News

“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.

The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:

• Data Breaches: Scammers often obtain phone numbers from data breaches where personal information is exposed and sold on the dark web.
• Public Records: Phone numbers can be found in public records, such as court documents, voter registration lists, and property records, which are often accessible online.
• Social Media: Many people share their contact information on social media profiles or posts, making it easy for scammers to collect phone numbers.
• Online Surveys and Contests: Scammers create fake online surveys or contests that require participants to enter their phone numbers, which are then harvested for vishing.
• Dumpster Diving: Physical documents thrown away without shredding, such as old phone bills or bank statements, can provide scammers with phone numbers. Once a visher has the list, he can program the numbers into his system for a more targeted attack.
• Wardialing: A visher uses an automated system to target specific area codes with a phone call involving local or regional banks or credit unions. When someone answers the phone a generic or targeted recording begins, requesting that the listener enter a bank account, credit, or debit card number and PIN.

Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:

• VoIP: Voice over Internet Protocol (VoIP) facilitates vishing by enabling vishers to easily spoof caller IDs, use automated dialing systems, and leverage AI-powered voice manipulation, all while operating from virtually anywhere with an internet connection. This combination of technologies makes it easier for scammers to appear legitimate and efficiently target numerous victims.
• Caller ID Spoofing: Caller ID spoofing works by manipulating the caller ID information that appears on the recipient’s phone, making it seem as though the call is coming from a trusted or local source. Scammers use specialized software or VoIP services to alter the displayed number, which can mimic the number of a reputable institution, such as a bank or government agency.
• Social Engineering: In live calls, vishers use social engineering techniques to build trust and manipulate the target into divulging personal information. They might pose as customer service representatives, tech support agents, or officials from financial institutions to convince you to hand over personal information.
• Voice Manipulation Technology: Advanced AI-powered voice manipulation tools can mimic the voices of known individuals or create convincing synthetic voices, adding credibility to the call.
• Urgency and Threats: Vishers often create a sense of urgency or fear, claiming immediate action is required to prevent serious consequences, such as account closure, legal action, or financial loss.

To protect yourself from vishing scams, you should:

• Educate Yourself: Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents. As this crime becomes more sophisticated, you’ll want to stay up to date.
• Use Call Blocking Tools: Utilize call blocking and caller ID spoofing detection tools offered by your phone service provider or third-party apps to filter out potential scam calls.
• Be Skeptical of Caller ID: With phone spoofing, caller ID is no longer trustworthy. Since caller ID can be tampered with, don’t let it offer a false sense of security.
• Do Not Share Personal Information: Never provide personal information, such as Social Security numbers, credit card details, or passwords, to unsolicited callers.
• End the Call: If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.
• Report Suspicious Activity: Call your bank and report any fraud attempts immediately, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller. Also report any suspicious calls to relevant authorities, such as the Federal Trade Commission (FTC), to help prevent others from falling victim to the same scams.

Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.

The post How to Protect Yourself from Vishing appeared first on McAfee Blog.

The group has been observed exploiting vulnerabilities through SQL injection attacks since 2022

An earlier publication by Check Point Research had already linked Rafel to the APT-C-35/DoNot Team

The likely Chinese state-sponsored group ran espionage campaigns against Taiwan’s government, academia and diplomacy from Fuzhou, China

Polish prosecutors investigating a massive political spying operation have seized Pegasus from a government agency

UK’s most hazardous nuclear site, Sellafield, has admitted criminal charges related to IT security failings

IT and cybersecurity leaders reveal ransomware realities for financial services businesses today.

Former NSA Director Paul Nakasone has joined the board of OpenAI.

Citing national security concerns, the U.S. Department of Commerce has issued a ban on the sale of all Kaspersky online protection software in the U.S. This ban takes effect immediately.  

Of major importance to current customers of Kaspersky online protection, the ban also extends to security updates that keep its protection current. Soon, Kaspersky users will find themselves unprotected from the latest threats. 

