Author Archives: McAfee

CES 2021: Highlights From the “Cleanest” Show Yet!

CES 2021

Typically, the International Consumer Electronics Show (CES) gives us a sense of where technology is going in the future. However, this year’s show was arguably more about technology catching up with how the COVID-19 pandemic has reshaped our lives. While gathering in person was not an option, we still had the opportunity to witness incredible technological feats virtually – primarily those meant to help us better adapt to the new normal.
From devices aimed at making the world more sanitary to new work-from-home solutions, here are some of the highlights from this year’s first ever virtual CES:

Extreme Home Makeover: Digital Edition

Every year, CES introduces a plethora of smart home devices aimed at making our lives easier. But now that our homes have expanded beyond where we live to function as a workplace and classroom, companies have developed new gadgets to improve our lives while we stay at home. In fact, the smart home market grew 6.7% from 2019 to 2020 to $88 billion and is expected to reach $246.42 billion by 2025.

This year, Kohler showed off voice control features for its sinks and other fixtures, so homeowners can turn on faucets without touching them. And while every CES is paved with an array of flashy new TVs, LG drummed up lots of excitement with its new 55-inch transparent TV that you can see through when it’s turned off.

From monitors to keyboards and Wi-Fi upgrades to charging stations, plenty of the gadgets coming out of this year’s show were designed to improve the remote work experience. Take Dell’s UltraSharp 40-inch Curved Ultrawide U4021QW Monitor, for example. Ultrawide is the functional equivalent of two 4K monitors side-by-side, but without the seam. Belkin and Satechi also brought their latest charging stations to CES 2021 to improve the home office, allowing users to charge multiple devices at once. With so many companies creating innovative devices to make our work-from-home lives more manageable in the long run, it’s clear that remote work is likely here to stay.

Staying Healthy at Home in Global Health Crisis

CES 2021 also brought us a whole new lineup of technology designed to help us monitor our health at home. Fluo Labs debuted Flō, a device that stops your body from releasing histamines when pollen, dust, and other allergens enter your body. HD Medical also introduced HealthyU, a device smaller than a GoPro that includes a seven-lead ECG, a temperature sensor, a pulse oximeter, microphones to record heart and lung sounds, a heart rate monitor, and a blood pressure sensor. HealthyU is designed for people with heart issues to keep tabs on their health every day and send that information to their doctors remotely. Not only will these devices enable us to take better care of ourselves if we can’t physically go to a doctor’s office, but they will also enhance our awareness of ourselves and our loved ones.

Touchless Tech is on the Rise

In 2020, we became hyper-aware of germs and how they can easily spread – one of those ways being on digital devices. While disinfecting these surfaces with an alcohol solution can help, many look to taking a different approach to avoid germ-spreading: touchless technology.

While no one technology can win the battle against the virus, many companies are doing their part to promote a cleaner, healthier future. For example, Plott built a doorbell called the Ettie that can take people’s temperature before they’re allowed to enter. Another company, Alarm.com, created a Touchless Video Doorbell to cut down on the transmission of bacteria and viruses that we otherwise often leave on places we touch. Kohler also built a toilet that flushes with the wave of a hand. As we head further into 2021 and beyond, be on the lookout for more voice-activated and touchless devices to help slow the spread of germs and help us live our lives free from worry.

Adapt to the Cybersecurity Landscape in a Hyper-Connected World

We’ve become more reliant on technology than ever before to stay connected with loved ones from afar, work from home without missing a beat, participate in distance learning, and find new forms of digital entertainment. But with this increase in time spent online comes a greater risk of cyberthreats, and we must stay vigilant when it comes to protecting our online safety. Hackers continue to adapt their techniques to take advantage of users spending more time online, so we must educate and protect ourselves and our devices from emerging threats. This way, we can continue to embrace new technologies, while we live our digital lives free from worry.

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post CES 2021: Highlights From the “Cleanest” Show Yet! appeared first on McAfee Blogs.

2021 Threat Predictions Report

The Year 2020 brought a historic pandemic and bad actors leveraging COVID-19-themed threats to test our security operations and our unprecedented shift to a remote work life. As we enter 2021, these concerns are still at the forefront, but we are also looking ahead to other cyber threats likely to confront us in the months and years ahead.  

The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector – the supply chain – that will continue to be exploited.   

The ever-increasing use of connected devices, apps and web services in our homes will also make us more susceptible to digital home break-ins. This threat is compounded by many individuals continuing to work from home, meaning this threat not only impacts the consumer and their families, but enterprises as well.   

Attacks on cloud platforms and users will evolve into a highly polarized state where they are either “mechanized and widespread” or “sophisticated and precisely handcrafted”. 

Mobile users will need to beware of phishing or smishing messages aimed at exploiting and defrauding them through mobile payment services. 

The use of QR codes has notably accelerated during the pandemic, raising the specter of a new generation of social engineering techniques that seek to exploit consumers and gain access to their personal data. 

Finally, the most sophisticated threat actors will increasingly use social networks to target high value individuals working in sensitive industry sectors and roles 

A new year offers hope and opportunities for consumers and enterprises, but also more cybersecurity challenges. I hope you find these helpful in planning your 2021 security strategies. 

–Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research 

Twitter @Raj_Samani 

2021 Predictions  

1.

Supply Chain Backdoor Techniques to Proliferate 

By Steve Grobman 

The revelations around the SolarWinds-SUNBURST espionage campaign will spark a proliferation in copycat supply chain attacks of this kind 

On December 13, 2020, the cybersecurity industry learned nation-state threat actors had compromised SolarWinds’s Orion IT monitoring and management software and used it to distribute a malicious software backdoor called SUNBURST to dozens of that company’s customers, including several high-profile U.S. government agencies.  

This SolarWinds-SUNBURST campaign is the first major supply chain attack of its kind and has been referred to by many as the “Cyber Pearl Harbor” that U.S. cybersecurity experts have been predicting for a decade and a half 

The campaign also represents a shift in tactics where nation state threat actors have employed a new weapon for cyber-espionage.  Just as the use of nuclear weapons at the end of WWII changed military strategy for the next 75 years, the use of a supply chain attack has changed the way we need to consider defense against cyber-attacks.   

This supply chain attack operated at the scale of a worm such as WannaCry in 2017, combined with the precision and lethality of the 2014 Sony Pictures or 2015 U.S. government Office of Personnel Management (OPM) attacks. 

Within hours of its discovery, the magnitude of the campaign became frighteningly clear to organizations responsible for U.S. national security, economic competitiveness, and even consumer privacy and security.  

It enables U.S. adversaries to steal all manners of information, from inter-governmental communications to national secrets. Attackers can, in turn, leverage this information to influence or impact U.S. policy through malicious leaks.  Every breached agency may have different secondary cyber backdoors planted, meaning that there is no single recipe to evict the intrusion across the federal government. 

While some may argue that government agencies are legitimate targets for nation-state spy craftthe campaign also impacted private companies. Unlike government networks which store classified information on isolated networks, private organizations often have critical intellectual property on networks with access to the internet.  Exactly what intellectual property or private data on employees has been stolen will be difficult to determine, and the full extent of the theft may never be known.  

This type of attack also poses a threat to individuals and their families given that in today’s highly interconnected homes, a breach of consumer electronics companies can result in attackers using their access to smart appliances such as TVs, virtual assistants, and smart phones to steal their information or act as a gateway to attack businesses while users are working remotely from home. 

What makes this type of attack so dangerous is that it uses trusted software to bypass cyber defensesinfiltrate victim organizations with the backdoor and allow the attacker to take any number of secondary steps. This could involve stealing data, destroying data, holding critical systems for ransom, orchestrating system malfunctions that result in kinetic damage, or simply implanting additional malicious content throughout the organization to stay in control even after the initial threat appears to have passed. 

McAfee believes the discovery of the SolarWinds-SUNBURST campaign will expose attack techniques that other malicious actors around the world will seek to duplicate in 2021 and beyond. 

 

2.

Hacking the Home to Hack the Office 

By Suhail Ansari, Dattatraya Kulkarni and Steve Povolny 

 The increasingly dense overlay of numerous connected devices, apps and web services used in our professional and private lives will grow the connected home’s attack surface to the point that it raises significant new risks for individuals and their employers. 

 While the threat to connected homes is not new, what is new is the emergence of increased functionality in both home and business devices, and the fact that these devices connect to each other more than ever before. Compounding this is the increase in remote work – meaning many of us are using these connected devices more than ever.  

In 2020, the global pandemic shifted employees from the office to the home, making the home environment a work environmentIn fact, since the onset of the coronavirus pandemic, McAfee Secure Home Platform device monitoring shows a 22% increase in the number of connected home devices globally and a 60% increase in the U.S. Over 70% of the traffic from these devices originated from smart phones, laptops, other PCs and TVs, and over 29% originated from IoT devices such as streaming devices, gaming consoles, wearables, and smart lights.  

McAfee saw cybercriminals increase their focus on the home attack surface with a surge in various phishing message schemes across communications channels. The number of malicious phishing links McAfee blocked grew over 21% from March to Novemberat an average of over 400 links per home.  

 This increase is significant and suggests a flood of phishing messages with malicious links entered home networks through devices with weaker security measures 

 Millions of individual employees have become responsible for their employer’s IT security in a home office filled with soft targetsunprotected devices from the kitchen, to the family room, to the bedroomMany of these home devices are “orphaned” in that their manufacturers fail to properly support them with security updates addressing new threats or vulnerabilities.  

This contrasts with a corporate office environment filled with devices “hardened” by enterprise-grade security measures. We now work with consumer-grade networking equipment configured by “us” and lacking the central management, regular software updates and security monitoring of the enterprise.   

Because of this, we believe cybercriminals will advance the home as an attack surface for campaigns targeting not only our families but also corporations. The hackers will take advantage of the home’s lack of regular firmware updates, lack of security mitigation features, weak privacy policies, vulnerability exploits, and user susceptibility to social engineering.  

By compromising the home environment, these malicious actors will launch a variety of attacks on corporate as well as consumer devices in 2021. 

 

3.

Attacks on Cloud Platforms Become Highly Mechanized and Handcrafted 

By Sandeep Chandana  

Attacks on cloud platforms will evolve into a highly polarized state where they are either “mechanized and widespread” or “targeted and precisely handcrafted”.  

The COVID-19 pandemic has also hastened the pace of the corporate IT transition to the cloudaccelerating the potential for new corporate cloud-related attack schemesWith increased cloud adoption and the large number of enterprises working from home, not only is there a growing number of cloud users but also a lot more data both in motion and being transacted.  

 McAfee cloud usage data from more than 30 million McAfee MVISION Cloud users worldwide shows a 50% increase overall in enterprise cloud use across all industries the first four months of 2020. Our analysis showed an increase across all cloud categories, usage of collaboration services such as Microsoft O365 by 123%, increase in use of business services such as Salesforce by 61% and the largest growth in collaboration services such as Cisco Webex (600%), Zoom (+350%), Microsoft Teams (+300%), and Slack (+200%). From January to April 2020, corporate cloud traffic from unmanaged devices increased 100% across all verticals.  

 During the same period, McAfee witnessed a surge in attacks on cloud accounts, an estimated 630% increase overall, with variations in the sectors that were targeted. Transportation led vertical industries with a 1,350% increase in cloud attacks, followed by education (+1,114%), government (+773%), manufacturing (+679%), financial services (+571%) and energy and utilities (+472%).  

