Consumer Threat Notices

mcafee-213780-b2b-retouched-20180516-750x500-300x200-4.jpg

Here’s What You Need to Know About Your Data Privacy in 2020

Here’s What You Need to Know About Your Data Privacy in 2020 1

The end of 2019 is rapidly approaching, and with the coming of a new year comes the perfect opportunity to reflect on the past and plan for the months ahead. What will 2020 bring when it comes to cybersecurity and what can users do to ensure that they’re protected in the upcoming year? From new data privacy laws to how organizations collect and store user data, the new year will certainly bring plenty of security implications for users. Let’s take a look at a few predictions we have for the year to come.

More Awareness, More Regulations

After a security breach is disclosed, users often learn what can go wrong with their data and may start to wonder what will happen if their information gets into the wrong hands. That’s why new privacy laws will likely be implemented to empower users to better protect and control their data. For example, the new California privacy law set to go into effect January 2020 will allow consumers to instruct companies to delete their personal information and to opt-out of having their private data shared. These new regulations will allow users to better control their data and who has access to it. However, more regulations also create a more complicated landscape for individuals to navigate. Consumers will likely see more “consent” requests attached to any online data collection. That said, it is important to pay close attention to what consumers are agreeing to when they click “consent.”

With these new privacy laws, the method and level of transparency that organizations use to collect and store user data will likely come under scrutiny, particularly as data breaches become public. For example, companies make billions of dollars annually by buying and selling personal information that isn’t theirs to sell. The more data a company has on a user, the more insight cybercriminals have to infiltrate their digital life and trick them into sharing more information. 

New Tricks for the New Year

As more data is collected from various breaches, cybercriminals will look to leverage this information as a way to better understand which users to target and how exactly to target them. With the help of social engineering and artificial intelligence, these crooks will up the ante and turn old cyber tricks into sophisticated, unfamiliar threats. Take call spoofing, for example. By taking advantage of a user’s private data and new technology, cybercriminals could implement a fake call that appears to be coming from the user’s friend or family member. Because users are more likely to pick up a call from someone they know or a number that shares their same area code, cybercriminals increase the chances that their malicious attacks will be successful.

Dark Web Draws in More Data

With the number of breached records growing every day, users need to be aware of how crooks are leveraging this information in the cybercriminal underground and on the Dark Web. According to the McAfee Advanced Threat Research (ATR) team, more than 2.2 billion stolen account credentials were made available on the cybercriminal underground throughout Q1 2019 alone. This growing trend of personal online accounts being brokered on the Dark Web and the increasingly sophisticated threats that have recently emerged means that the 2019 holiday season could be the most dangerous yet.

With these predictions for the cybersecurity landscape in 2020, what resolutions can users make to help ensure that their data is protected? Follow these security tips to help safeguard your personal information:

  • Never reuse passwords. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts. Ensure that all of your passwords are complex and unique.
  • Go directly to the source. Instead of clicking on a link in an email, it’s always best to check directly with the source to verify an offer or shipment.
  • Browse with security protection. Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
  • Use a tool to help protect your personal information. A solution like McAfee Identity Theft Protection takes a proactive approach to help protect identities with personal and financial monitoring and recovery tools to help keep identities personal and secure.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Here’s What You Need to Know About Your Data Privacy in 2020 appeared first on McAfee Blogs.

roberto-nickson-u6fDUe2x11g-unsplash-200x300.jpg

How to Ensure You Don’t Fall Victim to a Holiday Scam this Festive Season

How to Ensure You Don’t Fall Victim to a Holiday Scam this Festive Season 2

If Benjamin Franklin were alive today, I have no doubt that he’d revise his famous quote: ‘Nothing can be said to be certain except death and taxes’ to include online holiday scams! For there is no question that online scammers and cybercriminals love the festive season! The bulk of us are time-poor, stressed, and sporting to-do lists as long as our arms – so cybercrims know it’s inevitable that some of us are going to take short cuts with our online safety and fall into their webs!

And McAfee research shows just that with over a third of Aussies having either fallen victim to or know someone who has been affected by a phishing scam in 2019. A phishing scam is when a scammer poses as a trustworthy entity (for example, a bank or government department) usually via email with the sole purpose of trying to extract sensitive information such as passwords, usernames and credit card details. And clearly, phishing is a very lucrative online trick as it was named as the worst scam of 2019!

