firmware. MikroTik actually patched this vulnerability back in April, but that doesn’t necessarily mean that users applied the required patch. Therefore, this attack is a reminder of just how important it is to regularly update your router’s firmware, as these fixes are typically included within each update.
  • Check online notices. When made aware of vulnerabilities, manufacturers will notify the public, as well as make them aware of incoming fixes. Therefore, scan technical service bulletins or notices on a company site so that if a vulnerability does pop up with your router, you can learn what to do to help your device stay secure.
  • Secure your home’s internet at the source. Your home router allows your entire family to connect to the internet. If it’s vulnerable, your internet activity can be compromised as a result – just like with this MikroTik attack. So, be sure to use a router with built-in security like McAfee Secure Home Platform, which provides protection against threats at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/feed/ 0
The Reddit Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/#respond Wed, 01 Aug 2018 23:28:29 +0000 https://securingtomorrow.mcafee.com/?p=90653 With the tagline, “giving you the best of the internet in one place,” Reddit is a popular website designed for discussion, news aggregation, and the creation of social content. Boasting over 330 million users, the platform is characterized by an engaged community. Which also means it contains treasure troves of consumer data. Unfortunately, there’s now […]

The post The Reddit Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
With the tagline, “giving you the best of the internet in one place,” Reddit is a popular website designed for discussion, news aggregation, and the creation of social content. Boasting over 330 million users, the platform is characterized by an engaged community. Which also means it contains treasure troves of consumer data. Unfortunately, there’s now a chance that information has been exposed, as Reddit announced today that its systems were hacked at some point earlier this summer.

Announcing the breach on its r/announcements section, Reddit informed users that its internal systems were accessed by attackers sometime between June 14th to June 18th. The cybercriminals managed to bypass the SMS-based two-factor authentication the company had in place to access user data. This information includes some current email addresses and a 2007 database backup containing old salted and hashed passwords (meaning, passwords that haven’t been stored in plaintext). Additionally, email digests sent in June 2018 were also accessed by the hackers as well.

Now, the amount the impacted emails and passwords is not yet exactly known, but it’s crucial Reddit users (particularly those who joined by 2007) start taking steps now to secure their personal security. Start by following these tips:

  • Change up your password. If you joined Reddit in 2007 or before, you should change up your password immediately. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Avoid common and easy to crack passwords like “12345” or “password.”
  • Keep an eye out for sketchy emails and messages. If you received an email from a Reddit digest in June, then there’s a chance the hacker has your email address. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Don’t solely rely on SMS two-factor authentication (2FA). If anything, we can all learn a lesson from this Reddit breach – we can’t solely rely on SMS two-factor authentication anymore to secure our data. In fact, SMS is one of the weakest forms of 2FA. If you wish to lock down your data on your devices, it’s best to use app-based two-factor authentication, such as Google Authenticator.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Reddit Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/feed/ 0
5 Tips for Managing Your Digital Footprint and Online Reputation https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/#respond Wed, 01 Aug 2018 18:38:58 +0000 https://securingtomorrow.mcafee.com/?p=90642 Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not. Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information […]

The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.

]]>
Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not.

Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information you intentionally post to promote yourself, such as online resumes and professional profiles. This is why you should take some time to manage your online reputation.

A recent study by CareerBuilder found that 70% of employers use search engines and social media to screen candidates. What’s more, 54% of employers surveyed said that they reconsidered candidates after getting a bad impression of them online.

This situation should be especially concerning for younger adults who are entering the job market for the first time, after years of carefree posting.

And if you think that once you have a job you can forget about looking after your digital footprint, think again. Employers also said that they check employees’ online presence when considering promotions.

Even colleges and universities rely on social media checks to get a better sense of applicants, according to a recent survey of admissions officers.

Of course, having a negative online presence is one problem, but having no presence at all is an even bigger red flag, so don’t start deleting profiles and accounts, or making everything “private”.

Over half of employers surveyed said that they are less likely to interview a candidate with no visible presence online. In this age, everyone is expected to have a digital footprint—it’s what that footprint says about you that matters the most.

So, how do you make sure that your digital footprint gives a good impression of you?

Here are some important tips:

  • Start Online Awareness Early—It’s easier to build a positive digital footprint from a young age, than to clean up a questionable presence later on. (When you consider that many kids get a smartphone at the age of 10, editing 8 years of online activity before college could be a real chore!) Talk to your kids about the importance of giving a positive impression online before they engage. When you do decide to let your kids connect, make sure to use parental controls that limit the kinds of content they can access, and protects them from online threats.
  • Be cautious about over-sharing—Yes, social media was made for sharing, but try to avoid venting online or engaging in heated arguments. If you have a problem with someone, talk it out offline.
  • Turn off tagging—Just because you’re paying attention to your online reputation, doesn’t mean your friends are. Being “tagged” in photos or videos you didn’t post could leave you open to the wrong impressions. That’s why it’s best to turn off tagging in your social media settings.
  • Keep positive content public—If you have a great online presence, sharing your accomplishments and skills, make sure to make the posts public. This goes for your social channels, as well as your professional profiles.
  • Be yourself, but speak clearly and respectfully—Show your unique personality and creativity, since people respond to genuineness But remember to be articulate in the process. Check posts for spelling or grammar errors before you hit “send”, and avoid offensive language. When commenting on other people’s posts, do it respectfully.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/feed/ 0
Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/#respond Tue, 31 Jul 2018 18:42:02 +0000 https://securingtomorrow.mcafee.com/?p=90624 More and more, ransomware attacks are targeting one specific industry – health care. As detailed in our McAfee Labs Threats Report: March 2018, health care experienced a dramatic 210% overall increase in cyber incidents in 2017. Unfortunately, 2018 is showing no signs of slowing. In fact, just this week it was revealed that patient records […]

The post Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach appeared first on McAfee Blogs.

]]>
More and more, ransomware attacks are targeting one specific industry – health care. As detailed in our McAfee Labs Threats Report: March 2018, health care experienced a dramatic 210% overall increase in cyber incidents in 2017. Unfortunately, 2018 is showing no signs of slowing. In fact, just this week it was revealed that patient records from the Missouri-based Blue Springs Family Care have been compromised after cybercriminals attacked the provider with a variety of malware, including ransomware.

Though it’s not entirely sure yet how these attackers gained access, their methods were effective. With this attack, the cybercriminals were able to breach the organization’s entire system, making patient data vulnerable. The attack resulted in 44,979 records being compromised, which includes Social Security numbers, account numbers, driver’s licenses, disability codes, medical diagnoses, addresses, and dates of birth.

The company’s official statement notes, “at this time, we have not received any indication that the information has been used by an unauthorized individual.”  However, if this type of data does become leveraged, it could be used by hackers for both identity and medical fraud.

So, with a plethora of personal information out in the open – what should these patients do next to ensure their personal data is secure and their health information is private? Start by following these tips:

  • Talk with your health provider. With many cyberattacks taking advantage of the old computer systems still used by many health care providers, it’s important to ask yours what they do to protect your information. What’s more, ask if they use systems that have a comprehensive view of who accesses patient data. If they can’t provide you with answers, consider moving on to another practice that has cybersecurity more top of mind. 
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Keep your eyes on your health bills and records. Just like you pay close attention to your credit card records, you need to also keep a close eye on health insurance bills and prescription records, which are two ways that your health records can be abused. Be vigilant about procedure descriptions that don’t seem right or bills from facilities you don’t remember visiting.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

 And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/feed/ 0
Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/#respond Wed, 25 Jul 2018 18:56:01 +0000 https://securingtomorrow.mcafee.com/?p=90529 Similar to smartphones and computers, Bluetooth is one of the modern-day pieces of tech that has spread wide and far. Billions of devices of all types around the world have the technology woven into their build. So when news about the BlueBorne vulnerabilities broke back in late 2017, everyone’s ears perked up. Fast forward to […]

The post Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug appeared first on McAfee Blogs.

]]>
Similar to smartphones and computers, Bluetooth is one of the modern-day pieces of tech that has spread wide and far. Billions of devices of all types around the world have the technology woven into their build. So when news about the BlueBorne vulnerabilities broke back in late 2017, everyone’s ears perked up. Fast forward to present day and a new Bluetooth flaw has emerged, which affects devices containing Bluetooth from a range of vendors—including Apple, Intel, Google, Broadcom, and Qualcomm.

Whether it’s connecting your phone to a speaker so you can blast your favorite tunes, or pairing it with your car’s audio system so you can make phone calls hands-free, the pairing capabilities of Bluetooth ensures the technology remains wireless. And this bug affects precisely that — Bluetooth’s Secure Simple Pairing and Low Energy Secure Connections, which are capabilities within the tech designed to assist users with pairing devices in a safe and secure way.

Essentially, this vulnerability means that when data is sent from device to device over Bluetooth connections, it is not encrypted, and therefore vulnerable. And with this flaw affecting Apple, Google and Intel-based smartphones and PCs, that means millions of people may have their private data leaked. Specifically, the bug allows an attacker that’s within about 30 meters of a user to capture and decrypt data shared between Bluetooth-paired devices.

Lior Neumann, one of the researchers who found the bug, stated, “As far as we know, every Android—prior to the patch published in June—and every device with a wireless chip from Intel, Qualcomm or Broadcom is vulnerable.” That includes iPhone devices with a Broadcom or Qualcomm chip as well.

Fortunately, fixes for this bug within Apple devices have already been available since May with the release of iOS 11.4. Additionally, two Android vendors, Huawei and LG, say they have patched the vulnerability as well. However, if you don’t see your vendor on this list, or if you have yet to apply the patches – what next steps should you take to secure your devices? Start by following these tips:

  • Turn Bluetooth off unless you have to use it. Affected software providers have been notified of these vulnerabilities and are working on fixing them as we speak. But in the meantime, it’s crucial you turn off your Bluetooth unless you absolutely must use it. To do this on iOS devices, simply go to your “Settings”, select “Bluetooth” and toggle it from on to off. On Android devices, open the “Settings” app and the app will display a “Bluetooth” toggle button under the “Wireless and networks” subheading that you can use to enable and disable the feature.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Patches for iOS and some Android manufacturers are already available, but if your device isn’t on the list, fear not – security patches for additional providers are likely on their way.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/feed/ 0
iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/#respond Wed, 18 Jul 2018 17:17:02 +0000 https://securingtomorrow.mcafee.com/?p=90426 The iPhone and many of the apps designed to live on the device have the ability to track our location. Whenever they set up these apps, however, users get the option to opt in or out of location tracking services. But what happens when a malicious campaign doesn’t give users the option to opt of […]

The post iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location appeared first on McAfee Blogs.

]]>
The iPhone and many of the apps designed to live on the device have the ability to track our location. Whenever they set up these apps, however, users get the option to opt in or out of location tracking services. But what happens when a malicious campaign doesn’t give users the option to opt of having their location tracked by cybercriminals? In fact, just this week, it has been discovered that iPhone users may be faced with that very possibility, as a sophisticated mobile malware campaign is gaining access to devices by tricking users into downloading an open-source mobile device management (MDM) software package.

First, let’s back up – how does a mobile device management software package work, exactly? Well, according to Continuum, Mobile device management (MDM) is a type of software used by an IT department to monitor, manage, and secure employees’ mobile devices. Therefore, once hijacked by hackers, this software could be used to gain almost complete access to a mobile device.

So, with this malicious MDM campaign, cybercriminals can gain access to a device and steal various forms of sensitive information, including the phone number, serial number, location, contact details, user’s photos, SMS messages, and Telegram and WhatsApp chat messages.

As of now, it’s not entirely clear how this campaign is being spread – though many signs point to social engineering. So, given the information we do know – the next question is what should iPhone users do next to stay secure? Start by following these tips:

  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Turn off location services. It’s one thing for a cybercriminal to have ahold of your data, but it’s another thing entirely if they have the ability to track your location. This hack could not only impact your digital security but your physical security as well. So, turn off the location services immediately on your phone – that way if they gain access to your device, they won’t be able to track you.
  • Use a mobile security solution. As schemes like this MDM campaign continue to impact mobile users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/feed/ 0
Major International Airport’s Security System Found for Sale on Dark Web RDP Shop https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/#respond Wed, 11 Jul 2018 13:01:56 +0000 https://securingtomorrow.mcafee.com/?p=90281 The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One […]

The post Major International Airport’s Security System Found for Sale on Dark Web RDP Shop appeared first on McAfee Blogs.

]]>
The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One type of marketplace is called a remote desktop protocol (RDP) shop, which provides access to stolen systems for a small fee. Found in one of these RDP shops by McAfee’s ATR team: a major international airport’s security and building automation systems, which could be purchased for only $10 USD.

You might be wondering – what does “access” mean in this scenario? Just like Spotify and Apple Music sell access to artist’s songs, or a gym sells access to their exercise machines, the dark web can sell remote access to hacked machines through these RDP shops. Once access is purchased, crooks can obtain logins to a victim’s computer system and essentially have full control of it.

Now, the McAfee ATR team is not exactly sure how the cybercriminals got their hands on these systems. But they do know that once something like an airport security system is purchased, crooks can do serious damage. This access could allow cybercriminals to do essentially anything they want – create false alerts to the internal security team, send spam, steal data and credentials, mine for cryptocurrency, or even conduct a ransomware attack on the organization.

So, what happens if your information was potentially compromised in the sale of one of these systems on the dark web? To protect your personal data from larger cybercriminal schemes that originate from RDP shops, be sure to follow these tips: 

  • Be selective about what you share. The best way to control where your information goes is by reducing the sources you share it with. That means not providing your personal information to every app, network, or system that asks for it. Be strict and diligent, and only provide something with information when it’s crucial to the service or experience it provides.
  • Set up an alert. Compromised information could potentially include financial data. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft monitoring and recovery solution. If enough personal data becomes compromised by cybercriminals accessing stolen systems, users could be potentially faced with the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Major International Airport’s Security System Found for Sale on Dark Web RDP Shop appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/feed/ 0
Popular Social Media App Timehop Hit With Huge Data Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/#respond Tue, 10 Jul 2018 16:41:47 +0000 https://securingtomorrow.mcafee.com/?p=90274 The Fourth of July is characterized by barbeques, fireworks, and patriotism – and now cyberattacks! Just this past Independence Day, the popular social media app Timehop was hacked – as cybercriminals set their sights on the company’s servers, rather than enjoying hot dogs and sparklers. The attack affects a whopping 21 million Timehop users and […]

The post Popular Social Media App Timehop Hit With Huge Data Breach appeared first on McAfee Blogs.

]]>
The Fourth of July is characterized by barbeques, fireworks, and patriotism – and now cyberattacks! Just this past Independence Day, the popular social media app Timehop was hacked – as cybercriminals set their sights on the company’s servers, rather than enjoying hot dogs and sparklers. The attack affects a whopping 21 million Timehop users and has put their personal information at risk of being compromised.

The key ingredient for this attack: multi-factor authentication. Or, lack thereof. Hackers were able to access the company’s cloud servers on July 4th because Timehop had not turned on multi-factor authentication. “The breach occurred because an access credential to our cloud computing environment was compromised,” the company said. Once they obtained the credential to access the servers, the crooks managed to remain inside the system for approximately two hours.

In a company blog post, Timehop stated that the security breach compromised the names and emails of these 21 million users, which is essentially its entire user base. And 4.7 million of those affected users had a phone number that was attached to their account breached in the attack as well. Fortunately, Timehop says that no financial data was compromised in the attack, and all access to social media platforms was deactivated immediately by Timehop, which actually logged all users out of their accounts.

This breach joins the Exactis and Adidas breaches that have occurred in the past week, leaving millions of consumers out there concerned for their personal security. So, what next steps should Timehop users take to ensure they secure their personal information? Start by following these tips:

  • Change up your passwords. With this personal data already in hand, it’s likely cybercriminals are going to take a guess at your password and attempt to get inside your Timehop account. Therefore, make sure you change up your password to Timehop and any other accounts that use the same one.
  • Use two-factor authentication. If this breach has made anything clear, it’s that we cannot rely on passwords that use single-factor authentication to protect our accounts. Learn a lesson from Timehop and always enable two-factor authentication when given the option.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Popular Social Media App Timehop Hit With Huge Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/feed/ 0
Attention Gmail Users: App Developers Can Potentially Read Your Private Emails https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/#respond Tue, 03 Jul 2018 22:25:40 +0000 https://securingtomorrow.mcafee.com/?p=90222 Email has been the norm for decades now, as most digitally connected people use it to communicate in both their personal and professional lives. One of the most popular email services out there today is Google’s offering, Gmail, which has 1.4 billion users. Many people use the platform daily, even connecting it to third-party apps […]

The post Attention Gmail Users: App Developers Can Potentially Read Your Private Emails appeared first on McAfee Blogs.

]]>
Email has been the norm for decades now, as most digitally connected people use it to communicate in both their personal and professional lives. One of the most popular email services out there today is Google’s offering, Gmail, which has 1.4 billion users. Many people use the platform daily, even connecting it to third-party apps – a feature that may have exposed actually exposed private Gmail messages. Just yesterday, The Wall Street Journal reported that people who have connected third-party apps to their accounts may have unwittingly given external developers permission to read their messages.

But wait – how could hundreds of developers just access users’ private inboxes? As a matter of fact, Google allows these developers to scan the inboxes of millions of users per its official policy. This policy is outlined when people are asked if they wish to connect their Google account to third-party apps and services. When linking their account to a service, people are asked to grant certain permissions – which often include the ability to “read, send, delete and manage your email.”

Now, the developers who have access to users’ Gmail inboxes have been vetted by Google. And to them, this access is the norm. Thede Loder, the former CTO at eDataSource Inc., said that reading user emails has become “common practice” for companies that collect this type of data. “Some people might consider that to be a dirty secret… It’s kind of reality,” he notes.

Though this news may be unsurprising to people like Loder, it’s likely very surprising to others, proving there’s a gap in awareness and understanding of what Gmail users are signing themselves up for. Therefore, if you’re a Gmail user wishing to keep the information exchanged in your emails private, be sure to follow these tips:

  • Be selective. The best way to control where your information goes is by reducing the sources you share it with. That means not providing Gmail access to every app that asks for it. Be strict and diligent, and only provide an app access when it’s crucial to the service or experience it provides.
  • Read the terms and conditions. If you are going to share access to your Gmail or your information with an application or website, be sure you read the terms and conditions carefully. Though it may feel tedious, it’s important you know where your information is going and how it is being used.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

 And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Gmail Users: App Developers Can Potentially Read Your Private Emails appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/feed/ 0
The Exactis Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/#respond Thu, 28 Jun 2018 18:01:34 +0000 https://securingtomorrow.mcafee.com/?p=90179 There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was […]

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "0314018a-527d-44cc-a71d-995cd761cd4a",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_1604537239013014.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_1604537239013014.jpg",
"pubDate": "Thurs 28 June 2018 12:35:48 +0000"
}
}

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/feed/ 0
The Exactis Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/#comments Thu, 28 Jun 2018 17:12:33 +0000 https://securingtomorrow.mcafee.com/?p=90165 There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was […]

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/feed/ 8
Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/#respond Thu, 28 Jun 2018 01:33:34 +0000 https://securingtomorrow.mcafee.com/?p=90124 Ever hear “Despacito” on the radio? Of course you did! It was the song of 2017 – taking over radios, dance clubs, and even ringtones on our cell phones. Take Android users for instance – many even downloaded the “Despacito for Ringtone” so they could enjoy the tune anytime they received a phone call. But […]

The post Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware appeared first on McAfee Blogs.

]]>
Ever hear “Despacito” on the radio? Of course you did! It was the song of 2017 – taking over radios, dance clubs, and even ringtones on our cell phones. Take Android users for instance – many even downloaded the “Despacito for Ringtone” so they could enjoy the tune anytime they received a phone call. But what they didn’t know is that they could be involved in a cyberattack, rather than just listening to their favorite song. As a matter of fact, our McAfee Mobile Research team has found a new malicious campaign, named Sonvpay, that’s impacted at least 15 apps published on Google Play – including that Despacito app.

How it works

You know how with some of your apps you can adjust the push notifications? Sometimes these notifications pop up on your screen, and other times you won’t receive any – depending on your settings. To enact its malicious scheme, Sonvpay listens for incoming push notifications that contain the data they need in order to perform mobile billing fraud – which is when extra charges get added to a user’s phone bill and can potentially line a cybercriminal’s pocket.

Once receiving the data, the crooks can perform this mobile billing fraud (either WAP and SMS fraud) by displaying a fake update notification to the user. This fake notification has only one red flag – if the user scrolls until the end, the phrase “Click Skip is to agree” appears, as seen below.

If the user clicks the only button (Skip), Sonvpay will complete its mission – and will fraudulently subscribe the user to a WAP or SMS billing service, depending on the victim’s country.

What it affects

So which Android applications contain Sonvpay? The McAfee Mobile Research team initially found that Qrcode Scanner, Cut Ringtones 2018, and Despacito Ringtone were carrying the Sonvpay, and Google promptly took them down once notified. But then more emerged, totaling up to 15 applications out there that contain Sonvpay, some of which have been installed over 50,000 times. These applications include:

Wifi-Hostpot

Cut Ringtones 2018

Reccoder-Call

Qrcode Scanner

QRCodeBar Scanner APK

Despacito Ringtone

Let me love you ringtone

Beauty camera-Photo editor

Flashlight-bright

Night light

Caculator-2018

Shape of you ringtone

Despacito for Ringtone

Iphone Ringtone

CaroGame2018

So now the next question is – what do I do if I was one of the Android users who downloaded an application with Sonvpay? How can I avoid becoming a victim of this scam? Start by following these tips:

  • Only give your apps permission to what they need. When downloading one of these applications, one user reported they noticed that the app asked for access to SMS messages. This should’ve been a red flag – why would a ringtone app need access to your texts? Whenever you download an app, always double check what it’s requesting access to, and only provide access to areas it absolutely needs in order to provide its service.
  • Always read the fine print. Before you update or download anything, always make sure you scroll through all the information provided and read through it line by line. This may feel tedious, but it could be the difference between being compromised and remaining secure.
  • Use a mobile security solution. As schemes like Sonvpay continue to impact mobile applications and users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/feed/ 0
Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/#respond Thu, 21 Jun 2018 22:14:56 +0000 https://securingtomorrow.mcafee.com/?p=90068 Does the name “Fortnite” ring any bells? It should, because it’s probably the most popular video game in the world right now, garnering the attention of millions of fans and even a few celebrities. Oh, and a handful of cybercriminals as well. Despite the fact that the game is not yet available for Android, crooks […]

The post Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos appeared first on McAfee Blogs.

]]>
Does the name “Fortnite” ring any bells? It should, because it’s probably the most popular video game in the world right now, garnering the attention of millions of fans and even a few celebrities. Oh, and a handful of cybercriminals as well. Despite the fact that the game is not yet available for Android, crooks are advertising “leaked” versions of Epic Games’ Fortnite — by releasing YouTube videos with fake links claiming to be Android versions of the game.

This scam begins with a user conducting a simple Google or YouTube search for “Download Fortnite for Android” or “How to install Fortnite on Android.” This search provides users with dozens of videos – some of which have millions of views – that claim they can show how to get the game on Android. From there, people are then directed to download one of the fake Fortnite apps.

These fake apps do a great job at seeming convincing, as many use the same images and loading screens found in the iOS app. They even play the game’s intro song and prompt users to log in – seems legitimate, right? But soon enough, the apps reveal their true colors.

The apps will ask a user to provide mobile verification, to which they’ll confirm and hit OK. Then, users get redirected to a site claiming to check if they’re a bot or not, which requires them to download another app and then click on a link that comes with the “unlock instructions” within that app. Once users hit “tap to install,” however, they’re only guided back to Google Play. Users can keep installing app after app and will never actually get to the actual Fortnite game.

