Get Surfshark One+ with Incogni for $91.99 (reg. $500.40) and cover VPN, alerts, antivirus, and data removal.
The post What If Your Digital Footprint Could Shrink? appeared first on TechRepublic.
Discover the 9 most dangerous identity-based threats in 2026, from AI phishing attacks and deepfake authentication bypass to MFA fatigue and harvest-now-decrypt-later quantum threats. Learn why legacy authentication fails against each one and how phishing-resistant, passwordless authentication changes the equation.
The post 9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing) appeared first on Security Boulevard.
Explore the 15 most expensive credential stuffing attacks of the decade. Learn the critical authentication lessons to protect your business from account takeover.
The post 15 Costliest Credential Stuffing Attack Examples of the Decade (and the Authentication Lessons They Teach) appeared first on Security Boulevard.
This week in scams, three headlines tell the same story: attackers are getting better at manipulating people, not just breaking into systems. We’re seeing a wave of intrusions tied to social engineering, a major delivery platform confirming a breach amid extortion claims, and a big tech headline that has a lot of people rethinking how apps handle their data.
Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so you can spot risk earlier and avoid getting pulled into someone else’s playbook.
Let’s get into it.
The big picture: Several major brands were hit by cybersecurity incidents tied to social engineering tactics like phishing and vishing.
What happened: Bloomberg reported that Bumble, Match Group, Panera Bread, and CrunchBase each confirmed incidents.
Bumble said a contractor account was compromised in a phishing incident, which led to brief unauthorized access to a small portion of its network, and said its member database, accounts, messages, and profiles were not accessed.
Panera said an attacker accessed a software application it used to store data, and said the data involved was contact information.
Match said the incident affected a limited amount of user data, and said it saw no indication that user logins, financial information, or private communications were accessed.
CrunchBase said documents on its corporate network were impacted, and said it contained the incident.
According to Bloomberg, cybersecurity firm Mandiant has also warned about a hacking campaign linked to a group that calls itself ShinyHunters. The group is using vishing, which means scam phone calls, to trick people into giving up their login information. Once attackers get those logins, they can access cloud tools and online work systems that companies use every day. The group has said they are behind some of these recent attacks, but that has not been independently confirmed.
Red flags to watch for:
Calls that pressure you to approve a login, reset credentials, or share a one-time code
Messages posing as IT support, a vendor, or “security” that try to rush you
MFA prompts you did not initiate
“Quick verification” requests that bypass normal internal processes
How this works: Social engineering works because it blends into normal life. A convincing message or call gets someone to do one small “reasonable” thing. Approve a prompt. Read a code. Reset access. That is often all an attacker needs to get inside with legitimate credentials, then pivot into the tools where valuable data lives.
Ok, we know this is called “This Week in Scams” but this is also a cybersecurity newsletter. So when the biggest tech and privacy headline of the week is TikTok updating its privacy policy, we have to talk about it.
The big picture: TikTok’s updated terms and privacy policy are raising fresh questions about what data is collected, especially around location.
What happened: TikTok confirmed last week that a new U.S.-based entity is in control of the app after splitting from ByteDance earlier this year. That same day, CBS reported TikTok published updated terms and a new privacy policy, which prompted backlash on social media.
CBS reported that one major point of concern is language stating TikTok may collect precise location information if users enable location services in device settings. This is reportedly a shift from previous policy language, and TikTok said it plans to give U.S. users a prompt to opt in or opt out when precise location features roll out.
According to CBS, some users are also concerned the new privacy policy would allow the TikTok to more easily share their private data with the federal and local government.
That fear is based on a change in policy language stating that TikTok “processes such sensitive personal information in accordance with applicable law.”
A quick, practical takeaway: This is a good reminder that “privacy policy drama” usually comes down to one thing you can actually control: your app permissions.
What to do (general privacy steps):
Check your phone settings for TikTok and confirm whether location access is Off, While Using, or Always.
If your device supports it, consider turning off precise location for apps that do not truly need it.
Do a quick permission sweep across social apps: location, contacts, photos, microphone, camera, and Bluetooth.
Make sure your account is protected with a strong, unique password and two-factor authentication.
Note: This is not a recommendation about whether to keep or remove any specific app. It’s a reminder that your device settings matter and they are worth revisiting.
The big picture: Even when a company says payment details were not affected, a breach can still create risk because stolen data often gets reused for phishing.
What happened: According to BleepingComputer, Grubhub confirmed unauthorized individuals downloaded data from certain systems and that it investigated, stopped the activity, and is taking steps to strengthen security. Sources told BleepingComputer the company is facing extortion demands tied to stolen data. Grubhub said sensitive information like financial details and order history was not affected, and did not provide more detail on timing or scope.
Red flags to watch for next: Breach headlines are often followed by scam waves. Be on alert for:
“Refund” or “order problem” emails you did not request
Fake customer support messages asking you to verify account details
Password reset prompts you did not initiate
Links to “resolve your account” that don’t come from a known, official domain
How this works: Customer support systems can contain personal details that make scams feel real. Names, emails, and account notes are often enough for attackers to craft messages that sound like legitimate help, especially when the brand is already in the news.
The big picture: Some browser extensions that look like normal workplace tools are actually designed to hijack accounts and lock users out of their own security controls.
What happened: Security researchers told Fox News that they uncovered a campaign involving malicious Google Chrome extensions that impersonate well-known business and human resources platforms, including tools commonly used for payroll, benefits, and workplace access.
Researchers identified several fake extensions that were marketed as productivity or security tools. Once installed, they quietly ran in the background without obvious warning signs. According to Fox News, Google said the extensions have been removed from the Chrome Web Store, but some are still circulating on third-party download sites.
How the scam actually works: Instead of stealing passwords directly, the extensions captured active login sessions. When you sign into a website, your browser stores small files that keep you logged in. If attackers get access to those files, they can enter an account without ever knowing the password.
Some extensions went a step further by interfering with security settings. Victims were unable to change passwords, review login history, or reach account controls. That made it harder to detect the intrusion and even harder to recover access once something felt off.
Why this matters: This kind of attack removes the safety net people rely on when accounts are compromised. Password resets and two-factor authentication only help if you can reach them. By cutting off access to those tools, attackers can maintain control longer and move through connected systems with less resistance.
What to watch for:
Browser extensions you don’t remember installing
Add-ons claiming to manage HR, payroll, or internal business access
Missing or inaccessible security settings on accounts
Being logged into accounts you did not recently open
A quick safety check: Take a few minutes to review your browser extensions. Remove anything unfamiliar or unnecessary, especially tools tied to work platforms. Extensions have deep access to your browser, which means they deserve the same scrutiny as any other software you install.
Be skeptical of “helpful” tools. Browser extensions, workplace add-ons, and productivity tools can have deep access to your accounts. Only install what you truly need and remove anything unfamiliar.
Treat calls and prompts with caution. Unexpected login requests, MFA approvals, or “IT support” outreach are common entry points for social engineering. If you didn’t initiate it, pause and verify.
Review app and browser permissions. Take a few minutes to check what apps and extensions can access your location, accounts, and data. Small changes here can significantly reduce risk.
Protect your logins first. Use strong, unique passwords and enable two-factor authentication on email and work-related accounts. If attackers get your email, they can reset almost everything else. McAfee’s Password Manager can help you create and store unique passwords for all of your accounts.
Expect follow-up scams after headlines. When breaches or policy changes make the news, scammers often follow with phishing messages that reference them. Extra skepticism in the days and weeks after a story breaks can prevent bigger problems later.
The post This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion appeared first on McAfee Blog.
As Harry Styles concert tickets go on sale for his first tour in years, cybersecurity experts warn that the same excitement driving ticket registrations and social chatter will also drive a spike in ticket scams across social media, email, and text messages.
“When demand spikes around a major tour, ticket scams spike too,” said Abhishek Karnik, Head of Threat Research at McAfee. “We saw this during recent major ticket releases, including the Oasis reunion, when McAfee Labs identified more than 2,000 suspicious ticket listings online.”
“Scammers take advantage of the urgency fans already feel, and the fear of missing out, inserting themselves into social posts, DMs, and text threads with offers that sound normal and believable,” Karnik added.
“Avoid interacting with unknown sellers, especially when offers are made over social media,” Karnik said. “Payments made via wire transfers, cryptocurrency, gift cards, or peer-to-peer platforms like Venmo or Zelle are often not recoverable, which is why it’s safer to buy directly from official ticketing sites or well known resale platforms.”
Styles announced Together, Together on January 22, marking his first tour since 2023.
The residency-style run spans seven cities worldwide: Amsterdam, London, São Paulo, Mexico City, New York, Melbourne, and Sydney. Shows begin in May and continue through December.
New York City is the only North American stop, making competition for tickets especially intense for U.S. fans. In fact, a record-breaking 11.5 million people have already registered for ticket information to attend the Madison Square Garden stop alone. For context, the capacity for that venue is just 19,500 people.
According to The Hollywood Reporter, that means just 5% of people who signed up for U.S. tickets will be able to buy them when they go on sale this week.
American Express access presale ticket sales are already live, and Ticketmaster is the primary platform handling official sales.
The rest of the Together, Together tour tickets will be released in two stages:
That staggered release schedule matters. Multiple on-sale moments mean repeated waves of urgency, which scammers often mirror with fake “last chance” messages, counterfeit presale links, or impersonations of ticketing platforms and customer support.
Ticket prices range widely by seat location and package, with outlets reporting lower prices starting in the $100 range. However, premium seats climb past $1,000. According to Forbes, the average ticket price of his 2022 tour was $113.
That context matters, because it helps fans recognize the biggest red flag in ticket fraud: a too-good-to-be-true price.
If you are seeing “floor seats for $50” while reputable platforms are showing far higher prices for comparable sections, that is not a deal. It is a hook for a scammer.
Ticket scams rarely start with “Buy my fake ticket.” They start with the conditions that make people easy to rush: too much noise, too many messages, and too little time to verify what’s real.
McAfee’s State of the Scamiverse survey of 7,500 consumers found people now receive 14 scam messages per day on average, and spend a “time tax” of 114 hours a year sorting real from fake. In that environment, criminals don’t need you to be careless. They just need you to be busy. And major ticket drops create the perfect opening: high demand, fast-moving queues, and price shock that makes a “good deal” feel like something you have to grab immediately.
What’s changed is that scams don’t even need a link anymore. The report found more than 1 in 4 people (26%) say suspicious social messages now arrive without a URL, and 44% admit they reply to those linkless DMs anyway, often triggering the next step of the scam. That’s the blueprint behind many ticket scams today: a believable message, a quick pivot to payment, and pressure to move fast before you can verify.
Below are among the most common ticket-scam patterns to watch for, and exactly how they play out.
Ticket fraud is when someone advertises tickets, takes payment, and delivers nothing, or delivers tickets that do not work at the door. This includes fake screenshots, fake confirmation emails, and counterfeit QR codes.
How it plays out:
A resale duplication scam happens when the scammer sells the same ticket to multiple buyers. Sometimes the scammer has one legitimate ticket and sells it repeatedly. Sometimes they have none and simply reuse the same screenshot.
How it plays out:
A phishing scam is a message designed to trick you into clicking a link or sharing personal information. Ticket phishing often pretends to be from Ticketmaster, a venue, a presale program, or customer support.
How it plays out:
Modern phishing messages can look polished and grammatically clean, which is why relying on spelling errors is no longer a reliable defense.
A cloned ticket website is a fake site made to look like a legitimate seller. These sites are built to capture your payment info, personal data, or both.
How it plays out:
A ticket transfer scam exploits the fact that many tickets are digital and transferable. A related risk is account takeover, where scammers steal your ticketing login and transfer tickets out of your account.
