In this post, we go through a thorough checklist based on our recommendations for how to prepare and what to do with your child’s first gadget, which were developed by Kaspersky in collaboration with Dr. Saliha Afridi, clinical psychologist. To make this challenge easier for you, we’ve included a link to download the handbook in PDF format at the end of this post.

What should I do before give a gadget to my kid?

  1. Create a child account
  2. Disable in-app purchases
  3. Install essential apps
  4. Adjust app privacy
  5. Use a digital parenting app (like Kaspersky Safe Kids)
  6. Set age-appropriate filters
  7. Block unknown calls

How do I introduce a new gadget to my child?

  1. Establish family rules and good tech-habits
  2. Create tech-free zones and times
  3. Promote non-tech activities
  4. Limit your kid’s phone usage during:
    • meals
    • bedtime
    • family gatherings and outings
    • homework and studying
    • hosting social gatherings
    • engaging in outdoor activities
    • morning routines

What online safety rules should my child know?

  1. Set clear ground rules about what they can and can’t do online
  2. Teach them privacy basics and tell them about the risks of oversharing
  3. Emphasize that they should never share personal info or login details
  4. Advise children to use non-personal usernames

What are the main online risks I should tell my kid about?

  1. Watch out for phishing scams
  2. Avoid unauthorized game downloads
  3. Ignore intrusive ads and surveys
  4. Exercise caution regarding links and email attachments
  5. Seek help if uncomfortable or suspicious regarding something online
  6. Use unique passwords, and consider Kaspersky Password Manager  for security

How do I help my children avoid online strangers?

  1. Telling them to say no to unknown friend requests
  2. Telling them to become suspicious if someone asks personal questions
  3. Maintaining open communication about your kids’ online activities

What online gaming safety advice should I give?

  1. Play with friends you know
  2. Enable a “gaming mode” for safety
  3. Download games only from trusted stores
  4. Ignore chat-room links
  5. Never share passwords – even with friends

My kid is being bullied on the Internet. What should I do?

  1. Listen to them without interrupting
  2. Make them feel both safe and understood
  3. Take screenshots of harmful content
  4. Discourage retaliation
  5. Update privacy settings, change passwords, block or report the bully
  6. Report to the school
  7. Consider professional help for stress-related signs

My kid is bullying others online. What should I do?

  1. Stay calm, gather evidence, and understand the context
  2. Get your child’s side of the story
  3. Help them see the impact on others
  4. Encourage an apology to the victim
  5. Without being overly invasive, consider using digital parenting apps
  6. Promote responsible online behavior
  7. Seek professional help if necessary

What questions should I ask my child to ensure their online experience is safe?

  1. What’s interesting online today?
  2. Anything confusing encountered?
  3. Do you chat or game with strangers?
  4. How do you choose what to share?
  5. Have you ever felt uncomfortable online?
  6. Are there any new apps or websites you enjoy?
  7. Do you know how to handle inappropriate messages?
  8. Have you ever seen someone being unkind online? How did you react?

How do I monitor my kids online without invading their privacy?

  1. Talk about their online experience
  2. Engage in their online activities together
  3. Use safety-focused parenting apps
  4. Explain why certain controls are needed
  5. Shift from monitoring to mentoring
  6. Stay updated on digital trends and share insights

What are signs of a negative impact of devices on my kids?

  1. Lower grades
  2. Less physical and social activity
  3. Eye strain, poor sleep, bad posture
  4. More irritability, withdrawal
  5. Neglecting hobbies, responsibilities
  6. Anxiety, depression, low self-esteem
  7. Shorter attention span, memory issues

We’ve explored the crucial steps for empowering both you and your child in the digital realm. For your convenience, download our PDF handbook — a practical resource to help you navigate your child’s tech journey with confidence.

#Preparing #childs #gadget #comprehensive #checklist

Sooner or later (most) parents inevitably get round to buying their kids their own electronic device. According to Kaspersky’s research, 61 percent of children get their first device between the ages of eight and 12, and, perhaps surprisingly, in 11 percent of cases, they’re given their own cellphone or tablet before they turn five. It’s essential for parents to know the guidelines for introducing a device into their kids’ lives for the first time.

Together with clinical psychologist Dr. Saliha Afridi, Kaspersky is presenting cybersecurity and psychological considerations that parents would do well to be aware of before giving their kids their very first tech gadgets.

What to do before giving a gadget to a child?

