Vanquishing aliens, building virtual amusement parks, mashing buttons in online battles royale. For some, playing video games is a way to unwind from the day and momentarily journey to new worlds. Others game because they love the competition or enjoy participating in the online community around their favorite game.
But just like other online realms, gaming isn’t free of cybercriminals. Cybercriminals take advantage of highly trafficked online gaming portals to make a profit on the dark web.
The next time you log on to your virtual world of choice, level up your gaming security to protect your device and your personally identifiable information (PII).
Why Do Cybercriminals Target Gamers?
Gaming companies host a trove of valuable information. Gamers trust these platforms with their payment information, personal details, passwords, and with the safety of their gaming characters on which they spend thousands of hours and hundreds of dollars upgrading.
Cybercriminals also target gamers through malware disguised as an advantage. Cheat software for online games is common as players strive to be the best among their opponents. For instance, a malware scam targeted players seeking an advantage for “Call of Duty: Warzone.” The malware creators advertised the “cheat software” on YouTube with instructions on how to download it. The video received thousands of views and hundreds of comments, which made it look legitimate.
One of the steps in installing the “cheat software” was that users had to disable antivirus programs and firewalls. Users let the cybercriminals walk right into their device! From there, an aggressive type of fileless malware called a dropper infected the device. A dropper doesn’t download a malicious file; rather, it creates a direct pathway to deliver an additional payload, such as credential-stealing malware.1
5 Gamer Security Tips
Competitive gaming is, well, competitive. So, if you invest a lot of real money into your characters, be especially vigilant and follow these five important tips to protect your online accounts.
1. Do not reveal personal information
It’s common for gamers to use variations of their real names and birthdates in their public-facing usernames. Doing this could reveal personal information that you’d rather keep private. Consider using a nickname or a combination of random numbers instead. Along this same vein, don’t reveal personal details about yourself (phone number, hometown, places you visit regularly, etc.) on chats or streams. Lurking cybercriminals can gather these personal details to impersonate you.
2. Edit your privacy settings
On some online PC games, you can join campaigns with gamers from all over the world. While the interconnectivity is great, carefully vet who you allow to follow your online profile. If a stranger sends a friend request out of the blue, be on alert. They could have nefarious motives, such as phishing for valuable data. It’s best to customize your privacy settings to make your profile invisible to strangers.
3. Don’t pirate games or download cheat software
Developers spend a lot of time creating amazing games, so make sure you purchase games legally and play them as they are intended. Research revealed that cracked versions – or unauthorized versions – of popular games sometimes hid ChromeLoader malware, which has the ability to steal credentials stored in internet browsers. Cracked versions of Call of Duty, Elden Ring, Dark Souls 3, Red Dead Redemption 2, and Roblox were found to be harboring malware.2
Be especially wary of free downloads and cheat software. Instead, go for a challenge and have fun with the game as it’s written.
4. Log in with a VPN
A virtual private network (VPN) scrambles your online data traffic, foiling nosy digital eavesdroppers you may encounter while online gaming. A VPN makes it nearly impossible for anyone to access your IP address or spy on your online browsing.
5. Protect your device with antivirus software
Antivirus software can make your online gaming experience more secure. McAfee antivirus software, which is included in McAfee+, provides real-time threat protection, which means your devices are covered with 24/7 protection from ever-evolving malware and online threats.
1Ars Technica, “Malicious cheats for Call of Duty: Warzone are circulating online”
2TechRadar, “Be very careful when downloading these games online – they could be malware”
Introducing McAfee+
Identity theft protection and privacy for your digital life
The new Avast Cybersecurity Basics Training Quiz provides training on Data Security, Identity Management, and Social Media Security
Did you know that 65% of adults in the US wish they know more about how to spot or avoid phishing scams*? Education and training are crucial components for SMBs to have a solid cybersecurity defense, especially for employees. Helping safeguard SMBs’ data, devices, and their people
The dark web. The name raises all kinds of questions. What is the dark web, really? Where is it? Can anyone hop on it?
Answering these questions can help you stay safer online.
The story of the dark web is a complicated one. It’s a small and highly anonymous layer of the internet. As a result, it has a reputation for harboring criminal activity. We often mention the dark web in our blogs, typically when the conversation turns to identity theft, data breaches, and stolen personal information. Rightfully so. Plenty of cybercrime can get traced right back to the dark web.
