Category Archives: internet security

Attention Red Dead Redemption 2 Players: Dodge This New Download Scam

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a profit on these downloads.

You’re probably wondering how exactly this scam works. It first begins with cybercriminals planting their phony download traps in ads on platforms like YouTube, Twitter, and blog postings. With other, less sophisticated scams, a user would be prompted to install several bundled applications at this point, each one generating revenue for the scammer. But this scheme works a little bit differently. When the user clicks on the “download” button, they are presented with a fake install screen showing the progression of the game’s download process.  The fake install takes about an hour to complete, further giving the illusion that a large file is actually being downloaded on the user’s device.

Once the fake installation is complete, the user is asked to enter a nonexistent license key (a pattern of numbers and/or letters provided to licensed users of a software program). If a user clicks on one of the buttons on this screen, they are redirected to a website asking for human verification in the form of surveys and questionnaires. These surveys trick the user into divulging their personal information for the cybercriminal’s disposal. What’s more, the scammer earns revenue for their malicious acts.

Because this scheme tricks users into handing over their personal information, it affects a victim’s overall privacy. Luckily, there are steps users can take to combat this threat:

  • Browse with caution. Many scammers target gamers through popular websites like YouTube and Twitter to push out malicious content. Use discretion when browsing these websites.
  • Only download content from trusted sources. If you come across a download offer that seems too good to be true, it probably is. Only download software from legitimate sources and avoid sites if you can’t tell whether they are trustworthy or not.
  • Use security software to browse the internet. Sometimes, it can be hard to distinguish whether a site is malicious or not. Security solutions like McAfee WebAdvisor can detect the URLs and scam installers associated with this threat.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Red Dead Redemption 2 Players: Dodge This New Download Scam appeared first on McAfee Blogs.

What Your Password Says About You

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is easy to remember rather than super secure.

The urge to pick simple passwords is understandable given the large number of passwords that are required in our modern lives—for banking, social media, and online services, to simply unlocking our phones. But choosing weak passwords can be a major mistake, opening you up to theft and identity fraud.

Even if you choose complicated passwords, the recent rash of corporate data breaches means you could be at even greater risk by repeating passwords across accounts. When you repeat passwords all a hacker needs to do is breach one service provider to obtain a password that can unlock a string of accounts, including your online banking services. These accounts often include identity information, leaving you open to impersonation. The bad guys could open up fraudulent accounts in your name, for example, or even collect your health benefits.

So, now that you know the risks of weak password security, let’s see what your password says about you. Take this quiz to find out, and don’t forget to review our password safety tips below!

Password Quiz – Answer “Yes” or “No”

  1. Your passwords don’t include your address, birthdate, anniversary, or pet’s name.
  2. You don’t repeat passwords.
  3. Your passwords are at least 8 characters long and include numbers, upper and lower case letters, and characters.
  4. You change default passwords on devices to something hard to guess.
  5. You routinely lock your phone and devices with a passcode or fingerprint.
  6. You don’t share your passwords with people you’re dating or friends.
  7. You use a password manager.
  8. If you write your passwords down, you keep them hidden in a safe place, where no one else can find them.
  9. You get creative with answers to security questions to make them harder to guess. For example, instead of naming the city where you grew up, you name your favorite city, so someone who simply reads your social media profile cannot guess the answer.
  10. You make sure no one is watching when you type in your passwords.
  11. You try to make your passwords memorable by including phrases that have meaning to you.
  12. You use multi-factor authentication.

Now, give yourself 1 point for each question you answered “yes” to, and 0 points for each question you answered “no” to. Add them up to see what your password says about you.

9-12 points:

You’re a Password Pro!

You take password security seriously and know the importance of using unique, complicated passwords for each account. Want to up your password game? Use multi-factor authentication, if you don’t already. This is when you use more than one method to authenticate your identity before logging in to an account, such as typing in a password, as well as a code that is sent to your phone via text message.

4-8 points

You’re a Passable Passworder

You go through the basics, but when it comes to making your accounts as secure as they can be you sometimes skip important steps. Instead of creating complicated passwords yourself—and struggling to remember them—you may want to use a password manager, and let it do the work for you. Soon, you’ll be a pro!

1-3 points

You’re a Hacker’s Helper

Uh oh! It looks like you’re not taking password security seriously enough to ensure that your accounts and data stay safe. Start by reading through the tips below. It’s never too late to upgrade your passwords, so set aside a little time to boost your security.

Key Tips to Become a Password Pro:

  • Always choose unique, complicated passwords—Try to make sure they are at least 8 characters long and include a combination of numbers, letters, and characters. Don’t repeat passwords for critical accounts, like financial and health services, and keep them to yourself.Also, consider using a password manager to help create and store unique passwords for you. This way you don’t have to write passwords down or memorize them. Password managers are sometimes offered as part of security software.
  • Make your password memorable—We know that people continue to choose simple passwords because they are easier to remember, but there are tricks to creating complicated and memorable passwords. For instance, you can string random words together that mean something to you, and intersperse them with numbers and characters. Or, you can choose random letters that comprise a pattern only know to you, such as the fist letter in each word of a sentence in your favorite book.
  • Use comprehensive security software—Remember, a strong password is just the first line of defense. Back it up with robust security softwarethat can detect and stop known threats, help you browse safely, and protect you from identity theft.

