This week in scams, three headlines tell the same story: attackers are getting better at manipulating people, not just breaking into systems. We’re seeing a wave of intrusions tied to social engineering, a major delivery platform confirming a breach amid extortion claims, and a big tech headline that has a lot of people rethinking how apps handle their data. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so you can spot risk earlier and avoid getting pulled into someone else’s playbook. 

Let’s get into it. 

A Wave of Cyberattacks Hits Bumble, Match, Panera, and CrunchBase 

The big picture: Several major brands were hit by cybersecurity incidents tied to social engineering tactics like phishing and vishing. 

What happened: Bloomberg reported that Bumble, Match Group, Panera Bread, and CrunchBase each confirmed incidents.  

Bumble said a contractor account was compromised in a phishing incident, which led to brief unauthorized access to a small portion of its network, and said its member database, accounts, messages, and profiles were not accessed.  

Panera said an attacker accessed a software application it used to store data, and said the data involved was contact information.  

Match said the incident affected a limited amount of user data, and said it saw no indication that user logins, financial information, or private communications were accessed.  

CrunchBase said documents on its corporate network were impacted, and said it contained the incident. 

According to Bloomberg, cybersecurity firm Mandiant has also warned about a hacking campaign linked to a group that calls itself ShinyHunters. The group is using vishing, which means scam phone calls, to trick people into giving up their login information. Once attackers get those logins, they can access cloud tools and online work systems that companies use every day. The group has said they are behind some of these recent attacks, but that has not been independently confirmed. 

Red flags to watch for: 

Calls that pressure you to approve a login, reset credentials, or share a one-time code 

Messages posing as IT support, a vendor, or “security” that try to rush you 

MFA prompts you did not initiate 

“Quick verification” requests that bypass normal internal processes 

How this works: Social engineering works because it blends into normal life. A convincing message or call gets someone to do one small “reasonable” thing. Approve a prompt. Read a code. Reset access. That is often all an attacker needs to get inside with legitimate credentials, then pivot into the tools where valuable data lives. 

TikTok’s Privacy Policy Update Sparks Backlash 

Ok, we know this is called “This Week in Scams” but this is also a cybersecurity newsletter. So when the biggest tech and privacy headline of the week is TikTok updating its privacy policy, we have to talk about it. 

The big picture: TikTok’s updated terms and privacy policy are raising fresh questions about what data is collected, especially around location. 

What happened: TikTok confirmed last week that a new U.S.-based entity is in control of the app after splitting from ByteDance earlier this year. That same day, CBS reported TikTok published updated terms and a new privacy policy, which prompted backlash on social media. 

CBS reported that one major point of concern is language stating TikTok may collect precise location information if users enable location services in device settings. This is reportedly a shift from previous policy language, and TikTok said it plans to give U.S. users a prompt to opt in or opt out when precise location features roll out. 

According to CBS, some users are also concerned the new privacy policy would allow the TikTok to more easily share their private data with the federal and local government. 

That fear is based on a change in policy language stating that TikTok “processes such sensitive personal information in accordance with applicable law.” 

A quick, practical takeaway: This is a good reminder that “privacy policy drama” usually comes down to one thing you can actually control: your app permissions. 

What to do (general privacy steps): 

Check your phone settings for TikTok and confirm whether location access is Off, While Using, or Always. 

If your device supports it, consider turning off precise location for apps that do not truly need it. 

Do a quick permission sweep across social apps: location, contacts, photos, microphone, camera, and Bluetooth. 

Make sure your account is protected with a strong, unique password and two-factor authentication. 

Note: This is not a recommendation about whether to keep or remove any specific app. It’s a reminder that your device settings matter and they are worth revisiting. 

Grubhub Confirms a Data Breach Amid Reports of Extortion 

The big picture: Even when a company says payment details were not affected, a breach can still create risk because stolen data often gets reused for phishing. 

What happened: According to BleepingComputer, Grubhub confirmed unauthorized individuals downloaded data from certain systems and that it investigated, stopped the activity, and is taking steps to strengthen security. Sources told BleepingComputer the company is facing extortion demands tied to stolen data. Grubhub said sensitive information like financial details and order history was not affected, and did not provide more detail on timing or scope. 

Red flags to watch for next: Breach headlines are often followed by scam waves. Be on alert for: 

“Refund” or “order problem” emails you did not request 

Fake customer support messages asking you to verify account details 

Password reset prompts you did not initiate 

Links to “resolve your account” that don’t come from a known, official domain 

How this works: Customer support systems can contain personal details that make scams feel real. Names, emails, and account notes are often enough for attackers to craft messages that sound like legitimate help, especially when the brand is already in the news. 

Fake Chrome Extensions Are Quietly Taking Over Accounts 

The big picture: Some browser extensions that look like normal workplace tools are actually designed to hijack accounts and lock users out of their own security controls. 

What happened: Security researchers told Fox News that they uncovered a campaign involving malicious Google Chrome extensions that impersonate well-known business and human resources platforms, including tools commonly used for payroll, benefits, and workplace access. 

Researchers identified several fake extensions that were marketed as productivity or security tools. Once installed, they quietly ran in the background without obvious warning signs. According to Fox News, Google said the extensions have been removed from the Chrome Web Store, but some are still circulating on third-party download sites. 

How the scam actually works: Instead of stealing passwords directly, the extensions captured active login sessions. When you sign into a website, your browser stores small files that keep you logged in. If attackers get access to those files, they can enter an account without ever knowing the password. 

Some extensions went a step further by interfering with security settings. Victims were unable to change passwords, review login history, or reach account controls. That made it harder to detect the intrusion and even harder to recover access once something felt off. 

Why this matters: This kind of attack removes the safety net people rely on when accounts are compromised. Password resets and two-factor authentication only help if you can reach them. By cutting off access to those tools, attackers can maintain control longer and move through connected systems with less resistance. 

What to watch for: 

Browser extensions you don’t remember installing 

Add-ons claiming to manage HR, payroll, or internal business access 

Missing or inaccessible security settings on accounts 

Being logged into accounts you did not recently open 

A quick safety check: Take a few minutes to review your browser extensions. Remove anything unfamiliar or unnecessary, especially tools tied to work platforms. Extensions have deep access to your browser, which means they deserve the same scrutiny as any other software you install. 

McAfee’s Safety Tips for This Week 

Be skeptical of “helpful” tools. Browser extensions, workplace add-ons, and productivity tools can have deep access to your accounts. Only install what you truly need and remove anything unfamiliar. 

Treat calls and prompts with caution. Unexpected login requests, MFA approvals, or “IT support” outreach are common entry points for social engineering. If you didn’t initiate it, pause and verify. 

Review app and browser permissions. Take a few minutes to check what apps and extensions can access your location, accounts, and data. Small changes here can significantly reduce risk. 

Protect your logins first. Use strong, unique passwords and enable two-factor authentication on email and work-related accounts. If attackers get your email, they can reset almost everything else. McAfee’s Password Manager can help you create and store unique passwords for all of your accounts.  

Expect follow-up scams after headlines. When breaches or policy changes make the news, scammers often follow with phishing messages that reference them. Extra skepticism in the days and weeks after a story breaks can prevent bigger problems later. 

The post This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion appeared first on McAfee Blog.

As Harry Styles concert tickets go on sale for his first tour in years, cybersecurity experts warn that the same excitement driving ticket registrations and social chatter will also drive a spike in ticket scams across social media, email, and text messages. 

“When demand spikes around a major tour, ticket scams spike too,” said Abhishek Karnik, Head of Threat Research at McAfee. “We saw this during recent major ticket releases, including the Oasis reunion, when McAfee Labs identified more than 2,000 suspicious ticket listings online.” 

“Scammers take advantage of the urgency fans already feel, and the fear of missing out, inserting themselves into social posts, DMs, and text threads with offers that sound normal and believable,” Karnik added.

“Avoid interacting with unknown sellers, especially when offers are made over social media,” Karnik said. “Payments made via wire transfers, cryptocurrency, gift cards, or peer-to-peer platforms like Venmo or Zelle are often not recoverable, which is why it’s safer to buy directly from official ticketing sites or well known resale platforms.”

Where, When, and How to Get Harry Styles Tickets 

Styles announced Together, Together on January 22, marking his first tour since 2023. 

The residency-style run spans seven cities worldwide: Amsterdam, London, São Paulo, Mexico City, New York, Melbourne, and Sydney. Shows begin in May and continue through December. 

New York City is the only North American stop, making competition for tickets especially intense for U.S. fans. In fact, a record-breaking 11.5 million people have already registered for ticket information to attend the Madison Square Garden stop alone. For context, the capacity for that venue is just 19,500 people.  

According to The Hollywood Reporter, that means just 5% of people who signed up for U.S. tickets will be able to buy them when they go on sale this week.  

American Express access presale ticket sales are already live, and Ticketmaster is the primary platform handling official sales.  

The rest of the Together, Together tour tickets will be released in two stages:  

1. General on sale for NYC dates August 26 – October 9 begins on Friday, January 30.  
2. General on sale for October 10 – 31 begins Wednesday, February 4. 

That staggered release schedule matters. Multiple on-sale moments mean repeated waves of urgency, which scammers often mirror with fake “last chance” messages, counterfeit presale links, or impersonations of ticketing platforms and customer support. 

What do Harry Styles tickets cost right now 

Ticket prices range widely by seat location and package, with outlets reporting lower prices starting in the $100 range. However, premium seats climb past $1,000. According to Forbes, the average ticket price of his 2022 tour was $113. 

That context matters, because it helps fans recognize the biggest red flag in ticket fraud: a too-good-to-be-true price.  

If you are seeing “floor seats for $50” while reputable platforms are showing far higher prices for comparable sections, that is not a deal. It is a hook for a scammer. 

How ticket scams work 

Ticket scams rarely start with “Buy my fake ticket.” They start with the conditions that make people easy to rush: too much noise, too many messages, and too little time to verify what’s real. 

McAfee’s State of the Scamiverse survey of 7,500 consumers found people now receive 14 scam messages per day on average, and spend a “time tax” of 114 hours a year sorting real from fake. In that environment, criminals don’t need you to be careless. They just need you to be busy. And major ticket drops create the perfect opening: high demand, fast-moving queues, and price shock that makes a “good deal” feel like something you have to grab immediately. 

What’s changed is that scams don’t even need a link anymore. The report found more than 1 in 4 people (26%) say suspicious social messages now arrive without a URL, and 44% admit they reply to those linkless DMs anyway, often triggering the next step of the scam. That’s the blueprint behind many ticket scams today: a believable message, a quick pivot to payment, and pressure to move fast before you can verify. 

Below are among the most common ticket-scam patterns to watch for, and exactly how they play out. 

Ticket fraud 

Ticket fraud is when someone advertises tickets, takes payment, and delivers nothing, or delivers tickets that do not work at the door. This includes fake screenshots, fake confirmation emails, and counterfeit QR codes. 

How it plays out: 

• A seller claims they “cannot make the show.” 
• They ask you to pay quickly to “hold” the tickets. 
• They send a screenshot of a ticket or order email. 
• The tickets never arrive, or the QR code fails when scanned. 

Resale duplication scams 

A resale duplication scam happens when the scammer sells the same ticket to multiple buyers. Sometimes the scammer has one legitimate ticket and sells it repeatedly. Sometimes they have none and simply reuse the same screenshot. 

How it plays out: 

• You receive something that looks real. 
• Multiple people show up with the same ticket. 
• Only the first scan gets in. 

Phishing scams 

A phishing scam is a message designed to trick you into clicking a link or sharing personal information. Ticket phishing often pretends to be from Ticketmaster, a venue, a presale program, or customer support. 

