It usually starts with a small, uneasy moment. A notification you don’t recognize. A login code you didn’t request. A friend texting to ask why you just posted something… weird. 

If you’re staring at your phone wondering whether your TikTok account was hacked, you’re not alone, and you’re not being paranoid.  

Account takeovers often don’t look dramatic at first. They show up as subtle changes: a password that suddenly doesn’t work, a new device logged in overnight, or settings you swear you never touched. 

This guide walks you through exactly what to do if your TikTok account has been compromised: how to spot the warning signs, how to recover access if you’re locked out, and how to lock down active sessions so it doesn’t happen again.  

Signs Your TikTok Account May Be Compromised 

When someone else gets into your account, things usually start behaving in ways that don’t feel like you. Pay attention to changes like these: 

Profile or settings changes you didn’t make
Your display name, bio, password, linked email, phone number, or privacy settings look different, even though you never touched them. 

Content or activity you don’t recognize
Videos you didn’t post. Comments or DMs you didn’t send. New follows or likes that don’t match how you use the app. 

Login alerts that come out of nowhere
Notifications about a new device, verification codes you didn’t request, or emails confirming changes you didn’t initiate. 

Other warning signs include being locked out of your usual login method, missing recovery options, or friends telling you your account is sending strange messages. 

How to Regain Access to Your TikTok Account 

Speed matters here. The longer someone has access, the more they can change, or use your account to scam others. 

If you can still log in 

Secure the account immediately. 

1. Change your password: Use the “Forgot password?” option if needed and choose a strong, unique password you haven’t used anywhere else. 
2. Check your account details: Confirm the email address and phone number are yours. Remove anything you don’t recognize. 
3. Look for unfamiliar devices or sessions: You’ll deal with this more thoroughly below, but flag anything that looks off. 

If you’re locked out 

Start TikTok’s recovery process right away. 

1. On the login screen, tap “Report a problem” or visit the Help Center. 
2. Be ready to prove ownership. That usually includes: 
3. Your username 
4. A previous email or phone number linked to the account 
5. Devices you’ve used to log in before 
6. Screenshots of changes, if you have them 

TikTok uses this information to verify that the account is yours and roll back unauthorized changes. 

Secure your email and phone, too 

This step is critical and often overlooked. 

• Change the password on the email account linked to TikTok.  If someone controls your email, they can keep resetting your social accounts. 
• Confirm your phone number is correct and remove any unfamiliar contact info. 

Once you regain access, clean up anything the attacker touched, delete suspicious posts, undo profile changes, and revoke access for any apps you don’t recognize. 

Figure 1: How to remove TikTok logins from other devices. 

Lock Down Sessions and Strengthen Your TikTok Security 

Getting back in is only half the job. The next step is making sure whoever got in can’t come back. 

Turn on two-step verification 

In Settings & Privacy, enable two-factor verification (2FA) and choose your preferred method. An authenticator app offers the strongest protection, but SMS or email is still far better than nothing. 

Review active sessions and devices 

Head to Security and look for Manage devices or Active sessions. 

• Remove any devices you don’t recognize. 
• If available, use “Log out of all devices” to force everyone, including an attacker, out at once. 

Revoke third-party app access 

Check which apps or tools are connected to your TikTok account and remove anything you don’t use or trust. 

Use a strong, unique password 

• Aim for 12+ characters with a mix of letters, numbers, and symbols. 
• Never reuse passwords from other sites. 
• A reputable password manager like McAfee’s can help generate and store secure passwords. 

Keep your app and phone updated 

Updates often include security fixes. Running outdated software makes it easier for attackers to exploit known issues. 

Be cautious with links and messages 

Unexpected DMs, “copyright warnings,” fake verification notices, or links asking you to log in again are common hacker tactics. When in doubt, don’t click, open the app directly instead. 

Figure 2: Where in “Security & permissions” to find security updates and 2FA. 

How to Report an Impersonation Account on TikTok 

Discovering a fake account that’s using your name, photos, or videos can feel like a second violation on top of having your account hacked.  

Luckily, TikTok has a way to flag these imposters, both from inside the app and, in some regions, through an official web form. 

1. Open the impostor’s profile: Head to the account that’s pretending to be you. 
2. Tap the share icon: On mobile, this is usually the arrow at  the top of the profile. 
3. Select “Report”: Choose the option to report the account. 
4. Choose “Report account” → “Pretending to Be Someone”: That’s TikTok’s way of flagging impersonation specifically. 
5. Indicate who is being impersonated: Select Me if it’s your identity, or Celebrity/Another person if it’s someone else. Then submit.  

Figure 3: A screenshot showing where in TikTok you report fake profiles. 

If you’re in the U.S. and the fake profile is doing real damage, for example, scamming your followers or using official business assets, TikTok also offers a dedicated impersonation report form online: 

• Choose whether you’re reporting or appealing an impersonation. 
• Enter your email and country. 
• Upload valid ID or other proof that you’re who you say you are. 
• Confirm the statements and submit the form.  

For accounts outside the U.S., the public Help Center form lets you select Report a potential violation → Account violation → Impersonation and walk through similar steps.

Frequently Asked Questions 

The post Was My TikTok Hacked? How to Get Back Into Your Account and Lock Down Sessions appeared first on McAfee Blog.

This week in scams, three headlines tell the same story: attackers are getting better at manipulating people, not just breaking into systems. We’re seeing a wave of intrusions tied to social engineering, a major delivery platform confirming a breach amid extortion claims, and a big tech headline that has a lot of people rethinking how apps handle their data. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so you can spot risk earlier and avoid getting pulled into someone else’s playbook. 

Let’s get into it. 

A Wave of Cyberattacks Hits Bumble, Match, Panera, and CrunchBase 

The big picture: Several major brands were hit by cybersecurity incidents tied to social engineering tactics like phishing and vishing. 

What happened: Bloomberg reported that Bumble, Match Group, Panera Bread, and CrunchBase each confirmed incidents.  

Bumble said a contractor account was compromised in a phishing incident, which led to brief unauthorized access to a small portion of its network, and said its member database, accounts, messages, and profiles were not accessed.  

Panera said an attacker accessed a software application it used to store data, and said the data involved was contact information.  

Match said the incident affected a limited amount of user data, and said it saw no indication that user logins, financial information, or private communications were accessed.  

CrunchBase said documents on its corporate network were impacted, and said it contained the incident. 

According to Bloomberg, cybersecurity firm Mandiant has also warned about a hacking campaign linked to a group that calls itself ShinyHunters. The group is using vishing, which means scam phone calls, to trick people into giving up their login information. Once attackers get those logins, they can access cloud tools and online work systems that companies use every day. The group has said they are behind some of these recent attacks, but that has not been independently confirmed. 

Red flags to watch for: 

Calls that pressure you to approve a login, reset credentials, or share a one-time code 

Messages posing as IT support, a vendor, or “security” that try to rush you 

MFA prompts you did not initiate 

“Quick verification” requests that bypass normal internal processes 

How this works: Social engineering works because it blends into normal life. A convincing message or call gets someone to do one small “reasonable” thing. Approve a prompt. Read a code. Reset access. That is often all an attacker needs to get inside with legitimate credentials, then pivot into the tools where valuable data lives. 

TikTok’s Privacy Policy Update Sparks Backlash 

Ok, we know this is called “This Week in Scams” but this is also a cybersecurity newsletter. So when the biggest tech and privacy headline of the week is TikTok updating its privacy policy, we have to talk about it. 

The big picture: TikTok’s updated terms and privacy policy are raising fresh questions about what data is collected, especially around location. 

What happened: TikTok confirmed last week that a new U.S.-based entity is in control of the app after splitting from ByteDance earlier this year. That same day, CBS reported TikTok published updated terms and a new privacy policy, which prompted backlash on social media. 

CBS reported that one major point of concern is language stating TikTok may collect precise location information if users enable location services in device settings. This is reportedly a shift from previous policy language, and TikTok said it plans to give U.S. users a prompt to opt in or opt out when precise location features roll out. 

According to CBS, some users are also concerned the new privacy policy would allow the TikTok to more easily share their private data with the federal and local government. 

That fear is based on a change in policy language stating that TikTok “processes such sensitive personal information in accordance with applicable law.” 

A quick, practical takeaway: This is a good reminder that “privacy policy drama” usually comes down to one thing you can actually control: your app permissions. 

What to do (general privacy steps): 

Check your phone settings for TikTok and confirm whether location access is Off, While Using, or Always. 

If your device supports it, consider turning off precise location for apps that do not truly need it. 

Do a quick permission sweep across social apps: location, contacts, photos, microphone, camera, and Bluetooth. 

Make sure your account is protected with a strong, unique password and two-factor authentication. 

Note: This is not a recommendation about whether to keep or remove any specific app. It’s a reminder that your device settings matter and they are worth revisiting. 

Grubhub Confirms a Data Breach Amid Reports of Extortion 

The big picture: Even when a company says payment details were not affected, a breach can still create risk because stolen data often gets reused for phishing. 

What happened: According to BleepingComputer, Grubhub confirmed unauthorized individuals downloaded data from certain systems and that it investigated, stopped the activity, and is taking steps to strengthen security. Sources told BleepingComputer the company is facing extortion demands tied to stolen data. Grubhub said sensitive information like financial details and order history was not affected, and did not provide more detail on timing or scope. 

Red flags to watch for next: Breach headlines are often followed by scam waves. Be on alert for: 

“Refund” or “order problem” emails you did not request 

Fake customer support messages asking you to verify account details 

Password reset prompts you did not initiate 

Links to “resolve your account” that don’t come from a known, official domain 

How this works: Customer support systems can contain personal details that make scams feel real. Names, emails, and account notes are often enough for attackers to craft messages that sound like legitimate help, especially when the brand is already in the news. 

Fake Chrome Extensions Are Quietly Taking Over Accounts 

The big picture: Some browser extensions that look like normal workplace tools are actually designed to hijack accounts and lock users out of their own security controls. 

What happened: Security researchers told Fox News that they uncovered a campaign involving malicious Google Chrome extensions that impersonate well-known business and human resources platforms, including tools commonly used for payroll, benefits, and workplace access. 

Researchers identified several fake extensions that were marketed as productivity or security tools. Once installed, they quietly ran in the background without obvious warning signs. According to Fox News, Google said the extensions have been removed from the Chrome Web Store, but some are still circulating on third-party download sites. 

How the scam actually works: Instead of stealing passwords directly, the extensions captured active login sessions. When you sign into a website, your browser stores small files that keep you logged in. If attackers get access to those files, they can enter an account without ever knowing the password. 

Some extensions went a step further by interfering with security settings. Victims were unable to change passwords, review login history, or reach account controls. That made it harder to detect the intrusion and even harder to recover access once something felt off. 

Why this matters: This kind of attack removes the safety net people rely on when accounts are compromised. Password resets and two-factor authentication only help if you can reach them. By cutting off access to those tools, attackers can maintain control longer and move through connected systems with less resistance. 

What to watch for: 

Browser extensions you don’t remember installing 

Add-ons claiming to manage HR, payroll, or internal business access 

Missing or inaccessible security settings on accounts 

Being logged into accounts you did not recently open 

A quick safety check: Take a few minutes to review your browser extensions. Remove anything unfamiliar or unnecessary, especially tools tied to work platforms. Extensions have deep access to your browser, which means they deserve the same scrutiny as any other software you install. 

McAfee’s Safety Tips for This Week 

Be skeptical of “helpful” tools. Browser extensions, workplace add-ons, and productivity tools can have deep access to your accounts. Only install what you truly need and remove anything unfamiliar. 

Treat calls and prompts with caution. Unexpected login requests, MFA approvals, or “IT support” outreach are common entry points for social engineering. If you didn’t initiate it, pause and verify. 

Review app and browser permissions. Take a few minutes to check what apps and extensions can access your location, accounts, and data. Small changes here can significantly reduce risk. 

Protect your logins first. Use strong, unique passwords and enable two-factor authentication on email and work-related accounts. If attackers get your email, they can reset almost everything else. McAfee’s Password Manager can help you create and store unique passwords for all of your accounts.  

Expect follow-up scams after headlines. When breaches or policy changes make the news, scammers often follow with phishing messages that reference them. Extra skepticism in the days and weeks after a story breaks can prevent bigger problems later. 

The post This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion appeared first on McAfee Blog.

As Harry Styles concert tickets go on sale for his first tour in years, cybersecurity experts warn that the same excitement driving ticket registrations and social chatter will also drive a spike in ticket scams across social media, email, and text messages. 

“When demand spikes around a major tour, ticket scams spike too,” said Abhishek Karnik, Head of Threat Research at McAfee. “We saw this during recent major ticket releases, including the Oasis reunion, when McAfee Labs identified more than 2,000 suspicious ticket listings online.” 

“Scammers take advantage of the urgency fans already feel, and the fear of missing out, inserting themselves into social posts, DMs, and text threads with offers that sound normal and believable,” Karnik added.

“Avoid interacting with unknown sellers, especially when offers are made over social media,” Karnik said. “Payments made via wire transfers, cryptocurrency, gift cards, or peer-to-peer platforms like Venmo or Zelle are often not recoverable, which is why it’s safer to buy directly from official ticketing sites or well known resale platforms.”

Where, When, and How to Get Harry Styles Tickets 

Styles announced Together, Together on January 22, marking his first tour since 2023. 

The residency-style run spans seven cities worldwide: Amsterdam, London, São Paulo, Mexico City, New York, Melbourne, and Sydney. Shows begin in May and continue through December. 

New York City is the only North American stop, making competition for tickets especially intense for U.S. fans. In fact, a record-breaking 11.5 million people have already registered for ticket information to attend the Madison Square Garden stop alone. For context, the capacity for that venue is just 19,500 people.  

According to The Hollywood Reporter, that means just 5% of people who signed up for U.S. tickets will be able to buy them when they go on sale this week.  

American Express access presale ticket sales are already live, and Ticketmaster is the primary platform handling official sales.  

The rest of the Together, Together tour tickets will be released in two stages:  

1. General on sale for NYC dates August 26 – October 9 begins on Friday, January 30.  
2. General on sale for October 10 – 31 begins Wednesday, February 4. 

