Group Marketing Manager
Nancy Levin is the Group Marketing Manager for the Web Security Group at McAfee. She has over 15 years of experience in ...
In a recent McAfee Labs blog, Global Threat Response Team Manager, Samantha Swift, discusses how the McAfee SECURE™ trustmark has been increasingly falsified on sites as part of a “ransomware” campaign. According to Swift, infected machines will notify users with a localized graphic containing a police logo that their machine has been “locked” and can only be unlocked after a payment has been made via Ukash or a similar e-commerce payment system.
Here are some example screenshots of infected machines from Ireland and Germany (notice how the police logos differ based on the country in which the victim resides):
McAfee researchers have found that the McAfee SECURE trustmark has been misused more frequently not just as part of this campaign, but also on other malicious websites attempting to fool users into trusting the site as one verified by McAfee.
What can you do to ensure you’re visiting a McAfee SECURE site?
Any merchant that subscribes to the McAfee SECURE service has their site tested daily by McAfee for thousands of vulnerabilities, and it is only after the merchant’s site passes these tests that the merchant is eligible to display the McAfee SECURE trustmark on its site.
Here are some quick tips to help customers spot a fake trustmark, as well as info on what to do if they see one:
1. Real McAfee SECURE trustmarks are “live” and will show today’s date.
- Beware though: some scammers will go through the trouble of making daily updates to their fake seals.
2. Real McAfee SECURE trustmarks can be clicked and will take you to the subscribing merchant’s verification page
- Static trustmark images should be treated with caution and may indicate illegitimate use.
- Some scammers will have their fake seals link to www.mcafee.com, which may seem legitimate, but it’s not the way the McAfee SECURE service works.
3. Real McAfee SECURE verification pages will include the subscribing merchant’s name.
- Always make sure the company names match – a real McAfee SECURE trustmark will always click through to the proper verification page.
4. If you find a website with unauthorized use of the McAfee SECURE trustmark, help us and your fellow web users by reporting the illegitimate site.
We hope these tips will help you browse safely and avoid falling victim to ransomware campaigns. For more information on how McAfee can help your business, visit the McAfee SECURE website and follow us on Twitter @McAfeeSECURE for the latest on eCommerce news, events, and resources.