Set up a Child Account before giving your offspring their first gadget. Whether it’s a phone or a tablet, it’s crucial to ensure the age-appropriateness and safety of the gadget. Even if it’s a brand-new gift, prioritize setting up this feature. A Child Account acts as a safeguard on the device, preventing things like downloads of mature content or songs with explicit content. For detailed guidance on creating a kid’s account, refer to our guide for Android or the one for iOS.

Install all the basic applications that support either communication or geo-location (like messenger and map apps), plus learning applications. And don’t forget to set up the privacy and confidentiality settings in each of the installed applications, so that the child, for example, isn’t discoverable via their phone number by unknown individuals. Tools like Privacy Checker can assist you in tailoring the optimal protection settings for various devices and platforms.

Remember to install a digital parenting app as well. This will empower you to curate content, monitor the amount of time your kid spends on specific apps (and set limits if needed), and track their current location.

How to introduce a new device into a child’s life?

Walk them through the device’s functionalities as well as the potential dangers when gifting them a new gadget. This is an opportune moment to explore its features and understand its potential pitfalls.

Craft a set of family usage rules together. In this conversation, it’s important to foster an understanding and consensus about the responsibilities and expectations tied to device ownership. To ensure a healthy balance, establish tech-free zones and times — perhaps during dinner or the hours leading up to bedtime. Designate moments for non-tech hobbies like reading, outdoor games, or puzzles, which can act as beneficial alternatives to screen time. Periodically revisiting and refining these rules as your kid grows and technology advances is key.

And remember — unless a kid shows a healthy level of engagement with real-life activities and in-person socializing, don’t introduce a smartphone or social media. One way they can earn a device is by showing that they’re capable of doing the “non-negotiables” regularly and consistently. These include sleep, exercise, homework, socializing, eating healthily, and wakeful resting periods.

How to talk to a child about online safety?

Encourage open communication from the outset. Engage junior in conversations about their online experiences — ensuring they feel safe to share both the good and the bad experiences.

Stay up to date with the latest digital trends and threats as well as high-profile cyberbullying or data breaches. Share this information with your child in a way they understand. You can learn the latest cybersecurity news via our blog.

Bring up the permanence of online actions. This includes how things shared online stay there forever and can affect their reputation and future opportunities. Kids should be especially careful about information they share about themselves: never giving out their address, geolocation or login credentials and passwords. Additionally, they should avoid using their real names as user IDs, as these can be potential clues for attackers to discover their other social media accounts. Help them understand the concept of privacy and the potential risks of sharing too much information.

Teach your kid that accepting friend requests from unfamiliar individuals in real life should be avoided. It’s crucial to explain that if someone they don’t know is persistently trying to find out personal information about them or their parents, it’s a cause for concern. Your child shouldn’t feel they’re being rude or impolite if they don’t respond to a request for friendship. In social networks, just like in life, there needs to be privacy.

By having such conversations and educating your children about online risks in a non-confrontational manner, you raise your kids being more likely to approach you when they encounter something questionable online. You should make sure they maintain a stance of curiosity — not judgment or fear. Your reactions will determine how open they feel about sharing in the future.

And a digital parenting app serves here as a valuable tool to enable you to monitor your kids’ online searches and activity, ensuring a safer online experience.

What are the main risks I should tell my child about?

In our digital age, kids are vulnerable to cybercriminals, often because they’re unfamiliar with essential cybersecurity principles and common scam tactics. It’s our duty as guardians to educate them on these matters before they inadvertently fall prey to them.

For instance, guide your kid in identifying deceptive commercials, bogus survey requests, counterfeit lotteries, and other schemes that can jeopardize their personal data. Help them grasp the reality that, while it might be tempting to download a Barbie movie ahead of its official release, offers like these could be ploys by cybercriminals aimed at pilfering data or even siphoning money from their parents’ cards. A reliable security solution can detect and block any phishing websites or any malicious software.

Instill in your child the habit of being critical and cautious when online. Teach them to pause before clicking when it comes to dubious links, unfamiliar email attachments, or messages from unknown entities. Discuss the appropriate permissions apps should have on their devices. For example, there’s no valid reason for a Calculator app to request geolocation access.

Make conversations about cybersecurity more enjoyable and interesting by discussing the topic through games and other entertaining formats. Most importantly, instill confidence in them to approach a trusted adult when faced with unsettling or suspicious situations online.

How to check that you’re prepared?

Once a gadget appears, your family’s life will inevitably undergo a transformation, as your kid will be drawn into the realm of the internet. Rather than forbidding it, it’s advisable to guide them on proper online behavior — if used correctly, a gadget can really help kids learn and grow. However, this can only happen if they know when and how to alert their parents about any online threats they come across – whether they’re receiving strange messages from adults, requests for personal information, or stumbling upon phishing sites.