 The increasing proportion of unmanaged devices accessing the enterprise cloud has effectively made home networks an extension of the enterprise infrastructure. Cybercriminals will develop new, highly mechanizedwidespread attacks for better efficacy against thousands of heterogenous home networks.  

 One example could be a widespread brute force attack against O365 users, where the attacker seeks to leverage stolen credentials and exploit users poor practice of re-using passwords across different platforms and applications. As many as 65% of users reuse the same password for multiple or all accounts according to a 2019 security survey conducted by Google. Where an attacker would traditionally need to manually encode first and last name combinations to find valid usernames, a learning algorithm could be used to predict O365 username patterns.  

 Additionally, cybercriminals could use AI and ML to bypass traditional network filtering technologies deployed to protect cloud instances. Instead of launching a classic brute force attack from compromised IPs until the IPs are blocked, resource optimization algorithms will be used to make sure the compromised IPs launch attacks against multiple services and sectors, to maximize the lifespan of compromised IPs used for the attacks. Distributed algorithms and reinforcement learning will be leveraged to identify attack plans primarily focused on avoiding account lockouts.   

McAfee also predicts that, as enterprise cloud security postures mature, attackers will be forced to handcraft highly targeted exploits for specific enterprises, users and applications.  

The recent Capital One breach was an example of an advanced attack of this kind. The attack was thoroughly cloud-native. It was sophisticated and intricate in that a number of vulnerabilities and misconfigurations across cloud applications (and infrastructure) were exploited and chained. It was not a matter of chance that the hackers were successful, as the attack was very well hand-crafted.  

 We believe attackers will start leveraging threat surfaces across devices, networks and the cloud in these ways in the months and years ahead. 

4.

New Mobile Payment Scams

By Suhail Ansari and Dattatraya Kulkarni 

As users become more and more reliant on mobile payments, cybercriminals will increasingly seek to exploit and defraud users with scam SMS phishing or smishing messages containing malicious payment URLs.  

 Mobile payments have become more and more popular as a convenient mechanism to conduct transactions. Worldpay Global Payments Report for 2020 estimated that 41% of payments today are on mobile devices, and this number looks to increase  at the expense of traditional credit and debit cards by 2023. An October 2020 study by Allied Market Research found that the global mobile payment market size was valued at $1.48 trillion in 2019, and is projected to reach $12.06 trillion by 2027, growing at a compound annual growth rate of 30.1% from 2020 to 2027.  

Additionally, the COVID-19 pandemic has driven the adoption of mobile payment methods higher as consumers have sought to avoid contact-based payments such as cash or physical credit cards.  

 But fraudsters have followed the money to mobile, pivoting from PC browsers and credit cards to mobile payments. According to research by RSA’s Fraud and Risk Intelligence team72% of cyber fraud activity involved the mobile channel in the fourth quarter of 2019. The researchers observed that this represented the highest percentage of fraud involving mobile apps in nearly two years and underscores a broader shift away from fraud involving web browsers on PCs. 

McAfee predicts there will be an increase in “receive”-based mobile payment exploits, where a user receives a phishing email, direct message or smishing message telling him that he can receive a paymenttransaction refund or cash prize by clicking on a malicious payment URL. Instead of receiving a payment, however, the user has been conned into sending a payment from his account.  

This could take shape in schemes where fraudsters set up a fake call center using a product return and servicing scam, where the actors send a link via email or SMS, offering a refund via a mobile payment app, but the user is unaware that they are agreeing to pay versus receiving a refund. The figures below show the fraudulent schemes in action.  

Mobile wallets are making efforts to make it easier for users to understand whether they are paying or receiving. Unfortunately, as the payment methods proliferate, fraudsters succeed in finding victims who either cannot distinguish credit from debit or can be prompted into quick action by smart social engineering.  

Governments and banks are making painstaking efforts to educate users to understand the use of one-time passwords (OTPs) and that they should not be shared. Adoption of frameworks such as caller ID authentication (also known as STIR/SHAKEN) help in ensuring that the caller ID is not masked by fraudsters, but they do not prevent a fraudster from registering an entity that has a name close to the genuine provider of service. 

In the same way that mobile apps have simplified the ability to conduct transactions, McAfee predicts the technology is making it easier to take advantage of the convenience for fraudulent purposes. 

5.

Qshing: QR Code Abuse in the Age of COVID 

By Suhail Ansari and Dattatraya Kulkarni 

Cybercriminals will seek new and ever cleverer ways to use social engineering and QR Code practices to gain access to consumer victims’ personal data. 

The global pandemic has created the need for all of us to operate and transact in all areas of our lives in a “contactless” way. Accordingly, it should come as no surprise that QR codes have emerged as a convenient input mechanism to make mobile transactions more efficient.  

QR code usage has proliferated into many areas, including payments, product marketing, packaging, restaurants, retail, and recreation just to name a few. QR codes are helping limit direct contact between businesses and consumers in every setting from restaurants to personal care salons, to fitness studios. They allow them to easily scan the code, shop for services or items offered, and easily purchase them.  

September 2020 survey by MobileIron found that 86% of respondents scanned a QR code over the course of the previous year and over half (54%) reported an increase in the use of such codes since the pandemic began. Respondents felt most secure using QR codes at restaurants or bars (46%) and retailers (38%). Two-thirds (67%) believe that the technology makes life easier in a touchless world and over half (58%) wish to see it used more broadly in the future.  

In just the area of discount coupons, an estimated 1.7 billion coupons using QR codes were scanned globally in 2017, and that number is expected to increase by a factor of three to 5.3 billion by 2022In just four years, from 2014 to 2018, the use of QR codes on consumer product packaging in Korea and Japan increased by 83%The use of QR codes in such “smart” packaging is increasing at an annual rate of 8% globally.  

In India, the governments Unique Identification Authority of India (UIDAI) uses QR codes in association with Aadhaar, India’s unique ID number, to enable readers to download citizens’ demographic information as well as their photographs. 

However, the technicalities of QR codes are something of a mystery to most users, and that makes them potentially dangerous if cybercriminals seek to exploit them to target victims.  

The MobileIron report found that whereas 69% of respondents believe they can distinguish a malicious URL based on its familiar text-based format, only 37% believe they can distinguish a malicious QR code using its unique dot pattern formatGiven that QR codes are designed precisely to hide the text of the URL, users find it difficult to identify and even suspect malicious QR codes. 

Almost two-thirds (61%) of respondents know that QR codes can open a URL and almost half (49%) know that a QR code can download an application. But fewer than one-third (31%) realize that a QR code can make a payment, cause a user to follow someone on social media (22%), or start a phone call (21%). A quarter of respondents admit scanning a QR code that did something unexpected (such as take them to a suspicious website), and 16% admitted that they were unsure if a QR code actually did what it was intended to do. 

It is therefore no surprise that QR codes have been used in phishing schemes to avoid anti-phishing solutions’ attempts to identify malicious URLs within email messagesThey can also be used on webpages or social media.  

In such schemes, victims scan fraudulent QRs and find themselves taken to malicious websites where they are asked to provide login, personal info, usernames and passwords, and payment information, which criminals then steal. The sites could also be used to simply download malicious programs onto a user’s device.  

McAfee predicts that hackers will increasingly use these QR code schemes and broaden them using social engineering techniques. For instance, knowing that business owners are looking to download QR code generator apps, bad actors will entice consumers into downloading malicious QR code generator apps that pretend to do the same. In the process of generating the QR code (or even pretending to be generating the correct QR code), the malicious apps will steal the victim’s sensitive data, which scammers could then use for a variety of fraudulent purposes.  

Although the QR codes themselves are a secure and convenient mechanism, we expect them to be misused by bad actors in 2021 and beyond. 

6.

Social Networks as Workplace Attack Vectors  

By Raj Samani 

McAfee predicts that sophisticated cyber adversaries will increasingly target, engage and compromise corporate victims using social networks as an attack vector.  

Cyber adversaries have traditionally relied heavily on phishing emails as an attack vector for compromising organizations through individual employees. However, as organizations have implemented spam detection, data loss prevention (DLP) and other solutions to prevent phishing attempts on corporate email accounts, more sophisticated adversaries are pivoting to target employees through social networking platforms to which these increasingly effective defenses cannot be applied. 

McAfee has observed such threat actors increasingly using the messaging features of LinkedIn, What’s App, Facebook and Twitter to engage, develop relationships with and then compromise corporate employees. Through these victims, adversaries compromise the broader enterprises that employ them. McAfee predicts that such actors will seek to broaden the use of this attack vector in 2021 and beyond for a variety of reasons.  

Malicious actors have used the social network platforms in broad scoped schemes to perpetrate relatively low-level criminal scams. However, prominent actors such as APT34Charming Kitten, and Threat Group-2889 (among others) have been identified using these platforms for higher-value, more targeted campaigns on the strength of the medium’s capacity for enabling customized content for specific types of victims.  

Operation North Star demonstrates state-of-the-art attack of this kind. Discovered and exposed by McAfee in August 2020, the campaign showed how lax social media privacy controls, ease of development and use of fake LinkedIn user accounts and job descriptions could be used to lure and attack defense sector employees. 

Just as individuals and organizations engage potential consumer customers on social platforms by gathering information, developing specialized content, and conducting targeted interactions with customers, malicious actors can similarly use these platform attributes to target high value employees with a deeper level of engagement.  

Additionally, individual employees engage with social networks in a capacity that straddles both their professional and personal lives. While enterprises assert security controls over corporate-issued devices and place restrictions on how consumer devices access corporate IT assets, user activity on social network platforms is not monitored or controlled in the same way. As mentioned, LinkedIn and Twitter direct messaging will not be the only vectors of concern for the corporate security operations center (SOC). 

While it is unlikely that email will ever be replaced as an attack vector, McAfee foresees this social network platform vector becoming more common in 2021 and beyond, particularly among the most advanced actors. 

 

The post 2021 Threat Predictions Report appeared first on McAfee Blogs.

ST25: Absicherung von Cloud-nativen Anwendungen

Die Cloud ist und bleibt ein Treiber für die digitale Transformation. Nachdem der Fokus primär auf die Erkennung von Shadow-IT
und die Absicherung von SaaS-Diensten lag, wandert nun der Blick auf längerfristige Projekte: Die Migration von ganzen Diensten
und Anwendungen in Richtung Cloud. In diesem Podcast sprechen wir daher über die Themen Infrastruktur und Container in der
Cloud, wie diese sich in die bestehende Architektur einbinden und welche weiteren wichtigen Sichtweisen für eine umfassendes
Sicherheitskonzept hilfreich sind.

The post ST25: Absicherung von Cloud-nativen Anwendungen appeared first on McAfee Blogs.

Top Ten Tips for Protecting Your Identity, Finances, and Security Online

Cybersecurity technology

Top Ten Tips for Protecting Your Identity, Finances, and Security Online

Whether you’re working, banking, shopping, or just streaming a few shows online, these quick tips will make sure you’re more secure from hacks, attacks, and prying eyes.

1 – Protect your computers

Start with the basics: get strong protection for your computers and laptops. And that means more than basic antivirus. Using a comprehensive suite of security software like McAfee® Total Protection can help defend your entire family from the latest threats and malware, make it safer to browse, help steer you clear of potential fraud, and look out for your privacy too.

2 – Protect your phones and tablets too!

