News

Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365.

In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading.

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount.

What is data integrity? It’s ensuring that no one can modify data—that’s the security angle—but it’s much more than that. It encompasses accuracy, completeness, and quality of data—all over both time and space. It’s preventing accidental data loss; the “undo” button is a primitive integrity measure. It’s also making sure that data is accurate when it’s collected—that it comes from a trustworthy source, that nothing important is missing, and that it doesn’t change as it moves from format to format. The ability to restart your computer is another integrity measure.

The CIA triad has evolved with the Internet. The first iteration of the Web—Web 1.0 of the 1990s and early 2000s—prioritized availability. This era saw organizations and individuals rush to digitize their content, creating what has become an unprecedented repository of human knowledge. Organizations worldwide established their digital presence, leading to massive digitization projects where quantity took precedence over quality. The emphasis on making information available overshadowed other concerns.

As Web technologies matured, the focus shifted to protecting the vast amounts of data flowing through online systems. This is Web 2.0: the Internet of today. Interactive features and user-generated content transformed the Web from a read-only medium to a participatory platform. The increase in personal data, and the emergence of interactive platforms for e-commerce, social media, and online everything demanded both data protection and user privacy. Confidentiality became paramount.

We stand at the threshold of a new Web paradigm: Web 3.0. This is a distributed, decentralized, intelligent Web. Peer-to-peer social-networking systems promise to break the tech monopolies’ control on how we interact with each other. Tim Berners-Lee’s open W3C protocol, Solid, represents a fundamental shift in how we think about data ownership and control. A future filled with AI agents requires verifiable, trustworthy personal data and computation. In this world, data integrity takes center stage.

For example, the 5G communications revolution isn’t just about faster access to videos; it’s about Internet-connected things talking to other Internet-connected things without our intervention. Without data integrity, for example, there’s no real-time car-to-car communications about road movements and conditions. There’s no drone swarm coordination, smart power grid, or reliable mesh networking. And there’s no way to securely empower AI agents.

In particular, AI systems require robust integrity controls because of how they process data. This means technical controls to ensure data is accurate, that its meaning is preserved as it is processed, that it produces reliable results, and that humans can reliably alter it when it’s wrong. Just as a scientific instrument must be calibrated to measure reality accurately, AI systems need integrity controls that preserve the connection between their data and ground truth.

This goes beyond preventing data tampering. It means building systems that maintain verifiable chains of trust between their inputs, processing, and outputs, so humans can understand and validate what the AI is doing. AI systems need clean, consistent, and verifiable control processes to learn and make decisions effectively. Without this foundation of verifiable truth, AI systems risk becoming a series of opaque boxes.

Recent history provides many sobering examples of integrity failures that naturally undermine public trust in AI systems. Machine-learning (ML) models trained without thought on expansive datasets have produced predictably biased results in hiring systems. Autonomous vehicles with incorrect data have made incorrect—and fatal—decisions. Medical diagnosis systems have given flawed recommendations without being able to explain themselves. A lack of integrity controls undermines AI systems and harms people who depend on them.

They also highlight how AI integrity failures can manifest at multiple levels of system operation. At the training level, data may be subtly corrupted or biased even before model development begins. At the model level, mathematical foundations and training processes can introduce new integrity issues even with clean data. During execution, environmental changes and runtime modifications can corrupt previously valid models. And at the output level, the challenge of verifying AI-generated content and tracking it through system chains creates new integrity concerns. Each level compounds the challenges of the ones before it, ultimately manifesting in human costs, such as reinforced biases and diminished agency.

Think of it like protecting a house. You don’t just lock a door; you also use safe concrete foundations, sturdy framing, a durable roof, secure double-pane windows, and maybe motion-sensor cameras. Similarly, we need digital security at every layer to ensure the whole system can be trusted.

This layered approach to understanding security becomes increasingly critical as AI systems grow in complexity and autonomy, particularly with large language models (LLMs) and deep-learning systems making high-stakes decisions. We need to verify the integrity of each layer when building and deploying digital systems that impact human lives and societal outcomes.

At the foundation level, bits are stored in computer hardware. This represents the most basic encoding of our data, model weights, and computational instructions. The next layer up is the file system architecture: the way those binary sequences are organized into structured files and directories that a computer can efficiently access and process. In AI systems, this includes how we store and organize training data, model checkpoints, and hyperparameter configurations.

On top of that are the application layers—the programs and frameworks, such as PyTorch and TensorFlow, that allow us to train models, process data, and generate outputs. This layer handles the complex mathematics of neural networks, gradient descent, and other ML operations.