Essentially, this means the cybercriminals are aiming to make money off of increased app downloads. This incident reminds us that online gaming has its risks, and Fortnite is no exception. Therefore, in order to stay protected from this scam and others like it, be sure to follow these tips:

  • Do your homework. Know your game – find out when and where it is available on different platforms. And if for some reason your research yields mixed results, check the game’s main page to confirm the answer.
  • Go straight to the source. It’s a good security rule of thumb for anything out there – do not download something unless you are getting it from the company’s home page. The most trusted source is the original one, so make sure you’re using the real deal. If you’re an Android user, it’s best to just wait for Epic Games’ version of Fortnite in order to avoid frauds.
  • Use comprehensive security. Whether you’re using the mobile iOS version of Fornite, or gaming on your computer, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/feed/ 0
Blockchain 101: What Consumers Need to Know About the Technology https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/#respond Tue, 19 Jun 2018 21:32:43 +0000 https://securingtomorrow.mcafee.com/?p=89989 From Bitcoin’s boom, to high stakes hacks – cryptocurrency, and how to secure it, has been the talk of the town. However, what most don’t realize is that a there is a sophisticated technology involved in each cryptocurrency transaction designed to secure digital currency: blockchain technology. Now, many of you may be asking – what […]

The post Blockchain 101: What Consumers Need to Know About the Technology appeared first on McAfee Blogs.

]]>
From Bitcoin’s boom, to high stakes hacks – cryptocurrency, and how to secure it, has been the talk of the town. However, what most don’t realize is that a there is a sophisticated technology involved in each cryptocurrency transaction designed to secure digital currency: blockchain technology. Now, many of you may be asking – what exactly is blockchain? Let’s take a look at how this technology actually works and what the security implications may be for consumers.

What is blockchain?

According to the recent McAfee Blockchain Threat Report, “a blockchain is a series of records or transactions, collected together in a block that defines a portion of a ledger. The ledger is distributed among peers, who use it as a trusted authority in which records are valid. Each block in the ledger is linked to its next block, creating a chain—hence the name.” With blockchain, anyone can look at the latest blocks and their “parent” blocks to determine the state of an address. It also assists with multiple issues that can occur when making digital transactions, such as double spending and currency reproduction.

Remaining cautious with blockchain

Blockchain is essentially the secret weapon behind cryptocurrency’s popularity, as it has been positioned as the technology that will help address digital currency’s security issues. While it has great potential, there are some possible risks that could hinder its growth. For instance, the many cryptocurrency hacks we’ve seen recently have proven blockchain is not exactly foolproof. The mechanism involved in blockchain has some vulnerability in itself – which is a friendly reminder that we still need to be cautious in how we view this technology as it relates to security. Remember that blockchain is created by people, who can make mistakes.

Therefore, it’s important we all remain cautious when it comes to treating this technology like the end all be all. So, if you’re considering using blockchain technology to secure your cryptocurrency, be sure to follow these tips:

  • Don’t put all your eggs in one basket. Diversity is king when it comes to cryptocurrency. Since blockchain isn’t a sure-fire way for securing cryptocurrency transactions, make sure you do your research on the various “coins” out there. Select a nice variety of currency types so that if one cryptocurrency is attacked, you’ll still have a few other types to rely on.
  • Always have a plan B. Make sure you have a paper equivalent of records so that all your transactions are not bound by something that is prone to human error. That way, if for some reason something does go wrong with blockchain, you still have your important transactions documented elsewhere.
  • Do your homework. With blockchain and any new and emerging technology really, make sure you always remain a bit skeptical. Do your homework before you embrace the technology – research your options and make sure there’s been no security issues. 

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Blockchain 101: What Consumers Need to Know About the Technology appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/feed/ 0
New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/#respond Wed, 13 Jun 2018 07:56:17 +0000 https://securingtomorrow.mcafee.com/?p=89635 Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research […]

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) team, can be easily compromised, which is why the team has submitted a vulnerability to Microsoft which involves the default settings for Windows 10 and the Cortana voice assistant. The vulnerability can be used to do things such as retrieve information from Cortana, start an application from the Windows lock screen, and even log into a Windows 10 device without a user interacting with the computer.

To understand how someone can take advantage of this vulnerability, imagine you are sitting at your favorite coffee shop and need to use the restroom. As a security-minded individual, you lock your computer’s screen thinking that would keep bad people from accessing your information. With this vulnerability, all someone would have to do is say, “Hey Cortana,” then follow a few simple steps to gain access to the treasure trove of information, no reboot required.

By taking advantage of this vulnerability, McAfee researcher Cedric Cochin discovered that by simply typing while Cortana starts to listen to a request or question on a locked device, he could bring up a search menu. Cochin didn’t even have to say anything to Cortana, but simply clicked on the “tap and say” button and started typing in words. At that point, he could hover over search results, which included documents and other files, and see where they led to on that computer. What’s more – he was able to take it a step further and figured out a way to access certain confidential files and information.

Though there are limitations to what cybercriminals could do, there are ways they can get the right file results to show up, which have been outlined in our McAfee Labs blog post on this topic. By leveraging one of these techniques, cybercriminals could use this vulnerability to take malicious actions such as resetting passwords on a Windows 10 computer, even though the device is technically locked. In only a few seconds, an attacker has full access to a computer.

With the discovery of this vulnerability, the next question is – what can I do to not be a victim of this? Start by following these security tips:

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a Windows 10 computer with Cortana. Now that this vulnerability has been disclosed it’s important that you keep a close eye on your computer until you apply the update from Microsoft.
  • Apply updates immediately. The good news is – today is Patch Tuesday! And fortunately the update that Microsoft is rolling out today has a fix for this vulnerability to protect your Windows 10 computer. Be sure to update your computer immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/feed/ 0
Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/#respond Wed, 13 Jun 2018 04:01:19 +0000 https://securingtomorrow.mcafee.com/?p=89026 Playing video games has become a popular pastime for children of all ages (even for some adults too), as the virtual challenges encourage these players to try their hand at beating the game again and again. In fact, recent McAfee research found that gaming helps prepare these kids for a potential career in cybersecurity. However, […]

The post Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming appeared first on McAfee Blogs.

]]>
Playing video games has become a popular pastime for children of all ages (even for some adults too), as the virtual challenges encourage these players to try their hand at beating the game again and again. In fact, recent McAfee research found that gaming helps prepare these kids for a potential career in cybersecurity. However, what many children and parents don’t realize is that these games can also pose a serious threat to their family’s online safety. To unpack what that threat looks like exactly, we conducted the McAfee which explores consumers’ attitudes towards the perceived risks that come with gaming. Let’s dive into the key findings.

Our survey discovered that 62% of children play games where they speak to other people while playing, and parents who responded to our survey are most worried that this unknown person may be a sexual predator (75% of parents), bully (61%), cybercriminal who could steal personal or financial info (60%), or a drug dealer (37%). Despite this worry, 44% of parents would still allow their child to play a game that they are technically too young for (i.e. they are younger than the recommended age determined by the rating).

What’s more – despite allowing their children up to four hours of gaming per day, 71% of parents at least somewhat agree that their child is at risk of being exposed to inappropriate content while gaming. 62% worry about cybercriminals disguising themselves as another player to steal sensitive information, 58% are concerned that their child could click on a link and download a virus, and 52% worry about cybercriminals hacking gaming accounts and accessing personal or financial information. And unfortunately, some of these concerns have become a reality, as we’ve recently seen cyberattacks involving both Minecraft and Nintendo Switch.

So, with parents worried about the security risks that come with online gaming – why aren’t they doing something to assuage their own concerns? Fortunately, we have a few pointers you can use to start securing your kid’s online safety today:

  • Browse with protection. A tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious.
  • Use comprehensive security. No matter what you do online, it’s best to use a security product like McAfee Total Protection that can help keep your connected devices safe from malware. Just like any PC application, be sure to keep your security software updated with the latest software version.
  • Use parental control software. Parental control will help you set time limits on your child’s device usage and help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Survey Methodology: McAfee commissioned OnePoll to conduct a survey of 5,000 parents of children ages 6 to 16 who play online or console games in Australia, Germany, Singapore, the U.S. and the U.K.

The post Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/feed/ 0
New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/#respond Tue, 12 Jun 2018 18:46:12 +0000 https://securingtomorrow.mcafee.com/?p=89625 Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research […]

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) team, can be easily compromised, which is why the team has submitted a vulnerability to Microsoft which involves the default settings for Windows 10 and the Cortana voice assistant. The vulnerability can be used to do things such as retrieve information from Cortana, start an application from the Windows lock screen, and even log into a Windows 10 device without a user interacting with the computer.

To understand how someone can take advantage of this vulnerability, imagine you are sitting at your favorite coffee shop and need to use the restroom. As a security-minded individual, you lock your computer’s screen thinking that would keep bad people from accessing your information. With this vulnerability, all someone would have to do is say, “Hey Cortana,” then follow a few simple steps to gain access to the treasure trove of information, no reboot required.

By taking advantage of this vulnerability, McAfee researcher Cedric Cochin discovered that by simply typing while Cortana starts to listen to a request or question on a locked device, he could bring up a search menu. Cochin didn’t even have to say anything to Cortana, but simply clicked on the “tap and say” button and started typing in words. At that point, he could hover over search results, which included documents and other files, and see where they led to on that computer. What’s more – he was able to take it a step further and figured out a way to access certain confidential files and information.

Though there are limitations to what cybercriminals could do, there are ways they can get the right file results to show up, which have been outlined in our McAfee Labs blog post on this topic. By leveraging one of these techniques, cybercriminals could use this vulnerability to take malicious actions such as resetting passwords on a Windows 10 computer, even though the device is technically locked. In only a few seconds, an attacker has full access to a computer.

With the discovery of this vulnerability, the next question is – what can I do to not be a victim of this? Start by following these security tips:

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a Windows 10 computer with Cortana. Now that this vulnerability has been disclosed it’s important that you keep a close eye on your computer until you apply the update from Microsoft.
  • Apply updates immediately. The good news is – today is Patch Tuesday! And fortunately the update that Microsoft is rolling out today has a fix for this vulnerability to protect your Windows 10 computer. Be sure to update your computer immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/feed/ 0
Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/#respond Fri, 08 Jun 2018 23:26:20 +0000 https://securingtomorrow.mcafee.com/?p=89522 Facebook, Facebook, Facebook – between malware leveraging Facebook Messenger to send phishing messages, to apps on the platform mishandling customer data, the social media network has dealt with its fair share of cybersecurity woes these past few months. And just this week, yet another issue has emerged. It was discovered that a bug within Facebook […]

The post Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug appeared first on McAfee Blogs.

]]>
Facebook, Facebook, Facebook – between malware leveraging Facebook Messenger to send phishing messages, to apps on the platform mishandling customer data, the social media network has dealt with its fair share of cybersecurity woes these past few months. And just this week, yet another issue has emerged. It was discovered that a bug within Facebook may have accidentally changed settings for 14 million users, causing their posts to be shared publicly, even if they thought they were being shared only with friends.

When users share something on Facebook, they’re shown an audience selector, which provides a handful of options for who exactly gets to see a post. The user can select “Friends,” “Only me,” “Friends except,” or “Public,” with the choice supposedly defaulting to the one last used by the account owner. However, this bug made it so the default for all posts was set to public – meaning if the user was not paying attention, they unwittingly shipped their post out to a larger audience than they were anticipating.

Now, the good news is this bug was only affecting posts that went out from May 18th to May 27th, and no posts prior to that period were affected. Additionally, Facebook has confirmed that the bug has in fact been fixed.

However, this bug does act as a lesson about sharing out personal information on social media and reminds us to always be cautious of what we put out on the web. That being said, here are a few proactive security tips you can follow when sharing info on social media:

  • Always check in on your settings. This bug is a reminder that we should always check in on our current settings on social media platforms and apps. This bug swapped the settings without notifying users, but sometimes we may even too forget if we have the right settings on. Make it a priority a few times a month to go and see if you have the correct security settings in place on all your apps.
  • Be selective about what you share. The best way to control where your information goes is by cutting down what you share and how much you share it. That means reducing the amount of times you post on social media, and the type of information you do share. Anything private, personal, or that could help a cybercriminal learn more about you should remain off your social channels.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/feed/ 0
Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/#respond Tue, 05 Jun 2018 20:44:51 +0000 https://securingtomorrow.mcafee.com/?p=89336 When we find out our favorite artist is coming to town, we immediately head to the web to snatch up a ticket to their show. This where ticket distribution services, such as Ticketmaster and TicketFly, become handy, as they allow us to easily input our information to claim a spot for the show. But as […]

The post Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach appeared first on McAfee Blogs.

]]>
When we find out our favorite artist is coming to town, we immediately head to the web to snatch up a ticket to their show. This where ticket distribution services, such as Ticketmaster and TicketFly, become handy, as they allow us to easily input our information to claim a spot for the show. But as of this week, users of the latter company are unfortunately now dealing with that very information being compromised by a massive data breach. In fact, Troy Hunt, founder of “Have I Been Pwned,” discovered that a hacker posted several Ticketfly database files to a public server online.

This attack first began with an unnamed hacker informing Ticketfly of a security vulnerability and demanding a ransom of one bitcoin to reveal the flaw and help fix it. This threat was met with no response. Following which, the hacker then defaced the site, prompting the company to take it offline, and stole piles of Ticketfly customer data in the process.

In addition to a whopping 26 million email addresses, this stolen data includes users’ names, phone numbers, home and billing addresses. As of now, no financial information has been published publicly by the hacker, but he or she has threatened to post more data if they are not paid their ransom.

So, with this personal information out in the open and potentially more still to come, what can these Ticketfly customers do to ensure they protected their data? Start by following these tips:

  • Keep an eye out for sketchy emails. One way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Set up an alert. Though this hacker has not published financial data, that doesn’t mean he or she may not still have it on hand. Therefore, if you’re a Ticketfly user, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, Ticketfly users may be faced with the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/feed/ 0
Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/#respond Thu, 31 May 2018 18:58:01 +0000 https://securingtomorrow.mcafee.com/?p=89237 Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to […]

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to call an insider threat. Just this past week, popular soft drink producer Coca-Cola announced that they were facing exactly that: an insider threat in the form of a former employee found carrying a personal hard drive of worker data.

So far, we know that this employee uploaded the data of their fellow coworkers onto an external hard drive, which they took with them when departing the company. According to a company representative, “the type of stolen and exposed data varies per employee.” And though there are no more known specifics around the data, we do know that this theft impacts 8,000 individual Coca-Cola employees.

As of now, Coca-Cola says it’s been working with law enforcement to dig into the details of this insider threat, but in the interim, these employees need to start taking proactive steps to protect their personal information. In order to do just that, follow these basic security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.`
  • Consider an identity theft protection solution. With their personal information floating around, these employees could be faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "85576554-caea-4ff0-b59a-9fa580469932",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_400X300.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_400X300.jpg",
"pubDate": "Thur, 31 May 2018 12:35:48 +0000"
}
}

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/feed/ 0
Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/#comments Thu, 31 May 2018 18:42:14 +0000 https://securingtomorrow.mcafee.com/?p=89229 Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to […]

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to call an insider threat. Just this past week, popular soft drink producer Coca-Cola announced that they were facing exactly that: an insider threat in the form of a former employee found carrying a personal hard drive of worker data.

So far, we know that this employee uploaded the data of their fellow coworkers onto an external hard drive, which they took with them when departing the company. According to a company representative, “the type of stolen and exposed data varies per employee.” And though there are no more known specifics around the data, we do know that this theft impacts 8,000 individual Coca-Cola employees.

As of now, Coca-Cola says it’s been working with law enforcement to dig into the details of this insider threat, but in the interim, these employees need to start taking proactive steps to protect their personal information. In order to do just that, follow these basic security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.`
  • Consider an identity theft protection solution. With their personal information floating around, these employees could be faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/feed/ 1
New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/#respond Thu, 24 May 2018 00:20:32 +0000 https://securingtomorrow.mcafee.com/?p=89081 Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has […]

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has come to life, as it has been discovered that more than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware called VPNFilter.

Named after the directory the malware uses to hide on an infected device, VPNFilter first makes its way into a device through a reboot. Once it’s inside, it gains a foothold on the infected device and then deploys the malware.

VPNFilter has been designed with versatile capabilities, it attacks routers and other network-connected devices in order to steal credentials and other information exchanged across the network. It even contains a kill switch for routers, which means an attack could stop internet access for any devices tapping into that router.

So far, over 500,000 devices have been infected by the malware in over 54 countries. Therefore, with this attack spreading rapidly, it’s important to take security steps immediately in order to stay protected from VPNFilter. To do just that, follow these tips:

  • Update your router’s firmware. Router manufacturers are already working to make patches that will help protect users against this malware. Therefore, make sure you regularly update your router’s firmware, as these fixes are typically included within each update.
  • Be careful with what information you share. Since this malware can steal the data exchanged across your Wi-Fi network, it’s crucial you get selective with the information you do share for the time being. This means personal details, such as addresses, personally identifiable information, and financial data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "943447f2-28f6-4700-afc5-dbb09c73f1ac",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/img_1549136055998304.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/img_1549136055998304.jpg",
"pubDate": "Wed, 23 May 2018 12:35:48 +0000"
}
}

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/feed/ 0
New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/#comments Wed, 23 May 2018 23:10:25 +0000 https://securingtomorrow.mcafee.com/?p=89072 Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has […]

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has come to life, as it has been discovered that more than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware called VPNFilter.

Named after the directory the malware uses to hide on an infected device, VPNFilter first makes its way into a device through a reboot. Once it’s inside, it gains a foothold on the infected device and then deploys the malware.

VPNFilter has been designed with versatile capabilities, it attacks routers and other network-connected devices in order to steal credentials and other information exchanged across the network. It even contains a kill switch for routers, which means an attack could stop internet access for any devices tapping into that router.

So far, over 500,000 devices have been infected by the malware in over 54 countries. Therefore, with this attack spreading rapidly, it’s important to take security steps immediately in order to stay protected from VPNFilter. To do just that, follow these tips:

  • Update your router’s firmware. Router manufacturers are already working to make patches that will help protect users against this malware. Therefore, make sure you regularly update your router’s firmware, as these fixes are typically included within each update.
  • Be careful with what information you share. Since this malware can steal the data exchanged across your Wi-Fi network, it’s crucial you get selective with the information you do share for the time being. This means personal details, such as addresses, personally identifiable information, and financial data.
  • Use comprehensive security. Even though this attack largely goes after routers, it’s important you still lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/feed/ 7
Why You Need To Know About “Cryptojacking” https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/#respond Tue, 22 May 2018 16:00:52 +0000 https://securingtomorrow.mcafee.com/?p=88975 As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the […]

The post Why You Need To Know About “Cryptojacking” appeared first on McAfee Blogs.

]]>
As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the form of “cryptojacking.” That’s why everyone should become aware of the risks.

Cryptojacking is when a cybercriminal uses someone else’s computing power to mine for cryptocurrencies without their consent. They do this because mining for digital currencies like Bitcoin, while still lucrative, is more expensive than it used to be. Miners now need multiple machines to crank through the complicated algorithms that lead them to digital gold.

So, instead of investing in costly hardware, some cybercrooks have designed malware to steal computing power from normal users’ devices. They do this by distributing risky mobile apps, taking advantage of flaws in existing software, or even by using drive-by downloads embedded in online ads. In fact, malware-infected ads, also know as “malvertising”, have become a popular channel for distributing these “miners.”

Earlier this year 60 million Android users were affected by an attack embedded in online ads. Users who encountered these ads while surfing online were redirected to a malicious website, which prompted them to enter a Captcha to prove they were human. All the while, the malware was utilizing the phone’s computing power to mine for the Monero digital currency. While the attack lasted just four minutes on average, if you left the webpage open it could eventually overtax your CPU, essentially destroying your device.

And the amount of risky apps designed to steal mobile computing power is startling. McAfee researchers identified over 600 malicious cryptocurrency apps across 20 app stores, including Google Play and the Apple store.

Of course, computers are a prime target for cryptojacking since they offer more computing power than smaller devices. Many attacks take advantage of vulnerabilities in outdated software. In fact, PC miners are so common it’s believed that tens of thousands of computers are already infected.

Unsurprisingly, social media offers another avenue of attack. Take, for instance, the Digmine malware, which spread via Facebook Messenger disguised as a video file. Not only did it infect the machine of anyone who opened the file, it also had the potential to automatically send the file to all the user’s Facebook contacts. The same is true of the recently discovered FacexWorm. This Messenger malware directed users to fake versions of popular websites like YouTube, and prompted them to download a browser extension to watch content. But in reality it was stealing passwords and mining for cryptocurrencies.

Now that you are aware of how prevalent crypto malware can be, here’s what you need to do to protect your devices, data, and money.

  1. Use Security Software—Install comprehensive security software than can protect all your computers and devices from the latest threats. And, don’t forget about your home internet-connected devices, such as IP cameras, and interactive speakers. They often come with weak security. Consider buying a router with protection built-in, or setting up a separate network for your IoT devices. This way, even if a connected device is infected, cybercriminals will be unable to access your data-rich devices on the other network.
  2. Choose Strong Passwords—These are still your first line of defense, so consider using a Password Manager to help you create and store complicated, unique passwords. If you reuse passwords, a breach of one account can quickly spread to other accounts and devices.
  3. Surf Safe—Try to stick to reputable websites and consider downloading a browser extension that can detect cryptomining malware such as Chrome’s No Coin, or Mozilla’s Crypto Mining Blocker.
  4. Avoid Risky Apps—Only download apps from official app stores, and read other users’ reviews first to see if they are safe.
  5. Keep all your software up-to-date—Many of the threats targeting PCs take advantage of vulnerabilities in existing software. Update your software regularly to make sure you have the latest patches and fixes.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Why You Need To Know About “Cryptojacking” appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/feed/ 0
Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/#comments Mon, 21 May 2018 17:42:39 +0000 https://securingtomorrow.mcafee.com/?p=88967 Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, […]

The post Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers appeared first on McAfee Blogs.

]]>
Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, but also a security risk. This especially the case due to the emergence of Vega Stealer, a malware strain aiming to capitalize on that very short cut, and is designed to harvest saved financial data from Google Chrome and Firefox browsers.

Vega Stealer makes its way through the web through a common cybercriminal tactic – phishing emails. Once it spreads via these nasty notes, Vega swoops personal information that has been saved in Google Chrome, including passwords, saved credit cards, profiles, and cookies. Mind you, Firefox also has a target on its back, as the malware harvests specific files that store various passwords and keys when Firefox in use. But Vega Stealer doesn’t stop there, it also takes a screenshot of the infected machine and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf.

As of now, it has not been determined who exactly is behind these browser attacks (though the strain seems to be related to August Stealer malware), but we do know one thing for sure:  Vega is quite the thief. The good news is – there are many ways you can protect yourself from the nasty malware strain. Start by following these tips:

  • Change your passwords. With Vega Stealer eager for credentials, the first thing you should do is change up your existing login information to any accounts you access using Chrome or Firefox. And, of course, make sure your new passwords are strong and complex.
  • Be on the lookout for phishing scams.If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Stop Autofill on Chrome. This malware is counting on the fact that you store financial data within your browser. To stop it in its tracks, head to your Google Chrome account and go to settings. Scroll down to “Passwords and Forms,” go to “Autofill Settings,” and make sure you remove all personal and financial information from your Google Chrome Autofill. Though this means you’ll have to type out this information each time you want to make a purchase, your personal data will be better protected because of it.
  • Stay protected while you browse. With Vega Stealer attacking both Chrome and Firefox browsers, it’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/feed/ 2
Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/#respond Thu, 17 May 2018 19:49:05 +0000 https://securingtomorrow.mcafee.com/?p=88878 From Facebook to Twitter and now back to Facebook – the past few months have seen some of the most popular social media platforms out there today struggling with securing consumer data. And just today, news broke that a new data breach has potentially exposed 3 million Facebook users’ data via an app called myPersonality. […]

The post Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App appeared first on McAfee Blogs.

]]>
From Facebook to Twitter and now back to Facebook – the past few months have seen some of the most popular social media platforms out there today struggling with securing consumer data. And just today, news broke that a new data breach has potentially exposed 3 million Facebook users’ data via an app called myPersonality. This is all because a username and password granting access to the data were insufficiently secured.

