Ways to Tell if a Website Is Fake

Unfortunately in today’s world, scammers are coming at us from all angles to trick us to get us to part with our hard-earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention, even if you know what to look for, they can get you. There are numerous ways to detect fake sites or emails, phishing, and other scams.

Before we delve into the signs of fake websites, we will first take a closer look at the common types of scam that use websites, what happens when you accidentally access a fake website, and what you can do in case you unknowingly purchased items from it.

What are fake or scam websites?

Fake or scam websites are fraudulent sites that look legitimate while secretly attempting to steal your personal information, money, or account access.

These deceptive platforms masquerade as trustworthy businesses or organizations, sending urgent messages such as popular shopping websites offering fantastic limited-time deals, banking websites requesting immediate account verification, government portals claiming you owe taxes or are eligible for refunds, and shipping companies asking for delivery fees.

The urgency aims to trick you into logging in and sharing sensitive details—credit card numbers, Social Security information, login credentials, and personal data. Once you submit your data, the scammers will steal your identity, drain your accounts, or sell your details to other criminals on the dark web.

These scam websites have become increasingly prevalent because they’re relatively inexpensive to create and can reach millions of potential victims quickly through email and text campaigns, social media ads, and search engine manipulation.

Cybersecurity researchers and consumer protection agencies discover these fraudulent sites through various methods, including monitoring suspicious domain registrations, analyzing reported phishing attempts, and tracking unusual web traffic patterns. According to the FBI’s Internet Crime Complaint Center, losses from cyber-enabled fraud amounted to $13.7 billion, with fake websites representing a significant portion of these losses.

Consequences of visiting a fake website

Visiting a fake website, accidentally or intentionally, can expose you to several serious security risks that can impact your digital life and financial well-being:

• Credential theft: Scammers can capture your login information through fake login pages that look identical to legitimate sites. Once they have your username and password, they can access your real accounts and steal personal information or money.
• Credit card fraud: When you enter your bank or credit card details on fraudulent shopping or fake service portals, scammers can use your payment information for unauthorized purchases or sell these to other criminals on the dark web.
• Malware infection: Malicious downloads, infected ads, or drive-by downloads may happen automatically when you visit certain fake sites. These, in turn, can steal personal files, monitor your activity, or give criminals remote access to your device.
• Identity theft: Fake sites can collect personal information like Social Security numbers, addresses, or birthdates through fraudulent forms or surveys.
• Account takeovers: Criminals can use stolen credentials to access your email, banking, or social media accounts, potentially locking you out and using your accounts for further scams.

Common types of scam websites

Scammers use different tricks to make fake websites look real, but most of them fall into familiar patterns. Knowing the main types of scam sites helps you recognize danger faster. This section lists the most common categories of scam websites, how they work, and the red flags that give them away before they can steal your information or money.

• Fake shopping stores: These fraudulent e-commerce sites steal your money and personal information without delivering products. They offer unrealistic discounts (70%+ off), have no customer service contact information, or accept payments only through wire transfers or gift cards. These sites often use stolen product images and fake customer reviews to appear legitimate.
• Phishing login pages: These sites mimic legitimate services such as banks, email providers, or social media platforms to harvest your credentials. Their URLs that don’t match the official domain, such as “bankofamerica-security.com” instead of “bankofamerica.com” Their urgent messages claim your account will be suspended unless you log in immediately.
• Tech support scam sites: These fake websites claim to detect computer problems and offer remote assistance for a fee. They begin with a pop-up ad with a loud alarm to warn you about viruses, provide you with phone numbers to call “immediately,” or request remote desktop access from unsolicited contacts.
• Investment and crypto sites: These sites guarantee incredible returns on cryptocurrency or investment opportunities, feature fake celebrity endorsements, or pressure you to invest quickly before a “limited-time opportunity” expires.
• Giveaway and lottery pages: You receive notifications with a link to a page that claims you’ve won prizes In contests you never entered, but require upfront fees or personal information to receive them. They will request bank account details to “process your winnings” or upfront processing fees.
• Shipping and parcel update portals: These usually come in the form of tracking pages that mimic delivery services such as USPS, UPS, or FedEx to steal personal information or payment details. The pages ask for immediate payment to release and deliver the packages, or for login credentials to accounts you don’t have with that carrier.
• Malware download pages: These ill-intentioned sites offer “free” but uncertified software, games, or media files that contain harmful code to infect your device once you click on the prominent “Download” button.
• Advance fee and loan scams: These sites guarantee approved loans or financial services regardless of your credit score. But first you will have to post an upfront payment or processing fees before any actual assistance is rendered.

Understanding these common scam types helps you recognize fake sites before they can steal your information or money. When in doubt, verify legitimacy by visiting official websites directly through bookmarks or search engines rather than clicking suspicious links.

For the latest warnings and protection guidance, check resources from the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.

Recognize a fake site

You can protect yourself by learning to recognize the warning signs of fake sites. By understanding what these scams look like and how they operate, you’ll be better equipped to shop, bank, and browse online with confidence. Remember, legitimate companies will never pressure you to provide sensitive information through unsolicited emails or urgent pop-up messages.

1. Mismatched domain name and brand: The website URL doesn’t match the company name they claim to represent, like “amazoon-deals.com” instead of “amazon.com.” Scammers use similar-looking domains to trick you into thinking you’re on a legitimate site.
2. Spelling mistakes and poor grammar: Legitimate businesses invest in professionally created content to ensure clean and error-free writing or graphics. If you are on a site with multiple typos, awkward phrasing, or grammatical errors, these indicate that it was hastily created and not thoroughly reviewed like authentic websites.
3. Missing or invalid security certificate: The site lacks “https://” in the URL or shows security warnings in your browser. Without proper encryption, any information you enter can be intercepted by criminals.
4. Fantastic deals: Look out for prices that are dramatically low—like designer items at 90% off or electronics at impossibly low costs. Scammers use unrealistic bargains to lure victims into providing payment information.
5. High-pressure countdown timers: The site displays urgent messages such as “Only 2 left!” or countdown clocks with limited-time offers that reset when you refresh the page. These fake urgency tactics push you to make hasty decisions without proper research.
6. No physical address, contact information, legitimate business details: The site provides only an email address or contact form. In the same vein, any email address they provide may look strange like northbank@hotmail.com. Any legitimate business will not be using a public email account such as Hotmail, Gmail, or Yahoo.
7. Missing or vague return policy: Legitimate businesses want satisfied customers and provide clear policies for returns and exchanges. Scams, however, cannot provide clear refund policies, return instructions, or customer service information.
8. Stolen or low-quality images: Scammers often steal images from legitimate sites without permission, making their product photos look pixelated, watermarked, or inconsistent in style and quality.
9. Fake or generic reviews: Authentic reviews include specific details and a mix of ratings and comments. On fake websites, however, customer reviews are overly positive with generic language, posted on the same dates, or contain similar phrasing patterns.
10. Limited payment options: Legitimate businesses offer secure payment options with buyer protection. Fake websites, however, only accept wire transfers, cryptocurrency, gift cards, or other non-reversible or untraceable payment methods.
11. Recently registered domain: The website was created very recently—often just days or weeks ago, whereas established businesses typically have older, stable web presences.
12. Fake password: If you’re at a fake site and type in a phony password, the fake site is likely to accept it.

Recognize phishing, SMiShing, and other fake communications

Most scams usually start out from social engineering tactics such as phishing, smishing, and fake social media messages with suspicious links, before leading you to a fake website.

From these communications, the scammers impersonate legitimate organizations before finally executing their malevolent intentions. To avoid being tricked, it is essential to recognize the warning signs wherever you encounter them.

Email phishing red flags

Fake emails are among the most common phishing attempts you’ll encounter. If you see any of these signs in an unsolicited email, it is best not to engage:

• One way to recognize a phishing email is by its opening greeting. A legitimate email from your real bank or business will address you by name rather than a generic greeting like “Valued Customer” or something similar.
• In the main message, watch for urgent language like “Act now!” or “Your account will be suspended immediately.” Legitimate organizations rarely create artificial urgency around routine account matters. Also pay attention to the sender’s email address. Authentic companies use official domains, not generic email services like Gmail or Yahoo for business communications.
• Be suspicious of emails requesting your credentials, Social Security number, or other sensitive information. Banks and reputable companies will never ask for passwords or personal details via email.
• Look closely at logos and formatting. Spoofed emails often contain low-resolution images, spelling errors, or slightly altered company logos that don’t match the authentic versions.

SMS and text message scams

Smishing messages bear the same signs as phishing emails and have become increasingly sophisticated. These fake messages often appear to come from delivery services, banks, or government agencies. Common tactics include fake package delivery notifications, urgent banking alerts, or messages claiming you’ve won prizes or need to verify account information.

Legitimate organizations typically don’t include clickable links in unsolicited text messages, especially for account-related actions. When in doubt, don’t click the link—instead, open your banking app directly or visit the official website by typing the URL manually.

Social media phishing

Social media platforms give scammers new opportunities to create convincing fake profiles and pages. They might impersonate customer service accounts, create fake giveaways, or send direct messages requesting personal information. These fake sites often use profile pictures and branding that closely resemble legitimate companies.

Unusual sender behavior is another indicator of a scam across all platforms. This includes messages from contacts you haven’t heard from in years, communications from brands you don’t typically interact with, or requests that seem out of character for the supposed sender.

Examples of fake or scam websites

Scammers have become increasingly cunning in creating fake websites that closely mimic legitimate businesses and services. Here are some real-life examples of how cybercriminals use fake websites to victimize consumers:

USPS-themed scams and websites

Scammers exploit your trust in the United States Postal Service (USPS), designing sophisticated fake websites to steal your personal information, payment details, or money. They know you’re expecting a package or need to resolve a delivery issue, making you more likely to enter sensitive information without carefully verifying the site’s authenticity.

USPS-themed smishing attacks arrive as text messages stating your package is delayed, undeliverable, or requires immediate action. Common phrases include “Pay $1.99 to reschedule delivery” or “Your package is held – click here to release.”

Common URL tricks in USPS scams

Scammers use various URL manipulation techniques to make their fake sites appear official. Watch for these red flags:

• Misspelled domains: Sites like “uspps.com,” “uspo.com,” or “us-ps.com” instead of the official “usps.com”
• Extra characters: URLs containing hyphens, numbers, or additional words like “usps-tracking.com” or “usps2024.com”
• Different extensions: Domains ending in .net, .org, .info, or country codes instead of .com
• Subdomain tricks: URLs like “usps.fake-site.com” where “usps” appears as a subdomain rather than the main domain
• HTTPS absence: Legitimate USPS pages use secure HTTPS connections, while some fake sites may only use HTTP

Verify through official USPS channels

Always verify package information and delivery issues through official USPS channels before taking any action on suspicious websites or messages:

• Official USPS website: Report the incident directly to usps.com by typing the URL into your browser rather than clicking links from emails or texts. Use the tracking tool on the homepage to check your package status with the official tracking number.
• Official USPS mobile app: The USPS mobile app, available from official app stores, provides secure access to tracking, scheduling, and delivery management. Verify that you are downloading from USPS by checking the publisher name and official branding.
• USPS customer service: If you receive conflicting information or suspect a scam, call USPS customer service at 1-800-ASK-USPS (1-800-275-8777) to verify delivery issues or payment requests.
• Your local post office: When you need definitive verification, speak with postal workers at your local USPS location who can access your package information directly in their systems.

Where and how to report fake USPS websites

Reporting fake USPS websites helps protect others from falling victim to these scams and assists law enforcement in tracking down perpetrators.

• Report to USPS: Forward suspicious emails to the United States Postal Inspection Service and report fake websites through the USPS website’s fraud reporting section. The postal inspection service investigates mail fraud and online scams targeting postal customers.
• File with the Federal Trade Commission: Report the fraudulent website at ReportFraud.ftc.gov, providing details about the fake site’s URL, any money lost, and screenshots of the fraudulent pages.
• Contact the Federal Bureau of Investigation: Submit reports through the FBI’s Internet Crime Complaint Center, especially if you provided personal information or lost money to the scam.
• Alert your state attorney general: Many state attorneys general offices track consumer fraud and can investigate scams targeting residents in their jurisdiction.

Remember that legitimate USPS services are free for standard delivery confirmation and tracking. Any website demanding payment for basic package tracking or delivery should be treated as suspicious and verified through official USPS channels before providing any personal or financial information.

Tech support pop-up ads scams

According to the Federal Trade Commission, tech support scams cost Americans nearly $1.5 billion in 2024. These types of social engineering attacks are increasingly becoming sophisticated, making it more important than ever to verify security alerts through official channels.

Sadly, many scammers are misusing the McAfee name to create fake tech support pop-up scams and trick you into believing your computer is infected or your protection has expired and hoping you’ll act without thinking.

These pop-ups typically appear while you’re browsing and claim your computer is severely infected with viruses, malware, or other threats. They use official-looking McAfee logos, colors, and messaging to appear legitimate to get you to call a fake support number, download malicious software, or pay for unnecessary services.

Red flags of fake McAfee pop-up

Learning to detect fake sites and pop-ups protects you from scam. Be on the lookout for these warning signs:

• Offering phone numbers to call immediately: Legitimate McAfee software never displays pop-ups demanding you call a phone number right away for virus removal.
• Requests for remote access: Authentic McAfee alerts won’t ask you for permission to remotely control your computer to “fix” issues.
• Immediate payment demands: Real McAfee pop-ups don’t require instant payment to resolve security threats.
• Countdown timers: Fake alerts often include urgent timers claiming your computer will be “locked” or “damaged” if you don’t act immediately.
• Poor grammar and spelling: Many fraudulent pop-ups contain obvious spelling and grammatical errors.
• Browser-based alerts: Genuine McAfee software notifications appear from the actual installed program, not through your web browser.

Properly close a McAfee-themed pop-up ad

If you see a suspicious pop-up claiming to be from McAfee, here’s exactly what you should do:

1. Close the tab immediately: Don’t click anywhere on the pop-up, not even the “X” button, as this might trigger malware downloads.
2. Use keyboard shortcuts: Press Ctrl+Alt+Delete or Command+Option+Escape (Mac) to force-close your browser safely.
3. Don’t call any phone numbers: Never call support numbers displayed on the pop-ups, as these connect you directly to scammers.
4. Avoid downloading software: Don’t download any “cleaning” or “security” tools offered through pop-ups.
5. Clear your browser cache: After closing the pop-up, clear your browser’s cache and cookies to remove any tracking elements.

Verify your actual McAfee protection status

To check if your McAfee protection is genuinely active and up-to-date:

• Open your installed McAfee software directly: Click on the McAfee icon in your system tray or search for McAfee in your start menu.
• Visit the official McAfee website: Go directly to mcafee.com by typing it into your address bar.
• Log into your McAfee account: Check your subscription status through your official McAfee online account.
• Use the McAfee mobile app: Download the official McAfee Mobile Security app to monitor your protection remotely.

Remember, legitimate McAfee software updates and notifications come through the installed program itself, not through random browser pop-ups. Your actual McAfee protection works quietly in the background without bombarding you with alarming messages.

Crush fake tech support pop-ups

Stay protected by trusting your installed McAfee software and always verifying security alerts through official McAfee channels such as your installed McAfee dashboard or the official website.

1. Close your browser safely. If you see a fake McAfee pop-up claiming your computer is infected, don’t click anything on the pop-up. Instead, close your browser completely using Alt+F4 (Windows) or Command+Q (Mac). If the pop-up does not close, open Task Manager (Ctrl+Shift+Esc) and end the browser process. This prevents any malicious scripts from running and stops the scammers from accessing your system.
2. Clear browser permissions. Fake security pop-ups often trick you into allowing notifications that can bombard you with more scam alerts. Go to your browser settings and revoke notification permissions for suspicious sites. In Chrome, go to Settings > Privacy and Security > Site Settings > Notifications, then remove any unfamiliar or suspicious websites from the allowed list.
3. Remove suspicious browser extensions. Malicious extensions can generate fake McAfee alerts and redirect you to scam websites. Check your browser extensions by going to the extensions menu and removing any you don’t recognize or didn’t intentionally install.
4. Reset your browser settings. If fake pop-ups persist, reset your browser to its default settings to remove unwanted changes made by malicious websites or extensions, while preserving your bookmarks and saved passwords. In most browsers, you can find the reset option under Advanced Settings.
5. Run a complete security scan. Use your legitimate antivirus software to perform a full system scan. If you don’t have security software, download a reputable program from the official vendor’s website only, such as McAfee Total Protection, to detect and remove any malware that might be generating the fake pop-ups.
6. Update your operating system and browser. Ensure your device has the latest security and web browser updates installed, which often include patches for vulnerabilities that scammers exploit. Enable automatic updates to stay protected against future threats.
7. Review and adjust notification settings. Configure your browser to block pop-ups and block sites from sending you notifications. You could be tempted to allow some sites to send you alerts, but we suggest erring on the side of caution and just block all notifications.

Steps to take if you visited or purchased from a fake site

Be prepared and know how to respond quickly when something doesn’t feel right. If you suspect you’ve encountered a fake website, trust your instincts and take these protective steps immediately.

1. Disconnect immediately: Close your browser by using Alt+F4 (Windows), Ctrl + W (Chrome), or Command+Q (Mac) on your keyboard.
2. Run a comprehensive security scan: If you suspect a virus or malware, disconnect from the internet to prevent data transmission. Conduct a full scan using your antivirus software to detect and remove any potential threats that may have been downloaded.
3. Contact your credit card issuer: Call the number on the back of your card and report the fraudulent charges for which you can receive zero liability protection. Card companies allow up to 60 days for charge disputes under federal law and can refund payments made to the fake store. Consider requesting a temporary freeze on your account while the investigation proceeds.
4. Cancel your credit card: Request a replacement card with a new number to give you a fresh start. Your card issuer can expedite the request if needed, often within 24-48 hours.
5. Document everything thoroughly: Save all emails, receipts, order confirmations, and screenshots of the fake website before it potentially disappears. This documentation will be crucial for your chargeback and insurance claims, and any legal proceedings.
6. Update passwords on other accounts: Scammers often test stolen credentials across multiple platforms, so if you reused the same password on the fake site that you use elsewhere, change those passwords immediately. Enable two-factor authentication on important accounts like email, banking, and social media.
7. Stay alert for follow-up scams: Scammers may attempt to contact you via phone, email, or text claiming to “resolve” your situation through fake shipping notifications, additional payments to “release” your package, or “refunds” on your money in exchange for personal information.
8. Monitor your credit and financial accounts. Keep a close eye on your bank and credit card statements for several months and place a fraud alert on your credit reports through one of the three major credit bureaus—TransUnion, Equifax, and Experian. Consider a credit freeze for maximum protection.
9. Check for legitimate alternatives. If you were trying to purchase a specific product, research authorized retailers or the manufacturer’s official website. Verify business credentials, secure payment options, and return policies before making new purchases.

Report a scam website, email, or text message

• Federal Trade Commission: Report fraudulent websites to the FTC, which investigates consumer complaints and uses this data to identify patterns of fraud and take enforcement action against scammers.
• FBI’s Internet Crime Complaint Center: Submit detailed reports to the ICc3 for suspected internet crimes. IC3 serves as a central hub for reporting cybercrime and coordinates with law enforcement agencies nationwide.
• State Attorney General: If the fake store claimed to be located in your state, consider reporting to your state attorney general’s office, as these have dedicated fraud reporting systems and can take action against businesses operating within state boundaries. Find your state’s reporting portal through the National Association of Attorneys General website.
• Domain registrar, hosting provider, social media: Look up the website’s registration details using a WHOIS tool, then report abuse to both the domain registrar and web hosting company. Most providers have dedicated abuse reporting emails and will investigate violations of their terms of service. If the fake page is on social media, you can report it to the platform to protect other consumers.
• Search engines: Report fraudulent sites to Google through their spam report form and to Microsoft Bing via their webmaster tools to prevent the fake sites from appearing in search results.
• The impersonated brand: If scammers are impersonating a legitimate company, report directly to that company’s fraud department or customer service. Most brands have dedicated channels for reporting fake websites and will work to shut them down.
• Share your experience to protect others: Leave reviews on scam-reporting websites such as the Better Business Bureau’s Scam Tracker or post about your experience on social media to warn friends and family. Your experience can help others avoid the same trap and contribute to the broader fight against online fraud.
• Essential evidence to gather:

• • Full website URL and any redirected addresses
  • Screenshots of the fraudulent pages, including fake logos or branding
  • Transaction details, if you made a purchase (receipts, confirmation emails, payment information)
  • Email communications from the scammers
  • Date and time when you first encountered the site
  • Any personal information you may have provided

• Additional reporting resources: The CISA maintains an updated list of reporting resources while the Anti-Phishing Working Group investigates cases of the fake sites that appear to be collecting personal information fraudulently. For text message scams, forward the message to 7726 (SPAM).

Final thoughts

Recognizing fake sites and emails becomes easier with practice. The key is to trust your instincts—if something feels suspicious or too good to be true, take a moment to verify through official channels. With the simple verification techniques covered in this guide, you can confidently navigate the digital world and spot fake sites and emails before they cause harm.

Your best defense is to make these quick security checks a regular habit—verify URLs, look for secure connections, and trust your instincts when something feels off. Go directly to the source or bookmark your most-used services and always navigate to them. Enable two-factor authentication on important accounts, and remember that legitimate companies will never ask for sensitive information via email. Maintaining healthy skepticism about unsolicited communications will protect not only your personal information but also help create a safer online environment for everyone.

For the latest information on fake websites and scams and to report them, visit the Federal Trade Commission’s scam alerts or the FBI’s Internet Crime Complaint Center.

The post Ways to Tell if a Website Is Fake appeared first on McAfee Blog.

The holidays are the season of giving; unfortunately, it’s also the season when scammers try to cash in on the spirit of generosity

If you’re seeing a heartfelt charity ad on social media, a touching email, or a surprise text asking you to donate, it’s worth pausing for a moment. Is it genuine charity—or a scam built to tug at your heartstrings?

The good news: staying safe doesn’t mean stopping your generosity. With a few quick checks, you can give confidently and protect yourself.

What is charity fraud?

Charity fraud is when scammers pose as legitimate nonprofits—or misuse the name of a real charity—to trick people into donating money or giving away personal information.

In some cases, the organization is completely fake. In others, it’s a real charity that uses donations in misleading or unethical ways, passing very little money to the actual cause.

Type 1: Fully fake charities

The first type involves flat-out fraud, where the organization is a front for a scam, through and through. Any money you give goes straight into the scammer’s pocket. As does your personal and payment info, which can lead to further fraud.

Type 2: Low impact “charities”

These are real, registered charities. But They keep the majority of donations for overhead instead of helping the cause.

This second type often involves questionable practices by the organization. According to the Better Business Bureau, reputable organizations keep 35% or less of their funds for operations.

Meanwhile, some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. (For a closer look at some examples, the independent watchdog group Charity Watch published a blog highlighting some of the worst charities they audited in 2024.)

Common to both, they’ll indeed play on your emotions, and they’ll urge you to donate now. As it is with so many scams and shady deals on the internet, you’ll find a sense of urgency central to their message.

How to spot a charity scam

1. Look for a dot-org domain

For starters, reputable charities often have dot-org as their domain extension—versus dot-com or any one of the hundreds of permutations available today.

2. Research the organization

Charities leave a paper trail, one that can get audited. And fake ones won’t leave a trail at all. With a quick look at some reputable online resources, you can quickly find out if the charity you want to support is legit.

In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities. You can also look up a charity’s Form 990 tax return online.

3. Take your time

This goes hand-in-hand with the above. If you feel like you’re getting rushed to donate, it could be a sign of a scam. Step back and indeed do your research with a few clicks to the resources listed above.

