The landscape of online threats targeting children has evolved into a complex web of dangers that extend far beyond simple scams. New research from McAfee reveals that parents now rank cyberbullying as their single highest concern, with nearly one in four families (22%) reporting their child has already been targeted by some form of online threat. The risks spike dramatically during the middle school years and peak around age 13, precisely when children gain digital independence but may lack the knowledge and tools to protect themselves.

The findings paint a troubling picture of digital childhood, where traditional dangers like cyberbullying persist alongside emerging threats like AI-generated deepfakes, “nudify” technology, and sophisticated manipulation tactics that can devastate young people’s mental health and safety.

Cyberbullying is Parents’ Top Concern

Cyberbullying and harassment are devastating to young people’s digital experiences. The research shows that 43% of children who have encountered online threats experienced cyberbullying, making it the most common threat families face. The impact disproportionately affects girls, with more than half of targeted girls (51%) experiencing cyberbullying compared to 39% of boys.

The peak vulnerability occurs during early adolescence, with 62% of targeted girls and 52% of targeted boys aged 13-15 facing harassment online. For parents of teen daughters aged 13-15, cyberbullying ranks as the top concern for 17% of families, reflecting the real-world impact these digital attacks have on young people’s well-being.

AI-Generated Content Creates New Dangers

The emergence of AI-powered manipulation tools has introduced unprecedented risks to children’s online safety. Nearly one in five targeted kids (19%) have faced deepfake and “nudify” app misuse, with rates doubling to 38% among girls aged 13-15. These statistics become even more alarming when considering that 18% of parents overall list AI-generated deepfakes and nudify technology among their top three concerns, rising to one in three parents (33%) under age 35.

The broader landscape of AI-generated content exposure is widespread, with significant implications for how children understand truth and authenticity online. The research underscores the challenge parents face in preparing their children to navigate an environment where sophisticated forgeries can be created and distributed with relative ease.

“Today’s online threats aren’t abstract risks — families are facing them every day,” said Abhishek Karnik, head of threat research for McAfee. “Parents’ top concerns are the toll harmful content, particularly cyberbullying and AI-generated deepfakes, takes on their children’s mental health, self-image, and safety. That’s why it’s critical to pair AI-powered online protection with open, ongoing conversations about what kids encounter online. When children know how to recognize risks and misinformation and feel safe talking about these issues with loved ones, they’re better prepared to navigate the digital world with confidence.”

The Growing Confidence Gap

As digital threats become more sophisticated, parents find themselves increasingly outpaced by both technology and their children’s technical abilities. The research reveals that nearly half of parents (48%) admit their child knows more about technology than they do, while 42% say it’s challenging to keep up with the pace of evolving risks.

This knowledge disparity creates real vulnerabilities in family digital safety strategies. Only 34% of parents feel very confident their child can distinguish between real and fake content online, particularly when it comes to AI-generated material or misinformation. The confidence crisis deepens as children age and gain more independence online, precisely when threats become most complex and potentially harmful.

The monitoring habits of families reflect these growing challenges. While parents identify late at night (56%) and after school (41%) as the times when children face the greatest online risks, monitoring practices don’t align with these danger windows. Only about a third of parents (33%) check devices daily, and 41% review them weekly, creating significant gaps in oversight during high-risk periods.

Age-Related Patterns Reveal Critical Vulnerabilities

The research uncovers troubling patterns in how online safety behaviors change as children mature. While 95% of parents report discussing online safety with their children, the frequency and effectiveness of these conversations decline as kids enter their teen years. Regular safety discussions drop from 63% with younger children to just 54% with teenagers, even as threats become more severe and complex.

Daily device monitoring shows even sharper declines, plummeting to just 20% for boys aged 16-18 and dropping as low as 6-9% for girls aged 17-18. This reduction in oversight occurs precisely when older teens face heightened risks of blackmail, “scamtortion,” and other sophisticated threats. The research shows that more than half of targeted boys aged 16-18 (53%) have experienced threats to release fake or real content, representing one of the most psychologically damaging forms of online exploitation.

Gaming and Financial Exploitation

Online gaming platforms have become significant vectors for exploitation, particularly targeting boys. The research shows that 30% of children who have been targeted experienced online gaming scams or manipulation, with the rate climbing to 43% among targeted boys aged 13-15. These platforms often combine social interaction with financial incentives, creating opportunities for bad actors to manipulate young users through false friendships, fake rewards, and pressure tactics.

Real-World Consequences Extend Beyond Screens

The emotional and social impact of online threats creates lasting effects that extend well into children’s offline lives. Among families whose children have been targeted, the consequences reach far beyond momentary embarrassment or frustration. The research shows that 42% of affected families report their children experienced anxiety, felt unsafe, or were embarrassed after online incidents.

The social ramifications prove equally significant, with 37% of families dealing with issues that spilled over into school performance or friendships. Perhaps most concerning, 31% of affected children withdrew from technology altogether after negative experiences, potentially limiting their ability to develop healthy digital literacy skills and participate fully in an increasingly connected world.

The severity of these impacts has driven many families to seek professional support, with 26% requiring therapy or counseling to help their children cope with online harms. This statistic underscores that digital threats can create trauma requiring the same level of professional intervention as offline dangers.

Building Trust Through Technology Agreements

Creating a foundation for open dialogue about digital safety starts with establishing clear expectations and boundaries. McAfee’s Family Tech Pledge provides parents with a structured framework to initiate these crucial conversations with their children about responsible device use. Currently, few families have implemented formal agreements about technology use, representing a significant opportunity for improving digital safety through collaborative rule-setting.

A technology pledge serves as more than just a set of rules, it becomes a collaborative tool that helps parents and children discuss the reasoning behind safe online practices. By involving children in the creation of these agreements, families can address age-appropriate concerns while building trust and understanding. The process naturally opens doors to conversations about the threats identified in the research, from predators and cyberbullying to AI-generated content and manipulation attempts.

These agreements work best when they evolve alongside children’s digital maturity. What starts as basic screen time limits for younger children can expand to include discussions about social media interactions, sharing personal information, and recognizing suspicious content as they enter their teen years. The key is making the technology pledge a living document that adapts to new platforms, emerging threats, and changing family circumstances.

Advanced Protection Through AI-Powered Detection

While conversations and agreements form the foundation of digital safety, today’s threat landscape requires technological solutions that can keep pace with rapidly evolving risks. McAfee’s Scam Detector represents a crucial additional layer of defense, using artificial intelligence to identify and flag suspicious links, manipulated content, and potential threats before they can cause harm.

The tool’s AI-powered approach is particularly valuable given the research findings about manipulated media and deepfake content. With AI-generated content becoming weapons used against children, especially teenage girls, automated detection becomes essential for catching threats that might bypass both parental oversight and children’s developing digital literacy skills.

For parents who feel overwhelmed by the pace of technological change, 42% report struggling to keep up with the risk landscape, Scam Detector provides professional-grade protection without requiring extensive technical knowledge. It offers families a way to maintain security while fostering the trust and communication that the research shows is essential for long-term digital safety.

The technology is especially crucial during the high-risk periods identified in the research. Since 56% of parents recognize that late-night hours present the greatest danger, and monitoring naturally decreases during these times, automated protection tools can provide continuous vigilance when human oversight is most difficult to maintain.

A Path Forward for Families

The research reveals that addressing online threats requires a comprehensive approach combining technology, communication, and ongoing education. Parents need practical tools and strategies that can evolve with both the threat landscape and their children’s developing digital independence.

Effective protection starts with pairing parental controls with regular, judgment-free conversations about harmful content, coercion, and bullying, ensuring children know they can seek help without fear of punishment or restrictions. Teaching children to “trust but verify” by checking sources and asking for help when something feels suspicious becomes especially important as AI-generated content makes deception increasingly sophisticated.

Keeping devices secure with updated security settings and AI-powered protection tools like McAfee’s Scam Detector helps create multiple layers of defense against evolving threats. These technological safeguards work best when combined with family agreements that establish clear expectations for online behavior and regular check-ins that maintain open communication as children mature.

Research Methodology

This comprehensive analysis is based on an online survey conducted in August 2025 of approximately 4,300 parents or guardians of children under 18 across Australia, France, Germany, India, Japan, the United Kingdom, and the United States. The research provides crucial insights into the current state of children’s online safety and the challenges families face in protecting their digital natives from increasingly sophisticated threats.

The data reveals that today’s parents are navigating unprecedented challenges in protecting their children online, with peak vulnerability occurring during the middle school years when digital independence collides with developing judgment and incomplete knowledge of online risks. While the threats may be evolving and complex, the research shows that informed, proactive families who combine technology tools with open communication are better positioned to help their children develop the skills needed to safely navigate the digital world.

The post From Cyberbullying to AI-Generated Content – McAfee’s Research Reveals the Shocking Risks appeared first on McAfee Blog.

We’re standing at the threshold of a new era in cybersecurity threats. While most consumers are still getting familiar with ChatGPT and basic AI chatbots, cybercriminals are already moving to the next frontier: Agentic AI. Unlike the AI tools you may have tried that simply respond to your questions, these new systems can think, plan, and act independently, making them the perfect digital accomplices for sophisticated scammers. The next evolution of cybercrime is here, and it’s learning to think for itself.

The threat is already here and growing rapidly. According to McAfee’s latest State of the Scamiverse report, the average American sees more than 14 scams every day, including an average of 3 deepfake videos. Even more concerning, detected deepfakes surged tenfold globally in the past year, with North America alone experiencing a 1,740% increase.

At McAfee, we’re seeing early warning signs of this shift, and we believe every consumer needs to understand what’s coming. The good news? By learning about these emerging threats now, you can protect yourself before they become widespread.

A Real-World Example: How Anthropic’s Claude AI Was Used for Espionage

A new case disclosed by Anthropic, first reported by Axios, marks a turning point: a Chinese state-sponsored group used the company’s Claude Code agent to automate the majority of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails through jailbreaking techniques, fed the model fragmented tasks, and convinced it that it was conducting defensive security tests. Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. In all, they completed 80–90% of the work without any human involvement.

This is the first publicly documented case of an AI agent running a large-scale intrusion with minimal human direction. It validates our core warning: agentic AI dramatically lowers the barrier to sophisticated attacks and turns what was once weeks of human labor into minutes of autonomous execution. While this case targeted major companies and government entities, the same capabilities can, and likely will, be adapted for consumer-focused scams, identity theft, and social engineering campaigns.

Understanding AI: From Simple Tools to Autonomous Agents

Before we dive into the threats, let’s break down what we’re actually talking about when we discuss AI and its evolution:

Traditional AI: The Helper

The AI most people know today works like a very sophisticated search engine or writing assistant. You ask it a question, it gives you an answer. You request help with a task, it provides suggestions. Think of ChatGPT, Google’s Gemini, or the AI features on your smartphone. They’re reactive tools that respond to your input but don’t take independent action.