Learning, however, is a gradual process, and it doesn’t guarantee perfection from the start. Mistakes will naturally occur, such as your kid accidentally downloading malware or engaging with suspicious individuals or struggling with screen time management. Nonetheless, your role as a parent is to provide support and assistance in their learning process. Only this way can you help your child be safe online.

To get ready for the challenge, we suggest taking a peek at our complete handbook for parents about getting your kid’s first gadget.

#Preparing #childs #gadget

Apple’s App Store is considered a reliable platform for downloading apps. So much so, in fact, that users often assume there’s no danger at all: what could possibly be wrong with an app that’s been moderated by Apple? App Store verification is indeed effective, and news about malicious or phishing apps on the platform is uncommon.

All the same, malware creators do occasionally sneak under the App Store’s radar. This post examines three fraudulent apps we’ve found in the official Apple store, and what precautions you can take to avoid a financial hit.

Scam apps in the App Store

The three we’ve found all share a common theme: investment. If the descriptions are to be believed, two are for tracking the current value of cryptocurrency assets. The third seems to be some kind of investment game, which, I quote, “plunges you into the world of financial decisions, making you feel like a real office worker. You will have to make complex financial decisions that will affect your character’s mood and the state of their wallet”.

Scam apps we’ve found in the App Store

When the user opens any of these apps almost anywhere in the world, the program, having checked the location by IP address, shows what was promised in the description: either a simple app for tracking cryptocurrencies, or a mini-game with multiple-choice questions.

But if the user is in Russia, however, the app downloads far less innocuous phishing content. First, the victim is promised a decent income of at least $1000 a month. What’s more, you can start investing supposedly with small amounts — “from $110” — and expect your first profit “in just a few days”; access to the platform is, of course, free.

The promises of fabulous riches are followed by a rather long and detailed questionnaire. The scammers’ aim here is to get you to “invest” a certain amount of time and effort in the process; this is so that, come the key stage of the scam, the victim will be reluctant to give up that investment.

The culmination is a form asking for your first name, surname, and phone number so that “an investment platform specialist can be in touch”. Once the contact information is sent, the phishers promise to call you shortly.

And they’re true to their word. According to user reviews in the App Store, during the phone call with the “specialist”, the hapless user is persuaded to “invest” a certain amount in a highly dubious financial project. The outcome isn’t hard to predict: the fantastic payback never materializes, and the victim’s investment disappears.

Although user reviews of all three malicious apps warn about fraud, only when we reported them did the App Store moderators sit up and take notice. At the time of posting, all three apps have been removed from the App Store.

But how did they even get there in the first place? We can’t give a definite answer, of course — only Apple itself can do so after a thorough investigation. We can only assume that when the apps were being moderated, they only displayed harmless content since they were designed to download the phishing questionnaire from the internet as a regular HTML page. And then, after the apps had been approved and placed in Apple’s official store, the scammers modified the uploaded content.

How to stay safe

The iOS architecture is built to keep user apps as isolated as possible from the rest of a device’s system and also user data. Because of this, there’s no way to create a “classic” antivirus for iOS: it simply won’t have the necessary access to other programs and data running in the system. Apple works on the assumption that App Store moderation protects against malicious apps such as these. But, as we now see, its safeguards can be bypassed by substituting uploaded content with phishing once the app is approved. And because the App Store currently hosts around two million apps, the moderators simply don’t have time to respond quickly to user complaints.

Therefore, the next line of defense becomes all-important. Kaspersky: VPN & Antivirus for iOS with Plus and Premium subscriptions analyzes traffic and promptly detects attempts to open phishing sites on your device. Dangerous pages get blocked straight away and a warning is displayed.

Here’s how Kaspersky: VPN & Antivirus for iOS responds to an attempt by a scam app in the App Store to download phishing content

And although all the scam apps we found this time around singled out users in Russia, the same technologies could just as well be used to target any audience in any country in the world — the only question is when. So, as you can see, iOS needs protection just as much as Android.

#Beware #scammers #Dangerous #apps #App #Store

The tables have turned. Now you can use AI to spot and block scam texts before they do you harm. 

You might have heard how scammers have tapped into the power of AI. It provides them with powerful tools to create convincing-looking scams on a massive scale, which can flood your phone with annoying and malicious texts. 