How it plays out: 

• “Your tickets are on hold, confirm within 10 minutes.” 
• “Unusual activity detected. Verify your account.” 
• “Your payment failed. Update billing.” 

Modern phishing messages can look polished and grammatically clean, which is why relying on spelling errors is no longer a reliable defense. 

Cloned ticket websites 

A cloned ticket website is a fake site made to look like a legitimate seller. These sites are built to capture your payment info, personal data, or both. 

How it plays out: 

• You click an ad or link from social media. 
• The site looks legitimate, but the URL is slightly off. 
• You “buy” tickets and either receive nothing or later see fraud on your card. 

Ticket transfer and account takeover scams 

A ticket transfer scam exploits the fact that many tickets are digital and transferable. A related risk is account takeover, where scammers steal your ticketing login and transfer tickets out of your account. 

How it plays out: 

• You get a message claiming your account needs verification. 
• You enter credentials on a fake page. 
• The attacker logs in and transfers tickets away. 

Fake customer support scams 

A fake customer support scam is when scammers pose as a company’s help desk, often after you post publicly that you need help. 

How it plays out: 

• You tweet, post, or comment about ticket issues. 
• An “agent” messages you first. 
• They ask for login details, a code, or payment to “unlock” tickets. 

A true scam story: Henry’s last-minute ticket scam 

Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in, someone nearby claimed to have extra tickets.  

The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets.  

Minutes later, he sent the full $280.  

“I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.”  

The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him. 

Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show.  

“I sent $280 and got blocked. We never made it inside.”  

What makes Henry’s experience so common is not the platform. It is the pattern: 

• A believable story 
• A “reasonable” price 
• A fast-moving negotiation 
• A sudden change in terms 
• Pressure, then disappearance 

How to spot a ticket scam fast 

Use these red flags as a reality filter: 

Safer ways to buy tickets 

If you want the simplest rule: buy through official ticketing and verified resale platforms that offer buyer protection. Scammers can create fake accounts anywhere, but they cannot easily bypass legitimate purchase protections. 

Practical steps: 

1. Go direct: Type the official ticketing URL into your browser, do not follow random links. 
2. Use protected payment: Credit cards generally offer stronger dispute options than unprotected transfers. 
3. Avoid risky payment demands: Crypto, gift cards, and wires are common in fraud because they are hard to reverse. 
4. Secure your accounts: Use strong passwords and enable two-factor authentication where available. 
5. Pause before paying: Scammers depend on emotional momentum. 

How Scam Detector can help 

Tools like McAfee’s Scam Detector can act as a second set of eyes when messages or links are designed to rush you.  

Scam detection can help flag suspicious language patterns, risky links, and social engineering tactics before money leaves your account. 

The post Buying Harry Styles Tickets? Avoid These Common Ticket Scams appeared first on McAfee Blog.

You block a caller, feel a moment of relief, and then the phone rings again. If you’re wondering why you still get spam calls even after blocking numbers, you’re not alone.  

Spammers evolve quickly. They rotate phone numbers, spoof caller IDs, and use automated dialers to bypass basic defences, which is why many people see blocked calls still coming through and ask, can blocked numbers call you?

In this guide, we’ll explain what’s happening behind the scenes, share proven steps for how to stop getting spam calls, and help you protect your privacy and finances with confidence. 

What Counts as a Spam Call? 

Spam calls are unsolicited calls that aim to sell, deceive, or defraud. They include aggressive sales pitches, fake giveaways, tech support scams, and impersonations of banks or government agencies. Some are placed by people, while many are robocalls that play prerecorded messages at scale. Legality often hinges on consent and compliance with regulations, but harmful calls tend to ignore the rules. 

The typical scam call red flags: 1) Urgent or threatening language. 2) Pressure to pay right now. 3) Requests for sensitive details like Social Security numbers, bank information, or one-time passcodes.

Robocalls drive much of the volume today. They’re inexpensive, fast, and highly automated. While appointment reminders or pharmacy updates can be helpful and legitimate, scam robocalls promote fake debt collection, prize schemes, or malicious tech support. Their scale is precisely why blocked calls still coming through remains a persistent frustration. 

Inbox of spam calls feel familiar?

Why Blocking Numbers Doesn’t Stop Spam 

Blocking prevents repeat calls from the same caller ID. Spammers know this and adapt. They rotate through vast pools of numbers, so each attempt looks new. You block one, and the next call arrives from a different number. It’s a cat-and-mouse game that leads many to ask, can blocked numbers call you or why is a blocked number still calling? 

Caller ID spoofing amplifies the problem. Spoofing lets scammers display any number they want, including matching your area code or appearing as a trusted organisation. This undermines caller ID and weakens number-based blocking. Some spoofed calls even show familiar names, increasing the chance you’ll answer. 

Behind the scenes, spam operations acquire and discard numbers rapidly through VoIP services and disposable lines. Large campaigns can cycle through thousands of numbers daily, which makes manual blocking a limited defense. That’s why you still get spam calls even after blocking numbers and why many people wonder how to stop getting spam calls for good. 

Layered Measures to Reduce Spam Calls 

A stronger strategy combines smarter tools with practical policies that work together. Here’s how we approach it: 

Use call-protection apps: Choose reputable apps that leverage threat intelligence, crowdsourced reports, and machine learning. These tools detect patterns, silence high-risk calls, and warn you before you answer. Many provide enhanced caller ID and category-based filtering to cut down the noise. 

Register with the National Do Not Call Registry: Add your number at donotcall.gov to reduce lawful telemarketing. It won’t stop illegal spam calls, but it trims legitimate sales outreach and supports enforcement when violators call. 

Use your mobile carrier’s protections: Most phone carriers offer built-in features that help identify and block spam calls, often at no extra cost. When these tools are turned on, your phone may label suspicious calls as “Scam Likely,” warn you before you answer, or automatically block known spam numbers. Some carriers can also verify when a call is coming from a real business, which makes it harder for scammers to fake caller IDs and pretend to be someone they’re not. 

Used together, these layers reduce the chance that a blocked number still calling will get through and provide practical answers for how to stop getting spam calls without missing important calls. 

Best Practices for Handling Incoming Calls 

Build habits that make suspicious calls easier to spot and manage: 

Spot potential spam: Be cautious with unknown numbers, urgent demands, and offers that sound too good to be true. Don’t share personal information, one-time passcodes, or payment details. If someone claims to be from your bank, healthcare provider, or a government agency, hang up and call back using a verified number from their official website. 

Report spam quickly: File complaints with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and the Federal Communications Commission (FCC) at consumercomplaints.fcc.gov. Include caller ID, time, message content, and any request for data or payment. Many call-protection apps and carriers support in-app reporting, which improves filters for everyone. 

Use call screening: Turn on features like Silence Unknown Callers on iOS or Filter Spam Calls on Android. Enable voicemail transcription and consider Do Not Disturb with exceptions for contacts and verified callers. Use screening assistants where available to prompt unknown callers to state their purpose. This reduces interruptions and blocks automated spam. 

Stay Safe from Social Engineering 

Phone scams often rely on social engineering. Recognising common tactics helps you pause and protect yourself. 

Spot voice phishing: Be wary of claims that your account is locked, a payment is overdue, or an immediate verification code is needed. Legitimate organisations do not ask for full Social Security numbers, passwords, or 2FA codes over the phone. If you’re concerned, contact the company through a trusted channel. 

Protect personal information: Keep sensitive data private. Don’t share account numbers, PINs, passwords, or security codes in response to an incoming call. Use strong, unique passwords and enable multi-factor authentication. If you receive a verification code you didn’t request, secure your account right away. 

If you responded to a spam call: If you disclosed financial details or made a payment, contact your bank or card issuer immediately. Change passwords, enable account alerts, and review recent activity. Report the incident to the FTC and local law enforcement if needed. Consider a credit freeze with the major credit bureaus. If a device may be compromised, run a trusted security app to scan and remove suspicious software. 

Quick Comparison of Anti-Spam Call Options 

If you’re asking why you still get spam calls even after blocking numbers or seeing a blocked number still calling, this table shows how layered options work together to reduce risks. 

Go Beyond Blocking: Remove Your Number From the Dark Web and Data Broker Lists 

Blocking spam callers treats the symptom, not the source. One reason spam keeps coming is that your phone number may already be circulating in data broker databases or dark web marketplaces after a breach, app signup, or form fill. Once your number is out there, it gets resold, bundled, and targeted repeatedly. 

McAfee Data Cleanup tackles that upstream problem. It helps find where your personal data, including your phone number, appears online and works to remove it from risky sources. Fewer listings mean fewer lists for spammers to buy and fewer campaigns aimed at your number. 

How your number ends up being targeted 

Data brokers: Many sites legally collect and resell contact details. Spammers buy access and blast calls at scale. 

Breaches and leaks: Stolen databases often end up on underground forums, where numbers are traded and reused. 

Public profiles and apps: Old accounts, giveaways, and permissions can expose your number without you realising. 

What Data Cleanup adds to your defense 

Finds exposures: Scans for your number across broker sites and known risk areas. 

Removes listings: Submits opt-out and removal requests on your behalf, reducing where your data lives online. 

Keeps watch: Monitors for reappearance so your number doesn’t quietly get relisted later. 

Think of this as turning down the tap, not just mopping the floor. When fewer databases have your number, spam operations have fewer ways to reach you. 

If you’re serious about how to stop getting spam calls, add data cleanup to your toolkit. Reducing your digital footprint won’t eliminate every bad call overnight, but over time, it lowers exposure, cuts repeat targeting, and helps reclaim your phone from constant interruptions. 

Blocking Isn’t Protection. Layering Is. 

If spam calls feel endless, it’s because blocking numbers was never designed to stop modern scam operations. Today’s callers rotate numbers, spoof trusted IDs, and pull your phone number from massive data ecosystems that don’t disappear when you tap “Block.” 

The real fix is layered protection. Call filtering and carrier tools help stop suspicious calls at the door. Screening features reduce interruptions. And addressing the source, by limiting where your number exists online, cuts down the number of campaigns that ever reach you in the first place. 

No single tool will end spam calls overnight. But when you combine smart call protections, cautious habits, and proactive data cleanup, the volume drops, the risks shrink, and your phone becomes a lot quieter. 

If you’ve been asking why you still get spam calls even after blocking numbers, this is the answer. Blocking is reactive. Protection works best when it’s proactive. 

FAQs 

The post Why You Still Get Spam Calls Even After Blocking Numbers appeared first on McAfee Blog.

Scams don’t always arrive with obvious warning signs. 

They show up as QR codes on parking meters. As casual DMs that start with “Hey.” As social messages that feel routine enough to respond to without thinking twice. 

That shift has created a new burden for consumers. According to McAfee’s 2026 State of the Scamiverse report, Americans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That is nearly three full workweeks lost to second-guessing messages, alerts, links, and notifications. 

McAfee’s upgraded Scam Detector is designed to meet people in those exact moments, with enhancements rolling out across core McAfee plans beginning in February. 

The latest improvements add instant QR code scam checks and smarter social messaging protection, making it easier to spot scams before they escalate. 

Figure 1: An example of a suspicious text being flagged by McAfee’s Scam Detector 

What’s new in McAfee’s Scam Detector 

Scams now move quickly across platforms and formats, often escalating in minutes once someone engages. Among people who were harmed by a scam, the typical scam unfolded in about 38 minutes. 

That speed leaves little room for hesitation. Scam protection has to work in real time, not after the damage is done. 