Generative AI: The Creator

Generative AI, which powers many current scams, can create content like emails, images, or even fake videos (deepfakes). This technology has already made scams more convincing by cloning real human voices and eliminating telltale signs like poor grammar and obvious language errors.

The impact is already visible in the data. McAfee Labs found that for just $5 and 10 minutes of setup time, scammers can create powerful, realistic-looking deepfake video and audio scams using readily available tools. What once required experts weeks to produce can now be achieved for less than the cost of a latte—and in less time than it takes to drink it.

Agentic AI: The Independent Actor

Agentic AI represents a fundamental leap forward. These systems can think, make decisions, learn from mistakes, and work together to solve tough problems, just like a team of human experts. Unlike previous AI that waits for your commands, agentic AI can set its own goals, make plans to achieve them, and adapt when circumstances change

Key Characteristics of Agentic AI:

• Autonomous operation: Works without constant human guidance from a cybercriminal
• Goal-oriented behavior: Actively pursues specific objectives without requiring regular input.
• Adaptive learning: Improves performance based on experience through previous attempts.
• Multi-step planning: Can execute complex, long-term strategies based on the requirements of the criminal.
• Environmental awareness: Understands and responds to changing conditions online.

Gartner predicts that by 2028, a third of our interactions with AI will shift from simply typing commands to fully engaging with autonomous agents that can act on their own goals and intentions. Unfortunately, cybercriminals won’t be far behind in exploiting these capabilities.

The Scammer’s Apprentice: How Agentic AI Becomes the Perfect Criminal Assistant

Think of agentic AI as giving scammers their own team of tireless, intelligent apprentices that never sleep, never make mistakes, and get better at their job every day. Here’s how this digital apprenticeship makes scams exponentially more dangerous.

Traditional scammers spend hours manually researching targets, scrolling through social media profiles, and piecing together personal information. Agentic AI recon agents operate persistently and autonomously, self-prompting questions like “What data do I need to identify a weak point in this organization?” and then collecting it from social media, breach data, exposed APIs and cloud misconfigurations.

What The Scammer’s Apprentice Can Do

• Continuous surveillance: Monitors your social media posts, job changes, and online activity 24/7.
• Pattern recognition: Identifies your routines, interests, and vulnerabilities from scattered digital breadcrumbs.
• Relationship mapping: Understands your connections, colleagues, and family relationships.
• Behavioral analysis: Learns from your communication style, preferred platforms, and response patterns.

Unlike traditional phishing that uses static messages, agentic AI can dynamically update or alter their approach based on a recipient’s response, location, holidays, events, or the target’s interests, marking a significant shift from static attacks to highly adaptive and real-time social engineering threats.

An agentic AI scammer targeting you might start with a LinkedIn message about a job opportunity. If you don’t respond, it switches to an email about a package delivery. If that fails, it tries a text message about suspicious account activity. Each attempt uses lessons learned from your previous reactions, becoming more convincing with every interaction.

AI-generated phishing emails achieve a 54% click-through rate compared to just 12% for their human-crafted counterparts. With agentic AI, scammers can create messages that don’t just look professional, they sound exactly like the people and organizations you trust.

The technology is already sophisticated enough to fool even cautious consumers. As McAfee’s latest research shows, social media users shared over 500,000 deepfakes in 2023 alone. The tools have become so accessible that scammers can now create convincing real-time avatars for video calls, allowing them to impersonate anyone from your boss to your bank representative during live conversations.

Advanced Impersonation Capabilities:

• Voice cloning: Create phone calls that sound exactly like your boss, family member, senator, or bank representative
• Writing style mimicry: Craft emails that perfectly match your company’s communication style.
• Visual deepfakes: Generate fake video calls for “face-to-face” verification.
• Context awareness: Reference specific projects, recent conversations, or personal details

Perhaps most concerning is agentic AI’s ability to learn and improve. As the AI interacts with more victims over time, it gathers data on what types of messages or approaches work best for certain demographics, adapting itself and refining future campaigns to make each subsequent attack more powerful, convincing, and effective. This means that every failed scam attempt makes the AI smarter for its next victim. Understanding how agentic AI will transform specific types of scams helps us prepare for what’s coming. Here are the most concerning developments:

Multi-Stage Campaign Orchestration

Agentic AI can potentially orchestrate complex multi-stage social engineering attacks, leveraging data from one interaction to drive the next one. Instead of simple one-and-done phishing emails, expect sophisticated campaigns that unfold over weeks or months.

Automated Spear Phishing at Scale

Traditional spear phishing required manual research and customization for each target. In the new world order, malicious AI agents will autonomously harvest data from social media profiles, craft phishing messages, and tailor them to individual targets without human intervention. This means cybercriminals can now launch thousands of highly personalized attacks simultaneously, each one crafted specifically for its intended victim.

Real-Time Adaptive Attacks

When a target hesitates or questions an initial approach, agents adjust their tactics immediately based on the response. This continuous refinement makes each interaction more convincing than the last, wearing down even skeptical targets through persistence and learning. Traditional red flags like “This seems suspicious” or “Let me verify this” no longer end the attack, they just trigger the AI to try a different approach.

Cross-Platform Coordination

These autonomous systems now independently launch coordinated phishing campaigns across multiple channels simultaneously, operating with an efficiency human attackers cannot match. An agentic AI scammer might contact you via email, text message, phone call, and social media—all as part of a coordinated campaign designed to overwhelm your defenses.

How to Protect Yourself in the Age of Agentic AI Scams

The rise of agentic AI scams requires a fundamental shift in how we think about cybersecurity. Traditional advice like “watch for poor grammar” no longer applies. Here’s what you need to know to protect yourself:

• The Golden Rule: Never act on urgent requests without independent verification, no matter how convincing they seem.
• Use different communication channels: If someone emails you, call them back using a number you look up independently
• Verify through trusted contacts: When your “boss” asks for something unusual, confirm with colleagues or HR
• Check official websites: Go directly to company websites rather than clicking links in messages
• Trust your instincts: If something feels off, it probably is—even if you can’t identify exactly why

Understanding a New Era of Red Flags

Since agentic AI eliminates traditional warning signs, focus on these behavioral red flags:

High-Priority Warning Signs:

Emotional urgency: Messages designed to make you panic, feel guilty, or act without thinking

Requests for unusual actions: Being asked to do something outside normal procedures

Isolation tactics: Instructions not to tell anyone else or to handle something “confidentially”

Multiple contact attempts: Being contacted through several channels about the same issue

Perfect personalization: Messages that seem to know too much about your specific situation

How McAfee Fights AI with AI: Your Defense Against Agentic Threats

At McAfee, we understand that fighting AI-powered attacks requires AI-powered defenses. Our security solutions are designed to detect and stop sophisticated scams before they reach you. McAfee’s Scam Detector provides lightning-fast alerts, automatically spotting scams and blocking risky links even if you click them, with all-in-one protection that keeps you safer across text, email, and video. Our AI analyzes incoming messages using advanced pattern recognition that can identify AI-generated content, even when it’s grammatically perfect and highly personalized.

Scam Detector keeps you safer across text, email, and video, providing comprehensive coverage against multi-channel agentic AI campaigns. Beyond analyzing message content, our system evaluates sender behavior patterns, communication timing, and request characteristics that may indicate AI-generated scams. Just as agentic AI attacks learn and evolve, our detection systems continuously improve their ability to identify new threat patterns.

Protecting yourself from agentic AI scams requires combining smart technology with informed human judgment. Security experts believe it’s highly likely that bad actors have already begun weaponizing agentic AI, and the sooner organizations and individuals can build up defenses, train awareness, and invest in stronger security controls, the better they will be equipped to outpace AI-powered adversaries.

We’re entering an era of AI versus AI, where the speed and sophistication of both attacks and defenses will continue to escalate. According to IBM’s 2025 Threat Intelligence Index, threat actors are pursuing bigger, broader campaigns than in the past, partly due to adopting generative AI tools that help them carry out more attacks in less time.

Hope in Human + AI Collaboration

While the threat landscape is evolving rapidly, the combination of human intelligence and AI-powered security tools gives us powerful advantages. Humans excel at recognizing context, understanding emotional manipulation, and making nuanced judgments that AI still struggles with. When combined with AI’s ability to process vast amounts of data and detect subtle patterns, this creates a formidable defense.

Staying Human in an AI World

The rise of agentic AI represents both a significant threat and an opportunity. While cybercriminals will certainly exploit these technologies to create more sophisticated scams, we’re not defenseless. By understanding how these systems work, recognizing the new threat landscape, and combining human wisdom with AI-powered protection tools like McAfee‘s Scam Detector, we can stay ahead of the threats.

The key insight is that while AI can mimic human communication and behavior with unprecedented accuracy, it still relies on exploiting fundamental human psychology—our desire to help, our fear of consequences, and our tendency to trust. By developing better awareness of these psychological vulnerabilities and implementing verification protocols that don’t depend on technological red flags, we can maintain our security even as the threats become more sophisticated.

Remember: in the age of agentic AI, the most important security tool you have is still your human judgment. Trust your instincts, verify before you act, and never let urgency override prudence, no matter how convincing the request might seem.

The post How Agentic AI Will Be Weaponized for Social Engineering Attacks appeared first on McAfee Blog.

There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? 

Globally, plenty of people pull double duty with their smartphones. One survey found that 87% of companies have policies that integrate personal devices in the workplace. Therein lies the higher potential for security risks such as data breaches, malware infection, and difficulties in maintaining data privacy and compliance. You see, a smartphone loaded with both business and personal data makes it a desirable, high-value target. It only takes one dedicated hacker—and there are plenty—to infiltrate an unprotected smartphone and access the treasure trove of both your personal and company information in a single effort. 

Let’s try to keep that from happening to you. This guide will walk you through exactly how to keep your digital life secure.

Why protecting your phone from hackers is critical

Smartphone hacking is when someone gains unauthorized access to your phone and the vast amount of personal data it contains. As you can imagine, this type of digital break-in can have serious real-world consequences, including financial loss from compromised banking apps, identity theft using your private information, and a complete invasion of your privacy through access to your emails, photos, and messages. This isn’t a distant threat; mobile malware is consistently on the rise, with cybercriminals developing more sophisticated methods to target unsuspecting users. The good news is that you have the power to stop them. Understanding how to protect your phone from hackers is the first step.