For more great password tips, go here.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Homeon Twitter, and like us on Facebook.

The post What Your Password Says About You appeared first on McAfee Blogs.

The Top Security Breaches in History

By Telemessage, Technology has indeed enabled companies of all sizes and nature to rethink and innovate the way they do business. Through the power of the internet, digital platforms, and

The post The Top Security Breaches in History appeared first on The Cyber Security Place.

Don’t Get PWNed by Fake Gaming Currency Sites

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and time-consuming to complete. As a result, many players look to various websites as an easier way to download more gaming currency. Unfortunately, malicious actors are taking advantage of this trend to scam gamers into downloading malware or PUPs (potentially unwanted programs).

There are a variety of techniques scammers use to trick players into utilizing their malicious sites. The first is fake chat rooms. Scammers will set up seemingly legitimate chat rooms where users can post comments or ask questions. What users don’t know is that a bot is actually answering their inquiries automatically. Scammers also ask these victims for “human interaction” by prompting them to enter their personal information via surveys to complete the currency download. What’s more – the message will show a countdown to create a sense of urgency for the user.

These scammers also use additional techniques to make their sites believable, including fake Facebook comments and “live” recent activity updates. The comments and recent activity shown are actually hard-coded into the scam site, giving the appearance that other players are receiving free gaming currency.

These tactics, along with a handful of others, encourage gamers to use the scam sites so cybercriminals can distribute their malicious PUPs or malware. So, with such deceptive sites existing around the internet, the next question is – what can players do to protect themselves from these scammers? Check out the following tips to avoid this cyberthreat:

  • Exercise caution when clicking on links. If a site for virtual currency is asking you to enter your username, password, or financial information, chances are the website is untrustworthy. Remember, when in doubt, always err on the side of caution and avoid giving your information to a site you’re not 100% sure of.
  • Put the chat room to the test. To determine if a chat site is fake, ask the same question a few times. If you notice the same response, it is likely a phony website.
  • Do a Google search of the Facebook comments. An easy way to check if the Facebook comments that appear on a site are legitimate is to copy and paste them into Google. If you see a lot of similar websites come up with the same comments in the description, this is a good indication that it is a scam site.
  • Use security software to surf the web safely. Products like McAfee WebAdvisor can help block gamers from accessing the malicious sites mentioned in this blog.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.

McAfee Blogs: Don’t Get PWNed by Fake Gaming Currency Sites

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and time-consuming to complete. As a result, many players look to various websites as an easier way to download more gaming currency. Unfortunately, malicious actors are taking advantage of this trend to scam gamers into downloading malware or PUPs (potentially unwanted programs).

There are a variety of techniques scammers use to trick players into utilizing their malicious sites. The first is fake chat rooms. Scammers will set up seemingly legitimate chat rooms where users can post comments or ask questions. What users don’t know is that a bot is actually answering their inquiries automatically. Scammers also ask these victims for “human interaction” by prompting them to enter their personal information via surveys to complete the currency download. What’s more – the message will show a countdown to create a sense of urgency for the user.

These scammers also use additional techniques to make their sites believable, including fake Facebook comments and “live” recent activity updates. The comments and recent activity shown are actually hard-coded into the scam site, giving the appearance that other players are receiving free gaming currency.

These tactics, along with a handful of others, encourage gamers to use the scam sites so cybercriminals can distribute their malicious PUPs or malware. So, with such deceptive sites existing around the internet, the next question is – what can players do to protect themselves from these scammers? Check out the following tips to avoid this cyberthreat:

  • Exercise caution when clicking on links. If a site for virtual currency is asking you to enter your username, password, or financial information, chances are the website is untrustworthy. Remember, when in doubt, always err on the side of caution and avoid giving your information to a site you’re not 100% sure of.
  • Put the chat room to the test. To determine if a chat site is fake, ask the same question a few times. If you notice the same response, it is likely a phony website.
  • Do a Google search of the Facebook comments. An easy way to check if the Facebook comments that appear on a site are legitimate is to copy and paste them into Google. If you see a lot of similar websites come up with the same comments in the description, this is a good indication that it is a scam site.
  • Use security software to surf the web safely. Products like McAfee WebAdvisor can help block gamers from accessing the malicious sites mentioned in this blog.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.



McAfee Blogs

Holiday Stress Can Make You More Careless Online

Holiday stress. Every year, come November, my resting heart rate starts to rise: the festive season is approaching. Not only is there so much to do but there’s so much to spend money on. There are presents to purchase, feasts to prepare and party outfits to buy. Throw in a holiday to fill the long Summer break, and both the credit cards and my stress levels are starting to rapidly increase!

Holiday Financial Stress Results in Poor Decision Making Online

But did you know that this stress can affect our online safety? Research conducted by McAfee shows that almost 80% of us believe the holiday period causes financial stress. And nearly half of us (46%) believe the stress of the holiday season can cause us to behave carelessly online.  Risky behaviours can put our online safety at risk. For instance, using public Wi-Fi to snag a last-minute purchase. Or buying something from an unfamiliar website because it’s cheaper.