How it plays out:
A fake customer support scam is when scammers pose as a company’s help desk, often after you post publicly that you need help.
How it plays out:
Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in, someone nearby claimed to have extra tickets.
The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets.
Minutes later, he sent the full $280.
“I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.”
The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him.
Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show.
“I sent $280 and got blocked. We never made it inside.”
What makes Henry’s experience so common is not the platform. It is the pattern:
Use these red flags as a reality filter:
| Red Flag | What It Looks Like in Real Life |
| Price mismatch | Tickets priced far below or far above comparable listings on official or verified resale platforms. |
| Urgency tactics | Messages pushing “last chance,” “only today,” or claiming someone else is about to buy. |
| Unprotected payment requests | Asking for wire transfers, cryptocurrency, gift cards, or peer-to-peer payments to strangers. |
| Off-platform pressure | Requests to move the transaction to text, DMs, or email instead of using an official site. |
| Refusal to verify tickets | Sellers unwilling to use a verified resale platform or provide proof that can be independently confirmed. |
| Suspicious links | Shortened URLs, unusual domains, or ticket links sent through direct messages. |
If you want the simplest rule: buy through official ticketing and verified resale platforms that offer buyer protection. Scammers can create fake accounts anywhere, but they cannot easily bypass legitimate purchase protections.
Practical steps:
Tools like McAfee’s Scam Detector can act as a second set of eyes when messages or links are designed to rush you.
Scam detection can help flag suspicious language patterns, risky links, and social engineering tactics before money leaves your account.
The post Buying Harry Styles Tickets? Avoid These Common Ticket Scams appeared first on McAfee Blog.
You block a caller, feel a moment of relief, and then the phone rings again. If you’re wondering why you still get spam calls even after blocking numbers, you’re not alone.
Spammers evolve quickly. They rotate phone numbers, spoof caller IDs, and use automated dialers to bypass basic defences, which is why many people see blocked calls still coming through and ask, can blocked numbers call you?
In this guide, we’ll explain what’s happening behind the scenes, share proven steps for how to stop getting spam calls, and help you protect your privacy and finances with confidence.
Spam calls are unsolicited calls that aim to sell, deceive, or defraud. They include aggressive sales pitches, fake giveaways, tech support scams, and impersonations of banks or government agencies. Some are placed by people, while many are robocalls that play prerecorded messages at scale. Legality often hinges on consent and compliance with regulations, but harmful calls tend to ignore the rules.
The typical scam call red flags: 1) Urgent or threatening language. 2) Pressure to pay right now. 3) Requests for sensitive details like Social Security numbers, bank information, or one-time passcodes.
Robocalls drive much of the volume today. They’re inexpensive, fast, and highly automated. While appointment reminders or pharmacy updates can be helpful and legitimate, scam robocalls promote fake debt collection, prize schemes, or malicious tech support. Their scale is precisely why blocked calls still coming through remains a persistent frustration.
Inbox of spam calls feel familiar?
Blocking prevents repeat calls from the same caller ID. Spammers know this and adapt. They rotate through vast pools of numbers, so each attempt looks new. You block one, and the next call arrives from a different number. It’s a cat-and-mouse game that leads many to ask, can blocked numbers call you or why is a blocked number still calling?
Caller ID spoofing amplifies the problem. Spoofing lets scammers display any number they want, including matching your area code or appearing as a trusted organisation. This undermines caller ID and weakens number-based blocking. Some spoofed calls even show familiar names, increasing the chance you’ll answer.
Behind the scenes, spam operations acquire and discard numbers rapidly through VoIP services and disposable lines. Large campaigns can cycle through thousands of numbers daily, which makes manual blocking a limited defense. That’s why you still get spam calls even after blocking numbers and why many people wonder how to stop getting spam calls for good.
A stronger strategy combines smarter tools with practical policies that work together. Here’s how we approach it:
Use call-protection apps: Choose reputable apps that leverage threat intelligence, crowdsourced reports, and machine learning. These tools detect patterns, silence high-risk calls, and warn you before you answer. Many provide enhanced caller ID and category-based filtering to cut down the noise.
Register with the National Do Not Call Registry: Add your number at donotcall.gov to reduce lawful telemarketing. It won’t stop illegal spam calls, but it trims legitimate sales outreach and supports enforcement when violators call.
Use your mobile carrier’s protections: Most phone carriers offer built-in features that help identify and block spam calls, often at no extra cost. When these tools are turned on, your phone may label suspicious calls as “Scam Likely,” warn you before you answer, or automatically block known spam numbers. Some carriers can also verify when a call is coming from a real business, which makes it harder for scammers to fake caller IDs and pretend to be someone they’re not.
Used together, these layers reduce the chance that a blocked number still calling will get through and provide practical answers for how to stop getting spam calls without missing important calls.
Build habits that make suspicious calls easier to spot and manage:
Spot potential spam: Be cautious with unknown numbers, urgent demands, and offers that sound too good to be true. Don’t share personal information, one-time passcodes, or payment details. If someone claims to be from your bank, healthcare provider, or a government agency, hang up and call back using a verified number from their official website.
Report spam quickly: File complaints with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and the Federal Communications Commission (FCC) at consumercomplaints.fcc.gov. Include caller ID, time, message content, and any request for data or payment. Many call-protection apps and carriers support in-app reporting, which improves filters for everyone.
Use call screening: Turn on features like Silence Unknown Callers on iOS or Filter Spam Calls on Android. Enable voicemail transcription and consider Do Not Disturb with exceptions for contacts and verified callers. Use screening assistants where available to prompt unknown callers to state their purpose. This reduces interruptions and blocks automated spam.
Phone scams often rely on social engineering. Recognising common tactics helps you pause and protect yourself.
Spot voice phishing: Be wary of claims that your account is locked, a payment is overdue, or an immediate verification code is needed. Legitimate organisations do not ask for full Social Security numbers, passwords, or 2FA codes over the phone. If you’re concerned, contact the company through a trusted channel.
Protect personal information: Keep sensitive data private. Don’t share account numbers, PINs, passwords, or security codes in response to an incoming call. Use strong, unique passwords and enable multi-factor authentication. If you receive a verification code you didn’t request, secure your account right away.
If you responded to a spam call: If you disclosed financial details or made a payment, contact your bank or card issuer immediately. Change passwords, enable account alerts, and review recent activity. Report the incident to the FTC and local law enforcement if needed. Consider a credit freeze with the major credit bureaus. If a device may be compromised, run a trusted security app to scan and remove suspicious software.
| Option | What It Does | Pros | Limitations |
| Manual Number Blocking | Blocks repeat calls from a specific caller ID | Built into phones; easy to use | Spammers rotate and spoof numbers; limited reach |
| Call-Protection Apps | Uses threat intelligence, AI, and community reports | Detects patterns; warns before you answer; auto-blocks known spam | May filter legitimate calls; requires setup and permissions |
| Carrier Protections | Network-level filtering and caller authentication (STIR/SHAKEN) | Flags spoofed calls early; verified caller indicators | Effectiveness varies by carrier and plan |
| Do Not Call Registry | Limits lawful telemarketing to registered numbers | Reduces legitimate sales calls; supports reporting | Does not stop illegal or scam calls |
| Built-In Call Screening | Silences unknown callers and transcribes voicemail | Minimises interruptions; helps you review safely | May miss important calls from new contacts |
If you’re asking why you still get spam calls even after blocking numbers or seeing a blocked number still calling, this table shows how layered options work together to reduce risks.
Blocking spam callers treats the symptom, not the source. One reason spam keeps coming is that your phone number may already be circulating in data broker databases or dark web marketplaces after a breach, app signup, or form fill. Once your number is out there, it gets resold, bundled, and targeted repeatedly.
McAfee Data Cleanup tackles that upstream problem. It helps find where your personal data, including your phone number, appears online and works to remove it from risky sources. Fewer listings mean fewer lists for spammers to buy and fewer campaigns aimed at your number.
Data brokers: Many sites legally collect and resell contact details. Spammers buy access and blast calls at scale.
Breaches and leaks: Stolen databases often end up on underground forums, where numbers are traded and reused.
Public profiles and apps: Old accounts, giveaways, and permissions can expose your number without you realising.
Finds exposures: Scans for your number across broker sites and known risk areas.
Removes listings: Submits opt-out and removal requests on your behalf, reducing where your data lives online.
Keeps watch: Monitors for reappearance so your number doesn’t quietly get relisted later.
Think of this as turning down the tap, not just mopping the floor. When fewer databases have your number, spam operations have fewer ways to reach you.
If you’re serious about how to stop getting spam calls, add data cleanup to your toolkit. Reducing your digital footprint won’t eliminate every bad call overnight, but over time, it lowers exposure, cuts repeat targeting, and helps reclaim your phone from constant interruptions.
If spam calls feel endless, it’s because blocking numbers was never designed to stop modern scam operations. Today’s callers rotate numbers, spoof trusted IDs, and pull your phone number from massive data ecosystems that don’t disappear when you tap “Block.”
The real fix is layered protection. Call filtering and carrier tools help stop suspicious calls at the door. Screening features reduce interruptions. And addressing the source, by limiting where your number exists online, cuts down the number of campaigns that ever reach you in the first place.
No single tool will end spam calls overnight. But when you combine smart call protections, cautious habits, and proactive data cleanup, the volume drops, the risks shrink, and your phone becomes a lot quieter.
If you’ve been asking why you still get spam calls even after blocking numbers, this is the answer. Blocking is reactive. Protection works best when it’s proactive.
|
Q: Why do spam calls look like they’re from my area code? A: Scammers use caller ID spoofing to display local-looking numbers, increasing the chances you’ll answer. Spoofing can mimic legitimate numbers, so don’t rely on caller ID alone. If you’re seeing a blocked number still calling with a local prefix, turn on carrier protections and call screening. |
|
Q: Do call-blocking apps really help? A: Yes. Quality apps combine real-time threat intelligence with community reports and machine learning to spot patterns and flag risky calls. While no tool catches everything, they significantly reduce spam calls and help address why you still get spam calls even after blocking numbers. |
|
Q: Will the Do Not Call Registry stop all spam calls? A: No. It reduces lawful telemarketing but does not stop illegal or scam calls. Registering still helps cut legitimate outreach and supports enforcement against violators, which is an important step in how to stop getting spam calls. |
|
Q: What should I do after receiving a suspicious call? A: Don’t share information. Hang up, verify the caller using a trusted number, and report the incident to the FTC or FCC. If you clicked a link or provided details, secure your accounts and contact your bank or service provider right away. |
|
Q: Can my mobile carrier block spoofed calls? A: Carriers support caller authentication through STIR/SHAKEN, which helps identify and flag spoofed calls. Turn on your carrier’s spam protection features and screening options to reduce the chances of blocked calls still coming through. |
The post Why You Still Get Spam Calls Even After Blocking Numbers appeared first on McAfee Blog.
Merriam-Webster’s word of 2025 was “slop.” Specifically, AI slop.
Low-effort, AI-generated content now fills social feeds, inboxes, and message threads. Much of it is harmless. Some of it is entertaining. But its growing presence is changing what people expect to see online.
McAfee’s 2026 State of the Scamiverse report shows that scammers are increasingly using the same AI tools and techniques to make fraud feel familiar and convincing. Phishing sites look more legitimate. Messages sound more natural. Conversations unfold in ways that feel routine instead of suspicious.
According to McAfee’s consumer survey, Americans now spend an average of 114 hours a year trying to determine whether the messages they receive are real or scams. That’s nearly three full workweeks lost not to fraud itself, but to hesitation and doubt.
As AI-generated content becomes more common, the traditional signals people relied on to spot scams, such as strange links and awkward grammar, are fading. That shift does not mean everything online is dangerous. It means it takes more effort to tell what is real from what is malicious.