4. Pay with a credit card

This protects you in two ways. If you fall victim to a scam, you can contest the charges with your credit card company. And if a scammer tries to use your card again for other purchases, you can contest those too. Also, in the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

5. Avoid sketchy payment methods

The following is a sure-fire red flag: requests for payment in cash, gift cards, cryptocurrency, or wire transfers. Don’t ever use these forms of payment for charities, let alone anything else online.

6. Donate directly

Better yet, donate directly. Rather than respond to calls, ads, emails or texts, donate on your terms. After you give your possible donation some time and thought, you can go directly to the website of a charitable organization that you’ve researched.

And here’s how McAfee can help you stay safer still.

Get a scam detector. You can combine your healthy skepticism and awareness with the right technology, like our Scam Detector and Web Protection.

Both will alert you if a link you received might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

Clean up your personal info online. Scams over email, phone, and text all require the same thing: your contact info.

In many cases, scammers get it from data broker sites. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data.

Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

Monitor your identity and credit. The problem with many scams is that you only find out about it once the damage is done, like when a scammer uses your phished card number to make additional purchases in your name.

Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our credit monitoring and identity monitoring.

Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

You’ll find these protections, and plenty more, in McAfee+.

A safe way to support the fight against cybercrime

If you want to give back and help protect people from online fraud, McAfee has partnered with Fight Cyber Crime, a legitimate U.S. nonprofit dedicated to helping victims of online scams.

You might remember them from our Scam Stories partnership earlier this year, sharing real stories from real scam victims to raise awareness about threats facing us every day on and offline.

Why we recommend them

• They provide free support and recovery guidance to scam victims.
• They raise nationwide awareness about cybercrime.
• They’re a vetted, established organization doing real work in online safety.

How you can help

Visit their site to learn more or make a donation: https://fightcybercrime.org/about/donate/

Supporting validated charities like Fight Cyber Crime is one way to make a real impact this holiday season—without putting yourself at risk.

The post How to Spot Charity Scams and Donate Safely this Giving Season appeared first on McAfee Blog.

Want McAfee’s latest scam alerts, cybersecurity tips, and safety updates to show up automatically in your Google News feed? You can follow McAfee directly on Google News with a single tap.

Google News now gives every official publisher a dedicated page — and McAfee has one. Once you follow us, our newest articles will appear in your Following tab and throughout your personalized news feed whenever they’re relevant to you.

Here’s how to do it in seconds.

Follow McAfee on Google News

Step 1: Go to our official Google News page

Tap or click this link:

McAfee Official Google News Source Page

This opens McAfee’s verified publisher page inside Google News.

Step 2: Tap the “Follow” button

You’ll see a star icon at the top of the page.

Tap Follow and you’re done.

That’s it — McAfee is now part of your personalized news feed.

What happens after you follow McAfee

When you tap the star:

• McAfee appears under Following → Sources in Google News
• Our stories show up more often when you search for cybersecurity topics
• You’ll see McAfee alerts, safety tips, and threat updates sooner
• Google prioritizes McAfee when we publish on topics you care about (AI scams, malware, identity theft, etc.)

No settings menus. No advanced search. Just one tap.

How to Unfollow or Manage Your Sources

If you ever want to update your feed:

1. Open Google News

2. Go to Following → Sources

3. Tap the star again to unfollow

4. Or rearrange which sources matter most to you

 

---

FAQs

Do I need the Google News app?

No. Following works in both browsers and the app.

Will this make McAfee show up first for every search?

Not automatically — but Google does prioritize publishers you follow when the content is relevant.

Can I follow McAfee on multiple devices?

Yes. It’s tied to your Google account, not your phone or laptop.

Is the follow button safe?

Absolutely. This is Google’s built-in publisher follow system.

Stay Updated, Stay Safer

Cyber threats move fast — following McAfee on Google News makes it easier to stay ahead of scams, breaches, and emerging AI risks.

The post How to Follow McAfee on Google News in One Simple Step appeared first on McAfee Blog.

Contactless payments make everyday purchases fast and easy. Yet with that convenience comes a risk: ghost tapping.

In crowded spaces or rushed moments, a scammer could trigger a small tap-to-pay charge or push through a higher amount without your clear consent. Understanding what ghost tapping is, how it happens, and what to do next helps you keep your money and identity secure.

What Is Ghost Tapping?

Ghost tapping is a form of contactless fraud where someone attempts to initiate a tap-to-pay transaction without your approval.

Tap-to-pay cards and mobile wallets on phones use a technology called “near-field communication,” or NFC. That lets them communicate with things like a point-of-sale device for payment at a very close range. It’s generally quite safe, particularly because of the “near” part. You have to get very close to make the connection.

Even so, proximity and distraction can be exploited. Attackers may try to skim limited details from RFID (Radio Frequency Identification technology) cards or NFC cards, or nudge you into approving a payment you didn’t intend. If you’ve ever wondered what ghost tapping is, think of it as an opportunistic, in-person scam that abuses the tap-to-pay moment rather than a remote hack.

How Ghost Tapping Happens

Most schemes rely on getting close and catching you off guard. A criminal might carry a portable reader, press into a pocket or bag, and attempt a low-value charge. Others set up tampered terminals, rushing you so you don’t check the amount.

Consider These Two Scenarios:

You’re at a busy farmer’s market. A scammer with a phone equipped with a point-of-sale app stumbles into you and gets close enough to your card to trigger a transaction. It’s almost like a modern-day pickpocket move, where the bump distracts the victim from the theft as it happens.

In another case, you might come across a phony vendor. Maybe someone’s selling cheap hats outside a football game or someone’s going around your neighborhood selling candy, supposedly to support a charity. In scenarios like these, you tap to pay with your phone just as you’d expect… but with one exception: the “vendor” jacks up the purchase price. They hurry you through the transaction, so quickly that you don’t review the screen before you confirm payment.

We’ve also seen reports of people getting Apple Pay scammed by impostor merchants who exploit quick taps and small screens. While mobile wallets add strong safeguards, poor visibility and social pressure can still lead to losses.

The Better Business Bureau on Ghost Tapping:

A report posted on the Scam Tracker at the Better Business Bureau (BBB) shows how the phony vendor version of this scam allegedly played out:

“An individual is going door to door in [location redacted] claiming to be selling chocolate on behalf of [redacted] to support special needs students. He says that he can only accept tap-to-pay to get people to pay with a card. He then charges large amounts to the card without the cardholder being able to see the amount. He got my mother for $537… Another victim for $1100… He changes neighborhoods frequently to avoid getting caught.”

Signs of Ghost Tapping and Common Myths

Early ghost detecting starts with vigilance. Watch for unfamiliar small charges, especially after crowded events, and alerts tied to contactless transactions. If you see odd activity tied to RFID cards or NFC cards, act quickly.

Common myths persist. Attackers can’t drain accounts from far away, clone full cards via a tap, or bypass wallet protections easily. Most successful cases hinge on proximity, distraction, and human error. Meanwhile, Apple Pay scam stories often involve rushed taps and unverified totals.

Effective ghost detecting focuses on timely alerts, careful review, and immediate response.

How to Protect Yourself from Ghost Tapping Scams

The BBB, which recently broke the story of these scams, offers several pieces of advice. We have some advice we can add as well.

From the BBB…

• Store your cards securely. An RFID-blocking wallet or sleeve can help stop wireless skimming.
• Always confirm payment details. Before tapping your card or phone, check the merchant’s name and amount on the terminal screen.
• Set up transaction alerts. Many banks allow real-time notifications for every charge.
• Keep an eye on your accounts. Daily checks help you spot fraud faster.
• Limit tap-to-pay use in high-risk areas. Consider swiping or inserting your card instead.

From us at McAfee…

Monitor your identity and your credit.

The problem with many card scams is that they can lead to further identity theft and fraud, which you only find out about once the damage is done. Actively monitoring your identity and credit goes beyond single transaction alerts from your bank and can spot an emerging problem before it becomes an even bigger one. You can take care of both easily with timely notifications from our credit monitoring and identity monitoring features, all as part of our McAfee+ plans.

When you’re out and about, consider what you’re carrying—and where you carry it.

The physical safety of your phone and cards counts as well. While ghost tapping scams are new, old-school physical pickpocketing attempts persist. When it comes to devices and things like debit cards, credit cards, and even cash, keep what you bring with you to the bare minimum when you go out. This can cut your losses if the unfortunate happens. If you have a credit card and ID holder attached to the back of your phone, you may want to remove your cards from it. That way, if your phone gets snatched, those important cards don’t get snatched as well.

When in doubt, shop with a credit card.

In the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

The post Ghost Tapping: What It Is, How It Works, and How to Stay Safe appeared first on McAfee Blog.

As the holiday season ramps up, so do group dinners, shared travel costs, gift exchanges, and all the little moments where someone says, “Just Venmo me.”

With more people sending and splitting money this time of year, scammers know it’s prime time to target payment apps. Here’s how to keep your Venmo transactions safe during one of the busiest — and riskiest — payment seasons.

What kind of scams are on Venmo?

Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credentials. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money.

Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:

·       Fake Prize or Cash Reward ·       Call from Venmo ·       Call from Tech Support ·       Fake Payment Confirmation ·       Pre-payment for Goods and Services

·       Stranger Posing as a Friend ·       Payments from Strangers ·       Offers to Make Money Fast ·       Paper Check Scam ·       Romance Scam

 

Venmo has thorough instructions to combat these scams and breaks them down in detail on its site. They also provide preventative tips and steps to take if you unfortunately fall victim to one of these scams. Broadly speaking, though, avoiding Venmo scams breaks down into a few straightforward steps.

How to avoid getting scammed on Venmo

1) Never share private details.

Scammers often pose as customer service reps to pump info out of their victims. They’ll ask for things like bank account info, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this info. Legitimate reps from legitimate companies like Venmo won’t request it.

2) Know when Venmo might ask for your Social Security number.

In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this info by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings  –> Identity Verification.

3) Keep an eye out for scam emails and texts.

Venmo always sends communications through its official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.

4) Be suspicious of the messages you get. Imposters are afoot.

Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.

5) When sending money, keep an eye open for alerts from the app.

Just recently, Venmo added a new feature, dynamic alerts, which helps protect people when sending money via the “Friends and Family” option. It pops up an alert if the app detects a potentially fraudulent transaction and includes info that describes the level of risk involved. In the cases of highly risky payments, Venmo might decline the transaction altogether. This adds another level of protection to Friends and Family payments, which are non-refundable in cases of fraud. Further, this underscores another important point about using Venmo: only pay people you absolutely know and trust.

More ways to stay safe on Venmo

Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:

• Public – Everyone on the internet can see and comment on the transaction.
• Friends – Only your Venmo friends and the other participant’s friends can see and comment on the transaction. (Note that the friends of the other participant might be strangers to you, so “friends and friends of friends” is more accurate here.)
• Private – Here, only the participants can view and comment on the transaction.

This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.

We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.

In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.

Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.

• First off, lock your phone. Whether with a PIN or other form of protection, locking your phone prevents access to everything you keep on it, which is important in the case of loss or theft. Our own research found that only 58% of adults take the vital step of locking their phones. If you fall into the 42% of people who don’t, strongly consider changing that.
• Within the Venmo app, you can also enable Face ID and a PIN (on iOS) or a PIN and biometric unlock (Android). These add a further layer of security by asking for identification each time you open the app. That way, even if someone gets access to your phone, they’ll still have to leap through that security hurdle to access your Venmo app.
• Use a strong, unique password for your account. That’s a password with at least 13 characters using a mix of cases, numbers, and symbols that you don’t use anywhere else. You can also have a password manager do that work for you across all your accounts.

Keep your online finances even more secure with the right tools

Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.

For starters, it includes Web Protection and Scam Detector that can block malicious and questionable links that might lead you down the road to malware or a phishing scam, such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.

Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

The post Venmo 101: Making Safer Payments with the App appeared first on McAfee Blog.

Chances are, you have more personal information posted online than you think.

In 2024, the U.S. Federal Trade Commission (FTC) reported that 1.1 million identity theft complaints were filed, where $12.5 billion was lost to identity theft and fraud overall—a 25% increase over the year prior.

What fuels all this theft and fraud? Easy access to personal information.

Here’s one way you can reduce your chances of identity theft: remove your personal information from the internet.

Scammers and thieves can get a hold of your personal information in several ways, such as information leaked in data breaches, phishing attacks that lure you into handing it over, malware that steals it from your devices, or by purchasing your information on dark web marketplaces, just to name a few.

However, scammers and thieves have other resources and connections to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. This makes removing your info from these sites so important, from both an identity and privacy standpoint.

Data brokers: Collectors and aggregators of your information

Data broker sites are massive repositories of personal information that also buy information from other data brokers. As a result, some data brokers have thousands of pieces of data on billions of individuals worldwide.

What kind of data could they have on you? A broker may know how much you paid for your home, your education level, where you’ve lived over the years, who you’ve lived with, your driving record, and possibly your political leanings. A broker could even know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. They may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply.

With information at this level of detail, it’s no wonder that data brokers rake in an estimated $200 billion worldwide every year.

Sources of your information

Your personal information reaches the internet through six main methods, most of which are initiated by activities you perform every day. Understanding these channels can help you make more informed choices about your digital footprint.

Digitized public records

When you buy a home, register to vote, get married, or start a business, government agencies create public records that contain your personal details. These records, once stored in filing cabinets, are now digitized, accessible online, and searchable by anyone with an internet connection.

Social media sharing and privacy gaps

Every photo you post, location you tag, and profile detail you share contributes to your digital presence. Even with privacy settings enabled, social media platforms collect extensive data about your behavior, relationships, and preferences. You may not realize it, but every time you share details with your network, you are training algorithms that analyze and categorize your information.

Data breaches

You create accounts with retailers, healthcare providers, employers, and service companies, trusting them to protect your information. However, when hackers breach these systems, your personal information often ends up for sale on dark web marketplaces, where data brokers can purchase it. The Identity Theft Research Center Annual Data Breach Report revealed that 2024 saw the second-highest number of data compromises in the U.S. since the organization began recording incidents in 2005.

Apps and ad trackers

When you browse, shop, or use apps, your online behavior is recorded by tracking pixels, cookies, and software development kits. The data collected—such as your location, device usage, and interests—is packaged and sold to data brokers who combine it with other sources to build a profile of you.

Loyalty programs

Grocery store cards, coffee shop apps, and airline miles programs offer discounts in exchange for detailed purchasing information. Every transaction gets recorded, analyzed, and often shared with third-party data brokers, who then create detailed lifestyle profiles that are sold to marketing companies.

Data broker aggregators

Data brokers act as the hubs that collect information from the various sources to create comprehensive profiles that may include over 5,000 data points per person. Seemingly separate pieces of information become a detailed digital dossier that reveals intimate details about your life, relationships, health, and financial situation.

The users of your information

Legally, your aggregated information from data brokers is used by advertisers to create targeted ad campaigns. In addition, law enforcement, journalists, and employers may use data brokers because the time-consuming pre-work of assembling your data has largely been done.

Currently, the U.S. has no federal laws that regulate data brokers or require them to remove personal information if requested. Only a few states, such as Nevada, Vermont, and California, have legislation that protects consumers. In the European Union, the General Data Protection Regulation (GDPR) has stricter rules about what information can be collected and what can be done with it.

On the darker side, scammers and thieves use personal information for identity theft and fraud. With enough information, they can create a high-fidelity profile of their victims to open new accounts in their name. For this reason, cleaning up your personal information online makes a great deal of sense.

Types of personal details to remove online

Understanding which data types pose the greatest threat can help you prioritize your removal efforts. Here are the high-risk personal details you should target first, ranked by their potential for harm.

Highest priority: Identity theft goldmines

• Social Security Number (SSN) with full name and address: This combination provides everything criminals need for identity theft, leading to fraudulent credit accounts, tax refund theft, and employment fraud that may take years to resolve, according to the FTC.
• Financial account information: Bank account numbers, credit card details, and investment account information enable direct financial theft. Even partial account numbers can be valuable when combined with other personal details from data breaches.
• Driver’s license and government-issued ID information: These serve as primary identity verification for many services and can be used to bypass security measures at financial institutions and government agencies.

High priority: Personal identifiers

• Full name combined with home address: This pairing makes you vulnerable to targeted scams and physical threats, while enabling criminals to gather additional information about your household and family members.
• Date of birth: Often used as a security verification method, your DOB combined with other identifiers can unlock accounts and enable age-related targeting for scams.
• Phone numbers: This information enables SIM swapping, where criminals take control of your phone number to bypass two-factor authentication and access your accounts.

Medium-high priority: Digital and health data

• Email addresses: Your primary email serves as the master key to password resets across multiple accounts, while secondary emails can reveal personal interests and connections that criminals exploit in social engineering.
• Medical and health app data: This is highly sensitive information that can be used for insurance discrimination, employment issues, or targeted health-related scams.
• Location data and photos with metadata: Reveals your daily patterns, workplace, home address, and frequented locations. Photos with embedded GPS coordinates can expose your exact whereabouts and enable stalking or burglary.

Medium priority: Account access points

• Usernames and account handles: These help criminals map your digital footprint across platforms to discover your personal interests, connections, and even potential security questions answers. They also enable account impersonation and social engineering against your contacts.

When prioritizing your personal information removal efforts, focus on combinations of data rather than individual pieces. For example, your name alone poses minimal risk, but your name combined with your address, phone number, and date of birth creates a comprehensive profile that criminals can exploit. Tools such as McAfee Personal Data Cleanup can help you identify and remove these high-risk combinations from data broker sites systematically.

Step-by-step guide to finding your personal data online

1. Targeted search queries: Search for your full name in quotes (“John Smith”), then combine it with your city, phone number, or email address. Try variations like “John Smith” + “123 Main Street” or “John Smith” + “555-0123”. Don’t forget to search for old usernames, maiden names, or nicknames you’ve used online. Aside from Google, you can also check Bing, DuckDuckGo, and people search engines.
2. Major data broker and people search sites: Search for yourself in common data aggregators: Whitepages, Spokeo, BeenVerified, Intelius, PeopleFinder, and Radaris. Take screenshots of what you find as documentation. To make this process manageable, McAfee Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
3. Social media platforms and old accounts: Review your Facebook, Instagram, LinkedIn, Twitter, and other platforms for publicly visible personal details. Check old accounts—dating sites, forums, gaming platforms, or professional networks. Look for biographical information, location data, contact details, photos, and even comment sections where you may have shared details.
4. Breach and dark web monitoring tools: Have I Been Pwned and other identity monitoring services can help you scan the dark web and discover if your email addresses or phone numbers appear in data breaches.
5. Ongoing monitoring alerts: Create weekly Google Alerts for your and your family member’s full name, address combinations, and phone number. Some specialized monitoring services can track once your information appears on new data broker sites or gets updated on existing ones.
6. Document everything in a tracker: Create a spreadsheet or document to systematically track your findings. Include the website name and URL, the specific data shown, contact information for removal requests, date of your opt-out request, and follow-up dates. Many sites require multiple follow-ups, so having this organized record is essential for successful removal.

This process takes time and persistence, but services such as McAfee Personal Data Cleanup can continuously monitor for new exposures and manage opt-out requests on your behalf. The key is to first understand the full scope of your online presence before beginning the removal process.

Remove your personal information from the internet

Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.

Request to remove data from data broker sites

Once you have found the sites that have your information, the next step is to request to have it removed. You can do this yourself or employ services such as McAfee’s Personal Data Cleanup, which can help manage the removal for you depending on your subscription. ​It also monitors those sites, so if your info gets posted again, you can request its removal again.

Limit the data Google collects

You can request to remove your name from Google search to limit your information from turning up in searches. You can also turn on “Auto Delete” in your privacy settings to ensure your data is deleted regularly. Occasionally deleting your cookies or browsing in incognito mode prevents websites from tracking you. If Google denies your initial request, you can appeal using the same tool, providing more context, documentation, or legal grounds for removal. Google’s troubleshooter tool may explain why your request was denied—either legitimate public interest or newsworthiness—and how to improve your appeal.

It’s important to know that the original content remains on the source website. You’ll still need to contact website owners directly to have your actual content removed. Additionally, the information may still appear in other search engines.

Delete old social media accounts

If you have old, inactive accounts that have gone by the wayside such as Myspace or Tumblr, you may want to deactivate or delete them entirely. For social media platforms that you use regularly, such as Facebook and Instagram, consider adjusting your privacy settings to keep your personal information to the bare minimum.

Remove personal info from websites and blogs

If you’ve ever published articles, written blogs, or created any content online, it is a good time to consider taking them down if they no longer serve a purpose. If you were mentioned or tagged by other people, it is worth requesting them to take down posts with sensitive information.

Delete unused apps and restrict permissions in those you use

Another way to tidy up your digital footprint is to delete phone apps you no longer use as hackers are able to track personal information on these and sell it. As a rule, share as little information with apps as possible using your phone’s settings.

Remove your info from other search engines

• Bing: Submit removal requests through Bing’s Content Removal tool for specific personal information like addresses, phone numbers, or sensitive data. Note that Bing primarily crawls and caches content from other websites, so removing the original source content first will prevent re-indexing.
• Yahoo: Yahoo Search results are powered by Bing, so use the same Bing Content Removal process. For Yahoo-specific services, contact their support team to request removal of cached pages and personal information from search results.
• DuckDuckGo and other privacy-focused engines: These search engines don’t store personal data or create profiles, but pull results from multiple sources. We suggest that you focus on removing content from the original source websites, then request the search engines to update their cache to prevent your information from reappearing in future crawls.

Escalate if needed

After sending your removal request, give the search engine or source website 7 to 10 business days to respond initially, then follow up weekly if needed. If a website owner doesn’t respond within 30 days or refuses your request, you have several escalation options:

• Contact the hosting provider: Web hosts often have policies against sites that violate privacy laws
• File complaints: Report to your state attorney general’s office or the Federal Trade Commission
• Seek legal guidance: For persistent cases involving sensitive information, consult with a privacy attorney

For comprehensive guidance on website takedown procedures and your legal rights, visit the FTC’s privacy and security guidance for the most current information on consumer data protection. Direct website contact can be time-consuming, but it’s often effective for removing information from smaller sites that don’t appear on major data broker opt-out lists. Stay persistent, document everything, and remember that you have legal rights to protect your privacy online.

Remove your information from browsers

After you’ve cleaned up your data from websites and social platforms, your web browsers may still save personal information such as your browsing history, cookies, autofill data, saved passwords, and even payment methods. Clearing this information and adjusting your privacy settings helps prevent tracking, reduces targeted ads, and limits how much personal data websites can collect about you.

• Clear your cache: Clearing your browsing data is usually done by going to Settings and looking for the Privacy and Security section, depending on the specific browser. This is applicable in Google Chrome, Safari, Firefox, Microsoft Edge, as well as mobile phone operating systems such as Android and iOS.

• Disable autofill: Autofill gives you the convenience of not having to type your information every time you accomplish a form. That convenience has a risk, though—autofill saves addresses, phone numbers, and even payment methods. To prevent websites from automatically populating forms with your sensitive data, disable the autofill settings independently. For better security, consider using a dedicated password manager instead of browser-based password storage.
• Set up automatic privacy protection: Set up your browsers to automatically clear cookies, cache, and site data when you close them. This ensures your browsing sessions don’t leave permanent traces of your personal information on your device.
• Use privacy-focused search engines: Evaluate the possibility of using privacy-focused search engines like DuckDuckGo as your default. These proactive steps significantly reduce how much personal information browsers collect and store about your online activities.

Get your address off the internet

When your home address is publicly available, it can expose you to risks like identity theft, stalking, or targeted scams. Taking steps to remove or mask your address across data broker sites, public records, and even old social media profiles helps protect your privacy, reduce unwanted contact, and keep your personal life more secure.

