IT NEWS

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings.

The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers. Estimated losses are in the region of tens of millions of dollars over the past five years.

The group infected legitimate web shops with a malicious payload that would redirect visitors to web shops under their own control. While visiting such an affected web shop the visitor would be served fake product listings. When they clicked on the link for that item, hundreds of thousands of victims were redirected.

The fraudsters also made sure that their fake product listings contained metadata that put them near the top of search engine rankings for those items. SEO poisoning is a technique employed by cybercriminals to manipulate search engine results, making harmful websites or advertisements appear at the top of search results.

On the fake web shop, one of four targeted third-party payment processors collects credit card info and confirms a “purchase,” but the product never arrives.

The fraudsters used several established vulnerabilities to infect a wide variety of web shops.

For the users it’s not just the payment for an article they’ll never receive and the disappointment about not getting that sought-after article, but there is also the risk of providing cybercriminals with their payment card information.

The campaign has been disrupted for a large part due to the efforts of the researchers, but they warn that part of it is still active.

So, what can consumers do to stay safe?

Keep an eye on the website displayed in the address bar. Did the advertisement you clicked on take you to the expected web shop? And when the checkout process runs through a different web shop, this is another reason for alarm.

Be especially cautious when you are looking for hard-to-get items, because this is what the group specializes in.

If you are suspicious, it’s a good idea to try the input validation of the shipping information. The fraudsters do not care whether you fill out a real phone number or street address since they have no intention of shipping anything, so the validation process does not work. On a legitimate web shop this should work and warn visitors about invalid entries.

Malwarebytes’ web protection module and Browser Guard block the IP addresses in use by this group.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals.

The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing incoming and outgoing calls, allowing users to answer or reject calls, as well as initiate calls.

As you can imagine handing these options to a malicious app comes with some serious risks.

Last time FakeCall reared its head, BleepingComputer reported that the malware was being distributed as fake banking apps that impersonate large financial institutions, as well as being distributed in phishing emails. When the receiver clicked a link in the email they’d download an Application Package (APK file) which acted as a dropper for the malicious app.

Likely without realizing, when the user gives the app permission to set it as the default call handler, the malware gains permission to intercept and manipulate both outgoing and incoming calls.

The FakeCall malware abuses this trust by hijacking the user’s call to a financial institution. To better understand how the attackers use this, you’ll need to know that FakeCall is a very versatile tool. It can also steal sensitive information from the infected devices which enables the cybercriminals to deploy targeted attacks against the owners of infected devices.

They will know which bank the target primarily uses and will send them offers that might be of interest to them, via in-app notifications or vishing (voice-phishing). The cybercriminals may, for example, offer a loan with a low interest rate and ask the target to call if they’re interested.

Regardless, whether the target uses the displayed phone number or tries to directly call the number of his bank, the call will get redirected to the criminals.

The FakeCall app is hard to detect since it uses several methods to evade detection, and it uses several names to mimic legitimate banking apps. This is where Malwarebytes for Android can help you, by identifying these apps and removing them.

Malwarebytes for Android detects FakeCall as Android/Trojan.Banker.Fakecall.

Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities.

The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is restart the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

This update is crucial as it addresses two major security vulnerabilities. Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor.

Technical details

One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. This vulnerability, tracked as CVE-2024-10487, can be used by cybercriminals as a drive-by download. That means that a victim’s device could be compromised just by visiting a malicious website or advertisement.

The vulnerability was found in Dawn, an open source and cross-platform implementation of the WebGPU-standard. WebGPU is a JavaScript Application Programming Interface (API) provided by a web browser that enables webpage scripts to use a device’s graphics processing unit (GPU).

In this case, the discovered vulnerability could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes.

The other vulnerability, tracked as CVE-2024-10488, was reported by researcher Cassidy Kim. That vulnerability in Chrome’s WebRTC (Web Real-Time Communication) component could lead to the execution of arbitrary code or cause a crash. It could be used for potential data theft or system crashes.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS.

Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as you can.