The good news is that we use AI too. And we have for some time to keep you safe. Now, we’ve put AI to use in another powerful way—to put an end to scam texts on your phone. 

Our new McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your texts. No more wondering if a package delivery message or bank notification is real or not. Our patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. 

Stop scam texts and their malicious links.  

The time couldn’t be more right for this kind of protection. Last year, Americans lost $330 million to text scams alone, more than double the previous year, with an average reported loss of $1,000, according to the Federal Trade Commission. The deluge of these new sophisticated AI-generated scams is making it harder than ever to tell what’s real from what’s fake.  

Which is where our use of AI comes in. With it, you can turn the table on scammers and their AI tools.  

Here’s a closer look at how McAfee Scam Protection works: 

  • Proactive and automatic protection: Get notifications about a scam text before you even open the message. After you grant permission to scan the URLs in your texts, McAfee Scam Protection takes charge and will let you know which texts aren’t safe and shouldn’t be opened. 
  • Patented and powerful AI: McAfee’s AI runs in real-time and is constantly analyzing and processing millions of malicious links from around the world to provide better detection. This means McAfee Scam Protection can protect you from advanced threats including new zero-day threats that haven’t been seen before. McAfee’s AI continually gets smarter to stay ahead of cybercriminals to protect you even better. 
  • Simple and easy to use: When you’re set up, McAfee Scam Protection goes to work immediately. No copying or pasting or checking whether a text or email is a scam. We do the work for you and the feature will alert you if it detects a dangerous link and blocks risky sites in real time if you accidentally click.   

How do I get McAfee Scam Protection? 

McAfee Scam Protection is free for most existing customers, and free to try for new customers. 

Most McAfee customers now have McAfee Scam Protection available. Simply update your app. There’s no need to purchase or download anything separately. Set up McAfee Scam Protection in your mobile app, then enable Safe Browsing for extra protection or download our web protection extension for your PC or Mac from the McAfee Protection Center. Some exclusions apply¹. 

For new customers, McAfee Scam Protection is available as part of a free seven-day trial of McAfee Mobile Security. After the trial period, McAfee Mobile Security is $2.99 a month or $29.99 annually for a one-year subscription. 

As part of our new Scam Protection, you can benefit from McAfee’s risky link identification on any platform you use. It can block dangerous links should you accidentally click on one, whether that’s through texts, emails, social media, or a browser. It’s powered by AI as well, and you’ll get it by setting up Safe Browsing on your iOS² or Android device—and by using the WebAdvisor extension on PCs, Macs and iOS. 

Scan the QR code to download McAfee Scam Protection from the Google App store

 Yes, the tables have turned on scammers. 

AI works in your favor. Just as it has for some time now if you’ve used McAfee for your online protection. McAfee Scam Protection takes it to a new level. As scammers use AI to create increasingly sophisticated attacks, McAfee Scam Protection can help you tell what’s real and what’s fake. 

  1. Customers currently with McAfee+, McAfee Total Protection, McAfee LiveSafe, and McAfee Mobile Security plans have McAfee Scam Protection included in their subscription.
  2. Scam text filtering is coming to iOS devices in October.  
Introducing McAfee Scam Protection

Avoid scam texts with AI-powered protection

#AIpowered #Scam #Protection #Spots #Block #Scams #Real #Time

QR codes are all around us. They offer a quick way to take part in surveys, download useful stuff, and visit websites of interest. After all, pointing your phone at a picture is far easier than typing in an annoyingly long URL.

But their very convenience hides a significant drawback. With regular links, it’s possible to spot a trap with the naked eye. The red flags are well-known: typos or extra characters in the site address, a disguised redirect, strange domain zones, and so on. But as for QR codes, where that jumble of black squares might take you is anyone’s guess.

With a compelling example, in this post we explain how those harmless-looking squares can pose a threat, and how not to fall victim to scammers. The example in question is the story of a woman who lost US$20,000 by scanning a QR code when buying bubble tea.

20,000-dollar bubble tea

Many have encountered coffee-shop promos when visitors are invited to take a short survey in exchange for a free drink or a discount on a purchase. This often requires you to scan a QR code at the counter — a familiar, almost routine action. What could possibly go wrong?

That’s what a 60-year-old Singaporean must have thought, too. To get a free cup of bubble tea, she scanned the QR code sticker on the glass of the coffee shop door. As it turned out later, the sticker had been pasted on by cybercriminals. The scam code contained a link to download a third-party Android app in order, she believed, to take a survey. However, the app was malicious.