How attackers break into smartphones

• Phishing and smishing: These are fraudulent messages via email or SMS that trick you into clicking a malicious link or downloading an infected file. You might unknowingly give away your login credentials or install malware by thinking you’re responding to a legitimate request from a bank or service provider.
• Malicious apps: Cybercriminals create fake apps that look real or hide malware inside seemingly harmless applications. You might download one from outside official app stores, granting it permissions that allow it to steal your data in the background.
• Unsecured public Wi-Fi: When you connect to a public network at a café or airport without a VPN, hackers on the same network can intercept your data. You enable this attack simply by using the free Wi-Fi to check sensitive information like emails or bank accounts.
• SIM-swapping: An attacker convinces your mobile carrier to transfer your phone number to a SIM card they control. They often use personal information gathered from data breaches to impersonate you, effectively hijacking your number to intercept verification codes.
• Spyware: This type of software secretly monitors your activity, recording calls, tracking your location, and stealing passwords. It’s often installed through phishing links or by someone with physical access to your phone.
• Zero-click exploits: These are advanced and rare attacks that can infect a phone without any action from you at all—no clicks needed. While typically used against high-profile targets, they highlight the importance of keeping your device’s software up to date to patch the vulnerabilities they exploit.

Signs your phone may be hacked

• Sudden battery drain: If your phone’s battery life suddenly plummets, it could be due to malware or spyware running constantly in the background.
• Unusually high data usage: A spike in your data consumption could mean a malicious app is transmitting information from your device without your knowledge.
• Overheating: While phones can get warm, consistent overheating without heavy use can be a sign that hidden processes are overworking your phone’s processor.
• Apps you don’t recognize: Discovering new apps on your phone that you never installed is a major red flag for a security breach.
• Constant pop-ups: A sudden increase in strange or aggressive pop-up ads, even when your browser is closed, often indicates adware or other malware.
• Strange activity on your accounts: If friends report receiving odd messages from you on social media or email, a hacker may have taken control of your accounts via your phone.
• Poor performance: If your phone becomes noticeably slow, crashes frequently, or reboots on its own, malicious software could be consuming its resources.
• Security software is disabled: If you find that your mobile security app or other built-in security settings are turned off and you didn’t do it, an attacker may be trying to cover their tracks.

If you notice one or more of these signs, don’t panic. Investigate further and follow the recovery steps below. Sometimes, these issues can be caused by a legitimate but buggy app or an aging battery.

What to do if your phone is hacked

1. Disconnect immediately: Turn off Wi-Fi and mobile data on your phone. This severs the hacker’s connection and stops them from sending more of your data.
2. Inform your contacts: Warn your friends, family, and colleagues that your phone has been compromised and to be wary of any strange messages coming from your number or accounts.
3. Run a security scan: Use a trusted antivirus app to scan your device. It’s designed to find and remove malware that may be causing the problem.
4. Change your passwords: From a separate, trusted device like a laptop, immediately change the passwords for your critical accounts—email, banking, social media, and your Apple/Google ID.
5. Remove suspicious apps: Manually delete any apps that you don’t recognize or that the security scan flagged as malicious.
6. Notify your bank: Contact your financial institutions to alert them of the potential breach. Monitor your accounts closely for any fraudulent activity.
7. Consider a factory reset: If you can’t remove the malware, a full factory reset is your best option. This will wipe the phone clean. Before you do this, make sure you have a recent backup of your important data.

7 tips to secure your phone for the future

Once you’ve resolved an attack, the next step is to prevent phone hacking from happening again. Think of it as strengthening your digital front door. As both a parent and professional, I have put together a few things you can do to protect your smartphone from future hacks, so that you can keep your personal and work life safe:

1. Add extra protection with your face, finger, pattern, or PIN

Locking your phone with facial ID, a fingerprint, a pattern, or a PIN is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it.

2. Use a virtual private network

Don’t hop onto public Wi-Fi networks without protection. A virtual private network (VPN) masks your connection from hackers, allowing you to browse privately on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, your sensitive data, documents, and activities are protected from snooping. It’s definitely a great feeling given the amount of personal and professional business we manage with our smartphones.

3. Stick to the official app stores

Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data such as passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them as malicious apps and counterfeits can still find their way into stores.

4. Back up the data in the cloud

Backing up your phone is always a good idea for two reasons:

• First, it makes the process of transitioning to a new phone easy by transferring that backed-up data from your old phone to your new phone.
• Second, it ensures that your data stays with you if your phone is lost or stolen, allowing you to remotely wipe the data while still having a secure copy stored in the cloud. 

Both iPhones and Android phones have straightforward ways of backing up your phone regularly.

5. Learn to lock or wipe your phone remotely in case of emergency

Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While it seems like a drastic move, your data is secure in the cloud ready to be restored IF you maintain regular backups as mentioned above. This means hackers won’t be able to access your or your company’s sensitive information, keeping you and your professional business safe. Apple and Google provide their users with a step-by-step guide for remotely wiping devices.

6. Get rid of old apps and update the ones you keep

Needless to say, smartphone updates should always start with the operating system (OS). In addition, you also need to conduct app updates as soon as they’re available, as they contain critical security patches. Take a few moments to swipe through your screen, see which ones you’re truly done with and delete them along with their data. Every extra app is another app that needs updating or that may come with a security issue. Along with deleting the app, also delete your account associated with it. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option.

7. Protect your phone

With so much of your life on your phone, getting security software installed on it can protect you and the things you keep. Whether you’re an Android owner or iOS owner, McAfee+ conducts regular security scans to help you keep your personal, financial, and even company data secure.

Bonus tips: Limit the information stored on your phone

While it’s convenient to have everything at your fingertips, storing too much sensitive information on your smartphone makes you vulnerable if your device is lost, stolen, or compromised. Here are some tips to limit the data on your phone and reduce your risk of identity theft, financial fraud, and privacy breaches.

• Conduct a digital detox: Regularly go through your phone and delete old, unnecessary files. This includes screenshots of boarding passes, expired event tickets, and old photos of sensitive documents. Every piece of data you remove is one less thing a hacker can steal.
• Limit saved payment information: While convenient, letting apps and browsers save your credit card details creates a treasure trove for criminals. Instead, enter payment information manually when you shop or use a secure digital wallet that masks your actual card number.
• Be mindful of notes and messages: Avoid storing passwords, social security numbers, or other credentials in your notes app or text messages. If a hacker gains access, these are often the first places they look for valuable information that could be used for identity theft or to leverage a SIM-swap attack.

Advanced mobile device security considerations

At a deeper level, there are several lesser-known settings you can adjust to protect your phone from being hacked. These advanced steps add extra layers of security to your device.

• Turn off Bluetooth and NFC when not in use: Leaving Bluetooth and near field communication (NFC) on all the time makes your device discoverable and potential gateways for attackers. To secure your phone, simply toggle them off from your control center or settings menu when you aren’t actively using them.
• Revoke unnecessary app permissions: Many apps request access to your contacts, location, camera, and microphone even when they don’t need it. This is a common method for data harvesting. Periodically go to your phone’s privacy settings (on iOS, look under Privacy & Security; on Android, Security and Privacy, then Permission manager) and review which apps have access to what. If a photo-editing app doesn’t need your location, revoke that permission.
• Disable developer options: This is a hidden menu intended for app developers that provides deep system access. An attacker with physical or remote access could exploit these settings. Make sure to disable it. On Android, you can typically find the toggle to turn Developer Options off at the bottom of the main Settings menu. This is a simple but effective way to protect your phone from hacking.
• Enable auto-delete for temporary files and messages: Your browser history, text messages, and temporary app files can build up and contain sensitive information. Both iOS and Android have settings to automatically delete old messages (e.g., after 30 days or a year). Similarly, you can periodically clear the cache and data for your web browser and other apps to remove any lingering digital footprints.
• Encrypt your device storage: Encryption is a powerful digital vault for your data that is built into most modern smartphones. Encryption scrambles your data—photos, contacts, messages—into unreadable code. Without your passcode, fingerprint, or Face ID, it’s just gibberish. Using a complex, unique passcode instead of a simple four-digit PIN makes it exponentially harder for a thief to break in. 

FAQs about smartphone hacking 

Can my phone’s camera be hacked?

Yes, malware or spyware can give a hacker access to your camera and microphone, allowing them to see and hear you without your knowledge. To prevent this, be cautious about app permissions and consider using a physical camera cover for peace of mind.

Can I get hacked just by visiting a website?

It’s possible. Some malicious websites can attempt to automatically download malware or exploit browser vulnerabilities to compromise your device. Using a secure browser and comprehensive security software that warns you of risky sites is your best defense.

Is my phone safe from hackers when it’s turned off?

For the vast majority of users, a phone that is completely powered off cannot be hacked remotely. Hacking requires the device’s operating system and network connections to be active, so turning it off effectively cuts that connection.

Can answering a phone call hack my phone?

Simply answering a call from an unknown number is highly unlikely to hack your phone. The real danger lies in social engineering, where the scammer on the other end tries to trick you into revealing personal information, visiting a malicious website, or dialing a specific code.

Final thoughts

Your smartphone is central to your life, and understanding how to keep your phone safe from hackers is not about being fearful, but about being prepared. By taking proactive and consistent steps, you create powerful layers of defense that make you a much harder target for cybercriminals. Combining smart habits with the advanced protection offered by security solutions like McAfee+ ensures your data, privacy, and peace of mind are always safeguarded. Stay informed about new threats, keep your security software current, and enjoy all the good your connected life has to offer, safely and securely.

The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.

Summer is synonymous with vacations, a time when families pack their bags, grab their sunscreen, and embark on exciting adventures. In the digital age, smartphones have become an indispensable part of our lives, serving as cameras, maps, entertainment hubs, and communication tools. While these devices enhance our travel experiences, they also become prime targets for theft or damage while we’re away from home. From keeping us connected with family and friends, assisting in navigation, capturing moments, to even helping us with language translation – it is a device of many conveniences. However, when you bring your smartphone while vacationing, like any other valuable item, it becomes a target for theft and damage. Not to mention the potential for high roaming charges.

Don’t let the fear of losing or damaging your valuable devices dampen your vacation spirit! By taking some simple precautions and implementing effective strategies, you can ensure that your family’s smartphones remain safe and secure throughout your travels. In this blog post, we’ll share essential tips and tricks for safeguarding your devices, so you can focus on creating unforgettable memories without any tech-related worries. This article will provide you with tips on how to protect your family’s smartphones while on vacation. We will cover strategies like enabling security settings, backing up data, checking for travel insurance policies, and utilizing helpful apps. Ensuring the safety of your devices will make your vacation more enjoyable and worry-free.

Smartphone Safety During Vacation

Traveling without smartphones seems almost impossible. However, having them on vacation puts them at risk. In tourist hotspots, where distractions are many, it is easy to lose or have your device stolen. Moreover, using public Wi-Fi networks can expose your smartphone to cyber attacks.

→ Dig Deeper: The Risks of Public Wi-Fi and How to Close the Security Gap

Therefore, it is vital to be proactive in securing both your smartphones and the data they contain. Not only will it save you from the high costs of replacing a lost or damaged phone, but it also prevents potential misuse of personal and financial information. Implementing even just a few of these safety measures can help ensure your family’s smartphones are well-protected during your vacation. So let’s dive into the practical steps you can take.