That staggered release schedule matters. Multiple on-sale moments mean repeated waves of urgency, which scammers often mirror with fake “last chance” messages, counterfeit presale links, or impersonations of ticketing platforms and customer support. 

What do Harry Styles tickets cost right now 

Ticket prices range widely by seat location and package, with outlets reporting lower prices starting in the $100 range. However, premium seats climb past $1,000. According to Forbes, the average ticket price of his 2022 tour was $113. 

That context matters, because it helps fans recognize the biggest red flag in ticket fraud: a too-good-to-be-true price.  

If you are seeing “floor seats for $50” while reputable platforms are showing far higher prices for comparable sections, that is not a deal. It is a hook for a scammer. 

How ticket scams work 

Ticket scams rarely start with “Buy my fake ticket.” They start with the conditions that make people easy to rush: too much noise, too many messages, and too little time to verify what’s real. 

McAfee’s State of the Scamiverse survey of 7,500 consumers found people now receive 14 scam messages per day on average, and spend a “time tax” of 114 hours a year sorting real from fake. In that environment, criminals don’t need you to be careless. They just need you to be busy. And major ticket drops create the perfect opening: high demand, fast-moving queues, and price shock that makes a “good deal” feel like something you have to grab immediately. 

What’s changed is that scams don’t even need a link anymore. The report found more than 1 in 4 people (26%) say suspicious social messages now arrive without a URL, and 44% admit they reply to those linkless DMs anyway, often triggering the next step of the scam. That’s the blueprint behind many ticket scams today: a believable message, a quick pivot to payment, and pressure to move fast before you can verify. 

Below are among the most common ticket-scam patterns to watch for, and exactly how they play out. 

Ticket fraud 

Ticket fraud is when someone advertises tickets, takes payment, and delivers nothing, or delivers tickets that do not work at the door. This includes fake screenshots, fake confirmation emails, and counterfeit QR codes. 

How it plays out: 

• A seller claims they “cannot make the show.” 
• They ask you to pay quickly to “hold” the tickets. 
• They send a screenshot of a ticket or order email. 
• The tickets never arrive, or the QR code fails when scanned. 

Resale duplication scams 

A resale duplication scam happens when the scammer sells the same ticket to multiple buyers. Sometimes the scammer has one legitimate ticket and sells it repeatedly. Sometimes they have none and simply reuse the same screenshot. 

How it plays out: 

• You receive something that looks real. 
• Multiple people show up with the same ticket. 
• Only the first scan gets in. 

Phishing scams 

A phishing scam is a message designed to trick you into clicking a link or sharing personal information. Ticket phishing often pretends to be from Ticketmaster, a venue, a presale program, or customer support. 

How it plays out: 

• “Your tickets are on hold, confirm within 10 minutes.” 
• “Unusual activity detected. Verify your account.” 
• “Your payment failed. Update billing.” 

Modern phishing messages can look polished and grammatically clean, which is why relying on spelling errors is no longer a reliable defense. 

Cloned ticket websites 

A cloned ticket website is a fake site made to look like a legitimate seller. These sites are built to capture your payment info, personal data, or both. 

How it plays out: 

• You click an ad or link from social media. 
• The site looks legitimate, but the URL is slightly off. 
• You “buy” tickets and either receive nothing or later see fraud on your card. 

Ticket transfer and account takeover scams 

A ticket transfer scam exploits the fact that many tickets are digital and transferable. A related risk is account takeover, where scammers steal your ticketing login and transfer tickets out of your account. 

How it plays out: 

• You get a message claiming your account needs verification. 
• You enter credentials on a fake page. 
• The attacker logs in and transfers tickets away. 

Fake customer support scams 

A fake customer support scam is when scammers pose as a company’s help desk, often after you post publicly that you need help. 

How it plays out: 

• You tweet, post, or comment about ticket issues. 
• An “agent” messages you first. 
• They ask for login details, a code, or payment to “unlock” tickets. 

A true scam story: Henry’s last-minute ticket scam 

Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in, someone nearby claimed to have extra tickets.  

The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets.  

Minutes later, he sent the full $280.  

“I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.”  

The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him. 

Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show.  

“I sent $280 and got blocked. We never made it inside.”  

What makes Henry’s experience so common is not the platform. It is the pattern: 

• A believable story 
• A “reasonable” price 
• A fast-moving negotiation 
• A sudden change in terms 
• Pressure, then disappearance 

How to spot a ticket scam fast 

Use these red flags as a reality filter: 

Safer ways to buy tickets 

If you want the simplest rule: buy through official ticketing and verified resale platforms that offer buyer protection. Scammers can create fake accounts anywhere, but they cannot easily bypass legitimate purchase protections. 

Practical steps: 

1. Go direct: Type the official ticketing URL into your browser, do not follow random links. 
2. Use protected payment: Credit cards generally offer stronger dispute options than unprotected transfers. 
3. Avoid risky payment demands: Crypto, gift cards, and wires are common in fraud because they are hard to reverse. 
4. Secure your accounts: Use strong passwords and enable two-factor authentication where available. 
5. Pause before paying: Scammers depend on emotional momentum. 

How Scam Detector can help 

Tools like McAfee’s Scam Detector can act as a second set of eyes when messages or links are designed to rush you.  

Scam detection can help flag suspicious language patterns, risky links, and social engineering tactics before money leaves your account. 

The post Buying Harry Styles Tickets? Avoid These Common Ticket Scams appeared first on McAfee Blog.

You block a caller, feel a moment of relief, and then the phone rings again. If you’re wondering why you still get spam calls even after blocking numbers, you’re not alone.  

Spammers evolve quickly. They rotate phone numbers, spoof caller IDs, and use automated dialers to bypass basic defences, which is why many people see blocked calls still coming through and ask, can blocked numbers call you?

In this guide, we’ll explain what’s happening behind the scenes, share proven steps for how to stop getting spam calls, and help you protect your privacy and finances with confidence. 

What Counts as a Spam Call? 

Spam calls are unsolicited calls that aim to sell, deceive, or defraud. They include aggressive sales pitches, fake giveaways, tech support scams, and impersonations of banks or government agencies. Some are placed by people, while many are robocalls that play prerecorded messages at scale. Legality often hinges on consent and compliance with regulations, but harmful calls tend to ignore the rules. 

The typical scam call red flags: 1) Urgent or threatening language. 2) Pressure to pay right now. 3) Requests for sensitive details like Social Security numbers, bank information, or one-time passcodes.

Robocalls drive much of the volume today. They’re inexpensive, fast, and highly automated. While appointment reminders or pharmacy updates can be helpful and legitimate, scam robocalls promote fake debt collection, prize schemes, or malicious tech support. Their scale is precisely why blocked calls still coming through remains a persistent frustration. 

Inbox of spam calls feel familiar?

Why Blocking Numbers Doesn’t Stop Spam 

Blocking prevents repeat calls from the same caller ID. Spammers know this and adapt. They rotate through vast pools of numbers, so each attempt looks new. You block one, and the next call arrives from a different number. It’s a cat-and-mouse game that leads many to ask, can blocked numbers call you or why is a blocked number still calling? 

Caller ID spoofing amplifies the problem. Spoofing lets scammers display any number they want, including matching your area code or appearing as a trusted organisation. This undermines caller ID and weakens number-based blocking. Some spoofed calls even show familiar names, increasing the chance you’ll answer. 

Behind the scenes, spam operations acquire and discard numbers rapidly through VoIP services and disposable lines. Large campaigns can cycle through thousands of numbers daily, which makes manual blocking a limited defense. That’s why you still get spam calls even after blocking numbers and why many people wonder how to stop getting spam calls for good. 

Layered Measures to Reduce Spam Calls 

A stronger strategy combines smarter tools with practical policies that work together. Here’s how we approach it: 

Use call-protection apps: Choose reputable apps that leverage threat intelligence, crowdsourced reports, and machine learning. These tools detect patterns, silence high-risk calls, and warn you before you answer. Many provide enhanced caller ID and category-based filtering to cut down the noise. 

Register with the National Do Not Call Registry: Add your number at donotcall.gov to reduce lawful telemarketing. It won’t stop illegal spam calls, but it trims legitimate sales outreach and supports enforcement when violators call. 

Use your mobile carrier’s protections: Most phone carriers offer built-in features that help identify and block spam calls, often at no extra cost. When these tools are turned on, your phone may label suspicious calls as “Scam Likely,” warn you before you answer, or automatically block known spam numbers. Some carriers can also verify when a call is coming from a real business, which makes it harder for scammers to fake caller IDs and pretend to be someone they’re not. 

Used together, these layers reduce the chance that a blocked number still calling will get through and provide practical answers for how to stop getting spam calls without missing important calls. 

Best Practices for Handling Incoming Calls 

Build habits that make suspicious calls easier to spot and manage: 

Spot potential spam: Be cautious with unknown numbers, urgent demands, and offers that sound too good to be true. Don’t share personal information, one-time passcodes, or payment details. If someone claims to be from your bank, healthcare provider, or a government agency, hang up and call back using a verified number from their official website. 

Report spam quickly: File complaints with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and the Federal Communications Commission (FCC) at consumercomplaints.fcc.gov. Include caller ID, time, message content, and any request for data or payment. Many call-protection apps and carriers support in-app reporting, which improves filters for everyone. 

Use call screening: Turn on features like Silence Unknown Callers on iOS or Filter Spam Calls on Android. Enable voicemail transcription and consider Do Not Disturb with exceptions for contacts and verified callers. Use screening assistants where available to prompt unknown callers to state their purpose. This reduces interruptions and blocks automated spam. 

Stay Safe from Social Engineering 

Phone scams often rely on social engineering. Recognising common tactics helps you pause and protect yourself. 

Spot voice phishing: Be wary of claims that your account is locked, a payment is overdue, or an immediate verification code is needed. Legitimate organisations do not ask for full Social Security numbers, passwords, or 2FA codes over the phone. If you’re concerned, contact the company through a trusted channel. 

Protect personal information: Keep sensitive data private. Don’t share account numbers, PINs, passwords, or security codes in response to an incoming call. Use strong, unique passwords and enable multi-factor authentication. If you receive a verification code you didn’t request, secure your account right away. 

If you responded to a spam call: If you disclosed financial details or made a payment, contact your bank or card issuer immediately. Change passwords, enable account alerts, and review recent activity. Report the incident to the FTC and local law enforcement if needed. Consider a credit freeze with the major credit bureaus. If a device may be compromised, run a trusted security app to scan and remove suspicious software. 

Quick Comparison of Anti-Spam Call Options 

If you’re asking why you still get spam calls even after blocking numbers or seeing a blocked number still calling, this table shows how layered options work together to reduce risks. 

Go Beyond Blocking: Remove Your Number From the Dark Web and Data Broker Lists 

Blocking spam callers treats the symptom, not the source. One reason spam keeps coming is that your phone number may already be circulating in data broker databases or dark web marketplaces after a breach, app signup, or form fill. Once your number is out there, it gets resold, bundled, and targeted repeatedly. 

McAfee Data Cleanup tackles that upstream problem. It helps find where your personal data, including your phone number, appears online and works to remove it from risky sources. Fewer listings mean fewer lists for spammers to buy and fewer campaigns aimed at your number. 

How your number ends up being targeted 

Data brokers: Many sites legally collect and resell contact details. Spammers buy access and blast calls at scale. 

Breaches and leaks: Stolen databases often end up on underground forums, where numbers are traded and reused. 

Public profiles and apps: Old accounts, giveaways, and permissions can expose your number without you realising. 

What Data Cleanup adds to your defense 

Finds exposures: Scans for your number across broker sites and known risk areas. 

Removes listings: Submits opt-out and removal requests on your behalf, reducing where your data lives online. 

Keeps watch: Monitors for reappearance so your number doesn’t quietly get relisted later. 

Think of this as turning down the tap, not just mopping the floor. When fewer databases have your number, spam operations have fewer ways to reach you. 

If you’re serious about how to stop getting spam calls, add data cleanup to your toolkit. Reducing your digital footprint won’t eliminate every bad call overnight, but over time, it lowers exposure, cuts repeat targeting, and helps reclaim your phone from constant interruptions. 

Blocking Isn’t Protection. Layering Is. 

If spam calls feel endless, it’s because blocking numbers was never designed to stop modern scam operations. Today’s callers rotate numbers, spoof trusted IDs, and pull your phone number from massive data ecosystems that don’t disappear when you tap “Block.” 

The real fix is layered protection. Call filtering and carrier tools help stop suspicious calls at the door. Screening features reduce interruptions. And addressing the source, by limiting where your number exists online, cuts down the number of campaigns that ever reach you in the first place. 

No single tool will end spam calls overnight. But when you combine smart call protections, cautious habits, and proactive data cleanup, the volume drops, the risks shrink, and your phone becomes a lot quieter. 

If you’ve been asking why you still get spam calls even after blocking numbers, this is the answer. Blocking is reactive. Protection works best when it’s proactive. 

FAQs 

The post Why You Still Get Spam Calls Even After Blocking Numbers appeared first on McAfee Blog.

Scams don’t always arrive with obvious warning signs. 

They show up as QR codes on parking meters. As casual DMs that start with “Hey.” As social messages that feel routine enough to respond to without thinking twice. 

That shift has created a new burden for consumers. According to McAfee’s 2026 State of the Scamiverse report, Americans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That is nearly three full workweeks lost to second-guessing messages, alerts, links, and notifications. 

McAfee’s upgraded Scam Detector is designed to meet people in those exact moments, with enhancements rolling out across core McAfee plans beginning in February. 

The latest improvements add instant QR code scam checks and smarter social messaging protection, making it easier to spot scams before they escalate. 

Figure 1: An example of a suspicious text being flagged by McAfee’s Scam Detector 

What’s new in McAfee’s Scam Detector 

Scams now move quickly across platforms and formats, often escalating in minutes once someone engages. Among people who were harmed by a scam, the typical scam unfolded in about 38 minutes. 

That speed leaves little room for hesitation. Scam protection has to work in real time, not after the damage is done. 

McAfee’s latest Scam Detector upgrades are designed around that reality, adding: 

• Instant QR code safety checks, so users can assess risk before tapping 
• Smarter social messaging protection, with clearer warnings for suspicious texts, emails, and DMs, even when no link is present 

These Scam Detector upgrades will begin rolling out in February across all core McAfee plans, bringing real-time protection to the moments where scams escalate fastest. 