Once installed, the program requested access to the camera and microphone, and to enable Android Accessibility services. This built-in Android service allows criminals to view and control the victim’s screen, as well as to disable facial and fingerprint recognition — this way attackers can force the victim to type their banking app password manually, if needed. The scammers had only to wait for her to log in, intercept the credentials, and later use them to transfer all the money to their own accounts.

How not to fall victim

Since it’s impractical (and not really necessary) to avoid scanning QR codes altogether, we recommend the following:

  • Check the addresses of sites that are linked inside QR codes carefully, and look for typical red flags.
  • Make sure that the expected and actual content match up. For example, if the code was supposed to lead to a survey, logically there should be some kind of form with answer options. If not, close the site immediately. But even if the page arouses no suspicion, you should still be careful — it may be a high-quality fake (see the first point, and read our post about how to spot a bogus site).
  • Don’t download apps via QR codes. As a rule, bona fide apps can always be found on Google Play, the App Store, or any other official platform. Apps from third-party sources shouldn’t be installed in any case.
  • Protect your devices with a reliable security solution. A built-in QR scanner lets you check the link buried in the maze of squares. Also, our solution blocks attempts to visit malicious sites and protects you from the profusion of other threats out there in cyberspace.

#codes #dangerous #Kaspersky #official #blog

Short links are everywhere these days. All these,,,, and the like have long since become a familiar part of the online landscape. So familiar, in fact, that most users click on them without thinking twice. But thinking is never a bad thing. With that in mind, we explain below how short links work and what privacy and security threats they can pose.

What happens when you click on a short link?

When you click on a short link, you almost go straight to the intended destination, which is the address specified by the user who created the link. Almost, but not quite: the actual route takes a quick detour via the URL shortener service.

The more efficient the service, the quicker this takes, and the smoother the transition to the end stop. Of course, the delay feels insignificant only to a person — we humans are rather slow. But for an electronic system, it’s more than long enough to get up to all kinds of activity, which we’ll discuss below.

Why short links? The main reason is one of space: making a long link shorter means it takes up less of the screen (think mobile devices) and doesn’t eat up the character limit (think social media posts). Alas, that’s not all there is to it. The creators of short links may be pursuing their own goals, not necessarily driven by concern for users. Let’s talk about them.

Short links and user tracking

Have you ever wondered why many internet links are so long and unsightly? It’s usually because links encode all kinds of parameters for tracking click-throughs, so-called UTM tags.

Usually, these tags are deployed to determine where the user clicked on the link, and thus to evaluate the effectiveness of ad campaigns, placement on blogger pages, and so on. This is not done in the name of user convenience, of course, but for digital marketing.

In most cases, this is a fairly harmless form of tracking that doesn’t necessarily collect data from link clickers: often marketers are just interested in the source of traffic. But since this additional “packaging” doesn’t look very aesthetic, and often makes the URL insanely long, shortener services are often brought into play.

What’s more unpleasant from a privacy point of view is that URL shorteners don’t limit themselves to redirecting users to the destination address. They also tend to harvest a host of statistics about the link clickers — so your data ends up in the hands not only of the creator of the short link through embedded UTM tags, but also of the owners of the URL shortener. Of course, this is the internet, and everyone collects some kind of statistics, but using a short link introduces another intermediary that holds data on you.

Disguised malicious links

Besides violating your privacy, short links can threaten the security of your devices and data. As we never tire of repeating: always carefully check links before clicking on them. But with short links, a problem arises: you never know for sure where it is you’ll be taken.

If cybercriminals use short links, the advice to check them becomes meaningless: you can only find out where a link points after clicking. And by then it may be too late — if the attackers exploit a zero-click vulnerability in the browser, the infection can occur as soon as you land on the malicious site.

Short links and dynamic redirects

Cybercriminals can also use link-shortening tools to change the target address as the need arises. Suppose that some attackers bought a database of millions of email addresses and used it to send out phishing messages with some kind of link. But here’s the problem (for the attackers): the phishing site they created was quickly discovered and blocked. Rehosting it at a different address is not an issue, but then they would have to resend all the phishing mailshots.

The solution (again, for the attackers) is to use a “shimming” service, which makes it possible to quickly change the URL users will visit. And the role of “shims” here can be played by URL shorteners, including ones originally created with dubious intentions in mind.

With this approach, a link to the shimming service is added to the phishing email, which redirects victims to the phishers’ site at their currently active address. Often, multiple redirects are used to further muddy the trail. And if the destination phishing site gets blocked, the cybercriminals simply host it at a new address, change the link in the shim, and the attack continues.