The result is growing uncertainty. And a rising cost in time, attention, and confidence.
Scams are no longer occasional interruptions. They are a constant background noise.
According to the report, Americans receive an average of 14 scam messages per day across text, email, and social media.
Many of these messages do not look suspicious at first glance. They resemble routine interactions people are conditioned to respond to.
And with the use of AI tools, scammers are churning out these scam messages and making them look extremely realistic.
That strategy is working. One in three Americans says they feel less confident spotting scams than they did a year ago.
Figure 1. Types of scams reported in our consumer survey.
The popular image of scams often involves long email threads or elaborate schemes. In reality, many modern scams unfold quickly.
Among Americans who were harmed by a scam, the typical scam played out in about 38 minutes.
That speed matters. It leaves little time for reflection, verification, or second opinions. Once a person engages, scammers often escalate immediately.
Still, some scammers play the long game with realistic romance or friendship scams that turn into crypto pitches or urgent requests for financial support. Often these scams start with no link at all, but just a familiar DM.
In fact, the report found that more than one in four suspicious social messages contain no link at all, removing one of the most familiar warning signs of a scam. And 44% of people say they have replied to a suspicious direct message without a link.
Financial losses from scams remain significant. One in three Americans report losing money to a scam. Among those who lost money, the average loss was $1,160.
But the report argues that focusing only on dollar amounts understates the broader impact: scams also cost time, attention, and emotional energy.
People are forced to second-guess everyday digital interactions. Opening a message. Answering a call. Scanning a QR code. Responding to a notification. That time adds up.
And who doesn’t know that sinking feeling when you realize a message you opened or a link you clicked wasn’t legitimate?
Figure 3. World Map of Average Scam Losses.
The rise of AI-generated content has changed the baseline of what people expect online. It’s now an everyday part of life.
According to the report, Americans say they see an average of three deepfakes per day.
Most are not scams. But that familiarity has consequences.
When AI-generated content becomes normal, it becomes harder to recognize when the same tools are being used maliciously. The report found that more than one in three Americans do not feel confident identifying deepfake scams, and one in ten say they have already experienced a voice-clone scam. Voice clone scams often feature AI deepfake audio of public figures, or even people you know, requesting urgent financial support and compromising information.
These AI-generated scams also come in the form of phony customer support outreach, fake job opportunities and interviews, and illegitimate investment pitches.
Scams do not always end with an immediate financial loss. Many are designed to gain long-term access to accounts.
The report found that 55% of Americans say a social media account was compromised in the past year.
Once an account is taken over, scammers can impersonate trusted contacts, spread malicious links, or harvest additional personal information. The damage often extends well beyond the original interaction.
Scams are blending into everyday digital life What stands out most in the 2026 report is how thoroughly scams have blended into normal online routines.
Scammers are embedding fraud into the same systems people rely on to work, communicate, and manage their lives.
Figure 4: Example of a cloud scam message.
Not all AI-generated content is a scam. Much of what people encounter online every day is harmless, forgettable, or even entertaining. But the rapid growth of AI slop is creating a different kind of risk.
Constant exposure to synthetic images, videos, and messages is wearing down people’s ability to tell what is real and what is manipulated. The State of the Scamiverse report shows that consumers are already struggling with that distinction, and the data suggests the consequences are compounding. As digital noise increases, so does fatigue. And fatigue is exactly what scammers exploit.
FTC data shows losses from scams continuing to climb, and McAfee Labs is tracking a rise in fraud that blends seamlessly into everyday digital routines. Cloud storage warnings, shared document notifications, payment confirmations, verification codes, and customer support messages are increasingly being mimicked or abused by scammers because they look normal and demand quick action.
The danger of the AI slop era is not that everything online is fake. The danger is that people are being forced to question everything. That constant doubt slows judgment, erodes confidence, and creates openings for fraud to scale.
In 2026, the cost of scams is no longer measured only in dollars lost. It is measured in time, attention, and trust, and those losses are still growing.
Learn more and read the full report here.
| Q: What is AI slop?
A: The term refers to the flood of low-quality, AI-generated content now common online. While much of it is harmless, constant exposure can make it harder to identify when similar technology is used for scams. |
| Q: How much time do Americans lose to scams?
A: Americans spend 114 hours a year determining whether digital messages and alerts are real or fraudulent. That is nearly three workweeks. |
| Q: How fast do scams happen today?
A: Among people harmed by scams, the typical scam unfolds in about 38 minutes from first interaction to harm. |
| Q: How common are deepfake scams?
A: Americans report seeing three deepfakes per day on average, and one in ten say they have experienced a voice-clone scam. |
The post McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real appeared first on McAfee Blog.
Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365.
The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.
Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users.
“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”
“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”
“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.
Here, we break down what happened and why outages are prime time for scammers.
A Microsoft infrastructure failure disrupted email delivery.
Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.
Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.
The disruption unfolded over several hours on Thursday afternoon (ET).
Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows:
Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.
2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.
3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.
4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.
Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced.
No. Microsoft says the outage was caused by technical infrastructure issues.
According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours.
A message sent by Microsoft about the server issue.
Modern work depends on shared cloud infrastructure.
That sudden loss of access often leaves users unsure whether:
That uncertainty is exactly what scammers look for.
They impersonate the company and trick users into signing in again.
After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours.
These scams typically work by:
Impersonating Microsoft using logos, branding, and language copied from real outage notices
Sending fake “service restoration” emails or texts claiming users must re-authenticate
Linking to realistic login pages designed to steal Microsoft usernames and passwords
Posing as IT support or Microsoft support and directing users to fake phone numbers
Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address.
How to stay safe during a Microsoft outage
Outages are confusing. Scammers rely on urgency and familiarity.
To reduce risk:
If you already clicked or entered information:
Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens.
McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access.
| Q: Is Microsoft Outlook still down? A: Microsoft said Thursday afternoon that it had restored affected infrastructure and was redirecting traffic to recover service, according to CNBC. Some users may still experience intermittent issues. |
| Q: Was the Microsoft outage caused by hackers? A: No. Microsoft has not reported any cyberattack or data breach related to the outage, per CNBC. |
| Q: Can scammers really use outages to steal accounts? A: Yes. During major outages, scammers often impersonate companies like Microsoft and trick users into signing in again on fake websites. |
| Q: Should I reset my password after an outage? A: Only if you clicked a suspicious link or entered your credentials somewhere outside Microsoft’s official site. Otherwise, resetting passwords isn’t necessary. |
The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.
This week in scams, social engineering sits at the center of several major headlines, from investment platform breaches to social media account takeovers and new warnings about AI-driven fraud.
Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated.
Let’s get into it:
The big picture:
Attackers accessed third-party systems used by Betterment, then used the information they stole to impersonate the company, contact customers, and promise scam crypto investment opportunities with too-good-to-be-true returns.
What happened:
Red flags to watch for:
How the breach happened:
Social engineering is a type of scam that targets people rather than software or security systems. Instead of hacking code, scammers focus on tricking someone into giving them access.
Attackers research how a company operates, which tools it uses, and who is likely to have permissions. They then impersonate a trusted source, such as a vendor, coworker, or automated system, and send a realistic message asking for a routine action.
That action might be approving a login, resetting credentials, sharing a file, or clicking a link. Once the person complies, the scammer gains legitimate access and can move through systems using real permissions. Social engineering works because it exploits trust, familiarity, and urgency, making normal workplace behavior the pathway to a breach.
Big picture:
Fraud is increasingly driven by impersonation, automation, and trust abuse rather than technical hacking, according to new industry forecasts.
What happened:
A new Future of Fraud Forecast from Experian warns that fraudsters are rapidly weaponizing AI and identity manipulation. The report highlights agentic AI systems committing fraud autonomously, deepfake job candidates passing live interviews, cloned websites overwhelming takedown efforts, and emotionally intelligent bots running scams at scale.
The scope of the problem is already visible. Federal Trade Commission data shows consumers lost more than $12.5 billion to fraud in 2024, while nearly 60% of companies reported rising fraud losses between 2024 and 2025. Experian’s forecast suggests these losses will accelerate as fraud becomes harder to attribute, trace, and interrupt.
Red flags to watch:
Big picture: Officials are warning of increasing phishing attacks that steal X users’ accounts and then use their profile to sell crypto.
What happened: The Better Business Bureau issued a warning about phishing messages targeting users on X, particularly accounts with large followings. Victims receive direct messages that appear to come from colleagues or professional contacts, often asking them to click a link to support a contest, event, or opportunity.
Once the link is clicked, victims are locked out of their accounts. The compromised accounts are then used to promote cryptocurrency and other products, while automatically sending the same phishing message to additional contacts.
Red flags to watch:
How this happened and what to learn:
The scam relies on account impersonation and lateral spread. Instead of reaching strangers, attackers move through existing trust networks, using one compromised account to reach the next.
The takeaway is that familiarity does not equal legitimacy. Even messages from known contacts should be treated with caution when links or logins are involved.
McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online.
The post This Week in Scams: Fake Brand Messages and Account Takeovers appeared first on McAfee Blog.
If a message popped up in your feed tomorrow promising a cash refund, a surprise giveaway, or a limited-time crypto opportunity, would you pause long enough to question it?
That split second matters more than ever.
Most modern scams don’t rely on panic or obvious red flags. They rely on familiarity. On things that feel normal. On moments that seem too small to question.
And those moments are exactly what scammers exploit.
There was a time when spotting a scam was relatively straightforward. The emails were badly written. The websites looked rushed. The warnings were obvious.
Scammers don’t just rely on obvious spam or panic-driven messages. Instead, many now use:
McAfee’s Celebrity Deepfake Deception research shows how common and convincing these scams have become: 72% of Americans say they’ve seen a fake or AI-generated celebrity endorsement, and 39% say they’ve clicked on one that turned out to be fraudulent. When scam content shows up in the same feeds, apps, and formats people use every day, it feels normal.
That’s the danger zone. It’s also why McAfee chose to use a familiar, culturally recognizable moment to talk about a much bigger issue.
Whether you’ve been saying mack-uh-fee or mick-affy, the long-running name mix-up is harmless in everyday conversation.
Online, though, small moments of confusion can have outsized consequences.
Scammers rely on quick assumptions: that a familiar name means legitimacy, that a recognizable face means trust, that a message arriving in the right place must be real. They move fast, hoping people act before stopping to verify
Pat McAfee knows firsthand how scammers exploit familiarity and trust.
In recent months, fake social media giveaways promising cash and prizes have circulated using Pat’s likeness, and even a fraudulent “American Heart Association fundraiser” made the rounds, falsely claiming he was collecting donations.
Pat wants his fans to know: if you ever see a giveaway, fundraiser, or message claiming to be from him, double-check it on his official channels first. If it feels off, it probably is.
Unfortunately, these scams work because people trust Pat. Scammers exploit that trust to lower people’s guard and make fraudulent requests feel legitimate.
It’s the same tactic used across countless impersonation scams today: borrow the authority of a familiar face, add a sense of urgency, and move fast before anyone stops to verify, “is this legit?” We’ve seen it happen with Taylor Swift, Tom Hanks, Al Roker, Brad Pitt, and numerous others.
Remember, no legitimate giveaway will ask for payment, banking details, login credentials, or account access. And no nonprofit fundraiser tied to a celebrity should ever come from a personal message or unfamiliar social account.
In the video below, Pat McAfee playfully demonstrates how easily familiar moments online can turn into risk, and why digital safety today can’t rely on perfect judgment alone.
You don’t have to stop using your favorite platforms. But you do have to change how you verify online threats.
If a video or message feels real but the request feels extreme, that’s a red flag.
McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app
If a scam looks obvious, most people won’t fall for it.