Top Scams of 2019

Although phishing scams have taken out the top place for 2019, robocalling scams and shipping notification scams have also caused Aussies great pain this calendar year.

If you receive a phone call with a pre-recorded message that presents a grim scenario if you don’t take action then you’ve been robocalled! My family’s ‘favourite’ one from 2019 was the scam which delivered a pre-recorded message advising us that our phone line would be cut unless we spoke immediately to their technician. The Australian Telecommunications Ombudsman was overrun with complaints about this particular heist which backs up McAfee’s research that shows 32% of Aussies either fell victim to this scam, or knew someone who did.

Shipping notification scams have also caused Aussies grief this year with more than a 1/4 of us (26%) affected or in touch with someone who was. The meteoric rise of online shopping has meant that when many of us are notified about an impending delivery, we probably don’t stop to question its authenticity.

How Much Are Scams Costing Aussies?

In Australia, 1 in 10 scam victims (11%) have lost money as a result of being targeted by a scam. And a quarter of those affected have lost more than $500! Now, that’s a sizeable chunk of cash!

But in addition to an initial monetary sting, having your personal details ‘stolen’ via a scam may come back to haunt you later down the track. According to McAfee’s Advanced Threat Research (ATR), more than 2.2 billion stolen account credentials were made available on the criminal underground in just the first 3 months of 2019!

Cybercriminals Love the Holidays!

The holiday season is particularly stressful for consumers, and cybercriminals plan accordingly. Many of us ramp up our online shopping in the lead-up to the holiday period and, as our ‘to-do’ lists get longer, some of us will inevitably let our guard down online. And cybercriminals know this too well so consequently spend a lot of effort devising cunning schemes to take advantage of our corner-cutting.

Cybercriminals put a lot of effort into devising fake accounts and sites to target consumers around key holiday shopping periods however some Aussies aren’t aware of these ploys with 21% of the Aussies interviewed not aware scams like these existed.

How to Ensure You Don’t Fall Victim to a Holiday Scam this Festive Season 3

How Can Consumers Stay Safe This Holiday Period?

I highly recommend that you (and your family members) take a little time this holiday period to sure up your online safety. Here are a few simple steps that consumers can take to protect themselves and avoid getting scammed this festive period:

  1. Think Before Clicking on Links

With phishing scams revealed to be the worst scam of the year, it is more important than ever to think before clicking on links. Instead of clicking on a link in an email, it is always best to check directly with the source to verify an offer or shipment.

  1. Passwords, Passwords, Passwords

With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts. By using a different password for each, shopping, media streaming or social media account, you can dramatically reduce this risk.

  1. Invest in Security Protection Software

Use comprehensive security protection, like McAfee Total Protection, which can help protect devices against malware, phishing attacks and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.

  1. Consider a Virtual Private Network (VPN)

A solution like McAfee Safe Connect with bank-grade encryption, private browsing services, and internet security will keep your information safe from cybercriminals – even when checking emails or online shopping on public Wi-Fi or open networks.

And finally beware bogus gift card scams! One new trend that is set to hit unsavvy consumers hard this holiday season is phoney gift cards, with McAfee’s ATR team seeing fake gift cards sold on the cybercriminal underground. Yet, despite the rise in this scam, 17 per cent of the survey respondents have never heard of bogus gift cards and over a quarter (26%) reported that they are not concerned about the threat. So, please spread the word and do your homework before buying gift cards!

Here’s to a Happy, Scam-Free Holiday Season!

The post How to Ensure You Don’t Fall Victim to a Holiday Scam this Festive Season appeared first on McAfee Blogs.

anete-lusina-609864-unsplash-2-300x200-2.jpg

Beat Black Friday Scammers: Secure Your Online Purchases From Fake Payment Processors

Beat Black Friday Scammers: Secure Your Online Purchases From Fake Payment Processors 4

They see you when you’re shopping, they know when you click “pay” – cybercriminals, that is. With Black Friday and Cyber Monday deals flooding the internet, malicious actors have many opportunities to exploit users rushing to purchase gifts for family and friends. And according to Ars Technica, thieves have devised a new way to steal payment-card data from online shoppers, just in time for the holiday shopping season.