Aside from using it for calls and texting, we use our smartphones for plenty of things. We’re sending money with payment apps. We’re doing our banking. And we’re using them as a “universal remote control” to do things like set the alarm, turn our lights on and off, and even see who’s at the front door. Whether you’re an Android owner or iOS owner, get security software installed on your smartphones and tablets so you can protect all the things they access and control.

3 – Create new passwords

Get a fresh start with strong, unique passwords for all your accounts using a strong method of password creation. And keep those passwords safe—don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss. Better yet, instead of keeping them on a notebook or on sticky notes, consider using a password manager. It can actually create strong passwords for you, store them as you create them, and automatically use them as you surf, shop, and bank.

4 – Keep updated

Make sure you have the latest software updates for your computers, laptops, phones, tablets, and apps, and internet of things (IoT) devices like camera and alarm systems. Updates are important for two reasons: one, they’ll make sure you’re getting the latest functionality from your app or device; and two, they often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.

5 – Beware of what you share

Hackers love playing the role of imposters to get a hold of sensitive info and account logins—because it’s often so effective. If you get what appears to be a suspicious request from a recruiter, co-worker, vendor, friend, or family member, verify the message with that person directly before opening or responding. Remember that an employer will never request sensitive information such as social security numbers or bank routing numbers over email or text.

6 – Watch out for phony web addresses

When searching, give the results a good look before clicking. Ask yourself if the website you want to click is legitimate—are there any red flags, like a strange URL, an unfamiliar name, a familiar brand name with an unusual addition to it, or a description that simply doesn’t feel right when you read it. If so, don’t click. They could be malware sites. Better yet, use a built-in browser advisor that helps you search and surf safely. It’ll call out any known or suspected bad links clearly before you click.

7 – Make your meetings password protected

To ensure that only invited attendees can access your video or audio conference call, make sure your meeting is password protected. For maximum safety, activate passwords for new meetings, instant meetings, personal meetings, and people joining by phone. To keep users (either welcome or unwelcome) from taking control of your screen while you’re video conferencing, select the option to block everyone except the host (you) from screen sharing.

8 – Watch out for phishing scams

If you receive an email asking to confirm your login credentials or that’s asking for any personal info, go directly to the company’s website or app—even if the email looks legitimate. Phishing attacks are getting more and more sophisticated, meaning that hackers are getting pretty good at making phishing emails look real. Don’t open any attachments or click any links in these emails. Instead, check the status of your account at the site or in your app to determine the legitimacy of the request.

9 – Use two-factor authentication

Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.

10 – Use a VPN

Another line of defense you can use to hamper hackers is a virtual private network (VPN), which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it. If you’re working from home, check with your employer to see if they have a corporate VPN that you can use.

Stay even more secure with these free resources

Find out plenty more about working and schooling from home, health and well-being, in addition to articles on healthcare and dating online too. Drop by McAfee’s Safer Together site for a wealth of free articles and resources.

Safety Tips

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Top Ten Tips for Protecting Your Identity, Finances, and Security Online appeared first on McAfee Blogs.

Energy Company Fights Back with MVISION EDR as Covid-19 Increases Threat Campaigns

Over the past 9 months, the world has grappled with the COVID-19 pandemic. We have all felt vulnerable. With borders closed and curfews and lockdowns instituted, things that we can count on, like reliable energy and technology, have become more essential than ever… Especially now that most of us have to conduct work from home, we are grateful for reliable energy as it powers our lights, air, heating, and internet. It is imperative during these critical times that homes—and businesses—run  smoothly, without any interruptions from cyberthreats.

Like many businesses during this vulnerable time, a leading North American oil and gas company was already bombarded daily by cyberthreats before Covid-19, but the onset of the pandemic and the transition to thousands of employees working from home only made it a bigger target. Since the start of the pandemic-induced shift to remote work, the company has experienced a much higher volume of campaigns by sophisticated threat actors.

To guard against these bad actors and reduce vulnerability, the company’s security team purchased McAfee’s MVISION EDR after a proof-of-concept bakeoff against two competing products. The McAfee solution’s integration capabilities, attractive pricing, and lack of dependency upon a complex and costly infrastructure placed it far ahead of its endpoint threat detection and response (EDR) competitors. The need to accelerate threat response increased the company’s sense of urgency to implement MVISION EDR.

With help from McAfee technical support experts, the company’s security team completed its roll out of MVISION EDR across 16,000 endpoints within just two weeks. Now that MVISION EDR is deployed, the IT security manager and his team have much greater visibility into threats across all endpoints, including those belonging to employees working from home. This increase in visibility and understanding has helped them quickly identify patient zero and follow the trajectory of an attack to understand its potential impact. With MVISION EDR, they are able to determine every lateral movement that took place and analyze endpoints to determine if they were affected.

With McAfee MVISION EDR, the company’s security team can easily prioritize alerts, quickly grasping which ones need immediate attention and which can wait. In the future they hope to leverage the solution’s artificial intelligence-guided investigations and automate tasks to keep improving threat analysis and threat hunting, all of which will shrink the time-to-response gap even more.

Another benefit for the security team is the ability to use MVISION EDR for inventory tracking; they also can easily check registry settings to monitor system licensing and ensure proper configurations. When they roll out new tools in the environment, for example, they use MVISION EDR to make sure that the systems are working properly and communicating the way they should.

As you find yourself spending all your time at home, remember the critical role your energy company and technology play to provide you comfort in a not so comfortable time.  Cybersecurity is complex but to find out how we simplify handling potential threats to our customers, please read the case study. And get your questions answered by tweeting @McAfee_Business.

 

The post Energy Company Fights Back with MVISION EDR as Covid-19 Increases Threat Campaigns appeared first on McAfee Blogs.

McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements

Today’s U.S. government is in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams—and do so facing a constantly evolving threat landscape. To support these efforts, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for Endpoint at the moderate security impact level.

This FedRAMP Moderate designation is equivalent to DoD Impact Level 2 (IL2) and certifies that the McAfee solution has passed rigorous security requirements for the increasingly complex and expanding cloud environments of the U.S. government. The FedRAMP Moderate authorization validates the McAfee solution’s implementation of the baseline 325 NIST 800-53 controls, allowing users from federal agencies, state and local government, and other industries in regulated environments to manage Controlled Unclassified Information (CUI) such as personally identifiable information (PII) and routine covered defense information (CDI).

By achieving FedRAMP Moderate Authorization for MVISION for Endpoint, McAfee can provide the command and control cyber defense capabilities government environments need to enable on-premise and remote security teams, allowing them to maximize time and resources, enhance security efficiency and boost resiliency.

McAfee MVISION for Endpoint consists of three primary components: McAfee MVISION Endpoint Detection and Response (EDR), McAfee MVISION ePolicy Orchestrator (ePO) and McAfee Endpoint Security Adaptive Threat Protection with Real Protect (ENS ATP):

  • McAfee MVISION EDR simplifies investigation and response to sophisticated threat campaigns with unified detection and response (EDR) capabilities that include continuous monitoring, multi-sensor telemetry, AI-guided investigations, MITRE ATT&CK mapping and real-time hunting.
  • McAfee MVISION ePO provides a cloud-native single-pane-of-glass console to manage both McAfee and other security controls, automating workflows and prioritizing risk assessment to reduce the time and tasks required to triage, investigate and respond to security incidents.
  • McAfee ENS ATP prevents advanced malware from infecting the endpoint with integrated next-gen AV capabilities that include behavioral blocking, exploit prevention, machine learning and file-less threat defense. ENS can also diminish the impact of an attack with enhanced remediation capabilities, which, for example, can roll back the destructive effect of a ransomware attack by restoring affected files and negating the need for system reimaging.

Together, these solutions provide today’s U.S. government agencies the AI-guided endpoint threat detection, investigation and response capabilities they need to confront today’s ever evolving threats across a wide variety of devices. This important FedRAMP milestone is the latest affirmation of McAfee’s long-standing commitment to providing U.S. government agencies advanced, cloud-based cyber defenses to help them meet whatever mission they may confront today and in the future.

Other recent McAfee public sector achievements include:

  • McAfee MVISION Cloud became the first Cloud Access Security Broker (CASB) platform to be granted a FedRAMP High Impact Provisional Authority to Operate (P-ATO) from the U.S. Government’s Joint Authorization Board (JAB). This designation certified that chief information officers from the DoD, the General Services Administration (GSA) and the Department of Homeland Security (DHS) have evaluated and approved MVISION Cloud for their increasingly complex cloud environments.
  • The DoD’s Defense Innovation Unit (DIU) selected McAfee to develop a Secure Cloud Management platform around McAfee MVISION Unified Cloud Edge (UCE), which integrates its Next-Generation Secure Web Gateway, CASB and data loss prevention capabilities into one cloud-native platform.
  • McAfee is working with the DoD’s Defense Information Systems Agency (DISA) to achieve DoD compliance at Impact Levels 4 and 5 to simplify how DoD agencies can procure secure systems with confidence.

Please see the following for more information on McAfee’s efforts in the FedRAMP mission:

The post McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements appeared first on McAfee Blogs.

Trick or Treat: Avoid These Spooky Threats This Halloween

Halloween scams

Trick or Treat: Avoid These Spooky Threats This Halloween

Spooky season is among us, and ghosts and goblins aren’t the only things hiding in the shadows. Online threats are also lurking in the darkness, preparing to haunt devices and cause some hocus pocus for unsuspecting users. This Halloween season, researchers have found virtual zombies and witches among us – a new trojan that rises from the dead no matter how many times it’s deleted and malicious code that casts an evil spell to steal users’ credit card data.

Let’s unlock the mystery of these threats so you can avoid cyber-scares and continue to live your online life free from worry.

Zombie Malware Hides in the Shadows

Just like zombies, malware can be a challenge to destroy. Oftentimes, it requires a user to completely wipe their device by backing up files, reinstalling the operating system, and starting from scratch. But what if this isn’t enough to stop the digital walking dead from wreaking havoc on your device?

Recently, a new type of Trojan has risen from the dead to haunt users no matter how many times it’s deleted. This zombie-like malware attaches itself to a user’s Windows 10 startup system, making it immune to system wipes since the malware can’t be found on the device’s hard drive. This stealthy malware hides on the device’s motherboard and creates a Trojan file that reinstalls the malware if the user tries to remove it. Once it sets itself up in the darkness, the malware scans for users’ private documents and sends them to an unknown host, leaving the user’s device in a ghoulish state.

Cybercriminals Leave Credit Card Users Spellbound

A malware misfortune isn’t the only thing that users should beware of this Halloween. Cybercriminals have also managed to inject malicious code into a wireless provider’s web platform, casting an evil spell to steal users’ credit card data. The witches and warlocks allegedly responsible for casting this evil spell are part of a Magecart spin-off group that’s known for its phishing prowess.  To pull off this attack, they plated a credit card skimmer onto the wireless provider’s checkout page. This allowed the hackers to exfiltrate users’ credit card data whenever they made a purchase – a spell that’s difficult to break.

Why These Cyberspooks Are Emerging

While these threats might seem like just another Halloween trick, there are other forces at play. According to McAfee’s Quarterly Threats Report from July 2020, threats like malware phishing and trojans have proven opportunistic for cybercriminals as users spend more and more time online – whether it be working from home, distance learning, or connecting with friends and loved ones. In fact, McAfee Labs observed 375 threats per minute in Q1 2020 alone.