Step 1: How To Protect Your Smartphone

1. Invest in Protective Gear: Equipping each device with a sturdy case and screen protector can significantly reduce the risk of damage due to accidental drops or impacts.
2. Protect Your Devices: Whether you protect yours through a mobile security app or as part of the multi-device coverage that comes with your comprehensive security software, mobile protection can alert you of threats and unsecured networks while also adding in the protection of a VPN. 
3. Regularly Backup Data: Back up photos, contacts, and other essential data to cloud storage or a computer. This ensures that precious memories and information are not lost in case of theft or damage.
4. Enable Tracking Features: Activate “Find My Phone” or similar features on each device. These tools can help locate a lost or stolen device and even remotely erase its data if necessary.
5. Exercise Caution with Public Wi-Fi: Public Wi-Fi networks can be vulnerable to hackers. Avoid using them for sensitive activities like online banking. If necessary, utilize a Virtual Private Network (VPN) for added security.
6. Establish Phone Usage Guidelines: Discuss responsible phone use with children, setting clear expectations and limitations. Encourage them to unplug and fully engage in the vacation experience.
7. Designate a Secure Storage Location: Establish a designated area in your hotel room or vacation rental for storing phones when not in use. This prevents misplacement and reduces the risk of theft.
8. Maintain a Low Profile: Avoid openly displaying expensive devices, particularly in crowded areas or unfamiliar surroundings. Discreetness can deter potential thieves.
9. Consider Insurance Coverage: Depending on your existing insurance policies, you may have coverage for mobile devices. Alternatively, explore dedicated device insurance for added protection.
10. Prioritize Family Time: Remember, the primary purpose of vacation is to connect with loved ones and create lasting memories. Encourage everyone to put down their phones and fully immerse themselves in the experience.

Step 2: Protecting Your Smartphone Physically

The first layer of protection for your phone should be a physical one. It starts with investing in a good quality, durable phone case. A waterproof case is always a good idea, especially if you’re planning on vacationing near the beach or a pool. A screen protector can also keep your screen from shattering or getting scratched. Remember, you’re more likely to drop your phone while on vacation as you juggle through maps, travel apps, and numerous photo opportunities.

Another aspect of physical protection is to be mindful of where you store your phone. Avoid leaving it in plain sight or unattended, which could invite potential thieves. Instead, carry it in a secure, zipped pocket or bag. If you’re staying at a hotel, consider using the safe to store your phone when not in use. Most importantly, be aware of your surroundings and keep your phone safely tucked away in crowded places.

McAfee Pro Tip: Activating the correct features can determine whether your personal data is lost permanently or if your device can swiftly recover. Install McAfee Mobile Security and learn more tips on what to do if your phone gets stolen on this blog.

Step 3: Data Protection and Privacy

Safeguarding your phone is not just about protecting the physical device—your personal and sensitive data deserves protection too. Before you leave for your vacation, make sure that your phone is password-protected. Optimally, use a complex password, fingerprint, or face recognition feature instead of a simple four-digit PIN. This singular step can deter any prying eyes from accessing your information if your phone is lost or stolen.

Ensure your phone’s software is up to date. Regular updates not only enhance the device’s performance but also incorporate vital security patches, fortifying its defenses against potential threats like malware. By staying vigilant and keeping your phone’s software current, you contribute to a more secure environment, minimizing the risk of unauthorized eyes accessing your valuable information in the event of a loss or theft.

Step 4: Backup Your Data

Backing up your smartphone’s data before leaving for vacation can save you from a lot of stress. In case of loss, theft, or damage, having a backup ensures that you won’t lose your cherished photos, contacts, and other essential data. Most smartphones allow you to back up your data to the cloud. Make sure to do this over a safe, secure network and not on public Wi-Fi.

For Android users, Google provides an automatic backup service for things like app data, call history, and settings. You can check if this feature is enabled on your phone by going to the Google Drive App and checking in the Backups section. For iPhone users, iCloud Backup can help save most of your data and settings. To enable it, go to Settings, tap on your name, then tap iCloud and scroll down to tap iCloud Backup.

Step 5: Understand and Manage Roaming Charges

Without proper management, staying connected while abroad can result in expensive roaming charges. Before you leave, check with your mobile provider to understand the costs associated with using your phone abroad. Some providers offer international plans that you can temporarily switch to for your vacation. If your provider’s charges are too high, consider purchasing a local SIM card once you arrive at your destination or use an international data package.

Another way to avoid roaming charges is by using Wi-Fi. Most hotels, cafes, and many public spaces have free Wi-Fi available. However, again, public Wi-Fi is not always safe. So, avoid accessing sensitive information such as bank accounts, and before traveling, download maps and essential content before traveling to reduce the need for constant data usage. This is especially helpful for navigation apps. To protect your data in such situations, it’s advisable to use a Virtual Private Network (VPN).

Step 6: Utilize Helpful Apps

Several apps can help protect your phone and its data during your vacation. Most smartphone operating systems offer a “Find My Phone” feature that can locate, lock, or erase your device if it is lost or stolen. Make sure this feature is enabled before you leave.

Again, antivirus apps can provide an extra layer of protection against virus and malware threats. Password manager apps can help you create and store complex, unique passwords for your accounts to enhance security.

VPN apps can protect your data from being intercepted when using public Wi-Fi networks. There are also apps that monitor your data usage and can alert you if you’re near your limit to avoid unexpected charges. Research and install these apps prior to your vacation for added security and peace of mind.

Final Thoughts

Your family’s smartphones are essential travel companions that deserve as much protection as any other valuable item during your vacation. By physically safeguarding the device, securing your data, backing up regularly, understanding roaming charges, and utilizing productive apps, you can enjoy a worry-free vacation. Remember, in the event of a mishap, having travel insurance can provide an extra layer of financial protection. So, before setting off, review your policy and check if it covers lost or stolen devices. In the end, preparation is key, so take the time to implement these safety measures and enjoy your vacation with peace of mind.

Above and beyond security settings and software, there’s you. Get in the habit of talking with your child for a sense of what they’re doing online. As a mom, I like to ask them about their favorite games, share some funny TikTok clips or cute photos with them, and generally make it a point to be a part of their digital lives. It’s great, because it gives you peace of mind knowing what types of things they are doing or interactions they are having online. 

For those of you hitting the road in the coming weeks, enjoy your travels, wherever they take you! 

The post How To Protect Your Family’s Smartphones While on Vacation appeared first on McAfee Blog.

There are plenty of phish in the sea. 

Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe. 

And some of today’s phishing emails are indeed getting tougher to spot.  

They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.  

And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.  

Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid. 

Again, you can sidestep these attacks if you know how to spot them. There are signs. 

Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for. 

Phishing attack statistics—the millions of attempts made each year. 

In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported. 

Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.  

Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information. 

As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack. 

So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly. 

What does a phishing attack look like? 

Nearly every phishing attack sends an urgent message. One designed to get you to act. 

Some examples … 

• “You’ve won our cash prize drawing! Send us your banking information so we can deposit your winnings!” 

• “You owe back taxes. Send payment immediately using this link or we will refer your case to law enforcement.” 
• “We spotted what might be unusual activity on your credit card. Follow this link to confirm your account information.” 
• “There was an unauthorized attempt to access your streaming account. Click here to verify your identity.” 
• “Your package was undeliverable. Click the attached document to provide delivery instructions.” 

When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these. 

And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice. 

Case in point: 

Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer. 

We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see. 

As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely. 

Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious. 

Here’s where the attackers really got bold.  

They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus. 

Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam. 

Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.” 

Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.  

Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack. 

Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.  

For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use. 

Other examples of phishing attacks 

Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples. 

There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing. 

Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.” 

Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …” 

Taken all together, someone can readily spot that this is a scam with a closer look. 

This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be. 

What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same. 

This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach. 

The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course. 

Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether. 

How to spot and prevent phishing attacks. 

Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot. 

And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit? 

One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind … 

They play on your emotions. 

Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator. 

If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well. 

They ask you to act—NOW. 

Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam. 

Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately. 

They want you to pay a certain way. 

Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods. 

Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam. 

They use mismatched addresses. 

Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. 

Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt. 

Protect yourself from phishing attacks 

1. Go directly to the source. Some phishing attacks can look convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.  
2. Follow up with the sender. Keep an eye out for emails that might be a spear phishing attack. If an email that looks like it came from a family member, friend, or business associate, follow up with them to see if they sent it. Particularly if asks for money, contains a questionable attachment or link, or simply doesn’t sound quite like them. Text, phone, or check in with them in person. Don’t follow up by replying to the email, as it may have been compromised.   
3. Don’t download attachments. Some phishing attacks send attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. Scammers may pass them off as an invoice, a report, or even an offer for coupons. If you receive a message with such an attachment, delete it. And most certainly don’t open it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.  
4. Hover over links to verify the URL. On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. If the URL looks suspicious in any of the ways we mentioned just above, delete the message, and don’t ever click. 

Protect yourself from email attacks even further 

Online protection software can protect you from phishing attacks in several ways. 

For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware. 

Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.  

Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands. 

In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today. 

 

 

The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.

Look both ways for a new form of scam that’s on the rise, especially if you live in Dallas, Atlanta, Los Angeles, Chicago, or Orlando — fake toll road scams. They’re the top five cities getting targeted by scammers. 

We’ve uncovered plenty of these scams, and our research team at McAfee Labs has revealed a major uptick in them over the past few weeks. Fake toll road scams have nearly quadrupled at the end of February compared to where they were in January.  

Figure 1. A chart showing the increasing frequency and volume of toll road scam messages

What is a toll road scam? 

The scams play out like this:  

Ping. You get a text notification. It says you have an unpaid tab for tolls and that you need to pay right away. And like many scams, it contains a link where you can pay up. Of course, that takes you to a phishing site that asks for your payment info (and sometimes your driver’s license number or even your Social Security number), which can lead to identity fraud and possibly identity theft. 

Here’s one example that our Labs team tracked down. Pay close attention to the link. It follows the form of a classic scammer trick by altering the address of a known company so that it looks legit. 

Figure 2. A screenshot showing an example of a Toll Roads scam text 

 

The scam messages come in multiple varieties, however, so it’s important to stay vigilant of both your text and email inboxes. McAfee Labs found, for example, that some text messages and emails included PDFs while others included links using popular URL shortener services such as bit.ly, shorturl.at, qrco.de, and short.gy. The use of URL shorteners can also falsely create a sense of security when people recognize the popular format and don’t see typos or suspicious parts of the full URL. 

Figure 3. A screenshot of a toll road scam text that urges recipients to open a PDF 

 

Additionally, these scammers put in a lot of effort to create legitimate-looking web pages and notices. Note how the following example does its best to look like branded digital letterhead. And, as usual, it uses urgent language about fines and legal action to help make sure you “Pay Now.” 

Figure 4. An example of a PDF included in a scam toll road text message
 

Why so many toll road scams?  