1. Opt out of major data broker sites: The biggest address exposers are Whitepages, Spokeo, and BeenVerified. Visit their opt-out pages and submit removal requests using your full name and current address. Most sites require email verification and process removals within 7-14 business days.
2. Contact public records offices about address redaction: Many county and state databases allow address redaction for safety reasons. File requests with your local clerk’s office, voter registration office, and property records department. Complete removal isn’t always possible, but some jurisdictions offer partial address masking.
3. Enable WHOIS privacy protection on domain registrations: If you own any websites or domains, request your domain registrar to add privacy protection services to replace your personal address with the registrar’s information.
4. Review old forum and social media profiles: Check your profiles on forums, professional networks, and social platforms where you may have shared your address years ago. Delete or edit posts containing location details, and update bio sections to remove specific address information.
5. Verify removal progress: Every month, do a search of your name and address variations on different search engines. You also can set up Google Alerts to monitor and alert you when new listings appear. Most data broker removals need to be renewed every 6-12 months as information gets re-aggregated.

The cost to delete your information from the internet

The cost to remove your personal information from the internet varies, depending on whether you do it yourself or use a professional service. Read the guide below to help you make an informed decision:

DIY approach

Removing your information on your own primarily requires time investment. Expect to spend 20 to 40 hours looking for your information online and submitting removal requests. In terms of financial costs, most data brokers may not charge for opting out, but other expenses could include certified mail fees for formal removal requests—about $3-$8 per letter—and possibly notarization fees for legal documents. In total, this effort can be substantial when dealing with dozens of sites.

Professional removal services

Depending on which paid removal and monitoring service you employ, basic plans typically range from $8 to $25 monthly while annual plans, which often provide better value, range from $100 to $600. Premium services that monitor hundreds of data broker sites and provide ongoing removal can cost $1,200-$2,400 annually.

The difference in pricing is driven by several factors. This includes the number of data broker sites to be monitored, which could cover more than 200 sites, and the scope of removal requests which may include basic personal information or comprehensive family protection. The monitoring frequency and additional features such as dark web monitoring, credit protection, and identity restoration support and insurance coverage typically command higher prices.

The value of continuous monitoring

The upfront cost may seem significant, but continuous monitoring provides essential value. A McAfee survey revealed that 95% of consumers’ personal information ends up on data broker sites without their consent. It is possible that after the successful removal of your information, it may reappear on data broker sites without ongoing monitoring. This makes continuous protection far more cost-effective than repeated one-time cleanups.

Services such as McAfee Personal Data Cleanup can prove invaluable, as it handles the initial removal process, as well as ongoing monitoring to catch when your information resurfaces, saving you time and effort while offering long-term privacy protection.

Aside from the services above, comprehensive protection software can help safeguard your privacy and minimize your exposure to cybercrime with these offerings such as:

• An unlimited virtual private network to make your personal information much more difficult to collect and track
• Identity monitoring that tracks and alerts you if your specific personal information is found on the dark web
• Identity theft coverage and restoration helps you pay for legal fees and travel expenses, and further assistance from a licensed recovery pro to repair your identity and credit
• Other features such as safe browsing to help you avoid dangerous links, bad downloads, malicious websites, and more online threats when you’re online

So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal information more private and secure.

Essential steps if your information is found on the dark web

Unlike legitimate data broker sites, the dark web operates outside legal boundaries where takedown requests don’t apply. Rather than trying to remove information that’s already circulating, you can take immediate steps to reduce the potential harm and focus on preventing future exposure. A more effective approach is to treat data breaches as ongoing security issues rather than one-time events.

Both the FTC and Cybersecurity and Infrastructure Security Agency have released guidelines on proactive controls and continuous monitoring. Here are key steps of those recommendations:

1. Change your passwords immediately and enable multi-factor authentication. Start with your most critical accounts—banking, email, and any services linked to financial information. Create unique, strong passwords for each account and enable MFA where possible for an extra layer of protection.
2. Monitor your financial accounts and credit reports closely. Check your bank statements, credit card accounts, and investment accounts for any unauthorized activity. Request your free annual credit reports from all three major bureaus and carefully review them for accounts you didn’t open or activities you don’t recognize.
3. Place fraud alerts or credit freezes. Contact Equifax, Experian, and TransUnion to place fraud alerts, which require creditors to verify your identity before approving new accounts. Better yet, consider a credit freeze to block access to your credit report entirely until you lift it.
4. Replace compromised identification documents if necessary. If your Social Security number, driver’s license, or passport information was exposed, contact the appropriate agencies to report the breach and request new documents. IdentityTheft.gov provides step-by-step guidance for replacing compromised documents.
5. Set up ongoing identity monitoring and protection. Consider using identity monitoring services that scan the dark web and alert you to new exposures of your personal information.
6. Document everything and report the incident. Keep detailed records of any suspicious activities you discover and all steps you’ve taken. File a report with the FTC and police, especially if you’ve experienced financial losses. This documentation will be crucial for disputing fraudulent charges or accounts.

Legal and practical roadblocks

As you go about removing your information for the internet, it is important to set realistic expectations. Several factors may limit how completely you can remove personal data from internet sources:

• The United States lacks comprehensive federal privacy laws requiring companies to delete personal information upon request.
• Public records, court documents, and news articles often have legal protections that prevent removal.
• International websites may not comply with U.S. deletion requests.
• Cached copies could remain on search engines and archival sites for years.
• Data brokers frequently repopulate their databases from new sources even after opt-outs.

While some states like California have stronger consumer privacy rights, most data removal still depends on voluntary compliance from companies.

Final thoughts

Removing your personal information from the internet takes effort, but it’s one of the most effective ways to protect yourself from identity theft and privacy violations. The steps outlined above provide you with a clear roadmap to systematically reduce your online exposure, from opting out of data brokers to tightening your social media privacy settings.

This isn’t a one-time task but an ongoing process that requires regular attention, as new data appears online constantly. Rather than attempting to complete digital erasure, focus on reducing your exposure to the most harmful uses of your personal information. Services like McAfee Personal Data Cleanup can help automate the most time-consuming parts of this process, monitoring high-risk data broker sites and managing removal requests for you.

The post How to Remove Your Personal Information From the Internet appeared first on McAfee Blog.

Trojan horse malware was recently in the news after researchers discovered that an email contained an innocent-looking .pdf file attachment. CSO Online magazine reported that when the attachment was clicked, a permission request popped up and the email recipient clicked “allow,” initiating the document download and save, and executing the malware.

Trojans continue to be one of the most widespread cyberthreats globally, accounting for 58% of all malware as reported by Dataprot.net, as criminals adapt their methods to bypass advancing security measures. But all is not lost. In this guide, we will take a closer look at how you can detect Trojans on your computer, and share ways to detect and remove them.

What is a Trojan?

A Trojan, often called a Trojan horse, is a type of malicious software that disguises itself as a legitimate program to deceive you into installing it on your device. Its name is taken from the story of Odysseus who hid his Greek soldiers inside a wooden gift horse to infiltrate the city of Troy.

While the term “Trojan virus” is commonly used, a Trojan is not technically a virus. Both are types of malware, but they behave differently. A virus is a piece of code that attaches itself to other programs and, when run, replicates itself to spread to other files and systems. A Trojan, however, is a standalone program that cannot self-replicate. It relies entirely on tricking the user into downloading and executing it.

From their beginnings in the 1980s as simple social engineering tricks with limited technical sophistication, modern Trojans have dramatically transformed to become multi-stage campaigns that use legitimate-looking emails, fake software updates, and compromised websites to deliver malware that can remain undetected for months. Recently, Trojan attacks have exploited the supply chain to target software vendors directly, allowing criminals to distribute the malware through channels that consumers trust.

The dangers that Trojans bring

The dangers of a Trojan are extensive, ranging from direct financial loss to a complete invasion of your privacy. Once a Trojan enters your PC, cybercriminals can steal sensitive credentials for your banking and credit card accounts, leading directly to theft. They can also access and exfiltrate personal files, photos, and documents, creating a serious privacy exposure.

Beyond theft, an attacker can use this access to take complete control of your device. They might install other types of malware like ransomware or spyware, use your computer as part of a botnet to attack others, or simply monitor your every keystroke. This total loss of device control and privacy is one of the biggest dangers. However, these risks are manageable if caught early. This demonstrates the importance of layered protection with real-time monitoring and community intelligence. As cybercrime attack methods evolve, your security needs to adapt, too.

Methods of spreading Trojans

• Phishing emails: These legitimate-looking emails contain malicious attachments or links that, when opened, install the Trojan. To avoid getting infected, never open attachments from unsolicited sources.
• Cracked software: Websites offering free versions of paid software often bundle Trojans with the download. That “free” software could cost you everything. View such offers with a healthy dose of skepticism. Always use legitimate, official software.
• Fake updates: Pop-ups pretending to be legitimate updates for software like Adobe Flash Player can trick you. If you wish to update your software, it is best to go directly to the official website.
• Malvertising: Malicious ads on legitimate websites can redirect you to pages that automatically download malware. When these online ads pop-up, be cautious about clicking them.

The Trojan invasion process

A Trojan infection follows a stealthy, multi-stage process. The delivery stage begins with a lure, where social engineering tactics, such as a convincing email or a free software offer, trick you into downloading and opening a malicious file. In the execution stage, you run the seemingly harmless program and unknowingly trigger the Trojan’s installation. The malware then often embeds itself into your system’s startup processes to ensure it persistently runs every time you turn on your PC. From there, it connects to a remote command-and-control server operated by the attacker, awaiting instructions for its malicious actions, such as stealing your credentials or monitoring your activity.

Types of Trojan malware

Trojans come in different forms, each with their own process of attack. Here are some of them:

• Backdoor Trojans: These create a hidden backdoor, bypassing normal authentication measures. These backdoors often remain hidden for long periods, allowing attackers to steal files, or install additional malware without your knowledge.
• Keylogger Trojans: Once installed, these Trojans remotely control your PC persistently, recording your keyboard strokes to capture passwords, accessing your files, and taking screen captures.
• Banker Trojans: As the name suggests, these Trojans are designed to steal your login credentials for online banking, payment systems, and credit card accounts. They work by hijacking browser sessions, injecting fake login pages, or capturing keystrokes to steal your credentials and manipulate your transactions.
• Downloader Trojans: These Trojans act as delivery mechanisms for other malware. One type—downloaders—connect to remote servers to fetch additional malicious payloads after initial infection. Another type known as droppers carry other malware within their code and deploy it directly upon execution.
• DDoS Trojans: They turn infected computers into zombie-like “bots” that participate in Distributed Denial-of-Service attacks that overwhelm and crash websites, servers, and online services, causing outages or financial damage.
• Scareware or fake antivirus Trojans: This type of malware mimics legitimate security software, showing fake virus alerts to scare you into paying for a “premium” but useless version or further compromise the device.

Real-life Trojan attacks

• Banking credential theft: The Zeus Trojan family spread through fake banking emails with links to infected websites. Once installed, it secretly captured online banking passwords and credit card details as users typed them. This led to millions of dollars in stolen funds and compromised accounts worldwide, forcing banks to implement stronger authentication measures.
• Corporate data exfiltration: Emotet initially appeared as urgent invoice attachments and shipping notifications in business emails. After infection, it silently collected email contacts, login credentials, and sensitive documents from corporate networks. Companies faced significant data breaches, regulatory fines, and damaged customer trust as their confidential information was sold on criminal marketplaces.
• Botnet recruitment: The Mirai Trojan targeted smart home devices by exploiting default login credentials on routers and security cameras. Infected devices became part of massive botnets used to launch devastating attacks that temporarily shut down major websites and services, while users were oblivious that their gadgets were being used for cyberattacks.
• Multi-stage attacks: TrickBot masqueraded as software updates and legitimate business documents. Aside from stealing banking information, it installed ransomware that encrypted entire networks. Organizations faced operational shutdowns, hefty ransom demands, and costly recovery efforts that sometimes took months to complete.

By understanding the signs of a Trojan virus presence on your computer and using comprehensive security software, you dramatically reduce the danger and protect your digital life.

Signs of Trojan presence on your PC

A Trojan attack isn’t just a single event; it’s the entire process a cybercriminal uses to trick you into running malicious software. Recognizing the early warning signs is key. Here are some of the most common cues that can help you know if you have a Trojan virus attack in progress.

• Slower than usual computer performance: Trojans tend to install additional malware that consumes computer processing units and memory resources. This can significantly slow your computer down and cause your operating system to become unstable and sluggish.
• Unauthorized apps appear: A common symptom of Trojan infection is the sudden appearance of apps you don’t recall downloading or installing. If you notice an unfamiliar app from an unverified developer in your Windows Task Manager, there’s a good chance that it is malicious software installed by a Trojan.
• Operating system crashes and freezes: Trojans can overwhelm your system and cause recurring crashes and freezes. An example of this is the Blue Screen of Death, a Windows error screen that means the system can no longer operate due to hardware failure or the termination of an important process.
• Frequent browser redirects: A Trojan can manipulate your browser or modify domain name system settings to redirect the user to malicious websites. Frequent redirects are a red flag, so you should scan your computer the moment you notice an uptick in these redirect patterns.
• Aggressive popups: If you’re noticing more pop-up ads than usual, especially those claiming your web browser or a media player is out of date, there’s a strong possibility that a Trojan has installed a malicious adware program on your PC. These fake alerts trick you into installing the Trojan instead of a real update.
• Disabled security and other software. Trojans can interfere with applications and prevent them from running. A common mid-attack behavior is the Trojan deactivating your browser, apps such as word processing and spreadsheet software, or your antivirus or firewall, it’s a major red flag.
• Unexpected password requests: The Trojan may display a fake system prompt asking you to re-enter your computer password or credentials for an online account, which it then captures.
• Constant, unexplained network activity: Your computer’s internet connection may seem unusually busy even when you’re not using it. This could be the Trojan communicating with a remote server.

Recognizing these signs early allows you to act quickly. If something feels off, trusting your instinct and running a scan can help you find and contain a threat before it does significant harm.

4 best ways to check for a Trojan on your PC

If you’re noticing any of the symptoms above, it’s time to investigate further using automated tools and manual checks. A layered approach is the best way to find and confirm a Trojan infection. To get started, follow the steps below:

1. Scan your PC

The first step is to scan your PC using an antivirus software. Plenty of scan options are available on the market offering real-time protection from all types of malicious software threats, including viruses, rootkits, spyware, adware, ransomware, and Trojans. Some even feature on-demand and scheduled scanning of files and apps, advanced firewall for home network security, and compatibility with Windows, macOS, Android, and iOS devices.

2. Search for Trojans while in safe mode

The next step is to search for Trojans while your computer is in safe mode. In this phase, your device will run only the basic programs needed for Microsoft Windows operation, making it easy to spot any unfamiliar or suspicious programs. Here’s how to do it:

1. Type “MSCONFIG.” in the search bar from the Start menu.
2. Click on the “Boot” tab in the System Configuration box.
3. Tick “Safe Mode” and click “Apply,” then “OK.”
4. After the system restarts, re-open the configuration box.
5. Click on “Startup.”
6. Examine the list and see if there are any suspicious files.
7. Disable any you deem suspicious.

3. Check processes in Windows Task Manager

Another effective way to detect if Trojans are in your system is to check the processes running in Windows Task Manager. This will allow you to see if there are any unfamiliar and unauthorized malicious programs or suspicious activity.

To go to the Task manager, press Ctrl+Alt+Del and click on the “Processes” tab. Review the list of active applications and disable the apps without verified publishers or ones you don’t remember downloading and installing.

4. Scan with Windows security

You can also scan your PC using built-in Windows virus and threat protection tools. Microsoft Defender (called Windows Defender Security Center in older versions of Windows 10) can perform virus scans and detect various types of malware. These are the parts to note:

Windows’ built-in security, known as Microsoft Defender, is a capable tool that can detect and remove many common Trojans. For basic protection, it provides a solid first line of defense and is far better than having no security at all. It handles known threats well and is constantly updated by Microsoft.

However, a dedicated security suite offers more comprehensive, layered protection. This goes beyond simple malware removal to include advanced features like a robust firewall, real-time phishing protection that blocks malicious websites before they load, identity safeguards, and a VPN for secure browsing. These layers work together to stop threats *before* they can infect your PC, which is always better than removing them after the fact.

Think of it as the difference between a standard lock on your door and a full home security system. For everyday, low-risk browsing, the built-in tool may be enough. But for anyone who banks, shops, or shares personal information online, the added protection of a full security suite provides essential peace of mind against a wider range of threats.

Remember to check your network

Most Trojans communicate with a remote command-and-control server to receive instructions or send stolen data through your internet connection. By monitoring your network activity, you can spot these hidden connections early. Unusual outbound traffic, unfamiliar IP addresses, or constant background data transfers are all red flags that something malicious might be operating behind the scenes.

• Monitor active connections: Use the Resource Monitor tool in Windows (resmon.exe) to see which applications are using your network. Look for any unfamiliar processes making outbound connections.
• Verify DNS and proxy settings: In your Windows network settings, check that your DNS server and proxy settings haven’t been changed. Trojans often alter these to redirect your traffic through malicious servers.
• Firewall logs: Firewall logs can show repeated attempts by a specific program to connect to the internet, which is a strong indicator of a Trojan trying to communicate with its operator.

Choose the best Trojan scanner & removal tool

If you’re in the market for a tool that scans and removes Trojans, you have the option of free or premium tools. Whichever you choose, the key is to act quickly but carefully before the Trojan can cause any lasting damage.

Free tools are a great step

A free scan is the perfect first step to determine if you have a Trojan virus on your system. These no-cost tools provide an immediate way to detect potential threats and give you peace of mind about your PC’s security status.

Free Trojan scanners work by examining your system files, running processes, and common hiding spots where malware typically lurks. They check for known Trojan signatures, suspicious file behaviors, and registry modifications that indicate a possible infection. While they may not catch every advanced threat, they’re excellent for identifying common Trojans and giving you a clear starting point.

Simple steps to run your free scan

1. Choose your scanner: Download a reputable free scanning tool from a trusted security provider’s official website. Ensure your scanner has the latest threat definitions for maximum effectiveness.
2. Close other programs: Restart your PC in Safe Mode and close any unnecessary applications to improve scan performance and accuracy.
3. Run a full system scan: Make sure you select the free tool’s comprehensive scan option to check all files, not just a quick scan.
4. Review the results: Carefully examine any detected threats, noting their names and file locations. When threats are found, most free scanners will categorize them by risk level and provide recommended actions.
5. Take action on findings: Quarantine or delete identified threats as recommended by the scanner. High-risk items should be immediately quarantined or deleted, while suspicious files may need further analysis. Be careful as some legitimate files can occasionally trigger false positives.
6. Restart and rescan: Reboot your PC and run another scan to confirm that the Trojan or any threat was completely removed.

Free scanning tools give you valuable insight into your system’s health and serve as an excellent diagnostic tool to check Trojan presence. However, they typically offer detection and removal only, without the real-time protection needed to prevent future infections.

Comprehensive scanning with McAfee antivirus

For comprehensive security that stops threats before they can infect your system, consider upgrading to a complete security solution that provides continuous monitoring and advanced threat protection. Modern antivirus suites like McAfee Total Protection are expertly designed to detect and block Trojans. They use a layered security model that includes signature detection to identify known malware, behavioral analysis to spot suspicious activities characteristic of a Trojan, and artificial intelligence to protect against the very latest threats. Real-time protection actively scans files as you access them, while scheduled and manual scans allow you to thoroughly check your entire system for any hidden malware.

McAfee software is especially effective when it comes to scanning for Trojans and other types of malware and removing them before they can cause any damage to your computer system. With real-time, on-demand, and scheduled scanning of files and applications at your disposal, we’ll help you detect and eliminate any emerging threat in a timely manner.

Remove the Trojan from any platform

In any computer platform—Windows or macOS—the process of scanning and removing a Trojan with McAfee software is similar and absolutely achievable. These steps will help you regain control of your device:

1. Disconnect your PC: Unplug your ethernet cable or turn off Wi-Fi to stop the Trojan from communicating online.
2. Reboot in Safe Mode: Restart your computer in Safe Mode to prevent most malware from loading.
3. Run a full antivirus scan: Use a trusted tool like McAfee to run a complete scan and quarantine or delete any threats it finds.
4. For Mac: Run a full system scan with trusted security software designed for this device.
5. Reset your browsers: Return your web browsers to their default settings to remove any malicious or unfamiliar extensions or changes. Update macOS to the latest version to patch security vulnerabilities.
6. Reboot and rescan: Restart your PC normally and run another full scan to confirm the Trojan is completely gone.
7. Change all your passwords: Once your computer is clean, immediately change passwords for your email, banking, and other important accounts.

Once you’ve completed the removal process, strengthen your defenses by enabling automatic updates, using reputable security software, and being cautious about downloads and email attachments. Regular system scans and keeping your software current are your best protection against future infections. With these steps, you can confidently clean your devices and prevent repeat attacks.

Quick tips to prevent a Trojan virus invasion

• Keep software updated: Enable automatic updates for your operating system, web browser, and applications to patch security vulnerabilities.
• Scrutinize emails: Do not open attachments or click links from unknown or suspicious senders. Verify requests for information.
• Use strong, unique passwords: Employ a password manager to create and store complex passwords for each of your online accounts.
• Enable a firewall: Ensure your network firewall is active to monitor and control incoming and outgoing network traffic.
• Backup data regularly: Keep regular backups of your important files so you can restore them in case of a ransomware attack or data corruption.
• Avoid risky downloads: Only download applications from official websites and trusted app stores.
• Enable multi-factor authentication (MFA): Add this extra security layer to your important online accounts.
• Use real-time protection: Ensure a comprehensive security suite like McAfee is always running to detect threats instantly.

FAQs about Trojans

What is a Trojan horse?

A Trojan is malware that disguises itself as a legitimate file or program. Once you run it, it can perform malicious actions such as stealing data or giving an attacker remote control of your PC.

How does a Trojan spread?

Trojans don’t spread on their own. They rely on you to download and run them. This often happens through phishing emails with fake attachments, malicious ads, or downloads of cracked software.

Can Macs and phones get infected by Trojans?

Yes. While less common than on Windows PCs, Trojans exist for all major operating systems, including macOS, Android, and iOS. It’s crucial to only install apps from official app stores to stay safe.

What is the quickest way to check for a Trojan?

The fastest and most reliable method to check for a Trojan in your computer is to run a full system scan with a trusted antivirus program. This will check all files and running processes for known threats.

How long does it take to remove a Trojan?

Removal time can vary. A good antivirus scan might find and remove it in under an hour. However, some complex Trojans may require more steps, like booting into Safe Mode, which can take longer.

What should I do immediately after removing a Trojan?

Once your system is clean, the first thing you should do is change the passwords for all your important accounts, especially email, banking, and social media, as the Trojan may have stolen them.

Final thoughts

Wondering if your computer has been infected by a Trojan can be worrying, but it’s a manageable issue with the right approach. By understanding the signs of a Trojan virus and using the detection methods outlined, you can take back control of your device’s security. To prevent getting infected by a Trojan, proactive measures such as safe online habits and the layered defense of a trusted security suite like McAfee are your best defenses. Stay vigilant and keep your software updated, so you can confidently navigate the digital world.

The post Best Ways to Check for a Trojan on Your PC appeared first on McAfee Blog.

I think I could count on one hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids! Email hacking is one of the very unfortunate downsides of living in our connected, digital world. And it usually occurs as a result of a data breach – a situation that even the savviest tech experts find themselves in.

What is a data breach?

In simple terms, a data breach happens when personal information is accessed, disclosed without permission, or lost. Companies, organisations, and government departments of any size can be affected. Data stolen can include customer login details (email addresses and passwords), credit card numbers, identifying IDs of customers e.g. driver’s license numbers and/or passport numbers, confidential customer information, company strategy, or even matters of national security.