QR codes, quishing, and why instant scans are needed 

QR codes were designed for convenience. That is exactly why scammers use them. 

Cybercriminals increasingly hide malicious links behind QR codes placed on menus, parking meters, packages, posters, and public signage. People scan quickly, often without stopping to evaluate where the code leads. 

McAfee research shows how common this risk has become: 

• 68% of people scanned a QR code in the past three months 
• 18% landed on a suspicious or unsafe page after scanning 
• Among those who did, more than half took risky actions such as entering personal information, installing an app, or connecting a digital wallet 

Figure 2. A still from a demo video, showing a risky QR code being blocked by McAfee’s Scam Detector 

Social media scams and the rise of linkless messages 

Phishing is no longer confined to emails with obvious red flags. 

Scams now arrive through WhatsApp, Instagram, Messenger, Telegram, and other social platforms, often starting as vague or friendly messages designed to lower suspicion rather than trigger alarm. 

McAfee’s research highlights a key shift: more than one in four suspicious social messages contain no link at all, and 44% of Americans say they have replied to a suspicious DM with no link. 

These messages rely on familiarity and momentum. A short greeting. A warning about an account issue. A promise of easy money. By the time a request or link appears, the conversation already feels normal. 

And the economic impact of these scams is significant. According to the FTC, social media scams drove $1.9 billion in reported losses in 2024, making social platforms one of the top channels for fraud and identity theft. 

That’s why McAfee’s Scam Detector includes smarter social messaging protection, delivering clearer warnings for suspicious texts, emails, and DMs, even those without risky links, across popular platforms. The focus is on identifying suspicious patterns and behavior, not just URLs. 

Users can take a quick screenshot of their social media content on social media, and McAfee’s Scam Detector will analyze the message for suspicious activity. 

Get protection that works before scams escalate 

The stakes are high: 

• One in three Americans has lost money to a scam 
• Among those who lost money, the average loss was $1,160 
• 15% of scam victims fall for another scam within a year 

Scams are not just increasing in volume. They are becoming more personal, more believable, and easier to scale using AI. 

McAfee’s upgraded Scam Detector is designed to stay ahead of those shifts, offering real-time guidance when it matters most, whether that’s a suspicious QR code, a vague DM, or a message that feels just normal enough to trust. 

The enhanced Scam Detector, including instant QR code checks and smarter social messaging protection, will begin rolling out in February across all core McAfee plans. 

The post How McAfee’s Scam Detector Checks QR Codes and Social Messages appeared first on McAfee Blog.

Merriam-Webster’s word of 2025 was “slop.” Specifically, AI slop. 

Low-effort, AI-generated content now fills social feeds, inboxes, and message threads. Much of it is harmless. Some of it is entertaining. But its growing presence is changing what people expect to see online.

McAfee’s 2026 State of the Scamiverse report shows that scammers are increasingly using the same AI tools and techniques to make fraud feel familiar and convincing. Phishing sites look more legitimate. Messages sound more natural. Conversations unfold in ways that feel routine instead of suspicious.

According to McAfee’s consumer survey, Americans now spend an average of 114 hours a year trying to determine whether the messages they receive are real or scams. That’s nearly three full workweeks lost not to fraud itself, but to hesitation and doubt.

As AI-generated content becomes more common, the traditional signals people relied on to spot scams, such as strange links and awkward grammar, are fading. That shift does not mean everything online is dangerous. It means it takes more effort to tell what is real from what is malicious.

The result is growing uncertainty. And a rising cost in time, attention, and confidence.

The average American receives 14 scam messages a day 

Scams are no longer occasional interruptions. They are a constant background noise. 

According to the report, Americans receive an average of 14 scam messages per day across text, email, and social media.  

Many of these messages do not look suspicious at first glance. They resemble routine interactions people are conditioned to respond to. 

• Delivery notices 
• Account verification requests 
• Subscription renewals  
• Job outreach 
• Bank alerts 
• Charity appeals 

And with the use of AI tools, scammers are churning out these scam messages and making them look extremely realistic.

That strategy is working. One in three Americans says they feel less confident spotting scams than they did a year ago.  

Figure 1. Types of scams reported in our consumer survey. 

Most scams move fast, and many are over in minutes 

The popular image of scams often involves long email threads or elaborate schemes. In reality, many modern scams unfold quickly. 

Among Americans who were harmed by a scam, the typical scam played out in about 38 minutes.  

That speed matters. It leaves little time for reflection, verification, or second opinions. Once a person engages, scammers often escalate immediately. 

Still, some scammers play the long game with realistic romance or friendship scams that turn into crypto pitches or urgent requests for financial support. Often these scams start with no link at all, but just a familiar DM.

In fact, the report found that more than one in four suspicious social messages contain no link at all, removing one of the most familiar warning signs of a scam.  And 44% of people say they have replied to a suspicious direct message without a link.  

The cost is not just money. It is time and attention. 

Financial losses from scams remain significant. One in three Americans report losing money to a scam. Among those who lost money, the average loss was $1,160.  

But the report argues that focusing only on dollar amounts understates the broader impact: scams also cost time, attention, and emotional energy. 

People are forced to second-guess everyday digital interactions. Opening a message. Answering a call. Scanning a QR code. Responding to a notification. That time adds up. 

And who doesn’t know that sinking feeling when you realize a message you opened or a link you clicked wasn’t legitimate?

Figure 3. World Map of Average Scam Losses. 

Why AI slop makes scams harder to spot 

The rise of AI-generated content has changed the baseline of what people expect online. It’s now an everyday part of life.

According to the report, Americans say they see an average of three deepfakes per day.  

Most are not scams. But that familiarity has consequences. 

When AI-generated content becomes normal, it becomes harder to recognize when the same tools are being used maliciously. The report found that more than one in three Americans do not feel confident identifying deepfake scams, and one in ten say they have already experienced a voice-clone scam. Voice clone scams often feature AI deepfake audio of public figures, or even people you know, requesting urgent financial support and compromising information.

These AI-generated scams also come in the form of phony customer support outreach, fake job opportunities and interviews, and illegitimate investment pitches.

Account takeovers are becoming routine 

Scams do not always end with an immediate financial loss. Many are designed to gain long-term access to accounts. 

The report found that 55% of Americans say a social media account was compromised in the past year.  

Once an account is taken over, scammers can impersonate trusted contacts, spread malicious links, or harvest additional personal information. The damage often extends well beyond the original interaction. 

Scams are blending into everyday digital life 

What stands out most in the 2026 report is how thoroughly scams have blended into normal online routines. 

Scammers are embedding fraud into the same systems people rely on to work, communicate, and manage their lives. 

• Cloud storage alerts (such as Google Drive or iCloud notices) warning that storage is full or access will be restricted unless action is taken, pushing users toward fake login pages.
• Shared document notifications that appear to come from coworkers or collaborators, prompting recipients to open files or sign in to view a document that does not exist.
• Payment confirmations that claim a charge has gone through, pressuring people to click or reply quickly to dispute a transaction they do not recognize.
• Verification codes sent unexpectedly, often as part of account takeover attempts designed to trick people into sharing one-time passwords.
• Customer support messages that impersonate trusted brands, offering help with an issue the recipient never reported.

Figure 4: Example of a cloud scam message. 

The Key Takeaway

Not all AI-generated content is a scam. Much of what people encounter online every day is harmless, forgettable, or even entertaining. But the rapid growth of AI slop is creating a different kind of risk.

Learn more and read the full report here.

FAQ: Understanding the AI Slop Era and Modern Scams 

The post McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real appeared first on McAfee Blog.

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix billing alerts to malicious browser extensions and QR code phishing tied to foreign espionage, the common thread is trust being weaponized at exactly the right moment. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it. 

Netflix Billing Emails Are Back… And Still Catching People Off Guard 

The big picture: Subscription phishing is resurging, with scammers impersonating Netflix and using fake billing failures to push victims into handing over payment details. 

What happened: Multiple Netflix impersonation emails circulated again this month, warning recipients that a payment failed and urging them to “update payment” to avoid service interruption. The messages closely mirror Netflix’s real branding and include polished formatting, official-looking language, and even PDF attachments designed to feel like legitimate billing notices. 

What makes these scams effective is timing. Victims often receive them while actively reviewing subscriptions, updating payment methods, or considering canceling services. That context lowers skepticism just enough for a quick click before slowing down to verify. 

McAfee’s Scam Detector flagged the messages (which one of our own employees received this week) as phishing, confirming they were designed to steal payment information rather than resolve a real billing issue. 

Red flags to watch for: 

• Unexpected billing problems paired with urgent calls to act 
• Payment requests delivered by email instead of inside the app 
• Attachments or buttons asking you to “fix” account issues 
• Sender addresses that don’t match official Netflix domains 

How this scam works: This is classic brand impersonation phishing. Scammers don’t need to hack Netflix itself. They rely on people recognizing the logo, trusting the message, and reacting emotionally to the idea of losing access. The attachment and clean design help bypass instinctive spam filters in the brain, even when technical filters catch it later. 

Netflix has warned customers about these scams and offers advice on its site if you encounter one.

What to do instead: If you get a billing alert, don’t click. Open the Netflix app or manually type the site address to check your account. If there’s no issue there, the email wasn’t real. 

Fake Ad Blocker Crashes Browsers to Push “Fix It” Malware 

The big picture: Attackers are exploiting browser crashes themselves as a social engineering tool, turning technical disruption into a pathway for malware installation. 

What happened: Researchers reported a malvertising campaign promoting a fake ad-blocking browser extension called “NexShield,” which falsely claimed to be created by the developer of a well-known, legitimate ad blocker. Once installed, the extension intentionally overwhelmed the browser, causing freezes, crashes, and system instability. 

After restart, victims were shown fake security warnings instructing them to “fix” the problem by running commands on their own computer. Following those instructions triggered the download of a remote access tool capable of spying, executing commands, and installing additional malware. The reporting was first detailed by Bleeping Computer, with technical analysis from security researchers. 

Red flags to watch for: 

• Browser extensions promising performance boosts or “ultimate” protection 
• Crashes immediately after installing a new extension 
• Pop-ups instructing you to run commands manually 
• “Security fixes” that require copying and pasting code 

How this scam works: This is a variant of ClickFix attacks. Instead of faking a problem, attackers cause a real one, then position themselves as the solution. The crash creates urgency and confusion, making people more likely to follow instructions they’d normally question. It turns frustration into compliance. 

FBI Warns QR Code Phishing Is Being Used for Cyber Espionage 

The big picture: QR codes are being used as stealth phishing tools, with highly targeted attacks tied to foreign intelligence operations. 

What happened: The Federal Bureau of Investigation issued a warning about QR code phishing, or “quishing,” campaigns linked to a North Korean government-backed hacking group. According to reporting by Fox News, attackers sent emails containing QR codes that redirected victims to fake login pages or malware-hosting sites. 

In some cases, simply visiting the site allowed attackers to collect device data, location details, and system information, even if no credentials were entered. These campaigns are highly targeted, often aimed at professionals in policy, research, and technology sectors. 

Red flags to watch for: 

• QR codes sent by email or messaging apps 
• QR codes leading to login pages for work tools or cloud services 
• Messages that feel personalized but unexpected 
• Requests to scan instead of click 

How this scam works: QR codes hide the destination URL, removing the visual cues people rely on to judge safety. Because scanning feels faster and more “passive” than clicking a link, people often skip verification entirely. That moment of trust is what attackers exploit. 

Read our ultimate guide to “quishing” and how to spot and avoid QR code scams here. 

McAfee’s Safety Tips for This Week 

• Verify inside official apps. Billing or security issues should be confirmed directly in the app or website you normally use, not through email links or QR codes. 
• Treat extensions like software installs. Only install browser extensions from trusted publishers you already know, and remove anything that causes instability. 
• Slow down with QR codes. If a QR code leads to a login page or download, close it and navigate manually instead. 
• Watch for urgency + familiarity. Scammers increasingly rely on brands, tools, and behaviors you already trust to short-circuit caution. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365. 

The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.

Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users. 

“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”

“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”

“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.

Here, we break down what happened and why outages are prime time for scammers.

What happened to Microsoft Outlook? 

A Microsoft infrastructure failure disrupted email delivery. 

Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.

Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.

When did the Microsoft outage happen? 

The disruption unfolded over several hours on Thursday afternoon (ET). 

Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows: 

Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.

2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.

3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.

4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.

Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced. 

Was this a hack or cyberattack? 

No. Microsoft says the outage was caused by technical infrastructure issues. 

According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours. 

A message sent by Microsoft about the server issue.

Why outages  cause widespread disruption 

Modern work depends on shared cloud infrastructure. 

That sudden loss of access often leaves users unsure whether: 

• Their account has been compromised 
• Their data is at risk 
• They need to take immediate action 

That uncertainty is exactly what scammers look for. 

How scammers exploit big tech outages

They impersonate the company and trick users into signing in again. 

After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours. 

These scams typically work by: 

Impersonating Microsoft using logos, branding, and language copied from real outage notices 

Sending fake “service restoration” emails or texts claiming users must re-authenticate 

Linking to realistic login pages designed to steal Microsoft usernames and passwords 

Posing as IT support or Microsoft support and directing users to fake phone numbers 

Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address. 

How to stay safe during a Microsoft outage 

Outages are confusing. Scammers rely on urgency and familiarity. 

To reduce risk: 

• Do not click links in emails or texts about outages or “account recovery.” 
• Go directly to official sources, such as Microsoft’s status page or verified social accounts. 
• Never re-enter your password through links sent during an outage. 
• Ignore urgent fixes that ask for downloads, payments, or credentials. 

If you already clicked or entered information: 

• Change your Microsoft password immediately 
• Update passwords anywhere you reused it 
• Turn on or refresh two-factor authentication 
• Review recent account activity 
• Run a trusted security scan to remove malicious software (check out our free trial) 

How McAfee can help 

Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens. 

McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access. 

FAQ 

The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.

If you recently received an unexpected email from Instagram asking you to reset your password, you are not alone. Over the past several days, thousands of users reported receiving legitimate password reset emails they did not request. 