McAfee’s latest Scam Detector upgrades are designed around that reality, adding: 

• Instant QR code safety checks, so users can assess risk before tapping 
• Smarter social messaging protection, with clearer warnings for suspicious texts, emails, and DMs, even when no link is present 

These Scam Detector upgrades will begin rolling out in February across all core McAfee plans, bringing real-time protection to the moments where scams escalate fastest. 

QR codes, quishing, and why instant scans are needed 

QR codes were designed for convenience. That is exactly why scammers use them. 

Cybercriminals increasingly hide malicious links behind QR codes placed on menus, parking meters, packages, posters, and public signage. People scan quickly, often without stopping to evaluate where the code leads. 

McAfee research shows how common this risk has become: 

• 68% of people scanned a QR code in the past three months 
• 18% landed on a suspicious or unsafe page after scanning 
• Among those who did, more than half took risky actions such as entering personal information, installing an app, or connecting a digital wallet 

Figure 2. A still from a demo video, showing a risky QR code being blocked by McAfee’s Scam Detector 

Social media scams and the rise of linkless messages 

Phishing is no longer confined to emails with obvious red flags. 

Scams now arrive through WhatsApp, Instagram, Messenger, Telegram, and other social platforms, often starting as vague or friendly messages designed to lower suspicion rather than trigger alarm. 

McAfee’s research highlights a key shift: more than one in four suspicious social messages contain no link at all, and 44% of Americans say they have replied to a suspicious DM with no link. 

These messages rely on familiarity and momentum. A short greeting. A warning about an account issue. A promise of easy money. By the time a request or link appears, the conversation already feels normal. 

And the economic impact of these scams is significant. According to the FTC, social media scams drove $1.9 billion in reported losses in 2024, making social platforms one of the top channels for fraud and identity theft. 

That’s why McAfee’s Scam Detector includes smarter social messaging protection, delivering clearer warnings for suspicious texts, emails, and DMs, even those without risky links, across popular platforms. The focus is on identifying suspicious patterns and behavior, not just URLs. 

Users can take a quick screenshot of their social media content on social media, and McAfee’s Scam Detector will analyze the message for suspicious activity. 

Get protection that works before scams escalate 

The stakes are high: 

• One in three Americans has lost money to a scam 
• Among those who lost money, the average loss was $1,160 
• 15% of scam victims fall for another scam within a year 

Scams are not just increasing in volume. They are becoming more personal, more believable, and easier to scale using AI. 

McAfee’s upgraded Scam Detector is designed to stay ahead of those shifts, offering real-time guidance when it matters most, whether that’s a suspicious QR code, a vague DM, or a message that feels just normal enough to trust. 

The enhanced Scam Detector, including instant QR code checks and smarter social messaging protection, will begin rolling out in February across all core McAfee plans. 

The post How McAfee’s Scam Detector Checks QR Codes and Social Messages appeared first on McAfee Blog.

Merriam-Webster’s word of 2025 was “slop.” Specifically, AI slop. 

Low-effort, AI-generated content now fills social feeds, inboxes, and message threads. Much of it is harmless. Some of it is entertaining. But its growing presence is changing what people expect to see online.

McAfee’s 2026 State of the Scamiverse report shows that scammers are increasingly using the same AI tools and techniques to make fraud feel familiar and convincing. Phishing sites look more legitimate. Messages sound more natural. Conversations unfold in ways that feel routine instead of suspicious.

According to McAfee’s consumer survey, Americans now spend an average of 114 hours a year trying to determine whether the messages they receive are real or scams. That’s nearly three full workweeks lost not to fraud itself, but to hesitation and doubt.

As AI-generated content becomes more common, the traditional signals people relied on to spot scams, such as strange links and awkward grammar, are fading. That shift does not mean everything online is dangerous. It means it takes more effort to tell what is real from what is malicious.

The result is growing uncertainty. And a rising cost in time, attention, and confidence.

The average American receives 14 scam messages a day 

Scams are no longer occasional interruptions. They are a constant background noise. 

According to the report, Americans receive an average of 14 scam messages per day across text, email, and social media.  

Many of these messages do not look suspicious at first glance. They resemble routine interactions people are conditioned to respond to. 

• Delivery notices 
• Account verification requests 
• Subscription renewals  
• Job outreach 
• Bank alerts 
• Charity appeals 

And with the use of AI tools, scammers are churning out these scam messages and making them look extremely realistic.

That strategy is working. One in three Americans says they feel less confident spotting scams than they did a year ago.  

Figure 1. Types of scams reported in our consumer survey. 

Most scams move fast, and many are over in minutes 

The popular image of scams often involves long email threads or elaborate schemes. In reality, many modern scams unfold quickly. 

Among Americans who were harmed by a scam, the typical scam played out in about 38 minutes.  

That speed matters. It leaves little time for reflection, verification, or second opinions. Once a person engages, scammers often escalate immediately. 

Still, some scammers play the long game with realistic romance or friendship scams that turn into crypto pitches or urgent requests for financial support. Often these scams start with no link at all, but just a familiar DM.

In fact, the report found that more than one in four suspicious social messages contain no link at all, removing one of the most familiar warning signs of a scam.  And 44% of people say they have replied to a suspicious direct message without a link.  

The cost is not just money. It is time and attention. 

Financial losses from scams remain significant. One in three Americans report losing money to a scam. Among those who lost money, the average loss was $1,160.  

But the report argues that focusing only on dollar amounts understates the broader impact: scams also cost time, attention, and emotional energy. 

People are forced to second-guess everyday digital interactions. Opening a message. Answering a call. Scanning a QR code. Responding to a notification. That time adds up. 

And who doesn’t know that sinking feeling when you realize a message you opened or a link you clicked wasn’t legitimate?

Figure 3. World Map of Average Scam Losses. 

Why AI slop makes scams harder to spot 

The rise of AI-generated content has changed the baseline of what people expect online. It’s now an everyday part of life.

According to the report, Americans say they see an average of three deepfakes per day.  

Most are not scams. But that familiarity has consequences. 

When AI-generated content becomes normal, it becomes harder to recognize when the same tools are being used maliciously. The report found that more than one in three Americans do not feel confident identifying deepfake scams, and one in ten say they have already experienced a voice-clone scam. Voice clone scams often feature AI deepfake audio of public figures, or even people you know, requesting urgent financial support and compromising information.

These AI-generated scams also come in the form of phony customer support outreach, fake job opportunities and interviews, and illegitimate investment pitches.

Account takeovers are becoming routine 

Scams do not always end with an immediate financial loss. Many are designed to gain long-term access to accounts. 

The report found that 55% of Americans say a social media account was compromised in the past year.  

Once an account is taken over, scammers can impersonate trusted contacts, spread malicious links, or harvest additional personal information. The damage often extends well beyond the original interaction. 

Scams are blending into everyday digital life 

What stands out most in the 2026 report is how thoroughly scams have blended into normal online routines. 

Scammers are embedding fraud into the same systems people rely on to work, communicate, and manage their lives. 

• Cloud storage alerts (such as Google Drive or iCloud notices) warning that storage is full or access will be restricted unless action is taken, pushing users toward fake login pages.
• Shared document notifications that appear to come from coworkers or collaborators, prompting recipients to open files or sign in to view a document that does not exist.
• Payment confirmations that claim a charge has gone through, pressuring people to click or reply quickly to dispute a transaction they do not recognize.
• Verification codes sent unexpectedly, often as part of account takeover attempts designed to trick people into sharing one-time passwords.
• Customer support messages that impersonate trusted brands, offering help with an issue the recipient never reported.

Figure 4: Example of a cloud scam message. 

The Key Takeaway

Not all AI-generated content is a scam. Much of what people encounter online every day is harmless, forgettable, or even entertaining. But the rapid growth of AI slop is creating a different kind of risk.

Learn more and read the full report here.

FAQ: Understanding the AI Slop Era and Modern Scams 

The post McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real appeared first on McAfee Blog.

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix billing alerts to malicious browser extensions and QR code phishing tied to foreign espionage, the common thread is trust being weaponized at exactly the right moment. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it. 

Netflix Billing Emails Are Back… And Still Catching People Off Guard 

The big picture: Subscription phishing is resurging, with scammers impersonating Netflix and using fake billing failures to push victims into handing over payment details. 

What happened: Multiple Netflix impersonation emails circulated again this month, warning recipients that a payment failed and urging them to “update payment” to avoid service interruption. The messages closely mirror Netflix’s real branding and include polished formatting, official-looking language, and even PDF attachments designed to feel like legitimate billing notices. 

What makes these scams effective is timing. Victims often receive them while actively reviewing subscriptions, updating payment methods, or considering canceling services. That context lowers skepticism just enough for a quick click before slowing down to verify. 

McAfee’s Scam Detector flagged the messages (which one of our own employees received this week) as phishing, confirming they were designed to steal payment information rather than resolve a real billing issue. 

Red flags to watch for: 

• Unexpected billing problems paired with urgent calls to act 
• Payment requests delivered by email instead of inside the app 
• Attachments or buttons asking you to “fix” account issues 
• Sender addresses that don’t match official Netflix domains 

How this scam works: This is classic brand impersonation phishing. Scammers don’t need to hack Netflix itself. They rely on people recognizing the logo, trusting the message, and reacting emotionally to the idea of losing access. The attachment and clean design help bypass instinctive spam filters in the brain, even when technical filters catch it later. 

Netflix has warned customers about these scams and offers advice on its site if you encounter one.

What to do instead: If you get a billing alert, don’t click. Open the Netflix app or manually type the site address to check your account. If there’s no issue there, the email wasn’t real. 

Fake Ad Blocker Crashes Browsers to Push “Fix It” Malware 

The big picture: Attackers are exploiting browser crashes themselves as a social engineering tool, turning technical disruption into a pathway for malware installation. 

What happened: Researchers reported a malvertising campaign promoting a fake ad-blocking browser extension called “NexShield,” which falsely claimed to be created by the developer of a well-known, legitimate ad blocker. Once installed, the extension intentionally overwhelmed the browser, causing freezes, crashes, and system instability. 

After restart, victims were shown fake security warnings instructing them to “fix” the problem by running commands on their own computer. Following those instructions triggered the download of a remote access tool capable of spying, executing commands, and installing additional malware. The reporting was first detailed by Bleeping Computer, with technical analysis from security researchers. 

Red flags to watch for: 

• Browser extensions promising performance boosts or “ultimate” protection 
• Crashes immediately after installing a new extension 
• Pop-ups instructing you to run commands manually 
• “Security fixes” that require copying and pasting code 

How this scam works: This is a variant of ClickFix attacks. Instead of faking a problem, attackers cause a real one, then position themselves as the solution. The crash creates urgency and confusion, making people more likely to follow instructions they’d normally question. It turns frustration into compliance. 

FBI Warns QR Code Phishing Is Being Used for Cyber Espionage 

The big picture: QR codes are being used as stealth phishing tools, with highly targeted attacks tied to foreign intelligence operations. 

What happened: The Federal Bureau of Investigation issued a warning about QR code phishing, or “quishing,” campaigns linked to a North Korean government-backed hacking group. According to reporting by Fox News, attackers sent emails containing QR codes that redirected victims to fake login pages or malware-hosting sites. 

In some cases, simply visiting the site allowed attackers to collect device data, location details, and system information, even if no credentials were entered. These campaigns are highly targeted, often aimed at professionals in policy, research, and technology sectors. 

Red flags to watch for: 

• QR codes sent by email or messaging apps 
• QR codes leading to login pages for work tools or cloud services 
• Messages that feel personalized but unexpected 
• Requests to scan instead of click 

How this scam works: QR codes hide the destination URL, removing the visual cues people rely on to judge safety. Because scanning feels faster and more “passive” than clicking a link, people often skip verification entirely. That moment of trust is what attackers exploit. 

