Technology minister tells Commons ‘de-identified’ information from UK Biobank advertised for sale on Alibaba

The confidential health records of half a million British volunteers have been offered for sale on Chinese website Alibaba, the UK government has confirmed.

The “de-identified” data, belonging to participants in the UK Biobank project, was found for sale on three separate listings last week. Ian Murray, the technology minister, told the Commons on Thursday that, after working with the Chinese government and Alibaba, the records had now been removed. It is not believed any sales were made.

Continue reading...

© Photograph: Dave Guttridge/UK Biobank/PA

© Photograph: Dave Guttridge/UK Biobank/PA

© Photograph: Dave Guttridge/UK Biobank/PA

Washington’s focus on online retailer Coupang has led to accusations that the Trump administration is tying issues of national security to domestic corporate matters

When South Korea’s biggest online retailer revealed last year that a data breach had compromised tens of millions of customer accounts, it appeared to be a corporate crisis. But five months later the issue has grown into a diplomatic storm, threatening to further degrade relations between Seoul and the Trump administration.

Coupang, often described as South Korea’s answer to Amazon, is a US-incorporated company whose business is overwhelmingly based in South Korea. Headquartered in Seattle and listed on the New York Stock Exchange, it is run by Korean-American billionaire Bom Kim. In November last year the company disclosed that a former employee had stolen an internal security key, enabling unauthorised access to data from 33.7 million users.

Continue reading...

© Photograph: Anthony Wallace/AFP/Getty Images

© Photograph: Anthony Wallace/AFP/Getty Images

© Photograph: Anthony Wallace/AFP/Getty Images

2Apply’s over-collection of personal information adds to the power of the real estate industry in the competitive rental market, Carly Kind says

• Follow our Australia news live blog for latest updates

• Get our breaking news email, free app or daily news podcast

An online rental platform has been urged to stop collecting users’ personal information after the Australian privacy commissioner found the gathering of “excessive” data compounded the vulnerability of tenants amid the housing crisis.

RentTech platforms are increasingly used by real estate agents in Australia for people applying for rental properties to submit applications and supporting documentation. The Australian Housing and Urban Research Institute has identified 57 different rent platforms operating in Australia.

Continue reading...

© Photograph: Cavan Images/Alamy

© Photograph: Cavan Images/Alamy

© Photograph: Cavan Images/Alamy

Undisclosed number of names and contact and reservation details accessed in latest cybercrime attempt

The accommodation reservation website Booking.com has suffered a data breach with “unauthorised parties” gaining access to customers’ details.

The platform said it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information”.

Continue reading...

© Photograph: CrocusPhotography/Alamy

© Photograph: CrocusPhotography/Alamy

© Photograph: CrocusPhotography/Alamy

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.

AI is changing cybersecurity as well. In particular, AI systems are getting better at finding and patching vulnerabilities in code. This has implications for both attackers and defenders, depending on the ways this and related technologies improve.

In this essay, I want to take an optimistic view of AI’s progress, and to speculate what AI-dominated cybersecurity in an age of instant software might look like. There are a number of unknowns that will factor into how the arms race between attacker and defender might play out.

How flaw discovery might work

On the attacker side, the ability of AIs to automatically find and exploit vulnerabilities has increased dramatically over the past few months. We are already seeing both government and criminal hackers using AI to attack systems. The exploitation part is critical here, because it gives an unsophisticated attacker capabilities far beyond their understanding. As AIs get better, expect more attackers to automate their attacks using AI. And as individuals and organizations can increasingly run powerful AI models locally, AI companies monitoring and disrupting malicious AI use will become increasingly irrelevant.

Expect open-source software, including open-source libraries incorporated in proprietary software, to be the most targeted, because vulnerabilities are easier to find in source code. Unknown No. 1 is how well AI vulnerability discovery tools will work against closed-source commercial software packages. I believe they will soon be good enough to find vulnerabilities just by analyzing a copy of a shipped product, without access to the source code. If that’s true, commercial software will be vulnerable as well.

Particularly vulnerable will be software in IoT devices: things like internet-connected cars, refrigerators, and security cameras. Also industrial IoT software in our internet-connected power grid, oil refineries and pipelines, chemical plants, and so on. IoT software tends to be of much lower quality, and industrial IoT software tends to be legacy.

Instant software is differently vulnerable. It’s not mass market. It’s created for a particular person, organization, or network. The attacker generally won’t have access to any code to analyze, which makes it less likely to be exploited by external attackers. If it’s ephemeral, any vulnerabilities will have a short lifetime. But lots of instant software will live on networks for a long time. And if it gets uploaded to shared tool libraries, attackers will be able to download and analyze that code.

All of this points to a future where AIs will become powerful tools of cyberattack, able to automatically find and exploit vulnerabilities in systems worldwide.

Automating patch creation

But that’s just half of the arms race. Defenders get to use AI, too. These same AI vulnerability-finding technologies are even more valuable for defense. When the defensive side finds an exploitable vulnerability, it can patch the code and deny it to attackers forever.

How this works in practice depends on another related capability: the ability of AIs to patch vulnerable software, which is closely related to their ability to write secure code in the first place.

AIs are not very good at this today; the instant software that AIs create is generally filled with vulnerabilities, both because AIs write insecure code and because the people vibe coding don’t understand security. OpenClaw is a good example of this.

Unknown No. 2 is how much better AIs will get at writing secure code. The fact that they’re trained on massive corpuses of poorly written and insecure code is a handicap, but they are getting better. If they can reliably write vulnerability-free code, it would be an enormous advantage for the defender. And AI-based vulnerability-finding makes it easier for an AI to train on writing secure code.

We can envision a future where AI tools that find and patch vulnerabilities are part of the typical software development process. We can’t say that the code would be vulnerability-free—that’s an impossible goal—but it could be without any easily findable vulnerabilities. If the technology got really good, the code could become essentially vulnerability-free.

Patching lags and legacy software

For new software—both commercial and instant—this future favors the defender. For commercial and conventional open-source software, it’s not that simple. Right now, the world is filled with legacy software. Much of it—like IoT device software—has no dedicated security team to update it. Sometimes it is incapable of being patched. Just as it’s harder for AIs to find vulnerabilities when they don’t have access to the source code, it’s harder for AIs to patch software when they are not embedded in the development process.

I’m not as confident that AI systems will be able to patch vulnerabilities as easily as they can find them, because patching often requires more holistic testing and understanding. That’s Unknown No. 3: how quickly AIs will be able to create reliable software updates for the vulnerabilities they find, and how quickly customers can update their systems.

Today, there is a time lag between when a vendor issues a patch and customers install that update. That time lag is even longer for large organizational software; the risk of an update breaking the underlying software system is just too great for organizations to roll out updates without testing them first. But if AI can help speed up that process, by writing patches faster and more reliably, and by testing them in some AI-generated twin environment, the advantage goes to the defender. If not, the attacker will still have a window to attack systems until a vulnerability is patched.

Toward self-healing

In a truly optimistic future, we can imagine a self-healing network. AI agents continuously scan the ever-evolving corpus of commercial and custom AI-generated software for vulnerabilities, and automatically patch them on discovery.

For that to work, software license agreements will need to change. Right now, software vendors control the cadence of security patches. Giving software purchasers this ability has implications about compatibility, the right to repair, and liability. Any solutions here are the realm of policy, not tech.

If the defense can find, but can’t reliably patch, flaws in legacy software, that’s where attackers will focus their efforts. If that’s the case, we can imagine a continuously evolving AI-powered intrusion detection, continuously scanning inputs and blocking malicious attacks before they get to vulnerable software. Not as transformative as automatically patching vulnerabilities in running code, but nevertheless valuable.