So, what makes this particular scam different from other credit and debit card scams? Many e-commerce sites will choose to offload payment card charges to third-party payment service platforms, or PSPs. However, cybercriminals have developed fake payment service platforms that highly resemble legitimate PSPs. Rather than infecting a merchant’s checkout page with malware that skims the information after it’s been inputted by the user, cybercriminals infect the merchant site by adding a line or two of code, which redirects the user to a fake PSP at the time of purchase.

Beat Black Friday Scammers: Secure Your Online Purchases From Fake Payment Processors 5
Image provided by Ares Technica.

What makes this scam so stealthy? Apart from swapping legitimate payment processing sites with fraudulent ones, cybercriminals closely mimic the traits of real e-banking pages to further trick the user into believing that their purchase is secure. For example, the fake payment processing page checks all the fields once the user completes them or informs the user if the field is invalid. Once the fake PSP collects the data, it redirects the unsuspecting user to the legitimate PSP and includes the purchase amount after successfully stealing the victim’s information.

Payment-service platforms are common in the world of e-commerce, particularly for smaller websites that don’t have the resources to harden their servers against sophisticated attacks. As a result, users need to be on high alert for these malicious schemes. Check out the following tips to help prevent your data from being swiped by cybercriminals.

  • Be on the lookout for suspicious activity. This particular scam redirects users from the fake PSP back to the legitimate payment site after their information has already been accepted. If you’re being asked for personal or financial data more than once, the site has likely been infected with malicious code.
  • Review your accounts. Be sure to look over your credit card and banking statements and report any suspicious activity as soon as possible.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Use a comprehensive security solution. Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection, which can help protect you from malware, phishing, and other threats.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Beat Black Friday Scammers: Secure Your Online Purchases From Fake Payment Processors appeared first on McAfee Blogs.

twitter27-300x169.jpg

2.2 Million Users Affected By Latest Data Exposure: 4 Tips to Stay Secure

2.2 Million Users Affected By Latest Data Exposure: 4 Tips to Stay Secure 6

The digitalization of data allows it to move effortlessly and be accessed from devices and places around the world within a matter of seconds. This also makes it possible for businesses, organizations, and even individuals to collect and analyze this data for a variety of reasons. However, not all of these purposes are well-intentioned. More often than not, cybercriminals use the abundance of digital data to their advantage. According to Ars Technica and security researcher Troy Hunt, password data and other personal information belonging to as many as 2.2 million users of two websites – a cryptocurrency wallet service and a gaming bot provider — has been posted on the Dark Web.

What information is included in these databases? The first data haul includes personal information for as many as 1.4 million accounts from the GateHub cryptocurrency wallet service. The cybercriminal who posted this 3.72GB database stated that it also includes two-factor authentication keys, mnemonic phrases, and wallet hashes. The second haul contains data for about 800,000 accounts on RuneScape’s bot provider EpicBot, including usernames and IP addresses. Both databases include registered email addresses and hashed passwords.

So, what lessons can we learn from this data dump and what can we do to help secure our information? Check out the following security tips to help protect your digital data.

  • Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
  • Use strong, unique passwords. Make sure to use complex passwords for each of your accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords consistently to further protect your data.
  • Watch out for other cyberattacks. Be on high alert for other malicious attacks where cybercriminals could use stolen credentials to exploit users, such as spear phishing.
  • Check to see if you’ve been affected. If you or someone you know has a GateHub or EpicBot account, use this tool to check if you could have been potentially affected.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 2.2 Million Users Affected By Latest Data Exposure: 4 Tips to Stay Secure appeared first on McAfee Blogs.

iStock-625793968_COUPLEHOLIDAY-min-300x200.jpg

This Holiday Season, Watch Out for These Cyber-Grinch Tricks

This Holiday Season, Watch Out for These Cyber-Grinch Tricks 7

Whether it be that their shoes are too tight, their heads aren’t screwed on just right, or they’re expressing a little bit of “Bah Humbug,” cyber-grinches and cyber-scrooges everywhere view the holiday season as a perfect opportunity to exploit users. In fact, McAfee recently conducted a survey of over 1,000 adults over the age of 18 in the U.S. from October 10-20, 2019 to shed light on the types of scams they encountered this year. Let’s take a look at how criminals are attempting to steal the fun of the holiday season with various scams.

