Login
The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.
To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.
As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.
Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:
Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.
Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.
Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.
Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.
Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.
Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.
Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.
Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.
All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts. Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.
Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.
Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:
Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.
Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).
Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.
Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.
Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.
Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.
Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.
Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.
Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.
Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.
Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.
Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.
The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .
The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can. The most recent data tells us that in 2017, eight million Americans worked from home at least some of the week — amounting to around 5% of US workers. However, the events of the past few weeks are driving what is being described in certain sectors as the biggest shift to home working since 9/11.
This will ensure that many companies can continue functioning while helping to achieve social distancing to minimise the spread of the virus. But there are challenges, particularly to smaller businesses who don’t have IT security teams to assist with the transition. Hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. There’s also a risk that workers are more distracted by current events when working at home, creating more opportunities for cyber-criminals to strike.
This isn’t just about hackers stealing your personal log-ins and information to sell on the dark web. In a home-working context, corporate data and systems may also be at risk. It takes just one unsecured remote worker to let the bad guys in. The damage they end up doing may be particularly difficult for employers to weather given the extreme economic pressures already on many firms.
With that in mind, therefore, let’s take a look at some of the major threats to home workers and their organizations, and what can be done to keep the hackers at bay.
Phishing messages are by far the number one threat to home workers. Cyber-criminals are using widespread awareness of COVID-19, and a desire for more information on the outbreak, to trick users into clicking on malicious links or opening booby-trapped attachments. Many are spoofed to appear as if sent by trusted organizations such as the US Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). They may claim to offer more information on the spread of the outbreak, tips on staying safe, and even provide details of how to get a non-existent vaccine online.
If you click through on a malicious link, the next stage of the attack could:
|
|
Brute forcing is another way for hackers to hijack your cloud accounts. They use previously breached username/password combos and run them through automation software to try them across billions of websites and apps. Because users reuse passwords across numerous accounts, the bad guys often get lucky and are able to unlock additional accounts in this way. Home workers using Microsoft Teams, Slack, Zoom and other cloud platforms for collaboration and productivity may be targeted.
Malicious smartphone apps are another threat to home workers. These may be disguised to trick the user into believing they’re downloading a COVID-19 tracker, for example. In reality, it could infect the device with ransomware, info-stealers, or other malware. That device could then spread the same malware to the corporate network, if it is connected to it via the home network.
Smart device threats are also a concern for home workers. More and more of us are investing in smart home devices. From voice assistants to smart speakers, connected refrigerators to smart TVs, it’s estimated that there’ll be as many as 128 million smart homes in the US by the end of this year. However, often these consumer-grade devices don’t have strong built-in protection. They may use weak, factory default passwords and/or contain multiple software vulnerabilities which are rarely patched by the manufacturer, if at all. The risk is that hackers could hijack one or more of these devices and use them as a stepping stone into the home and then corporate network – as we’ve demonstrated in previous research.
Friends and family could also introduce new cyber-threats, as they will also be confined largely to the home. That means they’ll be logging on to the home network with their own mobile devices, which may not be as well protected from threats as they should be. Once again, such threats could spread quickly from the home network to infect the enterprise network if it’s connected without adequate security controls. Another risk is of children using unsecured remote learning platforms, which may offer cybercriminals opportunities to hijack accounts, steal information and spread malware onto the network.
Home workers represent an attractive target in their own right. After all, personal information and log-ins (home banking, Netflix, webmail etc) can be easily sold for a profit on dark web marketplaces. However, organizations represent a much bigger, potentially more lucrative pay day for cyber-criminals. While corporate PCs and networks might be fairly well secured, the rush to support home working may have left gaps the bad guys are keen to exploit.
By first compromising the home worker, and then pivoting through unsecured channels to the corporate network, hackers could spread ransomware, steal sensitive company IPs, infect work networks with crypto-mining malware, or steal large volumes of customer data. They may also look to hijack employees’ corporate email or other accounts as the first part of a multi-stage information-stealing attack. There have even been new warnings of Business Email Compromise (BEC) attacks in which employees (usually those working in the finance department) are contacted by someone posing as a senior exec and ordered to wire business funds to a new bank account.
With so many techniques at their disposal, it’s easy to imagine that the bad guys have the upper hand. But by putting a few best practices in place, there are things businesses and employees can do today to reduce home working security risks.
Consider the following:
|
|
We don’t know how long COVID-19 will last. But by adapting to the new reality as quickly as possible, businesses and their home workers can at least close down any security gaps, enabling them to be as productive as possible — while most importantly, staying safe and healthy.
The post COVID-19: How Do I Work from Home Securely? appeared first on .
The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.
Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.
The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.
Protect your smart home and router
Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:
|
|
Secure your home office
Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:
|
|
Stay safe from phishing
Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:
|
|
Use video conferencing safely
New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:
|
|
Stay safe shopping and banking
Next, protect your financial information and stay safe from e-commerce fraud by doing the following:
|
|
Think about online safety for kids
They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:
|
|
Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by
|
|
When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:
Trend Micro Home Network Security
Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution
|
|
Trend Micro Security (PC and Mac)
Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:
|
|
Trend Micro Mobile Security:
Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.
|
|
Additional Trend Micro Tools:
Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides
|
|
Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .
Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.
To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.
In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.
This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include
|
|
Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:
|
|
This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.
Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.
There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.
It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.
|
|
So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”
Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .
Coronavirus has caused a major shift to our working patterns. In many cases these will long outlast the pandemic. But working from home has its own risks. One is that you may invite ransomware attacks from a new breed of cyber-criminal who has previously confined his efforts to directly targeting the corporate network. Why? Because as a remote worker, you’re increasingly viewed as a soft target—the open doorway to extorting money from your employer.
So how does ransomware land up on your front doorstep? And what can a home worker do to shut that door?
The new ransomware trends
Last year, Trend Micro detected over 61 million ransomware-related threats, a 10% increase from 2018 figures. But things have only gotten worse from there. There has been a 20% spike in ransomware detections globally in the first half of 2020, rising to 109% in the US. And why is that?
At a basic level, ransomware searches for and encrypts most of the files on a targeted computer, so as to make them unusable. Victims are then asked to pay a ransom within a set time frame in order to receive the decryption key they need to unlock their data. If they don’t, and they haven’t backed-up this data, it could be lost forever.
The trend of late, however, has been to focus on public and private sector organizations whose staff are working from home (WFH). The rationale is that remote workers are less likely to be able to defend themselves from ransomware attacks, while they also provide a useful stepping-stone into high-value corporate networks. Moreover, cybercriminals are increasingly looking to steal sensitive data before they encrypt it, even as they’re more likely to fetch a higher ransom for their efforts than they do from a typical consumer, especially if the remote employee’s data is covered by cyber-insurance.
Home workers are also being more targeted for a number of reasons:
|
|
What’s the attack profile of the remote working threat?
In short, the bad guys are now looking to gain entry to the corporate network you may be accessing from home via a VPN, or to the cloud-hosted systems you use for work or sharing files, in order to first steal and then encrypt company data with ransomware as far and wide as possible into your organization. But the methods are familiar. They’ll
|
|
How can I prevent ransomware when working from home?
The good news is that you, the remote worker, can take some relatively straightforward steps up front to help mitigate the cascading risks to your company posed by the new ransomware. Try the following:
|
|
How Trend Micro can help
In short, to close the cyber front door to ransomware, you need to protect your home network and all your endpoints (laptops, PCs, mobile devices) to be safe. Trend Micro can help via
|
|
With these tools, you, the remote worker, can help shut the front door to ransomware, protecting your work, devices, and company from data theft and encryption for ransom.
The post Ransom from Home – How to close the cyber front door to remote working ransomware attacks appeared first on .
According to Statista, 3.5 billion people worldwide are forecasted to own a smartphone by the end of 2020. These connected devices allow us to have a wealth of apps and information constantly at our fingertips – empowering us to remain in constant contact with loved ones, make quick purchases, track our fitness progress, you name it. Hackers are all too familiar with our reliance on our smartphones – and are eager to exploit them with stealthy tricks as a result.
One recent example of these tricks? Suspicious text messages claiming to be from USPS. According to Gizmodo, a recent SMS phishing scam is using the USPS name and fraudulent tracking codes to trick users into clicking on malicious links.
Let’s dive into the details of this scheme, what it means for users, and what you can do to protect yourself from SMS phishing.
To orchestrate this phishing scheme, hackers send out text messages from random numbers claiming that a user’s delivery from USPS, FedEx, or another delivery service is experiencing a transit issue that requires urgent attention. If the user clicks on the link in the text, the link will direct them to a form fill page asking them to fill in their personal and financial information to “verify their purchase delivery.” If the form is completed, the hacker could exploit that information for financial gain.
However, scammers also use this phishing scheme to infect users’ devices with malware. For example, some users received links claiming to provide access to a supposed USPS shipment. Instead, they were led to a domain that did nothing but infect their browser or phone with malware. Regardless of what route the hacker takes, these scams leave the user in a situation that compromises their smartphone and personal data.
While delivery alerts are a convenient way to track packages, it’s important to familiarize yourself with the signs of phishing scams – especially as we approach the holiday shopping season. Doing so will help you safeguard your online security without sacrificing the convenience of your smartphone. To do just that, follow these actionable steps to help secure your devices and data from SMiShing schemes:
Be skeptical of text messages claiming to be from companies with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check on your delivery status or contact customer service.
Many spammers send texts from an internet service in an attempt to hide their identities. Combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device by navigating to Settings, clicking on Spam protection, and turning on the Enable spam protection switch. Learn more about how you can block robotexts and spam messages on your device.
Prepare your mobile devices for any threat coming their way. To do just that, cover these devices with an extra layer of protection via a mobile security solution, such as McAfee Mobile Security.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Special Delivery: Don’t Fall for the USPS SMiShing Scam appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.
Thanks to her recent starring roles, American actress Anna Kendrick has found herself at the top of McAfee’s 2020 Most Dangerous Celebrities list.
The Top Ten Most Dangerous Celebrities
You probably know Anna Kendrick from her popular roles in films like “Twilight,” Pitch Perfect,” and “A Simple Favor.” She also recently starred in the HBO Max series “Love Life,” as well as the 2020 children’s film “Trolls World Tour.” Kendrick is joined in the top ten list by fellow actresses Blake Lively (No. 3), Julia Roberts (No. 8), and Jason Derulo (No. 10). Also included in the top ten list are American singers Mariah Carey (No. 4), Justin Timberlake (No. 5), and Taylor Swift (No. 6). Rounding out the rest of the top ten are American rapper Sean (Diddy) Combs (No. 2), Kate McKinnon (No. 9), and late-night talk show host Jimmy Kimmel (No. 7).
Lights, Camera, Security
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows and movies to watch. However, people must understand that torrent or pirated downloads can lead to an abundance of cyberthreats. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.
Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
Refrain from using illegal streaming sites
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Protect your online safety with a cybersecurity solution
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Use parental control software
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.
2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, many of us have devoured digital content to entertain ourselves. But our love affair with online entertainment certainly hasn’t gone unnoticed by cybercriminals who have ‘pivoted’ in response and cleverly adapted their scams to adjust to our insatiable desire for content.
Cybercriminals are fully aware that we love searching for online entertainment and celebrity news and so devise their plans accordingly. Many create fake websites that promise users free content from a celebrity of the moment to lure unsuspecting Aussies in. But these malicious websites are purpose-built to trick consumers into sharing their personal information in exchange for the promised free content – and this is where many come unstuck!
McAfee, the world’s leading cybersecurity company, has researched which famous names generate the riskiest search results that could potentially trigger consumers to unknowingly install malware on their devices or unwillingly share their private information with cybercriminals.
And in 2020, English singer-songwriter Adele takes out the top honours as her name generates the most harmful links online. Adele is best known for smashing the music charts since 2008 with hit songs including ‘Rolling in the Deep’ and ‘Someone Like You’. In addition to her award-winning music, Adele is also loved for her funny and relatable personality, as seen on her talk show appearances (such as her viral ‘Carpool Karaoke’ segment) and concert footage. Most recently, her weight-loss and fitness journey have received mass media attention, with many trying to get to the bottom of her ‘weight-loss’ secrets.
Trailing Adele as the second most dangerous celebrity is actress and star of the 2020 hit show Stan ‘Love Life’ Anna Kendrick, followed by rapper Drake (no. 3), model and actress Cara Delevingne (no. 4), US TikTok star Charli D’Amelio (no. 5) and singer-songwriter Alicia Keys (no. 6). Rounding out the top ten are ‘Sk8r Boi’ singer Avril Lavigne (No. 7), New Zealand rising music star, Benee (no. 8), songstress Camila Cabello (no. 9), and global superstar, singer and actress Beyonce (no. 10).
Whether it was boredom or the fact that we just love a stickybeak, our love of celebrity news reached new heights this year with our many of us ‘needing’ to stay up to date with the latest gossip from our favourite public figures. Adele’s weight-loss journey (no.1), Drake’s first photos of ‘secret son’ Adonis (no. 4), and Cara Delevingne’s breakup with US actress Ashley Benson (no. 5), all had us Aussie fans flocking to the internet to search for the latest developments on these celebrity stories.
With many of us burning through catalogues of available movies and TV shows amid advice to stay at home, new release titles have definitely been the hottest ticket in town to stay entertained.
Rising to fame following her roles in ‘Twilight’ and musical comedy ‘Pitch Perfect’, Anna Kendrick (no. 2) starred in HBO Max series ‘Love Life’ which was released during the peak of COVID-19 in Australia, as well as the 2020 children’s film ‘Trolls World Tour’. R&B and pop megastar Beyonce (no. 10) starred in the 2019 remake of Disney cult classic ‘The Lion King’ and released a visual album ‘Black Is King’ in 2020.
While live concerts and festivals came to a halt earlier this year, many of us are still seeking music – both old and new – to help us navigate these unprecedented times. In fact, musicians make up 50% of the top 10 most dangerous celebrities – hailing from all genres, backgrounds and generations.
Canadian rapper Drake (No. 2) sparked fan interest by dropping his ‘Dark Lanes Demo Tapes’ album including hit songs ‘Chicago Freestyle’ and ‘Tootsie Slide’ that went massively viral on TikTok. New Zealand singer Benee also came out of the woodwork with viral sensations Supalonely and Glitter topping charts and reaching global popularity on TikTok.
Known for her enormously successful R&B/Soul music in the early 2000s, Alicia Keys (no. 6) released a string of new singles in 2020. Camila Cabello’s ‘Senorita’ duet with Canadian singer and now boyfriend Shawn Mendes, was Spotify’s most streamed song of 2019. The couple continued to attract copious attention as fans followed stories reporting on the lovebirds self-isolating together in Miami earlier this year.
Please don’t feel that getting caught by an ill-intentioned cybercrime is inevitable. If you follow these few simple tips, you can absolutely continue your love of online entertainment and all things celebrity:
If you are looking for new release music, movies or TV shows or even an update on your favourite celebrity then ALWAYS be cautious and only click on links to reliable sources. Avoid ‘dodgy’ looking websites that promise free content – I guarantee these sites will gift you a big dose of malware. The safest thing is to wait for official releases, use only legitimate streaming sites and visit reputable news sites.
Yes, illegal downloads are free but they are usually riddled with malware or adware disguised as mp3 files. Be safe and use only legitimate music streaming platforms – even if it costs a few bucks! Imagine how devastating it would be to lose access to everything on your computer thanks to a nasty piece of malware?
One of the best ways of safeguarding yourself (and your family) from cybercriminals is by investing in an comprehensive cybersecurity solution like McAfee’s Total Protection. This Rolls Royce cybersecurity package will protect you from malware, spyware, ransomware and phishing attacks. An absolute no brainer!
Kids love celebrities too! Parental control software allows you to introduce limits to your kids’ viewing which will help minimise their exposure to potentially malicious or inappropriate websites when they are searching for the latest new on TikTok star Charlie D’Amelio or go to download the latest Benee track.
I don’t know how my family of 6 would have survived this year without online entertainment. We’ve devoured the content from three different streaming services, listened to a record number of hours on Spotify and filled our heads with news courtesy of online news sites. And while things are looking up, it will be a while before life returns to normal. So, please take a little time to educate your family on the importance of ‘thinking before you click’ and the perils of illegal downloading. Let’s not make 2020 any more complicated!!
Stay safe everyone!
Alex x
The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.
I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – even car parts! And my story is not unique. Living with a pandemic has certainly meant we’ve had to adapt – but when it came to ramping up my online shopping so we could stay home and stay safe – I was super happy to adapt!
And research from McAfee shows that I am not alone. In fact, over 40% of Aussies are buying more online since the onset of COVID-19 according to the 2020 Holiday Season: State of Today’s Digital e-Shopper survey. But this where it gets really interesting as the survey also shows that nearly 1/3 of us (29%) are shopping online 3-5 days a week, and over one in ten consumers (11%) are even shopping online daily!! But with many online retailers offering such snappy delivery, it has just made perfect sense to stay safe and stay home!
With just over a month till Santa visits, it will come as no surprise that many of us are starting to prepare for the Holiday season by purchasing gifts already. Online shopping events such as Click Frenzy or the Black Friday/Cyber Monday events are often very compelling times to buy. But some Aussies have decided they want to get in early to secure gifts for their loved ones in response to warnings from some retailers warning that some items may sell out before Christmas due to COVID-19 related supply chain issues. In fact, McAfee’s research shows that 48% of Aussies will be hitting the digital links to give gifts and cheer this year, despite 49% feeling cyber scams become more prevalent during the holiday season.
McAfee’s research shows very clearly that the bulk of us Aussies are absolutely aware of the risks and scams associated with online shopping but that we still plan to do more shopping online anyway. And with many of us still concerned about our health and staying well, it makes complete sense. However, if there was ever a time to take proactive steps to ensure you are minimizing risks online – it is now!
McAfee’s specialist online threat team (the Advanced Threat Research team) recently found evidence that online cybercrime is on increase this year, with McAfee Labs observing 419 threats per minute between April to June 2020 – an increase of almost 12% over the previous quarter.
And with many consumers gearing up to spend up big online in preparation for the Holiday season, many experts are worried that consumers are NOT taking these threats as seriously as they should. McAfee’s research showed that between April to June 2020, 41% of 18-24 year olds have fallen victim to an online scam and over 50% of the same age group are aware of the risks but have made no change to their online habits.