The power of these defensive AI systems increases if they are able to coordinate with each other, and share vulnerabilities and updates. A discovery by one AI can quickly spread to everyone using the affected software. Again: Advantage defender.

There are other variables to consider. The relative success of attackers and defenders also depends on how plentiful vulnerabilities are, how easy they are to find, whether AIs will be able to find the more subtle and obscure vulnerabilities, and how much coordination there is among different attackers. All this comprises Unknown No. 4.

Vulnerability economics

Presumably, AIs will clean up the obvious stuff first, which means that any remaining vulnerabilities will be subtle. Finding them will take AI computing resources. In the optimistic scenario, defenders pool resources through information sharing, effectively amortizing the cost of defense. If information sharing doesn’t work for some reason, defense becomes much more expensive, as individual defenders will need to do their own research. But instant software means much more diversity in code: an advantage to the defender.

This needs to be balanced with the relative cost of attackers finding vulnerabilities. Attackers already have an inherent way to amortize the costs of finding a new vulnerability and create a new exploit. They can vulnerability hunt cross-platform, cross-vendor, and cross-system, and can use what they find to attack multiple targets simultaneously. Fixing a common vulnerability often requires cooperation among all the relevant platforms, vendors, and systems. Again, instant software is an advantage to the defender.

But those hard-to-find vulnerabilities become more valuable. Attackers will attempt to do what the major intelligence agencies do today: find "nobody but us" zero-day exploits. They will either use them slowly and sparingly to minimize detection or quickly and broadly to maximize profit before they’re patched. Meanwhile, defenders will be both vulnerability hunting and intrusion detecting, with the goal of patching vulnerabilities before the attackers find them.

We can even imagine a market for vulnerability sharing, where the defender who finds a vulnerability and creates a patch is compensated by everyone else in the information-sharing/repair network. This might be a stretch, but maybe.

Up the stack

Even in the most optimistic future, attackers aren’t going to just give up. They will attack the non-software parts of the system, such as the users. Or they’re going to look for loopholes in the system: things that the system technically allows but were unintended and unanticipated by the designers—whether human or AI—and can be used by attackers to their advantage.

What’s left in this world are attacks that don’t depend on finding and exploiting software vulnerabilities, like social engineering and credential stealing attacks. And we have already seen how AI-generated deepfakes make social engineering easier. But here, too, we can imagine defensive AI agents that monitor users’ behaviors, watching for signs of attack. This is another AI use case, and one that I’m not even sure how to think about in terms of the attacker/defender arms race. But at least we’re pushing attacks up the stack.

Also, attackers will attempt to infiltrate and influence defensive AIs and the networks they use to communicate, poisoning their output and degrading their capabilities. AI systems are vulnerable to all sorts of manipulations, such as prompt injection, and it’s unclear whether we will ever be able to solve that. This is Unknown No. 5, and it’s a biggie. There might always be a "trusting trust problem."

No future is guaranteed. We truly don’t know whether these technologies will continue to improve and when they will plateau. But given the pace at which AI software development has improved in just the past few months, we need to start thinking about how cybersecurity works in this instant software world.

This essay originally appeared in CSO.

EDITED TO ADD: Two essays published after I wrote this. Both are good illustrations of where we are regarding AI vulnerability discovery. Things are changing very fast.

Letter from group published by MPs blames 12 March glitch on software update to its mobile banking apps

Lloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed.

A letter from Lloyds, published by MPs on the Treasury select committee on Friday, blamed the glitch on a software defect introduced during an IT update to its Lloyds, Halifax and Bank of Scotland mobile banking apps overnight into 12 March.

Continue reading...

© Photograph: David Burton/Alamy

© Photograph: David Burton/Alamy

© Photograph: David Burton/Alamy

Banks, governments and tech providers urged to upgrade security because current systems will soon be obsolete

Banks, governments and technology providers need to be prepared for quantum computer hackers capable of breaking most existing encryption systems by 2029, Google has warned.

The tech company said in a blogpost that quantum computers would pose a “significant threat to current cryptographic standards” before the end of the decade and urged other companies to follow its lead.

Continue reading...

© Photograph: Reuters

© Photograph: Reuters

© Photograph: Reuters

This blog is now closed

• Hundreds of petrol stations across Australia run out of fuel as Albanese inks supply deal with Singapore

• SA premier warns One Nation poses threat to federal Labor as Marles says party only ‘about stunts and the vibe’

• Get our breaking news email, free app or daily news podcast

The pollies have been asked this morning whether people should consider working from home to save fuel, as conflict escalates in the Middle East.

Tehran has said it will “irreversibly destroy” essential infrastructure across the Middle East, including vital water systems, if the US follows through on Donald Trump’s threat to “obliterate” Iran’s power plants unless the strait of Hormuz is fully opened within two days.

This is like Covid style restrictions I think that are potentially being floated. I would not support that in any way, and I don’t think businesses would do so either …

If people can work from home and they want to and it works for their employers, fine, I think that’s terrific, but it doesn’t help small businesses. It certainly doesn’t help the truckers and the fishers and the farmers and the manufacturers and the miners that are relying on fuel supply.

Continue reading...

© Photograph: Mick Tsikas/AAP

© Photograph: Mick Tsikas/AAP

© Photograph: Mick Tsikas/AAP

Exclusive: Lab tests discover ‘new form of insider risk’ with artificial intelligence agents engaging in autonomous, even ‘aggressive’ behaviours

Robert Booth UK technology editor

Rogue artificial intelligence agents have worked together to smuggle sensitive information out of supposedly secure systems, in the latest sign cyber-defences may be overwhelmed by unforeseen scheming by AIs.

With companies increasingly asking AI agents to carry out complex tasks in internal systems, the behaviour has sparked concerns that supposedly helpful technology could pose a serious inside threat.

Continue reading...

© Photograph: Andrey Kryuchkov/Alamy

© Photograph: Andrey Kryuchkov/Alamy

© Photograph: Andrey Kryuchkov/Alamy

Hard disks and magnetic tape have a limited lifespan, but glass storage developed by Microsoft could last millennia

Some cultures used stone, others used parchment. Some even, for a time, used floppy disks. Now scientists have come up with a new way to keep archived data safe that, they say, could endure for millennia: laser-writing in glass.

From personal photos that are kept for a lifetime to business documents, medical information, data for scientific research, national records and heritage data, there is no shortage of information that needs to be preserved for very long periods of time.

Continue reading...

© Photograph: Tetra Images/Erik Isakson/Getty Images

© Photograph: Tetra Images/Erik Isakson/Getty Images

© Photograph: Tetra Images/Erik Isakson/Getty Images

Michael suspects personal information he submitted to rent application platforms was leaked online. And analysis shows millions of documents may also be at risk

• Get our breaking news email, free app or daily news podcast

Michael* has spent the past two months trying to get his digital identity back.

The 47-year-old Victorian schoolteacher was in the process of moving to a new town and applying for rental properties online. Around this time – and unbeknown to him – his mobile phone number was transferred to someone else.

Continue reading...

© Composite: Getty Images

© Composite: Getty Images

© Composite: Getty Images

The rise in real estate tech means renters often hand over huge amounts of revealing information to digital third parties – at great risk

• Get our breaking news email, free app or daily news podcast

Would you trade your data privacy and security for housing? Thanks to the rise in real estate technologies, renters often have no choice but to hand over huge amounts of revealing information to digital third parties just to have somewhere to live. All the while we are told: trust us, we take your privacy seriously.

But recent Guardian reporting has revealed that seven popular “rent-tech” platforms have serious security vulnerabilities, leaving millions of documents containing personal information of renters exposed on the open web for years. When they were alerted to the risk, only two of the seven companies responded to say they would put additional security measures in place. Is this what taking renter privacy seriously looks like?

Continue reading...