But modern scams don’t look obvious. They look familiar. They use your favorite faces. They look normal. They look safe. And that’s where people get hurt.
Staying safe now means slowing down, verifying independently, and having protection work quietly in the background while you stay focused on what you actually came online to do.
McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous sites, and identifies deepfakes, stopping harm before it happens.
And because today’s risks aren’t just about what you click, a VPN and Personal Data Cleanup add additional layers of defense by helping protect your connection and limit how much personal information is available to be exploited in the first place.
Ready to get Pat’s Picks? Learn more here.
For clarity, and because these questions come up often, here’s the straightforward explanation:
| Q: Is Pat McAfee the founder of McAfee antivirus? A: No. Pat McAfee is not associated with the founding or leadership of McAfee. McAfee was founded by John McAfee and operates independently. |
| Q: Are Pat McAfee and McAfee the same company? A: No. Pat McAfee is a sports media personality. McAfee is a cybersecurity company. They are separate entities. |
| Q: Why does McAfee work with Pat McAfee? A: McAfee partnered with Pat McAfee to raise awareness about online scams, impersonation fraud, and digital safety using culturally relevant examples. |
The post McAfee and Pat McAfee Turn a Name Mix-Up Into a Push for Online Safety appeared first on McAfee Blog.
Google has officially discontinued its Dark Web Report, the tool that alerted users when their personal information appeared in dark web breach databases. New scans stop on January 15, 2026, and on February 16, 2026, Google will permanently delete all data associated with the feature.
This does not mean Google.com or Google Accounts are going away. It means Google is no longer scanning the dark web for leaked data tied to your account, and it is no longer storing or updating any breach information that was collected for the report.
For people who relied on Google’s alerts, this change creates a real gap. After January 16, you will no longer get new notifications if your information shows up in breach databases. That is why it is worth taking a few minutes now to lock down the basics.
According to reporting from TechCrunch, Google said it ended the service after concluding that it did not give users enough clarity about what to do once their data was found.
That decision highlights a much larger shift in online security: Finding leaked data is no longer enough. Protecting identity is now the real challenge.
The Dark Web Report was a Google Account feature that searched known data breach dumps and dark web marketplaces for personal information tied to a user, such as email addresses, phone numbers, and other identifiers.
If Google found a match, it sent an alert.
What it did not do was show which accounts were at risk, whether financial or government ID data was involved, or how to prevent fraud from happening next. That gap is why some users said the tool fell short.
The internet has three layers:
The dark web is where data from breaches is commonly sold, traded, and packaged for scams. When a company is hacked, stolen files often end up in dark web databases that include email addresses, passwords, Social Security numbers, bank details, and full identity profiles.
Scammers use this data to commit account takeovers, financial fraud, tax fraud, and identity theft.
Even without passwords, this personal information can be enough for scammers to target you with convincing phishing and social engineering scams.
Looking up an email address is no longer enough. Modern identity theft relies on things like Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance data, usernames, and phone numbers.
To understand whether any of that is exposed, people need to monitor the dark web for identity-level data, not just logins.
Here is what that looks like in practice:
Tools like McAfee’s Identity Monitoring are designed to look for those types of data so you can act before fraud happens.
Been meaning to bolster your security? Here are three quick ways you can enhance your identity protection and reduce real-world damage in a breach:
Estimated time: 10 minutes
This is a powerful free protection option that many forget about. A credit freeze blocks anyone from opening new loans, credit cards, or accounts in your name, even if they have your Social Security number and full identity profile.
You can do this for free with any of the major credit bureaus. If you do it with one, the others are notified.
Why this matters: Most identity theft today is not account hacking. It is criminals opening accounts in your name. A credit freeze stops that cold.
Estimated time: 10 minutes
Go into your main bank and credit card apps and turn on:
You’ll find these somewhere under Settings>Alerts.
Why this matters: Identity thieves often test stolen data with small charges or login attempts before stealing larger amounts. These alerts are how you catch it early.
Estimated time: 10 minutes
This is one of the most overlooked vulnerabilities.
Go into:
Check and update:
Remove anything you do not recognize.
Why this matters: Even if you change your password, attackers can still take over accounts through recovery systems if those are compromised. This closes that back door.
| Is Google deleting my Google Account data? No. Google is only deleting the data it collected specifically for the Dark Web Report feature. Your Gmail, Drive, Photos, and other Google Account data are not affected. |
| Is Google still protecting my account from hackers? Yes. Google continues to offer security features like two-factor authentication, login alerts, and account recovery tools. What it removed is the dark web scanning and alert system tied to breach data. |
| Does the dark web report website still exist? No. After February 16, 2026, Google no longer operates or updates the Dark Web Report feature. There is no active scanning, no dashboard, and no stored breach data tied to it. |
| Does this mean dark web monitoring is useless? No. It means email-only monitoring is not enough. Criminals use far more than emails to commit fraud, which is why identity-level monitoring is now more important. |
| What kind of information is most dangerous if it appears on the dark web? Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance IDs, usernames, and phone numbers are the data types most commonly used for identity theft and financial fraud. |
| How can I check if my information is exposed right now? You can use an identity monitoring service like McAfee that scans dark web sources for sensitive personal data, not just email addresses. That is how people can see whether their identity is being traded or abused today. |
The post Google Ends Dark Web Report. What That Means and How to Stay Safe appeared first on McAfee Blog.
“I thought I was getting a trusted weight-loss medication, but instead, I ended up sick and scammed. I never imagined something like this could happen to me.”
Fiona, like many others, turned to Ozempic as a way to lose weight. With high demand making it difficult to find and prices soaring, she turned to an online pharmacy she found on social media. After placing an order, she received the medication and began taking it, only to experience severe side effects, including migraines, dizziness, and nausea.
“When my symptoms got worse, I knew something was wrong,” she told McAfee. Concerned, she sought professional advice. “A doctor friend showed me what real Ozempic packaging looks like—and it was nothing like what I had received.”
“I was putting something in my body that I thought was safe. Instead, I was taking an unknown substance that made me seriously ill,” she told McAfee. “That’s terrifying.”
When she reached out to the pharmacy for a refund, they cut off all communication. Nearly a year later, Fiona still avoids online shopping altogether and hopes her experience will warn others to research online pharmacies carefully before making a purchase.
“As soon as I questioned the pharmacy about the product, they vanished. No refund, no explanation. Just silence. That’s when I knew I had been completely scammed.”
Unfortunately, Fiona’s story is one of many as surging interest in GLP-1 medications spurs scammers into action.
If you’ve searched for GLP-1 medications online, you’ve probably noticed how crowded and confusing it’s become. Between ads, telehealth offers, and social media posts promising easy access, it can be hard to tell what’s real.
That confusion isn’t accidental. McAfee’s researchers previously reported a wave of fake pharmacy sites and scam messages designed to catch people in exactly that moment of uncertainty.
GLP-1 (glucagon-like peptide-1) medications are prescription drugs that help regulate blood sugar and appetite. Doctors have used them to treat Type 2 diabetes for nearly two decades, and some have also been approved to support weight management.
Because these medications affect insulin levels and digestion, they require medical supervision and a valid prescription. There is currently no legitimate over-the-counter version that works the same way.
GLP-1 drugs have moved from a specialized medical treatment to a mainstream topic almost overnight, with a recent poll finding that 1 in 8 U.S. adults say they are currently taking a GLP-1 for weight loss.
Whenever high demand, high prices, and limited supply collide online, scammers move in
McAfee’s threat researchers have previously found that phishing attempts and fake websites tied to GLP-1 drugs increased by more than 180% during periods when interest in these medications surged. Hundreds of risky domains and hundreds of thousands of scam messages have been linked to searches for weight-loss drugs.
At the same time, consumer watchdogs such as the Better Business Bureau (BBB) report a spike in complaints from people who clicked on fake ads, visited fraudulent pharmacies, or received scam texts promising instant access to GLP-1 prescriptions.
Scammers are using artificial intelligence to create realistic-looking videos and images of public figures and medical professionals promoting weight-loss products. One recent incident saw a fake, AI Oprah selling scam weight loss drugs
These ads often appear in social media feeds and look legitimate, but the endorsements are fabricated.
The goal is to build trust quickly with a familiar face and then push people toward a purchase page. From there, you’re left with a fake product, or no product at all, and your information exposed.
Red flag: Any ad claiming a celebrity or doctor is selling GLP-1 drugs through a link or social media page.
Some scams arrive as urgent messages saying you are “approved” or “eligible” for GLP-1 treatment. These messages typically include a link to a fake medical website that collects personal, insurance, or payment information.
Red flag: Real prescriptions are not issued through unsolicited texts, emails, or DMs.
Fraudulent websites advertise GLP-1 medications at discounted prices. After payment, victims may receive nothing, diluted products, or face repeated unauthorized charges.
Consumer reports describe sites that look professional but provide only chat-box support and ignore cancellation requests.
Red flag: Pharmacies that don’t require a prescription or don’t list a physical U.S. address and phone number.
Some scam offers quietly enroll buyers in recurring billing. Be wary of a “company” trying to offer a minimal “membership” or free “trial” with plans locking you into larger, more expensive future subscription plan without your clear consent.
Red flag: Vague billing terms or hidden subscription language.
Some scam sites provide tracking numbers that never update, claim packages were lost, or ask for more shipping fees … while continuing to charge customers.
Red flag: No real customer service and no way to cancel or dispute orders.
Unlike many online scams, GLP-1 fraud carries real health risks.
Some victims report receiving substances that do not match what was advertised, including mislabeled or unverified injectables.
Because GLP-1 medications affect blood sugar and metabolism, taking the wrong substance or dosage can be dangerous.
In addition to the medical risks, illegitimate storefronts pose a real threat to your private information. During your purchase, you may be tricked into sharing our address, contact info, payment details, and insurance information.
If you’re considering GLP-1 medications for health or weight management, these steps can help reduce risk:
Only a doctor or licensed medical professional can determine if GLP-1 treatment is appropriate for you.
If you use telehealth or online pharmacies, confirm they are properly licensed and require a prescription.
Look up unfamiliar pharmacies through trusted consumer-protection resources before entering payment or insurance information. If you’re in doubt, it’s better not to share any personal info.
There is no over-the-counter or legal “natural GLP-1,” patch, salt trick, or supplement that produces the same effect as prescription medication.
If you clicked a link, entered information, or made a purchase:
Reporting helps stop the same scams from spreading to others. This is where you can get more information from the FDA and report scams.
If you’ve already ordered a GLP-1 weight-loss drug and something feels off, trust that instinct. Counterfeit GLP-1 products are increasingly convincing at first glance, but many show clear warning signs once you look closely.
Here’s what to check:
Poor print quality or spelling errors
Examine the carton, label, and insert carefully. Misspelled words, inconsistent fonts, blurry printing, or incorrect manufacturer details are common signs of counterfeit medication.
Packaging that looks tampered with or unfamiliar
Authentic GLP-1 medications come in sealed, tamper-resistant packaging. If the box appears opened, resealed, relabeled, or noticeably different from what you’ve received from a legitimate pharmacy before, stop using it and contact a pharmacist.
Incorrect or missing language
Medications sold legally in the U.S. should include labeling and instructions in English. Missing inserts or foreign-language packaging can be a red flag.
Unusual product form
Be especially cautious of GLP-1 products sold as powders in vials that require mixing. These formulations are not authorized and have been linked to serious health risks.
Check Lot and Serial Numbers
Most legitimate GLP-1 medications include lot numbers or serial information that can be verified.
If your product includes these details, compare them against information published by the manufacturer or alerts from regulators. If the numbers don’t match, or are missing entirely, that’s a warning sign.