The sudden wave of messages led to widespread confusion and concern about whether Instagram had suffered a data breach. Instagram and its parent company Meta deny that a breach occurred, stating instead that they fixed an issue that allowed an external party to trigger password reset emails for some users. 

While the exact source of the activity remains disputed, the situation highlights a broader and more important issue. Password reset emails, even when legitimate, are often the first signal users get that their information may be exposed, reused, or being targeted by attackers. 

Here is what we know so far and what this incident reveals about how password compromises really happen. 

Was Instagram Hacked? 

Instagram says no. 

In statements reported by the BBC and BleepingComputer, Meta said it resolved a problem that allowed an external party to request password reset emails on behalf of users. The company maintains there was no breach of its systems and that accounts remain secure. 

At the same time, cybersecurity researchers and firms, including Malwarebytes, have warned about a dataset circulating on hacking forums that allegedly contains information linked to more than 17 million Instagram accounts. According to reporting, that data may include usernames, email addresses, phone numbers, locations, and account IDs, but not passwords. 

Some researchers believe the dataset may be a compilation of older scraped data rather than evidence of a new breach. Others say the timing of the password reset emails and the appearance of the data raises unresolved questions. 

What matters for users is this: regardless of whether this was a new breach, old scraped data, or a technical abuse of password reset systems, attackers routinely use exposed personal information to launch phishing, account takeover attempts, and social engineering attacks. 

What Counts as a Data Breach and What Does Not 

A true data breach occurs when attackers gain unauthorized access to internal systems and steal protected data such as passwords, financial information, or private communications. 

In many cases, personal data is also exposed through: 

• API scraping of publicly accessible information 
• Older leaks that are resold or repackaged 
• Credential stuffing using passwords stolen from unrelated sites 
• Abuse of account recovery or password reset features 

That distinction matters because even when passwords are not leaked, exposed personal data can still be weaponized. Names, emails, phone numbers, and locations are often enough for scammers to craft convincing phishing messages that appear legitimate. 

Why You Might Receive a Password Reset Email You Did Not Request 

There are several common reasons this happens, and none of them require your Instagram password to be stolen. 

• Someone may be testing whether your email address is linked to an account. 
• Attackers may be attempting credential stuffing using passwords from past breaches. 
• Your information may appear in older datasets that are being reused or resold. 
• A platform bug or abuse of recovery systems may trigger reset emails at scale. 

Scammers often use these moments to send fake follow-up emails that look nearly identical to legitimate ones. That is why security experts consistently recommend going directly to the app or official website rather than clicking links in unexpected messages. 

What to Do If You Received an Instagram Password Reset Email 

If you did not request the reset:  

1. Do not click links in the email. 
2. Open the Instagram app or visit the official site directly to review security settings.  
3. Check recent login activity and remove any unfamiliar sessions. 
4. Enable two-factor authentication (2FA) if it is not already turned on. 

If you decide to change your password, make sure the new one is unique and not used anywhere else. 

Click “Review Settings” to enable 2FA in your Account Center

How to enable multi-factor authentication for Instagram 

1. Click More in the bottom left, then click Settings. 
2. Click See more in Accounts Center, then click Password and Security. 
3. Click Two-factor (2FA) authentication, then select an account. 
4. Choose the security method you want to add and follow the on-screen instructions. 

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp. 

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145 

How to Manage Passwords the Right Way 

Remembering dozens of unique, strong passwords is not realistic for most people. That is why password managers exist. 

A password manager can: 

• Generate strong, unique passwords for every account 
• Store them securely so you do not need to remember them 
• Alert you if your credentials appear in known breaches 
• Reduce the risk of account takeover from reused passwords 

Using a password manager removes the pressure to reuse passwords and helps close one of the most common doors attackers walk through.  

McAfee’s password manager helps you secure your accounts by generating complex passwords, storing them and auto-filling your info for faster logins across devices. It’s secure and, best of all, you only have to remember a single password. 

FAQ: Instagram Password Reset Emails and Account Safety 

The post Didn’t Request an Instagram Password Reset? Here’s What to Do appeared first on McAfee Blog.

You thought you were scanning a menu. 

Or paying for parking. Or checking a package notice taped to your door. A quick scan, a familiar logo, a page that loads instantly on your phone. 

Nothing about it felt risky. 

That’s exactly why QR code scams are spreading so quickly. 

QR codes have become part of everyday life. They’re on restaurant tables, public signs, emails, mailers, and payment screens. We’re taught to treat them as shortcuts—faster than typing a URL, easier than downloading an app, safer than clicking a link. 

Scammers know that. 

Instead of asking you to click something suspicious, they ask you to scan something ordinary. Once you do, you can be routed to fake login pages, payment requests, or malicious sites designed to steal your information before you realize anything is wrong. 

This tactic has a name: quishing.

And as QR codes continue to replace links in the real world, understanding how quishing works is essential to staying safe online. 

What Is Quishing? 

Quishing is a form of phishing that uses QR codes instead of clickable links to trick people into visiting malicious websites or giving up sensitive information. 

The term combines QR and phishing, and it reflects a simple but dangerous shift in scam tactics: instead of asking you to click, scammers ask you to scan. 

Once scanned, a fake QR code can lead to: 

• Credential-harvesting login pages 
• Payment requests or fake invoices 
• Malware downloads 
• Fake customer support portals 
• Subscription traps 

Because QR codes don’t show a visible URL before you scan, they remove one of the most important scam warning signs people rely on. 

Common QR Code Scams to Watch Out For

While quishing attacks vary, most fall into a few predictable patterns.

1. Fake parking and payment QR codes

Scammers place stickers over legitimate parking meter QR codes. When scanned, victims are taken to fake payment pages that steal card details.

Red flag: A QR code that asks for full payment details without redirecting to a known parking or city service.

2. Restaurant menu swaps

Fraudsters replace real menu QR codes with fake ones that redirect to phishing pages or malicious downloads.

Red flag: A menu page that asks you to “sign in,” download an app, or confirm personal details.

3. Delivery and package alerts

Flyers or door tags claim you missed a delivery and instruct you to scan a QR code to reschedule.

Red flag: Vague delivery details and pressure to act quickly.

4. Fake account security warnings

QR codes claim your bank, streaming service, or email account needs verification.

Red flag: Any QR code that demands immediate action for “security reasons.”

5. Subscription traps and fake offers

Some QR codes promise discounts, refunds, or rewards but quietly enroll users in recurring charges.

Red flag: Fine print that’s hard to find, or missing entirely.

What Makes Quishing Especially Dangerous

QR scams succeed not because people are careless, but because they exploit trust and routine.

Unlike traditional phishing emails, quishing:

• Happens offline and online at the same time
• Often appears in trusted physical locations
• Feels faster and more “legit”
• Bypasses visual link inspection

Once a victim lands on a fake site, the damage can escalate quickly, from stolen credentials to drained accounts to identity theft.

How to Spot a Fake QR Code Before You Scan

You don’t need to avoid QR codes entirely, but you do need to slow down.

Check the physical context

Is the QR code taped on, scratched, or layered over another code? That’s a common tactic.

Look for branding inconsistencies

Misspellings, generic logos, or mismatched colors are red flags.

Preview the link

Most phone cameras now show the URL before opening it. Take a second to read it.

Be skeptical of urgency

Any QR code that pressures you to act immediately deserves extra scrutiny.

How to Protect Yourself From QR Scams

Step 1: Treat QR codes like links

A QR code is a shortcut to a website. Apply the same caution you would to any link.

Step 2: Avoid entering sensitive information

Legitimate services rarely ask for passwords, payment info, or personal details via QR codes.

Step 3: Use mobile security tools

Security software can help detect malicious sites and block risky downloads before damage is done.

Step 4: When in doubt, go direct

Instead of scanning, manually visit the official website or app you trust.

What to Do If You Scanned a Suspicious QR Code

If you think you interacted with a malicious QR code:

• Stop engaging with the site immediately
• Do not enter additional information
• Monitor your financial accounts for unusual activity
• Change passwords if credentials were entered
• Run a security scan on your device, check out our free trial
• Report the incident to the business or location involved

Early action can limit long-term fallout.

Frequently Asked Questions

What is quishing in simple terms?
Quishing is phishing that uses QR codes to trick people into visiting fake or malicious websites.

Are QR codes inherently unsafe?
No, but they can be exploited. The risk comes from where they lead, not the code itself.

Can scanning a QR code install malware?
In some cases, yes, especially if it prompts a download or redirects to a malicious site.

Are QR scams increasing?
Yes. As QR codes become more common, scammers are increasingly using them to bypass traditional defenses.

The post What Is Quishing? How QR Code Scams Work and How to Avoid Them appeared first on McAfee Blog.

This week in scams, social engineering sits at the center of several major headlines, from investment platform breaches to social media account takeovers and new warnings about AI-driven fraud.  

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it:  

Betterment Warns Customers of Breach 

The big picture:
Attackers accessed third-party systems used by Betterment, then used the information they stole to impersonate the company, contact customers, and promise scam crypto investment opportunities with too-good-to-be-true returns. 

What happened: 

• Attackers used social engineering to compromise third-party tools Betterment uses for marketing and operations, as reported by TechCrunch.  
• With access to internal systems, they sent messages to customers that appeared legitimate. 
• The messages promised to triple crypto holdings if recipients sent $10,000 to a wallet controlled by the attackers, a classic “send money to get more back” lure, later detailed by The Verge. 
• Betterment says no account logins or passwords were compromised, but personal data like names, contact details, and dates of birth were exposed, enough to make the messages feel real. 

Red flags to watch for: 

• Promises of guaranteed or multiplied crypto returns 
• Requests to send money first to “unlock” a benefit 
• Messages tied to a breach but asking for immediate action outside the app 

How the breach happened: 

Social engineering is a type of scam that targets people rather than software or security systems. Instead of hacking code, scammers focus on tricking someone into giving them access.  

Attackers research how a company operates, which tools it uses, and who is likely to have permissions. They then impersonate a trusted source, such as a vendor, coworker, or automated system, and send a realistic message asking for a routine action.  

That action might be approving a login, resetting credentials, sharing a file, or clicking a link. Once the person complies, the scammer gains legitimate access and can move through systems using real permissions. Social engineering works because it exploits trust, familiarity, and urgency, making normal workplace behavior the pathway to a breach. 

Social Engineering Scams Fueled by AI On the Rise 

Big picture:
Fraud is increasingly driven by impersonation, automation, and trust abuse rather than technical hacking, according to new industry forecasts. 

What happened:
A new Future of Fraud Forecast from Experian warns that fraudsters are rapidly weaponizing AI and identity manipulation. The report highlights agentic AI systems committing fraud autonomously, deepfake job candidates passing live interviews, cloned websites overwhelming takedown efforts, and emotionally intelligent bots running scams at scale. 

The scope of the problem is already visible. Federal Trade Commission data shows consumers lost more than $12.5 billion to fraud in 2024, while nearly 60% of companies reported rising fraud losses between 2024 and 2025. Experian’s forecast suggests these losses will accelerate as fraud becomes harder to attribute, trace, and interrupt. 

Red flags to watch: 

• Requests or actions initiated without clear human ownership 
• Identity verification steps that feel automated or unusually frictionless 
• Transactions triggered by AI systems with unclear accountability 

Phishing Scam Locks Users Out of X Accounts 

Big picture: Officials are warning of increasing phishing attacks that steal X users’ accounts and then use their profile to sell crypto. 

What happened: The Better Business Bureau issued a warning about phishing messages targeting users on X, particularly accounts with large followings. Victims receive direct messages that appear to come from colleagues or professional contacts, often asking them to click a link to support a contest, event, or opportunity. 

Once the link is clicked, victims are locked out of their accounts. The compromised accounts are then used to promote cryptocurrency and other products, while automatically sending the same phishing message to additional contacts. 

Red flags to watch: 

• Unsolicited direct messages containing links 
• Requests framed as favors, votes, or professional support 
• Sudden loss of account access after clicking a link 

How this happened and what to learn:
The scam relies on account impersonation and lateral spread. Instead of reaching strangers, attackers move through existing trust networks, using one compromised account to reach the next.  

The takeaway is that familiarity does not equal legitimacy. Even messages from known contacts should be treated with caution when links or logins are involved. 

McAfee’s Safety Tips for This Week 

• Learn more about spotting phishing emails. Don’t accidentally expose yourself, your friends, family, or workplace to scammers. Our ultimate phishing guide has real world examples and more practical tips. 

• Verify inside official apps or sites. If you get a security email, don’t click any links. Instead, open the official app or type the website address yourself for more information. 

• Watch your exposed data. With tools like Google’s Dark Web Monitoring going away, ongoing identity monitoring matters more than ever. 

• Stay alert to trending scams. Weight-loss drug fraud like Ozempic offers is already surging in the new year, and awareness is your first defense. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Fake Brand Messages and Account Takeovers appeared first on McAfee Blog.

If a message popped up in your feed tomorrow promising a cash refund, a surprise giveaway, or a limited-time crypto opportunity, would you pause long enough to question it? 

That split second matters more than ever.

Most modern scams don’t rely on panic or obvious red flags. They rely on familiarity. On things that feel normal. On moments that seem too small to question. 

And those moments are exactly what scammers exploit. 

Why Today’s Scams Are So Easy to Fall For 

There was a time when spotting a scam was relatively straightforward. The emails were badly written. The websites looked rushed. The warnings were obvious. 

Scammers don’t just rely on obvious spam or panic-driven messages. Instead, many now use: 

• Friendly, natural language 
• Faces of celebrities and figures you trust 
• Messages that arrive through trusted apps 
• Conversations that unfold gradually 
• Requests that feel routine instead of suspicious 

McAfee’s Celebrity Deepfake Deception research shows how common and convincing these scams have become: 72% of Americans say they’ve seen a fake or AI-generated celebrity endorsement, and 39% say they’ve clicked on one that turned out to be fraudulent. When scam content shows up in the same feeds, apps, and formats people use every day, it feels normal. 

That’s the danger zone. It’s also why McAfee chose to use a familiar, culturally recognizable moment to talk about a much bigger issue.