© Photograph: Jacob Wackerhausen/Getty Images

© Photograph: Jacob Wackerhausen/Getty Images

© Photograph: Jacob Wackerhausen/Getty Images

Exclusive: ‘This is a blatant and disturbing disregard for the law and for people’s security,’ digital rights advocate says

• Follow our Australia news live blog for latest updates

• Get our breaking news email, free app or daily news podcast

Australian platforms used by real estate agents to upload documentation for renters and landlords are leaving people’s personal information exposed in hyperlinks accessible online.

An analysis of seven rent platforms provided to Guardian Australia by a researcher, who wished to remain anonymous, revealed millions of leasing documents could be accessed by threat actors.

Continue reading...

© Photograph: Carly Earl/The Guardian

© Photograph: Carly Earl/The Guardian

© Photograph: Carly Earl/The Guardian

Starmer’s team is wary of spies but such fears are not new – with Theresa May once warned to get dressed under a duvet

When prime ministers travel to China, heightened security arrangements are a given – as is the quiet game of cat and mouse that takes place behind the scenes as each country tests out each other’s tradecraft and capabilities.

Keir Starmer’s team has been issued with burner phones and fresh sim cards, and is using temporary email addresses, to prevent devices being loaded with spyware or UK government servers being hacked into.

Continue reading...

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

Hackers are not created equal, nor do they have the same purpose. Some hackers are paid to scrutinize security systems, find loopholes, fix weaknesses, and ultimately protect organizations and people. Others exploit those same gaps for profit, power, or disruption. What separates hackers isn’t just skill level or tactics; it’s intent. 

The purpose behind an attack changes everything about how hackers shape their tactics and how the hacking process unfolds: who is targeted, which methods and tools are used, how patient the attacker is, and the kind of damage they want to cause.

The primary motivations behind these cyberattacks fall into several categories, from financial gain to recognition, and sometimes even coercion. Each driver creates different risk scenarios for your digital life, from your home banking sessions to your workplace communications. Understanding a hacker’s motivations will enable you to better protect yourself and recognize potential threats in both your personal and professional life. 

In this article, we’ll look at the main types of hackers you might encounter, the core motivations and mindset that drive these cyberattacks, and finally, how you can protect yourself against these attacks.

Good and bad hackers

From its beginnings as an intellectual exploration in universities, hacking was driven by curiosity, learning, and the thrill of solving complex problems. Today, it has become industrialized with organized criminal groups and state-sponsored actors entering the scene. 

Modern hacking has seen the emergence of advanced persistent threats and nation-state campaigns targeting critical infrastructure and combining traditional techniques with artificial intelligence. To better understand the types of hackers, here is a window into what they do and why:

White hat hackers

These are the good guys, typically computer security experts who specialize in penetration testing and other methodologies to ensure that a company’s information systems are secure. These IT security professionals rely on a constantly evolving arsenal of technology to battle hackers.

Black hat hackers

These are the bad guys, who are typically referred to as just plain hackers. The term is often used specifically for hackers who break into networks or computers, or create computer viruses. Unfortunately, black hat hackers continue to technologically outpace white hats, often finding the path of least resistance, whether due to human error or laziness, or with a new type of attack. Hacking purists often use the term “crackers” to refer to black hat hackers, whose motivation is generally to get paid.

Script kiddies

This is a derogatory term for black hat hackers who use borrowed programs to attack networks and deface websites in an attempt to make names for themselves. Script kiddies, sometimes called script kitties, might be beginners, but don’t be fooled by their newbie status. With the right tools and right targets, they can wreak as much havoc as a seasoned hacker.

Hacktivists

Some hacker activists are motivated by politics or religion, while others aim to expose wrongdoing or exact revenge. Activists typically target government agencies, public services, and organizations involved in controversial issues related to defense, elections, wars, finance, or social movements. They also attack high-profile individuals, such as executives, public figures, journalists, and activists.

State-sponsored hackers

State-sponsored hackers have limitless time and funding to target civilians, corporations, other governments, or even prominent citizens connected to a larger objective. Their motivations are driven by their government’s strategic goals: gathering intelligence, stealing sensitive research or intellectual property, influencing public perception, or disrupting critical infrastructure. Because they are playing a long game, state-sponsored hackers are stealthy and persistent, quietly embedding themselves in systems, mapping networks, and waiting for the right moment to act.

Spy hackers

Corporations hire hackers to infiltrate their competitors and steal trade secrets, including product designs, source code, pricing plans, customer lists, legal documents, and merger or acquisition strategies. They may hack from the outside or gain employment in order to act as a mole, impersonating recruiters, partners, or vendors to get insiders to share access. They also take advantage of weak internal controls, such as excessive permissions, unsecured file-sharing links, or poor offboarding practices. Spy hackers may use similar tactics as hacktivists or state-sponsored espionage on a smaller scale: stealthy entry, careful privilege escalation, and long-term persistence to avoid triggering alarms. The stolen data is often not leaked publicly but delivered directly to the client and used behind the scenes.

Cyber terrorists

These hackers, generally motivated by religious or political beliefs, attempt to create terror, chaos, and real-world harm by disrupting critical infrastructures such as power grids, water systems, transportation networks, hospitals, emergency services, and government operations. They combine cyber operations with propaganda campaigns and physical attacks on the systems people rely on to live safely to create turmoil far beyond the screen. 

Understand hackers’ motivations

Cybercriminals aren’t just faceless entities; they’re driven by specific goals that shape their tactics and targets. Understanding their motivations empowers you to recognize potential threats and better protect yourself, your family, and colleagues.

Financial gain

Money remains the most common motivator. These profit-driven attacks directly impact your personal finances through methods such as ransomware, credit card fraud, and identity theft. In your home, financially motivated hackers target your banking apps, shopping accounts, and personal devices to steal payment information or hold your data hostage. In the workplace, they focus on payroll systems, customer databases, and business banking credentials.

Ideological motivations

Ideologically driven hackers, called hacktivists, pursue political or social causes through cyber means. These attacks can disrupt services that you rely on daily, from public utilities to private organizations that provide essential services or take public stances on divisive issues. Your best defense involves staying informed about potential disruptions and maintaining backup communication methods for essential services.

Curiosity and learning

Many hackers begin their journey with genuine curiosity about how systems work. They might probe your home network, test website security, or experiment with app vulnerabilities, not necessarily for malicious purposes, but their activities can still expose your data or disrupt services. In professional environments, these individuals might target systems or databases simply to see if they can gain access.

Recognition and reputation building

Some hackers seek fame, respect within hacker communities, or professional advancement rather than immediate financial benefit. They often target high-profile individuals, popular websites, or well-known companies to maximize the visibility for their exploits. If you have a significant social media following, your accounts could become targets for these attacks. They might also focus on defacing company or government websites, or leaking non-sensitive but embarrassing information.

State and corporate intelligence

Nation-state and corporate espionage are some of the most sophisticated threats in cyberspace, making it a top national security concern for both government and private sector. These operations compromise daily services and infrastructure such as internet service providers, email platforms, or cloud storage services to gather intelligence such as intellectual property, customer lists, or strategic planning documents. 

Coercion and extortion

Some hackers use cyber capabilities to intimidate or coerce victims into specific actions. In the FBI’s Internet Crime Complaint Center report for 2024, extortion was the 2nd top cybercrime by number of complaints, demonstrating the growing prevalence of coercion-based attacks. Coercion might involve compromising personal photos, social media accounts, or private communications to demand payment or behavioral changes. Workplace coercion could target executives with embarrassing information or threaten to leak sensitive business data unless demands are met. 