So, as hackers continue to adapt their techniques to take advantage of users spending more time online, it’s important that people educate themselves on emerging threats so they can take necessary precautions and live their digital lives free from worry.

How to Stay Protected

Fortunately, there are a number of steps you can take to prevent these threats from haunting your digital life. Follow these tips to keep cybersecurity tricks at bay this spooky season:

Beware of emails from unknown senders

Zombie malware is easily spread by phishing, which is when scammers try to trick you out of your private information or money. If you receive an email from an unknown user, it’s best to proceed with caution. Don’t click on any links or open any attachments in the email and delete the message altogether.

Review your accounts

Look over your credit card accounts and bank statements often to check whether someone is fraudulently using your financial data – you can even sign up for transaction alerts that your bank or credit card company may provide. If you see any charges that you did not make, report it to the authorities immediately.

Use a comprehensive security solution

Add an extra layer of protection with a security solution like McAfee® Total Protection to help safeguard your digital life from malware and other threats. McAfee Total Protection also includes McAfee® WebAdvisor – web protection that enables users to sidestep attacks before they happen with clear warnings of risky websites, links, and files.

Stay updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Trick or Treat: Avoid These Spooky Threats This Halloween appeared first on McAfee Blogs.

How To Spot Tech Support Scams

When something goes wrong with your computer or devices, it can cause a panic. After all, most of us depend on technology not only to work and connect with others, but also to stay on top of our daily lives. That’s why tech support scams are often successful. They appear to offer help when we need it the most. But falling for these scams can put your devices, data, and money at even greater risk.

Although support scams have been around almost as long as the internet, these threats have increased dramatically over the last couple of years, proving to be a reliable way for scammers to make a quick buck.

In fact, the Internet Crime Complaint Center (IC3) said that it received nearly 11,000 tech support related complaints in 2017, leading to losses of $15 million, 90% higher than the losses reported in 2016. Microsoft alone saw a 24% increase in tech scams reported by customers in 2017 over the previous year, with 15% of victims saying they lost money.

Often, scammers convince users that there is a problem with their computer or device by delivering pop-up error messages. These messages encourage the user to “click” to troubleshoot the problem, which can download a piece of malware onto their machine, or prompt them to buy fake security software to fix the issue. In some cases, users wind up downloading ransomware, or paying $200 to $400 for fake software to fix problems they didn’t actually have.

And, in a growing number of instances, scammers pose as legitimate technology companies, offering phony support for real tech issues. Some even promote software installation and activation for a fee, when the service is actually provided for free from the software provider. They do this by posting webpages or paid search results using the names of well-known tech companies. When a user searches for tech help, these phony services can appear at the top of the search results, tricking people into thinking they are the real deal.

Some cybercriminals have even gone so far as to advertise fake services on legitimate online forums, pretending to be real tech companies such as Apple, McAfee, and Amazon. Since forum pages are treated as quality content by search engines, these phony listings rank high in search results, confusing users who are looking for help.

The deception isn’t just online. More and more computer users report phone calls from cybercrooks pretending to be technology providers, warning them about problems with their accounts, and offering to help resolve the issue for a fee. Or worse, the scammer requests access to the victim’s computer to “fix the problem”, with the hopes of grabbing valuable data, such as passwords and identity information. All of these scams leave users vulnerable.

Here’s how to avoid support scams to keep your devices and data safe:

  • If you need help, go straight to the source—Type the address of the company you want to reach directly into the address bar of your browser—not the search bar, which can pull up phony results. If you have recently purchased software and need help, check the packaging the software came in for the correct web address or customer support line. If you are a McAfee customer, you can always reach us at https://service.mcafee.com.
  • Be suspicious—Before you pay for tech support, do your homework. Research the company by looking for other customer’s reviews. Also, check to see if your technology provider already offers the support you need for free.
  • Be wary of callers asking for personal information, especially if they reach out to you first—Situations like this happen all the time, even to institutions like the IRS. McAfee’s own policy is to answer support questions via our website only, and if users need assistance, they should reach out here directly. Never respond to unsolicited phone calls or pop-up messages, warning you about a technical issue, and never let anyone take over your computer or device remotely.
  • Surf Safe—Sometimes it can be hard to determine if search results are safe to click on, or not. Consider using a browser extension that can warn you about suspicious sites right in your search results, and help protect you even if you click on a dangerous link.
  • Keep informed—Stay up-to-date on the latest tech support scams so you know what to watch out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Spot Tech Support Scams appeared first on McAfee Blogs.

ST24: Proaktive Absicherung zur Minimierung von Endgeräterisiken (German)

Vor dem Hintergrund des IT-Fachkräftemangels gestaltet es sich für Unternehmen immer schwieriger, mit der wachsenden Zahl sowie Raffinesse von Cyber-Angriffen Schritt zu halten und drängt Sicherheitsteams dazu, oft nur noch reaktiv agieren zu können. Wie Sie mithilfe einer umfassenden Bedrohungsdatenbank sowie proaktiver Reaktionsmaßnahmen Ihre Endgerätesicherheit verbessern und Reaktionszeiten von Monaten auf Stunden verkürzen können, diskutieren wir in diesem Podcast. Hierfür zusammengekommen sind Heiko Brückle, McAfee Senior Security Engineer, sowie Chris Trynoga, McAfee Regional Solution Architect.

 

 

The post ST24: Proaktive Absicherung zur Minimierung von Endgeräterisiken (German) appeared first on McAfee Blogs.

Most Dangerous Celebrity 2020 Sweepstakes

McAfee “Most Famous to Most Dangerous to Search for Online” 2020 MDC Sweepstakes

Terms and Conditions

NO PURCHASE OR PAYMENT OF ANY KIND NECESSARY TO ENTER OR WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING.

THIS SWEEPSTAKES IS INTENDED FOR PLAY IN THE UNITED STATES ONLY AND VOID IN FLORIDA, NEW YORK, AND RHODE ISLAND, AND WILL BE GOVERNED BY U.S. LAW.  DO NOT ENTER IF YOU ARE NOT BOTH ELIGIBLE AND LOCATED IN THE UNITED STATES, EXCLUDING FLORIDA, NEW YORK AND RHODE ISLAND, AT THE TIME OF ENTRY.

  1. Sweepstakes Period:

The McAfeeMost Famous to Most Dangerous to Search for Online” 2020 MDC Sweepstakes (the “Sweepstakes”) begins at 8:00:00 AM Pacific Daylight Time (“PDT”) on 10/6/2020 and ends at 5:00:00 PM PDT on 10/25/2020 (“Sweepstakes Period”). The Sweepstakes Administrator’s computer will be the official timekeeping device.

  1. How To Enter:

During the Sweepstakes Period, visit https://www.mcafee.com/en-us/consumer-support/2020-most-dangerous-celebrity.html (the “Website”), or the appropriate McAfee social handles listed below, and complete the following to receive the corresponding entries into the Sweepstakes:

Action # Entries Received Detail
Social Comment – Facebook or Twitter

 

 

@McAfee

https://www.facebook.com/McAfee/

 

 

 

@McAfee_Home

https://twitter.com/mcafee_home?lang=en

 

 

 

1 (per comment) Go to the website to review the instructions and terms & conditions.

 

Click through to the applicable McAfee social page(s).

 

Follow that McAfee social handle.

 

Find the social posts using the campaign hashtag (#RiskyCelebSweeps)

 

Comment only on those posts for means of entry.

 

1 comment = 1 entry into the sweepstakes for a chance to win.

 

Commenting on any of the sweepstakes specific posts (using #RiskyCelebSweeps) during the sweepstakes time frame allows for an entry for a chance to win the grand prize.

 

 

  1. Eligibility:

The Sweepstakes is open to legal residents of the United States, excluding residents of Florida, New York and Rhode Island and where otherwise prohibited by law, who are 18 years of age or older at the time of entry. Employees of McAfee, LLC, and each of their respective parents, subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.

  1. Winner Selection/Odds:

There will be one grand prize winner. The prize winner will be selected at random from the final pool of entrants (commenters) on the applicable sweepstakes social posts. Anyone who comments on any of the sweepstakes posts, within the sweepstakes time period, is included in the Prize entry pool. Limit one (1) prize per person per household. By participating, entrants acknowledge the McAfee Privacy Notice and agree to be bound by the Official Sweepstakes Rules and the decisions of the Sponsor which shall be final and binding in all respects. The odds of winning depend on the total number of eligible entries received.

  1. Winner Notification:

Prize winner will be notified the week of 10/26/20.  No winners will be announced prior to this time.  All winners will be notified by the official McAfee Facebook (https://www.facebook.com/McAfee/ ) or McAfee_Home Twitter (https://twitter.com/McAfee_Home) page. McAfee will not ask you to provide any credit card information to claim a prize. Prize winner will be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within (4) days of written notification, or prize may be forfeited. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within four (4) calendar days from the first notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then prize may be forfeited. Sponsor is not responsible for any change of email address, mailing address and/or telephone number of entrants.  Sponsor reserves the right to select an alternative winner should the first winner fail to claim the prize.

  1. Prize:

GRAND PRIZE – Approximate ARV = $900

  • iPad Air
  • Disney+ subscription for 1-year (includes Disney, Pixar, Marvel, Star Wars, Nat. Geo)
  • Spotify Premium for 1-year
  • $200 Visa Gift Card

Limit one (1) prize per person per household. Prizes are non-transferable and no cash equivalent or substitution of prize is offered. Subscriptions are subject to the terms and conditions available at https://www.mcafee.com/en-us/consumer-support/2020-most-dangerous-celebrity.html. If a prize, or any portion thereof, cannot be awarded for any reason, Sponsor reserves the right to substitute prize with another prize of equal or greater value. Prize winner will be solely responsible for all federal, state and/or local taxes, and for any other fees or costs associated with the prizes they receive, regardless of whether it, in whole or in part, are used. Since the prize value exceeds $600, the prize winner will be issued a W-9 form to fill out and return prior to receiving their prize. The sweepstakes Sponsor must mail a copy of the 1099-MISC form postmarked by January 31st of the year following the year in which the winner won the prize.

  1. Internet/Limitations Of Liability:

Sponsor and others are not responsible for interrupted or unavailable network server or other connections; for miscommunications; failed telephone or computer transmissions; for jumbled, scrambled or misdirected entries or transmissions; for phone, electrical, network, computer hardware or software or program malfunctions, failures or difficulties; for other errors, omissions, interruptions, or deletions of any kind, whether human, typographical, mechanical or electronic; or for any damage to any person’s computer related to participating in the Sweepstakes. Sponsor and others are not responsible for illegible, unintelligible, late, lost, stolen on entries not received; for incorrect or inaccurate entry information, whether caused by Website users or by any of the equipment or programming associated with or utilized in the Sweepstakes; or for any typographical, technical or human errors which may occur in the processing of any entries in this Sweepstakes. Persons found tampering with or abusing any aspect of this Sweepstakes as solely determined by Sponsor will be disqualified and may be subject to prosecution. Any person attempting to enter using multiple email addresses, multiple identities, any bot, robotic or any other device or artifice to enter multiple times with different identities or email addresses or to interfere with the proper play of this Sweepstakes or to be otherwise behaving in an unsportsmanlike manner as determined by Sponsor will be disqualified from participation in the Sweepstakes. If in the judgment of Sponsor, the Sweepstakes is compromised by virus, bugs, non-authorized human intervention or other causes beyond the control of Sponsor, which corrupts the administration, security, fairness or proper play of the Sweepstakes, Sponsor reserves the right, in its sole discretion, to modify, discontinue, suspend or terminate the Sweepstakes and randomly award the prizes from among all eligible, non-suspect entries received prior to any such modification, discontinuation, suspension or termination. Should multiple users of the same email account enter the Sweepstakes and a dispute thereafter arise regarding the identity of the entrant, the authorized account holder of said email account at the time of entry will be considered the entrant.  “Authorized account holder” is defined as the natural person who is assigned an email address by an Internet access provider, online service provider or other organization which is responsible for assigning email addresses or the domain associated with the submitted email address. In the event of a dispute as to the identity of an entrant based on his/her Facebook or Twitter account, the authorized Facebook or Twitter account holder submitted at time of entry will be deemed the entrant. Please see the privacy notice located at http://www.mcafee.com/us/about/privacy.html or details of Sponsor’s policies regarding the use of personal information collected in connection with this Sweepstakes. If you are selected as a winner, your information may also be included in a publicly-available winners list.