Any avid Facebook user knows that there are apps on the platform that act as fun little quizzes, games, or activities — myPersonality being one of them. myPersonality is a Facebook app/questionnaire that asks people about highly personal matters, as it is actually a psychometric test created by the University of Cambridge. But once users fill out the test, their information does not remain personal, as this data has been shared with almost 150 institutions and companies, including researchers at universities and firms like Facebook, Google, Microsoft, and Yahoo. What’s more, the login information used by these companies for accessing this data was posted publicly to Github, making it available to the public for the past four years.

Mind you, this data was scrubbed of users’ names before being given to the researchers, and these collaborators had to vow they wouldn’t de-anonymize the data before they obtained access to it. Regardless, Facebook has confirmed that it has temporarily suspended myPersonality and is investigating the app. “If myPersonality refuses to cooperate or fails our audit, we will ban it,” said Ime Archibong, Facebook’s Vice President of Product Partnerships. This is following Facebook’s statement earlier this week that it has suspended 200 apps and investigated thousands of others in case they misused people’s data.

So, while Facebook investigates myPersonality, what can users of the social media network do in the interim to ensure they’re secure? Start by following these tips:

  • Be selective about what you share. The best way to control where your information goes is by reducing the sources you share it with. That means not providing your personal information to every app that asks for it. Be strict and diligent, and only provide an app information when it’s crucial to the service or experience it provides.
  • Read the terms and conditions. If you are going to share your information out with an application or website, be sure you read the terms and conditions carefully. Though it may feel tedious, it’s important you know where your information is going and how it is being used.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/feed/ 0
Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/#respond Thu, 10 May 2018 01:02:17 +0000 https://securingtomorrow.mcafee.com/?p=88792 Facebook Messenger, a feature included within the popular social media network, has grown to become a widely-used platform for friends and loved ones to instantly communicate with one another. According to Kim Komando, over 1.2 billion people use Facebook Messenger today. And now cybercriminals are using it to communicate their latest phishing scheme to innocent […]

The post Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency appeared first on McAfee Blogs.

]]>
Facebook Messenger, a feature included within the popular social media network, has grown to become a widely-used platform for friends and loved ones to instantly communicate with one another. According to Kim Komando, over 1.2 billion people use Facebook Messenger today. And now cybercriminals are using it to communicate their latest phishing scheme to innocent users, as crooks are sending messages that are laced with FacexWorm malware via Facebook Messenger.

Aptly named, FacexWorm is a nasty strain that directs victims to fake versions of websites, such as YouTube, and then asks they download a Chrome extension in order to play a video’s content. No shocker here, but the extension is malicious, and actually installs FacexWorm instead, which can then steal account credentials from selected websites, including Google and cryptocurrency websites. What’s more, the malware variant can also hijack traffic from cryptocurrency trading platforms and steal funds, as well as crypto-jack a device by injecting malicious crypto-mining code on a webpage.

Unfortunately, the worm has found a way to wiggle from device to device as well, as it leverages a command-and-control server to access an infected user’s Facebook and multiply the amount of fake YouTube links. These links are then sent to the user’s contacts in order to further spread FacexWorm. If the link is sent to a user who isn’t using Google Chrome, the link instead redirects to a random advert.

With FacexWorm slithering its way through Facebook accounts, what can users of the popular platform do to fight back against the malware? For starters, you can follow these security pointers:

  • Be careful what you click on. Be sure to only click on links from a trusted source.  Even then, if the content coming from a friend seems strange or out of character, it’s best to remain wary and avoid interacting with the message entirely.
  • Change your account login info immediately. Since one of FacexWorm’s main goals is to steal credentials to crucial sites, it’s important you change up your login to your Google account, any cryptocurrency accounts, and others you think may be affected by this attack. Be sure to make your next password strong and complex, so it will be hard for cybercriminals to crack.
  • Stay protected while you browse. Sometimes it’s hard to identify if an email or social media message is coming from a cybercriminal. Add an extra layer of security to your browser and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/feed/ 0
Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/#respond Thu, 03 May 2018 23:06:14 +0000 https://securingtomorrow.mcafee.com/?p=88709 Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts […]

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.

So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.

This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case. But, beyond changing their passwords, what other security steps can Twitter users take to ensure they stay protected from this bug? Start by following these tips:

  • Make your next password strong. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for every account. Was your Twitter password the same one used for other accounts? If that’s the case, you need to also change those passwords immediately. It’s a good security rule of thumb – always use different passwords for your online accounts so you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/feed/ 0
Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/#respond Thu, 03 May 2018 22:19:42 +0000 https://securingtomorrow.mcafee.com/?p=88702 Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts […]

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.

So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.

This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case. But, beyond changing their passwords, what other security steps can Twitter users take to ensure they stay protected from this bug? Start by following these tips:

  • Make your next password strong. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for every account. Was your Twitter password the same one used for other accounts? If that’s the case, you need to also change those passwords immediately. It’s a good security rule of thumb – always use different passwords for your online accounts so you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/feed/ 0
The Past, Present, and Future of Password Security https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/#respond Thu, 03 May 2018 04:32:21 +0000 https://securingtomorrow.mcafee.com/?p=88615 In simpler times, passwords broke down physical barriers – they allowed people into secret gatherings, opened safes, the list goes on. Enter the digital era, and passwords now act as the gatekeepers to our personal data, as they lock down everything from our social media accounts to our email inboxes. No matter the era, passwords […]

The post The Past, Present, and Future of Password Security appeared first on McAfee Blogs.

]]>
In simpler times, passwords broke down physical barriers – they allowed people into secret gatherings, opened safes, the list goes on. Enter the digital era, and passwords now act as the gatekeepers to our personal data, as they lock down everything from our social media accounts to our email inboxes. No matter the era, passwords have always accomplished one thing – they provide access to the previously inaccessible, which means managing these passwords in a safe way is crucial. To see how password management has changed over time, and in honor of World Password Day, let’s take a look at the past, present, and future of password security.

The past

Historically, passwords have been written down a piece of paper or kept in a notebook since it can be hard to keep track of so many passwords. And because of this struggle, users were also more inclined to use the same password for multiple accounts. In fact, according to last year’s World Password Survey, 34% of the respondents in the U.S. admitted to doing this on a regular basis. What’s more – users will make their passwords as simple as possible (think dog’s name or birth date) in order to able to remember these passwords.

The present

Unfortunately, not much has changed current day, as this year’s survey takeaways reminded us that password security still has ways to go. Consumers who responded to the survey have an average of 23 online accounts that require a password, but on average only use 13 unique passwords for those accounts. 31% only use two to three passwords for all their accounts so they can remember them more easily. And lists are far from dead, as the most common way to remember passwords is to keep a written or digital list of all passwords (52%).

Things tend to get worse when consumers actually do forget their password. 32% forget a password once a week, and when they do forget this password, 48% of respondents claim they abandon what they are doing online entirely. What’s more – 23% of respondents claim that forgetting a password is as painful as a papercut, and all respondents claimed they had to call tech support twice a year on average for help resetting a password.

The future

The good news is – the future is looking bright. There are state-of-the-art password solutions involving biometrics, multi-factor authentication, and other sophisticated technology already hitting the scene. And more coming down the pipeline, as a few web browsers are actually aiming to kill passwords entirely. Beyond that, there are proactive measures you can take individually in order to prepare for your future security as well. To ensure your passwords act as your first line of security, follow these tips:

  • Create strong passwords. Passwords are the keys to our digital lives, so make sure to create strong and unique passwords to keep unwanted people out. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for each of your accounts. By using different passwords for your online accounts, you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Past, Present, and Future of Password Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/feed/ 0
Securing Your Devices from Mobile Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/#respond Tue, 01 May 2018 18:21:27 +0000 https://securingtomorrow.mcafee.com/?p=88653 As the world has gone mobile, so too have the cybercriminals. With users now spending an average of four hours a day on multiple mobile devices that store mountains of sensitive information, it’s no wonder that mobile malware has become one of the most effective ways to capture our money and data. That’s probably why […]

The post Securing Your Devices from Mobile Malware appeared first on McAfee Blogs.

]]>
As the world has gone mobile, so too have the cybercriminals. With users now spending an average of four hours a day on multiple mobile devices that store mountains of sensitive information, it’s no wonder that mobile malware has become one of the most effective ways to capture our money and data.

That’s probably why mobile malware increased by 46% in the last year, with new mobile threats like ransomware and ad click malware making our digital lives even more complicated.

Of course, risky apps remain the persistent threat. These days, even official app stores aren’t completely safe. For instance, McAfee noted a 30% increase in threat families found in the Google Play Store over the last year alone. These included fake versions of legitimate apps designed to steal personal information, and apps that signed users up for premium services without their consent, leaving them with hefty bills.

But one of the biggest threats we saw was the rise of cryptocurrencies miners. They can hide in the background of seemingly harmless apps, and use your device’s computing power to mine for Bitcoin and other digital currencies. This type of mobile malware can even cause your phone to overheat and stop functioning all together.

In addition to risky apps, dangers lurk when you connect your mobile devices to public Wi-Fi networks, which are often unsecured. Public networks, like those in hotels and airports, have become hunting grounds for cybercriminals who can set up fake Wi-Fi hotspots and use them to deliver malware. They can also potentially eavesdrop on your private data, including passwords and credit card numbers, as they are sent from your device to the router.

Finally, the explosion of devices known as the Internet of Things (IoT), which include IP cameras, interactive speakers, and smart appliances, offer another avenue of attack for the cybercriminals. Since these devices usually come with few security features, they can easily be hacked and used to spread malware to other more data-rich devices connected on the same network.

Given these escalating risks, it’s essential for mobile users to learn how to secure their mobile devices, and all the valuable information that they hold.

Tips for avoiding mobile malware: 

  1. Use Mobile Security—Make sure all your devices are protected from malware and other emerging mobile threats by using security software that can warn you about risky apps and dangerous links, as well as help you locate and lock down a missing device.
  2. Avoid Risky Apps—Stick to downloading highly-rated apps from official app stores. You should also check the app’s permissions to see how much of your private information the app is trying to access. Limit access to only what the app needs to function properly. For instance, a calculator app shouldn’t need your location or contact details.
  3. Choose Strong Passwords—A complicated, hard-to-guess password is your first line of defense when it comes to protecting your online accounts and information. You may want to consider using a password manager that generates strong passwords and keeps them in a secure vault so you don’t have to remember them all. Look into comprehensive security software that includes a password manager.
  4. Keep your IoT devices separate—Since many IoT devices have very low security, you may want to consider keeping them on a separate network from your smartphones, tablets, and computers since these usually contain private information. Read your router’s user manual to learn how to setup a second “guest” network. Or, you can invest in a router with built-in security that protects all the devices on the network.
  5. Stay Informed—Given our reliance on mobile devices, mobile malware is unlikely to go away anytime soon. Make sure you stay up-to-date on emerging threats and the steps you need to take to protect yourself.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Securing Your Devices from Mobile Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/feed/ 0
Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/#respond Fri, 27 Apr 2018 19:10:54 +0000 https://securingtomorrow.mcafee.com/?p=88644 No one is a big fan of intruders, let alone being disturbed while you’re on vacation. This is a potential reality for some travelers, as it was just discovered this week that hotel guests could possibly have unwanted visitors to their room. This is all due to a design flaw in the software of electronic keys […]

The post Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack appeared first on McAfee Blogs.

]]>
No one is a big fan of intruders, let alone being disturbed while you’re on vacation. This is a potential reality for some travelers, as it was just discovered this week that hotel guests could possibly have unwanted visitors to their room. This is all due to a design flaw in the software of electronic keys produced by Assa Abloy, formerly VingCard, that has left millions of hotel rooms worldwide vulnerable to hackers. The vulnerability could allow criminals to create master keys and open any door in the affected hotels.

First discovered by security researchers, this “master key” hack only needs a single hotel room key in order to exploit the flaw. After obtaining a key, hackers can use an RFID reader to try several key combinations to decode the card. A handful of combinations later (around 20 or so), crooks can determine the code and create a master key for the hotel. From there, the hacker can access any room his or her heart so desires. Specifically, they could potentially access hotel rooms in 166 countries and 40,000 locations.

As of now, it is unknown if anyone has actually exploited the threat. But researchers are in collaborating with Assa Abloy to address the problem. So what can you do to help ensure you’re protected from these faulty electronic locks? Start by following these tips:

  • Be selective about where you stay. Until this fix is implemented, it’s important globe-trotters get selective with their lodging. That starts by doing some basic research online – read up on what hotels use Assa Abloy and if you can’t find the information, feel free to call the hotel and ask about their digital lock security.
  • Lock away valuables, especially your devices. Unfortunately, hotel room break-ins are nothing new, they’ve just only become digitized recently. Fortunately, many hotels provide safes for that very reason. So make use of them, and store away your valuables (especially any computers or mobile phones) in order to keep them out of the wrong hands.
  • Use comprehensive security. No matter the type of hack, it’s always important to safeguard the keys (both physical and digital) to your life. One key you can always carry: comprehensive digital security. From mobile phones to laptop computers – lock down all your devices with McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/feed/ 0
Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/#respond Wed, 25 Apr 2018 18:36:07 +0000 https://securingtomorrow.mcafee.com/?p=88617 Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, […]

The post Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff appeared first on McAfee Blogs.

]]>
Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, phone scammers pretending to be from a Chinese Consulate office are tricking people in the U.S. into giving them large amounts of money.

First reported to The Verge, the Federal Trade Commission announced that it believes scammers are targeting people who have recently immigrated from China to the U.S. and have been asking these people to pick up packages or provide personal data to the “consulate staff.” Conveniently enough, this data is largely financial information. Unfortunately, the scam has seen some success, as the New York Police Department has reported that 21 Chinese immigrants have been scammed out of $2.5 million since December 21st, 2017. The majority of these victims are seniors.

This isn’t the first we’ve heard of phone scammers taking advantage of innocent people – as many out there have fallen victim to easily believable social engineering schemes such as this. Therefore, in order to avoid tricky scams like this one, be sure to follow these tips: 

  • Don’t give up your financial data to anyone other than your bank. If you receive a phone call from either a person or a recording requesting this data, remain skeptical and hang up. Then, call your official bank directly and check with them if there’s an issue you need to discuss.
  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Reduce your exposure. Register your mobile phone number, as well as your home phone, on the “do not call” registry to keep your number uninvolved in the latest social engineering scheme.
  • Use an identity theft protection solution. If for some reason a scammer does compromise your personal information, it’s important to get prepared about protecting yourself against identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/feed/ 0
Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/#respond Fri, 20 Apr 2018 17:46:29 +0000 https://securingtomorrow.mcafee.com/?p=88595 Video games allow users to become a whole new persona, to experience imaginary worlds, and live out scenarios that are beyond their wildest dreams. One of the most popular video games out there, Minecraft, allows users to build worlds out of cubes and create customized virtual avatars to represent themselves within the game. Only now, […]

The post Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts appeared first on McAfee Blogs.

]]>
Video games allow users to become a whole new persona, to experience imaginary worlds, and live out scenarios that are beyond their wildest dreams. One of the most popular video games out there, Minecraft, allows users to build worlds out of cubes and create customized virtual avatars to represent themselves within the game. Only now, special add-ons that are used by players to personalize their avatar have become part of a cyber scheme, as over 50,000 Minecraft accounts have been infected with malware via character skins that were created and uploaded to the game’s official website by fellow users.

Though it is unclear who exactly created the malicious skins, it is believed that the malware does not come from any well-known cybercriminals but rather from inexperienced players looking to exploit others for their own amusement. This malware is not just simple competitive jab either, as its tactics are quite nasty. It has been reported that, once downloaded, the strain can reformat hard drives and delete backup data and system programs.

Now, knowing that fellow gamers are out there trying to sabotage others, what are next steps for Minecraft players? It’s important all users start doing all that they can now in order to avoid infection. You can start by following these proactive security tips:

  • Do your homework. Before you download any extra add-ons for games, make sure you read fellow user reviews. Conduct a quick Google scan and see what other users think – has it caused them issues or security strife? When in doubt, don’t download any add-ons (like character skins) that come from an untrustworthy source or seem remotely sketchy.
  • Back up your files on an external hard drive. Always make sure your files are backed up on an external hard drive. That way, if your data is deleted in this Minecraft malware attack or others like it, you can restore the data from the backup.
  • Use comprehensive security. Whether you’re using the mobile version of Minecraft, or gaming on your computer, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/feed/ 0
Casino’s High-Roller Database Compromised by a Single IoT Thermometer https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/#respond Wed, 18 Apr 2018 01:38:53 +0000 https://securingtomorrow.mcafee.com/?p=88543 It’s no secret that IoT devices have caused some issues with security in the past. They’ve been used by cybercriminals to topple networks and hack into homes. Oh, and now breach casinos. You heard correctly – a vulnerable IoT thermometer, which was being used to monitor the water of an aquarium in a casino’s lobby, […]

The post Casino’s High-Roller Database Compromised by a Single IoT Thermometer appeared first on McAfee Blogs.

]]>
It’s no secret that IoT devices have caused some issues with security in the past. They’ve been used by cybercriminals to topple networks and hack into homes. Oh, and now breach casinos. You heard correctly – a vulnerable IoT thermometer, which was being used to monitor the water of an aquarium in a casino’s lobby, actually opened up the organization’s network to cyberattack.

So, how exactly did a singular IoT thermometer breach an entire organization? The vulnerable device created an opening into the casino’s network for cybercriminals to enter, resulting in the crooks obtaining information about the casino’s high-roller database. Unfortunately, it has yet to be determined what kind of information has been taken from this database.

This incident reminds us that IoT security continues to be a persistent problem that’s showing no signs of slowing. As discussed during our EMEA McAfee Labs Day event last week, new connected devices are coming online every day, so it’s important to think about how you protect your data now and in the future. That starts with manufacturers including security as part of their design of IoT devices and owners of connected gadgets doing their part in ensuring their devices don’t expose larger networks of any kind. You can start implementing proactive IoT security by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away.If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Secure your home’s internet at the source. Just like the thermometer must connect to the casino’s larger internet network, smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Casino’s High-Roller Database Compromised by a Single IoT Thermometer appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/feed/ 0
Typosquatting: What You Need to Know Now https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/#respond Fri, 13 Apr 2018 16:00:25 +0000 https://securingtomorrow.mcafee.com/?p=88400 As it turns out, your high school English teacher was right—spelling does matter. This is especially true now, when mistyping a simple web address could potentially land you in hot water. Although “typosquatting” has been around for a long time, cybercriminals are becoming more systematic in how they use this technique, aiming to steal personal […]

The post Typosquatting: What You Need to Know Now appeared first on McAfee Blogs.

]]>
As it turns out, your high school English teacher was right—spelling does matter. This is especially true now, when mistyping a simple web address could potentially land you in hot water. Although “typosquatting” has been around for a long time, cybercriminals are becoming more systematic in how they use this technique, aiming to steal personal information, make money, or spread malware.

If you’ve ever typed in a web address and landed on a page that is nothing like the one you intended to go to, you may be familiar with this practice, also known as “URL hijacking.” This is when a webpage is put up at a similar web address to another well-known site, in the hopes of capturing some of the legitimate website’s traffic.

These sites often rely on the small typos we make when we type in web addresses, like accidentally omitting the “o” in “.com”. In fact, researchers recently found a whole host of addresses that were registered in the names of well-known sites, but terminating in  “.cm”, instead of “.com”. These copycat addresses included financial websites, such as Chase.cm and Citicards.cm, as well as social and streaming sites.

The .cm sites were used to advertise promotions and surveys used to collect users’ personal information. What’s more, over 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.

While early typosquatting efforts were often aimed at stealing traffic alone, we’re now seeing a move toward clever copycats. Some look like real banking websites, complete with stolen logos and familiar login screens, hoping to trick you into entering your passwords and others sensitive information.

Earlier this year, for instance, the Reserve Bank of India (RBI) warned customers that someone had bought the URL “www.indiareserveban.org”, and put up a fake site, asking for banking details and passwords, even though the real RBI is a central bank that holds no individual accounts.

But, cybercrooks don’t even need to put up fake websites to try to steal your information; they can also trick you into downloading malware. They may lead you to a site that delivers a pop-up screen telling you to update your Adobe Flash Player, for instance.

That’s exactly what happened not too long ago to Netflix users who accidentally typed in “Netflix.om”, instead of “.com”. The cybercrooks had smartly used the Netflix address ending in the top-level domain for Oman to try to redirect at least some of the streaming site’s over 118 million users to a malware-laden site instead. In fact, “.om” was used as part of a larger typosquatting campaign, targeting over 300 well-known organizations.

Given that typos are easy to do, and fake websites are becoming more convincing, here are the steps you should take to protect yourself from typosquatting:

  • Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
  • If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar, indicating that the site uses encryption to secure the data that you share.
  • Be suspicious of websites with low-quality graphics or misspellings, since these are telltale signs of fake websites.
  • Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
  • Don’t click on links in emails, text messages and popup messages unless you know and trust the sender.
  • Consider using a safe search tool such as McAfee WebAdvisor, which can alert you to risky websites right in your search results.
  • Always use comprehensive security software on both your computers and devices to protect you from malware and other online threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Typosquatting: What You Need to Know Now appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/feed/ 0
Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/#respond Wed, 11 Apr 2018 18:22:58 +0000 https://securingtomorrow.mcafee.com/?p=88340 A huge part of modern-day customer service is the chat functionality, which allows customers to converse easily with representatives of the organization in order to find a solution to their problem. This chat functionality is often a service offered by a third-party provider. And just last week, one of these service providers, [24]7.ai, reported that […]

The post Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy appeared first on McAfee Blogs.

]]>
A huge part of modern-day customer service is the chat functionality, which allows customers to converse easily with representatives of the organization in order to find a solution to their problem. This chat functionality is often a service offered by a third-party provider. And just last week, one of these service providers, [24]7.ai, reported that an unspecified cyberattack affected online payment data collected by a “small number of our client companies.” A few of these companies include Delta Airlines, Sears, Kmart, and Best Buy.

The breach was the result of an unspecified malware attack on the service’s chat tool, which occurred between Sept. 26 and Oct. 12, 2017. The malware permitted cybercriminals to obtain unauthorized access to customer data, including payment card numbers, CVV numbers, and expiration dates, in addition to customers’ names and addresses.

Delta Airlines, Sears, Kmart, and Best Buy all have not yet determined how many customers have been impacted so far. But it is believed to be totaling up to hundreds of thousands. So, for those who have been affected – what are the next steps? Start by following these security tips here:

  • Place a Fraud Alert. If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.
  • Freeze Your Credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Consider an identity theft protection solution. With these breaches, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/feed/ 0
MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/#respond Fri, 30 Mar 2018 22:10:04 +0000 https://securingtomorrow.mcafee.com/?p=88153 This blog has been updated as of 4/4. Practically everything has become digitized in 2018. We’ve developed thousands of health apps and gadgets to help monitor our fitness, implemented online ordering services for restaurants, the list goes on. And just this past week – two of these very innovations have been breached for customer data, […]

The post MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches appeared first on McAfee Blogs.

]]>
This blog has been updated as of 4/4.

Practically everything has become digitized in 2018. We’ve developed thousands of health apps and gadgets to help monitor our fitness, implemented online ordering services for restaurants, the list goes on. And just this past week – two of these very innovations have been breached for customer data, as well as two traditional brick-and-mortar sites. MyFitnessPal, Panera Bread, and Saks Fifth Avenue and Lord & Taylor have all been faced with data breaches, which have compromised millions of customers.

Let’s start with MyFitnessPal. Just last week, it was revealed that 150 million accounts for the health app and site were breached. As of now, few details have emerged about how the attack happened or what the intention was behind it. While the breach did not compromise financial data, large troves of other personal information were affected. The impacted information included usernames, email addresses, and hashed passwords.

MyFitnessPal, which is a subsidiary of Under Armour, has notified affected customers of the breach (see below), and Under Armour has released an official statement making the public aware of the attack as well.

Then there’s Panera Bread. The popular food chain actually leaked customer data on their website in plain text. This data includes names, email addresses, home addresses, birth dates and final four credit card digits. It’s not clear whether anyone malicious actually accessed any of this data yet, which was supplied by customers who had made online accounts for food delivery and other services. What’s more – a security researcher first flagged this error to Panera Bread eight months ago, which did not acknowledge it until just now. And though the initial number of impacted users was said to be fewer than 10,000 customers, security reporter Brian Krebs estimates that as many as 37 million Panera members may have been caught up in the breach.

