Government and law enforcement officials joined with Microsoft outlined how they took down the most impactful nation-state attackers

Read More

Mobile banking and finance apps have become increasingly popular in recent years. These apps provide a quick and convenient way to see checking and savings account balances and make and receive payments.  

It’s no surprise that many people use these third-party apps to manage their finances. In 2021, the U.S. saw 573.1 million finance app downloads, a 19% increase from the previous year. 

However, despite its benefits, mobile banking isn’t immune to risks. This article will discuss the safety and security of mobile finance apps and give you a few pointers to protect yourself while using these apps. 

Is mobile banking safe?

Yes, mobile banking is a pretty safe way to manage your finances; however, there can still be some risks associated with it, including fraud and scams.  

If you’re careful, there are plenty of ways to protect yourself while using this incredibly easy banking method. 

6 tips to improve mobile finance app security

Here are a few tips to help you improve the safety of your online financial accounts. 

Ensure you’re downloading the official app

A bank’s website will often include links to their mobile apps that provide related mobile banking services, along with details about the app’s features and how users can use it. You should use a trusted platform when installing the app, like the App Store for iPhone or iOS users or the Google Play Store for Android users.  

You should also take time to go through reviews and related information about the app before downloading it to ensure its legitimacy. If you have any doubts, clarify the issue with your bank before downloading what could be a fake banking app. 

Set a strong password 

While this may seem obvious, the reality is that many people don’t pay enough attention to their passwords. To create a strong password, you should use a combination of uppercase and lowercase letters, numbers, and special characters in no particular order or pattern.  

In addition, security experts recommend long, complex passwords to exponentially increase the time it takes to crack them. It also helps to have unique passwords for each of your accounts.  

If you’re concerned about remembering and managing multiple passwords, you can use a reputable and secure password manager like McAfee True Key to store your passwords.  

Use two-factor authentication when possible

Many services nowadays offer two-factor or multifactor authentication. This function refers to the additional layers of security against hackers. On top of a traditional username-password login, users are required to identify themselves with a code that’s sent to their cellphone or email. 

By confirming the user’s identity this way, organizations eliminate a degree of uncertainty. While it isn’t foolproof, two-factor or multifactor authentication helps increase security. It’s worth checking if your finance app offers this feature. 

Avoid public Wi-Fi when using finance apps

Public Wi-Fi networks are convenient in urgent situations; however, they often come with a warning saying the network is unsecured. This means that the network is unencrypted, making it easy for hackers to access your personal information. The best practice is to avoid using public Wi-Fi networks, especially when carrying out any form of financial transaction.  

If you need to make purchases or send and receive money while on the move, though, you’ll want to consider a virtual private network (VPN) like McAfee Secure VPN. The VPN provides a secure network even when using public Wi-Fi by hiding your IP address and encrypting your data. 

Get email/text alerts for potential fraud

The easiest way to protect your finances is to keep a vigilant eye on all of your transactions. However, security notifications from your bank are a great added measure. Most credit card companies allow you to turn on transaction alerts for various services, such as balance transfer requests, international purchases, and exceeded credit limits, which can help you recognize any suspicious activity on your account.  

It’s also important to remember that financial institutions will never contact you over the phone or through email to ask for your banking information. If you receive such a message, it’s most certainly a scam. A common way people get duped is through calls or emails claiming they’ve won a prize and need to share personal account details to receive the money. Never share your bank account details, passwords, or one-time codes with strangers.  

Always check with your bank to confirm any activity that seems out of the ordinary. In addition to alert notifications, banks can also send helpful tips to protect your account against fraud. 

Use McAfee Security for Mobile

McAfee Security for Mobile is an award-winning cybersecurity tool that helps address the issues mentioned above and more. It’ll scan your device for malware, suspicious websites, and unsecured Wi-Fi networks so you can use social media or shop online with complete peace of mind.  

It also comes with other features, like system cleaning services that clean junk from your phone’s storage. These features can boost battery life and help locate your phone if it’s ever stolen or misplaced.  

Are mobile banking apps as safe as online banking?

Mobile and online banking both have their benefits and drawbacks, but which is the safer option? Experts often have varied opinions on the matter.  