Ribbons, Wrappings, and Robocalls

The survey revealed that 48% of Americans have been a victim of or know someone who has been a victim of robocalling in 2019, making it the most prevalent scam of the year. Respondents also reported that they had been targeted with email phishing (41%) and text phishing (35%) in 2019. Another popular trend this year among these crooks? What’s old is new again. While cybercriminal activity has become increasingly sophisticated over the years, survey results showed that these less sophisticated scams of Christmas are still a popular avenue for cybercriminals to exploit.

Combined, all these scams have left quite a financial impact. 74% of respondents admitted to losing more than $100 to these scams, while 30% lost more than $500. What’s more, over 2.2 billion stolen account credentials were made available on the cybercriminal underground throughout Q1 2019 alone, posing an even greater threat to users’ data.

Between all the threats stemming from these cyber-grinches and cyber-scrooges, scams have the potential to haunt users’ digital past, present, and future. Which begs the question – what should users do? They can start by first reading McAfee’s own Christmas Carol:

This Holiday Season, Watch Out for These Cyber-Grinch Tricks 8

Be on the Lookout for These Cyber-Grinch Tricks

While most users believe that cyber-scams become more prevalent during the holidays, a third don’t actually take any steps to change their online behavior. In fact, by cutting some corners to pave way for holiday fun, users may be putting themselves at more risk than they realize. While using devices and apps for tasks like holiday shopping, streaming TV shows, and food delivery services, users are sharing more personal information than ever before. By targeting these popular apps, cybercriminals can collect and store key data, including home addresses, credit card information, and account passwords that they can use for future attacks.

Another trend that’s set to hit unsavvy users this holiday season is phony gift cards, with McAfee’s Advanced Threat Research team discovering phony gift cards sold on the cybercriminal underground. However, the survey found that only 43% of respondents are aware of fake gift cards as a threat. What’s more, users are also failing to check shopping websites, with over one-third (37%) of respondents admitting that they don’t check an email sender or retailer’s website for authenticity. By not being mindful of these grinchy tricks, users open themselves up to many avenues of exploitation.

Securing Your Holiday Season

We must stop these Christmas scams from coming, but how? To help ensure a cyber-grinch doesn’t put a damper on your holiday season, check out the following security tips.

  • Never reuse passwords. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts. Ensure that all of your passwords are complex and unique.
  • Go directly to the source. Instead of clicking on a link in an email, it’s always best to check directly with the source to verify an offer or shipment.
  • Browse with security protection. Use a comprehensive security solution, likeMcAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
  • Use a tool to help protect your personal information. A solution like McAfee Identity Theft Protection takes a proactive approach to help protect identities with personal and financial monitoring and recovery tools to help keep identities personal and secure.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post This Holiday Season, Watch Out for These Cyber-Grinch Tricks appeared first on McAfee Blogs.

iStock_83885019_SHOPPING-min-300x200.jpg

‘Tis the Season for Cybersecurity: Stay Protected This Holiday Season

‘Tis the Season for Cybersecurity: Stay Protected This Holiday Season 9

It’s beginning to look a lot like the holiday season – and with the holidays comes various opportunities for cyber-scrooges to exploit. While users prepare for the festivities, cybercriminals look for opportunities to scam holiday shoppers with various tricks. To shed more light on how these crooks are putting a damper on user’s holiday season, McAfee surveyed over 8,000 adults over the age of 18 across multiple countries from October 10-20, 2019 on the types of scams they’ve encountered this year.

The Scams of Christmas Past

Cyber-scrooges have upped the ante over the years, using more sophisticated measures to adapt to consumers’ evolving digital lifestyles. However, scams of Christmas Past are still haunting users today, as global findings indicate that email and text phishing are still prevalent. For example, the percentage of respondents stating that they still experience email phishing ranges from 25% in India to a whopping 42% in France. Respondents stating that they still experience text phishing ranged from 21% in India to 35% in Australia.