Finally, at the user-interface level, we have visualization and interaction systems—what humans actually see and engage with. For AI systems, this could be everything from confidence scores and prediction probabilities to generated text and images or autonomous robot movements.

Why does this layered perspective matter? Vulnerabilities and integrity issues can manifest at any level, so understanding these layers helps security experts and AI researchers perform comprehensive threat modeling. This enables the implementation of defense-in-depth strategies—from cryptographic verification of training data to robust model architectures to interpretable outputs. This multi-layered security approach becomes especially crucial as AI systems take on more autonomous decision-making roles in critical domains such as healthcare, finance, and public safety. We must ensure integrity and reliability at every level of the stack.

The risks of deploying AI without proper integrity control measures are severe and often underappreciated. When AI systems operate without sufficient security measures to handle corrupted or manipulated data, they can produce subtly flawed outputs that appear valid on the surface. The failures can cascade through interconnected systems, amplifying errors and biases. Without proper integrity controls, an AI system might train on polluted data, make decisions based on misleading assumptions, or have outputs altered without detection. The results of this can range from degraded performance to catastrophic failures.

We see four areas where integrity is paramount in this Web 3.0 world. The first is granular access, which allows users and organizations to maintain precise control over who can access and modify what information and for what purposes. The second is authentication—much more nuanced than the simple “Who are you?” authentication mechanisms of today—which ensures that data access is properly verified and authorized at every step. The third is transparent data ownership, which allows data owners to know when and how their data is used and creates an auditable trail of data providence. Finally, the fourth is access standardization: common interfaces and protocols that enable consistent data access while maintaining security.

Luckily, we’re not starting from scratch. There are open W3C protocols that address some of this: decentralized identifiers for verifiable digital identity, the verifiable credentials data model for expressing digital credentials, ActivityPub for decentralized social networking (that’s what Mastodon uses), Solid for distributed data storage and retrieval, and WebAuthn for strong authentication standards. By providing standardized ways to verify data provenance and maintain data integrity throughout its lifecycle, Web 3.0 creates the trusted environment that AI systems require to operate reliably. This architectural leap for integrity control in the hands of users helps ensure that data remains trustworthy from generation and collection through processing and storage.

Integrity is essential to trust, on both technical and human levels. Looking forward, integrity controls will fundamentally shape AI development by moving from optional features to core architectural requirements, much as SSL certificates evolved from a banking luxury to a baseline expectation for any Web service.

Web 3.0 protocols can build integrity controls into their foundation, creating a more reliable infrastructure for AI systems. Today, we take availability for granted; anything less than 100% uptime for critical websites is intolerable. In the future, we will need the same assurances for integrity. Success will require following practical guidelines for maintaining data integrity throughout the AI lifecycle—from data collection through model training and finally to deployment, use, and evolution. These guidelines will address not just technical controls but also governance structures and human oversight, similar to how privacy policies evolved from legal boilerplate into comprehensive frameworks for data stewardship. Common standards and protocols, developed through industry collaboration and regulatory frameworks, will ensure consistent integrity controls across different AI systems and applications.

Just as the HTTPS protocol created a foundation for trusted e-commerce, it’s time for new integrity-focused standards to enable the trusted AI services of tomorrow.

This essay was written with Davi Ottenheimer, and originally appeared in Communications of the ACM.

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“:

There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—­and sometimes despite substantial evidence that it does not.

[…]

Both security theater and rational astrologies may seem irrational, but they are rational from the perspective of the people making the decisions about security. Security theater is often driven by information asymmetry: people who don’t understand security can be reassured with cosmetic or psychological measures, and sometimes that reassurance is important. It can be better understood by considering the many non-security purposes of a security system. A monitoring bracelet system that pairs new mothers and their babies may be security theater, considering the incredibly rare instances of baby snatching from hospitals. But it makes sense as a security system designed to alleviate fears of new mothers [Sch07].

Rational astrologies in security result from two considerations. The first is the principal­-agent problem: The incentives of the individual or organization making the security decision are not always aligned with the incentives of the users of that system. The user’s well-being may not weigh as heavily on the developer’s mind as the difficulty of convincing his boss to take a chance by ignoring an outdated security rule or trying some new technology.

The second consideration that can lead to a rational astrology is where there is a social or institutional need for a solution to a problem for which there is actually not a particularly good solution. The organization needs to reassure regulators, customers, or perhaps even a judge and jury that “they did all that could be done” to avoid some problem—even if “all that could be done” wasn’t very much.

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones.

Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable? That is, does the reset erase the old encryption key, or just sever the password that access that key? When the phone is rebooted, are deleted files still available?

We need answers for both iPhones and Android phones. And it’s not just the US; the world is going to become a more dangerous place to oppose state power.

Cybercriminals are getting smarter. They’re now using a development toolkit called .NET MAUI to create fake apps that look and feel like the real thing—banking apps, dating apps, and even social media. But instead of helping you, these apps secretly steal your private info. 

We break down the full research from McAfee Labs here: 

What Is .NET MAUI and Why Should You Care?

.NET MAUI is a tool used by developers to build apps that work on many devices—like phones, tablets, and computers—all from one set of code. 

That’s great for app creators. But now, hackers are using it too. While McAfee is able to detect this malware, the decision to build with .NET MAUI helps hide their dangerous code from most antivirus software. Think of it like a thief wearing an invisibility cloak—unless you’re really looking, you won’t see them. 

How These Fake Apps Trick You

1. They Look Legit

Hackers are creating apps that look like they’re from real companies. For example, one fake app pretended to be IndusInd Bank, asking users to enter sensitive information like: 

• Full name 

• Phone number 

• Email 

• Birthdate 

• Credit card information 

• Unique tax and personal identifiers (PAN and Aadhaar) 

Once you hit submit, that info goes straight to the hacker’s server. 

Figure 1. Fake IndusInd Bank app’s screen requesting user information

2. They Hide the Dangerous Stuff

Normal Android apps have code in a format security tools can scan. These fake apps hide their code in binary files so it can’t be easily detected. That lets them stay on your phone longer—stealing quietly in the background. 

Malware Example: Fake Social Media App

In another case, hackers made an app that pretended to be a social media platform. This one targeted Chinese-speaking users and was even trickier than the fake bank app. 

Here’s what it did: 

• Stole contacts, photos, and texts from the phone 

• Used a 3-stage process to hide its code 

• Encrypted everything so it’s harder to track 

• Used weird, fake app permissions to confuse security scanners 

And instead of using regular internet traffic, it sent stolen data through secret encrypted channels—so even if someone intercepted it, they couldn’t read it. 

Figure 2. Various fake apps using the same technique

Where Are These Apps Coming From?

These apps aren’t in the Google Play Store. Instead, hackers are sharing them on:

• Fake websites
• Messaging apps
• Sketchy links in texts or chat groups

So if someone sends you a link to a cool new app that’s not from the Play Store—be extra careful.

How to Protect Yourself

Here are a few easy ways to stay safe:

• Download apps only from official app stores like Google Play or the Apple App Store
• Avoid clicking on links from strangers or untrusted sources
• Install security software like McAfee+ to catch threats in real-time
• Keep your apps and software updated—updates often fix security holes
• Check app permissions—if a flashlight app wants access to your texts, that’s a red flag

Hackers are getting creative, but you can stay one step ahead. These new .NET MAUI-based threats are sneaky—but they’re not unstoppable.

With smart habits and the right tools, you can keep your phone and your personal info safe. Want real-time protection on your phone? Download McAfee+ and get ahead of the latest threats.

The post New Android Malware Sneaks Past Security by Pretending to Be Real Apps appeared first on McAfee Blog.

The collapse of genetic testing giant 23andMe has raised serious privacy concerns for millions of people who shared their DNA with the company. Once valued at $6 billion, the company has filed for bankruptcy and is now selling off assets—including, potentially, your genetic data. 

If you’ve ever used 23andMe to explore your ancestry or health traits, now is the time to take action.  

Here’s what’s going on, what it means for your data, how to delete your account, and steps you can take to better protect your online privacy going forward. 

What’s Going On at 23andMe? 

23andMe, once a pioneer in at-home genetic testing, has fallen into financial distress after a series of challenges, including a massive data breach in 2023 that exposed personal information of nearly 7 million users, according to TechCrunch. The company’s value plummeted by more than 99%, leading to mass board resignations and a March 2024 bankruptcy filing. 

Now, as 23andMe prepares to sell off its assets under court supervision, its massive database of customer DNA—reportedly from more than 15 million users—is on the table. Despite the company’s assurances that its privacy policy remains in effect, experts and privacy advocates warn that your sensitive genetic data could end up in the hands of third parties, including pharmaceutical companies or even law enforcement agencies. 

Is My Privacy at Risk? 

If you used 23andMe, yes.  

Genetic data is some of the most personal information you can share. It can reveal details about your ancestry, health risks, and even family secrets. With 23andMe not covered by HIPAA (the federal health privacy law), your DNA data isn’t protected the way medical records at a doctor’s office would be, The Harvard Gazette reports. 