If anything about your medication doesn’t match what you expect:
When it comes to injectable medications, uncertainty isn’t something to push through. If you can’t confidently verify what you have, it’s safer to assume it may not be real.
Wanting to get healthier in the new year is a good thing. Falling for fake prescriptions, AI-generated endorsements, or fraudulent pharmacies is not.
McAfee is here to help keep your devices, identity, and finances safe while you focus on your goals in 2026.
For clarity, and because these questions come up often, here’s the straightforward explanation:
| Are GLP-1 drugs available without a prescription? No. Legitimate GLP-1 medications require a prescription and medical oversight. |
| Are social media GLP-1 ads real? It depends. While there are certainly real ads out there, many are fake. AI-generated celebrity and doctor endorsements are commonly used in scams. So be wary and verify who is behind a post. |
| Are GLP-1 patches, gummies, or “salt tricks” legitimate? No over-the-counter product works the same way as prescription GLP-1 medication. |
| Why do scammers use crypto or payment apps? These payment methods are harder to reverse, which makes them attractive for fraud. |
The post How to Spot a Fake GLP-1 Weight-Loss Drug Before You Buy appeared first on McAfee Blog.
This week in scams, the biggest threats showed up as routine security messages, viral consumer “warnings,” and AI-generated content that blended seamlessly into platforms people already trust.
Every week, we bring you a roundup of the scams making headlines, not just to track what’s happening, but to explain how these schemes work, why they’re spreading now, and what you can do to stay ahead of them.
Here are scams in the news this week, and safety tips from our experts at McAfee:
Scammers are increasingly impersonating Amazon customer support to take over accounts using real one-time passcodes (OTPs), not fake links or malware.
Here’s how the scam works in practice.
Victims receive an unsolicited phone call from someone claiming to work for Amazon. The caller says suspicious activity has been detected on the account and may reference expensive purchases, often items like smartphones, to make the threat feel credible.
The call usually comes from a spoofed number and the scammer may already know your name or phone number, which helps lower suspicion.
While speaking to you, the scammer attempts to access your Amazon account themselves by entering your phone number or email address on the login page and selecting “forgot password” or triggering a login from a new device.
That action causes Amazon’s real security system to send a legitimate one-time passcode to your phone or email.
If you read that code aloud or share it, the scammer can immediately:
The scam works precisely because the code is real—and because it arrives while the caller is convincing you it’s part of a routine security check.
Important to remember: Amazon will never contact you first to ask for your password, verification codes, or security details. If you receive a one-time passcode you didn’t request, do not share it with anyone.
A growing scam on TikTok shows how AI-generated deepfake videos are now being used not just for misinformation, but for direct financial fraud.
This week, Spanish media and officials warned that scammers are circulating fake TikTok videos appearing to show Princess Leonor, the 20-year-old heir to Spain’s throne, offering financial assistance to users.
According to The Guardian, the videos show an AI-generated version of Leonor promising payouts running into the thousands of dollars in exchange for a small upfront “fee.”
Once victims send that initial payment, the scam doesn’t end. Fraudsters repeatedly demand additional fees before eventually disappearing.
This case highlights how deepfakes are moving beyond novelty and into repeatable, high-reach fraud, where trust in familiar public figures is weaponized at scale.
A viral post on Reddit this week shows how AI-generated text can convincingly impersonate whistleblowers, and even mislead experienced journalists.
The post claimed to come from an employee at a major food delivery company, alleging the firm was exploiting drivers and users through opaque AI systems. Written as a long, confessional screed, the author said he was drunk, using library Wi-Fi, and risking retaliation to expose the truth.
The claims were believable in part because similar companies have faced real lawsuits in the past. The post rocketed to Reddit’s front page, collecting over 87,000 upvotes, and spread even further after being reposted on X, where it amassed tens of millions of impressions.
As Platformer journalist Casey Newton later reported, the supposed whistleblower provided what appeared to be convincing evidence, including a photo of an employee badge and an 18-page internal document describing an AI-driven “desperation score” used to manage drivers. But during verification attempts, red flags emerged. The materials were ultimately traced back to an AI-generated hoax.
Detection tools later confirmed that some of the images contained AI watermarks, but only after the post had already gone viral.
This incident underscores a growing problem: AI-generated misinformation doesn’t need to steal money directly to cause harm. Sometimes, the damage is to trust itself — and by the time the truth surfaces, the narrative has already taken hold.
As scams increasingly rely on a combination of realism and urgency, protecting yourself starts with slowing down and verifying before you act.
The scams making headlines this week share a common theme: they don’t look like scams at first glance. Whether it’s an AI-generated video of a public figure or a viral post posing as a consumer warning, today’s fraud relies on familiarity, credibility, and trust.
That’s why McAfee’s Scam Detector and Web Protection help detect scam messages, dangerous sites, and AI-generated deepfake videos, alerting you before you interact or click.
We’ll be back next week with another roundup of the scams worth watching, the stories behind them, and the steps you can take to stay one step ahead.
The post This Week in Scams: Explaining the Fake Amazon Code Surge appeared first on McAfee Blog.
Scams didn’t slow down in 2025—and all signs point to the problem getting worse in 2026.
While the final numbers aren’t in yet, reported losses are already on track to break records. Through just the first half of 2025, the Federal Trade Commission (FTC) cited nearly $6.5 billion in scam-related losses, putting the year on pace to surpass 2024’s total. And it’s not just isolated incidents: 73% of Americans say they’ve experienced at least one scam or online attack.
As scams become more convincing, often powered by AI and designed to blend into everyday digital life, basic “spot the red flag” advice isn’t enough anymore. Protecting yourself now means tightening up your digital hygiene: how you manage passwords, personal data, online accounts, and the everyday tools you rely on to stay safe.
The good news is that modern protection has evolved just as quickly as the threats. Many of the most effective safeguards can be set up quickly and then work in the background over time.
Below, we’ll walk through practical steps you can take to improve your digital hygiene for 2026, using protections included with McAfee+ to help reduce your exposure to scams, data misuse, and identity theft.
Think about your passwords and everything they give you access to … your finances, online shopping accounts, banking, and of course every important thing in your email account.
Now are any of those passwords weak, re-used, or highly similar? Don’t worry if the answer to that is “yes.” You can switch them over to strong, unique passwords across all your accounts. Using a password manager like ours helps you create strong, unique while also storing them securely. Quickly.
| Q&A | Q: Should I use a password manager?
A: Yes. It’s the easiest way to create strong, unique passwords for all your online accounts, which protects you from data breaches and hacks. |
So, what makes up a “strong and unique” password?
It contains a mix of 16 uppercase and lowercase letters, numbers, and symbols while never reusing that password elsewhere. That makes the password incredibly tough to crack and protects your other accounts if that password gets caught up in a breach (it won’t work on any other account).
Yes, creating strong and unique passwords for your dozens and dozens of accounts can be … demanding. But that’s where a password manager comes in. It does that work for you.
Speaking of all the accounts you have, how many of them do you really need? And how many of them have you forgotten about altogether? It’s time to track them down and close them up. Why? Data breaches of various sizes hack into an estimated 3.5 million accounts on average each day, so the odds of an old account of yours getting compromised are better than you might think. But where do you even start?
|
Q&A |
Q: Should I delete my old accounts?
A: Yes. When you delete old accounts, you reduce your digital footprint and lower the risk of exposure to data breaches, both of which help protect your personal info. |
Our Online Account Cleanup can track down those old accounts for you. It scans for accounts you no longer use and helps you delete the ones you choose, along with your personal info. In our McAfee+ Advanced and McAfee+ Ultimate plans, you get full-service Online Account Cleanup, which sends the data deletion requests for you.
Data brokers sell all kinds of info that power all kinds of spam and scams. It’s one way spammers and scammers get contact info like emails and phone numbers, and it’s yet another way they get detailed info to target their ads and their attacks.
For example, beyond your full name, home address, phone numbers, email addresses, and date of birth, many also have info about your family members, employment, and past purchases. Data brokers might gather and sell other info like religious and political leanings, health conditions, and employment history. Simply put, this detailed profile makes it easier for spammers and scammers to target you.
|
Q&A
|
Q: Can people find my detailed personal info online?
Yes, and some of the easiest places to find it are on data broker sites. They collect and analyze up to hundreds of bits of personal info, often without your knowledge or consent. Further, they’ll sell it to any buyer, including scammers. |
Where do they harvest this info? From public records, shopper loyalty programs, and even from app data—all kinds of sources. And that underscores the problem, some data brokers keep exhaustive amounts of data about people, all in one place.
And they’ll sell it to anyone who pays for it. You can help reduce those scam texts and calls by removing your info from those sites. A service like our Personal Data Cleanup can do that work for you. It scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and helps you remove it.
One of the first things that comes to mind about VPNs is travel, a great way you can stay secure while using public Wi-Fi in airports and cafes. It works at home as well, giving you an extra layer of security when you bank, shop, or do anything that involves sensitive info. Yet it offers another big benefit. It helps make you more private, because it’s not just hackers who want to snoop on you online.
|
Q&A Block
|
Q: What is a VPN?
A: A VPN, or Virtual Private Network, hides your IP address and encrypts your internet connection in a secure “tunnel” that shields your online activity from snoops, advertisers, and your Internet Service Provider (ISP). |
For example, some ISPs collect your browsing data. In the United States and many other countries, ISPs can legally monitor and record info about the websites you visit and the apps you use. They can use it for advertising and analytics purposes, and, in some cases, they may share it with third parties.
When you use a VPN, it encrypts all the data leaving your device and routes it through a secure server. As a result, your ISP can only see that you are connected to a VPN server, and it can’t track which websites you visit or the data you send and receive. Without a doubt, going online with a VPN makes you safer and keeps you more private.
We saw big spikes in several types of scams over the year, and naturally a spike in reported losses followed. One reason for the jump is that AI tools have made it even easier for scammers to create convincing texts, emails, and deepfake videos designed to rip people off.
|
Q&A |
Q: How bad are scams today?
A: According to a 2025 Pew Research Center survey, 73% of U.S. adults said they’ve experienced at least one online scam or attack, with 32% reporting an incident within the past year.iv |
They’re getting tougher to spot too. In the earlier days of AI-created content, you could often spot the telltale signs of a fake. That’s not always the case anymore, and scams are looking more and more sophisticated as AI tools evolve.
But you have tools of your own. Our Scam Detector protects you across text, email, and video by spotting scams and detecting deepfake videos (like the one of a deepfaked Taylor Swift promoting a bogus cookware offer). You also have our Web Protection which detects links to scam sites and other sketchy corners of the internet while you browse. Both will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.
So, let’s say the unfortunate happens to you. You get scammed. Maybe it’s a few bucks, maybe it’s more. You’re faced with a couple issues. One, that money could be gone for good depending on how you paid the scammer. Two, also depending on the payment method, the scammer might have your financial info.
|
Q&A Block
|
Q: What is the cost of identity theft?
A: Based on reports to the FTC, the median loss was about $500 in 2024, with more than 10% of victims claiming they lost $10,000 or more. However, it levels an emotional cost as well. The time and stress involved in resolving identity theft can be significant. |
This is where something like our ID Theft & Restoration Coverage comes in. It gives you up to $2 million in identity theft coverage and identity restoration support if it’s determined you’re a victim of identity theft. Further, it puts a licensed recovery pro on the case to restore your credit and your identity, which takes that time-consuming burden off your shoulders.
The post New Year Reset: A Quick Guide to Improving Your Digital Hygiene in 2026 appeared first on McAfee Blog.
The ability to connect wirelessly is indispensable in our lives today. Wireless internet is available in our homes, offices, cafes, restaurants, parks, hotels, airports, cars, and even airplanes. The mobility factor allows us to work anytime, anywhere, on numerous devices. “Being connected” is at an all-time high.