Aussie Shoppers Love an Online Bargain 

In 2017, Aussies spent a record $21.3 million online – a whopping 19% increase over 2016. McAfee’s research shows that Aussie consumers love securing a bargain online – who doesn’t!! But many will seek out a great deal even if it means potentially jeopardising their online safety. The research shows that 64% of consumers are willing to use an unfamiliar website if it means they can save money on their purchase. Even more concerning, a third of Aussies admitted to clicking links in suspicious emails for better deals!! Yikes!!

The Thing Is, Cyber Criminals Love Your Holiday Shopping Too

Cyber criminals work very hard to take advantage of us during the busy Holiday season. They come up with all sorts of ingenious ways to target time-poor and budget-conscious consumers online. They know very well that many of us will cut corners with our online security. Particularly if we think we can save money on presents, outfits or even a holiday.

And they scheme accordingly: charity phishing emails, fake online stores, bogus delivery emails, e-voucher scams and more. Cyber criminals have tried and tested strategies to either steal our personal information or our identity.

How You Can Stay Safe While Shopping Online This Holiday Season

So, don’t feel like you need to battle the crowds at Westfield this festive season. You can still shop online safely if you follow a few simple steps:

  1. Connect with Caution

Public Wi-Fi is just so convenient, but it is a risky business. Users could unknowingly share their personal information with cyber criminals who are snooping on the network. So, if you absolutely have to use public Wi-Fi for a great online shopping deal, always use a Virtual Private Network (VPN) such as McAfee Safe Connect which creates a bank-grade encrypted connection.

  1. Think Before You Click

One of the easiest ways for a cyber criminal to target victims is using phishing emails to trick consumers into sharing their personal information. Phishing emails could be disguised as holiday savings or even a shopping notification. Instead of clicking on a link in an email, always check directly with the source to verify an offer or shipment.

  1. Always Shop with Security Protection

Shopping online without security protection is like driving without a seat belt – dangerous! Comprehensive antivirus software like McAfee Total Protection will help shield your devices against malware, phishing attacks and other threats. It also provides a firewall, an anti-spam function, parental controls and a password management tool. A complete no-brainer!

But this year, I’m going to commit to lowering my stress. That way I can really enjoy my time with my family and friends. To get ahead of the game I plan to:

  • Start my online shopping earlier so I don’t ‘cut corners’ with my online safety,
  • Create a realistic budget, and
  • Start filling my freezer with some holiday food – now

And most importantly, get that resting heart rate under control!!

Happy Holidays Everyone!

Alex xx

The post Holiday Stress Can Make You More Careless Online appeared first on McAfee Blogs.

At What Age Should Kids Join Social Media?

Last week, I waved goodbye to my eldest son as he moved halfway across the world to study for a year. I was so emotional at the airport – I couldn’t talk! After many cups of tea and even more stares in an airport café, I had no more tears left and was finally able to pull it together. I must have looked like a crazy cat!

Letting go of our kids is tough. Whether it’s their first day of school, their first sleepover, their first girlfriend or boyfriend or their first social media account – these steps towards independence can be enough to send many of us into a tailspin.

How Do We Know When Our Kids Are Ready for More Independence?

Our main job as parents is to raise our kids to be independent, law-abiding individuals who are autonomous. But every child is different with some maturing far quicker than others. So, how do we know when our kids are ready for important life milestones, particularly joining social media?

What Does the Law Say?

While there is no Australian law that dictates the minimum age kids need to be to join social media, most social media platforms require their users to be 13 years old to set up an account. This is a result of a US federal law, the Children’s Online Privacy Protection Act (COPPA), which affects any social media platform that US citizens can join. So, therefore it affects nearly all social media platforms worldwide.

What Happens in Reality?

Rightly or wrongly, many kids join social media before the age of 13. Some do this with the consent of their parents, while many don’t. In recognition of the ‘reality of the situation’, many big-time social media players, including Mark Zuckerberg, have been critical of the COPPA legislation claiming it is unrealistic. Zuckerberg even committed to trying to get it overruled – so far, no news!

And this reality hasn’t escaped the attention of the big players. Earlier this month, Instagram released a parent’s guide in which they acknowledge that ‘many younger children (under 13) use the service, often with their parents’ permission’. The parent’s guide, produced in conjunction with US internet safety group Connect Safely, also advised parents that banning social media may not be the best solution to managing their teen’s digital socialising. Instead they suggest parents should ensure the lines of communication are always open so that they can work with their kids to find appropriate ways of managing their digital lives. Pretty sound advice if you ask me, but Instagram was criticised for offering self-serving advice and encouraging youngsters to get online.

What to Do?

As the mother of four boys, I can unreservedly tell you that a ‘one size fits all’ approach does not cut it when raising kids. Every child is different. Some kids are more robust and resilient while others are more sensitive and emotional. And that’s OK. The worst thing we can do as parents is assume milestones must be met at the same time everyone else’s children do.

Just like with toilet training, sleepovers and co-ed parties, you (as the parent) are the absolute best judge of when your child is ready for these key steps. And social media is no different. Yes, there is a plethora of advice from experts and ‘experienced’ parents to consider but ultimately, it’s your call as the parent.

What To Consider When Deciding When Your Child Should Join Social Media

So, here are some things to consider when deciding if, and when your child should join social media. If your tween has already gone ahead and joined, then why not use these points to refine the current usage strategy.