CAUTION: ANY ATTEMPT TO DELIBERATELY DAMAGE ANY WEBSITE OR UNDERMINE THE LEGITIMATE OPERATION OF THE SWEEPSTAKES IS A VIOLATION OF CRIMINAL AND CIVIL LAWS. SHOULD SUCH AN ATTEMPT BE MADE, THE SPONSORS RESERVE THE RIGHT TO SEEK DAMAGES OR OTHER REMEDIES (INCLUDING WITHOUT LIMITATION ATTORNEYS’ FEES) FROM ANY SUCH PERSON(S) RESPONSIBLE FOR THE ATTEMPT TO THE FULLEST EXTENT PERMITTED BY LAW.

  1. Release:

By participating in the Sweepstakes, each entrant releases and agrees to indemnify and hold harmless Sponsor, Prize Providers and others from and against any and all costs, claims, damages, (including, without limitation, any special, incidental or consequential damages), or any other injury, whether due to negligence or otherwise, to person(s) or property (including, without limitation, death or violation of any personal rights, such as violation of right of publicity/privacy, libel, or slander), due in whole or in part, directly or indirectly, to participation in the Sweepstakes, or arising out of participation in any Sweepstakes-related activity, or the receipt, enjoyment, participation in, use or misuse, of any prize.

 

  1. Publicity Rights:

By accepting a prize, the winner agrees to allow Sponsor and Sponsor’s designees the perpetual right to use his/her name, biographical information, photos or likeness, and statements for promotion, trade, commercial, advertising and publicity purposes, at any time or times, in all media now known or hereafter discovered, worldwide, including but not limited to on the Internet, without notice, review or approval and without additional compensation except where prohibited by law.  Any collection of personal information from entrants will be governed by the McAfee Privacy Policy.

 

  1.  Disputes:

EACH ENTRANT AGREES THAT ANY DISPUTES, CLAIMS, AND CAUSES OF ACTION ARISING OUT OF OR CONNECTED WITH THIS CONTEST OR ANY PRIZE AWARDED WILL BE RESOLVED INDIVIDUALLY, WITHOUT RESORT TO ANY FORM OF CLASS ACTION, AND EXCLUSIVELY BY THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF DELAWARE OR THE APPROPRIATE STATE COURT LOCATED IN DOVER OR WILMINGTON, DELAWARE. THESE OFFICIAL RULES ARE GOVERNED BY THE LAWS OF THE STATE OF DELAWARE WITHOUT REGARD TO CHOICE OF LAW OR CONFLICT OF LAWS RULES.  YOU WAIVE ANY AND ALL OBJECTIONS TO JURISDICTION AND VENUE IN THESE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS.

 

  1. Limitations of Liability:

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE SPONSOR OR THE RELEASED PARTIES BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF USE, LOSS OF PROFITS OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR IN ANY WAY CONNECTED TO YOUR PARTICIPATION IN THE CONTEST OR USE OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE, EVEN IF A RELEASED PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

 

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF THE RELEASED PARTIES (JOINTLY) ARISING OUT OF OR RELATING TO YOUR PARTICIPATION IN THE CONTEST OR USE OF OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE EXCEED $10.  THE LIMITATIONS SET FORTH IN THIS SECTION WILL NOT EXCLUDE OR LIMIT LIABILITY FOR PERSONAL INJURY OR PROPERTY DAMAGE CAUSED BY PRODUCTS RENTED FROM THE SPONSOR, OR FOR THE RELEASED PARTIES’ GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT, OR FOR FRAUD.

  1. The Sweepstakes and the Official Rules are governed by US law and are subject to all applicable federal, state and local laws and regulations. All issues and questions concerning the construction, validity, interpretation and enforceability of the Official Rules, or the rights and obligations of Entrant and Sponsor in connection with the Sweepstakes, shall be governed by, and construed in accordance with, the laws of the State of New York, U.S.A., without giving effect to the conflict of laws rules thereof, and any matters or proceedings which are not subject to arbitration as set forth above, in these Official Rules and/or for entering any judgment on an arbitration award, shall take place in the State of New York.

 

Winner’s List:  For a list of winners, mail a self-addressed, stamped envelope to: “Most Famous to Most Dangerous to Search for Online” to 100 Crown Street, New Haven, CT 06510. Requests must be received by 11/30/20.

 

Sponsors: McAfee Corporate Headquarters, 2821 Mission College Blvd., Santa Clara, CA 95054

 

Administrator: Response Marketing, 100 Crown Street 3rd Floor, New Haven, CT 06510

 

The post Most Dangerous Celebrity 2020 Sweepstakes appeared first on McAfee Blogs.

Cybersecurity Awareness Month: If You Connect It, Protect It

#BeCyberSmart

Cybersecurity Awareness Month: If You Connect It, Protect It

October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.

We live in a day and age when even lightbulbs can be hacked.

Perhaps you’ve caught the stories in the news: various devices like home cameras, smart appliances, and other Internet of Things (IoT) devices falling prey to hackers and attacks, such as when the Mirai botnet took out large swathes of the internet in 2016. As posted by Statista, estimates project that the world will have nearly 40 billion IoT devices in the next five years and upwards of 50 billion by 2030. That’s in homes and businesses alike, ranging anywhere from digital assistants, smart watches, medical devices, thermostats, vehicle fleet management devices, smart locks, and yes, even the humble lightbulb—and like our computers, laptops, smartphones, and tablets, they all need to be protected.

The reason is simple: your network is only as safe as the weakest device that’s on it. And we’re putting so much more on our networks than ever before. In effect, that means our homes have more targets for hackers than ever before as well. In the hands of a dedicated crook, one poorly protected device can open the door to your entire network—much like a thief stealing a bike by prying open the weak link in a chain lock. Therefore, so goes the saying, “If You Connect It, Protect It.”

The Eight-Point List for Protecting Your IoT Devices

What’s challenging is that our IoT devices don’t always lend themselves to the same sort of protections like our computers, laptops, and phones do. For example, you can’t actually install security software directly on them. However, there are things you can do to protect those devices, and the network they’re on too.

1) Do your IoT homework

Just because that new smart device that’s caught your eye can connect to the internet doesn’t mean that it’s secure. Before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some IoT device manufacturers are much better at baking security protocols into their devices than others, so look into their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.

2) Don’t use the default—Set a strong, unique password

One issue with many IoT devices is that they often come with a default username and password. This could mean that your device, and thousands of others just like it, all share the same credentials, which makes it painfully easy for a hacker to gain access to them as those default usernames and passwords are often published online.

When you purchase an IoT device, set a fresh password using a strong method of password creation.  And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. As always, don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss.

3) Use two-factor authentication

Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.

4) Secure your internet router

Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all of your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. If you’re renting your router or you’ve purchased it through your internet provider, they should have help documentation that can guide you through this the process. Likewise, if you purchased your own, your manual should provide the guidance you need.

As we mentioned above, the first thing to do is change the default password and name of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you’re unsure, reach out to your internet provider or check the documentation that came with your router.

5) Set up a guest network specifically for your IoT devices

Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.

6) Use a VPN and a comprehensive security solution

Another line of defense that can hamper hackers is using a VPN, which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it.

7) Update!

As with our computers, laptops, phones, tablets, and apps, make sure you have the latest software updates for your IoT devices. The reasons here are the same: one, they’ll make sure you’re getting the latest functionality from your device; and two, updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.

8) Protect your phone

You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” our smartphones—so protecting our phones has become yet more important. Whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.

And protect your other things too

And of course, let’s not forget our computers and laptops. While we’ve been primarily talking about IoT devices here, it’s a good reminder that computers and laptops need protection too. Using a strong suite of security software like McAfee® Total Protection, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.

If you connect it, protect it

We’re connecting our homes and ourselves with IoT devices at an tremendous rate—now at an average of 10 connected devices in our homes in the U.S. Gone by are the days when all we had was a computer or phone or two to look after. Now, even when we’re not in front of a laptop or have a smartphone in our hand, we’re still online, nearly all the time. Take this week to make sure that what you’ve connected is protected. Even that little lightbulb.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Cybersecurity Awareness Month: If You Connect It, Protect It appeared first on McAfee Blogs.

McAfee Leapfrogs Competition with trio of awards at 2020 IT World Awards

Network Products Guide, the industry’s leading technology research and advisory guide, recently named the winners in their 15th Annual 2020 Network PG’s IT World Awards. Judges from a broad spectrum of industry voices around the world participated and their average scores determined the 2020 award winners.  McAfee took center stage with three wins, including Gold for McAfee MVISION Endpoint Detection and Response (EDR) and Silver for McAfee MVISION Cloud for Containers and McAfee MVISION Unified Cloud Edge (UCE).

The IT World Awards are industry and peer recognitions from Network Products Guide honoring achievements of world’s best in organizational performance, product and service innovations, hot technologies, executives and management teams, successful deployments, product management and engineering, customer satisfaction, and public relations in information technology and cyber security. These wins further validate McAfee’s position as a company poised to successfully help organizations solve for real-time security issues.

McAfee was recognized in the following categories:

  • Zero Day | Attack & Exploit Detection & Prevention Category: McAfee MVISION EDR uses Artificial intelligence to guide analysts through the investigation process. It is a cloud-delivered solution that detects advanced and previously unknown device threats, provides deep investigation capabilities and the intel for users to respond in a timely manner.
  • Cloud Security Category: McAfee MVISION Cloud for Containers provides the industry’s first Unified Cloud Security Platform with container optimized strategies for securing dynamic container workloads and the infrastructure on which they depend upon.
  • New Product-Service of the Year: McAfee MVISION UCE includes three core technologies converged into a single solution: Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Data Loss Prevention (DLP). These technologies work together to protect data from device to cloud and prevent cloud-native threats that are invisible to the corporate network.

 

For a complete list of McAfee’s accolades and industry recognition, visit: https://www.mcafee.com/enterprise/en-us/about/awards.html

The post McAfee Leapfrogs Competition with trio of awards at 2020 IT World Awards appeared first on McAfee Blogs.