They work. Scammers target their victims by matching them with the toll payment service in their city or state, which makes the scam look extra official. For example, a scammer would use an “E-ZPass” email to target someone in Orlando, our #5 city for toll road scams, which is one of the 19 states that E-ZPass serves. In southern California, victims get hit with phony texts from scammers posing as “The Toll Roads,” which is a payment service in that region. 

The apparent legitimacy combined with the emotional sense of urgency creates the perfect snare for scammers.  

 

Now, about those URLs to phishing sites. We mentioned that scammers take the URLs of known toll payment services and add some extra characters to them. In other cases, they’ve latched on to the root term “paytoll” as well. Our research team dug up several examples of fake toll sites, including: 

1. paytollbysuab[dot]top/pay  
2. thetollroads-paytollhmm[dot]world  
3. thetollroads-paytollxtd[dot]world/us  
4. thetollroads-paytollwpc[dot]world/us  
5. thetollroads-paytollolno[dot]xin/us  
6. thetollroads-paytollktc[dot]world/us  
7. thetollroads-paytoll[dot]world/us  
8. paytollmit[dot]vip  
9. paytollaqs[dot]vip  
10. paytollcqb[dot]top/ezdrivema  

Of course, don’t follow any of those links. And something else about those links — you can see scammers dot-top, dot-vip, and dot-xin. These domains are cheap, available, and easy to purchase, which makes them attractive to scammers. 

The cities facing the biggest influx of toll road scams 

According to McAfee Labs research, the following U.S. cities are experiencing the most of these scam texts: 

1. Dallas, Texas  
2. Atlanta, Georgia  
3. Los Angeles, California  
4. Chicago, Illinois  
5. Orlando, Florida  
6. Miami, Florida  
7. San Antonio, Texas  
8. Las Vegas, Nevada  
9. Houston, Texas  
10. Denver, Colorado 
11. San Diego, California  
12. Phoenix, Arizona  
13. Seattle, Washington  
14. Indianapolis, Indiana  
15. Boardman, Ohio 

Figure 5. The top cities where toll road scams are most prevalent 

Avoiding toll road scams 

The scam has gotten so out of hand that the U.S. Federal Trade Commission (FTC) has issued a warning about it. They offer up the following advice: 

• Don’t click on any links in, or respond to, unexpected texts. Scammers want you to react quickly, but it’s best to stop and check it out. 

• Check to see if the text is legit. Reach out to the state’s tolling agency using a phone number or website you know is real — not the info from the text. 

• Report and delete unwanted text messages. Use your phone’s “report junk” option to report unwanted texts to your messaging app or forward them to 7726 (SPAM). Once you’ve checked it out and reported it, delete the text. 

We’ll add to that too, with: 

• If in doubt, use a search engine to locate the toll websites in your area. 

• Report suspicious texts to www.ic3.gov so that law enforcement can track them and warn others about them. 

• Get text scam protection. Our Text Scam Detector automatically detects scams by scanning URLs in your text messages. If you accidentally tap or click? Don’t worry, it blocks risky sites if you follow a suspicious link. 

 

Additional examples of phishing pages found by McAfee

The following images show additional phishing pages and links McAfee found in relation to different toll road scams.

The post Fake Toll Road Scam Texts are Everywhere. These Cities are The Most Targeted. appeared first on McAfee Blog.

Whether or not you’re much into online banking, protecting yourself from bank fraud is a must. 

Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them. 

The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.6 billion people worldwide will bank online, driven in large part by online-only banks. 

There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account. 

So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps. 

Here’s how you can protect yourself from online banking fraud 

Use a strong password—and a password manager to keep them straight 

Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you. 

In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.  

If you want to set up your own passwords, check out this article on how you can make them strong and unique. 

Use two-factor authentication to protect your accounts 

What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts. 

Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up. 

Avoid phishing attacks: Look at your email inbox with a skeptical eye 

Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article. 

Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before. 

Be skeptical about calls as well. Fraudsters use the phone too. 

It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number. 

For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust. 

Steer clear of financial transactions on public Wi-Fi in cafes, hotels, and libraries 

There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)  

If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder! 

Protecting your banking and finances even further 

Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help: 

• Update your software – That includes the operating system of your computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack.
• Lock up – Your computers, smartphones, and tablets will have a way of locking them with a PIN, a password, your fingerprint, or your face. Take advantage of that protection, which is particularly important if your device is lost or stolen.
  
•  Use security software – Protecting your devices with comprehensive online protection software will fend off the latest malware, spyware, and ransomware attacks, plus further protect your privacy and identity.
• Consider connecting with a VPN – also known as a “virtual private network,” a VPN helps you stay safer with bank-grade encryption and private browsing. It’s a particularly excellent option if you find yourself needing to use public Wi-Fi because a VPN effectively makes a public network private.
• Check your credit report and monitor your transactions – This is an important thing to do in today’s password- and digital-driven world. Doing so will uncover any inconsistencies or outright instances of fraud and put you on the path to setting them straight. Online protection software can help with this as well. It can keep an eye on your credit and your transactions all in one place, providing you with notifications if anything changes. That same monitoring can extend to retirement, investment, and loan accounts as well. Check out our plans and see which options work best for you.

The post How to Protect Yourself from Bank Fraud appeared first on McAfee Blog.

It usually starts with something small.

You’re scrolling TikTok or Instagram, half-paying attention, when a Black Friday ad pops up. It looks like the brand you love—same logo, same photos, same “limited-time deal” language you’ve seen in real promos. The link takes you to a site that looks identical to the real one. The checkout page works. The confirmation email looks legit.

Then the payment clears, and the merchant name on your bank statement doesn’t match the store at all.

That moment, wait, what did I just buy from?, is becoming the defining holiday-shopping scam of 2025.

This year, fake ads and cloned storefronts aren’t sketchy one-offs or typo-filled red flags. They’re polished. They’re identical. And increasingly, they’re powered by AI.

McAfee’s 2025 holiday research found that nearly half of Americans (46%) have already encountered AI-altered or AI-generated scams while shopping. And with 96% of people planning to shop online, many doing so daily, scammers know this is peak opportunity.

Here’s how fraudsters are blending into the busiest shopping season of the year, what the data shows, and how to stay one step ahead.

Why Scammers Are So Effective Right Now

A perfect storm is happening:

People are shopping more often.
Nearly half of U.S. adults expect to shop online daily or multiple times per day during the holidays.

People are rushed.
From early Black Friday “price drop” alerts to Cyber Monday countdowns, shoppers don’t slow down to verify what they’re seeing.

AI makes scam content nearly flawless.
McAfee found technology email scams surging ~85%, retail email scams rising ~50%, and fraudulent URLs climbing across the board—from counterfeit Apple support pages to fake Costco refund portals.

Holiday deals are already rolling out—and so are the scams.

McAfee’s 2025 holiday research shows major spikes in email scams (~50% increase), technology scams (~85% increase), and fake storefronts that mimic trusted retailers. AI tools are making these scams faster, more realistic, and harder to spot.

It’s not that shoppers suddenly got careless.

It’s that scammers suddenly got good.

The 2025 Scams Hitting Shoppers the Hardest

1. Fake Retail Sites & “Deal” Pages That Look Real

This is the big one, and it’s getting cleaner every year.

Scammers lift entire storefronts:

• Logos
• Product photos
• Sale graphics
• Checkout flows
• Even fake customer service pages

The only giveaway? A URL that’s juuust slightly off—“target-sale.com” instead of “target.com,” or a link ending in “.shop” or “.store” rather than a brand’s normal domain.

Once you enter your payment info, it goes directly into a database that criminals resell or use to make purchases.

How to spot and avoid this scam: Skip the ad. Type the retailer’s name into your browser yourself. If it’s a real deal, you’ll find it on their actual site.

2. TikTok, Instagram & Social Video Scams

Short-form videos are now a prime scam vehicle.

Scammers steal influencer footage, use AI voice clones, or generate deepfake “promo” videos with celebrities offering huge holiday discounts. When someone clicks the link, it leads straight to a counterfeit store.

According to McAfee:

• 46% have encountered fake influencer/celebrity endorsements
• Younger shoppers (18–34) see them most
• Many appear during holiday-sale cycles on TikTok Shop and Instagram Shopping
• US – Holiday Shopping 2025 fact…

How to spot and avoid this scam: Check the creator’s account history. Real brands don’t drop one-off promo videos from accounts you’ve never seen before. Same as our initial advice, skip the ad entirely and go directly to the official brand website rather than clicking any links.

3. Delivery & Shipping Text Scams

The classic delivery scam is back, with McAfee researchers finding dozens of examples of fake messages attempting to scam holiday shoppers.

You’ll receive a text saying a package can’t be delivered or that a small fee is needed to confirm your address.

McAfee found that 43% of people have encountered fake delivery notifications, and many victims say they entered credit card information thinking they were resolving a legitimate issue.

How to spot and avoid this scam: UPS, USPS, and FedEx will never send a clickable payment link in a text. If you’re wondering about a specific delivery, go directly to the site you ordered it from, or your original receipt in your email to find your tracking information.

4. Account Verification & Gift Card Scams

These hit during the weeks leading up to the holidays.

Messages claim:

• Your Amazon account is locked
• Your Apple ID has “suspicious activity”
• Your loyalty points are expiring
• You must verify your payment information
• You must pay a fee or gift card to resolve an issue

How to spot and avoid this scam:
No legitimate company will ever resolve account issues through gift cards or text-confirmation codes.

How AI Is Supercharging These Scams

Not long ago, scam emails had broken English and pixelated logos.

Now scammers use generative AI to:

• Clone real brand websites
• Rewrite perfect phishing emails
• Fake customer service chatbots
• Produce Hyper-real video ads
• Replicate influencer voices
• Generate thousands of unique scam texts instantly

And people are noticing.

57% of shoppers say they’re more concerned about AI scams this year than last.

Yet 38% believe they can spot scams—even though 22% have fallen for one.

Confidence ≠ protection.

What to Do if You Think You’ve Encountered a Scam

If something feels off—a message, a link, a charge on your bank statement—don’t panic. Most holiday scams rely on speed and confusion. Slowing down and taking a few simple steps can keep a bad situation from turning into real damage.

1. Stop engaging immediately

Close the tab, delete the message, and don’t click anything else.
Scammers often stack multiple pop-ups or redirects to pressure you into acting fast.

2. Don’t enter any additional information

If you started typing in a password or card number but didn’t hit “submit,” back out.
If you did enter details, move to the next steps right away.

3. Change your passwords (starting with the affected account)

Use a strong, unique password—especially for accounts tied to:

• email
• shopping apps
• banking
• cloud storage

A reused password is how one compromised login unlocks everything else. McAfee offers a password manager to help you make and store strong, unique passwords.

4. Check your bank or credit card for unexpected charges

Fraud usually starts small: $1–$5 “test” charges, odd merchant names, or tiny withdrawals.
If you see anything suspicious, contact your bank and request:

• a card replacement
• a fraud alert
• a temporary account freeze, if necessary

5. Run a security scan on your device

Some fake sites drop malware or spyware quietly in the background.
A quick scan can detect:

• malicious downloads
• browser hijackers
• unsafe extensions
• keyloggers

McAfee offers a free antivirus trial that you can use to scan your device and check for compromises.