Some people believe it might be easier to download malware on a computer unknowingly, as it’s tricky to judge the authenticity of a website or malicious links. Users typically download apps from reputed app stores when using mobile devices, which lowers the risk. 

On the other hand, professionals believe that both methods are equally safe. The choice depends on the network available to the user, as private networks are significantly less susceptible to hacking than public ones. Some users may prefer computers to mobile phones simply because they find it easier to perform tasks on a bigger screen. 

See how McAfee Security for Mobile keeps your device safe

Both internet and mobile banking are convenient and offer a quick way to manage your personal finances, as you don’t have to travel to a physical bank or carry large amounts of cash in your wallet.  

However, while mobile banking is generally considered a safe method of managing your finances, it can have some vulnerabilities that scammers may try to take advantage of. 

Following the tips mentioned above — like using a private network, not sharing personal details with anyone, and using a comprehensive mobile security tool like McAfee Security for Mobile — can make all the difference.  

The tool’s security features include safe browsing, a secure VPN, and antivirus software. This means you can use your mobile finance apps confidently knowing McAfee is looking out for you. 

The post How to Know If Your Mobile Finance Apps Are Safe appeared first on McAfee Blog.

Read More

Say you’re getting married. You and your partner have booked the venue, made the seating arrangements, trained your dog to be the ring bearer – and everything is running smoothly. You’ve used a trusty wedding planning website to make everything a breeze. Nothing could ruin this day for you! Except, there’s an uninvited guest. They’re not crashing the wedding and making an awkward toast, but they’ve crashed into your wedding planning website account and now have access to your information.  

There are many things that could go wrong during wedding planning – some of them out of anyone’s control. Maybe the caterer canceled last minute, or the live band is stuck in traffic. Other things may be easily avoided, but you don’t necessarily see them coming. Like a hacker accessing your wedding website and making fraudulent bank transfers right before your big day. 

The Wedding Crasher 

Zola, a wedding planning site allowing couples to create websites, budgets, and gift registries, confirmed that hackers had managed to access the accounts of some of their users, The Verge reported. Once these accounts were infiltrated, hackers used the linked bank accounts or funds held inside the site to make cash transfers. The main method these cybercriminals used was purchasing gift cards through the user’s account and sending them to their email addresses to avoid being easily traced. 

These criminals did not hack the Zola website itself but hacked their users’ accounts with a method called credential stuffing. This is a strategy where hackers take email and password combinations involved in previous breaches of other websites and use them to log into other online profiles. 

You may not even know that your information had been breached previously and that cybercriminals now had your logins for a number of different accounts. Luckily, there are ways to protect yourself and your information from credential stuffing tactics to stop hackers in their tracks. 

Tell Credential Stuffing to Go Stuff It 

Just because you’ve hypothetically grown up and are ready for lifelong commitments doesn’t mean you’ve outgrown those old trusty email addresses and passwords (hello, “basketball4life23”). There’s a level of nostalgia that comes with using the email account that you made in middle school, or maybe you just haven’t gotten around to changing it. However, keeping those old email addresses and logins are doing you more harm than good. Want to make sure that hackers aren’t able to credential stuff your accounts? Here are some trusty tips to keep your information safe. 

Track down and close old accounts 

The best way to know that your old accounts aren’t coming back to haunt you is to make sure those ancient logins are dead and gone. If you don’t remember all the accounts you’ve made and no longer use, don’t sweat it! There are settings through your internet browser that will show you all the accounts and passwords you have saved. A password manager also keeps track of all your credentials, so you don’t have to wrack your brain to try and remember every account you’ve ever made. Once you’ve gone through all your old online accounts you no longer use, close them for good! Though this step will require some time and patience, it’s always better to put in the effort and know your information is safe than to risk it. 

Create strong and unique passwords 

Only having to remember one password for every account may make logging in easier, but ensuring that each of your accounts is unique and secure is worth the extra effort. Having a strong and unique password for each of your accounts helps protect them from credential stuffing and other threats. Varying your passwords across online accounts will assure you that if one of them is breached, the others will remain safe. A password manager can also help with this step, because many of them, such as True Key, can generate strong, random, and unique passwords for every account. 