ST23: Moderner Datenschutz für Microsoft Teams (German)

Für viele ist das Arbeiten im Home Office zur Normalität geworden. Microsoft Teams stellt dabei den Ankerpunkt der effektiven Zusammenarbeit und dem Austausch von Inhalten in Microsoft 365 dar. Welche Auswirkung das jedoch auf die Sicherheit hat, diskutieren wir in diesem Podcast. Hierfür zusammengekommen sind Alexander Haug, unser Security Engineer mit Fokus auf Data Protection, sowie Chris Trynoga, unser Solution Architect und Experte für ganzheitliche Sicherheitsansätze.

The post ST23: Moderner Datenschutz für Microsoft Teams (German) appeared first on McAfee Blogs.

Cybersecurity Awareness Month Helps Us All be #BeCyberSmart

Cybersecurity Awareness Month

Cybersecurity Awareness Month Helps Us All be #BeCyberSmart

October is Cybersecurity Awareness Month, which is led by the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness in conjunction with the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA). McAfee is pleased to announce that we’re a proud participant.

Cybersecurity Awareness Month

If there’s ever a year to observe Cybersecurity Awareness Month, this is it.

As millions worked, schooled, and simply entertained themselves at home (and continue to do so) this year, internet usage increased by up to 70%. Not surprisingly, cybercriminals followed. Looking at our threat dashboard statistics for the year so far, you’ll see:

  • 113,000+ new malicious websites and URLS referencing COVID-19
  • 5+ Million threats that exploit COVID-19
  • A large spike in trojan-based attacks in April followed by a higher spike in July and August

And that doesn’t account for the millions of other online scams, ransomware, malicious sites, and malware out there in general—of which COVID-19-themed attacks are just a small percentage.

With such a high reliance on the internet right now, 2020 is an excellent year to observe Cybersecurity Awareness Month, along with its focus on what we can do collectively to stay safer together in light of today’s threats.

#BeCyberSmart

Unified under the hashtag #BeCyberSmart, Cybersecurity Awareness Month calls on individuals and organizations alike to take charge of protecting their slice of cyberspace. The aim, above making ourselves safer, is to make everyone safer by having us do our part to make the internet safer for all. In the words of the organizers, “If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees, our interconnected world will be safer and more resilient for everyone.”

Throughout October, we’re participating as well. Here in our blogs and across our broad and ongoing efforts to boost everyone’s awareness and expertise in cybersecurity and simply staying safe online, we’ll be supporting one key theme each week:

Week of October 5: If You Connect It, Protect It

If you’ve kept up with our blogs, this is a theme you’ll know well. The idea behind “If you connect it, protect it” is that the line between our lives online and offline gets blurrier every day. For starters, the average person worldwide spends nearly 7 hours a day online thanks in large part to mobile devices and the time we spend actively connected on our computers. However, we’re also connecting our homes with Internet of Things (IoT) devices—all for an average of 10 connected devices in our homes in the U.S. So even when we don’t have a device in our hand, we’re still connected.

With this increasing number of connections comes an increasing number of opportunities—and challenges. During this weel, we’ll take a look at how internet-connected devices have impacted our lives and how you can take steps that reduce your risk.

Week of October 12 (Week 2): Securing Devices at Home and Work

As we shared at the open of this article, this year saw a major disruption in the way we work, learn, and socialize online. There’s no question that our reliance on the internet, a safe internet, is greater than before. And that calls for a fresh look at the way people and businesses look at security.

This week of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet connected devices for both personal and professional use, all in light of a whole new set of potential vulnerabilities that are taking root.

Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare

Earlier this year, one of our articles on telemedicine reported that 39% of North Americans and Europeans consulted a doctor or health care provider online for the first time in 2020.   stand as just one example of the many ways that the healthcare industry has embraced connected care. Another noteworthy example comes in the form of internet-connected medical devices, which are found inside care facilities and even worn by patients as they go about their day.

As this trend in medicine has introduced numerous benefits, such as digital health records, patient wellness apps, and more timely care, it’s also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. Here we’ll explore this topic and share what steps both can take do their part and #BeCyberSmart.

Week of October 26 (Week 4): The Future of Connected Devices

The growing trend of homeowners and businesses alike connecting all manner of things across the Internet of Things (IoT) continues. In our homes, we have smart assistants, smart security systems, smart door locks, and numerous other home IoT devices that all need to be protected. Businesses manage their fleets, optimize their supply chain, and run their HVAC systems with IoT devices, which also beg protection too as hackers employ new avenues of attack, such as GPS spoofing. And these are just a fraction of the applications that we can mention as the world races toward a predicted 50 billion IoT devices by 2030.

As part of Cybersecurity Awareness Month, we’ll look at the future of connected devices and how both people and businesses can protect themselves, their operations, and others.

Give yourself a security checkup

As Cybersecurity Awareness Month ramps up, it presents an opportunity for each of us to take a look at our habits and to get a refresher on things we can do right now to keep ourselves, and our internet, a safer place. This brief list should give you a great start, along with a catalog of articles on identity theft, family safety, mobile & IoT security, and our regularly updated consumer threat notices.

Use strong, unique passwords

Given the dozens of accounts you need to protect—from your social media accounts to your financial accounts—coming up with strong passwords can take both time and effort. Rather than keeping them on scraps of paper or in a notebook (and absolutely not on an unprotected file on your computer), consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. With just a single password, you can access all the tools your password manager offers.

Beware of messages from unknown users

Phishing scams like these are an old standard. If you receive an email or text from an unknown person or party that asks you to download software, share personal information, or take some kind of action, don’t click on anything. This will steer you clear of any scams or malicious content.

However, more sophisticated phishing attacks can look like they’re actually coming from a legitimate organization. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service. Also, you can hover over the link and get a link preview. If the URL looks suspicious, delete the message and move on.

Use a VPN and a comprehensive security solution

Avoid hackers infiltrating your network by using a VPN, which allows you to send and receive data while encrypting – or scrambling – your information so others can’t read it. By helping to protect your network, VPNs also prevent hackers from accessing other devices (work or personal) connected to your Wi-Fi.

In addition, use a robust security software like McAfee® Total Protection, which helps to defend your entire family from the latest threats and malware while providing safe web browsing.

Check your credit

At a time where data breaches occur and our identity is at risk of being stolen, checking your credit is a habit to get into. Aside from checking your existing accounts for false charges, checking your credit can spot if a fraudulent account has been opened in your name.

It’s a relatively straightforward process. In the U.S., the Fair Credit Reporting Act (FCRA) requires credit reporting agencies to provide you with a free credit check at least once every 12 months. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.

Be aware of the latest threats

To track malicious pandemic-related campaigns, McAfee Advanced Programs Group (APG) has published a COVID-19 Threat Dashboard, which includes top threats leveraging the pandemic, most targeted verticals and countries, and most utilized threat types and volume over time. The dashboard is updated daily at 4pm ET.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Cybersecurity Awareness Month Helps Us All be #BeCyberSmart appeared first on McAfee Blogs.

Evolving Security Products for the new Realities of Living Life From Home

Strong Passwords

Announcing McAfee’s Enhanced Consumer Security for New Consumer Realities

With millions of people continuing to work and study remotely, scammers have followed them home—generating an average of 375 new threats per minute so far this year. In response, our enhanced consumer portfolio directly addresses the new needs and new threats people face.

McAfee Labs found that these new threats via malicious apps, phishing campaigns malware, and more, according to its McAfee COVID-19 Threat Report: July 2020, which amounted to an estimated $130 million in total losses in the U.S. alone.

To help people stay safer and combat these threats, today we announced our latest consumer security portfolio. Our enriched products come with better user experiences such as a native Virtual Private Network (VPN), along with new features, including integrated Social Media and Tech Scam Protection—all of which are pressing security essentials today.

Specifically, our product lineup has been updated to include:

Boosts to security and privacy

Scams involving tech support and product activation have continued to sneak into people’s inboxes and search results, which require a critical eye to spot. Here are some tips on how to identify these scams. We’re making it easier for people to stay safer with new features such as:

  • Tech Scam Protection: McAfee® WebAdvisor now provides a warning when visiting websites that can be used by cybercriminals to gain remote access to your PC, helping combat the  $55 million total fraud loss in the U.S. due to tech scams.
  • Advanced Malware Detection: McAfee enhanced its machine learning capabilities to improve overall time to detect emerging threats across devices as well as added protection against file-less threats.

Improvements make it easier for you to stay safer

With jobs and things that simply need to get done “right now,” security can be an afterthought. Sometimes that desire for convenience has consequences, leading to situations where people’s devices, data, and personal information get compromised. In response, we’re doing our part to make security more intuitive so that people can get things done quickly and safely:

  • A Better User Experience: An improved PC and app experience with easier navigation and readable alerts, and clear calls to action for faster understanding of potential issues.
  • Native VPN: Easier access to VPN and anti-malware device protection via one central place and log-in.
  • Updated Password Protection: Access iOS applications even faster with automatically filled in user account information and passwords in both apps and browsers on iOS devices.

Further security enhancements for today’s needs and tomorrow’s threats

With people’s newfound reliance on the internet, we’ve made new advances that help them live their increasingly connected lives—looking after security and privacy even more comprehensively than before on security and the apps they use:

  • Optimized Product Alerts: Redesigned product alerts, so consumers are better informed about possible security risks, with a single-click call to action for immediate protection.
  • Social Media Protection: To help prevent users from accidentally visiting malicious websites, McAfee now annotates social media feeds across six major platforms – Facebook, Twitter, YouTube, Instagram, Reddit, and LinkedIn.
  • Enhanced App Privacy Check: Consumers can now easily see when mobile apps request personal information, with app privacy now integrated into the main scan of Android devices.

McAfee is on a journey to ensure security allows users to be as carefree as possible online, now that more time is spent on devices as consumers navigate a new normal of life from home. For more information on our consumer product lineup, visit https://www.mcafee.com/en-us/antivirus/mcafee-total-protection.html

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Evolving Security Products for the new Realities of Living Life From Home appeared first on McAfee Blogs.

Phishing Email Examples: How to Recognize a Phishing Email

email phishing scams

Phishing Email Examples: How to Recognize a Phishing Email

Keeping your identity safe on the internet can be challenging. Phishing is a scam that tricks you into voluntarily providing important personal information. Protect yourself from phishing by reviewing some examples of phishing emails and learning more about this common online scam.

What is phishing?

Phishing is a type of cybercrime that steals your sensitive information. To trick you into willingly providing information like your website logins and credit card numbers, phishing scammers disguise themselves as major corporations or other trustworthy entities. Phishing scammers will usually contact you via text or email.

What is a phishing email?

A phishing email is a fraudulent email message that is made to look like it was sent by a legitimate company. These emails contain messages that ask you to provide sensitive personal information in various ways. If you don’t look carefully at the emails you receive, you might not be able to tell the difference between a normal email and a phishing email. Scammers work hard to make phishing emails resemble emails sent by trusted companies as closely as possible, which is why you need to be cautious when you open emails and click the links they contain.

How do you spot a phishing email?

Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. Check for the following signs of phishing every time you open an email:

It’s poorly written

Phishing emails often contain grammatical errors, spelling mistakes, and other telltale signs that they weren’t written by marketing departments at major corporations. Even the biggest companies sometimes make small errors in their emails, but if you see multiple, glaring grammatical errors in an email that asks for your personal information, you might have become the target of a phishing scammer.

The logo doesn’t look right

To enhance the credibility of their emails, phishing scammers often steal the logos of prominent corporations or websites. In many cases, however, they don’t steal corporate logos correctly. The logo in a phishing email might have the wrong aspect ratio, or it might be low-resolution. If you have to squint to make out the logo in an email message, chances are that it’s a phishing email.