Wireless internet is amazing and convenient. Sadly, unsecured, unprotected wireless is everywhere. When a device connects to unprotected Wi-Fi, all the data stored on that device becomes accessible to a hacker using the proper sniffing tools.
It is, however, possible to protect your Wi-Fi from being hacked. In this article, we’ll walk you through some practical steps to stay protected when you connect, from recognizing dangerous networks to securing your home Wi-Fi. We’ll also show you what to do if you think you’ve been targeted.
Wireless network attacks happen when cybercriminals target your Wi-Fi connection to steal your personal information. It it’s equivalent to digital eavesdropping, where attackers exploit weaknesses in your wireless connection to intercept all the information you send and receive online.
Criminals can intercept your login credentials as you type them, redirect you to legitimate-looking but fake websites, or even impersonate you online using stolen information. The goal is often wireless identity theft, that is, using your compromised data for financial fraud or other malicious purposes.
The risks of unprotected Wi-Fi are particularly high because many wireless networks lack proper security measures. When you connect to an unsecured network, your data travels in a way that skilled attackers can capture and decode. This puts your banking information, social media accounts, work credentials, and personal communications at risk.
Common wireless attacks include creating fake hotspots that mimic legitimate networks, known as evil twins, intercepting data on public Wi-Fi, and using specialized software to crack network passwords.
Cybercriminals usually circumvent wireless network security in several ways, including:
Once scammers gain access to your home or an unsecured public Wi-Fi network, they can launch several types of wireless attacks that directly put your personal information and financial security at risk.
One of the most common dangers is credential theft, where attackers intercept your login information as it travels over unsecured networks. When you check your email, log into social media, or access work accounts on a compromised Wi-Fi network, cybercriminals can capture your usernames and passwords. This wireless identity theft often leads to unauthorized access to your bank accounts, credit cards, and personal profiles.
In session hijacking, attackers take over your current online activities on public Wi-Fi, then impersonate you on websites and services you’re logged into. This tactic is called the man-in-the-middle attack. They might apply for credit cards in your name, make purchases, or even commit crimes while pretending to be you. Through traffic sniffing, they can monitor all data flowing through the compromised networks, capturing everything from personal messages to financial information.
Cybercriminals will also reroute your internet traffic to malicious websites that look similar to legitimate ones. You think you’re logging into your real bank website, but you’re actually entering your credentials into a scammer’s fake site. This technique, known as DNS poisoning, makes it nearly impossible to detect the deception until it’s too late.
The attackers will push malicious software directly onto your devices, enabling them to log every keystroke you make, steal stored passwords, access your files, and even quietly activate your camera or microphone without your knowledge.
Hackers can monitor not only your device but all connected devices on your network. That means they can access your entire family’s browsing habits, private messages, stored photos and documents, and online activities, giving them detailed personal information for their identity theft schemes.
These attacks directly affect your daily activities, from online banking to e-commerce shopping to working from home. Even simple tasks, such as checking social media, can result in identity theft when conducted over compromised networks.
You don’t have to avoid public Wi-Fi entirely. By being aware of these risks and taking appropriate precautions, you can significantly reduce your exposure to wireless identity theft. The protective measures we’ll explore in the following sections will show you how to recognize dangerous networks, browse safely, and maintain your privacy even when using public connections.
If you suspect your Wi-Fi network has been compromised, don’t panic. Recognizing the warning signs early and taking decisive action can protect your identity and restore your network security.
The most common indicators of a compromised network include unexpected slowdowns in your internet speed, unfamiliar devices appearing on your network, and settings that have changed without your knowledge. You might also notice unusual data usage patterns, your router admin password no longer working, or being redirected to suspicious websites when browsing. When you detect these signs, take quick action.
To guard your network or device from hacking attempts, take action today by updating your router’s firmware and passwords, reviewing and removing unnecessary saved networks from your devices, and enabling multi-factor authentication on all your important accounts. These small, but consistent steps will deliver tangible benefits to your daily digital activities.
For better security, subscribe to an identity theft protection service such as McAfee+, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. All things considered, the investment in these security measures is minimal compared to the peace of mind they provide.
The post Verify Secure Wireless Networks to Prevent Identity Theft appeared first on McAfee Blog.
Every four years, scores of American people flood churches, schools, homes, and auditoriums to cast their ballots for the future of American leadership. But amid the highs and lows of election night, there is an ongoing conversation about how the votes are being counted.
As results slowly roll in, voters struggle with long lines and faulty machinery in key battleground states, prompting debates on the efficiency of the U.S. voting process. In an age where American Idol results can be instantaneously transmitted over a mobile device, why are we still feeding paper ballots into machines that look like props from ‘90s movies?
On the one hand, countries like Canada, Norway and Australia have already experienced success with their adoption of online voting systems, and proponents say going digital will boost voter turnout and Election Day efficiency. On the other, naysayers cite hacking, malware, and other security threats as deal-breakers that could threaten the backbone of American democracy.
So what are the facts behind this debate? Below, we’ve outlined key arguments for and against online, email, and electronic voting systems, to help users at home move beyond the pre-election campaign hype.
Since there have been elections, there have been people tampering with votes. Given this, experts are justifiably concerned with any technology that could introduce new points of access to the data stored during an election. Nevertheless, a handful of states now use electronic voting machines exclusively—Delaware, Georgia, Louisiana, New Jersey and South Carolina—and even notorious battleground states Ohio and Florida have made the move toward paperless votes.
The concern is that when there is no physical ballot, it becomes next to impossible to determine if there has been tampering—especially in the case of a close election. The contested 2000 Bush-Gore race comes to mind as an example of the stark importance of reliable election machinery. In 2012, Pennsylvania voting machines were taken out of service after being captured on video changing votes from one candidate to another.
Still, most of these machines now supply a paper trail to guard against tampering, and a vast majority undergo frequent, mandatory testing. The machines are also not connected to the Internet and are segregated from any network-connected devices. In terms of physical security, the machines themselves are secured with locks and tamper-evident seals, and they’re heavily protected when transported to and from polling places.
While electronic voting promises efficiency and convenience, the reality is that these systems face significant vulnerabilities that make them easy targets for hacking.
Attackers don’t need to hack every voting machine individually. They only need to target the broader voting ecosystem through several key attack vectors. For one, supply chain risks represent one of the most concerning threats, where malicious components or software can be introduced during manufacturing or updates. Misconfigured systems and outdated firmware create entry points that cybercriminals actively seek out, while exposed network ports can provide side-channel access to supposedly isolated voting infrastructure.
Beyond direct machine tampering, sophisticated attacks focus on ballot definition files—the digital templates that determine how votes are recorded and counted. Manipulating these files can alter election outcomes without voters realizing it. Similarly, result reporting systems that transmit vote tallies from polling locations to central counting facilities present attractive targets for those seeking to disrupt electoral processes.
Recent security research demonstrates these vulnerabilities aren’t theoretical. In 2003, cybersecurity researchers at Johns Hopkins University documented significant security gaps in widely used electronic voting systems during controlled testing environments, revealing that basic network intrusion techniques could compromise vote tallies without detection. Meanwhile, a 2022 audit conducted by election security experts in Georgia identified configuration errors in electronic polling systems that could have allowed unauthorized access to voter data and ballot information.
Perhaps more concerning is how disinformation campaigns around unofficial election results can amplify doubts about electoral integrity, regardless of actual system security. These campaigns often spread false information about electronic voting fraud or online voting hack attempts, creating confusion that undermines public trust in legitimate election outcomes.
It’s crucial to understand that the primary impact of these vulnerabilities often isn’t direct vote manipulation—it’s the erosion of voter confidence in our democratic processes. When people doubt that their votes count accurately, it weakens the foundation of democratic participation.
Will our presidential elections ever go the way of American Idol? Despite advances in technology, the vast majority of Americans must vote in person or via mail-in ballot. At present, only very limited electronic voting options exist, primarily for specific voter groups and circumstances, such as:
Understanding the vulnerabilities that plague electronic voting systems isn’t about creating fear, but about building stronger defenses. Below, we have listed some of the potential attack vectors to help you make informed decisions about digital democracy.
In email voting, unencrypted emails pose a serious security risk because they can be easily intercepted, spoofed, or altered in transit. When a ballot is sent without encryption, it travels across networks in plain text, allowing cybercriminals to access and modify its contents before it reaches election officials. Attackers also might impersonate legitimate voters by sending forged emails or inject malware into attachments that appear to be ballots.
Computers used to send or receive the emails can be compromised to change or block a voter’s choices. When you cast your ballot online, malware can intercept your vote before it even leaves your device. In addition, the receiving computer will need to open attachments sent by unknown users to tally the votes, one of the most common causes of malware infections.
Phishing attacks specifically target voting credentials, often through fake election websites or deceptive emails. Multi-factor authentication and government-issued digital certificates provide essential barriers. In 2023, the National Institute of Standards and Technology released its Digital Identity Guidelines that recommended biometric verification combined with secure tokens for high-stakes digital transactions like voting.
Your vote travels across networks where attackers might intercept or modify it. To thwart these attacks and ensure your ballot remains tamper-proof during transmission, end-to-end encryption with cryptographic signatures can be integrated into online voting systems. Advanced protocols such as homomorphic encryption allow vote counting without exposing individual choices.
Voting servers face constant attack attempts. Independent security audits, isolated network environments, and blockchain-based verification systems can help maintain integrity. Regular penetration testing, as recommended in the Election Assistance Commission’s 2023 Voluntary Voting System Guidelines, identifies weaknesses before they’re exploited.
DDoS attacks can overwhelm voting portals during critical periods. Distributed server architecture, traffic filtering, and backup submission methods could ensure continuous access, while cloud-based solutions provide scalable protection against volume-based attacks.
Online systems must balance verification with privacy. Protocols such as zero-knowledge proof could allow voters to confirm that their ballot was counted without revealing their choices. Anonymous credential systems separate voter identity from vote content.
Digital voting requires verifiable paper trails or cryptographic receipts. This can be addressed with voter-verified paper audit trails (VVPAT) and risk-limiting audits that provide the transparency necessary for public confidence.
In this digital age, threats to the voting process start well before election day. Cybercriminals take advantage of the campaign fever when citizens turn to technology for updates on the election process or news about running candidates.
Amid all this, your role as a voter includes staying informed about these protections and choosing secure voting methods when available or legitimate information sources. Democracy thrives when citizens understand both the possibilities and precautions of digital participation.
Every voter plays a role in ensuring elections remain fair, secure, and transparent. By following proper voting procedures, verifying information through official sources, and reporting suspicious activity, you help strengthen trust in the system. Small actions can make a big difference in protecting the integrity of every vote.
Practicing good cybersecurity hygiene helps safeguard not only your information but also the integrity of democratic participation. Here are some key guidelines to stay secure online and protect your vote.
These multi-layered protections work together to maintain election integrity, though gaps can emerge when procedures aren’t consistently followed or when oversight is insufficient.
While online voting systems can’t be written off, ongoing cybersecurity challenges don’t bode well for the immediate future of these platforms.
While technology has transformed nearly every aspect of modern life—from shopping to banking, and working—applying that convenience to the voting booth still presents challenges. Security, transparency, and public trust remain at the core of any democratic process, and rushing toward online or paperless voting without upholding these principles could be harmful.
Progress is steadily being made, however, with advances in encryption and digital identity frameworks. With careful design, rigorous testing, and strong oversight, technology can enhance the safeguards that underpin election integrity.
For now, the most effective way to protect democracy is through awareness and participation. Stay informed about your state’s voting systems, verify election information only through official sources, and remain alert to misinformation and scams. Each responsible voter plays a part in strengthening the integrity of elections.
The post Hack the Vote: Pros and Cons of Electronic Voting appeared first on McAfee Blog.