Yet cybercriminals didn’t create the dark web. And they’re far from the only people who use it. News outlets like the BBC and the New York Times have a presence there, as does the U.S. Central Intelligence Agency (CIA). Journalists, activists, and everyday citizens use it as well, often to work around oppressive censorship. Even Facebook is there, providing people access to the social media site in regions where it’s blocked.
Anonymity reigns on the dark web. It was designed to work that way. With that, it’s home to a mixed bag of activity, legitimate and illicit alike. Yet that anonymity doesn’t stop us from putting a face onto the dark web—from understanding what it is, where it is, and what transpires there.
That starts with a look at the internet and the two primary layers that make it up.
The layers of the internet: The surface web and the deep web
If you visualize the internet as an ocean, you’ll find it populated with websites and collections of data at all depths. Yet, the typical internet user only has access to the first few feet, a layer of the internet known as the surface web.
The sights you’ll see within the surface web will look familiar. It’s all the blogs, shops, social media sites, and so on that you visit regularly. And it’s easy to get to. You only need to fire up your browser and go. All the sites are public facing. With a quick search, you can find them.
In all, the surface web contains any destination you can reach through search. To put it more precisely, the surface web accounts for areas of the internet that search engines can “crawl” and index for search. Estimates vary, yet the surface web accounts for roughly 4 to 5% of the internet.
Now, enter the deep web, the next 95% of the internet that is not searchable. Yet, that’s not to say that you don’t travel down into its depths from time to time. In fact, you likely do it daily. Any time you go through a paywall or use a password to access internet content, you’re entering the deep web. The content found there is hidden from search. Examples include logging into your bank account, accessing medical records through your healthcare provider, or using corporate web pages as part of your workday. Even streaming a show can involve a trip to the deep web. None of that content is searchable.
As such, the overwhelming majority of activity within the deep web is legitimate. So while this layer of the internet runs deep, it isn’t necessarily dark. The dark web is something altogether different.
What is the dark web?
The dark web lives within the deep web. Like the other depths of the deep web, it’s not searchable. The people behind the websites and data collections on the dark web intentionally keep them hidden from search. And the reasons vary. Some of them are entirely legitimate, others questionable, and several are outright illegal in nature.
Its origins go back to the 1990s, when the U.S. Department of Defense developed the dark web as a means of anonymous and encrypted communications. That story might sound familiar. It’s quite like the origin story for the broader internet. That had its roots in the Department of Defense as well. So, just as the broader internet eventually became available to the public, so did the dark web as well.
Getting there requires a special browser because the protocols for the dark web differ from the surface web. Moreover, these browsers strip web traffic of identifiable information, encrypt it, and send it through a series of server jumps. The browsing traffic will appear to go through a server in one country, then a different server in another, and then another.
These steps make it highly difficult to identify the person using the browser. On the flip side, it makes it difficult to identify the people hosting the sites and services on the dark web as well.
Without question, privacy is everything on the dark web. For good and for bad.
Legitimate uses of the dark web
While the notion of the dark web typically gets raised in the context of cybercrime and other illegal activity, it has legitimate uses. Some of these use cases include:
Circumventing censorship
Well-regarded news outlets such as the BBC and Pro Publica maintain a presence on the dark web to ensure that anyone can access their reporting. This includes people in nations and regions where certain news sources are censored.
Private communication
For the particularly privacy-conscious, the dark web hosts several resources for encrypted communication. That includes email clients, internet chat, and even social media sites.
Whistleblowing
Anonymous tips are a part of national security, law enforcement, and journalism as well. The private nature of the dark web confers an additional degree of anonymity to tipsters.
The dark web isn’t a place everyday internet users will need, or even want, to go. It’s far more complicated than the surface web—and going in without taking several security measures can make the trip a risky one.
The dark web as a marketplace for cybercrime
This is where the rubber meets the road from an online protection standpoint. The dark web is also a marketplace for hackers and bad actors. In several ways—as a place to purchase and rent malware, a repository for stolen information, and a place to communicate and coordinate attacks.
For starters, the dark web is populated with dark marketplaces. And difficult-to-trace cryptocurrency is the coin of the realm. With dark web stores stocked with ready-made malware kits, bad actors can launch attacks with little need for technical expertise. Others have done the work for them.