The intersection of motivations

Many real-world attacks combine multiple motivations—a financially driven criminal might also seek recognition within hacker communities, or an ideological hacker might generate revenue through ransomware. The contrast between ethical hacker motivations and malicious ones often lies in the permission, legality, and intent. Understanding why people become hackers helps you recognize that not all hacking activity is inherently malicious, although all unauthorized access ultimately poses risks to your security and privacy.

The psychology behind cyberattacks

Understanding the psychology behind cyberattacks gives you a powerful advantage in protecting yourself. When you know what drives hackers, you can better spot their tactics and stay one step ahead.

High reward, low risk

Many hackers operate with the goal of achieving high reward for perceived low risk. This risk-reward imbalance motivates attackers because they can potentially access valuable personal or financial information while remaining physically distant from their victims. This means hackers often target easy opportunities, such as when you click on suspicious links or download questionable attachments, to gain access with minimal effort. For instance, a hacker would rather send 10,000 phishing emails hoping for a few bites than attempt one complex, risky attack.

Exploiting normal human responses 

Hackers exploit well-known psychological shortcuts your brain takes. They understand that you’re more likely to trust familiar-looking emails, act quickly under pressure, or follow authority figures without question. These aren’t weaknesses, these are normal human responses that attackers deliberately manipulate. For example, urgent messages claiming your account will be closed create an artificial time pressure, making you more likely to click without thinking.

The power of group dynamics

Many successful cyberattacks leverage the human tendency to follow what others are doing. Hackers create fake social media profiles, forge customer reviews, or impersonate colleagues to make their requests seem legitimate and widely accepted. In ransomware attacks targeting businesses, criminals often research company hierarchies and communication styles to make their demands appear to come from trusted sources within the organization. 

The gamification of cybercrime

Modern hacking has elements that make it feel like a game to perpetrators. Some online forums award points for successful attacks, creating competition and recognition among criminals. This helps explain why some hackers target individuals rather than large corporations, as every successful phishing attempt becomes a score, and why attacks continue to evolve. 

Common hacking methods

Hackers don’t all use the same tricks, but most successful attacks rely on a familiar toolkit of methods that exploit common technical gaps and human habits. Recognizing these common techniques will help you avoid danger earlier on.

• Phishing and smishing. These attacks trick you into revealing sensitive information through fraudulent emails or text messages, respectively known as phishing and smishing. Modern attackers increasingly use AI-generated content and sophisticated social engineering techniques that make these messages appear more legitimate than ever before. 
• Credential stuffing. Cybercriminals use automated tools to test stolen username and password combinations across multiple websites, exploiting the fact that many people reuse passwords. This attack method has become more efficient with attackers leveraging large-scale data breaches and improved automation tools.
• Multi-factor authentication (MFA) fatigue. Attackers repeatedly send multi-factor authentication requests until overwhelmed, frustrated, and confused users approve one. This technique has gained prominence as more organizations adopt MFA, with attackers finding ways to exploit user behavior around security notifications. 
• Malvertising. Malicious advertisements on legitimate websites can install malware or redirect you to harmful sites without requiring any clicks. Recent trends show attackers using sophisticated techniques to bypass ad network security filters. 
• Remote desktop attacks. Hackers exploit weak or default passwords on remote desktop services to gain unauthorized access to systems, particularly targeting businesses with remote work setups. The rise of hybrid work environments since 2023 has made this attack vector increasingly attractive to cybercriminals. Disable remote desktop services when not needed and use VPNs with strong authentication for legitimate remote access.
• USB baiting. Attackers leave infected USB devices in public places, hoping curious individuals will plug them into their computers, automatically installing malware. Modern USB attacks can execute within seconds of being connected, making them particularly dangerous in today’s fast-paced work environment.

• Unsecured Wi-Fi networks. Unsecured public Wi-Fi and home networks create opportunities for hackers to gain access to your devices or intercept your sensitive information, such as passwords, emails, and banking details. Sometimes, cybercriminals create fake Wi-Fi hotspots with legitimate-sounding names to trick users into connecting.
• Unsafe downloads. Hackers disguise malicious software as legitimate programs, games, documents, or updates to trick users into installing them. These malicious downloads may come from infected email attachments, fake or pirated software, or even compromised websites. Once installed, the malware can steal your information, lock your files for ransom, or give hackers access to your computer.

• Tech support scams. Tech support scams rely on social engineering rather than technical exploits, where scammers typically contact you by phone and insist your computer has been infected or compromised. They create urgency and fear to convince you to install remote access software that gives them complete control of your computer. Once they have access, they can steal personal information, install malware, or hold your files hostage.

• Outdated software. Running outdated software creates security vulnerabilities that hackers actively leverage. When software developers discover security vulnerabilities, they release patches to fix these problems. If you don’t install these updates promptly, your system remains vulnerable to attacks. Hackers maintain databases of unpatched systems and use automated tools to find and exploit them.

Defensive tips to protect yourself from hack attacks

Your strongest defense against hacking combines technical safeguards, security awareness, and some consistent habits that shut down the most common paths attackers use. Here’s how to put those defenses in place and make your digital life a much harder target.

• Install comprehensive security software. The Cybersecurity and Infrastructure Security Agency recommends a layered security approach to prevent multiple types of threats simultaneously. Choose a reputable security suite that offers real-time protection, anti-malware scanning, and web browsing safety features. 
• Enable MFA everywhere. Add an extra security layer to all your important accounts: email, banking, social media, and work platforms. Only approve MFA requests that you initiated yourself, and report any unexpected authentication prompts to your IT team or service provider immediately.
• Use a password manager. Create complex, unique passwords using a trusted password manager for every account you own. The National Institute of Standards and Technology recommends passwords that are at least 12 characters long and completely unique across all your accounts to prevent credential stuffing attacks.
• Keep all software updated. Enable automatic updates for your operating system, apps, and security software, as many successful cyberattacks exploit known weaknesses that could have been prevented with timely updates.
• Secure your internet connections. Avoid using public Wi-Fi for sensitive activities, and use a reputable VPN when you must connect to untrusted networks. Unsecured public networks make it easy for attackers to intercept your data and credentials.
• Implement the 3-2-1 backup strategy. Regular, tested backups are your best defense against ransomware and data loss incidents. Keep three copies of important data—on your device, on an external drive, and in secure cloud storage. 
• Develop scam-spotting skills. Scammers continuously adapt their tactics to current events, so staying informed about the latest schemes and learning to recognize phishing emails, suspicious links, and social engineering tactics will help you stay one step ahead.
• Practice good digital hygiene. Regularly review your account permissions, remove unused apps, and monitor your financial statements for unauthorized activity to lessen your exposure to identity theft and privacy breaches.

• Monitor your accounts regularly. Check bank statements, credit reports, and account activity monthly. Set up account alerts for unusual activity when available.
• Limit personal information sharing. Only provide the necessary information to companies or service providers to reduce your digital footprint. In addition, review privacy settings and avoid oversharing on social media as scammers and hackers regularly prowl these platforms. 

Final thoughts

Now that you understand hackers’ motivations and psychological drivers, you can flip the script and turn it to your advantage. Instead of being the target, become the informed defender who recognizes manipulation tactics and responds thoughtfully rather than reactively. This knowledge empowers you to spot potential threats earlier, choose stronger protective measures, and navigate the digital world with greater confidence.

When someone pressures you to act immediately, that’s your cue to slow down and verify the request. Question familiar-looking messages, even if they look official. Check the sender’s address and contact the company through official channels. Trust your instincts and investigate before acting. Stay curious and keep learning from reputable cybersecurity resources that publish current research and threat intelligence. Share these tips with your family members and friends, especially those who might be less technologically savvy. 

McAfee+ includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues.

The post 7 Types of Hacker Motivations appeared first on McAfee Blog.

It’s no longer possible to deny that your life in the physical world and your digital life are one and the same. Coming to terms with this reality will help you make better decisions in many aspects of your life.