Additionally, robocalling has seen an increase in popularity in 2019. Fifty-one percent of respondents in France stated that they still receive robocalls. The survey found that 48% of respondents in the U.S. and 32% of Australians receive robocalls, as well as 34% in Spain, and 33% in Germany claimed that they have fallen victim to robocalls.

The Scams of Christmas Present

During the holidays, cyber-scrooges are likely to further exploit scams of Christmas Present to take advantage of users’ generosity. For example, several survey respondents in the U.K., France, Germany, Spain, Australia, India, and Singapore stated that they had fallen victim to fake charity scams in 2019. Knowing that many people enjoy making donations during this time of year, cybercriminals will likely pose as a charity online as a ploy to collect financial data and money from unsuspecting users.

Since many people do a lot of their holiday shopping online, users should also beware of shipping notification scams, as respondents in the U.K., Spain, Australia, India, and Singapore have fallen victim to these scams throughout this year. This scam, along with all those of Christmas Past and Present, proves that as people continue to adopt technology into their everyday lives, they are in turn giving cybercriminals more opportunities to exploit during the holiday season.

The Scams of Christmas Future

Whether it be email phishing or fake charity scams, users must stay updated on common cyber-scrooge practices to help protect their personal and financial data. As more data and user credentials are gathered from breaches, cybercriminals are looking to take their business to the next level and leverage more advanced techniques. For example, the cybercriminal underground poses a threat to users with more than 2.2 billion stolen account credentials made available for purchase in Q1 2019. These crooks will likely continue to sell and share user data across the Dark Web for the possibility of more profit.

Cybercriminals will also leverage data collected from breaches to better understand which users to target and how they can easily target them with social engineering and AI (artificial intelligence). Most users will probably ignore a call from an unknown number, but what about a call from a family member? Cybercriminals will create more sophisticated scams by including a family member’s caller ID in the hopes of exploiting users through more personal engagement.

Attacks will not only likely grow in sophistication but in volume in the future as well. From interactive speakers to IP cameras to other internet-connected devices like thermostats and appliances — IoT devices have greatly increased the attack surface. As we see an increase in the volume of devices going into homes with a lack of security controls built-in, cybercriminals will likely focus on exploiting consumers through these gadgets. The good news? As we look ahead towards the scams of Christmas Future, we can also work to better prepare our networks and devices before we fall into cybercriminals’ traps.

Even though users believe that cyber-scams become more prevalent during the holiday season, a third don’t actually take steps to change their online behavior. To help ensure your holiday season goes off without a hitch, follow these tips to help stay secure:

  • Say so long to robocalls. Consider downloading the app Robokiller that will stop robocalls before you even pick up. The app’s block list is constantly updating, so you’re protected. Let all other unknown calls go to voicemail and never share personal details over the phone.
  • Go directly to the source. Be skeptical of emails or texts claiming to be from companies or charities with peculiar asks or messages. Instead of clicking on a link within the email or text message, it’s best to go straight to the company’s website or contact customer service.
  • Hover over links to verify the URL. If someone sends you an email with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.
  • Use a comprehensive security solution. Using a solution like McAfee Total Protection can help your holiday shopping spree go smoothly by providing safe web browsing, virus protection, and more.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post ‘Tis the Season for Cybersecurity: Stay Protected This Holiday Season appeared first on McAfee Blogs.

McAfee_consumer_1parent1daughter_tablet_cooking_72dpi-300x200-2.jpg

What You Need to Know About the Google Chrome Vulnerabilities

What You Need to Know About the Google Chrome Vulnerabilities 10

While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-13720).

So, what is the Google Chrome zero-day exploit? While there are few specific details known at this time, researchers did uncover that the bug is a use-after-free flaw, which is a memory corruption flaw that attempts to access a device’s memory after it has been freed. If this occurs, it can cause a variety of issues including program crashes, execution of malicious code, or even allowing an attacker to gain full remote access to the device.

The second of the two vulnerabilities (CVE-2019-13721) affects PDFium, a platform developed by Foxit and Google. PDFium provides developers with capabilities to leverage an open-source software library for viewing and searching for PDF documents. Like the first bug, this flaw is also a use-after-free vulnerability. However, there have been no reports of it being exploited by cybercriminals for malicious purposes yet.