Finally there’s Saks Fifth Avenue and Lord & Taylor. A group of cybercriminals has obtained more than five million credit and debit card numbers from customers of the two high-end clothing stores. It appears this data was stolen using software that was implanted into the cash register systems at brick-and-mortar stores and siphoned card numbers.

So, for the millions of affected MyFitnessPal, Panera Bread, and Saks and Lord & Taylor customers, the question is – what next? There are a few security steps these users should take immediately. Start by following these pointers below:

  • Change your password immediately. If you are a MyFitnessPal or Panera Bread customer, you should first and foremost change the password to your account. Then, you should also change your password for any other account on which you used the same or similar information used for your MyFitnessPal or Panera Bread account.
  • Stay vigilant. Another way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Consider an identity theft protection solution. With these breaches, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

 

The post MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/feed/ 0
Seven Android Apps Infected With Adware, Downloaded Over 500,000 Times https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-infected-with-adware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-infected-with-adware/#respond Thu, 29 Mar 2018 20:44:50 +0000 https://securingtomorrow.mcafee.com/?p=88121 The amount we use our apps and the amount of apps we use has shown no signs of slowing. And as the McAfee Labs Threats Report: March 2018 tells us, mobile malware has shown no signs of slowing either. Now, a tricky Android malware dubbbed Andr/HiddnAd-AJ is adding to the plethora of mobile strains out […]

The post Seven Android Apps Infected With Adware, Downloaded Over 500,000 Times appeared first on McAfee Blogs.

]]>
The amount we use our apps and the amount of apps we use has shown no signs of slowing. And as the McAfee Labs Threats Report: March 2018 tells us, mobile malware has shown no signs of slowing either. Now, a tricky Android malware dubbbed Andr/HiddnAd-AJ is adding to the plethora of mobile strains out there. The malware managed to sneak onto the Google Play Store disguised as seven different apps – which have collectively been downloaded over 500,000 times.

Slipping onto the Google Play store via six QR reader apps and one smart compass app, the malware manages to sneak past security checks through a combination of unique code and no initial malicious activity. Following installation, Andr/HiddnAd-AJ waits for six hours before it serves up adware. When it does, it floods a user’s screen with full-screen ads, opens ads on web pages, and sends various notifications containing ad-related links, all with the goal of generating click-based revenue for the attackers.

These apps have since been taken down by Google, however, it’s still crucial that Android users are on the lookout for Andr/HiddnAd-AJ malware and other adware schemes like it. Start by following these security tips:

  • Do your homework. Before you download an app, make sure you head to the reviews section of an app store first. Be sure to thoroughly sift through the reviews and read through the comments section; Andr/HiddnAd-AJ may have been avoided if a user read one of the comments and saw that the app was full of unnecessary advertisements. When in doubt, don’t download any app that is remotely questionable.
  • Limit the amount of apps. Only install apps you think you need and will use regularly. And if you no longer use an app, uninstall it. This will help you save memory and reduce your exposure to threats such as Andr/HiddnAd-AJ.
  • Don’t click. This may go without saying, but since this is a click-generated revenue scheme, do whatever you can to avoid clicking pop-ups and unwarranted advertisements. The less you click, the less cybercriminals will profit.
  • Use a mobile security solution. As malware and adware campaigns continue to infect mobile applications, make sure your mobile devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Seven Android Apps Infected With Adware, Downloaded Over 500,000 Times appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-infected-with-adware/feed/ 0
Travel Agency Orbitz Hit with Data Breach, 880,000 Payment Cards Affected https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/travel-agency-orbitz-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/travel-agency-orbitz-data-breach/#respond Thu, 22 Mar 2018 20:31:13 +0000 https://securingtomorrow.mcafee.com/?p=87624 We all love a good getaway, and as we look ahead to spring and summer, most of us are already planning our next vacation. To do that, we’ll tap one of the many online travel agencies out there to help us organize our plans. Only now, some travel-goers may have to stop trip planning so […]

The post Travel Agency Orbitz Hit with Data Breach, 880,000 Payment Cards Affected appeared first on McAfee Blogs.

]]>
We all love a good getaway, and as we look ahead to spring and summer, most of us are already planning our next vacation. To do that, we’ll tap one of the many online travel agencies out there to help us organize our plans. Only now, some travel-goers may have to stop trip planning so they can start planning for credit monitoring, as one of the most popular travel agencies, Orbitz.com, was hit with a data breach that may have exposed as many as 880,000 payment cards.

The online travel agency reported two separate data disclosures, as an attacker may have accessed customers’ personal information shared on Orbitz.com and a handful of associated websites between Jan. 1, 2016 between Dec. 22, 2016.

What’s more – in addition to the payment cards, hackers may have also stolen customers’ full name, date of birth, phone number, email address, physical and/or billing address and gender information. Now, with all this personal information potentially out in the open, it’s important affected customers start thinking about protecting their personal identities. To do just that, follow these tips:

  • Regularly review your online account info. Things like regularly reviewing transactions online and making sure account contact info hasn’t changed are good for keeping tabs on anyone trying to hijack your account.
  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Consider an identity theft protection solution. With this breach and others before it, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Travel Agency Orbitz Hit with Data Breach, 880,000 Payment Cards Affected appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/travel-agency-orbitz-data-breach/feed/ 0
RottenSys Malware Reminds Users to Think Twice Before Buying a Bargain Phone https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rottensys-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rottensys-malware/#respond Wed, 21 Mar 2018 19:13:18 +0000 https://securingtomorrow.mcafee.com/?p=87431 China is a region that has been targeted with mobile malware for over a decade, as malware authors there are continually looking at different tactics to lure victims. One of the most innovative tactics that we have come across in the past several years is to get victims to buy discounted devices from sellers that […]

The post RottenSys Malware Reminds Users to Think Twice Before Buying a Bargain Phone appeared first on McAfee Blogs.

]]>
China is a region that has been targeted with mobile malware for over a decade, as malware authors there are continually looking at different tactics to lure victims. One of the most innovative tactics that we have come across in the past several years is to get victims to buy discounted devices from sellers that have compromised a smartphone. And now, one of these campaigns, Android.MobilePay (aka dubbed RottenSys) is making headlines, though McAfee has been aware of it for over two years. The tactic used by the author(s)/distributors is straightforward; they install fake apps on a device that pretend to provide a critical function, but often don’t get used.

RottenSys is stealthy. It doesn’t provide any secure Wi-Fi related service but is rather an advanced strain of malware that swoops almost all sensitive Android permissions to enable its malicious activities. In order to avoid detection, RottenSys doesn’t come with an initial malicious component and or immediately initiate malicious activity. The strain has rather been designed to communicate with its command-and-control servers to obtain the actual malicious code in order to execute it and following which installs the malicious code onto the device.

Given it installs any new malicious components from its C&C server, RottenSys can be used to weaponize or take full control over millions of infected devices. In fact, it already seems that the hackers behind RottenSys have already started turning infected devices into a massive botnet network.

This attack acts as an indication of change, as over the past two years the mechanism of fraud has adapted. In the past, scams such as this typically have used premium SMS scams to generate revenue, which reach out to a premium number and make small charges that go unnoticed over the course of an extensive period. As described in detail in our Mobile Threat Report: March 2018, we have seen traditional attack vectors, such as premium text messages and toll fraud replaced by botnet ad fraud, pay-per-download distribution scams, and crypto mining malware that can generate millions in revenue.

Long story short – it’s important to still take precautionary steps to avoid future infection from this type of malware scheme. The good news is, you can easily check if your device is being infected with RottenSys. Go to Android system settings→ App Manager, and then look for the following possible malware package names:

  • android.yellowcalendarz
  • changmi.launcher
  • android.services.securewifi
  • system.service.zdsgt

Beyond that, you can protect your device by following these tips:

  • Buy with security in mind. When looking to purchase your next mobile device, make sure to do a factory reset as soon as you turn it on for the first time.
  • Delete any unnecessary apps. Most mobile providers allow users to delete pre-installed apps. So, if there’s a pre-installed app you don’t use, or seems unknown to you, go ahead and remove it from your device entirely.
  • Always scan your device, even if it’s new. One of the first applications you should load onto a new device is an anti-malware scanner, like McAfee Mobile Security. It can detect and alert users to malicious behavior on their devices. In this case, if a malware variant is detected, new users can see if they can return their infected devices in exchange for a clean one.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post RottenSys Malware Reminds Users to Think Twice Before Buying a Bargain Phone appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rottensys-malware/feed/ 0
What Is Machine Learning? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-machine-learning/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-machine-learning/#respond Tue, 20 Mar 2018 22:12:03 +0000 https://securingtomorrow.mcafee.com/?p=87186 What do self-driving cars and interactive speakers have in common? Both utilize something called “machine learning.” This is when we give systems access to data that enables them to identify patterns and improve their performance, or “learn”, without human programming. Machine learning is often confused with artificial intelligence (AI), where machines and applications mimic human […]

The post What Is Machine Learning? appeared first on McAfee Blogs.

]]>
What do self-driving cars and interactive speakers have in common? Both utilize something called “machine learning.” This is when we give systems access to data that enables them to identify patterns and improve their performance, or “learn”, without human programming.

Machine learning is often confused with artificial intelligence (AI), where machines and applications mimic human behavior. Although they often work together, machine learning takes human-like behavior one step further—it enables systems to get smarter as they gain more information. This is why your Alexa speaker, for example, can make recommendations based on what you’ve said in the past.

To do this, computer systems need access to enough digital information to analyze, classify, and store information, and then make predictions. This is where the internet comes in. Even though the term “machine learning” was coined in 1959 by British AI pioneer Arthur Samuel, it wasn’t really possible until the internet was mature enough to provide access to rich data.

But now, machine learning is allowing us to talk to devices like they are human, monitor our health, make personalized recommendations, and even improve our online security. Take, for instance, the fact that Google says it has been using machine learning to help reduce security issues in its Play store. The company said that in 2017 some 60.3% of potentially harmful apps were detected using machine learning incorporated into Google Play Protect.

What’s more, some security developers are using the technology, coupled with AI and game theory, to figure out potential vulnerabilities and patch them before hackers exploit them. And researchers are looking into adding machine learning and sensors to power grids to detect and analyze potential cyber attacks, as well as make the grids themselves more efficient.

But these smart technology advances could also go the other way. Security researchers believe that cybercriminals will soon be using the same techniques to search for new entry points and means of attack. This is concerning given that each day the world is becoming more connected, giving the bad guys a multitude of ways to access our devices and critical information.

While many believe that machine learning will make our lives more convenient, by allowing technology to do many of the tasks that only humans could previously do, it’s also important to be aware of the risks. After all, technology that mimics intelligent humans can also enable malicious ones.

Here are some tips for using smart technologies safely:

  • When investing in new internet-connected devices, choose products with built-in security features
  • Change the default password on new devices as soon as you can, since cybercriminals know many of these default passwords.
  • Don’t let a program or device access more information than it needs to function properly. Take a careful look at permissions to determine whether your personal information is at risk.
  • Keep your connected-home devices on a secure network, preferably separate from your main computer network. This way, if one device is infected with malware it can’t spread to other data-rich devices. Check your router’s user manual to learn how.
  • Always use comprehensive security software, and consider investing in a secure home network that makes it easier to protect all your computers and devices from emerging threats.
  • Keep up-to-date on the latest technologies and potential threats. This will help you be more proactive when it comes to keeping your digital life secure.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Is Machine Learning? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-machine-learning/feed/ 0
What’s New in the World of Ransomware? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whats-new-world-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whats-new-world-ransomware/#respond Fri, 16 Mar 2018 16:00:58 +0000 https://securingtomorrow.mcafee.com/?p=85398 Ransomware, the type of malware that can infect your computers and devices, lock you out of your own files, and demand a ransom to unlock them, is growing rapidly in both incidents and sophistication. In some cases, ransomware is even used as a cover to distract from more serious attacks, so it’s important for everyone […]

The post What’s New in the World of Ransomware? appeared first on McAfee Blogs.

]]>
Ransomware, the type of malware that can infect your computers and devices, lock you out of your own files, and demand a ransom to unlock them, is growing rapidly in both incidents and sophistication. In some cases, ransomware is even used as a cover to distract from more serious attacks, so it’s important for everyone to learn what’s new with this persistent threat.

First, it’s clear that these kind of attacks spell success for the malware authors, who have ramped up their distribution. McAfee saw a 59% increase in ransomware in 2017 over the previous year, and a 35% spike in the fourth quarter alone. This is despite the fact that only half of victims who chose to pay the ransom actually recover their files, according to a recent study.

Still, they are clearly profitable for the cybercriminals who usually demand payment in hard-to-trace cryptocurrencies, such as Bitcoin. The fact that cryptocurrencies spiked in value last year, with Bitcoin showing a 10-fold increase alone, is probably another factor. These attacks were estimated to cost victims up to $5 billion globally in 2017, including data loss, downtime and disruption.

What’s more, in order to make money today’s thieves don’t even have to be tech savvy. Ransomware marketplaces have sprouted up online, offering malware strains for any would-be cybercrook, and generating extra profit for the malware authors, who often ask for a cut in the ransom proceeds.

This favorable environment has led to malware innovation. Although computers have been the traditional targets, cybercriminals have recently set their sights on the huge mobile market. Take, for instance, the DoubleLocker malware strain aimed at Android devices. It not only encrypted users’ data, but also changed their PIN codes, locking them out of their devices all together. This malware spread as a phony Adobe Flash Player update.

We have also seen the rise of so-called “pseudo ransomware”, like NotPetya. This malware strain used ransomware as a cover to do even more damage to victims’ data, presumably to cause disruption. Even more concerning was the way it spread— originally planted in accounting software, it could infect other computers without tricking users into downloading it, and evading known ransomware detection. Although this malware displayed a message demanding ransom in Bitcoin, there was no identifying number to track payments and the data was so damaged that there is no way to actually restore files.

Given the growing threats that ransomware and its disruptive variants pose, you need to know what to look out for, and how to protect yourself.

Follow these important tips to steer clear of ransomware:

  • Backup your data—The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. This is important not only because it protects your data, but because you are not tempted to reward the malware authors by paying a ransom.Microsoft users, for instance, can opt to use Office 365’s OneDrive Business cloud backup service to recover files. Backups won’t prevent ransomware, but it can mitigate the risks.
  • Use security software—Make sure all your computers and devices are protected with comprehensive security software, and keep all of your software up-to-date to safeguard you from the latest ransomware threats.
  • Practice Safe Surfing—Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to try to get you to install dangerous files.
  • Only Use Secure Networks—Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the Internet no matter where you go. 
  • Stay informed—Keep current on the latest threats. This way you know what to look out for. Finally, in the case that you do get a ransomware infection and have not backed up all your files, know that some decryption tools are made available by tech companies to help victims.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What’s New in the World of Ransomware? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whats-new-world-ransomware/feed/ 0
New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vestel-firmware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vestel-firmware/#respond Wed, 14 Mar 2018 19:43:27 +0000 https://securingtomorrow.mcafee.com/?p=85271 As recent events like CES and MWC have proved, the popularity of connected devices is showing no signs of slowing. Everything has been transformed into smart: lightbulbs, ovens, sprinkler systems – with one of the first trailblazers being the smart TV. And now, it’s been discovered that smart TVs may be vulnerable to cyberattacks, as […]

The post New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users appeared first on McAfee Blogs.

]]>
As recent events like CES and MWC have proved, the popularity of connected devices is showing no signs of slowing. Everything has been transformed into smart: lightbulbs, ovens, sprinkler systems – with one of the first trailblazers being the smart TV. And now, it’s been discovered that smart TVs may be vulnerable to cyberattacks, as the independent security software tester AV-Comparatives and sigma star gmbh informed the general public of several critical vulnerabilities in Vestel firmware, which is used in more than 30 popular TV brands, including Medion. These vulnerabilities could be leveraged to spy on smart TV users.

This discovery began back in March 2017 when news emerged that it may be possible to hack into smart TVs to spy on users. Hearing this news, AV-Comparatives decided to perform a quick security check on the Medion smart TV and discovered a handful of vulnerabilities. AV-Comparatives asked sigma star gmbh (which specializes in IoT) to analyze these issues, and the company confirmed their severity. And though the groups informed Vestel and Medion already about these flaws, not all have been addressed.

Now, Medion has requested to further investigate a few outstanding vulnerabilities, which means a firmware update is not on the way just yet. So, in the interim, be sure to follow these security tips to ensure you stay secure while utilizing smart TVs:

  • Buy smart TVs with security in mind. When purchasing a smart TV, it’s always important to do your homework and read up on any current vulnerabilities. That way, you can make an informed purchase.
  • Update regularly. It’s an important security rule of thumb: always update any software whenever an update is available, as security patches are usually included with each new version. And even though fixes for these particular flaws have not been issued yet, they should be soon on the way. 
  • Secure your home’s internet at the source. Smart TVs, like all connected devices, have to connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vestel-firmware/feed/ 0
Understanding How Bitcoin Mining Poses Security Risks https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bitcoin-mining-security-risks/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bitcoin-mining-security-risks/#respond Mon, 12 Mar 2018 04:01:48 +0000 https://securingtomorrow.mcafee.com/?p=85046 From 2017 to 2018, the cost of one Bitcoin increased over one thousand percent. This rapid growth dominated headlines and ignited a cryptocurrency boom that left consumers everywhere wondering how to get a slice of the Bitcoin pie. For those that want to join the craze without trading traditional currencies like U.S. dollars, a process […]

The post Understanding How Bitcoin Mining Poses Security Risks appeared first on McAfee Blogs.

]]>
From 2017 to 2018, the cost of one Bitcoin increased over one thousand percent. This rapid growth dominated headlines and ignited a cryptocurrency boom that left consumers everywhere wondering how to get a slice of the Bitcoin pie. For those that want to join the craze without trading traditional currencies like U.S. dollars, a process called “Bitcoin mining” appears to be a great way to get involved. However, Bitcoin mining introduces a number of security risks.

What is Bitcoin mining?

Mining for Bitcoin is like mining for gold—you put in the work and you get your reward. But instead of back-breaking labor, you earn the currency with your time and computer processing power. “Miners”, as they are called, essentially upkeep and help secure Bitcoin’s decentralized accounting system.

Each time there’s a transaction it’s recorded in a digital ledger called the “blockchain.” Miners help to update the ledger by downloading a special piece of software that allows them to verify and collect new transactions to be added to the blockchain. Then, they must solve a mathematical puzzle to be able to add a block of transactions to the chain. In return, they earn Bitcoins, as well as transaction fees.

What are the security risks?

As the digital currency has matured, Bitcoin mining has become more challenging. In the beginning a user could mine on their home computer and earn a good amount of the digital currency, but these days the math problems have become so complicated that it requires a lot of expensive computing power.

This is where the risks come in. Since miners need an increasing amount of computer power to earn Bitcoin, some have started compromising public Wi-Fi networks so they can access users’ devices to mine for Bitcoin. This recently happened at a coffee shop in Buenos Aires, which was infected with malware that caused a 10-second delay when logging in to the cafe’s Wi-Fi network. The malware authors were using this time to access the users’ laptops for mining.

In addition to public Wi-Fi networks, millions of websites are being compromised to access users’ devices for mining. In fact, this has become such a widespread problem, that over 1 billion devices are believed to be slowed down by web-based mining. And slowing your device down is not even the worst thing that could happen. A device that is “cryptojacked” could have 100 percent of its resources used for mining, causing the device to overheat, essentially destroying it.

Now that you know a little about Bitcoin mining and the risks associated with it, here are some tips to keep your devices safe as you monitor the cryptocurrency market:

  • Avoid public Wi-Fi networks—These networks often aren’t secured, opening your device and information up to a number of threats.
  • Use a VPN— If you’re away from your secure home or work network, consider using a virtual private network (VPN). This is a piece of software that gives you a secure connection to the Internet, so that third parties cannot intercept or read your data. A product like McAfee Safe Connect can help safeguard your online privacy no matter where you go.
  • Secure Your Devices—New threats like Bitcoin malware are emerging all of the time. Protect your devices and information with comprehensive security software, and keep informed on the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Understanding How Bitcoin Mining Poses Security Risks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bitcoin-mining-security-risks/feed/ 0
How to Protect Your Privacy in a Connected World https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-privacy-connected-world/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-privacy-connected-world/#respond Fri, 09 Mar 2018 20:32:47 +0000 https://securingtomorrow.mcafee.com/?p=85286 Not so long ago computers were our only connection to the internet, but these days we are almost constantly connected, through our phones, homes, autos, and even our children’s toys. In fact, research firm Gartner estimates that we now have over 8.4 billion connected “things” in use and that number will continue to grow rapidly. […]

The post How to Protect Your Privacy in a Connected World appeared first on McAfee Blogs.

]]>
Not so long ago computers were our only connection to the internet, but these days we are almost constantly connected, through our phones, homes, autos, and even our children’s toys. In fact, research firm Gartner estimates that we now have over 8.4 billion connected “things” in use and that number will continue to grow rapidly.

Being connected brings great convenience, of course, but it also opens us up to a much wider range of risks, including the loss of money, data, and property, not to mention privacy. So the question now is, how to protect ourselves as we move through the connected world. Let’s start by talking about one of the newer and less familiar avenues of attack: connected “things.”

IoT

The term “Internet of Things” (IoT) is used to describe connected devices such as IP cameras, smart TVs and appliances, and interactive speakers and toys. These things have a built-in connection to the internet, but often don’t come with sophisticated security features—many have password protection at the most. This makes them easy to hack, especially if the password isn’t changed from the factory default. You may remember the Mirai malware incident, in which tens of thousands of IoT devices were infected and used to launch attacks against popular websites. IoT malware has only grown more sophisticated since then, opening the door to dangers such as launching larger attacks, accessing computing power to mine for cryptocurrencies, or leapfrogging attacks to computers and smartphones that store critical information. The bottom line is that IoT devices give cybercriminals a lot of access points to play with, and we have yet to see all the risks that they could bring.

Computers & Smartphones

Just as attacks on devices have become more sophisticated, so too have threats aimed at computers and smartphones. Cybercrooks are no longer satisfied with distributing malware to cause disruption—now they are focused on making money. Cryptocurrency miners are just one example of this; the other is the huge growth we have seen in ransomware. Authors of this type of malware don’t only make money by locking down the data of normal computer users, businesses, and government agencies, and demanding money to release it. They have also created an entirely new industry by selling ransomware products to other would-be cybercriminals online.

Another large and growing threat to smartphone users is malicious apps. We’ve seen a large uptick in risky applications, designed to steal data, rack up premium charges without the user’s permission, or access the device for other malicious purposes. Again, money is a driver, since a large number of the new risky apps we’ve detected have been designed to manipulate mobile ads, generating money for the malware authors.

Networks

Our computers and devices aren’t the only things under attack—the networks we use continue to be a growing target. This is no doubt related to our desire to be connected no matter where we go. Public Wi-Fi networks offer bad guys an unprecedented opportunity to intercept multiple users’ data while in transit to and from the network. This data can include credit card numbers, passwords, and identity information, if the network is not secure. What’s more, some attackers are going even higher up in the chain to take advantage of vulnerabilities in network protocols, making secure infrastructure even more important.

With so many risks associated with the connected landscape, it’s up to all of us to take steps to protect our data, devices and privacy.