To check if you’re using the latest software version, go to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Technical details

Noteworthy are four vulnerabilities in Siri and another vulnerability in Accessibility which would allow an attacker with physical access to view sensitive user information. This may not seem very urgent at first, but if your device gets stolen then the thief can learn things about you which is far from ideal.

These are some of the vulnerabilities that jumped out at us.

CVE-2024-44274: a vulnerability in Accessibility that could allow an attacker with physical access to a locked device to view sensitive user information. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1 with improved authentication.

CVE-2024-44282: a vulnerability in Foundation where parsing a file could lead to disclosure of user information. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1 by improved input validation. Foundation serves as a fundamental framework that offers a base layer of functionality for Apple’s operating systems. Among others it’s responsible for file system access.

CVE-2024-40867: a vulnerability in iTunes caused by a custom URL scheme handling issue that could be used by an attacker to break out of Web Content sandbox. This issue is fixed in iOS 18.1 and iPadOS 18.1 by improved input validation. Breaking out of the Web Content sandbox allows a malicious website or attacker to potentially access sensitive data, control other parts of the system, and compromise the overall security of the device beyond the intended limitations of the web browser.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

With the holidays around the bend, many are looking for gifts for their family and friends. And since we somehow decided we want to give more each time, we’re also looking for good deals.

But European law enforcement agency Europol issued a warning about buying fake goods. Sure, they are cheaper, but they do come with a dark side.

According to Europol’s report titled “Uncovering the ecosystem of intellectual property crime, ”approximately 86 million fake items were seized in the European Union (EU) in 2022 alone, with an estimated total value exceeding EUR 2 billion (US$ 2.1 billion).

Not only does this ecosystem provide buyers with substandard goods, it also enables crimes like intellectual property (IP) crime, cybercrime, money laundering, and environmental crime.

Intellectual property is what drives innovation. Criminals don’t come up with new inventions, they just create cheap copies of popular items without regards for safety of the product, working conditions, or environmental regulations. The only thing counterfeiters are innovating are ways to exploit consumer demand for counterfeit and pirated goods.

The report states:

“The rise of social media, influencers and online commerce have changed consumers’ behavior, increasing their appetite for IP infringing goods or content, while having a low awareness of risks.”

Criminals fully abuse the social media platform algorithms that reach potential buyers using customized ads that speak to their personal interests and preferences. These are often removed after automated reviews.

So, there is another critical role in advertising counterfeit goods, which are influencers. Through their channels, influencers may direct customers to product listings on online stores that evade security protocols about counterfeit adverts.

By buying counterfeit goods you are also unwittingly enabling cybercriminals that are engaged in fraud, corruption, labor exploitation, environmental crime, money laundering, and cybercrime.

On the other hand, the risks of getting caught and the relatively low penalties make IP crime a low-risk, high-benefit criminal activity.

Consumers, however, are not always aware of the fact they are buying counterfeit goods. As sophisticated technologies are used to replicate holograms, logos, and packaging, unaware consumers are more likely than ever to be deceived, and recognizing counterfeit items has become a task that requires specific knowledge and an expert eye.

How to avoid counterfeit goods

Nonetheless, there are a few pointers to be given on how to avoid buying counterfeit goods.

• Where possible, buy from the brand’s own store. When that’s not an option look for authorized retailers. Many brands publish lists of authorized sellers on their websites. And some of the larger webstores use “Authenticity Guarantee” badges on their listings.
• When it comes to pricing, follow the old saying: “If it’s too good to be true, it probably is.”
• A legitimate webstore should have contact information, look professional, and specify consumer rights.
• Review advertisements on social media, influencer channels, and chat platforms with a little bit of extra caution.
• Look for consumer reviews. Interestingly, it could be a red flag if the reviews of the product and company are universally bad—or if there are no bad reviews at all.

If you’re not completely sure about the product or the website, at least make sure to use a secured payment page and preferably use your credit card, in case you need to recover your money.

If you have bought a counterfeit product:

• Stop and think before you use it, to consider whether it is safe to use. The materials used for production are likely to be sub-standard and could pose a risk to your health.
• Report it to the platform where you made the purchase and to the legitimate brand.
• Report it to the proper authorities.