1. Are They Ready?

Chances are your tween will be busting to get onto social media and will absolutely consider themselves ‘ready’! In fact, they may have already gone ahead and created their own profile without consulting you. But if they haven’t and you have a close connection with your kids, then you have a golden opportunity to assess their readiness.

You may decide that your under 13-year-old is mature enough and help them set up social media accounts and profiles. Many believe social media is an inevitable, unavoidable milestone and that it’s best to manage it proactively to avoid underground activity. You may require passwords to be shared and for posts to be approved before they are uploaded. If they have proved themselves to be trustworthy after a period of time, you may choose to be less involved.

However, if you have a child who is less mature and who tends to be anxious, you may insist they wait till 13. As we all know, it is not always pretty online. A certain level of resilience and a decent dose of perspective is essential to ride out the bumps. If there is any pushback from your tween then just talk a lot about the COPPA legislation!

2. Family Policy

If you have a tribe of kids, you may want to consider a family policy on the age your offspring can join social media. Although I am not a believer in ‘one size fits all’, I can tell you from experience that the perception of fairness in a family is very powerful. The arguments over who gets the bigger piece of cake or whose turn it is to sit in the front seat can drove you bonkers!

3. Workshop the ‘Likes Culture’ Before They Embark on their Social Media Careers

The quest to get likes online can become all encompassing, particularly when you are navigating your way through your teenage years. Before your kids join up, please have several conversations about the dangerous ‘culture of likes’ that is pervading the online world. Likes are viewed as a measure of social acceptance for many teenagers. The number of likes they do (or don’t) receive can affect their self-esteem and confidence which is very concerning. Please ensure your kids are NOT defined by the number of likes on a post and that this number is NOT reflective of their worth.

4. Set the Ground Rules

Regardless of whether your tween is about to embark on the social media journey or whether they have taken the advanced route, a family technology contract can be a great way of clarifying and formalising your expectations of both their social media usage and behaviour online. If you are looking for a good place to start, check out the contract that The Modern Parent uses. Obviously adapt it for your own situation and children’s needs, but ensure it covers key points including time spent online, sharing of personal information and what to do if a stranger tries to befriend you or if you receive online abuse.

Personally, I think 13 is a great age to kick off one’s social media career. I’m a fan of risk management and I really believe the older kids are, the better they can deal with complex online situations. But I also believe you should trust your gut as a parent. You may have a very mature 12-year-old, with a host of older siblings, who is busting to get on Instagram. Working with them to set up a profile, sharing passwords and mentoring them through their entrée to social media may be a much better option than pushing this inevitable step underground and off your radar.

So, over to you parents. This is your call! And just to inspire you a little more, let me just borrow some words from Scottish actor and father of 4 daughters, Ewan McGregor:

 ‘The thing about parenting rules is there aren’t any. That’s what makes it so difficult.’

Good luck!

Alex xx

The post At What Age Should Kids Join Social Media? appeared first on McAfee Blogs.

Connected or Compromised? How to Stay Secure While Using Push Notifications

You’re probably familiar with push notifications – messages sent by app publishers that pop up on your desktop or mobile device. Browser push notifications are messages from websites that users have granted permission to serve them the latest news without having to open the actual website. While push notifications are a handy way to stay current with social media and the latest news from your favorite apps, the researchers here at McAfee have observed that these notifications have some compromising features, which impact both Chrome and Firefox browsers.

It turns out there are some real cybersecurity risks involved with taking advantage of the convenience of browser push notifications. That’s because to show push notifications, website owners must utilize pop-up ads that first request permission to show notifications. Essentially, users are tricked into thinking that the request is coming from the host site instead of the pop-up. This feature is currently being exploited by adware companies, which are using it to load unwanted advertisements onto users’ screens. Often times, these ads contain offensive or inappropriate material and users can even be exposed to irritating pop-ups that could potentially lead to viruses and malware.

So, how can users enjoy the convenience of push notifications without putting themselves at risk of a cyberattack? Check out the following tips:

  • Follow Google Chrome’s instructions on how to allow or block notifications. Check out this step-by-step guide to customize which sites you receive push notifications from and which ones you don’t.
  • Customize your Firefox notification options. You can check the status of which sites you have given permission to send notifications your way and choose whether to have the browser always ask for permission, allow or block notifications.
  • Use parental controls.No one wants inappropriate ads, especially parents of young children. To prevent exposing your kids to the inappropriate adverts that could result from push notifications, implement parental controls on your desktop. This additional filtering could prevent your child from accidentally clicking on malicious content that could infect your device.
  • When in doubt, block it out. If you come across a push notification pop-up from a suspicious-looking website or unfamiliar app, click on the ‘Block’ option to stay on the safe side.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Connected or Compromised? How to Stay Secure While Using Push Notifications appeared first on McAfee Blogs.

How to Protect Yourself from Tech Support Imposters

Many of us rely on our technology throughout our everyday lives. So, when something goes wrong, we look to tech support to save the day. Unfortunately, cybercriminals have used our reliance on tech support to make a profit in the form of tech support scams. And now it appears that a brand new scheme has emerged, which has disguised itself as a McAfee tech support pop-up and is going after victims’ financial information.

While there have been other tech support scams impersonating McAfee, this one is a bit different. Previous scams would redirect users to McAfee’s site using an affiliate link (site clicks generate commission), whereas this one starts by stating the user’s subscription is about to expire.