Data breaches have made headlines, particularly over the last few years. When the Optus and Medibank data breaches hit the news in 2022 affecting almost 10 million Aussies apiece, we were all shaken. But then when Aussie finance company Latitude was affected in 2023 with a whopping 14 million people from both Australia and New Zealand, it almost felt inevitable that by now, most of us would have been impacted.

The reality is that data breaches have been happening for years. In fact, the largest data breach in Australian history happened in 2019 to the online design site Canva which affected 139 million users globally. In short, it can happen to anyone, and the chances are you may have already been affected.

Your email is more valuable than you think

The sole objective of a hacker is to get their hands on your data. Any information that you share in your email account can be very valuable to them. Why do they want your data, you ask? It’s simple really – so they can cash in!

Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’ with the aim of extracting valuable data and/or funds. The more sophisticated ones will sell your details including name, telephone, email address, and credit card details to cash in on the dark web. They often do this in batches. Some experts believe they can get as much as AU$250 for a full set of details including credit cards. So, you can see why they’d be interested in you.

The other reason why hackers will be interested in your email address and password is that many of us re-use our login details across our other online accounts. Once they’ve got their hands on your email credentials, they may be able to access your online banking and investment accounts, if you use the same credentials everywhere. So, you can see why I harp on about using a unique password for every online account!

How big is the problem?

There is a plethora of statistics on just how big this issue is – all of them concerning. According to the Australian Institute of Criminology, of all the country’s cybercrime reports in 2024, about 21.9% involved identity theft and misuse. The Australian Bureau of Statistics adds that the identity theft victimisation rate has steadily increased from 0.8% to 1.2% from 2021 to 2024, respectively.

Meanwhile, The Australian Government revealed that at least one cybercrime is reported every 6 minutes, with business email compromise alone costing the national economy up to $84 million in losses. Regardless of which statistic you choose to focus on, we have a big issue on our hands.

How does an email account get hacked?

Hackers use a range of techniques—some highly sophisticated, others deceptively simple—to gain access. It is important to know how these attacks happen so you can stay ahead and prevent them.

• Phishing scams: These are deceptive emails that trick you into entering your login details on a fake website that looks legitimate.
• Data breaches: If a website where you used your email and password gets breached, criminals can use those leaked credentials to try and access your email account.
• Weak or reused passwords: Using simple, easy-to-guess passwords or the same password across multiple sites makes it easy for hackers to gain access.
• Malware: Malicious software like keyloggers can be installed on your computer without your knowledge, capturing everything you type, including passwords.
• Unsecure Wi-Fi networks: Using public Wi-Fi without a VPN can expose your data to criminals monitoring the network.

From email hack to identity theft

Yes, absolutely. An email account is often the central hub of your digital life. Once a cybercriminal controls it, they can initiate password resets for your other online accounts, including banking, shopping, and social media. They can intercept sensitive information sent to you, such as financial statements or medical records.

With enough information gathered from your emails, they can commit identity theft, apply for credit in your name, or access other sensitive services. If you suspect your email was hacked, it’s crucial to monitor your financial statements and consider placing a fraud alert with credit bureaus.

Signs that your email has been hacked

• You can no longer log in. The most obvious sign of an email hack is when your password suddenly stops working. Cybercriminals often change the password immediately to lock you out.
• Friends receive strange messages from you. If your contacts report receiving spam or phishing emails from your address that you didn’t send, it’s a major red flag that someone else has control of your account.
• Unusual activity in your folders. Check your “Sent” folder for messages you don’t recognize. Hackers might also set up forwarding rules to send copies of your incoming emails to their own address, so check your settings for any unfamiliar forwarding addresses.
• Password reset emails you didn’t request. Receiving unexpected password reset emails for other services (like your bank or social media) is a sign that a hacker is using your email to try and take over your other online accounts.
• Security alerts from your provider. Pay attention to notifications about new sign-ins from unfamiliar devices, locations, or IP addresses. These are often the first warnings that your account has been compromised.

Steps to email recovery

If you find yourself a victim of email hacking, these are a few very important steps you need to take. Fast.

Change your password

Using a separate, clean device, this is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use random words and characters, a passphrase with a variety of upper and lower cases, and throw in some symbols and numbers.

I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack! But, better still, get yourself a password manager that will create a password that no human would be capable of creating. If you find the hacker has locked you out of your account by changing your password, you will need to reset the password by clicking on the ‘Forgot My Password’ link.

Update other accounts that use the same password

This is time-consuming, but essential. Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many people use the same logins for multiple accounts, so it is guaranteed they will try your info in other email applications and sites such as PayPal, Amazon, Netflix – you name it!

Once the dust has settled, review your password strategy for all your online accounts. A best practice is to ensure every online account has its own unique and complex password.

Sign out of all devices

Most email services have a security feature that lets you remotely log out of all active sessions. Once you’ve changed your password, signing out from your email account also signs out the hacker and forces them to log-in with the new password, which fortunately they do not know. These, combined with two- or multi-factor authentication, will help you to regain control of your account and prevent further compromise.

Inform your email contacts

A big part of the hacker’s strategy is to get their claws into your address book to hook others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails—most likely loaded with malware—that have come from you.

Commit to multi-factor authentication

Two-factor or multi-factor authentication may seem like an additional, inconvenient step to your login, but it also adds another layer of protection. Enabling this means you will need a special one-time-use code to log in, aside from your password. This is sent to your mobile phone or generated via an authenticator app. So worthwhile!

Check your email settings

It is common for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins to other sites; they can also keep a watchful eye on any particularly juicy personal information. So, check your mail forwarding settings to ensure no unexpected email addresses have been added.

Also, ensure your ‘reply to’ email address is actually yours. Hackers have been known to create an email address that looks similar to yours, so that when someone replies, it will go straight to their account, not yours.

Don’t forget to check your email signature to ensure nothing spammy has been added, as well as your recovery phone number and alternate email address. Hackers also change these to maintain control. Update them to your own secure details.

Scan your computer for malware and viruses

Regularly scanning your devices for unwanted invaders is essential. If you find anything, please ensure it is addressed, and then change your email password again. If you don’t have antivirus software, please invest in it.

Comprehensive security software will provide you with a digital shield for your online life, protecting all your devices – including your smartphone – from viruses and malware. Some services also include a password manager to help you generate and store unique passwords for all your accounts.

Consider creating a new email address

If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, consider starting afresh. Do not, however, delete your old email address because email providers are known to recycle old email addresses. This means a hacker could spam every site they can find with a ‘forgot my password’ request and try to impersonate you and steal your identity.

Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. Even though it may feel that getting hacked is inevitable, you can definitely reduce your risk by installing some good-quality security software on all your devices.

Trusted and reliable comprehensive security software will alert you when visiting risky websites, warn you when a download looks dodgy, and block annoying and dangerous emails with anti-spam technology. It makes sense really – if you don’t receive the dodgy phishing email – you can’t click on it. Smart!

Finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password!

Report the incident

Reporting an email hack is a crucial step to create a necessary paper trail for disputes with banks or credit agencies. When reporting, gather evidence such as screenshots of suspicious activity, unrecognized login locations and times, and any phishing emails you received. This information can be vital for the investigation.

• Your email provider: Use their official support or recovery channels immediately. They can help you investigate and regain control of your account. Do not use links from suspicious emails claiming to be from support.
• Financial institutions: If you’ve disclosed sensitive financial information or use the email for banking, contact your bank and credit card companies immediately. Alert them to potential fraud and monitor your statements.
• Friends, family, and contacts: Send a message to your contacts warning them that your account was compromised. Advise them not to open suspicious messages or click on links sent from your address during that time.
• Your employer: If it’s a work email, or if your personal email is used for work purposes, notify your IT department immediately. They need to take steps to protect company data and systems.
• Relevant authorities: For financial loss or identity theft, you can report the incident to authorities like the FBI’s Internet Crime Complaint Center or Action Fraud in the UK. This creates an official record and aids in wider law enforcement efforts.

Check if online accounts linked to your email were compromised

• Prioritize critical accounts: Immediately check your online banking, financial, and government-related accounts. Review recent activity for any unauthorized transactions or changes.
• Review social media and shopping sites: Check your social media for posts or messages you didn’t send. Review your online shopping accounts like Amazon for any purchases or address changes you don’t recognize.
• Enable alerts: Turn on login and transaction alerts for your sensitive accounts. This will give you real-time notifications of any suspicious activity in the future.

Should you delete your hacked email account?

Generally, no. Deleting the account can cause more problems than it solves. Many online services are linked to that email, and deleting it means you lose the ability to receive password reset links and security notifications for those accounts.

More importantly, some email providers recycle deleted addresses, meaning a hacker could potentially re-register your old email address and use it to impersonate you and take over your linked accounts.

The better course of action is to regain control, thoroughly secure the account with a new password and multi-factor authentication, and clean up any damage. Only consider migrating to a new email address after you have fully secured the old one.

Future-proof your email after reclaiming control

• Run a full security scan: Before doing anything else, run a comprehensive scan with a trusted antivirus program on all your devices to ensure no malware or keyloggers remain.
• Double-check security settings: Confirm that your recovery email and phone number are correct and that multi-factor authentication is enabled, preferably using an authenticator app rather than SMS.
• Review account permissions: Check which third-party apps and websites have access to your email account. Revoke access for any service you don’t recognize or no longer use.
• Set periodic reminders: Make it a habit to review your account’s security logs and settings every few months to catch any potential issues early.

• Learn to spot phishing: Be skeptical of unsolicited emails asking for personal information or creating a sense of urgency. Check the sender’s address and hover over links before clicking.
• Keep software updated:Regularly update your operating system, web browser, and security software to protect against the latest vulnerabilities.
• Secure your devices: Use comprehensive security software like McAfee+ on all your devices—computers, tablets, and smartphones—to protect against malware, viruses, and risky websites.

Provider-specific email recovery

Each email provider has a specific, structured process for account recovery. It is vital to only use the official recovery pages provided by the service and be wary of scam websites or third-party services that claim they can recover your account for a fee. Below are the official steps of the major providers that you can follow.

Gmail

1. Go to Google’s official Account Recovery page.
2. Enter your email address and follow the on-screen prompts. You will be asked questions to confirm your identity, such as previous passwords or details from your recovery phone number or email.
3. Once you regain access, you will be prompted to create a new password.
4. Immediately visit the Google Security Checkup to review recent activity, remove unfamiliar devices, check third-party app access, and enable 2-step verification.

Yahoo email

1. Navigate to the Yahoo Sign-in Helper page.
2. Enter your email address or recovery phone number and click “Continue.”
3. Follow the instructions to receive a verification code or account key to prove your identity.
4. Once verified, create a new, strong password.
5. After regaining access, go to your Account Security page to review recent activity, check recovery information, and turn on 2-step verification.

Outlook or Hotmail

1. Go to the official Microsoft account recovery page.
2. You’ll need to provide your email, phone, or Skype name, and verify your identity using the security information linked to your account.
3. If you cannot access your recovery methods, you will be directed to an account recovery form where you must provide as much information as possible to prove ownership.
4. After resetting your password, visit your Microsoft account security dashboard to review sign-in activity, check connected devices, and enable two-step verification.

Final thoughts

Your email account is the master key to your digital kingdom, and protecting it is more critical than ever since many of your other accounts are connected with your email. Realizing “my email has been hacked” is a stressful experience, but taking swift and correct action can significantly limit the damage.

By following the recovery steps and adopting strong, ongoing security habits like using a password manager and enabling multi-factor authentication, you can turn a potential crisis into a lesson in digital resilience. Stay vigilant, stay proactive, and keep your digital front door securely locked.

To add another wall of defense, consider investing in a trusted and reliable comprehensive security software like McAfee+. Our solution will help you dodge hacking attempts by alerting you when visiting risky websites, or downloading questionable apps, and blocking malicious emails with anti-spam technology.

The post What to Do If Your Email Is Hacked appeared first on McAfee Blog.

We’re standing at the threshold of a new era in cybersecurity threats. While most consumers are still getting familiar with ChatGPT and basic AI chatbots, cybercriminals are already moving to the next frontier: Agentic AI. Unlike the AI tools you may have tried that simply respond to your questions, these new systems can think, plan, and act independently, making them the perfect digital accomplices for sophisticated scammers. The next evolution of cybercrime is here, and it’s learning to think for itself.

The threat is already here and growing rapidly. According to McAfee’s latest State of the Scamiverse report, the average American sees more than 14 scams every day, including an average of 3 deepfake videos. Even more concerning, detected deepfakes surged tenfold globally in the past year, with North America alone experiencing a 1,740% increase.

At McAfee, we’re seeing early warning signs of this shift, and we believe every consumer needs to understand what’s coming. The good news? By learning about these emerging threats now, you can protect yourself before they become widespread.

A Real-World Example: How Anthropic’s Claude AI Was Used for Espionage

A new case disclosed by Anthropic, first reported by Axios, marks a turning point: a Chinese state-sponsored group used the company’s Claude Code agent to automate the majority of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails through jailbreaking techniques, fed the model fragmented tasks, and convinced it that it was conducting defensive security tests. Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. In all, they completed 80–90% of the work without any human involvement.

This is the first publicly documented case of an AI agent running a large-scale intrusion with minimal human direction. It validates our core warning: agentic AI dramatically lowers the barrier to sophisticated attacks and turns what was once weeks of human labor into minutes of autonomous execution. While this case targeted major companies and government entities, the same capabilities can, and likely will, be adapted for consumer-focused scams, identity theft, and social engineering campaigns.

Understanding AI: From Simple Tools to Autonomous Agents

Before we dive into the threats, let’s break down what we’re actually talking about when we discuss AI and its evolution:

Traditional AI: The Helper

The AI most people know today works like a very sophisticated search engine or writing assistant. You ask it a question, it gives you an answer. You request help with a task, it provides suggestions. Think of ChatGPT, Google’s Gemini, or the AI features on your smartphone. They’re reactive tools that respond to your input but don’t take independent action.

Generative AI: The Creator

Generative AI, which powers many current scams, can create content like emails, images, or even fake videos (deepfakes). This technology has already made scams more convincing by cloning real human voices and eliminating telltale signs like poor grammar and obvious language errors.

The impact is already visible in the data. McAfee Labs found that for just $5 and 10 minutes of setup time, scammers can create powerful, realistic-looking deepfake video and audio scams using readily available tools. What once required experts weeks to produce can now be achieved for less than the cost of a latte—and in less time than it takes to drink it.

Agentic AI: The Independent Actor

Agentic AI represents a fundamental leap forward. These systems can think, make decisions, learn from mistakes, and work together to solve tough problems, just like a team of human experts. Unlike previous AI that waits for your commands, agentic AI can set its own goals, make plans to achieve them, and adapt when circumstances change

Key Characteristics of Agentic AI:

• Autonomous operation: Works without constant human guidance from a cybercriminal
• Goal-oriented behavior: Actively pursues specific objectives without requiring regular input.
• Adaptive learning: Improves performance based on experience through previous attempts.
• Multi-step planning: Can execute complex, long-term strategies based on the requirements of the criminal.
• Environmental awareness: Understands and responds to changing conditions online.

Gartner predicts that by 2028, a third of our interactions with AI will shift from simply typing commands to fully engaging with autonomous agents that can act on their own goals and intentions. Unfortunately, cybercriminals won’t be far behind in exploiting these capabilities.

The Scammer’s Apprentice: How Agentic AI Becomes the Perfect Criminal Assistant

Think of agentic AI as giving scammers their own team of tireless, intelligent apprentices that never sleep, never make mistakes, and get better at their job every day. Here’s how this digital apprenticeship makes scams exponentially more dangerous.

Traditional scammers spend hours manually researching targets, scrolling through social media profiles, and piecing together personal information. Agentic AI recon agents operate persistently and autonomously, self-prompting questions like “What data do I need to identify a weak point in this organization?” and then collecting it from social media, breach data, exposed APIs and cloud misconfigurations.

What The Scammer’s Apprentice Can Do

• Continuous surveillance: Monitors your social media posts, job changes, and online activity 24/7.
• Pattern recognition: Identifies your routines, interests, and vulnerabilities from scattered digital breadcrumbs.
• Relationship mapping: Understands your connections, colleagues, and family relationships.
• Behavioral analysis: Learns from your communication style, preferred platforms, and response patterns.

Unlike traditional phishing that uses static messages, agentic AI can dynamically update or alter their approach based on a recipient’s response, location, holidays, events, or the target’s interests, marking a significant shift from static attacks to highly adaptive and real-time social engineering threats.

An agentic AI scammer targeting you might start with a LinkedIn message about a job opportunity. If you don’t respond, it switches to an email about a package delivery. If that fails, it tries a text message about suspicious account activity. Each attempt uses lessons learned from your previous reactions, becoming more convincing with every interaction.

AI-generated phishing emails achieve a 54% click-through rate compared to just 12% for their human-crafted counterparts. With agentic AI, scammers can create messages that don’t just look professional, they sound exactly like the people and organizations you trust.

The technology is already sophisticated enough to fool even cautious consumers. As McAfee’s latest research shows, social media users shared over 500,000 deepfakes in 2023 alone. The tools have become so accessible that scammers can now create convincing real-time avatars for video calls, allowing them to impersonate anyone from your boss to your bank representative during live conversations.

Advanced Impersonation Capabilities:

• Voice cloning: Create phone calls that sound exactly like your boss, family member, senator, or bank representative
• Writing style mimicry: Craft emails that perfectly match your company’s communication style.
• Visual deepfakes: Generate fake video calls for “face-to-face” verification.
• Context awareness: Reference specific projects, recent conversations, or personal details

Perhaps most concerning is agentic AI’s ability to learn and improve. As the AI interacts with more victims over time, it gathers data on what types of messages or approaches work best for certain demographics, adapting itself and refining future campaigns to make each subsequent attack more powerful, convincing, and effective. This means that every failed scam attempt makes the AI smarter for its next victim. Understanding how agentic AI will transform specific types of scams helps us prepare for what’s coming. Here are the most concerning developments:

Multi-Stage Campaign Orchestration

Agentic AI can potentially orchestrate complex multi-stage social engineering attacks, leveraging data from one interaction to drive the next one. Instead of simple one-and-done phishing emails, expect sophisticated campaigns that unfold over weeks or months.

Automated Spear Phishing at Scale

Traditional spear phishing required manual research and customization for each target. In the new world order, malicious AI agents will autonomously harvest data from social media profiles, craft phishing messages, and tailor them to individual targets without human intervention. This means cybercriminals can now launch thousands of highly personalized attacks simultaneously, each one crafted specifically for its intended victim.

Real-Time Adaptive Attacks

When a target hesitates or questions an initial approach, agents adjust their tactics immediately based on the response. This continuous refinement makes each interaction more convincing than the last, wearing down even skeptical targets through persistence and learning. Traditional red flags like “This seems suspicious” or “Let me verify this” no longer end the attack, they just trigger the AI to try a different approach.

Cross-Platform Coordination

These autonomous systems now independently launch coordinated phishing campaigns across multiple channels simultaneously, operating with an efficiency human attackers cannot match. An agentic AI scammer might contact you via email, text message, phone call, and social media—all as part of a coordinated campaign designed to overwhelm your defenses.

How to Protect Yourself in the Age of Agentic AI Scams

The rise of agentic AI scams requires a fundamental shift in how we think about cybersecurity. Traditional advice like “watch for poor grammar” no longer applies. Here’s what you need to know to protect yourself:

• The Golden Rule: Never act on urgent requests without independent verification, no matter how convincing they seem.
• Use different communication channels: If someone emails you, call them back using a number you look up independently
• Verify through trusted contacts: When your “boss” asks for something unusual, confirm with colleagues or HR
• Check official websites: Go directly to company websites rather than clicking links in messages
• Trust your instincts: If something feels off, it probably is—even if you can’t identify exactly why

Understanding a New Era of Red Flags

Since agentic AI eliminates traditional warning signs, focus on these behavioral red flags:

High-Priority Warning Signs:

Emotional urgency: Messages designed to make you panic, feel guilty, or act without thinking

Requests for unusual actions: Being asked to do something outside normal procedures

Isolation tactics: Instructions not to tell anyone else or to handle something “confidentially”

Multiple contact attempts: Being contacted through several channels about the same issue

Perfect personalization: Messages that seem to know too much about your specific situation

How McAfee Fights AI with AI: Your Defense Against Agentic Threats

At McAfee, we understand that fighting AI-powered attacks requires AI-powered defenses. Our security solutions are designed to detect and stop sophisticated scams before they reach you. McAfee’s Scam Detector provides lightning-fast alerts, automatically spotting scams and blocking risky links even if you click them, with all-in-one protection that keeps you safer across text, email, and video. Our AI analyzes incoming messages using advanced pattern recognition that can identify AI-generated content, even when it’s grammatically perfect and highly personalized.

Scam Detector keeps you safer across text, email, and video, providing comprehensive coverage against multi-channel agentic AI campaigns. Beyond analyzing message content, our system evaluates sender behavior patterns, communication timing, and request characteristics that may indicate AI-generated scams. Just as agentic AI attacks learn and evolve, our detection systems continuously improve their ability to identify new threat patterns.

Protecting yourself from agentic AI scams requires combining smart technology with informed human judgment. Security experts believe it’s highly likely that bad actors have already begun weaponizing agentic AI, and the sooner organizations and individuals can build up defenses, train awareness, and invest in stronger security controls, the better they will be equipped to outpace AI-powered adversaries.

We’re entering an era of AI versus AI, where the speed and sophistication of both attacks and defenses will continue to escalate. According to IBM’s 2025 Threat Intelligence Index, threat actors are pursuing bigger, broader campaigns than in the past, partly due to adopting generative AI tools that help them carry out more attacks in less time.

Hope in Human + AI Collaboration

While the threat landscape is evolving rapidly, the combination of human intelligence and AI-powered security tools gives us powerful advantages. Humans excel at recognizing context, understanding emotional manipulation, and making nuanced judgments that AI still struggles with. When combined with AI’s ability to process vast amounts of data and detect subtle patterns, this creates a formidable defense.

Staying Human in an AI World

The rise of agentic AI represents both a significant threat and an opportunity. While cybercriminals will certainly exploit these technologies to create more sophisticated scams, we’re not defenseless. By understanding how these systems work, recognizing the new threat landscape, and combining human wisdom with AI-powered protection tools like McAfee‘s Scam Detector, we can stay ahead of the threats.

The key insight is that while AI can mimic human communication and behavior with unprecedented accuracy, it still relies on exploiting fundamental human psychology—our desire to help, our fear of consequences, and our tendency to trust. By developing better awareness of these psychological vulnerabilities and implementing verification protocols that don’t depend on technological red flags, we can maintain our security even as the threats become more sophisticated.

Remember: in the age of agentic AI, the most important security tool you have is still your human judgment. Trust your instincts, verify before you act, and never let urgency override prudence, no matter how convincing the request might seem.

The post How Agentic AI Will Be Weaponized for Social Engineering Attacks appeared first on McAfee Blog.

There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? 

Globally, plenty of people pull double duty with their smartphones. One survey found that 87% of companies have policies that integrate personal devices in the workplace. Therein lies the higher potential for security risks such as data breaches, malware infection, and difficulties in maintaining data privacy and compliance. You see, a smartphone loaded with both business and personal data makes it a desirable, high-value target. It only takes one dedicated hacker—and there are plenty—to infiltrate an unprotected smartphone and access the treasure trove of both your personal and company information in a single effort. 

Let’s try to keep that from happening to you. This guide will walk you through exactly how to keep your digital life secure.