Use Malwarebytes Browser Guard to block advertisements, scams, and trackers. It’s a free browser extension for Chrome, Firefox, Edge, and Safari. 

Last week on Malwarebytes Labs:

• 100 million US citizens officially impacted by Change Healthcare data breach
• Pinterest tracks users without consent, alleges complaint
• After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data
• LinkedIn bots and spear phishers target job seekers
• Upload a video selfie to get your Facebook or Instagram account back
• This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)
• Internet Archive attackers email support users: “Your data is now in the hands of some random guy”

Last week on ThreatDown:

• Why ransomware gangs want you to keep using that GPON router

Stay safe!

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

In April, we reported that a “substantial proportion” of Americans may have had their health and personal data stolen in the Change Healthcare breach. That was based on a report provided by the UnitedHealth Group after the February cyberattack on its subsidiary Change Healthcare.

The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health facilities.

UnitedHealth CEO Andrew Witty estimated the attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill on May 1, 2024 in Washington, DC.

He wasn’t exaggerating. Yesterday, Change Healthcare reported a number of 100,000,000 affected individuals on the breach portal of the US Department of Health and Human Services (HHS).

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules. OCR did this because of the cyberattack’s unprecedented impact on patient care and privacy.

On July 19, 2024, Change Healthcare filed a breach report with OCR that identified 500 individuals as the “approximate number of individuals affected.” This is the minimum number of individuals affected that results in a posting of a breach on the HHS Breach Portal, and it was perhaps cited because Change Healthcare still needed to determine the actual number of impacted users.

Acting Director of the Office for Civil Rights at the US Department of Health & Human Services Melanie Fontes Rainer said about 140 million people were affected by large breaches in 2023, up from 51 million in 2022. And 2024 looks even worse, she added:

“And this year, with both the Change breach and Ascension breach, we expect that number to potentially double or go higher.”

Affected people can visit a dedicated website at changecybersupport.com to get more information or call 1-866-262-5342 to set up free credit monitoring and identity theft protection.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

Pinterest has received a complaint from privacy watchdog noyb (None of your business) over the unsolicited tracking of its users.

Pinterest allows you to pin images to virtual pinboards; useful for interior design, recipe ideas, party inspiration, and much more. It started as a virtual replacement for paper catalogs to share recipes, but has since grown into a visual search and e-commerce platform.

With the growth came the advertisers, and what their goals with the platform were. And as we are all undoubtedly aware, targeted and especially personalized advertising is much more effective than regular advertising.

So, like many other social media platforms before it, Pinterest claimed to have a legitimate interest in using personal data without asking for consent.

The “legitimate interest” argument comes from one of the six lawful bases granted in the European Union’s (EU’s) General Data Protection Regulation (GDPR) which states that processing of personal data is allowed if it is:

“…necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.”

Social media platforms have a habit of claiming to need that ability for economic reasons, to improve their service, or to safeguard security of both users and the platform. But in every case I know of, the Court of Justice of the European Union (CJEU) has ruled against platforms using personal data without consent.

Pinterest users are not made aware of the fact that they can turn off “ads personalisation” under the “privacy and data” settings, according to the complaint. This setting is turned on by default, allowing Pinterest to use information from visited websites and from other third parties to show users personalized ads.

When a complainant filed an access request to find out what data Pinterest had about her, she received a copy of her data on the same day, but quickly realized that it didn’t include any information about the recipients of her data.

Two additional requests made her none the wiser about the categories of data that were shared with third parties, which means that Pinterest failed to adequately respond to the access request under Article 15(1)(c) of the GDPR.

Based on this, noyb has filed a complaint with the French data protection authority (CNIL). The grounds of that complaint are that Pinterest violated Article 6(1) GDPR by processing the complainant’s personal data for personalized advertising on the basis of legitimate interest, and violated Article 15(1)(c) GDPR by failing to provide access to the categories of data shared with third parties.

To turn off personalized ads on Pinterest:

• Log in to your Pinterest account
• Click the chevron-down icon at the top-right corner to open your menu
• Click Settings
• Select Privacy and data
• Adjust your personalization settings
• Click Save.

