The International Counter Ransomware Taskforce (ICRTF), envisioned by the International Counter Ransomware Initiative (CRI), kicked off its operations on Monday with Australia as its inaugural chair and coordinator.

The CRI was first brought together in October 2021 with a virtual meeting of 30 countries, facilitated by the US White House National Security Council.

In November 2022, a second meeting took place where the following was established by the 37 participating member:

To read this article in full, please click here

Read More

It’s been like this from the start—wherever people shop, do business, or simply gather together, you’ll find thieves in the mix, ready to take advantage. And that’s truer today when it comes to life online as cybercriminals use the internet to steal financial or personal data for their personal gain—otherwise known as identity theft.  

This is a criminal act and can affect your credit score in a negative way and cost money to fix. It can also affect employment opportunities since some employers conduct a credit check on top of drug testing and a criminal history check. Identity theft victims may even experience an impact to their mental health as they work to resolve their case. 

This could include private details like your birth date, bank account information, Social Security number, home address, and more. With data like this, an individual can adopt your identity (or even create a fake identity using pieces of your personal profile) and apply for loans, credit cards, debit cards, and more. 

You don’t have to be kept in the dark, though. The good news is that being able to recognize the signs of identity theft means you can act quickly to intervene and minimize any effects in case it happens to you. You can also protect yourself by using preventive measures and engaging in smart online behavior.  

Steps to take if you think your identity has been stolen 

There are several signs that your identity has been stolen, from a change in your credit score to receiving unfamiliar bills and debt collectors calling about unfamiliar new accounts. It may be an unusual charge on one of your cards, however small. Or you may use a credit monitoring service like ours and receive an alert of suspicious activity. However it comes to your attention, you can act fast to minimize what happens. 

File a police report 

Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you may need to get your bank or other financial institution to reverse fraudulent charges. An official report assures the bank that you have been affected by identity fraud and it’s not a scam. 

Before going to the police, gather all the relevant information about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that could be related. For example, was your debit card recently lost or your email hacked? The police will want to know. 

Notify the company where the fraud occurred 

You should also notify any businesses linked to your identity theft case. Depending on the type of identity theft, this could include banks, credit card companies, medical offices, health insurers, e-commerce stores, and more. Similarly, a fraudster may assume your identity to gain access to health care services, such as medical checkups, prescription drugs, or pricey medical devices. For instance, if someone uses your health insurance to get prescription drugs from a pharmacy, make sure to alert the pharmacy and your insurer. 

File a report with the Federal Trade Commission 

The Federal Trade Commission (FTC) is a government body that protects consumer interests. You can report identity theft via their portal, IdentityTheft.gov. They’ll then use the details you provide to create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338. 

Outside of the U.S., our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance. 

Ask credit reporting agencies to issue a fraud alert 

A common consequence of identity theft is a dip in the victim’s credit score. For example, a cybercriminal may take out new lines of credit in the victim’s name, accrue credit card debt, and then not pay the balance. For this reason, contacting the credit monitoring bureaus is one of the most important steps to take in identity theft cases. 

There are three main agencies in the U.S.: TransUnion, Equifax, and Experian. You can get a free credit report from each agency every 12 months via AnnualCreditReport.com. Check the report and note all fraudulent activity or false information and flag it with the relevant bureau’s fraud department. You should also initiate a fraud alert with each agency. 

A fraud alert requires any creditors to verify your identity before opening a new line of credit. This adds an extra layer of security. An initial fraud alert lasts for 90 days. Once this expires, you can prolong your protection via an extended fraud alert, which will remain valid for seven years. You can notify one of the big three bureaus to set it up. They are then required to notify the other two bureaus. 

A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others may want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer may check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze. And depending on your plan, you can issue a credit freeze or an even more comprehensive security freeze right from the McAfee app. 

Change passwords for your accounts 

Identity theft is often linked with leaked or hacked passwords. Even if you aren’t sure whether your passwords have been compromised, it’s best to play it safe. Change passwords to any affected accounts. Make sure to use strong, unique passwords for each of your accounts with a mix of numbers, letters, and symbols. A password manager included with comprehensive online protection software can do the work for you by creating and securely storing them for you. Further, if there’s a chance to activate two-factor authentication on your accounts go ahead and use it as it makes accessing accounts with a stolen password more difficult. 

Is it possible to prevent identity theft? 

Putting thorough protections in place can greatly reduce your risk of identity theft. As mentioned above, our McAfee+ plans offer a broad set of features that can help protect your identity. You monitor your credit, monitor your identity, and even help you restore your credit with identity theft & restoration services that cover up to $1 million in losses due to identity theft and connect you with recovery pros who can help you clean up your credit. 

Additionally, you can grab a copy of our free Identity Protection Guide that covers the topic in detail—it’s part of our McAfee Safety Series, dedicated to ways you can protect yourself for a safer, more enjoyable life online. 

If identity theft happens to you … 

Realizing that you’ve become a victim carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, or even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Right away. 