Read our ultimate guide to “quishing” and how to spot and avoid QR code scams here. 

McAfee’s Safety Tips for This Week 

• Verify inside official apps. Billing or security issues should be confirmed directly in the app or website you normally use, not through email links or QR codes. 
• Treat extensions like software installs. Only install browser extensions from trusted publishers you already know, and remove anything that causes instability. 
• Slow down with QR codes. If a QR code leads to a login page or download, close it and navigate manually instead. 
• Watch for urgency + familiarity. Scammers increasingly rely on brands, tools, and behaviors you already trust to short-circuit caution. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365. 

The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.

Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users. 

“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”

“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”

“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.

Here, we break down what happened and why outages are prime time for scammers.

What happened to Microsoft Outlook? 

A Microsoft infrastructure failure disrupted email delivery. 

Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.

Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.

When did the Microsoft outage happen? 

The disruption unfolded over several hours on Thursday afternoon (ET). 

Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows: 

Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.

2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.

3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.

4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.

Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced. 

Was this a hack or cyberattack? 

No. Microsoft says the outage was caused by technical infrastructure issues. 

According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours. 

A message sent by Microsoft about the server issue.

Why outages  cause widespread disruption 

Modern work depends on shared cloud infrastructure. 

That sudden loss of access often leaves users unsure whether: 

• Their account has been compromised 
• Their data is at risk 
• They need to take immediate action 

That uncertainty is exactly what scammers look for. 

How scammers exploit big tech outages

They impersonate the company and trick users into signing in again. 

After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours. 

These scams typically work by: 

Impersonating Microsoft using logos, branding, and language copied from real outage notices 

Sending fake “service restoration” emails or texts claiming users must re-authenticate 

Linking to realistic login pages designed to steal Microsoft usernames and passwords 

Posing as IT support or Microsoft support and directing users to fake phone numbers 

Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address. 

How to stay safe during a Microsoft outage 

Outages are confusing. Scammers rely on urgency and familiarity. 

To reduce risk: 

• Do not click links in emails or texts about outages or “account recovery.” 
• Go directly to official sources, such as Microsoft’s status page or verified social accounts. 
• Never re-enter your password through links sent during an outage. 
• Ignore urgent fixes that ask for downloads, payments, or credentials. 

If you already clicked or entered information: 

• Change your Microsoft password immediately 
• Update passwords anywhere you reused it 
• Turn on or refresh two-factor authentication 
• Review recent account activity 
• Run a trusted security scan to remove malicious software (check out our free trial) 

How McAfee can help 

Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens. 

McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access. 

FAQ 

The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.

If you recently received an unexpected email from Instagram asking you to reset your password, you are not alone. Over the past several days, thousands of users reported receiving legitimate password reset emails they did not request. 

The sudden wave of messages led to widespread confusion and concern about whether Instagram had suffered a data breach. Instagram and its parent company Meta deny that a breach occurred, stating instead that they fixed an issue that allowed an external party to trigger password reset emails for some users. 

While the exact source of the activity remains disputed, the situation highlights a broader and more important issue. Password reset emails, even when legitimate, are often the first signal users get that their information may be exposed, reused, or being targeted by attackers. 

Here is what we know so far and what this incident reveals about how password compromises really happen. 

Was Instagram Hacked? 

Instagram says no. 

In statements reported by the BBC and BleepingComputer, Meta said it resolved a problem that allowed an external party to request password reset emails on behalf of users. The company maintains there was no breach of its systems and that accounts remain secure. 

At the same time, cybersecurity researchers and firms, including Malwarebytes, have warned about a dataset circulating on hacking forums that allegedly contains information linked to more than 17 million Instagram accounts. According to reporting, that data may include usernames, email addresses, phone numbers, locations, and account IDs, but not passwords. 

Some researchers believe the dataset may be a compilation of older scraped data rather than evidence of a new breach. Others say the timing of the password reset emails and the appearance of the data raises unresolved questions. 

What matters for users is this: regardless of whether this was a new breach, old scraped data, or a technical abuse of password reset systems, attackers routinely use exposed personal information to launch phishing, account takeover attempts, and social engineering attacks. 

What Counts as a Data Breach and What Does Not 

A true data breach occurs when attackers gain unauthorized access to internal systems and steal protected data such as passwords, financial information, or private communications. 

In many cases, personal data is also exposed through: 

• API scraping of publicly accessible information 
• Older leaks that are resold or repackaged 
• Credential stuffing using passwords stolen from unrelated sites 
• Abuse of account recovery or password reset features 

That distinction matters because even when passwords are not leaked, exposed personal data can still be weaponized. Names, emails, phone numbers, and locations are often enough for scammers to craft convincing phishing messages that appear legitimate. 

Why You Might Receive a Password Reset Email You Did Not Request 

There are several common reasons this happens, and none of them require your Instagram password to be stolen. 

• Someone may be testing whether your email address is linked to an account. 
• Attackers may be attempting credential stuffing using passwords from past breaches. 
• Your information may appear in older datasets that are being reused or resold. 
• A platform bug or abuse of recovery systems may trigger reset emails at scale. 

Scammers often use these moments to send fake follow-up emails that look nearly identical to legitimate ones. That is why security experts consistently recommend going directly to the app or official website rather than clicking links in unexpected messages. 

What to Do If You Received an Instagram Password Reset Email 

If you did not request the reset:  

1. Do not click links in the email. 
2. Open the Instagram app or visit the official site directly to review security settings.  
3. Check recent login activity and remove any unfamiliar sessions. 
4. Enable two-factor authentication (2FA) if it is not already turned on. 

If you decide to change your password, make sure the new one is unique and not used anywhere else. 

Click “Review Settings” to enable 2FA in your Account Center

How to enable multi-factor authentication for Instagram 

1. Click More in the bottom left, then click Settings. 
2. Click See more in Accounts Center, then click Password and Security. 
3. Click Two-factor (2FA) authentication, then select an account. 
4. Choose the security method you want to add and follow the on-screen instructions. 

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp. 

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145 

How to Manage Passwords the Right Way 

Remembering dozens of unique, strong passwords is not realistic for most people. That is why password managers exist. 

A password manager can: 

• Generate strong, unique passwords for every account 
• Store them securely so you do not need to remember them 
• Alert you if your credentials appear in known breaches 
• Reduce the risk of account takeover from reused passwords 

Using a password manager removes the pressure to reuse passwords and helps close one of the most common doors attackers walk through.  

McAfee’s password manager helps you secure your accounts by generating complex passwords, storing them and auto-filling your info for faster logins across devices. It’s secure and, best of all, you only have to remember a single password. 

FAQ: Instagram Password Reset Emails and Account Safety 

The post Didn’t Request an Instagram Password Reset? Here’s What to Do appeared first on McAfee Blog.

You thought you were scanning a menu. 

Or paying for parking. Or checking a package notice taped to your door. A quick scan, a familiar logo, a page that loads instantly on your phone. 

Nothing about it felt risky. 

That’s exactly why QR code scams are spreading so quickly. 

QR codes have become part of everyday life. They’re on restaurant tables, public signs, emails, mailers, and payment screens. We’re taught to treat them as shortcuts—faster than typing a URL, easier than downloading an app, safer than clicking a link. 

Scammers know that. 

Instead of asking you to click something suspicious, they ask you to scan something ordinary. Once you do, you can be routed to fake login pages, payment requests, or malicious sites designed to steal your information before you realize anything is wrong. 

This tactic has a name: quishing.

And as QR codes continue to replace links in the real world, understanding how quishing works is essential to staying safe online. 

What Is Quishing? 

Quishing is a form of phishing that uses QR codes instead of clickable links to trick people into visiting malicious websites or giving up sensitive information. 

The term combines QR and phishing, and it reflects a simple but dangerous shift in scam tactics: instead of asking you to click, scammers ask you to scan. 

Once scanned, a fake QR code can lead to: 

• Credential-harvesting login pages 
• Payment requests or fake invoices 
• Malware downloads 
• Fake customer support portals 
• Subscription traps 

Because QR codes don’t show a visible URL before you scan, they remove one of the most important scam warning signs people rely on. 

Common QR Code Scams to Watch Out For

While quishing attacks vary, most fall into a few predictable patterns.

1. Fake parking and payment QR codes

Scammers place stickers over legitimate parking meter QR codes. When scanned, victims are taken to fake payment pages that steal card details.

Red flag: A QR code that asks for full payment details without redirecting to a known parking or city service.

2. Restaurant menu swaps

Fraudsters replace real menu QR codes with fake ones that redirect to phishing pages or malicious downloads.

Red flag: A menu page that asks you to “sign in,” download an app, or confirm personal details.

3. Delivery and package alerts

Flyers or door tags claim you missed a delivery and instruct you to scan a QR code to reschedule.

Red flag: Vague delivery details and pressure to act quickly.

4. Fake account security warnings

QR codes claim your bank, streaming service, or email account needs verification.

Red flag: Any QR code that demands immediate action for “security reasons.”

5. Subscription traps and fake offers

Some QR codes promise discounts, refunds, or rewards but quietly enroll users in recurring charges.

Red flag: Fine print that’s hard to find, or missing entirely.

What Makes Quishing Especially Dangerous

QR scams succeed not because people are careless, but because they exploit trust and routine.

Unlike traditional phishing emails, quishing:

• Happens offline and online at the same time
• Often appears in trusted physical locations
• Feels faster and more “legit”
• Bypasses visual link inspection

Once a victim lands on a fake site, the damage can escalate quickly, from stolen credentials to drained accounts to identity theft.

How to Spot a Fake QR Code Before You Scan

You don’t need to avoid QR codes entirely, but you do need to slow down.

Check the physical context

Is the QR code taped on, scratched, or layered over another code? That’s a common tactic.

Look for branding inconsistencies

Misspellings, generic logos, or mismatched colors are red flags.

Preview the link

Most phone cameras now show the URL before opening it. Take a second to read it.

Be skeptical of urgency

Any QR code that pressures you to act immediately deserves extra scrutiny.

How to Protect Yourself From QR Scams

Step 1: Treat QR codes like links

A QR code is a shortcut to a website. Apply the same caution you would to any link.

Step 2: Avoid entering sensitive information

Legitimate services rarely ask for passwords, payment info, or personal details via QR codes.

Step 3: Use mobile security tools

Security software can help detect malicious sites and block risky downloads before damage is done.

Step 4: When in doubt, go direct

Instead of scanning, manually visit the official website or app you trust.

What to Do If You Scanned a Suspicious QR Code

If you think you interacted with a malicious QR code:

• Stop engaging with the site immediately
• Do not enter additional information
• Monitor your financial accounts for unusual activity
• Change passwords if credentials were entered
• Run a security scan on your device, check out our free trial
• Report the incident to the business or location involved

Early action can limit long-term fallout.

Frequently Asked Questions

What is quishing in simple terms?
Quishing is phishing that uses QR codes to trick people into visiting fake or malicious websites.

Are QR codes inherently unsafe?
No, but they can be exploited. The risk comes from where they lead, not the code itself.

Can scanning a QR code install malware?
In some cases, yes, especially if it prompts a download or redirects to a malicious site.

Are QR scams increasing?
Yes. As QR codes become more common, scammers are increasingly using them to bypass traditional defenses.

The post What Is Quishing? How QR Code Scams Work and How to Avoid Them appeared first on McAfee Blog.

This week in scams, social engineering sits at the center of several major headlines, from investment platform breaches to social media account takeovers and new warnings about AI-driven fraud.  