The same identity you use at work, at home, and with friends also exists in apps, inboxes, accounts, devices, and databases, whether you actively post online or prefer to stay quiet. Every purchase, login, location ping, and message leaves a trail. And that trail shapes what people, companies, and scammers can learn about you, how they can reach you, and what they might try to take.

That’s why digital security isn’t just an IT or a “tech person” problem. It’s a daily life skill. When you understand how your digital life works, what information you’re sharing, where it’s stored, and how it can be misused, you make better decisions. This guide is designed to help you build that awareness and translate it into practical habits: protecting your data, securing your accounts, and staying in control of your privacy in a world that’s always connected.

The essence of digital security

Being digitally secure doesn’t mean hiding from the internet or using complicated tools you don’t understand. It means having intentional control over your digital life to reduce risks while still being able to live, work, and communicate online safely. A digitally secure person focuses on four interconnected areas:

Personal information

Your personal data is the foundation of your digital identity. Protecting it includes limiting how much data you share, understanding where it’s stored, and reducing how easily it can be collected, sold, or stolen. At its heart, personal information falls into two critical categories that require different levels of protection:

• Personally identifiable information (PII):This represents the core data that defines you, such as your name, contact details, financial data, health information, location history, Social Security number, driver’s license number, passport information, home address, and online behavior. Financial data such as bank account numbers, credit card details, and tax identification numbers also fall into this category. Medical information, including health insurance numbers and medical records, represents some of your most sensitive PII that requires the highest level of protection.
• Sensitive personal data:While not always directly identifying you, this type of information can be used to build a comprehensive profile of your life and activities. This includes your phone number, email address, employment details, educational background, and family information. Your online activities, browsing history, location data, and social media posts also constitute sensitive personal data that can reveal patterns about your behavior, preferences, and daily routines.

Digital accounts

Account security ensures that only you can access them. Strong, unique passwords, multi-factor authentication, and secure recovery options prevent criminals from hijacking your email, banking, cloud storage, social media, and other online accounts, often the gateway to everything else in your digital life.

Privacy

Privacy control means setting boundaries and deciding who can see what about you, and under what circumstances. This includes managing social media visibility, app permissions, browser tracking, and third-party access to your data.

Digital security is an ongoing effort as threats evolve, platforms change their policies, and new technologies introduce new risks. Staying digitally secure requires periodic check-ins, learning to recognize scams and manipulation, and adjusting your habits as the digital landscape changes.

Common exposure points in daily digital life

Your personal information faces exposure risks through multiple channels during routine digital activities, often without your explicit knowledge.

• Public Wi-Fi networks: When you connect to unsecured networks in coffee shops, airports, hotels, or retail locations, your internet traffic can be intercepted by cybercriminals using the same network. This puts your login credentials, banking information, and communications at risk, even on networks that appear secure.
• Data brokers: These companies gather data, often without your explicit knowledge, from public records, social media platforms, online purchases, and other digital activities to create your profile. They then sell this information to marketers, employers, and other interested parties.
• Social media: When you overshare details about your location, vacation plans, family members, workplace, or daily routines, you provide cybercriminals with valuable information for identity theft and social engineering attacks. Regular platform policy changes can reset your previously private information or expose you to data breaches.
• Third-party applications: Mobile apps, browser extensions, and online services frequently collect more data than necessary for their stated functionality, creating additional privacy risks for you. You could be granting these apps permission to access your personal data, contacts, location, camera, and other device functions without fully understanding how your data will be used, stored, or shared.
• Web trackers: These small pieces of code embedded in websites follow your browsing behavior, monitoring which sites you visit, how long you stay, what you click on, and even where you move your mouse cursor. Advertising networks use this information to build a profile of your interests and online habits to serve you targeted ads.

Core pillars of digital security

Implementing comprehensive personal data protection requires a systematic approach that addresses the common exposure points. These practical steps provide layers of security that work together to minimize your exposure to identity theft and fraud.

Minimize data sharing across platforms

Start by conducting a thorough audit of your online accounts and subscriptions to identify where you have unnecessarily shared more data than needed. Remove or minimize details that aren’t essential for the service to function. Moving forward, provide only the minimum required information to new accounts and avoid linking them across different platforms unless necessary.

Be particularly cautious with loyalty programs, surveys, and promotional offers that ask for extensive personal information, as they may share it with third parties. Read privacy policies carefully, focusing on sections that describe data sharing, retention periods, and your rights regarding your personal information.

If possible, consider using separate email addresses for different accounts to limit cross-platform tracking and reduce the impact if one account is compromised. Create dedicated email addresses for shopping, social media, newsletters, and important accounts like banking and healthcare.

Adjust account privacy settings

Privacy protection requires regular attention to your account settings across all platforms and services you use. Social media platforms frequently update their privacy policies and settings, often defaulting to less private configurations that allow them to collect and share your data. For this reason, it is a good idea to review your privacy settings at least quarterly. Limit who can see your posts, contact information, and friend lists. Disable location tracking, facial recognition, and advertising customization features that rely on your personal data. Turn off automatic photo tagging and prevent search engines from indexing your profile.

On Google accounts, visit your Activity Controls and disable Web & App Activity, Location History, and YouTube History to stop this data from being saved. You can even opt out of ad personalization entirely if desired by adjusting Google Ad Settings. If you are more tech savvy, Google Takeout allows you to export and review what data Google has collected about you.

For Apple ID accounts, you can navigate to System Preferences on Mac or Settings on iOS devices to disable location-based Apple ads, limit app tracking, and review which apps have access to your contacts, photos, and other personal data.

Meanwhile, Amazon accounts store extensive purchase history, voice recordings from Alexa devices, and browsing behavior. Review your privacy settings to limit data sharing with third parties, delete voice recordings, and manage your advertising preferences.

Limit app permissions

Regularly audit the permissions you’ve granted to installed applications. Many apps request far more permissions to your location, contacts, camera, and microphone even though they don’t need them. Cancel these unnecessary permissions, and be particularly cautious about granting access to sensitive data.

Use strong passwords and multi-factor authentication

Create passwords that actually protect you; they should be long and complex enough that even sophisticated attacks can’t easily break them. Combine uppercase letters, lowercase letters, numbers, and special characters to make it harder for attackers to crack.

Aside from passwords, enable multi-factor authentication (MFA) on your most critical accounts: banking and financial services, email, cloud storage, social media, work, and healthcare. Use authenticator apps such as Google Authenticator, Microsoft Authenticator, or Authy rather than SMS-based authentication when possible, as text messages can be intercepted through SIM swapping attacks. When setting up MFA, ensure you save backup codes in a secure location and register multiple devices when possible to keep you from being locked out of your accounts if your primary authentication device is lost, stolen, or damaged.

Alternatively, many services now offer passkeys which use cryptographic keys stored on your device, providing stronger security than passwords while being more convenient to use. Consider adopting passkeys for accounts that support them, particularly for your most sensitive accounts.

Enable device encryption and automatic backups

Device encryption protects your personal information if your smartphone, tablet, or laptop is lost, stolen, or accessed without authorization. Modern devices typically offer built-in encryption options that are easy to enable and don’t noticeably impact performance.

You can implement automatic backup systems such as secure cloud storage services, and ensure backup data is protected. iOS users can utilize encrypted iCloud backups, while Android users should enable Google backup with encryption. Regularly test your backup systems to ensure they’re working correctly and that you can successfully restore your data when needed.

Request data deletion and opt out from data brokers

Identify major data brokers that likely have your information and look for their privacy policy or opt-out procedures, which often involves submitting a request with your personal information and waiting for confirmation that your data has been removed.