Current Kaspersky users have until September 29, 2024 to switch to new online protection software. On that date, updates will cease. In fact, the Department of Commerce shared this message with Kaspersky customers: 

“I would encourage you, in as strong as possible terms, to immediately stop using that [Kaspersky] software and switch to an alternative in order to protect yourself and your data and your family.” 

As providers of online protection ourselves, we believe every person has the right to be protected online. Of course, we (and many industry experts!) believe McAfee online protection to be second to none, but we encourage every single person to take proactive steps in securing their digital lives, whether with McAfee or a different provider. There is simply too much at stake to take your chances. The nature of life online today means we are living in a time of rising cases of online identity theft, data breaches, scam texts, and data mining. 

If you’re a current Kaspersky customer, we hope you’ll strongly consider McAfee as you look for a safe and secure replacement. 

With that, we put together a quick Q&A for current Kaspersky users who need to switch their online protection software quickly. And as you’ll see, the Department of Commerce urges you to switch immediately.  

Did the U.S. government ban the sale of Kaspersky? 

Yes. The Department of Commerce has issued what’s called a “Final Determination.” In the document, the government asserts that:  

“The Department finds that Kaspersky’s provision of cybersecurity and anti-virus software to U.S. persons, including through third-party entities that integrate Kaspersky cybersecurity or anti-virus software into commercial hardware or software, poses undue and unacceptable risks to U.S. national security and to the security and safety of U.S. persons.”

(i) This news follows the 2017 ban on using Kaspersky software on government devices. (ii) That ban alleged that Russian hackers used the software to steal classified materials from a device that had Kaspersky software installed. (iii) Kaspersky has denied such allegations. 

Will I have to get new online protection software if I use Kaspersky? 

Yes. In addition to barring new sales or agreements with U.S. persons from July 20, the ban also applies to software updates. Like all online protection software, updates keep people safe from the latest threats. Without updates, the software leaves people more and more vulnerable over time. The update piece of the ban takes hold on September 29. With that, current users have roughly three months to get new online protection that will keep them protected online. 

How do I remove Kaspersky software? 

The answer depends on your device. The links to the following support pages can walk you through the process: 

• Windows: https://support.microsoft.com/en-us/windows/uninstall-or-remove-apps-and-programs-in-windows4b55f974-2cc6-2d2b-d092-5905080eaf98 

• Mac OS: https://support.apple.com/en-us/HT202235  

• iOS/iPadOS: https://support.apple.com/guide/iphone/remove-apps-iph248b543ca/ios  

• Android: https://support.google.com/googleplay/answer/2521768 

What should I look for when it comes to online protection? 

Today, you need more than anti-virus to keep you safe against the sophisticated threats of today’s digital age. You need comprehensive online protection. By “comprehensive” we mean software that protects your devices, identity, and privacy. Comprehensive online protection software from McAfee covers all three — because hackers, scammers, and thieves target all three.  

“Comprehensive” also means that your software continues to grow and evolve just as the internet does. It proactively rolls out new features as new threats appear, such as: 

Scam Protection that helps protect you against the latest scams via text, email, QR codes, and on social media. Also, should you accidentally click, web protection blocks sketchy links that crop up in searches and sites. 

Social Privacy Manager that helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks. It also protects privacy on TikTok, making ours the first privacy service to protect people on that platform. For families, that means we now cover the top two platforms that teens use, TikTok and YouTube.  

AI-powered protection that doesn’t slow you down. For more than a decade, our award-winning protection has used AI to block the latest threats — and today it provides 3x faster scans with 75% fewer processes running on the PC. Independent tests from labs like AV-Comparatives have consistently awarded McAfee with the highest marks for both protection and for performance. 

 

What should I do about the Kaspersky ban? 

As the Department of Commerce urges, switch now.  

Yet, make a considered choice. Comprehensive online protection software that looks out for your devices, identity, and privacy is a must — something you are likely aware of already as a Kaspersky user. 

We hope this rundown of the Kaspersky news helps as you seek new protection. And we also hope you’ll give us a close look. Our decades-long track record of award-winning protection and the highest marks from independent labs speaks to how strongly we feel about protecting you and everyone online. 