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it:  

Betterment Warns Customers of Breach 

The big picture:
Attackers accessed third-party systems used by Betterment, then used the information they stole to impersonate the company, contact customers, and promise scam crypto investment opportunities with too-good-to-be-true returns. 

What happened: 

• Attackers used social engineering to compromise third-party tools Betterment uses for marketing and operations, as reported by TechCrunch.  
• With access to internal systems, they sent messages to customers that appeared legitimate. 
• The messages promised to triple crypto holdings if recipients sent $10,000 to a wallet controlled by the attackers, a classic “send money to get more back” lure, later detailed by The Verge. 
• Betterment says no account logins or passwords were compromised, but personal data like names, contact details, and dates of birth were exposed, enough to make the messages feel real. 

Red flags to watch for: 

• Promises of guaranteed or multiplied crypto returns 
• Requests to send money first to “unlock” a benefit 
• Messages tied to a breach but asking for immediate action outside the app 

How the breach happened: 

Social engineering is a type of scam that targets people rather than software or security systems. Instead of hacking code, scammers focus on tricking someone into giving them access.  

Attackers research how a company operates, which tools it uses, and who is likely to have permissions. They then impersonate a trusted source, such as a vendor, coworker, or automated system, and send a realistic message asking for a routine action.  

That action might be approving a login, resetting credentials, sharing a file, or clicking a link. Once the person complies, the scammer gains legitimate access and can move through systems using real permissions. Social engineering works because it exploits trust, familiarity, and urgency, making normal workplace behavior the pathway to a breach. 

Social Engineering Scams Fueled by AI On the Rise 

Big picture:
Fraud is increasingly driven by impersonation, automation, and trust abuse rather than technical hacking, according to new industry forecasts. 

What happened:
A new Future of Fraud Forecast from Experian warns that fraudsters are rapidly weaponizing AI and identity manipulation. The report highlights agentic AI systems committing fraud autonomously, deepfake job candidates passing live interviews, cloned websites overwhelming takedown efforts, and emotionally intelligent bots running scams at scale. 

The scope of the problem is already visible. Federal Trade Commission data shows consumers lost more than $12.5 billion to fraud in 2024, while nearly 60% of companies reported rising fraud losses between 2024 and 2025. Experian’s forecast suggests these losses will accelerate as fraud becomes harder to attribute, trace, and interrupt. 

Red flags to watch: 

• Requests or actions initiated without clear human ownership 
• Identity verification steps that feel automated or unusually frictionless 
• Transactions triggered by AI systems with unclear accountability 

Phishing Scam Locks Users Out of X Accounts 

Big picture: Officials are warning of increasing phishing attacks that steal X users’ accounts and then use their profile to sell crypto. 

What happened: The Better Business Bureau issued a warning about phishing messages targeting users on X, particularly accounts with large followings. Victims receive direct messages that appear to come from colleagues or professional contacts, often asking them to click a link to support a contest, event, or opportunity. 

Once the link is clicked, victims are locked out of their accounts. The compromised accounts are then used to promote cryptocurrency and other products, while automatically sending the same phishing message to additional contacts. 

Red flags to watch: 

• Unsolicited direct messages containing links 
• Requests framed as favors, votes, or professional support 
• Sudden loss of account access after clicking a link 

How this happened and what to learn:
The scam relies on account impersonation and lateral spread. Instead of reaching strangers, attackers move through existing trust networks, using one compromised account to reach the next.  

The takeaway is that familiarity does not equal legitimacy. Even messages from known contacts should be treated with caution when links or logins are involved. 

McAfee’s Safety Tips for This Week 

• Learn more about spotting phishing emails. Don’t accidentally expose yourself, your friends, family, or workplace to scammers. Our ultimate phishing guide has real world examples and more practical tips. 

• Verify inside official apps or sites. If you get a security email, don’t click any links. Instead, open the official app or type the website address yourself for more information. 

• Watch your exposed data. With tools like Google’s Dark Web Monitoring going away, ongoing identity monitoring matters more than ever. 

• Stay alert to trending scams. Weight-loss drug fraud like Ozempic offers is already surging in the new year, and awareness is your first defense. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Fake Brand Messages and Account Takeovers appeared first on McAfee Blog.

If a message popped up in your feed tomorrow promising a cash refund, a surprise giveaway, or a limited-time crypto opportunity, would you pause long enough to question it? 

That split second matters more than ever.

Most modern scams don’t rely on panic or obvious red flags. They rely on familiarity. On things that feel normal. On moments that seem too small to question. 

And those moments are exactly what scammers exploit. 

Why Today’s Scams Are So Easy to Fall For 

There was a time when spotting a scam was relatively straightforward. The emails were badly written. The websites looked rushed. The warnings were obvious. 

Scammers don’t just rely on obvious spam or panic-driven messages. Instead, many now use: 

• Friendly, natural language 
• Faces of celebrities and figures you trust 
• Messages that arrive through trusted apps 
• Conversations that unfold gradually 
• Requests that feel routine instead of suspicious 

McAfee’s Celebrity Deepfake Deception research shows how common and convincing these scams have become: 72% of Americans say they’ve seen a fake or AI-generated celebrity endorsement, and 39% say they’ve clicked on one that turned out to be fraudulent. When scam content shows up in the same feeds, apps, and formats people use every day, it feels normal. 

That’s the danger zone. It’s also why McAfee chose to use a familiar, culturally recognizable moment to talk about a much bigger issue.

Why McAfee Partnered with Pat McAfee 

Whether you’ve been saying mack-uh-fee or mick-affy, the long-running name mix-up is harmless in everyday conversation. 

Online, though, small moments of confusion can have outsized consequences. 

Scammers rely on quick assumptions: that a familiar name means legitimacy, that a recognizable face means trust, that a message arriving in the right place must be real. They move fast, hoping people act before stopping to verify 

Pat McAfee knows firsthand how scammers exploit familiarity and trust. 

In recent months, fake social media giveaways promising cash and prizes have circulated using Pat’s likeness, and even a fraudulent “American Heart Association fundraiser” made the rounds, falsely claiming he was collecting donations. 

Pat wants his fans to know: if you ever see a giveaway, fundraiser, or message claiming to be from him, double-check it on his official channels first. If it feels off, it probably is. 

Unfortunately, these scams work because people trust Pat. Scammers exploit that trust to lower people’s guard and make fraudulent requests feel legitimate. 

It’s the same tactic used across countless impersonation scams today: borrow the authority of a familiar face, add a sense of urgency, and move fast before anyone stops to verify, “is this legit?” We’ve seen it happen with Taylor Swift, Tom Hanks, Al Roker, Brad Pitt, and numerous others. 

Remember, no legitimate giveaway will ask for payment, banking details, login credentials, or account access. And no nonprofit fundraiser tied to a celebrity should ever come from a personal message or unfamiliar social account. 

Watch: Pat McAfee Explains How McAfee Is More Than an Antivirus 

In the video below, Pat McAfee playfully demonstrates how easily familiar moments online can turn into risk, and why digital safety today can’t rely on perfect judgment alone. 

How to Protect Yourself Right Now 

You don’t have to stop using your favorite platforms. But you do have to change how you verify online threats. 

Before You Trust Any Urgent Message or Offer: 

• Be skeptical of sudden financial opportunities 
• Assume giveaways that require payment or credentials are scams 
• Never connect accounts, wallets, or payment methods from social links 
• Verify claims on official websites, not just inside apps 
• Be cautious of messages that replace clear context with urgency 

If a video or message feels real but the request feels extreme, that’s a red flag. 

McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app 

• Scam Detector to help flag suspicious messages and links 
• Safe Browsing tools to help block risky websites 
• VPN to keep your connection private on public Wi-Fi 
• Identity Monitoring and Alerts to notify you if your personal information appears where it shouldn’t 
• Personal Data Cleanup to help remove your information from high-risk data broker sites 
• Device and Account Security to help protect the things you use most 

Final Takeaway 

If a scam looks obvious, most people won’t fall for it. 

But modern scams don’t look obvious. They look familiar. They use your favorite faces. They look normal. They look safe. And that’s where people get hurt. 

Staying safe now means slowing down, verifying independently, and having protection work quietly in the background while you stay focused on what you actually came online to do. 

McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous sites, and identifies deepfakes, stopping harm before it happens. 

And because today’s risks aren’t just about what you click, a VPN and Personal Data Cleanup add additional layers of defense by helping protect your connection and limit how much personal information is available to be exploited in the first place. 

Ready to get Pat’s Picks? Learn more here. 

FAQs 

For clarity, and because these questions come up often, here’s the straightforward explanation: 

The post McAfee and Pat McAfee Turn a Name Mix-Up Into a Push for Online Safety appeared first on McAfee Blog.

McAfee’s Scam Detector has been named a Winner of the 2026 BIG Innovation Awards, presented by the Business Intelligence Group, marking the third major industry award the product has earned since launching just months ago. 

The recognition underscores a growing consensus across independent judges: as scams become more sophisticated and AI-driven, consumers need protection that works automatically, explains risks clearly, and helps stop harm before it happens. 

What Is the BIG Innovation Award? 

The BIG Innovation Awards recognize products and organizations that deliver measurable innovation with real-world impact. The program focuses not only on technical advancement, but on how solutions improve everyday life for individuals and households. 

For consumer cybersecurity products like Scam Detector, that means being evaluated on: 

• Real-world relevance 
• Ease of use for non-experts 
• Societal impact 
• Demonstrated adoption and need 

The award highlights Scam Detector’s role in helping people stay safer online as scams grow more sophisticated, more personal, and increasingly powered by AI.  

Why Scam Detector Stands Out 

According to feedback from the BIG Innovation Awards judging panel, Scam Detector was recognized for: 

Strong real-world relevance: Scams are now an everyday risk, not a niche technical issue 

Clear consumer value: Protection that runs automatically in the background without requiring expert knowledge

AI used responsibly: Applying advanced models to reduce harm, not increase it

Early impact: Rapid adoption, with more than one million users in its first months 

Judges also noted the importance of Scam Detector’s educational alerts, which don’t just block threats, but explain why something is risky, helping people build confidence over time. 

Using AI to Fight AI-Driven Scams 

Scam Detector is McAfee’s AI-powered protection designed to detect scams across text, email, and video, block dangerous links, and identify deepfakes, before harm occurs. 

As scammers increasingly use generative AI to impersonate people, brands, and institutions, protection needs to operate at the same speed and scale. Scam Detector is built to do exactly that, quietly working in the background while users go about their day. 

Scam Detector is included with all core McAfee plans and is available across mobile, PC, and web. 

In Good Company: Consumer Innovation Across Industries 

McAfee was recognized alongside other consumer-facing innovators whose products directly serve individuals and households. Fellow 2026 BIG Innovation Award winners include: 

Capital One Auto – Chat Concierge: A consumer-facing service designed to help car buyers and owners navigate financing and ownership decisions. 

Starkey – Omega AI Hearing Aid: A wearable hearing aid that integrates AI assistance, health monitoring, and real-time translation. 

Phonak – Virto R Infinio: Custom-fit hearing aids designed to deliver personalized hearing solutions for individual users. 

EZVIZ – 9c Dual 4G Series Camera: A smart home security camera built for personal and household use. 

Sinomax USA: Consumer mattresses and comfort products focused on everyday home use. 

beyoutica 1905: A wellness product designed for health- and lifestyle-focused consumers. 

Wheels – Pool CheckOut: A consumer-oriented solution designed to simplify vehicle service and checkout experiences. 

Together, these winners reflect how innovation increasingly shows up in tools people rely on at home, in their cars, and on their phones. 