Some years ago, a highly infectious computer worm called W32/Autorun was discovered to be infecting Windows computers. Unlike a virus, a worm such as W32/Autorun doesn’t steal anything from your computer. Instead, it spreads rapidly and opens as many security holes as possible to allow hackers to install a different form of malware that will eventually steal information, money, or both.
While this worm is less widespread today, it continues to infect older Windows operating systems that are not regularly updated. This guide will take a closer look at how the worm spreads and outline preventive measures to avoid infection.
Autorun worms primarily affect older Windows systems such as Windows XP, Vista, and early versions of Windows 7, which had AutoRun enabled by default. Microsoft recognized this security vulnerability and significantly restricted AutoRun capabilities in newer Windows versions, but millions of older systems remain at risk if they haven’t been properly updated or configured.
When an autorun worm infects your system, it can compromise both your files and privacy in several ways by stealing personal documents, capturing passwords and banking information, or installing additional malware that monitors your online activities. Some variants encrypt your files for ransom, while others turn your computer into part of a botnet used for spam or cyberattacks. The infection can also spread to family members, friends, or colleagues when you share USB drives or connect to shared networks.
While this worm is less common today due to security updates in newer Windows operating systems, the concept of autorun malware is still relevant, often evolving into new forms that spread via malicious downloads, USB drives, or network shares. These forms use clever file drops and social engineering, with detection still relying on robust antivirus and user caution.
W32/Autorun is effective because it exploits everyday behaviors and outdated system features. Instead of forcing its way into your computer, it relies on built-in Windows functionality and simple tricks to get users to let it in, slip past basic defenses, and infect systems.
An autorun worm spreads, as its name suggests, automatically through removable storage devices such as USB drives, external hard drives, and network shares. It takes advantage of Windows’ AutoRun and AutoPlay features to secretly execute itself when you connect the removable device to your computer that has AutoRun. A dialog box then pops up asking if you want to automatically run whatever is on the device. When you unsuspectingly click “run,” you’ve authorized the W32/Autorun worm. Once active, the worm copies itself to other connected drives and network locations, rapidly spreading to any system. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while.
Even if you don’t have Windows AutoRun enabled in your device, W32/Autorun disguises itself as interesting imposter files and folders with names like “porn” and “sexy” in infected flash drives or shared internet connections to trick you into downloading the worm. Once you click on the malicious file, it executes AutoRun and infects your computer.
The worm can also change your computer’s settings to allow it to run every time you boot up. Some variants even disable Windows updates to prevent the system from downloading security patches and ensure the worm can do its job of infecting every device your computer comes into contact with, opening the door for any virus a hacker wants to install at your expense.
A W32/Autorun worm infection works quietly in the background, spreading to connected devices and weakening your system’s defenses without triggering immediate alarms. However, there are subtle signs that indicate the infection. Recognizing these early symptoms can help you take action to block the worm’s activities before it causes irreparable damage to your device and network:
The impact of the W32/Autorun worm can vary depending on the specific variant, ranging from minor annoyances to severe system compromise:
Preventing a W32/Autorun infection is largely about closing the simple security gaps the worm relies on to spread. By taking these steps, you can significantly reduce the chances of this worm gaining access to your computer.
If your computer is still prompting you to automatically run applications each time you insert a CD, connect to a new network, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows.
Remember that this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive will carry the worm to your computer. If you do need to share a device, make sure AutoRun is disabled before you plug it in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.
While the first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer. Solutions like McAfee+ will catch the W32/Autorun worm bug and other similar malware, protecting you from accidentally spreading it to friends and family.
Autorun worms represent a persistent threat that combines old vulnerabilities with modern attack techniques. Newer security measures may have reduced their impact, but these worms continue to target systems with outdated configurations through the continued use of removable media. This is why keeping systems updated and being cautious with external devices are important habits to apply.
In addition, you can protect yourself with proper security practices: disable AutoRun on older systems, keep your antivirus software updated, scan external devices before accessing their contents, and avoid connecting unknown USB drives to your computer.
The post Crush that Worm before It Creeps into Your Computer appeared first on McAfee Blog.
Thanksgiving—not before Halloween as we see things in stores and online now. It seems like the holiday season and decorations start earlier and earlier every year.
But one thing that hasn’t changed is that Black Friday is still a big shopping day. With the advent of online shopping has emerged Cyber Monday, another big sale day for online shoppers on the first Monday after Thanksgiving.
Although many of us may take advantage of these great deals that the holidays offer, we also need to be aware of the risks. Online shopping is a fun and convenient way to make purchases, locate hard-to-find items, and discover bargains, but we need to take steps to protect ourselves.
This guide looks at the methods and warning signs behind online shopping scams, shows you how to recognize fake shopping apps and websites, and shares tips for staying safe online.
Online shopping has become a cornerstone of American life. CapitalOne Shopping projects American online spending to reach $1.34 trillion in 2024 and exceed $2.5 trillion in 2030.
With such a massive sum at stake, cybercriminals are laser-focused on taking a share of it, posing financial risk to the 288 million Americans who shop online. As e-commerce grows, so does fraud. In 2024, e-commerce fraud was valued at $44.3 billion, a number seen to grow by 141% to $107 billion in 2029.
Be that as it may, there are many smart shopping habits you can apply to dramatically reduce your risk of becoming a victim of online shopping fraud and enjoy the convenience and benefits of online commerce.
Online shopping scams are designed to look normal—at first glance—especially during busy sale seasons when we’re distracted by a million preparations, moving fast, and chasing deals. These are the very circumstances that fraudsters bank on to victimize you into taking the bait. Being aware of the common scam indicators will help you pause and think, recognize trouble early, and protect both your money and your personal information.
Safe online shopping starts with recognizing the hallmarks of legitimate retailers. Before you enter any payment details, take a moment to verify that the website you’re shopping on is genuine. Scam stores can look polished and convincing, but they often leave behind subtle clues. Here are quick ways to check their authenticity:
trustmark, indicating that the site has been scanned and verified as secure by a trusted third party. This security seal indicates that the site will help protect you from identity theft, credit card fraud, spam, and other malicious threats.The FTC also recommends these additional tips so you can enjoy all the advantages that online shopping has to offer and prevent risking your personal information.
Online shopping should feel exciting, not a dangerous undertaking you have to brace for, especially during the season of giving. It can be, with a few simple steps—checking the URL, looking for HTTPS, verifying the seller, paying with a credit card or virtual number, and trusting your gut when something feels suspicious. These small habits will keep your money and your identity where they belong: with you.
For increased safety while shopping online, seek out the help of a trusted security solution such as McAfee+ that will alert you of risky links and compromised websites to prevent identity theft or malware infection.
If this guide helps you, pass it along to someone you care about. Scams don’t just target individuals—they cascade into families and friend groups. The more we normalize safe shopping habits and increase our vigilance, the harder it is for fraudsters to win. If you ever feel unsure mid-purchase, take a breath and double-check. A few extra seconds now can save you a lot of stress later. Stay safe, and happy shopping!
The post Helpful Tips for Safe Online Shopping appeared first on McAfee Blog.
A determined cybercriminal can find ways to guess or predict an individual’s Social Security number, which increases the risk of identity theft for all of us.
In 2009, researchers from Carnegie Mellon University revealed that a reliable method for predicting Social Security numbers was discovered using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.
Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the Northeast and moved westward. This meant that people born on the East Coast were assigned the lowest numbers and those born on the West Coast were assigned the highest numbers. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.
The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researchers had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” The researchers concluded, “Unless mitigating strategies are implemented, the predictability of SSNs exposes people born after 1988 to risks of identity theft on mass scales.”
To address this security gap, the Social Security Administration in 2011 changed the way SSNs are issued by randomizing number assignment to make predicting patterns more difficult. While this is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations, and educational institutions, exposing people to identity theft and other related risks. With the growing losses from all identity theft cases, protecting SSNs is a serious concern.
Your Social Security number might be only nine digits, but in the wrong hands, it can act like a master key that unlocks far more. It can reveal details about your life, serving as a powerful linking tool for cybercriminals to access or verify other personal details and build a more comprehensive profile of your identity.
Your Social Security number is one of your most private identifiers, but in today’s data economy, it can quietly slip into criminal marketplaces on the dark web. Even if you’re careful with your information, you can’t control how organizations protect the data they collect from you. These exposures often result from data breaches, scams, or systems you had to trust — employers, hospitals, banks, schools, and even government agencies. When your SSN shows up there, it’s usually bundled with your other information—name, birthdate, address—making it far more valuable and dangerous than a random number on its own.
Being familiar with the common paths that take your SSN to the dark web will help you recognize and avoid the risks earlier, and act fast if your information is ever compromised.
Once criminals have your SSN, they can do a range of fraudulent activities that can compromise your relationships, health, career, financial standing, and even your freedom. A single SSN can fuel everything from credit and loan scams to tax fraud, medical identity theft, and even long-term schemes like synthetic identities. Here are some examples:
Social Security identity theft isn’t always obvious right away. In many cases, people don’t realize their SSN has been compromised until weeks or months later. If you want to know if your SSN has been misused, there are clear warning signs and reliable ways to check. By reviewing a few key records, you can spot red flags early and shut down fraud before it snowballs into a long, expensive recovery process.
If you discover that someone has been using your SSN, take these steps immediately:
Since your SSN can’t be easily changed and is still treated like a universal ID, the safest approach is to put up barriers that make it harder for criminals to use, even if they get it. Aside from the steps listed above, here are additional measures you can follow to protect your SSN from the start:
Federal law requires SSN disclosure in specific situations. Organizations can legally require your SSN when no reasonable alternative exists and when they have a specific legal requirement or legitimate business need, such as:
When an organization requests your SSN, they must provide what’s called a disclosure statement, as clarified under the updated Privacy Act of the Department of Justice’s Office of Privacy and Civil Liberties. Legitimate organizations requesting your SSN must tell you:
If an organization can’t provide clear answers to these questions, that’s a red flag. The FTC’s consumer guidance emphasizes that you have the right to understand why your SSN is needed before you provide it.
You can typically decline when it’s not a necessity, alternative identification exists, it seems excessive, and there is no clear legal requirement. Common situations where you can often say no include gym memberships, retail purchases, job applications that don’t require credit checks, and various service sign-ups.
When you need to verify your identity but want to minimize SSN exposure, several alternatives can work depending on the situation:
While it’s concerning that Social Security numbers can be predicted or leaked through data breaches, you’re not powerless against SSN identity theft. The practical steps we’ve outlined put you firmly in control of your personal information security—from placing credit freezes and setting up IRS IP PINs to securing your Social Security Administration account with strong authentication. Take action today by implementing these protective measures to reduce your risk significantly.
For added security, consider a McAfee Identity Protection plan to experience proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts.
The post Smart Ways to Keep Your Social Security Number from Being Cracked appeared first on McAfee Blog.
With the rise in digital banking and online transactions, the number of automated teller machines (ATMs) worldwide declined to 2.95 million in 2025, according to the finance and crypto resource site CoinLaw. Despite this decline, ATM fraud continues to victimize innocent consumers, with global losses estimated at $2.4 billion in 2025.
Among the ATM-related security issues, card skimming accounted for almost 60% of all reported global ATM fraud cases in 2025, according to CoinLaw. Other ATM-related security threats include malware (21%) and cryptocurrency ATM scams. AI-driven ATM fraud, although still in its infancy (0.11% in 2025), is gaining traction as cybercriminals develop new phishing techniques.
In this guide, we will explore some of the security threats associated with ATMs, with a focus on skimming, and provide tips on protecting your data and money in your bank account.