Think like a detective who is building—and closing—a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer for any questions you’ll face in the process of restoring your identity will help you see things through. 

The post What Should You Do if Your Identity Has Been Stolen? appeared first on McAfee Blog.

Read More

PayPal recently notified thousands of its customers that their accounts were breached by hackers, leaving their Social Security Numbers and other key pieces of personal information exposed as a result. 

Sources report, that the attack involved “credential stuffing,” where hackers gather lists of usernames and passwords sourced from the dark web or from data breaches—and then “stuff” those credentials into login systems, giving them access to those accounts. 

This form of attack is particularly dangerous for people who re-use passwords across their accounts, as hackers can steal a password from one account and use it to access others. 

It is reported that PayPal notified users affected by this attack on January 18th with an email since made available online. The email states that,  

“Based on PayPal’s investigation to date, we believe that this unauthorized activity occurred between December 6, 2022, and December 8, 2022, when we eliminated access for unauthorized third parties. During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users.” 

PayPal further detailed the information exposed (emphasis ours): 

The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth. 

The email went on to say that PayPal reset the passwords of the affected accounts and will require affected users to establish a new password the next time they log in to their accounts. 

What to know about the PayPal attack and other attacks like it. 

It takes time for companies to discover breaches and other illegal activities on their networks. The activity may have occurred days, weeks, or even months before it was discovered. Thereafter, it takes yet more time for companies to investigate the attack, determine the method of entry, what was affected, and to what extent—not to mention update their security measures as needed. 

In the case of PayPal, the company stated that the attacks occurred between December 6th and 8th of 2022, and the notification sent to affected customers was dated January 18th.  

This is typical of such attacks. Time passes before victims get notified. And yet more victims may be identified as investigations continue, leaving hackers with a relatively large window of opportunity to do harm. 

What should I do if I think my account was caught up in the PayPal attack? 

Given the nature of the PayPal attack, there are a few steps you can take to protect yourself in its aftermath, which involves a combination of preventative steps and some monitoring on your part. 

Change your passwords and use a password manager 

Given that passwords were involved, changing your PayPal password is a must. (As stated, PayPal will require you to do so.) And if you re-use passwords or similar passwords across accounts, changing them is a must as well.  

Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date by the time a hacker attempts to use it. 

Enable two-factor authentication 

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.  

PayPal offers two-factor authentication as an option, and you can enable it by logging into your account settings and then clicking on the “Security” tab. 

Report unauthorized use of your PayPal account immediately 

Per PayPal’s customer email, contact their customer service for assistance if you spot any unusual activity on your account. 

Monitor your accounts and credit for usual activity 

If you spot unusual or unfamiliar transactions on your bank or credit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed. 

Given number the accounts you might have, a credit monitoring service can help. McAfee’s credit monitoring service can help you keep an eye on changes to your credit score, report, and accounts with timely notifications and provide guidance so you can take action to tackle identity theft. 

Keep an eye out for phishing attacks 

With some personal information in hand, bad actors may seek out more. They may follow up a high-profile attack with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting.  

If you are contacted by PayPal, make certain the communication is legitimate. Bad actors may pose as PayPal to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the PayPal website or contact them by phone directly. 

Consider using identity monitoring 

An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft.​ Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s monitors the dark web for your personal info and provides early alerts if your data is found on there, an average of 10 months ahead of similar services.​ We also provide guidance to help you act if your information is found. 

Check your credit and consider a credit freeze 

When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name. 

Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies. This will help prevent bad actors from opening new lines of credit or take out loans in a victim’s name by “freezing” their credit report so that potential creditors cannot pull it for reference.  

McAfee+ plans give you guidance on how to place a full security freeze, stopping lenders and other companies from seeing your credit file. This halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score. ​ 

Get comprehensive online protection and identity theft coverage 

A complete suite of online protection software can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone.  

Additionally, we offer $1 million in identity theft coverage and restoration support from a licensed recovery pro who can help you repair your identity and credit if you find yourself a victim. 

What about my Social Security Number? 

Your Social Security or tax ID number is one of the most precious pieces of personal information you have. With them, an identity thief can open new accounts or lines of credit in your name, not to mention gain employment, claim insurance benefits, or even commit crimes in your name.  

PayPal stated that victims may have had Social Security or tax ID number exposed. If you believe this occurred to you, file a report with the Federal Trade Commission (FTC), which handles such cases. From there, they will provide you with a set of next steps. 

The PayPal attack – you have ways to protect yourself 

Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the PayPal breach.  

Data breaches typically make the news when it affects a large company and generally only after they discover and release word of it. This means you might not hear about a breach until weeks or even months after your stolen info has been in circulation on the dark web. The measures you can take here can mitigate the damage of such attacks, even if you don’t think you were caught up in a specific breach.  

However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, making protecting ourselves a must. 

The post The PayPal Breach – Who Was Affected and How You Can Protect Yourself appeared first on McAfee Blog.

Read More