Scam Detector Awards and Industry Recognition 

Since launch, McAfee’s Scam Detector has earned recognition across multiple independent award programs, each highlighting a different dimension of its impact: 

2026 BIG Innovation Awards

Winner and Top 10 Innovator – Large Business, recognizing real-world consumer impact and responsible AI use. 

2025 A.I. Awards

2025 Tech Ascension Awards 

The post McAfee’s Scam Detector Earns Third Major Award Within Months of Launch appeared first on McAfee Blog.

Google has officially discontinued its Dark Web Report, the tool that alerted users when their personal information appeared in dark web breach databases. New scans stop on January 15, 2026, and on February 16, 2026, Google will permanently delete all data associated with the feature. 

This does not mean Google.com or Google Accounts are going away. It means Google is no longer scanning the dark web for leaked data tied to your account, and it is no longer storing or updating any breach information that was collected for the report. 

For people who relied on Google’s alerts, this change creates a real gap. After January 16, you will no longer get new notifications if your information shows up in breach databases. That is why it is worth taking a few minutes now to lock down the basics. 

According to reporting from TechCrunch, Google said it ended the service after concluding that it did not give users enough clarity about what to do once their data was found. 

That decision highlights a much larger shift in online security: Finding leaked data is no longer enough. Protecting identity is now the real challenge. 

What did Google’s Dark Web Report do? 

The Dark Web Report was a Google Account feature that searched known data breach dumps and dark web marketplaces for personal information tied to a user, such as email addresses, phone numbers, and other identifiers. 

If Google found a match, it sent an alert. 

What it did not do was show which accounts were at risk, whether financial or government ID data was involved, or how to prevent fraud from happening next. That gap is why some users said the tool fell short. 

What is the dark web, and why does  stolen data end up there? 

The internet has three layers: 

1. The surface web is what search engines index. 
2. The deep web includes anything behind a login, like email, banking, and medical portals. 
3. The dark web is a hidden part of the deep web that is not indexed by search engines and is accessed through specialized networks or browsers like Tor. 

The dark web is where data from breaches is commonly sold, traded, and packaged for scams. When a company is hacked, stolen files often end up in dark web databases that include email addresses, passwords, Social Security numbers, bank details, and full identity profiles. 

Scammers use this data to commit account takeovers, financial fraud, tax fraud, and identity theft.  

Even without passwords, this personal information can be enough for scammers to target you with convincing phishing and social engineering scams.  

How to check if your personal information is on the dark web: 

Looking up an email address is no longer enough. Modern identity theft relies on things like Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance data, usernames, and phone numbers. 

To understand whether any of that is exposed, people need to monitor the dark web for identity-level data, not just logins. 

Here is what that looks like in practice: 

• Scan breach databases for government ID numbers and financial data 
• Look for full identity profiles being sold or traded 
• Match leaked records back to real people 

Tools like McAfee’s Identity Monitoring are designed to look for those types of data so you can act before fraud happens. 

Have 30 minutes right now? Do this: 

Been meaning to bolster your security? Here are three quick ways you can enhance your identity protection and reduce real-world damage in a breach: 

Freeze your credit

Estimated time: 10 minutes 

This is a powerful free protection option that many forget about. A credit freeze blocks anyone from opening new loans, credit cards, or accounts in your name, even if they have your Social Security number and full identity profile. 

You can do this for free with any of the major credit bureaus. If you do it with one, the others are notified. 

Why this matters: Most identity theft today is not account hacking. It is criminals opening accounts in your name. A credit freeze stops that cold. 

Set up fraud and login alerts on your financial accounts 

Estimated time: 10 minutes 

Go into your main bank and credit card apps and turn on: 

• Login alerts
• Transaction alerts
• Password or profile change alerts
• These are not the same as marketing notifications. They tell you when someone is trying to access or move money. 

You’ll find these somewhere under Settings>Alerts.

Why this matters: Identity thieves often test stolen data with small charges or login attempts before stealing larger amounts. These alerts are how you catch it early.

Lock down account recovery paths

Estimated time: 10 minutes 

This is one of the most overlooked vulnerabilities. 

Go into: 

• Your email account 
• Your Apple ID or Google account 

Check and update: 

• Recovery email 
• Recovery phone number 
• Backup codes 
• Trusted devices 

Remove anything you do not recognize. 

Why this matters: Even if you change your password, attackers can still take over accounts through recovery systems if those are compromised. This closes that back door. 

FAQ: 

The post Google Ends Dark Web Report. What That Means and How to Stay Safe appeared first on McAfee Blog.

“I thought I was getting a trusted weight-loss medication, but instead, I ended up sick and scammed. I never imagined something like this could happen to me.” 

Fiona, like many others, turned to Ozempic as a way to lose weight. With high demand making it difficult to find and prices soaring, she turned to an online pharmacy she found on social media. After placing an order, she received the medication and began taking it, only to experience severe side effects, including migraines, dizziness, and nausea.

“When my symptoms got worse, I knew something was wrong,” she told McAfee. Concerned, she sought professional advice. “A doctor friend showed me what real Ozempic packaging looks like—and it was nothing like what I had received.” 

“I was putting something in my body that I thought was safe. Instead, I was taking an unknown substance that made me seriously ill,” she told McAfee. “That’s terrifying.” 

When she reached out to the pharmacy for a refund, they cut off all communication. Nearly a year later, Fiona still avoids online shopping altogether and hopes her experience will warn others to research online pharmacies carefully before making a purchase. 

“As soon as I questioned the pharmacy about the product, they vanished. No refund, no explanation. Just silence. That’s when I knew I had been completely scammed.” 

Unfortunately, Fiona’s story is one of many as surging interest in GLP-1 medications spurs scammers into action. 

If you’ve searched for GLP-1 medications online, you’ve probably noticed how crowded and confusing it’s become. Between ads, telehealth offers, and social media posts promising easy access, it can be hard to tell what’s real. 

That confusion isn’t accidental. McAfee’s researchers previously reported a wave of fake pharmacy sites and scam messages designed to catch people in exactly that moment of uncertainty.  

What are GLP-1 medications? 

GLP-1 (glucagon-like peptide-1) medications are prescription drugs that help regulate blood sugar and appetite. Doctors have used them to treat Type 2 diabetes for nearly two decades, and some have also been approved to support weight management. 

Because these medications affect insulin levels and digestion, they require medical supervision and a valid prescription. There is currently no legitimate over-the-counter version that works the same way. 

Why GLP-1 scams are exploding 

GLP-1 drugs have moved from a specialized medical treatment to a mainstream topic almost overnight, with a recent poll finding that 1 in 8 U.S. adults say they are currently taking a GLP-1 for weight loss.  

Whenever high demand, high prices, and limited supply collide online, scammers move in 

McAfee’s threat researchers have previously found that phishing attempts and fake websites tied to GLP-1 drugs increased by more than 180% during periods when interest in these medications surged. Hundreds of risky domains and hundreds of thousands of scam messages have been linked to searches for weight-loss drugs. 

At the same time, consumer watchdogs such as the Better Business Bureau (BBB) report a spike in complaints from people who clicked on fake ads, visited fraudulent pharmacies, or received scam texts promising instant access to GLP-1 prescriptions. 

Common GLP-1 scams to watch out for

1. AI-generated celebrity and doctor endorsements

Scammers are using artificial intelligence to create realistic-looking videos and images of public figures and medical professionals promoting weight-loss products. One recent incident saw a fake, AI Oprah selling scam weight loss drugs  

These ads often appear in social media feeds and look legitimate, but the endorsements are fabricated.  

The goal is to build trust quickly with a familiar face and then push people toward a purchase page. From there, you’re left with a fake product, or no product at all, and your information exposed. 

Red flag: Any ad claiming a celebrity or doctor is selling GLP-1 drugs through a link or social media page. 

2. Fake prescription texts and emails

Some scams arrive as urgent messages saying you are “approved” or “eligible” for GLP-1 treatment. These messages typically include a link to a fake medical website that collects personal, insurance, or payment information. 

Red flag: Real prescriptions are not issued through unsolicited texts, emails, or DMs. 

3. Fake online pharmacies

Fraudulent websites advertise GLP-1 medications at discounted prices. After payment, victims may receive nothing, diluted products, or face repeated unauthorized charges. 

Consumer reports describe sites that look professional but provide only chat-box support and ignore cancellation requests. 

Red flag: Pharmacies that don’t require a prescription or don’t list a physical U.S. address and phone number. 

4. Subscription traps

Some scam offers quietly enroll buyers in recurring billing. Be wary of a “company” trying to offer a minimal “membership” or free “trial” with plans locking you into larger, more expensive future subscription plan without your clear consent. 

Red flag: Vague billing terms or hidden subscription language.

5. Missing or fake shipments

Some scam sites provide tracking numbers that never update, claim packages were lost, or ask for more shipping fees … while continuing to charge customers. 

Red flag: No real customer service and no way to cancel or dispute orders. 

What makes these scams especially dangerous 

Unlike many online scams, GLP-1 fraud carries real health risks. 

Some victims report receiving substances that do not match what was advertised, including mislabeled or unverified injectables. 

Because GLP-1 medications affect blood sugar and metabolism, taking the wrong substance or dosage can be dangerous. 

In addition to the medical risks, illegitimate storefronts pose a real threat to your private information. During your purchase, you may be tricked into sharing our address, contact info, payment details, and insurance information.  

How to safely pursue GLP-1 treatment 

If you’re considering GLP-1 medications for health or weight management, these steps can help reduce risk: 

Step 1: Start with a licensed healthcare provider 

Only a doctor or licensed medical professional can determine if GLP-1 treatment is appropriate for you. 

Step 2: Use verified pharmacies 

If you use telehealth or online pharmacies, confirm they are properly licensed and require a prescription. 

Step 3: Research before you pay 

Look up unfamiliar pharmacies through trusted consumer-protection resources before entering payment or insurance information. If you’re in doubt, it’s better not to share any personal info. 

Step 4: Be skeptical of miracle claims 

There is no over-the-counter or legal “natural GLP-1,” patch, salt trick, or supplement that produces the same effect as prescription medication. 

What to do if you think you were targeted: 

If you clicked a link, entered information, or made a purchase: 

1. Stop communicating with the seller 
2. Monitor your bank and credit accounts for unusual activity 
3. If you notice suspicious charges, contact your bank directly
4. Change any passwords you shared 
5. Run a security scan on your device (here’s our free trial) 
6. Report the incident to consumer-protection agencies 

Reporting helps stop the same scams from spreading to others. This is where you can get more information from the FDA and report scams.

How to Spot a Fake GLP-1 Weight-Loss Drug If You’ve Already Bought One 

If you’ve already ordered a GLP-1 weight-loss drug and something feels off, trust that instinct. Counterfeit GLP-1 products are increasingly convincing at first glance, but many show clear warning signs once you look closely. 

Here’s what to check: 

Packaging and Label Red Flags 

Poor print quality or spelling errors
Examine the carton, label, and insert carefully. Misspelled words, inconsistent fonts, blurry printing, or incorrect manufacturer details are common signs of counterfeit medication. 

Packaging that looks tampered with or unfamiliar
Authentic GLP-1 medications come in sealed, tamper-resistant packaging. If the box appears opened, resealed, relabeled, or noticeably different from what you’ve received from a legitimate pharmacy before, stop using it and contact a pharmacist. 

Incorrect or missing language
Medications sold legally in the U.S. should include labeling and instructions in English. Missing inserts or foreign-language packaging can be a red flag. 

Unusual product form
Be especially cautious of GLP-1 products sold as powders in vials that require mixing. These formulations are not authorized and have been linked to serious health risks. 

Check Lot and Serial Numbers 

Most legitimate GLP-1 medications include lot numbers or serial information that can be verified. 

