News

M&S chairman Archie Norman provided more insights into the April ransomware attack, but did not confirm whether a payment was made to the attackers

This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.)

This is ridiculous. Why do people continue to make their data public?

If someone called you claiming to be a government official, would you know if their voice was real? This question became frighteningly relevant this week when a cybercriminal used social engineering and AI to impersonate Secretary of State Marco Rubio, fooling high-level officials with fake voice messages that sounded exactly like him. It raises a critical concern: would other world leaders be able to tell the difference, or would they fall for it too?

The Rubio Incident: A Wake-Up Call

In June 2025, an unknown attacker created a fake Signal account using the display name “Marco.Rubio@state.gov” and began contacting government officials with AI-generated voice messages that perfectly mimicked the Secretary of State’s voice and writing style. The imposter successfully reached at least five high-profile targets, including three foreign ministers, a U.S. governor, and a member of Congress.

The attack wasn’t just about pranks or publicity. U.S. authorities believe the culprit was “attempting to manipulate powerful government officials with the goal of gaining access to information or accounts.” This represents a sophisticated social engineering attack that could have serious national and international security implications.

Why Voice Scams Are Exploding

The Rubio incident isn’t isolated. In May, someone breached the phone of White House Chief of Staff Susie Wiles and began placing calls and messages to senators, governors and business executives while pretending to be Wiles. These attacks are becoming more common because:

• AI voice cloning is now accessible to everyone: What once required Hollywood-level resources can now be done with free online tools
• Social media provides voice samples: Just a few seconds of someone’s voice from a video or podcast is enough
• People trust familiar voices: We’re psychologically wired to trust voices we recognize
• High-value targets are everywhere: From government officials to your own family members

It’s Not Just Politicians – Nobody is Immune

While the Rubio case involved government officials, these same techniques are being used against everyday Americans. A recent McAfee study found that 59% of Americans say they or someone they know has fallen for an online scam in the last 12 months, with scam victims losing an average of $1,471. In 2024, our research revealed that 1 in 3 people believe they have experienced some kind of AI voice scam

Some of the most devastating are “grandparent scams” where criminals clone a grandchild’s voice to trick elderly relatives into sending money for fake emergencies. Deepfake scam victims have reported losses ranging from $250 to over half a million dollars.

Common AI voice scam scenarios:

• Family emergency calls: “Grandma, I’m in jail and need bail money”
• CEO fraud: Fake executives asking employees to transfer money
• Investment scams: Celebrities appearing to endorse get-rich-quick schemes
• Romance scams: Building fake relationships using stolen voices

From Mission Impossible to Mission Impersonated

One big reason deepfake scams are exploding? The tools are cheap, powerful, and incredibly easy to use. McAfee Labs tested 17 deepfake generators and found many are available online for free or with low-cost trials. Some are marketed as “entertainment” — made for prank calls or spoofing celebrity voices on apps like WhatsApp. But others are clearly built with scams in mind, offering realistic impersonations with just a few clicks.

Not long ago, creating a convincing deepfake took experts days or even weeks. Now? It can cost less than a latte and take less time to make than it takes to drink one. Simple drag-and-drop interfaces mean anyone — even with zero technical skills – can clone voices or faces.

Even more concerning: open-source libraries provide free tutorials and pre-trained models, helping scammers skip the hard parts entirely. While some of the more advanced tools require a powerful computer and graphics card, a decent setup costs under $1,000, a tiny price tag when you consider the payoff.

Globally, 87% of scam victims lose money, and 1 in 5 lose over $1,000. Just a handful of successful scams can easily pay for a scammer’s gear and then some. In one McAfee test, for just $5 and 10 minutes of setup time, we created a real-time avatar that made us look and sound like Tom Cruise. Yes, it’s that easy — and that dangerous.

Figure 1. Demonstrating the creation of a highly convincing deepfake

Fighting Back: How McAfee’s Deepfake Detector Works

Recognizing the urgent need for protection, McAfee developed Deepfake Detector to fight AI-powered scams. McAfee’s Deepfake Detector represents one of the most advanced consumer tools available today.

Key Features That Protect You

• Near-Instant Detection: McAfee Deepfake Detector uses advanced AI to alert you within seconds if a video has AI-generated audio, helping you quickly identify real vs. fake content in your browser.
• Privacy-First Design: The entire identification process occurs directly on your PC, maximizing on-device processing to keep private user data off the cloud. McAfee does not collect or record a user’s audio in any way.
• Advanced AI Technology: McAfee’s AI detection models leverage transformer-based Deep Neural Network (DNN) models with a 96% accuracy rate.
• Seamless Integration: Deepfake Detector spots deepfakes for you right in your browser, without any extra clicks.