If the user believes the faulty expiration messages and clicks on the “Renew Now” button, they will be prompted to enter their credit card and personal information. Once the user submits this information, they will be redirected to a page asking to call a tech support number to set up the service. The so-called “agent” will refer to themselves as “Premium Technical Support” and claim to be either McAfee or a partner of McAfee. They will then request to remotely connect to the user’s device in order to install the software and will tell the user that the credit card information did not go through. At this point, the victim will be prompted to purchase the software through McAfee’s site and connect to what appears to be a McAfee affiliate link – which actually distributes adware and unwanted software.

Essentially, these victims were just tricked into giving up their credit card information to scammers and their device could potentially be infected with malware. They’re now at risk of having even more information swooped and could even be a victim of identity fraud. Fortunately, there are proactive steps these users can take to avoid these scams and keep their data safe. Start by following these tips:

  • Go straight to the source. If you receive a pop-up claiming to be from a company, do not click on it. Instead, go directly to the company’s website. From here you will be able to get in contact with the company’s real tech support and check the status of your subscription. If you are a McAfee customer, you can always reach us at https://service.mcafee.com/.
  • Be extremely cautious about giving out personal information. Before handing over your personal or credit card information, do your homework. Research the company and check the customer reviews. If you decide to make a purchase, make sure it is directly from the company’s website.
  • Be suspicious of callers claiming to be tech support. You need to field each call from a random number with caution, especially if they reached out to you first. Never respond to unsolicited calls or pop-ups warning you of a technical issue, and never let anyone remotely take over your device.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How to Protect Yourself from Tech Support Imposters appeared first on McAfee Blogs.

As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack

Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more than six million websites with malware scanners to arrive at this figure, noting that there was also a six percent decrease in websites being blacklisted over the previous year.

Many internet users rely on these search engines to flag malicious websites and protect them as they surf the web, but this decline in blacklisting sites is leaving many users just one click away from a potential attack. This disregard of a spam attack kit on search engine results for these infected sites can lead to serious disruption, including a sharp decline in customer trust. Internet users need to be more vigilant than ever now that search engines are dropping the ball on blacklisting infected sites, especially considering that total malware went up to an all-time high in Q2, representing the second highest attack vector from 2017-2018, according to the recent McAfee Labs Threats Report.

Another unsettling finding from the report was that incidents of cryptojacking have doubled in Q2 as well, with cybercriminals continuing to carry out both new and traditional malware attacks. Cryptojacking, the method of hijacking a browser to mine cryptocurrency, saw quite a sizable resurgence in late 2017 and has continued to be a looming threat ever since. McAfee’s Blockchain Threat Report discovered that almost 30,000 websites host the Coinhive code for mining cryptocurrency with or without a user’s consent—and that’s just from non-obfuscated sites.

And then, of course, there are just certain search terms that are more dangerous and leave you more vulnerable to malware than others. For all of you pop culture aficionados, be careful which celebrities you digitally dig up gossip around. For the twelfth year in a row, McAfee researched famous individuals to assess their online risk and which search results could expose people to malicious sites, with this year’s Most Dangerous Celebrity to search for being “Orange is the New Black’s” Ruby Rose.

So, how can internet users protect themselves when searching for the knowledge they crave online, especially considering many of the most popular search engines simply aren’t blacklisting as many bot malware infected sites as they should be? Keep these tips in mind:

  • Turn on safe search settings. Most browsers and search engines have a safe search setting that filters out any inappropriate or malicious content from showing up in search results. Other popular websites like iTunes and YouTube have a safety mode to further protect users from potential harm.
  • Update your browsers consistently. A crucial security rule of thumb is always updating your browsers whenever an update is available, as security patches are usually included with each new version. If you tend to forget to update your browser, an easy hack is to just turn on the automatic update feature.
  • Be vigilant of suspicious-looking sites. It can be challenging to successfully identify malicious sites when you’re using search engines but trusting your gut when something doesn’t look right to you is a great way of playing it safe.
  • Check a website’s safety rating. There are online search tools available that will analyze a given URL in order to ascertain whether it’s a genuinely safe site to browse or a potentially malicious one infected with bot malware and other threats.
  • Browse with security protection. Utilizing solutions like McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, or McAfee Total Protection, a comprehensive security solution that protects devices against malware and other threats, will safeguard you without impacting your browsing performance or experience.

To keep abreast of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

Aussie Ruby Rose is McAfee’s Most Dangerous Celebrity

Keeping up to date with celebrity gossip is a sport for many of us. Staying on top of what your favourite celebrity wore to the latest Hollywood shindig and, of course who they were with can be very time consuming and often require extensive searching! But did you know that searching for your favourite celebrity can actually put your personal security at risk?

Every year McAfee, the device-to-cloud cybersecurity company, undertakes global research, entitled Most Dangerous Celebrities, to identify which celebrities generate the riskiest search results which could potentially expose fans to malicious websites and risky downloads. And in 2018, the top spot was filled for the first time ever by an Australian celebrity: actress and television presenter Ruby Rose.

The very talented Ruby Rose kicked off her career as a hugely popular VJ (video jockey) on MTV. Before long, she went on to enjoy great success as a model, television presenter and then actress with her role as Stella Carlin in the cult series Orange Is The New Black. Ruby’s casting as Batwoman in the upcoming television series would have no doubt assisted in propelling her to first position.

