Gary Davis – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Thu, 15 Aug 2019 19:17:23 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Gary Davis – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cerberus-banking-trojan/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cerberus-banking-trojan/#respond Thu, 15 Aug 2019 19:17:23 +0000 https://securingtomorrow.mcafee.com/?p=96437

A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim’s contact list. What’s more, the author of the Cerberus […]

The post The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data appeared first on McAfee Blogs.

]]>

A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim’s contact list. What’s more, the author of the Cerberus malware has decided to rent out the banking trojan to other cybercriminals as a means to spread these attacks.

According to The Hacker News, the author claims that this malware was completely written from scratch and doesn’t reuse code from other existing banking trojans. Researchers who analyzed a sample of the Cerberus trojan found that it has a pretty common list of features including the ability to take screenshots, hijacking SMS messages, stealing contact lists, stealing account credentials, and more.

When an Android device becomes infected with the Cerberus trojan, the malware hides its icon from the application drawer. Then, it disguises itself as Flash Player Service to gain accessibility permission. If permission is granted, Cerberus will automatically register the compromised device to its command-and-control server, allowing the attacker to control the device remotely. To steal a victim’s credit card number or banking information, Cerberus launches remote screen overlay attacks. This type of attack displays an overlay on top of legitimate mobile banking apps and tricks users into entering their credentials onto a fake login screen. What’s more, Cerberus has already developed overlay attacks for a total of 30 unique targets and banking apps.

So, what can Android users do to secure their devices from the Cerberus banking trojan? Check out the following tips to help keep your financial data safe:

  • Be careful what you download.Cerberus malware relies on social engineering tactics to make its way onto a victim’s device. Therefore, think twice about what you download or even plug into your device.
  • Click with caution.Only click on links from trusted sources. If you receive an email or text message from an unknown sender asking you to click on a suspicious link, stay cautious and avoid interacting with the message altogether.
  • Use comprehensive security. Whether you’re using a mobile banking app on your phone or browsing the internet on your desktop, it’s important to safeguard all of your devices with an extra layer of security. Use robust security software like McAfee Total Protection so you can connect with confidence.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post The Cerberus Banking Trojan: 3 Tips to Secure Your Financial Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cerberus-banking-trojan/feed/ 0
Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/back-to-school-survey/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/back-to-school-survey/#respond Tue, 13 Aug 2019 13:00:43 +0000 https://securingtomorrow.mcafee.com/?p=95987

With summer coming to a close, it’s almost time for back to school! Back to school season is an exciting time for students, especially college students, as they take their first steps towards independence and embark on journeys that will shape the rest of their lives. As students across the country prepare to start or […]

The post Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season appeared first on McAfee Blogs.

]]>

With summer coming to a close, it’s almost time for back to school! Back to school season is an exciting time for students, especially college students, as they take their first steps towards independence and embark on journeys that will shape the rest of their lives. As students across the country prepare to start or return to college, we here at McAfee have revealed new findings indicating that many are not proactively protecting their academic data. Here are the key takeaways from our survey of 1,000 Americans, ages 18-25, who attend or have attended college:

Education Needs to Go Beyond the Normal Curriculum

While many students are focused on classes like biology and business management, very few get the proper exposure to cybersecurity knowledge. 80% of students have been affected by a cyberattack or know a friend or family member who has been affected. However, 43% claim that they don’t think they will ever be a victim of a cybercrime in the future.

Educational institutions are very careful to promote physical safety, but what about cyber safety? It turns out only 36% of American students claim that they have learned how to keep personal information safe through school resources. According to 42% of our respondents, they learn the most about cybersecurity from the news. To help improve cybersecurity education in colleges and universities, these institutions should take a certain level of responsibility when it comes to training students on how they can help keep their precious academic data safe from cybercriminals.

Take Notes on Device Security

Believe it or not, many students fail to secure all of their devices, opening them up to even more vulnerabilities. While half of students have security software installed on their personal computers, this isn’t the case for their tablets or smartphones. Only 37% of students surveyed have smartphone protection, and only 13% have tablet protection. What’s more, about one in five (21%) students don’t use any cybersecurity products at all.

Class Dismissed: Cyberattacks Targeting Education Are on the Rise

According to data from McAfee Labs, cyberattacks targeting education in Q1 2019 have increased by 50% from Q4 2018. The combination of many students being uneducated in proper cybersecurity hygiene and the vast array of shared networks that these students are simultaneously logged onto gives cybercriminals plenty of opportunities to exploit when it comes to targeting universities. Some of the attacks utilized include account hijacking and malware, which made up more than 70% of attacks on these institutions from January to May of 2019. And even though these attacks are on the rise, 90% of American students still use public Wi-Fi and only 18% use a VPN to protect their devices.

Become a Cybersecurity Scholar

In order to go into this school year with confidence, students should remember these security tips:

  • Never reuse passwords. Use a unique password for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. You can also use a password manager so you don’t have to worry about remembering various logins.
  • Always set privacy and security settings. Anyone with access to the internet can view your social media if it’s public. Protect your identity by turning your profiles to private so you can control who can follow you. You should also take the time to understand the various security and privacy settings to see which work best for your lifestyle.
  • Use the cloud with caution. If you plan on storing your documents in the cloud, be sure to set up an additional layer of access security. One way of doing this is through two-factor authentication.
  • Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to keep your connection secure.
  • Discuss cyber safety often. It’s just as important for families to discuss cyber safety as it is for them to discuss privacy on social media. Talk to your family about ways to identify phishing scams, what to do if you may have been involved in a data breach, and invest in security software that scans for malware and untrusted sites.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Dorms, Degrees, and Data Security: Prepare Your Devices for Back to School Season appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/back-to-school-survey/feed/ 0
23M CafePress Accounts Compromised: Here’s How You Can Stay Secure https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cafepress-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cafepress-breach/#respond Thu, 08 Aug 2019 16:11:19 +0000 https://securingtomorrow.mcafee.com/?p=96379

You’ve probably heard of CafePress, a custom T-shirt and merchandise company allowing users to create their own unique apparel and gifts. With a plethora of users looking to make their own creative swag, it’s no surprise that the company was recently targeted in a cybercriminal ploy. According to Forbes, CafePress experienced a data breach back […]

The post 23M CafePress Accounts Compromised: Here’s How You Can Stay Secure appeared first on McAfee Blogs.

]]>

You’ve probably heard of CafePress, a custom T-shirt and merchandise company allowing users to create their own unique apparel and gifts. With a plethora of users looking to make their own creative swag, it’s no surprise that the company was recently targeted in a cybercriminal ploy. According to Forbes, CafePress experienced a data breach back in February that exposed over 23 million records including unique email addresses, names, physical addresses, phone numbers, and passwords.

How exactly did this breach occur? While this information is still a bit unclear, security researcher Jim Scott stated that approximately half of the breached passwords had been exposed through gaps in an encryption method called base64 SHA1. As a result, the breach database service HaveIBeenPwned sent out an email notification to those affected letting them know that their information had been compromised. According to Engadget, about 77% of the email addresses in the breach have shown up in previous breach alerts on HaveIBeenPwned.

Scott stated that those who used CafePress through third-party applications like Facebook or Amazon did not have their passwords compromised. And even though third-party platform users are safe from this breach, this isn’t always the case. With data breaches becoming more common, it’s important for users to protect their information as best as they can. Check out the following tips to help users defend their data:

  • Check to see if you’ve been affected. If you know you’ve made purchases through CafePress recently, use this tool to check if you could have been potentially affected.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 23M CafePress Accounts Compromised: Here’s How You Can Stay Secure appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cafepress-breach/feed/ 0
Be Wary of WhatsApp Messages Offering 1000GB of Free Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-scam-messages/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-scam-messages/#respond Wed, 31 Jul 2019 17:08:46 +0000 https://securingtomorrow.mcafee.com/?p=96180

Global messaging giant WhatsApp turned 10 years old this year. It’s not unusual for companies to provide loyal customers or members with gifts to show their appreciation during these milestones. Unfortunately, cybercriminals are using this as a ploy to carry out their malicious schemes. According to Forbes, security researchers have discovered a fraudulent message promising […]

The post Be Wary of WhatsApp Messages Offering 1000GB of Free Data appeared first on McAfee Blogs.

]]>

Global messaging giant WhatsApp turned 10 years old this year. It’s not unusual for companies to provide loyal customers or members with gifts to show their appreciation during these milestones. Unfortunately, cybercriminals are using this as a ploy to carry out their malicious schemes. According to Forbes, security researchers have discovered a fraudulent message promising users 1000GB of free internet data, which is a scam bringing in ad click revenue for cybercriminals.

Let’s dive into the details of this suspicious message. The text reads “WhatsApp Offers 1000GB Free Internet!” and includes a link to click on for more details. However, the link provided doesn’t use an official WhatsApp domain. Many users might find this confusing since some businesses do run their promotions through third-party organizations. Forbes states that once a user clicks on the link, they are taken to a landing page that reads “We offer you 1000 GB free internet without Wi-Fi! On the occasion of our 10th anniversary of WhatsApp.” To make the user feel like they need to act fast, the landing page also displays a bright yellow countdown sticker warning that there are a limited number of awards left.

As of now, it doesn’t appear that the link spreads malware or scrapes users’ personal information. However, the scam could eventually evolve into a phishing tactic. Additionally, the more users click on the fraudulent link, the more the cybercriminals behind this scheme rack up bogus ad clicks. This ultimately brings in revenue for the cybercrooks, encouraging them to continue creating these types of scams. For example, the domain being used by the scammers behind the WhatsApp message also hosts other fake brand-led promotional offers for Adidas, Nestle, Rolex, and more.

So, what can users do to prevent falling for these phony ads? Check out the following tips to help you stay secure:

  • Avoid interacting with suspicious messages. Err on the side of caution and don’t respond to direct messages from a company that seems out of the ordinary. If you want to know if a company is participating in a promotional offer, it is best to go directly to their official site to get more information.
  • Be careful what you click on.If you receive a message in an unfamiliar language, one that contains typos, or one that makes claims that seem too good to be true, avoid clicking on any attached links.
  • Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help safeguard you from malware and warn you of phishing attempts so you can connect with confidence.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Be Wary of WhatsApp Messages Offering 1000GB of Free Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-scam-messages/feed/ 0
Capital One Data Breach: How Impacted Users Can Stay More Secure https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/capital-one-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/capital-one-breach/#respond Tue, 30 Jul 2019 22:19:56 +0000 https://securingtomorrow.mcafee.com/?p=96183

Capital One is one of the 10 largest banks based on U.S. deposits. As with many big-name brands, cybercriminals see these companies as an ideal target to carry out large-scale attacks, which has now become a reality for the financial organization. According to CNN, approximately 100 million Capital One users in the U.S. and 6 […]

The post Capital One Data Breach: How Impacted Users Can Stay More Secure appeared first on McAfee Blogs.

]]>

Capital One is one of the 10 largest banks based on U.S. deposits. As with many big-name brands, cybercriminals see these companies as an ideal target to carry out large-scale attacks, which has now become a reality for the financial organization. According to CNN, approximately 100 million Capital One users in the U.S. and 6 million in Canada have been affected by a data breach exposing about 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, and 80,000 bank account numbers, and more.

According to the New York Post, the alleged hacker claimed the data was obtained through a firewall misconfiguration. This misconfiguration allowed command execution with a server that granted access to data in Capital One’s storage space at Amazon. Luckily, Capital One stated that it “immediately fixed the configuration vulnerability.”

This breach serves as a reminder that users and companies alike should do everything in their power to keep personal information protected. If you think you might have been affected by this breach, follow these tips to help you stay secure:

  • Check to see if you’ve been notified by Capital One. The bank will notify everyone who was affected by the breach and offer them free credit monitoring and identity protection services. Be sure to take advantage of the services and check out the website Capital One set up for information on this breach.
  • Review your accounts. Be sure to look over your credit card and banking statements and report any suspicious activity as soon as possible. Capital One will allow you to freeze your card so purchases can no longer be made.
  • Change your credentials. Err on the side of caution and change your passwords for all of your accounts. Taking extra precautions can help you avoid future attacks.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Capital One Data Breach: How Impacted Users Can Stay More Secure appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/capital-one-breach/feed/ 0
4 Ways for Parents to Handle the Facebook Messenger Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-kids-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-kids-bug/#respond Thu, 25 Jul 2019 16:03:04 +0000 https://securingtomorrow.mcafee.com/?p=96041

9 out of 10 children in the U.S. between the ages of six and twelve have access to smart devices. And while parents know it’s important for their children to learn to use technology in today’s digital world, 75% want more visibility into their kids’ digital activities. This is precisely why Facebook designed Messenger Kids […]

The post 4 Ways for Parents to Handle the Facebook Messenger Bug appeared first on McAfee Blogs.

]]>

9 out of 10 children in the U.S. between the ages of six and twelve have access to smart devices. And while parents know it’s important for their children to learn to use technology in today’s digital world, 75% want more visibility into their kids’ digital activities. This is precisely why Facebook designed Messenger Kids to empower parents to monitor their children’s safety online. However, the popular social media platform had to recently warn users of a security issue within this app for kids.

The central benefit of Messenger Kids is that children can only chat with other users their parents approve of. Yet one design flaw within the group chat feature prevented Facebook from upholding this rule. Children who started a group chat could include any of their approved connections in the conversation, even if a user was not authorized to message the other kids in the chat. As a result, thousands of children were able to connect with users their parents weren’t aware of via this flaw.

Luckily, Facebook removed the unauthorized group chats and flagged the issue to all affected users, promising that that potentially unsafe chats won’t happen again. While Facebook has not yet made a formal public response, they confirmed the bug to The Verge:

“We recently notified some parents of Messenger Kids account users about a technical error that we detected affecting a small number of group chats. We turned off the affected chats and provided parents with additional resources on Messenger Kids and online safety.”

Now, Facebook is currently working on still resolving the bug itself. However, there are still many actions parents can take to ensure that their child is safe on Facebook Messenger, and social media apps in general. Start by following these four best practices to secure your kid’s online presence:

  • Turn on automatic app updates on your child’s device. Updates usually include new and improved app features that your child will be excited to try. But more importantly, they tend to account for security bugs. Delaying updates can leave apps vulnerable to cybercriminals and turning on automatic app updates ensures that you don’t have to worry about missing one.
  • Get educated. Some parents find it helpful to use the same apps as their child to better understand how it works and what safety threats might be relevant. Facebook also offers resources online that provide guidance for staying safe, such as how and when to block a user and what kind of content is or isn’t risky to share. Additionally, it’s always a best practice to read the terms and conditions of an app before downloading to make sure you’re aware of what your child is signing up for.
  • Keep an open dialogue about online safety. It’s important to discuss your child’s online activities with them and walk them through best internet practices, such as changing passwords every so often and not clicking on links from unknown sources. That way, they’ll be better prepared for potential cyberthreats. Making the internet a part of the conversion will also help your child feel comfortable coming to you about things they might be skeptical about online.
  • Consider leveraging a security solution with parental controls. Depending on your child’s age and how much of a window you want into their online behaviors, you can leverage a solution such as McAfee Safe Family that can be helpful for creating a safe online environment. You can block certain websites and create predefined rules, which will help prevent your child from sharing comprising information.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 4 Ways for Parents to Handle the Facebook Messenger Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-kids-bug/feed/ 0
Downloaded FaceApp? Here’s How Your Privacy Is Now Affected https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/faceapp/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/faceapp/#respond Thu, 18 Jul 2019 19:25:32 +0000 https://securingtomorrow.mcafee.com/?p=95977

If you’ve been on social media recently, you’ve probably seen some people in your feed posting images of themselves looking elderly. That’s because FaceApp, an AI face editor that went viral in 2017, is making a major comeback with the so-called FaceApp Challenge — where celebrities and others use the app’s old age filter to […]

The post Downloaded FaceApp? Here’s How Your Privacy Is Now Affected appeared first on McAfee Blogs.

]]>

If you’ve been on social media recently, you’ve probably seen some people in your feed posting images of themselves looking elderly. That’s because FaceApp, an AI face editor that went viral in 2017, is making a major comeback with the so-called FaceApp Challenge — where celebrities and others use the app’s old age filter to add decades onto their photos. While many folks have participated in the fun, there are some concerns about the way that the app operates when it comes to users’ personal privacy.

According to Forbes, over 100,000 million people have reportedly downloaded FaceApp from the Google Play Store and the app is the number one downloaded app on the Apple App Store in 121 different countries. But what many of these users are unaware of is that when they download the app, they are granting FaceApp full access to the photos they have uploaded. The company can then use these photos for their benefit, such as training their AI facial recognition algorithm. And while there is currently nothing to indicate that the app is taking photos for malicious intent, it is important for users to be aware that their personal photos may be used for other purposes beyond the original intent.

So, how can users enjoy the entertainment of apps like FaceApp without sacrificing their privacy? Follow these tips to help keep your personal information secure:

  • Think before you upload. It’s always best to err on the side of caution with any personal data and think carefully about what you are uploading or sharing. A good security practice is to only share personal data, including personal photos, when it’s truly necessary.
  • Update your settings. If you’re concerned about FaceApp having permission to access your photos, it’s time to assess the tools on your smartphone. Check which apps have access to information like your photos and location data. Change permissions by either deleting the app or changing your settings on your device.
  • Understand and read the terms. Consumers can protect their privacy by reading the Privacy Policy and terms of service and knowing who they are dealing with.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Downloaded FaceApp? Here’s How Your Privacy Is Now Affected appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/faceapp/feed/ 0
How to Spot Phishing Lures https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-phishing-lures/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-phishing-lures/#respond Thu, 18 Jul 2019 17:00:19 +0000 https://securingtomorrow.mcafee.com/?p=95966

Phishing attacks, in which scammers try to trick you out of your private information or money, are one of the most prevalent threats we see today. Part of the problem is that the cybercriminals have numerous ways in which to hook you, either online, over the phone, or even in person. In today’s busy world […]

The post How to Spot Phishing Lures appeared first on McAfee Blogs.

]]>

Phishing attacks, in which scammers try to trick you out of your private information or money, are one of the most prevalent threats we see today. Part of the problem is that the cybercriminals have numerous ways in which to hook you, either online, over the phone, or even in person.

In today’s busy world we are often bombarded with information and it can be hard to tell who to trust, and when to be wary. But given that new phishing web pages grew by 900,000 in the third-quarter of 2018 alone, costing consumers and businesses potentially billions of dollars, it’s worth learning more about common phishing lures and how to avoid them. After all, most malware is delivered by phishing attacks, and malware grew by a stunning 53% in the third quarter of last year.

The first thing you should know about phishing is that it almost always involves a form of “social engineering”, in which the scammer tries to manipulate you into trusting them for fraudulent purposes, often by pretending to be a legitimate person or business.

You can get a better idea of how this works by learning about some of the most popular threats circulating today, the first of which are a growing number of business-related scams:

  • The CEO/Executive Scam—This scam appears as an email from a leader in your organization, asking for highly sensitive information like company accounts, employee salaries and Social Security numbers, or even sensitive client information.The hackers “spoof”, or fake, the executive’s email address so it looks like a legitimate internal company email. That’s what makes this, and the other business scams, so convincing—the lure is that you want to do your job well and please your coworkers.
  • The Business Entity Scam—This one targets corporations with the clever trick of filing phony Statements of Information with the Secretary of State using the government’s website. The fraudsters then use these doctored statements to apply for hard money loans, using them to prove they have assets. This scam works because the states don’t double check corporate statements for accuracy.
  • File Sharing & DocuSign—Phony requests to access files in Dropbox accounts are on the rise, tricking workers into clicking on dangerous links that download malware. There has also been a rash of threats masquerading as requests to electronically sign documents, pretending to be legitimate services like DocuSign, which is often used for real estate and other important transactions.
  • The Urgent Email Attachment—Phishing emails that try to trick you into downloading a dangerous attachment that can potentially infect your computer and steal your private information have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want, and invoking a sense of urgency to get you to click.
  • The “Lucky” Phone Call—How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity information. The lure here is something free or exciting at what appears to be little or no cost to you.
  • The Romance Scam—This one can happen completely online, over the phone, or in person once contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online, or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The lure here is simple—love and acceptance.
  • The Mobile Phish—Our heavy use of mobile devices have given scammers yet another avenue of attack. They may distribute fake mobile apps that secretly gather your personal information in the background, or they could send phony text messages, inviting you to click on a dangerous link. Either way, you may be misled by a false sense of trust in who has access to your mobile device. In this case, you may be lured by the convenience of an app, or expediency of a message.

Here are some more smart ways not to get hooked:

  • Be wary of anyone who asks for more information than they need, even if you are talking to a company or bank you do business with.
  • When responding to a message, first check to see if you recognize the sender’s name and email address.
  • Before clicking on a link, hover over it to see if the URL address looks legitimate.
  • Before logging into an online account, make sure the web address is correct.
    Phishers often forge legitimate websites, like online storage accounts, hoping to trick you into entering your login details.
  • Avoid “free” offers, or deals that sound too good to be true. They probably are.
  • Review your bank statements and business filings on a regular basis to check for suspicious activities.
  • Always use comprehensive security software to protect your devices and information from malware and other threats that might result from a phishing scam.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

 

The post How to Spot Phishing Lures appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-phishing-lures/feed/ 0
Ready, Set, Shop: Enjoy Amazon Prime Day Without the Phishing Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/amazon-prime-day-phishing-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/amazon-prime-day-phishing-scams/#respond Mon, 15 Jul 2019 16:00:11 +0000 https://securingtomorrow.mcafee.com/?p=95930

Amazon Prime Day is becoming one of the hottest shopping periods for the summer. However, it is also becoming one of the hottest opportunities for cybercriminals, as hackers target shoppers in a number of ways during peak shopping moments to steal personal data or financial information. In fact, researchers at McAfee Labs have uncovered a phishing […]

The post Ready, Set, Shop: Enjoy Amazon Prime Day Without the Phishing Scams appeared first on McAfee Blogs.

]]>

Amazon Prime Day is becoming one of the hottest shopping periods for the summer. However, it is also becoming one of the hottest opportunities for cybercriminals, as hackers target shoppers in a number of ways during peak shopping moments to steal personal data or financial information. In fact, researchers at McAfee Labs have uncovered a phishing kit specifically created to steal personal information from Amazon customers in America and Japan.

How exactly does this phishing kit work? The kit allows hackers to create phishing emails that look like they have come from Amazon. The emails prompt users to share their login credentials on a malicious website. Once the victim hands over their login, the hackers can use the victim’s account to make fraudulent purchases and steal their credit card information saved in their Prime account.

According to McAfee Labs researchers, this phishing scam has already seen widespread use, with over 200 malicious URLs being used to prey on innocent online shoppers. Additionally, the phishing kit is being sold through an active Facebook group with over 300 members and 200 posts in recent weeks. McAfee has notified Facebook of the existence of this group. The social network has taken an active posture in recent months of taking down groups transacting in such malicious content.

So, what does this threat mean for Amazon users? If you’re planning on participating in Prime Day, follow these security steps to help you swerve malicious cyberattacks:

  • Beware of bogus deals. If you see an ad for Prime Day that looks too good to be true, chances are that the ad isn’t legitimate.
  • Think before you click. Be skeptical of ads shared on social media sites, emails, and messages sent to you through platforms like Facebook, Twitter, and WhatsApp. If you receive a suspicious message regarding Prime Day, it’s best to avoid interacting with the message.
  • Do your due diligence with discount codes. If a discount code lands in your inbox, you’re best off verifying it through Amazon.com directly rather than clicking on any links.

If you do suspect that your Amazon Prime account has been compromised due to a cyberthreat, take the following steps:

  • Change your password. Change the passwords to any accounts you suspect may have been impacted. Make sure they are strong and unique.
  • Keep an eye on your bank account. One of the simplest ways to determine whether someone is fraudulently using your credit card information is to monitor your bank statements. If you see any charges that you did not make, report it to the authorities immediately.
  • Consider using identity theft protection.A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Ready, Set, Shop: Enjoy Amazon Prime Day Without the Phishing Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/amazon-prime-day-phishing-scams/feed/ 0
Is Your WhatsApp Being Weird? You May Need to Check For Hidden Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-android-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-android-malware/#respond Fri, 12 Jul 2019 23:17:21 +0000 https://securingtomorrow.mcafee.com/?p=95927

With over 2.5 billion monthly active users that have accumulated since its fruition, Android has seen massive growth over the last 10 years. With so many users, it’s no wonder why cybercriminals continuously look to exploit Android devices. In fact, 25 million Android users have recently been hit with a new malware. Dubbed Agent Smith, […]

The post Is Your WhatsApp Being Weird? You May Need to Check For Hidden Malware appeared first on McAfee Blogs.

]]>

With over 2.5 billion monthly active users that have accumulated since its fruition, Android has seen massive growth over the last 10 years. With so many users, it’s no wonder why cybercriminals continuously look to exploit Android devices. In fact, 25 million Android users have recently been hit with a new malware.

Dubbed Agent Smith, this cyberthreat sneaks onto a user’s device when the user downloads a malicious app from the app store, like a photo utility or game app. The app then silently installs the malware disguised as a legitimate Google updating tool. However, no updating icon appears on the screen, making the user oblivious to their device being in danger. Once installed, the malware replaces legitimate apps on the user’s phone, such as WhatsApp, with an evil update that serves bad ads. According to security researchers, the ads themselves aren’t malicious. But if a victim accidentally clicks on the ad, the hackers can make money from these ad fraud schemes. What’s more, there’s potential that these bad ads aren’t limited to just WhatsApp and could be found on other platforms as well.

So, what can Android users do to prevent this malware from sneaking onto their device? Check out the following tips to help stay secure:

  • Be wary of WhatsApp ads. Android users should take action if they experience advertisements displayed at strange times, such as when they open WhatsApp. The legitimate WhatsApp does not serve ads, so if you experience ads on this platform your device might have been infected.
  • Look out for suspicious apps. Check the apps and notifications section of your Android settings. If you see suspicious apps with names such as Google Updater, Google Installer for U, Google Powers, and Google Installer, uninstall these apps right away.
  • Stay away from unofficial Android stores. Google has extra precautions designed to prevent malware from getting onto the official Android store website, so only downloading apps from there could help protect you.
  • Use a security solution. A solution like McAfee Mobile Security can help Android users stay protected from threats like mobile malware. It also provides a free antivirus cleaner and phone security app to protect your online privacy and enhance device performance.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Is Your WhatsApp Being Weird? You May Need to Check For Hidden Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-android-malware/feed/ 0
Watch Your Webcam: Tips to Protect Your Mac From Zoom Hackers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/zoom-webcam-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/zoom-webcam-vulnerability/#respond Wed, 10 Jul 2019 20:23:07 +0000 https://securingtomorrow.mcafee.com/?p=95821

You’ve probably heard of the popular video conferencing platform, Zoom. This platform enables its millions of users in various locations to virtually meet face to face. In an effort to enhance user experience and work around changes in Safari 12, Zoom installed a web server that allows users to enjoy one-click-to-join meetings. Unfortunately, a security […]

The post Watch Your Webcam: Tips to Protect Your Mac From Zoom Hackers appeared first on McAfee Blogs.

]]>

You’ve probably heard of the popular video conferencing platform, Zoom. This platform enables its millions of users in various locations to virtually meet face to face. In an effort to enhance user experience and work around changes in Safari 12, Zoom installed a web server that allows users to enjoy one-click-to-join meetings. Unfortunately, a security researcher recently disclosed that this product feature acts as a flaw that could allow cybercriminals to activate a Mac user’s webcam without their permission.

How exactly does this vulnerability work? Cybercriminals are able to exploit a feature that allows users to send a meeting link directly to a recipient. When the recipient clicks on the link, they are automatically launched into the video conferencing software. If the user has previously installed the Zoom app onto their Mac and hasn’t turned off their camera for meetings, Zoom will auto-join the user to a conference call with the camera on. With this flaw, an attacker can send a victim a meeting link via email message or web server, allowing them to look into a victim’s room, office, or wherever their camera is pointing. It’s important to note that even if a user has deleted the Zoom app from their device, the Zoom web server remains, making the device susceptible to this vulnerability.

While the thought of someone unknowingly accessing a user’s Mac camera is creepy, this vulnerability could also result in a Denial of Service (DoS) attack by overwhelming a user’s device with join requests. And even though this patch has been successfully patched by Zoom, it’s important for users to realize that this update is not enforced by the platform. So, how can Zoom users avoid getting sucked into a potentially malicious call? Check out these security tips to stay secure on conference calls:

  • Adjust your Zoom settings. Users can disable the setting that allows Zoom to turn your camera on when joining a meeting. This will prevent a hacker from accessing your camera if you are sent a suspicious meeting link.
  • Update, update, update. Be sure to manually install the latest Zoom update to prevent DoS or other potential attacks. Additionally, Zoom will introduce an update in July that allows users to apply video preferences from their first call to all future calls. This will ensure that if a user joins their first meeting without video, this setting will remain consistent for all other calls.

And, as usual, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Watch Your Webcam: Tips to Protect Your Mac From Zoom Hackers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/zoom-webcam-vulnerability/feed/ 0
Is Your Smart Home Secure? 5 Tips to Help You Connect Confidently https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/orvibo-smart-home-exposure/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/orvibo-smart-home-exposure/#respond Wed, 03 Jul 2019 16:46:12 +0000 https://securingtomorrow.mcafee.com/?p=95794

With so many smart home devices being used today, it’s no surprise that users would want a tool to help them manage this technology. That’s where Orvibo comes in. This smart home platform helps users manage their smart appliances such as security cameras, smart lightbulbs, thermostats, and more. Unfortunately, the company left an Elasticsearch server […]

The post Is Your Smart Home Secure? 5 Tips to Help You Connect Confidently appeared first on McAfee Blogs.

]]>

With so many smart home devices being used today, it’s no surprise that users would want a tool to help them manage this technology. That’s where Orvibo comes in. This smart home platform helps users manage their smart appliances such as security cameras, smart lightbulbs, thermostats, and more. Unfortunately, the company left an Elasticsearch server online without a password, exposing billions of user records.

The database was found in mid-June, meaning it’s been exposed to the internet for two weeks. The database appears to have cycled through at least two billion log entries, each containing data about Orvibo SmartMate customers. This data includes customer email addresses, the IP address of the smart home devices, Orvibo usernames, and hashed passwords.

 

More IoT devices are being created every day and we as users are eager to bring them into our homes. However, device manufacturers need to make sure that they are creating these devices with at least the basic amount of security protection so users can feel confident utilizing them. Likewise, it’s important for users to remember what risks are associated with these internet-connected devices if they don’t practice proper cybersecurity hygiene. Taking the time to properly secure your devices can mean the difference between a cybercriminal accessing your home network or not. Check out these tips to help you remain secure when using your IoT devices:

  • Research before you buy. Although you might be eager to get the latest device, some are made more secure than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks these features, consider upgrading.
  • Safeguard your devices. Before you connect a new IoT device to your network, be sure to change the default username and password to something strong and unique. Hackers often know the default settings of various IoT devices and share them online for others to expose. Turn off other manufacturer settings that don’t benefit you, like remote access, which could be used by cybercriminals to access your system.
  • Update, update, update. Make sure that your device software is always up-to-date. This will ensure that you’re protected from any known vulnerabilities. For some devices, you can even turn on automatic updates to ensure that you always have the latest software patches installed.
  • Secure your network. Just as it’s important to secure your actual device, it’s also important to secure the network it’s connected to. Help secure your router by changing its default name and password and checking that it’s using an encryption method to keep communications secure. You can also look for home network routers or gateways that come embedded with security software like McAfee Secure Home Platform.
  • Use a comprehensive security solution. Use a solution like McAfee Total Protection to help safeguard your devices and data from known vulnerabilities and emerging threats.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Is Your Smart Home Secure? 5 Tips to Help You Connect Confidently appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/orvibo-smart-home-exposure/feed/ 0
#Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-verified-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-verified-phishing-scam/#respond Sat, 29 Jun 2019 00:12:35 +0000 https://securingtomorrow.mcafee.com/?p=95767

If you’re an avid Instagram user, chances are you’ve come across some accounts with a little blue checkmark next to the username. This little blue tick is Instagram’s indication that the account is verified. While it may seem insignificant at first glance, this badge actually means that Instagram has confirmed that the account is an […]

The post #Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account appeared first on McAfee Blogs.

]]>

If you’re an avid Instagram user, chances are you’ve come across some accounts with a little blue checkmark next to the username. This little blue tick is Instagram’s indication that the account is verified. While it may seem insignificant at first glance, this badge actually means that Instagram has confirmed that the account is an authentic page of a public figure, celebrity, or global brand. In today’s world of social media influencers, receiving a verified badge is desirable so other users know you’re a significant figure on the platform. However, cybercriminals are taking advantage of the appeal of being Instagram verified as a way to convince users to hand over their credentials.

So, how do cybercriminals carry out this scheme? According to security researcher Luke Leal, this scam was distributed as a phishing page through Instagram. The page resembled a legitimate Instagram submission page, prompting victims to apply for verification. After clicking on the “Apply Now” button, victims were taken to a series of phishing forms with the domain “Instagramforbusiness[.]info.” These forms asked users for their Instagram logins as well as confirmation of their email and password credentials. However, if the victim submitted the form, their Instagram credentials would make their way into the cybercriminal’s email inbox. With this information, the cybercrooks would have unauthorized access to the victim’s social media page. What’s more, since this particular phishing scam targets a user’s associated email login, hackers would have the capability of resetting and verifying ownership of the victim’s account.

Whether you’re in search of an Instagram verification badge or not, it’s important to be mindful of your cybersecurity. And with Social Media Day right around the corner, check out these tips to keep your online profiles protected from phishing and other cyberattacks:

  • Exercise caution when inspecting links. If you examine the link used for this scam (Instagramforbusiness[.]info), you can see that it is not actually affiliated with Instagram.com. Additionally, it doesn’t use the secure HTTPS protocol, indicating that it is a risky link. Always inspect a URL before you click on it. And if you can’t tell whether a link is malicious or not, it’s best to avoid interacting with it altogether.
  • Don’t fall for phony pages. If you or a family member is in search of a verified badge for their Instagram profile, make sure they are familiar with the process. Instagram users should go into their own account settings and click on “Request on verification” if they are looking to become verified. Note that Instagram will not ask for your email or password during this process, but will send you a verification link via email instead.
  • Reset your password. If you suspect that a hacker is attempting to gain control of your account, play it safe by resetting your password.

And, as usual, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post #Verified or Phishing Victim? 3 Tips to Protect Your Instagram Account appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-verified-phishing-scam/feed/ 0
Process Reimaging: A Cybercrook’s New Disguise for Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/process-reimaging/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/process-reimaging/#respond Thu, 20 Jun 2019 17:02:08 +0000 https://securingtomorrow.mcafee.com/?p=95672

As of early 2019, Windows 10 is running on more than 700 million devices, including PCs, tablets, phones, and even some gaming consoles. However, it turns out the widespread Windows operating system has some inconsistencies as to how it specifically determines process image file locations on disk. Our McAfee Advanced Threat Research team decided to […]

The post Process Reimaging: A Cybercrook’s New Disguise for Malware appeared first on McAfee Blogs.

]]>

As of early 2019, Windows 10 is running on more than 700 million devices, including PCs, tablets, phones, and even some gaming consoles. However, it turns out the widespread Windows operating system has some inconsistencies as to how it specifically determines process image file locations on disk. Our McAfee Advanced Threat Research team decided to analyze these inconsistencies and as a result uncovered a new cyberthreat called process reimaging. Similar to process doppelganging and process hollowing, this technique evades security measures, but with greater ease since it doesn’t require code injection. Specifically, this technique affects the ability for a Windows endpoint security solution to detect whether a process executing on the system is malicious or benign, allowing a cybercrook to go about their business on the device undetected.

Let’s dive into the details of this threat. Process reimaging leverages built-in Windows APIs, or application programming interfaces, which allow applications and the operating system to communicate with one another. One API dubbed K32GetProcessImageFileName allows endpoint security solutions, like Windows Defender, to verify whether an EXE file associated with a process contains malicious code. However, with process reimaging, a cybercriminal could subvert the security solution’s trust in the windows operating system APIs to display inconsistent FILE_OBJECT names and paths. Consequently, Windows Defender misunderstands which file name or path it is looking at and can no longer tell if a process is trustworthy or not. By using this technique, cybercriminals can persist malicious processes executing on a user’s device without them even knowing it.

So, the next question is — what can Windows users do to protect themselves from this potential threat? Check out these insights to help keep your device secure:

  • Update your software. Microsoft has issued a partial fix that stops cybercriminals from exploiting file names to disguise malicious code, which helps address at least part of the issue for Windows Defender only. And while file paths are still viable for exploitation, it’s worth updating your software regularly to ensure you always have the latest security patches, as this is a solid practice to work into your cybersecurity routine.
  • Work with your endpoint security vendor. To help ensure you’re protected from this threat, contact your endpoint security provider to see if they protect against process reimaging.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Process Reimaging: A Cybercrook’s New Disguise for Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/process-reimaging/feed/ 0
3 Tips Venmo Users Should Follow to Keep Their Transactions Secure https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/venmo-security/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/venmo-security/#respond Thu, 20 Jun 2019 16:05:45 +0000 https://securingtomorrow.mcafee.com/?p=95665

You’ve probably heard of Venmo, the quick and convenient peer-to-peer mobile payments app. From splitting the check when eating out with friends to dividing the cost of bills, Venmo is an incredibly easy way to share money. However, users’ comfort with the app can sometimes result in a few negligent security practices. In fact, computer […]

The post 3 Tips Venmo Users Should Follow to Keep Their Transactions Secure appeared first on McAfee Blogs.

]]>

You’ve probably heard of Venmo, the quick and convenient peer-to-peer mobile payments app. From splitting the check when eating out with friends to dividing the cost of bills, Venmo is an incredibly easy way to share money. However, users’ comfort with the app can sometimes result in a few negligent security practices. In fact, computer science student Dan Salmon recently scraped seven million Venmo transactions to prove that users’ public activity can be easily obtained if they don’t have the right security settings flipped on. Let’s explore his findings.

By scraping the company’s developer API, Salmon was able to download millions of transactions across a six-month span. That means he was able to see who sent money to who, when they sent it, and why – just as long as the transaction was set to “public.” Mind you, Salmon’s download comes just a year after that of a German researcher, who downloaded over 200 million transactions from the public-by-default app last year.

These data scrapes, if anything, act as a demonstration. They prove to users just how crucial it is to set up online mobile payment apps with caution and care. Therefore, if you’re a Venmo or other mobile payment app user, make sure to follow these tips in order to keep your information secure:

  • Set your settings to “private” immediately. Only the sender and receiver should know about a monetary transaction in the works. So, whenever you go to send money on Venmo or any other mobile payment app, make sure the transaction is set to “private.” For Venmo users specifically, you can flip from “public” to “private” by just toggling the setting at the bottom right corner of main “Pay or Request” page.
  • Limit the amount of data you share. Just because something is designed to be social doesn’t mean it should become a treasure trove of personal data. No matter the type of transaction you’re making, always try to limit the amount of personal information you include in the corresponding message. That way, any potential cybercriminals out there won’t be able to learn about your spending habits.
  • Add on extra layers of security. Beyond flipping on the right in-app security settings, it’s important to take any extra precautions you can when it comes to protecting your financial data. Create complex logins to your mobile payment apps, participate in biometric options if available, and ensure your mobile device itself has a passcode as well. This will all help ensure no one has access to your money but you.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 3 Tips Venmo Users Should Follow to Keep Their Transactions Secure appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/venmo-security/feed/ 0
Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safe-summer-travels/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safe-summer-travels/#respond Wed, 12 Jun 2019 13:00:52 +0000 https://securingtomorrow.mcafee.com/?p=95406

With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these “can’t-miss deals,” how do you […]

The post Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel appeared first on McAfee Blogs.

]]>

With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these “can’t-miss deals,” how do you know who to trust?

It turns out that this is a common concern among folks looking for a little summer getaway. According to our recent survey of 8,000 people across the UK, US, Canada, Australia, France, Germany, Spain, and Singapore, 54% of respondents worry about their identity being stolen while booking and purchasing travel and accommodation online. However, 27% don’t check the authenticity of a website before booking their vacation online. Over half of these respondents say that it doesn’t cross their minds to do so.

These so-called “great deals” can be difficult to pass up. Unfortunately, 30% of respondents have been defrauded thanks to holiday travel deals that were just too good to be true. What’s more, 46.3% of these victims didn’t realize they had been ripped off until they arrived at their holiday rental to find that the booking wasn’t actually valid.

In addition to avoiding bogus bookings, users should also refrain from risky online behavior while enjoying their summer holidays. According to our survey, 44.5% of respondents are putting themselves at risk while traveling by not checking the security of their internet connection or willingly connecting to an unsecured network. 61% also stated that they never use a VPN, while 22% don’t know what a VPN is.

Unfortunately, travel-related attacks aren’t limited to just travelers either; hotels are popular targets for cybercriminals. According to analysis conducted by the McAfee Advanced Threat Research team, the most popular attack vectors are POS malware and account hijacking. Due to these attacks, eager vacationers have had their customer payment, credit card data, and personally identifiable information stolen. In order for users to enjoy a worry-free vacation this summer, it’s important that they are aware of the potential cyberthreats involved when booking their trips online and what they can do to prevent them.