6. Report the scam

Reporting helps stop other shoppers from being targeted.
You can report scams to:

• the retailer being impersonated
• the platform where you saw the ad (TikTok, Instagram, Facebook)
• your national fraud reporting center

7. Let technology help you clean up

McAfee can automatically detect whether the link, message, or site you interacted with is malicious—and alert you if your information may have been exposed.
Tools like:

• Scam Detector (Built into all core McAfee plans, flags scam texts, emails, and deepfakes)
• Web Protection (malicious or suspicious websites before they load)
• Identity & Financial Monitoring (Credit Monitoring can alert you to unusual account activity)

can help contain an issue before it turns into identity theft.

Need a Gift for the Practical Person in Your Life? Consider Giving Them Scam Protection

There’s always someone on your holiday list who doesn’t want more stuff, they want something useful. The friend who loves a clean inbox. The sibling who’s constantly traveling. The parent who keeps forwarding you suspicious texts asking, “Is this real?”

For them, security might actually be the most thoughtful gift you can give this year.

Online safety tools aren’t flashy, but they are the thing people reach for the moment they click the wrong link, lose a password, or get a sketchy delivery text. And with scams more believable than ever, digital protection has quietly become a new “practical essential,” like a good VPN or a reliable password manager.

Gifting McAfee means giving someone:

Scam protection that works quietly in the background
Scam Detector flags dangerous messages, deepfake-style content, and fake shopping sites before they ever interact with them.

Identity & financial monitoring
A huge help for anyone who’s been burned by fraud in the past — or is tired of checking bank statements manually.

Password security that doesn’t require them to remember anything
Perfect for the person who uses the same password everywhere (and you know exactly who I mean).

Device protection for laptops, phones, and tablets
Which is especially relevant for people shopping, traveling, or working remotely through the holiday season.

It’s practical. It’s protective. And unlike most presents, it’s something they’ll use all year.

The post How To Protect Yourself from Black Friday and Cyber Monday AI Scams  appeared first on McAfee Blog.

Almost every teenager in the United States (approximately 96%) reports using the internet daily. As students prepare to return to school after the summer break, ensuring their cybersecurity practices are up to date is essential to protect personal information from increasingly sophisticated cyber threats. By teaching proactive cybersecurity measures, parents can empower their children to maintain a secure online presence, fostering a safer digital environment for the entire family.

Protecting Kids and Their Devices

According to research conducted at Baylor University, students are estimated to spend a substantial average of eight to ten hours daily engaged with smartphones or other forms of technology. These devices need to be safeguarded because they are integral to daily life, facilitating communication, learning, and productivity.

Here are essential steps to safeguard computers, cell phones, and tablets:

• Update Software Regularly: Make it a habit to update all software promptly. Updates frequently contain crucial security patches that shield devices from potential cyber threats. Encourage your student to enable automatic updates whenever possible to stay protected against the latest vulnerabilities.
• Use Holistic All-Around Online Protection: Install and activate reputable online protection software on all devices. This acts as a defense mechanism, detecting and neutralizing malicious software that could compromise personal information or disrupt device functionality.
• Secure Your Network: Use a secure Wi-Fi network with encryption (such as WPA2) and change the default administrator passwords on your routers. Avoid accessing sensitive information or conducting financial transactions over public Wi-Fi. Consider using a Virtual Private Network (VPN) when connecting to public Wi-Fi networks to encrypt internet traffic and protect data from potential eavesdroppers.
• Browse the Web safely: Our easy-to-use browser extension, called WebAdvisor, is designed to guide you when online so you can browse confidently knowing you’re safe from risky websites, scams, or other online threats.​

Using Complex Passwords

One study found that young students knew not to share their passwords with others, but only about 13% of them created very strong passwords. Creating a complex password is crucial because it acts as a barrier against unauthorized access to personal accounts and sensitive information.

• Create Complex Passwords: Use passwords that are at least 12 characters long, include a mix of letters, numbers, and special characters, and don’t have any easily guessable information like birthdates or names. A password generator can suggest strong passwords for you.
• Avoid Password Reuse: Emphasize the importance of using different passwords for different accounts. If one account is compromised, having unique passwords ensures that other accounts remain secure.
• Consider Password Managers: Using a password manager can help students securely store and manage their passwords. This eliminates the need to remember multiple passwords while maintaining security.
• Enable Multi-Factor Authentication (MFA): Enable multi-factor authentication for added security. This extra layer of protection requires a second form of verification (like a text message code or authentication app) in addition to a password, significantly reducing the risk of unauthorized access.

Being Cautious of Online Scams and Phishing Attempts

Phishing attacks are prevalent and can trick students into revealing sensitive information or downloading malware. These scams often mimic trusted sources like educational institutions or familiar online services, enticing recipients to click on malicious links or download attachments containing malware. Once engaged, these tactics exploit vulnerabilities to compromise devices, steal information, or gain unauthorized access to accounts, posing significant risks to personal and academic security.

• Educate About Phishing: Teach students how to identify common phishing red flags, such as urgent requests for personal information or emails with grammatical errors and suspicious links.
• Verify Sources: Always verify the legitimacy of emails, messages, or websites before clicking on links or providing personal information.
• Report Suspicious Activity: Encourage students to report any suspicious emails or messages to their school’s IT department or a trusted authority figure.

To further enhance students’ defenses against phishing attacks, utilizing a scam protection tool can be invaluable. These tools are designed to automatically detect and alert users to potentially dangerous URLs embedded in texts, emails, or social media messages. Imagine receiving a suspicious link in what appears to be a package delivery notification or a bank alert—this tool’s AI technology swiftly identifies such threats and alerts you before you click, providing peace of mind against falling victim to phishing scams. As a proactive measure, it can even block access to risky websites if you inadvertently follow a scam link, effectively bolstering your defenses across various digital platforms.

Protecting Personal Information

A Pew Research Center survey found that the majority of U.S. teens use social media sites like TikTok (67%), Instagram (62%) and Snapchat (59%). Social media serves as a powerful tool for connecting, discovering, and exchanging information. However, oversharing can inadvertently expose us to threats posed by scammers, hackers, and data aggregators. To stay better protected on social media, consider these tips:

• Limit Social Sharing: Advise students to refrain from disclosing sensitive details like home addresses, phone numbers, or upcoming travel plans. This proactive step minimizes the risk of such information falling into the wrong hands, ensuring personal safety and privacy.
• Use Privacy Settings: Make full use of privacy controls available on social media platforms to specify who can view posts, access personal information, and contact you. Customizing these settings empowers users to manage their online presence effectively, but finding and adjusting privacy settings on social media accounts can often be a difficult task. McAfee’s Social Privacy Manager can help you adjust more than 100 privacy settings across your social media accounts in just a few clicks.

As students gear up for another school year, cybersecurity awareness should be a top priority. Staying vigilant and proactive is key to maintaining a secure digital environment for students at all educational levels. By implementing these cybersecurity tips, students can protect themselves against potential threats and focus more on their studies with peace of mind.

The post Cybersecurity Tips for Students Returning to School appeared first on McAfee Blog.

When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.  

A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.  

How does identity theft happen in the first place?  

Unfortunately, it can happen in several ways.   

In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).   

In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who are shopping or banking online without the security of a VPN.  

Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to 1 million in 2023. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:  

• Online ads that direct you to a scammer’s site are designed to steal your information.  
• Malicious websites and apps also steal information when you use them.  
• Social media scams lure you into providing personal information, whether through posts or direct messages.  

However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.  

What are some signs of identity theft?  

Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:  

• You start getting mail for accounts that you never opened.   
• Statements or bills stop showing up from your legitimate accounts.  
• You receive authentication messages for accounts you don’t recognize via email, text, or phone.   
• Debt collectors contact you about an account you have no knowledge of.  
• Unauthorized transactions, however large or small, show up in your bank or credit card statements.  
• You apply for credit and get unexpectedly denied.  
• And in extreme cases, you discover that someone else has filed a tax return in your name.  

As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.   

Steps to take if you suspect that you’re the victim of identity theft  

The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:  

1) Notify the companies and institutions involved  

Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.   

2) File a police report  

Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.  

3) Contact the Federal Trade Commission (FTC)  

The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.  

4) Place a fraud alert and consider a credit freeze  

You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.  

A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.  

5) Dispute any discrepancies in your credit reports  

This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.   

6) Contact the IRS, if needed  

If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.  

Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.  

7) Continue to monitor your credit report, invoices, and statements  

Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.  

Preventing identity theft 

With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.  

With McAfee+ Ultimate you can: 

• Monitor your credit activity on all three major credit bureaus to stay on top of unauthorized use.​ 
• Also, monitor the dark web for breaches involving your personal info and notify you if it’s found.​ 
• Lock or freeze your credit file to help prevent accounts from being opened in your name. 
• Remove your personal info from over 40 data broker sites collecting and selling it. 
• Restore your identity with a licensed expert should the unexpected happen.​ 
• Receive $1M identity theft and stolen funds coverage along with additional $25K ransomware coverage. 

​In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done. 

Righting the wrongs of identity theft: deep breaths and an even keel  

Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer to any questions you’ll face in the process of restoring your identity will help you see things through.  

Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.  

The post How to Detect Signs of Identity Theft appeared first on McAfee Blog.

People under 60 are losing it online. And by it, I mean money—thanks to digital identity theft. 

In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.  

In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.  

People under 60 are major targets for fraud 

Here’s what’s happening: people under 60 were twice as likely to report losing money while shopping online. The spotlight also shows that adults under 60 are more than four times more likely to report losing money to an investment scam, and the majority of those losses happened in scams involving some form of cryptocurrency investments.

And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers. 

Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.  

Six ways you can protect your digital identity from hackers and fraud 

It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away: 

1. Start with the basics—security software  

Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use them to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection. 

2. Create strong passwords  

You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks. 

3. Keep up to date with your updates  

Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.   

4. Think twice when you share  

Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk. 

5. Shred it  

Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in a paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away. 

6. Check your credit  

Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find. 

How do I know if my identity has been stolen?  

As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name. 

Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away: 

• If you live in the U.S. and think that someone is using your personal information, visit IdentityTheft.gov. 
• In Canada, visit antifraudcentre-centreantifraude.ca for help.  
• And in the UK, check out CIFAS, the UK’s fraud prevention service, at cifas.org.uk. 

Likewise, many nations offer similar government services. A quick search will point you in the right direction. 

Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here. 

Keeping your digital identity in your hands 

With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.

The post How to Protect Your Digital Identity appeared first on McAfee Blog.

Whether it tags along via a smartphone, laptop, tablet, or wearable, it seems like the internet follows us wherever we go nowadays. Yet there’s something else that follows us around as well — a growing body of personal info that we create while banking, shopping, and simply browsing the internet. And no doubt about it, our info is terrifically valuable.