Why protecting your phone from hackers is critical

Smartphone hacking is when someone gains unauthorized access to your phone and the vast amount of personal data it contains. As you can imagine, this type of digital break-in can have serious real-world consequences, including financial loss from compromised banking apps, identity theft using your private information, and a complete invasion of your privacy through access to your emails, photos, and messages. This isn’t a distant threat; mobile malware is consistently on the rise, with cybercriminals developing more sophisticated methods to target unsuspecting users. The good news is that you have the power to stop them. Understanding how to protect your phone from hackers is the first step.

How attackers break into smartphones

• Phishing and smishing: These are fraudulent messages via email or SMS that trick you into clicking a malicious link or downloading an infected file. You might unknowingly give away your login credentials or install malware by thinking you’re responding to a legitimate request from a bank or service provider.
• Malicious apps: Cybercriminals create fake apps that look real or hide malware inside seemingly harmless applications. You might download one from outside official app stores, granting it permissions that allow it to steal your data in the background.
• Unsecured public Wi-Fi: When you connect to a public network at a café or airport without a VPN, hackers on the same network can intercept your data. You enable this attack simply by using the free Wi-Fi to check sensitive information like emails or bank accounts.
• SIM-swapping: An attacker convinces your mobile carrier to transfer your phone number to a SIM card they control. They often use personal information gathered from data breaches to impersonate you, effectively hijacking your number to intercept verification codes.
• Spyware: This type of software secretly monitors your activity, recording calls, tracking your location, and stealing passwords. It’s often installed through phishing links or by someone with physical access to your phone.
• Zero-click exploits: These are advanced and rare attacks that can infect a phone without any action from you at all—no clicks needed. While typically used against high-profile targets, they highlight the importance of keeping your device’s software up to date to patch the vulnerabilities they exploit.

Signs your phone may be hacked

• Sudden battery drain: If your phone’s battery life suddenly plummets, it could be due to malware or spyware running constantly in the background.
• Unusually high data usage: A spike in your data consumption could mean a malicious app is transmitting information from your device without your knowledge.
• Overheating: While phones can get warm, consistent overheating without heavy use can be a sign that hidden processes are overworking your phone’s processor.
• Apps you don’t recognize: Discovering new apps on your phone that you never installed is a major red flag for a security breach.
• Constant pop-ups: A sudden increase in strange or aggressive pop-up ads, even when your browser is closed, often indicates adware or other malware.
• Strange activity on your accounts: If friends report receiving odd messages from you on social media or email, a hacker may have taken control of your accounts via your phone.
• Poor performance: If your phone becomes noticeably slow, crashes frequently, or reboots on its own, malicious software could be consuming its resources.
• Security software is disabled: If you find that your mobile security app or other built-in security settings are turned off and you didn’t do it, an attacker may be trying to cover their tracks.

If you notice one or more of these signs, don’t panic. Investigate further and follow the recovery steps below. Sometimes, these issues can be caused by a legitimate but buggy app or an aging battery.

What to do if your phone is hacked

1. Disconnect immediately: Turn off Wi-Fi and mobile data on your phone. This severs the hacker’s connection and stops them from sending more of your data.
2. Inform your contacts: Warn your friends, family, and colleagues that your phone has been compromised and to be wary of any strange messages coming from your number or accounts.
3. Run a security scan: Use a trusted antivirus app to scan your device. It’s designed to find and remove malware that may be causing the problem.
4. Change your passwords: From a separate, trusted device like a laptop, immediately change the passwords for your critical accounts—email, banking, social media, and your Apple/Google ID.
5. Remove suspicious apps: Manually delete any apps that you don’t recognize or that the security scan flagged as malicious.
6. Notify your bank: Contact your financial institutions to alert them of the potential breach. Monitor your accounts closely for any fraudulent activity.
7. Consider a factory reset: If you can’t remove the malware, a full factory reset is your best option. This will wipe the phone clean. Before you do this, make sure you have a recent backup of your important data.

7 tips to secure your phone for the future

Once you’ve resolved an attack, the next step is to prevent phone hacking from happening again. Think of it as strengthening your digital front door. As both a parent and professional, I have put together a few things you can do to protect your smartphone from future hacks, so that you can keep your personal and work life safe:

1. Add extra protection with your face, finger, pattern, or PIN

Locking your phone with facial ID, a fingerprint, a pattern, or a PIN is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it.

2. Use a virtual private network

Don’t hop onto public Wi-Fi networks without protection. A virtual private network (VPN) masks your connection from hackers, allowing you to browse privately on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, your sensitive data, documents, and activities are protected from snooping. It’s definitely a great feeling given the amount of personal and professional business we manage with our smartphones.

3. Stick to the official app stores

Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data such as passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them as malicious apps and counterfeits can still find their way into stores.

4. Back up the data in the cloud

Backing up your phone is always a good idea for two reasons:

• First, it makes the process of transitioning to a new phone easy by transferring that backed-up data from your old phone to your new phone.
• Second, it ensures that your data stays with you if your phone is lost or stolen, allowing you to remotely wipe the data while still having a secure copy stored in the cloud. 

Both iPhones and Android phones have straightforward ways of backing up your phone regularly.

5. Learn to lock or wipe your phone remotely in case of emergency

Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While it seems like a drastic move, your data is secure in the cloud ready to be restored IF you maintain regular backups as mentioned above. This means hackers won’t be able to access your or your company’s sensitive information, keeping you and your professional business safe. Apple and Google provide their users with a step-by-step guide for remotely wiping devices.

6. Get rid of old apps and update the ones you keep

Needless to say, smartphone updates should always start with the operating system (OS). In addition, you also need to conduct app updates as soon as they’re available, as they contain critical security patches. Take a few moments to swipe through your screen, see which ones you’re truly done with and delete them along with their data. Every extra app is another app that needs updating or that may come with a security issue. Along with deleting the app, also delete your account associated with it. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option.

7. Protect your phone

With so much of your life on your phone, getting security software installed on it can protect you and the things you keep. Whether you’re an Android owner or iOS owner, McAfee+ conducts regular security scans to help you keep your personal, financial, and even company data secure.

Bonus tips: Limit the information stored on your phone

While it’s convenient to have everything at your fingertips, storing too much sensitive information on your smartphone makes you vulnerable if your device is lost, stolen, or compromised. Here are some tips to limit the data on your phone and reduce your risk of identity theft, financial fraud, and privacy breaches.

• Conduct a digital detox: Regularly go through your phone and delete old, unnecessary files. This includes screenshots of boarding passes, expired event tickets, and old photos of sensitive documents. Every piece of data you remove is one less thing a hacker can steal.
• Limit saved payment information: While convenient, letting apps and browsers save your credit card details creates a treasure trove for criminals. Instead, enter payment information manually when you shop or use a secure digital wallet that masks your actual card number.
• Be mindful of notes and messages: Avoid storing passwords, social security numbers, or other credentials in your notes app or text messages. If a hacker gains access, these are often the first places they look for valuable information that could be used for identity theft or to leverage a SIM-swap attack.

Advanced mobile device security considerations

At a deeper level, there are several lesser-known settings you can adjust to protect your phone from being hacked. These advanced steps add extra layers of security to your device.

• Turn off Bluetooth and NFC when not in use: Leaving Bluetooth and near field communication (NFC) on all the time makes your device discoverable and potential gateways for attackers. To secure your phone, simply toggle them off from your control center or settings menu when you aren’t actively using them.
• Revoke unnecessary app permissions: Many apps request access to your contacts, location, camera, and microphone even when they don’t need it. This is a common method for data harvesting. Periodically go to your phone’s privacy settings (on iOS, look under Privacy & Security; on Android, Security and Privacy, then Permission manager) and review which apps have access to what. If a photo-editing app doesn’t need your location, revoke that permission.
• Disable developer options: This is a hidden menu intended for app developers that provides deep system access. An attacker with physical or remote access could exploit these settings. Make sure to disable it. On Android, you can typically find the toggle to turn Developer Options off at the bottom of the main Settings menu. This is a simple but effective way to protect your phone from hacking.
• Enable auto-delete for temporary files and messages: Your browser history, text messages, and temporary app files can build up and contain sensitive information. Both iOS and Android have settings to automatically delete old messages (e.g., after 30 days or a year). Similarly, you can periodically clear the cache and data for your web browser and other apps to remove any lingering digital footprints.
• Encrypt your device storage: Encryption is a powerful digital vault for your data that is built into most modern smartphones. Encryption scrambles your data—photos, contacts, messages—into unreadable code. Without your passcode, fingerprint, or Face ID, it’s just gibberish. Using a complex, unique passcode instead of a simple four-digit PIN makes it exponentially harder for a thief to break in. 

FAQs about smartphone hacking 

Can my phone’s camera be hacked?

Yes, malware or spyware can give a hacker access to your camera and microphone, allowing them to see and hear you without your knowledge. To prevent this, be cautious about app permissions and consider using a physical camera cover for peace of mind.

Can I get hacked just by visiting a website?

It’s possible. Some malicious websites can attempt to automatically download malware or exploit browser vulnerabilities to compromise your device. Using a secure browser and comprehensive security software that warns you of risky sites is your best defense.

Is my phone safe from hackers when it’s turned off?

For the vast majority of users, a phone that is completely powered off cannot be hacked remotely. Hacking requires the device’s operating system and network connections to be active, so turning it off effectively cuts that connection.

Can answering a phone call hack my phone?

Simply answering a call from an unknown number is highly unlikely to hack your phone. The real danger lies in social engineering, where the scammer on the other end tries to trick you into revealing personal information, visiting a malicious website, or dialing a specific code.

Final thoughts

Your smartphone is central to your life, and understanding how to keep your phone safe from hackers is not about being fearful, but about being prepared. By taking proactive and consistent steps, you create powerful layers of defense that make you a much harder target for cybercriminals. Combining smart habits with the advanced protection offered by security solutions like McAfee+ ensures your data, privacy, and peace of mind are always safeguarded. Stay informed about new threats, keep your security software current, and enjoy all the good your connected life has to offer, safely and securely.

The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.

How do hackers hack phones? In several ways. But also, there are several ways you can prevent it from happening to you. The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves. However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first understanding what phone hacking is, taking a look at some common attacks, and learning how you can prevent it.

What is phone hacking?

Phone hacking refers to any method where an unauthorized third party gains access to your smartphone and its data. This isn’t just one single technique; it covers a wide range of cybercrimes. A phone hack can happen through software vulnerabilities, like the spyware campaigns throughout the years that could monitor calls and messages. It can also occur over unsecured networks, such as a hacker intercepting your data on public Wi-Fi. Sometimes, it’s as simple as physical access, where someone installs tracking software on an unattended device. 

Types of smartphone hacks and attacks

Hackers have multiple avenues of attacking your phone. Among these common methods are using malicious apps disguised as legitimate software, exploiting the vulnerabilities of unsecure public Wi-Fi networks, or deploying sophisticated zero-click exploits that require no interaction from you at all. The most common method, however, remains social engineering, where they trick you into giving them access. Let’s further explore these common hacking techniques below.

Hacking software

Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:

• Keylogging: In the hands of a hacker, keylogging works like a stalker by snooping information as you type, tap, and even talk on your phone.
• Trojans: Trojans are malware disguised in your phone to extract important data, such as credit card account details or personal information.

Some possible signs of hacking software on your phone include:

• A battery that drains way too quickly.
• Your phone runs a little sluggish or gets hot.
• Apps quit suddenly or your phone shuts off and turns back on.
• You see unrecognized data, text, or other charges on your bill.

In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass your personal information into the hands of hackers.

Phishing attacks

This classic form of attack has been leveled at our computers for years. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. These attacks take many forms such as emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over personal info or that install malware to wreak havoc on your device or likewise steal information. Learning to spot a phishing attack is one way to keep yourself from falling victim to one.

Bluetooth hacking

Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are within range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they might access your data and info, yet that data and info must be downloaded while the phone is within range. This is a more sophisticated attack given the effort and technology involved.

SIM card swapping

In August of 2019, then CEO of Twitter had his phone hacked by SIM card swapping scam. In this type of scam, a hacker contacts your phone provider, pretends to be you, then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card is deactivated, and your phone number will be effectively stolen. This enables the hacker to take control of your phone calls, messages, among others. The task of impersonating someone else seems difficult, yet it happened to the CEO of a major tech company, underscoring the importance of protecting your personal info and identity online to prevent hackers from pulling off this and other crimes.

Vishing or voice phishing

While a phone call itself cannot typically install malware on your device, it is a primary tool for social engineering, known as vishing or voice phishing. A hacker might call, impersonating your bank or tech support company, and trick you into revealing sensitive information like passwords or financial details. They might also try to convince you to install a malicious app. Another common tactic is the “one-ring” scam, where they hang up hoping you’ll call back a premium-rate number. To stay safe, be wary of unsolicited calls, never provide personal data, block suspicious numbers, and check that your call forwarding isn’t enabled.

Low-power mode hacks

Generally, a phone that is powered off is a difficult target for remote hackers. However, modern smartphones aren’t always truly off. Features like Apple’s Find My network can operate in a low-power mode, keeping certain radios active. Furthermore, if a device has been previously compromised with sophisticated firmware-level malware, it could activate upon startup. The more common risk involves data that was already stolen before the phone was turned off or if the device is physically stolen. While it’s an uncommon scenario, the only sure way to take a device offline and completely sever all power is by removing the battery, where possible.

Camera hacks

Hacking a phone’s camera is referred to as camfecting, usually done through malware or spyware hidden within a rogue application. Once installed, these apps can gain unauthorized permission to access your camera and record video or capture images without your knowledge. Occasionally, vulnerabilities in a phone’s operating system (OS) have been discovered that could allow for this, though these are rare and usually patched quickly. Protect yourself by regularly reviewing app permissions in your phone’s settings—for both iOS and Android—and revoking camera access for any app that doesn’t absolutely need it. Always keep your OS and apps updated to the latest versions.

Android vs. iPhone: Which is harder to hack?

This is a long-standing debate with no simple answer. iPhones are generally considered more secure due to Apple’s walled garden approach: a closed ecosystem, a strict vetting process for the App Store, and timely security updates for all supported devices. Android’s open-source nature offers more flexibility but also creates a more fragmented ecosystem, where security updates can be delayed depending on the device manufacturer. However, both platforms use powerful security features like application sandboxing. 

The most important factor is not the brand but your behavior. A user who practices good digital hygiene—using strong passwords, avoiding suspicious links, and vetting apps—is well-protected on any platform.

Signs your phone has been hacked

Detecting a phone hack early can save you from significant trouble. Watch for key red flags: your battery draining much faster than usual, unexpected spikes in your mobile data usage, a persistently hot device even when idle, or a sudden barrage of pop-up ads. You might also notice apps you don’t remember installing or find that your phone is running unusually slow. To check, go into your settings to review your battery and data usage reports for any strange activity. The most effective step you can take is to install a comprehensive security app, like McAfee® Mobile Security, to run an immediate scan and detect any threats.

How to remove a hacker from your phone

Discovering that your phone has been hacked can be alarming, but acting quickly can help you regain control and protect your personal information. Here are the urgent steps to take so you can remove the hacker, secure your accounts, and prevent future intrusions.

1. Disconnect immediately: Turn on Airplane Mode to cut off the hacker’s connection to your device via Wi-Fi and cellular data.
2. Run an antivirus scan: Use a reputable mobile security app to scan your phone, and identify and remove malicious software.
3. Review and remove apps: Manually check your installed applications. Delete any you don’t recognize or that look suspicious. While you’re there, review app permissions and revoke access for any apps that seem overly intrusive.
4. Change your passwords: Using a separate, secure device, change the passwords for your critical accounts immediately—especially for your email, banking, and social media.
5. Perform a factory reset: For persistent infections, a factory reset is the most effective solution. This will wipe all data from your phone, so ensure you have a clean backup—the time before you suspected a hack—to restore from.
6. Monitor your accounts: After securing your device, keep a close eye on your financial and online accounts for any unauthorized activity.

10 tips to prevent your phone from being hacked

While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:

1. Use comprehensive security software. We’ve gotten into the good habit of using this on our desktop and laptop computers. Our phones? Not so much. Installing security software on your smartphone gives you a first line of defense against attacks, plus additional security features.
2. Update your phone OS and its apps. Keeping your operating system current is the primary way to protect your phone. Updates fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks. Additionally, those updates can help keep your phone and apps running smoothly while introducing new, helpful features.
3. Stay safe on the go with a VPN. One way that crooks hack their way into your phone is via public Wi-Fi at airports, hotels, and even libraries. This means your activities are exposed to others on the network—your bank details, password, all of it. To make a public network private and protect your data, use a virtual private network.
4. Use a password manager. Strong, unique passwords offer another primary line of defense, but juggling dozens of passwords can be a task, thus the temptation to use and reuse simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
5. Avoid public charging stations. Charging your device at a public station seems so convenient. However, some hackers have been known to juice jack by installing malware into the charging station, while stealing your passwords and personal info. Instead, bring a portable power pack that you can charge ahead of time. They’re pretty inexpensive and easy to find.
6. Keep your eyes on your phone. Many hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking to locate your phone or wipe it clean remotely if you need to. Apple and Google provide their users with a step-by-step guide for remotely wiping devices.
7. Encrypt your phone. Encrypting your cell phone can save you from being hacked and can protect your calls, messages, and critical information. To check if your iPhone is encrypted, go into Touch ID & Passcode, scroll to the bottom, and see if data protection is enabled. Typically, this is automatic if you have a passcode enabled. Android users have automatic encryption depending on the type of phone.
8. Lock your SIM card. Just as you can lock your phone, you can also lock the SIM card that is used to identify you, the owner, and to connect you to your cellular network. Locking it keeps your phone from being used on any other network than yours. If you own an iPhone, you can lock it by following these simple directions. For other platforms, check out the manufacturer’s website.
9. Turn off your Wi-Fi and Bluetooth when not in use. Think of it as closing an open door. As many hacks rely on both Wi-Fi and Bluetooth to be performed, switching off both can protect your privacy in many situations. You can easily turn off both from your settings by simply pulling down the menu on your home screen.
10. Steer clear of unvetted third-party app stores. Google Play and Apple’s App Store have measures in place to review and vet apps, and ensure that they are safe and secure. Third-party sites may not have that process and might intentionally host malicious apps. While some cybercriminals have found ways to circumvent Google and Apple’s review process, downloading a safe app from them is far greater than anywhere else.

Final thoughts

Your smartphone is central to your life, so protecting it is essential. Ultimately, your proactive security habits are your strongest defense against mobile hacking. Make a habit of keeping your operating system and apps updated, be cautious about the links you click and the networks you join, and use a comprehensive security solution like McAfee® Mobile Security.

By staying vigilant and informed, you can enjoy all the benefits of your mobile device with confidence and peace of mind. Stay tuned to McAfee for the latest on how to protect your digital world from emerging threats.

The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.

Malicious software, also called malware, refers to any program or code engineered to harm or exploit computer systems, networks and devices. It affects your phone’s functionality, especially if you jailbreak your device—that is, opening your iOS to additional features, apps, and themes. 

The risks associated with a malware infection can range from poor device performance to stolen data. Cybercriminals typically use it to extract data—from financial data and healthcare records to emails and passwords—that they can leverage over victims for financial gain. 

Thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be generally resilient against malware infections. It’s important to note, however, that they’re not completely without vulnerabilities.

Read on to learn how you can detect malware on your iPhone and how to remove these infections so you can get back to enjoying your digital activities.

What is iPhone malware?

While traditional self-replicating viruses are rare on iPhones, malware is a genuine threat for Apple devices. Malware typically enters through links in deceptive texts or emails or through downloaded, unvetted apps rather than system-wide infection. These are some types of malware that could infect your iPhone:

• Adware: Once embedded into your phone, adware collects your personal data and learns browsing habits to determine what kinds of ads can be targeted to you. It then bombards your screen with pop-up ads.
• Ransomware: This type of malware encrypts your files or locks you out of your computer, making the data inaccessible. The attackers then demand a ransom before releasing your encrypted files or systems.
• Spyware: This malicious software sits on your device, tracks your online activities, then sends it to a central server controlled by third-party internet service providers, hackers, and scammers, who then exploit this information to their advantage.
• Trojans: Disguised as a real, operational program, this type of malware steals passwords, PINs, credit card data, and other private information.

Understanding Apple’s built-in security layers

To keep you safe against malware and other threats, Apple engineers the iPhone with multiple security layers, including:

• Secure Enclave: This hardware feature is a dedicated secure subsystem in Apple devices that protects your most sensitive data, such as Face ID or Touch ID information in a separate, fortified processor. 
• Sandboxing: This process serves as a digital wall around each app, preventing it from meddling with other apps or accessing your core iOS system files. A downloaded app is first isolated or sandboxed to prevent it from accessing data in your iPhone or modifying the operating system. 
• App Store review: Apple also enforces a process to strictly vet apps for malicious code, and it delivers rapid security patches via regular iOS updates to fix vulnerabilities quickly. 

Together, these features create a highly secure environment for iPhones. However, this robust shield does not eliminate all risks, as threats can still bypass these defenses through phishing scams or by tricking a user into installing a malicious configuration profile.

6 signs of malware on your iPhone and quick actions

If your iPhone is exhibiting these odd activities listed below, a manual scan is your first point of order. These quick actions are free to do as they are already integrated into your device.

• Sudden battery drain: Your battery dies much faster than it should because malware is secretly running in the background. It could mean malware is running in the background and consuming a significant amount of power. To make sure that no such apps are installed on your phone, head over to Settings > Battery and select a period of your choice. Uninstall any unfamiliar apps that stand out.
• Unexpected data spikes: You notice a sudden jump in your data usage, which could mean malware is sending information from your phone to a hacker’s server. Keep an eye on it if you suspect malware is in your system. To do so, go to Settings > Mobile Data and check if your data usage is higher than usual.
• Constant pop-ups: Occasionally running into pop-up ads is inevitable when browsing the internet. However, your phone might be infected with adware if you’re getting them with alarming frequency. Never click the pop-ups. Instead, go to Settings > Safari and tap Clear History and Website Data. This can remove adware and reset your browser.
• Overheating device: Your iPhone feels unusually hot, even when idle, as malicious software can cause the processor to work overtime. Restart your phone to terminate any hidden processes causing the issue.
• Mysterious apps appear: You discover apps on your iPhone that you are certain you never downloaded. Take some time to swipe through all of your apps and closely inspect or uninstall any that you don’t recognize or remember downloading. 

• Sluggish performance: Your phone becomes slow, apps crash unexpectedly, or the entire system freezes for no reason. A simple restart can often clear up performance issues and improve responsiveness.

The disadvantage of doing a manual scan is that it requires effort. In addition, it does not detect sophisticated malware, and only identifies symptoms rather than root causes.

Scan your iPhone for malware

If your iPhone persistently exhibits any of the red flags above despite your quick actions, you may have to investigate using a third-party security app to find the threats that manual checks don’t catch. 

Compared with manual or built-in scans, third-party solutions like McAfee Mobile Security offer automated, comprehensive malware scans by detecting a wider range of threats before they enter your digital space. While available at a premium, third-party security suites offer great value as they include full-scale protection that includes a safe browsing feature to protect your digital life and a virtual private network (VPN) for a more secure internet connection. 

How to remove malware from your iPhone

If the scan confirms the presence of malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.

Update your iOS, if applicable

In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update your iOS immediately to close this potential vulnerability. To do this, go to Settings > General > Software Update and follow the instructions to update your iPhone.

Restart your device

It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.

Clear your iPhone browsing history and data

If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, go to Settings > Clear History and Website Data > Clear History and Data. Keep in mind that the process is similar for Google Chrome and most other popular web browsers.

Remove any suspicious apps

Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.

Restore your iPhone

The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. This allows you to restore your device to an iCloud backup version that was made before the malware infection. Go to Settings > General > Transfer or Reset iPhone > Erase All Content and Settings > Restore from iCloud Backup.