We here at McAfee are working to help inform users of the risks they face when booking through unsecured or unreliable websites as well as when they’re enjoying some summertime R&R. Check out the following tips so you can enjoy your vacation without questioning the status of your cybersecurity:

  • Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to help keep your connection secure.
  • Think before you click. Often times, cybercriminals use phishing emails or fake sites to lure consumers into clicking links for products or services that could lead to malware. If you receive an email asking you to click on a link with a suspicious URL, it’s best to avoid interacting with the message altogether.
  • Browse with security protection. Use a comprehensive security solution, like McAfee Total Protection, which includes McAfee WebAdvisor that can help identify malicious websites.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help protect personally identifiable information from identity theft and fraud.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safe-summer-travels/feed/ 0
1.1M Emuparadise Accounts Exposed in Data Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/emuparadise-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/emuparadise-data-breach/#respond Wed, 12 Jun 2019 03:22:02 +0000 https://securingtomorrow.mcafee.com/?p=95570

If you’re an avid gamer or know someone who is, you might be familiar with the retro gaming site Emuparadise. This website boasts a large community, a vast collection of gaming music, game-related videos, game guides, magazines, comics, video game translations, and more. Unfortunately, news just broke that Emuparadise recently suffered a data breach in […]

The post 1.1M Emuparadise Accounts Exposed in Data Breach appeared first on McAfee Blogs.

]]>

If you’re an avid gamer or know someone who is, you might be familiar with the retro gaming site Emuparadise. This website boasts a large community, a vast collection of gaming music, game-related videos, game guides, magazines, comics, video game translations, and more. Unfortunately, news just broke that Emuparadise recently suffered a data breach in April 2018, exposing the data of about 1.1 million of their forum members.

The operators of the hacked-database search engine, DeHashed, shared this compromised data with the data breach reference site Have I Been Pwned. According to the site’s owner Troy Hunt, the breach impacted 1,131,229 accounts and involved stolen email addresses, IP addresses, usernames, and passwords stored as salted MD5 hashes. Password salting is a process of securing passwords by inputting unique, random data to users’ passwords. However, the MD5 algorithm is no longer considered sufficient for protecting passwords, creating cause for cybersecurity concern.

Emuparadise forced a credential reset after the breach occurred in April 2018. It’s important that users of Emuparadise games take steps to help protect their private information. If you know someone who’s an avid gamer, pass along the following tips to help safeguard their security:

  • Change up your password. If you have an Emuparadise account, you should change up your account password and email password immediately. Make sure the next one you create is strong and unique so it’s more difficult for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the better!
  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage stolen information for phishing emails and social engineering scams. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided.
  • Check to see if you’ve been affected. If you or someone you know has made an Emuparadise account, use this tool to check if you could have been potentially affected.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 1.1M Emuparadise Accounts Exposed in Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/emuparadise-data-breach/feed/ 0
4 Tips to Protect Your Information During Medical Data Breaches https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/medical-data-breaches/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/medical-data-breaches/#respond Wed, 05 Jun 2019 21:13:05 +0000 https://securingtomorrow.mcafee.com/?p=95504

As the companies we trust with our data become more digital, it’s important for users to realize how this affects their own cybersecurity. Take your medical care provider, for instance. You walk into a doctor’s office and fill out a form on a clipboard. This information is then transferred to a computer where a patient […]

The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blogs.

]]>

As the companies we trust with our data become more digital, it’s important for users to realize how this affects their own cybersecurity. Take your medical care provider, for instance. You walk into a doctor’s office and fill out a form on a clipboard. This information is then transferred to a computer where a patient Electronic Health Record is created or added to. We trust that our healthcare provider has taken the proper precautions to safely store this data. Unfortunately, medical data breaches are on the rise with a 70% increase over the past seven years. In fact, medical testing company LabCorp just announced that it experienced a breach affecting approximately 7.7 million customers.

How exactly did this breach occur? The information was exposed as a result of an issue with a third-party billing collections vendor, American Medical Collection Agency (AMCA). The information exposed includes names, addresses, birth dates, balance information, and credit card or bank account information provided by customers to AMCA. This breach comes just a few days after Quest Diagnostics, another company who worked with AMCA, announced that they too experienced a breach affecting 11.9 million users.

Luckily, LabCorp stated that they do not store or maintain Social Security numbers and insurance information for their customers. Additionally, the company provided no ordered test, lab results, or diagnostic information to AMCA. LabCorp stated that they intend to provide 200,000 affected users with more specific information regarding the breach and offer them with identity protection and credit monitoring services for two years. And after receiving information on the possible security compromise, AMCA took down its web payments page and hired an external forensics firm to investigate the situation.

Medical data is essentially nonperishable in nature, making it extremely valuable to cybercrooks. It turns out that quite a few security vulnerabilities exist in the healthcare industry, such as unencrypted traffic between servers, the ability to create admin accounts remotely, and disclosure of private information. These types of vulnerabilities could allow cybercriminals to access healthcare systems, as our McAfee Labs researchers discovered. If someone with malicious intent did access the system, they would have the ability to permanently alter medical images, use medical research data for extortion, and more.

Cybercriminals are constantly pivoting their tactics and changing their targets in order to best complete their schemes. As it turns out, medical data has become a hot commodity for cybercrooks. According to the McAfee Labs Threats Report from March 2018, the healthcare sector has experienced a 210% increase in publicly disclosed security incidents from 2016 to 2017. The McAfee Advanced Threat Research Team concluded that many of the incidents were caused by failures to comply with security best practices or to address vulnerabilities in medical software.

While medical care providers should do all that they can to ensure the security of their patients, there are steps users can take to help maintain their privacy. If you think your personal or financial information might be affected by the recent breaches, check out the following tips to help keep your personal data secure:

  • Place a fraud alert.If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit.Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection.A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.
  • Be vigilant about checking your accounts.If you suspect that your personal data has been compromised, frequently check your bank account and credit activity. Many banks and credit card companies offer free alerts that notify you via email or text messages when new purchases are made, if there’s an unusual charge, or when your account balance drops to a certain level. This will help you stop fraudulent activity in its tracks.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/medical-data-breaches/feed/ 0
Attention Graphic Designers: It’s Time to Secure Your Canva Credentials https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/canva-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/canva-data-breach/#respond Wed, 29 May 2019 22:51:36 +0000 https://securingtomorrow.mcafee.com/?p=95419

Online graphic design tools are extremely useful when it comes to creating resumes, social media graphics, invitations, and other designs and documents. Unfortunately, these platforms aren’t immune to malicious online activity. Canva, a popular Australian web design service, was recently breached by a malicious hacker, resulting in 139 million user records compromised. So, how was […]

The post Attention Graphic Designers: It’s Time to Secure Your Canva Credentials appeared first on McAfee Blogs.

]]>

Online graphic design tools are extremely useful when it comes to creating resumes, social media graphics, invitations, and other designs and documents. Unfortunately, these platforms aren’t immune to malicious online activity. Canva, a popular Australian web design service, was recently breached by a malicious hacker, resulting in 139 million user records compromised.

So, how was this breach discovered? The hacker, who goes by the name GnosticPlayers, contacted a security reporter from ZDNet on May 24th and made him aware of the situation. The hacker claims to have stolen data pertaining to 1 billion users from multiple websites. The compromised data from Canva includes names, usernames, email addresses, city, and country information.

Canva claims to securely store all user passwords using the highest standards via a Bcrypt algorithm. Bcrypt is a strong, slow password-hashing algorithm designed to be difficult and time-consuming for hackers to crack since hashing causes one-way encryption. Additionally, each Canva password was salted, meaning that random data was added to passwords to prevent revealing identical passwords used across the platform. According to ZDNet, 61 million users had their passwords encrypted with the Bcrypt algorithm, resulting in 78 million users having their Gmail addresses exposed in the breach.

Canva has notified users of the breach through email and ensured that their payment card and other financial data is safe. However, even if you aren’t a Canva user, it’s important to be aware of what cybersecurity precautions you should take in the event of a data breach. Check out the following tips:

  • Change your passwords. As an added precaution, Canva is encouraging their community of users to change their email and Canva account passwords. If a cybercriminal got a hold of the exposed data, they could gain access to your other accounts if your login credentials were the same across different platforms.
  • Check to see if you’ve been affected. If you’ve used Canva and believe your data might have been exposed, use this tool to check or set an alert to be notified of other potential data breaches.
  • Secure your personal data. Use a security solution like McAfee Identity Theft Protection. If your information is compromised during a breach, Identity Theft Protection helps monitor and keep tabs on your data in case a cybercriminal attempts to use it.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Attention Graphic Designers: It’s Time to Secure Your Canva Credentials appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/canva-data-breach/feed/ 0
Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/game-golf-app-exposure/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/game-golf-app-exposure/#respond Fri, 24 May 2019 00:25:29 +0000 https://securingtomorrow.mcafee.com/?p=95371

Apps not only provide users with a form of entertainment, but they also help us become more efficient or learn new things. One such app is Game Golf, which comes as a free app, a paid pro version with coaching tools, or with a wearable analyzer. With over 50,000 downloads on Google Play, the app […]

The post Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns appeared first on McAfee Blogs.

]]>

Apps not only provide users with a form of entertainment, but they also help us become more efficient or learn new things. One such app is Game Golf, which comes as a free app, a paid pro version with coaching tools, or with a wearable analyzer. With over 50,000 downloads on Google Play, the app helps golfers track their on-course performance and use the data to help improve their game. Unfortunately, millions of golfer records from the Game Golf app were recently exposed to anyone with an internet connection, thanks to a cloud database lacking password protection.

According to researchers, this exposure consisted of millions of records, including details on 134 million rounds of golf, 4.9 million user notifications, and 19.2 million records in an activity feed folder. Additionally, the database contained profile data like usernames, hashed passwords, emails, gender, Facebook IDs, and authorization tokens. The database also contained network information for the company behind the Game Golf app, Game Your Game Inc., including IP addresses, ports, pathways, and storage information that cybercrooks could potentially exploit to further access the network. A combination of all of this data could theoretically provide cybercriminals with more information on the user, creating greater privacy concerns. Thankfully, the database was secured about two weeks after the company was initially notified of the exposure.

Although it is still unclear as to whether cybercriminals took a swing at this data, the magnitude of the information exposed by the app is cause for concern. Luckily, users can follow these tips to help safeguard their data:

  • Change your passwords. If a cybercriminal got a hold of the exposed data, they could easily gain access into other online accounts if your login credentials were the same across different platforms. Err on the side of caution and change your passwords to something strong and unique for each account.
  • Check to see if you’ve been affected. If you’ve used the Game Golf app and believe your data might have been exposed, use this tool to check or set an alert to be notified of other potential exposures.
  • Secure your online profiles. Use a security solution like McAfee Safe Connect to encrypt your online activity, help protect your privacy by hiding your IP address, and better defend against cybercriminals.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/game-golf-app-exposure/feed/ 0
Don’t Let Airbnb Scams Stop Your Summer Travel Plans https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airbnb-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airbnb-scams/#respond Wed, 22 May 2019 16:01:33 +0000 https://securingtomorrow.mcafee.com/?p=95335

With summertime just around the corner, many people are planning vacations to enjoy some much-needed R&R or quality time with family and friends. Airbnb offers users a great alternative to a traditional hotel experience when they are looking to book their summer getaways. However, it appears that cybercriminals have used the popularity of the platform […]

The post Don’t Let Airbnb Scams Stop Your Summer Travel Plans appeared first on McAfee Blogs.

]]>

With summertime just around the corner, many people are planning vacations to enjoy some much-needed R&R or quality time with family and friends. Airbnb offers users a great alternative to a traditional hotel experience when they are looking to book their summer getaways. However, it appears that cybercriminals have used the popularity of the platform as a means to carry out their malicious schemes. Unfortunately, some Airbnb users are being scammed with fake rentals and account closures, whether they’re planning a trip or not.

While Airbnb stated that its platform was at no point compromised, a number of users have been charged for non-refundable reservations at fake destination homes and have had money taken out of their bank and PayPal accounts. Additionally, some users have had their account credentials changed without their permission, making it difficult to contact customer support about the fraudulent charges. For example, one user had three non-refundable reservations made in Ukraine on her account. Then, the reservations were canceled and her account was deleted all within a few minutes, making it impossible to reach Airbnb’s customer support. Luckily, the user was able to contact the vacation rental platform through the company’s Twitter account and receive a refund for the fraudulent charges.

Airbnb claimed that users’ accounts were accessed with correct login credentials that must have been “compromised elsewhere.” Regardless of how this scam originated, it’s important to take precautions when it comes to your online safety, so you can continue to use platforms like Airbnb to plan fun family vacations without any worries. Use these tips to help you stay secure:

  • Avoid unauthorized sites. Cybercriminals often use fake websites to trick users into giving up their login credentials or financial information. Make sure that the web address doesn’t contain any odd-looking characters or words. For example, “Airbnb-bookings.com” is an invalid web address.
  • Be wary of suspicious emails. If you receive an email asking you to click a link and enter personal data or one that contains a message that has a sense of urgency, proceed with caution. If the email isn’t from a legitimate, recognized Airbnb email address, it’s best to avoid interacting with the message altogether.
  • Be careful where you click. When proceeding with an Airbnb transaction, make sure that you stay on their secure platform throughout the entire process, including the payment. Know that the company will never ask you to wire money or pay a host directly.
  • Report issues. If you experience any suspicious listings, emails, or websites while trying to complete a booking, report this by emailing Airbnb at phishing@airbnb.com.
  • Use a security solution to surf the web safely. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links and will warn you in the event that you do accidentally click on something malicious.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Don’t Let Airbnb Scams Stop Your Summer Travel Plans appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airbnb-scams/feed/ 0
3 Tips for Protecting Against the New WhatsApp Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-spyware-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-spyware-bug/#respond Thu, 16 May 2019 01:02:18 +0000 https://securingtomorrow.mcafee.com/?p=95272

Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security […]

The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.

]]>

Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security vulnerability that exposes both iOS and Android devices to malicious spyware.

So, how does this cyberthreat work, exactly? Leveraging the new WhatsApp bug, hackers first begin the scheme by calling an innocent user via the app. Regardless of whether the user picks up or not, the attacker can use that phone call to infect the device with malicious spyware. From there, crooks can potentially snoop around the user’s device, likely without the victim’s knowledge.

Fortunately, WhatsApp has already issued a patch that solves for the problem – which means users will fix the bug if they update their app immediately. But that doesn’t mean users shouldn’t still keep security top of mind now and in the future when it comes to messaging apps and the crucial data they contain. With that said, here are a few security steps to follow:

  • Flip on automatic updates. No matter the type of application or platform, it’s always crucial to keep your software up-to-date, as fixes for vulnerabilities are usually included in each new version. Turning on automatic updates will ensure that you are always equipped with the latest security patches.
  • Be selective about what information you share. When chatting with fellow users on WhatsApp and other messaging platforms, it’s important you’re always careful of sharing personal data. Never exchange financial information or crucial personal details over the app, as they can possibly be stolen in the chance your device does become compromised with spyware or other malware.
  • Protect your mobile phones from spyware. To help prevent your device from becoming compromised by malicious software, such as this WhatsApp spyware, be sure to add an extra layer of security to it by leveraging a mobile security solution. With McAfee Mobile Security being available for both iOS and Android, devices of all types will remain protected from cyberthreats.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whatsapp-spyware-bug/feed/ 0
The iOS Twitter Bug: 3 Tips to Protect Your Location Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/twitter-location-sharing-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/twitter-location-sharing-bug/#respond Tue, 14 May 2019 23:36:56 +0000 https://securingtomorrow.mcafee.com/?p=95260

Many of us use social media to keep our family and friends up-to-date on our everyday lives. We don’t typically expect social media companies to keep their partners updated on our every move as well. But for some Twitter users, this is exactly the situation they’ve found themselves in. On Monday afternoon, the social media […]

The post The iOS Twitter Bug: 3 Tips to Protect Your Location Data appeared first on McAfee Blogs.

]]>

Many of us use social media to keep our family and friends up-to-date on our everyday lives. We don’t typically expect social media companies to keep their partners updated on our every move as well. But for some Twitter users, this is exactly the situation they’ve found themselves in. On Monday afternoon, the social media company disclosed a bug that resulted in some Twitter users’ locations being shared with an unnamed Twitter partner.

So, how exactly did this bug disclose the locations of certain Twitter users? The social network accidentally sent advertising partners location data for a process called real-time bidding. This process lets advertisers pay for space based on certain users’ locations. Twitter intended to remove the location data from what it sent to its partners but failed to do so. Affected users include those who had more than one Twitter account on an iOS device. If the user chose to share their precise location on one account, Twitter says it may have collected and shared data for the other account on the same mobile device even if that account had opted out of location sharing. Although the location data was “fuzzed” to only show a ZIP code or city, it is still unclear as to how long this location sharing took place.

According to Twitter, the location data was not retained by the partner and they have fixed the problem to ensure that it doesn’t happen again. And while affected users have already been notified by the social network, there are some steps users can take to help protect their data:

  • Turn off location services. While social media is meant for sharing, there is some information, like your location, that ought to be kept private. If a cybercriminal knows where you are at a specific point in time, they could potentially use that information to your disadvantage. Consider your overall privacy and opt out of sharing your location data with social media platforms.
  • Update, update, update. No matter what type of bug might be affecting a certain platform, it’s always crucial to keep your software up-to-date. Turning on automatic updates will ensure that you are always equipped with the latest patches and security fixes.
  • Use a comprehensive security solution. Using a solution like McAfee Total Protection helps to add an extra layer of security in case a bug does expose your device or data.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The iOS Twitter Bug: 3 Tips to Protect Your Location Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/twitter-location-sharing-bug/feed/ 0
Avoid a Security Endgame: Learn About the Latest “Avengers” Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/avengers-endgame-streaming-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/avengers-endgame-streaming-scam/#respond Wed, 08 May 2019 21:16:50 +0000 https://securingtomorrow.mcafee.com/?p=95225

Marvel Studio’s $2.2 billion box-office hit “Avengers: Endgame” has quickly risen to the second-highest grossing film of all time in its first two weekends. Not surprisingly, cybercriminals have wasted no time in capitalizing on the movie’s success by luring victims with free digital downloads of the film. How? By tempting users with security shortcuts so […]

The post Avoid a Security Endgame: Learn About the Latest “Avengers” Scam appeared first on McAfee Blogs.

]]>

Marvel Studio’s $2.2 billion box-office hit “Avengers: Endgame” has quickly risen to the second-highest grossing film of all time in its first two weekends. Not surprisingly, cybercriminals have wasted no time in capitalizing on the movie’s success by luring victims with free digital downloads of the film. How? By tempting users with security shortcuts so they can watch the film without worrying about spoilers or sold-out movie tickets.

When a victim goes to download the movie from one of the many scam sites popping up around the web, the streaming appears to begin automatically. What the user doesn’t know is that the footage being streamed is just from the movie’s trailer. Soon after, a message pops up stating that the user needs to create an account to continue with the download. The “free” account prompts the user to create a username and password in advance, which could potentially be useful for cybercriminals due to the common practice of password reuse. Once a victim creates an account, they are asked for billing information and credit card details in order to “verify location” and make sure the service is “licensed to distribute” the movie in the victim’s region. These crooks are then able to scrape the victim’s personal and financial data, potentially leading to online account hacks, stolen funds, identity theft, and more.

Luckily, Marvel fans can protect their online data to avoid a cybersecurity endgame by using the following tips:

  • Look out for potential scam activity. If it seems too good to be true, then it probably is. Be wary of websites promising free movie downloads, especially for movies that are still in theaters.
  • Shield your financial data. Be suspicious of “free downloads” that still require you to fill out billing information. If an unknown website asks for your credit card information or your bank account data, it’s best to avoid the site altogether.
  • Make sure your credentials are unique. With this scam, threat actors could use the login credentials provided by the victim to access their other accounts if they didn’t have a unique login. Avoiding username and password reuse makes it a lot harder for cybercriminals to hack into your other online accounts if they gain access to one.
  • Assemble a team of comprehensive security tools. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links and will warn you in the event that you do accidentally click on something malicious.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Avoid a Security Endgame: Learn About the Latest “Avengers” Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/avengers-endgame-streaming-scam/feed/ 0
What is Phishing? Find Out with Gary Davis on the Latest Episode of Tech Nation https://securingtomorrow.mcafee.com/consumer/what-is-phishing-find-out-with-gary-davis-on-the-latest-episode-of-tech-nation/ https://securingtomorrow.mcafee.com/consumer/what-is-phishing-find-out-with-gary-davis-on-the-latest-episode-of-tech-nation/#respond Fri, 03 May 2019 16:21:50 +0000 https://securingtomorrow.mcafee.com/?p=95168

Gary Davis is now a regular contributor on the Tech Nation podcast!  In this episode, Gary Davis educates that phishing is more than just an innocent-looking email in your inbox and shares tips to avoid getting hooked. Moira Gunn:   00:00   I’m Moira Gunn, you’re listening to Tech Nation. Moira Gunn:   00:06   I was surprised to […]

The post What is Phishing? Find Out with Gary Davis on the Latest Episode of Tech Nation appeared first on McAfee Blogs.

]]>

Gary Davis is now a regular contributor on the Tech Nation podcast!  In this episode, Gary Davis educates that phishing is more than just an innocent-looking email in your inbox and shares tips to avoid getting hooked.

Moira Gunn:   00:00   I’m Moira Gunn, you’re listening to Tech Nation.

Moira Gunn:   00:06   I was surprised to learn that on the internet nearly three quarters of all cyber attacks start with what’s calling a phishing email, or should we say, a fishy email. I was able to speak with regular Tech Nation contributor Gary Davis, the Chief Consumer Security Evangelist at McAfee.

Moira Gunn:   00:26   Now we always hear about phishing.

Gary Davis:     00:27   Yeah.

Moira Gunn:   00:28   It’s P-H-I-S-H-I-N-G.

Gary Davis:     00:31   Yes.

Moira Gunn:   00:32   Phishing.

Gary Davis:     00:33   Phishing with a “p”

Moira Gunn:   00:34   Not like “gone fishing”.

Gary Davis:     00:35   It’s not like gone fishing, but it’s very similar. If you think about how we fish, we put the … The concept is, let’s put a lot of lines in the water and see if we can snag a fish, right?

Moira Gunn:   00:45   Yeah.

Gary Davis:     00:45   So, it’s conceptually fishing, but it’s a different type of fishing.

Moira Gunn:   00:49   It’s phishing for you.

Gary Davis:     00:50   Yes. It’s phishing for the bad guys.

Moira Gunn:   00:52   71% of all cyber attacks start with a phishing email?

Gary Davis:     00:56   Yeah. Yeah. You know, phishing preys on, uh, our nature to, to act on email, right? We get an email, um, and, and quite honestly for, for your listeners, the, where phishing is usually most effective, targeting organizations in particular, is sending something to HR. HR is expecting to get resumes for candidates who are applying for jobs, right? More often than not, those include some sorta malicious payload which will allow them to get behind your firewall, then do something malicious in your company.

Gary Davis:     01:32   So, that’s one of the more popular techniques for, for accessing and trying to get inside a company, but yeah it just, phishing, 71% because, they know what works. They know that, that, that if they write it well enough and it looks like it’s from somebody you know and trust, that you’re gonna do the action they’re looking for, which is gonna la- enable them to get access to the information they’re trying to get access to.

Moira Gunn:   01:56   And, the initial thing they may have asked you for may not seem all that big, like, “Give us all your money,” or-

Gary Davis:     02:03   Yeah.

Moira Gunn:   02:03   “Give us all your passwords,” or, “Give us all your account,” or, “Just click here and we can resolve a fairly benign situation.”

Gary Davis:     02:11   Yeah.

Moira Gunn:   02:11   “Like we need to update the, the month and data on your credit card,” ’cause that frequently happens.

Gary Davis:     02:17   Yeah, yeah.

Moira Gunn:   02:18   You know, that your, your, your, you get a new credit card after a few years, it’s the same everything, it’s just the month and date ab- I was like, “Oh yeah. I guess so, I guess we need to … ”

Gary Davis:     02:26   Yeah.

Moira Gunn:   02:28   And it’s accounting, it’s accounting, from this global firm.

Gary Davis:     02:29   Yeah.

Moira Gunn:   02:31   You know, emailing me and saying you need to update it.

Gary Davis:     02:32   It happened to me a couple of weeks ago. I w- I was in Greece, and I was, went to the, I was staying in the Hilton there, and, you know, the, even though I’d paid using points, they said, “Well, we need a credit card for incidentals.” And they had my credit card on file. Well, typically I’m using a different credit card for, ’cause it’s usually company related, and since I was using points, I was putting it on my personal card. And, and after a little while, they call me, “Hey, look your credit card’s not working.” What do you mean it’s not working?

Gary Davis:     02:59   And, come to find out after I called my bank, it, it’d been such a long time since I accessed the application. You’re right, I got a new credit card, new, uh, expiration date, and I hadn’t updated it. But you’re right, it would be very benign to get, “Oh yeah, I do use that service, um, I should go and change it.” But that’s where d- you, this is where we, we need to change our behaviors, because instead of clicking on that email and just blindly following wherever it leads me, if I was to think, “Well geez, I need to go change my, um, my, my expiration date for Hilton.” I went to my Hilton app, opened that up and changed it in there, instead of trying to follow a link.

Moira Gunn:   03:37   So, they come at you and it’s valid, you have, what you do is you go around the other way-

Gary Davis:     03:43   Exactly.

Moira Gunn:   03:43   Have your own access, in the old days you’d say, “I’m gonna go and see the lady at the bank.”

Gary Davis:     03:46   (laughs)

Moira Gunn:   03:48   “Or the gentleman at the bank.” And now it’s like, no no, don’t go through what informs you-

Gary Davis:     03:53   Exactly.

Moira Gunn:   03:54   Whatever you do.

Gary Davis:     03:55   You think about it, e- every month we get a statement from our bank, right? And I get one from my bank, and, and I am 99.9% sure that that’s a good email. But I have trained myself not to click on that email. Instead I’ll go to my, I’ll login into my bank account, and I’ll look at my account there, because I just, I’ve conditioned myself not to click on links and email. Even if you think it’s from a known good source, because you just never know, that the bad guys are getting so good, it’s what’s called “spoofing”, where you think it’s coming from an organization but they, they’ve changed something ever so slightly that you’re going to someplace you shouldn’t be going.

Gary Davis:     04:33   So, if, if you can just teach yourself or train yourself, when you, when you get an email and you think it’s legitimate and you’re expecting it, and it’s from somebody you’d expect to get a notification from, instead of acting on the email, go directly to the source and interact that way. It’s gonna save you potentially a lot of heartache.

Moira Gunn:   04:51   And to make matters even worse, there’s different kinds of phishing.

Gary Davis:     04:54   Yeah.

Moira Gunn:   04:55   Spear phishing, whale phishing, all have-

Gary Davis:     04:58   Smishing.

Moira Gunn:   04:58   Shmishing.

Gary Davis:     04:58   (laughs)

Moira Gunn:   05:00   Oh my goodness. Okay, let’s go down through them in any order you would like.

Gary Davis:     05:03   Right. Well, well smishing is probably the most, well regular phishing is, is, is simple as sending a bunch of emails out en masse, hoping that somebody’s gonna, you know, take your bait. Um, smishing is actually when they’ll send it to your phone via an SMS or text message. So, imagine getting some sort of account information to your phone, which is not that unlikely. I, almost every place I go now-

Moira Gunn:   05:25   Your, your bill is due.

Gary Davis:     05:26   Yeah, yeah. You click here to pay. “Oh okay, I’m gonna click on it ’cause I, I’m expecting it.” So, getting it on your phone, that’s called smishing. Uh, spear phishing is where you actually do what’s called social engineering, or you try to collect information about a particular group of people, and then use it to target that group.

Gary Davis:     05:44   You know, a good example is, a couple of years ago the, um, I think it was, uh, one of the NBA teams, they had gotten an email from the owner saying, “Oh, send me your user name and password because we got this special thing we wanna do for you.” Well, so they, “Of course, it’s from our owner, it’s got our logo on it.” And we go ahead and send my user name, password, which of course opened up the, the-

Moira Gunn:   06:06   (laughs)

Gary Davis:     06:06   Door, having everybody going doing whatever they want so, but they used a combination of, you know, you know, techniques that use the imagery and the tone and the social engineer- socially engineered information about the players and organization, to go do something like that.

Gary Davis:     06:24   Another, a subset of spear phishing, it’s called whale phishing, and that’s where you, you tend to focus on a high net worth individual, let’s say the CEO or some high level executive in a company using other techniques. So you, let’s say that, you know, that, that they know that the CEO is on vacation, so they, they send an email, spoof the CFO to somebody else in the organization saying, “Well the CEO told me to do this.” So all these mechanics work using high net worth individuals to go do malicious deeds.

Gary Davis:     06:57   Then there’s other types of, of phishing. There’s search engine phishing, where you would basically put up a, a, a fake search site, in order to direct people to your own search results which would in turn take you to fraudulent pages. So there, there are a variety of different techniques around phishing, all of which has the intent of trying to extract information from you, do something that you wouldn’t otherwise do, and/or in a lot of cases they’re trying to install malware on your device of, of some type.

Moira Gunn:   07:30   Now, in all those cases, I guess you could say what we might call the bleeding heart phishing, that’s out there.

Gary Davis:     07:36   It, it happens more than you might know. Whenever there is a, a major event, let’s say there’s a natural disaster, a, um, you know, we saw a lot of traffic around the Boeing Max Eight, when you had those two crashes and there was a lot of pouring out to help those in need, then they would create these fake sites and to lure people and to give them money. Um, that’s another great example.

Gary Davis:     07:59   Big sporting events, the Super Bowl, the World Cup, all these big sporting events see, um, NCAA tournament, all these events, you know, po- everybody knows, or the, the bad guys know that there’s gonna be a lot of attention given to these, so they’re gonna try to leverage those in order to try to get you to do something you wouldn’t wise- you wouldn’t otherwise do.

Gary Davis:     08:20   But that’s a great point, that you almost always try to tie it to something that’s gonna be on your mind, some sort of pop culture reference, that wouldn’t, that wouldn’t, that would motivate you to go do something. And, it’s just, it’s too bad because, you know, people typically are, are engaging with these because they feel like they genuinely wanna help. And then to know that you’re taking of that, our, our good will, I just, uh, it’s just-

Moira Gunn:   08:46   And it’s perfect because you don’t expect anything back.

Gary Davis:     08:48   Yeah. Yeah.

Moira Gunn:   08:48   It’s not like I bought something, where is it? It’s like-

Gary Davis:     08:52   Exactly. Well, in some cases for example, you may have thought, “Well I’m gonna buy tickets to the game,” or the, whatever, where, when you don’t get the tickets that would be, an, a case where that wasn’t true, but you’re right. When it comes to good will, natural disasters, you know, just relief for things that have gone on in the world, you’re right, you’re not expecting anything in return except the, the, the knowledge that you did something good, and that just, it breaks my heart when I hear about things like that.

Moira Gunn:   09:16   You know, this result pre internet, people have been doing this for a long, long, long time.

Gary Davis:     09:21   Yeah. Yeah. Although, the internet has made it very automatic now. I guess the point is the, the barrier to entry to do this has been dramatically reduced, because it’s, it’s, it doesn’t take that much effort to dupe somebody into giving you money that, that, sh- you sh- shouldn’t otherwise be getting.

Moira Gunn:   09:40   And phishing per se isn’t illegal. It’s when you take money for fraudulent ends, that’s when we get into what’s legal and illegal, right?

Gary Davis:     09:48   Well, but by nature phishing it, you’re, you’re trying to access information that you shouldn’t have access to. So I think it’s, it’s, it’s probably out, call it legally gray, but right, and it’s not until you actually give your credit card to a fraudster and something bad happens that, that you-

Moira Gunn:   10:04   When the bad happens-

Gary Davis:     10:05   Yeah.

Moira Gunn:   10:06   They’ve crossed the line.

Gary Davis:     10:07   Yeah. Then they’ll act on it. I, I remember when my identity was stolen way back in the day, um, I remember the, the, the guy who did it lived up in Pennsylvania someplace. And the way it worked back then is, they would, they got a $20,000 credit card, ringing up $18,000 over the course of two days-

Moira Gunn:   10:26   Wow.

Gary Davis:     10:26   And then the bank decided, “Well, we should go check to make sure that this guy is legit.” And, and what they’d used to do, is they would go to electronic goods stores like Best Buy, and they would buy $18,000 worth of electronic goods, then take it to a different Best Buy for cash back. So that’s how they would cash out the, the value of the credit card, knowing that it had a limited life.

Gary Davis:     10:45   And, I remember I, I got a call once, it was from the, the police department in Pennsylvania saying, “We caught the guy, you know, trying to return your goods.” Or, “The goods he bought with your credit card at a Best Buy.”

Moira Gunn:   10:58   (laughs)

Gary Davis:     10:58   And, and, they, and I said, you know, to go, go get the guy. It’s not, it’s just too much work. So, there, there, it’s really hard to motivate law enforcement, ’cause they got other things they gotta focus on. They’ve got, you know, all these other, y- you know, bad criminals doing, you know, physical harm to, to whomever. That, that they…

Moira Gunn:   11:16   And, and much higher ticket items too.

Gary Davis:     11:18   Yeah.

Moira Gunn:   11:19   You know, when they were looking at it, they might have only been looking at five or $600.

Gary Davis:     11:22   Yeah.

Moira Gunn:   11:22   Because they had to go to a lot of Best Buy’s, buy a lot of stuff-

Gary Davis:     11:26   Yeah.

Moira Gunn:   11:26   Return a lot of stuff, going back and forth, it all is pretty small-

Gary Davis:     11:30   Yeah. Exactly.

Moira Gunn:   11:30   In comparison.

Gary Davis:     11:31   Yeah. It’s, ’cause it, the, the identity thief knew not to try to in- to, to return all to one Best Buy, ’cause then that would be a, even a bigger red flag. But you’re right, if I’m a, if I’m loca- local law enforcement, “Eh, it’s just a couple hundred dollars, well I got, you know, drug dealers I gotta go break up, and bad, other bad things. So I’m gonna go focus on that, and really not focus,” so it’s just, it but, you, that doesn’t make you feel like you’re less of a victim.

Gary Davis:     11:55   Nobody wants to be a victim of scam or identity theft. Nobody ever wants to be a victim. We, we, we empathize with victims, ’cause we can put ourselves in their shoes, and it, and that’s unfortunately one of the challenges in our space is, I think a lot of the reasons why people aren’t better about things like password hygiene and, you know, checking their credit history and stuff like that, is because, well they don’t think it’s gonna happen to them, they think it’s gonna happen to somebody else. And because of that, that can be a little bit more relaxing in what I do.

Moira Gunn:   12:24   And it’s not just, uh, your hygiene, you may not be able to prevent it. I was, I stopped off an interstate and bought a couple of things, uh, ah, and gassed up at a little place, but it wasn’t the, one of the really big ones. Just happened to go in there, it was convenient there.

Gary Davis:     12:41   Yeah.

Moira Gunn:   12:41   And we were kind of in the middle of nowhere. And, for some reason, it didn’t take, put this, put this in again. So I put it in again. So, I thought, “Oh they’re probably gonna double charge me.”

Gary Davis:     12:51   Yeah.

Moira Gunn:   12:52   They didn’t double charge me, they took the card and then here I was in Northern California, and within just a few hours, someone in a, in another gas station in San Antonio, Texas, bought $115 worth of towels, shop towels, (laughs) just-

Gary Davis:     13:13   (laughs)

Moira Gunn:   13:13   Windshield wiper stuff, I mean there was just like, “doo doo doo doo doo… [counting up]

Gary Davis:     13:15   Yeah.

Moira Gunn:   13:16   So, $115 worth of that. I don’t know how I could have stopped that.

Gary Davis:     13:21   Uh, you, you can’t. That’s just it. That they’re, part of this is, y- y- we, we can do all we can do to not be a victim online, but I think a big part of the, the educational process is knowing what to do. You know, in that case, knowing to reach out to our credit card immediately and, and stopping any other transactions and, and going through the process. You’re right. There are things like that, that was probably a skimmer, that probably when they scanned it twice, they probably scanned it once for the gas that you actually bought, and there where, you know, you didn’t see it probably going through a different, um, reader.

Moira Gunn:   13:49   And I actually put it in myself.

Gary Davis:     13:50   Oh really? Okay.

Moira Gunn:   13:52   Put it in, take it out, put it in, take it out.

Gary Davis:     13:53   Hmm.

Moira Gunn:   13:53   Yeah.

Gary Davis:     13:56   You’re right.

Moira Gunn:   13:58   They’re always one step ahead.

Gary Davis:     13:59   Well, the, you know, it, it’s, they’re in it to make money, right? It’s a for profit business for lack of a better word. So, they’re always gonna be trying to figure out more effective ways to dupe people into, to, either dupe people or just take advantage of people without their knowledge, and, and do it for as long as they can.

Gary Davis:     14:15   Imagine if you didn’t quickly catch the fact that you were getting charged for stuff in San Antonio, and it went on for a week or so.

Moira Gunn:   14:21   Yeah.

Gary Davis:     14:21   They would just keep on charging, charging, charging, until, you know, either-

Moira Gunn:   14:25   It said no. (laughs)

Gary Davis:     14:26   Yeah. Well, or, or hopefully your bank would it, would realize, “Well hold on, you just used your card in Northern California,” which you would expect, and now that same card is being used to buy something in San Antonio, that, that would, you would think that your, your bank will-

Moira Gunn:   14:39   She travels fast.

Gary Davis:     14:42   (laughs)

Gary Davis:     14:42   Oh yeah.

Moira Gunn:   14:43   But not that fast.

Gary Davis:     14:43   That’s, that’s-

Moira Gunn:   14:43   There you go.

Gary Davis:     14:43   The hypersonic speed for sure.

Moira Gunn:   14:45   Hypersonic. Gary, always a pleasure. Please come back. See you soon.

Gary Davis:     14:49   I’ll do that. Thanks for having me.

Moira Gunn:   14:50   Tech Nation regular contributor Gary Davis is the Chief Consumer Security Evangelist at McAfee, the website where you can check if your email plus password has been compromised is, have I, that’s the letter I, beenpwned.com. With pawned spelled without an A. That’s P-W-N-E-D. So, it’s haveibeenpwned.com, with pawned spelled P-W-N-E-D. And that link will be on the Tech Nation website also.

Moira Gunn:   15:26   Of course when Gary said it during our conversation, he said, “haveibeenpwned.com.” And yes that’s true. Gary is from Texas, and that’s part of his charm.

Moira Gunn:   15:39   For Tech Nation, I’m Moira Gunn.

The post What is Phishing? Find Out with Gary Davis on the Latest Episode of Tech Nation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/what-is-phishing-find-out-with-gary-davis-on-the-latest-episode-of-tech-nation/feed/ 0
Protect Your Digital Life: Why Strong Passwords Matter https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-passwords-matter/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-passwords-matter/#respond Thu, 02 May 2019 10:00:35 +0000 https://securingtomorrow.mcafee.com/?p=94996

Over the years, our lives have become more and more digital. Think about it: 20 years ago, no one was using banking apps and social media had just barely begun coming to fruition. Now, many of us are reliant on mobile banking to pay our bills and we check our favorite social media platforms multiple […]

The post Protect Your Digital Life: Why Strong Passwords Matter appeared first on McAfee Blogs.

]]>

Over the years, our lives have become more and more digital. Think about it: 20 years ago, no one was using banking apps and social media had just barely begun coming to fruition. Now, many of us are reliant on mobile banking to pay our bills and we check our favorite social media platforms multiple times a day. Our lives exist almost entirely online with our sensitive personal data shielded by password protection — from our financials to our official documentation, personal photos and more. With so much of our personal data relying on the strength of our online passwords, it’s vital that users stay up-to-date on the latest password security practices. As we take the time to recognize World Password Day, it’s important to think about why passwords matter and how you’re safeguarding your personal information online.

 

 

Think about all of the online data you have that is password protected: your email, your social media accounts, your online banking profile, your movie and TV streaming service, the list goes on and on. If you aren’t following best practices for password security and just one of your passwords is exposed or breached, this could potentially lead to cybersecurity turmoil. For example, an Android app that helped users find and connect to free Wi-Fi hotspots recently left its database of more than 2 million network passwords exposed. While the app claimed to only share public hotspots, many were found to be home wireless networks thanks to the precise GPS location data that was also stored in the database. Now imagine that one of the victims of this password exposure utilized the same credentials for their online banking profile. If their password ended up in the wrong hands, a cybercriminal could potentially access the user’s financial data, leading to fraudulent charges or even identity theft. As you can see, creating a strong and unique password could mean the difference between keeping your online data safe and being at risk of a cyberattack.