What makes it so valuable? It’s no exaggeration to say that your personal info is the key to your digital life, along with your financial and civic life as well. Aside from using it to create accounts and logins, it’s further tied to everything from your bank accounts and credit cards to your driver’s license and your tax refund.

Needless to say, your personal info is something that needs protecting, so let’s check out several ways you can do just that.

What is personal info?

What is personal info? It’s info about you that others can use to identify you either directly or indirectly. Thus, that info could identify you on its own. Or it could identify you when it’s linked to other identifiers, like the ones linked with the devices, apps, tools, and protocols you use.

A prime example of direct personal info is your tax ID number because it’s unique and directly tied to your name. Further instances include your facial image to unlock your smartphone, your medical records, your finances, and your phone number because each of these can be easily linked back to you.

Then there are those indirect pieces of personal info that act as helpers. While they might not identify you on their own, a few of them can when they’re added together. These helpers include things like internet protocol addresses, the unique device ID of your smartphone, or other identifiers such as radio frequency identification tags.

You can also find pieces of your personal info in the accounts you use, like your Google to Apple IDs, which can be linked to your name, your email address, and the apps you have. You’ll also find it in the apps you use. For example, there’s personal info in the app you use to map your walks and runs, because the combination of your smartphone’s unique device ID and GPS tracking can be used in conjunction with other info to identify who you are. Not to mention where you typically like to do your 5k hill days. The same goes for messenger apps, which can collect how you interact with others, how often you use the app, and your location info based on your IP address, GPS info, or both.

In all, there’s a cloud of personal info that follows us around as we go about our day online. Some wisps of that cloud are more personally identifying than others. Yet gather enough of it, and your personal info can create a high-resolution snapshot of you — who you are, what you’re doing, when you’re doing it, and even where you’re doing it, too — particularly if it gets into the wrong hands.

Remember Pig-Pen, the character straight from the old funny pages of Charles Schultz’s Charlie Brown? He’s hard to forget with that ever-present cloud of dust following him around. Charlie Brown once said, “He may be carrying the soil that trod upon by Solomon or Nebuchadnezzar or Genghis Khan!” It’s the same with us and our personal info, except the cloud surrounding us, isn’t the dust of kings and conquerors. They’re motes of info that are of tremendously high value to crooks and bad actors — whether for purposes of identity theft or invasion of privacy.

Protecting your personal info protects your identity and privacy

With all the personal info we create and share on the internet, that calls for protecting it. Otherwise, our personal info could fall into the hands of a hacker or identity thief and end up getting abused, in potentially painful and costly ways.

Here are several things you can do to help ensure that what’s private stays that way:

1) Use a complete security platform that can also protect your privacy.

Square One is to protect your devices with comprehensive online protection software. This defends you against the latest virus, malware, spyware, and ransomware attacks plus further protects your privacy and identity. Also, it can provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who might try to force their way into your accounts.

Further, security software can also include a firewall that blocks unwanted traffic from entering your home network, such as an attacker poking around for network vulnerabilities so that they can “break in” to your computer and steal info.

2) Use a VPN.

Also known as a virtual private network, a VPN helps protect your vital personal info and other data with bank-grade encryption. The VPN encrypts your internet connection to keep your online activity private on any network, even public networks. Using a public network without a VPN can increase your risk because others on the network can potentially spy on your browsing and activity.

If you’re new to the notion of using a VPN, check out this article on VPNs and how to choose one so that you can get the best protection and privacy possible. (Our McAfee+ plans offer a VPN as part of your subscription.)

3) Keep a close grip on your Social Security Number.

In the U.S., the Social Security Number (SSN) is one of the most prized pieces of personal info as it unlocks the door to employment, finances, and much more. First up, keep a close grip on it. Literally. Store your card in a secure location. Not your purse or wallet.

Certain businesses and medical practices might ask you for your SSN for billing purposes and the like. You don’t have to provide it (although some businesses could refuse service if you don’t), and you can always ask if they will accept some alternative form of info. However, there are a handful of instances where an SSN is a requirement. These include:

• Employment or contracting with a business.
• Group health insurance.
• Financial and real estate transactions.
• Applying for credit cards, car loans, and so forth.

Be aware that hackers often get a hold of SSNs because the organization holding that info gets hacked or compromised itself. Minimizing how often you provide your SSN can offer an extra degree of protection.

4) Protect your files.

Protecting your files with encryption is a core concept in data and info security, and thus it’s a powerful way to protect your personal info. It involves transforming data or info into code that requires a digital key to access it in its original, unencrypted format. For example, McAfee+ includes File Lock, which is our file encryption feature that lets you lock important files in secure digital vaults on your device.

Additionally, you can also delete sensitive files with an application such as McAfee Shredder, which securely deletes files so that thieves can’t access them. (Quick fact: deleting files in your trash doesn’t delete them in the truest sense. They’re still there until they’re “shredded” or otherwise overwritten such that they can’t be restored.)

5) Steer clear of those internet “quizzes.”

Which Marvel Universe superhero are you? Does it really matter? After all, such quizzes and social media posts are often grifting pieces of your personal info in a seemingly playful way. While you’re not giving up your SSN, you might be giving up things like your birthday, your pet’s name, your first car…things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites. The one way to pass this kind of quiz is not to take it!

6) Be on the lookout for phishing attacks.

A far more direct form of separating you from your personal info is phishing attacks. Posing as emails from known or trusted brands, financial institutions, or even a friend or family member, a scammer’s attack will try to trick you into sharing important info like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service.

How do you spot such emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated and can make their phishing emails look increasingly legitimate. Even more so with AI tools. However, there are several ways you can spot a phishing email and phony websites. Moreover, our McAfee Scam Protection can do it for you.

7) Keep mum in your social media profile.

You can take two steps to help protect your personal info from being at risk via social media. One, think twice about what you share in that post or photo — like the location of your child’s school or the license plate on your car. Two, set your profile to private so that only friends can see it. Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and gives a scammer less info to exploit. Using our Social Privacy Manager can make that even easier. With only a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.

8) Look for HTTPS when you browse.

The “S” stands for secure. Any time you’re shopping, banking, or sharing any kind of personal info, look for “https” at the start of the web address. Some browsers also indicate HTTPS by showing a small “lock” icon. Doing otherwise on plain HTTP sites exposes your personal info for anyone who cares to monitor that site for unsecured connections.

9) Lock your devices.

By locking your devices, you protect yourself that much better from personal info and data theft in the event your device is lost, stolen, or even left unattended for a short stretch. Use your password, PIN, facial recognition, thumbprint ID, what have you. Just lock your stuff. In the case of your smartphones, read up on how you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.

10) Keep tabs on your credit — and your personal info.

Theft of your personal info can lead to credit cards and other accounts being opened falsely in your name. What’s more, it can take some time before you even become aware of it, such as when your credit score takes a hit or a bill collector comes calling. By checking your credit, you can fix any issues that come up, as companies typically have a clear-cut process for contesting any fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and likewise, other nations like the UK have similar free offerings as well.

Consider identity theft protection as well. A strong identity theft protection package pairs well with keeping track of your credit and offers cyber monitoring that scans the dark web to detect for misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $2M coverage for lawyer fees, travel expenses, lost wages, and more.

The post How to Protect Your Personal Info appeared first on McAfee Blog.

“My phone’s been hacked!” These are words you never want to hear or say. Ever. You are not alone in this sentiment.

Our phones have become the central hub of our lives, storing everything from personal and financial information, access to payment apps, files, photos, and contacts. This has made our phones irresistible, prized targets for cyber criminals. And because these devices are always on and always with us, the opportunity for attack is constant. What are the signs that you have been hacked and how can you reclaim your control? This guide walks you through the common indicators of a hacked phone and what steps you can take to protect your data and privacy.

What is phone hacking and how does it work?

Phone hacking is the unauthorized access and control of your smartphone and its data. It can happen to any person and any device, whether it’s an iPhone or an Android. To achieve this, cybercriminals—also called hackers—use various types of malicious software, sometimes called malware, such as:

• Spyware, which secretly tracks your every move
• Adware, which bombards your device with pop-up ads
• Ransomware, which locks your files until you pay a fee 

These attacks are typically motivated by financial gain, such as stealing banking credentials, or by a desire to monitor someone’s personal life. 

The cost of phone hacking to you

Phone hacking isn’t just a technical or convenience issue. It has real and often costly consequences for your personal life, finances, and privacy. Here, we list the kinds of losses you might face with a hacked phone:

• Financial loss: Hackers can access banking apps to drain your accounts, steal credit card information for fraudulent purchases, or use your phone to subscribe to premium services without your consent.
• Identity theft: Cybercriminals can steal personal information from your device, such as your social security number, passwords, and photos—to open new accounts or commit crimes in your name.
• Severe privacy invasion: Through spyware, an attacker can turn on your phone’s camera and microphone to secretly record you, track your location in real-time, and read all your private messages.
• Emotional and reputational damage: The stress of being hacked is significant. A criminal could use your accounts to impersonate you, spread misinformation or damage your relationships with family, friends, and colleagues.

The consequences of a hacked phone go far beyond inconvenience. This is why it is so critical to stay alert for the warning signs of a compromise and know exactly what to do if your phone is hacked.

Common ways hackers gain access to your smartphone

The unfortunate reality is that anyone’s phone can be targeted and successfully hacked. Cybercriminals have developed several sophisticated methods that allow them to remotely take over your device. These tactics are done mainly by surreptitiously installing malicious software or malware, monitoring calls and messages, stealing personal information, or even taking over your various accounts. Here are detailed explanations for each hacking method:

• Malicious apps: Malware can be disguised as legitimate applications, such as games and utility tools, available on unofficial third-party app stores. Once installed, it can steal data, track your location, or install more malware. Always be cautious of apps that ask for permissions that exceed their intended function, such as a calculator app requesting access to your contacts.
• Visiting malicious websites: Visiting a compromised website on your phone could infect it with malware through a drive-by download which automatically installs malicious software, scripts that exploit your phone’s operating system vulnerabilities, or pop-ups or ads that trick you into authorizing a download, often disguised as a software update or a prize notification. 
• Phishing or smishing: You might receive a text message (SMS) or email that appears to be from a trusted source, like your bank or a delivery service. These messages contain links that lead to fake websites designed to trick you into entering your passwords or personal information. A common example is a text claiming there’s a problem with a package delivery, urging you to click a link to reschedule.
• Unsecured public Wi-Fi: When you connect to a free, public Wi-Fi network at a café, airport, or hotel without protection, your data can be vulnerable. Hackers on the same network can intercept the information you send, including passwords and credit card details. Using a virtual private network (VPN) protects you on public networks.
• SIM swapping: This sophisticated scam involves a hacker impersonating you and convincing your mobile carrier to transfer your phone number to a new SIM card they control. Once they have your number, they can intercept calls and texts, including two-factor authentication codes, allowing them to take over your online accounts.
• Juice-jacking: Cybercriminals can modify public USB charging stations to install malware onto your phone while it charges. This technique can steal sensitive data from your phone. It’s always safer to use your own AC power adapter and a wall outlet.
• Outdated operating systems: Hackers actively search for security holes in older versions of iOS and Android. Installing the latest security updates for your phone’s operating system locks the doors to malware as these updates contain critical patches that protect you from newly discovered threats.