Here are some key tips to safely navigate the connected world:

  • Always use comprehensive security software on both your computers and mobile devices, and keep all of your software up-to-date. This will safeguard you from the latest threats.
  • When you bring home a new IoT device, make sure that you reset the default password.
  • Look into putting all of your connected home devices onto a separate network from your computers and smartphones, so if one device is infected the attacker cannot access your other data-rich devices. Check your router’s user manual to learn how.
  • To ensure that your home computers and devices stay safe, look for a more secure network solution that includes IoT protection.
  • Avoid connecting to public Wi-Fi networks, which may or may not be secure. Instead, consider using a VPN. This is a piece of software that will give you a secure connection to the internet no matter where you go.
  • Only download apps from official app stores and read other users’ reviews first to see if they are safe.
  • Keep up-to-date on the latest threats, since they are constantly evolving, and make sure to share these important security tips with friends and family.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How to Protect Your Privacy in a Connected World appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-privacy-connected-world/feed/ 0
MWC 2018: Takeaways on the Key Devices and Innovations https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-takeaways/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-takeaways/#respond Wed, 07 Mar 2018 01:53:41 +0000 https://securingtomorrow.mcafee.com/?p=84647 It’s hard to believe that MWC 2018 is already over! Though the event came and went in the blink of an eye, MWC 2018 managed to deliver, showcasing some of the most exciting mobile and connected device innovation out there today. While there was a variety of new tech at the event, a few showstoppers […]

The post MWC 2018: Takeaways on the Key Devices and Innovations appeared first on McAfee Blogs.

]]>
It’s hard to believe that MWC 2018 is already over! Though the event came and went in the blink of an eye, MWC 2018 managed to deliver, showcasing some of the most exciting mobile and connected device innovation out there today. While there was a variety of new tech at the event, a few showstoppers managed to catch everyone’s eye and some key trends emerged. Here are some of my takeaways from the event:

The mobile showstoppers

The Samsung Galaxy S9 was a clear winner at this year’s event. Between the low light photography, AR emojis, and super slow motion — the new flagship device had everyone at MWC talking. But that doesn’t mean nostalgia was totally lost on MWC goers, as the Nokia 8110 ensured what’s old is new. The device was a revamped the classic slider phone, just with a few social media apps added to the mix.

There was also the Vivo Apex, which took the all-screen phone to a new level. It features a fingerprint sensor underneath the OLED screen itself and instead of a speaker the whole phone vibrates to conduct sound during a call or media playback.

5G hype becomes reality

Ultra-fast 5G (the new generation of wireless technology) has been all the hype for a while now, but the technology was just that – hype. That is, until this MWC, where 77 companies (largely from North America and Asia) announced they are officially trialing 5G across 49 countries. In fact, MWC 2018 saw a quite a large number of Chinese mobile equipment makers, including Huawei to ZTE, working to get a piece of the 5G action. The action even went beyond just a few proofs of concept and also spread across a broad creative range of connected devices.

Securing the connected lifestyle

In fact, this plethora of connected devices – at both MWC and beyond – is a trend that inspired the McAfee key MWC innovations. First, there was the award-winning new McAfee Secure Home Platform skill for Amazon Alexa, which showed how we’re adapting our security solutions to protected today’s connected home. We also extended our security capabilities through strategic partnerships. These include: an expanded partnership with Samsung to safeguard all Galaxy S9 smartphones, the Galaxy Note8, along with Samsung smart TVs, PCs and notebooks, a partnership with Telefónica that will provide always on protection for every connected device in the home, a strategic partnership with Türk Telekom to deliver cross-device security protection, and one with NTT DOCOMO that will deliver Wi-Fi protection and security to NTT DOCOMO mobile users.

Overall, this year’s MWC was not only exciting but proved that providers everywhere, including McAfee, are working hard to adapt their solutions to the modern digital lifestyle and ensure users everywhere have a seamless and secure experience when using their favorite device.

To stay on top of McAfee’s MWC news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post MWC 2018: Takeaways on the Key Devices and Innovations appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-takeaways/feed/ 0
McAfee’s Podcast Hackable? is Back for Season Two https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafees-podcast-hackable-season-two/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafees-podcast-hackable-season-two/#respond Mon, 05 Mar 2018 17:00:48 +0000 https://securingtomorrow.mcafee.com/?p=84954 We live in a digital era, which means the more things are becoming internet-connected, the more opportunities hackers have to infiltrate our lives. McAfee created the podcast Hackable?, which has now been downloaded over 1 million times, to raise awareness about the extreme lengths hackers are willing to go in order to steal our personal information. […]

The post McAfee’s Podcast Hackable? is Back for Season Two appeared first on McAfee Blogs.

]]>
We live in a digital era, which means the more things are becoming internet-connected, the more opportunities hackers have to infiltrate our lives. McAfee created the podcast Hackable?, which has now been downloaded over 1 million times, to raise awareness about the extreme lengths hackers are willing to go in order to steal our personal information. This show takes hacks seen throughout pop culture and puts them to the test in the real world to separate fact from fiction. And now, Hackable? is back for season two and host Geoff Siskind, with the help of the crew of good-guy hackers, is back with even more excitement.

So – what’s in store for season two? In the premiere episode, “Keyless Entry,” host Geoff Siskind teams up with a white-hat hacker to see how easy it is to break into your car using a laptop. And the fun doesn’t stop there, as with season one, new episodes will be launching every two weeks.

Within these episodes, the crew finds themselves trapped in a smart car wash that’s been taken over by hackers, they learn just how simple it is to crack someone’s password and take over all of their accounts, and they put the security of traditional locks up against the new digital ones.

So, be sure to head over to Apple Podcasts to hear all the latest episodes as well as catch up on the excitement from season one. Don’t forget to subscribe, rate, and review. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post McAfee’s Podcast Hackable? is Back for Season Two appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafees-podcast-hackable-season-two/feed/ 0
How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-mcafee-announcements/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-mcafee-announcements/#respond Tue, 27 Feb 2018 04:08:57 +0000 https://securingtomorrow.mcafee.com/?p=84645 Mobile World Congress (MWC) 2018 is finally upon us, and mobile and security providers from around the world are in Barcelona presenting the latest and greatest insight and innovation. At this year’s MWC, McAfee is excited to present our own unique insights and innovations, some of which are supported by our partners. These include: McAfee […]

The post How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation appeared first on McAfee Blogs.

]]>
Mobile World Congress (MWC) 2018 is finally upon us, and mobile and security providers from around the world are in Barcelona presenting the latest and greatest insight and innovation. At this year’s MWC, McAfee is excited to present our own unique insights and innovations, some of which are supported by our partners. These include: McAfee Secure Home Platform Skill for Amazon Alexa, the 2018 McAfee Mobile Threat Report, and our industry partnerships with Samsung, Telefónica, Türk Telekom, NTT DOCOMO.

Adapting to Alexa

As we know, the growing type and number of connected devices has changed the way security operates – which is why our team created McAfee Secure Home Platform in the first place. But now, we’re excited to announce the planned launch of the new McAfee Secure Home Platform skill for Amazon Alexa, one of the most popular connected devices out there today. Customers with a McAfee Secure Home Platform enabled router can easily manage their connected home’s network security using their voice. And it’s already gaining traction with MWC attendees, as McAfee just won “Best of MWC 2018” from PC Mag for the Alexa skill!

Insight on the changing mobile landscape

Your phone is not just a phone. It is a rich computing environment that contains the keys to your connected life. And as the 2018 McAfee Mobile Threat Report reveals, cybercriminals know that, and are tailoring their strategy to our dependency on our mobile devices. The report aims to provide insight on the explosion of mobile malware and dramatic changes to the mobile landscape. The report also tells us that there have been over 16 million infestations detected in the third quarter of 2017 alone – nearly double the number from last year.

Partnerships that strengthen our customers’ security

The ever-changing mobile landscape is precisely why we’re working with our partners to find new ways to secure our customers’ mobile devices and digital lives. McAfee is today announcing key partnerships to ensure security is built-in across devices and networks. It’s more important than ever that the entire ecosystem works together to protect consumers around the world from these attacks and deliver them peace of mind. So, how exactly are we doing this? For starters, our partnership with Samsung has expanded to safeguard all Galaxy S9 smartphones, the Galaxy Note8, along with Samsung smart TVs, PCs and notebooks. We also announced a partnership with Telefónica, which will help protect Telefónica customers, and provide always on protection for every connected device in the home. We also announced a strategic partnership with Türk Telekom to deliver cross-device security protection. What’s more – NTT DOCOMO and McAfee now have an extended partnership in order to deliver Wi-Fi protection and security to NTT DOCOMO mobile users.

We’re excited to see what’s to come for the rest of MWC, and how these announcements will help improve our customers’ lives. With these new innovations, we hope our 400 million customers can live their digital lives with confidence and comfort.

To stay on top of McAfee’s MWC news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-mcafee-announcements/feed/ 0
New McAfee Report Reveals Identity Theft is the Most Expensive Form of Property Crime https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-mcafee-report-identity-theft/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-mcafee-report-identity-theft/#respond Fri, 23 Feb 2018 20:17:10 +0000 https://securingtomorrow.mcafee.com/?p=84716 Between Uber, Equifax, and a handful of others, the U.S. has witnessed major data breaches in the past year that have compromised the personal information of millions, leaving them to deal with the possibility of identity theft. And the impact is not lost on consumers, as according to a recent McAfee survey, 61% of consumers […]

The post New McAfee Report Reveals Identity Theft is the Most Expensive Form of Property Crime appeared first on McAfee Blogs.

]]>
Between Uber, Equifax, and a handful of others, the U.S. has witnessed major data breaches in the past year that have compromised the personal information of millions, leaving them to deal with the possibility of identity theft. And the impact is not lost on consumers, as according to a recent McAfee survey, 61% of consumers say their concern about online security has increased over the past five years. So, to track the effects and financial impact of these attacks, the Center for Strategic and International Studies (CSIS) and McAfee released a new report, The Economic Impact of Cybercrime, which found that identity theft is the most expensive kind of property crime in the U.S.

So, just how much money have these breaches cost everyday consumers? Identity theft specifically has cost people $10 billion more than the loses attributed to all other property crime. You heard correctly: billion. The report also tells us that since 2014, nearly three billion internet credentials and other personally identifiable information (PII) have been stolen by hackers, and two-thirds of people online (more than two billion individuals) have had their personal information stolen or compromised. In fact, cybercrime ranks third in dollar value among illegal activities globally, just behind government corruption and narcotics trafficking. 

Now the next question is – what’s being done to protect against this? Usually, those compromised by these attacks scan their bank statements, sign up for monitoring, and chop up their credit cards. But beyond that – not much. Even though consumers are concerned about their personal security, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution, meaning there is still more that can be done. Therefore, to ensure your personal identity stays protected, follow these tips: 

  • Be careful about what you share. Signing up for new services usually requires you to provide personal information. But before giving that information away, it’s critical to consider the cost of doing so and determine if the service received is worth the cost sharing that data.
  • Check your privacy settings. This is an easy one. You should adjust your settings to only share data when required, or only with people you know and trust.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help protect personally identifiable information from identity theft and fraud.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

 

The post New McAfee Report Reveals Identity Theft is the Most Expensive Form of Property Crime appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-mcafee-report-identity-theft/feed/ 0
MWC Preview: Tailoring Security to the Modern Connected Lifestyle https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-preview/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-preview/#respond Wed, 21 Feb 2018 02:25:43 +0000 https://securingtomorrow.mcafee.com/?p=84609 In 2018, we’re officially living in the “future” imagined by popular 80s movies. No, we still don’t have flying cars, but what we do have is many unique internet-connected devices. These devices can do it all – track our fitness, turn our lights on and off, allow us to live in a virtual reality – […]

The post MWC Preview: Tailoring Security to the Modern Connected Lifestyle appeared first on McAfee Blogs.

]]>
In 2018, we’re officially living in the “future” imagined by popular 80s movies. No, we still don’t have flying cars, but what we do have is many unique internet-connected devices. These devices can do it all – track our fitness, turn our lights on and off, allow us to live in a virtual reality – the list goes on. Even our mobile devices have become multi-purpose, giving us the ability to stay in touch with loved ones in a multitude of ways. So, as we’re about to enter the biggest collection of mobile innovation, Mobile World Congress (MWC), let’s take a look at the current state of the connected lifestyle, and the important role security plays in it.

The modern connected lifestyle

Looking back at the takeaways from last year’s MWC, it’s clear providers are tailoring mobile devices to our modern needs. Specifically, they designed new and improved features in order to meet those needs, including: high-quality photography, waterproof hardware, and improved charging capabilities and battery. The same goes for IoT devices – manufacturers are creating more personalized and advanced products in order to keep pace with how we live our lives in 2018. And the trend has seen traction amongst consumers, as users are practically glued to their devices now more than ever and live a completely connected lifestyle these days. What’s more – entire ecosystems will be connected as well with 5G just around the corner, making it clear this trend shows no signs of slowly down.

Protecting what matters

So, as we embrace our digital future, it’s important that we ensure our online activity and personal data stay secure. We’ve seen the threats coming after our devices adapt and become more advanced – some transform hundreds of apps into Trojanized versions of themselves, others infect our devices only to enslave them into a botnet army. That’s why at this year’s MWC, McAfee is excited to display how we plan on protecting the ”connected everything” world we live in.

McAfee and our partners aim to keep our 400M+ customers safe in this modern age by recognizing that security is more than just anti-virus. Whether you’re at home, work, or on the go, your personal information will be safeguarded by solutions that will help keep you safe online and allow you to enjoy your ‘digital life’ to the max. Mind you, we can’t do it alone – as our partners, such as Samsung and Telefónica, share our belief that security needs to be built in from the start​, and support us in our mission to secure the entire digital lifestyle.

To discuss how we’re achieving this even further, McAfee CEO Chris Young will be a keynote speaker at this year’s MWC. He will be exploring how the digital economy is catalyzed by the rapid proliferation of mobile technologies in the hands of billions of people, and how this growth will continue to transform how we do business.

So, whether you’re headed to MWC or just watching from afar, be sure to stay tuned to learn more about McAfee’s mission to secure the digital future. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listening to our podcast Hackable? and ‘Like’ us on Facebook.

The post MWC Preview: Tailoring Security to the Modern Connected Lifestyle appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-preview/feed/ 0
What Are Serverless Apps? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-are-serverless-apps/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-are-serverless-apps/#respond Tue, 20 Feb 2018 17:16:34 +0000 https://securingtomorrow.mcafee.com/?p=84581 The smartphone market has exploded in recent years, leading to the development of over 4 million mobile apps. For mobile developers, this is both a blessing and a challenge, since there are a lot of things to think about when it comes to bringing an application to market. But with the advent of cloud computing, […]

The post What Are Serverless Apps? appeared first on McAfee Blogs.

]]>
The smartphone market has exploded in recent years, leading to the development of over 4 million mobile apps. For mobile developers, this is both a blessing and a challenge, since there are a lot of things to think about when it comes to bringing an application to market. But with the advent of cloud computing, programmers no longer have to worry about owning or even renting space on a server to run their applications. Using a new architecture, they can just pay for the computing power they actually use and have a “serverless app.”

Of course, saying an app is “serverless” is a bit of a misnomer since applications still require servers to run. The difference here is that cloud providers now run and manage the servers, allowing developers to concentrate on front-end usability. This is convenient for developers, but unfortunately it does open the door to new risks.

Because many backend functions are outsourced to third-party services, serverlesss apps have more components than traditionally built apps. This increases the potential attack surface. To put it simply, cyber thieves have a lot more windows to break into if they want to steal customer data, access accounts, steal passwords, or launch attacks.

This is a real drawback, but this new architecture style is still very popular because it has a lot of benefits for developers. They can produce apps quickly and scale them more easily, using smaller development teams, at a lower cost. This is important given the lucrative growth of the smartphone market, which surpassed PC users back in 2014. Serverless apps help developers meet users’ growing demand for new and useful applications.

This development style can also benefit the millions of smartphone users, who get more app options, and a faster release of both new features and bug fixes.

With so many upsides, there is now a wide range of cloud service providers fighting for market share by offering more and more outsourced app functions, such as troubleshooting, statistics, coding, and content delivery.

But while the convenience and cost savings of serverless apps has meant that they have grown exponentially, there is not as much information yet on how secure the new architecture. That means that as an app user, it’s up to you to take as many precautions as you can to keep your data and devices safe. And the truth is downloading any kind of app can bring some degree of risk, whether they are “serverless” or not.

Follow theses important safety tips to protect yourself from a variety of app risks:

  • Use Mobile Security. Consider this your frontline of defense against risky apps and any other mobile threats. Comprehensive security software can protect you against mobile malware, scan for dangerous apps, and ensure that your private information stays safe.
  • Consider Using a VPN. A virtual private network (VPN) is a piece of software that allows you to safely connect to the Internet over a public network. It encrypts, or scrambles, any data that you send over the network so it cannot be intercepted by cybercriminals. This is important since many public Wi-Fi networks are unsecured, and have become a growing target for cybercriminals. Using a personal VPN is especially important if you like to connect to the internet on the go, or are frequently away from your secure home network.
  • Keep Up-to-Date. Stay informed on the latest threats so you know what to look out for. The security landscape changes quickly, especially in the mobile world, so you want to make sure that you have the best tools and practices to protect both your data and your devices.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Are Serverless Apps? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-are-serverless-apps/feed/ 0
How You Can Protect Against W-2 Theft This Tax Season https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-w-2-theft-tax-season/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-w-2-theft-tax-season/#respond Fri, 16 Feb 2018 00:09:35 +0000 https://securingtomorrow.mcafee.com/?p=84546 Benjamin Franklin once said only two things are certain in life: death and taxes. And practically everyone can agree – taxes are certain. So, it’s only natural that cybercriminals are trying to take advantage of the certainty of taxes by finding ways to steal all the crucial personal data floating around during tax season. From […]

The post How You Can Protect Against W-2 Theft This Tax Season appeared first on McAfee Blogs.

]]>
Benjamin Franklin once said only two things are certain in life: death and taxes. And practically everyone can agree – taxes are certain. So, it’s only natural that cybercriminals are trying to take advantage of the certainty of taxes by finding ways to steal all the crucial personal data floating around during tax season. From deceptive phishing scams, to physical theft  – we’ve seen the exploitation of W-2s becoming a major trend as tax season is underway.

We saw W-2 phishing scams run rampant last year, and unfortunately this year is no different.

Just this past week, we saw a deceptive phishing attack compromise the personal information of 100 Waldo County employees in Maine. It began with a cybercriminal impersonating a county official and requesting confidential employee information, including W-2 forms and social security numbers. Easily deceived, an employee sent over the data and just like that, Waldo County employees were faced with potential identity theft. And this isn’t the first case we’ve seen in 2018, as earlier in February the City of Pittsburg was hit by a phishing scheme in which an employee was tricked into giving up the W-2 information of both current and former employees.

W-2 theft isn’t just digital either, as there’s a chance that thieves may head to physical mailboxes and open them in the hopes of discovering envelopes containing W-2 forms. In fact, authorities in Minnesota are expecting such thing to occur and have been warning residents to be extra vigilant with their mail.

So, whether the thievery is digital or physical, it’s important we all start taking action to protect against W-2 theft and secure our personal identities this tax season. To do just that, follow these tips:

  • File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
  • Obtain a copy of your credit report. FYI – you’re entitled to a free copy of your credit report from each of the major bureaus once a year. So, make it a habit to request a copy of your file every three to four months, each time from a different credit bureau. That way, you can keep better track of and monitor any suspicious activity and act early if something appears fishy.
  • Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Remember: the IRS only contacts people by snail mail, so if you get an email from someone claiming to be from the IRS, stay away.
  • Consider an identity theft protection solution.  If for some reason your personal data does become compromised, be sure to you an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post How You Can Protect Against W-2 Theft This Tax Season appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-w-2-theft-tax-season/feed/ 0
What Is a Botnet? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-botnet/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-botnet/#respond Wed, 14 Feb 2018 17:00:43 +0000 https://securingtomorrow.mcafee.com/?p=84461 Robot armies on attack may sound like science fiction, but this is a security reality we’ve been facing for some time. You may have heard of recent threats where popular websites were knocked completely offline, or servers were forced to mine for cryptocurrencies by giant “botnets”. But you might not have known exactly what a […]

The post What Is a Botnet? appeared first on McAfee Blogs.

]]>
Robot armies on attack may sound like science fiction, but this is a security reality we’ve been facing for some time. You may have heard of recent threats where popular websites were knocked completely offline, or servers were forced to mine for cryptocurrencies by giant “botnets”. But you might not have known exactly what a botnet is, and how the devices in your home could easily become part of one.

A botnet is a collection of connected devices, or “bots” (short for robots), that are infected and controlled by malware. These devices could include your PC, webcam, or any number of connected appliances in your home. The cybercriminals who distribute malware to create botnets are generally looking to use the combined computing power of all the infected devices to launch much larger attacks.

Take, for example, the Mirai botnet, which infected millions of consumer devices such as IP cameras and home routers to launch a distributed denial of service attack that was able to cripple major websites such as Netflix, Twitter, and Reddit. Mirai took advantage of the low-level of security on most home connected devices. All the malware had to do was guess a password—many of which are known factory defaults—to seize control.

Botnets have been around for a long time, with the first instances recorded in the early 2000s as a way to send massive amounts of spam emails. But these days cybercriminals are eyeing the huge computing potential of millions of IoT devices to create botnets that can launch targeted attacks, or make money.

Some large botnets have become money-making enterprises unto themselves, with cybercrooks reselling their resources to users who want to launch their own attacks, say against online gaming rivals.

But, no matter what a botnet is used for there are a number of reasons why you don’t want your computers and devices to wind up as part of a nefarious network. Botnet malware can significantly slow down your computer or device, and keep it from functioning properly. In the case of computers, this slowdown can potentially keep you from downloading critical security updates, leaving you at an even greater risk for data theft. The malware can also be used to spam your friends and contacts in your name, and launch attacks against other networks, all without your knowledge.

Follow these important tips to keep your devices from joining the botnet army: 

  • Change Device Passwords—The first thing you want to do when you get a new IoT device is to change its default password, making it much harder for a potential attacker to gain access. Check your user’s manual for security settings. If the device has little or no built-in security, consider investing in more secure devices.
  • Keep your software up-to-date—This goes for both computer software and device firmware. Manufacturers regularly release software updates that can protect you from known vulnerabilities, so you want to make sure that you are always running the latest versions.
  • Always Use a Firewall—Firewalls monitor traffic between your Internet connection and your devices to detect unusual behavior. Even if one of your devices is infected, a firewall can keep a potential attacker from accessing all the other devices on the same network. Firewalls are often included in comprehensive security software, ensuring that all your computers and devices have protection.
  • Setup a Separate IoT Network—Instead of putting all your IoT devices on your regular home network, consider setting up a guest network that doesn’t share access to your other devices and data. Check your router manufacturer’s website to learn how. Or, consider getting a router with built-in security features, making it easier to protect all the devices in your home from one access point.
  • Practice Safe Surfing—So called “drive by” malware, which can infect your device simply by visiting a compromised website, or clicking on a dangerous ad, is being increasingly used to create botnets. In fact, millions of websites are now thought to be infected with crypto-mining malware. That’s why it’s important to be careful where you click. Make sure that you are using antivirus software, and that you enable ad blocking.And to prevent your computer from being infected with crypto mining software specifically, you may also consider installing a browser extension such as Chrome’s No Coin, or Opera for Android. Both actively block coin miners.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Is a Botnet? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-botnet/feed/ 0
Are We Dating Our Devices? How Our Online Interactions Impact Our Personal Security https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/dating-devices-personal-security/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/dating-devices-personal-security/#respond Mon, 12 Feb 2018 14:00:47 +0000 https://securingtomorrow.mcafee.com/?p=84421 L is for the way you look at your technology, O is for you’re not the only one looking at it. We L-O-V-E our connected devices, our apps, and all the online social interaction that comes with them. But unfortunately, we’re not the only ones who love them, as cybercriminals are attempting to capitalize on […]

The post Are We Dating Our Devices? How Our Online Interactions Impact Our Personal Security appeared first on McAfee Blogs.

]]>
L is for the way you look at your technology, O is for you’re not the only one looking at it. We L-O-V-E our connected devices, our apps, and all the online social interaction that comes with them. But unfortunately, we’re not the only ones who love them, as cybercriminals are attempting to capitalize on our connected lifestyles in order to swoop valuable personal information. Let’s explore why this is happening, how our increased device use impacts our lives, and what we can do to show our personal security some love.