Many people just go through the motions when creating passwords instead of taking the time to consider what exactly their credentials are protecting. World Password Day is the perfect opportunity to be diligent about revamping passwords. Check out the following tips to take your password security to the next level:

  • See if your passwords have been exposed. Go to a site such as HaveiBeenPwned to see if your password(s) have been compromised in a breach. Change them if you find that your credentials may have been jeopardized.
  • Layer up your passwords. Passwords should always contain a variety of capital and lowercase letters, numbers, and symbols. Today, many systems enforce password requirements during the account set-up process to ensure password strength.
  • Choose unique passwords across all of your accounts. Many consumers utilize the same password, or variations of it, across all of their accounts. This means if a hacker discovers just one password, all personal data is suddenly at risk. Therefore, it is crucial to diversify your passcodes to ensure hackers cannot obtain access to all of your accounts at once, should one password be compromised.
  • Use a password manager. Since it can be difficult to remember multiple complex passwords, use a password manager to keep track. With password managers, you’ll only need to remember one master password, in order to access the rest. Many password managers can also generate strong passwords to utilize when creating new logins.
  • Enable two or multi-factor authentication. Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. This reduces the risk of successful impersonation by hackers.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Protect Your Digital Life: Why Strong Passwords Matter appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-passwords-matter/feed/ 0
Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-hotspot-app-exposure/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-hotspot-app-exposure/#respond Mon, 29 Apr 2019 23:24:31 +0000 https://securingtomorrow.mcafee.com/?p=95082

Logging onto a free Wi-Fi network can be tempting, especially when you’re out running errands or waiting to catch a flight at the airport. But this could have serious cybersecurity consequences. One popular Android app, which allowed anyone to search for nearby Wi-Fi networks, was recently left exposed, leaving a database containing over 2 million network passwords unprotected. […]

The post Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed appeared first on McAfee Blogs.

]]>

Logging onto a free Wi-Fi network can be tempting, especially when you’re out running errands or waiting to catch a flight at the airport. But this could have serious cybersecurity consequences. One popular Android app, which allowed anyone to search for nearby Wi-Fi networks, was recently left exposed, leaving a database containing over 2 million network passwords unprotected.

How exactly were these passwords exposed? The app, which had been downloaded by millions of users, allowed anyone to search for Wi-Fi networks in their area. The app also lets users upload their Wi-Fi network passwords from their devices to its database for others to use. When the database was left exposed and unprotected, anyone could access and download its contents. Each record in the database contained the Wi-Fi network name, its precise geolocation, its basic service set identifier, and the network password in plaintext. Because the app didn’t require users to obtain permission from the network owner, it would be quite easy for a cybercriminal to modify router settings and point unsuspecting users to malicious websites. What’s more, a threat actor could also read unencrypted traffic that goes across a wireless network, allowing them to steal passwords and private data.

Thankfully, the web host was able to take down the database containing the Wi-Fi passwords within a day of being notified. But it’s important for users to be aware of the cybersecurity implications that free or public Wi-Fi presents. Check out the following tips to help protect your data:

  • Change your Wi-Fi password. If you think your password may have been affected by this exposure, err on the side of caution and reset it. Be sure to make your new password complex and unique.
  • Keep your network password private. Wi-Fi networks could be susceptible to a number of threats if their passwords are left in the wrong hands. Only share your passwords with family, friends, and those you trust, and never upload your password to a public database for strangers to use.
  • Safeguard your online privacy. Use a security solution like McAfee Safe Connect to encrypt your online activity, protect your privacy by hiding your IP address, and better defend against cybercriminals.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-hotspot-app-exposure/feed/ 0
Something’s Phishy With the Instagram “HotList” https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hotlist-phishing/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hotlist-phishing/#respond Thu, 25 Apr 2019 16:46:24 +0000 https://securingtomorrow.mcafee.com/?p=95008

Phishing scams have become incredibly popular these days. Cybercriminals have upped the ante with their tactics, making their phishing messages almost identical to the companies they attempt to spoof. We’ve all heard about phishing emails, SMiShing, and voice phishing, but cybercriminals are turning to social media for their schemes as well. Last week, the “Nasty […]

The post Something’s Phishy With the Instagram “HotList” appeared first on McAfee Blogs.

]]>

Phishing scams have become incredibly popular these days. Cybercriminals have upped the ante with their tactics, making their phishing messages almost identical to the companies they attempt to spoof. We’ve all heard about phishing emails, SMiShing, and voice phishing, but cybercriminals are turning to social media for their schemes as well. Last week, the “Nasty List” phishing scam plagued Instagram users everywhere, leading victims to fake login pages as a means to steal their credentials. Now, cybercriminals are capitalizing on the success of the “Nasty List” campaign with a new Instagram phishing scam called “The HotList.”

This scam markets itself as a collection of pictures ranked according to attractiveness. Similar to the “Nasty List,” this scheme sends messages to victims through hacked accounts saying that the user has been spotted on this so-called “hot list.” The messages claim to have seen the recipient’s images on the profile @The_HotList_95. If the user goes to the profile and clicks the link in the bio, they are presented with what appears to be a legitimate Instagram login page. Users are tricked into entering their login credentials on the fake login pages, whose URL typically ends in .me domains. Once the cybercriminals acquire the victim’s login, they are able to use their account to further spread the campaign.

Images courtesy of Bleeping Computer. 

Luckily, there are steps users can take to help ensure that their Instagram account stays secure:

  • Be skeptical of messages from unknown users. If you receive a message from someone you don’t know, it’s best to ignore the message altogether or block the user. And if you think a friend’s social media account has been compromised, look out for spelling mistakes and grammatical errors in their message, which are common indicators of a potential scam at play.
  • Exercise caution when inspecting links sent to your messages. Always inspect a URL before you click on it. In the case of this scam, the URL that appears with the fake login page is clearly incorrect, as it ends in .me.
  • Reset your password. If your account was hacked by “The HotList” but you still have access to your account, reset your password to regain control of your page.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Something’s Phishy With the Instagram “HotList” appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hotlist-phishing/feed/ 0
McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/#respond Mon, 22 Apr 2019 18:15:43 +0000 https://securingtomorrow.mcafee.com/?p=91083

*This blog is originally from August 2018 and was updated April 2019* From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family. However, users can be prone to putting basic security hygiene […]

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>

*This blog is originally from August 2018 and was updated April 2019*

From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family. However, users can be prone to putting basic security hygiene on the backburner when they get a shiny new IoT toy, such as applying security updates, using complex passwords for home networks and devices, and isolating critical devices or networks from IoT. Additionally, IoT devices’ poor security standards make them conveniently flawed for someone else: cybercriminals, as hackers are constantly tracking flaws which they can weaponize. When a new IoT device is put on the market, these criminals have a new opportunity to expose the device’s weaknesses and access user networks. As a matter of fact, our McAfee Labs Advanced Threat Research team uncovered a flaw in one of these IoT devices: the Wemo Insight Smart Plug, which is a Wi-Fi–connected electric outlet.

Once our research team figured out how exactly the device was vulnerable, they leveraged the flaw to test out a few types of cyberattacks. The team soon discovered an attacker could leverage this vulnerability to turn off or overload the switch, which could overheat circuits or turn a home’s power off. What’s more – this smart plug, like many vulnerable IoT devices, creates a gateway for potential hackers to compromise an entire home Wi-Fi network. In fact, using the Wemo as a sort of “middleman,” our team leveraged this open hole in the network to power a smart TV on and off, which was just one of the many things that could’ve been possibly done.

And as of April 2019, the potential of a threat born from this vulnerability seems as possible as ever. Our ATR team even has reason to believe that cybercriminals already have or are currently working on incorporating the unpatched Wemo Insight vulnerability into IoT malware. IoT malware is enticing for cybercriminals, as these devices are often lacking in their security features. With companies competing to get their versions of the latest IoT device on the market, important cybersecurity features tend to fall by the wayside. This leaves cybercriminals with plenty of opportunities to expose device flaws right off the bat, creating more sophisticated cyberattacks that evolve with the latest IoT trends.

Now, our researchers have reported this vulnerability to Belkin, and, almost a year after initial disclosure, are awaiting a follow-up. However, regardless if you’re a Wemo user or not, it’s still important you take proactive security steps to safeguard all your IoT devices. Start by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away. If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Keep your firmware up-to-date. Manufacturers often release software updates to protect against these potential vulnerabilities. Set your device to auto-update, if you can, so you always have the latest software. Otherwise, just remember to consistently update your firmware whenever an update is available.
  • Secure your home’s internet at the source. These smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/feed/ 0
The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-nasty-list/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-nasty-list/#respond Mon, 22 Apr 2019 17:51:25 +0000 https://securingtomorrow.mcafee.com/?p=94968

How often do you check your social media accounts? According to a recent study, internet users spend an average of 2 hours and 22 minutes per day on social networking platforms. Since users are pretty reliant on social media, cybercriminals use it as an avenue to target victims with various cyberattacks. The latest social media […]

The post The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login appeared first on McAfee Blogs.

]]>

How often do you check your social media accounts? According to a recent study, internet users spend an average of 2 hours and 22 minutes per day on social networking platforms. Since users are pretty reliant on social media, cybercriminals use it as an avenue to target victims with various cyberattacks. The latest social media scheme called “The Nasty List” scams users into giving up their Instagram credentials and uses their accounts to further promote the phishing scam.

So, how exactly do hackers trick innocent users into handing over their login information? Cybercriminals spread this scam by sending messages through hacked accounts to the user’s followers, stating that they were spotted on a “Nasty List.” These messages will read something like “OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up.” If the recipient visits the profile listed in the message, they will see a link in the profile description. An example of one URL that has been listed in these scam profiles is nastylist-instatop50[.]me. The user is tricked into believing that this link will supposedly allow them to see why they are on this list. This link brings up what appears to be a legitimate Instagram login page. When the victim enters their credentials on the fake login page, the cybercriminals behind this scheme will be able to take over the account and use it to further promote the scam.

Images courtesy of Bleeping Computer.
Images courtesy of Bleeping Computer.

Fortunately, there are a number of steps Instagram users can take to ensure that they don’t fall victim to this trap. Check out the following tips:

  • Be skeptical of messages from unknown users. If you receive a message from someone you don’t know, it’s best to ignore the message altogether or block the user. Additionally, if you think a friend’s social media account has been compromised, look out for spelling mistakes and grammatical errors in their message, which are common in these scams.
  • Exercise caution when inspecting links sent to your messages. Always inspect a URL before you click on it. In the case of this scam, the URL that appears with the fake login page is clearly incorrect, as it ends in a [.]me.
  • Reset your password. If your account was hacked by ‘The Nasty List’ but you still have access to your account, reset your password to regain control of your account.

And, as usual, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-nasty-list/feed/ 0
Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-game-of-thrones-celebrity/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-game-of-thrones-celebrity/#respond Mon, 08 Apr 2019 12:00:58 +0000 https://securingtomorrow.mcafee.com/?p=94862

The net is dark and full of terrors, especially for fans of HBO’s popular show Game of Thrones®. As followers of the series gear up for the premiere of the eighth and final season on April 14th, fans may have more than just White Walkers to worry about. According to McAfee’s study on the Most […]

The post Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity appeared first on McAfee Blogs.

]]>

The net is dark and full of terrors, especially for fans of HBO’s popular show Game of Thrones®. As followers of the series gear up for the premiere of the eighth and final season on April 14th, fans may have more than just White Walkers to worry about. According to McAfee’s study on the Most Dangerous Celebrities, it turns out that search results for Emilia Clarke are among those most likely to be infected with malware.

In fact, the actress who portrays Daenerys Targaryen in the TV drama came in at #17 of our 2018 Most Dangerous Celebrities study. Cybercriminals use the allure of celebrities – such as Clarke – to trick unsuspecting users into visiting malicious websites. These sites can be used to install malware on a victim’s device or steal their personal information or passwords. With the premiere of the new season right around the corner, it’s likely that cybercrooks will take advantage of the hype around the show to lure supporters into their trap.

Thankfully, there are plenty of ways fans can keep up with the show and characters without putting their online safety at risk. Follow these tips to pledge your allegiance to your cybersafety:

  • Refrain from using illegal streaming sites. When it comes to dangerous online behavior, using illegal streaming sites is the equivalent of spreading the Mad King’s wildfire to your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.
  • Be careful what you click. Don’t bend the knee to hackers who tempt users to click on their malicious sites. Users looking for information on the new season should be careful and trust only reliable sources. The safest option is to wait for the official release instead of visiting a potentially malware-ridden third-party website.
  • Keep your device software updated. Install new system and application updates on your devices as soon as they’re available. These updates often include security fixes that can help protect your laptop or computer from an army of undead software bugs.
  • Protect your online realm with a cybersecurity solution. Send your regards to malicious actors with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor, which helps alert users of malicious websites.

We wish you good fortune in the browsing to come. To stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Copyright ©2019 McAfee, LLC

The post Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-game-of-thrones-celebrity/feed/ 0
Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/#respond Wed, 03 Apr 2019 16:12:11 +0000 https://securingtomorrow.mcafee.com/?p=94830

Most people don’t think about their credit card information being stolen and sold over the dark web while they’re enjoying a night out at an Italian restaurant. However, many people are experiencing this harsh reality. Earl Enterprises, the parent company of Buca di Beppo, Planet Hollywood, Earl of Sandwich, and Mixology 101 in LA, confirmed […]

The post Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach appeared first on McAfee Blogs.

]]>

Most people don’t think about their credit card information being stolen and sold over the dark web while they’re enjoying a night out at an Italian restaurant. However, many people are experiencing this harsh reality. Earl Enterprises, the parent company of Buca di Beppo, Planet Hollywood, Earl of Sandwich, and Mixology 101 in LA, confirmed that the company was involved in a massive data breach, which exposed the credit card information of 2.15 million customers.

The original discovery was made by cybersecurity researcher Brian Krebs, who found the underground hacking forum where the credit card information had been posted for sale. He determined that the data first surfaced on Joker’s Stash, an underground shop that sells large batches of freshly-stolen credit and debit cards on a regular basis. In late February, Joker’s Stash moved a batch of 2.15 million stolen cards onto their system. This breach involved malware remotely installed on the company’s point-of-sale systems, which allowed cybercrooks to steal card details from customers between May 23, 2018, and March 18, 2019. This malicious software was able to capture payment card details including card numbers, expiration dates, and, in some cases, cardholder names. With this information, thieves are able to clone cards and use them as counterfeits to purchase expensive merchandise such as high-value electronics.

It appears that all 67 Buca di Beppo locations in the U.S., a handful of the 31 Earl of Sandwich locations, and the Planet Hollywood locations in Las Vegas, New York, and Orlando were impacted during this breach. Additionally, Tequila Taqueria in Las Vegas, Chicken Guy! in Disney Springs, and Mixology 101 in Los Angeles were also affected by this breach. Earl Enterprises states that online orders were not affected.

While large company data breaches such as this are difficult to avoid, there are a few steps users can take to better protect their personal data from malicious thieves. Check out the following tips:

  • Keep an eye on your bank account. One of the simplest ways to determine whether someone is fraudulently using your credit card information is to monitor your bank statements. If you see any charges that you did not make, report it to the authorities immediately.
  • Check to see if you’ve been affected. If you know you’ve made purchases at an Earl Enterprises establishment in the last ten months, use this tool to check if you could have been potentially affected.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/feed/ 0
The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gps-rollover-phishing-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gps-rollover-phishing-scams/#respond Mon, 01 Apr 2019 21:02:58 +0000 https://securingtomorrow.mcafee.com/?p=94822

Today, users are extremely reliant on our GPS devices. In fact, we’re so reliant on these devices that map features are programmed into almost every IoT device we use as well as inside of our vehicles. However, the Department of Homeland Security has issued an alert to make users aware of a GPS receiver issue […]

The post The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams appeared first on McAfee Blogs.

]]>

Today, users are extremely reliant on our GPS devices. In fact, we’re so reliant on these devices that map features are programmed into almost every IoT device we use as well as inside of our vehicles. However, the Department of Homeland Security has issued an alert to make users aware of a GPS receiver issue called the GPS Week Number Rollover that is expected to occur on or around April 6, 2019. While this bug is only expected to affect a small number of older GPS devices, users who are impacted could face troubling results.

You may be wondering, what will cause this rollover issue? GPS systems count weeks using a ten-bit parameter, meaning that they start counting at week zero and then reset when they hit week 1,024, or 19.5 years. Because the last reset took place on August 21, 1999, it appears that the next reset will occur on April 6, 2019. This could result in devices resetting their dates and potentially corrupting navigation data, which would throw off location estimates. That means your GPS device could misrepresent your location drastically, as each nanosecond the clock is out translates into a foot of location error.

So, how does this rollover issue translate into a potential cyberthreat? It turns out that the main fix for this problem is to ensure that your GPS device’s software is up-to-date. However, due to the media attention that this bug is receiving, it’s not far-fetched to speculate that cybercriminals will leverage the issue to target users with phishing attacks. These attacks could come in the form of email notifications referencing the rollover notice and suggesting that users install a fraudulent software patch to fix the issue. The emails could contain a malicious payload that leaves the victim with a nasty malware on their device.

While it’s difficult to speculate how exactly cybercriminals will use various events to prey on innocent users, it’s important to be aware of potential threats to help protect your data and safeguard your devices. Check out the following tips to help you spot potential phishing attacks:

  • Validate the email address is from a recognized sender. Always check the validity of signature lines, including the information on the sender’s name, address, and telephone number. If you receive an email from an address that you don’t recognize, it’s best to just delete the email entirely.
  • Hover over links to see and verify the URL. If someone sends you a link to “update your software,” hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.
  • Be cautious of emails asking you to take action. If you receive a message asking you to update your software, don’t click on anything within the message. Instead, go straight to your software provider’s website. This will prevent you from downloading malicious content from phishing links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gps-rollover-phishing-scams/feed/ 0
iOS Users: Update Your Software to Avoid Security Vulnerabilities https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ios-security-updates/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ios-security-updates/#respond Wed, 27 Mar 2019 20:00:31 +0000 https://securingtomorrow.mcafee.com/?p=94796

On Monday, Apple made some bold announcements at their keynote event, including new subscription offerings for news, television, video games, and a credit card service. But while these exciting announcements were being made, the release of iOS 12.2 seemed to slip under the radar. This update contains 51 different security fixes and impacts devices ranging from […]

The post iOS Users: Update Your Software to Avoid Security Vulnerabilities appeared first on McAfee Blogs.

]]>

On Monday, Apple made some bold announcements at their keynote event, including new subscription offerings for news, television, video games, and a credit card service. But while these exciting announcements were being made, the release of iOS 12.2 seemed to slip under the radar. This update contains 51 different security fixes and impacts devices ranging from the iPhone 5s and later, the iPad Air, and even products running tvOS. These software patches cover a variety of bugs that cybercriminals could use to obtain effects like denial-of-service, overwrite arbitrary files, or execute malicious code.

The iOS 12.2 update includes patches for vulnerabilities in core apps like Contacts, FaceTime, Mail, Messages, and more. According to security professional Alex Stamos, most of the vulnerabilities were found in Webkit, the browser engine Apple uses in many of its products including Safari, Mail, and App Store. Among these vulnerabilities were memory corruption bugs, which could lead to arbitrary code execution. This type of attack allows malicious actors to run any command on the target system, potentially taking over the victim’s files or allowing them to take over the victim’s system remotely. To prevent arbitrary code execution attacks, Apple improved device memory handling, state, and management. These processes control and coordinate device computer memory in order to optimize overall system performance. Another issue patched by this update is the ability for a cybercriminal to bypass sandbox restrictions, which protect a device’s critical infrastructure from suspicious code. To combat this, Apple issued an improvement to validation checks.

While it can be easy to click the “Remind Me Later” option when you receive a software update notification, the security updates included in iOS 12.2 should not be overlooked. To help keep your iOS devices protected and running smoothly, check out the following tips:

  • Update your software. To update your device to iOS 12.2, go to your Settings, then to General, and then click Software Update. From there, you will be able to download and install the update and patch over 50 security holes.
  • Turn on automatic updates. Turning on automatic updates helps shield you from exposure to threats brought on by software bugs and vulnerabilities. You can enable automatic updates in your Settings as well.
  • Use a security solution. To add an extra layer of protection to all your devices, install a security solution like McAfee Total Protection. This will allow you to have an extra security weapon and help defend your devices from cyberthreats.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iOS Users: Update Your Software to Avoid Security Vulnerabilities appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ios-security-updates/feed/ 0
Facebook Users: Here are Proactive Tips to Keep Your Data Safe https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/#respond Fri, 22 Mar 2019 23:40:42 +0000 https://securingtomorrow.mcafee.com/?p=94766

Social media has become extremely popular over the years, providing users with an easy way to communicate with their friends and family. As social media users, we put a lot of faith and trust in these platforms to maintain the security of our private information. But what happens when our private information is mishandled? The […]

The post Facebook Users: Here are Proactive Tips to Keep Your Data Safe appeared first on McAfee Blogs.

]]>

Social media has become extremely popular over the years, providing users with an easy way to communicate with their friends and family. As social media users, we put a lot of faith and trust in these platforms to maintain the security of our private information. But what happens when our private information is mishandled? The reality is that these incidents happen and users need to be prepared. Yesterday, Facebook announced that it did not properly mask the passwords of hundreds of millions of its users, primarily those associated with Facebook Lite.

You might be wondering how exactly this happened. It appears that many user passwords for Facebook, Facebook Lite, and Instagram were stored in plaintext in an internal company database. This means that thousands of Facebook employees had access to the database and could have potentially searched through these user passwords. Thankfully, no cases of data misuse were reported in the investigation, and these passwords were never visible to anyone outside of the company. According to Facebook software engineer Scott Renfro, Facebook is in the process of investigating long-term infrastructure changes to prevent these security issues going forward.

According to Facebook’s vice president of engineering, security, and privacy, the company has corrected the password logging bug and plans to notify the users whose passwords may have been exposed. But what can users do to better protect their data when an incident like this occurs? Check out the following tips:

  • Change your password. As a precautionary step, update your Facebook and Instagram passwords by going into the platforms’ security and privacy settings. Make sure your passwords are unique and complex.
  • Use multi-factor authentication. While this shouldn’t be your be-all and end-all security solution, it can help protect your credentials in the case of data exposure.
  • Set up a password manager. Using a password manager is one of the easiest ways to keep track of and manage your passwords so you can easily change them after these types of incidents occur.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Users: Here are Proactive Tips to Keep Your Data Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/feed/ 0
How Online Scams Drive College Basketball Fans Mad https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/#respond Wed, 20 Mar 2019 10:00:54 +0000 https://securingtomorrow.mcafee.com/?p=94656

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most […]

The post How Online Scams Drive College Basketball Fans Mad appeared first on McAfee Blogs.

]]>

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most popular techniques cybercriminals use to gain access to passwords and financial information, as well as encourage victims to click on suspicious links.

Online betting provides cybercriminals with a wealth of opportunities to steal personal and financial information from users looking to engage with the games while potentially making a few extra bucks. The American Gaming Association (AGA) estimates that consumers will wager $8.5 billion on the 2019 NCAA men’s basketball tournament. What many users don’t realize is that online pools that ask for your personal and credit card information create a perfect opportunity for cybercriminals to take advantage of unsuspecting fans.

In addition to online betting scams, users should also be on the lookout for malicious streaming sites. As fewer and fewer homes have cable, many users look to online streaming sites to keep up with all of the games. However, even seemingly reputable sites could contain malicious phishing links. If a streaming site asks you to download a “player” to watch the games, there’s a possibility that you could end up with a nasty malware on your computer.

Ticket scammers are also on the prowl during March, distributing fake tickets on classified sites they’ve designed to look just like the real thing. Of course, these fake tickets all have the same barcode. With these scams floating around the internet, users looking for cheap tickets to the games may be more susceptible to buying counterfeit tickets if they are just looking for the best deal online and are too hasty in their purchase.

So, if you’re a college basketball fan hoping to partake in this exciting month – what next? In order to enjoy the fun that comes with the NCAA tournament without the risk of cyberthreats, check out the following tips to help you box out cybercriminals this March:

  • Verify the legitimacy of gambling sites. Before creating a new account or providing any personal information on an online gambling website, poke around and look for information any legitimate site would have. Most gambling sites will have information about the site rules (i.e., age requirements) and contact information. If you can’t find such information, you’re better off not using the site.
  • Be leery of free streaming websites. The content on some of these free streaming websites is likely stolen and hosted in a suspicious manner, as well as potentially contains malware. So, if you’re going to watch the games online, it’s best to purchase a subscription from a legitimate streaming service.
  • Stay cautious on popular sports sites and apps. Cybercriminals know that millions of loyal fans will be logging on to popular sports sites and apps to stay updated on the scores. Be careful when you’re visiting these sites you’re not clicking on any conspicuous ads or links that could contain malware. If you see an offer that interests you in an online ad, you’re better off going directly to the website from the company displaying the ad as opposed to clicking on the ad from the sports site or app.
  • Beware of online ticket scams. Scammers will be looking to steal payment information from fans in search of last-minute tickets to the games. To avoid this, it’s best to buy directly from the venue whenever possible. If you decide to purchase from a reseller, make sure to do your research and only buy from trusted vendors.
  • Use comprehensive security software. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious. It will provide visual warnings if you’re about to go to a suspicious site.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How Online Scams Drive College Basketball Fans Mad appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/feed/ 0
Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/#respond Wed, 13 Mar 2019 22:23:02 +0000 https://securingtomorrow.mcafee.com/?p=94598

Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for […]

The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.

]]>

Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for a very expensive service plan to use basic tool functionalities like voice recording and opening zip files.

The two apps being called into question, “Voice recorder free” and “Zip File Reader,” have been downloaded over 600,000 times combined. So at first glance, users may assume that these are reputable apps. Once installed, they offer the user an option to use a “Free trial” or to “Pay now.” If the user selects the trial version, they are presented with a subscription page to enter their credit card details for when the three-day trial is over. However, these apps charge a ridiculously high amount once the trial is up. “Voice recorder free” charges a whopping $242 a month and “Zip File Reader” charges $160 a week.

Users who have downloaded these apps and then deleted them after their free trial may be surprised to know that uninstalling the app will not cancel the subscription, so they could still be charged these astronomical amounts for weeks without realizing it. While this is not technically illegal, it is a deceptive tactic that app developers are using to try to make an easy profit off of consumers who might forget to cancel their free trial.

With that said, there are a few things users can do to avoid becoming victim to deceptive schemes such as these in the future. Here are some tips to keep in mind when it comes to downloading free apps:

  • Be vigilant and read app reviews. Even if an app has a lot of downloads, make sure to comb through all of the reviews and read up before downloading anything to your device.
  • Read the fine print. If you decide to install an app with a free trial, make sure you understand what fees you will be charged if you keep the subscription.
  • Remember to cancel your subscription. If you find a reputable free app that you’ve researched and want to use for a trial period, remember to cancel the subscription before uninstalling the app off your device. Instructions on canceling, pausing, and changing a subscription can be found on Google Play’s Help page.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/feed/ 0
5 Tips For Creating Bulletproof Passwords https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/#respond Tue, 12 Mar 2019 22:13:56 +0000 https://securingtomorrow.mcafee.com/?p=94589

While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives. This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can […]

The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blogs.

]]>

While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.

This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.

Remember, simple is not safe

Every year surveys find that the most popular passwords are as simple as  “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.

When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.

Tricks:

  • Make sure that your passwords are at least 12 characters long and include numbers, symbols, and upper and lowercase letters.
  • Try substituting numbers and symbols for letters, such as zero for “O”, or @ for “A”.
  • If you’re using internet-connected devices, like IP cameras and interactive speakers, make sure to change the default passwords to something unique, since hackers often know the manufacturer’s default settings.

Keep it impersonal

Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.

Tricks:

  • Try making your password a phrase, with random numbers and characters. For instance, if you love crime novels you might pick the phrase: ILoveBooksOnCrime
    Then you would substitute some letters for numbers and characters, and put a portion in all caps to make it even stronger, such as: 1L0VEBook$oNcRIM3!
  • If you do need to use personal information when setting up security questions, choose answers that are not easy to find online.
  • Keep all your passwords and passphrases private.

Never reuse passwords

If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.

Tricks:

  • Use unique passwords for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. These too can be compromised, and if you use the same password for more sensitive accounts, they too are at risk.
  • If a website or monitoring service you use warns you that your details may have been exposed, change your password immediately.

Employ a password manager

If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.

Tricks:

  • Look for security software that includes a password manager
  • Make sure your password manager uses multi-factor authentication, meaning it uses multiple pieces of information to identify you, such as facial recognition, a fingerprint, and a password.

Boost your overall security

Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.

Tricks:

  • Keep you software up-to-date and consider using a web advisor that protects you from accidentally typing passwords into phishing sites.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/feed/ 0
809 Million Records Left Exposed: How Users Can Protect Their Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/#respond Fri, 08 Mar 2019 21:41:42 +0000 https://securingtomorrow.mcafee.com/?p=94522

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection […]

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

]]>

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection #1 data breach exposed 773 million email addresses, it seems we have another massive data dump in our midst. Last week, researchers discovered a 150-gigabyte database containing 809 million records exposed by the email validation firm, Verifications.io.

You may be wondering how Verifications.io had so much data left to be exposed. Most people have heard of email marketing, but very few realize that these companies often vet user email addresses to ensure their validity. Enter Verifications.io. This company serves as a way email marketing firms can outsource the extensive work involved with validating mass amounts of emails and avoid the risk of having their infrastructure blacklisted by spam filters. Verifications.io was entrusted with a lot of data provided by email marketing firms looking to streamline their processes, creating an information-heavy database.

This unusual data trove contains tons of sensitive information like names, email addresses, phone numbers, physical addresses, gender, date of birth, personal mortgage amounts, interest rates, social media accounts, and characterizations of people’s credit scores. While the data doesn’t contain Social Security Numbers or credit card information, that amount of aggregated data makes it much easier for cybercriminals to run new social engineering scams or expand their target audience. According to security researcher Troy Hunt, owner of HaveIBeenPwned, 35% of the data exposed by Verifications.io is new to his database. With that said, it was the second largest data dump added in terms of email addresses to Hunt’s website, which allows users to check whether their data has been exposed or breached.

Upon discovery, the firm was made aware of the incident. And while proper security measures were taken, users can take various steps themselves to protect their information in the event of largescale data exposure. Check out the following tips:

  • Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
  • Use strong, unique passwords. Make sure to use complex passwords for each of your individual accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords on a consistent basis to further protect your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/feed/ 0
Don’t Let Thunderclap Flaws Strike Your Device https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/#respond Fri, 08 Mar 2019 19:15:19 +0000 https://securingtomorrow.mcafee.com/?p=94515

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial […]

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

]]>

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial information, or run detrimental code on the system if a malicious device is plugged into a machine’s port while it’s running.

So, how can attackers exploit this flaw? Thunderbolt accessories are granted direct-memory access (DMA), which is a method of transferring data from a computer’s random-access memory (RAM) to another part of the computer without it needing to pass through the central processing unit (CPU). DMA can save processing time and is a more efficient way to move data from the computer’s memory to other devices. However, attackers with physical access to the computer can take advantage of DMA by running arbitrary code on the device plugged into the Thunderbolt port. This allows criminals to steal sensitive data from the computer. Mind you, Thunderclap vulnerabilities also provide cybercriminals with direct and unlimited access to the machine’s memory, allowing for greater malicious activity.

Thunderclap-based attacks can be carried out with either specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to. What’s more, they can compromise a vulnerable computer in just a matter of seconds. Researchers who discovered this vulnerability informed manufacturers and fixes have been deployed, but it’s always good to take extra precautions. So, here are some ways users can defend themselves against these flaws:

  • Disable the Thunderbolt interface on your computer. To remove Thunderbolt accessibility on a Mac, go to the Network Preference panel, click “OK” on the New Interface Detected dialog, and select “Thunderbolt Bridge” from the sidebar. Click the [-] button to delete the option as a networking interface and choose “Apply.” PCs often allow users to disable Thunderbolt in BIOS or UEFI firmware settings, which connect a computer’s firmware to its operating system.
  • Don’t leave your computer unattended. Because this flaw requires a cybercriminal to have physical access to your device, make sure you keep a close eye on your laptop or PC to ensure no one can plug anything into your machine without permission.
  • Don’t borrow chargers or use publicly available charging stations. Public chargers may have been maliciously altered without your knowledge, so always use your own computer accessories.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/feed/ 0
How To Secure Your Smart Home https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/#respond Thu, 07 Mar 2019 01:00:41 +0000 https://securingtomorrow.mcafee.com/?p=94485

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by […]

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

]]>

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by giving cybercrooks new opportunities to access our information, and even launch attacks.

You may remember a couple of years ago when thousands of infected devices were used to take down the websites of internet giants like Twitter and Netflix by overwhelming them with traffic. The owners of those devices were regular consumers, who had no idea that their IP cameras and DVRs had been compromised. You may also have heard stories of people who were eavesdropped on via their baby monitors, digital assistants, and webcams when their private networks were breached.

Unfortunately, these are not rare cases. In recent months, the “Internet of Things” (IoT) has been used repeatedly to spy on businesses, launch attacks, or even deliver cryptojacking malware or ransomware.

Still, given the benefits we get from these devices, they are probably here to stay.  We just need to acknowledge that today’s “smart” devices can be a little “dumb” when it comes to security. Many lack built-in security protections, and consumers are still learning about the risks they can pose. This is particularly concerning since the market for smart devices is large and growing. There are currently 7 billion IoT devices being used worldwide, and that number is expected to grow to 22 billion by 2025.

Cybercrooks have already taken note of these opportunities since malware attacks on smart devices have escalated rapidly. In fact, McAfee reported that malware directed at IoT devices was up 73%in the third quarter of 2018 alone.

So, whether you have one IoT device, or many, it’s worth learning how to use them safely.

Follow these smart home safety tips:

  • Research before you buy—Although most IoT devices don’t have built-in protection, some are safer than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks many of these features, consider upgrading it.
  • Safeguard your devices—Before you connect a new IoT device to your home network — allowing it to potentially connect with other data-rich devices, like smartphones and computers— change the default username and password to something strong, and unique. Hackers often know the default settings and share them online.Then, turn off any manufacturer settings that do not benefit you, like remote access. This is a feature some manufacturers use to monitor their products, but it could also be used by cybercrooks to access your system. Finally, make sure that your device software is up-to-date by checking the manufacturer’s website. This ensures that you are protected from any known vulnerabilities.
  • Secure your network—Your router is the central hub that connects all of the devices in your home, so you need to make sure that it’s secure. If you haven’t already, change the default password and name of your router. Make sure your network name does not give away your address, so hackers can’t locate it. Then check that your router is using an encryption method, like WPA2, which will keep your communications secure. Consider setting up a “guest network” for your IoT devices. This is a second network on your router that allows you to keep your computers and smartphones separate from IoT devices. So, if a device is compromised, a hacker still cannot get to all the valuable information that is saved on your computers. Check your router’s manual for instructions on how to set up a guest network. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
  • Install comprehensive security software –Finally, use comprehensive security software that can safeguard all your devices and data from known vulnerabilities and emerging threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/feed/ 0
How to Steer Clear of Tax Season Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/#respond Wed, 06 Mar 2019 17:27:04 +0000 https://securingtomorrow.mcafee.com/?p=94481

*This blog contains research discovered by Elizabeth Farrell It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up […]

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

]]>

*This blog contains research discovered by Elizabeth Farrell

It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.

So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.

In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. Even back in December, we saw a surge of new email phishing scams trying to fool consumers into thinking the message was coming from the IRS or other members of the tax community. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.

Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.

Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:

  • File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
  • Obtain a copy of your credit report. FYI – you’re entitled to a free copy of your credit report from each of the major bureaus once a year. So, make it a habit to request a copy of your file every three to four months, each time from a different credit bureau. That way, you can keep better track of and monitor any suspicious activity and act early if something appears fishy.
  • Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Be wary of strange file attachment names such as “virus-for-you.doc.” Remember: the IRS only contacts people by snail mail, so if you get an email from someone claiming to be from the IRS, stay away.
  • Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
  • Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/feed/ 0
What MWC 2019 Shows Us About the Future of Connectivity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/#respond Thu, 28 Feb 2019 22:18:47 +0000 https://securingtomorrow.mcafee.com/?p=94383

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event: […]

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

]]>

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event:

Foldable Phones Are the Future

 MWC is an opportunity for telecommunications companies, chipmakers, and smartphone firms to show off their latest and greatest innovations, and they sure delivered this year. One particular device that had the show floor buzzing was the Huawei Mate X, a 5G-enabled smartphone that folds out to become an 8-inch tablet. Additionally, Samsung revealed its plans to hold a press event in early April for its foldable smartphone, the Galaxy Fold. Unlike Huawei’s Mate X, the Galaxy Fold bends so that it encloses like a book. Although neither of these devices are available at to the public yet, they’ve definitely made a bold statement when it comes to smartphone design.

Smart Home Technology Goes Mobile

 Google is one company taking advantage of smartphone enhancements by putting its Google Assistant into the Android texting app. Assistant for Android Messages allows slices of Google search results to be laid out for users based on their text messages. For example, if one user texted another asking to grab some lunch, a bubble would pop up authorizing Assistant to share suggestions for nearby restaurant locations. While Assistant for Android currently only works for movies and restaurants, we can imagine how this technology could expand to other facets of consumer lives. This addition also demonstrates how AI is slowly but surely making its way onto almost every high-end phone through its apps and other tools.

Enhancing the Gaming Experience with 5G, VR, and AR

Not to be shown up, gaming developers also made a statement by using 5G technology to bring gamers into a more immersed gaming environment. Mobile game developer Niantic, creator of Pokémon Go and the upcoming Harry Potter: Wizards Uniteapp, is already working on games that will require a 5G upgrade. One such prototype the company showcased, codenamed Neon, allows multiple people in the same place to play an augmented reality (AR) game at the same time. Each players’ phone shows them the game’s graphics superimposed on the real world and allows the players to shoot each other, duck and dodge, and pick up virtual items, all in real-time.

Niantic wasn’t the only one looking to expand the gaming experience with the help of 5G. At the Intel and Nokia booths, Sony set up an Oculus Rift VR game inspired by Marvel and Sony’s upcoming film Spider-Man: Far From Home. Thanks to the low latency and real-time responsiveness of 5G, one player in the Nokia booth was able to race the other player in the Intel booth as if they were swinging through spiderwebs in Manhattan. Players were able to experience how the next-generation of wireless technology will allow them to participate in a highly immersive gaming experience.

Bringing 4G and 5G to the Automotive Industry

Gaming isn’t the only industry that’s getting a facelift from 5G. At the show, Qualcomm announced two new additions to their automotive platform: the Qualcomm Snapdragon Automotive 4G and 5G Platforms. One of the main features of these platforms is vehicle-to-everything communication, or C-V2X, which allows a car to communicate with other vehicles on the road, roadside infrastructure, and more. In addition, the platforms offer a high-precision, multi-frequency global navigation satellite system, which will help enable self-driving implementations. The platforms also include features like multi-gigabit cloud connectivity, high bandwidth low latency teleoperations support, and precise positioning for lane-level navigation accuracy. These advancements in connectivity will potentially help future vehicles to improve safety, communications, and overall in-car experience for consumers.

Securing Consumers On-the-Go

The advancements in mobile connectivity have already made a huge impact on consumer lifestyles, especially given the widespread adoption of IoT devices and smart gadgets. But the rise in popularity of these devices has also caught the interest of malicious actors looking to access users’ networks. According to our latest Mobile Threat Report, cybercriminals look to trusted devices to gain access to other devices on the user’s home network. For example, McAfee researchers recently discovered a vulnerability within a Mr. Coffee brand coffee maker that could allow a malicious actor to access the user’s home network. In addition, they also uncovered a new vulnerability within BoxLock smart padlocks that could enable cybercriminals to unlock the devices within a matter of seconds.

And while consumers must take necessary security steps to combat vulnerabilities such as these, we at McAfee are also doing our part of help users everywhere remain secure. For instance, we’ve recently extended our partnerships with both Samsung and Türk Telekom in order to overcome some of these cybersecurity challenges. Together, we’re working to secure consumers from cyberthreats on Samsung Galaxy S10 smartphones and provide McAfee Safe Family protection for Türk Telekom’s fixed and mobile broadband customers.

While the likes of 5G, bendable smartphones, and VR took this year’s tradeshow by storm, it’s important for consumers to keep the cybersecurity implications of these advancements in mind. As the sun sets on our time here in Barcelona, we will keep working to safeguard every aspect of the consumer lifestyle so they can embrace improvements in mobile connectivity with confidence.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/feed/ 0
MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/#respond Tue, 19 Feb 2019 17:00:10 +0000 https://securingtomorrow.mcafee.com/?p=94185

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize […]

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

]]>

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize on a daily basis. However, as manufacturers continue to push out the latest technology to stay ahead of their competitors, device security isn’t always top-of-mind. As a result, the level of confidence consumers have in their devices is reduced. At McAfee, we understand that the notion of digital trust is imperative to the future of security as we adopt technologies shaped by the likes of 5G networks, the Internet of Things (IoT), artificial intelligence (AI), and big data. And as we head into Mobile World Congress 2019 (MWC), one can’t help but wonder, how will these advancements shape the future of mobile connectivity?