 

The post The Kaspersky Software Ban—What You Need to Know to Stay Safe Online appeared first on McAfee Blog.

As the summer sun beckons us to explore new destinations, many of us rely on public Wi-Fi to stay connected while on the go. Whether checking emails, browsing social media, or planning our next adventure, access to Wi-Fi has become an essential part of our travel experiences. However, amidst the convenience lies a lurking threat to our cybersecurity. Public Wi-Fi networks are typically unencrypted, meaning data transmitted over these networks can be intercepted by hackers.  

A study found that 40% of respondents have had their information compromised while using public Wi-Fi. In one notorious incident, a hacker accessed a journalist’s confidential work emails through in-flight Wi-Fi and then confronted him at baggage claim to reveal the breach. Often, individuals remain unaware of such compromises until well after the fact.  

Since public Wi-Fi networks are often unsecure and used by many people, they are prime targets for cybercriminals looking to steal personal information such as passwords, credit card numbers, and other sensitive data. But fear not! With the right precautions, you can enjoy your summer travels while keeping your data safe and secure.  

1. Understanding the Risks: Before delving into the world of public Wi-Fi, it’s crucial to understand the risks involved. Public networks, such as those found in cafes, airports, and hotels, are often unencrypted, meaning that cybercriminals can intercept data transmitted over these networks. This puts your sensitive information, including passwords, credit card details, and private messages, at risk of being compromised. 

2. Utilize a Virtual Private Network: One of the most effective ways to safeguard your data while using public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, creating a secure tunnel between your device and the internet. This encryption prevents hackers from intercepting your data, ensuring your online activities remain private and secure. Invest in a reputable VPN service and install it on your devices before embarking on your summer adventures for added protection. Check out our step-by-step tutorial if it’s your first time setting up a VPN.  

3. Keep Software Updated: Another essential aspect of cybersecurity is keeping your devices and software up-to-date. Updates often include security patches that address vulnerabilities and protect against emerging threats. Before setting off on your summer travels, install any available updates for your operating system, web browser, and security software. This simple step can significantly reduce the risk of falling victim to cyberattacks while connected to public Wi-Fi networks. 

4. Enable Multi-Factor Authentication: Adding an extra layer of security to your online accounts can help prevent unauthorized access, even if your passwords are compromised. Multi-factor authentication (MFA) requires you to provide two or more forms of verification before accessing your accounts, such as a password, a fingerprint scan, or a one-time code sent to your mobile device. Enable MFA on your email, social media, and banking accounts before your travels to enhance your cybersecurity defenses. 

5. Exercise Caution: Avoid accessing sensitive information while connected to public Wi-Fi. Refrain from logging into banking or shopping accounts and accessing confidential work documents while connected to unsecured networks. Instead, save these tasks for when you’re connected to a trusted network or using your mobile data. 

6. Practice Good Password Hygiene: While connected to public Wi-Fi, it’s crucial to use strong, unique passwords for all your accounts. Avoid using easily guessable passwords or reusing the same password across multiple accounts, as this increases the risk of unauthorized access to your sensitive information. Consider using a reputable password manager to generate and store complex passwords securely.  

7. Consider a Personal Hotspot: Using a personal hotspot instead of public Wi-Fi networks can often be a safer choice. Many mobile devices allow you to create a secure Wi-Fi network using your cellular data connection. Check your phone provider’s data plan beforehand to ensure this option doesn’t incur additional data charges. 

Connecting to public Wi-Fi safely during your summer travels requires awareness and preparation. By taking steps like utilizing a VPN, keeping your software updated, and enabling MFA, you can enjoy the convenience of staying connected while protecting your personal information from cyber threats.  

To further safeguard your digital devices, explore McAfee’s array of software solutions to discover the perfect fit for your security requirements. With the right cybersecurity tools, it’s easy to surf the web securely while exploring new destinations during your summer adventures.

The post How to Safely Connecting to Public Wi-Fi While Traveling appeared first on McAfee Blog.