Luckily, Google has quickly acknowledged the vulnerabilities and is rolling out a patch for these bugs over the coming days. Meanwhile, follow these security tips to help safeguard your data and devices:

  • Update, update, update. Be sure to install the latest Chrome browser update immediately to help mitigate any risk of falling victim to these exploits.
  • Turn on automatic updates. Practice good security hygiene by turning on automatic updates. Cybercriminals rely on unpatched software to exploit vulnerabilities, so ensure that your device software is updated as soon as patches are available.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

 

The post What You Need to Know About the Google Chrome Vulnerabilities appeared first on McAfee Blogs.

twitter47-300x169-2.jpg

Chapter Preview: Ages 11 to 17 – From Tweens to Teens

Chapter Preview: Ages 11 to 17 – From Tweens to Teens 11

For anyone who asks what happens during the tween through teen years, the best answer is probably, “What doesn’t happen?!”

Just so you know, I’ve been there, done that, and got the T-shirt. And I survived. My kids were the first generation to grow up on social media. Like most teens in the mid-2000s, they got their first taste with MySpace and then switched to Facebook as the masses shifted there around 2009. They also got into other platforms, like Instagram, and stuck with them while others came and went. And yes, sharing almost every facet of their lives presented many challenges. I won’t get into details here as it might embarrass my kids, but suffice it to say that mistakes were made.

Being a security and privacy practitioner, I made sure there were lots of discussions on how to use these platforms safely. The early discussions centered on privacy and the permanence of data, but eventually led to security talks as the platforms were inundated with scams and other malicious activities. As you can imagine, when my kids were tweens and teens, the internet was a different place than it is today, and I’m sure it will be very different 10 to 15 years from now.

 

This chapter of “Is Your Digital Front Door Unlocked?” steps you through what your tween and teen face as they spend an increasing amount of time online and using connected things. It expands upon some of the topics discussed earlier in the book with more of an eye towards how those topics impact this age group, while offering advice and insights on topics that often surface at this age. We tackle some big topics too, such when to get your child a smartphone, how many children will make friends that they will only know online, cyberstalking, and the secret digital life of teens that every parent should know. This chapter packs a big punch—as it should, because these are some big years for parents and kids alike.

Gary Davis’ book, Is Your Digital Front Door Unlocked?, is available September 5, 2019 and can be ordered at amazon.com.

The post Chapter Preview: Ages 11 to 17 – From Tweens to Teens appeared first on McAfee Blogs.

twitter74-300x169.jpg

3 Tips to Protect Yourself From the Office 365 Phishing Scams

3 Tips to Protect Yourself From the Office 365 Phishing Scams 12

Cybercriminals seem to get more and more sophisticated with their attacks, and phishing scams are no different. The McAfee Labs team has observed a new phishing campaign using a fake voicemail message to trick victims into giving up their Office 365 email credentials. During the investigation, the team has found three different phishing kits being used to exploit targets.

How exactly does this sneaky phishing scam work? It all begins when a victim receives an email stating that they’ve missed a phone call, along with a request to log into their account to access the voice message. The email also contains an attached HTML file that redirects the victim to a phishing website. This website prepopulates the victim’s email address and asks them to enter their Office 365 credentials. What’s more, the stealthy attachment contains an audio recording of someone talking, leading the victim to believe that they are listening to a legitimate voicemail.

3 Tips to Protect Yourself From the Office 365 Phishing Scams 13

Once the victim enters their password, they are presented with a page stating that their login was successful. The victim is then redirected to the office.com login page, leading them to believe that everything is perfectly normal. Little do they know that their credentials have just been harvested by a cybercriminal.

While this sneaky scheme has been primarily used to target organizations, there is much to be taken away from this incident, as cybercriminals often disguise themselves as businesses to phish for user data. To protect yourself from these stealthy scams, check out the following tips:

  • Go directly to the source. Be skeptical of emails claiming to be from companies with peculiar asks or messages. Instead of clicking on a link within the email, it’s best to go straight to the company’s website to check the status of your account or contact customer service.
  • Be cautious of emails asking you to take action. If you receive an email asking you to take a certain action or download software, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links.
  • Hover over links to see and verify the URL. If someone sends you an email with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 3 Tips to Protect Yourself From the Office 365 Phishing Scams appeared first on McAfee Blogs.

img_1581534021300415-300x225.jpg

A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure

A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure 14

Halloween time is among us and ghosts and goblins aren’t the only things lurking in the shadows. This past month has brought a variety of spooky cyberthreats that haunt our networks and devices. From malicious malware to restricting ransomware, October has had its fair share of cyber-scares. Let’s take a look at what ghoulish threats have been leading to some tricks (and no treats) around the cybersphere this month.