Why McAfee Partnered with Pat McAfee 

Whether you’ve been saying mack-uh-fee or mick-affy, the long-running name mix-up is harmless in everyday conversation. 

Online, though, small moments of confusion can have outsized consequences. 

Scammers rely on quick assumptions: that a familiar name means legitimacy, that a recognizable face means trust, that a message arriving in the right place must be real. They move fast, hoping people act before stopping to verify 

Pat McAfee knows firsthand how scammers exploit familiarity and trust. 

In recent months, fake social media giveaways promising cash and prizes have circulated using Pat’s likeness, and even a fraudulent “American Heart Association fundraiser” made the rounds, falsely claiming he was collecting donations. 

Pat wants his fans to know: if you ever see a giveaway, fundraiser, or message claiming to be from him, double-check it on his official channels first. If it feels off, it probably is. 

Unfortunately, these scams work because people trust Pat. Scammers exploit that trust to lower people’s guard and make fraudulent requests feel legitimate. 

It’s the same tactic used across countless impersonation scams today: borrow the authority of a familiar face, add a sense of urgency, and move fast before anyone stops to verify, “is this legit?” We’ve seen it happen with Taylor Swift, Tom Hanks, Al Roker, Brad Pitt, and numerous others. 

Remember, no legitimate giveaway will ask for payment, banking details, login credentials, or account access. And no nonprofit fundraiser tied to a celebrity should ever come from a personal message or unfamiliar social account. 

Watch: Pat McAfee Explains How McAfee Is More Than an Antivirus 

In the video below, Pat McAfee playfully demonstrates how easily familiar moments online can turn into risk, and why digital safety today can’t rely on perfect judgment alone. 

How to Protect Yourself Right Now 

You don’t have to stop using your favorite platforms. But you do have to change how you verify online threats. 

Before You Trust Any Urgent Message or Offer: 

• Be skeptical of sudden financial opportunities 
• Assume giveaways that require payment or credentials are scams 
• Never connect accounts, wallets, or payment methods from social links 
• Verify claims on official websites, not just inside apps 
• Be cautious of messages that replace clear context with urgency 

If a video or message feels real but the request feels extreme, that’s a red flag. 

McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app 

• Scam Detector to help flag suspicious messages and links 
• Safe Browsing tools to help block risky websites 
• VPN to keep your connection private on public Wi-Fi 
• Identity Monitoring and Alerts to notify you if your personal information appears where it shouldn’t 
• Personal Data Cleanup to help remove your information from high-risk data broker sites 
• Device and Account Security to help protect the things you use most 

Final Takeaway 

If a scam looks obvious, most people won’t fall for it. 

But modern scams don’t look obvious. They look familiar. They use your favorite faces. They look normal. They look safe. And that’s where people get hurt. 

Staying safe now means slowing down, verifying independently, and having protection work quietly in the background while you stay focused on what you actually came online to do. 

McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous sites, and identifies deepfakes, stopping harm before it happens. 

And because today’s risks aren’t just about what you click, a VPN and Personal Data Cleanup add additional layers of defense by helping protect your connection and limit how much personal information is available to be exploited in the first place. 

Ready to get Pat’s Picks? Learn more here. 

FAQs 

For clarity, and because these questions come up often, here’s the straightforward explanation: 

The post McAfee and Pat McAfee Turn a Name Mix-Up Into a Push for Online Safety appeared first on McAfee Blog.

McAfee’s Scam Detector has been named a Winner of the 2026 BIG Innovation Awards, presented by the Business Intelligence Group, marking the third major industry award the product has earned since launching just months ago. 

The recognition underscores a growing consensus across independent judges: as scams become more sophisticated and AI-driven, consumers need protection that works automatically, explains risks clearly, and helps stop harm before it happens. 

What Is the BIG Innovation Award? 

The BIG Innovation Awards recognize products and organizations that deliver measurable innovation with real-world impact. The program focuses not only on technical advancement, but on how solutions improve everyday life for individuals and households. 

For consumer cybersecurity products like Scam Detector, that means being evaluated on: 

• Real-world relevance 
• Ease of use for non-experts 
• Societal impact 
• Demonstrated adoption and need 

The award highlights Scam Detector’s role in helping people stay safer online as scams grow more sophisticated, more personal, and increasingly powered by AI.  

Why Scam Detector Stands Out 

According to feedback from the BIG Innovation Awards judging panel, Scam Detector was recognized for: 

Strong real-world relevance: Scams are now an everyday risk, not a niche technical issue 

Clear consumer value: Protection that runs automatically in the background without requiring expert knowledge

AI used responsibly: Applying advanced models to reduce harm, not increase it

Early impact: Rapid adoption, with more than one million users in its first months 

Judges also noted the importance of Scam Detector’s educational alerts, which don’t just block threats, but explain why something is risky, helping people build confidence over time. 

Using AI to Fight AI-Driven Scams 

Scam Detector is McAfee’s AI-powered protection designed to detect scams across text, email, and video, block dangerous links, and identify deepfakes, before harm occurs. 

As scammers increasingly use generative AI to impersonate people, brands, and institutions, protection needs to operate at the same speed and scale. Scam Detector is built to do exactly that, quietly working in the background while users go about their day. 

Scam Detector is included with all core McAfee plans and is available across mobile, PC, and web. 

In Good Company: Consumer Innovation Across Industries 

McAfee was recognized alongside other consumer-facing innovators whose products directly serve individuals and households. Fellow 2026 BIG Innovation Award winners include: 

Capital One Auto – Chat Concierge: A consumer-facing service designed to help car buyers and owners navigate financing and ownership decisions. 

Starkey – Omega AI Hearing Aid: A wearable hearing aid that integrates AI assistance, health monitoring, and real-time translation. 

Phonak – Virto R Infinio: Custom-fit hearing aids designed to deliver personalized hearing solutions for individual users. 

EZVIZ – 9c Dual 4G Series Camera: A smart home security camera built for personal and household use. 

Sinomax USA: Consumer mattresses and comfort products focused on everyday home use. 

beyoutica 1905: A wellness product designed for health- and lifestyle-focused consumers. 

Wheels – Pool CheckOut: A consumer-oriented solution designed to simplify vehicle service and checkout experiences. 

Together, these winners reflect how innovation increasingly shows up in tools people rely on at home, in their cars, and on their phones. 

Scam Detector Awards and Industry Recognition 

Since launch, McAfee’s Scam Detector has earned recognition across multiple independent award programs, each highlighting a different dimension of its impact: 

2026 BIG Innovation Awards

Winner and Top 10 Innovator – Large Business, recognizing real-world consumer impact and responsible AI use. 

2025 A.I. Awards

2025 Tech Ascension Awards 

The post McAfee’s Scam Detector Earns Third Major Award Within Months of Launch appeared first on McAfee Blog.

Google has officially discontinued its Dark Web Report, the tool that alerted users when their personal information appeared in dark web breach databases. New scans stop on January 15, 2026, and on February 16, 2026, Google will permanently delete all data associated with the feature. 

This does not mean Google.com or Google Accounts are going away. It means Google is no longer scanning the dark web for leaked data tied to your account, and it is no longer storing or updating any breach information that was collected for the report. 

For people who relied on Google’s alerts, this change creates a real gap. After January 16, you will no longer get new notifications if your information shows up in breach databases. That is why it is worth taking a few minutes now to lock down the basics. 

According to reporting from TechCrunch, Google said it ended the service after concluding that it did not give users enough clarity about what to do once their data was found. 

That decision highlights a much larger shift in online security: Finding leaked data is no longer enough. Protecting identity is now the real challenge. 

What did Google’s Dark Web Report do? 

The Dark Web Report was a Google Account feature that searched known data breach dumps and dark web marketplaces for personal information tied to a user, such as email addresses, phone numbers, and other identifiers. 

If Google found a match, it sent an alert. 

What it did not do was show which accounts were at risk, whether financial or government ID data was involved, or how to prevent fraud from happening next. That gap is why some users said the tool fell short. 

What is the dark web, and why does  stolen data end up there? 

The internet has three layers: 

1. The surface web is what search engines index. 
2. The deep web includes anything behind a login, like email, banking, and medical portals. 
3. The dark web is a hidden part of the deep web that is not indexed by search engines and is accessed through specialized networks or browsers like Tor. 

The dark web is where data from breaches is commonly sold, traded, and packaged for scams. When a company is hacked, stolen files often end up in dark web databases that include email addresses, passwords, Social Security numbers, bank details, and full identity profiles. 

Scammers use this data to commit account takeovers, financial fraud, tax fraud, and identity theft.  

Even without passwords, this personal information can be enough for scammers to target you with convincing phishing and social engineering scams.  

How to check if your personal information is on the dark web: 

Looking up an email address is no longer enough. Modern identity theft relies on things like Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance data, usernames, and phone numbers. 

To understand whether any of that is exposed, people need to monitor the dark web for identity-level data, not just logins. 

Here is what that looks like in practice: 

• Scan breach databases for government ID numbers and financial data 
• Look for full identity profiles being sold or traded 
• Match leaked records back to real people 

Tools like McAfee’s Identity Monitoring are designed to look for those types of data so you can act before fraud happens. 

Have 30 minutes right now? Do this: 

Been meaning to bolster your security? Here are three quick ways you can enhance your identity protection and reduce real-world damage in a breach: 

Freeze your credit

Estimated time: 10 minutes 

This is a powerful free protection option that many forget about. A credit freeze blocks anyone from opening new loans, credit cards, or accounts in your name, even if they have your Social Security number and full identity profile. 

You can do this for free with any of the major credit bureaus. If you do it with one, the others are notified. 

Why this matters: Most identity theft today is not account hacking. It is criminals opening accounts in your name. A credit freeze stops that cold. 

Set up fraud and login alerts on your financial accounts 

Estimated time: 10 minutes 

Go into your main bank and credit card apps and turn on: 

• Login alerts
• Transaction alerts
• Password or profile change alerts
• These are not the same as marketing notifications. They tell you when someone is trying to access or move money. 

You’ll find these somewhere under Settings>Alerts.

Why this matters: Identity thieves often test stolen data with small charges or login attempts before stealing larger amounts. These alerts are how you catch it early.

Lock down account recovery paths

Estimated time: 10 minutes 

This is one of the most overlooked vulnerabilities. 

Go into: 

• Your email account 
• Your Apple ID or Google account 

Check and update: 

• Recovery email 
• Recovery phone number 
• Backup codes 
• Trusted devices 

Remove anything you do not recognize. 

Why this matters: Even if you change your password, attackers can still take over accounts through recovery systems if those are compromised. This closes that back door. 

FAQ: 

The post Google Ends Dark Web Report. What That Means and How to Stay Safe appeared first on McAfee Blog.

“I thought I was getting a trusted weight-loss medication, but instead, I ended up sick and scammed. I never imagined something like this could happen to me.” 

Fiona, like many others, turned to Ozempic as a way to lose weight. With high demand making it difficult to find and prices soaring, she turned to an online pharmacy she found on social media. After placing an order, she received the medication and began taking it, only to experience severe side effects, including migraines, dizziness, and nausea.

“When my symptoms got worse, I knew something was wrong,” she told McAfee. Concerned, she sought professional advice. “A doctor friend showed me what real Ozempic packaging looks like—and it was nothing like what I had received.” 

“I was putting something in my body that I thought was safe. Instead, I was taking an unknown substance that made me seriously ill,” she told McAfee. “That’s terrifying.” 

When she reached out to the pharmacy for a refund, they cut off all communication. Nearly a year later, Fiona still avoids online shopping altogether and hopes her experience will warn others to research online pharmacies carefully before making a purchase. 

“As soon as I questioned the pharmacy about the product, they vanished. No refund, no explanation. Just silence. That’s when I knew I had been completely scammed.” 

Unfortunately, Fiona’s story is one of many as surging interest in GLP-1 medications spurs scammers into action. 

If you’ve searched for GLP-1 medications online, you’ve probably noticed how crowded and confusing it’s become. Between ads, telehealth offers, and social media posts promising easy access, it can be hard to tell what’s real. 

That confusion isn’t accidental. McAfee’s researchers previously reported a wave of fake pharmacy sites and scam messages designed to catch people in exactly that moment of uncertainty.  

What are GLP-1 medications? 

GLP-1 (glucagon-like peptide-1) medications are prescription drugs that help regulate blood sugar and appetite. Doctors have used them to treat Type 2 diabetes for nearly two decades, and some have also been approved to support weight management. 

Because these medications affect insulin levels and digestion, they require medical supervision and a valid prescription. There is currently no legitimate over-the-counter version that works the same way. 

Why GLP-1 scams are exploding 

GLP-1 drugs have moved from a specialized medical treatment to a mainstream topic almost overnight, with a recent poll finding that 1 in 8 U.S. adults say they are currently taking a GLP-1 for weight loss.  

Whenever high demand, high prices, and limited supply collide online, scammers move in 

McAfee’s threat researchers have previously found that phishing attempts and fake websites tied to GLP-1 drugs increased by more than 180% during periods when interest in these medications surged. Hundreds of risky domains and hundreds of thousands of scam messages have been linked to searches for weight-loss drugs. 

At the same time, consumer watchdogs such as the Better Business Bureau (BBB) report a spike in complaints from people who clicked on fake ads, visited fraudulent pharmacies, or received scam texts promising instant access to GLP-1 prescriptions. 

Common GLP-1 scams to watch out for

1. AI-generated celebrity and doctor endorsements

Scammers are using artificial intelligence to create realistic-looking videos and images of public figures and medical professionals promoting weight-loss products. One recent incident saw a fake, AI Oprah selling scam weight loss drugs  

These ads often appear in social media feeds and look legitimate, but the endorsements are fabricated.  

The goal is to build trust quickly with a familiar face and then push people toward a purchase page. From there, you’re left with a fake product, or no product at all, and your information exposed. 

Red flag: Any ad claiming a celebrity or doctor is selling GLP-1 drugs through a link or social media page. 

2. Fake prescription texts and emails

Some scams arrive as urgent messages saying you are “approved” or “eligible” for GLP-1 treatment. These messages typically include a link to a fake medical website that collects personal, insurance, or payment information. 

Red flag: Real prescriptions are not issued through unsolicited texts, emails, or DMs. 