Pinterest reminds users that this setting does not apply to information about purchases you initiate on Pinterest. More information about this setting is available in Pinterest’s Help Center.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

Four tax preparation software companies failed to comply with government rules that require the sharing of tax-related info to be done only with specific disclosures and full tax-payer consent, according to an audit released by the Treasure Inspector General for Tax Administration (TIGTA) in the United States.

“According to Treasury Regulation § 301.7216-3, tax return information may not be used or disclosed except as specifically permitted or when the taxpayer provides consent.”

The Internal Revenue Service (IRS) partners with tax professionals and other entities that assist taxpayers in meeting their tax obligations. Before partnering with these professionals and entities, the IRS conducts suitability checks. But the IRS does not have awareness of the full scope of information that an online provider routinely collects, beyond what is filed with the IRS, or shared with third parties.

Further, the guidance for obtaining taxpayer consent to use or disclose taxpayer information does not specifically address the use of pixels, such as those used by Facebook and Google to track information on a website.

These pixels are basically a piece of code that website owners can place on their website. The pixel collects data that helps businesses track conversions from ads, optimize ads, build target audiences for future ads, and re-market to people that have already taken some kind of action on their website. That’s nice for the advertisers, but the combined information of all these pixels potentially provides the recipients with an almost complete portrait of your browsing behavior.

The audit was performed after TIGTA received a congressional letter raising concerns about the data sharing practices of online tax filing companies. This letter spoke of data sharing methods that used a pixel to capture an individual’s entries on the online tax filing companies’ website, which then sent data entered for the preparation of online tax returns to a third party to focus marketing and advertisement efforts to each user.

In other words, information that is highly regulated was collected and shared outside the rules of those regulations, which could have allowed for invasions of privacy.

TIGTA acknowledged that it shared similar concerns and that it was in the process of conducting a separate but related review.

TIGTA did not disclose the names of the four companies that were the subject of these investigations, but in a follow-up letter from 3 senators and a member of congress they mention TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions.

The review found that the audited companies’ consent statements did not comply with the requirements of Treasury Regulation § 301.7216. Specifically, the consent statements did not clearly identify the intended purpose of the disclosure and the specific recipient(s) of the tax return information.

Based on the results TIGTA advised the IRS to update their revenue procedure to include language that consent statements must identify the purpose of disclosure and specific recipient(s); evaluate whether any updates are needed to the guidance regarding data sharing practices, e.g., the use of pixels; and identify and implement potential solutions that will ensure that online providers comply with the regulatory requirements of taxpayer consent statements.

The IRS has taken actions to address the previously reported deficiencies with the suitability check processes and procedures for tax preparation companies. For example, the IRS:

• Updated procedures to ensure consistency with initial and continuous suitability checks.
• Established a consistent adjudication process for applicants with a criminal history.
• Modified procedures to systemically create cases requiring research and resolution for tax compliance issues.
• Modified procedures to accept only electronic fingerprint cards.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Microsoft’s social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It’s also a place where criminals go to find new potential victims.

Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags. Think “I was laid off”, “I’m #opentowork” and similar phrases that can wake up a swarm of bots hungry to scam someone new.

Bots are problematic as they not only create a poor user experience but also present real security risks. Perhaps even more insidious are customized phishing attempts, where fraudulent LinkedIn accounts directly reach out to their victim via the premium InMail feature. In this case, it’s all about harvesting personal information from targets of interest.

In this article, we review recent observations and provide tips for job seekers and users of the platform in general.

Hungry bots

Online bots are so common that they transcend every possible industry: advertising, music and concerts, social media, games, and more. There are even companies whose entire business model is to disrupt and contain bots. The impact of bots depends on which point of view you are taking, as it can range from simple nuisance, to opinion swaying, costly fraud, and a lot more in between.

We recently observed fake LinkedIn accounts that prey on those just laid off. Within minutes of a post, dozens of accounts start replying with links or requests to be added as a connection.