The URL doesn’t match

Phishing emails always center around links that you’re supposed to click. There are a few ways to check whether a link you’ve been emailed is legitimate. With some email clients, just hovering over the link will be enough to display its URL. Alternatively, you can right-click the link, copy it, and paste the URL into a word processor. On mobile devices, you can check the URL of a link by pressing and holding it with your finger. If the URL you discover doesn’t match up with the entity that supposedly sent you the email, you might have received a phishing email.

Types of phishing emails

Phishing emails come in all shapes and sizes, but there are a few types of phishing emails that are more common than others. Let’s review some examples of the most frequently sent phishing emails:

Account suspended scam

Some phishing emails appear to notify you that your bank account has been temporarily suspended due to unusual activity. If you receive an account suspension email from a bank that you haven’t opened an account with, delete it immediately, and don’t look back. Suspended account phishing emails from banks you do business with, however, are harder to spot. Use the methods we listed above to check the veracity of the email, and if all else fails, contact your bank directly instead of opening any links within the email you received.

Two-factor authentication scam

Two-factor authentication (2FA) has become common, so you’re probably used to receiving emails that ask you to confirm your login information with six-digit numerical codes. Phishing scammers also know how common 2FA has become, and this service that’s supposed to protect your identity might be used for nefarious purposes. If you receive an email asking you to log into an account to confirm your identity, use the criteria we listed above to verify the authenticity of the message. Be especially wary if you’re asked to provide 2FA for an account you haven’t accessed for a while.

Tax refund scam

Everyone likes getting money from the government. That’s what phishing scammers are counting on when they send you phony IRS refund emails. You should always be careful when an email informs you that you’ve received a windfall of cash, and be especially dubious of emails that were supposedly sent by the IRS since this government agency only contacts taxpayers via snail mail. Tax refund phishing scams can do serious harm since they usually ask for your social security number as well as your bank account information.

Phishing at work

You need to be wary of phishing when you’re using your work email as well. One popular phishing scam involves emails that are designed to look like they were sent by someone in the C-suite of your company. They ask workers to wire funds to supposed clients, but this cash actually goes to scammers. Use the tips we listed above to spot these phony emails.

What happens if you click a link in a phishing email?

Never click links in suspicious emails. If you do click a link in an email you suspect was sent by a phishing scammer, however, you will be taken to a web page with a form where you can enter sensitive data such as your social security number, credit card information, or login credentials. Do not enter any data on this page.

What do you do if you suspect you’ve been phished?

If you accidentally enter data in a webpage linked to a suspicious email, disconnect your device from the internet. Next, perform a full malware scan on your device. Once the scan is complete, backup all of your files, and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it’s important to change all the passwords you use online in the wake of a suspected phishing attack.

How to recognize a phishing email: simple tips

Let’s wrap things up with some summarized tips on how to avoid phishing emails:

  • When in doubt, directly contact the organization that supposedly emailed you instead of opening links included in suspicious emails.
  • Examine suspicious emails carefully to check for telltale signs of phishing such as poor grammar, grainy logos, or bogus links.
  • If you accidentally click a phishing link, don’t enter any data, and close the page.
  • If you think you’ve been phished, run a virus scan, backup your files, and change all your passwords.

Stay protected

Phishing emails only work on the unwary. Now that you know how to spot phishing emails and what to do if you suspect you’ve been phished, you won’t fall for this type of scam. Just remember to always be careful with your personal information when you use the internet, and err on the side of caution whenever anybody asks you to divulge sensitive details about your identity, your finances, or your login information.

The post Phishing Email Examples: How to Recognize a Phishing Email appeared first on McAfee Blogs.

Uber Data Breach and How to Protect Your Info

The Latest on the Uber Data Breach and Protecting Your Info

You may have spotted the news last week that U.S. federal prosecutors brought charges against the former chief security officer of Uber. At issue was a breach that occurred in 2016, where prosecutors allege that he covered up a $100,000 payoff to the hackers responsible for the attack. The specific charges are obstructing justice and concealing a felony for the alleged cover-up.

While the breach itself is relatively old news and the company has since paid a $148 million settlement along with an agreement to regular audits of its privacy and security systems, this is a reminder that breaches happen. What’s more, it may be some time before you become aware of them, even in instances when companies move quickly, transparently, and in your best interest.

According to research we recently published, nearly three-quarters of all breaches have required public disclosure or have affected financial results, up five points from 2015. Additionally, industry studies show that it can take roughly nine month on average to identify and contain a breach. Yes, that’s more than nine months, and a lot can happen to your credit in that timeframe. Thus the onus is on us to be vigilant about our own credit.

Here’s a quick list of things you can do right now to keep on top of your credit—and that you can do on an ongoing basis as well, because that’s what it takes to keep tabs on your personal info today.

Protecting yourself from data breaches

Closely monitor your online accounts: Whether it’s your credit card statements, banking statements, or your individual accounts for services like Uber, review them closely. If you see any suspicious activity, notify the institution or service and put a freeze on your account(s) as needed. Even a small charge can indicate a bigger problem, as that means your information is out there in the wild and could be used for bigger purchases down the pike. In the event you feel your Uber account has been compromised, you can contact them via their “I think my Uber account has been hacked” page.

Update your settings: That includes your privacy settings in addition to changing your password. As far as passwords go, strong and layered passwords are best, and never reuse your credentials across different platforms. Plus, update your passwords on a regular basis. That’ll further protect your data. Using a password manager will help you keep on top of it all, while also storing your passwords securely.
Enable two-factor authentication: While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

Check your credit: Depending on where you live, there are different credit reporting agencies that keep a centralized report of all your credit activities. For example, the major agencies in the U.S. are primarily Equifax, Experian, and TransUnion. Likewise in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. It’s a relatively quick process, and you might be surprised what you find—anywhere to incorrect address information to bills falsely associated with your name. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.

Freeze your credit: Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
Consider using identity theft protection: A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity in addition to the activities I’ve listed above. Additionally, you can use a comprehensive security solution such as McAfee Total Protection to help protect your devices and data from known vulnerabilities and emerging threats.

Be your own best defense

For all the technology we have at our fingertips, our best defense is our eyes. Keeping a lookout for fishy activity and following up with family members when unfamiliar charges show up on your accounts will help you keep your good name in good standing.
The thing is, we never know when the next data breach might hit and how long it may be until that information is discovered and finally disclosed to you. Staying on top of credit has always been important, but given all our apps, accounts, and overall exposure these days, it’s a must.

Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Uber Data Breach and How to Protect Your Info appeared first on McAfee Blogs.

What is GPS spoofing?

 What is GPS spoofing?

Global positioning system (GPS) technology is now the standard way for travelers to efficiently get from point A to point B. While GPS delivers unparalleled opportunities to businesses and individuals, there are some drawbacks to using this technology. GPS devices can be vulnerable to cyber attacks through GPS spoofing.

GPS Spoofing 101

Global navigation satellite systems (GNSS) have been around for years in many industrialized countries, and GPS is just one of those systems.   GPS spoofing happens when someone uses a radio transmitter to send a counterfeit GPS signal to a receiver antenna to counter a legitimate GPS satellite signal. Most navigation systems are designed to use the strongest GPS signal, and the fake signal overrides the weaker but legitimate satellite signal.

Commercial Hazards of GPS Spoofing

GPS spoofing isn’t to be confused with GPS jamming. GPS jamming happens when a cyber criminal blocks GPS signals altogether. Selling or using GPS jamming equipment that can block communications is illegal in the United States. While GPS jamming appears to be the greater threat, GPS spoofing delivers a sucker punch to a variety of businesses.

GPS spoofing allows hackers to interfere with navigation systems without operators realizing it. The fake GPS feeds cause drivers, ship captains, and other operators to go off course without any coercion. Businesses that are particularly vulnerable to GPS spoofing are shipping companies, taxi services, and construction companies.

Shipping Companies

Shipping companies that haul freight via land, air, and sea all use GPS-based navigation systems to get cargo safely to destinations all over the world. GPS spoofing leaves these shipments vulnerable to hijacking and theft. A practical example of this is where hijackers use GPS spoofing to misdirect a vehicle to a location where its cargo can be robbed—and hid the truck’s location while it’s happening. Additionally, many shippers use GPS-enabled locks to secure their cargo, allowing them to open only when the truck arrives at its set destination. GPS spoofing undoes those locks as well. In all, this puts drivers in danger, and trucking companies lose millions of dollars of cargo each year due to hijacking incidents such as these.

Taxi and Ride Sharing Services

Gone are the days when taxi drivers relied solely on their knowledge of a city’s streets to transport passengers. Today’s taxi drivers can go into any city that their license allows and do their jobs efficiently with the use of GPS technology. This flexibility comes with some drawbacks, however. GPS spoofing allows drivers to fake their location and commit criminal acts while still on the clock. Drivers from ride services can also use the technique to fraudulently place themselves in surge areas to get more money for their services. Projecting a false location is a financial risk to companies and is potentially dangerous for passengers.

Construction Companies

While skilled construction workers are certainly valued, specialized tools, equipment, and machinery are the assets that many construction companies seek to track. These expensive assets commonly go missing on worksites, which eats into company profits. In recent years, GPS asset tracking systems have been installed to make sure construction equipment, tools, and machinery remain at authorized worksites. By using GPS spoofing, a thief could move an asset to a new location without anyone knowing about it until it was too late.

Dangers of GPS Spoofing for Everyone Else

GPS spoofing isn’t just a threat to businesses and government agencies; it also can be the catalyst for significant harm to individuals who rely on GPS. Cruising waterways along the coasts is a favorite hobby for those who enjoy boating.. Modern boats are equipped with GPS-based navigation systems. A cyber criminal can use GPS spoofing to get a skipper to steer his boat off course and into the path of danger from modern-day pirates.

The makers of location-based dating apps tout them as a safe way to meet a potential mate. These apps use GPS technology to help users identify dates by their location. When a bad actor uses GPS spoofing, he can fake his location or guide his date to a dangerous location.

The future of driving is now. Some electric cars are already equipped with an autopilot feature that offers unparalleled convenience to travel-weary drivers. However, independent research findings have uncovered a critical vulnerability in the cars’ navigation systems.  What will happen when fully autonomous, self-driving cars are made without steering devices that would allow a person to take control of their car during a GPS spoofing incident?

Tips to Combat GPS Spoofing Attacks

If you own a business that relies on GPS-based navigation systems, you’ll want to know the best ways to sabotage GPS spoofing attacks. The Department of Homeland Security points out some physical and procedural techniques to fight the problem. It recommends that companies hide GPS antennas from public view. GPS spoofing works well when an attacker can get close to an antenna and override legitimate GPS signals that come from orbiting satellites.

The agency suggests installing a decoy antenna that’s in plain view of would-be cyber criminals. Adding redundant antennas in different locations at your site allows you to notice if one antenna is being targeted for GPS spoofing. Companies such as Regulus Cyber are also developing GPS spoofing detection software that alerts users of spoofing incidents and keeps their devices from acting on spoofed GPS data.

Additionally, organizations should consider taking GPS-enabled equipment offline whenever connectivity isn’t actively required—thus making them less susceptible to attack. Likewise, following the basics of security hygiene provide further protection, such as regular updates and changing of passwords, along with the use of two-factor authentication, network firewalls, and other cyber defenses.