3. Fake online pharmacies

Fraudulent websites advertise GLP-1 medications at discounted prices. After payment, victims may receive nothing, diluted products, or face repeated unauthorized charges. 

Consumer reports describe sites that look professional but provide only chat-box support and ignore cancellation requests. 

Red flag: Pharmacies that don’t require a prescription or don’t list a physical U.S. address and phone number. 

4. Subscription traps

Some scam offers quietly enroll buyers in recurring billing. Be wary of a “company” trying to offer a minimal “membership” or free “trial” with plans locking you into larger, more expensive future subscription plan without your clear consent. 

Red flag: Vague billing terms or hidden subscription language.

5. Missing or fake shipments

Some scam sites provide tracking numbers that never update, claim packages were lost, or ask for more shipping fees … while continuing to charge customers. 

Red flag: No real customer service and no way to cancel or dispute orders. 

What makes these scams especially dangerous 

Unlike many online scams, GLP-1 fraud carries real health risks. 

Some victims report receiving substances that do not match what was advertised, including mislabeled or unverified injectables. 

Because GLP-1 medications affect blood sugar and metabolism, taking the wrong substance or dosage can be dangerous. 

In addition to the medical risks, illegitimate storefronts pose a real threat to your private information. During your purchase, you may be tricked into sharing our address, contact info, payment details, and insurance information.  

How to safely pursue GLP-1 treatment 

If you’re considering GLP-1 medications for health or weight management, these steps can help reduce risk: 

Step 1: Start with a licensed healthcare provider 

Only a doctor or licensed medical professional can determine if GLP-1 treatment is appropriate for you. 

Step 2: Use verified pharmacies 

If you use telehealth or online pharmacies, confirm they are properly licensed and require a prescription. 

Step 3: Research before you pay 

Look up unfamiliar pharmacies through trusted consumer-protection resources before entering payment or insurance information. If you’re in doubt, it’s better not to share any personal info. 

Step 4: Be skeptical of miracle claims 

There is no over-the-counter or legal “natural GLP-1,” patch, salt trick, or supplement that produces the same effect as prescription medication. 

What to do if you think you were targeted: 

If you clicked a link, entered information, or made a purchase: 

1. Stop communicating with the seller 
2. Monitor your bank and credit accounts for unusual activity 
3. If you notice suspicious charges, contact your bank directly
4. Change any passwords you shared 
5. Run a security scan on your device (here’s our free trial) 
6. Report the incident to consumer-protection agencies 

Reporting helps stop the same scams from spreading to others. This is where you can get more information from the FDA and report scams.

How to Spot a Fake GLP-1 Weight-Loss Drug If You’ve Already Bought One 

If you’ve already ordered a GLP-1 weight-loss drug and something feels off, trust that instinct. Counterfeit GLP-1 products are increasingly convincing at first glance, but many show clear warning signs once you look closely. 

Here’s what to check: 

Packaging and Label Red Flags 

Poor print quality or spelling errors
Examine the carton, label, and insert carefully. Misspelled words, inconsistent fonts, blurry printing, or incorrect manufacturer details are common signs of counterfeit medication. 

Packaging that looks tampered with or unfamiliar
Authentic GLP-1 medications come in sealed, tamper-resistant packaging. If the box appears opened, resealed, relabeled, or noticeably different from what you’ve received from a legitimate pharmacy before, stop using it and contact a pharmacist. 

Incorrect or missing language
Medications sold legally in the U.S. should include labeling and instructions in English. Missing inserts or foreign-language packaging can be a red flag. 

Unusual product form
Be especially cautious of GLP-1 products sold as powders in vials that require mixing. These formulations are not authorized and have been linked to serious health risks. 

Check Lot and Serial Numbers 

Most legitimate GLP-1 medications include lot numbers or serial information that can be verified. 

If your product includes these details, compare them against information published by the manufacturer or alerts from regulators. If the numbers don’t match, or are missing entirely, that’s a warning sign. 

What to Do If You’re Unsure 

If anything about your medication doesn’t match what you expect: 

• Stop using the product 

• Contact a licensed pharmacist or healthcare provider 

• Avoid purchasing refills from the same source 

When it comes to injectable medications, uncertainty isn’t something to push through. If you can’t confidently verify what you have, it’s safer to assume it may not be real. 

Final Thoughts 

Wanting to get healthier in the new year is a good thing. Falling for fake prescriptions, AI-generated endorsements, or fraudulent pharmacies is not. 

McAfee is here to help keep your devices, identity, and finances safe while you focus on your goals in 2026. 

Frequently Asked Questions 

For clarity, and because these questions come up often, here’s the straightforward explanation: 

The post How to Spot a Fake GLP-1 Weight-Loss Drug Before You Buy appeared first on McAfee Blog.

McAfee has once again earned the highest possible AAA rating from SE Labs, marking the 29th consecutive time our consumer protection has received this top-tier recognition. 

In SE Labs’ latest Q4 Home Anti-Malware Test, McAfee Total Protection achieved 100% protection with zero false positives, reinforcing a streak that has remained unbroken since December 2018. 

What the SE Labs AAA Rating Measures 

SE Labs is an independent, UK-based security testing organization known for evaluating products against real-world threats, not just controlled lab samples. Its test results are therefore referenced and trusted by numerous journalists and product reviewers alike.  

Their Home Anti-Malware tests simulate the types of attacks people actually face, including: 

• Email-based threats 
• Malicious websites 
• Targeted attacks designed to appear relevant or trustworthy 
• Common malware encountered during everyday online activity 

To earn an AAA rating, products must demonstrate: 

• Strong threat detection 
• Effective prevention before harm occurs 
• Minimal false positives that disrupt normal use 

Why This Recognition Matters for Consumers 

For people choosing security software, independent testing helps answer a simple question: Does this protection actually work when it matters? SE Labs’ results show that McAfee continues to block threats accurately, without over-flagging safe activity. 

Independent recognition like this reinforces McAfee’s ongoing commitment to consumer-first security that is tested, proven, and trusted over time. 

Learn more about McAfee’s core protection plans and how we can help keep you safe online. And find the full SE Labs report here. 

The post McAfee Earns 29th Consecutive AAA Rating From SE Labs appeared first on McAfee Blog.

This week in scams, the biggest threats showed up as routine security messages, viral consumer “warnings,” and AI-generated content that blended seamlessly into platforms people already trust. 

Every week, we bring you a roundup of the scams making headlines, not just to track what’s happening, but to explain how these schemes work, why they’re spreading now, and what you can do to stay ahead of them.  

Here are scams in the news this week, and safety tips from our experts at McAfee: 

Amazon One-Time Passcode Scam: How Fake Security Calls Hijack Real Accounts 

Scammers are increasingly impersonating Amazon customer support to take over accounts using real one-time passcodes (OTPs), not fake links or malware. 

Here’s how the scam works in practice. 

What is the Amazon one-time passcode scam? 

Victims receive an unsolicited phone call from someone claiming to work for Amazon. The caller says suspicious activity has been detected on the account and may reference expensive purchases, often items like smartphones, to make the threat feel credible. 

The call usually comes from a spoofed number and the scammer may already know your name or phone number, which helps lower suspicion. 

How scammers use real Amazon security codes 

While speaking to you, the scammer attempts to access your Amazon account themselves by entering your phone number or email address on the login page and selecting “forgot password” or triggering a login from a new device. 

That action causes Amazon’s real security system to send a legitimate one-time passcode to your phone or email. 

If you read that code aloud or share it, the scammer can immediately: 

• Complete the login process 
• Change your account password 
• Access saved payment methods 
• Place fraudulent orders or lock you out of the account 

The scam works precisely because the code is real—and because it arrives while the caller is convincing you it’s part of a routine security check. 

Key red flags to watch for 

• Unsolicited calls claiming to be from Amazon 
• Requests to share a one-time passcode 
• Pressure to act quickly “to secure your account” 

Important to remember: Amazon will never contact you first to ask for your password, verification codes, or security details. If you receive a one-time passcode you didn’t request, do not share it with anyone. 

AI Deepfake Scam on TikTok Uses Fake Princess to Steal Money 

A growing scam on TikTok shows how AI-generated deepfake videos are now being used not just for misinformation, but for direct financial fraud. 

This week, Spanish media and officials warned that scammers are circulating fake TikTok videos appearing to show Princess Leonor, the 20-year-old heir to Spain’s throne, offering financial assistance to users.  

According to The Guardian, the videos show an AI-generated version of Leonor promising payouts running into the thousands of dollars in exchange for a small upfront “fee.”  

Once victims send that initial payment, the scam doesn’t end. Fraudsters repeatedly demand additional fees before eventually disappearing. 

This case highlights how deepfakes are moving beyond novelty and into repeatable, high-reach fraud, where trust in familiar public figures is weaponized at scale. 

Viral Reddit “Whistleblower” Scam: When AI-Generated Posts Fool Millions 

A viral post on Reddit this week shows how AI-generated text can convincingly impersonate whistleblowers, and even mislead experienced journalists. 

The post claimed to come from an employee at a major food delivery company, alleging the firm was exploiting drivers and users through opaque AI systems. Written as a long, confessional screed, the author said he was drunk, using library Wi-Fi, and risking retaliation to expose the truth. 

The claims were believable in part because similar companies have faced real lawsuits in the past. The post rocketed to Reddit’s front page, collecting over 87,000 upvotes, and spread even further after being reposted on X, where it amassed tens of millions of impressions. 

As Platformer journalist Casey Newton later reported, the supposed whistleblower provided what appeared to be convincing evidence, including a photo of an employee badge and an 18-page internal document describing an AI-driven “desperation score” used to manage drivers. But during verification attempts, red flags emerged. The materials were ultimately traced back to an AI-generated hoax. 

Detection tools later confirmed that some of the images contained AI watermarks, but only after the post had already gone viral. 

Why AI-generated hoaxes like this are dangerous 

• They mimic real whistleblower behavior and language 
• They exploit existing public distrust of large platforms 
• They can mislead journalists, not just casual readers 
• Debunking often comes too late to stop spread 

This incident underscores a growing problem: AI-generated misinformation doesn’t need to steal money directly to cause harm. Sometimes, the damage is to trust itself — and by the time the truth surfaces, the narrative has already taken hold. 

McAfee’s Safety Tips for This Week 

As scams increasingly rely on a combination of realism and urgency, protecting yourself starts with slowing down and verifying before you act. 

If a message or video promises money or financial help: 

• Be skeptical of any offer that requires an upfront “fee,” no matter how small. 
• Remember that public figures, charities, and foundations do not distribute money through social media DMs or comment sections. 
• If an offer claims to come from a well-known individual or organization, verify it through official websites or trusted news sources. 

When content appears viral or emotionally convincing: 

• Pause before sharing or acting on posts framed as warnings, whistleblower revelations, or exposés. 
• Look for confirmation from multiple reputable outlets — not just screenshots or reposts. 
• Be cautious of long, detailed posts that feel personal or confessional but can’t be independently verified. 

When AI may be involved: 

• Assume that realistic images, videos, and documents can be generated quickly and at scale. 
• Don’t rely on appearance alone to determine authenticity, even high-quality content can be fake. 
• Treat unsolicited financial requests, account actions, or “inside information” as red flags, regardless of how credible they seem. 

If you think you’ve engaged with a scam: 

• Stop responding immediately. 
• Secure your accounts by changing passwords and enabling multi-factor authentication. 
• Monitor financial statements and account activity for unusual behavior. 

Final Takeaway 

The scams making headlines this week share a common theme: they don’t look like scams at first glance. Whether it’s an AI-generated video of a public figure or a viral post posing as a consumer warning, today’s fraud relies on familiarity, credibility, and trust. 

That’s why McAfee’s Scam Detector and Web Protection help detect scam messages, dangerous sites, and AI-generated deepfake videos, alerting you before you interact or click. 

We’ll be back next week with another roundup of the scams worth watching, the stories behind them, and the steps you can take to stay one step ahead. 

The post This Week in Scams: Explaining the Fake Amazon Code Surge appeared first on McAfee Blog.

Hackers are not created equal, nor do they have the same purpose. Some hackers are paid to scrutinize security systems, find loopholes, fix weaknesses, and ultimately protect organizations and people. Others exploit those same gaps for profit, power, or disruption. What separates hackers isn’t just skill level or tactics; it’s intent. 

The purpose behind an attack changes everything about how hackers shape their tactics and how the hacking process unfolds: who is targeted, which methods and tools are used, how patient the attacker is, and the kind of damage they want to cause.

The primary motivations behind these cyberattacks fall into several categories, from financial gain to recognition, and sometimes even coercion. Each driver creates different risk scenarios for your digital life, from your home banking sessions to your workplace communications. Understanding a hacker’s motivations will enable you to better protect yourself and recognize potential threats in both your personal and professional life. 

In this article, we’ll look at the main types of hackers you might encounter, the core motivations and mindset that drive these cyberattacks, and finally, how you can protect yourself against these attacks.

Good and bad hackers

From its beginnings as an intellectual exploration in universities, hacking was driven by curiosity, learning, and the thrill of solving complex problems. Today, it has become industrialized with organized criminal groups and state-sponsored actors entering the scene. 

Modern hacking has seen the emergence of advanced persistent threats and nation-state campaigns targeting critical infrastructure and combining traditional techniques with artificial intelligence. To better understand the types of hackers, here is a window into what they do and why:

White hat hackers

These are the good guys, typically computer security experts who specialize in penetration testing and other methodologies to ensure that a company’s information systems are secure. These IT security professionals rely on a constantly evolving arsenal of technology to battle hackers.

Black hat hackers

These are the bad guys, who are typically referred to as just plain hackers. The term is often used specifically for hackers who break into networks or computers, or create computer viruses. Unfortunately, black hat hackers continue to technologically outpace white hats, often finding the path of least resistance, whether due to human error or laziness, or with a new type of attack. Hacking purists often use the term “crackers” to refer to black hat hackers, whose motivation is generally to get paid.

Script kiddies

This is a derogatory term for black hat hackers who use borrowed programs to attack networks and deface websites in an attempt to make names for themselves. Script kiddies, sometimes called script kitties, might be beginners, but don’t be fooled by their newbie status. With the right tools and right targets, they can wreak as much havoc as a seasoned hacker.