Almost every new device is built to connect, and as our 2019 Threats Predictions Report showed us, our dependence on technology is ubiquitous. Take your smartphone, for example. Everywhere you go, this minicomputer allows you to chat with your friends online, send emails, and look up new information with just the press of a button. Only upping the ante, 5G is set to roll out across the nation, bringing greater speed to handheld devices with more data and lower latency. These benefits will set the stage for more IoT devices, such as your smart refrigerator or smart plug, to connect to the network as well. The ability to control the temperature of your refrigerator from your smartphone is a pretty cool capability. But what happens if your smartphone gets hacked and a cybercriminal remotely disables your refrigerator? You may be left with a bigger problem than some spoiled food.

With all of your smart devices on the same 5G network, malicious actors can gain full access to the data that lives in your smart home technology through just your mobile phone. The increase in devices on the 5G network also increases the risk of Distributed Denial-of-service, or DDoS, attacks. These attacks are caused by cybercriminals flooding a network with so much traffic that it can’t operate or communicate as it normally would. And with more IoT devices operating on the 5G network, the consequences of such a cyberattack could be truly crippling. So, how can we continue to trust the devices we use on a daily basis despite the cybersecurity risks caused by greater connectivity?

Digital trust, or the level of confidence consumers have in their technology and mobile devices, is extremely delicate. And as our experiences with our devices become more and more personalized thanks to intelligent connectivity, it’s important to realize that it can’t be intelligent if there is no trust. That’s why consumers should embrace advancements in mobile technology but remember to keep cybersecurity practices at the forefront.

Whether you’re headed out to Barcelona for MWC 2019 or watching from afar, we here at McAfee are committed to helping you take the necessary precautions required in order to connect with confidence in a world where everything is built to connect.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/feed/ 0
How To Sidestep Popular Social Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/#respond Thu, 14 Feb 2019 22:28:16 +0000 https://securingtomorrow.mcafee.com/?p=94189

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you […]

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

]]>

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you know what to look out for.

Nosy Quizzes & Questionnaires

Quizzes circulating on Facebook, Twitter, and other social platforms may look like a fun way to win free stuff, but often they are phishing attacks in disguise. Many appear to be sponsored by big-name brands such as airlines and major retailers, offering free products or discount tickets if you just answer a few questions. The questions are designed to get you to reveal personal information that can be used to guess your passwords or security questions, such as your mother’s maiden name, or your hometown.

Creepy Crypto Scams 

While cryptocurrencies lost a lot of value over the last year, the same cannot be said for cryptocurrency scams. The majority of them center on distributing crypto mining malware, which allows hackers to access a person’s computer or device without their permission in order to mine for cryptocurrencies. In fact, these scams have been so prolific that at the end of 2018 McAfee reported that coin mining malware had grown more than 4000% in the previous year.

Many of these miners were distributed through phishing emails and websites, using “giveaway” scams on social media, or even via crypto mining chat groups on platforms such as Slack. Cybercrooks enter the chat rooms, pretending to be fellow miners, and encourage users to download malware disguised as “fixes” to crypto issues.

Romance & “Sextortion” Scams 

The meteoric rise of online dating has led to a similar increase in romance scams. These often involve bad actors preying on lonely people who are looking to connect. Scammers build up a sense of trust over online dating and social media platforms, before asking for money. They often claim the money is for an emergency, or a plane ticket to visit. This kind of manipulation works so well that the Better Business Bureau estimates that victims in the U.S. and Canada lost nearly $1 billion to romance scams between 2015 and 2018.

And while romance is one way to manipulate users, another driver is fear. This is certainly the case with the recent rise in so-called “sextortion” scams, which scare users into paying money to prevent incriminating pictures or videos of them from getting out. The bad guys claim that they obtained the embarrassing content by infecting the victim’s device with malware, and often send part of an old, leaked password as proof that they could have accessed their account.

Topical News Hooks

Whenever a major story sweeps the news, chances are the scammers are looking for ways to capitalize on it. This is exactly what happened during the recent U.S. government shutdown, which left 800,000 federal employees out of work for over a month. Since many of these workers were looking for extra income, job scams abounded. Some phony job ads asked workers to fill out detailed job application forms, in order to steal their Social Security numbers and other private information.

In another ruse, scammers sent out phony emails that appeared to be from the IRS, saying that the recipient could get a discount on their tax bills if they paid during the shutdown.

Tried-and-True Scams

Package Delivery— Phony package delivery emails usually spike around the holidays, but in the age of Amazon Prime delivery scams are circulating year-round. Be on the lookout for more recent Amazon scams that come in the form of a phishing email, asking you to review a product to get rewards. If you click on the link it could deliver malware, or even ransomware.

Tech Support— This is one of the oldest, but most persistent scams to date. Phishing websites and phony pop-up warnings that a computer or device is infected have led thousands of people to hand over personal and financial information to fix a problem they don’t really have.

Even though consumers have become savvier about these scams, a recent Microsoft survey found that 3 out of 5 people have been exposed to tech support scams over the last year.

So, now that you know what to look out for, here are our top tips for sidestepping the scammers:

  • Be careful where you click—Don’t open suspicious links and attachments, and never click on pop-up messages from an unknown source. If you get a suspicious login or payment request, go directly to the provider’s official website to see if the request is legitimate.
  • Know how to spot the fake—Phony messages or documents will often look like a simplified version of the real thing, with poor quality graphics, incorrect grammar and spelling, and a generic personal greeting.
  • Keep your personal information private—Avoid online quizzes, and never share personal or financial details with someone you don’t know in real life. Review your privacy and security settings on social sites to make sure that you aren’t leaking information.
  • Be a smart online shopper—Only buy from reputable websites, and steer away from deals that seem too good to be true. Be suspicious of unusual payment requests, such as buying gift cards or using virtual currency.
  • Become a password pro—Choose complex and unique passwords for all of your accounts. Consider using a password manager to help you create and store complicated passwords securely.
  • Protect your computers and devices—Use comprehensive security software that can safeguard you from the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/feed/ 0
How Online Gamers Can Play It Safe https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/#respond Fri, 08 Feb 2019 23:23:47 +0000 https://securingtomorrow.mcafee.com/?p=94146

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk. From malware and phishing scams, to phony […]

The post How Online Gamers Can Play It Safe appeared first on McAfee Blogs.

]]>

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk.

From malware and phishing scams, to phony game hacks, identity theft, and more, gamers of all stripes now face a minefield of obstacles online and in real life. So, if you’re going to play games, it’s best to play it safe.

Here’s what to look out for:

Dodgy Downloads

Gamers who play on their computer or mobile device need to watch out for dangerous links or malicious apps disguised as popular or “free” games. Hackers often use innocent-looking downloads to deliver viruses and spyware, or even sign you up for paid services, without your consent. In one prominent case, more than 2.6 million Android users downloaded fake Minecraft apps that allowed hackers to take control of their devices.

Researchers have even discovered a ransomware threat that targets gamers. TeslaCrypt was designed to encrypt game-play data until a ransom is paid. Originally distributed through a malicious website, it has since been circulating via spam.

And while it’s true that game consoles like PlayStation and Xbox aren’t as vulnerable to viruses, since they are closed systems, that doesn’t mean that their users don’t face other risks.

Social Scams

Players on any platform could wind up with malware, sent directly from other players via chat messages. Some scammers use social engineering tricks, like inviting other players to download “helpful” tools that turn out to be malware instead. When you consider that 62% of kids play games where they speak to others, the odds of a risky interaction with a stranger seems quite real.

Players of the Origin and Steam services, for instance, were targeted by hackers posing as other players, inviting them to play on their teams. Over chat message, they suggested the players download an “audio tool” that turned out to be a keystroke logger, aimed at stealing their access credentials for the game.

Other social scams include malicious YouTube videos or websites, offering game bonuses and currency, for free.

Another widespread social threat is account takeover, or ATO for short. This is when a scammer hacks a real account in order to post spammy links, and scam messages that appear to come from a trusted contact. Some accounts, for games like League of Legends, have even been stolen and sold online for money because they boasted a high level, or rare skins.

Phishing

Finally, be on the lookout for phishing websites, offering free games or bonuses, or phishy emails prompting you to login to your account, with a link leading to a copycat gaming site. Often, these are designed to steal your login credentials or distribute fake games that contain malware.

Players of the wildly popular Fortnite, for example, have been particularly targeted. The latest phishing scam is aimed at stealing the third-party sign-in tokens that allow cybercriminals to access a user’s account, and the payment details associated with it.

So now that you know about a little more about gaming threats, here’s how to win at playing it safe:

  1. Do Your Research—Before downloading any games from the Internet or app stores, make sure to read other users’ reviews first to see that they are safe. This also goes for sites that sell game hacks, credits, patches, or virtual assets typically used to gain rank within a game. Avoid illegal file-sharing sites and “free” downloads, since these are often peppered with malware. It’s always best to go for a safer, paid option from a reputable source.
  2. Play Undercover— Be very careful about sharing personal information, in both your profile information, and your chat messages. Private information, such as your full name, address, pet’s name, school, or work details, could be used to guess your account password clues, or even impersonate you. Consider playing under an alias.
  3. Be Suspicious—Since scammers use the social aspect of games to fool people, you need to keep your guard up when you receive messages from strangers, or even read reviews.
    Some YouTube and social media reviews are placed there to trick users into thinking that the game or asset is legitimate. Dig deep, and avoid looking for free hacks. Ask gamers you know in real life for recommendations that worked for them.
  4. Protect Yourself—Avoid using older versions of games, and make sure that games you do play are updated with patches and fixes. And if you think a gaming account may already have been compromised, change your passwords immediately to something unique and complex.Safeguard your computers and devices from known and emerging threats by investing in comprehensive security software, and keep yourself up-to-date on the latest scams.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1]According to The 2017 Year In Review Report by SuperData

The post How Online Gamers Can Play It Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/feed/ 0
Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/#respond Tue, 05 Feb 2019 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=94069

Integration: it seems to be all the rage. As technology becomes more sophisticated, we sprint to incorporate these new innovations into our everyday lives. But as we celebrate Safer Internet Day, one can’t help but wonder, is all integration good when it comes to information shared online? Major privacy concerns have been raised surrounding Facebook’s […]

The post Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety appeared first on McAfee Blogs.

]]>

Integration: it seems to be all the rage. As technology becomes more sophisticated, we sprint to incorporate these new innovations into our everyday lives. But as we celebrate Safer Internet Day, one can’t help but wonder, is all integration good when it comes to information shared online? Major privacy concerns have been raised surrounding Facebook’s recent plans to merge Messenger, WhatsApp, and Instagram. This integration will allow cross-messaging between the three platforms (which will all still operate as standalone apps), so users could talk to their Messenger-only friends without leaving WhatsApp.

While Facebook’s plans to merge the messaging platforms are not yet finalized, the company is in the process of rebuilding the underlying infrastructure so that users who might utilize only one of the apps will be able to communicate with others within the company’s ecosystem. Facebook plans to include end-to-end encryption for the apps, ensuring that only the participants of a conversation can view the messages being sent. By allowing each app to speak to one another across platforms, Facebook hopes users become more engaged and use this as their primary messaging service.

But Facebook’s messaging changes have greater implications for online safety as consumers become more protective of their data. For example, WhatsApp only requires a phone number to sign up for the app while Facebook asks users to verify their identities. Will this force more data to be shared with WhatsApp, or will its encryption become less secure? While nothing has been finalized, it’s important for users to think about how the information they share online could be affected by this merge.

Although the internet has paved the way for advancements in social media and technology in general, users need to make sure they’re aware of the potential risks involved. And while this merge hasn’t happened yet, Safer Internet Day helps remind us to make good choices when it comes to browsing online. Following these tips can help keep you and your data safe and secure:

  • Get selective about what you share. Although social media is a great way to keep your friends and family in the loop on your daily life, be conservative about the information you put on the internet. Additionally, be cautious of what you send through messaging platforms, especially when it comes to your personally identifiable information.
  • Update your privacy settings. To make sure that you’re sharing your status with just your intended audience, check your privacy settings. Choose which apps you wish to share your location with and turn your profiles to private if you don’t want all users to have access to your information.
  • Keep your apps up-to-date. Keeping your social media apps updated can prevent exposure to threats brought on by software bugs. Turn on automatic updates so you always have the latest security patches, and make sure that your security software is set to run regular scans.
  • Click with caution. Cybercriminals can leverage social media messaging to spread phishing links. Don’t interact with users or messages that seem suspicious and keep your guard up by blocking unfamiliar users who try to send you sketchy content.
  • Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help block malware and phishing sites if you accidentally click on a malicious link. This can help protect you from potential threats when you access your social channels from a desktop or laptop.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/feed/ 0
Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/#respond Fri, 01 Feb 2019 14:00:22 +0000 https://securingtomorrow.mcafee.com/?p=93991

Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a […]

The post Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure appeared first on McAfee Blogs.

]]>

Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a malicious website is attempting to trick users into handing over their McAfee activation keys and personally identifiable information (PII) data by disguising themselves as the official McAfee customer support website.

So how exactly does this cyberthreat work? First, malicious actors advertise the fake website on Twitter. If a user clicks on the ad, they are presented with a “Download McAfee” button. When the user clicks on the download button, they are redirected to a screen prompting them to enter their name, email address, contact number, and product activation key to proceed with the download. However, when the user clicks on the “Start Download” button, they are redirected to a screen stating that their download failed due to an unexpected error.

 

At this point, the site owner has received the user’s personal data, which they could exploit in a variety of ways. And while this scheme may seem tricky to spot, there are a number of ways users can defend themselves from similar scams:

  • Be vigilant when clicking on social media links. Although it may be tempting to click on advertisements on your social media feed, these ads could possibly house sketchy websites developed by cybercriminals. Use caution when interacting with social media ads.
  • Go straight to the source. If you come across an advertisement claiming to be from a company and the link asks for personal data, it’s best to go directly to the company’s website instead. Use the official McAfee customer support page if you require technical support or assistance with your McAfee product.
  • Use security software. A security solution like McAfee WebAdvisor can help you spot suspicious websites and protect you from accidentally clicking on malicious links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/feed/ 0
Apple Users: Here’s What to Do About the Major FaceTime Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/#respond Tue, 29 Jan 2019 19:05:31 +0000 https://securingtomorrow.mcafee.com/?p=93993

FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime […]

The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blogs.

]]>

FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime to hear the audio coming from the recipient’s phone, even before they’ve accepted or denied the call.

Let’s start with how the eavesdropping bug actually works. First, a user would have to start a FaceTime video call with an iPhone contact and while the call is dialing, they must swipe up from the bottom of the screen and tap “Add Person.” Then, they can add their own phone number to the “Add Person” screen. From there, the user can start a group FaceTime call between themselves and the original person dialed, even if that person hasn’t accepted the call. What’s more – if the user presses the volume up or down, the victim’s front-face camera is exposed too.

This bug acts as a reminder that these days your smartphone is just as data rich as your computer. So, as we adopt new technology into our everyday lives, we all must consider how these emerging technology trends could create security risks if we don’t take steps to protect our data.

Therefore, it’s crucial all iOS users that are running iOS 12.1 or later take the right steps now to protect their device and their data. If you’re an Apple user affected by this bug, be sure to follow these helpful security steps:

  • Update, update, update. Speaking of fixes – patches for bugs are included in software updates that come from the provider. Therefore, make sure you always update your device as soon as one is available. Apple has already confirmed that a fix is underway as we speak.
  • Be sure to disable FaceTime in iOS settings now. Until this bug is fixed, it is best to just disable the feature entirely to be sure no one is listening in on you. When a fix does emerge from Apple, you can look into enabling the service again.
  • Apply additional security to your phone. Though the bug will hopefully be patched within the next software update, it doesn’t hurt to always cover your device with an extra layer of security. To protect your phone from any additional mobile threats coming its way, be sure to use a security solution such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/feed/ 0
Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/#respond Mon, 28 Jan 2019 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=93934

It’s 2019 and technology is becoming more sophisticated and prevalent than ever. With more technology comes greater connectivity. In fact, by 2020, there will be more than 20 billion internet-connected devices around the world. This equates to more than four devices per person. As we adopt new technology into our everyday lives, it’s important to consider […]

The post Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy appeared first on McAfee Blogs.

]]>

It’s 2019 and technology is becoming more sophisticated and prevalent than ever. With more technology comes greater connectivity. In fact, by 2020, there will be more than 20 billion internet-connected devices around the world. This equates to more than four devices per person. As we adopt new technology into our everyday lives, it’s important to consider how this emerging technology could lead to greater privacy risks if we don’t take steps to protect our data. That’s why the National Cyber Security Alliance (NCSA) started Data Privacy Day to help create awareness surrounding the importance of recognizing our digital footprints and safeguarding our data. To further investigate the impact of these footprints, let’s take a look at how we perceive the way data is shared and whose responsibility it is to keep our information safe.

The Impact of Social Media

Most of us interact with multiple social media platforms every day. And while social media is a great way to update your friends and family on your daily life, we often forget that these platforms also allow people we don’t really know to glimpse into our personal lives. For example, 82% of online stalkers use social media to find out information about potential victims, such as where they live or where they go to school. In other words, social media could expose your personal information to users beyond your intended audience.

Certain social media trends also bring up issues of privacy in the world of evolving technology. Take Facebook’s 10-year challenge, a recent viral trend encouraging users to post a side-by-side image of their profile pictures from 2009 and 2019. As WIRED reporter Katie O’Neill points out, the images offered in this trending challenge could potentially be used to train facial recognition software for age progression and age recognition. While the potential of this technology is mostly mundane, there is still a risk that this information could be used inequitably.

How to Approach Requests for Personal Data

Whether we’re using social media or other online resources, we all need to be aware of what personal data we’re offering out and consider the consequences of providing the information. While there are some instances where we can’t avoid sharing our personal data, such as for a government document or legal form, there are other areas where we can stand to be a little more conservative with the data that we divulge. For example, many of us have more than just our close family and friends on our social networks. So, if you’re sharing your location on your latest post, every single person who follows you has access to this information. The same goes for those online personality quizzes. While they may be entertaining, they put an unnecessary amount of your personal information out in the open. This is why it’s crucial to be thoughtful of how your data is collected and stored.

So, what steps can you take to better protect your online privacy? Check out the following tips to help safeguard your data:

  • Think before you post. Before tagging your friends on Instagram, sharing your location on Facebook, or enabling facial recognition, consider what this information reveals and how it could be used by a third-party.
  • Set privacy and security settings. If you don’t want the entire World Wide Web to be able to access your social media, turn your profiles to private. You can also go to your device settings and choose which apps or browsers you want to share your location with and which ones you don’t.
  • Enable two-factor authentication. In the chance your data does become exposed, a strong, unique password can help prevent your accounts from being hacked. Furthermore, you can implement two-factor authentication to stay secure. This will help strengthen your online accounts with a unique, one-time code required to log in and access your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/feed/ 0
The Collection #1 Data Breach: Insights and Tips on This Cyberthreat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/#respond Fri, 18 Jan 2019 21:06:22 +0000 https://securingtomorrow.mcafee.com/?p=93887

As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the […]

The post The Collection #1 Data Breach: Insights and Tips on This Cyberthreat appeared first on McAfee Blogs.

]]>

As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the Equifax data breach, a new monster breach now has to become top of mind for us all. Say hello to Collection #1, a data set exposing 772,904,991 unique email addresses and over 21 million unique passwords.

Discovered by security researcher Troy Hunt, Collection #1 first appeared on the popular cloud service called MEGA. The Collection #1 folder held over 12,000 files that weigh in at over 87 gigabytes. When the storage site was taken down, the folder was then transferred to a public hacking site. What’s truly astonishing about this is that the data was not for sale; it was simply available for anyone to take.

You may be wondering, how was all this data collected? It appears that this data was comprised of a breach of breaches, aggregating over 2,000 leaked databases containing cracked passwords, in order to achieve maximum exposure. The sheer volume of this breach makes Collection #1 the second largest in size to Yahoo, and the largest public breach ever (given the data was openly exposed on the internet).

It appears that this data set is designed for use in credential-stuffing attacks, where cybercriminals will use email and password combinations to hack into consumers’ online accounts. The risks could be even greater for those who reuse credentials across multiple accounts. In order to help protect yourself from this threat, it’s vital that users act fast and use the following tips to help protect their data:

  • Use strong, unique passwords. In addition to making sure all of your passwords are strong and unique, never reuse passwords across multiple accounts. You can also enable a password manager to help keep track of your credentials.
  • Change your passwords. Even if it doesn’t appear that your data was breached, it’s better to err on the side of caution and change all of your passwords to better protect yourself.
  • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Collection #1 Data Breach: Insights and Tips on This Cyberthreat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/feed/ 0
Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/#respond Fri, 18 Jan 2019 01:00:35 +0000 https://securingtomorrow.mcafee.com/?p=93861

Epic Games’ Fortnite has risen in popularity rapidly since its debut, and cybercriminals have leveraged that popularity to enact a handful of malicious schemes. Unfortunately, these tricks are showing no signs of slowing, as researchers recently discovered a security flaw that allowed cybercriminals to take over a gamer’s Fortnite account through a malicious link. This attack specifically […]

The post Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts appeared first on McAfee Blogs.

]]>

Epic Games’ Fortnite has risen in popularity rapidly since its debut, and cybercriminals have leveraged that popularity to enact a handful of malicious schemes. Unfortunately, these tricks are showing no signs of slowing, as researchers recently discovered a security flaw that allowed cybercriminals to take over a gamer’s Fortnite account through a malicious link. This attack specifically targeted users who used a third-party website to log in to their Fortnite accounts, such as Facebook, Google, or gaming providers like Microsoft, Nintendo, and Sony. But instead of trying to steal a gamer’s password like many of the hacks we’ve seen, this scheme targeted the special access token the third-party website exchanges with the game when a user logs in.

So, how exactly does this threat work? First, a cybercriminal sends a malicious phishing link to a Fortnite user. To increase the likelihood that a user will click on the link, the cybercriminal would send the link with an enticing message promising perks like free game credits. If the user clicked on the link, they would be redirected to the vulnerable login page. From here, Epic Games would make the request for the SSO (single sign-on) token from the third-party site, given SSO allows a user to leverage one set of login credentials across multiple accounts. This authentication token is usually sent to Fortnite over the back-end, removing the need for the user to remember a password to access the game. However, due to the unsecured login page, the user would be redirected to the attacker’s URL. This allows cybercriminals to intercept the user’s login token and take over their Fortnite account.

After acquiring a login token, a cybercriminal would gain access to a Fortnite user’s personal and financial details. Because Fortnite accounts have partial payment card numbers tied to them, a cybercriminal would be able to make in-game purchases and rack up a slew of charges on the victim’s card.

It’s important for players to understand the realities of gaming security in order to be more prepared for potential cyberthreats such as the Fortnite hack. According to McAfee research, the average gamer has experienced almost five cyberattacks, with 75% of PC gamers worried about the security of gaming. And while Epic Games has thankfully fixed this security flaw, there are a number of techniques players can use to help safeguard their gaming security now and in the future:

  • Go straight to the source70% of breaches start with a phishing email. And phishing scams can be stopped by simply avoiding the email and going straight to the source to be sure you’re working with the real deal. In the case of this particular scheme, you should be able to check your account status on the Fortnite website and determine the legitimacy of the request from there.
  • Use a strong, unique password. If you think your Fortnite account was hacked, err on the side of caution by updating your login credentials. In addition, don’t reuse passwords over multiple accounts. Reusing passwords could allow a cybercriminal to access multiple of your accounts by just hacking into one of them.
  • Stay on top of your financial transactions. Check your bank statements regularly to monitor the activity of the card linked to your Fortnite account. If you see repeat or multiple transactions from your account, or see charges that you don’t recognize, alert your bank to ensure that your funds are protected.
  • Get protection specifically designed for gamers. We’re currently building McAfee Gamer Security to help boost your PC’s performance, while simultaneously safeguarding you from a variety of threats that can disrupt your gaming experience.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/feed/ 0
Children’s Charity or CryptoMix? Details on This Ransomware Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/#respond Wed, 16 Jan 2019 01:22:34 +0000 https://securingtomorrow.mcafee.com/?p=93839

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making […]

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making a donation instead of a ransom payment. While CryptoMix has used this guise in the past, they’ve recently upped the ante by using legitimate information from crowdfunding pages for sick children to further disguise this scheme.

So, how does CryptoMix trick users into making ransom payments? First, the victim receives a ransom note containing multiple email addresses to contact for payment instructions. When the victim contacts one of the email addresses, the “Worldwide Children Charity Community” responds with a message containing the profile of a sick child and a link to the One Time Secret site. This website service allows users to share a post that can only be read once before it’s deleted. CryptoMix’s developers use One Time Secret to distribute payment instructions to the victim and explain how their contribution will be used to provide medical help to sick children. The message claims that the victim’s data will be restored, and their system will be protected from future attacks as soon as the ransom is paid. In order to encourage the victim to act quickly, the note also warns that the ransom price could double in the next 24 hours.

After the victim makes the payment, the ransomware developers send the victim a link to the decryptor. However, they continue to pretend they are an actual charity, thanking the victim for their contribution and ensuring that a sick child will soon receive medical help.

CryptoMix’s scam tactics show how ransomware developers are evolving their techniques to ensure they make a profit. As ransomware threats become stealthier and more sophisticated, it’s important for users to educate themselves on the best techniques to combat these threats. Check out the following tips to help keep your data safe from ransomware:

  • Back up your data. In order to avoid losing access to your important files, make copies of them on an external hard drive or in the cloud. In the event of a ransomware attack, you will be able to wipe your computer or device and reinstall your files from the backup. Backups can’t always prevent ransomware, but they can help mitigate the risks.
  • Never pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments.
  • Use security software. Adding an extra layer of security with a solution such as McAfee Total Protection, which includes Ransom Guard, can help protect your devices from these types of cyberthreats.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/feed/ 0
That’s a Wrap! Read the Top Technology Takeaways From CES 2019 https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/#respond Sat, 12 Jan 2019 00:16:11 +0000 https://securingtomorrow.mcafee.com/?p=93785

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not […]

The post That’s a Wrap! Read the Top Technology Takeaways From CES 2019 appeared first on McAfee Blogs.

]]>

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not disappoint. Here are some of my main takeaways from the event:

5G is the future

It seems that anyone and everyone who attended the event was talking about 5G. However, there wasn’t exactly a definitive answer to when the service would be available to consumers. According to Forbes, 5G is an abbreviation that stands for the fifth generation of the cellular wireless transmission. And while many companies at CES discussed 5G, the number of products that are actually capable of tapping into the network is minimal. This doesn’t mean we shouldn’t get excited about 5G. The faster connection, speed, and responsiveness of the 5G network will help enable IoT, autonomous driving, and technology that hasn’t even been invented yet.

Gaming gets an upgrade

Gamers everywhere are sure to enjoy the exciting new gadgets that launched this year. From wireless charging grips for the Nintendo Switch to curved monitors for better peripheral vision, tech companies across the board seemed to be creating products to better the gaming experience. In addition to products that are enhancing gamer’s capabilities, we also saw gaming products that are bringing the digital world closer to reality. For example, Holoride partnered with Disney and Audi to create a Guardians of the Galaxy virtual reality (VR) experience for car passengers that mimics the movements of the vehicle.

Optimized IoT devices, AI-driven assistants

This year’s event was colored with tons of new smart home and health IoT technology. Although smart home technology made a big splash at last year’s show, CES 2019 focused on bringing more integrated smart home products to consumers. For example, the AtmosControl touch panel acts as a simplified universal remote so consumers can control all of their gadgets from a single interface. We also saw the Bowflex Intelligent Max, a platform that allows consumers to download an app to complete Bowflex’s fitness assessment and adjust their workout plan based on the results.

Voice assistants seemed to dominate this year’s show, as well. Google and Amazon upped the ante with their use of improved AI technology for the Google Assistant and Amazon Alexa. Not only has Google brought Google Assistant to Google Maps, but they’ve also created a Google Assistant Interpreter Mode that works in more than 20 languages. Not to be shown up, Amazon announced some pretty intriguing Alexa-enabled products as well, including the Ring Door View Cam, a smart shower system called U by Moen, and the Numi 2.0 Intelligent Toilet.

The takeoff of autonomous vehicles

Not only did AI guide new innovations in IoT device technology, but it also paved the way for some futuristic upgrades to vehicles. Mercedes showcased their self-driving car called the Vision Urbanetic, an AI-powered concept vehicle that can hold up to 12 people. BMW created a rider-less motorcycle designed to gather data on how to make motorcycles safer on the road. And we can’t forget about Uber’s futuristic flying taxi, created in partnership with Bell Nexus, and expected to take flight in 2020.

Cybersecurity’s role in the evolving technological landscape

At McAfee, we understand the importance of securing all of these newfangled IoT gadgets that make their way into consumers’ homes. To do this, we announced the launch of Secure Home Platform voice commands for the Google Assistant, allowing users to keep track of their entire network through one interface.

To reflect the upgrades in gaming technology, we also launched the beta mode of McAfee Gamer Security. Many antivirus solutions are notorious for slowing down PCs, which can really hinder the gaming experience. This security solution, designed for PC gamers, provides a light but mighty layer of protection that optimizes users’ computing resources.

If there’s one thing we took away from this year’s event, it’s that technological innovations won’t be slowing down any time soon. With all of these new advancements and greater connectivity comes the need for increased cybersecurity protection. All in all, CES 2019 showed us that as software and hardware continues to improve and develop, cybersecurity will also adapt to the needs of everyday consumers.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post That’s a Wrap! Read the Top Technology Takeaways From CES 2019 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/feed/ 0
Level Up Your Cybersecurity: Insights from Our Gaming Survey https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/#respond Wed, 02 Jan 2019 05:30:20 +0000 https://securingtomorrow.mcafee.com/?p=93063

Online gaming has seen a rise in popularity over the years. Many people see it as a way to unwind from a stressful day or complete new challenges. However, just like any other internet-connected channel, online gaming can expose users to a variety of cybersecurity risks. So, to examine the relationship between cybersecurity and gaming, […]

The post Level Up Your Cybersecurity: Insights from Our Gaming Survey appeared first on McAfee Blogs.

]]>

Online gaming has seen a rise in popularity over the years. Many people see it as a way to unwind from a stressful day or complete new challenges. However, just like any other internet-connected channel, online gaming can expose users to a variety of cybersecurity risks. So, to examine the relationship between cybersecurity and gaming, we decided to survey 1,000 U.S. residents ages 18 and over who are frequent gamers. *

Time to Upgrade Your Online Safety

Of those surveyed, 75% of PC gamers chose security as the element that most concerned them about the future of gaming. This makes sense since 64% of our respondents either have or know someone who has been directly affected by a cyberattack. And while 83% of the gamers do use an antivirus software to protect their PCs, we found that gamers still participate in risky online behavior.

Poor Habits Could Mean Game Over for Your Cybersecurity

So, what does this risky behavior look like, exactly? The following sums it up pretty well:

  • 55% of gamers reuse passwords for multiple online accounts, leading to greater risk if their password is cracked.
  • 36% of respondents rely on incognito mode or private browsing to keep their PC safe.
  • 41% read the privacy policies associated with games, though this technique won’t help to keep their device secure.

With these lax habits in place, it’s not hard to believe that 38% of our respondents experienced at least one malicious attack on their PC. And while 92% installed an antivirus software after experiencing a cyberattack, it’s important for gamers to take action against potential threats before they occur.

Level Up Your Gaming Security

Now the question is – what do these gamers need to do to stay safe while they play? Start by following these tips:

  • Do not reuse passwords. Reusing passwords makes it easier for hackers to access more than one of your accounts if they crack one of your logins. Prevent this by using unique login credentials for all of your accounts.
  • Click with caution. Avoid interacting with messages from players you don’t know and don’t click on suspicious links. Cybercriminals can use phishing emails to send gamers malicious files and links that can infect their device with malware.
  • Use a security solution. Using a security service to safeguard your devices can help protect you from a variety of threats that can disrupt your gaming experience. Look out for our newest product McAfee Gamer Security, which we launched just in time for CES 2019. Although this product is still in beta mode, it could be used to combat cyberthreats while optimizing your computing resources.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

*Survey respondents played video games at least four times a month and spent at least $200 annually on gaming.

The post Level Up Your Cybersecurity: Insights from Our Gaming Survey appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/feed/ 0
Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/#respond Sat, 22 Dec 2018 01:35:46 +0000 https://securingtomorrow.mcafee.com/?p=93358

As the Internet of Things works its way into almost every facet of our daily lives, it becomes more important to safeguard the IoT devices we bring into our homes. One device that has become increasingly popular among consumers is the drone. These remote-controlled quadcopters have enhanced the work of photographers and given technology buffs […]

The post Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat appeared first on McAfee Blogs.

]]>

As the Internet of Things works its way into almost every facet of our daily lives, it becomes more important to safeguard the IoT devices we bring into our homes. One device that has become increasingly popular among consumers is the drone. These remote-controlled quadcopters have enhanced the work of photographers and given technology buffs a new hobby, but what happens when these flying robots cause a safety hazard for others? That’s exactly what happened at the Gatwick airport on Wednesday night and again today when two drones were spotted flying over the airfield, causing all departing flights to remain grounded and all arriving flights to be diverted to other airports.

The drones were spotted flying over the Gatwick airport’s perimeter fence into the area where the runway operates from. This disruption affected 10,000 passengers on Wednesday night, 110,000 passengers on Thursday, and 760 flights expected to arrive and depart on Thursday. More than 20 police units were recruited to find the drone’s operator so the device could be disabled. The airport closure resulted in 31.9 hours with no planes taking off or landing between Wednesday and Thursday.

You might be wondering, how could two drones cause an entire airport to shut down for so long? It turns out that drones can cause serious damage to an aircraft. Evidence suggests that drones could inflict more damage than a bird collision and that the lithium-ion batteries that power drones could become lodged in airframes, potentially starting a fire. And while the probability of a collision is small, a drone could still be drawn into an aircraft turbine, putting everyone on board at risk. This is why it’s illegal to fly a drone within one kilometer of an airport or airfield boundary. What’s more, endangering the safety of an aircraft is a criminal offense that could result in a five-year prison sentence.

Now, this is a lesson for all drone owners everywhere to be cognizant of where they fly their devices. But beyond the physical implications that are associated with these devices, there are digital ones too — given they’re internet-connected. In fact, to learn about how vulnerable these devices can be, you can give our latest episode of “Hackable?” a listen, which explores the physical and digital implications of compromised drones,

Therefore, if you get a drone for Christmas this year, remember to follow these cybersecurity tips to ensure you protect them on the digital front.

  • Do your research. There are multiple online communities that disclose bugs and potential vulnerabilities as well as new security patches for different types of drones. Make sure you stay informed to help you avoid potential hacks.
  • Update, update, update! Just as it’s important to update your apps and mobile devices, it’s also important to update the firmware and software for your drone. Always verify the latest updates with your drone manufacturer’s website to make sure it is legitimate.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/feed/ 0
Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/#respond Fri, 21 Dec 2018 19:00:39 +0000 https://securingtomorrow.mcafee.com/?p=93346

With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is […]

The post Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat appeared first on McAfee Blogs.

]]>

With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is actually a stealthy phishing email, which has been circulating the internet, prompting users to click on a link if the transaction was unauthorized.

So how exactly does this phishing campaign work? In this case, the cybercriminals rely on the victim to be thrown off by the email stating that they purchased an app when they know that they didn’t. When the user clicks on the link in the receipt stating that the transaction was unauthorized, they are redirected to a page that looks almost identical to Apple’s legitimate Apple Account management portal. The user is prompted to enter their login credentials, only to receive a message claiming that their account has been locked for security reasons. If the user attempts to unlock their account, they are directed to a page prompting them to fill out personal details including their name, date of birth, and social security number for “account verification.”

Once the victim enters their personal and financial information, they are directed to a temporary page stating that they have been logged out to restore access to their account. The user is then directed to the legitimate Apple ID account management site, stating “this session was timed out for your security,” which only helps this attack seem extra convincing. The victim is led to believe that this process was completely normal, while the cybercriminals now have enough information to perform complete identity theft.

Although this attack does have some sneaky behaviors, there are a number of steps users can take to protect themselves from phishing scams like this one:

  • Be wary of suspicious emails. If you receive an email from an unknown source or notice that the “from” address itself seems peculiar, avoid interacting with the message altogether.
  • Go directly to the source. Be skeptical of emails claiming to be from companies asking to confirm a purchase that you don’t recognize. Instead of clicking on a link within the email, it’s best to go straight to the company’s website to check the status of your account or contact customer service.
  • Use a comprehensive security solution. It can be difficult to determine if a website, link, or file is risky or contains malicious content. Add an extra layer of security with a product like McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/feed/ 0
The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/#respond Thu, 20 Dec 2018 00:39:12 +0000 https://securingtomorrow.mcafee.com/?p=93318

Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have a world of possibilities at our fingertips. But what happens when the bad guys take advantage of our reliance on mobile and IoT technology to threaten our cybersecurity? According to the latest McAfee Labs Threats […]

The post The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite appeared first on McAfee Blogs.

]]>

Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have a world of possibilities at our fingertips. But what happens when the bad guys take advantage of our reliance on mobile and IoT technology to threaten our cybersecurity? According to the latest McAfee Labs Threats Report, cybercriminals are leveraging fake apps and banking trojans to access users’ personal and financial information. In fact, our researchers saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices during the last quarter. Let’s take a look at how these cyberthreats gained traction over the past few months.

While new mobile malware declined by 24% in Q3, our researchers did notice some unusual threats fueled by fake apps. Back in June, we observed a scam where crooks released YouTube videos with fake links disguised as leaked versions of Fortnite’s Android app. If a user clicked on the link to download this phony app, they would be asked to provide mobile verification. This verification process would prompt them to download app after app, putting money right in the cybercriminals’ pockets for increased app downloads.

Another fake app scheme that caught the attention of our researchers was Android/TimpDoor. This SMS phishing campaign tricked users into clicking on a link sent to them via text. The link would direct them to a fabricated web page urging them to download a fake voice messaging app. Once the victim downloaded the fake app, the malware would begin to collect the user’s device information. Android/TimpDoor would then be able to let cybercriminals use the victim’s device to access their home network.

Our researchers also observed some peculiar behavior among banking trojans, a type of malware that disguises itself as a genuine app or software to obtain a user’s banking credentials. In Q3, cybercriminals employed uncommon file types to carry out spam email campaigns, accounting for nearly 500,000 emails sent worldwide. These malicious phishing campaigns used phrases such as “please confirm” or “payment” in the subject line to manipulate users into thinking the emails were of high importance. If a user clicked on the message, the banking malware would be able to bypass the email protection system and infect the device. Banking trojans were also found using two-factor operations in web injects, or packages that can remove web page elements and prevent a user from seeing a security alert. Because these web injects removed the need for two-factor authentication, cybercriminals could easily access a victim’s banking credentials from right under their noses.

But don’t worry – there’s good news. By reflecting on the evolving landscape of cybersecurity, we can better prepare ourselves for potential threats. Therefore, to prepare your devices for schemes such as these, follow these tips:

  • Go directly to the source. Websites like YouTube are often prone to links for fake websites and apps so criminals can make money off of downloads. Avoid falling victim to these frauds and only download software straight from a company’s home page.
  • Click with caution. Only click on links in text messages that are from trusted sources. If you receive a text message from an unknown sender, stay cautious and avoid interacting with the message.
  • Use comprehensive security. Whether you’re using a mobile banking app on your phone or browsing the internet on your desktop, it’s important to safeguard all of your devices with an extra layer of security. Use a robust security software like McAfee Total Protection so you can connect with confidence.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Homeon Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/feed/ 0
How to Stay Secure from the Latest Volkswagen Giveaway Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/#respond Thu, 13 Dec 2018 20:46:19 +0000 https://securingtomorrow.mcafee.com/?p=93089

You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the company will be giving away 20 free vehicles before the end of the year. If you think you’re about to win a new car, think again. This is likely a fake Volkswagen phishing scam, which […]

The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blogs.

]]>

You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the company will be giving away 20 free vehicles before the end of the year. If you think you’re about to win a new car, think again. This is likely a fake Volkswagen phishing scam, which has been circulating social media channels like WhatsApp and Facebook, enticing hopeful users looking to acquire a new ride.

This fake Volkswagen campaign works differently than your typical phishing scam. The targeted user receives the message via WhatsApp or Facebook and is prompted to click on the link to participate in the contest. But instead of attempting to collect personal or financial information, the link simply redirects the victim to what appears to be a standard campaign site in Portuguese. When the victim clicks the buttons on the website, they are redirected to a third-party advertising site asking them to share the contest link with 20 of their friends. The scam authors, under the guise of being associated with Volkswagen, promise to contact the victims via Facebook once this task is completed.

As of now, we haven’t seen indicators that participants have been infected by malicious software or had any personal information stolen as a result of this scam. But because the campaign link redirects users to ad servers, the scam authors are able to maximize revenue for the advertising network. This encourages malicious third-party advertisers to continue these schemes in order to make a profit.