At the risk of sounding dramatic, I want you to channel your James Bond when you shop online this holiday period. Do your homework, think with your head and NOT your heart and always have your wits about you. Here are my top tips that I urge you to follow to ensure you don’t have any unnecessary drama this Christmas:
Click on random, unsafe links is the best way of falling victim to a phishing scam. Who wants their credit card details stolen? – no one! And Christmas is THE worst time for this to happen! If something looks too good to be true – it probably is. If you aren’t sure – check directly at the source – manually enter the online store address yourself to avoid those potentially nasty links!
This is a no-brainer – where possible, turn this on as it adds another lay of protection to your personal data and accounts. Yes, it will add another 10 seconds to the log-in process but it’s absolutely worth it.
If you have a VPN (or Virtual Private Network) on your laptop, you can use Wi-Fi without any concern – perfect for online purchases on the go! A VPN creates an encrypted tunnel between your device and the router which means anything you share is protected and safe! Check out McAfee’s Safe Connect which includes bank-grade encryption and private browsing services.
Ensuring all your devices are kitted out with comprehensive security software which will protect against viruses, phishing attacks and malicious website is key. Think of it as having a guardian cyber angel on your shoulder. McAfee’s Total Protection software does all that plus it has a password manager, a shredder and encrypted storage – and the Family Pack includes the amazing Safe Family app – which is lifechanging if you have tweens and teens!
So, yes – please make your list and check it twice BUT before you dive in and start spending please take a moment to ask yourself whether you are doing all you can to minimise the risks when online shopping this year. And don’t forget to remind your kids too – they may very well have their eye on a large gift for you too!
Happy Christmas Everyone
Alex xx
The post Christmas Shopping 2020 appeared first on McAfee Blogs.
I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left my study – or changed out of my pyjamas!! Ssshhh!! Because it’s all happened online…
Of course, some of us embraced the benefits of the online world long before 2020 but the Pandemic forced almost everyone to replace our in-person activities and routines with online ones. New research from McAfee in their 2021 Consumer Security Mindset Report shows that 72% of Aussies made changes in their online activities last year out of convenience which makes complete sense!
But what’s so interesting is that now we have these super handy new online routines in place – we aren’t that keen to give them up! McAfee’s report shows that 76% of Aussies are planning on continuing with online banking, 59% of us want to keep connecting with friends and family online and 55% of us remain totally committed to online shopping! Hear, hear, I say! I am absolutely staying that course too!!
There’s no doubt that there is a lot of upside to managing our lives online but unfortunately there is also a downside – increased risk! The more time spent online, the greater the chance that we will be exposed to potential risks and threats such as phishing attacks, entering details into malicious websites or even becoming a victim of fraud.
McAfee’s research shows that we are aware of the risks of being online. In fact, 66% of us are concerned about the potential dangers of living our lives online with losing control of our financial data top of the list for the majority of us. And almost 2/3 (65%) of us are also worried about having our social media accounts hacked.
But pandemic life has meant that we are now a lot more comfortable with sharing information online. Whether it’s paperless transaction records, text and email notifications, opting to stay logged in or auto-populating forms with our credit card, this level of online sharing does make life so convenient but it can be a risky business! Why, I hear you ask? Because these conveniences usually only work when you share multiple pieces of your contact details. And the more you share, the greater your chance of being hacked or compromised. But the report was very clear – if we can make our online life more seamless then we are only too happy to share our key contact information! Oh dear!!
In addition to confessing that they don’t always take the necessary security precautions, Aussie consumers in McAfee’s report also admitted that they haven’t thought about why hackers might want their data. I don’t know how many people tell me that they don’t need to really bother with a lot of online precautions because they live a pretty boring life and don’t spend that much time online.
But this is a very dangerous way to think. Your online data is like a pot of gold to hackers. Not only can they use it to possibly steal your identity and try to empty your bank accounts but they can also on-sell it for a profit. But the majority of Aussies don’t stop to consider this with the research showing that 64% of Aussies have never considered just how valuable their online data is worth.
Hackers are ALWAYS on the lookout for new ‘up-to-date’ ways to exploit others for money. Don’t forget how quick they were to conjure up scams around COVID in early 2020 – it was just a matter of weeks before Aussies received phishing emails and malicious text messages with the aim of extracting personal information from vulnerable consumers.
But, encouragingly, 85% of Aussies said they would be far more proactive about managing their data if it could be traded as a currency.
The good news is that there are ways to secure your online life and minimise the risk of being hacked. Here are my top tips:
Yes, it might take a minute or 2 more, but using multi-factor authentication is an easy way to add an additional layer of security to protect your personal data and information. Commit to using it wherever it is offered!
If you live your life out & about like I do then you’ll be very tempted to use Wi-Fi. Using public Wi-Fi to conduct transactions, particularly financial ones is a big no-no! It takes keen hackers minimal effort to set up a fraudulent wi-fi service which could easily fool a busy person into connecting. Using a Virtual Private Network (or VPN) like McAfee® Safe Connect, is the best way of ensuring everything you share over Wi-Fi is safe and secure.
Browsing the internet with a tool like the McAfee WebAdvisor is a great way of ensuring dangerous malware is blocked if you click on a malicious link in a phishing email. You’ll have real peace of mind knowing you can manage your online life while someone looks out for you!
With 4 kids, 3 pets, 2 jobs – I know I could never get to the bottom of my ‘to-do’ lists without managing the bulk of it online. I often think I should send the internet an e-card at Christmas!! Of course, I understand why corners are cut and precautions are overlooked when we all feel so stretched for time. But just think about how much more time it would take if you were hacked and had to spend hours on the phone to your bank or if you had to reconfigure all your online accounts and social media platforms!!
So, you know what you need to do! Stay safe online everyone!
The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.
Over the last 12 months, technology has featured in our lives in a way I don’t think any of us would have predicted. Whether you were in lockdown, choosing to stay home to stay well or quite simply, out of other option – technology saved the day. It helped us work and learn from home, stay connected with friends and family, entertain ourselves, shop and essentially, live our lives.
For many parents, this was a real ‘aha’ moment. A moment when technology went from being an annoying distraction to incredibly critical to the functioning of our day to day lives. Of course, many of us had always considered technology to be useful to help us order groceries and check Facebook but to experience first-hand that technology meant life could go on during a worldwide pandemic was a real game changer.
Whether it was downloading video calling apps like Zoom or Facetime, setting up a Twitter account to get updates from the Health Department, using Google Doc to work collaboratively or experiencing what online gaming really is via a few sessions on the Xbox, 2020 means many parents had to get up to date, real fast! And you know what – that’s a good thing! I’ve had so many parents remark to me that they know finally understand why their kids are so enamoured with technology. There really is nothing like walking in someone’s shoes to experience their world!
I’m a big believer in parents taking the time to truly understand the world in which their kids exist. For years, I’ve advised parents to download and use the apps and games their kids play so they can understand the attraction and complexity of their kids’ digital life. Well, it may have taken a global pandemic, but I am delighted to report that, anecdotally at this stage, more parents are now embracing their kids’ online world.
When we first become enamoured with something, we often enter the ‘honeymoon’ phase. As a married woman of 28 years, this was many years ago for me!! The honeymoon phase is when everything is wonderful and rosy, and negatives are not always considered. And our relationship with technology can be much the same. And I’ve been there – there’s nothing quite so wonderful as discovering a new app or piece of software and almost being joyous at just how transformational it could be for your life. And this often means we gloss over or even ignore the risks because we are in love!!!
So, as Cybermum, I’m here to cheer you on and pat you on the back for embracing and using new apps and software. Yes, I’m very proud! But I also want to share with you just a few steps that you need to take to ensure you are not taking on any unnecessary risks with your new favourite app. Here are my top tips:
1. Passwords
Every app, online account or piece of software needs it own individual password. Yes, I know that it is a real pain, but it is one of the most important things you will do to protect yourself online. I’m a big fan of password managers that not only generate the most incredibly complex passwords for each of your accounts but remember them for you. McAfee’s password manager, True Key, is a free option which has completely helped me manage my 80 plus collection of passwords!! Very grateful!
2. Software Updates
The main purpose of a software update is to protect the user from security threats. Yes, you may also get some new features and possibly have a glitch or 2 removed but it is all about the user’s safety. So, if you don’t update your software, it’s a little like leaving windows open when you go out. And the longer you leave between updates – the more windows you leave open!
So, automate these updates if you can or schedule them in your diary. Why not earmark the first day of the month to check and see what you need to download to protect yourself? And don’t forget about your operating system on your phone or laptop too!
3. Be Wi-Fi Wary
Dodgy wi-fi is where so many people come unstuck. Regardless of what app or software you are using, anything you share via unsecured wi-fi could be intercepted by a hacker. So, if you find yourself using wi-fi regularly, you might want to consider a Virtual Private Network or VPN. A VPN creates an encrypted tunnel so anything you share via Wi-Fi cannot be intercepted. Genius, really! Check out McAfee’s Safe Connect for peace of mind.
So, please keep going! Keep exploring new ways technology can work for you in our new COVID world. But remember to take a break too. There is no doubt that technology has saved the day and has ensure we can all still function but there must be a balance too. So, walk the dog, play a board game or having a cuppa outside. Remember you manage the technology; it doesn’t manage you!
Till next time
Stay safe online.
Alex xx
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How 2020 Helped Parents Understand Their Kids’ Digital Lives appeared first on McAfee Blogs.
Cybercriminals go to great lengths to hack personal devices to gather sensitive information about online users. To be more effective, they make significant investments in their technology. Also, cybercriminals are relying on a tactic called social engineering, where they capitalize upon fear and urgency to manipulate unsuspecting device users to hand over their passwords, banking information, or other critical credentials.
One evolving mobile device threat that combines malware and social engineering tactics is called BRATA. BRATA has been recently upgraded by its malicious creators and several strains have already been downloaded thousands of times, according to a McAfee Mobile Research Team report.
Here’s how you can outsmart social engineering mind games and protect your devices and personal information from BRATA and other phishing and malware attacks.
BRATA stands for Brazilian Remote Access Tool Android and is a member of an Android malware family. The malware initially targeted users in Brazil via Google Play and is now making its way through Spain and the United States. BRATA masquerades as an app security scanner that urges users to install fake critical updates to other apps. The apps BRATA prompts the user to update depends on the device’s configured language: Chrome for English speakers, WhatsApp for Spanish speakers, and a non-existent PDF reader for Portuguese speakers.
Once BRATA infects a mobile device, it combines full device control capabilities with the ability to capture screen lock credentials (PIN, password, or pattern), capture keystrokes (keylogger functionality), and record the screen of the compromised device to monitor a user’s actions without their consent.
BRATA can take over certain controls on mobile phones, such as:
BRATA is like a nosy eavesdropper that steals keystrokes and an invisible hand that presses buttons at will on affected devices.
BRATA’s latest update added new phishing and banking Trojan capabilities that make the malware even more dangerous. Once the malware is installed on a mobile device, it displays phishing URLs from financial institutions that trick users into divulging their sensitive financial information. What makes BRATA’s banking impersonations especially effective is that the phishing URLs do not open into a web browser, which makes it difficult for a mobile user to pinpoint it as fraudulent. The phishing URLs instead redirect to fake banking log-in pages that look legitimate.
The choice to impersonate banks is a strategic one. Phishers often impersonate authoritative institutions, such as banks and credit card companies, because they instill fear and urgency.
Social engineering methods work because they capitalize on the fact that people want to trust others. In successful phishing attacks, people hand cybercriminals the keys instead of the cybercriminal having to steal the keys themselves.
Awareness is the best defense against social engineering hacks. When you’re on alert and know what to look for, you will be able to identify and avoid most attempts, and antivirus tools can catch the lures that fall through the cracks.
Here are three tell-tale signs of a social engineering attack and what you should do to avoid it.
Just because an app appears on Google Play or the App Store does not mean it is legitimate. Before downloading any app, check out the number of reviews it has and the quality of the reviews. If it only has a few reviews with vague comments, it could either be because the app is new or it is fake. Also, search the app’s developer and make sure they have a clean history.
Never click on links if you are not sure where they redirect or who sent it. Be especially wary if the message surrounding the link is riddled with typos and grammar mistakes. Phishing attempts often convey urgency and use fear to pressure recipients to panic and respond too quickly to properly inspect the sender’s address or request. If you receive an urgent email or text request concerning your financial or personal information, take a deep breath and investigate if the claim is legitimate. This may require calling the customer service phone number of the institution.
Just like computers, mobile devices can be infected with viruses and malware. Protect your mobile device by subscribing to a mobile antivirus product, such as McAfee Mobile Security. McAfee Mobile Security is an app that is compatible with Android devices and iPhones, and it protects you in various ways, including safe surfing, scanning for malicious apps, and locating your device if it is lost or stolen.
The post Beware of BRATA: How to Avoid Android Malware Attack appeared first on McAfee Blogs.
It’s easy to imagine where we would be without women in technology.
We’d be poorer for it.
With Mother’s Day upon us, I couldn’t help but think once more about the stark employment figures I shared in my International Women’s Day blog just a few weeks ago. Millions of women have involuntarily left the workforce at a much higher rate than men during the pandemic—with roughly one third of women in the U.S. aged 25-44 citing that childcare was the reason for that unemployment.
Reflecting on this further, I thought about the women in technology who’ve left their positions during this past year. It’s a loss of talent and capability that’s set back decades of advances by trailblazing women who not only shine in their field yet also do so in male-dominated realms of study, research, and employment.
So as we look ahead to recovery, we should also look back. By celebrating just a few of the women in technology who shaped our world today, women who truly are “mothers of invention,” perhaps we can remember just how vital women are in our field—and how we should double down on our efforts to welcome them back.
Imagine a time when the term “software engineering” wasn’t recognized, even though it was crucial to us landing on the moon.
Such were the days when Margaret Hamilton began her work at Massachusetts Institute of Technology (MIT) as a job to support her family while her husband went to law school at Harvard. This was in 1959 and would introduce her to Edward Lorenz, the father of chaos theory, and put her on the path to help humanity set its first footsteps on the moon.
It was her work and her code that developed a software-driven system that warned astronauts of in-flight emergencies, an advance she credits her young daughter for inspiring, as recounted in this interview:
Often in the evening or at weekends I would bring my young daughter, Lauren, into work with me. One day, she was with me when I was doing a simulation of a mission to the moon. She liked to imitate me – playing astronaut. She started hitting keys and all of a sudden, the simulation started. Then she pressed other keys and the simulation crashed … I thought: my God – this could inadvertently happen in a real mission.
I suggested a program change to prevent a prelaunch program being selected during flight. But the higher-ups at MIT and NASA said the astronauts were too well trained to make such a mistake. Midcourse on the very next mission, Apollo 8, one of the astronauts on board accidentally did exactly what Lauren had done. The Lauren bug! It created much havoc and required the mission to be reconfigured. After that, they let me put the program change in, all right.
When you search online, you have this woman to thank.
A true pioneer, Karen Spärck Jones worked at Cambridge, during which time she developed the algorithm for deriving a statistic known as “term frequency–inverse document frequency” (TFIDF). In lay terms, TFIDF determines how important a word is relative to the document or collection of terms in which it is found. Sound familiar? It should, as her work forms the basis of practically every search engine today.
Spärck Jones remained outspoken with regards to what she referred to as “professionalism” in technology. This had two layers: the first being the technical efficacy of a solution, the second being the rationale for even doing it in the first place. In her words,
“[T]o be a proper professional you need to think about the context and motivation and justifications of what you’re doing … You don’t need a fundamental philosophical discussion every time you put finger to keyboard, but as computing is spreading so far into people’s lives you need to think about these things.”
Her vision for computing and her hands-on work led to development of COBOL, a programming language still in use today. Driving that vision was the belief that human language could be used as the basis for a programming language, making it more accessible, particularly for business use. The result was the FLOW-MATIC programming language, which was later developed into COBOL, a language that is estimated to be used in 95% of ATM card swipes.
During her time as a naval officer, she helped transform centralized Defense Department systems into smaller, distributed networks akin to the internet we now know and use. At her retirement near the age of 80, she went to work in the private sector where she held the role of full-time senior consultant until her passing at age 85. This 1983 profile of her, aired when she was 76, is certainly worth a watch.
Quite plainly, Perlman’s work paved the way for the routing protocols that underpin the modern internet.
Prior to Perlman’s work, as networks grew and accordingly became more complex, data would often flow into loops that prevented them from reaching their intended destination. Enter her creation of the Spanning Tree Protocol (STP), which can handle large clouds of computers and network devices. While its since evolved, the concept of an adaptive network remains squarely in place.
Another advance of hers was introducing computer programming to young children aged 3 to 5 back in the 1970s. While working at MIT’s LOGO Lab, she created TORTIS (Toddler’s Own Recursive Turtle Interpreter System), which used buttons from programming and allowed for experimentation with a robotic turtle that would follow a toddler’s commands. In the abstract for her paper that documented the work, she emphasized what she felt was a vital point, “Most important of all, it should teach that learning is fun.”
These women have led and inspired, and likewise it’s on all of us in technology to build on the advances they made possible through both our work and the workplace cultures we foster—particularly as we begin our recovery from this pandemic.
One of the many reasons I’m proud to be a part of McAfee is our Women in Security (WISE) community. It’s truly a forward-thinking program, which we introduced to enrich and support women in the tech sector through mentorship programs and professional development conferences. It’s one of the several, tangible ways we actively strive for a vibrant and diverse culture at McAfee.
Another powerful voice for women in tech is AnitaB.org, which supports women in technical fields, as well as the organizations that employ them and the academic institutions training the next generation. A full roster of programs help women grow, learn, and develop their highest potential.
And for looking forward yet further, there’s Girls Who Code, which is building the next generation of female engineers and technologists. Their data shows why this is so vital. They found that 66 percent of girls aged six to 12 show interest in computing, but that drops to 32 percent for girls aged 13 to 17, and then plummets to only 4 percent for college freshmen. Accordingly, they support several programs for school-aged girls from third grade up through senior year of high school, help educators and communities launch clubs, and advocate for women in their field through their work in public policy and research.