Ghostcat Malware

One ghost that recently caused some hocus pocus across the Web is Ghostcat-3PC. According to SC Magazine, the malware’s goal is to hijack users’ mobile browsing sessions.

The infection begins when a user visits a particular website and is served a malicious advertisement. Ghostcat fingerprints the browser to collect device information and determines if the ad is running on a genuine webpage. Ghostcat also checks if the ad is running on an online publishers’ page that has been specifically targeted by this campaign. If these conditions are met, then the malware serves a malicious URL linked to the ad.

From there, this URL delivers obfuscated JavaScript, which creates an obscure source or machine code. The attackers behind Ghostcat use this to trick the publishers’ ad blockers, preventing them from detecting malicious content. The code also checks for additional conditions necessary for the attack, like ensuring that the malware is being run on a mobile device and a mobile-specific browser, for example. If the malware concludes that the browsing environment fits the descriptions of their target, it will serve a fraudulent pop-up, leading the user to malicious content.

Bewitched WAV Files

Ghostcat isn’t the only way malware is being spread lately, as, according to ZDNet, attackers have manipulated WAV audio files to spread malware and cryptominers. By using a technique called stenography, malware authors can hide malicious code inside of a file that appears normal, which allows hackers to bypass security software and firewalls.

Previously, cybercriminals have used stenography revolving around image file formats like PNG or JPEG. However, these crooks have now upped the ante by using WAV audio files to hide different types of malware. Most recently, researchers found that this technique is used to hide DLLs, or dynamic link libraries that contain code and data that can be used by more than one program at the same time. If malware was already present on an infected host device, it would download and read the WAV file, extract the DLL, and install a cryptocurrency miner called XMRrig. Cryptocurrency miners compile all transactions into blocks to solve complicated mathematical problems and compete with other miners for bitcoins. To do this, miners need a ton of computer resources. As a result, miners tend to drain the victim’s device of its computer processor’s resources, creating a real cybersecurity headache.

MedusaLocker Ransomware

Finally, we have the mysterious MedusaLocker ransomware. According to BleepingComputer, this threat is slithering its way onto users’ devices, encrypting files until the victim purchases a decryptor.

This strain will perform various startup routines to prep the victim’s device for encryption. Additionally, it will ensure that Windows networking is running and mapped network drives (shortcuts to a shared folder on a remote computer or server) are accessible. Then, it will shut down security programs, clear data duplicates so they can’t be used to restore files, remove backups made with Windows backup, and disable the Windows automatic startup repair.

For each folder that contains an encrypted file, MedusaLocker creates a ransom note with two email addresses to contact for payment. However, it is currently unknown how much the attackers are demanding for the victim to have their files released or if they actually provide a decryptor once they receive a payment.

With all of these threats attempting to haunt networks and devices, what can users do to help themselves have a safe and secure spooky season? Follow these tips to keep cybersecurity tricks at bay:

  • Watch what you click. Avoid clicking on unknown links or suspicious pop-ups, especially those coming from someone you don’t know.
  • Be selective about which sites you visit. Only use well-known and trusted sites. One way to determine if a site is potentially malicious is by checking its URL. If the URL address contains multiple grammar or spelling errors and suspicious characters, avoid interacting with the site.
  • If your computer slows down, be cautious. One way you can identify a cryptojacking attack – poor performance. If your device is slow or acting strange, start investigating and see if your device may be infected with malware.
  • Surf the web safely. You can use a tool like McAfee WebAdvisor, which will flag any sites that may be malicious without your knowing.
  • Use a comprehensive security solution. To secure your device and help keep your system running smoothly and safely, use a program like McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure appeared first on McAfee Blogs.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)