How It Would Have Helped in the Rubio Case

While McAfee’s Deepfake Detector is built to identify manipulated audio within videos, it points to the kind of technology that’s becoming essential in situations like this. If the impersonation attempt had taken the form of a video message posted or shared online, Deepfake Detector could have:

• Analyzed the video’s audio within seconds
• Flagged signs of AI-generated voice content
• Alerted the viewer that the message might be synthetic
• Helped prevent confusion or harm by prompting extra scrutiny

Our technology uses advanced AI detection techniques — including transformer-based deep neural networks — to help consumers discern what’s real from what’s fake in today’s era of AI-driven deception.

While the consumer-facing version of our technology doesn’t currently scan audio-only content like phone calls or voice messages, the Rubio case shows why AI detection tools like ours are more critical than ever — especially as threats evolve across video, audio, and beyond – and why it’s crucial for the cybersecurity industry to continue evolving at the speed of AI.

How To Protect Yourself: Practical Steps

While technology like McAfee’s Deepfake Detector provides powerful protection, you should also:

• Be Skeptical of “Urgent Requests”
• Trust and verify identity through alternative channels
• Ask questions only the real person would know, using secret phrases or safe words
• Be wary of requests for money or sensitive information
• Pause if the message stirs strong emotion — fear, panic, urgency — and ask yourself, would this person really say that

The Future of Voice Security

The Rubio incident shows that no one is immune to AI voice scams. It also demonstrates why proactive detection technology is becoming essential. Knowledge is power, and this has never been truer than in today’s AI-driven world.

The race between AI-powered scams and AI-powered protection is intensifying. By staying informed, using advanced detection tools, and maintaining healthy skepticism, we can stay one step ahead of cybercriminals who are trying to literally steal our voices, and our trust.

The post When AI Voices Target World Leaders: The Growing Threat of AI Voice Scams appeared first on McAfee Blog.

Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools

Check Point discovered around 500 suspected Scattered Spider phishing domains, suggesting the group is preparing to expand its targeting

Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase

The company behind AV/EDR evasion tool Shellter has confirmed the product is being used by threat actors

China’s Hikvision vows legal battle after Canada bans its operations, citing national security concerns

Trend Micro has observed the Bert ransomware group in operation since April 2025, with confirmed victims in sectors including healthcare, technology and event services

Summer festival season is upon us, and music lovers are eagerly anticipating everything from The Weeknd tickets to intimate local music festivals. But while you’re dreaming of unforgettable performances, scammers are plotting to turn your concert and festival excitement into their profitable payday. The sobering reality? UK gig-goers lost over £1.6 million to ticket fraud in 2024 more than double the previous year’s losses. With approximately 3,700 gig ticket fraud reports made to Action Fraud in 2024, and almost half originating from social media platforms, the threat to festival-goers has never been greater. A Lloyds Bank analysis of scam reports from its customers has revealed that Oasis Live ’25 tickets are a top target for fraudsters. In the first month following the reunion tour announcement, these fake ticket scams made up roughly 70% of all reported concert ticket fraud cases since August 27, 2024. According to Lloyds, the average victim lost £436 ($590), with some reporting losses as high as £1,000 ($1,303).

Why Concerts Are a Scammer’s Paradise

Concert tickets have become the ultimate playground for cybercriminals, and it’s easy to see why. The perfect storm of high demand, limited supply, and emotional urgency creates ideal conditions for fraud. When your favorite artist announces a tour, tickets often sell out in minutes, leaving desperate fans scrambling on secondary markets where scammers thrive. Unlike typical retail purchases, concert tickets are intangible digital products that are difficult to verify until you’re standing at the venue gate, often too late to get your money back. Scammers exploit this by creating fake ticketing websites with legitimate-sounding names, posting counterfeit tickets on social media marketplaces, and even setting up fraudulent “last-minute deals” outside venues.

The emotional investment fans have in seeing their favorite performers makes them more likely to ignore red flags like unusual payment methods, prices that seem too good to be true, or sellers who refuse to use secure payment platforms. Add in the time pressure of limited availability, and scammers have found the perfect recipe for separating music lovers from their money. With the average concert scam victim losing over $400 according to the Better Business Bureau, what should be an exciting musical experience often becomes a costly lesson in digital fraud.

Common Scammer Tactics to Watch For

1. The Fake Ticket Factory

How It Works: Scammers create convincing counterfeit tickets using stolen designs, logos, and QR codes from legitimate events. They may purchase one real ticket and then sell multiple copies to different buyers, knowing only the first person through the gate will succeed.

The Digital Danger: With the rise of digital tickets and QR codes, scammers can easily screenshot, photograph, or forward ticket confirmations to multiple victims. Since many festival-goers don’t realize that QR codes can only be scanned once, multiple people may believe they own the same valid ticket.