The use of certain hashtags was already known to attract bots, and the #opentowork one is no different. Ironically, even a recruiter was previously swamped with similar messages and questioned whether they might have to refrain from ever having to use the hashtag again:

The battle between HR and the bots was featured in a Brian Krebs article from a couple of years ago. While the accounts we saw in the most recent campaign were not labeled as recruiters directly, they often pointed to other profiles that were. In the majority of cases, scammers used the name of real people and their pictures to create new accounts.

It appears their primary goal may be to gain connections by pretending to help a job seeker. This may increase the supposed authenticity of their profile and make it harder to shut them down.

LinkedIn did take action sometime after we witnessed the original spam wave. Many of the accounts indeed disappeared and comments were removed. It’s unclear whether this was a result of user reports, LinkedIn’s own algorithms, or a combination of both.

Fine tuning anti-fraud algorithms requires constant calibration, and isn’t without casualties. Some content creators have been banned due to “false positives”, eroding the trust and dedication they put into the platform.

You’ve got InMail

While bots are annoying, they are usually so predictable and noisy that they can be spotted from miles away, especially when they duplicate their own comments on the same post. More dangerous are personalized requests that come directly into a user’s inbox.

It’s the same idea of a fake recruiter, but the profile looks more credible and scammers are using paid accounts. In fact, the ability to send a message to a user who’s not in your circle of contacts, is one of LinkedIn’s feature for going premium, called InMail.

In the image seen above, an alleged Amazon recruiter going by the name “Kay Poppe”, sent a direct message about a unique job opportunity at Amazon Web Services. The so-called recruiter’s profile picture looks to be AI-generated, and the name Kay Poppe vaguely reminds us of “K-pop”, the Korean pop music phenomenon. Perhaps this is a bit of a stretch, but we couldn’t help but think of North Korea’s relentless phishing attempts.

This was not a standard, copy-paste message but rather a carefully crafted one based on the victim’s job profile. The link shortener they used was related to their current position and was the hook to get them to visit a fake LinkedIn page showing a number of documents related to that role. None of the links to the documents actually load what they claim to be, instead they are meant to be a segway to a page hosting a phishing kit.

In this particular instance, this is the Rockstar2FA phishing-as-a-service toolkit used to harvest Google credentials. As more and more people are using two-factor authentication, criminals have come up with their own methods to bypass 2FA. While it is recommended to avoid SMS-based verification and instead use a one-time password (OTP) app, users can still get social engineered into entering the temporary code into a phishing page.

Stealing a Google account is usually only the first step in longer chain leading to a full compromise. Many people use their Google email as a recovery address for a number of other online accounts. This can allow a criminal to reset as many passwords as they can get their hands on before the victim even realizes what’s happened. It’s also not unusual to get locked out of your account and then struggle to regain control of it.

Fish in a larger pod

Scammers are notorious for targeting the vulnerable, and one could say that after losing a job you probably feel this way. All too eager to regain employment, you may jump at the first opportunity and engage in a conversation that could end badly.

Many of the bots spamming via comments tie back to some kind of fraud such as the advance-fee scam where you need to pay an up-front fee in order to receive goods or services. Some job offers are also too good to be true, and you could unknowingly participate in illegal activities by helping to funnel and launder money.

The more targeted phishing attempts are dangerous not only for the individual in question but also for the company they work for. This may be the case if you are not actively looking for a new job, and as such compromising you could in turn have further consequences, such as getting an entry point into an entire organization.

Whether you are looking for a job or already have one, you should expect to get contacted by some unknown third-party at some point. Treat every such inquiry with suspicion and caution. Remember that on the internet, not everyone is who they pretend to be.

Also, consider passkeys, a newer form of authentication that was specifically designed to move away from passwords and be less prone to phishing attacks. They rely on a private-public key exchange between a device and the service’s login page removing the need to enter passwords or codes.

If you ever fall victim to a scam, time is of the essence. Immediately:

• be on the lookout for unusual account changes
• proactively do a full password sweep
• reach out to your bank and credit card company
• inform your contacts who may receive fraudulent messages coming from you

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.