And that’s just for starters. For an overview of yet more organizations where you can get involved, check out this list of 16 organizations for women in tech—all of which help us realize a better world with women in technology.
The post The Mothers of Invention: Women Who Blazed the Trail in Technology appeared first on McAfee Blogs.
Google’s Android operating system has been a boon for the average consumer. No other operating system has given so much freedom to developers and hardware manufacturers to make quality devices at reasonable prices. The number of Android phones in the world is astounding. That success comes with a price, however.
A recent report from our own McAfee Mobile Research team has found malicious apps with hundreds of thousands of downloads in the Google Play store. This round of apps poses as simple wallpaper, camera filters, and picture editing, but they hide their nature till after they’ve been installed on your device.
Figure 1. Infected Apps on Google Play
On the bright side, Google Play performs a review for every app to ensure that they are legitimate, safe, and don’t contain malware before they’re allowed on the Play store. However, enterprising criminals regularly find ways to sneak malware past Google’s security checks.
Figure 2. Negative reviews on Google Play
When developers upload their apps to the Play store for approval, they have to send supporting documents that tell Google what the app is, what it does and what age group it’s intended for. By sending Google a “clean” version of their app, attackers can later get their malicious code into the store via a future update where it sits and waits for someone to download it. Once installed, the app contacts a remote server, controlled by the attackers, so it can download new parts of the app that Google has never seen. You can think of it as a malware add-on pack that installs itself on your device without you realizing it. By contacting their own server for the malware files, attackers sneak around Google security checks and can put anything they want on your device.
The current round of malware we’re seeing hijack your SMS messages so they can make purchases through your device, without your knowledge. Through a combination of hidden functionality and abuse of permissions like the ability to read notifications, that simple looking wallpaper app can send subscription requests and confirm them as if it were you. These apps will regularly run up large bills through purchasing subscriptions to premium rate services. The more troubling part is how they can read any message that you receive, possibly exposing your personal information to attackers.
To start, a comprehensive and cross-platform solution like McAfee Total Protection can help detect threats like malware and alerts you if your devices have been infected. I’d also like to share some tips our Research team has shared with me.
Before you hit that install button, take a good look at an app’s reviews. Do they look like they were written by real people? Do the account names of the reviewers make sense? Are people leaving real feedback, or are the majority of comments things like, “Works great. Loved it.” with no other information?
Scammers can easily generate fake reviews for an app to make it look like people are engaging with the developers. Look out for vague reviews that don’t mention the app or what it does, nothing but five-star reviews, and generic sounding account names like, “girl345834”. They’re probably bots, so be wary.
Search for the app developers’ company and see if they have a website. Having a website doesn’t guarantee an app is legitimate, but it’s another good indicator of how trustworthy a company’s app is. Through their website, you should be able to find out where their team is based, or at least some personal information about the company. If they’re hiding that information, or there’s no site at all, that might be a good sign to try a different app.
A lot of malicious apps offer features that your phone already provides, like a flashlight or photo viewer. Unless there’s a very specific reason why you need a separate app to do something your device already does, it’s not recommended to use a third-party app. Especially if it’s free.
App permissions must be clearly stated on the app’s page in order to get into the Google Play store. They’re found near the bottom of the page, along with developer information. Check the permissions every app asks for before you install it and ask yourself if they make sense. For example, a photo editor doesn’t need access to your contacts list, and wallpapers don’t need to have access to your location data. If the permissions don’t make sense for the type of app, steer clear.
Mobile devices are vulnerable to malware and viruses, just like your computer. By installing McAfee protection to your mobile device, you can secure your mobile data, protect your privacy, and even find lost devices.
Android is one of the most popular operating systems on the planet, which means the rewards for creating malware for Android devices are well worth it. It’s unlikely that Android malware is going away any time soon, so staying safe means being cautious with the things you install on your devices.
You can protect yourself by installing McAfee Total Protection on your mobile device and reading the permissions apps ask for when you install them. There’s no good reason for a wallpaper app to have SMS permissions, but that request should ring some alarm bells that something isn’t right and stop you from installing it.
The post Fraudulent Apps that Automatically Charge you Money Spotted in Google Play appeared first on McAfee Blogs.
Social media is a great place to connect with friends and family. Unfortunately, it is also a great place for misinformation to run rampant, and it is a virtual treasure chest for cybercriminals to steal personal information. Over 25 million Canadians own a social media account, and more than 80% of the Canadian population is expected to be on social media by 2025.
Check out this roundup of common social media scams so you can network intelligently, spot misinformation, and stop its spread.
The classic saying of “Don’t believe everything you see on TV” applies neatly to “Don’t believe everything you read on social media.” There is a resurgence of false news reports circulating on social media surrounding COVID-19 and the vaccine. For example, 5G aiding the spread of the virus and the preventive properties of garlic are just two of the rumors about COVID-19.
Misinformation leads to chaos and is a major threat to public health. Before you reshare a post or article, it is great to take a few minutes to digest the message, determine if it is true, and ask yourself if friends and family would genuinely benefit if they heard the news it carries.
There are a few tell-tale signs of fake news posts. First, they often try to inspire extreme emotions, such as rage and indignation, to prompt people to share immediately. Next, fake news reports are frequently poorly written and vague about where they received their information. Always try to find the primary source for “facts.” In the case of COVID-19 news, all health tips should be sourced from a licensed medical professional.
If you are ever in doubt about the facts, especially when they deal with public health, do not share the post. Instead, leave the reporting to trained medical professionals. Consult the World Health Organization and the Public Health Agency of Canada or direct your network to #ScienceUpFirst for the latest and most accurate reports about COVID-19 and the vaccine.
There was a recent data leak at Facebook, and the contents of about half a billion accounts were posted on a hacking website, including 3.49 million Canadian accounts. Hackers can get a lot of mileage out of just one social media profile because it contains all the greatest hits of information needed to verify an identity.
Most profiles list your real full name, birthday, your relationship status, your hometown, and contact information. Also, hackers can skim a user’s posting history to find even more personal details. Many social media users have posted at one time or another a “get to know you” post, where they list many revealing facts. These posts are a pot of gold to cybercriminals. They are basically lists of possible answers to security questions: Where did you go to primary school? What was the model of your first car? What is the name of your favorite stuffed animal?
Another recent trend that can make you vulnerable in case of a data leak is posting COVID-19 vaccine cards. Social media users are excited to share the big milestone of getting their first shot. What they might not realize is that vaccine cards contain vital personal information that could be used by malicious actors. There are alternative ways to share the happy news. Instead, post a picture of the fun bandage the nurse put on your arm or take a selfie outside of the vaccination center.
It is a shame that what you share on social media can be turned against you by cybercriminals, but that does not mean you have to stop sharing details about your life. Instead of posting personal details online that could be used maliciously in the event of a data leak, think about creating an exclusive email newsletter or secure group chat for your closest friends and family.
There is a major thrill when you think you have won something; however, if you receive a notification on social media that you have won a contest, reserve your excitement until you have confirmed its legitimacy. Be especially wary if you do not remember entering a contest.
Contest scams are a type of social engineering tactic used by cybercriminals. Social engineering relies on people’s tendency to trust others. Cybercriminals often capitalize upon extreme emotions, like fear, urgency, and in this case excitement, to trick unsuspecting people into hastily giving up sensitive information.
Phishing is also common in contest scams. Social media users may receive a message that they have won a giveaway and to click on a link to claim their prize. Luckily, easy-to-spot signs of a phishing message include poor grammar, misspellings, and a sense of urgency. Always approach these types of messages with caution. Instead of clicking on any of the links, hover your cursor over them to see where they redirect. If the redirect site URL is suspicious and contains misspellings, steer clear.
If you ever receive a notification on social media that you have won a prize, remain skeptical until you have verified the authenticity. Locate the organization’s official social media page (which you can likely find on their website), and direct message them for more details.
With all of these common scams floating about and waiting to strike, check out these tips to network safely.
The joy of social media is sharing your everyday life with your friends and family. It is fun to have dozens of people wish you a happy birthday on your profile, but consider removing the year of your birthday. Also, consider removing your phone number, home address, and email address from your profile. If a friend or family member wants to get in touch with you, they can personally direct message you. Cybercriminals can take your contact information and full birthday and use it to steal your identity, so it is best not to post it online.
While you may want to share the latest news with your networks, do not share information that you are not sure is true. According to Statistics Canada, only half of Canadians investigated the accuracy of COVID-19 social media posts before they reshared. Do your due diligence and be a part of the solution, not part of the problem.
Even if you are a diligent and intelligent social media user, there is a chance that you could accidentally click on a phishing link. In case this happens, you should have a backup plan to safeguard your devices and your personal information from viruses and malware. Protect your devices with a comprehensive antivirus program, such as McAfee Total Protection. You can rest assured that if you or a member of your family accidentally opens a malicious link, your devices will be safe.
The post Beware of Social Media Scams appeared first on McAfee Blogs.
When gyms were forced to close last year, you likely looked for other ways to get some exercise and stay active during quarantine. From investing in a few pairs of dumbbells or perhaps downloading an app or two to help you track your workouts, you found alternatives to help you break a sweat. As an accessible, easy way to release endorphins, running quickly grew in popularity along with the platforms that help runners stay accountable. According to Runner’s World, there was a 34% uptick in outdoor miles logged by common fitness apps between March and September 2020 compared to the same stretch in 2019. But are these tools potentially endangering your privacy?
According to TechCrunch, running apps could potentially threaten your security if the data they collect ends up in the wrong hands. Let’s explore the functionalities of these apps and how they could pose a threat to your online safety.
Running apps are solid companions for advanced and amateur runners alike, allowing you to track the length of your run and set a pace for yourself. These apps learn a lot about you the more you use them by gathering health data like your height and weight and even your location. But similar to the threats that exist when you overshare on other online platforms, this data could pose a serious threat to your privacy. For example, location data could identify where you live or where you work – information that you definitely wouldn’t want in the hands of a stranger. If a cybercriminal is able to hack into your account, they could exploit this information to commit identity theft or craft a phishing email disguised as your employer.
Additionally, many of these apps lack basic security measures to prevent hackers from breaking into accounts or from health and fitness data from spilling out. For example, many popular running apps allow the most basic passwords like “qwerty” and “password.” Oftentimes, hackers automate their attacks by targeting accounts with easy-to-crack passwords like the ones mentioned. This allows them to exploit the most accounts with as little effort as possible. Furthermore, these apps do not have the option to set up two-factor authentication, which creates an additional barrier to prevent hackers from exploiting reused passwords.
No matter where you are in your fitness journey, it is essential to take the necessary precautions to minimize the risks of the platforms you use to hold yourself accountable – running apps included. If you are looking to hit your stride while keeping security and privacy top of mind, follow these tips:
Your password is your first line of defense, so it is important that you use one that is strong and unique to your other account credentials. If a hacker does manage to guess your password for one of your online accounts, it is likely they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel slightly more at ease knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
You can also use a password manager to help you create strong passwords, remove the hassle of remembering numerous passwords, and log on to websites automatically.
Some running apps are configured to publicly share user data by default. After you download an app, spend some time researching how to change these settings so your data is not shared with strangers without your permission.
If your running app of choice does undergo any security updates, make sure that they are installed as soon as possible. Developers actively work to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections. The easiest way to do this is to enable automatic software updates on your mobile device.
Next time you go for a run with your location services on, think again about what risks this poses to your virtual security and your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. This will help prevent hackers from using your location as a vehicle to invade your privacy.
Since the data collected on running apps involves sensitive health and location information, it is worth reviewing the privacy policies for all of the fitness platforms you regularly use to see how your data might be affected. To ensure that you can keep moving toward your fitness goals while protecting your online safety, stay educated on the tools you use to track your progress and implement the necessary security measure to do so with security in mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Remain Secure While Using Running Apps appeared first on McAfee Blogs.
Many have seamlessly transitioned their fitness regimens out of the gym and into the living room since the start of the COVID-19 pandemic, thanks in part to the use of IoT devices. IoT (Internet of Things) denotes the web of interconnected physical devices embedded with sensors and software to collect and share information via the internet. The most common IoT devices used for virtual fitness include wearable fitness trackers and stationary machines equipped with digital interfaces. As effective as these devices are for facilitating a great workout, many do not realize the risks they pose for their online security. According to McAfee Labs Threats Report, new IoT malware increased by 7% at the start of the pandemic. There are various steps that users can take to continue using these devices securely without compromising performance. But first, it’s essential to understand why these devices are vulnerable to cyber-attacks.
IoT devices are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are exposed to the same vulnerabilities, namely malware and cyber-attacks.
One reason why IoT devices are so vulnerable is due to their update structure, or lack thereof. IoT devices lack the stringent security updates afforded to laptops or mobile phones. Because they do not frequently receive updates—and in some cases, never—they do not receive the necessary security patches to remain consistently secure.
What’s worse, if the developer goes out of business, there is no way to update the existing technology vulnerabilities. Alternatively, as newer models become available, older devices become less of a priority for developers and will not receive as many updates as their more contemporary counterparts.
Without these updates, cybercriminals can hack into these devices and taking advantage of the hardware components that make them a significant risk to users. For example, they can track someone’s location through a device’s GPS, or eavesdrop on private conversations through a video camera or audio technology.
IoT devices with unpatched vulnerabilities also present an easy entry point through which hackers can penetrate home networks and reach other devices. If these devices do not encrypt their data transmission between different devices and servers, hackers can intercept it to spoof communications. Spoofing is when a hacker impersonates a legitimate source, the back-end server or the IoT device in this case, to transmit false information. For instance, hackers can spoof communications between a wearable fitness tracker and the server to manipulate the tracking data to display excessive physical activity levels. They can then use this data for monetary gain by providing it to insurance companies and 3rd party websites with financial incentive programs.
Hackers can also exploit device vulnerabilities to spread malware to other devices on the same network to create a botnet or a web of interconnected devices programmed to execute automated tasks. They can then leverage this botnet to launch Distributed Denial of Service (DDoS) or Man in the Middle attacks.
Whether you own an IoT device to monitor your health or physical performance, it is essential to take the necessary precautions to minimize the risks they present to digital security. Here are a few tips to keep in mind when incorporating your device into your fitness routine.
Default names and passwords are low-hanging fruit for hackers and should be the first thing you address when securing your router. Default router names often include the make or model of the manufacturer. Changing it will reduce a hacker’s chance of infiltrating your home network by making the router model unidentifiable. Further, follow password best practices to ensure your router password is long, complex, and unique.
Next, make sure you enable the highest level of encryption which includes Wi-Fi Protected Access 2 (WPA2) or higher. Routers with older encryption protocols such as WPA or Wired Equivalent Privacy (WEP) are more susceptible to brute force attacks, where hackers will attempt to guess a person’s username and password through trial and error. WPA2 and higher encryption methods ensure that only authorized users can use your same network.
Lastly, create a guest network to segment your IoT devices from your more critical devices like laptops and mobile phones. If a hacker infiltrates your IoT devices, the damage is contained to the devices on that specific network.
Updates are critical because they go beyond regular bug fixes and algorithmic tweaks to adjust device software vulnerabilities.
Make it a point to stay on top of updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss pertinent news or information that may impact you. Additionally, make sure to update the app corresponding to your IoT device. Go into your settings and schedule regular updates automatically, so you do not have to update manually.
Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have a grade A track record for providing high-security products?
Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties. Do they have privacy policies in place to protect their users’ data under PIPEDA regulation?
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect
Next time you go for a run with geolocation activated on your smartwatch, think again about what risks this poses to your virtual security and even your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. In doing so, you ensure that hackers cannot utilize them as a foothold to invade your privacy.
IoT devices have made in-home exercise routines possible, given their increase in availability and ease of use. However, despite their capabilities for optimizing the fitness experience, the nature of these devices has made them one of many threats to personal privacy and online safety. For an elevated fitness experience beyond a great workout, start securing your IoT devices to integrate them into your everyday exercise routine safely.
The post Don’t Sweat Your Security: How to Safely Incorporate IoT Into Your Fitness Routine appeared first on McAfee Blogs.
Today’s technology allows you to complete various tasks at the touch of a button wherever you go. As a result, you place trust in online services that make everyday chores more convenient without second-guessing their effects. One such service is online banking. More Canadians are doing their banking virtually with over 76% using online or mobile devices. Despite the extensive measures that banks take to strengthen their online security, no system is fail-safe. It is extremely important to practice proper security habits and be on the lookout for online fraud to ensure the safety of your financial information.
According to the Canadian Bankers Association (CBA), banks in Canada use sophisticated technology and layers of security to help protect customers from fraud when doing their banking online or using a mobile banking app. Although online banking is generally safe, it does provide cybercriminals with a potentially lucrative opportunity. Some scammers turn to phishing techniques to trick people into handing over their sensitive personal information. They call, text, or email you claiming to be a representative from your bank and state that they noticed some unusual activity related to your account. The imposters then ask you to click on a link in the email or text message to verify your credentials. Unfortunately, this “verification link” is actually a phishing link, and cybercriminals can use the password or credit card details to walk right into your account.
Once cybercriminals gain access to your password and username, they may then move on to credential stuffing. Credential stuffing occurs when an attacker inserts the username and password for one account into the login page of another online service. This tactic capitalizes on the fact that many people reuse the same username and password across multiple accounts.
Hackers also use phishing to spread malware onto the devices you use to access online banking services. These suspicious emails and text messages disguised as notifications from your bank could contain malicious links or attachments that trick you into downloading malware on your device. Furthermore, attackers mimic banking and money transfer institutions to collect your credentials and access your sensitive information.
The convenience of paying bills and depositing checks without running to the bank or post office is undeniable. Everyone is always rushing about, so if you’re now doing these things online securing your online privacy is not a responsibility to speed through.
It’s important that you put your privacy first when using online and mobile banking platforms so you can use these convenient services without jeopardizing your financial accounts. Follow these tips to enhance your online banking security:
Review your bank’s terms and conditions to understand your responsibilities as the account owner and the responsibilities of your bank. Check your accounts regularly for transactions you didn’t make and contact your financial provider as soon as you find an error. Most banks have policies that reimburse you for unauthorized purchases if someone uses your credit card without your permission.