The holidays in particular are a convenient time for cybercriminals to create more scams like this one, as users look to social media for online shopping inspiration. Because schemes such as this could potentially be profitable for cybercriminals, it is unlikely that phishing scams spread via social media will let up. Luckily, we’ve outlined the following tips to help dodge fake online giveaways:

  • Avoid interacting with suspicious messages. If you receive a message from a company asking you to enter a contest or share a certain link, it is safe to assume that the sender is not from the actual company. Err on the side of caution and don’t respond to the message. If you want to see if a company is actually having a sale, it is best to just go directly to their official site to get more information.
  • Be careful what you click on. If you receive a message in an unfamiliar language, one that contains typos, or one that makes claims that seem too good to be true, avoid clicking on any attached links.
  • Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help safeguard you from malware and warn you of phishing attempts so you can connect with confidence.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/feed/ 0
How To Tell If Your Smartphone Has Been Hacked https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/#respond Mon, 10 Dec 2018 17:00:19 +0000 https://securingtomorrow.mcafee.com/?p=92956

Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it. […]

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>

Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it.

Given that our smartphones have become our new wallets, containing a treasure trove of personal and financial information, a breach can leave you at serious risk.

The intruder could log in to your accounts as you, spam your contacts with phishing attacks, or rack up expensive long-distance charges. They could also access any passwords saved on your phone, potentially opening the door to sensitive financial accounts. That’s why it’s important to be able to recognize when your smartphone has been hacked, especially since some of the signs can be subtle.

Here are some helpful clues:

Performance Differences

Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? What about your data plan? Are you exceeding your normal limits? These are all signs that you have malware running in the background, zapping your phone’s resources.

You may have downloaded a bad app, or clicked on a dangerous link in a text message. And malware, like Bitcoin miners, can strain computing power, sometimes causing the phone to heat up, even when you aren’t using it.

Mystery Apps or Data

If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, a hacker is probably in your system. They may be using your device to send premium rate calls or messages, or to spread malware to your contacts.

Pop-ups or Strange Screen Savers

Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.

What To Do

If any of these scenarios sound familiar, it’s time to take action. Start by deleting any apps or games you didn’t download, erasing risky messages, and running mobile security software, if you have it. Warn your contacts that your phone has been compromised, and to ignore any suspicious links or messages coming from you.

If the problem still doesn’t go away, consider restoring your phone to its original settings. Search online for instructions for your particular phone and operating system to learn how.

Now, let’s look at how to avoid getting hacked in the first place.

Secure Smartphone Tips

1. Use mobile security software—These days your smartphone is just as data rich as your computer. Make sure to protect your critical information, and your privacy, by using comprehensive mobile security software that not only protects you from online threats, but offers anti-theft and privacy protection.

2. Lock your device & don’t store passwords—Make sure that you are using a passcode or facial ID to lock your device when you’re not using it. This way, if you lose your phone it will be more difficult for a stranger to access your information.

Also, remember not to save password or login information for banking apps and other sensitive accounts. You don’t want a hacker to be able to automatically login as you if they do gain access to your device.

3. Avoid using public Wi-Fi—Free Wi-Fi networks, like those offered in hotels and airports, are often unsecured. This makes it easy for a hacker to potentially see the information you are sending over the network. Also, be wary of using public charging stations, unless you choose a “charging only” cable that cannot access your data.

 4. Never leave your device unattended in public—While many threats exist online, you still have to be aware of real-world threats, like someone grabbing your device when you’re not looking. Keep your smartphone on you, or within view, while in public.

If you have a “phone visibility” option, turn it off. This setting allows nearby devices to see your phone and exchange data with it.

5. Stay aware—New mobile threats are emerging all the time. Keep up on the latest scams and warning signs, so you know what to look out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/feed/ 0
Attention Red Dead Redemption 2 Players: Dodge This New Download Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/#respond Thu, 06 Dec 2018 17:00:58 +0000 https://securingtomorrow.mcafee.com/?p=92879

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a […]

The post Attention Red Dead Redemption 2 Players: Dodge This New Download Scam appeared first on McAfee Blogs.

]]>

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a profit on these downloads.

You’re probably wondering how exactly this scam works. It first begins with cybercriminals planting their phony download traps in ads on platforms like YouTube, Twitter, and blog postings. With other, less sophisticated scams, a user would be prompted to install several bundled applications at this point, each one generating revenue for the scammer. But this scheme works a little bit differently. When the user clicks on the “download” button, they are presented with a fake install screen showing the progression of the game’s download process.  The fake install takes about an hour to complete, further giving the illusion that a large file is actually being downloaded on the user’s device.

Once the fake installation is complete, the user is asked to enter a nonexistent license key (a pattern of numbers and/or letters provided to licensed users of a software program). If a user clicks on one of the buttons on this screen, they are redirected to a website asking for human verification in the form of surveys and questionnaires. These surveys trick the user into divulging their personal information for the cybercriminal’s disposal. What’s more, the scammer earns revenue for their malicious acts.

Because this scheme tricks users into handing over their personal information, it affects a victim’s overall privacy. Luckily, there are steps users can take to combat this threat:

  • Browse with caution. Many scammers target gamers through popular websites like YouTube and Twitter to push out malicious content. Use discretion when browsing these websites.
  • Only download content from trusted sources. If you come across a download offer that seems too good to be true, it probably is. Only download software from legitimate sources and avoid sites if you can’t tell whether they are trustworthy or not.
  • Use security software to browse the internet. Sometimes, it can be hard to distinguish whether a site is malicious or not. Security solutions like McAfee WebAdvisor can detect the URLs and scam installers associated with this threat.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Red Dead Redemption 2 Players: Dodge This New Download Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/feed/ 0
Software Company WakeNet AB Discovered Spreading PUPs to Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/#respond Tue, 04 Dec 2018 05:01:48 +0000 https://securingtomorrow.mcafee.com/?p=92891

Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, […]

The post Software Company WakeNet AB Discovered Spreading PUPs to Users appeared first on McAfee Blogs.

]]>

Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, as they recently investigated a company that has taken advantage of this software and is using deceptive techniques to spread malicious files. Meet WakeNet AB, a Swedish pay-per-install software developer that has generated a large amount of revenue – even more so than some of the most prevalent ransomware families – from spreading PUPs (potentially unwanted programs).

So, how does WakeNet AB infect users’ devices with PUPs? WakeNet sets up PPI sites to entice affiliate hackers to spread malicious files and adware. WakeNet’s most recent distribution vessel is the site FileCapital. FileCapital provides affiliate hackers with a variety of “marketing tools” such as embedded movies, landing pages, banners, and buttons. These deceptive tools are intended to coax victims into installing bundled applications that house different PUPs. Victims may install these applications because they are disguised as legitimate programs. For example, a user may think they are installing a helpful performance cleaner onto their computer. What they don’t know is that the “performance cleaner” is actually disguising other malicious files that could lead to irritating adverts and decreased computer performance.

As of now, it seems unlikely that PUP development will slow since it helps their distributors earn a considerable amount of money. With that said, it’s important now more than ever for users to be aware of the security risks involved with PUPs like the ones spread by WakeNet’s FileCapital. Check out the following tips to better protect yourself from this threat:

  • Click with caution. Be wary of pop-ups and websites asking you to click on items like movie playbacks and other software downloads. These items could infect your device with annoying adverts and malware.
  • Only download software from trusted sources. If you receive a pop-up asking you to update or install software, be vigilant. Adware and PUPs are often disguised as legitimate sites or software companies. Your best bet is to play it safe and go directly to the source when updating or installing new software.
  • Use a robust security software. Using a security solution like McAfee Total Protection could help protect your device from exposure to PUPs that have been spread by WakeNet’s FileCapital. McAfee Total Protection blocks auto-play videos on websites that decrease computer performance and warns you of risky websites and links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Software Company WakeNet AB Discovered Spreading PUPs to Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/feed/ 0
What To Do When Your Social Media Account Gets Hacked https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/#respond Mon, 03 Dec 2018 17:00:15 +0000 https://securingtomorrow.mcafee.com/?p=92869

You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account has been hacked. What do you do? This is a timely question […]

The post What To Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.

]]>

You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account has been hacked. What do you do?

This is a timely question considering that social media breaches have been on the rise. A recent survey revealed that 22%of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once. And, earlier this year Facebook itself got hacked, exposing the identity information of 50 million users.

Your first move—and a crucial one—is to change your password right away, and notify your connections that your account has been hacked. This way your friends know not to click on any suspicious posts or messages that appear to be coming from you because they might contain malware or phishing attempts. But that’s not all. There may be other, hidden threats to having your social media account hacked.

The risks associated with a hacker poking around your social media have a lot to do with how much personal information you share. Does your account include personal information that could be used to steal your identity, or guess your security questions on other accounts?

These could include your date of birth, address, hometown, or names of family members and pets. Just remember, even if you keep your profile locked down with strong privacy settings, once the hacker logs in as you, everything you have posted is up for grabs.

You should also consider whether the password for the compromised account is being used on any of your other accounts, because if so, you should change those as well. A clever hacker could easily try your email address and known password on a variety of sites to see if they can log in as you, including on banking sites.

Next, you have to address the fact that your account could have been used to spread scams or malware. Hackers often infect accounts so they can profit off clicks using adware, or steal even more valuable information from you and your contacts.

You may have already seen the scam for “discount Ray-Ban” sunglasses that plagued Facebook a couple of years ago, and recently took over Instagram. This piece of malware posts phony ads to the infected user’s account, and then tags their friends in the post. Because the posts appear in a trusted friend’s feed, users are often tricked into clicking on it, which in turn compromises their own account.

So, in addition to warning your contacts not to click on suspicious messages that may have been sent using your account, you should flag the messages as scams to the social media site, and delete them from your profile page.

Finally, you’ll want to check to see if there are any new apps or games installed to your account that you didn’t download. If so, delete them since they may be another attempt to compromise your account.

Now that you know what do to after a social media account is hacked, here’s how to prevent it from happening in the first place.

How To Keep Your Social Accounts Secure

  • Don’t click on suspicious messages or links, even if they appear to be posted by someone you know.
  • Flag any scam posts or messages you encounter on social media to the website, so they can help stop the threat from spreading.
  • Use unique, complicated passwords for all your accounts.
  • If the site offers multi-factor authentication, use it, and choose the highest privacy setting available.
  • Avoid posting any identity information or personal details that might allow a hacker to guess your security questions.
  • Don’t log in to your social accounts while using public Wi-Fi, since these networks are often unsecured and your information could be stolen.
  • Always use comprehensive security software that can keep you protected from the latest threats.
  • Keep up-to-date on the latest scams and malware threats

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What To Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/feed/ 0
Affected by a Data Breach? 6 Security Steps You Should Take https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/#respond Fri, 30 Nov 2018 22:48:01 +0000 https://securingtomorrow.mcafee.com/?p=92893

It’s common for people to share their personal information with companies for multiple reasons. Whether you’re checking into a hotel room, using a credit card to make a purchase at your favorite store, or collecting rewards points at your local coffee shop, companies have more access to your data than you may think. While this […]

The post Affected by a Data Breach? 6 Security Steps You Should Take appeared first on McAfee Blogs.

]]>

It’s common for people to share their personal information with companies for multiple reasons. Whether you’re checking into a hotel room, using a credit card to make a purchase at your favorite store, or collecting rewards points at your local coffee shop, companies have more access to your data than you may think. While this can help you build relationships with your favorite vendors, what happens if their security is compromised?

A high-profile hotel and another popular consumer brand’s perks program recently experienced data breaches that exposed users’ personal information. If you think you were affected by one of these breaches, there are multiple steps you can take to help protect yourself from the potential side effects.

Check out the following tips if you think you may have been affected by a data breach, or just want to take extra precautions:

  • Change your password. Most people will rotate between the same three passwords for all of their personal accounts. While this makes it easier to remember your credentials, it also makes it easier for hackers to access more than one of your accounts. Try using a unique password for every one of your accounts or employ a password manager.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.
  • Update your privacy settings. Be careful with how much of your personal information you share online. Make sure your social media accounts and mobile apps are on private and use multi-factor authentication to prevent your accounts from being hacked.
  • Be vigilant about checking your accounts. If you suspect that your personal data has been compromised, frequently check your bank account and credit activity. Many banks and credit card companies offer free alerts that notify you via email or text messages when new purchases are made, if there’s an unusual charge, or when your account balance drops to a certain level. This will help you stop fraudulent activity in its tracks.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Affected by a Data Breach? 6 Security Steps You Should Take appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/feed/ 0
The Spotify Phishing Scam: How to Reel in This Cyberthreat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/#respond Wed, 28 Nov 2018 18:16:13 +0000 https://securingtomorrow.mcafee.com/?p=92859

Many music-lovers around the world use Spotify to stream all of their favorite tunes. While the music streaming platform is a convenient tool for users to download and listen to their music, hackers are capitalizing on the company’s popularity with a recent phishing campaign. The campaign lures users into giving up their account details, putting […]

The post The Spotify Phishing Scam: How to Reel in This Cyberthreat appeared first on McAfee Blogs.

]]>

Many music-lovers around the world use Spotify to stream all of their favorite tunes. While the music streaming platform is a convenient tool for users to download and listen to their music, hackers are capitalizing on the company’s popularity with a recent phishing campaign. The campaign lures users into giving up their account details, putting innocent Spotify customers’ credentials at risk.

So, how are the account hijackers conducting these phishing attacks? The campaign sends listeners fraudulent emails that appear to be from Spotify, prompting them to confirm their account details. However, the link contained in the email is actually a phishing link. When the user clicks on it, they are redirected to a phony Spotify website where they are prompted to enter their username and password for the hacker’s disposal.

This phishing campaign can lead to a variety of other security risks for victims exposed to the threat. For example, many users include their birthday or other personal information in their password to make it easier to remember. If a hacker gains access to a user’s Spotify password, they are given a glance into the victim’s password creation mindset, which could help them breach other accounts belonging to the user.

Fortunately, there are multiple steps users can take to avoid the Spotify phishing campaign and threats like it. Check out the following tips:

  • Create complex passwords. If a hacker gains access to a victim’s username and password, they will probably analyze these credentials to determine how the victim creates their passwords. It’s best to create passwords that don’t include personal information, such as your birthday or the name of your pet.
  • Avoid reusing passwords. If victims reuse the same password for multiple accounts, this attack could allow cybercriminals to breach additional services and platforms. To prevent hackers from accessing other accounts, create unique usernames and passwords for each online platform you use.
  • Look out for phishing red flags. If you notice that the “from” address in an email is a little sketchy or an unknown source, don’t interact with the message. And if you’re still unsure of whether the email is legitimate or not, hover your mouse over the button prompting you to click on the link (but don’t actually click on it). If the URL preview doesn’t seem to be related to the company, it is most likely a phishing email.
  • Be skeptical of emails claiming to come from legitimate companies. If you receive an email asking to confirm your login credentials, go directly to the company’s website. You should be able to check the status of your account on the company website or under the settings portion of the Spotify app to determine the legitimacy of the request.
  • Use security software to surf the web safely. Make sure you use a website reputation tool like McAfee WebAdvisor to avoid landing on phishing and malicious sites.

And, as always, to stay on top of the latest and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?and ‘Like’ us on Facebook.

The post The Spotify Phishing Scam: How to Reel in This Cyberthreat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/feed/ 0
What Your Password Says About You https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/#respond Fri, 16 Nov 2018 21:50:22 +0000 https://securingtomorrow.mcafee.com/?p=92744

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is […]

The post What Your Password Says About You appeared first on McAfee Blogs.

]]>

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is easy to remember rather than super secure.

The urge to pick simple passwords is understandable given the large number of passwords that are required in our modern lives—for banking, social media, and online services, to simply unlocking our phones. But choosing weak passwords can be a major mistake, opening you up to theft and identity fraud.

Even if you choose complicated passwords, the recent rash of corporate data breaches means you could be at even greater risk by repeating passwords across accounts. When you repeat passwords all a hacker needs to do is breach one service provider to obtain a password that can unlock a string of accounts, including your online banking services. These accounts often include identity information, leaving you open to impersonation. The bad guys could open up fraudulent accounts in your name, for example, or even collect your health benefits.

So, now that you know the risks of weak password security, let’s see what your password says about you. Take this quiz to find out, and don’t forget to review our password safety tips below!

Password Quiz – Answer “Yes” or “No”

  1. Your passwords don’t include your address, birthdate, anniversary, or pet’s name.
  2. You don’t repeat passwords.
  3. Your passwords are at least 8 characters long and include numbers, upper and lower case letters, and characters.
  4. You change default passwords on devices to something hard to guess.
  5. You routinely lock your phone and devices with a passcode or fingerprint.
  6. You don’t share your passwords with people you’re dating or friends.
  7. You use a password manager.
  8. If you write your passwords down, you keep them hidden in a safe place, where no one else can find them.
  9. You get creative with answers to security questions to make them harder to guess. For example, instead of naming the city where you grew up, you name your favorite city, so someone who simply reads your social media profile cannot guess the answer.
  10. You make sure no one is watching when you type in your passwords.
  11. You try to make your passwords memorable by including phrases that have meaning to you.
  12. You use multi-factor authentication.

Now, give yourself 1 point for each question you answered “yes” to, and 0 points for each question you answered “no” to. Add them up to see what your password says about you.

9-12 points:

You’re a Password Pro!

You take password security seriously and know the importance of using unique, complicated passwords for each account. Want to up your password game? Use multi-factor authentication, if you don’t already. This is when you use more than one method to authenticate your identity before logging in to an account, such as typing in a password, as well as a code that is sent to your phone via text message.

4-8 points

You’re a Passable Passworder

You go through the basics, but when it comes to making your accounts as secure as they can be you sometimes skip important steps. Instead of creating complicated passwords yourself—and struggling to remember them—you may want to use a password manager, and let it do the work for you. Soon, you’ll be a pro!

1-3 points

You’re a Hacker’s Helper

Uh oh! It looks like you’re not taking password security seriously enough to ensure that your accounts and data stay safe. Start by reading through the tips below. It’s never too late to upgrade your passwords, so set aside a little time to boost your security.

Key Tips to Become a Password Pro:

  • Always choose unique, complicated passwords—Try to make sure they are at least 8 characters long and include a combination of numbers, letters, and characters. Don’t repeat passwords for critical accounts, like financial and health services, and keep them to yourself.Also, consider using a password manager to help create and store unique passwords for you. This way you don’t have to write passwords down or memorize them. Password managers are sometimes offered as part of security software.
  • Make your password memorable—We know that people continue to choose simple passwords because they are easier to remember, but there are tricks to creating complicated and memorable passwords. For instance, you can string random words together that mean something to you, and intersperse them with numbers and characters. Or, you can choose random letters that comprise a pattern only know to you, such as the fist letter in each word of a sentence in your favorite book.
  • Use comprehensive security software—Remember, a strong password is just the first line of defense. Back it up with robust security softwarethat can detect and stop known threats, help you browse safely, and protect you from identity theft.

For more great password tips, go here.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Your Password Says About You appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/feed/ 0
Don’t Get PWNed by Fake Gaming Currency Sites https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/#respond Fri, 16 Nov 2018 01:34:35 +0000 https://securingtomorrow.mcafee.com/?p=92740

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and […]

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.

]]>

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and time-consuming to complete. As a result, many players look to various websites as an easier way to download more gaming currency. Unfortunately, malicious actors are taking advantage of this trend to scam gamers into downloading malware or PUPs (potentially unwanted programs).

There are a variety of techniques scammers use to trick players into utilizing their malicious sites. The first is fake chat rooms. Scammers will set up seemingly legitimate chat rooms where users can post comments or ask questions. What users don’t know is that a bot is actually answering their inquiries automatically. Scammers also ask these victims for “human interaction” by prompting them to enter their personal information via surveys to complete the currency download. What’s more – the message will show a countdown to create a sense of urgency for the user.

These scammers also use additional techniques to make their sites believable, including fake Facebook comments and “live” recent activity updates. The comments and recent activity shown are actually hard-coded into the scam site, giving the appearance that other players are receiving free gaming currency.

These tactics, along with a handful of others, encourage gamers to use the scam sites so cybercriminals can distribute their malicious PUPs or malware. So, with such deceptive sites existing around the internet, the next question is – what can players do to protect themselves from these scammers? Check out the following tips to avoid this cyberthreat:

  • Exercise caution when clicking on links. If a site for virtual currency is asking you to enter your username, password, or financial information, chances are the website is untrustworthy. Remember, when in doubt, always err on the side of caution and avoid giving your information to a site you’re not 100% sure of.
  • Put the chat room to the test. To determine if a chat site is fake, ask the same question a few times. If you notice the same response, it is likely a phony website.
  • Do a Google search of the Facebook comments. An easy way to check if the Facebook comments that appear on a site are legitimate is to copy and paste them into Google. If you see a lot of similar websites come up with the same comments in the description, this is a good indication that it is a scam site.
  • Use security software to surf the web safely. Products like McAfee WebAdvisor can help block gamers from accessing the malicious sites mentioned in this blog.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/feed/ 0
Preventing WebCobra Malware From Slithering Onto Your System https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/#respond Wed, 14 Nov 2018 21:15:31 +0000 https://securingtomorrow.mcafee.com/?p=92720

Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need […]

The post Preventing WebCobra Malware From Slithering Onto Your System appeared first on McAfee Blogs.

]]>

Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need a ton of computer resources, since successful bitcoin mining requires a large amount of hardware. Unfortunately, these miners can be used for more nefarious purposes if they’re included within malicious software. Enter WebCobra, a malware that exploits victims’ computers to help cybercriminals mine for cryptocurrencies, a method also known as cryptojacking.

How does WebCobra malware work, exactly? First, WebCobra uses droppers (Trojans designed to install malware onto a victim’s device) to check the computer’s system. The droppers let the malware know which cryptocurrency miner to launch. Then, it silently slithers onto a victim’s device via rogue PUP (potentially unwanted program) and installs one of two miners: Cryptonight or Claymore’s Zcash. Depending on the miner, it will drain the victim’s device of its computer processor’s resources or install malicious file folders that are difficult to find.

The most threatening part of WebCobra malware is that it can be very difficult to detect. Often times, the only sign of its presence is decreased computer performance. Plus, when the dropper is scanning the victim’s device, it will also check for security products running on the system. Many security products use APIs, or application programming interfaces, to monitor malware behavior – and WebCobra is able to overwrite some. This means it can essentially unhook the API and disrupt the system’s communication methods, and therefore remain undetected for a long time.

While cryptocurrency mining can be a harmless hobby, users should be cautious of criminal miners with poor intentions. So, what can you do to prevent WebCobra from slithering onto your system? Check out the following tips:

  • If your computer slows down, be cautious. It can be hard to determine if your device is being used for a cryptojacking campaign. One way you can identify the attack – poor performance. If your device is slow or acting strange, start investigating and see if your device may be infected with malware.
  • Use a comprehensive security solution. Having your device infected with malware will not only slow down its performance but could potentially lead to exposed data. To secure your device and help keep your system running smoothly and safely, use a program like McAfee Total Protection. McAfee products are confirmed to detect WebCobra.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Preventing WebCobra Malware From Slithering Onto Your System appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/feed/ 0
“League of Legends” YouTube Cheat Links: Nothing to “LOL” About https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/#comments Fri, 09 Nov 2018 19:27:02 +0000 https://securingtomorrow.mcafee.com/?p=92621 If you’re an avid gamer, you’ve probably come across a game that just seems impossible to complete. That’s because, thanks to the internet, it’s so simple to look for cheats to games on YouTube to help you level up. Most cheats exist in the form of software patches that execute files in order to activate […]

The post “League of Legends” YouTube Cheat Links: Nothing to “LOL” About appeared first on McAfee Blogs.

]]>
If you’re an avid gamer, you’ve probably come across a game that just seems impossible to complete. That’s because, thanks to the internet, it’s so simple to look for cheats to games on YouTube to help you level up. Most cheats exist in the form of software patches that execute files in order to activate the cheat. However, malware and PUP (short for “potentially unwanted program”) authors are using gaming cheats to trick users into downloading their malicious files in order to make a profit. And that’s exactly what YouTube channel owner “LoL Master” has been doing to “League of Legends” players.

So how exactly does this “LoL Master” trick these innocent users? The cybercriminal uploads videos to his or her YouTube channel that demonstrate how to use various cheat files, which also provide links pointing to websites that allegedly distribute cheats and stolen accounts. When players click on these links, however, they’re now exposed to cyberthreats.

When on these sites, players will be prompted to download the cheat files, but the files are actually bundled with other malicious files uploaded by wannabe cybercriminals. If users click download, PUP installers distribute the bundled files and push them onto a victim’s device. “LoL Master” makes a profit on these downloads while the victim’s device suffers from malware.

“League of Legends” players may not pick up on this scheme for a number of reasons. First, the file hosting site falsely claims that the malware analysis software VirusTotal scanned the file. Second, the site attempts to block antimalware scanners from detecting the malicious files by putting them in a password-protected zip file. If the player isn’t using antimalware software, the PUP installer will push adware or other malicious software onto the victim’s device once they unzip the file.

So, what steps can players take to avoid this malicious trick? Check out the following tips to help protect your online security:

  • Browse with caution. Although it may seem harmless to peruse YouTube comments and descriptions, malware and PUP authors use this as a vector to push their malicious downloads. Use discretion when clicking on any links included in these comments.
  • Don’t download something unless it comes from a trusted source. It is one thing to browse around YouTube comments, it is another entirely to download items from sketchy sites. Only download software from legitimate sources, and if you’re unsure if the site is trustworthy, it is best to just avoid it entirely.
  • Use security software to surf the web safely. It can be hard to identify which sites out there are malicious. Get some support by using a tool like McAfee WebAdvisor, which safeguards you from cyberthreats while you browse.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post “League of Legends” YouTube Cheat Links: Nothing to “LOL” About appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/feed/ 2
Connected or Compromised? How to Stay Secure While Using Push Notifications https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/#respond Tue, 06 Nov 2018 19:02:17 +0000 https://securingtomorrow.mcafee.com/?p=92499 You’re probably familiar with push notifications – messages sent by app publishers that pop up on your desktop or mobile device. Browser push notifications are messages from websites that users have granted permission to serve them the latest news without having to open the actual website. While push notifications are a handy way to stay current […]

The post Connected or Compromised? How to Stay Secure While Using Push Notifications appeared first on McAfee Blogs.

]]>
You’re probably familiar with push notifications – messages sent by app publishers that pop up on your desktop or mobile device. Browser push notifications are messages from websites that users have granted permission to serve them the latest news without having to open the actual website. While push notifications are a handy way to stay current with social media and the latest news from your favorite apps, the researchers here at McAfee have observed that these notifications have some compromising features, which impact both Chrome and Firefox browsers.

It turns out there are some real cybersecurity risks involved with taking advantage of the convenience of browser push notifications. That’s because to show push notifications, website owners must utilize pop-up ads that first request permission to show notifications. Essentially, users are tricked into thinking that the request is coming from the host site instead of the pop-up. This feature is currently being exploited by adware companies, which are using it to load unwanted advertisements onto users’ screens. Often times, these ads contain offensive or inappropriate material and users can even be exposed to irritating pop-ups that could potentially lead to viruses and malware.

So, how can users enjoy the convenience of push notifications without putting themselves at risk of a cyberattack? Check out the following tips:

  • Follow Google Chrome’s instructions on how to allow or block notifications. Check out this step-by-step guide to customize which sites you receive push notifications from and which ones you don’t.
  • Customize your Firefox notification options. You can check the status of which sites you have given permission to send notifications your way and choose whether to have the browser always ask for permission, allow or block notifications.
  • Use parental controls.No one wants inappropriate ads, especially parents of young children. To prevent exposing your kids to the inappropriate adverts that could result from push notifications, implement parental controls on your desktop. This additional filtering could prevent your child from accidentally clicking on malicious content that could infect your device.
  • When in doubt, block it out. If you come across a push notification pop-up from a suspicious-looking website or unfamiliar app, click on the ‘Block’ option to stay on the safe side.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Connected or Compromised? How to Stay Secure While Using Push Notifications appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/feed/ 0
Hackable?, the Original Podcast from McAfee, is Back for Season Three https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/#respond Tue, 06 Nov 2018 17:00:23 +0000 https://securingtomorrow.mcafee.com/?p=92467 Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age. But we can’t fight it alone. That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. […]

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age.

But we can’t fight it alone.

That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. The more we can educate and collaborate, the better we can fight cybercrime together.

That’s why I’m so excited to announce that our award-winning podcast “Hackable?” has returned for its third season. I’m proud that its resonated and been downloaded millions of times by loyal listeners.

For two seasons, host Geoff Siskind and cybersecurity expert Bruce Snell have used rich storytelling and expert advice to captivate audiences while raising cybersecurity awareness. Each episode, Geoff invites a white-hat hacker to try and crack a device he is using. These hacks are inspired by TV shows and movies, and in the second season, he put his own passwords and credit cards on the line and was even trapped in an internet-connected car wash.

In the third season, Geoff is going to strap on a hacked virtual reality headset, risk his laptop’s security, investigate if drones are vulnerable and much more.

Thankfully, Bruce is there to provide tips and help make sure that none of this happens to any of the show’s listeners.

After all, internet-connected devices are great. They offer entertainment, utility, and convenience. “Hackable?” isn’t about scaring you from using smart technologies, but about raising awareness so that you can understand where they are susceptible to a cyberattack. Often, a few simple steps are all it takes to protect you, your home, your loved ones, and your personal data.

New episodes of Hackable? will launch every two weeks. Listen on Apple Podcasts, Spotify, Castbox, Stitcher, Google Podcasts, and Radio Public. Don’t forget to rate, review, and subscribe! Check out the podcast site for bonus content, illustrations, and a behind-the-scenes look at each episode.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/feed/ 0
Hackable?, the Original Podcast from McAfee, is Back for Season Three https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/#respond Mon, 05 Nov 2018 19:02:33 +0000 https://securingtomorrow.mcafee.com/?p=92506 Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age. But we can’t fight it alone. That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. […]

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age.

But we can’t fight it alone.

That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. The more we can educate and collaborate, the better we can fight cybercrime together.

That’s why I’m so excited to announce that our award-winning podcast “Hackable?” has returned for its third season. I’m proud that its resonated and been downloaded millions of times by loyal listeners.

For two seasons, host Geoff Siskind and cybersecurity expert Bruce Snell have used rich storytelling and expert advice to captivate audiences while raising cybersecurity awareness. Each episode, Geoff invites a white-hat hacker to try and crack a device he is using. These hacks are inspired by TV shows and movies, and in the second season, he put his own passwords and credit cards on the line and was even trapped in an internet-connected car wash.

In the third season, Geoff is going to strap on a hacked virtual reality headset, risk his laptop’s security, investigate if drones are vulnerable and much more.

Thankfully, Bruce is there to provide tips and help make sure that none of this happens to any of the show’s listeners.

After all, internet-connected devices are great. They offer entertainment, utility, and convenience. “Hackable?” isn’t about scaring you from using smart technologies, but about raising awareness so that you can understand where they are susceptible to a cyberattack. Often, a few simple steps are all it takes to protect you, your home, your loved ones, and your personal data.

New episodes of Hackable? will launch every two weeks. Listen on Apple Podcasts, Spotify, Castbox, Stitcher, Google Podcasts, and Radio Public. Don’t forget to rate, review, and subscribe! Check out the podcast site for bonus content, illustrations, and a behind-the-scenes look at each episode.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.


{
"metadata": {
"id": "cc720909-8437-4fa4-9314-305295d86f6c",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/img_1616344032909327.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/img_1616344032909327.jpg",
"pubDate": "Tue 06 Nov 2018 12:35:48 +0000"
}
}

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/feed/ 0
How to Protect Yourself from Tech Support Imposters https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/#respond Fri, 02 Nov 2018 19:13:30 +0000 https://securingtomorrow.mcafee.com/?p=92410 Many of us rely on our technology throughout our everyday lives. So, when something goes wrong, we look to tech support to save the day. Unfortunately, cybercriminals have used our reliance on tech support to make a profit in the form of tech support scams. And now it appears that a brand new scheme has […]

The post How to Protect Yourself from Tech Support Imposters appeared first on McAfee Blogs.

]]>
Many of us rely on our technology throughout our everyday lives. So, when something goes wrong, we look to tech support to save the day. Unfortunately, cybercriminals have used our reliance on tech support to make a profit in the form of tech support scams. And now it appears that a brand new scheme has emerged, which has disguised itself as a McAfee tech support pop-up and is going after victims’ financial information.

While there have been other tech support scams impersonating McAfee, this one is a bit different. Previous scams would redirect users to McAfee’s site using an affiliate link (site clicks generate commission), whereas this one starts by stating the user’s subscription is about to expire.

If the user believes the faulty expiration messages and clicks on the “Renew Now” button, they will be prompted to enter their credit card and personal information. Once the user submits this information, they will be redirected to a page asking to call a tech support number to set up the service. The so-called “agent” will refer to themselves as “Premium Technical Support” and claim to be either McAfee or a partner of McAfee. They will then request to remotely connect to the user’s device in order to install the software and will tell the user that the credit card information did not go through. At this point, the victim will be prompted to purchase the software through McAfee’s site and connect to what appears to be a McAfee affiliate link – which actually distributes adware and unwanted software.

Essentially, these victims were just tricked into giving up their credit card information to scammers and their device could potentially be infected with malware. They’re now at risk of having even more information swooped and could even be a victim of identity fraud. Fortunately, there are proactive steps these users can take to avoid these scams and keep their data safe. Start by following these tips:

  • Go straight to the source. If you receive a pop-up claiming to be from a company, do not click on it. Instead, go directly to the company’s website. From here you will be able to get in contact with the company’s real tech support and check the status of your subscription. If you are a McAfee customer, you can always reach us at https://service.mcafee.com/.
  • Be extremely cautious about giving out personal information. Before handing over your personal or credit card information, do your homework. Research the company and check the customer reviews. If you decide to make a purchase, make sure it is directly from the company’s website.
  • Be suspicious of callers claiming to be tech support. You need to field each call from a random number with caution, especially if they reached out to you first. Never respond to unsolicited calls or pop-ups warning you of a technical issue, and never let anyone remotely take over your device.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How to Protect Yourself from Tech Support Imposters appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/feed/ 0
Kraken Ransomware Emerges from the Depths: How to Tame the Beast https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/#respond Tue, 30 Oct 2018 21:03:58 +0000 https://securingtomorrow.mcafee.com/?p=92295 Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware. In fact, the attackers behind the ransomware were able to access […]

The post Kraken Ransomware Emerges from the Depths: How to Tame the Beast appeared first on McAfee Blogs.

]]>
Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware. In fact, the attackers behind the ransomware were able to access the website superantispyware.com and distribute the ransomware from there.

So how did this stealthy monster recently gain more traction? The McAfee Advanced Threat Research team, along with the Insikt group from Recorded Future, decided to uncover the mystery. They soon found that the Fallout Exploit kit, a type of toolkit cybercriminals use to take advantage of system vulnerabilities, started delivering Kraken ransomware at the end of September. In fact, this is the same exploit kit used to deliver GandCrab ransomware. With this new partnership between Kraken and Fallout, Kraken now has an extra vessel to employ its malicious tactics.

Now, let’s discuss how Kraken ransomware works to encrypt a victim’s computer. Kraken utilizes a business scheme called Ransomware-as-a-Service, or RaaS, which is a platform tool distributed by hackers to other hackers. This tool gives cybercriminals the ability to hold a victim’s computer files, information, and systems hostage. Once the victim pays the ransom, the hacker sends a percentage of the payment to the RaaS developers in exchange for a decryption code to be forwarded to the victim. However, Kraken wipes files from a computer using external tools, making data recovery nearly impossible for the victim. Essentially, it’s a wiper.

Kraken Cryptor ransomware employs a variety of tactics to keep it from being detected by many antimalware products. For example, hackers are given a new variant of Kraken every 15 days to help it slip under an antimalware solution’s radar. The ransomware also uses an exclusion list, a common method utilized by cybercriminals to avoid prosecution. The exclusion list archives all locations where Kraken cannot be used, suggesting that the cybercriminals behind the ransomware attacks reside in those countries. As you can see, Kraken goes to great lengths to cover its tracks, making it a difficult cyberthreat to fight.

Kraken’s goal is to encourage more wannabe cybercriminals to purchase this RaaS and conduct their own attacks, ultimately leading to more money in the developers’ pockets. Our research team observed that in Version 2 of Kraken, developers decreased their profit percentage by 5%, probably as a tactic to attract more affiliate hackers. The more criminal customers Kraken can onboard, the more attacks they can flesh out, and the more they can profit off of ransom collections.

So, what can users do to defend themselves from this stealthy monstrosity? Here are some proactive steps you can take:

  • Be wary of suspicious emails or pop-ups. Kraken was able to gain access to a legitimate website and other ransomware can too. If you receive a message or pop-up claiming to be from a company you trust but the content seems fishy, don’t click on it. Go directly to the source and contact the company from their customer support line.
  • Backup your files often. With cybercrime on the rise, it’s vital to consistently back up all of your important data. If your device becomes infected with ransomware, there’s no guarantee that you’ll get it back. Stay prepared and protected by backing up your files on an external hard drive or in the cloud.
  • Never pay the ransom. Although you may feel desperate to get your data back, paying does not guarantee that all of your information will be returned to you. Paying the ransom also contributes to the development of more ransomware families, so it’s best to just hold off on making any payments.
  • Use a decryption tool. No More Ransom provides tools to help users free their encrypted data. If your device gets held for ransom, check and see if a decryption tool is available for your specific strain of ransomware.
  • Use a comprehensive security solution. Add an extra layer of security on to all your devices by using a solution such as McAfee Total Protection, which now includes ransom guard and will help you better protect against these types of threats.

Want to learn more about Ransomware and how to defend against it? Visit our dedicated ransomware page.

 

The post Kraken Ransomware Emerges from the Depths: How to Tame the Beast appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/feed/ 0
“Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/#respond Wed, 24 Oct 2018 19:13:48 +0000 https://securingtomorrow.mcafee.com/?p=92249 Over the past two decades, we’ve seen a huge rise in the popularity of online gaming among both children and adults. One particular game that has experienced huge success is “Grand Theft Auto,” or GTA, which has been developed and produced by Rockstar Games. The most recent edition of the game, “Grand Theft Auto V,” […]

The post “Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug appeared first on McAfee Blogs.

]]>
Over the past two decades, we’ve seen a huge rise in the popularity of online gaming among both children and adults. One particular game that has experienced huge success is “Grand Theft Auto,” or GTA, which has been developed and produced by Rockstar Games. The most recent edition of the game, “Grand Theft Auto V,” hit $6 billion in sales as of April 2018, creating a record-breaking impact in the gaming industry. However, the game’s massive success doesn’t mean it’s immune to cyberattacks. A recent vulnerability in “Grand Theft Auto V” allowed malicious trolls to take over users’ games who were entering into single-player mode. By leveraging the flaw, these hackers were not only able to kick gamers off of their single-player session but could also continually kill their avatar.

So how exactly did these trolls carry out these attacks? Beginning last week, reports began to circulate that one popular ‘mod menu,’ or a series of alterations sought out and installed by players, was all the sudden advertising the ability to discover an online player’s Rockstar ID – a problem potentially originating from a bug found in the game’s most recent update. Taking advantage of this opportunity, hackers gained access to users’ Rockstar IDs and took control of their single-player games. Soon enough, legitimate players’ games were hijacked and sabotaged.

It is unclear as to whether this vulnerability came out of Rockstar’s most recent update or if this hack has been around for years and just now found its way to public PC mod menus. Either way, it sheds light on how persistent cyberthreats are in the world of online gaming – even impacting some of the most popular video games out there, such as “Grand Theft Auto V.”

Fortunately, reports are already circulating the bug was quietly patched over the weekend (despite confirmation from the game’s developer) – so to protect against the hack, all users should update their game as soon as possible. However, that doesn’t mean there still aren’t some steps these gamers can take to protect themselves from future hacks and vulnerabilities. Check out the following tips:

  • Limit the personal info on your online profile. Gamers are required to create a user profile in order to access the appropriate console/computer network. When creating your profile, avoid displaying your personal information that could potentially be used against you by hackers, such as your name, address, date of birth, and email address.
  • Create a unique and complex password for your online profile. The more complex the password, the more difficult it will be for a hacker to access your personal information. And, of course, make sure you don’t share your password with other users.
  • Be careful who you chat with. Online games will usually have a built-in messenger service that allows players to contact each other. It’s important to be aware of the risks associated with chatting to strangers. If you choose to use the chat feature in your online game, never give out your account details and avoid opening messages with attached files or links.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post “Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/feed/ 0
How to Squash the Android/TimpDoor SMiShing Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/#respond Wed, 24 Oct 2018 16:00:38 +0000 https://securingtomorrow.mcafee.com/?p=92160 As technology becomes more advanced, so do cybercriminals’ strategies for gaining access to our personal information. And while phishing scams have been around for over two decades, attackers have adapted their methods to “bait” victims through a variety of platforms. In fact, we’re seeing a rise in the popularity of phishing via SMS messages, or […]

The post How to Squash the Android/TimpDoor SMiShing Scam appeared first on McAfee Blogs.