Cybercrime groups of all sizes prop up these shops, which they also use to rent out other services for attacks. For example, a small-time bad actor could easily lease a botnet to wage an attack that slows a targeted website to a crawl. Some cybercrime groups will provide hackers who can run attacks on someone else’s behalf, creating a mercenary “hacker for hire” gig economy.
Likewise, information stolen from a data breach can end up in dark web marketplaces as well. The personal information posted in these marketplaces can range anywhere from emails and passwords to in-depth information like tax numbers, health information, and driver’s license numbers. Some of it goes up for sale. Some of it gets dumped there for free. With the right information in hand, cybercriminals can commit acts of identity theft. That includes claiming unemployment benefits and tax refunds in someone else’s name. In extreme cases, it can lead to bad actors can outright impersonate their victims, racking up debts and criminal records along the way.
Some hacking groups sell hacked accounts outright. For a couple hundred dollars, they offer up login and password information for bank accounts that have a couple thousand dollars in them. Also available, pre-hacked email, social media, and online payment accounts. If it’s hackable and has value, it’s likely for sale on the dark web.
Protect yourself from hackers and bad actors on the dark web
With all this shady activity on the dark web, you might wonder how you can protect yourself. In fact, you can take several steps to help prevent your information from finding its way there. And you also can take other steps if your information unfortunately does end up on the dark web.
Installing online protection software is the first step. Online protection software can help prevent many of the attacks bad actors can purchase on the dark web. It protects against ransomware, adware, spyware, and all manner of malware, whether it’s pre-existing or entirely new.
Yet today’s online protection goes far beyond antivirus. Comprehensive protection like ours protects your privacy and identity as well. It can monitor your identity and credit, create strong passwords, and clean up your personal information online.
Monitor your identity:
An identity monitoring service can actively scan the dark web for personal info like your date of birth, email addresses, credit card numbers, personal identification numbers, and much more. In the event you fall victim to identity theft, our identity theft coverage and restoration can provide up to $1 million in coverage to cover the costs. Plus, it provides the services of a recovery expert with limited power of attorney to help you repair the damage done.
Keep an eye on your credit:
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That might indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud. Moreover, they have customer support teams that can help you file a claim if needed.
Given all the accounts you likely have a credit monitoring service can help. McAfee’s credit monitoring service can help you keep an eye on changes to your credit score, report, and accounts with timely notifications and provide guidance so you can take action to tackle identity theft.
Create and maintain strong, unique passwords:
With the high number of accounts you need to protect, creating strong, unique passwords for each one can get time consuming. Further, updating them regularly can become a time-consuming task. That’s where a password manager comes in.
A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They will not be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.
Close old, risky accounts:
The more online accounts you keep, the greater the exposure you have to data breaches. Each account will have varying degrees of personal and financial information linked to it. And that means each one carries a varying degree of risk if it gets breached. Moreover, some sites and services protect data better than others, which adds another dimension of risk. Closing old and particularly risky accounts can decrease the risk of your personal and financial information winding up in the hands of an identity thief.
With security and savings in mind, McAfee created Online Account Cleanup. It finds and requests the deletion of unused accounts and protects your personal data from data breaches as a result. Monthly scans across your online accounts show a risk level for each account and help you decide which ones to delete.
Use two-factor authentication:
Two-factor authentication is an extra layer of defense on top of your username and password. It adds a one-time-use code to access your login procedure, typically sent to your smartphone by text or call. Together, that makes it tougher for a crook to hack your account if they get hold of your username and password. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
Protect yourself from cybercriminals on the dark web
The “dark” in the dark web stands for anonymity. And with anonymity, all kinds of activity follow. Good and bad.
From a security standpoint, the dark web is a haven for all manner of cybercriminals. Understanding how they use the dark web can help you protect yourself from their activities. You have tools for prevention, and you have resources available if your information ends up there or leads to identity theft.
By putting a face on the dark web, you put a face on cybercrime and can help reduce the risk of it happening to you.
Introducing McAfee+
Identity theft protection and privacy for your digital life
Who else loves tax season besides accountants? Scammers.
It’s high time of year for online risks here in the U.S. with the onset of tax season, where scammers unleash all manner of scams aimed at taxpayers. The complexity, and even uncertainty, of filing a proper tax return can stir up anxieties like, Have I filed correctly, Did I claim the right deductions, Will I get audited, and Will I get stung with a tax penalty are just a few—and these are the very same anxieties that criminals use as the cornerstone of their attacks.