Factory reset your iPhone

A factory reset should be your last resort when other removal methods have failed, as it is a complete data wipe. That means it will erase all content and settings, including any malicious apps, profiles, or files, returning the software to its original, out-of-the-box state. That’s why it’s crucial to back up your essential data such as photos and contacts first. Also, remember to restore to an iCloud backup version *before* the malware infection to avoid reintroducing the infection. For the highest level of security, set the iPhone up as new and manually redownload trusted apps from the App Store. When you are ready to reset, go to Settings > General > Transfer or Reset iPhone > Erase All Content and Settings > Set Up as New iPhone.

How to detect spyware on your iPhone

Spyware is designed to be sneaky, but it leaves subtle traces. Pay attention to your iPhone’s behavior, such as the camera or microphone unexpectedly activating as indicated by a green or orange dot in the status bar, sudden battery drain, or your device overheating for no reason. Another major red flag is a spike in data usage when you aren’t actively using your phone.

For a deeper look, do this 5-minute check to see which apps have accessed your data, camera, and microphone. Look for any activity that seems suspicious or that you don’t recall authorizing. 

5-minute spyware check:

• Scan for unknown apps: Scroll through your home screens and App Library for any apps you didn’t install.
• Review the App Privacy Report: Check for recent sensor or network activity from apps that shouldn’t be active. Go to Settings > Privacy & Security > App Privacy Report. 
• Check for unusual profiles: Go to Settings > General > VPN & Device Management. Remove any profiles you don’t recognize.
• Look at battery usage: In Settings > Battery, look for unfamiliar apps consuming significant power.

Removing spyware from your iPhone

If you suspect your iPhone has been compromised, it’s important to act quickly. Here’s a step-by-step process to remove it, restore your privacy, and prevent future threats.

1. Backup your essential data: Before making any changes, back up your photos, contacts, and other important files. Ensure you back up to a trusted location like iCloud or your computer.
2. Update to the latest iOS: Apple frequently releases security patches. Go to Settings > General > Software Update and install any available updates to close vulnerabilities that spyware might exploit.
3. Delete suspicious apps and profiles: Remove any apps you don’t recognize. Additionally, go to Settings > General > VPN & Device Management and delete any configuration profiles that you did not install yourself.
4. Change your passwords: Once your device is clean, immediately change the passwords for your critical accounts, including your Apple ID, email, and banking apps.
5. Enable two-factor authentication (2FA): For an added layer of security, enable 2FA on all important accounts, to make it much harder for anyone to gain unauthorized access, even if they have your password.
6. Run a mobile security scan: The most reliable way to detect spyware is with a trusted mobile security app that can perform a comprehensive system scan to help flag any remaining malicious files or settings.
7. When to escalate: If you suspect you are a victim of stalking or that your device was compromised for illegal activities, contact Apple Support for assistance and consider reporting the incident to law enforcement.

Don’t engage with fake virus pop-up scams

A common tactic used by scammers is the fake virus pop-up. These alarming messages appear while you are browsing, often using logos from Apple or other trusted companies, and claim your iPhone is infected. Their goal is to create panic, urging you to click a link, download a fake app, or call a fraudulent support number. Never interact with these pop-ups. Here’s a quick response plan when dealing with fake virus pop-up ads: 

• The correct action is to close the Safari tab or the entire browser immediately. 
• To be safe, clear your browsing data by going to Settings > Safari > Clear History and Website Data. This action removes any lingering scripts from the malicious page. 
• You can also report phishing pages to help protect others.

Never enter personal information, passwords, or payment details on a page that appears from a pop-up ad.

Avoid malware from the start

The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:

• If you receive unexpected or unsolicited emails or texts, think before you tap the suspicious links to avoid phishing traps.
• Stick only with apps from the Apple App store. Avoid installing apps from unvetted third-party stores.
• Protect your device’s built-in defenses by avoiding the temptation to jailbreak your iPhone as this will remove most Apple security features.
• Enable automatic updates of iOS and iTunes to stay in line with Apple’s security updates and bug fixes.
• Back up your iPhone data regularly to iCloud or a computer so you can always restore it.
• Avoid engaging with suspicious text messages on iMessage, as hackers use them to spread phishing scams.

• Enable two-factor authentication on your Apple ID for a powerful extra layer of security.
• Routinely review your app permissions to ensure they only have access to necessary data.
• Install a trusted security app, such as McAfee Mobile Security, for proactive scanning and web protection.

FAQs about iPhone malware

Can my iPhone get a virus from opening an email?
Simply opening an email is very unlikely to infect your iPhone. However, clicking a malicious link or downloading an attachment from a phishing email can lead you to a harmful website or trick you into compromising your information. It’s the action you take, not opening the email itself, that creates the risk.

How do I know if a virus warning is real or fake?
Any pop-up in your browser that claims your iPhone has a virus is fake. Apple does not send notifications like this. These are scare tactics designed to trick you into clicking a link or calling a fake support number. The safest response is to close the browser tab and clear your browsing data.

Does my iPhone really need antivirus software?

It’s a misconception that iPhones are immune to all viruses. While Apple’s built-in security provides a strong defense, it doesn’t offer complete protection. Cybercriminals are increasingly using phishing, smishing, AI voice cloning, deepfake videos and other social engineering methods to target iPhone users. A comprehensive security app provides layered protection beyond the iOS integrated security. Think of it as adding a professional security guard to already-strong walls.

What is the best way to check my iPhone for a virus or malware for free?
You can perform manual checks for free by looking for suspicious apps, checking for unusual battery drain and data usage, and reviewing your App Privacy Report. While helpful for spotting obvious issues, these manual checks aren’t foolproof. A dedicated security app offers a more reliable and thorough analysis.

Can an iPhone get malware without jailbreaking it?
Yes. While jailbreaking significantly increases the risk, malware can still infect a non-jailbroken iPhone. This typically happens through sophisticated phishing attacks, installing malicious configuration profiles from untrusted sources, or, in very rare cases, by exploiting an unknown vulnerability in iOS, known as a “zero-day” attack.

Is an iPhone malware scan truly necessary?
Given the value of the personal data on our phones, a regular malware scan provides significant peace of mind. A reputable security app can identify vulnerabilities you might miss, such as outdated software or risky system settings, helping you maintain a strong security posture.

Final thoughts on iPhone malware protection

Keeping your iPhone secure from malware is an achievable goal that puts you in control of your digital safety. By combining smart habits with powerful security tools, you can confidently protect your personal information from emerging threats. 

McAfee is committed to empowering you with the resources and protection needed to navigate the online world safely. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind. Download the McAfee Mobile Security app today and get all-in-one protection.

The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.

Even years after its release, Fortnite still stands as the online “battle royale” game of choice, with millions of younger gamers packing its servers every month—along with fair share of scammers who want to target them both in and out of the game. What makes Fortnite such a proverbial hunting ground for scammers? The answer lies in an in-game economy—one fueled with its own virtual currency that’s backed by real dollars. As to how all that plays out, that calls for a closer look at the game. Fortnite’s in-game currency, V-Bucks, has become a prime target for cybercriminals. One of the most prevalent threats is the so-called “free V-Bucks generator” scam—a fraudulent scheme that promises players free or discounted V-Bucks in exchange for completing online forms, providing account credentials, or downloading software. These offers are entirely illegitimate. No third-party service can generate V-Bucks, and engaging with such sites puts users at significant risk of credential theft, malware infection, and financial fraud.

What is Fortnite?

Fortnite is player-versus-player game where up to 100 players fight as individuals, duos, or squads of up to four, battle on a cartoon-like island where the playable area increasingly shrinks as the game goes on. Along the way, players gain weapons and items that by rummaging through “loot boxes” or through bundles of loot left behind by eliminated players. Fortnite has several game modes, yet the most popular is the “battle royale” mode described here, where the last player, or team, left standing wins.

Is Fortnite free to play?

On the surface, Fortnite is free to play. However, money quickly enters the picture with Fortnite’s in-game currency known as V-Bucks. Players pay real money to purchase different amounts of V-Bucks through the Fortnite Item Shop or through official Fortnite V-Bucks gift cards available in stores and online.

Players use V-Bucks for all kinds of in-game purchases, notably outfits and game avatars known commonly as “skins” based on pop-culture icons like Marvel superheroes and popular singers, along with other game weapons and items. Further, players use V-Bucks to purchase “Battle Passes” that give them access to further in-game purchases and rewards. Finally, players can also purchase “Loot Llamas,” which are bundles of items, skins, and weapons as well (which players can also acquire these through gameplay to some degree).

And that’s where scammers enter the picture. Because wherever money changes hands online, scammers are sure to crop up. And with Fortnite in particular, players are more than willing to pay for V-Bucks, which can turn unwary kids into targets.

What are Fortnite scams, and what do they look like?

In all, players love spending V-Bucks because it lets them create custom avatars loaded with unique items. This makes up a big part of the game’s appeal above and beyond the gameplay itself, to the point where players sporting rarer skins and items take on the air of status symbols.

Bad actors out there do their best to capitalize on this mix of customization, status, and money with several types of scams designed to lure in young gamers. Put plainly, the game’s economy gives scammers a powerful emotional hook they can set—the drive to stand out on the battlefield is high.

Three of the most common Fortnite scams include:

Phishing scams

Just like shopping scams, fake ticket scams, and the like, these scams lure children into clicking links to phishing sites that promise in-game rewards, items, and discounted V-Bucks—but steal credit and debit card info. Young gamers might come across these links in search, yet YouTube has been rife with links to Fortnite scams as well. An examination of domains such as 750ge.com and ggfn.us reveals the use of established phishing methodologies coupled with malware delivery systems. These sites leverage Fortnite’s widespread appeal to attract users seeking free premium content, employing social engineering techniques that mirror those seen in Roblox-related scams and other forms of online fraud.

Social engineering scams

Scammers pose as friendly gamers and build up trust over time, only to betray that trust by asking children to share personal info, passwords, or credit card numbers for “discounted” V-Bucks or items. Some also get children to download malware, promising that the (harmful) app “generates” V-Bucks or gives them “upgrades” of some kind.

Account takeovers and ransoms

Also under the guise of providing items, upgrades, or V-Bucks, scammers persuade children into handing over their login info. This can give them access to personal and financial info contained in the Epic Games Launcher. Further, because some players have spent a great deal of time and money on their account, some scammers hold hijacked accounts for ransom—demanding payment for the return of the account. As it is with any kind of ransomware or ransom attack online, payment is no guarantee that the scammer will return the account.

How to Secure Your Epic Games Account

When it comes to protecting your Fortnite and Epic purchases, a few disciplined habits go a long way. Follow the guidance below to significantly reduce account-takeover risk and streamline recovery if something goes wrong.

Use Unique Passwords

Use a password that you don’t use anywhere else. Credential-stuffing attacks rely on recycled passwords from other breaches; a unique, long passphrase (ideally 14+ characters) blocks that common tactic. Consider a reputable password manager to generate and store complex credentials safely.

Enable Two-Factor Authentication (2FA)

Turn on 2FA so a one-time code is required at sign-in, stopping most unauthorized logins even if a password leaks. Epic supports email, SMS, and authenticator-app methods—use an app whenever possible for stronger protection. Note: 2FA is required for certain programs (e.g., tournaments, Support-A-Creator) and is strongly recommended for all players.

Secure and Verify your Email Address

Your email is the recovery backbone for your Epic account. Use an email you’ll keep long-term, enable that mailbox’s own 2FA, and verify the address within Epic. A verified, secured email makes account recovery faster and helps Player Support confirm ownership if there’s suspicious activity.

Link Your Social Accounts for Extra Security

Linking trusted single-sign-on options (e.g., Google) can simplify logins without creating yet another password—provided those social accounts are themselves protected with unique passwords and 2FA. Treat your SSO accounts as keys: if they’re well-secured, they reduce friction without sacrificing safety.

Keep Your Devices Secure

Good account security starts with healthy devices. Keep operating systems and browsers up to date, use reputable antivirus/anti-malware, and avoid installing unknown software or extensions. A compromised device can capture keystrokes and tokens regardless of how strong your password is.

Don’t Buy or Share Accounts

Buying, selling, or sharing accounts violates policy and exposes you to scams, chargebacks, and permanent loss of access. If someone else knows your password—or if ownership is disputed—support may not be able to help. Keep your credentials private and your account strictly personal.

Don’t Trust Suspicious Offers

Ignore sites and messages promising free or discounted V-Bucks, skins, or creator perks. These are common phishing and malware lures that mimic Epic branding to steal credentials or install harmful software. Only transact through official Epic channels and in-game menus.

If You Suspect Compromise

If you can still log in: immediately reset your email password, then your Epic password, and enable 2FA. Review recent logins and unlink unknown devices. If you can’t log in: work through Epic’s recovery steps starting with your email account and Epic password reset. Have purchase details handy to verify ownership.

What are the parental controls for Fortnite?

With many Fortnite scams, scammers need a way to speak with your child, ideally in the game itself. Fortunately, Fortnite has several parental controls that make it far more difficult for scammers to approach them and that give you further control over payments made through the platform.

Here are a few of the things you can manage from Fortnite’s parental controls:

Social permissions

This lets you manage your child’s online social interactions across Epic’s experiences and games by setting permissions for friend requests, voice and text chat, and mature language filtering.

Purchasing settings

Here you can set permissions to help prevent unauthorized payments while using Epic Games payment services.

Age-rating restrictions

You can manage which experiences your child can access in Fortnite, and which games your child can access in the Epic Games Store based on age ratings.

Time limit controls & time reports

Set time limits and view the total time your child spends in Fortnite and Unreal Editor for Fortnite (UEFN) each week. Choose if you want to receive email reports for your child’s time spent in Fortnite and UEFN.

Should I trust a website that’s offering free V-Bucks?

As Epic Games states, avoid trusting any offers for Epic Games products—such as free titles or V-Bucks that come from external or unverified sites, as they are likely scams. Legitimate promotions are only shared through the Epic Games Store, the official Epic Games website, or their verified social media channels, so if you don’t see it there, it’s not real.

Additionally, for parents of younger players …

Fortnite offers what Epic Games calls “Cabined Accounts,” a safer space that disables voice and text chat, while also disabling the ability to pay for items with real money. (In the U.S., Cabined Accounts are for children under 13 years old. Elsewhere, under that country’s age of digital consent.) Players with Cabined Accounts can still play titles from Epic Games like Fortnite, Rocket League or Fall Guys, but won’t be able to access certain features such as voice chat until their parent or guardian provides consent.

 

Source: Epic Games

What other parental controls can you set to keep your kids safe on Fortnite?

Be aware, though. The parental controls listed above only apply to games on the Epic Games platform. That means your child may still be able to access voice chat using the chat system built into the gaming console or device they’re playing on. So you’ll want to check out the parental controls on their console or device as well, which we’ve listed below:

PlayStation

PlayStation® 5 parental controls and PlayStation® 4 parental controls

Xbox

Xbox parental controls

Nintendo Switch

Nintendo Switch parental controls

Windows

Windows parental controls

iOS

iOS parental controls

Google Play

Google Play parental controls

More ways you can protect your kids from Fortnite and online game scams

Make sure your kids know that virtual money is often real money.

Whether it’s Fortnite V-Bucks or many of the other virtual currencies used in online games, many are tied back to real dollars. It costs real money to buy them. Ultimately, the same goes for the in-game purchases they make. Younger gamers don’t always make this connection, which is how we get the occasional headline story about a grade-school child who racks up a multi-thousand-dollar credit card bill. Have a sit-down with your child and help them understand this connection between “virtual” money and “real” money. And with that, you can have a follow-on chat about an allowance for online game purchases (which you can often set using a game’s parental controls). Do note, Epic Games does not offer legitimate V-Bucks generators outside their official platforms. Any site claiming otherwise is operating a fraud scheme that poses significant security risks to users.

Set the parental controls for the games they play.

We’ve outlined what Fortnite offers by way of parental controls, as well as the parental controls offered on several top gaming platforms. Once more, note that you’ll want to set parental controls on the any of the games your children play that include online chat or purchases. Granted, the controls vary from game to game, but a quick web search will let you know what your options are. In some cases, as with Fortnite, gaming companies have entire websites dedicated to parental controls and overall child safety.

Help your kids know the difference between “friends” in games and friends in real life.

As we outlined above, many scammers try to trick young gamers into thinking they’re a friend—when in fact any kind of “friendship” is part of a scam. Make sure you let them know it’s always okay to speak with you or another trusted adult if a “friend” asks them for personal info or anything that has to do with money. The same goes for asking them to chat on other apps outside the game, such as Whatsapp, or to meet up in person. Understandably, the answer to questions like these is always “no.” Note that some games and platforms let you report accounts for behavior like this. Use those tools as needed.

Use a credit card to pay for online games.

In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing. Further, if your credit card offers online account alerts for when a purchase is made, set that up so you can track what your children are spending online. Lastly, use credit monitoring to track any unusual purchases. Credit monitoring like ours provides timely notifications and guidance so you can take action to tackle identity theft.

Get a scam detector working for you.

Phony sites, emails, texts, and on and on and on—scammers put them all into play. Yet a combination of features in our McAfee+ plans can help you and your children spot them.

McAfee’s Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

 

 

The post Fortnite Impersonation Scams: A No-Nonsense Parent Guide appeared first on McAfee Blog.

If your PC runs on Windows 10, you’re in very good company. The Microsoft operating system is the most widely used OS in the world.

However, the rollout to Windows 11 began in 2021, with Windows 10’s support lifecycle ending on October 14, 2025. After this date, Microsoft will stop providing free security updates, technical support, or software updates for Windows 10. If you are a Windows 10 user, this means you will need to upgrade to the newer OS or purchase extended security updates to continue using the old OS securely.

Unfortunately, its success as a widely used operating system makes Windows attractive to hackers. If malicious software could make a home in Windows, a lot of targets would ask how best to protect your Windows 10 or 11 device. Should you just use Windows Security — Microsoft’s free version of antivirus software — or buy additional protection?

Read on to learn what Microsoft Security covers and how additional virus protection can secure all of your connected devices.

Windows 10 antivirus software

Windows Defender is a free antivirus tool that’s built into the Windows operating system. Initially released as an anti-spyware program for Windows XP and Windows Server 2003, it became a full antivirus program with Windows 8 in 2012.

Today, Windows Defender antivirus is part of the Windows Security suite, which offers a comprehensive solution that includes Windows Firewall and Smart App Control for real-time protection against threats. While it’s considered one of the best free antivirus software programs, Windows Defender doesn’t have any extra features that might come with paid security software. If you’re just looking for good antivirus software, it can get the job done.

Check that Windows Defender is on

If you’re not using third-party antivirus protection, you’ll want to make sure that your Windows Defender antivirus coverage is working on your computer. Here’s how to check:

1. Go to the control panel and click System and Security.
2. Click Windows Defender Firewall.
3. A window will open showing if the firewall is on.
4. If you need to turn on Windows Defender, use the settings in the menu.
5. Close all browser windows and restart your computer.

To make sure your Windows Security is running, follow these steps:

1. Click CTRL+Alt+Del and select Task Manager.
2. Look at the tabs and click Services.
3. Scroll down to Windows Defender and see if it is classified as “running.”

Windows Defender capabilities and limitations

Windows Defender is a convenient and cost-effective way to protect your Microsoft device from viruses. With features like real-time protection, firewall integration, and cloud-based threat detection, it provides a solid baseline of security for your computer. This overview explores what Windows Defender does well and where it falls short:

Key features

• Real-time protection: Monitors your system continuously for threats and blocks them before they can cause harm
• Cloud-delivered protection: Utilizes cloud intelligence for near-instant detection and blocking of new and emerging threats
• Firewall: Allows you to control network traffic in and out of your device
• Ransomware protection: Prevents unauthorized applications from modifying important files. This feature, however, needs to be enabled manually
• Security intelligence updates: Receives regular updates to its malware definitions to stay protected against the latest threats

Limitations

While Windows Defender has vastly improved, it still has some limitations compared to other comprehensive security and antivirus suites.

• Phishing protection: Phishing detection is not as strong as some third-party solutions, according to PCMag tests.
• Web protection: SmartScreen works only in Microsoft Edge, potentially leaving users of other browsers more vulnerable.
• Performance impact: Sometimes impacts system performance, particularly during scans
• Ransomware protection: Not enabled by default and might not be as robust as dedicated anti-ransomware tools
• Limited features: Lacks advanced features found in many paid security products that integrate capabilities, such as VPNs, password managers, dark web monitoring, and dedicated webcam protection.

Activate Windows Defender antivirus features

1. Open Windows Security: Click the Start menu, type “Windows Security,” and select the app from the results. This is your central hub for PC protection.
2. Run a scan: In Windows Security, go to “Virus & threat protection” and run a “Quick scan” to check common areas for threats. For a more thorough check, click “Scan options” and select “Full scan,” which examines every file and running programs on your hard disk.
3. Manage real-time protection: Under “Virus & threat protection settings,” ensure that “Real-time protection” is on to actively scan for malware and prevent infections.
4. Schedule a scan: Type “Task Scheduler” in the Start menu, then navigate to Task Scheduler Library > Microsoft > Windows > Windows Defender. Customize the “Windows Defender Scheduled Scan” properties to run at a convenient time.
5. Update virus definitions: Under “Virus & threat protection,” find “Virus & threat protection updates.” Click “Check for updates” to ensure Defender has the latest information to identify new threats. Windows typically does this automatically, but a manual check is always a good idea.

More hostile threats call for more extensive protection

While Windows Security and Windows Defender offer robust baseline malware protection, modern digital threats go far beyond simple viruses. To stay truly safe, you need to look at the bigger picture of online security. This is where a comprehensive security suite offers significant advantages over a standalone antivirus tool.

Here’s a quick comparison between the built-in Windows Defender and what a full-featured security suite offers:

Feature	Windows Defender	Comprehensive Suites
Antivirus & malware protection	Yes (strong baseline)	Yes (advanced)
Firewall	Yes	Yes (advanced, customizable)
Secure VPN	No	Yes
Identity monitoring	No	Yes
Cross-device protection (Mac, Android, iOS)	No	Yes
Password manager	Limited (browser-based)	Yes (secure, cross-device)
Web protection	Yes (Edge browser)	Yes (all browsers)

Staying protected with Windows 11

Cybercriminals constantly develop new malware, sophisticated phishing scams, elaborate ruses and zero-day exploits that target your behavior—like tricking you into clicking a malicious link, downloading a compromised file, or giving your personal information such as your bank and credit card numbers. Some scams even target your devices with risky apps or links on social media.

As thousands of new threat variants are discovered daily, having dedicated and up-to-date virus protection for Windows 11 is essential for comprehensive security. Ultimately, you don’t need to disable Windows Defender’s firewall, but adding a comprehensive security suite provides crucial layers of protection against phishing, identity theft, and unsecured Wi-Fi that are essential for staying safe online today. Having another antivirus program can make sure you have real-time protection and access to the latest security features. Better to be safe than sorry!

Better security with Windows 11

From Windows 10, the upgraded Windows 11 introduces significant security enhancements, thanks to a more robust security architecture that applies stricter hardware requirements. Mandatory features such as Trusted Platform Module (TPM) 2.0, Virtualization-Based Security (VBS), and Secure Boot create a much stronger “secure-by-default” defense against attacks that target the boot process and system integrity.

However, this enhanced baseline security does not eliminate the need for more diligent protection. The vast majority of cyberattacks target the user, not the hardware. Cybercriminals still employ phishing emails, malicious downloads, and insecure websites to compromise your device, regardless of the operating system’s strength. While it’s true that Windows 11 has made great strides in security, the threat landscape has evolved even faster. Installing a multi-layered security solution remains a critical tool for proactively protecting your personal data and online activities.