Sharing data during modern dating

We love our devices largely for the connectedness and information they provide us with. For example, modern romance has shifted towards dating apps largely because these apps connect us with world quickly and easily. On these dating apps, you share information about yourself with strangers. But could you be sharing that info with strangers that aren’t even on the app? Just a few weeks ago, security researchers discovered that popular dating app Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder’s iOS or Android app, potential hackers could see any photo the user did, or even inject their own images into his or her photo stream. These crooks could even watch a user swipe left or right. By trying to stay connected online, these dating app users could be helping cybercriminals connect to their personal data instead.

The effects of our device devotion

Ironically enough, our efforts to engage socially online don’t exactly help us strengthen real-life relationships. In fact, we know from last year’s Connected Relationships survey that as we use our connected devices more and more each day, our relationships are negatively impacted by that use.

The Connected Relationships survey respondents said that they spend an equal amount of time at home online (38%) as they do interacting with others face-to-face. And 40% felt their significant other paid more attention to their own device when they were together one-on-one. You could even say that, for many, these devices have become the “other (wo)man” in the relationship.

Though devices have managed to cause some minor riffs between couples, that doesn’t stop couples from sharing even when they shouldn’t. Out of those surveyed, nearly 30% of couples share passwords to social media accounts, 28% share passwords to personal email accounts, and most shockingly, more than 20% share their work-specific devices and accounts with their significant other.

Spread the love to your personal security

So, whether you’re sharing your private data with a dating app, or your account info with a loved one, it’s important you show your personal security some love too. To do just that, follow these tips:

  • Limit how personal you get. Whether its Tinder, another dating app, or just any regular app, only provide the program with information that is absolutely necessary — this especially goes for financial data. Additionally, take the time to remove unnecessary personal information from your devices in general that could compromise your security. The less personal data you have on a device, the safer your information will be.
  • Make passwords a priority. Ensure your passwords are secure and strong by including numbers, lowercase and uppercase letters, as well as symbols. If you’re someone who knows the struggle with generating and remembering multiple unique passwords, use a password manager, like the True Key app. A password manager can help you create strong and secure passwords and log you into your favorite websites automatically using multi-factor authentication.
  • Focus on what really matters. We love our devices, but it’s important to disconnect every now and then to spend time with the important people in our lives, like friends and family. Don’t worry: your social networks will be right there waiting for you when you get back.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Are We Dating Our Devices? How Our Online Interactions Impact Our Personal Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/dating-devices-personal-security/feed/ 0
Meltdown and Spectre Aren’t Done Just Yet – New Malware Uses Exploits to Potentially Attack Browsers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-spectre-potentially-attack-browsers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-spectre-potentially-attack-browsers/#comments Wed, 07 Feb 2018 22:38:04 +0000 https://securingtomorrow.mcafee.com/?p=84308 We kicked off 2018 with two powerful new exploits: Meltdown and Spectre. And since the discovery of Meltdown and Spectre on January 3rd, vendors have been hard at work issuing patches to remedy their nasty side effects – with the majority supplying fixes within the first week. But, unfortunately, some malware makers have still found […]

The post Meltdown and Spectre Aren’t Done Just Yet – New Malware Uses Exploits to Potentially Attack Browsers appeared first on McAfee Blogs.

]]>
We kicked off 2018 with two powerful new exploits: Meltdown and Spectre. And since the discovery of Meltdown and Spectre on January 3rd, vendors have been hard at work issuing patches to remedy their nasty side effects – with the majority supplying fixes within the first week. But, unfortunately, some malware makers have still found ways to leverage a handful of these exploits. In fact, according to the AV-Test Institute, there are currently 139 malware samples out in the wild that appear to be related to the recently reported CPU exploits and have been designed to attack web browsers running JavaScript.

So, why is this still happening? Though operating system vendors, chip makers, and browser makers have released patches to mitigate the attacks, that doesn’t exactly mean all systems everywhere have been locked down, especially as new malware strains continue to emerge. In fact, the CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 exploits are still being abused by cybercriminals, who are leveraging them to potentially attack browsers that support JavaScript and WebAssembly.

What’s more – if they successfully infiltrate these browsers, cybercriminals can steal passwords and other personal data. So, it’s crucial users are vigilant and take the necessary precautions to secure their personal info while surfing the web. To do just that, follow these tips:

  • Exit out of your browser window. If you’re not actively using your browser window, close it. This should decrease your chances for attack and also conserve energy in the process.
  • Update everything regularly. Along with updating every type of device impacted by Meltdown and Spectre, be sure to update your browser as soon as an update becomes available. That way, you can apply any additional patches that are created to combat these new malware attacks.
  • Surf the web safely. As I noted in my last post about Meltdown and Spectre, McAfee products are not affected by this exploit. Therefore, after you’ve updated your devices with the latest security software, it’s time to take the next step in personal security by locking down your browser as well. You can do that by installing McAfee WebAdvisor, which acts your own personal safety advisor for your online activity.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Meltdown and Spectre Aren’t Done Just Yet – New Malware Uses Exploits to Potentially Attack Browsers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-spectre-potentially-attack-browsers/feed/ 2
The GDPR Basics: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gdpr-basics/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gdpr-basics/#respond Fri, 02 Feb 2018 19:33:18 +0000 https://securingtomorrow.mcafee.com/?p=79316 To ensure all companies are being held responsible for the way they handle consumer data, the European Union took action and created something called the General Data Protection Regulation (GDPR). Passed in April of 2016, GDPR was created to protect the personal data handled by companies – but what exactly does GDPR entail for consumers? Let’s take a look. 

The post The GDPR Basics: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
What companies do with consumer data has always been a hot topic – and becomes hotter after every security breach, when consumers learn more about what can go wrong with their data and worry about the implications of their personal information in the wrong peoples’ hands. In the United States, most states and several cities now have laws about data breaches and many have laws regarding some form of consumer data protection. Europe has had a data protection law covering its residents for more than twenty years.

But the past twenty years have seen lots of changes in technology and in the way data can help consumers, so the European Union has refreshed the former law – the Data Protection Directive – with a more robust law, the General Data Protection Regulation (GDPR). But what exactly does GDPR entail for consumers? Let’s take a look. 

What is GDPR?

The General Data Protection Regulation (GDPR) updates EU law to consider the internet, e-commerce, online advertising, and the increase in data driven marketing.  Many of the provisions of the prior law are restated in the GDPR, but now companies face tougher fines for non-compliance.  The new Regulation also requires companies to report breaches to their regulators and often to consumers, and allows people to ask what companies they work for and they do business with do with their data. Replacing the Data Protection Directive, GDPR is more of an evolution of existing rules rather than a revolution, but it brings in important changes and reduces the number of country-specific laws that will be allowed. These changes have been introduced due to the changing nature of the world we live, the volume and prevalence of data, and the value of personal data in an increasingly connected world.

Who Does It Affect?

With enforcement of the Regulation starting on May 25th, 2018, it’s important to know what this legislation specifically impacts. The scope of “personal data” is broad, ranging from online identifiers such as IP addresses to social identities in addition to the usual names and contact information (both personal and work in the EU), but basically GDPR will cover anything that can be traced back to you as a specific individual, aiming to better enforce the protection of personal data as a basic human right. It protects the data of EU residents– in fact, it is irrelevant where a company collecting data is based in the world as long as they have EU customers. GDPR places a requirement on companies to “implement appropriate technical and organizational” measures to ensure the security of the personal data.

The Regulation requires companies to look at how they collect and store consumer data, keep records of certain kinds of consent, and be transparent about how they use personal data.  The Regulation allows EU residents to ask companies questions about how their data was obtained, to opt out of marketing, and – in some cases – to ask that their data be deleted.

How to Prepare for It

With GDPR enforcement fast approaching, the most important thing both companies and European Union consumers can do is be educated and prepared. Companies have to review their practices and make sure they are complying with the Regulation. Consumers need to know their rights and how GDPR will enable them to ask questions about what happens to their personal data. They’ll likely see more “consent” requests attached to any data collection – and notices about data breaches.   But like any new law, the true meaning of the GDPR regarding consumer data may take years of court cases to truly unravel.

Stay on top of the latest consumer and security news by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post The GDPR Basics: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gdpr-basics/feed/ 0
McAfee Internet Security Takes Home Perfect AV-TEST Scores https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-internet-security-perfect-av-test-scores/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-internet-security-perfect-av-test-scores/#respond Wed, 31 Jan 2018 02:11:25 +0000 https://securingtomorrow.mcafee.com/?p=84117 McAfee Internet Security offers comprehensive online security with accelerated performance, and helps keep you and your family safe from cyberthreats. With McAfee Internet Security, all the personal data held on your devices is safeguarded with an extra layer of defense. In the cybersecurity space, personal devices– including mobile devices, computers, tablets – are also defined as […]

The post McAfee Internet Security Takes Home Perfect AV-TEST Scores appeared first on McAfee Blogs.

]]>
McAfee Internet Security offers comprehensive online security with accelerated performance, and helps keep you and your family safe from cyberthreats. With McAfee Internet Security, all the personal data held on your devices is safeguarded with an extra layer of defense.

In the cybersecurity space, personal devices– including mobile devices, computers, tablets – are also defined as endpoint devices. When they connect to a network, they create a potential entry point for security threats. McAfee Internet Security acts as a safeguard for these endpoint devices, as does McAfee Endpoint Security one of McAfee’s solutions for businesses. And now, we’re pleased to announce that both have been recognized for their advanced protection.

The AV-TEST Institute, a leading international and independent service provider in the fields of IT security and anti-virus research, has given McAfee Internet Security perfect scores across the board for protection, performance, and usability, resulting in 18 out of 18. What’s more the AV-TEST Institute has given McAfee Endpoint Security a Top Product Award in their latest corporate windows7 test and scored the most recent version of the product a 17.5 out of 18.

These scores are not only exciting, but truly significant as both our corporate and consumer nodes work together to deliver one of the largest real-world sensor grids available, with over 350 million clients deployed globally. These awards also remind us that these offerings will continue to be crucial as we work to fuel company growth and strengthen our customers’ security in 2018 and beyond.

Be sure to stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post McAfee Internet Security Takes Home Perfect AV-TEST Scores appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-internet-security-perfect-av-test-scores/feed/ 0
Key Considerations for Consumers Around Data Privacy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy/#respond Wed, 24 Jan 2018 01:47:04 +0000 https://securingtomorrow.mcafee.com/?p=83891 It’s 2018 – and though we’re not living in the age of flying cars, we are living in an age defined by the digital lifestyle. In today’s new age of technology, consumers are sharing more online than ever before. But, are people thinking about the privacy they sacrifice when they overshare online? This is especially […]

The post Key Considerations for Consumers Around Data Privacy appeared first on McAfee Blogs.

]]>
It’s 2018 – and though we’re not living in the age of flying cars, we are living in an age defined by the digital lifestyle. In today’s new age of technology, consumers are sharing more online than ever before. But, are people thinking about the privacy they sacrifice when they overshare online? This is especially top of mind as Data Privacy Day is upon us, which is an international effort held annually on January 28th to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust. Data Privacy Day acts as an important reminder for consumers to step back and consider the digital footprint they are leaving, and the potential sensitive data they are exposing to cybercriminals. Let’s take a look at the way data is shared in the modern era, and how much of a priority data privacy really is.

The impact of the Internet of Things

One of the biggest changes to the modern digital age is the introduction of the Internet of Things, or, IoT devices. We sometimes refer to the growing amount of IoT devices as the “Internet of Me,” because these connected devices run on our personal info more often than not. The information or action provided by IoT devices is typically based on your data. Take a fitness tracker as an example, it might need some personal details in order to customize a health plan and calculate your progress towards your health goals. This is just one example of the amount of data shared with IoT devices, but reminds us that we all must remember that IoT devices put our personal information in more places in ever before, and potentially in more hands too.

Privacy as a priority

So, when it comes to keeping all of this data private – just how concerned are consumers? Well, per our recent survey, 43% of those surveyed feel like they lack control over their personal information. And another 33% are unsure to what degree they can control how companies collect their personal information.

What’s more — even though consumers are concerned about personal information and identity, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution. Plus, despite the recent increase in breaches, 39% of respondents claim their concern about online security has remained the same or has decreased over the past five years.

How to protect your personal information

Now, the question is – what next? How can you channel the important takeaways from Data Privacy Day into your everyday life? Start by following these tips:

  • Think carefully about what you are posting/sharing. Are you broadcasting that you are out of town on social media? Are you giving that app or IoT device more information than it really needs? It’s important to be conscious about how and when you share your personal information online or with an app/service. It’s also a good security practice to only share personal data when it’s truly necessary.
  • Check your privacy settings. This is an easy one. If you are inclined to overshare personal information, make sure you adjust your settings so that you only share data when required, or only with people you know and trust.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help you protect you personally identifiable information from identity theft and fraud.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Considerations for Consumers Around Data Privacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy/feed/ 0
Key Innovations and Takeaways from CES 2018 https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2018/#respond Wed, 17 Jan 2018 17:40:42 +0000 https://securingtomorrow.mcafee.com/?p=83756 Every year, practically everyone in the consumer electronics industry catches a flight and heads to Las Vegas for The International Consumer Electronics Show (CES). Though 2018’s show was colored by some power outages and even some flooding, it still delivered upon its typical expectations and showcased the best innovation that the industry brings to the […]

The post Key Innovations and Takeaways from CES 2018 appeared first on McAfee Blogs.

]]>
Every year, practically everyone in the consumer electronics industry catches a flight and heads to Las Vegas for The International Consumer Electronics Show (CES). Though 2018’s show was colored by some power outages and even some flooding, it still delivered upon its typical expectations and showcased the best innovation that the industry brings to the table. And out of all of these technological marvels, a few key themes emerged. Here are some of my takeaways from the event:

AR is the new reality

Given its prolific presence at CES, (augmented reality) AR tech is likely to become everyone’s shiny new toy this year. Just think about it, with AR technology, consumers have immersive experiences available right at their fingertips. A popular AR contender was the Vuzix Blade, which is a pair of Android-powered sunglasses that deliver notifications and even Alexa functionality right to your eyes via a color display. Other notable mentions include the Lenovo Mirage Solo and Arsenz Thermoglass with FLIR.

Smart homes are the new norm

At CES last year, connected household devices were popular, but now they’re so prevalent that they’ll soon redefine the modern home entirely. There were smart doorbells that allow users to answer their door even if they’re not at home, a connected thermostat that learns the behavior of homeowners, and even a voice-lighted mirror with Amazon Alexa embedded into it. In fact, Samsung said it will increase its own smart home offerings, pledging that all of its devices from TVs to washing machines will be “smart” by 2020.

Security goes beyond standard devices

 At McAfee, we understand that IoT devices continue to permeate the modern home. That’s why we’ve created McAfee Secure Home Platform as the answer to the IoT boom. At this year’s CES, we even took over the Public House Restaurant in the Venetian and simulated a smart home experience to showcase how exactly McAfee Secure Home Platform works. We also continued our mission of protecting the connected home by working with D-Link on the new AC2600 Wi-Fi Router Powered by McAfee.

We continued the theme of extending protection beyond the PC or mobile phone by partnering with Samsung on Samsung Secure Wi-Fi, with back-end technology from McAfee to encrypts personal information during sensitive transaction and online activities.

And last but not least, we moved into a new space with the launch of McAfee Identity Theft Protection, designed to provide exactly that. This solution allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secure.

All in all, CES 2018 proved that innovation isn’t slowing down, and that also goes for connected devices and the technology that protects them. Both IoT devices and cybersecurity landscape are adapting to the needs of everyday consumers to make sure everyone can enjoy their digital life in a safe way.

To stay on top of McAfee’s CES news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Innovations and Takeaways from CES 2018 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2018/feed/ 0
McAfee Focused on Protecting Customers’ Identity, Connected Homes and Wi-Fi Connections https://securingtomorrow.mcafee.com/consumer/mcafee-ces-solutions-partnerships/ https://securingtomorrow.mcafee.com/consumer/mcafee-ces-solutions-partnerships/#comments Mon, 08 Jan 2018 13:00:03 +0000 https://securingtomorrow.mcafee.com/?p=83514 As we kick off the new year, McAfee is optimistic about what the future holds. We protect more than 375 million customers worldwide, and we’re continuing to innovate to bring the best protection possible to people worldwide. Specifically, we’re bringing new solutions and partnerships to the table, which both fuel company growth and strengthen consumer […]

The post McAfee Focused on Protecting Customers’ Identity, Connected Homes and Wi-Fi Connections appeared first on McAfee Blogs.

]]>
As we kick off the new year, McAfee is optimistic about what the future holds. We protect more than 375 million customers worldwide, and we’re continuing to innovate to bring the best protection possible to people worldwide. Specifically, we’re bringing new solutions and partnerships to the table, which both fuel company growth and strengthen consumer security. Let’s dive in to what those look like.

Solutions for the Modern Threat Landscape

 First and foremost, McAfee is continuing to extend security into all facets of consumers’ digital lives with solutions such as McAfee Secure Home Platform, McAfee Safe Family and McAfee Safe Connect. All these offerings can help consumers have peace of mind in an ever-changing digital world fueled by volume, speed and complexity.

Beyond that, we’re also implementing new offerings that help consumers adapt to modern threats.  In the wake of recent massive data breaches, McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured. With this new solution, we’re aiming to make the digital world a safer place to live, work and play.

New Partnerships Help Consumers Stay Safe

Collaboration is vital in continuing our mission to protect the connected home. To drive connected home device security forward, we worked with D-Link on the new AC2600 Wi-Fi Router Powered by McAfee. The router, which utilizes Intel’s connected home technology, will automatically protect users’ connected home devices. It features parental controls, protection for IoT devices, and real-time monitoring for safer browsing.

More and more, consumers are using their mobile phones to connect to public Wi-Fi, which opens them up to having their personal information accessed by cybercriminals. McAfee’s partners understand this risk and share the collective vision of building security into devices from the start. Samsung Secure Wi-Fi, featuring back-end technology from McAfee, which encrypts personal information during sensitive transaction and online activities, is now also available on the Samsung Galaxy Note8 in the U.K., Germany and France.

Beyond our new collaborations with D-Link and Samsung, McAfee continues to work with industry partners including HP, Dell, Lenovo, LG, Verizon and Telefonica to help secure devices from the start. Given the complexity of the cybersecurity space, we can’t do it alone –  and by working with leading companies who share our vision to help protect their customers, we don’t have to. These key partnerships underscore our commitment to industry collaboration and play a vital role in McAfee’s role as an industry leader.

To stay on top of McAfee’s CES news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post McAfee Focused on Protecting Customers’ Identity, Connected Homes and Wi-Fi Connections appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mcafee-ces-solutions-partnerships/feed/ 1
Meltdown and Spectre 101: What to Know About the New Exploits https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-and-spectre/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-and-spectre/#comments Fri, 05 Jan 2018 19:37:26 +0000 https://securingtomorrow.mcafee.com/?p=83535 Between the Blueborne vulnerabilities and the High Sierra Mac flaw – we saw some nasty bugs in 2017. Now, 2018 has already introduced us to some powerful new exploits: Meltdown and Spectre. These are cyber-attack techniques that seek to exploit operating system technologies that normally function safely, as designed, but researchers have cleverly identified a […]

The post Meltdown and Spectre 101: What to Know About the New Exploits appeared first on McAfee Blogs.

]]>
Between the Blueborne vulnerabilities and the High Sierra Mac flaw – we saw some nasty bugs in 2017. Now, 2018 has already introduced us to some powerful new exploits: Meltdown and Spectre. These are cyber-attack techniques that seek to exploit operating system technologies that normally function safely, as designed, but researchers have cleverly identified a way to use these benign technologies for malicious purposes. They basically manipulate the protections that separate applications from operating systems, as well as applications from other applications running on the same computer. They also affect a wide range of devices that we use in our daily lives, including both PCs and phones.

So, how exactly could Meltdown and Spectre have such an impact? First, let’s back up and explore the role they play in operating systems. Most modern operating systems perform speculative execution, and even execute instructions before it is certain that those instructions need to be executed. This makes it possible for one process to infer that some data belongs to another process.

As McAfee CTO Steve Grobman views it, we should think of these vulnerabilities in the sense of modern banking — we rely on banks to perform operations on our behalf, and when we request that a payment is made, our banks will move things around behind the scenes to ensure successful transactions we couldn’t execute as individuals. Just like with banking, we rely on these operating systems to perform services on our behalf, which often involves important data.

Now, what’s dangerous about Meltdown and Spectre is that these attacks can “melt” the barriers between unprivileged applications and the privileged operating system. Essentially, this means pulling back the curtains on all the behind-the-scenes data involved in these services. This allows attackers that leverage Meltdown and Spectre to potentially steal passwords, financial data or information from other applications. What’s more – cybercriminals are attempting to leverage these exploits in other ways too, as a fake patch is currently being circulated that is actually a front for a malware called Smoke Loader.

So, the next question is – how do you ensure your devices and data are protected from these exploits? You can start by following these tips:

  • Turn on auto-update. Make sure Windows auto-update is turned on as a best practice, and that you’re connected to the internet so that McAfee auto-update can work too. If Windows auto-update is turned on, there’s nothing else you need to do. But if you manually update Windows, it will succeed no later than Tuesday once McAfee’s auto-update occurs.
  • Update everything immediately. Beyond applying any updates received from Windows, it’s crucial you update everything else too. That way, you can apply any patch you receive from all PC, phone, and mobile app providers that have been affected.
  • Go straight to the source. The phony patch carrying Smoke Loader comes from a fake website claiming to be part of the German Federal Office for Information Security. So, in order to avoid this fake patch and others like it, always be sure to only go straight to source – meaning, go directly to the site of your provider.
  • Lock down your devices with comprehensive security. McAfee products are not affected by this vulnerability nor the Windows changes that address it. Therefore, after you’ve updated your devices with the latest software, be sure to install comprehensive security. A solution like McAfee LiveSafe can ensure your devices are protected from cybercriminals wishing to leverage this vulnerability in order to steal your personal data.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Meltdown and Spectre 101: What to Know About the New Exploits appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-and-spectre/feed/ 6
Key Findings from our Survey on Identity Theft, Family Safety and Home Network Security https://securingtomorrow.mcafee.com/consumer/key-findings-from-our-survey-on-identity-theft-family-safety-and-home-network-security/ https://securingtomorrow.mcafee.com/consumer/key-findings-from-our-survey-on-identity-theft-family-safety-and-home-network-security/#respond Wed, 03 Jan 2018 05:01:06 +0000 https://securingtomorrow.mcafee.com/?p=83393 The world is connecting to the internet now more than ever before. As a result, the popularity of connected devices has changed the way we live our lives – in particular, the way we handle our personal information. To get a sense of consumers’ habits and attitudes around the digital landscape, McAfee surveyed 6,400 people […]

The post Key Findings from our Survey on Identity Theft, Family Safety and Home Network Security appeared first on McAfee Blogs.

]]>
The world is connecting to the internet now more than ever before. As a result, the popularity of connected devices has changed the way we live our lives – in particular, the way we handle our personal information. To get a sense of consumers’ habits and attitudes around the digital landscape, McAfee surveyed 6,400 people globally for its study, New Security Priorities in An Increasingly Connected World. The survey reveals what consumers’ security focuses and concerns are as we move into 2018.

Data breach concerns are high, but action is minimal

It’s no secret that the plethora of recent data breaches and malware attacks have put the personal information and identities of millions of Americans at risk. Many are feeling that they have a lack of control over their personal information (43% of those surveyed, in fact). And another 33% rank protecting their identity as their number one cybersecurity priority ahead of protecting privacy, connected devices, data, and connected home devices.

However, even though consumers are concerned about their personal information and identity, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution. This is all in spite of the fact that 61% of respondents are more concerned about cybersecurity than they were 5 years ago.

So, out of those surveyed – how many are proactive about protecting their identity, and how do they do it? The most common way respondents aim to prevent identity theft is to check online bank accounts for unauthorized charges or withdrawals (67%). 43% of those surveyed check social media for fraudulent activities like posts on social media that were not created by them , and 37% use credit monitoring services. Shockingly, 15% claimed to take no specific action at all.

Keeping your family safe online

The concerns around personal data apply to kids too, as today’s children are practically glued to their phones and tablets, and often don’t inform their parents about who they are talking to, where they are going online and what they are posting.