]]>
As technology becomes more advanced, so do cybercriminals’ strategies for gaining access to our personal information. And while phishing scams have been around for over two decades, attackers have adapted their methods to “bait” victims through a variety of platforms. In fact, we’re seeing a rise in the popularity of phishing via SMS messages, or SMiShing. Just recently, the McAfee Mobile Research team discovered active SMiShing campaigns that are tricking users into downloading fake voice-messaging apps, called Android/TimpDoor.

So how does Android/TimpDoor infect a user’s device? When a victim receives the malicious text, the content will include a link. If they click on it, they’ll be directed to a fake web page. The website will then prompt the victim to download the app in order to listen to phony voice messages. Once the app has been downloaded, the malware collects the device information including device ID, brand, model, OS version, mobile carrier, connection type, and public/local IP address. TimpDoor allows cybercriminals to use the infected device as a digital intermediary without the user’s knowledge. Essentially, it creates a backdoor for hackers to access users’ home networks.

According to our team’s research, these fake apps have infected at least 5,000 devices in the U.S. since the end of March. So, the next question is what can users do to defend themselves from these attacks? Check out the following tips to stay alert and protect yourself from SMS phishing:

  • Do not install apps from unknown sources. If you receive a text asking you to download something onto your phone from a given link, make sure to do your homework. Research the app developer name, product title, download statistics, and app reviews. Be on the lookout for typos and grammatical errors in the description. This is usually a sign that the app is fake.
  • Be careful what you click on. Be sure to only click on links in text messages that are from a trusted source. If you don’t recognize the sender, or the SMS content doesn’t seem familiar, stay cautious and avoid interacting with the message.
  • Enable the feature on your mobile device that blocks texts from the Internet. Many spammers send texts from an Internet service in an attempt to hide their identities. Combat this by using this feature to block texts sent from the Internet.
  • Use a mobile security software. Make sure your mobile devices are prepared for TimpDoor or any other threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, as always, to stay up-to-date on the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Squash the Android/TimpDoor SMiShing Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/feed/ 0
Breaking Down the Rapidly Evolving GandCrab Ransomware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/#respond Wed, 17 Oct 2018 00:15:28 +0000 https://securingtomorrow.mcafee.com/?p=92088 Most ransomware strains have the same commonalities – bitter ransom notes, payment demanded in cryptocurrency, and inventive names. A select few, however, can go undetected by a handful of antimalware products. Meet GandCrab ransomware, a strain that somehow manages to accomplish all of the above. Our McAfee Labs team has found that the ransomware, which […]

The post Breaking Down the Rapidly Evolving GandCrab Ransomware appeared first on McAfee Blogs.

]]>
Most ransomware strains have the same commonalities – bitter ransom notes, payment demanded in cryptocurrency, and inventive names. A select few, however, can go undetected by a handful of antimalware products. Meet GandCrab ransomware, a strain that somehow manages to accomplish all of the above. Our McAfee Labs team has found that the ransomware, which first appeared in January, has been updating rapidly during its short lifespan, and now includes a handful of new features, including the ability to remain undetected by some antimalware products.

First and foremost, let’s break down how GandCrab gets its start. The stealthy strain manages to spread in a variety of ways. GandCrab can make its way to users’ devices via remote desktop connections with either weak security or bought in underground forums, phishing emails, legitimate programs that have been infected with the malware, specific exploits kits, botnets, and more.

GandCrab’s goal, just like other ransomware attacks, is to encrypt victims’ files and promise to release them for a fee paid in a form of cryptocurrency (often Dash or Bitcoin). It can also be sold across the dark web as ransomware-as-a-service, or RaaS, which allows wannabe cybercriminals to purchase the strain to conduct an attack of their own.

So, the next question is what can users do to defend against this tricky attack? Thankfully, McAfee gateway and endpoint customers are protected against the latest GandCrab versions but beyond using security software, there are a handful of other things you can do to ensure you’re protected from GandCrab ransomware. Start by following these tips:

  • Don’t pay the ransom. Many ransom notes seem convincing, and many only request small, seemingly doable amounts of money. Doesn’t matter – you still don’t pay. Paying does not promise you’ll get your information back, and many victims often don’t. So, no matter how desperate you are for your files, hold off on paying up.
  • Do a complete backupWith ransomware attacks locking away crucial data, you need to back up the data on all your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption toolsNo More Ransom – an initiative that teams up security firms, including McAfee, and law enforcement – provides tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain.

Want to learn more about ransomware and how to defend against it? Visit our What is Ransomware? page.

The post Breaking Down the Rapidly Evolving GandCrab Ransomware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/feed/ 0
The Dangers of Linking Your Apple ID to Financial Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/#respond Fri, 12 Oct 2018 21:40:07 +0000 https://securingtomorrow.mcafee.com/?p=92037

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers […]

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.

]]>

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers to monitor their accounts carefully, especially those who have linked their Apple IDs to Alipay accounts, WeChat Pay or their digital wallets and credit cards.

While Alipay works with Apple to figure out how this rare security breach happened and how hackers were able to hijack Apple IDs, they’re urging customers to lower their transaction limits to prevent any further losses while this investigation remains ongoing. Because Apple has yet to resolve this issue, any users who have linked their Apple IDs to payment methods including WeChat Pay — the popular digital wallet of WeChat which boasts over a billion users worldwide and can be used to pay for almost anything in China — remain vulnerable to theft. Apple also advises users to change their passwords immediately.

This security breach represents a large-scale example of a trend that continues to rise: the targeting of digital payment services by cybercriminals, who are capitalizing on the growing popularity of these services. Apple IDs represent an easy entry point of attack considering they connect Apple users to all the information, devices and products they care about. That interconnectivity of personal data is a veritable goldmine for cybercriminals if they get their hands on something like an Apple ID. With so much at stake for something as seemingly small as an Apple ID, it’s important for consumers to know how to safeguard their digital identifiers against potential financial theft. Here are some ways they can go about doing so:

  • Make a strong password. Your password is your first line of defense against attack, so you should make it as hard as possible for any potential cybercriminals to penetrate it. Including a combination of uppercase and lowercase letters, numbers, and symbols will help you craft a stronger, more complex password that’s difficult for cybercriminals to crack. Avoid easy to guess passwords like “1234” or “password” at all costs.
  • Change login information for different accounts. An easy trap is using the same email and password across a wide variety of accounts, including Apple IDs. To better protect your Apple ID, especially if it’s linked to your financial accounts, it’s best to create a wholly original and complex password for it.
  • Enable two-factor authentication. While Apple works on identifying how these hackers hijacked Apple IDs, do yourself a favor and add an extra layer of security to your account by enabling two-factor authentication. By having to provide two or more pieces of information to verify your identity before you can log into your account, you place yourself in a better position to avoid attacks.
  • Monitor your financial accounts. When linking credentials like Apple IDs to your financial accounts, it’s important to regularly check your online bank statements and credit card accounts for any suspicious activity or transactions. Most banks and credit cards offer free credit monitoring as well. You could also invest in an identity protection service, which will reimburse you in the case of identity fraud or financial theft.

Stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listening to our podcast Hackable?, and ‘Liking’ us on Facebook.

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/feed/ 0
As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/#respond Wed, 10 Oct 2018 19:22:25 +0000 https://securingtomorrow.mcafee.com/?p=91911 Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more […]

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

]]>
Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more than six million websites with malware scanners to arrive at this figure, noting that there was also a six percent decrease in websites being blacklisted over the previous year.

Many internet users rely on these search engines to flag malicious websites and protect them as they surf the web, but this decline in blacklisting sites is leaving many users just one click away from a potential attack. This disregard of a spam attack kit on search engine results for these infected sites can lead to serious disruption, including a sharp decline in customer trust. Internet users need to be more vigilant than ever now that search engines are dropping the ball on blacklisting infected sites, especially considering that total malware went up to an all-time high in Q2, representing the second highest attack vector from 2017-2018, according to the recent McAfee Labs Threats Report.

Another unsettling finding from the report was that incidents of cryptojacking have doubled in Q2 as well, with cybercriminals continuing to carry out both new and traditional malware attacks. Cryptojacking, the method of hijacking a browser to mine cryptocurrency, saw quite a sizable resurgence in late 2017 and has continued to be a looming threat ever since. McAfee’s Blockchain Threat Report discovered that almost 30,000 websites host the Coinhive code for mining cryptocurrency with or without a user’s consent—and that’s just from non-obfuscated sites.

And then, of course, there are just certain search terms that are more dangerous and leave you more vulnerable to malware than others. For all of you pop culture aficionados, be careful which celebrities you digitally dig up gossip around. For the twelfth year in a row, McAfee researched famous individuals to assess their online risk and which search results could expose people to malicious sites, with this year’s Most Dangerous Celebrity to search for being “Orange is the New Black’s” Ruby Rose.

So, how can internet users protect themselves when searching for the knowledge they crave online, especially considering many of the most popular search engines simply aren’t blacklisting as many bot malware infected sites as they should be? Keep these tips in mind:

  • Turn on safe search settings. Most browsers and search engines have a safe search setting that filters out any inappropriate or malicious content from showing up in search results. Other popular websites like iTunes and YouTube have a safety mode to further protect users from potential harm.
  • Update your browsers consistently. A crucial security rule of thumb is always updating your browsers whenever an update is available, as security patches are usually included with each new version. If you tend to forget to update your browser, an easy hack is to just turn on the automatic update feature.
  • Be vigilant of suspicious-looking sites. It can be challenging to successfully identify malicious sites when you’re using search engines but trusting your gut when something doesn’t look right to you is a great way of playing it safe.
  • Check a website’s safety rating. There are online search tools available that will analyze a given URL in order to ascertain whether it’s a genuinely safe site to browse or a potentially malicious one infected with bot malware and other threats.
  • Browse with security protection. Utilizing solutions like McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, or McAfee Total Protection, a comprehensive security solution that protects devices against malware and other threats, will safeguard you without impacting your browsing performance or experience.

To keep abreast of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/feed/ 0
How To Spot Tech Support Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/#respond Wed, 10 Oct 2018 18:49:25 +0000 https://securingtomorrow.mcafee.com/?p=89474  When something goes wrong with your computer or devices, it can cause a panic. After all, most of us depend on technology not only to work and connect with others, but also to stay on top of our daily lives. That’s why tech support scams are often successful. They appear to offer help when […]

The post How To Spot Tech Support Scams appeared first on McAfee Blogs.

]]>

When something goes wrong with your computer or devices, it can cause a panic. After all, most of us depend on technology not only to work and connect with others, but also to stay on top of our daily lives. That’s why tech support scams are often successful. They appear to offer help when we need it the most. But falling for these scams can put your devices, data, and money at even greater risk.

Although support scams have been around almost as long as the internet, these threats have increased dramatically over the last couple of years, proving to be a reliable way for scammers to make a quick buck.

In fact, the Internet Crime Complaint Center (IC3) said that it received nearly 11,000 tech support related complaints in 2017, leading to losses of $15 million, 90% higher than the losses reported in 2016. Microsoft alone saw a 24% increase in tech scams reported by customers in 2017 over the previous year, with 15% of victims saying they lost money.

Often, scammers convince users that there is a problem with their computer or device by delivering pop-up error messages. These messages encourage the user to “click” to troubleshoot the problem, which can download a piece of malware onto their machine, or prompt them to buy fake security software to fix the issue. In some cases, users wind up downloading ransomware, or paying $200 to $400 for fake software to fix problems they didn’t actually have.

And, in a growing number of instances, scammers pose as legitimate technology companies, offering phony support for real tech issues. Some even promote software installation and activation for a fee, when the service is actually provided for free from the software provider. They do this by posting webpages or paid search results using the names of well-known tech companies. When a user searches for tech help, these phony services can appear at the top of the search results, tricking people into thinking they are the real deal.

Some cybercriminals have even gone so far as to advertise fake services on legitimate online forums, pretending to be real tech companies such as Apple, McAfee, and Amazon. Since forum pages are treated as quality content by search engines, these phony listings rank high in search results, confusing users who are looking for help.

The deception isn’t just online. More and more computer users report phone calls from cybercrooks pretending to be technology providers, warning them about problems with their accounts, and offering to help resolve the issue for a fee. Or worse, the scammer requests access to the victim’s computer to “fix the problem”, with the hopes of grabbing valuable data, such as passwords and identity information. All of these scams leave users vulnerable.

Here’s how to avoid support scams to keep your devices and data safe:

  • If you need help, go straight to the source—Type the address of the company you want to reach directly into the address bar of your browser—not the search bar, which can pull up phony results. If you have recently purchased software and need help, check the packaging the software came in for the correct web address or customer support line. If you are a McAfee customer, you can always reach us at https://service.mcafee.com.
  • Be suspicious—Before you pay for tech support, do your homework. Research the company by looking for other customer’s reviews. Also, check to see if your technology provider already offers the support you need for free.
  • Be wary of callers asking for personal information, especially if they reach out to you first—Situations like this happen all the time, even to institutions like the IRS. McAfee’s own policy is to answer support questions via our website only, and if users need assistance, they should reach out here directly. Never respond to unsolicited phone calls or pop-up messages, warning you about a technical issue, and never let anyone take over your computer or device remotely.
  • Surf Safe—Sometimes it can be hard to determine if search results are safe to click on, or not. Consider using a browser extension that can warn you about suspicious sites right in your search results, and help protect you even if you click on a dangerous link.
  • Keep informed—Stay up-to-date on the latest tech support scams so you know what to watch out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Spot Tech Support Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/feed/ 0
Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/#respond Fri, 05 Oct 2018 18:09:14 +0000 https://securingtomorrow.mcafee.com/?p=91811 Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee […]

The post Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ appeared first on McAfee Blogs.

]]>
Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee Labs Threats Report: September 2018, which features digital assistants, cryptocurrencies, and cybercriminal gangs up to no good. Overall, it’s been an eventful quarter.

So, what are the key takeaways for you? Notably, our team has continued to track a downward trend in new malware attacks for the second successive quarter. Good news on the surface, but that trend may not be indicative of much; as we also saw a spike in new malware in Q4 2017. We’ll continue to watch this into next year. Significantly, we found that a good portion of net new malware is designed for mobile, which increased 27 percent over the previous quarter. In addition, here’s a look at the other trending stories we uncovered.

Digital Assistants

Digital assistants are advanced programs that we can converse with to research, act on our behalf and overall help make our digital lives more comfortable. Siri, Bixby and Google Assistant are few. But one digital assistant, Microsoft’s Cortana, is a little too helpful. The good news, Microsoft quickly rolled out a fix for this vulnerability to protect your Windows 10 computer. Be sure your software is up to date.

Cryptocurrency

The second story involves cryptocurrencies. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain. Blockchains, by their nature, are relatively secure. But an account that is connected to a blockchain — usually, in this case, associated with a cryptocurrency — is not. And that’s where cybercriminals are focusing their efforts, with coin miner malware up 86% in Q2 2018.

Our report found cybercriminals are chasing after access to cryptocurrencies and they’re doing so using familiar tactics. For example, phishing attacks — where cybercriminals pose as someone else online — are popular tools to take over a cryptocurrency-related account. Malicious programs are also deployed to collect passwords and other information related to an account before stealing virtual currency. You can read more about blockchain and cryptocurrency vulnerabilities here. 

Malicious Apps

Finally, the McAfee Mobile Research team found a collection of malicious applications facilitating a scam in the Google Play store. The apps in question siphon money from unwary users through billing-fraud. Billing-fraud collects money from victims for “using” a “premium” service, such as sending texts to a particular number.

In this case, the cybercriminal ring known as the AsiaHitGroup Gang attempted to charge at least 20,000 victims for downloading fake or copied versions of popular applications. To increase its potential, AsiaHitGroup Gang is using geolocation to target vulnerable populations.

So, what can you do to stay safe in the face of these threats? Here are three quick tips:

  • Limit device access. If you can, limit the ability and access a digital assistant has to your device. Often, you can adjust where and how an assistant is activated through your settings. Otherwise, update your software regularly, as many updates contain security fixes.
  • Create strong passwords. If you’re participating in the cryptocurrency market, then make sure you use strong, robust passwords to protect your accounts. This means using upper case, lower case, symbols and numbers for passwords that are 12 characters long. Afraid you might forget the key to your account? Consider using a password manager.
  • Be careful what you download. Always do some light research on the developer of a mobile application. If the information is hard to come across or absent, consider using an alternative program. Additionally, never download mobile applications from third-party app stores. Genuine stores, like Google Play and Apple’s App Store, should provide you with what you need.

And, of course, stay informed. To keep atop of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/feed/ 0
McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/#respond Tue, 02 Oct 2018 04:01:15 +0000 https://securingtomorrow.mcafee.com/?p=91701 Every rose has its thorn, right? Apparently, the same goes for actress Ruby Rose, as her newfound popularity from “Orange is the New Black” has made her both famous, and maybe even dangerous. At least when it comes to online interactions. You heard correctly, the newly announced Batwoman has also been crowned McAfee’s Most Dangerous […]

The post McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage appeared first on McAfee Blogs.

]]>
Every rose has its thorn, right? Apparently, the same goes for actress Ruby Rose, as her newfound popularity from “Orange is the New Black” has made her both famous, and maybe even dangerous. At least when it comes to online interactions. You heard correctly, the newly announced Batwoman has also been crowned McAfee’s Most Dangerous Celebrity this year. For the twelfth year in a row, McAfee researched famous individuals to reveal the riskiest celebrity to search for online, or, which search results could expose fans to malicious sites. Ruby Rose took home the top spot in 2018, but curious about who the runner-ups are? Here’s the full list:

Recent popular reality and sitcom shows have driven some stars (Kristin Cavallari, Debra Messing, Kourtney Kardashian) to the top of our list. Which is one of the few reasons this list is so different than last year’s. Unlike 2017’s list of Most Dangerous Celebrities, musicians ranked low on this year’s list. Adele was the highest ranked musician at No. 21 followed by Shakira (No. 27), 2017’s top celebrity Avril Lavigne (No. 30), and Lady Gaga (No. 35).

So, whether you’re looking up what Ruby did on the latest “Orange is the New Black” episode, or what Kristin Cavallari wore the latest awards show, make sure you’re searching the internet safely. To keep your internet activity secure and danger-free, follow these tips:

  • Be careful what you click. Users looking for a sneak-peek of the CW series, Batwoman starring Ruby Rose should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
  • Apply system and application updates as soon as they are available. Very often the operating system and application updates include security fixes. Applying updates is an important step to help ensure devices stay protected.
  • Browse with security protection. McAfee Total Protection is a comprehensive security solution that can help keep devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can help protect against going to malicious websites.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/feed/ 0
Facebook Announces Security Flaw Found in “View As” Feature https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/#respond Fri, 28 Sep 2018 19:43:57 +0000 https://securingtomorrow.mcafee.com/?p=91683 Another day, another Facebook story. In May, a Facebook Messenger malware named FacexWorm was utilized by cybercriminals to steal user passwords and mine for cryptocurrency. Later that same month, the personal data of 3 million users was exposed by an app on the platform dubbed myPersonality. And in June, millions of the social network’s users […]

The post Facebook Announces Security Flaw Found in “View As” Feature appeared first on McAfee Blogs.

]]>
Another day, another Facebook story. In May, a Facebook Messenger malware named FacexWorm was utilized by cybercriminals to steal user passwords and mine for cryptocurrency. Later that same month, the personal data of 3 million users was exposed by an app on the platform dubbed myPersonality. And in June, millions of the social network’s users may have unwittingly shared private posts publicly due to another new bug. Which brings us to today. Just announced this morning, Facebook revealed they are dealing with yet another security breach, this time involving the “View As” feature.

Facebook users have the ability to view their profiles from another user’s perspective, which is called “View As.” This very feature was found to have a security flaw that has impacted approximately 50 million user accounts, as cybercriminals have exploited this vulnerability to steal Facebook users’ access tokens. Access tokens are digital keys that keep users logged in, and they permit users to bypass the need to enter a password every time. Essentially, this flaw helps cybercriminals take over users’ accounts.

While the access tokens of 50 million accounts were taken, Facebook still doesn’t know if any personal information was gathered or misused from the affected accounts. However, they do suspect that everyone who used the “View As” feature in the last year will have to log back into Facebook, as well as any apps that used a Facebook login. An estimated 90 million Facebook users will have to log back in.

As of now, this story is still developing, as Facebook is still investigating further into this issue. Now, the question is — if you’re an impacted Facebook user, what should you do to stay secure? Start by following these tips:

  • Change your account login information. Since this flaw logged users out, it’s vital you change up your login information. Be sure to make your next password strong and complex, so it will be difficult for cybercriminals to crack. It also might be a good idea to turn on two-factor authentication.
  • Update, update, update. No matter the application, it can’t be stressed enough how important it is to always update an app as soon as an update is available, as fixes are usually included with each version. Facebook has already issued a fix to this vulnerability, so make sure you update immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Announces Security Flaw Found in “View As” Feature appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/feed/ 0
Netflix Users: Don’t Get Hooked by This Tricky Phishing Email https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/#respond Tue, 25 Sep 2018 22:25:54 +0000 https://securingtomorrow.mcafee.com/?p=91938 If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last […]

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last week, fake Netflix emails have been circulating claiming there are issues with users’ accounts. But of course, there is no issue at all – only a phishing scam underway.

The headline in itself should be the first indicator of fraud, as it reads “Update your payment information!” The body of the fake email then claims that there’s an issue with a user’s account or that their account has been suspended. The email states that they need to update their account details in order to resolve the problem, but the link actually leads victims to a genuine-looking Netflix website designed to steal usernames and passwords, as well as payment details. If the victim updates their financial information, they are actually taken to the real Netflix home page, which gives this trick a sense of legitimacy.

In short – this phishing email scheme is convincing and tricky. That means it’s crucial all Netflix users take proactive steps now to protect themselves this stealthy attack. To do just that, follow these tips:

  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Go directly to the source. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal. You should be able to check their account status on the Netflix website, and determine the legitimacy of the request from there. If there’s still anything in question, feel free to call their support line and check about the notice that way as well.
  • Place a fraud alert. If you know your financial data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "8b4876aa-14b9-441d-a8b7-d62cc6a9e821",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1612609358087423-cropped.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1612609358087423-cropped.jpg",
"pubDate": "Tue 25 Sept 2018 12:35:48 +0000"
}
}

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/feed/ 0
Netflix Users: Don’t Get Hooked by This Tricky Phishing Email https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/#comments Tue, 25 Sep 2018 19:35:25 +0000 https://securingtomorrow.mcafee.com/?p=91643 If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last […]

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last week, fake Netflix emails have been circulating claiming there are issues with users’ accounts. But of course, there is no issue at all – only a phishing scam underway.

The headline in itself should be the first indicator of fraud, as it reads “Update your payment information!” The body of the fake email then claims that there’s an issue with a user’s account or that their account has been suspended. The email states that they need to update their account details in order to resolve the problem, but the link actually leads victims to a genuine-looking Netflix website designed to steal usernames and passwords, as well as payment details. If the victim updates their financial information, they are actually taken to the real Netflix home page, which gives this trick a sense of legitimacy.

In short – this phishing email scheme is convincing and tricky. That means it’s crucial all Netflix users take proactive steps now to protect themselves this stealthy attack. To do just that, follow these tips:

  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Go directly to the source. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal. You should be able to check their account status on the Netflix website, and determine the legitimacy of the request from there. If there’s still anything in question, feel free to call their support line and check about the notice that way as well.
  • Place a fraud alert. If you know your financial data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/feed/ 3
5 Ways to Protect Your Finances Online https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/#respond Mon, 24 Sep 2018 23:20:24 +0000 https://securingtomorrow.mcafee.com/?p=91945 Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security. This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. […]

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security.

This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. Regulations simply haven’t kept up, leaving security concerns up to the individual providers, and the consumers who use them.

To deal with issues like protecting customers’ data, privacy, and transactions, today’s fintech companies often use a patchwork of security software and tools. A recent survey found that many major financial service providers use between 100 and 200 disparate security solutions[1]. And these solutions rarely share threat intelligence. This can leave security teams overwhelmed, and customer information more vulnerable to data leaks and hacking.

In fact, research released earlier this year revealed that hackers are using “hidden tunnels” in the infrastructure used to transmit data between financial applications to conceal theft. This means that breaches could go weeks or months without detection, all while customer information is exposed.

Underscoring the problem, the financial services industry was recently named the most targeted sector for cyber attacks for the second year in a row. And, cyber attacks reported to the Financial Conduct Authority grew 80% in the last year.

This isn’t hard to believe given that last year seven of the U.K.’s largest banks, including Santander and HSBC, were forced to reduce operations or shut down systems all together after they were targeted in a coordinated denial of service (DoS) attack aimed at flooding servers with traffic.

Even though new regulations, like the European Union’s General Data Protection Regulation, are aimed at helping companies reduce security risks, and even fine them for privacy violations, there are still challenges when it comes to finding integrated solutions.

This means consumers have to be vigilant when it comes to protecting their money and information.

Here are 5 tips to protect your online finances:

  • Monitor your financial accounts & credit report—Regularly check your online bank statements and credit card accounts for any suspicious transactions.You’ll also want to review your credit scores once a quarter to make sure that no new accounts were opened in your name, without your permission. Check to see if your bank or credit card company offers free credit monitoring. You might also consider investing in an identity protection service, since these often include credit monitoring and will even reimburse you in the case of identity fraud or theft.
  • Use multi-layered security and alerts—Take advantage of advanced security tools if your providers offer them, such as multi-factor authentication. (Multi-factor means you provide two or more pieces of information to verify your identity before you can login to your account, such as typing a password and responding to a text message sent to your smartphone.)Also, many companies now offer free text or email alerts when a new charge is made, or when a change is made to any account information. Sign up for these to help monitor your accounts.
  • Do your homework—Before using a new financial service, make sure to research the Read other user’s reviews, and look into whether the company uses tools like encryption and multi-factor authentication to safeguard your data.
  • Don’t give away too much personal information—When we quickly sign up for accounts, sharing bank or identity information, we make it easy for the bad guys. Only share information that is absolutely necessary for the service you want to use.
  • Use comprehensive security—Just as fintech companies need to do their part, you have to do your part by using comprehensive security software.Make sure that all of your computers and devices are protected, including IoT devices. You may also want to look into new solutions that provide security at the network level.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1] Closing the Cybersecurity Gaps in Financial Services, a global survey from Ovum and sponsored by McAfee


{
"metadata": {
"id": "ba7ae803-1722-4e9f-98e7-8471653df0f5",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1613982001459115.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1613982001459115.jpg",
"pubDate": "Mon 24 Sept 2018 12:35:48 +0000"
}
}

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/feed/ 0
5 Ways to Protect Your Finances Online https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/#respond Mon, 24 Sep 2018 16:00:06 +0000 https://securingtomorrow.mcafee.com/?p=91578 Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security. This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. […]

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security.

This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. Regulations simply haven’t kept up, leaving security concerns up to the individual providers, and the consumers who use them.

To deal with issues like protecting customers’ data, privacy, and transactions, today’s fintech companies often use a patchwork of security software and tools. A recent survey found that many major financial service providers use between 100 and 200 disparate security solutions[1]. And these solutions rarely share threat intelligence. This can leave security teams overwhelmed, and customer information more vulnerable to data leaks and hacking.

In fact, research released earlier this year revealed that hackers are using “hidden tunnels” in the infrastructure used to transmit data between financial applications to conceal theft. This means that breaches could go weeks or months without detection, all while customer information is exposed.

Underscoring the problem, the financial services industry was recently named the most targeted sector for cyber attacks for the second year in a row. And, cyber attacks reported to the Financial Conduct Authority grew 80% in the last year.

This isn’t hard to believe given that last year seven of the U.K.’s largest banks, including Santander and HSBC, were forced to reduce operations or shut down systems all together after they were targeted in a coordinated denial of service (DoS) attack aimed at flooding servers with traffic.

Even though new regulations, like the European Union’s General Data Protection Regulation, are aimed at helping companies reduce security risks, and even fine them for privacy violations, there are still challenges when it comes to finding integrated solutions.

This means consumers have to be vigilant when it comes to protecting their money and information.

Here are 5 tips to protect your online finances:

  • Monitor your financial accounts & credit report—Regularly check your online bank statements and credit card accounts for any suspicious transactions.

    You’ll also want to review your credit scores once a quarter to make sure that no new accounts were opened in your name, without your permission. Check to see if your bank or credit card company offers free credit monitoring. You might also consider investing in an identity protection service, since these often include credit monitoring and will even reimburse you in the case of identity fraud or theft.

  • Use multi-layered security and alerts—Take advantage of advanced security tools if your providers offer them, such as multi-factor authentication. (Multi-factor means you provide two or more pieces of information to verify your identity before you can login to your account, such as typing a password and responding to a text message sent to your smartphone.)

    Also, many companies now offer free text or email alerts when a new charge is made, or when a change is made to any account information. Sign up for these to help monitor your accounts.

  • Do your homework—Before using a new financial service, make sure to research the Read other user’s reviews, and look into whether the company uses tools like encryption and multi-factor authentication to safeguard your data.
  • Don’t give away too much personal information—When we quickly sign up for accounts, sharing bank or identity information, we make it easy for the bad guys. Only share information that is absolutely necessary for the service you want to use.

  • Use comprehensive security—Just as fintech companies need to do their part, you have to do your part by using comprehensive security software.

    Make sure that all of your computers and devices are protected, including IoT devices. You may also want to look into new solutions that provide security at the network level.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1] Closing the Cybersecurity Gaps in Financial Services, a global survey from Ovum and sponsored by McAfee

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/feed/ 0
Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/#respond Tue, 18 Sep 2018 04:01:08 +0000 https://securingtomorrow.mcafee.com/?p=91553 We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all […]

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all now have ransomware campaigns named after them. But just how effective are these politically-themed threats and how do they impact users? Let’s break it down.

Just recently identified, the Obama ransomware campaign is a bit non-traditional in its approach. The threat only targets specific files on a user’s computer and actually attempts to stop some anti-malware products from doing their job. What’s more – the malware also uses a victim’s device to mine for cryptocurrency. Said to be created by the same cybercriminal group behind the Obama ransomware, the Trump ransomware variant is similar in its capabilities to the Obama variant, but is not nearly as developed.

Now, the ransomware campaign named after German leader Angela Merkel encrypts files using an extension dubbed .angelamerkel. It also demands Euros when making its ransom demand, so it stays pretty true to theme.

In short, all these ransomware campaigns are unique in their capabilities and objectives, similar to the politicians they are named for. Now, with all these strains out in the wild, what are the next steps for users wishing to stay protected from a ransomware attack? Start by following these tips:

  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

Want to learn more about Ransomware and how to defend against it? Visit our dedicated ransomware page.

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/feed/ 0
Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/#respond Mon, 17 Sep 2018 23:42:31 +0000 https://securingtomorrow.mcafee.com/?p=91961 We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all […]

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all now have ransomware campaigns named after them. But just how effective are these politically-themed threats and how do they impact users? Let’s break it down.

Just recently identified, the Obama ransomware campaign is a bit non-traditional in its approach. The threat only targets specific files on a user’s computer and actually attempts to stop some anti-malware products from doing their job. What’s more – the malware also uses a victim’s device to mine for cryptocurrency. Said to be created by the same cybercriminal group behind the Obama ransomware, the Trump ransomware variant is similar in its capabilities to the Obama variant, but is not nearly as developed.

Now, the ransomware campaign named after German leader Angela Merkel encrypts files using an extension dubbed .angelamerkel. It also demands Euros when making its ransom demand, so it stays pretty true to theme.

In short, all these ransomware campaigns are unique in their capabilities and objectives, similar to the politicians they are named for. Now, with all these strains out in the wild, what are the next steps for users wishing to stay protected from a ransomware attack? Start by following these tips:

  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "11f9b5ff-5988-404c-80ad-ccf1bea47810",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611908913354303-small.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611908913354303-small.jpg",
"pubDate": "Mon 17 Sept 2018 12:35:48 +0000"
}
}

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/feed/ 0
Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/#respond Fri, 14 Sep 2018 00:14:09 +0000 https://securingtomorrow.mcafee.com/?p=91970 A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. […]

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. And now, this exact scenario has come to life, as news emerged this week about a flaw in both Safari and Microsoft’s Edge browser that could expose users to a cyberattack.

You know how when you type in a URL into your web browser, it can often take a few seconds to load? This flaw relies on exactly that. While a safe URL is loading, a cybercriminal could actually edit and update the address bar and redirect users to a potentially malicious website. Essentially, a hacker could send a user to an attack site of their choosing and make the user believe they’re still accessing a safe site.

Of course, the security researcher who discovered the vulnerability informed both Microsoft and Apple and waited 90 days until publishing his report about the flaw. As of now, Microsoft has issued a fix, but Apple has not.

So, what can internet users do next to ensure they don’t fall victim to a cyberattack that leverages this flaw? Start by following these tips

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a user’s computer. Now that this vulnerability has been disclosed, it’s important that you keep a close eye on your computer until you apply any necessary updates.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Microsoft’s patch is already available, and the Apple patch is hopefully on the way. If you tend to forget to update your browser, a simple trick is just turning on automatic update.
  • Remain alert of malicious sites. It can be challenging to successfully identify malicious sites when you’re on them, especially with a flaw such as this one out there. That’s why you should utilize a solution such as McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, without impacting your browsing performance or experience.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "fc4bf199-a260-4372-942d-dbb74750bf68",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611519512177491-small.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611519512177491-small.jpg",
"pubDate": "Wed 10 Oct 2018 12:35:48 +0000"
}
}

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/feed/ 0
Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/#respond Thu, 13 Sep 2018 18:49:47 +0000 https://securingtomorrow.mcafee.com/?p=91483 A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. […]

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. And now, this exact scenario has come to life, as news emerged this week about a flaw in both Safari and Microsoft’s Edge browser that could expose users to a cyberattack.

You know how when you type in a URL into your web browser, it can often take a few seconds to load? This flaw relies on exactly that. While a safe URL is loading, a cybercriminal could actually edit and update the address bar and redirect users to a potentially malicious website. Essentially, a hacker could send a user to an attack site of their choosing and make the user believe they’re still accessing a safe site.

Of course, the security researcher who discovered the vulnerability informed both Microsoft and Apple and waited 90 days until publishing his report about the flaw. As of now, Microsoft has issued a fix, but Apple has not.

So, what can internet users do next to ensure they don’t fall victim to a cyberattack that leverages this flaw? Start by following these tips

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a user’s computer. Now that this vulnerability has been disclosed, it’s important that you keep a close eye on your computer until you apply any necessary updates.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Microsoft’s patch is already available, and the Apple patch is hopefully on the way. If you tend to forget to update your browser, a simple trick is just turning on automatic update.
  • Remain alert of malicious sites. It can be challenging to successfully identify malicious sites when you’re on them, especially with a flaw such as this one out there. That’s why you should utilize a solution such as McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, without impacting your browsing performance or experience.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/feed/ 0
A Look Back at the Equifax Data Breach, One Year Later https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/#respond Tue, 04 Sep 2018 22:00:23 +0000 https://securingtomorrow.mcafee.com/?p=91417 WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take […]

The post A Look Back at the Equifax Data Breach, One Year Later appeared first on McAfee Blogs.

]]>
WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take a look back on the impact of the Equifax data breach, what it all means for consumers, and the current state of identity theft.

Equifax reported that the breach exposed as many as 147.9 million consumer accounts, potentially compromising information such as names, dates of birth, addresses, and Social Security numbers.

To its credit, Equifax launched a program to alert potentially affected consumers that their data may have been exposed, and offered a free year subscription to its credit monitoring service, TrustID.

Unfortunately, identity theft breaches are not an uncommon occurrence. Such incidents are up 44% overall with 1,579 reports last year, and there are likely even more that went unreported. Exposed records due to data breaches are up 389%. Roughly 179 million records have been stolen, with 14.2 million credit card numbers exposed in 2017, an 88% increase over 2016. What’s more, 158 million Social Security numbers were exposed last year, an increase of more than 8 times from 2016. And all this theft has added up – consumers reported $905 million in total fraud losses last year, a 21% increase. So, it only makes sense that identity theft ranked as roughly 14% of all consumer complaints to the FTC last year.

However, despite all the publicity about major data breaches, consumers have done very little or have changed very little largely due to optimism bias. In fact, a recent McAfee survey shows that despite increased consumer concerns, only 37% of individuals use an identity theft protection solution and 28% have no plans to sign up for an ID theft protection solution.

So now the next question is, what should consumers do to protect themselves against identity theft? Start by following these tips:

  • Place a fraud alert. If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post A Look Back at the Equifax Data Breach, One Year Later appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/feed/ 0
The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/#respond Fri, 31 Aug 2018 16:44:53 +0000 https://securingtomorrow.mcafee.com/?p=91320 When we think about credit cards, we usually think of our own – what we use them for, how our credit is doing, and most importantly, that they remain in our hands and not in that of a cybercriminal. But something many parents forget – the cyberthreats that could potentially impact our financial information could […]

The post The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know appeared first on McAfee Blogs.

]]>
When we think about credit cards, we usually think of our own – what we use them for, how our credit is doing, and most importantly, that they remain in our hands and not in that of a cybercriminal. But something many parents forget – the cyberthreats that could potentially impact our financial information could very well impact our children’s, given they have credit cards of their own. As a matter of fact, there’s a new law that helps parents with exactly that – protecting their kids’ credit, amongst a few other things. It’s called the Economic Growth, Regulatory Relief and Consumer Protection Act, and it takes effect on September 21st of this year.

So, what does this law mean for parents and their kids? With this law, free credit freezes will be available for anyone – including children under the age of 16 – in the country (currently, there may be fees depending on state laws). That way, if a cybercriminal tries to open up an account with a minor’s information, the impacted family can freeze that account immediately. Additionally, it will extend fraud alerts from 90 days to a full year.

As a result of this law, Equifax, Experian, and TransUnion will each set up a web page for requesting fraud alerts and credit freezes. The FTC will also post links to those web pages on IdentityTheft.gov.

So, with this law coming into effect in no time, what next steps should parents take to reap its benefits? Start by following these tips:

  • Find out if your child has a credit report. First and foremost, head here and go to the ‘Child Identity Theft’ section. It will have instructions on how to find out if your child has a credit report. Most young children shouldn’t have credit files, but if they do, the page includes contact information for credit agencies and advice on how to freeze credit.
  • Keep the record of freezes in a safe place. If you do have to freeze a credit report, keep the records stored in a safe place. Make sure your family can find it when needed, and a crook can’t access it.
  • Invest in an identity theft monitoring and recovery solution. The best way to protect you or a family member from identity theft is by being proactive. That’s precisely why you should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/feed/ 0
Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/#respond Wed, 29 Aug 2018 16:44:05 +0000 https://securingtomorrow.mcafee.com/?p=91295 Back in June, Fortnite fans, hopeful for an Android version of the game, were teased with fake apps, which were in turn part of a cybercriminal’s scheme. Fast forward to present day, and their prayers have been answered, as a real Android version of the popular game has been released. However, a recently revealed flaw […]

The post Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability appeared first on McAfee Blogs.

]]>
Back in June, Fortnite fans, hopeful for an Android version of the game, were teased with fake apps, which were in turn part of a cybercriminal’s scheme. Fast forward to present day, and their prayers have been answered, as a real Android version of the popular game has been released. However, a recently revealed flaw in the app is raining on their parade, as Google security researchers have revealed this week that the Fortnite Android app is vulnerable to man-in-the-disk (MitD) attacks.

For some context, a man-in-the-disk (MitD) attack is rooted in an app’s ability to use ‘External Storage,’ which is one of the two types of data storage methods supported by the Android OS. With this attack, a cybercriminal can watch a particular app’s External Storage space and tamper with the data stored in this storage space since its shared by all apps.

Now, you may be wondering how does this work with this new Fortnite Android app vulnerability? This recently disclosed vulnerability allows for malicious apps (that are already installed on a user’s phone) to hijack the Fortnite app’s installation process and download other malicious apps. This means a hacker could essentially install any nasty software they wanted on to a victim’s phone. And according to recent McAfee research, this is precisely what some parents fear when their children game online. In fact, 52% worry about cybercriminals hacking gaming accounts.

Fortunately, Epic Games is already on the case. The major video game company has already released version 2.1.0 of this application, which patches this vulnerability. However, Fortnite users must still take a few important security steps of their own in order to protect themselves from this attack. If you’re a Fortnite gamer, be sure to follow these tips:

  • Update, update, update. No matter the application, it can’t be stressed enough how important it is to always update your app as soon as an update is available. Patches (like the one released by Epic Games) are typically included with every update.
  • Clean house. Given this hack relies on preexisting malicious apps a victim’s phone, do your due diligence and clean up the applications on your device. This means deleting any old apps you don’t use, or ones that you may have downloaded from outside an official app store. If you’re unsure if an application is secure or not, do some research – conduct a quick google search or scan through the app’s review section on an app store and see if it has had any issues with security.
  • Use a mobile security solution. As app vulnerabilities such as this one continue to impact mobile users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/feed/ 0
Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/#respond Wed, 22 Aug 2018 04:01:46 +0000 https://securingtomorrow.mcafee.com/?p=91030 If you use social media, you love posting pictures of your life and all the people in it. More often than not, those people in your posts are your family. In fact, social media has become a way many parents show their pride and document their children as they grow and move through life. In […]

The post Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey appeared first on McAfee Blogs.

