Latest news with #AbhishekKarnik
Business Wire
3 days ago
- Business Wire
New McAfee Report Finds Young Adults Fall for Travel Scams More Often Than Older Generations
SAN JOSE, Calif.--(BUSINESS WIRE)--Today, McAfee released its 2025 Safer Summer Travel Report, revealing that while U.S. travelers are cutting back on personal spending, hunting for deals to afford vacations, and researching scams before they book, many still struggle to spot online threats when they appear. As Americans cut costs to make summer getaways happen — with 58% reducing personal spending — cybercriminals are seizing the opportunity. From fake booking sites to AI-manipulated travel photos, today's scams are designed to blend in with legitimate deals and catch travelers off guard. While 65% of Americans say they research common travel scams before booking, 1 in 5 have fallen victim to a travel scam during the booking process. Among those who were scammed, 13% lost more than $500 and 5% lost over $1,000, turning a dream trip into an expensive mistake. Notably, men are more likely than women to lose money to travel scams (29% vs. 18%). Younger travelers fall victim to these scams at higher rates than other generations: 21% of 18–24-year-olds have clicked on fake confirmation links, and 10% of 25–34-year-olds have been misled by AI-altered travel images — the highest rates of any age group. "As Americans plan their summer getaways, cybercriminals are planning too, using increasingly sophisticated tactics to exploit travelers," said Abhishek Karnik, Head of Threat Research for McAfee. "With a significant number of people surveyed falling victim to travel scams, it's clear that staying vigilant is more important than ever. Scams are becoming harder to spot, from fake booking confirmations to AI-manipulated photos. Taking just a few extra seconds to verify a deal or website can be the difference between a great trip and a costly mistake." The Cost of Adventure With people cutting back on personal spending to prioritize vacation plans, it's no surprise that many are drawn to eye-catching travel deals. In fact, 38% are skipping meals out, 44% are passing on entertainment, and 25% are delaying home upgrades just to make room in the budget for a trip. But that desire to save can make people more vulnerable to scams — especially when a too-good-to-be-true deal on flights, hotels, or rentals pops up. Scammers know that when we're watching our wallets, we may be more likely to click first and ask questions later. That's also true around major events. This summer, 30% of Americans plan to travel to a major sporting event, where the excitement of the experience – and the urgency to score tickets, lodging, or airfare – can increase scam risk. Nearly 60% of those travelers say they're worried about getting tricked by fake ticket sales or other forms of online fraud. And with 42% of travelers searching for deals on accommodations, 36% on flights, and 35% on excursions, scammers have no shortage of opportunities. Add in the fact that 59% of Americans still trust third-party booking sites as much as booking directly, and it's clear why this season is a prime time for fraudsters to blend in – and cash in. Scammers target consumers with fake websites, fraudulent booking confirmations, and misleading photos, making it harder than ever to distinguish real from fake. In fact: 1 in 10 Americans has clicked on a scam confirmation link. Nearly 1 in 10 (8%) have entered payment details on a fake site. 5% have encountered manipulated images of a travel destination. 4% have been tricked into booking accommodation or trips that didn't exist. Whether it's a fake deposit, a stolen ID, or a QR code that leads to identity theft, scammers are finding new ways to exploit travelers. These findings are a reminder to stay vigilant when booking vacations and making payments online. A few simple precautions can help you stay safe from travel scams: Before You Travel: Watch for Scams – Phishing emails, text messages, and fake travel deals can lead to scammers accessing personal or financial information. Avoid clicking unknown links or sharing personal details. Check Rental Listings – Do a reverse image search to uncover fake listings. Scammers often use real property photos or AI-generated visuals. Always read reviews and book through trusted platforms. Use McAfee's Scam Detector – Scam Detector helps protect you from text, email, and video scams by automatically spotting risky links, detecting fraud across devices, and letting you run manual checks on suspicious messages, helping you know what's real before you click. While On Vacation: Verify Before You Trust — Scammers may pose as hotel staff or tour guides. Double-check identities before sharing information or valuables. Stay Secure Online — Public Wi-Fi can expose your data. Use a VPN to browse safely and keep your connection private. Carry a Backup Charger — A portable battery pack can be a lifesaver if your phone dies while you're out and about. It's a simple way to stay connected and avoid having to rely on public charging stations, where 'juice jacking' 1 is a possibility. Be Cautious with QR Codes — Fake QR codes can lead to scam websites. Use security software that flags suspicious links before you land on them. Think Before You Post — Sharing your location in real time can attract scammers — and even thieves. Broadcasting that you're away from home or out for the day may increase your risk of physical theft. It's safer to post updates after you return. For more information about how to better protect yourself online and learn about McAfee's products and services, visit Research Methodology A McAfee survey, which focused on the topic of travel scams and the impact of these scams on consumers, was conducted online in February 2025. 7,000+ adults in the US, UK, France, Germany, India, Japan, and Australia, age 18+, participated in the study. About McAfee McAfee Corp. is a global leader in online protection for consumers. Focused on safeguarding people in an always-online world, McAfee's solutions adapt to user needs, empowering individuals and families with secure, intuitive tools. For more information, visit 1
The Sun
12-05-2025