Man-in-the-middle attacks

Some link-shortening tools, such as Sniply, offer users more than just shorter links. They allow tracking the actions of link clickers on the actual destination site, which is effectively a man-in-the-middle attack: traffic passes through an intermediate service node that monitors all data exchanged between the user and the destination site. Thus, the URL shortener can intercept anything it wants: entered credentials, social network messages, and so on.

Personal spying

In most cases, short links intended for mass use are placed in social network posts or on web pages. But additional risks arise if one was sent to you personally — in a messenger or an email to your personal or work address. Using such links, an attacker who already has some information about you can redirect you to a phishing site where your personal data is pre-filled. For example, to a copy of a banking site with a valid username and a request to enter your password, or to the “payment gateway” of some service with your bank card number pre-filled, asking you to enter a security code.

What’s more, such links can be used for doxing and other types of tracking, especially if the URL shortener service offers advanced functionality. For instance, our recent post about protecting privacy in Twitch looked in detail at ways to de-anonymize streamers and how to counter them.

How to stay protected

What to do about it? We could advise never to click on short links, but, in the vast majority of cases, URL shorteners are used for legitimate purposes, and short links have become so common that total avoidance isn’t really an option. That said, we do recommend that you pay special attention to short links sent to you in direct messages and emails. You can inspect such links before clicking by copying and pasting them into a tool for checking short links, such as GetLinkInfo or UnshortenIt.

However, there is a simpler method: a high-quality security solution with an integrated approach that takes care of security and privacy at the same time. For example, our Kaspersky Premium has a Private Browsing component that blocks most known online trackers and thus prevents your online activities from being monitored.

Our products also offer protection against online fraud and phishing, so rest assured that Kaspersky Premium will warn you in good time before landing on a dangerous site — even if the link was shortened. And, of course, the antivirus will guard against any attempts to infect your devices — including ones exploiting as-yet-unknown vulnerabilities.

#Privacy #security #threats #short #links

Authored by: Neil Tyagi  

Scam artists know no bounds—and that also applies to stealing your cryptocurrency. Crypto scams are like any other financial scam, except the scammers are after your crypto assets rather than your cash. 

Crypto scammers use many tactics in other financial crimes, such as pump-and-dump scams that lure investors to purchase an asset with fake claims about its value or outright attempts to steal digital assets. 

This time scammers were trying to get an investor to send a digital asset as a form of payment for a fraudulent transaction. 

It starts with a Tweet used as bait to lure innocent cryptocurrency investors into purchasing a non-existent token, related to a reputed company, SpaceX. 

The theme used here by scammers is the sale of the official cryptocurrency of SpaceX. In the above image we can also see the reach of the tweet is high. (224.4K views) 

 Protection with McAfee+:  

McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites. 

The link present in this tweet redirects to  space[-]launch[.]net, which is already marked as malicious by McAfee. 

A WHOIS search on the site reveals it is hosted on Cloudflare. Cloudflare has increasingly become the number one choice for scammers to host malicious websites and protect their assets. 

A WHOIS lookup on the domain reveals redacted personal information. No surprises there  

When we click on the link, it takes us to a login page and asks for SpaceX login credentials. This page was designed as a phishing page for people who have real SpaceX login credentials. 


For people who don’t have SpaceX credentials, they can use the signup link.  


After we log in, it redirects to a landing page where one can purchase the supposedly original cryptocurrency launched by SpaceX


As you can see, it impersonates as the official SpaceX portal for buying their token. It also has all the elements related to SpaceX and its branding. 

In the above picture, we can see that scammers are employing the social engineering trick of FOMO (Fear Of Missing Out) as they have created a timer showing that the fake tokens are only available for purchase for the next 10 hours. This also makes sure that the scam would end before all the online security vendors flag the site. 

Scammers also allow users to purchase fake tokens from about 22 cryptocurrencies, the prominent being Bitcoin, Ethereum, and USDT. 


Scammers even offer a bonus of fake SpaceX tokens if users are ready to purchase a minimum amount

Here we can find the BTC wallet address of the scammers and see the transactions related to these wallets. 

The crypto wallet addresses of scammers for the following currencies are.  

  • BTC bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee 
  • USDT 398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 
  • ETH 16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 

Looking at transactions related to these addresses, we find people have become victims of this scam by sending payments to these wallets. The Bitcoin wallet above has gathered around 2,780 US dollars. You can also see three of the last transactions made to the account. 