12 signs your phone was hacked

To be certain that your phone has been hacked, here are some signs you should consider. Note that these might be signs of a hacked phone, yet not always. 

1. More popups than usual: Phones hit with adware will be bombarded with pop-up ads. Never tap or click on them, as they might take you to pages designed to steal personal information.
2. Data spikes or unknown call charges: A hacker is likely using your phone to transfer data, make purchases, send messages, or make calls via your phone. 
3. Issues with online accounts: Spyware might have stolen your account credentials, then transmitted them to the hacker, leading to credit and debit fraud. In some cases, hackers will change the password and lock out the device owner.
4. Unexpected battery drain: Your phone’s battery dies much faster than usual because hidden malware is constantly running in the background.
5. Sluggish performance: Your device freezes, crashes, or lags significantly as malicious software consumes its processing power and memory.
6. Unfamiliar apps or messages: You discover apps you never installed or see outgoing calls and texts you didn’t make, indicating unauthorized use.
7. Phone overheats while idle: Your device feels unusually warm even when you’re not using it, a sign of malware overworking the processor.
8. Random reboots or shutdowns: The phone restarts on its own, which could be caused by conflicting malicious code or a hacker remotely controlling it.
9. Camera or mic activates unexpectedly: Someone may be spying on you when the camera or microphone indicator light turns on when you aren’t using it.
10. Websites look different: Pages you visit look unusual or frequently redirect you to spammy sites, indicating your web traffic is being hijacked.
11. Unauthorized 2FA requests: You receive notifications for two-factor authentication codes you didn’t request, a strong signal that someone has your password and is trying to access your accounts.
12. Inability to shut down properly: Your phone resists being turned off or fails to shut down completely, as malware may be designed to keep it running. 

If you see several of these signs, it’s crucial to take immediate action to secure your device and data.

Clarifying misconceptions about phone hacking

Ultimately, the biggest factor in security is user behavior. Regardless of whether you use Android or iOS, practising safe habits—like avoiding suspicious links, using strong passwords, and keeping your operating system updated—is the most critical defense against having your phone hacked.

What’s easier to hack: Android or iPhone?

This is a long-standing debate, and the truth is that both platforms can be hacked. Android’s open-source nature and accommodation of third-party sources apps create more potential vulnerabilities. Additionally, security updates can sometimes be delayed depending on the device manufacturer. iPhones, while generally more secure, can be vulnerable if a user jailbreaks the device or falls victim to phishing and other social engineering scams.

Can answering a phone call get you hacked?

Simply answering a phone call cannot install malware on a modern, updated smartphone. The real danger comes from social engineering, where the caller will convince you into taking an action that compromises your security such as giving your personal information or installing something yourself. This is often called vishing or voice phishing.

Can your phone camera be hacked?

Yes, your phone’s camera and microphone can be hacked, a process known as camfecting. This is typically done using spyware hidden in malicious apps disguised as legitimate software that you may have been tricked into installing. Signs of a compromised camera include the indicator light turning on unexpectedly, finding photos or videos in your gallery that you didn’t take, or experiencing unusually high battery drain.

Can a phone be hacked when turned off?

When your phone is completely powered down, its network connections and most of its hardware are inactive, making it impossible to be actively hacked over the internet. However, some modern smartphones have features that remain active even when the device seems off, like the location tracker. Sophisticated, state-level spyware like Pegasus are also theoretically capable of attacking a device’s firmware even while turned off. 

Hacking off a hacker: A step-by-step recovery guide 

Sometimes you are fortunate enough to catch the hacking attempt while it is in progress, such as during a vishing incident. When this happens, you can take these immediate steps to thwart the hacker before, during and after:

• Use call screening and blocking: Enable your carrier’s spam call filtering services and manually block any suspicious numbers that call you.
• Never share one-time codes: Legitimate companies will never call you to ask for a password, PIN, or two-factor authentication (2FA) code. Treat any such request as a scam.
• Hang up and verify independently: If you receive a suspicious call, hang up immediately. Find the official phone number for the company online and call them directly.

Discovering that your phone has been hacked can be alarming, but acting quickly can help minimize the damage and restore your privacy. Here are the actions to take to regain control and protect your personal information:

1. Back up essential data: Before taking any action, save your irreplaceable data such as photos, contacts, and important documents to a cloud service or computer. Do not back up applications or system data, as these may be infected.
2. Disconnect immediately: The first step is to restart your phone in Safe Mode (for Android) or Recovery Mode (for iPhone). This cuts off its connection to Wi-Fi and cellular networks, preventing the hacker from sending or receiving more data.
3. Run a security scan: Use a trusted mobile security app, like McAfee Mobile Security to scan your device. It’s designed to find and remove malware that may be hiding on your phone.
4. Delete suspicious apps and files: Manually go through your applications and delete anything you don’t remember installing or that looks unfamiliar. Check your downloads folder for suspicious files and delete those as well.
5. Clear browser cache and data: Malicious code could be stored in your browser’s cache. Go into your browser settings and clear all history, cookies, and cached data to remove lingering threats.
6. Change your passwords: From a separate, uninfected device, change the passwords for your critical accounts, including email, banking, and social media. Use a password manager to create and store strong, unique passwords for each account. Enable 2FA where possible for added security. 
7. Secure your accounts: Review recent activity on your online accounts for any unauthorized transactions or messages. Have your bank accounts frozen and request new cards and credentials.
8. Update your operating system: Check for and install the latest OS update for your device. These updates often contain critical security patches that can fix the vulnerability the hacker exploited in the first place.
9. Perform a full shutdown when needed, disable always-on location features if you’re concerned.
10. Perform a factory reset: If the issues persist, a factory reset is your most effective —and last—option. Once you have backed up files, resetting is a straightforward process and will completely remove any lingering malware.
11. Verify backups before restoring: After cleaning your device or a factory reset, be cautious when restoring data. Ensure your backup is from a date before the hacking occurred to avoid reinfecting your phone. Restore only essential data and manually reinstall apps only from official app stores.
12. Notify your contacts and authorities: Let your contacts know your phone was hacked so they can be wary of strange messages from your number. If you suspect identity theft or financial fraud, report it to the relevant authorities and your financial institutions immediately.

Future-proof your phone from hacks

• Set a SIM PIN: Add a personal identification number to your SIM card through your phone’s settings. This prevents a fraudster from using your SIM in another device to execute a SIM swap attack.
• Enable automatic security updates: Ensure your phone is set to automatically download and install OS updates. These patches often fix critical security vulnerabilities that hackers actively exploit.
• Use encrypted DNS: Enable the Private DNS feature on Android or an equivalent app on iOS to encrypt your web traffic lookups. This prevents eavesdroppers on public Wi-Fi from seeing which websites you visit.
• Disable developer options and USB debugging: These settings are for app developers and can create security backdoors if left on. Turn them off in your phone’s settings unless you have a specific need for them.

Protective measures to take in the first place

Applying security measures the moment you bring home your brand new phone helps to keep your phone from getting hacked in the first place. It only takes a few minutes. Follow these tips to find yourself much safer from the start:  

1. Install trusted security software immediately. You’ve adopted this good habit on your desktops and laptops. Your phones? Not so much. Online protection software gives you the first line of defense against attacks, and more.
2. Go with a VPN. Make a public network safe by deploying a virtual private network, which serves as your Wi-Fi hotspot.  It will encrypt your data to keep you safe from advertisers and prying eyes.
3. Use a password manager. Strong, unique passwords offer another primary line of defense. Try a password manager that can create and safely store them. 
4. Avoid public charging stations. Look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and are a safer alternative to public charging stations.  
5. Keep your eyes on your phone. Preventing the actual theft of your phone is important. This is a good case for password or PIN protecting your phone, and turning on device tracking. In case it is stolen, Apple and Google provide a step-by-step guide for remotely wiping devices.  
6. Stick with trusted app stores. Stick with legitimate app stores like Google Play and Apple’s App Store, which vet apps to ensure they are safe.
7. Keep an eye on app permissions. Check what permissions your apps are asking for. Both iPhone and Android users can allow or revoke app permission.
8. Update your phone’s operating system. Keeping your phone’s operating system up to date can fix vulnerabilities that hackers rely on to pull off attacks—it’s another tried and true method to keep your phone safe and performing well.

Advanced ways to block hackers from your phone

• Enable a SIM Card PIN: Set up a PIN for your SIM card to prevent hackers from using it in another phone for a SIM swap attack, which requires the PIN upon restart.
• Use an eSIM if possible: An embedded SIM (eSIM) cannot be physically removed from your phone, making it difficult for criminals to execute a fraudulent SIM swap.
• Enforce encrypted DNS: Configure your phone to use DNS-over-HTTPS (DoH), which encrypts your DNS queries, preventing eavesdroppers on public Wi-Fi from seeing which websites you visit.
• Deploy a hardware security key: For the ultimate 2FA protection, a physical key (like a YubiKey) for sensitive accounts makes it nearly impossible for hackers to log in without it.
• Disable USB debugging and developer mode: Unless you are an app developer, keep these advanced Android features off to close potential backdoors that malware could exploit.
• Turn off unused wireless radios: Manually disable Wi-Fi, Bluetooth, and NFC when you aren’t using them to reduce your phone’s attack surface and prevent unauthorized connections.

Stay proactive with mobile security

Protecting your phone from hackers doesn’t have to be overwhelming. By remaining vigilant for the warning signs, keeping your software updated, and using trusted security tools, you can significantly reduce your risk of getting your phone infiltrated. Think of your digital security as an ongoing practice, not a one-time fix. 

Mobile security solutions like McAfee Mobile Security are specifically designed to scan your device for malware, spyware, and other malicious code. Key features to look for in a quality security app include real-time antivirus protection, web protection to block dangerous websites, and privacy monitoring to check which apps have access to your personal data. McAfee Mobile Security also offers award-winning antivirus, real-time malware scanning to stop malicious apps before they can cause harm. The included Secure VPN encrypts your connection, making public Wi-Fi safe for browsing and banking. With features like Identity Monitoring to alert you if your details are found on the dark web and Safe Browsing to block risky websites, you’re protected from multiple angles. 

Be very cautious of fake anti-hack apps; these could be scams that can install malware themselves. To be safe, always download security software from reputable providers through official channels like the Google Play Store or Apple’s App Store.

The post How to Know If Your Phone Has Been Hacked appeared first on McAfee Blog.