Although 23andMe claims it won’t share individual-level data without consent, it does reserve the right to sell or transfer personal information as part of a bankruptcy or acquisition. That means your data could be bought by another company—one with different privacy practices or intentions. 

California residents, in particular, have the legal right to delete their data under the Genetic Information Privacy Act (GIPA) and the California Consumer Privacy Act (CCPA).  

How to Delete Your 23andMe Data 

If you’re ready to take action, here’s how to delete your genetic data and revoke research permissions through your 23andMe account: 

To Delete Your Account and Genetic Data: 

1. Log in to your 23andMe account. 
2. Go to Settings. 
3. Scroll down to 23andMe Data and click View. 
4. (Optional) Download your data if you want to keep a copy. 
5. Scroll to the Delete Data section. 
6. Click Permanently Delete Data. 
7. Confirm via the email link you’ll receive. 

To Destroy Your Saliva Sample: 

1. Go to Settings. 
2. Navigate to Preferences. 
3. Select the option to destroy your stored biological sample. 

To Revoke Research Consent: 

1. Go to Settings. 
2. Navigate to Research and Product Consents. 
3. Withdraw your consent for data sharing. 

McAfee’s Tips for Protecting Your Online Privacy 

Your DNA isn’t the only personal data at risk. From email addresses and home addresses to phone numbers and even shopping habits, data brokers are collecting and selling your information online—often without your knowledge or consent. 

That’s why it’s critical to take control of your digital footprint. All McAfee+ plans provide the ability to scan the web for details of your personal information. McAfee’s Online Account Cleanup scans for accounts you no longer use and helps you delete them, along with your personal info. McAfee’s Personal Data Cleanup, takes this a step further, by scanning data broker sites for your personal information, and requesting the removal of you details from those sites. 

Combined, these tools can give you back control over your privacy. All our McAfee+ plans include scans to find your accounts and direct you on how to remove your data.  

Bottom Line: If you’ve ever used 23andMe, your genetic data could be at risk of being transferred or sold. Take action now by deleting your account and revoking permissions. And to keep the rest of your personal data protected, use tools like McAfee+ to keep your personal data safe online. 

 

The post How to Delete Your Data from 23andMe and Protect Your Privacy appeared first on McAfee Blog.

Online scams are evolving faster than ever, with cybercriminals using AI, deepfake technology, and social engineering to trick unsuspecting users.

In the past year, Americans have been targeted by an average of 14 scam messages per day, and deepfake scams have surged 1,740% in North America, according to McAfee’s State of the Scamiverse report. 

These scams go beyond simple phishing emails—scammers now impersonate trusted companies, friends, and even loved ones, making it critical to recognize the warning signs before falling victim.

Here’s how you can spot an online scam and protect yourself: 

  

5 tips to help you recognize an online scam

Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.  

They say you’ve won a huge prize

If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.  

When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.  

They want you to pay in a certain way

Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.  

Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.  

When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.  

They say it’s an emergency

Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.  

Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.  

They say they’re from a government organization or company

Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.  

If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.  

Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away. 

The email is littered with grammatical errors

Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.  

It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.  

8 most common online scams to watch out for

There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.  

Phishing scams

A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.  

Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.  

During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.  

Travel insurance scams

These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.  

You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.  

Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.  

Grandparent scams

Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members. 

For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.  

If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.  

Advance fee scam

You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.  

There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.  

Tech support scams

Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.  

When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.  

These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.  

Formjacking and retail scams

Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different. 

Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.  

For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.  

Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site. 

Scareware scams (fake antivirus)

These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).  

You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.  

What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.  

To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.  

Credit repair scams

Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report. 

All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.  

Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.  

What can you do if you get scammed online?

Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).  

Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.  

• The National Center for Disaster Fraud (NCDS) handles fake scams involving natural disasters and other national crises.  
• The Internet Crime Complaint Center (IC3) handles scams involving malware, fake websites, and fraudulent emails. 
• You can report international scams through econsumer.gov. 
• You can report Social Security scams through the Office of the Inspector General website.  
• You can report scammers who pretend to be the IRS through the Treasury Inspector General for Tax Administration website.  
• You can report tax-related identity fraud to the IRS. 

Discover how McAfee can keep you and your info safe online

Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.  

For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee+ can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.  

Get the peace of mind that comes with McAfee having your back. 

The post How to Recognize an Online Scammer appeared first on McAfee Blog.

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

New “ClickFake Interview” campaign attributed to the Lazarus Group targets crypto professionals with fake job offers