In addition, review your subscriptions and memberships to identify services you no longer use. Request account deletion rather than simply closing accounts, as many companies retain data from closed accounts. When requesting deletion, ask specifically for all personal data to be removed from their systems, including backups and archives.

Keep records of your opt-out and deletion requests, and follow up if you don’t receive confirmation within the stated timeframe. In the United States, key data broker companies include Acxiom, LexisNexis, Experian, Equifax, TransUnion, Whitepages, Spokeo, BeenVerified, and PeopleFinder. Visit each company’s website.

Use only trusted, secure networks

Connect only to trusted, secure networks to reduce the risk of your data being intercepted by attackers lurking behind unsecured or fake Wi-Fi connections. Avoid logging into sensitive accounts on public networks in coffee shops, airports, or hotels, and use encrypted connections such as HTTPS or a virtual private network to hide your IP address and block third parties from monitoring your online activities.

Rather than using a free VPN service that often collects and sells your data to generate revenue, it is better to choose a premium, reputable VPN service that doesn’t log your browsing activities and offers servers in multiple locations.

Ongoing monitoring and maintenance habits

Cyber threats evolve constantly, privacy policies change, and new services collect different types of personal information, making personal data protection an ongoing process rather than a one-time task. Here are measures to help regularly maintain your personal data protection:

• Quarterly reviews: Set up a quarterly review process to examine your privacy settings across all platforms and services. Create a calendar reminder to check your social media privacy settings, review app permissions on your devices, and audit your online accounts for unused services that should be deleted.
• Credit monitoring: Monitor your financial accounts regularly for unauthorized activity and consider using credit monitoring services to alert you to potential identity theft.
• Breach alerts: Stay informed about data breaches in the services you use by signing up for breach notification services. If a breach occurs, this will allow you to take immediate action to change passwords, monitor affected accounts, and consider additional security measures for compromised services.
• Device updates: Enable automatic security and software updates on your devices, as these updates include important privacy and security improvements that protect you from newly discovered vulnerabilities.
• Education and awareness: Stay informed about new privacy risks, learn about emerging protective technologies, and share knowledge with family members and friends who may benefit from improved personal data protection practices.

By implementing these systematic approaches and maintaining regular attention to your privacy settings and data sharing practices, you significantly reduce your risk of identity theft and fraud while maintaining greater control over your digital presence and personal information.

Final thoughts

You don’t need to dramatically overhaul your entire digital security in one day, but you can start making meaningful improvements right now. Taking action today, even small steps, builds the foundation for stronger personal data protection and peace of mind in your digital life. Choose one critical account, update its password, enable multi-factor authentication, and you’ll already be significantly more secure than you were this morning. Your future self will thank you for taking these proactive steps to protect what matters most to you.

Every step you take toward better privacy protection strengthens your overall digital security and reduces your risk of becoming a victim of scams, identity theft, or unwanted surveillance. You’ve already taken the first step by learning about digital security risks and solutions. Now it’s time to put that knowledge into action with practical steps that fit seamlessly into your digital routine.

The post What Does It Take To Be Digitally Secure? appeared first on McAfee Blog.

Some years ago, a highly infectious computer worm called W32/Autorun was discovered to be infecting Windows computers. Unlike a virus, a worm such as W32/Autorun doesn’t steal anything from your computer. Instead, it spreads rapidly and opens as many security holes as possible to allow hackers to install a different form of malware that will eventually steal information, money, or both.

While this worm is less widespread today, it continues to infect older Windows operating systems that are not regularly updated. This guide will take a closer look at how the worm spreads and outline preventive measures to avoid infection.

Older Windows versions at risk

Autorun worms primarily affect older Windows systems such as Windows XP, Vista, and early versions of Windows 7, which had AutoRun enabled by default. Microsoft recognized this security vulnerability and significantly restricted AutoRun capabilities in newer Windows versions, but millions of older systems remain at risk if they haven’t been properly updated or configured.

When an autorun worm infects your system, it can compromise both your files and privacy in several ways by stealing personal documents, capturing passwords and banking information, or installing additional malware that monitors your online activities. Some variants encrypt your files for ransom, while others turn your computer into part of a botnet used for spam or cyberattacks. The infection can also spread to family members, friends, or colleagues when you share USB drives or connect to shared networks.

While this worm is less common today due to security updates in newer Windows operating systems, the concept of autorun malware is still relevant, often evolving into new forms that spread via malicious downloads, USB drives, or network shares. These forms use clever file drops and social engineering, with detection still relying on robust antivirus and user caution.

Key ways W32/Autorun bypasses your computer’s defenses

W32/Autorun is effective because it exploits everyday behaviors and outdated system features. Instead of forcing its way into your computer, it relies on built-in Windows functionality and simple tricks to get users to let it in, slip past basic defenses, and infect systems.

Easy way in via Windows AutoRun

An autorun worm spreads, as its name suggests, automatically through removable storage devices such as USB drives, external hard drives, and network shares. It takes advantage of Windows’ AutoRun and AutoPlay features to secretly execute itself when you connect the removable device to your computer that has AutoRun. A dialog box then pops up asking if you want to automatically run whatever is on the device. When you unsuspectingly click “run,” you’ve authorized the W32/Autorun worm. Once active, the worm copies itself to other connected drives and network locations, rapidly spreading to any system. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while.

Fake folders lure victims in

Even if you don’t have Windows AutoRun enabled in your device, W32/Autorun disguises itself as interesting imposter files and folders with names like “porn” and “sexy” in infected flash drives or shared internet connections to trick you into downloading the worm. Once you click on the malicious file, it executes AutoRun and infects your computer.

The worm can also change your computer’s settings to allow it to run every time you boot up. Some variants even disable Windows updates to prevent the system from downloading security patches and ensure the worm can do its job of infecting every device your computer comes into contact with, opening the door for any virus a hacker wants to install at your expense.

Symptoms of a W32/Autorun worm infection

A W32/Autorun worm infection works quietly in the background, spreading to connected devices and weakening your system’s defenses without triggering immediate alarms. However, there are subtle signs that indicate the infection. Recognizing these early symptoms can help you take action to block the worm’s activities before it causes irreparable damage to your device and network:

• Slow performance: Your computer or internet connection may slow down due to the high processing usage that the worm requires as it actively searches for drives to infect.
• Presence of unfamiliar files/folders: The worm creates copies of itself and configuration files on infected drives, sometimes disguised with random names or enticing names such as “porn” or “sexy”.
• System instability: Your computer may begin freezing, crashing, or restarting unexpectedly as the worm runs multiple background processes while consuming system resources and interfering with normal operating functions.
• Modified settings: You might notice unexpected changes to your desktop, folder views, or system preferences without your input. These modifications are often made to hide malicious files or make it easier for the worm to run automatically.
• Loss of access to some features: Tools like Task Manager, Registry Editor, or Folder Options may suddenly become inaccessible. The worm disables these features to prevent you from stopping its processes or removing it manually.
• Disabled antivirus software or Windows updates: Your security software may stop working properly, or Windows updates may be turned off without explanation. This enables the worm to block security patches and scans that could remove it.
• Unusual network activity: You may notice unexplained internet traffic even when you’re not actively using your device. The worm could be contacting remote servers to report successful infections or download additional malicious components.
• Diminished storage space: Available disk space may shrink rapidly with no clear reason. This happens because the worm repeatedly copies itself across your system and connected drives.