Hacktivists

Some hacker activists are motivated by politics or religion, while others aim to expose wrongdoing or exact revenge. Activists typically target government agencies, public services, and organizations involved in controversial issues related to defense, elections, wars, finance, or social movements. They also attack high-profile individuals, such as executives, public figures, journalists, and activists.

State-sponsored hackers

State-sponsored hackers have limitless time and funding to target civilians, corporations, other governments, or even prominent citizens connected to a larger objective. Their motivations are driven by their government’s strategic goals: gathering intelligence, stealing sensitive research or intellectual property, influencing public perception, or disrupting critical infrastructure. Because they are playing a long game, state-sponsored hackers are stealthy and persistent, quietly embedding themselves in systems, mapping networks, and waiting for the right moment to act.

Spy hackers

Corporations hire hackers to infiltrate their competitors and steal trade secrets, including product designs, source code, pricing plans, customer lists, legal documents, and merger or acquisition strategies. They may hack from the outside or gain employment in order to act as a mole, impersonating recruiters, partners, or vendors to get insiders to share access. They also take advantage of weak internal controls, such as excessive permissions, unsecured file-sharing links, or poor offboarding practices. Spy hackers may use similar tactics as hacktivists or state-sponsored espionage on a smaller scale: stealthy entry, careful privilege escalation, and long-term persistence to avoid triggering alarms. The stolen data is often not leaked publicly but delivered directly to the client and used behind the scenes.

Cyber terrorists

These hackers, generally motivated by religious or political beliefs, attempt to create terror, chaos, and real-world harm by disrupting critical infrastructures such as power grids, water systems, transportation networks, hospitals, emergency services, and government operations. They combine cyber operations with propaganda campaigns and physical attacks on the systems people rely on to live safely to create turmoil far beyond the screen. 

Understand hackers’ motivations

Cybercriminals aren’t just faceless entities; they’re driven by specific goals that shape their tactics and targets. Understanding their motivations empowers you to recognize potential threats and better protect yourself, your family, and colleagues.

Financial gain

Money remains the most common motivator. These profit-driven attacks directly impact your personal finances through methods such as ransomware, credit card fraud, and identity theft. In your home, financially motivated hackers target your banking apps, shopping accounts, and personal devices to steal payment information or hold your data hostage. In the workplace, they focus on payroll systems, customer databases, and business banking credentials.

Ideological motivations

Ideologically driven hackers, called hacktivists, pursue political or social causes through cyber means. These attacks can disrupt services that you rely on daily, from public utilities to private organizations that provide essential services or take public stances on divisive issues. Your best defense involves staying informed about potential disruptions and maintaining backup communication methods for essential services.

Curiosity and learning

Many hackers begin their journey with genuine curiosity about how systems work. They might probe your home network, test website security, or experiment with app vulnerabilities, not necessarily for malicious purposes, but their activities can still expose your data or disrupt services. In professional environments, these individuals might target systems or databases simply to see if they can gain access.

Recognition and reputation building

Some hackers seek fame, respect within hacker communities, or professional advancement rather than immediate financial benefit. They often target high-profile individuals, popular websites, or well-known companies to maximize the visibility for their exploits. If you have a significant social media following, your accounts could become targets for these attacks. They might also focus on defacing company or government websites, or leaking non-sensitive but embarrassing information.

State and corporate intelligence

Nation-state and corporate espionage are some of the most sophisticated threats in cyberspace, making it a top national security concern for both government and private sector. These operations compromise daily services and infrastructure such as internet service providers, email platforms, or cloud storage services to gather intelligence such as intellectual property, customer lists, or strategic planning documents. 

Coercion and extortion

Some hackers use cyber capabilities to intimidate or coerce victims into specific actions. In the FBI’s Internet Crime Complaint Center report for 2024, extortion was the 2nd top cybercrime by number of complaints, demonstrating the growing prevalence of coercion-based attacks. Coercion might involve compromising personal photos, social media accounts, or private communications to demand payment or behavioral changes. Workplace coercion could target executives with embarrassing information or threaten to leak sensitive business data unless demands are met. 

The intersection of motivations

Many real-world attacks combine multiple motivations—a financially driven criminal might also seek recognition within hacker communities, or an ideological hacker might generate revenue through ransomware. The contrast between ethical hacker motivations and malicious ones often lies in the permission, legality, and intent. Understanding why people become hackers helps you recognize that not all hacking activity is inherently malicious, although all unauthorized access ultimately poses risks to your security and privacy.

The psychology behind cyberattacks

Understanding the psychology behind cyberattacks gives you a powerful advantage in protecting yourself. When you know what drives hackers, you can better spot their tactics and stay one step ahead.

High reward, low risk

Many hackers operate with the goal of achieving high reward for perceived low risk. This risk-reward imbalance motivates attackers because they can potentially access valuable personal or financial information while remaining physically distant from their victims. This means hackers often target easy opportunities, such as when you click on suspicious links or download questionable attachments, to gain access with minimal effort. For instance, a hacker would rather send 10,000 phishing emails hoping for a few bites than attempt one complex, risky attack.

Exploiting normal human responses 

Hackers exploit well-known psychological shortcuts your brain takes. They understand that you’re more likely to trust familiar-looking emails, act quickly under pressure, or follow authority figures without question. These aren’t weaknesses, these are normal human responses that attackers deliberately manipulate. For example, urgent messages claiming your account will be closed create an artificial time pressure, making you more likely to click without thinking.

The power of group dynamics

Many successful cyberattacks leverage the human tendency to follow what others are doing. Hackers create fake social media profiles, forge customer reviews, or impersonate colleagues to make their requests seem legitimate and widely accepted. In ransomware attacks targeting businesses, criminals often research company hierarchies and communication styles to make their demands appear to come from trusted sources within the organization. 

The gamification of cybercrime

Modern hacking has elements that make it feel like a game to perpetrators. Some online forums award points for successful attacks, creating competition and recognition among criminals. This helps explain why some hackers target individuals rather than large corporations, as every successful phishing attempt becomes a score, and why attacks continue to evolve. 

Common hacking methods

Hackers don’t all use the same tricks, but most successful attacks rely on a familiar toolkit of methods that exploit common technical gaps and human habits. Recognizing these common techniques will help you avoid danger earlier on.

• Phishing and smishing. These attacks trick you into revealing sensitive information through fraudulent emails or text messages, respectively known as phishing and smishing. Modern attackers increasingly use AI-generated content and sophisticated social engineering techniques that make these messages appear more legitimate than ever before. 
• Credential stuffing. Cybercriminals use automated tools to test stolen username and password combinations across multiple websites, exploiting the fact that many people reuse passwords. This attack method has become more efficient with attackers leveraging large-scale data breaches and improved automation tools.
• Multi-factor authentication (MFA) fatigue. Attackers repeatedly send multi-factor authentication requests until overwhelmed, frustrated, and confused users approve one. This technique has gained prominence as more organizations adopt MFA, with attackers finding ways to exploit user behavior around security notifications. 
• Malvertising. Malicious advertisements on legitimate websites can install malware or redirect you to harmful sites without requiring any clicks. Recent trends show attackers using sophisticated techniques to bypass ad network security filters. 
• Remote desktop attacks. Hackers exploit weak or default passwords on remote desktop services to gain unauthorized access to systems, particularly targeting businesses with remote work setups. The rise of hybrid work environments since 2023 has made this attack vector increasingly attractive to cybercriminals. Disable remote desktop services when not needed and use VPNs with strong authentication for legitimate remote access.
• USB baiting. Attackers leave infected USB devices in public places, hoping curious individuals will plug them into their computers, automatically installing malware. Modern USB attacks can execute within seconds of being connected, making them particularly dangerous in today’s fast-paced work environment.

• Unsecured Wi-Fi networks. Unsecured public Wi-Fi and home networks create opportunities for hackers to gain access to your devices or intercept your sensitive information, such as passwords, emails, and banking details. Sometimes, cybercriminals create fake Wi-Fi hotspots with legitimate-sounding names to trick users into connecting.
• Unsafe downloads. Hackers disguise malicious software as legitimate programs, games, documents, or updates to trick users into installing them. These malicious downloads may come from infected email attachments, fake or pirated software, or even compromised websites. Once installed, the malware can steal your information, lock your files for ransom, or give hackers access to your computer.

• Tech support scams. Tech support scams rely on social engineering rather than technical exploits, where scammers typically contact you by phone and insist your computer has been infected or compromised. They create urgency and fear to convince you to install remote access software that gives them complete control of your computer. Once they have access, they can steal personal information, install malware, or hold your files hostage.

• Outdated software. Running outdated software creates security vulnerabilities that hackers actively leverage. When software developers discover security vulnerabilities, they release patches to fix these problems. If you don’t install these updates promptly, your system remains vulnerable to attacks. Hackers maintain databases of unpatched systems and use automated tools to find and exploit them.

Defensive tips to protect yourself from hack attacks

Your strongest defense against hacking combines technical safeguards, security awareness, and some consistent habits that shut down the most common paths attackers use. Here’s how to put those defenses in place and make your digital life a much harder target.

• Install comprehensive security software. The Cybersecurity and Infrastructure Security Agency recommends a layered security approach to prevent multiple types of threats simultaneously. Choose a reputable security suite that offers real-time protection, anti-malware scanning, and web browsing safety features. 
• Enable MFA everywhere. Add an extra security layer to all your important accounts: email, banking, social media, and work platforms. Only approve MFA requests that you initiated yourself, and report any unexpected authentication prompts to your IT team or service provider immediately.
• Use a password manager. Create complex, unique passwords using a trusted password manager for every account you own. The National Institute of Standards and Technology recommends passwords that are at least 12 characters long and completely unique across all your accounts to prevent credential stuffing attacks.
• Keep all software updated. Enable automatic updates for your operating system, apps, and security software, as many successful cyberattacks exploit known weaknesses that could have been prevented with timely updates.
• Secure your internet connections. Avoid using public Wi-Fi for sensitive activities, and use a reputable VPN when you must connect to untrusted networks. Unsecured public networks make it easy for attackers to intercept your data and credentials.
• Implement the 3-2-1 backup strategy. Regular, tested backups are your best defense against ransomware and data loss incidents. Keep three copies of important data—on your device, on an external drive, and in secure cloud storage. 
• Develop scam-spotting skills. Scammers continuously adapt their tactics to current events, so staying informed about the latest schemes and learning to recognize phishing emails, suspicious links, and social engineering tactics will help you stay one step ahead.
• Practice good digital hygiene. Regularly review your account permissions, remove unused apps, and monitor your financial statements for unauthorized activity to lessen your exposure to identity theft and privacy breaches.

• Monitor your accounts regularly. Check bank statements, credit reports, and account activity monthly. Set up account alerts for unusual activity when available.
• Limit personal information sharing. Only provide the necessary information to companies or service providers to reduce your digital footprint. In addition, review privacy settings and avoid oversharing on social media as scammers and hackers regularly prowl these platforms. 

Final thoughts

Now that you understand hackers’ motivations and psychological drivers, you can flip the script and turn it to your advantage. Instead of being the target, become the informed defender who recognizes manipulation tactics and responds thoughtfully rather than reactively. This knowledge empowers you to spot potential threats earlier, choose stronger protective measures, and navigate the digital world with greater confidence.

When someone pressures you to act immediately, that’s your cue to slow down and verify the request. Question familiar-looking messages, even if they look official. Check the sender’s address and contact the company through official channels. Trust your instincts and investigate before acting. Stay curious and keep learning from reputable cybersecurity resources that publish current research and threat intelligence. Share these tips with your family members and friends, especially those who might be less technologically savvy. 

McAfee+ includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues.

The post 7 Types of Hacker Motivations appeared first on McAfee Blog.

Scams didn’t slow down in 2025—and all signs point to the problem getting worse in 2026.

While the final numbers aren’t in yet, reported losses are already on track to break records. Through just the first half of 2025, the Federal Trade Commission (FTC) cited nearly $6.5 billion in scam-related losses, putting the year on pace to surpass 2024’s total. And it’s not just isolated incidents: 73% of Americans say they’ve experienced at least one scam or online attack.

As scams become more convincing, often powered by AI and designed to blend into everyday digital life, basic “spot the red flag” advice isn’t enough anymore. Protecting yourself now means tightening up your digital hygiene: how you manage passwords, personal data, online accounts, and the everyday tools you rely on to stay safe.

3) Keep spammers and scammers at bay by removing personal info from the internet. 

Data brokers sell all kinds of info that power all kinds of spam and scams. It’s one way spammers and scammers get contact info like emails and phone numbers, and it’s yet another way they get detailed info to target their ads and their attacks. 

For example, beyond your full name, home address, phone numbers, email addresses, and date of birth, many also have info about your family members, employment, and past purchases. Data brokers might gather and sell other info like religious and political leanings, health conditions, and employment history. Simply put, this detailed profile makes it easier for spammers and scammers to target you. 

Where do they harvest this info? From public records, shopper loyalty programs, and even from app data—all kinds of sources. And that underscores the problem, some data brokers keep exhaustive amounts of data about people, all in one place.  

And they’ll sell it to anyone who pays for it. You can help reduce those scam texts and calls by removing your info from those sites. A service like our Personal Data Cleanup can do that work for you. It scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and helps you remove it. 

4) Protect privacy with a VPN (it’s not just for travel anymore). 

One of the first things that comes to mind about VPNs is travel, a great way you can stay secure while using public Wi-Fi in airports and cafes. It works at home as well, giving you an extra layer of security when you bank, shop, or do anything that involves sensitive info. Yet it offers another big benefit. It helps make you more private, because it’s not just hackers who want to snoop on you online. 

For example, some ISPs collect your browsing data. In the United States and many other countries, ISPs can legally monitor and record info about the websites you visit and the apps you use. They can use it for advertising and analytics purposes, and, in some cases, they may share it with third parties. 

When you use a VPN, it encrypts all the data leaving your device and routes it through a secure server. As a result, your ISP can only see that you are connected to a VPN server, and it can’t track which websites you visit or the data you send and receive. Without a doubt, going online with a VPN makes you safer and keeps you more private.  

5) As AI scams become the norm, get a scam detector working for you. 