Similarly, for Ethereum, the scammers have gathered around 1,450 US dollars 

We observed two popular cryptocurrencies, but scammers are using about 22 different crypto wallets.  

Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. Also, stay informed by researching and reading about recent phishing incidents and security best practices. 

IOC (Indicator of Compromise)  

Domain  Crypto Type  Wallet address 
space[-]launch[.]net  BTC  bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee 
space[-]launch[.]net  USDT  398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 
space[-]launch[.]net  ETH  16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 
space[-]launch[.]net  XRP  rnmj4xsaaEaGvFbrsg3wCR6Hp2ZvgjMizF 
space[-]launch[.]net  DASH  XxD3tJ7RA81mZffKFiycASMiDsUdqjLFD1 
space[-]launch[.]net  BCH  qr45csehwfm5uu9xu4mqpptsvde46t8ztqkzjlww68 
space[-]launch[.]net  USDC  0x398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 




#Crypto #Scam #SpaceX #Tokens #Sale

Instead of getting you out of a jam, tech support scams get you into one. And they can get costly.

Tech support scammers had a banner year in 2022. They raked in more than $800 million in the U.S. alone, according to the FBI’s list of reported cases. The actual figure climbs higher when you factor in all the unreported cases. And it goes yet higher still when you consider all the victims worldwide.

In all, tech support scams make up a multi-billion-dollar industry.

They make their money several ways. Sometimes the scammers who run them charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis, but access your computer to steal information instead. Or they could hit you with several of the above.

You can stumble across these scams on your own as you go about your day online. Other times, they find you, such as when the scammer calls you directly.

One of our employees shared his story when a tech support scammer called his wife out of the blue:

I was messing around on my computer before dinner. My wife came in with a strange look on her face as she told the person on the phone, “I think you might want to talk to my husband about that.” Once on the phone I was greeted with, “Hi, this is Rick from Windows support and we’re calling because your computer is sending junk files to the internet.” I knew there was no way he was from “Windows support” since a reputable company isn’t going to call me up out of the blue like this, but as a security researcher I was curious, so I jumped right in.

“Rick” said that to fix my issue he needed me to install a free remote access tool and give him access to my system. Letting an unknown person access my actual computer seemed like a bad idea, so I let him log on to a “virtual machine” that I use for security testing. The first thing he did was turn off my security software, including the antivirus and firewall. After doing that, he downloaded a file that he tried to install. Since I had additional security software in place he wasn’t aware of, the installation failed each time he tried to run it. At this point, I had the file he was trying to install, the IP address he was connecting from, and the site he used to get the malicious file. I told “Rick” that I work for a security company and would like to know what he was actually looking for. I’m fairly certain he hung up before I completed my sentence.

Sure enough, after the call, a malware scan confirmed that “Rick” wanted to install a remote access tool (RAT) that would have given him full control of the computer.

That’s one example of how these scams go. They get costly too. The FBI further reported that the average loss for a tech support scam approached $25,000. In some cases, pop-up “security alert” ads spearheaded scams that cost people $200,000 and upwards to $1 million.

Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.

What do tech support scams look like?

Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.

First, there are the scams that track you down.

This might be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they might reach you by way of a pop-up ad. Again telling you that your computer or device needs urgent repairs. These can find you a few different ways:

  • By clicking on links from unsolicited emails.
  • From pop-up ads from risky sites.
  • Via pop-ups from otherwise legitimate sites that have had malicious ads injected.
  • By way of spammy phone calls made directly to you, whether by robocall or a live operator.

Second, there are the scams that lie in wait.

These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads on social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:

  • Online classified ads, forum posts, and blog sites.
  • Ads on Social media sites such as Facebook, Reddit, YouTube, and Tumblr.
  • Search results—scammers place paid search ads too!