Consequences of the W32/Autorun worm

The impact of the W32/Autorun worm can vary depending on the specific variant, ranging from minor annoyances to severe system compromise:

• System damage and further infection: The W32/Autorun worm acts as an entry point for attackers to silently install more dangerous malware, including data-stealing Trojans or destructive viruses.
• Data loss and corruption: Some variants can delete important files or corrupt stored data, making documents, photos, or applications unusable or permanently unreadable, even after the worm is removed.
• Disruption of operations: Because the worm consumes large amounts of processing power and memory in the background, it can slow down your device’s performance and stall programs to make daily computing tasks difficult.
• Unauthorized access and information theft: Certain W32/Autorun variants are capable of monitoring your online activity, including logging keystrokes, capturing login credentials, and stealing financial details or personal data.
• Aesthetic changes: Less destructive versions of the worm may focus on annoying changes such as altered desktop backgrounds, browser settings, or system appearance.

How to Prevent a W32/Autorun Infection

Preventing a W32/Autorun infection is largely about closing the simple security gaps the worm relies on to spread. By taking these steps, you can significantly reduce the chances of this worm gaining access to your computer.

1. Disable AutoRun

If your computer is still prompting you to automatically run applications each time you insert a CD, connect to a new network, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows.

2. Beware of shared removable devices

Remember that this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive will carry the worm to your computer. If you do need to share a device, make sure AutoRun is disabled before you plug it in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.

3. Use reliable antivirus

While the first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer. Solutions like McAfee+ will catch the W32/Autorun worm bug and other similar malware, protecting you from accidentally spreading it to friends and family.

Final thoughts

Autorun worms represent a persistent threat that combines old vulnerabilities with modern attack techniques. Newer security measures may have reduced their impact, but these worms continue to target systems with outdated configurations through the continued use of removable media. This is why keeping systems updated and being cautious with external devices are important habits to apply.

In addition, you can protect yourself with proper security practices: disable AutoRun on older systems, keep your antivirus software updated, scan external devices before accessing their contents, and avoid connecting unknown USB drives to your computer.

The post Crush that Worm before It Creeps into Your Computer appeared first on McAfee Blog.

Thanksgiving—not before Halloween as we see things in stores and online now. It seems like the holiday season and decorations start earlier and earlier every year.

But one thing that hasn’t changed is that Black Friday is still a big shopping day. With the advent of online shopping has emerged Cyber Monday, another big sale day for online shoppers on the first Monday after Thanksgiving.

Although many of us may take advantage of these great deals that the holidays offer, we also need to be aware of the risks. Online shopping is a fun and convenient way to make purchases, locate hard-to-find items, and discover bargains, but we need to take steps to protect ourselves.

This guide looks at the methods and warning signs behind online shopping scams, shows you how to recognize fake shopping apps and websites, and shares tips for staying safe online.

Online shopping safety amid growing e-commerce concerns

Online shopping has become a cornerstone of American life. CapitalOne Shopping projects American online spending to reach $1.34 trillion in 2024 and exceed $2.5 trillion in 2030.

With such a massive sum at stake, cybercriminals are laser-focused on taking a share of it, posing financial risk to the 288 million Americans who shop online. As e-commerce grows, so does fraud. In 2024, e-commerce fraud was valued at $44.3 billion, a number seen to grow by 141% to $107 billion in 2029.

Be that as it may, there are many smart shopping habits you can apply to dramatically reduce your risk of becoming a victim of online shopping fraud and enjoy the convenience and benefits of online commerce.

Common online shopping scams

Online shopping scams are designed to look normal—at first glance—especially during busy sale seasons when we’re distracted by a million preparations, moving fast, and chasing deals. These are the very circumstances that fraudsters bank on to victimize you into taking the bait. Being aware of the common scam indicators will help you pause and think, recognize trouble early, and protect both your money and your personal information.

• Non-delivery scams: You pay for items that never arrive, often from fake storefronts or fraudulent sellers who disappear with your money. The seller might have required you to pay through a wire transfer, cryptocurrency, or gift card, methods that are indisputable and untraceable. If you check the website, it may look new and have no customer reviews or suspiciously have only perfect 5-star ratings. It may also offer prices that are significantly below market value.
• Counterfeit goods scams: You receive knock-off products instead of authentic brand-name items, particularly affecting electronics, cosmetics, and luxury goods. On closer inspection, you will notice spelling errors in brand names or product descriptions, the prices seem too good to be true for premium brands, and sellers have no proof of authenticity or authorized dealer status.
• Bait-and-switch scams: Attractive deals lure you in, but you’re pressured to buy different, more expensive items or receive products that don’t match what was advertised. This type of scam is usually characterized by items that are always “out of stock,” but offer readily available, more expensive alternatives. The seller also applies high-pressure sales tactics or limited-time offers that prevent you from comparison shopping, while the product descriptions are vague or don’t match the images shown.
• Refund and overpayment scams: In this scheme, scammers will pose as buyers who “accidentally” overpay you for items you’re selling, then request you to refund the difference before their original payment bounces. They will also use payment methods that can be reversed such as checks or money orders, then ask for a refund and suggest sending shipping companies to collect items before the payment clears.
• Website and marketplace impersonations: Fake websites designed to look like legitimate popular brands can steal your payment information and personal data. Watch out for websites that have slightly misspelled URLs or don’t use secure HTTPS encryption as marked by the padlock icon in your browser, as well as missing or incomplete contact information, privacy policies, or terms of service.
• Product return fraud: Scammers exploit return policies by selling you used, damaged, or counterfeit items while making returns and refunds difficult or impossible through fake or non-existent customer service. Their return policies are overly complicated, buried in fine print, or require original packaging that wasn’t provided. They will disappear from marketplaces immediately after the return period expires.

A guide to knowing if a shopping website is legit

Safe online shopping starts with recognizing the hallmarks of legitimate retailers. Before you enter any payment details, take a moment to verify that the website you’re shopping on is genuine. Scam stores can look polished and convincing, but they often leave behind subtle clues. Here are quick ways to check their authenticity:

1. Verify the website URL: By typing the URL directly into your browser rather than clicking links from emails or ads, you will avoid typosquatting scams—fake websites with URLs that look almost identical to real retailers, except for slight misspellings. Look for clear return and shipping policies. Read the fine print to understand your rights if something goes wrong.
2. Confirm physical address and customer service: Real businesses provide multiple ways to contact them, including a physical address, phone number, and email.
3. Evaluate pricing for realism: The prices are too good to be true, especially for high-demand or hard-to-find items. Many legitimate retailers now offer price-matching policies, allowing you to get market-average or competitive prices.
4. Check for verified customer reviews: Look for reviews on independent platforms like Google, Yelp, or Trustpilot rather than relying solely on testimonials on the retailer’s website. Cross-reference feedback across multiple platforms.
5. Ensure secure payment options: Look for HTTPS in the URL and avoid sites that only accept wire transfers, gift cards, peer-to-peer payment apps, or cryptocurrency. For online purchases, check that the seller offers secure payment options with dispute protection, such as digital wallets and/or credit cards.
6. Research domain age and registration: Use WHOIS lookup tools to check when the domain was registered. Fraudulent sites are usually newly created domains designed to disappear quickly after collecting payments. In addition, established retailers and official brand websites have invested heavily in solid security infrastructure and payment processing, customer protection programs, fraud prevention systems, and long-standing relationships with credit card companies that smaller or unknown sellers often lack.
7. Check the Better Business Bureau: Search for the seller’s company on the Better Business Bureau to see their rating, complaint history, and accreditation status, and help you identify potential risks before making a purchase.
8. Pay attention to browser safety warnings: Modern browsers like Chrome, Firefox, and Safari will warn you about potentially dangerous or untrustworthy sites. Google’s Safe Browsing technology blocks millions of unsafe sites daily, so don’t ignore these warnings when they appear. Some comprehensive security tools also include web protection that alert you against dangerous links and downloads, malicious websites, and more.
9. Verify secure checkout processes: Legitimate sites use SSL (Secure Sockets Layer) encryption during checkout, which you can confirm by looking for “https://” and a lock icon in your browser’s address bar.