ATM skimming is a form of payment card fraud where criminals secretly install illegal devices on card readers, fuel pumps, or point-of-sale terminals, which then steal your debit or credit card information. These devices, called skimmers, capture the magnetic stripe data from your card while hidden cameras or fake PIN pads record your personal identification number. With both pieces of information, criminals can create counterfeit cards or make unauthorized online purchases using your account.
Skimming devices have become increasingly sophisticated and harder to detect. Traditional overlay skimmers sit on top of legitimate card readers, but newer “shimmer” devices are inserted more deeply into the card slot, making them virtually invisible to casual inspection. These devices can store data from hundreds of cards before criminals retrieve them, often using Bluetooth technology to wirelessly download stolen information without physically accessing the skimmer.
ATMs remain the most common target for skimming attacks, but criminals also target gas station fuel pumps, which often have weaker security systems and less frequent maintenance checks. Point-of-sale terminals at retail locations, restaurants, and other businesses also present opportunities for skimming, particularly when employees are involved in the scheme.
The threat persists for several interconnected reasons. Payment card fraud is quite a profitable business and can be scaled across states or countries. Technology gaps also contribute to the problem, as many ATMs and payment terminals continue to use legacy magnetic stripe technology despite the introduction of more secure EMV chips in newer cards. Criminals also exploit legacy systems, especially if the ATM does not receive regular security updates.
Additionally, decommissioned ATMs can be freely gathered from junkyards or casually bought from online marketplaces, giving criminals the chance to collect personal data stored in the computer and study the discarded machine’s security features to improve their skimming techniques.
In some cases, used ATMs are purchased on eBay or Craigslist and then installed in areas with ample foot traffic. These machines, which can be powered by car batteries or simply plugged into a nearby outlet, are programmed to read and copy credit card data.
When your card information is compromised through skimming, the financial and personal consequences can be significant. Criminals may drain your account through ATM withdrawals or fraudulent purchases, potentially leaving you unable to access your own money. Since debit card transactions often clear immediately, unauthorized withdrawals can cause overdraft fees and bounced check charges before you even realize your account has been compromised.
Beyond the financial losses, ATM skimming can lead to identity theft, where the personal information captured becomes part of larger criminal databases used in other fraud schemes.
Consequently, your credit score and banking relationships may also suffer if fraudulent accounts are opened in your name or if you’re unable to resolve unauthorized charges quickly. While the law gives you limited liability for fraudulent transactions, the process of restoring your accounts can be time-consuming and stressful.
Criminals use a range of devices—some obvious, others nearly invisible—to steal card data and PINs right at the machine. Knowing the main types of skimmers, what they look like, and where they’re usually placed can help you recognize them and avoid a compromised ATM.
The most common type of skimming device, overlay card readers are fake attachments that criminals place directly over the legitimate card slot of an ATM. As you insert your card, it passes through the skimmer first, which captures the magnetic stripe data from your card before it reaches the actual card reader.
An evolution of skimming technology, shimmer devices are extremely thin circuit boards that criminals insert deep into the card slot, making them nearly impossible to detect through visual inspection alone. When you insert your card, you might notice increased resistance, unusual vibrations, or your card feeling momentarily stuck.
Criminals use tiny cameras to capture your PIN as you enter it on the keypad. They are so small they can be hidden in seemingly innocent locations around the ATM. Look for a small camera attached to the top of the screen, hidden in a brochure holder, or even concealed in a fake security sign.
These devices are placed over the legitimate ATM keypad to capture your PIN as you enter it. The keypad may feel spongier than usual, have a different texture, or seem thicker than normal. You might notice the numbers are printed differently, the buttons don’t press down as far as expected, or there’s a slight color difference between the keypad and the rest of the ATM. If the keypad feels loose, raised, or different from other ATMs you’ve used, don’t enter your PIN.
Considered an advanced skimming technique, wireless Bluetooth-enabled skimmers can wirelessly transmit your stolen card and PIN data to criminals, eliminating the need for them to return to retrieve the device. You could detect them by checking your phone’s Bluetooth settings for unusual device names appearing in the area, though many criminals use generic names to avoid detection. If you notice people loitering near ATMs with mobile devices, especially if they seem to be monitoring ATM users, this could indicate that a Bluetooth skimming operation is in progress.
Criminals often combine multiple types of skimming devices to maximize their data capture. A typical combination attack might involve an overlay card reader paired with a pinhole camera, or a shimmer device combined with a fake PIN pad. This is why security experts recommend following all protective measures when you use an ATM.
Recent advances in skimming technologies include devices that can be inserted through existing openings in ATMs without requiring external attachments, as well as skimmers that use near-field communication (NFC) technology to capture contactless payment information.
Your safest bet is to use ATMs inside bank branches or those clearly operated by major financial institutions. These locations have better security measures, such as surveillance cameras and regular checks that detect tampering. At outdoor ATMs, select machines in well-lit, high-traffic areas where criminal activity is less likely to occur unnoticed. Avoid ATMs in dimly lit, isolated locations where skimmers can be easily installed.
Before inserting your card, closely inspect the card insertion slot. Legitimate ATM card readers should have a uniform appearance with smooth edges and consistent coloring. Look for unusual attachments or devices that seem to have been added on top of the original reader. The card slot should align perfectly with the surrounding ATM fascia. Any gaps, misalignments, or signs that something has been glued or attached should raise immediate red flags. Trust your gut.
One of the most effective ways to detect fake card readers on ATMs is through tactile inspection. Gently grasp the card reader and try to wiggle it. A legitimate card reader should feel solid and permanently attached. If the reader or the housing feels loose, this is a strong indicator of a skimmer. If anything moves when it shouldn’t, do not use that ATM and report it to the bank immediately.
Examine the keypad carefully for any signs of modification or overlay devices. Overlay keypads often appear slightly thicker or misaligned with the surrounding area. When pressing the buttons, each one should have consistent resistance and feel. Any button that sticks or seems higher than others could indicate tampering. Pay attention to the area around the keypad for adhesive residue or scratches. Legitimate ATM keypads have consistent button spacing, uniform coloring, and should feel solid when pressed.
The ATM’s outer casing and bezel should have a uniform appearance with no obvious modifications such as loose panels, extra pieces of plastic, or areas with different coloring or texture from the rest of the machine. Check for any unusual wiring, small cameras, or devices that appear out of place. The area around the screen should be examined for any tiny cameras or recording devices that capture PIN entry. All text, logos, and branding should appear professional and consistent with the bank’s standard ATM design.
Before using any ATM, check the area for any unusual objects that could house cameras or recording equipment, including fake brochure holders, unusual signage, or any items that seem out of place. Check for people loitering nearby who seem to be watching ATM users or vehicles parked unusually close to outdoor ATMs with passengers or drivers who appear to be monitoring ATM activity.
Before using an ATM, check your smartphone’s Bluetooth settings to scan for nearby devices with suspicious names, such as those with generic or random characters, or names that don’t correspond to legitimate businesses in the area. An unusual concentration of unknown devices near an ATM could be a warning sign. This technique works best in areas where there are typically few Bluetooth devices, such as standalone ATMs.
Enable contactless withdrawals through your bank’s mobile app to authenticate and authorize QR code-based transactions and reduce your need to use an ATM. This technology uses tap-to-pay functionality or near-field communication (NFC) features, providing the same convenient access to your funds. Contact your bank to learn about contactless ATM options and how to activate these features on your accounts.
Bank websites or mobile apps usually show the locations of their legitimate ATMs. If you’re unsure about an ATM’s authenticity, check these official resources to confirm the machine is listed as a legitimate location. This step can help you avoid both skimming devices and other fraudulent ATM operations entirely. Be particularly cautious of ATMs in unusual areas. When traveling, stick to ATMs inside recognizable financial institutions.
Even when ATMs appear legitimate, always protect your PIN entry from potential observation. Use your free hand, body, or a purse to cover the keypad while entering your PIN to guard against both hidden cameras and shoulder-surfing by nearby criminals. Consider changing your PIN regularly and never write it down. If you suspect your PIN may have been compromised, change it immediately through secure channels.
Implement robust account monitoring to detect and address any skimming-related fraud as quickly as possible. Set up real-time account alerts through your bank’s mobile app to receive immediate notifications of all transactions. Review your account statements regularly and report any unauthorized activity immediately. Consider setting daily withdrawal limits to match your usage patterns to minimize losses if your card information is compromised.
If you notice signs of tampering or suspicious activity at an ATM, report it immediately to the bank to protect other customers from becoming victims and to help law enforcement track down the perpetrators. Contact the bank’s customer service line using the phone number on the back of your card, rather than the numbers displayed on the potentially compromised ATM. Document the ATM’s location, including the address and any identifying numbers or codes visible on the machine.
Stay informed about the latest ATM skimming techniques and prevention strategies through reputable sources. Consumer alerts provide updated guidance on protecting yourself from these crimes, as do major credit card networks such as Visa and Mastercard. Following your bank’s security updates and fraud alerts helps you stay aware of new threats in your area and emerging criminal techniques to watch for during ATM transactions.
Be highly cautious of anyone offering to help you with ATM troubles, even if they appear well-intentioned, especially if they suggest using their phone to call the bank or offer to show you how to complete your transaction. If you encounter problems with an ATM, cancel your transaction, retrieve your card, and contact your bank directly.
Criminals usually install skimming devices when fewer people are around to witness their actions. Daytime transactions in high-traffic areas increase the likelihood of suspicious behavior being noticed and reported. If you must use an ATM at night, choose one in a well-lit area with good visibility, preferably near businesses that are still open and have staff and customers present. Consider using indoor ATMs exclusively.
Always take your ATM receipts and store them securely until you have verified the transaction on your statement. Don’t leave them at the machine or throw them away in nearby trash cans where criminals might retrieve them to gather information about your account; even partial account numbers and transaction details could be useful to identity thieves. You can shred the receipts once you’ve confirmed the transactions.
Familiarize yourself with your bank’s policies regarding ATM fraud and your rights under federal law. The Electronic Fund Transfer Act provides specific protections for consumers who experience unauthorized ATM transactions. These protections offer you up to 60 days to report unauthorized transactions to limit your liability, but reporting within two business days provides the strongest protection.
Reduce your ATM usage by planning your cash needs and making larger, less frequent withdrawals to reduce your overall exposure to potential skimming attempts. Consider getting cash back during purchases at grocery stores, pharmacies, and trusted retailers, rather than using unfamiliar ATMs, especially when traveling or in unfamiliar areas.
ATM skimming attempts surge during peak shopping and travel periods when foot traffic increases at malls, airports, hotel lobbies, and other commercial or tourist locations. Increased cash withdrawals, crowded shopping areas, and travelers using unfamiliar ATMs create ideal conditions for skimming operations. In addition, criminals know that holiday shoppers are often distracted, rushed, and less vigilant about using ATMs. That’s why it’s important for you to be extra cautious. If you must use an ATM, take a breath and slow down to thoroughly inspect the machine and your surroundings before inserting your card.
The guidance below walks you through exactly what to do in the moment and right after, so you can limit risk to yourself and prevent others from becoming victims, too.
Protecting yourself from ATM skimming requires ongoing attention, but you’re now equipped with the knowledge to use ATMs confidently and securely—perform a visual inspection, do the wiggle test, review the keypad, and be aware of your surroundings. Trust your instincts. If something feels wrong or looks suspicious about an ATM, consider finding an alternative location. Your intuition is a valuable tool in recognizing potentially compromised machines.
Share these ATM safety practices with your family members and friends to strengthen their security as well. Take a moment to revisit your bank’s fraud protection guidelines and ensure you understand their notification procedures for suspicious activity. Your financial institution can partner with you in preventing fraud, so don’t hesitate to reach out with questions about their latest security features.
The post Essential Tips to Avoid ATM Skimming appeared first on McAfee Blog.
Entrar