Who Are the Most Dangerous Celebrities to Search For in 2018?

In the global list of Most Dangerous Celebrities, American reality TV star, Kristin Cavallari finished behind Rose at No. 2, followed by French actress Marion Cotillard (No. 3), the original Wonder Woman Lynda Carter (No. 4), Aussie actress Rose Byrne (No. 5), star of Will and Grace Debra Messing (No. 6), reality TV star Kourtney Kardashian (No. 7), actress Amber Heard (No. 8), American morning TV show host Kelly Ripa (No. 9), and finally Orange Is The New Black actor, Brad William Henke round out the top 10.

American actress Lucy Liu topped Australia’s list of the Most Dangerous Celebrities to search for. The top 10 list was littered with Aussie celebrities as well, including Naomi Watts (No. 2), Cate Blanchett (No 4.), Elle Macpherson (No.9) and Margot Robbie (No.10).

Interestingly, Aussie morning TV show host Sonya Kruger came in at number 17 on the list, a notable mention after appearing alongside other Australian TV stars, such as Carrie Bickmore and Georgie Gardiner in the recent fake Facebook ads scamming unsuspecting victims into purchasing face cream subscriptions. The recent Facebook scam demonstrates how cybercriminals capitalise on our love of celebrity when trying to trap unsuspecting consumers into scams.

Cybercriminals Capitalise on our ‘Celebrity Culture’

Online scammers and cybercriminals are always looking at new ways to get their hands on our private information with the aim of making big bucks. Tapping into our love of celebrity, cybercriminals will create professional looking websites that contain downloads which contain spyware or malware. These malicious celebrity sites may also require users to set up an account. Unsuspecting visitors will then provide their email addresses and passwords to the site not realising that their details have been compromised.

Our fast-paced modern lives mean that we often cut corners in the name of speed and convenience. Some of us are just so keen to view the promised content about our favourite celebrity that we drop our guard and don’t take the time to ensure the site is legitimate.

But not taking the time to ensure a link is safe means fans are not only putting their devices at risk of infection from viruses, but themselves at risk of identity theft.

How to Avoid Being Targeted by a Cyber Criminal

One of the best ways of staying safe online and avoiding falling victim to a scam is to adopt safe searches practices. Here are my top tips to ensure you stay out of trouble!

1. Think Before You Click

Users looking for a sneak-peek of Ruby Rose’s upcoming Batwoman series should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.

2. Apply Updates as Soon as they are Available

Device and app updates will often include security fixes. Applying updates is an important step to help ensure devices stay protected.

3. Browse with Security Protection

Searching and browsing without security software is a little like navigating a foreign city with any guidelines. McAfee Total Protection is a comprehensive security solution that can help keep devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can help identify malicious websites – very helpful!

4. Use Parental Control Software

Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimise exposure to potentially malicious or inappropriate websites.

Whether you celebrity watch because you are enamoured, envious or inspired, please don’t let your hobby put you at risk of identity theft. Ensure you (and your kids) search safely so you can stay out of the way of cybercrims and their scams!

Alex x

 

The post Aussie Ruby Rose is McAfee’s Most Dangerous Celebrity appeared first on McAfee Blogs.

McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage

Every rose has its thorn, right? Apparently, the same goes for actress Ruby Rose, as her newfound popularity from “Orange is the New Black” has made her both famous, and maybe even dangerous. At least when it comes to online interactions. You heard correctly, the newly announced Batwoman has also been crowned McAfee’s Most Dangerous Celebrity this year. For the twelfth year in a row, McAfee researched famous individuals to reveal the riskiest celebrity to search for online, or, which search results could expose fans to malicious sites. Ruby Rose took home the top spot in 2018, but curious about who the runner-ups are? Here’s the full list:

Recent popular reality and sitcom shows have driven some stars (Kristin Cavallari, Debra Messing, Kourtney Kardashian) to the top of our list. Which is one of the few reasons this list is so different than last year’s. Unlike 2017’s list of Most Dangerous Celebrities, musicians ranked low on this year’s list. Adele was the highest ranked musician at No. 21 followed by Shakira (No. 27), 2017’s top celebrity Avril Lavigne (No. 30), and Lady Gaga (No. 35).

So, whether you’re looking up what Ruby did on the latest “Orange is the New Black” episode, or what Kristin Cavallari wore the latest awards show, make sure you’re searching the internet safely. To keep your internet activity secure and danger-free, follow these tips:

  • Be careful what you click. Users looking for a sneak-peek of the CW series, Batwoman starring Ruby Rose should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
  • Apply system and application updates as soon as they are available. Very often the operating system and application updates include security fixes. Applying updates is an important step to help ensure devices stay protected.
  • Browse with security protection. McAfee Total Protection is a comprehensive security solution that can help keep devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can help protect against going to malicious websites.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage appeared first on McAfee Blogs.

Announcing McAfee’s Evolved Consumer Product Portfolio

Every fall the leaves change colors, sweaters replace sundresses, and new changes are afoot. Especially for us at McAfee. In fact, we’re announcing quite a few changes to our consumer security portfolio this fall. Tailored to the increasingly connected world we live in, our evolved line of products focuses on better performance, better ransomware protection, and a holistic approach to securing every facet of a connected consumer’s life. Curious how exactly our lineup does that? Allow us to break it down.