Augmenting with a free antivirus

In Windows 11, you can augment the built-in Windows Defender with a free antivirus option, but it’s important to understand the trade-offs. Free antivirus solutions typically offer only basic malware protection and lack crucial features that are standard in paid suites, such as a secure VPN, identity monitoring services, advanced phishing protection, a password manager, and dedicated customer support. Some free software may also collect and sell your browsing data to third parties to generate revenue.

While free is tempting, investing in a paid suite with total protection provides peace of mind, knowing that all aspects of your digital life—from your device security to your personal identity and online privacy—are actively protected by an integrated, powerful solution.

Best practices for security on Windows

Using Microsoft’s built-in antivirus software can protect your Windows devices from viruses and malware. Follow these basic Windows Defender management steps:

• Accessing settings: You can access the Windows Security app (where Defender is managed) through the Start menu > Settings > Update & Security > Windows Security > Virus & threat protection.
• Running scans: Quick, Full, and Custom scans can be initiated through the Windows Security app.
• Checking for updates: Security intelligence updates can be checked for and downloaded manually within the Windows Security app.

Quick tips to stay more secure on Windows

• Always keep your Windows operating system and all applications updated.
• Trust your instincts and think twice before clicking on suspicious links or email attachments.
• Use a password manager to create and store strong, unique passwords for every account.
• Protect your privacy on public Wi-Fi by always using a trusted VPN.
• Go beyond basic antivirus with a solution that also protects your identity and privacy.

Keeping your 3rd-party antivirus with Windows 11

In most cases, you can retain your third-party antivirus when you move to Windows 11. Reputable antivirus providers ensure their software is fully compatible with new operating system releases. Before you upgrade to Windows 11, ensure your antivirus software is updated to the latest version. Your subscription should carry over to the new OS seamlessly.

The benefit of using a cross-platform security suite is that your license and protection extend beyond a single OS version. Whether you’re on Windows 10, Windows 11, a Mac, or a mobile device, your protection remains active and managed from a single account, avoiding the hassle of finding new software or purchasing new licenses every time you upgrade or change devices.

Essential antivirus features

Windows Defender provides a solid starting point of security for your computer, but it is good to reinforce that capability with a comprehensive solution. Antivirus protection programs available in the market today aren’t all created equal. When looking for the best antivirus software for your needs, here are some things to consider for your devices running on Windows 11.

• Compatibility across multiple operating systems: If you own a Windows personal computer, an iPhone, and a tablet that runs on Chrome, it helps to have an antivirus app that works across multiple operating systems. Many trusted premium protection services are compatible with Windows, Mac, iOS, and Android devices, allowing you to enjoy all your devices without losing protection.
• Protection against a variety of online threats: For greater cybersecurity, a reliable antivirus software should defend against a variety of online threats like viruses, spyware, and ransomware. Make sure your chosen antivirus software can alert you when it recognizes a risky link, website, or file.
• Easy to use: Functionality is another thing to consider, especially if you want to easily manage multiple devices. Opt for a suite that allows you to connect and manage all of your desktop and mobile devices from one single dashboard.
• Real-time and scheduled scanning: To keep your devices free from online threats, good antivirus software should be able to scan your files for threats 24/7, providing protection with real-time, on-demand scanning of files and applications.

McAfee’s capabilities for total protection

Today’s cybercriminals are relentlessly creating new threats every day to steal your identity, money, and personal data. Thinking of antivirus as just for viruses is outdated; modern security suites are about total digital wellness. McAfee+ was developed with an understanding of how cybercriminals operate. Our all-in-one protection includes:

• Virtual Private Network (VPN): A VPN is one of the biggest benefits of using a complete, third-party antivirus protection. When you use public Wi-Fi, it’s possible for a hacker to see your data. A VPN encrypts your data to protect it from prying eyes. It also conceals your device’s IP address and geolocation.
• Identity monitoring: Get 24/7 monitoring of your email addresses and bank accounts with up to $1 million in ID theft coverage. With early detection, an easy setup, and extensive monitoring (keeping tabs on up to 60 unique types of personal information), you can continue to live your best life online.
• Protection score: We’ll look at the health of your online protection and give you a protection score. We’ll also recommend how to address weak spots and improve your security.
• PC optimization: To speed up your online activities, McAfee PC Optimizer automatically blocks auto-play on pop-up videos to give you more bandwidth and save battery power. It also disposes of temporary files and cookies to free up disk space.
• Password manager: One good way to keep your data secure is to use strong passwords that are unique for each account. Our password manager generates complex passwords, stores them, and lets you access shared passwords on your mobile devices.

Safe digital habits to regularly observe

• Enable automatic updates: Ensure both Windows and your applications are set to update automatically. This is your first line of defense against exploits that target software vulnerabilities.
• Use a standard user account: For daily tasks, use a standard user account instead of an administrator account to limit the potential damage during a malware attack.
• Implement secure backups: Regularly back up your important files to an external drive or a secure cloud service to ensure you can recover your data in case of a ransomware attack.
• Activate multi-factor authentication (MFA): Enable MFA on all your important online accounts (email, banking, social media) for a powerful layer of security beyond just a password.
• Install comprehensive security software: Use a reputable, all-in-one security suite that provides an antivirus, firewall, VPN, and identity protection to cover all your security needs.

Final thoughts

Whether you’re using Windows 10 or the latest Windows 11, the built-in Microsoft Defender provides a good starting point for your device’s security. However, an antivirus is just one layer of security. To be truly protected from the full spectrum of today’s online threats, you need a more comprehensive approach. Adding a trusted security suite gains you layers of protection for your identity, privacy, and data that go far beyond basic antivirus defense.

When you install a third-party antivirus like McAfee Total Protection, it seamlessly takes over as the primary real-time protection provider, while Windows Defender can remain available for periodic scans, ensuring there are no conflicts. To check your security status, simply navigate to Windows Security > Virus & threat protection to see which provider is active.

For complete peace of mind, comprehensive solutions like McAfee Total Protection add critical features like a VPN for online privacy, identity monitoring, and protection for all your devices, not just your Windows personal computer.

The post Does Windows 10 or 11 Need Antivirus Software? appeared first on McAfee Blog.

If you find that your email has been hacked, your immediate reaction is probably wondering what you should do next. Take a deep breath before jumping into action. In this guide, we will take a look at the signs of a hacked email account, the steps to take to reclaim your email, and some proactive guidelines you can follow to keep it from getting hacked in the first place.

Hackers’ motivation for targeting your email

Hackers target your email accounts because they are treasure troves of information, containing years of correspondence with friends and family. Not to mention more emails from banks, online retailers, doctors, contractors, business contacts, and more. In all, your email packs a high volume of personal info in one place, making it a top prize for hackers.

Once a cybercriminal is in, they can cause personal chaos or obtain financial gain. Using the information they extract from your emails, they can scan your messages for sensitive information like bank account details, and commit identity theft. They can also take over your online accounts by using the forgot password feature, locking you out of your own social media, shopping, and financial profiles. Another common tactic is to send phishing emails to everyone in your contact list, exploiting your reputation to spread malware or scams. 

If you think, “my email has been hacked, how do I fix it?” understand that because many people reuse passwords, a single compromised email can give criminals the key to unlock numerous other services. This is precisely why a comprehensive service for identity theft monitoring is so crucial; it acts as a vigilant watchdog, alerting you to suspicious activity across your accounts so you can act fast.

Signs your email account is hacked

You can’t log into your email account

You go to check your email and find that your username and password combination has been rejected. You try again, knowing you’re using the right password, and still no luck. There’s a chance that a hacker has gotten hold of your log-in credentials, logged in, then changed the password, locking you out and gaining control of your account.

One of your contacts asks, “Did you really send this email?” 

Hackers compromise email accounts to spread malware on a large scale by blasting emails to everyone on your hacked contact list. If any one of your contacts opens that email attachment, that in turn shoots malware-riddled emails to dozens or hundreds of others. Some of those emails won’t sound or read like you at all, that your contacts might ask if this email really came from you. This is a good reason to never open attachments you weren’t expecting. If you get a strange email from a friend or business contact, let them know through another channel. You could be helping them flag their compromised email account.

Email hacking methods

• Phishing scams: Deceptive emails, texts, or messages trick you into revealing your login credentials on a legitimate-looking but fake website. These are designed to steal your password directly.
• Data breaches: Your email and password are often stolen from a less secure company you have an account with. Cybercriminals then test those stolen credentials on high-value targets like email services.
• Weak or reused passwords: Using simple, easy-to-guess passwords like “password123” or using the same password for multiple online accounts makes it easy for hackers to gain access once one account is breached.
• Credential stuffing: This is an automated attack where bots take massive lists of stolen usernames and passwords from data breaches and “stuff” them into login forms across the web, looking for accounts that reuse passwords.
• Malware infections: Malicious software, such as keyloggers or spyware, can infect your computer and secretly record your keystrokes, capturing your email password and other sensitive information as you type it.

Recover your email & strengthen your defenses

Your email is often the key to your digital life, so regaining control quickly is crucial. Below are the basic steps you can take to recover your email account safely and reinforce your defenses to prevent future takeovers.

Use your email provider’s recovery service

Many email providers have web pages dedicated to recovering your account in the event of a lost or stolen password. For example, Google provides this email recovery page for Gmail users and their other services. This is a good reason to keep your security questions and alternate contact info current with your provider, as this is the primary way to regain control of your account.

Change your password

Make it a strong, unique password and don’t reuse a password from another account. Next, update the passwords for other accounts if you use the same or similar passwords for them. Hackers count on people using simpler, less unique passwords across their accounts, or reusing passwords in general. A password manager that’s included with comprehensive online protection software can do that work for you.

Enable two-factor authentication

Several email services support two-factor authentication, which requires a PIN to log in aside from a username and password. If your service offers it, use it. This provides one of the strongest defenses against a hacked email account, and online accounts in general.

Check your other accounts

If someone has access to your email and all the messages in it, they might have what they need to conduct further attacks. Check your other accounts across banking, finances, social media, and other services you use and keep an eye out for any unusual activity. If these accounts offer two-factor authentication, use it on them as well.

Reach out to your email contacts

As quickly as you can, send a message to all your email contacts and let them know that your email was compromised. As well, let them know that you’ve reset your password so that your account is secure again. Instruct them not to open any emails or attachments from you during the time your account was compromised. This protects them from potential phishing scams and preserves your reputation.

Alert your email provider and authorities to the incident

Once you have re-secured your email account, you will need to report the incident to your email provider. This enables them to minimize the damage to you, investigate the attack, and protect others from suffering the same fate. Here are the steps you need to take:

1. Contact your email provider: Go directly to your provider’s official support or account recovery page. Do not use links from suspicious emails. Report the unauthorized access to help them investigate.
2. Reset security credentials: After regaining access, immediately review and reset your security questions and update your recovery phone number and alternate email address. This prevents the hacker from using them to get back in.
3. File an official report: In the U.S., file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov. This creates an official record of the incident and provides a personalized recovery plan.
4. Activate restoration services: If you suspect your personal information has been stolen, professional help is invaluable. McAfee’s Restoration Experts can guide you through the complex process of securing your identity, disputing fraudulent activity, and restoring your name.

Long-term email protection strategies

Protecting it requires more than quick fixes; it calls for consistent, long-term security practices. Here’s a quick guide that outlines key strategies to keep your email secure for the long haul.

• Set up smart email filters: Create rules within your email settings to automatically move suspicious-looking emails to your spam or trash folder. This reduces the chance you’ll accidentally click on a malicious link in a phishing attempt.
• Leverage comprehensive protection: Use an all-in-one security solution like McAfee+, which combines identity monitoring, privacy protection, and powerful antivirus software to safeguard your data and devices from multiple angles.
• Conduct regular account audits: At least once every few months, take a few minutes to review your account’s security settings, check connected third-party apps, and remove access for any services you no longer use or recognize. Also check for unauthorized changes to your signature or email filters.
• Run a full scan. Make sure you use a reputable and comprehensive antivirus program that protects computers, smartphones and tablets from malware.
• Monitor your credit reports: Regularly checking your credit report is a key way to spot a problem such as unauthorized accounts or financial inquiries immediately, before it becomes a bigger problem. In the U.S., you can check yours weekly at AnnualCreditReport.com.

Final thoughts

Your email account is one of the several pieces that make up the big picture of your online identity. Other important pieces include your online banking accounts, online shopping accounts, and so on. Without a doubt, these are matters you need to keep tabs on. Check your credit report for any signs of strange activity, or even if you don’t suspect a problem. Your credit report is a powerful tool for spotting identity theft. In many cases, it’s free to do so. 

With McAfee+, you can check yours any time you like as part of our identity and credit monitoring service. McAfee+ is engineered with powerful capabilities such as real-time protection against viruses, hackers, and risky links. It also automatically alerts you from scams attempts in texts, emails, and videos, to keep you a step ahead of financial fraud and misinformation across all your devices. In case of identity theft, McAfee+ also offers identity theft coverage and restoration services of up to $2 million to help you cover legal and other fees in case you need assistance in the wake of an attack or breach. 

Taking a step like this can help keep your email account safer from attacks, along with your other accounts.

The post My email has been hacked! What should I do next? appeared first on McAfee Blog.

As Amazon Prime Day approaches (July 8-11, 2025), millions of shoppers are gearing up for what promises to be one of the biggest online shopping events of the year. But while you’re hunting for deals, cybercriminals may be hunting for you. A recent devastating case from Montana serves as a stark reminder that not all “Amazon” calls are what they seem.

The $1 Million Nightmare: How It All Began

In April 2025, an elderly Missoula woman received what seemed like a routine customer service call. The caller claimed to be from Amazon’s fraud department and asked if she had recently purchased computer equipment. When she said no, the caller’s tone shifted to concern; they claimed her identity had been stolen, and immediate action was needed.

What followed was a masterfully orchestrated scam that would ultimately cost the woman nearly $1 million. The fake Amazon representative transferred her to what appeared to be the “Social Security Department,” where another scammer told her that her personal information had been linked to a money laundering investigation. To “protect” her funds, she was then connected to someone claiming to be a U.S. Marshal.

The supposed federal agent convinced her that the money in her bank accounts needed to be “legalized” to keep it safe from the criminals who had stolen her identity. Over multiple visits to her home, the woman handed over cash and gold to people she believed were federal agents protecting her life savings. Instead, she was systematically robbed.

The scam only unraveled when law enforcement, working with the victim, set up a sting operation. When 29-year-old Zabi Ullah Mohammed arrived for what he thought would be another pickup, police were waiting. They found nearly $70,000 in cash in his vehicle, along with airline tickets and rental car documents – evidence of a sophisticated, multi-state operation.

When Tariff Pressure Meets Scam Opportunity

This Montana case isn’t an isolated incident, it’s part of a growing trend that peaks during major shopping events like Prime Day. What makes this year particularly concerning is the economic backdrop driving consumer behavior.

With recently implemented tariffs now in effect, including 25% on certain goods from Canada and Mexico and additional levies on Chinese products, American households are feeling unprecedented financial pressure. Recent polling shows 73% of Americans expect significant price increases in the coming months, while economists project tariffs could cost the average household nearly $1,200 annually.

This economic anxiety is creating a perfect storm for scammers, as our research shows that 46% of shoppers plan to shop more during Prime Day specifically hoping to save money in light of tariff-related price hikes. Older consumers are particularly motivated by these concerns, with 68% of shoppers aged 65+ citing tariff worries as a key driver for increased online shopping – making them prime targets for sophisticated scams promising exclusive deals and savings.

“As inflation and tariffs push more people to hunt for deals, scammers are using generative AI to craft scams that are more polished, personal, and persuasive,” said Abhishek Karnik, Head of Threat Research at McAfee. “From retailer impersonations to hyper-realistic delivery scams, these threats are getting harder to spot. The good news is that the tools to fight back are getting smarter too. The best way to stay safe is to pause before you click, trust your instincts, and use AI-powered protection like McAfee’s Scam Detector to stay one step ahead.”

 

Figure 1. Examples of Amazon tariff and job scams

 

Figure 2. An example of a fake Amazon sign-in page.

 

 

Figure 3. Examples of Amazon phishing scams

 

The Scale of the Problem is Staggering

• 81% of Americans plan to shop online during Prime Day 2025, creating a massive target pool for scammers
• 15% of people have already fallen victim to online scams during Prime Day or similar major retail events.
• Among scam victims, a shocking 84% lost money, with nearly 1 in 4 losing over $500.
• While 89% of people report taking steps to stay safe, nearly two-thirds (65%) admit they’re not fully confident in their ability to spot a scam. That uncertainty is exactly what scammers are counting on. Designed to blend in with the shopping rush, today’s threats pressure people to click before they think.

The AI Threat is Real

• 56% of Americans are more concerned about AI-generated scams this year than last year, particularly during major shopping events like Prime Day.
• 36% of people have encountered deepfake scams involving fake celebrity endorsements during major sale events.
• Among those who encountered deepfake scams, 71% reported that they or someone they know lost money.

The Vulnerability Factor

Older adults are particularly at risk, with 68% of shoppers aged 65+ saying tariff-related concerns motivate them to shop more online, potentially making them targets for scams promising “deals.” Heavy shoppers face the highest risk, with 23% reporting being scammed during major sale events – more than double the rate of light shoppers. More than one-third (35%) of scam victims don’t tell anyone about being defrauded. The main reasons for staying silent include embarrassment (27%), not wanting to appear gullible (24%), and shame (9%).

The Youth Risk Factor

Younger shoppers are far more likely to take risks on unfamiliar brands — especially on social media. Nearly a quarter of 18–34-year-olds say they’re willing to buy from unknown retailers if the deal looks good, with 22% of 18–24s and 21% of 25–34-year-olds ready to click “buy now” on offers from unknown brands. In stark contrast, older adults (65+) show extreme caution, with only 1% willing to engage with unfamiliar advertisements.

Social Shopping Platforms: Convenience Meets Danger

That openness comes with a serious trade-off. Platforms like TikTok Shop and Instagram Shopping are fast becoming hotspots for scam exposure. Nearly 1 in 3 young shoppers say they’ve encountered deepfake videos of influencers promoting deals or products that turned out to be scams during past sale events, and of those, a staggering 71% say either they or someone they know lost money. With 29% of shoppers browsing TikTok Shop and 10% using Instagram Shopping, these social platforms have become both a go-to destination for deals and a growing cybersecurity risk. The seamless integration of shopping and social content makes it easier than ever for scammers to blend fraudulent offers with legitimate content, creating a perfect storm of vulnerability.

How to Protect Yourself This Prime Day

The good news? These scams are preventable if you know what to watch for and take the right precautions. Here’s your defense playbook:

Verify Before You Trust

• Amazon will never call you about suspicious account activity or unauthorized purchases
• Always log into your Amazon account directly through amazon.com to check for real issues
• Use Amazon’s Message Center – all legitimate communications from Amazon appear there
• Never give personal information, passwords, or payment details over the phone

Watch for Red Flags

• Urgent language demanding immediate action (“Your account will be closed in 24 hours!”)
• Requests for payment via gift cards, wire transfers, or cash
• Claims that you need to “verify” or “legalize” your money
• Transfers to “government agencies” during the same call
• Pressure to keep the call secret or not hang up

How to Protect Your Shopping Experience

• Enable two-factor authentication on your Amazon account
• Use strong, unique passwords or passkeys for your shopping accounts
• Only shop on secure websites (look for “https://” and the padlock icon)
• Monitor your bank and credit card statements regularly
• Never click links in suspicious emails – go directly to the retailer’s website instead.
• Use reputable online protection, such as McAfee’s Scam Detector to keep you safer from online shopping scams
• Trust your gut – if it feels too urgent or too good to be true, it probably is

While 89% of people plan to take specific safety steps during Prime Day, the sophistication of modern scams means we all need to stay vigilant. The Montana woman’s story shows how even intelligent, cautious people can fall victim to well-orchestrated psychological manipulation.

This Prime Day, remember that the best deal is the one that doesn’t cost you your life savings. Legitimate retailers will never pressure you to act immediately or ask you to pay with untraceable methods. When in doubt, hang up, take a breath, and verify independently. Your skepticism might just save your bank account, and your peace of mind.

Key Takeaway: Amazon, and most other retailers, will not ask you to provide sensitive information over the phone or request payment via gift cards, wire transfers, or cash. When shopping this Prime Day, if something seems suspicious, it probably is. Trust your instincts and verify independently.

The post How to Shop Safely During Amazon Prime Day appeared first on McAfee Blog.

Your dream vacation could become a nightmare if you fall for these sophisticated AI-powered scams. The travel industry is experiencing an unprecedented surge in AI-powered fraud. What started as simple fake booking websites has evolved into something far more sinister: criminals are now using artificial intelligence to clone the voices and identities of trusted travel agents, creating convincing impersonations that can fool even the most cautious travelers. 

Recent data paints a sobering picture. Booking.com reports a staggering 500 to 900 percent increase in travel scams over the past 18 months, largely driven by AI technology. McAfee research reveals that 30 percent of adults have either fallen victim to online travel scams or know someone who has while trying to save money on travel. 

The New Face of Travel Fraud: AI Voice Cloning

Gone are the days when scammers relied solely on poorly written emails with obvious typos. Today’s travel fraudsters are weaponizing AI voice cloning technology that requires as little as three seconds of audio to create a convincing replica of someone’s voice. Here’s how these sophisticated scams typically unfold: 

The Setup: Criminals research legitimate travel agents, tour operators, or booking specialists through social media, company websites, and online videos. They harvest voice samples from promotional videos, webinars, or even customer service recordings. 

The Clone: Using readily available AI tools—some costing as little as $5 to $10 per month—scammers create voice clones that perfectly mimic speech patterns, accents, and even emotional nuances of real travel professionals. 

The Hook: Armed with these cloned voices, criminals make convincing phone calls to potential victims, often claiming to represent established travel agencies or offering “exclusive” deals that create urgency to book immediately. 

Red Flags: How to Spot AI-Cloned Travel Agents 

While AI voice cloning technology has become incredibly sophisticated, there are still warning signs you can watch for: 

Listen for inconsistencies: Pay attention to unusual word choices, stilted language, or responses that seem rehearsed or robotic. AI-generated voices may struggle with emotional range or natural conversation flow. 

Verify through multiple channels: If someone claiming to be a travel agent unexpectedly contacts you, hang up and call the agency directly using a number you find independently—never redial the number that called you. 

Be wary of pressure tactics: Legitimate travel agents won’t pressure you to book immediately or demand payment through untraceable methods like wire transfers, cryptocurrency, or gift cards. 

Check for licensing and credentials: Ask for specific licensing information and verify it independently. Real travel agents are typically registered with industry organizations and local business bureaus. 

Beyond Voice Cloning: The Full Arsenal of AI Travel Scams

Voice cloning is just one weapon in the modern scammer’s arsenal. Criminals are also using AI to: 

Create convincing fake websites: AI tools can quickly generate professional-looking travel booking sites that mirror legitimate companies, complete with stolen branding and customer reviews. 

Generate fake reviews: AI-written testimonials can flood fake listings with glowing five-star reviews that seem authentic but are entirely fabricated. 

Produce deepfake videos: Some sophisticated scams now include video calls featuring AI-generated faces that can interact in real-time, making the deception even more convincing. 

Automate phishing campaigns: AI helps criminals create personalized emails and messages that target specific individuals based on their travel history and preferences. 

The Financial Impact: Why These Scams Are So Devastating

The financial consequences of AI-powered travel scams can be catastrophic. VPNRanks predicts that travel scam losses could reach $13 billion globally by 2025, with an average loss of nearly $1,000 per victim. Even more concerning, business travelers face a 65 percent higher risk of falling victim compared to leisure travelers. 