- Business
- The Sun
All PayPal users warned their banks risk being emptied instantly as experts reveal costly ‘one-click' account mistake
Sean Keach, Head of Technology and Science Published: Invalid Date, ANYONE with a PayPal account needs to watch out for a dastardly email that could empty your bank account in seconds. Security professionals have warned about a "dramatic spike" in the costly criminal scheme. Experts say scammers have "evolved their tactics", warning over a series of devastatingly effective scam emails that could turn up in your email inbox. These messages are highly convincing, look just like official PayPal messages, and raid your profile in just "one click". Security giant McAfee says it has tracked a "dramatic seven-fold increase" in this type of scam since January. And PayPal has become a "prime target for cybercriminals looking to steal personal information and money", McAfee's Abhishek Karnik explained. One of the main email types is headlined with "Action Required". This demands that you update your profile details urgently – usually within 48 hours – or your account risks being banned. It'll warn that PayPal has previously tried to contact you, and says you'll be locked out of your account if you don't reply. McAfee says that this particular scam campaign is focusing on email – rather than text or social media. Another kind of "real-world" scam that McAfee has seen is a promise of a reward. One email says you can bag a cash gift for completing a short survey. Deepfakes more 'sophisticated' and dangerous than ever as AI expert warns of six upgrades that let them trick your eyes In both cases, you click through – and then you're at the mercy of the crooks. There's no account problem or cash reward. Instead, you end up handing your log-in details to crooks when you sign in or fill in details. That can give criminals blanket access to your PayPal account, allowing them to steal your info and even funds. The security experts warned that there are four other types of PayPal scam email that might turn up, all with similarly costly outcomes. They include: Fake PayPayl gift card offers Phoney invoices for purchases Customer support scams (including billing issues) Fake payment requests or confirmations Thankfully it's easy to stay safe by following some simple rules. "Never click links in emails or texts claiming to be from PayPal," Karnik explained. TURN TWO-STEP VERIFICATION ON FOR PAYPAL Here's how to enable this important security feature... "PayPal's 2-step verification (two-factor authentication) gives you an extra layer of security when accessing your account," PayPal explains. "This process can only be done through your web browser and not through the PayPal App. "You can set up 2-step verification using an authenticator app (like Google authenticator and Microsoft authenticator)." Log in to PayPal, then choose the Settings option. Now go to Security > Set Up (next to 2-step Verification). Choose how to get a code – for instance, via an authenticator app. Then click Set It Up and follow the instructions. Picture Credit: PayPal 4 "Instead, open a new browser window and log in directly at or use the official PayPal app to check for notifications. "If you need to contact PayPal support, use only the official contact methods listed on their website." Karnik also added: "Legitimate companies don't typically threaten immediate account closure or demand urgent action within short timeframes like 28 hours." McAfee recommended that all PayPal users turn on two-factor authentication, meaning you'll need a code to log in to your account in addition to a password.
Forbes
04-05-2025
- Forbes
New PayPal Warning As Attacks Spike By 600% — Take Action Now
PayPal scams rise by 600% since the start of 2025. No doubt, you will have read the recent news articles about hackers trying to steal your Gmail account password, or maybe the spray and pray campaign targeting your Windows account, because cybercriminals follow the money. Both the Gmail and Windows user bases, which are often one and the same thing, provide the opportunity to compromise huge numbers of passwords and gain access to the data that sits behind them. What's more, those accounts can also be used to leverage social engineering attacks. And that, dear reader, is where the phishing and money parts of the story intersect: it has been reported that PayPal attacks have risen by 600% since January. Here's what you need to know and why you must take action now. Let's get two things out of the way before digging deeper into the recent spike in PayPal-related attacks. Firstly, PayPal hacks and scams are nothing new. From the use of legitimate PayPal emails in one nasty threat campaign that I wrote about in February, to the dangerous PayPal invoice that could bypass security protections in May. And, secondly, PayPal actually does take your security very seriously indeed. So, in relation to that last attack, for example, PayPal told me it is constantly evolving its fraud detection tools, including adding fraud reminder notices with advice for customers on all global invoice requests and peer-to-peer money requests. But, and it's a big one, that doesn't mean that the PayPal attack landscape isn't expanding or can be ignored. Far from it, in fact. A McAfee security report by Abhishek Karnik, McAfee's director for threat research and response, has confirmed a massive 600% spike in fraudulent PayPal-related scam emails since January. 'The recent surge has been traced to a single, highly effective campaign where attackers send official-looking emails with 'Action required' warnings,' Karnik warned, 'demanding users update their account details within 48 hours or face account suspension.' I have approached PayPal for a statement, but in the meantime, users are advised to take the following mitigation steps to prevent becoming a victim of this or other PayPal phishing scams: Do not pay any unexpected or suspicious invoices or payment requests. Do not respond to any of the above requests. Enable two-factor authentication for your PayPal account. Report any phishing emails to the PayPal security team by forwarding them to phishing@ and then deleting them.