Look at the recommendations provided by your bank, for example, CIBC recommends using longer passwords for your bank account that include a combination of uppercase, lowercase, numbers, and special characters. Additionally, do not reuse this password across your other accounts. If a hacker guesses your password for one of your online accounts, it’s likely that they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel secure knowing that the majority of your data is secure if one of your accounts becomes vulnerable. If you’re worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.
Always opt-in for two- or multi-factor authentication if your financial institution offers it. This is a method of signing in that requires not only a username and password but also a one-time code that is sent by text or email. This extra layer of verification makes it much harder for a criminal to access your sensitive accounts.
From splitting the check when eating out with friends to dividing the cost of bills, third-party mobile payment apps are an incredibly easy way to share money. Before downloading these apps, do your research. Ensure that the company behind the app or the app itself hasn’t undergone any major security incidents and that they have a history of patching bugs immediately. If you decide to download a mobile payment app, set your account to private and limit the amount of data you share. Additionally, look for the lock icon in your web browser when logging in to online banking platforms. A closed lock or padlock indicates that the website you’re on is secure.
Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. These mistakes include spelling or grammar errors throughout the email or text message, using a company’s logo with the incorrect aspect ratio or low resolution, and using a URL with typos. For example, phishers may swap an “o” with a zero, or end the address with “.con” instead of “.com.” If you receive a message with any of these characteristics, do not click on any of the links and delete it immediately.
Never conduct your banking business on a public or unsecured wi-fi network. Connect to a virtual private network (VPN), which allows you to send and receive data while encrypting your information. When your data traffic is scrambled, it’s shielded from prying eyes, which protects your network and the devices connected to it.
While online banking adds a wealth of convenience to your lives, it’s important that you remain invested in your security first and foremost. Cybercriminals often take advantage of your reliance on digital platforms to disguise themselves as bank representatives and trick you into handing over your personal data. To remain secure while online banking, practice good cybersecurity hygiene by using strong, unique passwords, multi-factor authentication, and stay vigilant while looking for signs of phishing. These tips will help elevate your financial security so you can virtually bank with peace of mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Elevate Your Financial Security: How to Safely Bank Online appeared first on McAfee Blogs.
In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth when compared to Q1 2020, putting Apple in fourth place in the global PC market share. It is safe to say that Macs are well-loved and trusted devices by a significant portion of the population — but just how safe are they from a security perspective?
Many users have historically believed that Macs are untouchable by hackers, giving Apple devices a reputation for being more “secure” than other PCs. However, recent attacks show that this is not the case. According to TechCrunch, a new malware called XCSSET was recently found exploiting a vulnerability that allowed it to access parts of macOS, including the microphone, webcam, and screen recorder — all without consent from the user.
Let’s dive deeper into how XCSSET works.
Researchers first discovered XCSSET in 2020. The malware targeted Apple developers and the projects they use to build and code apps. By targeting app development projects, hackers infiltrated apps early in their production, causing developers to unknowingly distribute the malware to their users.
Once the malware is running on a user’s device, it uses multiple zero-day attacks to alter the machine and spy on the user. These attacks allow the hacker to:
While macOS is supposed to ask users for permission before allowing any app to record the screen, access the microphone or webcam, or open the user’s storage, XCSSET can bypass all of these permissions. This allows the malware to sneak in under the radar and inject malicious code into legitimate apps that commonly ask for screen-sharing permissions such as Zoom, WhatsApp, and Slack. By disguising itself among these legitimate apps, XCSSET inherits their permissions across the computer and avoids getting flagged by macOS’s built-in security defenses. As a result, the bug could allow hackers to access the victim’s microphone, webcam, or capture their keystrokes for login credentials or credit card information.
It is unclear how many devices were affected by XCSSET. Regardless, it is crucial for consumers to understand that Mac’s historical security reputation does not replace the need for users to take online safety precautions. The following tips can help macOS users protect themselves from malware:
Software developers are continuously working to identify and address security issues. Frequently updating your devices’ operating systems, browsers, and apps is the easiest way to have the latest fixes and security protections. For example, Apple confirmed that it addressed the bug exploited by XCSSET in macOS 11.4, which was made available on May 24th, 2021.
Hackers often use phishing emails or text messages as a means to distribute malware by disguising their malicious code in links and attachments. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message. This will allow you to confirm the sender’s legitimacy.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool to help identify malicious websites.
Regardless of whether you are Team PC or Team Mac, it is important to realize that both platforms are susceptible to cyberthreats that are constantly changing. Doing your research on prevalent threats and software bugs puts you in a better position to protect your online safety.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blogs.
There used to be a time when one roommate split the cost of rent with another by writing a check. Who still owns a checkbook these days? Of course, those days are nearly long gone, in large part thanks to “peer to peer” (P2P) mobile payment apps, like Venmo, Zelle, or Cash App. Now with a simple click on an app, you can transfer your friend money for brunch before you even leave the table. Yet for all their convenience, P2P mobile payment apps could cost you a couple of bucks or more if you’re not on the lookout for things like fraud. The good news is that there are some straightforward ways to protect yourself.
You likely have one of these apps on your phone already. If so, you’re among the many. It’s estimated that 70% of adults in the U.S. use mobile payment apps like these. And chances are that you have more than just the one. Only 25% of adults in the U.S. use just a single payment app.
Yet with all those different apps come different policies and protections associated with them. So, if you ever get stuck with a bum charge, it may not always be so easy to get your money back.
With that, here are seven quick tips for using your P2P mobile payment apps safely.
In addition to securing your account with a strong password, go into your settings and set up your app to use a PIN code, facial ID, or fingerprint ID. (And make sure you’re locking your phone the same way too.) This provides an additional layer of protection in the event your phone is stolen or lost and someone, other than you, tries to make a payment with it.
What’s worse than sending money to the wrong person? When paying a friend for the first time, have them make a payment request for you. This way, you can be sure that you’re sending money to the right person. With the freedom to create account names however one likes, a small typo can end up as a donation to a complete stranger. To top it off, that money could be gone for good!
Another option is to make a test payment. Sending a small amount to that new account lets both of you know that the routing is right and that a full payment can be made with confidence.
Bye, bye, bye! Unlike some other payment methods, new mobile payment apps don’t have a way to dispute a charge, cancel a payment, or otherwise use some sort of recall or retrieval feature. If anything, this reinforces the thought above—be sure that you’re absolutely making the payment to the right person.
Credit cards offer a couple of clear advantages over debit cards when using them in association with mobile payment apps (and online shopping for that matter too). Essentially, they can protect you better from fraud:
Report any activity like this immediately to your financial institution. Timing can be of the essence in terms of limiting your liabilities and losses. For additional info, check out this article from the Federal Trade Commission (FTC) that outlines what to do if your debit or credit card is stolen and what your liabilities are.
Also, note the following guidance from the FTC on payment apps:
“New mobile apps and forms of payment may not provide these same protections. That means it might not always be easy to get your money back if something goes wrong. Make sure you understand the protections and assurances your payment services provider offers with their service.”
It’s sad but true. Crooks are setting up all kinds of scams that use mobile payment apps. A popular one involves creating fake charities or posing as legitimate ones and then asking for funds by mobile payment. To avoid getting scammed, check and see if the charity is legit. The FTC suggests researching resources like Better Business Bureau’s Wise Giving Alliance, Charity Navigator, Charity Watch or, GuideStar.
Overall, the FTC further recommends the following to keep yourself from getting scammed:
With so much of your life on your phone, getting security software installed on your it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, shopping, and payments secure.
The post Avoid Making Costly Mistakes with Your Mobile Payment Apps appeared first on McAfee Blogs.
[Disclaimer: The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.]
Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with. With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet. They add malicious apps disguised as Netflix and Spotify to the bike in the hopes that unsuspecting users will enter their login credentials for them to harvest for other cyberattacks. They can enable the bike’s camera and microphone to spy on the device and whoever is using it. To make matters worse, they can also decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive information. As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched.
That’s a potential risk that you no longer have to worry about thanks to McAfee’s Advanced Threat Research (ATR) team. The ATR team recently disclosed a vulnerability (CVE-2021-3387) in the Peloton Bike+, which would allow a hacker with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote root access to the Peloton’s tablet. The hacker could install malicious software, intercept traffic and user’s personal data, and even gain control of the Bike’s camera and microphone over the internet. Further conversations with Peloton confirmed that this vulnerability is also present on Peloton Tread exercise equipment; however, the scope of our research was confined to the Bike+.
As a result of COVID-19, many consumers have looked for in-home exercise solutions, sending the demand for Peloton products soaring. The number of Peloton users grew 22% between September and the end of December 2020, with over 4.4 million members on the platform at year’s end. By combining luxury exercise equipment with high-end technology, Peloton presents an appealing solution to those looking to stay in shape with a variety of classes, all from a few taps of a tablet. Even though in-home fitness products such as Peloton promise unprecedented convenience, many consumers do not realize the risks that IoT fitness devices pose to their online security.
IoT fitness devices such as the Peloton Bike+ are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are susceptible to the same kind of vulnerabilities, and their security should be approached with a similar level of scrutiny.
Following the consumer trend in increasing IoT fitness devices, McAfee ATR began poring over the Peloton’s various systems with a critical eye, looking for potential risks consumers might not be thinking about. It was during this exploratory process that the team discovered that the Bike’s system was not verifying that the device’s bootloader was unlocked before attempting to boot a custom image. This means that the bike allowed researchers to load a file that wasn’t meant for the Peloton hardware — a command that should normally be denied on a locked device such as this one. Their first attempt only loaded a blank screen, so the team continued to search for ways to install a valid, but customized boot image, which would start the bike successfully with increased privileges.
After some digging, researchers were able to download an update package directly from Peloton, containing a boot image that they could modify. With the ability to modify a boot image from Peloton, the researchers were granted root access. Root access means that the ATR team had the highest level of permissions on the device, allowing them to perform functions as an end-user that were not intended by Peloton developers. The Verified Boot process on the Bike failed to identify that the researchers tampered with the boot image, allowing the operating system to start up normally with the modified file. To an unsuspecting user, the Peloton Bike+ appeared completely normal, showing no signs of external modifications or clues that the device had been compromised. In reality, ATR had gained complete control of the Bike’s Android operating system.
The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021. The discovery serves as an important reminder to practice caution when using fitness IoT devices, and it is important that consumers keep these tips in mind to stay secure while staying fit:
Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss news that may affect you. Additionally, make sure to update mobile apps that pair with your IoT device. Adjust your settings to turn on automatic software updates, so you do not have to update manually and always have the latest security patches.
Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have an excellent reputation for providing secure products? Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties.
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect.
Protect your data from being compromised by stealthy cybercriminals by using an identity theft solution such as the one included in McAfee Total Protection. This software allows users to take a proactive approach to protecting their identities with personal and financial monitoring, as well as recovery tools.
If you are one of the 4.4 million Peloton members or use other IoT fitness devices, it is important to keep in mind that these gadgets could pose a potential security risk just like any other connected device. To elevate your fitness game while protecting your privacy and data, incorporate cybersecurity best practices into your everyday life so you can confidently enjoy your IoT devices.
As stated, McAfee and Peloton worked together closely to address this issue. Adrian Stone, Peloton’s Head of Global Information Security, shared that “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important. To keep our Members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”
Peloton is always looking for ways to improve products and features, including making new features available to Members through software updates that are pushed to Peloton devices. For a step-by-step guide on how to check for updated software, Peloton Members can visit the Peloton support site.
The post Is Your Peloton Spinning Up Malware? appeared first on McAfee Blogs.
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.
Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey showed that up to half of people interviewed in Japan, Australia, and the U.S. do so as well, while nations like the UK and Germany trailed at 31% and 23% respectively.
Whether these figures trend on the low or high end, the security implications remain constant. A smartphone loaded with business and personal data makes for a desirable target. Hackers target smartphones because they’re often unprotected, which gives hackers an easy “in” to your personal information and to any corporate networks you may use. It’s like two hacks with one stone.
Put simply, as a working professional with a smartphone, you’re a high-value target.
As both a parent and a professional, I put together a few things you can do to protect your smartphone from hacks so that you can keep your personal and work life safe:
First up, the basics. Locking your phone with facial ID, a fingerprint, pattern or a pin is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it, which doubles your line of defense.
Or, put another way, don’t hop onto public Wi-Fi networks without protection. A VPN masks your connection from hackers allowing you to connect privately when you are on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, you’ll know that your sensitive data, documents, and activities you do are protected from snooping, which is definitely a great feeling given the amount of personal and professional business we manage with our smartphones.
Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data like passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them. Malicious apps and counterfeits can still find their way into stores, and here are a few ways you can keep those bad apps from getting onto your phone.
Backing up your phone is always a good idea for two reasons:
Both iPhones and Android phones have straightforward ways of backing up your phone regularly.
Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While that last bit about wiping the phone seems like a drastic move, if you maintain regular backups as mentioned above, your data is secure in the cloud—ready for you to restore. In all, this means that hackers won’t be able to access you, or your company’s, sensitive information—which can keep you out of trouble and your professional business safe. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
We all download apps, use them once, and then forget they are on our phone. Take a few moments to swipe through your screen and see which ones you’re truly done with and delete them along with their data. Some apps have an account associated with them that may store data off your phone as well. Take the extra step and delete those accounts so any off-phone data is deleted.
The reason for this is that every extra app is another app that needs updating or that may have a security issue associated with it. In a time of data breaches and vulnerabilities, deleting old apps is a smart move. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option. Updates not only introduce new features to apps, but they also often address security issues too.
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, your shopping, and payments secure.
The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.
Over the last year, our relationship with digital technology has changed completely, and probably irrevocably. The pandemic has been bruising in many different ways, but it has been clear from the very start how important the internet has been as a tool to help us through it. Even just a few years ago, the behavioural shifts it enabled would not have been possible. From offices running on videoconferencing, to essential retail moving online, to digitally-delivered healthcare, many online tools that were once seen as promising growth areas or quality-of-life improving luxuries have come into their own as vital parts of everyday life.
Every big change in how we use technology, however, is followed sooner or later by a development in how we approach security and safety. This was true when the emergence of personal computers and ATMs led to education campaigns around the importance of PIN and password vigilance. It was true when the commoditisation of internet access created the need for consumer antivirus protection. It was even true when the automobile was first introduced, with cities rushing to introduce traffic signaling to manage that new high-speed flow.
Soon, then, we should expect to see another step in our collective attitude to security and privacy. What will that look like? For me, it should rest on a new sense of what is being protected, and new expectations about how that protection happens.
To explain why, it’s worth understanding what the process of finding and fixing cybersecurity issues looks like. The first line of defence against attacks always happens during product development, when coders and engineers try to ensure that what they are creating is not vulnerable. The nature of cybersecurity, however, is that some problems will inevitably occur in finished products. That’s why there are also teams of people who analyse these products, independently testing whether they are truly safe.
At McAfee, our enterprise Advanced Threat Research (ATR) team has a long history and a strong track record of doing this testing. Often, the ATR team’s work is very similar to what people might imagine when they think of a ‘cybersecurity researcher’: it’s unpicking highly complex systems and tracing international criminal organisations responsible for attacks.
A lot of this work is much closer to home, though, and increasingly it deals with finding vulnerabilities not just in apps and computers, but in devices that few would think of as being a potential risk. The rise of the smart home means that many household items, from luxuries like exercise machines to basics like wall clocks, can also be internet-connected computers, tapping into the network to make life easier and better in a myriad of ways.
The ‘internet of things’, or IoT, has been a tech catchphrase for a long time, but it’s now a daily consumer reality too, with thermostats and air conditioners, security cameras and door locks, fridges and coffee machines all offering enhanced experiences through online connectivity. The security challenge lies in the fact that most people would view items like these just as a thermostat or as a door lock – not as a computer which requires protection. How, after all, do you install an antivirus service on a fridge?
Combined with the increase of online activity we’ve all experienced over the last year, this requires more than widening consumers’ current thinking about security to include more devices. It requires a whole new approach. When the average household had one or two computers, it made sense to think of cybersecurity in terms of protecting the device. When any item in a home could also be an internet access point, we need to start thinking instead in terms of protecting people and families.
A big part of that will be expecting more of the companies who design and supply these devices. When the ATR team – or another threat research team – finds a flaw in a consumer device, step one is always to contact the manufacturer and work with them to fix it before malicious actors spot the opportunity. Many businesses behave responsibly, responding openly and collaboratively, developing a solution, and rolling it out as quickly as possible. Not all businesses are so conscientious. How businesses react to security problems should be a much bigger part of how we choose what to purchase.
Going back to the car, the traffic light was not the final safety innovation we saw. Over the last century, growing regulations and awareness led to a situation where, today, purchasers are likely to inspect a vehicle’s safety ratings before handing over their cash. In just the same way, attitudes to cybersecurity need to keep evolving – and soon, we may even be asking car manufacturers about how they respond to vulnerability disclosures.
The pandemic was a leap forward in how far digitalised our lives have become. Companies and customers alike now need to think carefully about what we need to talk about when we talk about making our online lives safe, secure, and private.
The post Homes, Not Just Devices: The New Consumer Cybersecurity appeared first on McAfee Blogs.
Today we wrap up Mobile World Congress (MWC) 2021. Whether you joined online or attended the hybrid conference in person, one thing is certain: today’s groundbreaking technology is paving the way for our future connectivity. Fittingly, the theme of this year’s event was Connected Impact, representing the role mobile connectivity plays in an ever-changing world, where flexibility and adaptability are critical. Here are four of the key consumer takeaways from this year’s conference:
COVID-19 truly put the power of online connectivity to the test. While 2020 was supposed to be the year of 5G connectivity, this was put on pause as the world faced social and financial uncertainty. Instead, the spotlight fell on legacy technologies to create a new normal for users. Consumers quickly had to figure out how to live their best lives online — from working from home to distance learning to digitally connecting with loved ones.