Yet like so many scams, tax scams give off telltale signs that they’re indeed not on the up-and-up. You have ways you can spot one before you get caught up in one.
Scammers prey on the uncertainty of tax season
In all, we’ve learned to watch our step with the Internal Revenue Service (IRS), so much so that receiving a notification from the IRS can feel like an unwanted surprise. Uh oh, did I do something wrong? However, in reality, less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if addressed promptly.
Still, that wariness of the IRS makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include email phishing attacks, phone calls from crooks posing as IRS agents, texts claiming there’s a problem with our tax software, and even robocalls that threaten jail time for unpaid back taxes. What’s more, fraudsters can take things a step further by committing identity theft and then filing tax claims in other people’s names.
With that, let’s dig into a list of the top scams wind up on our screens and phones during tax time.
Tax scams to look out for
This IRS Dirty Dozen: Top tax-season scams
Straight from the authority itself, the IRS publishes its Dirty Dozen, an annual list of the top tax season scams. Year-over-year, many of the same scams make the list, yet new ones continue to crop up as scammers try to take advantage of current events. A couple recent examples include email phishing scams centered around Employee Retention Credits, pandemic relief checks, and federal stimulus checks. Additionally, the IRS has warned filers about disinformation that circulates on social media, such as bogus advice that urges filers to alter their W-2 figures for a better refund. With new scams entering the mix every tax season, the Dirty Dozen offers plenty of good advice that can help you steer clear of scams.
Robocalls and other phone scams
We all know the annoyance of spammy phone calls, whether they’re for phony car warranties, tech support services, or debt collection agencies. During this time of year, you can add phony IRS agents and financial service providers to the list.
The stories that scammers will tell will vary, but they often share common themes:
The IRS wants to provide you with a refund, yet they need your personal and financial account information before they will pay you.
You owe back taxes! Pay the IRS now with a money order or gift cards, otherwise you’re subject to immediate arrest!
A financial services company offers to file your taxes on your behalf, all you need to do is provide them with your tax ID or Social Security number—along with other personal and financial information.
Another thing they have in common: they each outright ask for money, personal information, and sometimes a combination of both. All of which is an indication of a scam.
For the record, per the IRS, it does not:
Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card, or wire transfer.
Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe. You should also be advised of your rights as a taxpayer.
Threaten to bring in local police, immigration officers, or other law-enforcement to have you arrested for not paying.
Also per the IRS, they cannot revoke your driver’s license, business licenses, or immigration status. As noted above, scammers will often weave these threats into their stories. Those threats are entirely empty.
What will the IRS do? Generally, the IRS will first mail a notice to any taxpayer who owes taxes. In some instances, IRS collection employees may make an unannounced visit to your home and properly identify themselves with IRS-issued credentials and an federal ID card. In all cases, the revenue officer will only request required payments by cash, check, certified funds, or money order payable to “United States Treasury.”
As for scam calls that pose as financial services companies or tax preparers, ignore them. If you’re planning to work with a tax pro, do your research and work with a legitimate, accredited individual or organization. The IRS has a great resource that can get you started on your search with its “Directory of Federal Tax Return Preparers.” There you can get a list of qualified tax preparers that are verified by the IRS, which you can narrow down based on their accreditations and distance from your zip code.
Messages by text or social media
One way you can be sure that someone other than the IRS has reached you is if they contact you by text, messaging app, or social media. The IRS will not contact you in any of these ways. Ignore any such messages, and if your app or platform allows you to report messages or accounts as spam, do so. You can often do it with a simple click or tap.
Another increasingly popular scam on phones is the bogus account alert. The scammer may send a message that says Your account is on hold, or something like We’ve detected unusual activity. During most of the year, scammers will use these messages to pose as online payment platforms, banks, credit card companies, online stores, and streaming services.
Now during tax season, they’ll masquerade as IRS agents or popular tax software companies. Even though the names change, the game remains the same. The text or message will serve up a link so you can “correct the situation,” one that leads to a site that could steal your personal information or otherwise trick you into installing malware on your phone.
As always, don’t click these links. Report them if you can.
Phishing emails
Phishing emails pull many of the same tricks that calls, texts, and direct messages do—you’ll simply find them in your inbox instead. The same rules for avoiding other IRS scams apply here. First, note that the IRS will never initiate contact with you via email. Nor will they send you emails about your tax refund or any other sensitive information.