Update credentials when necessary 

Keep an eye out to make sure that if a website or company you have an account with is breached, you are updating your credentials so that hackers can’t access them. If you see that there has been a hack and your information is vulnerable, immediately update your logins and passwords on that account to keep yourself safe. 

Use multifactor authentication 

Using multifactor authentication adds an extra layer of protection to your accounts. This safety measure requires more than one method of identity verification to access the account, helping to prevent criminals from gaining access to your password-protected information.   

Don’t let cybercriminals get the jump on you! Take the necessary steps to protect your accounts and your personal information. Though combing through your old accounts and deleting them or coming up with a new and unique password for every site login isn’t a glamourous activity, you’ll enjoy greater peace of mind that your accounts are safe, leaving you free to enjoy life’s best moments.  

The post Wedding Planning App Users Hacked Before the Big Day appeared first on McAfee Blog.

Read More

The great thing about the internet is that there’s room for everyone. The not-so-great part? There’s plenty of room for cybercriminals who are hungry to get their hands on our personal information.  

Fortunately, internet scams don’t have to be a part of your online experience. In this article, we’ll tell you about some of the most common internet schemes and how you can recognize them to keep your identity safe. 

5 tips to help you recognize an online scam

Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.  

They say you’ve won a huge prize

If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.  

When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.  

They want you to pay in a certain way

Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.  

Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.  

When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.  

They say it’s an emergency

Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.  

Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.  

They say they’re from a government organization or company

Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.  

If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.  

Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away. 

The email is littered with grammatical errors

Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.  

It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.  

8 most common online scams to watch out for

There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.  

Phishing scams

A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.  

Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.  

During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.  

Travel insurance scams

These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.  

You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.  

Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.  

Grandparent scams

Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members. 

For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.  

If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.  

Advance fee scam

You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.  

There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.  

Tech support scams

Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.  

When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.  

These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.  

Formjacking and retail scams

Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different. 

Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.  

For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.  

Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site. 

Scareware scams (fake antivirus)

These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).  

You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.  

What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.  

To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.  

Credit repair scams

Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report. 

All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.  

Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.  

What can you do if you get scammed online?

Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).  

Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.  

The National Center for Disaster Fraud (NCDS) handles fake scams involving natural disasters and other national crises.  
The Internet Crime Complaint Center (IC3) handles scams involving malware, fake websites, and fraudulent emails. 
You can report international scams through econsumer.gov. 
You can report Social Security scams through the Office of the Inspector General website.  
You can report scammers who pretend to be the IRS through the Treasury Inspector General for Tax Administration website.  
You can report tax-related identity fraud to the IRS. 

Discover how McAfee can keep you and your info safe online

Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.  

For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee’s Total Protection services can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.  

Get the peace of mind that comes with McAfee having your back. 

The post How to Recognize an Online Scammer appeared first on McAfee Blog.

Read More

People are leaking classified military information on discussion boards for the video game War Thunder to win arguments—repeatedly.

Read More

Stress levels mount for security leaders and SecOps

Read More

If your organization is having trouble creating policies, I hope that this blog post will help you set a clear path. We’ll discuss setting up your organization up for success by ensuring that you do not treat your policies as a “do once and forget” project. Many organizations I have worked with have done that, but later realized good policy lifecycle is required, and a pillar of good governance.

Organizations often feel that developing and enforcing policies is bureaucratic and tedious, but the importance of policies is often felt when your organization does not have them. Not only are they a cost of doing business, but they are also used to establish the foundation and norms of acquiring, operating, and securing technology and information assets.

The lifecycle, as it implies, should be iterative and continuous, and policies should be revisited at a regular cadence to ensure they remain relevant and deliver value to your business.

 Assess

The first step is to find out where your organization is, this step should shine a light on where, and what gaps exist.

First, determine how you will be assessing your policies; here is a checklist, whether you are building new ones or bringing current ones up to date:

Is it current and up to date
Does it have a clear purpose or goal
Does it have a clear scope (inclusions /exclusions)
Does it have a clear ownership
Does it have a clear list of affected people
Does it have language that is easy to understand
Is it detailed enough to avoid misinterpretations
Does it follow the laws/regulations/ethical standards
Does it reflect the organizational goals/values and culture
Are key terms and acronyms defined
Have related policies and procedures been identified
Are there clear consequences for non-compliance
Is it approved and supported by management
Is it enforceable

Next, inventory your organization’s policies by listing them and then assessing the quality using the previous list. Based on the quality, identify if your organization needs new policies or if the existing ones need improvement, then determine the amount of work that will be required.