The sophistication of these scams means that even cybersecurity-savvy individuals can be caught off guard. In one notable case, a finance worker in Hong Kong was tricked by an AI-powered deepfake video call into transferring over $25 million to criminals who had used publicly available footage to impersonate multiple senior executives. 

How McAfee Protects You from AI-Powered Travel Scams

At McAfee, we understand that the same AI technology enabling these scams can also be our best defense against them. Our comprehensive McAfee+ protection suite includes several key features specifically designed to combat these emerging threats: 

McAfee Scam Detector: Our AI technology powers advanced scam detection that can identify suspicious patterns and behaviors. This includes recognizing potentially fraudulent communications before they reach you on text messages, email and even deepfake protection. 

Identity Monitoring and Alerts: Our comprehensive identity monitoring watches for signs that your personal information may have been compromised—a critical early warning system since scammers often research their targets extensively before launching attacks. 

Safe Browsing Protection: When you’re researching travel options online, our web advisor protection features block access to known malicious sites and warn you about suspicious domains in real-time. 

Personal Data Cleanup: We help remove your personal information from data broker sites that scammers often use to research potential victims, reducing your exposure to targeted attacks. 

Your Defense Strategy: Staying Safe in the Age of AI Scams

Protection against AI-powered travel scams requires a multi-layered approach combining technology, awareness, and smart practices: 

Verify independently: Always confirm travel arrangements through official channels. If someone calls claiming to represent a travel company, hang up and call the company directly using contact information from their official website. 

Be skeptical of urgency: Legitimate travel deals don’t require immediate action. Take time to research and verify any offer, especially if it involves upfront payments or personal information. 

Use secure payment methods: Avoid wire transfers, cryptocurrency, or gift cards for travel payments. Use credit cards that offer fraud protection and dispute resolution. 

Limit social media exposure: Be cautious about posting travel plans, photos, or videos that could provide scammers with material to clone your voice or research your activities. 

Trust your instincts: If something feels off about a conversation or offer, don’t ignore that feeling. It’s better to miss out on a potentially legitimate deal than fall victim to a sophisticated scam. 

The Road Ahead: Preparing for Future Threats

As AI technology continues to evolve, we can expect travel scams to become even more sophisticated. Future threats may include real-time deepfake video calls, AI-generated virtual travel agents with full conversational abilities, and hyper-personalized scams based on extensive data analysis. 

The key to staying protected is maintaining vigilance while leveraging advanced security tools. McAfee’s AI-powered protection evolves continuously to stay ahead of emerging threats, providing you with the most current defense against the latest scamming techniques. 

Your dream vacation should remain exactly that—a dream come true, not a financial nightmare. By staying informed about these threats and using comprehensive protection like McAfee’s identity and scam protection services, you can travel with confidence, knowing you’re protected against even the most sophisticated AI-powered fraud attempts. 

Remember: in our digital age, the best travel companion isn’t just a good guidebook—it’s robust cybersecurity protection that travels with you wherever you go.  

Ready to protect yourself from AI-powered scams? Learn how McAfee+ and its comprehensive identity theft protection and AI-powered scam detection is designed to keep you safe while traveling and beyond. 

The post How Criminals Are Using AI to Clone Travel Agents and Steal Your Money appeared first on McAfee Blog.

Ah, summer. The season of sun-soaked beaches, bucket list adventures, and Instagram-worthy Aperol Spritzes. For many, it’s also a time of new connections—whether it’s a whirlwind vacation romance, a flirtatious chat over sangria, or that handsome stranger who slides into your DMs while you’re posting travel pics. 

But while your heart may be on holiday, romance scammers are very much on the job. 

Every summer, there’s a spike in cybercrime that preys on people’s heightened emotions, loneliness, and lowered guard while traveling. Romance scams aren’t just the stuff of Netflix documentaries or embarrassing Reddit threads—they’re a multi-billion dollar business. In fact, in the U.S. alone, consumers reported losing $1.3 billion to romance scams in 2023, according to the FTC. And those are just the ones who reported it. 

Whether you’re vacationing in Ibiza or just swiping Tinder in Tuscany, here’s what you need to know to keep your love life and your bank account scam-free this summer. 

Why Summer Travel Is Peak Romance Scam Season

Let’s break down the perfect storm: 

1. You’re relaxed, open, and more trusting. 
2. You’re sharing your location and travel plans publicly. 
3. You’re looking for connection—romantic or otherwise. 
4. And you may be unfamiliar with local customs or risks. 

Scammers love this combo. It gives them everything they need to make you feel special, disarmed, and emotionally invested—before making their move. 

And don’t think these scams are limited to dating apps. They happen on Facebook, Instagram, TikTok, WhatsApp, Airbnb experiences, and yes, even LinkedIn. Love (and deception) finds a way. 

Classic Romance Scam Red Flags (Even While Abroad)

No matter where you are in the world, these red flags are global. If your new summer fling is showing any of these signs, take a step back before you step deeper in: 

They move too fast.
They say they love you after two days. They want to video call all the time. They talk about marriage before you’ve even exchanged last names. Classic sign of love bombing. 

They avoid meeting in person or always have a reason to cancel.
Even if you’re in the same city, they’ll say they’re stuck at customs, quarantining, or detained by border patrol (yes, really). This isn’t just shady—it’s scripted. 

They need money—urgently.
Hospital bill. Stolen passport. Emergency flight. Sick relative. Whatever it is, it’s always an emergency and always comes with a request for money, gift cards, or cryptocurrency. 

They ask you to keep the relationship private.
“Let’s keep this just between us.” Translation? “Please don’t tell your smarter friends who would spot me a mile away.” 

They want to take the chat off-platform.
If someone you met on a dating app pushes you onto WhatsApp, Telegram, or a private email chain quickly, it’s a red flag. 

How to Spot Travel Triggered Romance Scams

Summer brings out some unique variations on the classic romance scam, here are a number of the common types of travel romance scams. 

The “Travel Buddy” Scam
You meet someone on a travel app or forum who wants to join your trip. They seem cool—until they ghost you after you book everything in their name. Or worse, they show up and mooch off you the entire time. 

The “Local Lover” Scam
A charming local sweeps you off your feet. They say they want to visit you in your home country, but need help with a visa fee, plane ticket, or travel insurance. 

The “Digital Dater” Abroad
You’re on vacation and your dating app blows up with matches. Coincidence? Hardly. Scammers geo-fence popular tourist zones because they know travelers are emotionally available and often disconnected from their usual guardrails. 

The “Crypto Casanova”
You match with someone on a dating app who subtly mentions they’ve made loads of money on crypto. Soon, they offer to help you invest. Spoiler alert: the platform they send you to is fake. Your money is gone, and so are they. 

McAfee’s Top Ten Tips to Protect Your Heart and Wallet While Traveling

You don’t have to be a digital hermit on your holiday. But you do need a bit of cyber street smarts. Here’s how to travel (and flirt) safely: 

1. Keep Your Personal Info Private

No sharing your hotel, flight info, or travel itinerary with someone you just met online. And definitely don’t post your boarding pass or hotel room number on socials. 

2. Don’t Send Money—Ever.

Not for flights, food, phone credit, visas, crypto, or “emergencies.” If someone asks for money, it’s a scam. Every. Single. Time. 

3. Reverse Image Search Their Photos

If someone seems too good to be true, screenshot their profile pics and run a reverse image search. If they’re stolen from a model or influencer, you’ll know quickly. 

4. Use Dating Apps with Built-In Safety Features

Stick with apps that offer verified profiles, video chat, and in-app messaging. The more friction between you and scammers, the better. 

5. Trust Your Gut but Also Your Brain

If something feels off, it probably is. Don’t let the vacation buzz cloud your common sense. 

6. Watch for Time Zone Gaps

If someone claims to be in Paris but always replies at 3 a.m. Paris time? Red flag. 

7. Stay Sober, Stay Sharp

A few too many cocktails and you’re more likely to miss signs of manipulation or send info you shouldn’t. Scammers love an intoxicated target. 

8. Tell a Friend

Let someone back home know who you’re talking to. Share screenshots if necessary. Having a second pair of eyes can save you. 

9. Be Cautious About Wi-Fi

Don’t send sensitive messages, share banking info, or access dating apps over public Wi-Fi. Use a VPN like McAfee Secure VPN if you must connect while on the go. 

10. Know When to Walk Away

Romantic attention can feel flattering—especially if you’re traveling solo. But don’t confuse flattery with trust. If someone’s pushing boundaries, bail. 

What to Do If You Think You’re Being Scammed

If your gut’s screaming “scam,” don’t ignore it. Cut contact immediately. Don’t argue, don’t explain. Just block and move on. 

Report them to the platform.
Whether it’s a dating app or social media site, reporting helps stop them from targeting others. 

Tell your bank if you sent money.
They may be able to freeze a transaction or help with fraud recovery. 

Talk to someone.
Shame is what scammers count on. Speak up. You are not alone, and you are not stupid. 

Final Thoughts: Love Doesn’t Ask for Your Bank Details

Look, summer romance can be amazing. I’m not here to kill the vibe. But don’t confuse intensity for intimacy, especially when someone is operating behind a screen. If you’re lucky, your summer fling ends with a postcard and a good story. If you’re not careful, it could end with an empty bank account, a broken heart, and a bruised ego. 

Be bold. Be open. But above all be smart. McAfee’s Scam Detector, can help in the fight against scammers. Our scam detector catches suspicious text messages so you can reply with confidence.  We’ll filter out risky emails and phishing attempts so your inbox stays secure. With our leading, cutting-edge protection, we’ll spots deepfake videos so you can stay ahead of misinformation. Love doesn’t need to be transactional. And real connections don’t pressure, isolate, or guilt-trip. This summer, protect your heart like your passport: with care, vigilance, and just the right amount of suspicion. 

 

The post Love, Lies, and Long Flights: How to Avoid Romance Scams While Traveling This Summer  appeared first on McAfee Blog.

Summer is synonymous with vacations, a time when families pack their bags, grab their sunscreen, and embark on exciting adventures. In the digital age, smartphones have become an indispensable part of our lives, serving as cameras, maps, entertainment hubs, and communication tools. While these devices enhance our travel experiences, they also become prime targets for theft or damage while we’re away from home. From keeping us connected with family and friends, assisting in navigation, capturing moments, to even helping us with language translation – it is a device of many conveniences. However, when you bring your smartphone while vacationing, like any other valuable item, it becomes a target for theft and damage. Not to mention the potential for high roaming charges.

Don’t let the fear of losing or damaging your valuable devices dampen your vacation spirit! By taking some simple precautions and implementing effective strategies, you can ensure that your family’s smartphones remain safe and secure throughout your travels. In this blog post, we’ll share essential tips and tricks for safeguarding your devices, so you can focus on creating unforgettable memories without any tech-related worries. This article will provide you with tips on how to protect your family’s smartphones while on vacation. We will cover strategies like enabling security settings, backing up data, checking for travel insurance policies, and utilizing helpful apps. Ensuring the safety of your devices will make your vacation more enjoyable and worry-free.

Smartphone Safety During Vacation

Traveling without smartphones seems almost impossible. However, having them on vacation puts them at risk. In tourist hotspots, where distractions are many, it is easy to lose or have your device stolen. Moreover, using public Wi-Fi networks can expose your smartphone to cyber attacks.

→ Dig Deeper: The Risks of Public Wi-Fi and How to Close the Security Gap

Therefore, it is vital to be proactive in securing both your smartphones and the data they contain. Not only will it save you from the high costs of replacing a lost or damaged phone, but it also prevents potential misuse of personal and financial information. Implementing even just a few of these safety measures can help ensure your family’s smartphones are well-protected during your vacation. So let’s dive into the practical steps you can take.

Step 1: How To Protect Your Smartphone

1. Invest in Protective Gear: Equipping each device with a sturdy case and screen protector can significantly reduce the risk of damage due to accidental drops or impacts.
2. Protect Your Devices: Whether you protect yours through a mobile security app or as part of the multi-device coverage that comes with your comprehensive security software, mobile protection can alert you of threats and unsecured networks while also adding in the protection of a VPN. 
3. Regularly Backup Data: Back up photos, contacts, and other essential data to cloud storage or a computer. This ensures that precious memories and information are not lost in case of theft or damage.
4. Enable Tracking Features: Activate “Find My Phone” or similar features on each device. These tools can help locate a lost or stolen device and even remotely erase its data if necessary.
5. Exercise Caution with Public Wi-Fi: Public Wi-Fi networks can be vulnerable to hackers. Avoid using them for sensitive activities like online banking. If necessary, utilize a Virtual Private Network (VPN) for added security.
6. Establish Phone Usage Guidelines: Discuss responsible phone use with children, setting clear expectations and limitations. Encourage them to unplug and fully engage in the vacation experience.
7. Designate a Secure Storage Location: Establish a designated area in your hotel room or vacation rental for storing phones when not in use. This prevents misplacement and reduces the risk of theft.
8. Maintain a Low Profile: Avoid openly displaying expensive devices, particularly in crowded areas or unfamiliar surroundings. Discreetness can deter potential thieves.
9. Consider Insurance Coverage: Depending on your existing insurance policies, you may have coverage for mobile devices. Alternatively, explore dedicated device insurance for added protection.
10. Prioritize Family Time: Remember, the primary purpose of vacation is to connect with loved ones and create lasting memories. Encourage everyone to put down their phones and fully immerse themselves in the experience.

Step 2: Protecting Your Smartphone Physically

The first layer of protection for your phone should be a physical one. It starts with investing in a good quality, durable phone case. A waterproof case is always a good idea, especially if you’re planning on vacationing near the beach or a pool. A screen protector can also keep your screen from shattering or getting scratched. Remember, you’re more likely to drop your phone while on vacation as you juggle through maps, travel apps, and numerous photo opportunities.

Another aspect of physical protection is to be mindful of where you store your phone. Avoid leaving it in plain sight or unattended, which could invite potential thieves. Instead, carry it in a secure, zipped pocket or bag. If you’re staying at a hotel, consider using the safe to store your phone when not in use. Most importantly, be aware of your surroundings and keep your phone safely tucked away in crowded places.

McAfee Pro Tip: Activating the correct features can determine whether your personal data is lost permanently or if your device can swiftly recover. Install McAfee Mobile Security and learn more tips on what to do if your phone gets stolen on this blog.

Step 3: Data Protection and Privacy

Safeguarding your phone is not just about protecting the physical device—your personal and sensitive data deserves protection too. Before you leave for your vacation, make sure that your phone is password-protected. Optimally, use a complex password, fingerprint, or face recognition feature instead of a simple four-digit PIN. This singular step can deter any prying eyes from accessing your information if your phone is lost or stolen.

Ensure your phone’s software is up to date. Regular updates not only enhance the device’s performance but also incorporate vital security patches, fortifying its defenses against potential threats like malware. By staying vigilant and keeping your phone’s software current, you contribute to a more secure environment, minimizing the risk of unauthorized eyes accessing your valuable information in the event of a loss or theft.

Step 4: Backup Your Data

Backing up your smartphone’s data before leaving for vacation can save you from a lot of stress. In case of loss, theft, or damage, having a backup ensures that you won’t lose your cherished photos, contacts, and other essential data. Most smartphones allow you to back up your data to the cloud. Make sure to do this over a safe, secure network and not on public Wi-Fi.

For Android users, Google provides an automatic backup service for things like app data, call history, and settings. You can check if this feature is enabled on your phone by going to the Google Drive App and checking in the Backups section. For iPhone users, iCloud Backup can help save most of your data and settings. To enable it, go to Settings, tap on your name, then tap iCloud and scroll down to tap iCloud Backup.

Step 5: Understand and Manage Roaming Charges

Without proper management, staying connected while abroad can result in expensive roaming charges. Before you leave, check with your mobile provider to understand the costs associated with using your phone abroad. Some providers offer international plans that you can temporarily switch to for your vacation. If your provider’s charges are too high, consider purchasing a local SIM card once you arrive at your destination or use an international data package.

Another way to avoid roaming charges is by using Wi-Fi. Most hotels, cafes, and many public spaces have free Wi-Fi available. However, again, public Wi-Fi is not always safe. So, avoid accessing sensitive information such as bank accounts, and before traveling, download maps and essential content before traveling to reduce the need for constant data usage. This is especially helpful for navigation apps. To protect your data in such situations, it’s advisable to use a Virtual Private Network (VPN).

Step 6: Utilize Helpful Apps

Several apps can help protect your phone and its data during your vacation. Most smartphone operating systems offer a “Find My Phone” feature that can locate, lock, or erase your device if it is lost or stolen. Make sure this feature is enabled before you leave.

Again, antivirus apps can provide an extra layer of protection against virus and malware threats. Password manager apps can help you create and store complex, unique passwords for your accounts to enhance security.

VPN apps can protect your data from being intercepted when using public Wi-Fi networks. There are also apps that monitor your data usage and can alert you if you’re near your limit to avoid unexpected charges. Research and install these apps prior to your vacation for added security and peace of mind.

Final Thoughts

Your family’s smartphones are essential travel companions that deserve as much protection as any other valuable item during your vacation. By physically safeguarding the device, securing your data, backing up regularly, understanding roaming charges, and utilizing productive apps, you can enjoy a worry-free vacation. Remember, in the event of a mishap, having travel insurance can provide an extra layer of financial protection. So, before setting off, review your policy and check if it covers lost or stolen devices. In the end, preparation is key, so take the time to implement these safety measures and enjoy your vacation with peace of mind.

Above and beyond security settings and software, there’s you. Get in the habit of talking with your child for a sense of what they’re doing online. As a mom, I like to ask them about their favorite games, share some funny TikTok clips or cute photos with them, and generally make it a point to be a part of their digital lives. It’s great, because it gives you peace of mind knowing what types of things they are doing or interactions they are having online. 

For those of you hitting the road in the coming weeks, enjoy your travels, wherever they take you! 

The post How To Protect Your Family’s Smartphones While on Vacation appeared first on McAfee Blog.

In a significant security incident, Coinbase, a leading cryptocurrency trading platform, recently disclosed a data breach impacting nearly 70,000 users. This breach, attributed to “insider wrongdoing,” exposed sensitive personal information. This post details how the breach occurred, what data was compromised, and, most importantly, provides crucial steps you can take to protect yourself from potential follow-on attacks and identity theft.

This comprehensive guide will delve into the specifics of this breach: how the “insider wrongdoing” facilitated the attack, precisely what information was exposed, and the immediate, actionable steps you can take to safeguard your digital assets and personal identity in the wake of this incident.

What Happened in the Coinbase Breach?

According to a filing with the Office of the Maine Attorney General, which mandates public disclosure for such incidents, a total of 69,461 individuals were affected by this breach. The incident itself occurred on December 26, 2024, though the first signs of the compromise were only detected on May 11, 2025. This timeline is not uncommon for data breaches, as it can often take months for criminal activity to be fully uncovered.

Coinbase’s official statement details the progression of the breach:

Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users. Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up.

In a firm stance against such criminal activity, Coinbase has publicly refused to pay the ransom. Instead, the company has established a substantial $20 million reward fund, offering it for information that leads to the arrest and conviction of the attackers responsible.

What Information Was Stolen in the Coinbase Data Breach?

The attackers gained access to a range of sensitive user data. According to Coinbase, the compromised information includes:

• Personal Identifiers: Names, physical addresses, phone numbers, and email addresses.
• Financial Data (Masked): Masked Social Security numbers (last 4 digits only) and masked bank account numbers, along with some bank account identifiers.
• Identity Documents: Images of government-issued IDs (e.g., driver’s licenses, passports).
• Account Activity: Snapshots of account balances and transaction history.
• Limited Corporate Data: Documents, training materials, and communications accessible to support agents.

Crucially, Coinbase has confirmed that the attackers did not gain access to the following critical elements:

• Login credentials or two-factor authentication (2FA) codes.
• Private keys associated with user wallets.
• Any direct ability to move or access customer funds.
• Access to “Coinbase Prime” accounts.
• Access to any Coinbase or Coinbase customer hot or cold wallets.

What is Coinbase Doing About the Breach of Customer Information?

To summarize the company’s own words, they’re “protecting their customers and standing up to extortionists” by taking several steps. Highlights of their response include:

• Affected Account Holder Notifications: Email notifications were dispatched to all affected account holders on May 15, 2025. Furthermore, “flagged accounts now require additional ID checks on large withdrawals and include mandatory scam-awareness prompts.”
• Enhanced Defenses: The company is significantly increasing its investment in insider-threat detection and automated response systems. They are also “simulating similar security threats to find failure points in any internal system.”
• Securing Support Operations: Coinbase plans to open a new support hub within the U.S. and implement “stronger security controls and monitoring across all locations.”

Additionally, Coinbase is actively collaborating with law enforcement agencies and intends to pursue criminal charges against the insiders involved, who were reportedly terminated immediately upon discovery of their involvement.

What Will Scammers Do With the Stolen Coinbase Information?

For one, the people holding the stolen data apparently attempted to extort the company—a ransom that the company says it will not pay, as covered above. With that, there’s the possibility the people involved might turn to other buyers or release the info on the dark web, whether for sale or for free.
As with any breach, expect follow-on scams in the wake of this breach, as a potential wave of scammers might pose as Coinbase employees. Some might use the stolen info to make the scam sound more credible, some might not. Regardless, this attack calls for extra vigilance on the part of Coinbase users and crypto holders in general.
Coinbase offered specific guidance for its users, which we’ll add to—all so Coinbase users and crypto traders in general can stay safer.

Coinbase suggests:

• Turn on withdrawal allow listing —Only permit transfers to wallets that you are confident you fully control and where the seed phrase is secure and was not provided to you or shared with anyone.
• Enable strong two-factor authentication —Hardware keys are best.
• Hang up on imposters —Coinbase will never ask for your password, 2FA codes, or to move funds to a “safe” wallet.
• Lock first, ask later —If something feels off, lock your account in-app and email security@coinbase.com.

McAfee’s Essential Safeguards

Beyond Coinbase’s advice, McAfee offers robust solutions to further protect yourself:

Protect yourself from scammers

• McAfee Scam Detector: Our advanced Scam Detector technology is designed to identify and block scams across text messages, emails, and videos. This is particularly crucial after a breach, as scammers might send bogus “account alerts” with links to phishing sites. Scam Detector automatically detects these threats and blocks risky links, even if you accidentally click them.

• Reduce Your Digital Footprint: Limit the amount of personal information available to scammers. The more details they have about you, the more credible their phishing attempts can appear.

• McAfee Personal Data Cleanup: Many scammers gather information from data broker sites. Our Personal Data Cleanup service scans the riskiest data broker sites, identifies where your personal information is being sold, and, depending on your McAfee+ plan, can help you remove it.

• McAfee Social Privacy Manager: Social media platforms are notorious for being a source of personal information for scammers. McAfee Social Privacy Manager allows you to adjust over 100 privacy settings across your social media accounts in just a few clicks, significantly enhancing your online privacy.

These features are all included in our comprehensive McAfee+ plans.

How to Protect Yourself from Identity Theft

Follow-on attacks after data breaches often involve identity theft. With pieces of personal info that they can puzzle together, thieves then try to open new accounts, lines of credit, and so forth in someone else’s name. Protection like the following, also included in our McAfee+ plans, can keep you safer.

Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. Meanwhile, Security Freeze can prevent unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name.

And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

Additionally, Identity Monitoring scans the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. It helps keep your personal info safe, with early alerts if your data is found on the dark web, an average of 10 months ahead of similar services.

The Coinbase data breach serves as a stark reminder of the persistent threats in the digital world. While Coinbase is taking steps to address the breach, proactive personal security measures are paramount. By implementing the recommendations from both Coinbase and McAfee, you can significantly reduce your risk of falling victim to scams and identity theft. Stay vigilant, secure your accounts, and protect your digital life.

The post How to Protect Your Crypto After the Coinbase Breach appeared first on McAfee Blog.