Red Flags:

• Sellers offering only PDF tickets or photos of tickets
• Reluctance to use official transfer systems
• Multiple identical tickets being sold by the same person
• Prices significantly below or above market value

2. The Phantom Festival Scam

How It Works: Fraudsters create entirely fictional festivals, remember the Fyre Festival? A complete fake lineups featuring popular artists, professional websites, and aggressive marketing campaigns. They invest heavily in making these events appear legitimate, sometimes even securing fake venues and promotional partnerships.

The Impersonator: Some scammers specifically target popular festivals by creating fake events with slight name variations or claiming to offer exclusive “VIP experiences” that don’t exist.

Warning Signs:

• New festivals with suspiciously star-studded lineups
• Limited information about venue logistics or infrastructure
• Aggressive marketing with urgent “limited time” offers
• Lack of official venue confirmation or local authority permits

3. The Social Media Swindle

How It Works: Scammers create fake profiles or hack legitimate accounts to advertise sold-out festival tickets. They often target popular festival hashtags and engage with desperate fans seeking last-minute tickets on TikTok, Instagram, and Facebook Marketplace.

The FOMO Factor: These scammers exploit the fear of missing out by creating false urgency: “Only 2 tickets left!” or “Someone just backed out, quick sale needed!”

4. The Payment Pirate Scam

How It Works: Legitimate-seeming sellers request payment through untraceable methods like bank transfers, gift cards, or cryptocurrency. Once payment is sent, the “seller” disappears, leaving victims with no recourse for recovery.

Common Payment Red Flags:

• Requests for wire transfers or bank transfers
• Demands for payment via gift cards or vouchers
• Cryptocurrency-only payment options
• Refusal to use secure payment platforms with buyer protection

5. The QR Code Con

How It Works: Fraudsters create fake QR codes that lead to malicious websites designed to steal your personal information or payment details. These might be disguised as “ticket verification” sites or fake festival apps.

The Modern Twist: Some scammers send QR codes claiming they contain your tickets, but scanning them actually downloads malware or leads to phishing sites designed to harvest your personal information.

McAfee’s Festival Protection Kit

McAfee’s Scam Detector is your shield against concert and ticket scams this summer. This advanced scam detection technology is built to spot and stop scams across text messages, emails, and videos. Here’s how Scam Detector protects concert-goers:

1. Smarter Text Scam Detection for Ticket Offers

Scam Detector catches suspicious messages across apps like iMessage, WhatsApp, and Facebook Messenger—exactly where ticket scammers often strike.

2. AI-Based Email Protection Against Phishing

Flags phishing emails that appear to be from venues, ticketing companies, or resale platforms across Gmail, Outlook, and Yahoo. The system alerts you and explains why an email was flagged, helping you learn to spot concert scams as you go.

3. Deepfake Detection for Social Media Scams

Detects AI-generated or manipulated audio in videos on platforms like YouTube, TikTok, and Facebook—perfect for catching fake artist endorsements or fraudulent venue announcements that scammers use to promote fake ticket sales.

4. On-Demand Scam Check for Ticket Purchases

Found a great ticket deal but feeling uncertain? Upload a screenshot, message, or link for instant analysis. Scam Detector offers context so you understand exactly why a ticket offer might be fraudulent.

5. Custom Sensitivity Settings

Choose the level of protection that works for your concert-going habits:

• High: Maximum caution for those buying from multiple sources
• Balanced (default): Strong protection without interrupting legitimate purchases
• Low: Flags only the most obvious ticket scams

6. Safe Browsing Protection

If you do click a suspicious ticket link, McAfee’s Scam Detector can help block dangerous sites before they load, protecting you from fake ticketing websites.

Real Protection for Real Fans

McAfee’s Scam Detector delivers reliable protection against the most common ticket scam tactics without false alarms that might block legitimate communications from venues or artists. Scam Detector uses on-device AI wherever possible, meaning your concert ticket searches and purchase communications aren’t sent to the cloud for analysis. Your excitement about seeing your favorite band stays between you and your devices.

Make This Summer About Music, Not Scams. Don’t let fraudsters steal your summer concert experience. With McAfee’s Scam Detector, you can focus on what really matters: getting legitimate tickets to see amazing live music. The technology works in the background, identifying scams and educating you along the way, so you can make confident decisions about your concert purchases.Summer festivals, arena shows, and outdoor concerts are waiting—make sure you’re protected while you’re getting ready to rock.

Learn more about McAfee’s Scam Detector at: https://www.mcafee.com/en-us/scam-detector.

The post How to Protect Yourself from Concert and Festival Ticket Scams appeared first on McAfee Blog.