]]>
If you use social media, you love posting pictures of your life and all the people in it. More often than not, those people in your posts are your family. In fact, social media has become a way many parents show their pride and document their children as they grow and move through life. In fact, 30% of parents report posting a photo of their child(ren) to social media at least once per day. To find out if parents actually get permission from their kids to post this content, and how that posting affects children’s privacy, we chatted with 1,000 parents of children ages 1 month to 16 years old in the U.S. and conducted what we call our Age of Consent survey*. Let’s take a look at the findings.

As it turns out, most parents (58%) do not ask for permission from their children before posting images of them on social media. Of those parents who do not ask for permission, 22% think that their child is too young to provide permission, and another 19% claim that it’s their own choice, not their child’s choice.

However, almost three quarters (71%) of parents agree that the images they share online could end up in the wrong hands. According to these parents, the biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%). Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

And yet, despite understanding the risks associated with sharing photos and videos online, most of these parents still post all the same. This begs that question – why aren’t these parents taking action to protect their family’s online security? The good news is they can start right now, by following these security tips:

  • Think before you post. Before posting a picture on social media, ensure that there is nothing in the photo that could be used as an identifier like birthdates, visible home addresses, school uniforms, financial details or passwords in the photo. Parents should ask themselves if this is a photo that they would be ok with a stranger seeing. 
  • Watch out for geotagging. Many social networks will tag a user’s location when a photo is uploaded. Parents should ensure this feature is turned off so as not to give away their current location. This is especially important when posting photos away from home.
  • Lock down privacy settings. Parents should make sure to only share photos and other social media posts with their intended audience. Services like Facebook and Instagram have features that allow you to share posts with only the people you are connected to/friends with.
  • Set ground rules with friends and family. Be clear with friends and family about guidelines when posting about your children. These rules can help avoid unwanted situations where a family member has shared photos without explicit permission.
  • Use an identity theft protection service. As the number of reported data breaches continue to rise, so too does the possibility of identity theft. An identity theft protection solution like McAfee Identity Theft Protection can help consumers proactively protect their identity and keep their personal information secured from misuse.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

*Survey Methodology: McAfee commissioned OnePoll to conduct a survey of 1,000 parents of children ages 1 month to 16 years old in the U.S.

The post Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/feed/ 0
Access Denied! New Instagram Hack Kicks Users Out of Their Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/#respond Wed, 15 Aug 2018 16:12:15 +0000 https://securingtomorrow.mcafee.com/?p=90958 Instagram is undoubtedly one of, if not the most popular social media platform among users today. Everyone from celebrities to young teens use it to post images of their day-to-day lives. And now, according to Mashable, hundreds of these users have reported having their Instagram accounts hacked. The attack logs them out of their account […]

The post Access Denied! New Instagram Hack Kicks Users Out of Their Accounts appeared first on McAfee Blogs.

]]>
Instagram is undoubtedly one of, if not the most popular social media platform among users today. Everyone from celebrities to young teens use it to post images of their day-to-day lives. And now, according to Mashable, hundreds of these users have reported having their Instagram accounts hacked. The attack logs them out of their account and changes their personal details on the platform.

This hack started popping up in early August when users began to report all the same issues with their account — they’re suddenly logged out, their handles and profile pictures are changed (usually to a Disney or Pixar character), and their bios are deleted. When these social media fans try to reset their password, they find that the account has been linked to a new email address with a Russian domain and a random phone number has been associated with the account.

This makes it particularly difficult for users to gain control over their accounts, as Instagram’s support messages now go to the new email address. However, beyond locking these people out of their accounts, the hackers haven’t done any other damage, such as deleting old photos or posting any new ones.

From tweeting at Instagram’s official Twitter account to just starting a brand-new account – these unlucky Instagram users are now taking whatever next steps they can to get back on their favorite social media platform. However, there’s still more to be done. To ensure both their online social media activity and personal information remain secure from this attack, these users should follow these security tips:

  • Enable two-factor authentication. Though it’s not known yet how these hackers were able to get inside of these accounts, make note you can always add some extra armor on your online accounts by enabling two-factor authentication. Now, two-factor authentication cannot be treated as the be-all and end-all when it comes to your online security, but it does help. Just by adding the extra layer of security, you’ll put yourself in a better position to avoid attacks such as this one.
  • Change up your login information to other accounts. Some people have a bad habit of using the same password and email combination across multiple accounts. If this is the case for the account login information you use for Instagram, it’s best to go ahead and mix up the login information on any other account that uses either the same email or password.
  • Make your passwords strong. When you’re making your new passwords, make sure they’re strong and difficult to guess in the chance cybercriminals try to come after additional accounts. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Access Denied! New Instagram Hack Kicks Users Out of Their Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/feed/ 0
Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/#respond Fri, 10 Aug 2018 18:46:15 +0000 https://securingtomorrow.mcafee.com/?p=90803 Fore! That’s not a ball hitting the 9th hole, that’s a ransomware attack. You heard correctly – the PGA (Professional Golfers’ Association) was hit with a ransomware attack this week, just days ahead of its annual championship tournament. Specifically, the attack was on the PGA’s computer servers, and is keeping officials from accessing files, such […]

The post Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship appeared first on McAfee Blogs.

]]>
Fore! That’s not a ball hitting the 9th hole, that’s a ransomware attack. You heard correctly – the PGA (Professional Golfers’ Association) was hit with a ransomware attack this week, just days ahead of its annual championship tournament. Specifically, the attack was on the PGA’s computer servers, and is keeping officials from accessing files, such as numerous PGA banners, logos, and signage, for the PGA Championship 2018.

Though it’s unsure how the crooks were able to get inside the PGA’s system, they have made their motives clear. Per Golfweek’s report, the cybercriminals left a message for the PGA staff, stating, “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm.” “Any attempt to break the encryption could cause the loss of all of the work. This may lead to the impossibility of recovery of certain files,” the message threatened. They also included a Bitcoin wallet number for the PGA, however, the organization has yet to put anything in there.

That means, as of now, the PGA is still without access to a few of their promotional materials as their tournament is underway. However, the 2018 championship is still carrying on successfully, as planned.

Now, what can we take away from this situation? The tournament is still running smoothly, even despite the disruption from hackers. So, take a page out of PGA’s book – stand up to cybercriminals and don’t pay the ransom. Beyond not paying the ransom, here are a few additional security tips to follow if you’re ever faced with a ransomware attack on your personal device:

  • Keep your devices up-to-date. Though it’s not exactly known how cybercriminals gained access to the PGA’s systems, usually, ransomware attacks depend on a known vulnerability. So, make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/feed/ 0
5 Tips To Protect Your IoT Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/#respond Thu, 09 Aug 2018 22:45:44 +0000 https://securingtomorrow.mcafee.com/?p=90805 Do you think as yourself as living in a “smart home”? If you look around you may notice that you are surrounded by internet-connected, computing devices, including IP cameras, speakers, doorbells, and even refrigerators. These physical products embedded with electronics and software are generally referred to as the Internet of Things (IoT). IoT products differ […]

The post 5 Tips To Protect Your IoT Devices appeared first on McAfee Blogs.

]]>
Do you think as yourself as living in a “smart home”? If you look around you may notice that you are surrounded by internet-connected, computing devices, including IP cameras, speakers, doorbells, and even refrigerators. These physical products embedded with electronics and software are generally referred to as the Internet of Things (IoT).

IoT products differ from dedicated tech devices, like computers, smartphones and tablets, in that their primary function is to do offline tasks, which are enhanced by connecting to the internet. An internet-enabled car, for instance, is still made for driving, but it can also potentially connect to the driver’s device and home electronics, make phone calls, and display cameras.

There’s no doubt that the Internet of Things can make our lives more convenient (just think how easy it is to ask an interactive speaker to place an order online), but it also opens us up to new risks. This is because most IoT devices lack built-in security features, making them vulnerable to malware and hacking.

Take the 2016 Mirai botnet attack, which took down a large part of the internet on the East Coast. This botnet was actually made up of 2.5 million compromised IoT devices, such as webcams and routers, which were infected by malware programmed to guess default passwords. The combined power of these IoT devices was then used to flood the internet’s Domain Name System servers with traffic, crippling the internet’s address book.

And since Mirai, IoT attacks have increased substantially both in number and sophistication. The IoT_Reaper malware, for instance, leveraged nine different vulnerabilities in webcams and routers to infect millions of devices, creating a massive army of “bots” that could potentially be used to launch attacks.

These threats are increasing at the same time as our thirst for more connected devices is growing. Everything from smart thermostats to interactive eyeglasses are expected to make up the 20.8 billion connected devices that are predicted to exist in consumer homes by 2020.

The more connected devices we have in our homes and lives, the more opportunities cybercriminals have to infiltrate our networks, and reach other data-rich devices. This can potentially put your private and financial information at risk, not to mention your privacy.

So, what can we as consumers do to protect our data and devices, while enjoying all the convenience that IoT brings?

Here are some important IoT Safety Tips:

  • Research before you buy—Look for devices that have built-in security features, when possible, and check other users’ reviews before you buy to see if there are any issues, such as known exploits or vulnerabilities, that you should know about.
  • Change Default Passwords—As soon as you bring a new connected device home make sure you change the default password to something hard to guess. This is because cybercriminals often know these default settings and can use them to access your devices. If the device has advanced security options, take advantage of them.
  • Keep them separate—Consider setting up a separate network just for your IoT devices. This way, even if a device is compromised the attacker will not be able to leapfrog to other data-rich devices on the same network, like computers and smartphones. Check your router’s user manual to learn how to setup a second, or “guest” network. Or, consider investing in a network that has built-in protection for IoT devices. Security is now being integrated into home routers, providing first-line protection for all the devices connected to the network.
  • Keep your firmware up-to-date—Manufacturers often release software updates to protect against potential vulnerabilities and upgrade features. Set your device to auto-update, if you can, so you always have the latest software.
  • Use comprehensive security software—Keep all your computers and devices protected by using robust security software that can help safeguard your private information and stop known threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips To Protect Your IoT Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/feed/ 0
Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/#respond Wed, 08 Aug 2018 00:46:45 +0000 https://securingtomorrow.mcafee.com/?p=90774 Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive […]

The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.

]]>
Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive cryptojacking campaign that’s targeting MikroTik routers.

The attack first finds its footing by taking advantage of a vulnerability within MikroTik routers. Once it leverages the flaw, the attack changes the devices’ configuration to inject Coinhive cryptocurrency mining malware into users’ web traffic. For context, Coinhive is a cryptocurrency mining service. Set up as a legitimate service, Coinhive is unfortunately often used by cybercriminals to hack websites and cryptojack users, aka steal the processing power of their devices to mine for cryptocurrency without their consent.

Which is precisely what’s happening to over 200,000 MikroTik customers, largely in Latin America. However, the attack has the potential to start spreading all over the world, given there are 1.7 million MikroTik routers all over.

Now, the next question is – what can these MikroTik users do to protect themselves from this attack? Start by following these proactive security tips:

  • Update your router’s firmware. MikroTik actually patched this vulnerability back in April, but that doesn’t necessarily mean that users applied the required patch. Therefore, this attack is a reminder of just how important it is to regularly update your router’s firmware, as these fixes are typically included within each update.
  • Check online notices. When made aware of vulnerabilities, manufacturers will notify the public, as well as make them aware of incoming fixes. Therefore, scan technical service bulletins or notices on a company site so that if a vulnerability does pop up with your router, you can learn what to do to help your device stay secure.
  • Secure your home’s internet at the source. Your home router allows your entire family to connect to the internet. If it’s vulnerable, your internet activity can be compromised as a result – just like with this MikroTik attack. So, be sure to use a router with built-in security like McAfee Secure Home Platform, which provides protection against threats at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/feed/ 0
The Reddit Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/#respond Wed, 01 Aug 2018 23:28:29 +0000 https://securingtomorrow.mcafee.com/?p=90653 With the tagline, “giving you the best of the internet in one place,” Reddit is a popular website designed for discussion, news aggregation, and the creation of social content. Boasting over 330 million users, the platform is characterized by an engaged community. Which also means it contains treasure troves of consumer data. Unfortunately, there’s now […]

The post The Reddit Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
With the tagline, “giving you the best of the internet in one place,” Reddit is a popular website designed for discussion, news aggregation, and the creation of social content. Boasting over 330 million users, the platform is characterized by an engaged community. Which also means it contains treasure troves of consumer data. Unfortunately, there’s now a chance that information has been exposed, as Reddit announced today that its systems were hacked at some point earlier this summer.

Announcing the breach on its r/announcements section, Reddit informed users that its internal systems were accessed by attackers sometime between June 14th to June 18th. The cybercriminals managed to bypass the SMS-based two-factor authentication the company had in place to access user data. This information includes some current email addresses and a 2007 database backup containing old salted and hashed passwords (meaning, passwords that haven’t been stored in plaintext). Additionally, email digests sent in June 2018 were also accessed by the hackers as well.

Now, the amount the impacted emails and passwords is not yet exactly known, but it’s crucial Reddit users (particularly those who joined by 2007) start taking steps now to secure their personal security. Start by following these tips:

  • Change up your password. If you joined Reddit in 2007 or before, you should change up your password immediately. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Avoid common and easy to crack passwords like “12345” or “password.”
  • Keep an eye out for sketchy emails and messages. If you received an email from a Reddit digest in June, then there’s a chance the hacker has your email address. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Don’t solely rely on SMS two-factor authentication (2FA). If anything, we can all learn a lesson from this Reddit breach – we can’t solely rely on SMS two-factor authentication anymore to secure our data. In fact, SMS is one of the weakest forms of 2FA. If you wish to lock down your data on your devices, it’s best to use app-based two-factor authentication, such as Google Authenticator.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Reddit Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/feed/ 0
5 Tips for Managing Your Digital Footprint and Online Reputation https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/#respond Wed, 01 Aug 2018 18:38:58 +0000 https://securingtomorrow.mcafee.com/?p=90642 Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not. Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information […]

The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.

]]>
Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not.

Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information you intentionally post to promote yourself, such as online resumes and professional profiles. This is why you should take some time to manage your online reputation.

A recent study by CareerBuilder found that 70% of employers use search engines and social media to screen candidates. What’s more, 54% of employers surveyed said that they reconsidered candidates after getting a bad impression of them online.

This situation should be especially concerning for younger adults who are entering the job market for the first time, after years of carefree posting.

And if you think that once you have a job you can forget about looking after your digital footprint, think again. Employers also said that they check employees’ online presence when considering promotions.

Even colleges and universities rely on social media checks to get a better sense of applicants, according to a recent survey of admissions officers.

Of course, having a negative online presence is one problem, but having no presence at all is an even bigger red flag, so don’t start deleting profiles and accounts, or making everything “private”.

Over half of employers surveyed said that they are less likely to interview a candidate with no visible presence online. In this age, everyone is expected to have a digital footprint—it’s what that footprint says about you that matters the most.

So, how do you make sure that your digital footprint gives a good impression of you?

Here are some important tips:

  • Start Online Awareness Early—It’s easier to build a positive digital footprint from a young age, than to clean up a questionable presence later on. (When you consider that many kids get a smartphone at the age of 10, editing 8 years of online activity before college could be a real chore!) Talk to your kids about the importance of giving a positive impression online before they engage. When you do decide to let your kids connect, make sure to use parental controls that limit the kinds of content they can access, and protects them from online threats.
  • Be cautious about over-sharing—Yes, social media was made for sharing, but try to avoid venting online or engaging in heated arguments. If you have a problem with someone, talk it out offline.
  • Turn off tagging—Just because you’re paying attention to your online reputation, doesn’t mean your friends are. Being “tagged” in photos or videos you didn’t post could leave you open to the wrong impressions. That’s why it’s best to turn off tagging in your social media settings.
  • Keep positive content public—If you have a great online presence, sharing your accomplishments and skills, make sure to make the posts public. This goes for your social channels, as well as your professional profiles.
  • Be yourself, but speak clearly and respectfully—Show your unique personality and creativity, since people respond to genuineness But remember to be articulate in the process. Check posts for spelling or grammar errors before you hit “send”, and avoid offensive language. When commenting on other people’s posts, do it respectfully.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/feed/ 0
Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/#respond Tue, 31 Jul 2018 18:42:02 +0000 https://securingtomorrow.mcafee.com/?p=90624 More and more, ransomware attacks are targeting one specific industry – health care. As detailed in our McAfee Labs Threats Report: March 2018, health care experienced a dramatic 210% overall increase in cyber incidents in 2017. Unfortunately, 2018 is showing no signs of slowing. In fact, just this week it was revealed that patient records […]

The post Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach appeared first on McAfee Blogs.

]]>
More and more, ransomware attacks are targeting one specific industry – health care. As detailed in our McAfee Labs Threats Report: March 2018, health care experienced a dramatic 210% overall increase in cyber incidents in 2017. Unfortunately, 2018 is showing no signs of slowing. In fact, just this week it was revealed that patient records from the Missouri-based Blue Springs Family Care have been compromised after cybercriminals attacked the provider with a variety of malware, including ransomware.

Though it’s not entirely sure yet how these attackers gained access, their methods were effective. With this attack, the cybercriminals were able to breach the organization’s entire system, making patient data vulnerable. The attack resulted in 44,979 records being compromised, which includes Social Security numbers, account numbers, driver’s licenses, disability codes, medical diagnoses, addresses, and dates of birth.

The company’s official statement notes, “at this time, we have not received any indication that the information has been used by an unauthorized individual.”  However, if this type of data does become leveraged, it could be used by hackers for both identity and medical fraud.

So, with a plethora of personal information out in the open – what should these patients do next to ensure their personal data is secure and their health information is private? Start by following these tips:

  • Talk with your health provider. With many cyberattacks taking advantage of the old computer systems still used by many health care providers, it’s important to ask yours what they do to protect your information. What’s more, ask if they use systems that have a comprehensive view of who accesses patient data. If they can’t provide you with answers, consider moving on to another practice that has cybersecurity more top of mind. 
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Keep your eyes on your health bills and records. Just like you pay close attention to your credit card records, you need to also keep a close eye on health insurance bills and prescription records, which are two ways that your health records can be abused. Be vigilant about procedure descriptions that don’t seem right or bills from facilities you don’t remember visiting.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

 And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/feed/ 0
Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/#respond Wed, 25 Jul 2018 18:56:01 +0000 https://securingtomorrow.mcafee.com/?p=90529 Similar to smartphones and computers, Bluetooth is one of the modern-day pieces of tech that has spread wide and far. Billions of devices of all types around the world have the technology woven into their build. So when news about the BlueBorne vulnerabilities broke back in late 2017, everyone’s ears perked up. Fast forward to […]

The post Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug appeared first on McAfee Blogs.

]]>
Similar to smartphones and computers, Bluetooth is one of the modern-day pieces of tech that has spread wide and far. Billions of devices of all types around the world have the technology woven into their build. So when news about the BlueBorne vulnerabilities broke back in late 2017, everyone’s ears perked up. Fast forward to present day and a new Bluetooth flaw has emerged, which affects devices containing Bluetooth from a range of vendors—including Apple, Intel, Google, Broadcom, and Qualcomm.

Whether it’s connecting your phone to a speaker so you can blast your favorite tunes, or pairing it with your car’s audio system so you can make phone calls hands-free, the pairing capabilities of Bluetooth ensures the technology remains wireless. And this bug affects precisely that — Bluetooth’s Secure Simple Pairing and Low Energy Secure Connections, which are capabilities within the tech designed to assist users with pairing devices in a safe and secure way.

Essentially, this vulnerability means that when data is sent from device to device over Bluetooth connections, it is not encrypted, and therefore vulnerable. And with this flaw affecting Apple, Google and Intel-based smartphones and PCs, that means millions of people may have their private data leaked. Specifically, the bug allows an attacker that’s within about 30 meters of a user to capture and decrypt data shared between Bluetooth-paired devices.

Lior Neumann, one of the researchers who found the bug, stated, “As far as we know, every Android—prior to the patch published in June—and every device with a wireless chip from Intel, Qualcomm or Broadcom is vulnerable.” That includes iPhone devices with a Broadcom or Qualcomm chip as well.

Fortunately, fixes for this bug within Apple devices have already been available since May with the release of iOS 11.4. Additionally, two Android vendors, Huawei and LG, say they have patched the vulnerability as well. However, if you don’t see your vendor on this list, or if you have yet to apply the patches – what next steps should you take to secure your devices? Start by following these tips:

  • Turn Bluetooth off unless you have to use it. Affected software providers have been notified of these vulnerabilities and are working on fixing them as we speak. But in the meantime, it’s crucial you turn off your Bluetooth unless you absolutely must use it. To do this on iOS devices, simply go to your “Settings”, select “Bluetooth” and toggle it from on to off. On Android devices, open the “Settings” app and the app will display a “Bluetooth” toggle button under the “Wireless and networks” subheading that you can use to enable and disable the feature.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Patches for iOS and some Android manufacturers are already available, but if your device isn’t on the list, fear not – security patches for additional providers are likely on their way.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/feed/ 0
iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/#respond Wed, 18 Jul 2018 17:17:02 +0000 https://securingtomorrow.mcafee.com/?p=90426 The iPhone and many of the apps designed to live on the device have the ability to track our location. Whenever they set up these apps, however, users get the option to opt in or out of location tracking services. But what happens when a malicious campaign doesn’t give users the option to opt of […]

The post iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location appeared first on McAfee Blogs.

]]>
The iPhone and many of the apps designed to live on the device have the ability to track our location. Whenever they set up these apps, however, users get the option to opt in or out of location tracking services. But what happens when a malicious campaign doesn’t give users the option to opt of having their location tracked by cybercriminals? In fact, just this week, it has been discovered that iPhone users may be faced with that very possibility, as a sophisticated mobile malware campaign is gaining access to devices by tricking users into downloading an open-source mobile device management (MDM) software package.

First, let’s back up – how does a mobile device management software package work, exactly? Well, according to Continuum, Mobile device management (MDM) is a type of software used by an IT department to monitor, manage, and secure employees’ mobile devices. Therefore, once hijacked by hackers, this software could be used to gain almost complete access to a mobile device.

So, with this malicious MDM campaign, cybercriminals can gain access to a device and steal various forms of sensitive information, including the phone number, serial number, location, contact details, user’s photos, SMS messages, and Telegram and WhatsApp chat messages.

As of now, it’s not entirely clear how this campaign is being spread – though many signs point to social engineering. So, given the information we do know – the next question is what should iPhone users do next to stay secure? Start by following these tips:

  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Turn off location services. It’s one thing for a cybercriminal to have ahold of your data, but it’s another thing entirely if they have the ability to track your location. This hack could not only impact your digital security but your physical security as well. So, turn off the location services immediately on your phone – that way if they gain access to your device, they won’t be able to track you.
  • Use a mobile security solution. As schemes like this MDM campaign continue to impact mobile users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/feed/ 0
Major International Airport’s Security System Found for Sale on Dark Web RDP Shop https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/#respond Wed, 11 Jul 2018 13:01:56 +0000 https://securingtomorrow.mcafee.com/?p=90281 The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One […]

The post Major International Airport’s Security System Found for Sale on Dark Web RDP Shop appeared first on McAfee Blogs.

]]>
The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One type of marketplace is called a remote desktop protocol (RDP) shop, which provides access to stolen systems for a small fee. Found in one of these RDP shops by McAfee’s ATR team: a major international airport’s security and building automation systems, which could be purchased for only $10 USD.

You might be wondering – what does “access” mean in this scenario? Just like Spotify and Apple Music sell access to artist’s songs, or a gym sells access to their exercise machines, the dark web can sell remote access to hacked machines through these RDP shops. Once access is purchased, crooks can obtain logins to a victim’s computer system and essentially have full control of it.

Now, the McAfee ATR team is not exactly sure how the cybercriminals got their hands on these systems. But they do know that once something like an airport security system is purchased, crooks can do serious damage. This access could allow cybercriminals to do essentially anything they want – create false alerts to the internal security team, send spam, steal data and credentials, mine for cryptocurrency, or even conduct a ransomware attack on the organization.

So, what happens if your information was potentially compromised in the sale of one of these systems on the dark web? To protect your personal data from larger cybercriminal schemes that originate from RDP shops, be sure to follow these tips: 

  • Be selective about what you share. The best way to control where your information goes is by reducing the sources you share it with. That means not providing your personal information to every app, network, or system that asks for it. Be strict and diligent, and only provide something with information when it’s crucial to the service or experience it provides.
  • Set up an alert. Compromised information could potentially include financial data. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft monitoring and recovery solution. If enough personal data becomes compromised by cybercriminals accessing stolen systems, users could be potentially faced with the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Major International Airport’s Security System Found for Sale on Dark Web RDP Shop appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/feed/ 0
Popular Social Media App Timehop Hit With Huge Data Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/#respond Tue, 10 Jul 2018 16:41:47 +0000 https://securingtomorrow.mcafee.com/?p=90274 The Fourth of July is characterized by barbeques, fireworks, and patriotism – and now cyberattacks! Just this past Independence Day, the popular social media app Timehop was hacked – as cybercriminals set their sights on the company’s servers, rather than enjoying hot dogs and sparklers. The attack affects a whopping 21 million Timehop users and […]

The post Popular Social Media App Timehop Hit With Huge Data Breach appeared first on McAfee Blogs.

]]>
The Fourth of July is characterized by barbeques, fireworks, and patriotism – and now cyberattacks! Just this past Independence Day, the popular social media app Timehop was hacked – as cybercriminals set their sights on the company’s servers, rather than enjoying hot dogs and sparklers. The attack affects a whopping 21 million Timehop users and has put their personal information at risk of being compromised.

The key ingredient for this attack: multi-factor authentication. Or, lack thereof. Hackers were able to access the company’s cloud servers on July 4th because Timehop had not turned on multi-factor authentication. “The breach occurred because an access credential to our cloud computing environment was compromised,” the company said. Once they obtained the credential to access the servers, the crooks managed to remain inside the system for approximately two hours.

In a company blog post, Timehop stated that the security breach compromised the names and emails of these 21 million users, which is essentially its entire user base. And 4.7 million of those affected users had a phone number that was attached to their account breached in the attack as well. Fortunately, Timehop says that no financial data was compromised in the attack, and all access to social media platforms was deactivated immediately by Timehop, which actually logged all users out of their accounts.

This breach joins the Exactis and Adidas breaches that have occurred in the past week, leaving millions of consumers out there concerned for their personal security. So, what next steps should Timehop users take to ensure they secure their personal information? Start by following these tips:

  • Change up your passwords. With this personal data already in hand, it’s likely cybercriminals are going to take a guess at your password and attempt to get inside your Timehop account. Therefore, make sure you change up your password to Timehop and any other accounts that use the same one.
  • Use two-factor authentication. If this breach has made anything clear, it’s that we cannot rely on passwords that use single-factor authentication to protect our accounts. Learn a lesson from Timehop and always enable two-factor authentication when given the option.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Popular Social Media App Timehop Hit With Huge Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/feed/ 0
Attention Gmail Users: App Developers Can Potentially Read Your Private Emails https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/#respond Tue, 03 Jul 2018 22:25:40 +0000 https://securingtomorrow.mcafee.com/?p=90222 Email has been the norm for decades now, as most digitally connected people use it to communicate in both their personal and professional lives. One of the most popular email services out there today is Google’s offering, Gmail, which has 1.4 billion users. Many people use the platform daily, even connecting it to third-party apps […]

The post Attention Gmail Users: App Developers Can Potentially Read Your Private Emails appeared first on McAfee Blogs.

]]>
Email has been the norm for decades now, as most digitally connected people use it to communicate in both their personal and professional lives. One of the most popular email services out there today is Google’s offering, Gmail, which has 1.4 billion users. Many people use the platform daily, even connecting it to third-party apps – a feature that may have exposed actually exposed private Gmail messages. Just yesterday, The Wall Street Journal reported that people who have connected third-party apps to their accounts may have unwittingly given external developers permission to read their messages.

But wait – how could hundreds of developers just access users’ private inboxes? As a matter of fact, Google allows these developers to scan the inboxes of millions of users per its official policy. This policy is outlined when people are asked if they wish to connect their Google account to third-party apps and services. When linking their account to a service, people are asked to grant certain permissions – which often include the ability to “read, send, delete and manage your email.”

Now, the developers who have access to users’ Gmail inboxes have been vetted by Google. And to them, this access is the norm. Thede Loder, the former CTO at eDataSource Inc., said that reading user emails has become “common practice” for companies that collect this type of data. “Some people might consider that to be a dirty secret… It’s kind of reality,” he notes.

Though this news may be unsurprising to people like Loder, it’s likely very surprising to others, proving there’s a gap in awareness and understanding of what Gmail users are signing themselves up for. Therefore, if you’re a Gmail user wishing to keep the information exchanged in your emails private, be sure to follow these tips:

  • Be selective. The best way to control where your information goes is by reducing the sources you share it with. That means not providing Gmail access to every app that asks for it. Be strict and diligent, and only provide an app access when it’s crucial to the service or experience it provides.
  • Read the terms and conditions. If you are going to share access to your Gmail or your information with an application or website, be sure you read the terms and conditions carefully. Though it may feel tedious, it’s important you know where your information is going and how it is being used.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

 And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Gmail Users: App Developers Can Potentially Read Your Private Emails appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/feed/ 0
The Exactis Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/#respond Thu, 28 Jun 2018 18:01:34 +0000 https://securingtomorrow.mcafee.com/?p=90179 There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was […]

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "0314018a-527d-44cc-a71d-995cd761cd4a",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_1604537239013014.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_1604537239013014.jpg",
"pubDate": "Thurs 28 June 2018 12:35:48 +0000"
}
}

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/feed/ 0
The Exactis Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/#comments Thu, 28 Jun 2018 17:12:33 +0000 https://securingtomorrow.mcafee.com/?p=90165 There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was […]

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/feed/ 8
Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/#respond Thu, 28 Jun 2018 01:33:34 +0000 https://securingtomorrow.mcafee.com/?p=90124 Ever hear “Despacito” on the radio? Of course you did! It was the song of 2017 – taking over radios, dance clubs, and even ringtones on our cell phones. Take Android users for instance – many even downloaded the “Despacito for Ringtone” so they could enjoy the tune anytime they received a phone call. But […]

The post Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware appeared first on McAfee Blogs.

]]>
Ever hear “Despacito” on the radio? Of course you did! It was the song of 2017 – taking over radios, dance clubs, and even ringtones on our cell phones. Take Android users for instance – many even downloaded the “Despacito for Ringtone” so they could enjoy the tune anytime they received a phone call. But what they didn’t know is that they could be involved in a cyberattack, rather than just listening to their favorite song. As a matter of fact, our McAfee Mobile Research team has found a new malicious campaign, named Sonvpay, that’s impacted at least 15 apps published on Google Play – including that Despacito app.

How it works

You know how with some of your apps you can adjust the push notifications? Sometimes these notifications pop up on your screen, and other times you won’t receive any – depending on your settings. To enact its malicious scheme, Sonvpay listens for incoming push notifications that contain the data they need in order to perform mobile billing fraud – which is when extra charges get added to a user’s phone bill and can potentially line a cybercriminal’s pocket.

Once receiving the data, the crooks can perform this mobile billing fraud (either WAP and SMS fraud) by displaying a fake update notification to the user. This fake notification has only one red flag – if the user scrolls until the end, the phrase “Click Skip is to agree” appears, as seen below.

If the user clicks the only button (Skip), Sonvpay will complete its mission – and will fraudulently subscribe the user to a WAP or SMS billing service, depending on the victim’s country.

What it affects

So which Android applications contain Sonvpay? The McAfee Mobile Research team initially found that Qrcode Scanner, Cut Ringtones 2018, and Despacito Ringtone were carrying the Sonvpay, and Google promptly took them down once notified. But then more emerged, totaling up to 15 applications out there that contain Sonvpay, some of which have been installed over 50,000 times. These applications include:

Wifi-Hostpot

Cut Ringtones 2018

Reccoder-Call

Qrcode Scanner

QRCodeBar Scanner APK

Despacito Ringtone

Let me love you ringtone

Beauty camera-Photo editor

Flashlight-bright

Night light

Caculator-2018

Shape of you ringtone

Despacito for Ringtone

Iphone Ringtone

CaroGame2018

So now the next question is – what do I do if I was one of the Android users who downloaded an application with Sonvpay? How can I avoid becoming a victim of this scam? Start by following these tips:

  • Only give your apps permission to what they need. When downloading one of these applications, one user reported they noticed that the app asked for access to SMS messages. This should’ve been a red flag – why would a ringtone app need access to your texts? Whenever you download an app, always double check what it’s requesting access to, and only provide access to areas it absolutely needs in order to provide its service.
  • Always read the fine print. Before you update or download anything, always make sure you scroll through all the information provided and read through it line by line. This may feel tedious, but it could be the difference between being compromised and remaining secure.
  • Use a mobile security solution. As schemes like Sonvpay continue to impact mobile applications and users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/feed/ 0
Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/#respond Thu, 21 Jun 2018 22:14:56 +0000 https://securingtomorrow.mcafee.com/?p=90068 Does the name “Fortnite” ring any bells? It should, because it’s probably the most popular video game in the world right now, garnering the attention of millions of fans and even a few celebrities. Oh, and a handful of cybercriminals as well. Despite the fact that the game is not yet available for Android, crooks […]

The post Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos appeared first on McAfee Blogs.

]]>
Does the name “Fortnite” ring any bells? It should, because it’s probably the most popular video game in the world right now, garnering the attention of millions of fans and even a few celebrities. Oh, and a handful of cybercriminals as well. Despite the fact that the game is not yet available for Android, crooks are advertising “leaked” versions of Epic Games’ Fortnite — by releasing YouTube videos with fake links claiming to be Android versions of the game.

This scam begins with a user conducting a simple Google or YouTube search for “Download Fortnite for Android” or “How to install Fortnite on Android.” This search provides users with dozens of videos – some of which have millions of views – that claim they can show how to get the game on Android. From there, people are then directed to download one of the fake Fortnite apps.

These fake apps do a great job at seeming convincing, as many use the same images and loading screens found in the iOS app. They even play the game’s intro song and prompt users to log in – seems legitimate, right? But soon enough, the apps reveal their true colors.

The apps will ask a user to provide mobile verification, to which they’ll confirm and hit OK. Then, users get redirected to a site claiming to check if they’re a bot or not, which requires them to download another app and then click on a link that comes with the “unlock instructions” within that app. Once users hit “tap to install,” however, they’re only guided back to Google Play. Users can keep installing app after app and will never actually get to the actual Fortnite game.

Essentially, this means the cybercriminals are aiming to make money off of increased app downloads. This incident reminds us that online gaming has its risks, and Fortnite is no exception. Therefore, in order to stay protected from this scam and others like it, be sure to follow these tips:

  • Do your homework. Know your game – find out when and where it is available on different platforms. And if for some reason your research yields mixed results, check the game’s main page to confirm the answer.
  • Go straight to the source. It’s a good security rule of thumb for anything out there – do not download something unless you are getting it from the company’s home page. The most trusted source is the original one, so make sure you’re using the real deal. If you’re an Android user, it’s best to just wait for Epic Games’ version of Fortnite in order to avoid frauds.
  • Use comprehensive security. Whether you’re using the mobile iOS version of Fornite, or gaming on your computer, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/feed/ 0
Blockchain 101: What Consumers Need to Know About the Technology https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/#respond Tue, 19 Jun 2018 21:32:43 +0000 https://securingtomorrow.mcafee.com/?p=89989 From Bitcoin’s boom, to high stakes hacks – cryptocurrency, and how to secure it, has been the talk of the town. However, what most don’t realize is that a there is a sophisticated technology involved in each cryptocurrency transaction designed to secure digital currency: blockchain technology. Now, many of you may be asking – what […]

The post Blockchain 101: What Consumers Need to Know About the Technology appeared first on McAfee Blogs.

]]>
From Bitcoin’s boom, to high stakes hacks – cryptocurrency, and how to secure it, has been the talk of the town. However, what most don’t realize is that a there is a sophisticated technology involved in each cryptocurrency transaction designed to secure digital currency: blockchain technology. Now, many of you may be asking – what exactly is blockchain? Let’s take a look at how this technology actually works and what the security implications may be for consumers.

What is blockchain?

According to the recent McAfee Blockchain Threat Report, “a blockchain is a series of records or transactions, collected together in a block that defines a portion of a ledger. The ledger is distributed among peers, who use it as a trusted authority in which records are valid. Each block in the ledger is linked to its next block, creating a chain—hence the name.” With blockchain, anyone can look at the latest blocks and their “parent” blocks to determine the state of an address. It also assists with multiple issues that can occur when making digital transactions, such as double spending and currency reproduction.

Remaining cautious with blockchain

Blockchain is essentially the secret weapon behind cryptocurrency’s popularity, as it has been positioned as the technology that will help address digital currency’s security issues. While it has great potential, there are some possible risks that could hinder its growth. For instance, the many cryptocurrency hacks we’ve seen recently have proven blockchain is not exactly foolproof. The mechanism involved in blockchain has some vulnerability in itself – which is a friendly reminder that we still need to be cautious in how we view this technology as it relates to security. Remember that blockchain is created by people, who can make mistakes.

Therefore, it’s important we all remain cautious when it comes to treating this technology like the end all be all. So, if you’re considering using blockchain technology to secure your cryptocurrency, be sure to follow these tips:

  • Don’t put all your eggs in one basket. Diversity is king when it comes to cryptocurrency. Since blockchain isn’t a sure-fire way for securing cryptocurrency transactions, make sure you do your research on the various “coins” out there. Select a nice variety of currency types so that if one cryptocurrency is attacked, you’ll still have a few other types to rely on.
  • Always have a plan B. Make sure you have a paper equivalent of records so that all your transactions are not bound by something that is prone to human error. That way, if for some reason something does go wrong with blockchain, you still have your important transactions documented elsewhere.
  • Do your homework. With blockchain and any new and emerging technology really, make sure you always remain a bit skeptical. Do your homework before you embrace the technology – research your options and make sure there’s been no security issues. 

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Blockchain 101: What Consumers Need to Know About the Technology appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/feed/ 0
New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/#respond Wed, 13 Jun 2018 07:56:17 +0000 https://securingtomorrow.mcafee.com/?p=89635 Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research […]

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) team, can be easily compromised, which is why the team has submitted a vulnerability to Microsoft which involves the default settings for Windows 10 and the Cortana voice assistant. The vulnerability can be used to do things such as retrieve information from Cortana, start an application from the Windows lock screen, and even log into a Windows 10 device without a user interacting with the computer.

To understand how someone can take advantage of this vulnerability, imagine you are sitting at your favorite coffee shop and need to use the restroom. As a security-minded individual, you lock your computer’s screen thinking that would keep bad people from accessing your information. With this vulnerability, all someone would have to do is say, “Hey Cortana,” then follow a few simple steps to gain access to the treasure trove of information, no reboot required.

By taking advantage of this vulnerability, McAfee researcher Cedric Cochin discovered that by simply typing while Cortana starts to listen to a request or question on a locked device, he could bring up a search menu. Cochin didn’t even have to say anything to Cortana, but simply clicked on the “tap and say” button and started typing in words. At that point, he could hover over search results, which included documents and other files, and see where they led to on that computer. What’s more – he was able to take it a step further and figured out a way to access certain confidential files and information.

Though there are limitations to what cybercriminals could do, there are ways they can get the right file results to show up, which have been outlined in our McAfee Labs blog post on this topic. By leveraging one of these techniques, cybercriminals could use this vulnerability to take malicious actions such as resetting passwords on a Windows 10 computer, even though the device is technically locked. In only a few seconds, an attacker has full access to a computer.

With the discovery of this vulnerability, the next question is – what can I do to not be a victim of this? Start by following these security tips:

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a Windows 10 computer with Cortana. Now that this vulnerability has been disclosed it’s important that you keep a close eye on your computer until you apply the update from Microsoft.
  • Apply updates immediately. The good news is – today is Patch Tuesday! And fortunately the update that Microsoft is rolling out today has a fix for this vulnerability to protect your Windows 10 computer. Be sure to update your computer immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/feed/ 0
Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/#respond Wed, 13 Jun 2018 04:01:19 +0000 https://securingtomorrow.mcafee.com/?p=89026 Playing video games has become a popular pastime for children of all ages (even for some adults too), as the virtual challenges encourage these players to try their hand at beating the game again and again. In fact, recent McAfee research found that gaming helps prepare these kids for a potential career in cybersecurity. However, […]

The post Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming appeared first on McAfee Blogs.