First, there are a few key product updates. In exciting news, McAfee Identity Theft Protection and McAfee Safe Family are now both included in McAfee Total Protection and McAfee LiveSafe. Additionally, McAfee Ransom Guard and PC Boost have been added to the entire product lineup, which includes McAfee AntiVirus, McAfee AntiVirus Plus, and McAfee Internet Security. Now, let’s get into a few specifics about product performance.

Improved Performance

McAfee’s core lineup of products now sends malware analysis to the McAfee Global Threat Intelligence (GTI) cloud, which means fewer system resources are required, and PCs can work at optimal speeds. Beyond that, we’ve also implemented a few key PC enhancements, including:

  • McAfee App Boost – Helps resource-hungry apps complete tasks more quickly by automatically allocating more resources to applications the customer is actively using.
  • McAfee Web Boost – Prevents unwanted or unrequested downloads and system activity caused by auto-play videos resulting in reduced bandwidth and resource consumption.

There are a few notable mobile enhancements as well, which include:

  • McAfee Mobile Security – Fully redesigned to deliver a more intuitive and engaging user experience.
  • McAfee Mobile Security for Android – Now includes machine learning capabilities within the mobile AV engine, which provides more efficient scanning and faster malware detection.
  • McAfee Mobile Security for iOS – New Wi-Fi Threat Scan shows the security status of the connected Wi-Fi network and alerts users if the Wi-Fi network they are connected to is at risk.

Increased Ransomware Protection

Ransomware attacks have shown no signs of slowing, which is why last year McAfee introduced a machine learning-based anti-virus engine with Real Protect to protect consumers from modern-day threats. And now we’ve updated our features to continue the fight against these advanced attacks. New features include:

  • McAfee Ransom Guard – Adds another layer of protection on the PC which monitors for suspicious file changes, warns the user when ransomware may be at work and suggests recommended actions for remediation. Additionally, this technology allows McAfee to detect many variants of zero-day ransomware.
  • Virus Protection Pledge – This year’s lineup extends the guarantee to six additional languages. If a customer enrolled in automatic renewal gets a virus with protection turned on, the customer support team will remove it, or the customer will receive a refund.

Protecting People’s Digital Lives

As people become more and more connected in the modern digital era, they’re in need of protection in every part of their online life. That’s why McAfee’s new lineup now includes features that make it easier than ever to protect what matters most. This includes:

  • McAfee Safe Family – Provides parents the visibility and controls needed to keep their children safer online when they use their PCs, smartphones, and tablets.
    • Key features and benefits include: Activity reports, app and web blocking capabilities, screen time controls, location tracking, 1-click digital time-outs and more. McAfee Safe Family Premium is included with subscriptions to McAfee Total Protection 10 and McAfee LiveSafe.
  • McAfee Identity Theft Protection – Allows users to take a proactive approach to protecting their identities.
    • Key features and benefits include: Cyber monitoring, Social security number trace, credit monitoring, 24/7 agency support, and ID recovery and stolen funds reimbursement. McAfee Identity Theft Protection Essentials is included with subscriptions to McAfee Total Protection 10 and McAfee LiveSafe.

So, whether you’re focused on fighting back against ransomware, or ensuring all your online interactions are protected from threats, our evolved portfolio of products is here to ensure you can live your connected life with confidence. Make sure you get proactive about your personal protection now.

To learn more about consumer security and our approach to it, be sure to follow us at @McAfee and @McAfee_Home.

The post Announcing McAfee’s Evolved Consumer Product Portfolio appeared first on McAfee Blogs.

Back to School: Cybersecurity in the Classroom

It’s hard to believe that summer is coming to an end and that back-to-school time is around the corner. For some kids, that means cyberbullies are traded in for school bullies and social engagement will turn into in-person interactions. But for others — dubbed Extreme Internet Users — the screen stays. When it comes time to go back to the classroom, the six hours or more a day these kids spent online during summer may be curtailed in favor of educational screen time instead.

Every year around this time, I reflect on how much has changed for children, especially when it comes to mobile devices in the classroom. This trend has become increasingly popular and, on the rise, as technology has improved, education adapts to rapid changes, and our world becomes more interconnected. Either these devices are given to kids or their classrooms by their school, or parents are encouraged to purchase one for their child to help support internet research and to digitize note-taking and homework.

Regardless of whether you’re a technophile or technophobe when it comes to leveraging screens in education, one thing is for sure – their presence in learning environments is here to stay. And with this shift, security is of the utmost importance.

Since January 2016, there have been 353 cybersecurity incidents in the United States related to K-12 public schools and districts. These attacks range include phishing, ransomware, DoS attacks and breaches that have exposed personal data. However, the question – what motivates cybercriminals to target schools? – still persists. The answer is complex, because what cybercriminals could exploit depends on what they want to accomplish.  Extorting school faculty, hacking private student data, disrupting school operations, or disabling, compromising, or re-directing school technology assets are all regular tools of the trade when it comes to hacking schools.

You may not be able to control how your child’s school thinks about cybersecurity, but you can take matters into your own hands. There are steps you can take to make sure your child is ready to face the school year head-on, including protecting their devices and their data.