11 Tips for safe holiday shopping online

• Be extra vigilant: Cybercriminals send millions of fake shopping emails that contain suspicious links, with the aim of exploiting your anxiety over catching that amazing deal or deliveries. For example, you might receive an unexpected “Amazon Prime renewal” email or a text from UPS, FedEx, or other carriers when you didn’t purchase anything online. These phishing emails and texts contain malicious links designed to steal your personal information or install malware on your devices. Don’t click the link. Verify delivery notifications through your account or the carrier’s official website or app, then delete the scam email or text immediately.
• Stick with trusted sellers: When shopping on marketplaces, stick with your trusted online retailers and sellers with high ratings, extensive review histories, and “fulfilled by” programs where the main platform handles shipping and returns. Download retailer apps directly from official app stores rather than third-party sources, as these include enhanced security features and exclusive customer protections.
• Check the site’s web address: Always type retailer URLs directly into your browser’s address bar or use your bookmarks. Once you arrive at a site, make sure it is the correct URL such as www.amazon.com and not www.amazan.com. Purchase directly from official brand websites or authorized retailers, and verify seller credentials through the brand’s official dealer locator when shopping on marketplaces.
• Check that the site is secure: Some people cannot tell if a site is secure. Some things to look for on a secure site include:
  • A web address that starts with HTTPS instead of HTTP, indicating that encryption is used to protect your information.
  • A lock symbol beside the URL, proper SSL certificates, and several contact methods.
  • A security seal, such as the McAfee SECURE trustmark, indicating that the site has been scanned and verified as secure by a trusted third party. This security seal indicates that the site will help protect you from identity theft, credit card fraud, spam, and other malicious threats.
• Pay with a credit card or digital wallet: Credit cards offer better protection against fraud than debit cards. You won’t be liable for fraudulent purchases, while cyberthieves won’t be able to drain your bank account if they get your account log-in credentials. Better yet, use a virtual credit card number or a digital wallet such as Apple Pay or Google Pay to prevent your actual card details from being stored on merchant sites. Also, avoid storing your credit card information on new or questionable sites to reduce your exposure if those sites experience security breaches.
• Take note of shipping and return policies: Always review shipping timelines, return windows, and refund policies before completing your purchase. Not reading the fine print can leave you stuck with unwanted purchases or unexpected fees.
• Validate social media sellers: Shopping directly through social media platforms or unknown sellers bypasses traditional consumer safeguards. Before you buy from a social media seller, verify their legitimacy, check for customer reviews outside the platform, and use payment methods that offer dispute resolution.
• Keep communications on-platform: Never move conversations or payments outside the marketplace platform. Scammers often try to lure buyers to external communication channels or direct payment methods to circumvent buyer protections. Legitimate sellers understand that platform policies protect both parties and will keep all interactions within the official channels.
• Do not use a public computer or Wi-Fi when shopping online: Strangers may be able to access your browsing history and even your login information on shared devices or over unsecured public Wi-Fi. To protect yourself, do all of your online shopping from your home computer or your personal mobile device.
• Make sure you have a clean computer or mobile device: Make sure you have up-to-date security software on all your devices to safeguard your privacy, protect against identity theft, and defend against viruses and online threats.
• Keep a paper trail: Take a screenshot of product listings and advertisements before purchasing. Keep a copy of your order number and receipt, and note which credit card you used. When you receive your credit card statement, review it to make sure that the charge on your card is correct, with no extra fees.

The FTC also recommends these additional tips so you can enjoy all the advantages that online shopping has to offer and prevent risking your personal information.

Immediate steps to take if you ordered from a fake online store

1. Contact your credit card issuer immediately: Call the customer service number on the back of your card once you realize you’ve been scammed. Request a chargeback and explain that you received counterfeit goods, nothing at all, or that the merchant was fraudulent. You usually have 60 days from your statement date to dispute charges, but acting quickly improves your chances of a successful resolution.
2. Freeze or replace your payment card: Contact your bank or card issuer to freeze your current card and request a new account to prevent more unauthorized charges. If you used a debit card, this step is especially critical since debit card fraud protections are more limited than credit cards.
3. Change your passwords and enable two-factor authentication: If you created an account on the fake website, change your password immediately on your real account and any linked accounts such as email, banking, and social media. Enable two-factor authentication and think about using a password manager to generate and store unique passwords for each account.
4. Report the fraudulent seller to the platform or hosting service: Protect other consumers by reporting the fake store. If the site appeared in search results or social media ads, report it to those platforms. You can also report fraudulent websites to their hosting companies to take down fraudulent sites once notified.
5. File reports with federal and state authorities: Report the scam to the Federal Trade Commission (FTC) and the Internet Crime Complaint Center (IC3) to help authorities track scam trends and assist in investigations. Additionally, contact your state’s attorney general office, as many have consumer protection divisions that handle online fraud.
6. Save and organize all evidence: Document everything related to your purchase in both digital and printed formats: screenshots of the website, confirmation emails, receipts, payment records, and any communication with the seller. Save copies of your credit card or bank statements showing the charge. These documents are essential for your chargeback dispute and law enforcement investigations.
7. Monitor your credit report and identity closely: Keep a close eye on your bank and credit card statements, as well as credit reports from all three major bureaus—Experian, Equifax, and TransUnion—for suspicious activity, and place a fraud alert or credit freeze on your accounts if you’re concerned about identity theft.
8. Follow up on your chargeback and dispute process: Stay in regular contact with your credit card company about your dispute and provide additional documents promptly if requested. Be patient and persistent as the investigation process could take up to 90 days.

Final thoughts

Online shopping should feel exciting, not a dangerous undertaking you have to brace for, especially during the season of giving. It can be, with a few simple steps—checking the URL, looking for HTTPS, verifying the seller, paying with a credit card or virtual number, and trusting your gut when something feels suspicious. These small habits will keep your money and your identity where they belong: with you.

For increased safety while shopping online, seek out the help of a trusted security solution such as McAfee+ that will alert you of risky links and compromised websites to prevent identity theft or malware infection.

If this guide helps you, pass it along to someone you care about. Scams don’t just target individuals—they cascade into families and friend groups. The more we normalize safe shopping habits and increase our vigilance, the harder it is for fraudsters to win. If you ever feel unsure mid-purchase, take a breath and double-check. A few extra seconds now can save you a lot of stress later. Stay safe, and happy shopping!

The post Helpful Tips for Safe Online Shopping appeared first on McAfee Blog.

Russian state has tolerated parallel probiv market for its convenience but now Ukrainian spies are exploiting it

Russia is scrambling to rein in the country’s sprawling illicit market for leaked personal data, a shadowy ecosystem long exploited by investigative journalists, police and criminal groups.

For more than a decade, Russia’s so-called probiv market – a term derived from the verb “to pierce” or “to punch into a search bar” – has operated as a parallel information economy built on a network of corrupt officials, traffic police, bank employees and low-level security staff willing to sell access to restricted government or corporate databases.

Continue reading...

© Photograph: Alexander Zemlianichenko/AP

© Photograph: Alexander Zemlianichenko/AP

© Photograph: Alexander Zemlianichenko/AP

Reuters news agency says it obtained document after visiting URL it predicted file would be uploaded to

• How Rachel Reeves’s budget was leaked 40 minutes early

The chair of the Office for Budget Responsibility has said he felt mortified by the early release of its budget forecasts as the watchdog launched a rapid inquiry into how it had “inadvertently made it possible” to see the documents.

Richard Hughes said he had written to the chancellor, Rachel Reeves, and the chair of the Treasury select committee, Meg Hillier, to apologise.

Continue reading...

© Photograph: Kirsty O’Connor/Treasury

© Photograph: Kirsty O’Connor/Treasury

© Photograph: Kirsty O’Connor/Treasury