We saw big spikes in several types of scams over the year, and naturally a spike in reported losses followed. One reason for the jump is that AI tools have made it even easier for scammers to create convincing texts, emails, and deepfake videos designed to rip people off.   

They’re getting tougher to spot too. In the earlier days of AI-created content, you could often spot the telltale signs of a fake. That’s not always the case anymore, and scams are looking more and more sophisticated as AI tools evolve. 

But you have tools of your own. Our Scam Detector protects you across text, email, and video by spotting scams and detecting deepfake videos (like the one of a deepfaked Taylor Swift promoting a bogus cookware offer). You also have our Web Protection which detects links to scam sites and other sketchy corners of the internet while you browse. Both will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link. 

6) And just in case, get the reassurance of identity theft protection. 

So, let’s say the unfortunate happens to you. You get scammed. Maybe it’s a few bucks, maybe it’s more. You’re faced with a couple issues. One, that money could be gone for good depending on how you paid the scammer. Two, also depending on the payment method, the scammer might have your financial info.   

This is where something like our ID Theft & Restoration Coverage comes in. It gives you up to $2 million in identity theft coverage and identity restoration support if it’s determined you’re a victim of identity theft.​ Further, it puts a licensed recovery pro on the case to restore your credit and your identity, which takes that time-consuming burden off your shoulders. 

The post New Year Reset: A Quick Guide to Improving Your Digital Hygiene in 2026 appeared first on McAfee Blog.

Browser extensions have become essential parts of how we browse, bank, work, and shop online. From password managers to ad blockers, these tools can significantly improve your digital life when chosen wisely. Chief among these are browser plug-ins, which extend its functionality. Almost all popular browsers support these extensions, unfortunately, making them one of the most commonly used malware attack vectors.

In this guide, you will learn about the advantages and security risks of browser extensions, the role that permissions play in ensuring your privacy when using these extensions, and some best practices when using them.

Browser extensions and their malicious counterparts

Browser extensions are small software programs that enhance your web browser by adding new functionality or modifying existing ones. Think of them as helpful extra tools that can block ads, manage passwords, check prices while shopping, or customize how websites look and behave. Legitimate extensions make your browsing experience more efficient and enjoyable.

Cybercriminals, however, have taken advantage of their popularity by creating malicious versions disguised as useful tools that secretly operate with harmful intentions. Some of these malicious browser extensions access and modify web pages, monitor your browsing activity, and interact with websites on your behalf.

While legitimate extensions request only the minimum permissions necessary for their stated purpose, malicious extensions often request more permissions than they need to access your browsing data and history.

Core tactics of malicious browser extensions

Malicious browser extensions typically operate through specific methods that can significantly impact your daily online activities, from casual browsing to important financial transactions, including:

• Permission abuse occurs when an extension requests far more access than it needs to operate. For example, a weather extension that claims to show local forecasts might request permission to track the websites you visit, allowing it to monitor everything you do online and capture sensitive information such as passwords and credit card numbers without your knowledge.
• Ad injection is where malicious extensions insert unwanted advertisements into web pages you’re viewing, appearing as pop-ups, banner ads, or even replacing legitimate advertisements with malicious ones. These injected ads disrupt your browsing experience, can lead to scam websites, or attempt to trick you into downloading additional malware.
• Data theft is one of the most serious threats posed by malicious extensions. These programs can silently capture everything you type, including usernames, passwords, credit card information, and personal details, exposing your personal information to cybercriminals. When you log into your online banking or online shopping account, the malicious extension might record your login credentials and account information.
• Traffic redirection involves redirecting your legitimate web traffic to scam websites designed to steal your information or trick you into making fraudulent purchases. This is particularly dangerous when you’re trying to access your bank’s website or other financial services, but are redirected to a convincing fake site that could capture your login credentials.
• Drive-by downloads can be triggered by these ill-intentioned browser extensions when you visit specific websites, click on seemingly innocent links or files, or even during routine browsing activities. The links and files are disguised as legitimate software updates, media files, or useful applications that, in fact, could infect your device with ransomware, keyloggers, or other types of malware.
• Cryptocurrency mining extensions secretly use your computer’s processing power to mine cryptocurrency for the extension creator, running resource-intensive calculations in the background without your knowledge or consent. This unauthorized mining activity causes your device to run more slowly, drain your laptop battery faster, consume more electricity, generate excess heat, and potentially shorten your hardware’s lifespan.

The impact of malicious browser extensions

If not caught, malicious extensions can disrupt your daily life and compromise your personal security.

Malicious extensions violate your privacy when they monitor your online behavior and track the websites you view, build a profile of your habits and preferences, and even obtain your home address and other personal details. These details can be used for identity theft, social engineering attacks, or sold to data brokers, ultimately compromising your privacy and potentially affecting your real-world safety and financial security.

When it comes to online shopping, some malicious extensions could pressure you into hasty purchase decisions, intercept your checkout process, and capture your payment information. Once cybercriminals have your shopping account credentials, they can impersonate you to make unauthorized purchases.

Similar incidents could happen with your banking and financial accounts. Malicious browser extensions can steal your login credentials, account numbers, transaction details, and eventually your money. Some cybercriminals have gone as far as opening new accounts and applying for loans using your stolen information.

The most insidious aspect of malicious browser extensions is their ability to operate silently in the background while maintaining the appearance of legitimate functionality. A malicious extension might continue providing its advertised service—such as weather updates or price comparisons—while simultaneously conducting harmful activities, making them effective at avoiding detection.

On top of the higher electricity bills, degraded device performance and browsing experience, and wasted network bandwidth, malicious extensions violate your values by turning your device into an unwitting money-making tool for cybercriminals while you bear the operational costs. Furthermore, malicious extensions could potentially expose you to additional malware or scams, and involve you in fraudulent advertising schemes.

Their impact extends beyond your own device and could affect your entire household. On the shared networks and devices, malicious extensions can spread and compromise other users.

Guidelines to stay safe with browser extensions

Chrome extensions can absolutely be safe to use when you approach them with the right knowledge and precautions. The vast majority of extensions on the official Chrome Web Store undergo Google’s review process and are built by legitimate, reputable developers who aim to enhance your browsing experience and follow security best practices.

Additionally, the Chrome Web Store’s rating system and user reviews provide valuable insights into an extension’s reliability and performance. When you stick to well-established extensions with thousands of positive reviews and regular updates, you’re generally in safe territory.

However, the extension ecosystem does present a few security challenges. The primary risks come from two main areas: permission abuse and post-installation behavior changes. When you install an extension, you give it permission to access various aspects of your browsing data and your device. Some extensions may request more permissions than they actually need, creating potential privacy and security vulnerabilities. Even more concerning, some extensions start with benign functionality but later receive updates that introduce malicious features or get sold to malicious actors who update them with data-harvesting capabilities, turning a once-safe extension into a potential threat.

To help you navigate these challenges safely, here’s a practical risk assessment framework you can use before installing any Chrome extension. This systematic approach takes just a few minutes but can save you from potential headaches down the road.

Step 1: Evaluate the source’s reputation

Start by examining who created the extension. Look for extensions developed by well-known companies or developers with established track records. Check the developer’s website and other extensions they’ve created. Extensions from companies like Google, Microsoft, or other recognized tech firms generally carry lower risk profiles. For individual developers, look for those who maintain a professional online presence and have created multiple successful extensions.

Step 2: Analyze user reviews and ratings

Don’t just glance at the overall star rating. Read the actual reviews, look for patterns in user feedback, and pay special attention to recent comments that might indicate changes in the extension’s behavior. Be wary of extensions with suspiciously perfect ratings or reviews that seem artificially generated. Legitimate extensions typically have a mix of ratings with detailed, specific feedback from real users.

Step 3: Examine permission requests carefully

This is perhaps the most critical step in your assessment. When you click “Add to Chrome,” pay close attention to the permission dialog that appears. Question if the requested permissions make sense for the tool’s functionality and be particularly cautious of extensions requesting broad permissions such as “Read and change all your data on the websites you visit.”

Step 4: Check installation numbers and update history

Extensions with millions of users and regular updates are generally safer bets than those with just a few hundred installations. However, don’t let high installation numbers alone convince you. Look for extensions that receive regular updates, which indicates active maintenance and ongoing security attention from developers.

Step 5: Research recent security issues

Before installing, do a quick web search for the extension name with terms like “security,” “malware,” or “removed.” This will reveal any recent security incidents or concerns that other users have reported. Security researchers and tech blogs often publish warnings about problematic extensions, information that can be invaluable in your decision-making process.

Ongoing browser security

The security landscape changes constantly, and extensions that are safe today might develop problems in the future. This is why ongoing vigilance is just as important as your initial assessment.

• Install only as needed: Adopt a minimalist approach to installing extensions, as every browser extension you add increases your attack surface. Only install those you absolutely need.
• Regularly audit your installed extensions: Set a reminder to review your extensions every few months, removing any that you no longer use or that haven’t been updated recently. This reduces your attack surface and helps keep your browser running efficiently.
• Be wary of unrealistic benefits: When adding new browser extensions, be cautious of those that promise fantastic functions such as dramatically increasing internet speed or providing access to premium content for free. Extensions that require you to create accounts with suspicious email verification processes or that ask for payment information outside of Google’s official channels should also raise red flags.
• Be cautious of duplicate functions: Be suspicious if the extension is replicating functionality already built into Chrome, as these often exist primarily to harvest user data. Extensions with generic names, poor grammar in their descriptions, or unprofessional-looking icons and screenshots indicate lower development standards and potentially higher security risks.
• Install only from official stores: While not perfect, official browser stores offer significantly more security oversight than third-party sources or direct installation methods. Their layers of security screening include automated malware detection, manual code reviews for popular extensions, continuous monitoring for suspicious behavior, review systems, and developer verification processes.
• Enable automatic updates and smart monitoring: Browser updates often include enhanced extension security and additional protection mechanisms that help detect and prevent malicious extension behavior. In addition, implement a monitoring system to identify extensions that update unusually frequently or at suspicious times, such as during periods you’re less likely to notice behavioral changes.
• Deploy comprehensive protections: Integrate your browser extension security with broader security measures that can monitor extension behavior and detect suspicious activities such as unauthorized data access, unexpected network connections, or attempts to modify system files. These tools use behavioral analysis and machine learning to identify malicious patterns that might not be apparent through manual observation.
• Secure your shopping and banking accounts: Your financial transactions and shopping activities represent high-value targets that need specialized protections. Consider using a dedicated browser for financial activities to isolate your transactions or temporarily disable extensions not related to security or privacy. Enable multi-factor authentication to prevent unauthorized access even if a malicious extension captures your primary login credentials.
• Create a positive security routine: Establish straightforward security routines that include the measures listed above to ensure that your shopping, banking, and general browsing activities remain secure while still allowing you to benefit from the enhanced functionality that well-designed extensions provide.

Thankfully, Google continues to improve its security measures for the Chrome Web Store by implementing stricter review processes for extensions and enhancing its ability to detect and remove malicious extensions after they’ve been published. For additional protection, enable Chrome’s Enhanced Safe Browsing, under the browser’s Privacy and Security section.

Malicious browser extensions also pose similar threats across all major browser ecosystems, with attackers targeting the same vulnerabilities: excessive permissions, post-installation payload updates, and social engineering tactics.

Safari’s extension model, while more restrictive, still allows extensions to access browsing data and modify web content when you grant permissions. Microsoft Edge, built on Chromium, shares Chrome’s extension architecture and therefore inherits many of the same security challenges, though Microsoft has implemented additional screening measures for their Edge Add-ons store. Regardless of which browser you use, the fundamental protection strategies remain consistent.

Action plan if you’ve installed a malicious extension

If you suspect you’ve installed a malicious browser extension by mistake, speed matters in the race to protect your accounts. Follow this clear, step-by-step guide to remove the extension, secure your accounts, and check for any signs of compromise.

1. Immediately disconnect sensitive accounts: Sign out of all banking, shopping, and financial accounts you’ve accessed recently. Malicious extensions can capture session tokens and credentials in real-time, making immediate disconnection critical to prevent unauthorized access.
2. Remove the malicious extension completely: Open your browser settings and navigate to the Extensions or Add-ons section. Locate the suspicious extension and click “Remove” or “Uninstall.” Don’t just disable it. Check for related extensions that may have been installed simultaneously, as malicious extensions often come in bundles.
3. Clear all cookies and site data: Go to your browser’s privacy settings and clear all stored cookies, cached data, and site data to remove persistent tracking mechanisms or stored credentials the malicious extension may have accessed or modified. Pay special attention to clearing data from the past 30 days or since you first noticed suspicious activity.
4. Change all your passwords immediately: Start with your most sensitive accounts—banking, email, and work credentials—followed by all other accounts. Use strong, unique passwords that will make it difficult for the malicious extensions to attempt to access your accounts again. As mentioned earlier, enable multi-factor authentication.
5. Run a comprehensive security scan: Use reputable security software such as McAfee+ to perform full system scans on all devices where you’ve accessed sensitive accounts. Because malicious extensions can download additional malware or leave traces, it is best to schedule follow-up scans over the next few days to catch any delayed payloads.
6. Review all account activity thoroughly: Many malicious extensions operate silently for weeks before executing their primary payload. So keep monitoring your login history, transaction records, and changes in account settings across all your accounts, and look for any unauthorized transactions.
7. Set up account alerts: Set up automated account alerts for all transactions and closely monitor your bank and credit card statements for the next 60-90 days. Place fraud alerts with major credit bureaus if you suspect identity information may have been compromised.

Final thoughts

Browser extensions offer great functionality and convenience, but could introduce cybersecurity risks. With the right combination of smart browsing habits, regular security audits, and comprehensive protection tools, and staying informed, you can safely explore the web, manage your finances online, and shop without worry.

Make it a habit to question your intent to install a new extension, and download only from official browser stores. Review your installed extensions monthly—determine if each one still serves your needs. These practices, combined with keeping your browser and operating system updated, and employing trusted security software, reinforce your defense against evolving online threats. Remember to research any new browser extensions thoroughly before installation, checking developer credentials and reading recent user reviews to identify which browser extensions to avoid.

The post Learn to Identify and Avoid Malicious Browser Extensions appeared first on McAfee Blog.