To help foster online connectivity for all, 5G must step back into the spotlight. Although publicly available 5G networks have been around for two years, it is unlikely that many users see much of a difference between 5G and LTE. For users to feel the impact of 5G, mobile carriers must expand the frequencies at the low and high ends of the spectrum, which is where 5G networks operate.
Qualcomm led the 5G announcements on Monday with the unveiling of its second-generation Qualcomm 5G RAN Platform for Small Cells (FSM200xx). This platform brings major enhancements to radio frequencies and is designed to take millimeter wave performance to more places: indoors, outdoors, and around the globe. According to Qualcomm, these advancements aim to facilitate greater mobile experiences and accelerate 5G performance and availability to users everywhere— thus reshaping opportunities for homes, hospitals, offices and more.
Technology and connectivity played a crucial role in our daily lives in 2020—and therefore, unsurprisingly, spending on health and wellness tech grew by 18.1%. But now, we must ask ourselves what role technology will play post-lockdown.
While they did not have a physical appearance at MWC this year, Samsung provided a sneak of their new wearables: they introduced the One UI Watch user experience, a new interface designed to make the Galaxy Watch and smartphone experience more deeply connected. Samsung also announced its expanded partnership with Google, promising to deliver better performance, longer battery life, and a larger ecosystem of apps to the Galaxy Watch. Although they did not unveil any hardware at MWC, Samsung did ensure that users can expect to see new devices like the Galaxy Z Fold 3 and the Galaxy Watch 4 at their Galaxy Unpacked event happening in July/August of 2021.
2020 also shone a bright light on the key role technology plays in the consumption and distribution of creative arts and entertainment. Lockdown put an even greater responsibility on streaming platforms — and the devices they are accessed on — to deliver content right to people’s homes.
To help meet entertainment consumption needs, Lenovo announced not one, not two, but five new Android tablets during MWC. Its largest tablet is the Yoga Tab 13, which features a built-in kickstand, 13-inch display with 2,160 x 1,350 resolution, up to 12 hours of battery life, and more. Lenovo is pitching this model as its “portable home cinema,” perfect for streaming on the go. It also unveiled the Yoga Tab 11 and the Tab P11 Plus, which are expected to be available in EMEA in July following the Yoga Tab 13’s June release date. For users hoping for a more compact, budget-friendly device, Lenovo also announced the Lenovo Tab M8 and the Lenovo Tab M7. Whichever model you select, one thing it certain — digital devices have and will continue to be instrumental in consumer entertainment.
These exciting announcements are a great representation of what the future holds for mobile technology and greater connectivity. The advancements in mobile connectivity have already made a positive impact on consumer lifestyles, but the rise in popularity of these devices has also caught the attention of cybercriminals looking to exploit consumers’ reliance on this technology.
More time spent online interacting with various apps and services simultaneously increases your chance of exposure to cybersecurity risks and threats. Unsurprisingly, cybercriminals were quick to take advantage of the increase in connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware and more. For users to continue to live a connected life, they will need to take greater care of their online safety and ensure that security is top-of-mind in any given situation. Taking these precautions will provide greater peace of mind in the new mobile-driven world.
The post The Future of Mobile: Trends from Mobile World Congress 2021 appeared first on McAfee Blogs.
Families are hitting the road again. And it’s absolutely no surprise that they’re taking their smartphones with them. Perhaps what is surprising is that so many of them may be hitting the road without any digital or mobile protection.
Our recent research shows that 68% of people in the U.S. said that they’re planning to travel for leisure this year, slightly higher than the international average of 64%.1 However, our research also discovered that nearly half of them don’t use mobile security software to protect themselves or their smartphones.
That lack of protection is a concern, particularly as our April 2021 Threats Report detected a more than 100% increase in attacks aimed at mobile devices. It makes sense that such is the case, as the pandemic led to increased adoption of online activities like banking, shopping, and even doctor visits via telemedicine—often straight from our smartphones.
However, our smartphones can be as vulnerable as any other device (like our computers). Accordingly, with the volumes of valuable data that those activities create on our smartphones, cyber crooks were sure to follow.
The good news is that you can indeed enjoy all of that mobile convenience without worry, even on vacation. No doubt many travelers will do some online banking or even some online food ordering while they’re out and about. Likewise, their kids will be online for stretches of that time too, whether it’s on chat apps like Snapchat, social media like Instagram and TikTok, games like Fortnite and Among Us, or streaming videos. Go ahead, do it all. Just make sure you’re protected before you hit the road.
With that, add mobile protection to your packing list. I’ve put together a shortlist of straightforward things you can do that will help you and your kids stay safe online while on the road this summer.
While the tips above are great for the whole family, the following additional steps are what you can take to protect your children even further:
Tracking your child’s smartphone not only allows you to find it easily if it’s lost or stolen but can also put you at ease by knowing where your child is. Yet it’s important to use location tracking selectively. Not every app needs location tracking to work as intended, even though many apps ask for permission to enable it. Go into the phone’s settings and disable the location features on an app-by-app basis. For example, a weather app doesn’t need your child’s second-by-second location information to work properly, nor should a gaming app need it at all. Likewise, photos taken on a phone can embed location information that can be easily read when shared, revealing plenty about when and where it was taken. In all, enable the location services for only the most necessary of apps like maps.
Use travel as a time to reset
Recent research shows that tweens spend nearly five hours on their screens each day, while teenagers push that up to more than seven hours a day. Some staycation time is a good time to pare back those hours and enjoy the local scenery, even if for a short stretch. You can use your travel time as well to re-establish your phone rules. That way, vacation stays entertaining but doesn’t affect the habits you set into effect back home.
Above and beyond security settings and software, there’s you. Get in the habit of talking with your child for a sense of what they’re doing online. As a mom, I like to ask them about their favorite games, share some funny TikTok clips or cute photos with them, and generally make it a point to be a part of their digital lives. It’s great, because it gives you peace of mind knowing what types of things they are doing or interactions they are having online.
For those of you hitting the road in the coming weeks, enjoy your travels, wherever they take you!
The post Travel Smart: Protecting Your Family’s Smartphones While on Vacation appeared first on McAfee Blogs.
The COVID-19 pandemic forced many of us to quickly adjust to the new normal — case and point, admitted that they switched to digital activities like online banking, social networking, and online shopping in 2020 out of convenience. Research now shows that consumers’ reliance on this technology is here to stay. PwC found that 44% of global consumers now shop more using their smartphones compared to when COVID-19 began. While having the world at your fingertips is convenient, how does this digital lifestyle change expose users to cyber threats, especially attacks on mobile devices?
It’s no secret that cybercriminals tend to manipulate their attacks based on the current trends set by technology users. As you reflect on how increased connectivity affected your everyday life, it’s important to ask yourself what could be lurking in the shadows while using your mobile devices. With more of us relying on our devices there’s plenty of opportunities for hackers. This begs the question, what does mobile security look like in a post-pandemic world?
In addition to the increased adoption of digital devices, we had to figure out how to live our best lives online – from working from home to distance learning to digitally connecting with loved ones. And according to McAfee’s 2021 Consumer Security Mindset Report, these online activities will remain a key part of consumers’ post-pandemic routines. But more time spent online interacting with various apps and services simultaneously increases your chance of exposure to cybersecurity risks and threats. Unsurprisingly, cybercriminals were quick to take advantage of this increase in connectivity. McAfee Labs saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware, and more. New mobile malware also increased by 71%, with total malware growing nearly 12% from July 2019 to July 2020. As consumers continue to rely on their mobile devices to complete various tasks, they will also need to adapt their security habits to accommodate for more time spent online.
Here at McAfee, we recognize that the way you and your family live your digital lives has changed. We want to help empower you to protect your online security in your hyper-connected lifestyle. To help provide greater peace of mind while using your mobile devices, follow these tips to help safeguard your security.
When setting up a new device or online account, always change the default credentials to a password or passphrase that is strong and unique. Using different passwords or passphrases for each of your online accounts helps protect the majority of your data if one of your accounts becomes vulnerable. If you are worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.
Remember to physically lock your mobile devices with a security code or using facial recognition as well. This prevents a criminal from unlocking your device and uncovering your personally identifiable information in the event that your phone or laptop is stolen.
Multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by hackers who may have uncovered your credentials.
Hackers tend to lurk in the shadows on public Wi-Fi networks to catch unsuspecting users looking for free internet access on their mobile devices. If you have to conduct transactions on a public Wi-Fi network, use a virtual private network (VPN) like McAfee® Safe Connect to help keep you safe while you’re online.
Be skeptical of text messages claiming to be from companies with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check your account status or contact customer service.
Some cybercriminals send texts from internet services to hide their identities. Combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device by navigating to Settings, clicking on “Spam protection,” and turning on the “Enable spam protection” switch. Learn more about how you can block robotexts and spam messages on your device.
Prepare your mobile devices for any threat coming their way. To do just that, cover these devices with an extra layer of protection via a mobile security solution, such as McAfee Mobile Security.
COVID-19 changed our relationships with our digital devices, but that does not mean we have to compromise our online security for convenience. Incorporating these tips into your everyday life can help ward off mobile cyber threats and stay a step ahead of hackers.
The post The Future of Mobile in a Post-COVID World & How to Stay Secure appeared first on McAfee Blogs.
Among the many major shifts in lifestyle during the COVID-19 pandemic, the way we used healthcare was one of the most significant. Providers limited in-person visits, elective procedures were delayed, and we avoided hospitals. In response, we went online and started using telehealth and other virtual solutions in ways we never had before.
Our latest consumer mindset survey confirms this was more than a passing trend, showing an almost 50% rise since the beginning of the pandemic in the use of PCs and Mobile devices to access health information, meet virtually with health care providers, and manage prescriptions. Survey respondents also showed they adapted by increasing their usage of smart fitness devices, like Fitbits, to track their personal health.
Navigating the healthcare system and accessing more of our services through the web means more of our personal information is now online. From patient intake forms to test results, a great deal of data about our health, including confidential information like vaccination records, is potentially available. Survey respondents confirmed that they shared and accessed their personal health information across the internet, despite 1/3 or more of respondents having concerns for their privacy and security of their personal information.
This trend hasn’t gone unnoticed by cybercriminals. In fact, the US Department of Health and Human Services is currently investigating nearly 800 health-related data breaches impacting nearly 60 million individuals. All of which is to say that telehealth advances may help us avoid sitting in a doctor’s office, but we need to be more mindful about our security when using these new online services.
Despite the adoption of many telehealth and online health services, security was still a concern for many of our survey respondents. A majority said the primary reason they do not use smart devices for their personal health was because of privacy and security concerns. Fortunately, just as there is preventive medicine, there are also preventive cybersecurity measures we can take to keep our personal data safer online. Here are a few we recommend:
The shift to managing our health online comes with a few safety considerations, but by following the steps above, we can enjoy convenience and access to a healthier life online and off.
The post How to Make Telehealth Safer for a More Convenient Life Online appeared first on McAfee Blogs.
Depending on where your travels take you, you might need a new passport—a COVID-19 vaccine passport.
In an effort to kickstart travel and local economies, these so-called vaccine passports are more accurately a certificate. Such a “passport” can offer proof that the holder has been fully vaccinated against the virus, and there are several of these passports developing in the wings. With all of this in motion, I wanted to give families a look at what’s happening so that they can protect their privacy and identity online.
Broadly speaking, a vaccine passport works like this: information such as name, date of birth, date of vaccination, vaccination type, and vaccination lot number are used to create a digital certificate stored in a smartphone or a physical card. The holder can then offer up that proof of vaccination (or a recent negative test result) to businesses, travel authorities, and the like.
The notion of a vaccine passport has actually been around for a while now, such as the “Yellow Card” issued by the World Health Organization (WHO), which documents vaccination against diseases like cholera and yellow fever for travelers. Note that currently there’s no widely accepted standard for COVID-19 vaccine passports. What’s more, conversations continue around the concerns that come with documenting and sharing vaccine information securely. Understandably, it’s a complex topic.
As of this writing, the European Union has started issuing the “EU Digital Covid Certificate,” which allows its holders to travel throughout the EU freely without quarantine restrictions. The UK has its own version in the works, as do other nations in Asia, along with airline carriers too. In the U.S., “passports” appear to be in development on the state level, rather than on the federal level. For example, the state of New York has its Excelsior Pass program and California has its Digital COVID-19 Vaccine Record available to residents. Private airlines and air travel industry groups have launched their own efforts as well, such as the International Air Travel Association’s IATA Travel Pass.
How these passports are rolled out and how they get used will vary, yet vaccine passports may have an impact on the way people can travel as we recover globally from the pandemic. In some cases, they may even determine if people can attend large events that can help localities reboot their economies and public life in general (i.e., concerts, sporting events, and so on).
The development of vaccine passports and all the rules businesses and local authorities set around them may feel a bit out of our hands. However, in terms of your privacy and your family’s privacy, plenty is still very much in your hands. The common denominator across all these vaccine passports is the exchange of personal information—you and your family’s personal information. And where personal information is shared, hackers are sure to follow. This presents a perfect opportunity for you and your family to review your online privacy practices and close any gaps, whether you plan on traveling or not.
I put together a few things you can do to make sure that you and your family can navigate the future use of these passports with your privacy in mind:
What seems like an innocent celebration of your vaccination could put your personal information at risk. The information captured on these cards varies by nation, region, and locality, with some of the cards containing more information than others. However, even basic info such as birthday, vaccine manufacturer and lot number, location of immunization, or doctor’s name can provide the basis of a scam, such as a phishing email or phishing text message. Likewise, such information could get scooped up by a hacker and used to create phony vaccination credentials. Instead of posting that pic of you and your vaccine card, go with a happy selfie instead. And if you’ve already posted, go ahead and delete the image, better to remove it now and stay safe.
As mentioned above, the uncertainty around vaccine passports, and the general uncertainty around the latter days of the pandemic overall, creates opportunities for hackers and cybercrooks. Just as the early pandemic saw phony offers around miracle cures and today we’re seeing offers for phony vaccination cards, you can bet that scams revolving around vaccine passports will follow. The best advice here is to go to a trusted source for information, like the NHS in the UK or the American Medical Association in the U.S. Granted, cybercrooks will launch their phishing campaigns regardless. Here’s what to do if one heads your way:
In all, if someone is asking for any kind of personal or financial information via an email, text, instant message, or the like, chances are it’s a scam. For more, check out this article on how to spot the warning signs of a phishing attack.
In a time of data breaches large and small, checking your credit regularly is a wise move. Doing so will help you quickly spot issues and help you address them, as companies typically have a clear-cut process for dealing with fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and other nations like the UK have similar free offerings as well.
Do the same for your children. They’re targets too. High-value targets at that. Their credit reports are clean, which gives cybercrooks a blank slate to work with. Even more attractive is that child identity theft often goes long unnoticed until years later when the child gets older and rents an apartment or applies for their first credit card.
It’s that simple. Given that these vaccine passports will likely involve a digital certificate stored on a smartphone, app, or possibly other devices, protect them so you can protect yourself. Select comprehensive security software that will protect multiple devices so that everyone in your home is covered.
You can bet that rumors will abound as to who is issuing what “passport”, under what restrictions, and with what implications for traveling, dining out, and visiting shops. All of that amounts to plenty of falsehoods and scams that attempt to rob you of your privacy, identity, and even your money. Turn to trusted news sources known for their even-handed reporting, such as Reuters or the Associated Press, and get your information from there. Knowing what the facts about vaccine passports are in your locality will arm you against fear-based attacks.
A few months back, the FTC posted its own blog about sharing vaccine card photos. It’s a great read, in part because they used a helpful analogy to discuss privacy and identity theft:
Think of it this way — identity theft works like a puzzle, made up of pieces of personal information. You don’t want to give identity thieves the pieces they need to finish the picture.
Likewise, any vaccine passport you acquire will become yet another puzzle piece that you have to protect.
In all, with post-pandemic recovery measures evolving before our eyes, keep an eye on your family’s security. Don’t give away any snippets of info that could be used against you and stay on the lookout for the scams hitting the internet that play on people’s uncertainty and fears. COVID-19 passports may be entirely new, yet they give cybercrooks one more way they can play their old tricks.
The post COVID-19 Vaccine Passports: 5 Security Tips for You and Your Family appeared first on McAfee Blogs.
We’ve all been there. It’s the middle of the night and you wake up to a sad and sniffly kiddo shuffling into your room. Yup, looks like someone has a temperature. You phone the on-call doctor to make sure it’s nothing serious and then set an alarm so you can make an appointment when the office opens. Yet this time that doctor’s visit could go a little differently. It may not take place in the office at all. You may be offered a chance to see the doctor with a telemedicine visit.
Telemedicine has been in use for some time. For several years now, it’s connected patients to health care services using live video and sometimes special diagnostic tools that pass along information via the internet. Overall, it’s a way of going to the doctor without actually going to the doctor’s office. Historically, it’s done a great job of caring for people who live in remote locations and for people with ongoing conditions that need long-term monitoring.
That all changed last year. Telemedicine visits saw a big spike during the early days of the pandemic, partly to help keep the spread of the virus in check and to protect vulnerable patients. Even though that spike has since tapered off, one study found that about 40 percent of consumers in the U.S. say they’ll use telemedicine moving forward—and our own research from earlier this year put that worldwide figure at nearly 30 percent. Telemedicine seems to be taking root.
While telemedicine leaves many families with more healthcare options, it may leave them with a few more questions about their security as well. After all, our health data is a precious thing. In the U.S., HIPPA privacy standards protect our information and consultations with healthcare professionals. However, online visits add an entirely new dimension to that.
If your health care provider recommends a telemedicine visit for you or your child, it can be both a convenient and safe experience with a little prep on your part. With a few straightforward security measures lined up (some of which you may already have in place), you can make sure that everyone’s private health information will be safe and secure during your virtual visit.
A great first step for a safer telemedicine visit is to protect your devices with comprehensive security software. Like security software protecting you while you manage your finances, file your taxes online, and so forth, it will help protect you while sharing your private health information. Plus, it will give you plenty of other features that can help you manage your passwords, protect your identity, safeguard your privacy in general, and more.
Be sure to protect your tablets and smartphones while you’re at it, even if you’re not using them for telemedicine. With all the shopping and banking we do on those devices, it’s a smart move to protect them in addition to laptops and computers.