  • Start a cybersecurity conversation. Talk with school faculty about what is being done in terms of a comprehensive cybersecurity plan for your child’s school. It’s worth starting the conversation to understand where the gaps are and what is being done to patch them.
  • Install security software on all devices. Don’t stop at the laptop, all devices need to be protected with comprehensive security software, including mobile devices and tablets.
  • Make sure all device software is up-to-date. This is one of the easiest and best ways to secure your devices against threats.
  • Teach your child how to connect securely on public Wi-Fi networks. Public Wi-Fi networks are notoriously used as backdoors by hackers trying to gain access to personal information. If Wi-Fi is absolutely necessary, ensure the network is password protected. However, if you want a secure encrypted connection, consider using a virtual private network (VPN).
  • Designate a specific date and time for regular data back-ups. If ransomware hits, you won’t have to pay to get your child’s information back. You can back up that personal data to a physical external hard drive or use an online backup service, such as Dropbox or Google Drive. That way you can access your files even if your device gets compromised.
  • Understand your child’s school bring your own device (BYOD) policy. Each school is different when it comes to BYOD and understanding your child’s school policy will save you a headache down the road. Some schools buy devices for students to rent, with parents having to pay for any incidentals, and some ask parents to buy the devices outright. Take the time to understand your child’s school policy before accidents happen.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Back to School: Cybersecurity in the Classroom appeared first on McAfee Blogs.

Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers

Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive cryptojacking campaign that’s targeting MikroTik routers.

The attack first finds its footing by taking advantage of a vulnerability within MikroTik routers. Once it leverages the flaw, the attack changes the devices’ configuration to inject Coinhive cryptocurrency mining malware into users’ web traffic. For context, Coinhive is a cryptocurrency mining service. Set up as a legitimate service, Coinhive is unfortunately often used by cybercriminals to hack websites and cryptojack users, aka steal the processing power of their devices to mine for cryptocurrency without their consent.

Which is precisely what’s happening to over 200,000 MikroTik customers, largely in Latin America. However, the attack has the potential to start spreading all over the world, given there are 1.7 million MikroTik routers all over.

Now, the next question is – what can these MikroTik users do to protect themselves from this attack? Start by following these proactive security tips:

  • Update your router’s firmware. MikroTik actually patched this vulnerability back in April, but that doesn’t necessarily mean that users applied the required patch. Therefore, this attack is a reminder of just how important it is to regularly update your router’s firmware, as these fixes are typically included within each update.
  • Check online notices. When made aware of vulnerabilities, manufacturers will notify the public, as well as make them aware of incoming fixes. Therefore, scan technical service bulletins or notices on a company site so that if a vulnerability does pop up with your router, you can learn what to do to help your device stay secure.
  • Secure your home’s internet at the source. Your home router allows your entire family to connect to the internet. If it’s vulnerable, your internet activity can be compromised as a result – just like with this MikroTik attack. So, be sure to use a router with built-in security like McAfee Secure Home Platform, which provides protection against threats at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.

5 Tips for Managing Your Digital Footprint and Online Reputation

Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not.

Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information you intentionally post to promote yourself, such as online resumes and professional profiles. This is why you should take some time to manage your online reputation.

A recent study by CareerBuilder found that 70% of employers use search engines and social media to screen candidates. What’s more, 54% of employers surveyed said that they reconsidered candidates after getting a bad impression of them online.

This situation should be especially concerning for younger adults who are entering the job market for the first time, after years of carefree posting.

And if you think that once you have a job you can forget about looking after your digital footprint, think again. Employers also said that they check employees’ online presence when considering promotions.

Even colleges and universities rely on social media checks to get a better sense of applicants, according to a recent survey of admissions officers.

Of course, having a negative online presence is one problem, but having no presence at all is an even bigger red flag, so don’t start deleting profiles and accounts, or making everything “private”.

Over half of employers surveyed said that they are less likely to interview a candidate with no visible presence online. In this age, everyone is expected to have a digital footprint—it’s what that footprint says about you that matters the most.

So, how do you make sure that your digital footprint gives a good impression of you?

Here are some important tips:

  • Start Online Awareness Early—It’s easier to build a positive digital footprint from a young age, than to clean up a questionable presence later on. (When you consider that many kids get a smartphone at the age of 10, editing 8 years of online activity before college could be a real chore!) Talk to your kids about the importance of giving a positive impression online before they engage. When you do decide to let your kids connect, make sure to use parental controls that limit the kinds of content they can access, and protects them from online threats.
  • Be cautious about over-sharing—Yes, social media was made for sharing, but try to avoid venting online or engaging in heated arguments. If you have a problem with someone, talk it out offline.
  • Turn off tagging—Just because you’re paying attention to your online reputation, doesn’t mean your friends are. Being “tagged” in photos or videos you didn’t post could leave you open to the wrong impressions. That’s why it’s best to turn off tagging in your social media settings.
  • Keep positive content public—If you have a great online presence, sharing your accomplishments and skills, make sure to make the posts public. This goes for your social channels, as well as your professional profiles.
  • Be yourself, but speak clearly and respectfully—Show your unique personality and creativity, since people respond to genuineness But remember to be articulate in the process. Check posts for spelling or grammar errors before you hit “send”, and avoid offensive language. When commenting on other people’s posts, do it respectfully.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.