In fact, almost one third of parents do not monitor their child’s connected device usage, and only 44% keep devices in their possession and let their child use the device when they can be monitored. But the reality is, 40% of parent respondents discovered that their children have accessed a website that they do not approve of, while only 26% of said parents use software to monitor their child.

Protecting your home

Though survey respondents are most concerned about their personal data, and that of their children’s, their focus also extends to the very homes they live in. With the boom of Internet of Things (IoT) devices, the home network is being asked to handle more devices than ever before.

And it’s becoming harder to manage for the owners of those devices. 52% of respondents were either unsure or had no idea how to check to see if their connected devices and apps are secured. The biggest worry among respondents about having their wireless home network hacked is that cybercriminals could steal personal information and make them a victim of identity theft (63%). A total of 17% of those surveyed say they have never considered the implications of their network being hacked.

How to stay protected

So, if you have a few of these concerns on your mind, fear not – there’s steps you can take to stay protected. Start by following these :

  • Review your account info. Regularly reviewing online bank/credit account transactions can help you spot suspicious activities or purchases. If you do stumble upon something fishy, be sure to report it to your bank or credit institution immediately.
  • Start the conversation early and get access. For parents, it’s imperative to start talking to children about online safety at an early age. You can start with simple rules like “stay away from people you don’t know in “real life” or “don’t open emails from strangers.”
  • Consider using identity theft protection. An identity theft protection service can monitor your accounts, alert you of potential problems, insure you against ID theft, and help you regain your money and credit if you are a victim of fraud.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

 

The post Key Findings from our Survey on Identity Theft, Family Safety and Home Network Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/key-findings-from-our-survey-on-identity-theft-family-safety-and-home-network-security/feed/ 0
Starbucks Bitcoin Mining Incident Reminds Us of the Risks of Public Wi-Fi https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/starbucks-bitcoin-mining/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/starbucks-bitcoin-mining/#respond Thu, 14 Dec 2017 23:56:52 +0000 https://securingtomorrow.mcafee.com/?p=83253 Most of us order our coffee with half and half, or a pastry on the side. But what Buenos Aires Starbucks goers didn’t realize is that they were ordering their cup of joe with a side of Bitcoin mining. Just this this week, a coffee lover and Stensul’s CEO Noah Dinkin noticed that while logging […]

The post Starbucks Bitcoin Mining Incident Reminds Us of the Risks of Public Wi-Fi appeared first on McAfee Blogs.

]]>
Most of us order our coffee with half and half, or a pastry on the side. But what Buenos Aires Starbucks goers didn’t realize is that they were ordering their cup of joe with a side of Bitcoin mining. Just this this week, a coffee lover and Stensul’s CEO Noah Dinkin noticed that while logging into Wi-Fi provided by one of the coffee chain’s Buenos Aires outlets, his device was being used to mine for cryptocurrency.

First off – what exactly is Bitcoin mining? As defined by Investopedia, Bitcoin mining is the process by which transactions are verified and added to the public ledger, known as the block chain, and also the means through which new bitcoin are released. Anyone with access to the internet and suitable hardware can participate in mining.

So, you can only imagine Dinkin’s surprise when he discovered the café’s Wi-Fi doing exactly that. “Hi Starbucks, did you know that your in-store Wi-Fi provider in Buenos Aires forces a 10 second delay when you first connect to the Wi-Fi so it can mine Bitcoin using a customer’s laptop?” he asked on Twitter. Although Dinkin initially believed the code was forcing his laptop to try to mine for Bitcoins, other Twitter users noted that it had in fact been designed to mine another digital currency – Monero.

It seems this was a surprise to Starbucks too, which later made it publically aware that their Wi-Fi provider was hit with malware. “As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely,” the official Starbucks account tweeted to Dinkin.

This entire incident was a bit surprising, as victims’ computers are normally targeted for Bitcoin mining via infected websites. Regardless, this issue does highlight one thing: the risk of using public Wi-Fi.

Therefore, to protect yourself from this Bitcoin mining attack and others that leverage public Wi-Fi, be sure to follow these tips:

  • Be selective with what Wi-Fi you access and what you share with it. The convenience of public Wi-Fi doesn’t always outweigh its drawbacks. Only connect to a public Wi-Fi network if you absolutely need to. And when you do, be sure to be careful with what data you share while accessing that network.
  • Consider a VPN. A Virtual Private Network (VPN) extends a private network across a public network, and can help to secure and encrypt your data on public Wi-Fi networks. Therefore, find yourself a solid VPN, such as such as McAfee Safe Connect, to implement on your device.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Starbucks Bitcoin Mining Incident Reminds Us of the Risks of Public Wi-Fi appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/starbucks-bitcoin-mining/feed/ 0
Tech Support Scammers Try to Use Spotify Forums to Trick Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-scammers-spotify-forums/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-scammers-spotify-forums/#respond Wed, 13 Dec 2017 00:27:52 +0000 https://securingtomorrow.mcafee.com/?p=83167 We’ve seen scammers imitate Amazon, PayPal and other major companies this holiday season. And it seems that the scams just keep coming, as a collection of big name companies are now being mimicked on the forums of a legitimate one: Spotify. It’s been discovered that tech support scammers have been using Spotify forums to inject […]

The post Tech Support Scammers Try to Use Spotify Forums to Trick Users appeared first on McAfee Blogs.

]]>
We’ve seen scammers imitate Amazon, PayPal and other major companies this holiday season. And it seems that the scams just keep coming, as a collection of big name companies are now being mimicked on the forums of a legitimate one: Spotify. It’s been discovered that tech support scammers have been using Spotify forums to inject their phone numbers into the first page of the Google & Bing search results in order to offer fake services.

Not only do these offers make it harder for those who have valid questions to use Spotify’s forums, they also allow tech support scammers to rank extremely well within internet searches. What’s more – they can trick unknowing callers into purchasing unnecessary or even malicious services and software.

The tech support scams being posted to Spotify feign to be from organizations such as McAfee, Apple, Microsoft, Norton, Tinder, Linksys, AOL, Turbotax, Coinbase, Amazon, and more. The sheer volume of scammers can be largely attributed to a lapse in proper verification, as Spotify does not require email verification before allowing a user to post. That means any fake email address can still post on these forums. However, the good news is — while the number of scammers out there is concerning, Spotify has acknowledged the problem and has said they’re in the process of working on a fix.

So now the next question is – what can you as a user do to ensure you avoid the influx of scams hitting the internet this holiday season? You can start by following these security tips:

  • Go directly to the source. It’s a good security rule of thumb: when you need to contact support services, always go directly to a company’s website to be sure you’re working with the real deal.
  • Do your homework. Before engaging with any service or software, always look into its legitimacy. Google the number provided and read online reviews — if something comes up that seems remotely fishy, avoid interacting with the company entirely.
  • Stay secure while you browse. Sometimes it’s hard to identify whether a website or a post is full of malicious activity or is being operated by a cybercriminal. So, add an extra layer of security to your browser, and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Tech Support Scammers Try to Use Spotify Forums to Trick Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-scammers-spotify-forums/feed/ 0
Top Online Scams & How To Avoid Them https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-online-scams-avoid/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-online-scams-avoid/#comments Wed, 06 Dec 2017 19:54:48 +0000 https://securingtomorrow.mcafee.com/?p=82974 If you’re like most people, going online is a natural part of your day and you don’t focus on the dangers that may lurk there. But the unfortunate truth is that crooks and scammers around the globe have become very good at tricking us out of our information and money. They do this by taking […]

The post Top Online Scams & How To Avoid Them appeared first on McAfee Blogs.

]]>
If you’re like most people, going online is a natural part of your day and you don’t focus on the dangers that may lurk there. But the unfortunate truth is that crooks and scammers around the globe have become very good at tricking us out of our information and money. They do this by taking advantage of both the open nature of the internet, and our own willingness to share.

One of the main techniques they use is called “social engineering.” This is when scammers use deception or misinformation to get us to reveal personal information, make a security mistake, or even send money. Let’s take a look at some recent online scams to learn how these methods work, and how to avoid them.

Phishing Attacks—The spelling may be a little different, but the concept of online “phishing” is the same as fishing in water. Phishers throw out bait, such as phony offers, sensational headlines, and free products, in the hopes of hooking us.

For instance, one recent scam uses fake emails that appear to come from the popular streaming service Netflix, asking users to update their billing information. It hooks users in two ways: it uses familiar Netflix branding, and frightens diehard fans by telling them that their account is suspended unless they provide credit card details to renew their subscription.

Another popular scam involves fake messages from the IRS, saying the recipient has a tax refund waiting and just needs to supply some personal information, or download an email attachment to receive the money. Sadly, victims often have their data stolen, their computer or device infected with malware, or both.

Social Media Scams—Social media networks are designed for sharing, but we often share too much. This can include private and identity information, as well as our exact location. Scammers love to take advantage of this openness to try to get us to share even more, including our money.

One recent Facebook scam appears as a post from Delta Airlines, offering two free tickets to everyone who fills at a survey and shares the post, so it can potentially hook their friends too. The survey asks for their personal information, and no free tickets are ever given.

Even taking what looks to be fun and harmless quizzes, with no freebies attached, can be risky. For instance, a recent quiz widely circulated on Facebook called “10 Concerts I’ve Been To” turned out to be a scam designed to tease out answers to users’ login security questions.

Fake Virus Alerts & Tech Support Scams—Having computer or device problems is a real headache, and scammers know that we’ll do almost anything to avoid the loss of data and downtime. That’s why their tech-related scams are so effective.

Fake virus warnings, saying that your computer or device is infected, and you need to call a support hotline to fix the problem, are the latest version of this scam. Once the user calls the number they are asked for their credit card information, and sometimes they request remote access to the computer to fix the problem. Once they get access, they can potentially steal private information or infect the machine with malware.

Some bogus virus warnings even include a pop-up dialog box saying, “We’re here to help,” with a call button. If you press the button using your smartphone it dials the scam line.

Given the prevalence of tech support scams, if you have an issue it’s always best to contact your security provider’s support department through official channels, either listed on their website or included in product packaging.

Order & Delivery Scams—It used to be that package and delivery scams were the most prevalent over the holidays, when many people order gifts online, but thanks to the popularity of Amazon.com these scams are appearing year-round.

Traditional package scams usually involve fake messages claiming you have a package arriving and need to provide personal information, or click on what turns out to be a dangerous link. Modern scammers are even mimicking official Amazon notices, with a spoofed Amazon email address. But the latest scam goes one further, tripping up Amazon’s own package tracking service.

When some Amazon users order items from third-party sellers the dodgy sellers ship an empty box to an address near the person who ordered the product, and the delivery is signed for. To Amazon, it appears as though the package was legitimately ordered and received, so they send an email delivery notification to the buyer. The buyer, of course, has not received the product they paid for. Meanwhile, the dodgy third-party seller keeps the money. To respond to these growing scams, Amazon is now supplying users with helpful information on how to spot and report spoofed emails.

Since online scams are evolving and becoming more sophisticated all the time, here are a few tips to help keep you safe:

  • Be careful about what you post online, and never respond to a request for personal information sent via email, text, or social media message unless you personally know and trust the contact.
  • Avoid “free” offers since they are usually a scam.
  • If you receive a message that appears to be from your bank, credit card company, or the government saying there is a problem with an account, call them directly to confirm the issue.
  • Before buying something online, check the seller’s reviews first, and stick to reputable websites and app stores.
  • Always use comprehensive security software and keep it up-to-date.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Top Online Scams & How To Avoid Them appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-online-scams-avoid/feed/ 1
PayPal Users: Here’s What You Need to Know About the New Phishing Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/paypal-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/paypal-phishing-scam/#comments Wed, 06 Dec 2017 01:04:51 +0000 https://securingtomorrow.mcafee.com/?p=82925 It’s the season of giving, which means internet scams are practically everywhere, as cybercriminals are trying to trick eager holiday shoppers. So, it’s unsurprising that yet another scam has emerged, this time targeting millions of PayPal users with manipulative phishing emails. The emails, which are intended to look like they’re from customer support, are trying to […]

The post PayPal Users: Here’s What You Need to Know About the New Phishing Scam appeared first on McAfee Blogs.

]]>
It’s the season of giving, which means internet scams are practically everywhere, as cybercriminals are trying to trick eager holiday shoppers. So, it’s unsurprising that yet another scam has emerged, this time targeting millions of PayPal users with manipulative phishing emails. The emails, which are intended to look like they’re from customer support, are trying to convince users to validate fake transactions.

How it works

This phishing scam does a pretty good job at seeming believable. The email leverages the PayPal logo and the sender’s address appears to be service@paypal.com. Additionally, an order number is referenced and the message claims that the user needs to click a link in order to verify the transaction. The order number is entirely fake, and the link actually leads users to epauypal.com.

From there, victims are lead through an authentication process that asks for name, date of birth, address, mother’s maiden name, and a credit card number. What’s more — the site has a valid SSL certificate, which is the green lock icon in the corner of your browser that indicates that you are connected to the address shown in the address bar.

How to stay protected

Fortunately, there are a few key indicators that reveal the scam’s true colors. First off, the header bar on epauypal.com is missing a “help” link. There’s also no alarm bell for notifications or a gear icon that you can use to update your settings. Plus, normal verification procedures don’t typically involve an additional form like the one from epauypal.com. So be sure to keep an eye out for all these red flags.

However, beyond staying aware of these indicators, there’s a few other things users can do to stay protected from this malicious phishing scam:

  • Go directly to the source. This scam could be easily avoided if users simply go directly to the PayPal website. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal.
  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Place a fraud alert. If you know your data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.
  • Stay secure while you browse. Sometimes it’s hard to identify whether a website, such as epauypal.com, is full of malicious activity or is being operated by a cybercriminal. So, add an extra layer of security to your browser, and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post PayPal Users: Here’s What You Need to Know About the New Phishing Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/paypal-phishing-scam/feed/ 2
Protecting Your Personal Identity During Holidays https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protecting-personal-identity-holidays/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protecting-personal-identity-holidays/#respond Mon, 04 Dec 2017 17:00:08 +0000 https://securingtomorrow.mcafee.com/?p=82903 December is finally upon us, which means the holidays are coming. While we’ll all be thinking about others during this time, it’s not selfish to be thinking about yourself when it comes to protecting your identity. The plethora of massive data breaches — and the millions of consumers they impact — remind us just how […]

The post Protecting Your Personal Identity During Holidays appeared first on McAfee Blogs.

]]>
December is finally upon us, which means the holidays are coming. While we’ll all be thinking about others during this time, it’s not selfish to be thinking about yourself when it comes to protecting your identity. The plethora of massive data breaches — and the millions of consumers they impact — remind us just how important this is. And with the holidays, the risk for identity fraud is only going to increase, since digitally connected consumers, who are likely to do their holiday shopping online, are 30% more likely to be a fraud victims, according to Javelin research.

So, how exactly do you ensure your identity stays yours during the holiday season? While EMV or ‘chipped’ cards have been helping to reduce fraud at brick-and-mortar retail, undeterred fraudsters have focused their efforts online. In fact, they’ve increased “card-not-present” fraud (which is when the customer does not physically present the card to the merchant during the fraudulent transaction) by 40% in 2016, according to Javelin research.

Worse yet, Account Takeover fraud, which is when a fraudster uses a victim’s account information (e.g., a credit card number) to obtain products and services using that person’s existing accounts, spiked by 61%. This just goes to show that fraudsters are the worst kind of innovators. And this also means that, with ever-increasing holiday gifts being purchased online, equipping yourself with identity theft protection tools is more important than ever.

Therefore, as a savvy consumer, it’s important to take a proactive approach to protecting your identity and it all starts with following these best practices:

  • Be selective with your stores. It’s important you only shop from retailers you know and trust. When surfing the web for gifts, be sure to look for icons such as a padlock or unbroken key at the top or bottom of your browser as a sign that encryption is used.
  • Create strong passwords. It’s important you safeguard the accounts containing personal information with a strong and unique password. The more complex your password is, the more difficult it will be to crack. An online account containing your sensitive data should not be locked with passwords like “12345” or “password.”
  • Be wary of holiday scams. Crooks are hoping to trick eager and giving consumers into giving up their personal info with fake holiday scams. So, be careful about how much personal information you share online and never respond to emails or text messages requesting sensitive data unless you know and trust the source. Remember, if it sounds too good to be true, it usually is.
  • Regularly review your online account info. Things like regularly reviewing transactions online and making sure account contact info hasn’t changed are also good for keeping tabs on anyone trying to hijack your account.
  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Protecting Your Personal Identity During Holidays appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protecting-personal-identity-holidays/feed/ 0
How to Keep Your Data & Devices Safe While Traveling https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/keep-data-devices-safe-traveling/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/keep-data-devices-safe-traveling/#respond Fri, 01 Dec 2017 21:05:08 +0000 https://securingtomorrow.mcafee.com/?p=82897 Whether you are traveling for the holidays, summer break, or for business, there are steps you can take to make sure that your devices are travel-ready. Whether you realize it or not, you can face new dangers while you’re on the road and away from your secure home network. Not only are devices more likely […]

The post How to Keep Your Data & Devices Safe While Traveling appeared first on McAfee Blogs.

]]>
Whether you are traveling for the holidays, summer break, or for business, there are steps you can take to make sure that your devices are travel-ready. Whether you realize it or not, you can face new dangers while you’re on the road and away from your secure home network. Not only are devices more likely to be lost or stolen, you also run a greater risk of connecting to an unsecured network, or leaking your location and private information to potential crooks or scammers. That’s why it’s important to take the following precautions before you travel with your technology.

Know Your Networks—If you plan to stay connected while you’re away, be very careful about which networks you use, and avoid free Wi-Fi, like those offered in many airports, cafes and hotels, which may or may not be secure. It’s very easy for a hacker to access the private information stored on your device over an unsecured network. They simply use a piece of software to scan the network and look for any services you may have left open. Or, they can setup their own free Wi-Fi network in a public place, giving them access to any device that connects with it. That’s why you should make sure that you only use password-protected networks, at the least.

If you are on your mobile device consider turning off Wi-Fi all together and connecting through your network provider. They use encryption to scramble your data so third parties cannot read it.

Consider investing in a virtual private network (VPN), which is a piece of software that allows you to connect to a secure network over the Internet.

Turn Off Location Information—Many apps and online services track your location in order to map or tag you to certain spots, but unless you need navigation help while on the road you should turn this option off.

Sharing your location while you’re away can be dangerous since it alerts potential thieves when your home is empty. You should also avoid posting social media updates and photos while on vacation, for the same reason. Wait until you return home to tell people about your trip.

It’s also a smart idea to check to see if services you use access your location even though they don’t need this information to work properly. If so, turn off the location sharing option if you can, or consider deleting nosy apps to protect your privacy.

Use Mobile Security—Locking your devices with a PIN code so strangers cannot access your data is a great first step, but you should also consider comprehensive mobile security. This can help safeguard you from malware, risky links sent in email or via text, and even provide anti-theft protection. For instance, McAfee Mobile Security allows you to track a lost or stolen device, and even sound an alarm and take a picture of the culprit. It also allows you to lock down your sensitive apps, for banking or shopping, for instance, so they cannot be accessed even if your device falls into the wrong hands.

Don’t Leave Your Devices Unattended—Considering that we now carry our whole lives on our devices, including identity information, contacts, banking logins, and more, it’s essential that you do not leave your devices unattended in public. Make sure to keep them tucked away, with both screen locks and mobile security activated. Also, avoid loaning your devices to strangers to make a phone call or look something up, for instance, since this could be a scam.

Travel Data Light—Consider using a pared down phone while on the road that only has the apps you need, such as mapping, and allows you to make calls. That way, you’re not putting all of your critical data at risk if your device is lost or stolen. If you are traveling abroad, picking up a cheap phone to use while out of the country also gives you the advantage of being able to call and text at local rates.

Backup All Your Data—Do this before you go, just in case you lose your device. This way you still have all your data, no matter what happens.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How to Keep Your Data & Devices Safe While Traveling appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/keep-data-devices-safe-traveling/feed/ 0
Massive Security Flaw for High Sierra Macs Emerges https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-flaw-high-sierra-macs/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-flaw-high-sierra-macs/#respond Thu, 30 Nov 2017 19:10:28 +0000 https://securingtomorrow.mcafee.com/?p=82877 When it comes to cybersecurity, we’ve seen our fair share of device flaws. Sometimes, hackers leverage these vulnerabilities to execute complicated attacks that compromise your data. And sometimes, there are flaws that hardly require cybercriminals to lift a finger. Just yesterday, a massive flaw emerged that embodies the latter. This vulnerability is found in High […]

The post Massive Security Flaw for High Sierra Macs Emerges appeared first on McAfee Blogs.

]]>
When it comes to cybersecurity, we’ve seen our fair share of device flaws. Sometimes, hackers leverage these vulnerabilities to execute complicated attacks that compromise your data. And sometimes, there are flaws that hardly require cybercriminals to lift a finger. Just yesterday, a massive flaw emerged that embodies the latter. This vulnerability is found in High Sierra Macs, and allows anyone to log into a device just by typing “root” in the user name field.

How it works

Anyone can access this flaw by first going to “System Preferences” on the home page of a Mac computer and then entering one of the panels that has a lock in the lower left-hand corner. This is usually where you would go to enter in your name and password, which is required when installing an application or changing settings. From there, simply type “root” as a username, leave the password field blank, click “unlock” twice, and you’ll immediately gain full access to the device.

This essentially means that anyone that gets their hands on your computer could gain the deepest level of access to your device, otherwise known as “root” privileges. They could add administrators, change critical settings, even lock out the current owner. What’s more – this flaw could allow malware to install itself deep within your computer, especially since no password is required for access.

Fortunately, Apple has stated that a fix is on the way and workaround is available in the interim. They explained, “in the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

How to stay protected

So, the next question is – what can you do to ensure your Mac stays secure? Start by following these tips:

  • Do not leave your Mac unattended until this is resolved. With this vulnerability, the main way someone can access your files is by first and foremost accessing your physical device. So be sure to never leave your computer unattended, or hand it over to someone you don’t know that well.
  • Update regularly. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. And even though a fix for this particular flaw has not been issued yet, it’s certainly on the way.
  • Install comprehensive security. After you’ve updated your devices with the latest software, be sure to install comprehensive security. A solution like McAfee LiveSafe can ensure your devices are protected from cybercriminals wishing to leverage this vulnerability in order to steal your personal data.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Massive Security Flaw for High Sierra Macs Emerges appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-flaw-high-sierra-macs/feed/ 0
Key Takeaways for Consumers From Our 2018 Threats Predictions Report https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/2018-threats-predictions-report/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/2018-threats-predictions-report/#respond Wed, 29 Nov 2017 18:17:16 +0000 https://securingtomorrow.mcafee.com/?p=82844 As 2017 winds down, we all start looking ahead and anticipate what’s to come for 2018. For us at McAfee, that means examining what the cybersecurity landscape will look like in the new year, and what threats we think will be on the rise. The Report examines what the state of cybersecurity is going to […]

The post Key Takeaways for Consumers From Our 2018 Threats Predictions Report appeared first on McAfee Blogs.

]]>
As 2017 winds down, we all start looking ahead and anticipate what’s to come for 2018. For us at McAfee, that means examining what the cybersecurity landscape will look like in the new year, and what threats we think will be on the rise. The Report examines what the state of cybersecurity is going to look like with new devices, new risks, and new threats appearing every day. I found two main predictions that consumers need starting thinking about now.

Top 2018 threats predictions for consumers

Homes will become the ultimate storefront

Most of us view our home as a safe and private space. But as IoT devices fill households everywhere, companies will have powerful incentives to observe what you are doing in your home, and probably learn more than you want to share. The McAfee Labs team predicts corporations will get creative with IoT devices and explore new ways to capture the data shared with them. They’ll find ways to adjust to data privacy fines, and change the terms and conditions on your product or service to cover their lapses. Simply put, it’s going to be more challenging to secure your personal privacy when using IoT devices. What’s more – this means the next year will probably see a significant increase in data breaches.