Your telemedicine visit may require setting up a new account and password, one that will add to your growing list considering all the banking, social media, and payment apps you probably use. Plus, there are the umpteen other passwords you have for your online shopping accounts, your children’s school records, your taxes, and so on. Don’t give into the temptation of re-using an old password or making a simple one. Hackers count on that, where stealing one password means stealing several—and gaining access to multiple accounts in one blow.
When you set up your account, use a strong, unique password. This may also be a good time to get a handle on all your passwords with a password manager. Also found in comprehensive security software, a password manager can create and securely store strong and unique passwords for you, which can keep you safe and make your day a little easier too.
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or simply having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private information difficult to collect.
Like many of the security steps, we’re talking about here, using a VPN offers benefits beyond telemedicine. A VPN is a must when using public Wi-Fi, like at airports and cafes, because it makes a public connection private (and safe from prying eyes). Additionally, it’s also great for use at home when taking care of sensitive business like your banking or finances.
If you’re searching for a telemedicine provider online, keep an eye out for sketchy links and scams. The sad thing with the increased use of telemedicine is that hackers have clued in and are looking for targets. One way you can stay safer is to use a web advisor with your browser that can identify potentially hazardous links and sites. Anti-phishing technologies in your security software can help as well by preventing email-based scams from reaching your inbox in the first place.
Even better than searching online, consider contacting your pediatrician or doctor’s office for a recommendation, as they can point out the best healthcare options for you and your concerns—and let you know if a telemedicine visit is the best course of action for you in the first place. This way, you can get comfortable with what your visit will look like, find out what special apps (if any) are used, and how your care provider will protect your privacy. Also, you can decide which device you will use and where you’ll use it so that you feel at ease during your virtual visit.
A reputable care provider will likely put all this pre-appointment information together for you on their website or “frequently asked questions” (FAQ) page, which will include helpful links and numbers to call if you need help or have questions. For an example of what that could look like, check out the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
We’ve talked plenty about digital security, yet there’s the old-fashioned issue of physical eavesdropping to think about too. When it’s time for your actual appointment, pick a place in your home where you can assure yourself some privacy. (Of course, don’t go online for your virtual appointment in a public place.) Look for a space where you can’t be overheard by neighbors and passers-by—preferably someplace like your bedroom where you can be comfortable as well. If your child has an appointment, let them know that this is like any other doctor’s visit and help them keep their voice down so they can keep their info private.
With telemedicine becoming more and more of an option for families, it’s just one of the many tools your doctor or pediatrician can use to keep you and your family well. So as always, if you have a health concern, call your doctor or pediatrician’s office for guidance. They’ll know the best path forward.
In the meantime, there are some great resources out there that can help you make the best decision about telehealth if the time comes. One really helpful article from the American Academy of Pediatrics helps parents get up to speed on telemedicine and outlines a few cases where a telemedicine visit might be right for your child.
With the sniffles, fevers, and plenty of, “Mom, I don’t feel so good …” comments that come along with parenthood, it’s nice to know that telemedicine gives us another tool we can use to keep our families well—one that’s ultimately up to you and your doctor to choose if it’s right for your child.
The post 6 Tips for a Safer and Easier Telemedicine Visit appeared first on McAfee Blog.
Mobile phones have gone through an incredible transformation since their inception in the 1970s. Now, the sheer number of applications is dizzying, as are their privacy policies; however, smartphone apps can bring hours of fun and belly laughs, and occasionally, a viral app captures the world’s attention. Don’t let potential risks to your personal information safety ruin all smartphone apps for you. All you need to share and play safely is a few tips to help you identify which apps are OK to use and how to navigate them intelligently.
Check out these four viral apps that may be putting your personal information at risk, plus a few tips that’ll help you enjoy smartphone apps safely.
Voilà AI Artist is a trending app that reimagines your face as a cartoon, caricature, or model of fine Renaissance art. Users can snap a selfie with the app or allow the app to access their photo library. According to WIRED, the app says it deletes users’ photos from its database in 24 to 48 hours, though it’s difficult to confirm that they aren’t stored.
Approach any app that could potentially use and store your likeness with caution. Deepfake technology is becoming more sophisticated and common by the day. Deepfakes are fabricated videos, images, or sound clips of every day or famous people based on real videos and images. Fake media impacts the victims whose likenesses are used because often the media is demeaning or incendiary. Voilà AI Artist hasn’t been suspected of any wrongdoing, but it’s best to be aware of how your face could be used to endorse something you don’t agree with.
Another face-altering app that could pose a risk to users’ privacy is FaceApp. Similar to Voilà AI Artist, it’s unclear what the app does with your likeness once you allow it to take your picture. FaceApp’s terms of use agreement outline that the selfies uploaded to the app belong to the app. From there, the app is free “to use, reproduce, modify, adapt, create derivative works from, distribute, perform, and display your User Content.” This line of fine print should make users pause. Again, users’ faces could be used in ways they wouldn’t normally agree to.
While the Pokémon Go craze of 2016 has greatly subsided, the next viral app that sweeps the world could replicate the security vulnerabilities the premise presents. Pokémon Go uses augmented reality, which is the kind of technology that makes it look like a Pokémon is strolling across your living room. The app can access your camera, as well as your contacts, pictures, chats, and location. It’s a blast exploring your neighborhood looking for animated critters and seeing nearby strangers’ profiles pop up on your map; however, be wary of sharing location data and images of the inside of your home with people you don’t know in real life.
TikTok may pose a risk to users’ data privacy. TikTok is under suspicion for using data mining tactics. Data mining is a practice where corporations harvest personal details from user-profiles and share them with advertising, marketing, and analytics companies. According to Business Insider, TikTok collects more than 50 kinds of data from users as young as 13 years old, including age, gender, location, and online habits. These facts are often used to create targeted ads that sometimes border on an invasion of privacy.
Check out these tips to make sure you’re prepared to use apps safely or help you decide to skip trends entirely.
The post 4 Viral Apps Risking Your Personal & Smartphone Security appeared first on McAfee Blog.
“My phone’s been hacked!” Words you probably don’t want to hear or say. Ever.
Your phone gets to be like an old friend after a while. You have things laid out the way you like, your favorite apps are at the ready, and you have the perfect home screen and wallpaper all loaded up. So, if you unlock your phone one day and notice that something is a little … off, you’ll know pretty quickly. And it could be a sign that your phone may be hacked.
It’s often pretty easy to tell when a piece of your tech isn’t working quite right. The performance is off, things crash, and so on. While there are several cases where there’s a legitimate technical issue behind that, it could also be the sign of a hacked device.
Many hacks and attacks involve the installation of malware on the device, which eats up system resources, creates conflicts with other apps, and uses your data or internet connection to pass along your personal information—all of which can make your smartphone feel a little off.
A few examples follow. Note that these may be signs of a hacked phone, yet not always.
A suddenly sluggish phone or one that simply can’t hold a charge anymore are often attributed to phones that are getting a little old (these things happen). Yet, those same behaviors can also be signs of a compromised phone. For example, malicious bitcoin miners can run in the background and cause all types of performance issues because they eat up battery life and take up resources that your phone could otherwise normally use. In a way, it’s like having a second person using your phone at the same time you are.
Similar to the performance issues mentioned above, malware or mining apps running in the background can burn extra computing power, battery life, and data. Aside from a performance hit, they can cause your phone to physically run hot or even overheat. So if your phone feels like it’s been sitting in the sun, this could be a sign that malware is present.
If you’re seeing more popup ads than usual or seeing them for the first time, it could be a sign that your phone has been hit with adware—a type of malicious app that hackers use to generate revenue by distributing ads without the consent of the user. Furthermore, those ads may be malicious in nature as well (which is a good reminder to never click on them). Such ads may lead to bogus products and services or pages designed to steal personal information. All in all, malicious adware is what hackers prop up to make money off unsuspecting people.
A potential telltale sign that your phone has been hacked is the appearance of new apps that you didn’t download, along with spikes in data usage that you can’t account for. Likewise, if you see calls in your phone bill that you didn’t make, that’s a warning as well.
Big red flag here. Like seeing an unknown charge or payment in your bank statement, this is a possible sign that a hacker has hijacked your phone and is using it to transfer data, make purchases, send messages, or make calls via your phone.
To help keep your phone from getting hacked in the first place, there are a few relatively easy steps you can take. Inside of a few minutes, you can find yourself much safer than you were before.
1. Use comprehensive security software on your phone. Over the years, we’ve gotten into the good habit of using this on our computers and laptops. Our phones? Not so much. Installing security software on your smartphone gives you the first line of defense against attacks, plus several of the additional security features mentioned below.
2. Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protected from others on that Wi-Fi hotspot.
3. Use a password manager. Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
4. Avoid public charging stations. Charging up at a public station seems so simple and safe. However, some hackers have been known to “juice jack” by installing malware into the charging station. While you “juice up,” they “jack” your passwords and personal info. So what to do about power on the road? You can look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and can prevent malware from a public charging station.
5. Keep your eyes on your phone. Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices and Google offers up a guide for Android users as well.
A phone that’s acting a little funny may indicate a run-of-the-mill tech issue, yet it could also be a tell-tale sign of a hack. At a minimum, following up on your gut instinct that something isn’t quite right can take care of a nagging tech issue. But in the event of a possible hack, it can save you the far greater headache of unauthorized charges and purchases, and even identity theft. If you spot a problem, it absolutely pays to take a closer look. Follow up with tech support for help, whether that’s through your device manufacturer, retailer, or your antivirus providers. They’ll help pinpoint the issue and get you on your way.
The post Help! I Think My Phone’s Been Hacked appeared first on McAfee Blog.
You may have heard the news that more than 300,000 Android users unknowingly downloaded banking trojan apps from the Google Play Store, malicious apps which bypassed the store’s security detections to install malware.
This news comes from a security report that found these trojans cleverly posed as apps that people commonly search for, such as QR code scanners, fitness apps, and a bevy of other popular types of utilities. In fact, these phony apps contain trojans that are designed to steal banking information, harvest keystrokes as you enter account info, and even grab screenshots of what you’re doing on your phone.
The trick with this malware is that it only activates after it is installed, which may or may not be apparent to the user. For the malware to activate, it requires an extra step, such as an in-app update (not through the Play Store), which then downloads the payload of malware onto the phone. In many cases, the bogus apps force users to make this update once the app is downloaded.
So, while the apps that appeared in the Play Store may not have contained malware, they deliver the payload onto the user’s phone post-purchase from other servers, which is a reason why these malicious apps have not been readily flagged.
All of this is just one more way hackers have found to infect smartphones with malware.
It’s no wonder that they target smartphones. They’re loaded with personal info and photos, in addition to credentials for banking and payment apps, all of which are valuable to loot or hold for ransom. Add in other powerful smartphone features like cameras, microphones, and GPS, and a compromised phone may allow a hacker to:
All of that adds up to one thing—a great, big “no thanks!”
So how do these sorts of malicious apps work? By posing as legitimate apps, they can end up on your phone and gain broad, powerful permissions to files, photos, and functionality—or sneak in code that allows cybercriminals to gather personal info. As a result, that can lead to all kinds of headaches, ranging from a plague of popup ads to costly identity theft.
Here are a few recent examples of malicious apps in the news:
Again, “no thanks!” So, let’s see about steering clear of malicious apps like these.
The good news is that there are ways you can spot these imposters. Major app marketplaces like Google Play and Apple’s App Store do their part to keep their virtual shelves free of malware, as reported by Google and Apple themselves. Still, cybercriminals can find ways around these efforts. (That’s what they do, after all!) So, a little extra precaution on your part will help you stay safer. These steps can help:
Another way cyber criminals weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. (Consider the long-running free flashlight app scams mentioned above that requested up to more than 70 different permissions, such as the right to record audio, video, and access contacts.) So, pay close attention to what permissions the app is requesting when you’re installing it. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that.
Additionally, you can check to see what permissions an app may request before downloading the app. In Google Play, scroll down the app listing and find “About this app.” From there, click “App permissions,” which will provide you with an informative list. In the iOS App Store, scroll down to “App Privacy” and tap “See Details” for a similar list. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permissions here, and Android can do the same here.
While some apps (like games) rely on downloadable content from within the app, look out for apps that prompt you for an immediate update directly from the app. For the most part, the app you download from the store should be the most recent version and not require an update. Likewise, update your phone through the app store, not the app itself, which can help you avoid malware-based attacks like these.
As with so many attacks, cybercriminals rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research, which may uncover a few signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Even better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
With all that we do on our phones, it’s important to get security software installed on them, just like we do on our computers and laptops. Whether you go with comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s iOS App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.
Hand-in-hand with installing security software is keeping your phone’s operating system up to date. Updates can fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks—it’s another tried and true method of keeping yourself safe and your phone running in tip-top shape.
Here are a few more things you can do:
Lastly, you can always ask yourself, “Do I really need this app?” One way to avoid malicious mobile apps is to download fewer apps overall. If you’re unsure if that free game is on the up-and-up or if the offer for that productivity app sounds a little too good, skip it. Look for a better option or pass on the idea altogether. As said earlier, cybercriminals really rely on us clicking and downloading without thinking. Staying on guard against mobile malware will cost you a few moments of your time, which is minimal compared to the potential costs of a hacked phone.
The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blog.
Some scams can make a telltale sound—rinnng, rinnng! Yup, the dreaded robocall. Not only are they annoying, but they can also hit you in the pocketbook.
In the U.S., unwanted calls rank as the top consumer complaint reported to the Federal Communications Commission (FCC), partly because scammers have made good use of spoofing technologies that serve up phony caller ID numbers. As a result, that innocent-looking phone number may not be innocent at all.
Whether the voice on the other end of the smartphone is recorded or an actual person, the intent behind the call is likely the same—to scam you out of your personal information, money, or both. Callers such as these may impersonate banks, government agencies, insurance companies, along with any number of other organizations that give them an excuse to demand payment, financial information, or ID numbers.
And some of those callers can sound rather convincing. Others, well, they’ll just get downright aggressive or threatening. One of the most effective tools these scam calls use is a sense of urgency and fear, telling you that there’s a problem right now and they need your information immediately to resolve whatever bogus issue they’ve come up with. That right there is a sign you should take pause and determine what’s really happening before responding or taking any action.
Whatever form these unwanted calls take, there are things you can do to protect yourself and even keep you from getting them in the first place. These five tips will get you started:
Okay, maybe you can file this one under “obviously.” Yet be aware that scammers excel at spoofing. They can make a call look like it’s local or just familiar enough. If you get caught off guard and answer a spammy call, hang up immediately. If you’re unsure about the number, you’re better off letting your voicemail screen the call for you. Picking up the phone to determine if a call is legit or not could help a scammer verify that you have a valid line, which could lead to more nuisance calls down the road.
So, let’s say you let an unknown call go through to voicemail. The call sounds like it’s from a bank or business with news of an urgent matter. If you feel the need to follow up, get a legitimate customer service number from a statement, bill, or website of the bank or business in question so you can verify the situation for yourself. Calling back the number captured by your phone or left in voicemail could play right into the hands of a scammer.
As you can see, scammers love to play the role of an imposter and will tell you there’s something wrong with your taxes, your account, or your bank statement. Some of them can be quite convincing, so if you find yourself in a conversation where you don’t feel comfortable with what’s being said or how it’s being said, hang up and follow up bank or business as called out above. In all, look out for pressure or scare tactics and keep your info to yourself.
Several nations provide such a service, effectively a list that legitimate telemarketers will reference before making their calls. While this may not prevent scammers from ringing you up, it can cut down on unsolicited calls in general. For example, the U.S., Canada, and the UK each offer do not call registries.
Many mobile carriers provide additional apps and services that can block unwanted calls, often as part of your smartphone’s service plan. There are third-party apps that do this as well. Yet do your research. You’ll want to see if those apps are legitimate and if they can effectively let “good” calls through without blocking them.
While security software and apps won’t block robocalls, they increase the security of your phone overall, which can protect both you and your data. You have a couple of options here. You can grab comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s App Store. This way, you’ll have malware, web, and device security that’ll help you stay safe on your phone in general.
Taken together, these steps can help you beat or outright block unwanted calls like robocalls—and be safer (and maybe less annoyed) as a result.
The post Smartphone Security: Five Steps Beating and Blocking Robocalls appeared first on McAfee Blog.
Take a roll call of all your devices that connect to the internet. These include the obvious ones – laptops, tablets, and your smartphone. But they also include the ones you may not immediately think about, such as routers, smart TVs and thermostats, virtual assistant technology, and connected fitness watches and equipment.
Each of these devices is known as an endpoint to you. To a cybercriminal, they’re an entry point into your online information. It’s important to secure every endpoint so that you can confidently go about your day-to-day without worrying about your security. Here’s the definitive device security checklist to get you on your way confidently and safely.
Laptops and desktops are prime entryways into your online life. Think of all the payment information, passwords, and maybe even tax documents you store on it. The best way to protect the contents of your laptops and desktops is to password-protect your computer with strong passwords or passphrases. Here are a few password and passphrase best practices:
Especially if you work at common spaces like coffee shops, the library, or even your kitchen table, get in the habit of putting your computer to sleep when you step away. Commit the sleep command shortcut to memory to make it less of a hassle. For example, on Mac computers, the keyboard command is command + option + eject, and for Windows, it’s alt + F4.
Speaking of common spaces, whenever you log in from a public Wi-Fi network, always log in with a virtual private network (VPN). A VPN scrambles your data, making it indecipherable to any malicious characters who may be lurking on public networks.
Multifactor authentication is another way to protect your valuable devices and accounts. This means that anyone trying to log in on your device needs to provide at least two forms of identification. Forms of ID could include a text message with a one-time code or a fingerprint or face scan in addition to a correct password.
These two devices are grouped because the security features on them are similar. Just like with computers, put your device to sleep every time you walk away from it. It’s much easier and may already be in your routine to hit the sleep button when you put down your cellphone or tablet.