Forbes
11-04-2025
- Business
- Forbes
How To Spot And Avoid AI-Powered Tax Scams
Scammers are using AI to impersonate the IRS—learn how to spot the fakes and protect your identity ... More before it's too late. Tax scams are nothing new, but in 2025, they're no longer the domain of clumsy phishing emails or suspicious phone calls with thick accents. Today's tax fraud campaigns are fueled by generative AI, deepfake audio, and smart social engineering that make scams nearly indistinguishable from legitimate IRS communications. The game has changed—and the stakes are higher than ever. As the April 15 filing deadline approaches, cybersecurity experts are seeing a spike in sophisticated tax-themed phishing campaigns designed to exploit anxiety and urgency. According to Abhishek Karnik, head of threat research at McAfee, 'Generative AI gives scammers the tools to create more realistic emails, texts, and even voice-based messages.' A recent McAfee survey found that nearly half of Americans (48%) have received fake IRS messages, and over half (55%) believe these scams are more convincing than ever before. Generative AI is now doing the heavy lifting for cybercriminals. As Truman Kain, a security researcher at Huntress, explained, 'Attackers can now clone the look and feel of an official IRS message with almost perfect accuracy.' Gone are the days of spelling errors and awkward phrasing. Today, an attacker can feed a prompt to an AI model and generate a convincing phishing email or even a voicemail in seconds—complete with personalized details. AI-generated voice messages are especially dangerous. Using deepfake audio, scammers can now sound like IRS agents or tax preparers, delivering threats or refund offers with chilling realism. Kain warns, 'Just because it looks like the IRS is calling doesn't mean that it is.' Phone numbers can be spoofed, and attackers are banking on the fact that victims won't pause to verify. Beyond email and voice, scammers are using increasingly deceptive methods to deliver malware and steal credentials. Chris Simpson, director of the National University Center for Cybersecurity, notes that malicious actors are now leveraging QR codes, URL shorteners, and infected PDFs to distribute malware strains like GuLoader, Latrodectus, and AHKBot. QR codes, in particular, are on the rise. 'They're harder to vet than regular links,' says Kain. 'You can't hover over them to see where they lead, and they move the interaction to your phone, where people are less cautious.' Similarly, PDFs may appear harmless, but are often loaded with phishing links that redirect to fake IRS portals or credential-harvesting pages. What makes these attacks so effective isn't just the tech—it's the manipulation. Scammers exploit fear, urgency, and authority to push victims into fast decisions. According to Karnik, one of the biggest red flags is urgency: 'If a message asks for personal information or payment right away, it's a red flag.' Simpson agrees, adding that the IRS will never request payment via gift cards, wire transfers, or cryptocurrency. Legitimate IRS communication almost always comes by physical mail, not email or social media. So what can individuals do to protect themselves? Start by layering defenses: And above all, never click on links or scan QR codes in unsolicited emails or texts. 'Go directly to the source,' advises Karnik. 'If you're unsure, type in the official URL yourself. Don't trust the message.' While tax season is peak time for these scams, the risks don't end when April passes. Stolen personal information is resold on dark web markets and reused for unemployment fraud, synthetic identity creation and other financial crimes throughout the year. 'Staying safe online all year long doesn't have to be complicated,' Karnik notes. Regularly checking financial accounts, setting up account alerts, and reviewing credit reports are simple steps that go a long way. AI has transformed the cybercrime landscape, arming scammers with tools that were once the domain of Hollywood. As these threats evolve, so too must our defenses. Cybersecurity is no longer optional—it's personal self-defense. With layered protections, skepticism and a commitment to verifying before trusting, individuals can stay one step ahead of the scam artists who want to turn their tax season into a payday.