How to spot and avoid tech support scams

  • With regards to ads and search results, keep an eye open for typos, awkward language, or poor design and logos that look like they could be a knockoff of a trusted brand. Check our top tips to spot tech support scams of what these ads and search results look like.
  • Don’t fall for the call. If someone calls you with an offer of “tech support.” Chances are, it’s a scam. And if they ask for payment in gift cards or cryptocurrency like bitcoin, it’s absolutely a scam. Just hang up.
  • Note that big tech companies like Apple and Microsoft won’t call you with offers of tech support or an alert that “something is wrong with your computer.” Such calls come from imposters. Moreover, in many cases, the company will offer free support as part of your purchase or subscription that you can get on your own when you need it. (For example, that’s the case with our products.)
  • Don’t click or tap on any links or call any numbers that suddenly appear on your screen and warn you of a computer problem. Again, this is a likely sign of an attempted scam. Often, this will happen while browsing. Simply close your browser and open a fresh browser window to clear the ad or link.
  • Go to the source. Contact the company directly for support, manually type their address into your browser, or call the number that came with the packaging or purchase. Don’t search. This will help you avoid imposters that clog up search results with bogus ads.
  • Protect your browsing. Use a web protection extension that can spot malicious sites and help prevent you from clicking on them by mistake. Comprehensive online protection software will offer protection for your browsing, in addition to protection from malware and viruses.
  • Remove your personal info from data broker sites. How did that scammer get your phone number in the first place? Scammers often purchase personal information in bulk from data broker sites, which can include your phone number. Our Personal Data Cleanup can help you remove your information from some of the riskiest data broker sites out there.

Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download on your own, get it from the company’s official website. Stay away from third-party sites that might host malware.

What to do if you think you’ve been scammed:

  1. Change your passwords. This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier.
  2. Run a malware and virus scan right away. Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well by gaining access to one device on your network.
  3. Stop payment. Contact your bank, credit card company, or online payment platform to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services don’t.)
  4. Report the scam. In the U.S., you can contact the Federal Trade Commission, which reports the claim to thousands of law enforcement agencies. While they can’t resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?”
Introducing McAfee+

Identity theft protection and privacy for your digital life

#Lookout #Scam #Tech #Support #Calls

There are lots of websites with tempting offers of quick and easy money working from home. But in reality, they’re likely to be from scammers looking to get gullible users to work for them for free and advertise their “business.” This post demonstrates the operation principle of several such schemes and gives tips on how to avoid falling victim to them.

Many scams in one

Who wouldn’t want to earn money for doing regular online stuff: taking surveys, watching videos, playing games and other simple tasks? That’s how scammers lure victims to one of the sites.

Home page of a scam website offering part-time work doing regular online activities

The home page of the “platform” is overflowing with offers of easy-earning jobs. Scammers promise new recruits a whopping US$200 a day. Plus a US$25 signing-up bonus!

Of course, there are numerous reviews from grateful “users” who have already become rich. But if you bother to read them, you’ll spot a lot of grammatical mistakes.

Reviews from “users” who supposedly struck gold

To earn money on the “platform”, you are asked to complete various tasks, such as testing apps, playing games, sharing a link to the site with friends, and the like.

Tasks you get paid for

In fact, all these “tasks” are just links to other scam resources. By visiting them, users create traffic to cybercriminals’ sites. This improves their position in search results. And also, cybercriminals may have their own footfall KPIs (key performance indicators).

When the victim tries to get their “money” (the home page promises that this can be done through popular services like Cash App, Venmo, PayPal and others), they discover that they must first earn at least US$200.

Message saying you need to earn US$200 to withdraw funds

Sure, you won’t see any payout even if you do “earn” 200 bucks.

Nor can it be ruled out that the scammers’ domain won’t simply be blocked before user even try — such sites have very short lifespan. After getting blocked, the scammers will get another domain and launch the whole scheme again with new victims.

The scam itself is quite international. Besides English, the cybercriminals’ website is available in nine other languages. Although these versions look less professional.

Share it with the whole world

Now let’s talk about a similar site with a more primitive design, but with a different mechanism for making money from naive users.

The victims are offered two ways to earn. The first is to share the link and invite “referrals” to the website: you get US$1 for every 100 people. What’s more, the site supposedly lets you withdraw funds after accumulating just US$20. To earn this amount through inviting referrals, you need to attract 1500 users to the site (you get US$5 for signing-up).

Home page of a site that pays you to share its link

Sounds hard, but things aren’t all that bad, you have a chance to earn US$50 right away. But for this you’ll have to play the scammers’ game — by endlessly refreshing the page so that the two images match. They won’t of course.

Scammers’ game

When the victim goes to the site, they are immediately asked for permission to display browser notifications. Through these, the cybercriminals distribute ads for various other scams or relatively legit adult sites. That’s the main objective: to lure as many victims as possible who will give this permission.

And the image-matching game helps the scammers boost traffic to their own site and improve its search visibility.

How to avoid falling victim?

To avoid falling for online job scams:

  • Don’t believe promises of easy money.
  • Don’t enter payment information on dubious websites.
  • Read our post on how to spot scammers.
  • Use a robust security solution that will warn you before visiting suspicious sites and keep your money and data out of cybercriminals’ hands.

#Scam #websites #offering #jobs #Kaspersky #official #blog