Always put a passcode on your smartphones and tablets. Choose a collection of numbers that do not have an obvious connection to you, such as important birthdays or parts of your phone number. Even if they’re a random assortment, you’ll get the hang of them quickly. Or to make sure only you can enter your phone, set up a facial or fingerprint ID scan. People have several passwords and account combinations they have to remember. To take the guesswork and trial and error of logging in, consider trusting your passwords to a password manager that can remember them for you!
A great mobile phone and tablet habit you should adopt is backing up your files regularly to the cloud. In the event that you lose your device or if someone steals it, at least it’s valuable — and in some cases, priceless — content is safe. You may be able to remotely “brick” your device to keep a stranger from breaking into your accounts. Bricking a device means remotely wiping a connected device and rendering it unusable.
Your router is the gateway to all the connected devices in your home; thus, it’s key to beef up its security. The best way to do so is to make sure that you customize the router name and password to make it different from the factory settings. Always password-protect your home router! Employing password best practices you use for your online accounts and your devices will prevent strangers from hopping onto your network. Another way to keep your Wi-Fi network out of the hands of strangers is to toggle on the setting to not appear to non-users. While it’s fun seeing the quirky names your neighbors choose for their home networks, it’s best to keep yours completely private.
There have been some unsettling reports about cybercriminals commandeering smart home devices and virtual assistant technology. For example, a cybercriminal hacked a homeowner’s virtual assistant and blasted music through the home’s speakers, and turn the heat up to 90 degrees. The key to securing the connected devices that are responsible for your heating and cooling, shopping lists, and even your home security system is to ensure it is connected to a secure router and protected by a strong password.
Also, keep an eye on software updates, which include security upgrades. If you don’t think you have time to manually update software, set up your devices to automatically update. This will give you peace of mind knowing that you have the latest security patches and bug fixes as soon as they are available.
IoT fitness watches and machines are fun additions to your workout routines. In the case of Peloton bikes, they track your heartbeat and location and offer a huge library of classes. However, cybercriminals may be able to track your workouts if they break their way into your fitness devices. The best way to keep your workouts private is to turn off geolocation and make sure you are up to date with all software releases and protect your accounts with strong passwords.
If you’re looking for a tool to put your mind at ease, consider McAfee Total Protection. It includes antivirus and safe browsing software plus a secure VPN. You can be confident that your personal information is safe, thus allowing you to enjoy the full potential of all your devices.
The post How to Secure All Your Everyday Connected Devices appeared first on McAfee Blog.
In a world of contact-free pickup and payments, an old hacker’s trick is getting a new look—phony QR code scams.
QR codes have been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual information in a relatively compact space. In that way, a QR code shares many similarities with a barcode, yet a QR code can hold more than 300 times the data of a barcode.
With the rise of the smartphone, QR codes have taken on more consumer applications. Especially in the latter days of the pandemic in the form of contact-free conveniences. Now, by pointing your smartphone’s camera at a QR code, you can order food at a restaurant, pay for parking, download coupons from the shelf at your drugstore or several other convenient things.
Yet as it is in places where people, devices, and money meet, hackers are there with a scam ready to go. Enter the QR code scam. By pointing your smartphone’s camera at a bogus QR code and giving it a scan, hackers can lead people to malicious websites and commit other attacks on their phones.
The good news is that there are several ways you can spot these scams, along with several other ways you can avoid them altogether, all so you can get the best out of QR code convenience without the hassle.
In several ways, the QR code scam works much like any other phishing attack. With a few added wrinkles, of course.
Classically, phishing attacks use doctored links that pose as a legitimate website in the hopes you’ll follow them to a hacker’s malicious website. Once there, that site is designed to trick you into providing your personal information, credit card numbers, and so forth, perhaps in the context of a special offer or a phony account alert. Likewise, it could send you to a site that simply infects your device with malware.
It’s much the same with a QR code, yet here’s are a couple of big differences:
Aside from appearing in emails, direct messages, in social media ads, and such, there are plenty of other places phony QR codes can show up. Here are a few that have been making the rounds in particular:
Scanning a QR code may open a notification on your smartphone screen to follow a link. Like other phishing-type scams, hackers will do their best to make that link look legitimate. They may alter a familiar company name so that it looks like it could have come from that company. Also, they may use link shorteners that take otherwise long web addresses and compress them into a short string of characters—the trick there being that you really have no way of knowing where it will send you simply by looking at it.
In this way, there’s more to using QR codes than simply “point and shoot.” A mix of caution and eagle-eyed consideration is called for to spot the legitimate uses from the malicious ones.
Luckily some very basic rules about avoiding QR code attacks. The U.S. Better Business Bureau (BBB) has put together a great list that can help. Their advice is right on the mark, which we’ve paraphrased and added to here:
1. Don’t open links or scan QR codes from strangers. Unsolicited messages with these links or codes could lead you to a scam site or access the functionality of your smartphone in unwanted ways.
2. Some scams will appear to come from legitimate sources. Double-check and see if it indeed is. You can check the official website to confirm, such as by accessing your account or contacting a customer service rep to follow up on the communication sent to you.
3. Try alternative payment methods. If you receive a bill with a QR code for payment, see if there’s another way to pay it—such as on the company’s website or simply through online bill pay to their known, legitimate address. These are less susceptible to fraud. Likewise, check to see if the requested payment is legitimate in the first place.
4. Think twice about following shortened links. As mentioned above, shortened links can be a shortcut to a malicious website. This can particularly be the case with unsolicited communications. And it can still be the case with a friend or family member if their device or account has been hacked.
5. If someone you know sends you a QR code, also confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.
6. Watch out for tampering. Hackers have been known to stick their own QR codes over legitimate ones. If you see any sign of altering or placement that looks slapdash, don’t give that code a scan.
7. Install mobile security. Comprehensive online protection software can protect your mobile devices as well as your computers and laptops. In this case, it can detect bad links associated with QR codes and steer you clear of accessing the malicious sites and downloads associated with them.
QR codes have made transactions smoother and accessing helpful content on our phones much quicker, especially in recent months as they’ve seen an uptick in use. And useful as they are like other means of paying or browsing online, keep an eye open when using them. With this advice as a guide, if something doesn’t feel right, keep your smartphone in your pocket and away from that QR code.
The post Be on the Lookout for a New Wave of QR Code Scams appeared first on McAfee Blog.
It’s safe to say that many Americans are obsessed with Squid Game. According to Business Insider, the Korean drama series has driven the newest engagers to a Netflix title of any Netflix series over the last three years. And while word-of-mouth buzz has played a big part in the show’s success, TV watchers aren’t the only ones taking note. Cybercriminals are also formulating ways to profit off the show’s popularity. According to the New York Post, a malicious app based on Squid Game was recently found on the Google Play Store, infecting users’ devices with malware.
The app in question, called “Squid Game Wallpaper 4K HD,” was one of the 200 Squid Game-related apps on the Google Play Store. This particular app masqueraded as a place to download cool Squid Game backgrounds for Android devices. However, once a user downloaded the app, it infected their smartphone with a strain of Joker malware. Joker malware is a type of billing fraud malware that usually disguises itself as a messenger, photo editor, camera, or in this case, wallpaper apps.
You may wonder how an app like this even ends up on a legitimate app purchasing store. In order to bypass Google Play’s app review process, Joker malware hides its malicious payload during the review process. This means that when the app is published in the Google Play Store, there’s no sign of malware. It’s only when a user installs the app that the malware downloads the malicious payload. Once the malware successfully installs itself, it secretly signs the user up for premium subscriptions, intercepts all their SMS messages, and can upload all their contacts to the malware operators.
The “Squid Game Wallpaper 4K HD” app received 5,000 downloads before it was removed from the Google Play Store. It’s likely that cybercriminals will continue to use the show’s popularity to exploit its fans and make a profit, whether that be through malicious apps disguised as a place where viewers can watch the show or fraudulent websites selling Squid Game merchandise. But fear not! There are steps you can take to help ensure that you steer clear of malware:
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe, third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. However, cybercriminals have found ways to work around Google and Apple’s review process (such as with “Squid Game Wallpaper 4K HD”), but the chances of downloading a safe app from these stores are far greater than anywhere else. Additionally, Google and Apple are quick to remove malicious apps once discovered.
Before you download a new app, do some quick research. Check out the developer. Have they published several other apps with many downloads and good reviews? A legit app typically has several reviews, whereas malicious apps may have only a handful of fake five-star reviews. Lastly, look for typos and grammatical errors in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Certain types of malware strains operate stealthily behind the scenes, commandeering login credentials or banking information right under a user’s nose. Check your accounts every so often and if you notice any suspicious activity, report it and change your passwords. You can also use ID monitoring tools, which will notify you of uncharacteristic changes or actions.
Just like you secure your computers and laptops, it’s important to secure the minicomputer in your pocket—your smartphone! For the strongest protection, use comprehensive security software that shields your device from malware and risky websites, links, and files. With a few key steps, you can boost your confidence in the safety of your devices and personal information and enjoy your favorite binge-worthy shows to the fullest!
The post Squid Game App or Mobile Malware in Disguise? appeared first on McAfee Blog.
The malware landscape is growing more complex by the minute, which means that no device under your family’s roof—be it Android, iPhone, PC, or Mac—is immune to an outside attack. This reality makes it possible that one or more of your devices may have already been infected. But would you know it?
According to 2021 statistics from the Identity Theft Resource Center (ITRC), the number of data breaches reported has soared by 17 percent over last year. In addition, as reported by McAfee, cybercriminals have been quick to take advantage of the increase in pandemic connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware, and more. With Black Friday and Cyber Monday now at hand, we can count on even more new threats.
Often, if your device has been compromised, you know it. Things get wonky. However, with the types of malware and viruses now circulating, there’s a chance you may not even realize it. The malware or virus may be working in the background sending usage details or sensitive information to a third party without disrupting other functions. So, be on the lookout for these tell-tale signs.
If you discover a family device has been compromised, there are several things you can do. 1) Install security software that will help you identify the malware so you can clean your device and protect yourself in the future. 2) Delete any apps you didn’t download, delete risky texts, delete browsing history and empty your cache. 3) In some situations, malware warrants that you wipe and restore your device (Apple or Android) to its original settings. Before doing so, however, do your research and be sure you’ve backed up any photos and critical documents to the cloud. 4) Once you’ve cleaned up your devices, be sure to change your passwords.
The surge in malware attacks brings with it a clear family mandate that if we want to continue to live and enjoy the fantastic benefits of a connected life, we must also work together at home to make online safety and privacy a daily priority.
The post 5 Signs Your Device May be Infected with Malware or a Virus appeared first on McAfee Blog.
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.
Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts.
Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently.
First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc.
Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A cybercriminal, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more.
SIM swapping was especially relevant right after the T-Mobile data breach.1 Cybercriminals stole millions of phone numbers and the users’ associated personal details. Criminals could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts.
The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.
Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider.
Check out these tips to keep your device and personal information safe from SIM swapping.
With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee Identity Protection Service. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities.
1“T-Mobile data breach and SIM-swap scam: How to protect your identity”
The post What Is SIM Swapping? 3 Ways to Protect Your Smartphone appeared first on McAfee Blog.
How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go.
This trend in the way we connect is reflected in recent data too. In fact, we’ve found that the average consumer spends 6 hours and 55 min online per day, split between mobile (52%) and desktop (48%). Whether you’re a Boomer, Gen X, a Millennial, or Gen Z, the way you connect online is diverse and specific to you.
As for what we’re doing online? It’s just about everything. After all, we spend an average of 7 hours per day on connected devices and the pandemic has forced us to do even more online. The downside to this rapid change in the way we live is that we are opening ourselves up to more risk which leaves consumers feeling highly concerned about their ability to keep their personal info secure or private. We need new protection for this new normal.
What all these changes mean is that you’re able to have the same online experience regardless of where you are, what you’re doing, or what device you’re using. Your favorite streaming service is a great example – you can just as easily find a movie on a tablet as you can on your laptop. In fact, you can pause the movie you’re watching on that tablet and pick up where you left off on your laptop. Your experience with online security should offer the same convenience and familiarity. More importantly, online protection should give you a feeling of confidence however or wherever you choose to connect.
This means knowing your personal info is secure even when accessing an unsecured network, your browsing habits remain private, and you can take necessary actions should your information be compromised. To put it another way, YOU are what we’re focused on protecting and we do that by making sure everything you connect with is also secure.
A phone is the remote control for your life. From the palm of your hand, you’re able to shop, browse, stream, and create – everything you do online you can now do from your phone. So, it’s crucial that your phone be a major focus of our online protection. The new mobile app makes it easier to get robust protection for your identity, privacy, and phone. Let’s look at a few of the capabilities offered by the new mobile app.
Think about all the online accounts you’ve created in the past year. How many of them do you use regularly? Sometimes I think I have more food delivery apps on my phone than I do restaurants to use them on. Regardless of how often you use an account (or if you no longer use it at all!), any personal information (like emails, addresses, credit cards) added to it is available online and vulnerable to breaches. McAfee Security comes with identity protection, a feature that monitors your personal information and then notifies you when there’s a risk of your data being compromised. What this means is that if we detect that your data was stolen, you’ll be alerted an average of 10 months earlier than similar services, so you can act before your data is used illegally or shows up on the dark web.
Let’s say you’re about to use the free internet at your favorite café for a speedier connection. Time to flip on your virtual private network (VPN). Forget about digging through a sea of menus to find your VPN. The new mobile app offers a seamless VPN experience so you can keep your activity hidden on less-than-secure Wi-Fi. Or, better yet, you can set up a Secure VPN to automatically turn on for unsecured Wi-Fi networks. Whatever you choose, Secure VPN keeps your personal data and location private anywhere you go with unlimited data and bank-grade Wi-Fi encryption.
At the end of the day, phones are devices and they’re vulnerable to viruses, malware, and, increasingly, malicious apps. The new McAfee Mobile app offers an antivirus scan for Android phones and system scans to see if your passcode is strong enough and that your OS is up to date on iOS devices.
Most importantly, the app is part of McAfee’s total online protection, so the experience on your phone is the same as on your PC. It’s protection that goes where you go – at home on your PC, or on the go with your mobile.
If you’re an existing McAfee subscriber using McAfee Total Protection or McAfee LiveSafe, you can get the app right now. And, if you’ve already got the app installed, just make sure it’s up-to-date and you’ll be all set with the new look and features.
Interested in trying the app out? You can buy or get a free trial of McAfee Total Protection here and get started today.
The post Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. appeared first on McAfee Blog.
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. Learn how to protect your smartphone with McAfee Mobile Security
Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically.
Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem.
Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat.
If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.
The convenience of tapping your phone at the cash register instead of fumbling for loose change in your physical wallet is undeniable. Nearly 40% of Canadians used their mobile wallets more often in 2020 because of the perceived safety of contactless payment, according to one report.1 While digital wallets and tap to pay is becoming more widespread, you may wonder: what exactly is a digital wallet? Are they safe?
A digital wallet, also known as a mobile wallet, is a smartphone app that stores your payment information and enables tap to pay at most point-of-sale terminals. A digital wallet is perfectly safe, as long as you guard your smartphone just as closely as you would your physical wallet.
Here’s why you should secure your digital wallet and three tips to help you do so.
Think about what you store in your physical wallet: credit cards, debit cards, driver’s license, library cards, gift cards, cash. Now, imagine (or if you’ve been unlucky enough to lose your wallet in the past, think back to) the hassle that would ensue if someone stole your wallet or you misplaced it. Not only do you have to cancel your cards, notify your various banks, and wait for replacements, but the niggling worry that a stranger has access to your personally identifiable information (PII) will likely keep you up at night.
Just like you store your wallet in your front pocket when about town and check your seat before leaving a taxi or a plane, look after your smartphone just as closely. Unlike a physical wallet, whose absence is noticed quickly, a digital wallet may be compromised by a cyber pickpocket without you knowing for a while. For example, the BBC reported that researchers found a potential shortcoming in Apple Pay’s Express Transit mode where cyber pickpockets could remotely access mobile wallets.2 Luckily, the researchers’ experiment is unlikely to occur in the real world, but it’s a reminder to everyone to check their monthly bank statements for suspicious transactions. Cybercriminals get smarter and bolder by the day, so it’s not unlikely that they’ll find and exploit a digital wallet shortcoming in the future.
Follow these tips to help you use your digital wallet more confidently.
Always protect your digital wallet with a passcode! This is the best and easiest way to deter cybercriminals. It’s best if this combination of numbers is different than the passcode to your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.
Better yet, if your mobile wallet app allows you to protect your account with facial recognition or a fingerprint scan, set it up! If your digital wallet proves difficult or impossible to enter, a cybercriminal may leave it for an easier target, keeping your PII safe.
Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.
Before you swap your plastic cards for digital payment methods, make sure you research the digital banking app before downloading. Make sure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has to make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always best practice to check for typos, blurry logos, and unprofessional app descriptions to make sure.
The digital era is an exciting time to make the most of the conveniences technology affords; however, constant vigilance is key to keeping your finances and PII private. Whether you’re looking for additional peace of mind or have lost your wallet, consider signing up for an identity monitoring service like McAfee identity protection. McAfee will monitor your email addresses and bank accounts and alert you to suspicious activities up to 10 months sooner than similar services. Are you curious about how secure your current online habits are? Check your Security Protection Score today and see what steps you can take to live more confidently online.
1Canadian Payment Methods and Trends Report 2021
The post How to Secure Your Digital Wallet appeared first on McAfee Blog.
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see.
Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level that they carry into adulthood, which is one of the several findings we uncovered in our global survey of parents, tweens, and teens this year.
So, what are tweens and teens up to on their mobile devices as they mature? And where do their parents fit in? We asked parents and kids alike. What we found gives us a look into the mobile lives of tweens and teens behind their lock screens.
For starters, parents and their kids alike say that their mobile device is the most important one in their life. Parents placed mobile in their top two with their mobile device or smartphone at 59% followed their computer or laptop at 42%. Tweens and teens put their mobile device or smartphone at the top of the list as well, yet at a decisive 74% worldwide, followed by their gaming console at 68%.
“Parents and their kids alike say that their mobile device is the most important thing in their life.”