GPS Spoofing for Privacy

While GPS spoofing can cause big problems for people, businesses, and governments, there is a legitimate use for the practice. GPS tracking and location sharing present everyone with real privacy issues. GPS spoofing allows users to hide their actual location from those who could cause harm. Security companies can use GPS spoofing to guard high-profile clients or expensive merchandise. Individuals can install GPS spoofing apps for free on their Android phones to mask their locations and protect their privacy.

 

 

References
• https://en.wikipedia.org/wiki/GPS_signals
• https://medium.com/@theappninjas/what-are-gps-spoofing-apps-actually-doing-5c9f373540c4
• https://nordvpn.com/blog/gps-spoofing/
• https://play.google.com/store/apps/details?id=com.lexa.fakegps&hl=en_US
• https://www.csoonline.com/article/3393462/what-is-gps-spoofing-and-how-you-can-defend-against-it.html
• https://www.digitaltrends.com/mobile/gps-spoofing/
• https://www.gps.gov/spectrum/jamming/
• https://www.thedrive.com/the-war-zone/31092/new-type-of-gps-spoofing-attack-in-china-creates-crop-circles-of-false-location-data
• https://maximumridesharingprofits.com/drivers-can-get-deactivated-using-fake-gps-apps/
• https://www.prnewswire.com/il/news-releases/tesla-model-s-and-model-3-prove-vulnerable-to-gps-spoofing-attacks-as-autopilot-navigation-steers-car-off-road-research-from-regulus-cyber-shows-300871146.html
• https://www.regulus.com/blog/gps-spoofing-the-auto-cybersecurity-threat-hiding-in-plain-sight/
• https://www.csoonline.com/article/3393462/what-is-gps-spoofing-and-how-you-can-defend-against-it.html
• https://www.defense.gov/Explore/Features/story/Article/1674004/what-on-earth-is-the-global-positioning-system/

The post What is GPS spoofing? appeared first on McAfee Blogs.

What Security Means to Professionals

What Security Means to Professionals

Recently, we conducted a survey of 600 families and professionals in the U.S. to better understand what matters to them—in terms of security and the lives they want to lead online. The following article reflects what they shared with us, and allows us to share it with you in turn, with the aim of helping your workday go a little more smoothly.1

How many windows are open on your computer right now? Check out your browser. How many tabs do you have? If it’s a typical workday, you’ve probably run out of fingers counting them up.

Professionals put their computers through the paces. Consider the number of back-to-back meetings, video conferences, and presentations you lead and attend in a day, not to mention the time that you pour into work itself. Your computer has to keep up. It’s certainly no surprise that this is exactly the notion that came up in our research, time and time again.

What’s on the minds of professionals when it comes to their security?

In speaking with professionals about security, their answers largely revolved getting work done.

  • I need trusted apps and sites to work, always.
  • I need to maximize battery life while in transit or on a plane.
  • I need live presentations and demos to be seamless.
  • I need to multitask with multiple apps or multiple browser tabs open without locking up.
  • I need my computer to respond reliably and quickly without locking up.

While on the surface this may mean performance is top of mind, a closer look reveals that performance is often a function of security. A quick and easy example of this is the classic virus infection, where getting a virus on your computer can bring work to a screeching halt.

More broadly though, we see security as far more than just antivirus. We see it as protecting the person and helping them stay productive—giving them the tools to take care of the things that matter most to them. Thus, plenty of what we offer in a security suite focuses squarely on those concerns:

Battery optimization keeps you working longer without fretting over finding an outlet in the airport or simply working without wires for longer.

Password managers let you log into the apps and sites you count on without a second thought, also knowing that they’re securely stored and managed for protection.

Vulnerability scanners make sure that your apps always have the latest updates, which ensures you have all the upgraded features and security protocols that come along with those updates.

Inbox spam filters take yet another headache off your plate by removing junk mail before it can clutter up your inbox.

Secure VPN keeps data safe from prying eyes on public Wi-Fi in places like airports, hotels, and coffee shops, which gives you more independence to work in more places knowing that your information is secure.

Those are a few examples of specific features. Yet also important is that any security solution you use should your computer running quickly as well as smoothly. It should be lightweight and not hog resources so that your computer runs and responds quickly. (That’s a major focus of ours, where independent labs show that our performance is five times better than the average competitor.)

Where can professionals get started?

Drop by our page that’s put together just for professionals. We’ve gathered up several resources that’ll help you stay productive and safer too. Check it out, and we hope that it’ll keep you going whether you’re working on the road, in the office, or at home.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

  • Survey conducted in October 2019, consisting of 600 computer-owning adults in the U.S.

 

The post What Security Means to Professionals appeared first on McAfee Blogs.

What Security Means to Elders

senior using smartphone

What Security Means to Elders

Recently, we conducted a survey of 600 families and professionals in the U.S. to better understand what matters to them—in terms of security and the lives they want to lead online. The following article reflects what they shared with us, and allows us to share it with you in turn, with the aim of helping you and your family stay safer and more secure. 1

Findings from Pew Research Center show that internet usage by elders has risen from an average of 14% in 2000 to 67% on average 2017. As these numbers continue to rise, we wanted to find out what was important to them—particularly as more and more of their lives go online.

While many of us take shopping, surfing, and banking online for granted, they mark a dramatic shift for elders. They’ve gone from the days when banking meant banker’s hours and paper passbook to around-the-clock banking and a mobile app. And even if they use the internet sparingly, banking, finances, and commerce have gone digital. Their information is out there, and it needs to be protected.

The good news is, elders are motivated.

What’s on the minds of elders when it comes to their security?

Most broadly, this sentiment captures it well: Technology may be new to me, but I still want to be informed and involved. For example, elders told us that they absolutely want to know if something is broken—and if so, how to fix it as easily as possible. In all, they’re motivated to get smart on the topic of security, get educated on how to tackle risks, and gain confidence that they go about their time on the internet safely. Areas of interest they had were:

Identity protection: This covers a few things—one, it’s monitoring your identity to spot any initial suspicious activity on your personal and financial accounts before it becomes an even larger one; and two, it’s support and tools for recovery in the even your identity is stolen by a crook. (For more on identity theft, check out this blog.)

Social Security monitoring:  Government benefits are very much on the mind of elders, particularly as numerous agencies increasingly direct people to use online services to manage and claim those benefits. Of course, hackers and crooks have noticed. In the U.S., for example, Social Security identified nearly 63,000 likely fraudulent online benefit applications in fiscal 2018, according to the agency’s Office of the Inspector General, up from just 89 in fiscal 2015.

Scam prevention: An article from Protect Seniors Online cities some useful insights from the National Cyber Security Alliance and the Better Business Bureau. According to them there are five top scams in the U.S. that tend to prey on older adults.

  • Tech support scams are run by people, sometimes over the phone, that pretend to be from a reputable company, which will then ask for access to your computer over the internet, install malware, and then claim there’s a problem. After that, they’ll claim to “help” you by removing that malware—for an exorbitant fee.
  • Ransomware scams, where a crook will block access to your computer until you pay a sum of money. This is like the tech support scam, yet without the pretense of support—it’s straight-up ransom.
  • Tax scams that attempt to steal funds by instructing people to make payments to a scammer’s account. In the U.S., note that the IRS will not call to demand payment or appeal an amount you owe.
  • False debt collectors are out there too, acting in many ways like tax scammers. These will often come by way of email, where the hacker will hope that you’ll click the phony link or open a malicious attachment.
  • Sweepstakes and charity scams that play on your emotions, where you’re asked to pay to receive a prize or make a donation with your credit card (thereby giving crooks the keys to your account).

Where can professionals get started?

With that, we’ve put together several resources related to these topics. Drop by our site and check them out. We hope you’ll find some basic information and knowledge of behaviors that can keep you safe.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

Survey conducted in October 2019, consisting of 600 computer-owning  adults in the U.S

 

The post What Security Means to Elders appeared first on McAfee Blogs.

What Security Means to Families

digital parenting

What Security Means to Families

One truth of parenting is this: we do a lot of learning on the job. And that often goes double when it comes to parenting and the internet.

That’s understandable. Whereas we can often look to our own families and how we were raised for parenting guidance, today’s always-on mobile internet, with tablets and smartphones almost always within arm’s reach, wasn’t part of our experience growing up. This is plenty new for nearly all of us. We’re learning on the job as it were, which is one of the many reasons why we reached out to parents around the globe to find out what their concerns and challenges are—particularly around family safety and security in this new mobile world of ours.

 Just as we want to know our children are safe as they walk to school or play with friends, we want them to be just as safe when they’re online. Particularly when we’re not around and there to look over their shoulder. The same goes for the internet. Yet where we likely have good answers for keeping our kids safe around the house and the neighborhood, answers about internet safety are sometimes harder to come by.

Recently, we conducted a survey of 600 families and professionals in the U.S. to better understand what matters to them—in terms of security and the lives they want to lead online. The following article reflects what they shared with us, and allows us to share it with you in turn, with the aim of helping you and your family stay safer and more secure. 1

What concerns and questions do parents have about the internet?

The short answer is that parents are looking for guidance and support. They’re focused on the safety of their children, and they want advice on how to parent when it comes to online privacy, safety, and screen time. Within that, they brought up several specific concerns:

Help my kids not feel anxious about growing up in an online world.

There’s plenty wrapped up in this statement. For one, it refers to the potential anxiety that revolves around social networks and the pressures that can come with using social media—how to act, what’s okay to post and what’s not, friending, following, unfriending, unfollowing, and so on—not to mention the notion of FOMO, or “fear of missing out,” and anxiety that arises from feelings of not being included in someone else’s fun.

Keep my kids safe from bullying, or bullying others.

Parents are right to be concerned. Cyberbullying happens. In a study spanning 30 countries, one child in three has said they’ve been the victim of cyberbullying according to a study conducted by UNICEF. On the flip side of that, a 2016 study of more than 5,000 students in the U.S. by the Cyberbullying Research Center reported that 11.5% of students between 12 and 17 indicated that they had engaged in cyberbullying in their lifetime.

Feel like I can leave my child alone with a device without encountering inappropriate content.

If we think of the internet as a city, it’s the biggest one there is. For all its libraries, playgrounds, movie theatres, and shopping centers, there are dark alleys and derelict lots as well. Not to mention places that are simply age appropriate for some and not for others. Just as we give our children freer rein to explore their world on their own as they get older, the same holds true for the internet. There are some things we don’t want them to see and do.

Balance the amount of screen time my children get each day.

Screen time is a mix of many things—from schoolwork and videos to games and social media. It has its benefits and its drawbacks, depending on what children are doing and how often they’re doing it. The issue often comes down to what is “too much” screen time, particularly as it relates to the bigger picture of physical activity, face-to-face time with the family, hanging out with friends, and getting a proper bedtime without the dim light of a screen throwing off their sleep rhythms.

Where can parents get started?

Beyond our job of providing online security for devices, our focus at McAfee is on protecting people. Ultimately, that’s the job we aim to do—to help you and your family be safer. Beyond creating software for staying safe, we also put together blogs and resources that help people get sharp on the security topics that matter to them. For parents, check out this page which puts forward some good guidance and advice that can help. Check it out, and we hope that you’ll find even more ways you can keep you and your family safe.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

 

  • Survey conducted in October 2019, consisting of 600 computer-owning adults in the U.S.

 

The post What Security Means to Families appeared first on McAfee Blogs.