If your product includes these details, compare them against information published by the manufacturer or alerts from regulators. If the numbers don’t match, or are missing entirely, that’s a warning sign. 

What to Do If You’re Unsure 

If anything about your medication doesn’t match what you expect: 

• Stop using the product 

• Contact a licensed pharmacist or healthcare provider 

• Avoid purchasing refills from the same source 

When it comes to injectable medications, uncertainty isn’t something to push through. If you can’t confidently verify what you have, it’s safer to assume it may not be real. 

Final Thoughts 

Wanting to get healthier in the new year is a good thing. Falling for fake prescriptions, AI-generated endorsements, or fraudulent pharmacies is not. 

McAfee is here to help keep your devices, identity, and finances safe while you focus on your goals in 2026. 

Frequently Asked Questions 

For clarity, and because these questions come up often, here’s the straightforward explanation: 

The post How to Spot a Fake GLP-1 Weight-Loss Drug Before You Buy appeared first on McAfee Blog.

McAfee has once again earned the highest possible AAA rating from SE Labs, marking the 29th consecutive time our consumer protection has received this top-tier recognition. 

In SE Labs’ latest Q4 Home Anti-Malware Test, McAfee Total Protection achieved 100% protection with zero false positives, reinforcing a streak that has remained unbroken since December 2018. 

What the SE Labs AAA Rating Measures 

SE Labs is an independent, UK-based security testing organization known for evaluating products against real-world threats, not just controlled lab samples. Its test results are therefore referenced and trusted by numerous journalists and product reviewers alike.  

Their Home Anti-Malware tests simulate the types of attacks people actually face, including: 

• Email-based threats 
• Malicious websites 
• Targeted attacks designed to appear relevant or trustworthy 
• Common malware encountered during everyday online activity 

To earn an AAA rating, products must demonstrate: 

• Strong threat detection 
• Effective prevention before harm occurs 
• Minimal false positives that disrupt normal use 

Why This Recognition Matters for Consumers 

For people choosing security software, independent testing helps answer a simple question: Does this protection actually work when it matters? SE Labs’ results show that McAfee continues to block threats accurately, without over-flagging safe activity. 

Independent recognition like this reinforces McAfee’s ongoing commitment to consumer-first security that is tested, proven, and trusted over time. 

Learn more about McAfee’s core protection plans and how we can help keep you safe online. And find the full SE Labs report here. 

The post McAfee Earns 29th Consecutive AAA Rating From SE Labs appeared first on McAfee Blog.

This week in scams, the biggest threats showed up as routine security messages, viral consumer “warnings,” and AI-generated content that blended seamlessly into platforms people already trust. 

Every week, we bring you a roundup of the scams making headlines, not just to track what’s happening, but to explain how these schemes work, why they’re spreading now, and what you can do to stay ahead of them.  

Here are scams in the news this week, and safety tips from our experts at McAfee: 

Amazon One-Time Passcode Scam: How Fake Security Calls Hijack Real Accounts 

Scammers are increasingly impersonating Amazon customer support to take over accounts using real one-time passcodes (OTPs), not fake links or malware. 

Here’s how the scam works in practice. 

What is the Amazon one-time passcode scam? 

Victims receive an unsolicited phone call from someone claiming to work for Amazon. The caller says suspicious activity has been detected on the account and may reference expensive purchases, often items like smartphones, to make the threat feel credible. 

The call usually comes from a spoofed number and the scammer may already know your name or phone number, which helps lower suspicion. 

How scammers use real Amazon security codes 

While speaking to you, the scammer attempts to access your Amazon account themselves by entering your phone number or email address on the login page and selecting “forgot password” or triggering a login from a new device. 

That action causes Amazon’s real security system to send a legitimate one-time passcode to your phone or email. 

If you read that code aloud or share it, the scammer can immediately: 

• Complete the login process 
• Change your account password 
• Access saved payment methods 
• Place fraudulent orders or lock you out of the account 

The scam works precisely because the code is real—and because it arrives while the caller is convincing you it’s part of a routine security check. 

Key red flags to watch for 

• Unsolicited calls claiming to be from Amazon 
• Requests to share a one-time passcode 
• Pressure to act quickly “to secure your account” 

Important to remember: Amazon will never contact you first to ask for your password, verification codes, or security details. If you receive a one-time passcode you didn’t request, do not share it with anyone. 

AI Deepfake Scam on TikTok Uses Fake Princess to Steal Money 

A growing scam on TikTok shows how AI-generated deepfake videos are now being used not just for misinformation, but for direct financial fraud. 

This week, Spanish media and officials warned that scammers are circulating fake TikTok videos appearing to show Princess Leonor, the 20-year-old heir to Spain’s throne, offering financial assistance to users.  

According to The Guardian, the videos show an AI-generated version of Leonor promising payouts running into the thousands of dollars in exchange for a small upfront “fee.”  

Once victims send that initial payment, the scam doesn’t end. Fraudsters repeatedly demand additional fees before eventually disappearing. 

This case highlights how deepfakes are moving beyond novelty and into repeatable, high-reach fraud, where trust in familiar public figures is weaponized at scale. 

Viral Reddit “Whistleblower” Scam: When AI-Generated Posts Fool Millions 

A viral post on Reddit this week shows how AI-generated text can convincingly impersonate whistleblowers, and even mislead experienced journalists. 

The post claimed to come from an employee at a major food delivery company, alleging the firm was exploiting drivers and users through opaque AI systems. Written as a long, confessional screed, the author said he was drunk, using library Wi-Fi, and risking retaliation to expose the truth. 

The claims were believable in part because similar companies have faced real lawsuits in the past. The post rocketed to Reddit’s front page, collecting over 87,000 upvotes, and spread even further after being reposted on X, where it amassed tens of millions of impressions. 

As Platformer journalist Casey Newton later reported, the supposed whistleblower provided what appeared to be convincing evidence, including a photo of an employee badge and an 18-page internal document describing an AI-driven “desperation score” used to manage drivers. But during verification attempts, red flags emerged. The materials were ultimately traced back to an AI-generated hoax. 

Detection tools later confirmed that some of the images contained AI watermarks, but only after the post had already gone viral. 

Why AI-generated hoaxes like this are dangerous 

• They mimic real whistleblower behavior and language 
• They exploit existing public distrust of large platforms 
• They can mislead journalists, not just casual readers 
• Debunking often comes too late to stop spread 

This incident underscores a growing problem: AI-generated misinformation doesn’t need to steal money directly to cause harm. Sometimes, the damage is to trust itself — and by the time the truth surfaces, the narrative has already taken hold. 

McAfee’s Safety Tips for This Week 

As scams increasingly rely on a combination of realism and urgency, protecting yourself starts with slowing down and verifying before you act. 

If a message or video promises money or financial help: 

• Be skeptical of any offer that requires an upfront “fee,” no matter how small. 
• Remember that public figures, charities, and foundations do not distribute money through social media DMs or comment sections. 
• If an offer claims to come from a well-known individual or organization, verify it through official websites or trusted news sources. 

When content appears viral or emotionally convincing: 

• Pause before sharing or acting on posts framed as warnings, whistleblower revelations, or exposés. 
• Look for confirmation from multiple reputable outlets — not just screenshots or reposts. 
• Be cautious of long, detailed posts that feel personal or confessional but can’t be independently verified. 

When AI may be involved: 

• Assume that realistic images, videos, and documents can be generated quickly and at scale. 
• Don’t rely on appearance alone to determine authenticity, even high-quality content can be fake. 
• Treat unsolicited financial requests, account actions, or “inside information” as red flags, regardless of how credible they seem. 

If you think you’ve engaged with a scam: 

• Stop responding immediately. 
• Secure your accounts by changing passwords and enabling multi-factor authentication. 
• Monitor financial statements and account activity for unusual behavior. 

Final Takeaway 

The scams making headlines this week share a common theme: they don’t look like scams at first glance. Whether it’s an AI-generated video of a public figure or a viral post posing as a consumer warning, today’s fraud relies on familiarity, credibility, and trust. 

That’s why McAfee’s Scam Detector and Web Protection help detect scam messages, dangerous sites, and AI-generated deepfake videos, alerting you before you interact or click. 

We’ll be back next week with another roundup of the scams worth watching, the stories behind them, and the steps you can take to stay one step ahead. 

The post This Week in Scams: Explaining the Fake Amazon Code Surge appeared first on McAfee Blog.

Scams didn’t slow down in 2025—and all signs point to the problem getting worse in 2026.

While the final numbers aren’t in yet, reported losses are already on track to break records. Through just the first half of 2025, the Federal Trade Commission (FTC) cited nearly $6.5 billion in scam-related losses, putting the year on pace to surpass 2024’s total. And it’s not just isolated incidents: 73% of Americans say they’ve experienced at least one scam or online attack.

As scams become more convincing, often powered by AI and designed to blend into everyday digital life, basic “spot the red flag” advice isn’t enough anymore. Protecting yourself now means tightening up your digital hygiene: how you manage passwords, personal data, online accounts, and the everyday tools you rely on to stay safe.

3) Keep spammers and scammers at bay by removing personal info from the internet. 

Data brokers sell all kinds of info that power all kinds of spam and scams. It’s one way spammers and scammers get contact info like emails and phone numbers, and it’s yet another way they get detailed info to target their ads and their attacks. 

For example, beyond your full name, home address, phone numbers, email addresses, and date of birth, many also have info about your family members, employment, and past purchases. Data brokers might gather and sell other info like religious and political leanings, health conditions, and employment history. Simply put, this detailed profile makes it easier for spammers and scammers to target you. 

Where do they harvest this info? From public records, shopper loyalty programs, and even from app data—all kinds of sources. And that underscores the problem, some data brokers keep exhaustive amounts of data about people, all in one place.  

And they’ll sell it to anyone who pays for it. You can help reduce those scam texts and calls by removing your info from those sites. A service like our Personal Data Cleanup can do that work for you. It scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and helps you remove it. 

4) Protect privacy with a VPN (it’s not just for travel anymore). 

One of the first things that comes to mind about VPNs is travel, a great way you can stay secure while using public Wi-Fi in airports and cafes. It works at home as well, giving you an extra layer of security when you bank, shop, or do anything that involves sensitive info. Yet it offers another big benefit. It helps make you more private, because it’s not just hackers who want to snoop on you online. 

For example, some ISPs collect your browsing data. In the United States and many other countries, ISPs can legally monitor and record info about the websites you visit and the apps you use. They can use it for advertising and analytics purposes, and, in some cases, they may share it with third parties. 

When you use a VPN, it encrypts all the data leaving your device and routes it through a secure server. As a result, your ISP can only see that you are connected to a VPN server, and it can’t track which websites you visit or the data you send and receive. Without a doubt, going online with a VPN makes you safer and keeps you more private.  

5) As AI scams become the norm, get a scam detector working for you. 

We saw big spikes in several types of scams over the year, and naturally a spike in reported losses followed. One reason for the jump is that AI tools have made it even easier for scammers to create convincing texts, emails, and deepfake videos designed to rip people off.   

They’re getting tougher to spot too. In the earlier days of AI-created content, you could often spot the telltale signs of a fake. That’s not always the case anymore, and scams are looking more and more sophisticated as AI tools evolve. 

But you have tools of your own. Our Scam Detector protects you across text, email, and video by spotting scams and detecting deepfake videos (like the one of a deepfaked Taylor Swift promoting a bogus cookware offer). You also have our Web Protection which detects links to scam sites and other sketchy corners of the internet while you browse. Both will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link. 

6) And just in case, get the reassurance of identity theft protection. 