Further, tweens and teens place a higher value on their smartphones to keep them connected with friends and family. Some 59% of parents said mobile was essential in this role, whereas tweens and teens put that figure at 64%. For parents, the runner-up device for keeping connected was the computer or laptop at 42%.
Yet quite interestingly, tweens and teens said their second-most important device for keeping connected with others is their gaming console, at 40%, perhaps indicating gaming’s role in creating and fostering friendships today. Of course, plenty of that gaming is happening on mobile as well, with half of all tweens and teens surveyed worldwide saying that they play games on their smartphones.
Broadly speaking, the activities kids do on their phones match up closely with what their parents think they’re doing on their phones. Yet there’s a fair share of secretive activity that happens within that.
Regarding general activity, parents and their tween- and teen-aged children worldwide see eye to eye when it comes to what parents think are their kids’ favorite activities on mobile are and what kids say they actually are:
However, and perhaps unsurprisingly, tweens and teens say they’ve kept some the things they’re watching, browsing, and streaming from their parents. When asked if they sometimes hide specific online activity from their parents, 59% of tweens and teens worldwide said they have done so in some form or other, including:
Worldwide, monitoring apps rank relatively low when it comes to parents keeping tabs on their children’s mobile usage. Use of parental controls software on smartphones came in at a 27% global average, with India (37%) and France (33%) leading the way, while Japan fell on the low end (12%).
Largely, parents appear to take up this work themselves, citing several other ways they take charge of their children’s time online:
Consistent with other research we recently gathered, families are relying on mobile more and more, yet this hasn’t seen an increase in mobile protection for the smartphones they count on.
Our research published in early 2011 found double-digit increases in mobile activities such as online banking, shopping, finances, and doctor visits, all of which can generate high-value data that are attractive to hackers and cybercriminals. Despite this newfound reliance on mobile, many smartphones worldwide remain unprotected. Children’s phones are less protected than their parents’ phones as well.
Taken together, these security lapses can lead to downloaded malware, data and identity theft, illicit crypto mining apps on the device, and other attacks that can put children and families at risk. For a deeper dive, you can view the full report.
Misconceptions about online protection may play a role in these lax measures. This survey found that 49% of parents think a new phone is more secure than a new computer, and 59% of tweens and teens thought the new phone was more secure—both denying the reality that smartphones, and the people using them, are subject to hacks and attacks just like with any other device that connects to the internet.
Amid this climate, more than 1/3 of families reported that a child in their household had been the victim of a financial information leak and 15% stated that there’d been an attempt to steal a child’s online account or identity. With smartphones providing children with a major onramp to the internet, it follows that stronger mobile security could help prevent such attacks from happening.
Protecting mobile devices and the family members who count on them takes on further importance when we consider that children in some nations rely heavily on their smartphones for online learning.
Although using mobile for online learning was relatively low globally at 23%, parents and children in three nations reported a high rate of attending classes and courses on mobile—with India at 54%, Mexico at 42%, and Brazil at 39%, once again posing the possibility that mobile offers many children the most reliable broadband connection required for such instruction. In other words, there are households where broadband comes by way of mobile, rather than a cable or fiber connection.
Meanwhile, other nations saw significantly lower figures for online learning on mobile, such as Germany at 7%, France at 8%, and Japan at 11%. The U.S., Canada, and the UK all reported rates of 17%.
“With smartphones providing children as a major onramp to the internet, it follows that stronger mobile security could prevent such attacks from happening”
Something we’ve yet to mention here is how much online shopping and banking kids are doing on their mobile devices. No question, tweens and teens are doing those things too at a global rate of 25% and 12% across all age groups respectively. Not surprisingly, those numbers climb as teens approach adulthood. This serves as a reminder that our children are maturing hand-in-hand with their smartphones, which asks a few things of us as parents as they grow and adjust to their mobile world.
As with all things parenting, there are moments of where you have a sense of what’s right for you and your child, yet you’re uncertain how to act on it. That’s definitely the case with smartphones and the internet in general. Despite having grown up alongside the internet over the course of our adult lives, we can still have plenty of questions. New ones. Old ones. Ones we weren’t even aware of until they cropped up.
With that, we’re glad you’re dropping by our blog. And you’re more than invited to visit whenever you can. A big focus of ours is providing you, as a parent, with resources that answer your questions, in addition to articles about online protection in general that simply make for good reading. Our aim is to help you think about what’s best for your family and give you some ideas about how you can see that through, particularly as our children grow in this mobile world of ours.
The post A Look Beyond Their Lock Screens: The Mobile Activity of Tweens and Teens appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent report. That means for as much wearable tech as we have in our lives already, even more, is on the way.
If you own a piece of wearable tech it’s easy to understand why it’s so popular. After all, it can track our fitness, provide contextual help in daily life, and, in the case of hearing aids, even do cool things like sync with Bluetooth. As VR and AR gains a foothold who knows what other incredible tech might be headed our way by 2028? However wearable tech also comes with certain risks. The most prominent: cybercriminals potentially gaining access to your data.
The weakest link in the wearables space is your mobile phone, not the actual wearable device itself. That’s because wearables tend to link to your mobile device over a short-range wireless spectrum known as “Bluetooth.” This spectrum is used to send and receive data between your wearable device and your mobile. That makes your mobile a prime target for hackers.
Most commonly, hackers gain access to the data on your mobile through malware-laden apps. These apps are oftentimes designed to look like popular apps, but with enough differences that they don’t flag copyright suspicion.
Hackers can use these malicious apps to do a variety of things from making phone calls without your permission, sending and receiving texts, and extracting personal information—all potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.
The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.
These types of threats aren’t limited to wearables, however. The Internet of Things—the phenomenon of devices connected to the Internet for analysis and optimization—encompasses all sorts of other electronic devices such as washing machines and refrigerators that can put your data at risk as well. But these life-changing devices can be secured through education and industry standards. Two things we’re working on day and night.
Of course, securing the weakest link in your wearables environment, your phone will go a long way towards keeping your data safe. But what happens when your computer, where you store backups of your smartphone, is compromised too? We’ve got you covered with McAfee LiveSafe service, our comprehensive security solution that provides protection for your entire online life.
The post The Wearable Future Is Hackable. Here’s What You Need To Know appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
Imagine – your favorite brand on Instagram just announced a giveaway. You’ll receive a free gift! All you have to do is provide your credit card information. Sounds easy, right? This is a brand you’ve followed and trusted for a while now. You’ve engaged with them and even purchased some of their items. The link comes directly from their official page, so you don’t think to question it.
This is the same mindset that led to several Bored Ape Yacht Club (BAYC) NFTs being stolen by a cybercriminal who had hacked into the company’s official Instagram account. Let’s dive into the details of this scam.
Bored Ape Yacht Club, the NFT collection, disclosed through Twitter that their Instagram account had been hacked, and advised users not to click on any links or link their crypto wallets to anything. The hacker managed to log into the account and post a phishing link promoting an “airdrop,” or a free token giveaway, to users who connected their MetaMask wallets. Those who linked their wallets before BAYC’s warning lost a combined amount of over $1 million in NFTs.
Despite the large price tag attached to NFTs, they are often held in smartphone wallets rather than more secure alternatives. MetaMask, the crypto wallet application, only allows NFT display through mobile devices and encourages users to use the smartphone app to manage them. While it may be a good method for display purposes, this limitation provides hackers with a new and effective way to easily steal from users’ mobile wallets.
BAYC does not yet know how the hacker was able to gain access to their Instagram account, but they are following security best practices and actively working to contact the users affected.
This scam was conducted through the official BAYC account, making it appear legitimate to BAYC’s followers. It is incredibly important to stay vigilant and know how to protect yourself and your assets from scams like these. Follow the tips below to steer clear of phishing scams and keep your digital assets safe:
A seed phrase is the “open sesame” to your cryptocurrency wallet. The string of words is what grants you access to all your wallet’s assets. Ensuring that your seed phrase is stored away safely and not easily accessible by anyone but yourself is the first step to making sure your wallet is secure.
With all transactional and wallet data publicly available, scammers can pick and choose their targets based on who appears to own valuable assets. To protect your privacy and avoid being targeted, refrain from sharing your personal information on social media sites or using your NFT as a social media avatar.
Phishing scams targeting NFT collectors are becoming increasingly common. Be wary of any airdrops offering free tokens in exchange for your information or other “collectors” doing the same.
Phishing scams tend to get more sophisticated over time, especially in cases like the Bored Ape Yacht Club where the malicious links are coming straight from the official account. It is always best to remain skeptical and cautious, but when in doubt, here are some extra tips to spot phishing scams:
As crypto and NFTs continue to take the world by storm, hackers and scammers are constantly on the prowl for ways to steal and deceive. No matter the source or how trustworthy it may seem at first glance, always exercise caution to keep yourself and your assets safe!
The post Instagram Hack Results in $1 Million Loss in NFTs appeared first on McAfee Blog.
Imagine – your favorite brand on Instagram just announced a giveaway. You’ll receive a free gift! All you have to do is provide your credit card information. Sounds easy, right? This is a brand you’ve followed and trusted for a while now. You’ve engaged with them and even purchased some of their items. The link comes directly from their official page, so you don’t think to question it. Don’t fall prey to crypto scams, download reputable mobile security protection.
This is the same mindset that led to several Bored Ape Yacht Club (BAYC) NFTs being stolen by a cybercriminal who had hacked into the company’s official Instagram account. Let’s dive into the details of this scam.
Bored Ape Yacht Club, the NFT collection, disclosed through Twitter that their Instagram account had been hacked, and advised users not to click on any links or link their crypto wallets to anything. The hacker managed to log into the account and post a phishing link promoting an “airdrop,” or a free token giveaway, to users who connected their MetaMask wallets. Those who linked their wallets before BAYC’s warning lost a combined amount of over $1 million in NFTs.
Despite the large price tag attached to NFTs, they are often held in smartphone wallets rather than more secure alternatives. MetaMask, the crypto wallet application, only allows NFT display through mobile devices and encourages users to use the smartphone app to manage them. While it may be a good method for display purposes, this limitation provides hackers with a new and effective way to easily steal from users’ mobile wallets.
BAYC does not yet know how the hacker was able to gain access to their Instagram account, but they are following security best practices and actively working to contact the users affected.
This scam was conducted through the official BAYC account, making it appear legitimate to BAYC’s followers. It is incredibly important to stay vigilant and know how to protect yourself and your assets from scams like these. Follow the tips below to steer clear of phishing scams and keep your digital assets safe:
A seed phrase is the “open sesame” to your cryptocurrency wallet. The string of words is what grants you access to all your wallet’s assets. Ensuring that your seed phrase is stored away safely and not easily accessible by anyone but yourself is the first step to making sure your wallet is secure.
With all transactional and wallet data publicly available, scammers can pick and choose their targets based on who appears to own valuable assets. To protect your privacy and avoid being targeted, refrain from sharing your personal information on social media sites or using your NFT as a social media avatar.
Phishing scams targeting NFT collectors are becoming increasingly common. Be wary of any airdrops offering free tokens in exchange for your information or other “collectors” doing the same.
Phishing scams tend to get more sophisticated over time, especially in cases like the Bored Ape Yacht Club where the malicious links are coming straight from the official account. It is always best to remain skeptical and cautious, but when in doubt, here are some extra tips to spot phishing scams:
As crypto and NFTs continue to take the world by storm, hackers and scammers are constantly on the prowl for ways to steal and deceive. No matter the source or how trustworthy it may seem at first glance, always exercise caution to keep yourself and your assets safe!
The post Instagram Hack Results in $1 Million Loss in NFTs appeared first on McAfee Blog.
While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.
This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.
Every year surveys find that the most popular passwords are as simple as “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.
When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.
Tricks:
Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.
Tricks:
If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.
Tricks:
If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.
Tricks:
Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.
Tricks:
The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blog.
Authored by Jyothi Naveen and Kiran Raj
McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass spam E-mail campaigns and generally invoke urgency, fear, or similar emotions, leading unsuspecting users to promptly open them. The purpose of these spam operations is to deliver malicious payloads to as many people as possible.
A recent spam campaign was using malicious word documents to download and execute the Ursnif trojan. Ursnif is a high-risk trojan designed to record various sensitive information. It typically archives this sensitive data and sends it back to a command-and-control server.
This blog describes how attackers use document properties and a few other techniques to download and execute the Ursnif trojan.
The malware arrives through a phishing email containing a Microsoft Word document as an attachment. When the document is opened and macros are enabled, Word downloads a DLL (Ursnif payload). The Ursnif payload is then executed using rundll32.exe
Macros are disabled by default and the malware authors are aware of this and hence present an image to entice the victims into enabling them.
Analyzing the sample statically with ‘oleId’ and ‘olevba’ indicates the suspicious vectors..
The VBA Macro is compatible with x32 and x64 architectures and is highly obfuscated as seen in Figure-5
To get a better understanding of the functionality, we have de-obfuscated the contents in the 2 figures shown below.
An interesting characteristic of this sample is that some of the strings like CLSID, URL for downloading Ursnif, and environment variables names are stored in custom document properties in reverse. As shown in Figure-7, VBA function “ActiveDocument.CustomDocumentProperties()” is used to retrieve the properties and uses “StrReverse” to reverse the contents.
We can see the document properties in Figure-8
The malicious macro retrieves hidden shellcode from a custom property named “Company” using the “cdec” function that converts the shellcode from string to decimal/hex value and executes it. The shellcode is shown below.
The shellcode is written to memory and the access protection is changed to PAGE_EXECUTE_READWRITE.
After adding the shellcode in memory, the environment variable containing the malicious URL of Ursnif payload is created. This Environment variable will be later used by the shellcode.
The shellcode is executed with the use of the SetTimer API. SetTimer creates a timer with the specified time-out value mentioned and notifies a function when the time is elapsed. The 4th parameter used to call SetTimer is the pointer to the shellcode in memory which will be invoked when the mentioned time is elapsed.
The shellcode downloads the file from the URL stored in the environmental variable and stores it as ” y9C4A.tmp.dll ” and executes it with rundll32.exe.
| URL | hxxp://docmasterpassb.top/kdv/x7t1QUUADWPEIQyxM6DT3vtrornV4uJcP4GvD9vM/ |
| CMD | rundll32 “C:\Users\user\AppData\Local\Temp\y9C4A.tmp.dll”,DllRegisterServer |
After successful execution of the shellcode, the environment variable is removed.
| TYPE | VALUE | PRODUCT | DETECTION NAME |
| Main Word Document | 6cf97570d317b42ef8bfd4ee4df21d217d5f27b73ff236049d70c37c5337909f | McAfee LiveSafe and Total Protection | X97M/Downloader.CJG |
| Downloaded dll | 41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547 | McAfee LiveSafe and Total Protection | Ursnif-FULJ |
| URL to download dll | hxxp://docmasterpassb.top/kdv/x7t1QUUADWPEIQyxM6DT3vtrornV4uJcP4GvD9vM/ | WebAdvisor | Blocked |
| Technique ID | Tactic | Technique Details | Description |
| T1566.001 | Initial Access | Spear phishing Attachment | Manual execution by user |
| T1059.005 | Execution | Visual Basic | Malicious VBA macros |
| T1218.011 | Defense Evasion | Signed binary abuse | Rundll32.exe is used |
| T1027 | Defense Evasion | Obfuscation techniques | VBA and powershell base64 executions |
| T1086 | Execution | Powershell execution | PowerShell command abuse |
Macros are disabled by default in Microsoft Office applications, we suggest keeping it that way unless the document is received from a trusted source. The infection chain discussed in the blog is not limited to Word or Excel. Further threats may use other live-off-the-land tools to download its payloads.
McAfee customers are protected against the malicious files and sites detailed in this blog with McAfee LiveSafe/Total Protection and McAfee Web Advisor.
The post Phishing Campaigns featuring Ursnif Trojan on the Rise appeared first on McAfee Blog.
Authored by Dexter Shin
McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are not satisfied with the default functions provided by Instagram. Various Instagram modification application already exists for those users on the Internet. The new malware we found pretends to be a popular mod app and steals Instagram credentials.
Instander is one of the famous Instagram modification applications available for Android devices to help Instagram users access extra helpful features. The mod app supports uploading high-quality images and downloading posted photos and videos.
The initial screens of this malware and Instander are similar, as shown below.
Figure 1. Instander legitimate app(Left) and Mmalware(Right)
Next, this malware requests an account (username or email) and password. Finally, this malware displays an error message regardless of whether the login information is correct.
Figure 2. Malware requests account and password
The malware steals the user’s username and password in a very unique way. The main trick is to use the Firebase API. First, the user input value is combined with l@gmail.com. This value and static password(=kamalw20051) are then sent via the Firebase API, createUserWithEmailAndPassword. And next, the password process is the same. After receiving the user’s account and password input, this malware will request it twice.
Since we cannot see the dashboard of the malware author, we tested it using the same API. As a result, we checked the user input value in plain text on the dashboard.
According to the Firebase document, createUserWithEmailAndPassword API is to create a new user account associated with the specified email address and password. Because the first parameter is defined as email patterns, the malware author uses the above code to create email patterns regardless of user input values.
It is an API for creating accounts in the Firebase so that the administrator can check the account name in the Firebase dashboard. The victim’s account and password have been requested as Firebase account name, so it should be seen as plain text without hashing or masking.
As an interesting point on the network traffic of the malware, this malware communicates with the Firebase server in Protobuf format in the network. The initial configuration of this Firebase API uses the JSON format. Although the Protobuf format is readable enough, it can be assumed that this malware author intentionally attempts to obfuscate the network traffic through the additional settings. Also, the domain used for data transfer(=www.googleapis.com) is managed by Google. Because it is a domain that is too common and not dangerous, many network filtering and firewall solutions do not detect it.
As mentioned, users should always be careful about installing 3rd party apps. Aside from the types of malware we’ve introduced so far, attackers are trying to steal users’ credentials in a variety of ways. Therefore, you should employ security software on your mobile devices and always keep up to date.
Fortunately, McAfee Mobile Security is able to detect this as Android/InstaStealer and protect you from similar threats. For more information visit McAfee Mobile Security
SHA256:
The post Instagram credentials Stealer: Disguised as Mod App appeared first on McAfee Blog.
FreshRSS 