]]>
Playing video games has become a popular pastime for children of all ages (even for some adults too), as the virtual challenges encourage these players to try their hand at beating the game again and again. In fact, recent McAfee research found that gaming helps prepare these kids for a potential career in cybersecurity. However, what many children and parents don’t realize is that these games can also pose a serious threat to their family’s online safety. To unpack what that threat looks like exactly, we conducted the McAfee which explores consumers’ attitudes towards the perceived risks that come with gaming. Let’s dive into the key findings.

Our survey discovered that 62% of children play games where they speak to other people while playing, and parents who responded to our survey are most worried that this unknown person may be a sexual predator (75% of parents), bully (61%), cybercriminal who could steal personal or financial info (60%), or a drug dealer (37%). Despite this worry, 44% of parents would still allow their child to play a game that they are technically too young for (i.e. they are younger than the recommended age determined by the rating).

What’s more – despite allowing their children up to four hours of gaming per day, 71% of parents at least somewhat agree that their child is at risk of being exposed to inappropriate content while gaming. 62% worry about cybercriminals disguising themselves as another player to steal sensitive information, 58% are concerned that their child could click on a link and download a virus, and 52% worry about cybercriminals hacking gaming accounts and accessing personal or financial information. And unfortunately, some of these concerns have become a reality, as we’ve recently seen cyberattacks involving both Minecraft and Nintendo Switch.

So, with parents worried about the security risks that come with online gaming – why aren’t they doing something to assuage their own concerns? Fortunately, we have a few pointers you can use to start securing your kid’s online safety today:

  • Browse with protection. A tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious.
  • Use comprehensive security. No matter what you do online, it’s best to use a security product like McAfee Total Protection that can help keep your connected devices safe from malware. Just like any PC application, be sure to keep your security software updated with the latest software version.
  • Use parental control software. Parental control will help you set time limits on your child’s device usage and help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Survey Methodology: McAfee commissioned OnePoll to conduct a survey of 5,000 parents of children ages 6 to 16 who play online or console games in Australia, Germany, Singapore, the U.S. and the U.K.

The post Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/feed/ 0
New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/#respond Tue, 12 Jun 2018 18:46:12 +0000 https://securingtomorrow.mcafee.com/?p=89625 Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research […]

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) team, can be easily compromised, which is why the team has submitted a vulnerability to Microsoft which involves the default settings for Windows 10 and the Cortana voice assistant. The vulnerability can be used to do things such as retrieve information from Cortana, start an application from the Windows lock screen, and even log into a Windows 10 device without a user interacting with the computer.

To understand how someone can take advantage of this vulnerability, imagine you are sitting at your favorite coffee shop and need to use the restroom. As a security-minded individual, you lock your computer’s screen thinking that would keep bad people from accessing your information. With this vulnerability, all someone would have to do is say, “Hey Cortana,” then follow a few simple steps to gain access to the treasure trove of information, no reboot required.

By taking advantage of this vulnerability, McAfee researcher Cedric Cochin discovered that by simply typing while Cortana starts to listen to a request or question on a locked device, he could bring up a search menu. Cochin didn’t even have to say anything to Cortana, but simply clicked on the “tap and say” button and started typing in words. At that point, he could hover over search results, which included documents and other files, and see where they led to on that computer. What’s more – he was able to take it a step further and figured out a way to access certain confidential files and information.

Though there are limitations to what cybercriminals could do, there are ways they can get the right file results to show up, which have been outlined in our McAfee Labs blog post on this topic. By leveraging one of these techniques, cybercriminals could use this vulnerability to take malicious actions such as resetting passwords on a Windows 10 computer, even though the device is technically locked. In only a few seconds, an attacker has full access to a computer.

With the discovery of this vulnerability, the next question is – what can I do to not be a victim of this? Start by following these security tips:

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a Windows 10 computer with Cortana. Now that this vulnerability has been disclosed it’s important that you keep a close eye on your computer until you apply the update from Microsoft.
  • Apply updates immediately. The good news is – today is Patch Tuesday! And fortunately the update that Microsoft is rolling out today has a fix for this vulnerability to protect your Windows 10 computer. Be sure to update your computer immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/feed/ 0
Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/#respond Fri, 08 Jun 2018 23:26:20 +0000 https://securingtomorrow.mcafee.com/?p=89522 Facebook, Facebook, Facebook – between malware leveraging Facebook Messenger to send phishing messages, to apps on the platform mishandling customer data, the social media network has dealt with its fair share of cybersecurity woes these past few months. And just this week, yet another issue has emerged. It was discovered that a bug within Facebook […]

The post Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug appeared first on McAfee Blogs.

]]>
Facebook, Facebook, Facebook – between malware leveraging Facebook Messenger to send phishing messages, to apps on the platform mishandling customer data, the social media network has dealt with its fair share of cybersecurity woes these past few months. And just this week, yet another issue has emerged. It was discovered that a bug within Facebook may have accidentally changed settings for 14 million users, causing their posts to be shared publicly, even if they thought they were being shared only with friends.

When users share something on Facebook, they’re shown an audience selector, which provides a handful of options for who exactly gets to see a post. The user can select “Friends,” “Only me,” “Friends except,” or “Public,” with the choice supposedly defaulting to the one last used by the account owner. However, this bug made it so the default for all posts was set to public – meaning if the user was not paying attention, they unwittingly shipped their post out to a larger audience than they were anticipating.

Now, the good news is this bug was only affecting posts that went out from May 18th to May 27th, and no posts prior to that period were affected. Additionally, Facebook has confirmed that the bug has in fact been fixed.

However, this bug does act as a lesson about sharing out personal information on social media and reminds us to always be cautious of what we put out on the web. That being said, here are a few proactive security tips you can follow when sharing info on social media:

  • Always check in on your settings. This bug is a reminder that we should always check in on our current settings on social media platforms and apps. This bug swapped the settings without notifying users, but sometimes we may even too forget if we have the right settings on. Make it a priority a few times a month to go and see if you have the correct security settings in place on all your apps.
  • Be selective about what you share. The best way to control where your information goes is by cutting down what you share and how much you share it. That means reducing the amount of times you post on social media, and the type of information you do share. Anything private, personal, or that could help a cybercriminal learn more about you should remain off your social channels.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/feed/ 0
Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/#respond Tue, 05 Jun 2018 20:44:51 +0000 https://securingtomorrow.mcafee.com/?p=89336 When we find out our favorite artist is coming to town, we immediately head to the web to snatch up a ticket to their show. This where ticket distribution services, such as Ticketmaster and TicketFly, become handy, as they allow us to easily input our information to claim a spot for the show. But as […]

The post Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach appeared first on McAfee Blogs.

]]>
When we find out our favorite artist is coming to town, we immediately head to the web to snatch up a ticket to their show. This where ticket distribution services, such as Ticketmaster and TicketFly, become handy, as they allow us to easily input our information to claim a spot for the show. But as of this week, users of the latter company are unfortunately now dealing with that very information being compromised by a massive data breach. In fact, Troy Hunt, founder of “Have I Been Pwned,” discovered that a hacker posted several Ticketfly database files to a public server online.

This attack first began with an unnamed hacker informing Ticketfly of a security vulnerability and demanding a ransom of one bitcoin to reveal the flaw and help fix it. This threat was met with no response. Following which, the hacker then defaced the site, prompting the company to take it offline, and stole piles of Ticketfly customer data in the process.

In addition to a whopping 26 million email addresses, this stolen data includes users’ names, phone numbers, home and billing addresses. As of now, no financial information has been published publicly by the hacker, but he or she has threatened to post more data if they are not paid their ransom.

So, with this personal information out in the open and potentially more still to come, what can these Ticketfly customers do to ensure they protected their data? Start by following these tips:

  • Keep an eye out for sketchy emails. One way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Set up an alert. Though this hacker has not published financial data, that doesn’t mean he or she may not still have it on hand. Therefore, if you’re a Ticketfly user, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, Ticketfly users may be faced with the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/feed/ 0
Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/#respond Thu, 31 May 2018 18:58:01 +0000 https://securingtomorrow.mcafee.com/?p=89237 Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to […]

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to call an insider threat. Just this past week, popular soft drink producer Coca-Cola announced that they were facing exactly that: an insider threat in the form of a former employee found carrying a personal hard drive of worker data.

So far, we know that this employee uploaded the data of their fellow coworkers onto an external hard drive, which they took with them when departing the company. According to a company representative, “the type of stolen and exposed data varies per employee.” And though there are no more known specifics around the data, we do know that this theft impacts 8,000 individual Coca-Cola employees.

As of now, Coca-Cola says it’s been working with law enforcement to dig into the details of this insider threat, but in the interim, these employees need to start taking proactive steps to protect their personal information. In order to do just that, follow these basic security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.`
  • Consider an identity theft protection solution. With their personal information floating around, these employees could be faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "85576554-caea-4ff0-b59a-9fa580469932",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_400X300.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_400X300.jpg",
"pubDate": "Thur, 31 May 2018 12:35:48 +0000"
}
}

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/feed/ 0
Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/#comments Thu, 31 May 2018 18:42:14 +0000 https://securingtomorrow.mcafee.com/?p=89229 Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to […]

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to call an insider threat. Just this past week, popular soft drink producer Coca-Cola announced that they were facing exactly that: an insider threat in the form of a former employee found carrying a personal hard drive of worker data.

So far, we know that this employee uploaded the data of their fellow coworkers onto an external hard drive, which they took with them when departing the company. According to a company representative, “the type of stolen and exposed data varies per employee.” And though there are no more known specifics around the data, we do know that this theft impacts 8,000 individual Coca-Cola employees.

As of now, Coca-Cola says it’s been working with law enforcement to dig into the details of this insider threat, but in the interim, these employees need to start taking proactive steps to protect their personal information. In order to do just that, follow these basic security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.`
  • Consider an identity theft protection solution. With their personal information floating around, these employees could be faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/feed/ 1
New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/#respond Thu, 24 May 2018 00:20:32 +0000 https://securingtomorrow.mcafee.com/?p=89081 Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has […]

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has come to life, as it has been discovered that more than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware called VPNFilter.

Named after the directory the malware uses to hide on an infected device, VPNFilter first makes its way into a device through a reboot. Once it’s inside, it gains a foothold on the infected device and then deploys the malware.

VPNFilter has been designed with versatile capabilities, it attacks routers and other network-connected devices in order to steal credentials and other information exchanged across the network. It even contains a kill switch for routers, which means an attack could stop internet access for any devices tapping into that router.

So far, over 500,000 devices have been infected by the malware in over 54 countries. Therefore, with this attack spreading rapidly, it’s important to take security steps immediately in order to stay protected from VPNFilter. To do just that, follow these tips:

  • Update your router’s firmware. Router manufacturers are already working to make patches that will help protect users against this malware. Therefore, make sure you regularly update your router’s firmware, as these fixes are typically included within each update.
  • Be careful with what information you share. Since this malware can steal the data exchanged across your Wi-Fi network, it’s crucial you get selective with the information you do share for the time being. This means personal details, such as addresses, personally identifiable information, and financial data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "943447f2-28f6-4700-afc5-dbb09c73f1ac",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/img_1549136055998304.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/img_1549136055998304.jpg",
"pubDate": "Wed, 23 May 2018 12:35:48 +0000"
}
}

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/feed/ 0
New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/#comments Wed, 23 May 2018 23:10:25 +0000 https://securingtomorrow.mcafee.com/?p=89072 Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has […]

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has come to life, as it has been discovered that more than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware called VPNFilter.

Named after the directory the malware uses to hide on an infected device, VPNFilter first makes its way into a device through a reboot. Once it’s inside, it gains a foothold on the infected device and then deploys the malware.

VPNFilter has been designed with versatile capabilities, it attacks routers and other network-connected devices in order to steal credentials and other information exchanged across the network. It even contains a kill switch for routers, which means an attack could stop internet access for any devices tapping into that router.

So far, over 500,000 devices have been infected by the malware in over 54 countries. Therefore, with this attack spreading rapidly, it’s important to take security steps immediately in order to stay protected from VPNFilter. To do just that, follow these tips:

  • Update your router’s firmware. Router manufacturers are already working to make patches that will help protect users against this malware. Therefore, make sure you regularly update your router’s firmware, as these fixes are typically included within each update.
  • Be careful with what information you share. Since this malware can steal the data exchanged across your Wi-Fi network, it’s crucial you get selective with the information you do share for the time being. This means personal details, such as addresses, personally identifiable information, and financial data.
  • Use comprehensive security. Even though this attack largely goes after routers, it’s important you still lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/feed/ 7
Why You Need To Know About “Cryptojacking” https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/#respond Tue, 22 May 2018 16:00:52 +0000 https://securingtomorrow.mcafee.com/?p=88975 As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the […]

The post Why You Need To Know About “Cryptojacking” appeared first on McAfee Blogs.

]]>
As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the form of “cryptojacking.” That’s why everyone should become aware of the risks.

Cryptojacking is when a cybercriminal uses someone else’s computing power to mine for cryptocurrencies without their consent. They do this because mining for digital currencies like Bitcoin, while still lucrative, is more expensive than it used to be. Miners now need multiple machines to crank through the complicated algorithms that lead them to digital gold.

So, instead of investing in costly hardware, some cybercrooks have designed malware to steal computing power from normal users’ devices. They do this by distributing risky mobile apps, taking advantage of flaws in existing software, or even by using drive-by downloads embedded in online ads. In fact, malware-infected ads, also know as “malvertising”, have become a popular channel for distributing these “miners.”

Earlier this year 60 million Android users were affected by an attack embedded in online ads. Users who encountered these ads while surfing online were redirected to a malicious website, which prompted them to enter a Captcha to prove they were human. All the while, the malware was utilizing the phone’s computing power to mine for the Monero digital currency. While the attack lasted just four minutes on average, if you left the webpage open it could eventually overtax your CPU, essentially destroying your device.

And the amount of risky apps designed to steal mobile computing power is startling. McAfee researchers identified over 600 malicious cryptocurrency apps across 20 app stores, including Google Play and the Apple store.

Of course, computers are a prime target for cryptojacking since they offer more computing power than smaller devices. Many attacks take advantage of vulnerabilities in outdated software. In fact, PC miners are so common it’s believed that tens of thousands of computers are already infected.

Unsurprisingly, social media offers another avenue of attack. Take, for instance, the Digmine malware, which spread via Facebook Messenger disguised as a video file. Not only did it infect the machine of anyone who opened the file, it also had the potential to automatically send the file to all the user’s Facebook contacts. The same is true of the recently discovered FacexWorm. This Messenger malware directed users to fake versions of popular websites like YouTube, and prompted them to download a browser extension to watch content. But in reality it was stealing passwords and mining for cryptocurrencies.

Now that you are aware of how prevalent crypto malware can be, here’s what you need to do to protect your devices, data, and money.

  1. Use Security Software—Install comprehensive security software than can protect all your computers and devices from the latest threats. And, don’t forget about your home internet-connected devices, such as IP cameras, and interactive speakers. They often come with weak security. Consider buying a router with protection built-in, or setting up a separate network for your IoT devices. This way, even if a connected device is infected, cybercriminals will be unable to access your data-rich devices on the other network.
  2. Choose Strong Passwords—These are still your first line of defense, so consider using a Password Manager to help you create and store complicated, unique passwords. If you reuse passwords, a breach of one account can quickly spread to other accounts and devices.
  3. Surf Safe—Try to stick to reputable websites and consider downloading a browser extension that can detect cryptomining malware such as Chrome’s No Coin, or Mozilla’s Crypto Mining Blocker.
  4. Avoid Risky Apps—Only download apps from official app stores, and read other users’ reviews first to see if they are safe.
  5. Keep all your software up-to-date—Many of the threats targeting PCs take advantage of vulnerabilities in existing software. Update your software regularly to make sure you have the latest patches and fixes.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Why You Need To Know About “Cryptojacking” appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/feed/ 0
Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/#comments Mon, 21 May 2018 17:42:39 +0000 https://securingtomorrow.mcafee.com/?p=88967 Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, […]

The post Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers appeared first on McAfee Blogs.

]]>
Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, but also a security risk. This especially the case due to the emergence of Vega Stealer, a malware strain aiming to capitalize on that very short cut, and is designed to harvest saved financial data from Google Chrome and Firefox browsers.

Vega Stealer makes its way through the web through a common cybercriminal tactic – phishing emails. Once it spreads via these nasty notes, Vega swoops personal information that has been saved in Google Chrome, including passwords, saved credit cards, profiles, and cookies. Mind you, Firefox also has a target on its back, as the malware harvests specific files that store various passwords and keys when Firefox in use. But Vega Stealer doesn’t stop there, it also takes a screenshot of the infected machine and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf.

As of now, it has not been determined who exactly is behind these browser attacks (though the strain seems to be related to August Stealer malware), but we do know one thing for sure:  Vega is quite the thief. The good news is – there are many ways you can protect yourself from the nasty malware strain. Start by following these tips:

  • Change your passwords. With Vega Stealer eager for credentials, the first thing you should do is change up your existing login information to any accounts you access using Chrome or Firefox. And, of course, make sure your new passwords are strong and complex.
  • Be on the lookout for phishing scams.If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Stop Autofill on Chrome. This malware is counting on the fact that you store financial data within your browser. To stop it in its tracks, head to your Google Chrome account and go to settings. Scroll down to “Passwords and Forms,” go to “Autofill Settings,” and make sure you remove all personal and financial information from your Google Chrome Autofill. Though this means you’ll have to type out this information each time you want to make a purchase, your personal data will be better protected because of it.
  • Stay protected while you browse. With Vega Stealer attacking both Chrome and Firefox browsers, it’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/feed/ 2
Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/#respond Thu, 17 May 2018 19:49:05 +0000 https://securingtomorrow.mcafee.com/?p=88878 From Facebook to Twitter and now back to Facebook – the past few months have seen some of the most popular social media platforms out there today struggling with securing consumer data. And just today, news broke that a new data breach has potentially exposed 3 million Facebook users’ data via an app called myPersonality. […]

The post Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App appeared first on McAfee Blogs.

]]>
From Facebook to Twitter and now back to Facebook – the past few months have seen some of the most popular social media platforms out there today struggling with securing consumer data. And just today, news broke that a new data breach has potentially exposed 3 million Facebook users’ data via an app called myPersonality. This is all because a username and password granting access to the data were insufficiently secured.

Any avid Facebook user knows that there are apps on the platform that act as fun little quizzes, games, or activities — myPersonality being one of them. myPersonality is a Facebook app/questionnaire that asks people about highly personal matters, as it is actually a psychometric test created by the University of Cambridge. But once users fill out the test, their information does not remain personal, as this data has been shared with almost 150 institutions and companies, including researchers at universities and firms like Facebook, Google, Microsoft, and Yahoo. What’s more, the login information used by these companies for accessing this data was posted publicly to Github, making it available to the public for the past four years.

Mind you, this data was scrubbed of users’ names before being given to the researchers, and these collaborators had to vow they wouldn’t de-anonymize the data before they obtained access to it. Regardless, Facebook has confirmed that it has temporarily suspended myPersonality and is investigating the app. “If myPersonality refuses to cooperate or fails our audit, we will ban it,” said Ime Archibong, Facebook’s Vice President of Product Partnerships. This is following Facebook’s statement earlier this week that it has suspended 200 apps and investigated thousands of others in case they misused people’s data.

So, while Facebook investigates myPersonality, what can users of the social media network do in the interim to ensure they’re secure? Start by following these tips:

  • Be selective about what you share. The best way to control where your information goes is by reducing the sources you share it with. That means not providing your personal information to every app that asks for it. Be strict and diligent, and only provide an app information when it’s crucial to the service or experience it provides.
  • Read the terms and conditions. If you are going to share your information out with an application or website, be sure you read the terms and conditions carefully. Though it may feel tedious, it’s important you know where your information is going and how it is being used.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/feed/ 0
Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/#respond Thu, 10 May 2018 01:02:17 +0000 https://securingtomorrow.mcafee.com/?p=88792 Facebook Messenger, a feature included within the popular social media network, has grown to become a widely-used platform for friends and loved ones to instantly communicate with one another. According to Kim Komando, over 1.2 billion people use Facebook Messenger today. And now cybercriminals are using it to communicate their latest phishing scheme to innocent […]

The post Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency appeared first on McAfee Blogs.

]]>
Facebook Messenger, a feature included within the popular social media network, has grown to become a widely-used platform for friends and loved ones to instantly communicate with one another. According to Kim Komando, over 1.2 billion people use Facebook Messenger today. And now cybercriminals are using it to communicate their latest phishing scheme to innocent users, as crooks are sending messages that are laced with FacexWorm malware via Facebook Messenger.

Aptly named, FacexWorm is a nasty strain that directs victims to fake versions of websites, such as YouTube, and then asks they download a Chrome extension in order to play a video’s content. No shocker here, but the extension is malicious, and actually installs FacexWorm instead, which can then steal account credentials from selected websites, including Google and cryptocurrency websites. What’s more, the malware variant can also hijack traffic from cryptocurrency trading platforms and steal funds, as well as crypto-jack a device by injecting malicious crypto-mining code on a webpage.

Unfortunately, the worm has found a way to wiggle from device to device as well, as it leverages a command-and-control server to access an infected user’s Facebook and multiply the amount of fake YouTube links. These links are then sent to the user’s contacts in order to further spread FacexWorm. If the link is sent to a user who isn’t using Google Chrome, the link instead redirects to a random advert.

With FacexWorm slithering its way through Facebook accounts, what can users of the popular platform do to fight back against the malware? For starters, you can follow these security pointers:

  • Be careful what you click on. Be sure to only click on links from a trusted source.  Even then, if the content coming from a friend seems strange or out of character, it’s best to remain wary and avoid interacting with the message entirely.
  • Change your account login info immediately. Since one of FacexWorm’s main goals is to steal credentials to crucial sites, it’s important you change up your login to your Google account, any cryptocurrency accounts, and others you think may be affected by this attack. Be sure to make your next password strong and complex, so it will be hard for cybercriminals to crack.
  • Stay protected while you browse. Sometimes it’s hard to identify if an email or social media message is coming from a cybercriminal. Add an extra layer of security to your browser and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/feed/ 0
Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/#respond Thu, 03 May 2018 23:06:14 +0000 https://securingtomorrow.mcafee.com/?p=88709 Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts […]

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.

So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.

This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case. But, beyond changing their passwords, what other security steps can Twitter users take to ensure they stay protected from this bug? Start by following these tips:

  • Make your next password strong. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for every account. Was your Twitter password the same one used for other accounts? If that’s the case, you need to also change those passwords immediately. It’s a good security rule of thumb – always use different passwords for your online accounts so you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/feed/ 0
Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/#respond Thu, 03 May 2018 22:19:42 +0000 https://securingtomorrow.mcafee.com/?p=88702 Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts […]

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.

So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.

This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case. But, beyond changing their passwords, what other security steps can Twitter users take to ensure they stay protected from this bug? Start by following these tips:

  • Make your next password strong. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for every account. Was your Twitter password the same one used for other accounts? If that’s the case, you need to also change those passwords immediately. It’s a good security rule of thumb – always use different passwords for your online accounts so you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/feed/ 0
The Past, Present, and Future of Password Security https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/#respond Thu, 03 May 2018 04:32:21 +0000 https://securingtomorrow.mcafee.com/?p=88615 In simpler times, passwords broke down physical barriers – they allowed people into secret gatherings, opened safes, the list goes on. Enter the digital era, and passwords now act as the gatekeepers to our personal data, as they lock down everything from our social media accounts to our email inboxes. No matter the era, passwords […]

The post The Past, Present, and Future of Password Security appeared first on McAfee Blogs.

]]>
In simpler times, passwords broke down physical barriers – they allowed people into secret gatherings, opened safes, the list goes on. Enter the digital era, and passwords now act as the gatekeepers to our personal data, as they lock down everything from our social media accounts to our email inboxes. No matter the era, passwords have always accomplished one thing – they provide access to the previously inaccessible, which means managing these passwords in a safe way is crucial. To see how password management has changed over time, and in honor of World Password Day, let’s take a look at the past, present, and future of password security.

The past

Historically, passwords have been written down a piece of paper or kept in a notebook since it can be hard to keep track of so many passwords. And because of this struggle, users were also more inclined to use the same password for multiple accounts. In fact, according to last year’s World Password Survey, 34% of the respondents in the U.S. admitted to doing this on a regular basis. What’s more – users will make their passwords as simple as possible (think dog’s name or birth date) in order to able to remember these passwords.

The present

Unfortunately, not much has changed current day, as this year’s survey takeaways reminded us that password security still has ways to go. Consumers who responded to the survey have an average of 23 online accounts that require a password, but on average only use 13 unique passwords for those accounts. 31% only use two to three passwords for all their accounts so they can remember them more easily. And lists are far from dead, as the most common way to remember passwords is to keep a written or digital list of all passwords (52%).

Things tend to get worse when consumers actually do forget their password. 32% forget a password once a week, and when they do forget this password, 48% of respondents claim they abandon what they are doing online entirely. What’s more – 23% of respondents claim that forgetting a password is as painful as a papercut, and all respondents claimed they had to call tech support twice a year on average for help resetting a password.

The future

The good news is – the future is looking bright. There are state-of-the-art password solutions involving biometrics, multi-factor authentication, and other sophisticated technology already hitting the scene. And more coming down the pipeline, as a few web browsers are actually aiming to kill passwords entirely. Beyond that, there are proactive measures you can take individually in order to prepare for your future security as well. To ensure your passwords act as your first line of security, follow these tips:

  • Create strong passwords. Passwords are the keys to our digital lives, so make sure to create strong and unique passwords to keep unwanted people out. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for each of your accounts. By using different passwords for your online accounts, you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Past, Present, and Future of Password Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/feed/ 0
Securing Your Devices from Mobile Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/#respond Tue, 01 May 2018 18:21:27 +0000 https://securingtomorrow.mcafee.com/?p=88653 As the world has gone mobile, so too have the cybercriminals. With users now spending an average of four hours a day on multiple mobile devices that store mountains of sensitive information, it’s no wonder that mobile malware has become one of the most effective ways to capture our money and data. That’s probably why […]

The post Securing Your Devices from Mobile Malware appeared first on McAfee Blogs.

]]>
As the world has gone mobile, so too have the cybercriminals. With users now spending an average of four hours a day on multiple mobile devices that store mountains of sensitive information, it’s no wonder that mobile malware has become one of the most effective ways to capture our money and data.

That’s probably why mobile malware increased by 46% in the last year, with new mobile threats like ransomware and ad click malware making our digital lives even more complicated.

Of course, risky apps remain the persistent threat. These days, even official app stores aren’t completely safe. For instance, McAfee noted a 30% increase in threat families found in the Google Play Store over the last year alone. These included fake versions of legitimate apps designed to steal personal information, and apps that signed users up for premium services without their consent, leaving them with hefty bills.

But one of the biggest threats we saw was the rise of cryptocurrencies miners. They can hide in the background of seemingly harmless apps, and use your device’s computing power to mine for Bitcoin and other digital currencies. This type of mobile malware can even cause your phone to overheat and stop functioning all together.

In addition to risky apps, dangers lurk when you connect your mobile devices to public Wi-Fi networks, which are often unsecured. Public networks, like those in hotels and airports, have become hunting grounds for cybercriminals who can set up fake Wi-Fi hotspots and use them to deliver malware. They can also potentially eavesdrop on your private data, including passwords and credit card numbers, as they are sent from your device to the router.

Finally, the explosion of devices known as the Internet of Things (IoT), which include IP cameras, interactive speakers, and smart appliances, offer another avenue of attack for the cybercriminals. Since these devices usually come with few security features, they can easily be hacked and used to spread malware to other more data-rich devices connected on the same network.

Given these escalating risks, it’s essential for mobile users to learn how to secure their mobile devices, and all the valuable information that they hold.

Tips for avoiding mobile malware: 

  1. Use Mobile Security—Make sure all your devices are protected from malware and other emerging mobile threats by using security software that can warn you about risky apps and dangerous links, as well as help you locate and lock down a missing device.
  2. Avoid Risky Apps—Stick to downloading highly-rated apps from official app stores. You should also check the app’s permissions to see how much of your private information the app is trying to access. Limit access to only what the app needs to function properly. For instance, a calculator app shouldn’t need your location or contact details.
  3. Choose Strong Passwords—A complicated, hard-to-guess password is your first line of defense when it comes to protecting your online accounts and information. You may want to consider using a password manager that generates strong passwords and keeps them in a secure vault so you don’t have to remember them all. Look into comprehensive security software that includes a password manager.
  4. Keep your IoT devices separate—Since many IoT devices have very low security, you may want to consider keeping them on a separate network from your smartphones, tablets, and computers since these usually contain private information. Read your router’s user manual to learn how to setup a second “guest” network. Or, you can invest in a router with built-in security that protects all the devices on the network.
  5. Stay Informed—Given our reliance on mobile devices, mobile malware is unlikely to go away anytime soon. Make sure you stay up-to-date on emerging threats and the steps you need to take to protect yourself.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Securing Your Devices from Mobile Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/feed/ 0
Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/#respond Fri, 27 Apr 2018 19:10:54 +0000 https://securingtomorrow.mcafee.com/?p=88644 No one is a big fan of intruders, let alone being disturbed while you’re on vacation. This is a potential reality for some travelers, as it was just discovered this week that hotel guests could possibly have unwanted visitors to their room. This is all due to a design flaw in the software of electronic keys […]

The post Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack appeared first on McAfee Blogs.

]]>
No one is a big fan of intruders, let alone being disturbed while you’re on vacation. This is a potential reality for some travelers, as it was just discovered this week that hotel guests could possibly have unwanted visitors to their room. This is all due to a design flaw in the software of electronic keys produced by Assa Abloy, formerly VingCard, that has left millions of hotel rooms worldwide vulnerable to hackers. The vulnerability could allow criminals to create master keys and open any door in the affected hotels.

First discovered by security researchers, this “master key” hack only needs a single hotel room key in order to exploit the flaw. After obtaining a key, hackers can use an RFID reader to try several key combinations to decode the card. A handful of combinations later (around 20 or so), crooks can determine the code and create a master key for the hotel. From there, the hacker can access any room his or her heart so desires. Specifically, they could potentially access hotel rooms in 166 countries and 40,000 locations.

As of now, it is unknown if anyone has actually exploited the threat. But researchers are in collaborating with Assa Abloy to address the problem. So what can you do to help ensure you’re protected from these faulty electronic locks? Start by following these tips:

  • Be selective about where you stay. Until this fix is implemented, it’s important globe-trotters get selective with their lodging. That starts by doing some basic research online – read up on what hotels use Assa Abloy and if you can’t find the information, feel free to call the hotel and ask about their digital lock security.
  • Lock away valuables, especially your devices. Unfortunately, hotel room break-ins are nothing new, they’ve just only become digitized recently. Fortunately, many hotels provide safes for that very reason. So make use of them, and store away your valuables (especially any computers or mobile phones) in order to keep them out of the wrong hands.
  • Use comprehensive security. No matter the type of hack, it’s always important to safeguard the keys (both physical and digital) to your life. One key you can always carry: comprehensive digital security. From mobile phones to laptop computers – lock down all your devices with McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/feed/ 0
Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/#respond Wed, 25 Apr 2018 18:36:07 +0000 https://securingtomorrow.mcafee.com/?p=88617 Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, […]

The post Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff appeared first on McAfee Blogs.

]]>
Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, phone scammers pretending to be from a Chinese Consulate office are tricking people in the U.S. into giving them large amounts of money.

First reported to The Verge, the Federal Trade Commission announced that it believes scammers are targeting people who have recently immigrated from China to the U.S. and have been asking these people to pick up packages or provide personal data to the “consulate staff.” Conveniently enough, this data is largely financial information. Unfortunately, the scam has seen some success, as the New York Police Department has reported that 21 Chinese immigrants have been scammed out of $2.5 million since December 21st, 2017. The majority of these victims are seniors.

This isn’t the first we’ve heard of phone scammers taking advantage of innocent people – as many out there have fallen victim to easily believable social engineering schemes such as this. Therefore, in order to avoid tricky scams like this one, be sure to follow these tips: 

  • Don’t give up your financial data to anyone other than your bank. If you receive a phone call from either a person or a recording requesting this data, remain skeptical and hang up. Then, call your official bank directly and check with them if there’s an issue you need to discuss.
  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Reduce your exposure. Register your mobile phone number, as well as your home phone, on the “do not call” registry to keep your number uninvolved in the latest social engineering scheme.
  • Use an identity theft protection solution. If for some reason a scammer does compromise your personal information, it’s important to get prepared about protecting yourself against identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/feed/ 0
Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/#respond Fri, 20 Apr 2018 17:46:29 +0000 https://securingtomorrow.mcafee.com/?p=88595 Video games allow users to become a whole new persona, to experience imaginary worlds, and live out scenarios that are beyond their wildest dreams. One of the most popular video games out there, Minecraft, allows users to build worlds out of cubes and create customized virtual avatars to represent themselves within the game. Only now, […]

The post Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts appeared first on McAfee Blogs.

]]>
Video games allow users to become a whole new persona, to experience imaginary worlds, and live out scenarios that are beyond their wildest dreams. One of the most popular video games out there, Minecraft, allows users to build worlds out of cubes and create customized virtual avatars to represent themselves within the game. Only now, special add-ons that are used by players to personalize their avatar have become part of a cyber scheme, as over 50,000 Minecraft accounts have been infected with malware via character skins that were created and uploaded to the game’s official website by fellow users.

Though it is unclear who exactly created the malicious skins, it is believed that the malware does not come from any well-known cybercriminals but rather from inexperienced players looking to exploit others for their own amusement. This malware is not just simple competitive jab either, as its tactics are quite nasty. It has been reported that, once downloaded, the strain can reformat hard drives and delete backup data and system programs.

Now, knowing that fellow gamers are out there trying to sabotage others, what are next steps for Minecraft players? It’s important all users start doing all that they can now in order to avoid infection. You can start by following these proactive security tips:

  • Do your homework. Before you download any extra add-ons for games, make sure you read fellow user reviews. Conduct a quick Google scan and see what other users think – has it caused them issues or security strife? When in doubt, don’t download any add-ons (like character skins) that come from an untrustworthy source or seem remotely sketchy.
  • Back up your files on an external hard drive. Always make sure your files are backed up on an external hard drive. That way, if your data is deleted in this Minecraft malware attack or others like it, you can restore the data from the backup.
  • Use comprehensive security. Whether you’re using the mobile version of Minecraft, or gaming on your computer, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/feed/ 0
Casino’s High-Roller Database Compromised by a Single IoT Thermometer https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/#respond Wed, 18 Apr 2018 01:38:53 +0000 https://securingtomorrow.mcafee.com/?p=88543 It’s no secret that IoT devices have caused some issues with security in the past. They’ve been used by cybercriminals to topple networks and hack into homes. Oh, and now breach casinos. You heard correctly – a vulnerable IoT thermometer, which was being used to monitor the water of an aquarium in a casino’s lobby, […]

The post Casino’s High-Roller Database Compromised by a Single IoT Thermometer appeared first on McAfee Blogs.

]]>
It’s no secret that IoT devices have caused some issues with security in the past. They’ve been used by cybercriminals to topple networks and hack into homes. Oh, and now breach casinos. You heard correctly – a vulnerable IoT thermometer, which was being used to monitor the water of an aquarium in a casino’s lobby, actually opened up the organization’s network to cyberattack.

So, how exactly did a singular IoT thermometer breach an entire organization? The vulnerable device created an opening into the casino’s network for cybercriminals to enter, resulting in the crooks obtaining information about the casino’s high-roller database. Unfortunately, it has yet to be determined what kind of information has been taken from this database.

This incident reminds us that IoT security continues to be a persistent problem that’s showing no signs of slowing. As discussed during our EMEA McAfee Labs Day event last week, new connected devices are coming online every day, so it’s important to think about how you protect your data now and in the future. That starts with manufacturers including security as part of their design of IoT devices and owners of connected gadgets doing their part in ensuring their devices don’t expose larger networks of any kind. You can start implementing proactive IoT security by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away.If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Secure your home’s internet at the source. Just like the thermometer must connect to the casino’s larger internet network, smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Casino’s High-Roller Database Compromised by a Single IoT Thermometer appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/feed/ 0
Typosquatting: What You Need to Know Now https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/#respond Fri, 13 Apr 2018 16:00:25 +0000 https://securingtomorrow.mcafee.com/?p=88400 As it turns out, your high school English teacher was right—spelling does matter. This is especially true now, when mistyping a simple web address could potentially land you in hot water. Although “typosquatting” has been around for a long time, cybercriminals are becoming more systematic in how they use this technique, aiming to steal personal […]

The post Typosquatting: What You Need to Know Now appeared first on McAfee Blogs.

]]>
As it turns out, your high school English teacher was right—spelling does matter. This is especially true now, when mistyping a simple web address could potentially land you in hot water. Although “typosquatting” has been around for a long time, cybercriminals are becoming more systematic in how they use this technique, aiming to steal personal information, make money, or spread malware.

If you’ve ever typed in a web address and landed on a page that is nothing like the one you intended to go to, you may be familiar with this practice, also known as “URL hijacking.” This is when a webpage is put up at a similar web address to another well-known site, in the hopes of capturing some of the legitimate website’s traffic.

These sites often rely on the small typos we make when we type in web addresses, like accidentally omitting the “o” in “.com”. In fact, researchers recently found a whole host of addresses that were registered in the names of well-known sites, but terminating in  “.cm”, instead of “.com”. These copycat addresses included financial websites, such as Chase.cm and Citicards.cm, as well as social and streaming sites.

The .cm sites were used to advertise promotions and surveys used to collect users’ personal information. What’s more, over 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.

While early typosquatting efforts were often aimed at stealing traffic alone, we’re now seeing a move toward clever copycats. Some look like real banking websites, complete with stolen logos and familiar login screens, hoping to trick you into entering your passwords and others sensitive information.

Earlier this year, for instance, the Reserve Bank of India (RBI) warned customers that someone had bought the URL “www.indiareserveban.org”, and put up a fake site, asking for banking details and passwords, even though the real RBI is a central bank that holds no individual accounts.

But, cybercrooks don’t even need to put up fake websites to try to steal your information; they can also trick you into downloading malware. They may lead you to a site that delivers a pop-up screen telling you to update your Adobe Flash Player, for instance.

That’s exactly what happened not too long ago to Netflix users who accidentally typed in “Netflix.om”, instead of “.com”. The cybercrooks had smartly used the Netflix address ending in the top-level domain for Oman to try to redirect at least some of the streaming site’s over 118 million users to a malware-laden site instead. In fact, “.om” was used as part of a larger typosquatting campaign, targeting over 300 well-known organizations.

Given that typos are easy to do, and fake websites are becoming more convincing, here are the steps you should take to protect yourself from typosquatting:

  • Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
  • If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar, indicating that the site uses encryption to secure the data that you share.
  • Be suspicious of websites with low-quality graphics or misspellings, since these are telltale signs of fake websites.
  • Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
  • Don’t click on links in emails, text messages and popup messages unless you know and trust the sender.
  • Consider using a safe search tool such as McAfee WebAdvisor, which can alert you to risky websites right in your search results.
  • Always use comprehensive security software on both your computers and devices to protect you from malware and other online threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Typosquatting: What You Need to Know Now appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/feed/ 0
Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/#respond Wed, 11 Apr 2018 18:22:58 +0000 https://securingtomorrow.mcafee.com/?p=88340 A huge part of modern-day customer service is the chat functionality, which allows customers to converse easily with representatives of the organization in order to find a solution to their problem. This chat functionality is often a service offered by a third-party provider. And just last week, one of these service providers, [24]7.ai, reported that […]

The post Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy appeared first on McAfee Blogs.

]]>
A huge part of modern-day customer service is the chat functionality, which allows customers to converse easily with representatives of the organization in order to find a solution to their problem. This chat functionality is often a service offered by a third-party provider. And just last week, one of these service providers, [24]7.ai, reported that an unspecified cyberattack affected online payment data collected by a “small number of our client companies.” A few of these companies include Delta Airlines, Sears, Kmart, and Best Buy.

The breach was the result of an unspecified malware attack on the service’s chat tool, which occurred between Sept. 26 and Oct. 12, 2017. The malware permitted cybercriminals to obtain unauthorized access to customer data, including payment card numbers, CVV numbers, and expiration dates, in addition to customers’ names and addresses.

Delta Airlines, Sears, Kmart, and Best Buy all have not yet determined how many customers have been impacted so far. But it is believed to be totaling up to hundreds of thousands. So, for those who have been affected – what are the next steps? Start by following these security tips here:

  • Place a Fraud Alert. If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.
  • Freeze Your Credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Consider an identity theft protection solution. With these breaches, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/feed/ 0
MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/#respond Fri, 30 Mar 2018 22:10:04 +0000 https://securingtomorrow.mcafee.com/?p=88153 This blog has been updated as of 4/4. Practically everything has become digitized in 2018. We’ve developed thousands of health apps and gadgets to help monitor our fitness, implemented online ordering services for restaurants, the list goes on. And just this past week – two of these very innovations have been breached for customer data, […]

The post MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches appeared first on McAfee Blogs.

]]>
This blog has been updated as of 4/4.

Practically everything has become digitized in 2018. We’ve developed thousands of health apps and gadgets to help monitor our