Best practices suggest that you may want to prioritize your efforts on the most significant improvements, those that focus on the most serious business vulnerabilities.

Understand that policy improvement does not end with a new policy document. You will need to plan for communications, training, process changes, and any technology improvements needed to make the policy fair and enforceable.

Develop

After the assessment is done, you should plan on developing your policies or revamping the old ones. Although there is no consensus on what makes a good policy, referenced material [1] [2] [3] [4] suggests the following best practices, policies should have a clear purpose and precise presentation that drives compliance by eliminating misinterpretations;

All policies should include and describe the following:

Purpose
Expectations
Consequences
Glossary of terms

For maximum effect, policies should be written:

With everyday language
With direct and active voice
Precisely to avoid misinterpretation
Realistically
Consistently in keeping with standards

Consider that policies need to be actively sold to the people who are supposed to follow them. You can achieve that by using a communication plan that includes:

Goals and objectives
Key messages
Potential barriers
Suggested actions
Budget considerations
Timelines

Enforcement

A lack of enforcement will create ethical, financial, and legal risks to any organization. Among the risks are loss of productivity due to abuse of privileges, potential wasted resources, and loss of reputation if an employee engages in illegal activities due to poor policy enforcement, which can lead to potential litigation. Make sure that you have clear rules of engagement.

Your organization should establish the proper support framework around Leadership, Process, and Monitoring. Policies should perform against standards. Policies don’t always fail due to bad behavior; they fail because:             

They are poorly written
There is no enforcement
They are illegal or unethical
They are poorly communicated
They go against company culture

If your company feels overwhelmed thinking about all the moving pieces that make up an IT Policy Management Lifecycle. Let AT&T Cybersecurity Consulting help whether you need to amend existing policies, implement one or more brand new policies, or need a complete overhaul of the entire policy portfolio.

References

1) F. H. Alqahtani, “Developing an Information Security Policy: A Case Study Approach,” Science Direct, vol. 124, pp. 691-697, 2017.

2) S. Diver, “SANS White Papers,” SANS , 02 03 2004. [Online]. Available: https://www.sans.org/white-papers/1331/. [Accessed 15

3) S. V. Flowerday and T. Tuyikeze, “Information security policy development and implementation: The what, how, and who,” Science Direct, vol. 61, pp. 169-183, 2016.

4) K. J. Knapp, R. F. Morris, T. E. Marshall and T. A. Byrd, “Information security policy: An Organizational level process model,” Science Direct, vol. 28, no. 7, pp. 493-508, 2007.

Read More

SSNDOB domains seized in coordinated operation

Read More

Looking for your next position as a CISO, preferably one with more pay, better benefits, and more on-the-job responsibilities/respect? Then you need to know what skills and qualities prospective employers are seeking now from their CISO hires to maximize your chances of getting your dream job. Here are the top six attributes recruiters sayorganizations are looking for in a CISO.

1. Previous CISO experience (probably)

Today’s employers expect new CISOs to bring a wealth of skills to their positions. According to Burke Autrey, partner and CEO of IT talent recruitment firm Fortium Partners, organizations are seeking experienced candidates who have served as CISOs “multiple times at multiple companies.” In their previous positions, their duties will have covered “governance, compliance, monitoring/threat detection, and incident response as a leader,” he says. Such CISOs will have also gained experience in managing “budgets, people resources, peer executive and board interaction, and law enforcement and insurance liaison responsibilities.”          

To read this article in full, please click here

Read More

Microsoft will soon change the mandate to multi-factor authentication (MFA) with changes to Microsoft 365 defaults. As Microsoft points out, “When we look at hacked accounts, more than 99.9% don’t have MFA, making them vulnerable to password spray, phishing and password reuse. “Based on usage patterns, we’ll start [mandating MFA] with organizations that are a good fit for security defaults. Specifically, we will start with customers who aren’t using Conditional Access, haven’t used security defaults before, and aren’t actively using legacy authentication clients.”

To read this article in full, please click here

Read More