FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdayMcAfee Blogs

Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You

By McAfee

It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.

Watch out for SMSishing Hooks

If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.

While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:

  1. Always double-check the message’s source. If you receive a text from your bank or credit card company, call the organization directly to ensure the message is legit.
  2. Delete potential SMSishing Do not reply to or click on any links within a suspected malicious text, as that could lead to more SMSishing attempts bombarding your phone.
  3. Invest in comprehensive mobile security. Adding an extra level of security can not only help protect your device but can also notify you when a threat arises.

Public Wi-Fi Woes  

Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:

  1. Look for password-protected networks. As strange as it sounds, if you purposely enter the incorrect password but are still allowed access, the network is most likely a fraud.
  2. Pay attention to page load times. If the network you are using is very slow, it is more likely a cybercriminal is using an unreliable mobile hotspot to connect your mobile device to the web.
  3. Use a virtual private network or VPN. While you’re on-the-go and using public Wi-Fi, add an extra layer of security in the event you accidentally connect to a malicious network. VPNs can encrypt your online activity and keep it away from prying eyes. 

Malicious Apps: Fake It till They Make It

Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.

In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:

  1. Check for typos and poor grammar. Always check the app developer name, product title, and description for typos and grammatical errors. Often, malicious developers will spoof real developer IDs, even just by a single letter or number, to seem legitimate.
  2. Examine the download statistics. If you’re attempting to download a popular app, but it has a surprisingly low number of downloads, that is a good indicator that an app is most likely fake.
  3. Read the reviews. With malicious apps, user reviews are your friend. By reading a few, you can receive vital information that can help you determine whether the app is fake or not.

The Sly Operation of Grayware

With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:

  1. Be sure to update your device. Grayware looks for vulnerabilities that can be exploited, so be sure to always keep your device’s software up-to-date.
  2. Beware of rogue apps. As mentioned in the previous section, fake apps are now a part of owning a smartphone. Use the tips in the above section to ensure you keep malicious apps off of your device that may contain grayware.
  3. Consider a comprehensive mobile security system. By adding an extra level of security, you can help protect your devices from threats, both old and new.

 

The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.

Phony Valentines: Online Dating Scams and How to Spot Them

By McAfee

For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets. 

According to the U.S. Federal Trade Commission (FTC), the reported costs of online romance scams jumped 50% from 2019 to 2020, to the tune of $304 million. And that’s not entirely because 2020 was a pandemic year. From 2016 to 2020, the volume of reported cases tripled, while reported losses nearly quadrupled. Over that period, online romance scams are not only becoming more common, but they’re also becoming more costly.

 

How do online dating and romance scams get started? 

Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.  

With that initial introduction made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in, often involving their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working with an international organization, or working in the sort of jobs that would prevent them from otherwise easily meeting up in person. 

With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay: 

  • For a plane ticket or other travel expenses. 
  • For medical expenses. 
  • Customs fees to retrieve something. 
  • Gambling debts. 
  • A visa or other official travel documents. 

The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help. 

Common types of online dating scams 

People who have filed fraud reports say they’ve paid their scammer in a few typical ways.  

One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge. 

Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all. 

One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.  

In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends. 

How Do You Avoid Getting Tangled Up in an Online Dating or Romance Scam? 

When it comes to meeting new people online, the FTC suggests the following: 

  • Never send money or gifts to someone you haven’t met in person—even if they send you money first. 
  • Talk to someone you trust about this new love interest. It can be easy to miss things that don’t add up. So pay attention if your friends or family are concerned. 
  • Take the relationship slowly. Ask questions and look for inconsistent answers. 
  • Try a reverse-image search of any profile pictures the person uses. If they’re associated with another name or with details that don’t match up, it’s a scam. 

Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up. 

Protecting Yourself Further From Scams on Your Social Media Accounts 

As mentioned above, some romance scammers troll social media and reach out through a direct message or friend request. With that, there are three things you can do to cut down your chances of getting caught up with a scammer: 

1. Go private

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit. 

2. Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests. 

3. Protect yourself and your devices

Security software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must. 

Put an End to it 

If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel. 

Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud 

If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.  

Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too. 

The post Phony Valentines: Online Dating Scams and How to Spot Them appeared first on McAfee Blog.

❌