Securing your child’s digital future

Children are introduced to the digital landscape earlier than ever before. And although they face an exciting future of gadgets, services, and experiences, they also face bigger risks to their privacy. Our Labs team believes that in 2018 organizations will begin to collect and leverage the digital content generated by children to achieve user app “stickiness,” which means its important parents begin teaching them how to make the most of this bright future while using apps and devices in a secure way. The way we share online makes our lives very public, so the consequences of a thoughtless post or online interaction can unfortunately do some serious damage.

How to stay protected

It’s important you get proactive in order to prevent these predictions from impacting your personal security in 2018. You can protect both you and your family from these incoming threats by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product and manufacturer will often do the trick.
  • Talk to your kids. The best way to ensure your child is staying safe online is to talk to them. Ask them about what they do online and encourage safe behavior like avoiding interacting with individuals they don’t know in real life and being selective with the data they give to apps and services.
  • Fight IoT attacks with streamlined security. Instead of managing the security of each individual IoT device in your home, use a more streamlined security technique, like protecting the network that all of these apps connect to with McAfee Secure Home Platform.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Takeaways for Consumers From Our 2018 Threats Predictions Report appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/2018-threats-predictions-report/feed/ 0
The Uber Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/uber-data-breach-consumers-need-know/ https://securingtomorrow.mcafee.com/consumer/uber-data-breach-consumers-need-know/#comments Wed, 22 Nov 2017 01:31:10 +0000 https://securingtomorrow.mcafee.com/?p=82651 Ride-sharing apps are one of the most successful innovations of the modern digital age. Practically everyone who has a smart phone uses them. When it was discovered today that Uber, the leader in the ride-sharing space, was hit with a massive data breach back in 2016, all of our ears perked up. Let’s look at […]

The post The Uber Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
Ride-sharing apps are one of the most successful innovations of the modern digital age. Practically everyone who has a smart phone uses them. When it was discovered today that Uber, the leader in the ride-sharing space, was hit with a massive data breach back in 2016, all of our ears perked up. Let’s look at what happened, and what consumers need to know.

So far, the precise details on the hack are still unclear—however, according to Bloomberg, (who broke the story earlier today) two cybercriminals were able to access a private area of Github, an online resource for developers. From there, they seem to have found Uber’s log-in credentials to Amazon Web Services (Amazon’s cloud computing service). Then, these hackers were able to steal 57 million names, email addresses, and mobile phone numbers. Uber said within that number, 600,000 drivers had their names and license details exposed. A resource page for those affected has been set up and drivers have been offered free credit monitoring protection. But as of now, affected customers will not be given the same resources.

This cyberattack is a testament to the growing trend to target companies whose rapid growth is stifled by their ability to safeguard sensitive data. So now the question is, what do the impacted customers and drivers do next?

  • Change your password. Stealing millions of emails could mean multiple things. Cyber criminals could use those stolen emails to try and guess your Uber login, or gain access to other accounts. So, do your due diligence and change up your password to all accounts attached to that email you use to login with Uber.
  • Stay vigilant. Another way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email.
  • Monitor your credit card statement. If cybercriminals are able to leverage the data to gain access to accounts, there’s potential they gain access to financial data, too. And as we know, it’s better to be safe than sorry. Be sure to consistently scan your credit card statement for any suspicious or irregular activity. If you see anything odd, flag to your bank immediately.
  • Lock down your mobile device. If for some reason the Uber app is impacted by this attack, or in the future, it’s best you ensure the data stored on your mobile device is secure. To do just that, use a mobile security solution such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post The Uber Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/uber-data-breach-consumers-need-know/feed/ 1
How Cybercriminals Are Shopping for Personal Data This Black Friday https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cybercriminals-black-friday/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cybercriminals-black-friday/#respond Tue, 21 Nov 2017 22:15:38 +0000 https://securingtomorrow.mcafee.com/?p=82602 Thanksgiving is here, which means it’s time to stuff our bellies and prep our bank accounts for lots of bargain shopping. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from stuffing and turkey toward holiday shopping. They also get quite a bit attention from cybercriminals, […]

The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blogs.

]]>
Thanksgiving is here, which means it’s time to stuff our bellies and prep our bank accounts for lots of bargain shopping. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from stuffing and turkey toward holiday shopping. They also get quite a bit attention from cybercriminals, so it’s unsurprising that a new Black Friday scam has emerged this holiday season, which includes more than 32,000 malicious Black Friday-themed apps spoofing the branding of top U.S. online retailers.

According to a recent report, one in 25 Black Friday apps are fake, with at least 15 malicious Black Friday apps for each of the top five U.S. e-commerce brands. These apps are said to scam users in a multitude of ways, either tricking shoppers into entering credit card information, giving up Facebook and Gmail log-in details, or even downloading malware and ransomware. Plus, they’re available on legitimate app stores such as the Apple App Store or Google Play.

But the threats don’t just stop there. As our Most Hackable Gifts survey highlighted, both online holiday shopping and the gifts being bought make personal data more vulnerable than ever. Laptops, smartphones, tablets, IoT toys, digital assistants – the gifts that fill our wish lists are make cybercriminals feel like kids on Christmas morning. Beyond these vulnerable gifts, there’s also the potential for scammers to create fake retailer microsites, invent targeted phishing scams for fake deals, create malvertisements, or execute new malware to swoop all the financial data from physical point-of-sale systems. Therefore, it’s important consumers understand securing their information now more than ever. To do just that, follow these tips:

  • Go to the source. One easy way to avoid counterfeit Black Friday apps is to go to the retailer’s website on your mobile browser and look for a link to the app from their website. With Safari on iOS, if a website already has an app, you will get a box at the top asking if you want to open the page in the app or download the app if it isn’t already installed.
  • Avoid “too good to be true” deals. With Black Friday and Cyber Monday, we’re all trying to save as much money as we can. But here’s the reality: if a deal seems too good to be true, it often is. These deals are usually a cybercriminal attempting to lure you in via phishing so that you cough up your personal data. Trust deals that are advertised directly from the vendor, and if you’re unsure about their legitimacy, scan their site or call their support line for reassurance.
  • Pay with a credit card. Credit cards overall offer better protection against financial fraud than debit cards. You won’t be liable for fraudulent purchases and the thieves won’t be able to drain your bank account if they get ahold of your account number. Any abnormal use of your credit card number will be automatically flagged or not approved by your bank.
  • Use a mobile security solution. As fake or malicious Black Friday apps work to infect mobile devices, be sure to cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cybercriminals-black-friday/feed/ 0
Top Tips For Securing Your Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-tips-securing-devices/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-tips-securing-devices/#respond Fri, 17 Nov 2017 18:04:59 +0000 https://securingtomorrow.mcafee.com/?p=82487 By now most of us know how important it is to protect our computers and smartphones from malware and other threats, but what about the connected devices we have in our homes?  You might not have thought about it before, but devices like your router, security cameras, baby monitor, and smart appliances can also be […]

The post Top Tips For Securing Your Devices appeared first on McAfee Blogs.

]]>
By now most of us know how important it is to protect our computers and smartphones from malware and other threats, but what about the connected devices we have in our homes?  You might not have thought about it before, but devices like your router, security cameras, baby monitor, and smart appliances can also be hacked if you don’t take steps to protect them.

You may remember last year when major websites such as Twitter, Amazon and GitHub were all knocked offline in a high-profile attack that used thousands of infected webcams to overload the sites with traffic. The cybercriminals behind the attack took advantage of the lax security in consumer webcams, accessing them without the owners’ knowledge.

Given how easy it is for hackers to reach unprotected network devices, it’s worth taking a few minutes to learn how to safeguard them. This way your devices cannot be accessed as part of a larger attack, or used to invade your privacy, or even steal your data.

Tips for Protecting Your Devices:

Know your devices—Before you invest in a new device, know what it does and does not do. For instance, a smart fridge or speaker may sound cool, but what if you knew it could be tampered with to eavesdrop on you? Make sure that any features you’re not comfortable with can be turned off.

Reset & apply any updates—Out of precaution, reset new devices to ensure they work as intended, and haven’t been altered in the supply chain to do something nefarious, such as leak data. Refer to your manual to see if there is a reset button.

Once you’ve done that, check to see if there are any firmware updates or security fixes that have become available since you purchased it. This is often the case with routers, and you can check for updates by following the manufacturer’s online instructions.

Change the default password—Many connected devices are protected with a default password. You’ll want to change the manufacturer’s default password as soon as possible. This is because default passwords are widely known by hackers, allowing them to easily access your device. Change the default password to something random and difficult to guess, and don’t re-use passwords.

Use encryption & a firewall—When setting up your home Wi-Fi make sure to turn on the Wi-Fi Protected Access (WPA2) encryption protocol, which scrambles the data sent over the network so that third parties cannot read it. You’ll also want to use a firewall to prevent unauthorized users from accessing the network.

Consider a private network—Most home routers have the option of creating a VLAN, or virtual local area network, which allows you to create a private network just for your devices. This network could be separate from your computer network, making it impossible for cybercriminals to reach your devices through your home computers.

Alternatively, investing in a product such as Secure Home Platform will provide security to all of your connected devices, from computers and smartphones, to IoT devices.

Use comprehensive security—Services like McAfee Total Protection™ also offer cross-device support, as well as secure cloud backup to make sure that your private information is protected.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Top Tips For Securing Your Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-tips-securing-devices/feed/ 0
Grabos Malware Discovered On 144 Trojanized Android Apps https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/#respond Wed, 15 Nov 2017 17:48:24 +0000 https://securingtomorrow.mcafee.com/?p=82380 This blog was updated March 2018. Cybercriminals have been practically relentless in their attacks against the Android OS, and McAfee’s own Mobile Research team has discovered yet another attempt at infecting Android devices. Named Grabos, the malware was first discovered by the team in the Android application “Aristotle Music audio player 2017,” which claimed to […]

The post Grabos Malware Discovered On 144 Trojanized Android Apps appeared first on McAfee Blogs.

]]>
This blog was updated March 2018.

Cybercriminals have been practically relentless in their attacks against the Android OS, and McAfee’s own Mobile Research team has discovered yet another attempt at infecting Android devices. Named Grabos, the malware was first discovered by the team in the Android application “Aristotle Music audio player 2017,” which claimed to be a free audio player on Google Play. However, we’ve since found the threat present in 144 trojanized applications on Google Play.

What is it and how does it work?

Let’s start with Aristotle. The music app puts on a good face – it has a good rating on Google Play, and has even been installed between one and five million times. However, one user comment mentioned that the application was indeed detected as malware. Once our Mobile Research team identified Grabos on the application, they flagged it to Google, who removed it from Google Play.

But then the team discovered a lot more Grabos on Google Play. In fact, they found another 143 applications that were infected with the Android malware. Out of these 143 applications, they were able to examine 34 and found that they had an average rating of 4.4, and between 4.2 million and 17.5 million users had downloaded these apps. Fortunately,those apps have since been removed from Google Play.

So, how exactly was Grabos able to maneuver its way onto so many applications? The malware was likely able to move past Google Play security measures because its code is protected with a commercial obfuscator, which essentially makes it difficult to analyze the app without launching it first.

Grabos also developed a few unique capabilities, one being the ability to distinguish and inject code accordingly into “fake” vs “real” apps, which our other blog outlines. Additionally, it can communicate with a command and control server about the devices it infects with these trojanized apps. This device information includes: Android version, build model, device location, device configuration, specific apps installed, the list goes on.

Mind you, after collecting information on already installed apps, the C&C server creates fake custom notifications to trick users into installing additional applications. This may in fact reveal the malware’s true intentions — to make money by promoting the installation of apps.

How do I protect myself?

Now, as the McAfee Labs Threats Report: March 2018 tells us, new mobile malware has in fact decreased by 35% from Q3. But in 2017 total mobile malware experienced a 55% increase, so it’s important users are still thinking about how to secure their devices. To ensure you keep your Android devices safe, be sure to follow these tips:

  • Do your homework. Before you download an app, make sure you head to the reviews section of an app store first. Grabos could’ve been avoided if a user read one of the comments, so be sure to thoroughly sift through the reviews, and read through the comments section. It helps to research the developer too. When in doubt, don’t download any app that is remotely questionable.
  • Limit the amount of apps. Only install apps you think you need and will use regularly. If you still a promotion for an app you did not seek out, avoid clicking on it entirely. And if you no longer use an app, uninstall it to keep it from accessing your information unnecessarily. This will help you save memory and reduce your exposure to threats such as Grabos.
  • Use a mobile security solution. As malware campaigns continue to infect mobile devices, be sure to cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Grabos Malware Discovered On 144 Trojanized Android Apps appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/feed/ 0
A Cybersecurity Carol: Key Takeaways From This Year’s Most Hackable Holiday Gifts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-hackable-gifts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-hackable-gifts/#respond Tue, 14 Nov 2017 05:01:52 +0000 https://securingtomorrow.mcafee.com/?p=81985 Now, in its third year, the McAfee Most Hackable Holiday Gifts survey is here again to examine how consumers approach device security around the holidays, and what they need to stay secure while staying in the yuletide sprit. Let’s take a look at what we can learn from McAfee’s Most Hackable Holiday Gifts past, present, and future.

The post A Cybersecurity Carol: Key Takeaways From This Year’s Most Hackable Holiday Gifts appeared first on McAfee Blogs.

]]>
A classic holiday story is A Christmas Carol by Charles Dickens, which tells the tale of how a grumpy man learns from his mistakes, as guided by the Ghosts of Christmas Past, Present and Future. Funny enough, our most Hackable Gifts Campaign resembles this tale, as there are lessons we’ve learned around holiday shopping in year’s past, important takeaways from this year’s findings, and, of course, things we need to start thinking ahead to. Now, in its third year, the McAfee Most Hackable Holiday Gifts survey is here again to examine how consumers approach device security around the holidays, and what they need to stay secure while staying in the yuletide sprit. Let’s take a look at what we can learn from McAfee’s Most Hackable Holiday Gifts past, present, and future.

The Past

Just like last year, consumers realize the importance of protecting their online identity and internet-connected devices, but are unsure if they are taking the right security measures or don’t care to make security a giant priority. Out of the 1,206 adults surveyed this year, 20% of consumers are not worried about internet security and would still buy a must-have connected device if they knew it was susceptible to security breaches. For 40%, security is not a top priority, but considered after purchase.

This is troubling because, just like last year, the top spot for the Most Hackable Gifts is internet-connected devices. Specifically– laptops, smartphones, and tablets, which are common gifts as they tend to be released around the holidays.

Also like last year, both drones and smart home appliances make our Most Hackable Gift list. However, it’s important to keep in mind that drones can be hacked in flight and smart home devices can be used as pawns in a distributed denial of service attack (DDoS). So, it’s crucial to be wary when eyeing both as potential gifts for loved ones.

The Present

Fast forward to Most Hackable Gifts 2017, and a few things have changed with the present. For instance, media players and streaming sticks took one of the top spots on our gift guide last year, but were replaced by connected toys. Since manufacturers are rushing to connect almost everything to the internet, it only makes sense that the toys that children play with are no different. Many toys come equipped with GPS chips, microphones and even cameras. But manufacturers may not be putting these devices’ security as a top priority, which could leave these toys vulnerable to leaking personal information or even allow hackers to hijack the camera or microphone. Another new device on our list: digital assistants. They are the new hot item of 2017, and make great gifts for just about anyone, but like any connected device, digital assistants can be the target of cybercriminals.

And since connected devices are more popular than ever in present day, it only makes sense that consumers have now started trading them in for an upgrade. In fact, 50% of respondents plan to give away or sell an old connected device after receiving a new one for the holidays, but 20% claim they do not know how to permanently delete their personal information before selling or giving away old devices.

The Future

Now, the holiday season is practically here. But that doesn’t mean it’s too late to start preparing for your future security. To ensure your future is merry and bright (and not full of cyberattacks) follow these tips:

  • Change default passwords, and do an update right away. If you receive a connected gift, change the default password first and foremost. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Research before you buy. It’s important you do your homework to make sure that the toy you are purchasing has not had any reported security issues. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Secure your home’s internet at the source. You can do this by using a solution like McAfee Secure Home Platform to ensure that you know what is connecting to your network and the devices on it. Additionally, be sure to read the privacy policies provided by manufacturers so you know exactly what information your device is collecting.

To learn more about hackable toys and see the misadventures of Ted and Ned check out our website. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post A Cybersecurity Carol: Key Takeaways From This Year’s Most Hackable Holiday Gifts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-hackable-gifts/feed/ 0
Why Social Engineering is a Scammer’s Secret Weapon https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-engineering-scammers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-engineering-scammers/#respond Fri, 10 Nov 2017 17:00:04 +0000 https://securingtomorrow.mcafee.com/?p=82158 Criminals and scammers love to trick, deceive and manipulate their victims into handing over sensitive information, and money. This kind of exploitation is often referred to as social engineering, and it’s worth knowing about because although the scams change, the methods remain the same. Social engineering can happen online, over the phone, or even in […]

The post Why Social Engineering is a Scammer’s Secret Weapon appeared first on McAfee Blogs.

]]>
Criminals and scammers love to trick, deceive and manipulate their victims into handing over sensitive information, and money. This kind of exploitation is often referred to as social engineering, and it’s worth knowing about because although the scams change, the methods remain the same.

Social engineering can happen online, over the phone, or even in person. Scammers often try to win your trust by pretending to be legitimate businesses or person, offering you a great deal, or playing on your sympathies. Just think of the now-famous Nigerian prince scam, in which fraudsters would ask for help accessing a large sum of money, and request the victim’s banking details to complete a money transfer in exchange for a payout. Not only did these scams play on victims’ sympathies, but also their desire for easy money. Modern-day scams work much the same way.

Let’s take a look at some of the most popular scams now, and how social engineering plays a part.

Ransomware—This online threat has grabbed headlines for a reason: it’s frightening, and it works. Ransomware, which has grown exponentially over the last three years, usually starts with the victim downloading what looks like an innocuous file, or even clicking on a dangerous webpage. Scammers use social engineering to get users to click by offering something free (like a gaming app), or enticing, like an email prize notification, or shocking headline.

Once the victim downloads the infected file, it locks up their computer or device and demands money before the victim can regain access to their files. These could include personal photos or sensitive tax and identity information, which is what makes this scam so scary. The trick is, even if you pay the ransom you may never get access to your files. That’s why it’s crucial to back up your files on an external hard drive or through a cloud storage service.

The CEO Scam—This scam is usually done via email, and takes advantage of our assumption that anything that comes from a known email address can be trusted. The cybercriminals will spoof, or fake, an email address of a top executive in a company and then use that spoofed address to send messages requesting sensitive or private information from other members of the organization, like wage details, Social Security numbers, and financial records.

This data can then be used to file a fraudulent tax return and receive a refund, or apply for credit in a victim’s name, for example. Because the email address appears to come from within the organization, and recipients are accustomed to complying with work requests, it’s a very easy scam to fall for.

The Free Vacation Scam—Always a classic, the phone scam still hooks a ton of victims each year. Once again, the social engineering scammers are taking advantage of our desire for things that are free, or a great deal. They usually start by telling the victims that they have won a vacation to Las Vegas or another sought-after locale, and all they need to do is provide their credit card number to pay for a tax or other fees.

Now that you know how social engineering works in common scams, here are some tips to help you steer clear of any new versions of these old tricks:

  • Always be suspicious of any free offers, including free mobile apps.
  • Never respond to a request for sensitive or private information, even if it appears to come from a trusted source. If you have doubts, message or email the person directly from your saved contact details, or better yet, talk to them in person to confirm their request.
  • Register both your home and mobile numbers on the “do not call” list to avoid phone scams.
  • Don’t accept friend requests from people you don’t know in real life, and never respond to texts from strangers.
  • Be careful when opening email attachments. Make sure you know the sender and have requested the attached information first.
  • Use comprehensive security software to help protect you from malware, ransomware, and other online threats.
  • Keep up-to-date on the latest scams so you know what to look out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Why Social Engineering is a Scammer’s Secret Weapon appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-engineering-scammers/feed/ 0
Marcher Malware Uses Both Credential and Credit Card Phishing to Steal Financial Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/marcher-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/marcher-malware/#respond Tue, 07 Nov 2017 23:43:24 +0000 https://securingtomorrow.mcafee.com/?p=82053 Actors turned models turned singers — pretty much the definition of a “triple threat” in the entertainment industry. However, the definition changes a bit for the cybersecurity space, as Android users are faced with a different type of “triple threat.” In fact, it’s a new attack campaign involving three malicious tactics: credential phishing, credit card […]

The post Marcher Malware Uses Both Credential and Credit Card Phishing to Steal Financial Data appeared first on McAfee Blogs.

]]>
Actors turned models turned singers — pretty much the definition of a “triple threat” in the entertainment industry. However, the definition changes a bit for the cybersecurity space, as Android users are faced with a different type of “triple threat.” In fact, it’s a new attack campaign involving three malicious tactics: credential phishing, credit card data theft, and the Marcher banking trojan.

What is it and how does it work?

The newest form of Marcher pairs credential and credit card phishing with banking trojans into one multi-step scheme. The attack starts with a phishing email containing a bit.ly link to a fake version of the Bank Austria login page, which was registered to a variety of domains containing “bankaustria” in the title in order to give the appearance of legitimacy. Upon opening the page, users will be asked to supply their customer details, email, and phone number– which gives the attackers what they need for the next stage of the attack.

Leveraging the customer data that was provided by the unknowing user, the attack intimidates the victim into downloading the “new Bank Austria” app, aka a fake app. The user is then directed to a link for app download. Once installed, the app asks permission to a plethora of personal data and device settings, and places a legitimate looking icon on the phone’s home screen. Mind you, the app and everything involved in the campaign uses stolen branding from Bank Austria. So, it’s easy to believe that this scam is the real thing.

Finally, Marcher moves onto data collection. But it’s important to remember — this version of Marcher isn’t just a banking trojan, it also enables the direct theft of credit card details. Plus, beyond stealing credit card info and banking details, the threat also goes after date of birth, address, and password data.

How do I protect myself?

So far, it’s been reported that this campaign has tricked almost 20,000 people into divulging their personal information. Plus, new campaigns targeting Raffeisen and Sparkasse banks are already underway. Therefore, the next step is to start thinking about protection. To ensure your personal and financial information stays secure, follow these tips:

  • Be careful what you click on. This malware, like many others before it, was distributed via phishing emails. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Always use legitimate app stores. This malware campaign depends on victims downloading a fake app outside of a legitimate app store. It’s crucial users only download applications by heading directly to official stores, like Google Play or the Apple App store, to ensure they don’t become part of larger malware schemes like Marcher.
  • Place a fraud alert. If you know your data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.
  • Use a mobile security solution. As malware campaigns continue to infect mobile devices, be sure to cover these devices with a mobile security solution, such as McAfee Mobile Security, which is prepared to protect your data from Marcher malware and others like it.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Marcher Malware Uses Both Credential and Credit Card Phishing to Steal Financial Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/marcher-malware/feed/ 0
Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/malaysian-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/malaysian-data-breach/#respond Fri, 03 Nov 2017 16:54:03 +0000 https://securingtomorrow.mcafee.com/?p=81979 There are data breaches that impact an entire customer group, or even a certain state. And then there are data breaches that impact practically everyone in a nation. This actually happened this week, as practically every citizen of Malaysia, a country that boasts a population of some 31.2 million, was impacted by a cyberattack. A […]

The post Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers appeared first on McAfee Blogs.

]]>
There are data breaches that impact an entire customer group, or even a certain state. And then there are data breaches that impact practically everyone in a nation. This actually happened this week, as practically every citizen of Malaysia, a country that boasts a population of some 31.2 million, was impacted by a cyberattack. A complex data breach compromised over 46.2 million mobile numbers, which could mean multiple numbers for one person, as well as exposed details such as home addresses and SIM card information.

This attack actually first came to light last month, when Lowyat.net, a local technology news website, reported receiving a tip-off that someone was attempting to sell huge databases of personal data. From there, the Malaysian Communications and Multimedia Commission (MCMC) began looking into the matter with the police.

The police have since claimed to have identified multiple potential sources of the leak, but have yet to name them. However, one researcher speculated at the strategy behind these attacks, telling ZDNe