So, let’s say the unfortunate happens to you. You get scammed. Maybe it’s a few bucks, maybe it’s more. You’re faced with a couple issues. One, that money could be gone for good depending on how you paid the scammer. Two, also depending on the payment method, the scammer might have your financial info.   

This is where something like our ID Theft & Restoration Coverage comes in. It gives you up to $2 million in identity theft coverage and identity restoration support if it’s determined you’re a victim of identity theft.​ Further, it puts a licensed recovery pro on the case to restore your credit and your identity, which takes that time-consuming burden off your shoulders. 

The post New Year Reset: A Quick Guide to Improving Your Digital Hygiene in 2026 appeared first on McAfee Blog.

It looks harmless enough.

A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you to log in or create an account before revealing the event. 

That’s where the scam begins. 

Fake e-vite phishing scams are on the rise, and they take advantage of something simple: social trust. You’re far more likely to click an invitation than a generic “account alert” or “delivery notice.” 

And that’s exactly why scammers are using them. 

In fact, here’s a screenshot of a fake phishing email I recently got this holiday season:

When you click the “open invitation” link, it immediately asks you to sign in or create an account with your personal information. That’s the step where scammers steal your private data. 

What Is a Fake E-Vite Scam? 

A fake e-vite scam is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services. 

The goal is to trick you into: 

• Entering your email and password 
• Creating a fake account on a malicious site 
• Clicking links that lead to credential-stealing pages 
• Downloading malware disguised as an invitation 

Once scammers have your login information, they can: 

• Take over your email 
• Reset passwords on other accounts 
• Send scams to your contacts 
• Launch identity theft attempts 

How These Fake Invitation Scams Usually Work 

Here’s the most common flow: 

1. You receive a digital invitation that looks normal 
2. The message prompts you to “view the invitation” 
3. You’re redirected to a login or signup page 
4. You enter your email, password, or personal info 
5. The invitation never appears 
6. Your credentials have now been stolen 

Because this starts with something familiar and social, many people don’t realize it’s phishing until accounts are already compromised. Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.

How to Tell If a Paperless Post Invite Is Real 

Paperless Post has publicly acknowledged these scams and shared what legitimate messages actually look like. 

Legitimate Paperless Post Emails Will Never: 

• Include .EXE attachments 
• Include .PDF attachments 
• Include any attachments other than image files 

Official Paperless Post Email Domains: 

Legitimate invitations and account messages only come from: 

• paperless@email.paperlesspost.com 
• paperlesspost@paperlesspost.com 
• paperlesspost@accounts.paperlesspost.com 

Official support emails only come from: 

• help@paperlesspost.com 
• pds@paperlesspost.com 
• security@paperlesspost.com 
• privacy@paperlesspost.com 
• agent@paperlesspost.com 
• optout@paperlesspost.com 

If the sender does not match one of these exactly, it’s a scam. 

Paperless Post also notes that verified emails may display a blue checkmark in supported inboxes to confirm authenticity.  

The Biggest Red Flags of a Fake E-Vite 

If you see any of the following, do not click: 

• You’re forced to log in to “see” who invited you 
• The sender email doesn’t match the official domains above 
• The invitation creates urgency 
• You’re asked for payment to view the event 
• The message feels generic instead of personal 
• The site address looks slightly off 

Why These Scams Are So Effective Right Now 

Modern phishing attacks don’t rely on sloppy design anymore. Many now use: 

• Polished branding 
• Clean layouts 
• Familiar platforms 
• Friendly language 
• Social pressure 

Invitation phishing is especially powerful because: 

• It triggers curiosity 
• It feels harmless 
• It mimics real social behavior 
• It doesn’t start with fear or threats 
• By the time the scam turns risky, your guard is already down. 

What To Do If You Clicked a Fake E-Vite 

If you entered any information into a suspicious invitation page: 

1. Immediately change your email password 
2. Change any other account that reused that password 
3. Enable two-factor authentication 
4. Check for unknown login activity 
5. Warn contacts if your email may have been compromised 
6. Run a security scan on your device 

The faster you act, the more damage you can prevent. 

The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.

When it comes to online safety, independent testing matters. And in the latest AV-Comparatives Real-World Protection Test, McAfee earned the highest possible rating, ADVANCED+, with a 99.5% protection rate. It’s the kind of recognition that helps shoppers understand which tools truly hold up in real-life conditions, not just in controlled lab environments.

For anyone navigating today’s mix of emails, downloads, suspicious links, and AI-driven scams, independent results like these are a clear signal: strong protection still makes a real difference.

What Is the AV-Comparatives Real-World Protection Test?

The Real-World Protection Test is an independent evaluation run by AV-Comparatives, a trusted third-party security testing lab. The test measures how well antivirus and online protection tools block real threats that people encounter every day, including dangerous URLs, malicious downloads, phishing pages, and harmful files attempting to run on a device.

This type of testing is widely cited by major tech publications and review sites because it reflects actual user behavior rather than controlled lab simulations.

Why This Recognition Matters

According to AV-Comparatives, their Real-World Protection Test is designed to measure how security products perform in situations people face every day: clicking a link, opening a file, visiting a site for the first time.

It’s one of the most widely cited sources in tech journalism and consumer product reviews, and it often shapes how online shoppers evaluate cybersecurity tools.

Here’s why tests like these are used in tech reviews, buying guides, and search engine rankings:

• They compare multiple brands under the same conditions
• They use real-world threats, not theoretical malware
• They measure false positives, which impact everyday usability
• They influence third-party reviews and product roundups
• They help shoppers choose trustworthy protection without guesswork

McAfee has earned an ADVANCED+ rating in all tests since June 2022, demonstrating our consistency and reliability in the moments that matter most: when a threat appears disguised as something routine.

About the AV-Comparatives Real-World Protection Test

The latest evaluation included 19 consumer security products, each tested across the full attack chain, from the moment a malicious URL is accessed to the instant a dangerous file tries to execute.

Unlike benchmark tests that focus on one part of the process, this assessment mirrors real user behavior. AV-Comparatives notes that the methodology is meant to be “as realistic as possible,” and the results often reveal meaningful differences in both protection and false positives.

With this round of testing, McAfee maintains its cycle of highest ratings in every Real-World Protection Test, while several well-known competitors were downgraded due to high false-positive counts.

What This Means for Everyday Users

A high protection score matters most when you’re simply going about your day — shopping, banking, downloading a file, or clicking a link you think is safe. Independent recognition signals three core things:

1. Trustworthy Protection

Strong results indicate that advanced threats, misleading links, and malicious downloads are blocked before they can cause harm.

2. Fewer False Alarms

With only four false positives out of nearly 500 samples, McAfee flagged less than 1% of clean files incorrectly. For context: the industry average in this test was 10 false positives, and one competitor even misidentified 75, meaning it labeled nearly 16% of harmless activity as a threat.

The takeaway is simple: strong protection shouldn’t get in your way, and these results show it doesn’t.

3. Innovation That Keeps Pace With Scammers

Criminals now use AI to make fake emails, websites, and support messages look real. Testing that mirrors those real-world conditions helps consumers see which tools stay ahead of that curve.

A Note on McAfee Protection Tools

McAfee’s threat protection, the same technology validated in this test, is built into McAfee+ Premium, McAfee+ Advanced, McAfee+ Ultimate, McAfee Total Protection, and McAfee LiveSafe.

McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes—stopping harm before it happens.

The post McAfee Named ADVANCED+ in Real-World Protection — What That Means for You appeared first on McAfee Blog.

Scammers aren’t worried about ending up on the naughty list. If anything, they’re doubling down in 2025.  

This year, scammers are impersonating major brands with startling accuracy, from fake delivery updates to cloned checkout pages.

Our McAfee Labs researchers analyzed real scam texts, emails, and URLs from October through early November, along with consumer survey data, to identify the patterns shaping this season’s fraud.

Here’s what shoppers need to know, what’s trending upward, and how to spot the fakes before they reach your cart.

What Is a Holiday Brand-Impersonation Scam?

A brand-impersonation scam is when criminals copy a real brand, like a retailer, tech company, bank, or delivery service, to make fake emails, texts, ads, or websites that look legitimate.

Their goal is to trick shoppers into clicking, entering account details, or making a payment.

McAfee Labs’ brand impersonation analysis shows criminals focusing on the items people shop for most — tech gifts, luxury goods, and high-demand drops.

Fake versions of these brands typically include:

• Copied product photos
• Familiar layouts
• Holiday sale graphics
• Support pages designed to capture logins

Which Brands Are Being Faked the Most This Holiday Season?

Top 5 most impersonated luxury brands

1. Coach
2. Dior
3. Ralph Lauren
4. Rolex
5. Gucci

Top 5 most impersonated mainstream consumer brands

1. Apple
2. Nintendo
3. Samsung
4. Disney
5. Steam

Other Key Research Takeaways US:

• Email scams are exploding, up ~50% in retail and ~85% in tech as the holidays approach.
• Fake storefronts are rising, with technology URL scams up nearly 50% and consumer URL scams up ~5%.
• Trusted brands are the most impersonated, including Amazon, Microsoft, Apple, Walmart, and Costco.
• 96% plan to shop online
• 91% see ads from unfamiliar retailers
• 37% may buy from brands they don’t recognize
• AI is reshaping scams, with 46% of Americans encountering fake celebrity or influencer endorsements.

Other Key Research Takeaways UK:

• 97% plan to shop online
• 86% see ads from unfamiliar retailers
• 30% may buy from brands they don’t recognize
• AI is reshaping scams, with 42% of Americans encountering fake celebrity or influencer endorsements.

How to Stay Safe While Brands Are Being Faked This Season

Scammers are getting better at copying the brands you trust, but avoiding the fakes gets much easier when you slow down, verify what you see, and use tools that check links and messages before you click.

Here’s what actually helps during a season when realistic-looking scams are everywhere:

1. Go straight to the source

If you get a message about an order, refund, delivery issue, or account lockout, don’t click the link.

Go directly to the retailer’s app or type the URL manually.

This single habit eliminates most holiday scams.

2. Inspect the sender, not the graphics

Scammers can recreate logos, colors, and templates perfectly.

What they can’t easily mimic:

• A legitimate domain
• A verified phone number
• A support email that matches the company’s format

If the sender looks off, the message is off.

3. Let security tools check the link for you

McAfee’s online protection adds a critical layer of holiday safety, especially when scammers imitate retailers with near-perfect accuracy.

Key protections include:

Web Protection
Blocks malicious or suspicious websites before they load — including fake checkout pages, login portals, and support sites.

Scam Detector
Built into all core McAfee plans. It flags scam texts, emails, and even deepfake-style video promotions, letting you know a link or message is unsafe before you interact with it.

Password Manager
Creates and stores strong, unique passwords so a stolen login from one retailer doesn’t unlock your whole digital life.

Identity & Financial Monitoring
Transaction Monitoring and Credit Monitoring can alert you to unusual activity — a crucial safety net when stolen logins, card numbers, or personal details circulate quickly during the holidays.

These tools help counter the exact tactics scammers rely on: cloned websites, fake brand emails, and phishing links disguised as legitimate retailers.

4. Turn on two-factor authentication everywhere you shop

Even if a scammer gets your password, they can’t get in without your one-time code.

5. Treat urgency as a red flag

Legitimate companies don’t ask you to “act in minutes,” pay fees to “unlock” an account, or claim you must stay on the line.

Pressure is a tactic — not customer service.

6. Keep an eye on your accounts

Check your banking and shopping accounts weekly.

Small unauthorized charges often appear before large ones.

The post The Most Impersonated Brands in Holiday Shopping, Ranked appeared first on McAfee Blog.