In the past, the IRS has reported that phishing emails often send their victims to lookalike IRS sites that can appear quite convincing. There, victims either receive a prompt to enter their personal and financial information or to download a file that’s laden with malware. Other emails may include attachments, which may be loaded with malware as well.
Delete any such emails you receive. And if you have any concerns, contact your tax professional or the IRS directly. Also, the IRS asks people who receive scam emails to notify them at phishing@irs.gov. This helps the IRS track and prosecute scammers.
Identity theft and stolen refunds
Imagine filing your return only to find out it’s already been filed.
A far more serious form of tax-related crime is identity theft, where a scammer uses the victim’s personal information and Social Security number to file a return in the victim’s name—and claim the refund. One particularly painful aspect of identity theft and taxes is that victims often find out only after it occurs or when it’s well underway. For example:
You can’t file a return because a duplicate Social Security number has already filed one.
You receive correspondence from the IRS asking a question about a return that you did not file, that you owe additional tax, have had a refund offset, or that you have collections actions against you for a return you did not file.
You get a notice that an IRS online account has been created in your name, or that your existing account has been accessed or disabled by someone other than you.
Other signs are related to employment, such as getting assigned an Employer Identification Number even though you didn’t request one, discovering that the IRS shows you received income from an employer you didn’t work for, or finding out that someone has claimed unemployment benefits in your name. Once again, both are signs of full-on identity theft where someone has assumed your identity.
The IRS states that you should always respond to any IRS notice, particularly if you believe it is in error. If you’ve already contacted the IRS about an identity theft issue, you can reach them at 800-908-4490 for further assistance.
Understand that if this form of identity theft occurs to you, it’s highly likely that the scammer has your Social Security number. Report that right away at https://www.ssa.gov/number-card/report-stolen-number if you think your number is being used by someone else.
Your Social Security number ranks at the very top of your most valuable personal information. It unlocks everything from driver’s licenses, photo identification, employment, insurance claims, and of course taxes. Act immediately if you think it’s been compromised.
Six ways you can protect yourself from tax fraud
1) File your tax return A.S.A.P.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. As mentioned, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
2) Get an IRS PIN.
Another way you can help prevent someone from filing a return in your name is to request a six-digit Identity Protection PIN (IP PIN). Once you receive am IP PIN, the IRS will use it to verify your identity when you file by paper or electronically. It’s good for one calendar year, and you can generate a new one each year for your account. You can request an IP PIN at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Also be aware that scammers want your IP PIN as well. Phone calls, emails, or texts asking for it are scams. Outside of including it when filing your return, the IRS will never ask for it. If you are working with a tax professional, only provide it when it comes time to file.
3) Monitor your credit and identity.
Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
4) Get identity theft protection.
If you fall victim to identity theft, having identity theft protection in place can provide significant relief, both financially and in terms of recovery. Our identity theft coverage & restoration support includes $1 million in funds if it’s determined that you’re a victim, which covers lawyer’s fees, travel expenses, and stolen funds reimbursement—while licensed recovery experts can help you repair your credit and identity. Considering the potential costs in both time and money, identity theft protection can speed and ease recovery.
5) Remove your personal information from sketchy data broker sites.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams.
You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. We also provide guidance on how you can remove your data from those sites and, with select plans, even manage the removal for you—while continuing to scan those sites in case your information reappears.
6) Further protect yourself from online scams with online protection software.
Comprehensive online protection software can help you on a number of counts. It warns you of suspicious links in emails and texts that could send you to malicious sites. It can further protect you from ransomware attacks, which IRS has also listed among its Dirty Dozen. And you can use it to monitor all your transactions across all your financial accounts in one place, which can spot any questionable activity. In all, tax time or otherwise, online protection software is always a strong security move.
Stay Updated
A little stress and uncertainty can enter the picture during tax season, and scammers know it. In fact, they prey upon it. They concoct their scams around those feelings, hoping that you’ll take the bait and act quickly without taking the time to scrutinize what they’re saying and what they’re really asking you to do.
Keeping up to date on what the latest scams are, having a good sense of which ones get recycled every year, and putting protections in place can help you avoid getting stung by a scam at tax season.
For yet more information, visit the IRS Tax Scam and Consumer Alert site at: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
Introducing McAfee+
Identity theft protection and privacy for your digital life
