Category Archives: data protection

3 Tips Venmo Users Should Follow to Keep Their Transactions Secure

You’ve probably heard of Venmo, the quick and convenient peer-to-peer mobile payments app. From splitting the check when eating out with friends to dividing the cost of bills, Venmo is an incredibly easy way to share money. However, users’ comfort with the app can sometimes result in a few negligent security practices. In fact, computer science student Dan Salmon recently scraped seven million Venmo transactions to prove that users’ public activity can be easily obtained if they don’t have the right security settings flipped on. Let’s explore his findings.

By scraping the company’s developer API, Salmon was able to download millions of transactions across a six-month span. That means he was able to see who sent money to who, when they sent it, and why – just as long as the transaction was set to “public.” Mind you, Salmon’s download comes just a year after that of a German researcher, who downloaded over 200 million transactions from the public-by-default app last year.

These data scrapes, if anything, act as a demonstration. They prove to users just how crucial it is to set up online mobile payment apps with caution and care. Therefore, if you’re a Venmo or other mobile payment app user, make sure to follow these tips in order to keep your information secure:

  • Set your settings to “private” immediately. Only the sender and receiver should know about a monetary transaction in the works. So, whenever you go to send money on Venmo or any other mobile payment app, make sure the transaction is set to “private.” For Venmo users specifically, you can flip from “public” to “private” by just toggling the setting at the bottom right corner of main “Pay or Request” page.
  • Limit the amount of data you share. Just because something is designed to be social doesn’t mean it should become a treasure trove of personal data. No matter the type of transaction you’re making, always try to limit the amount of personal information you include in the corresponding message. That way, any potential cybercriminals out there won’t be able to learn about your spending habits.
  • Add on extra layers of security. Beyond flipping on the right in-app security settings, it’s important to take any extra precautions you can when it comes to protecting your financial data. Create complex logins to your mobile payment apps, participate in biometric options if available, and ensure your mobile device itself has a passcode as well. This will all help ensure no one has access to your money but you.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 3 Tips Venmo Users Should Follow to Keep Their Transactions Secure appeared first on McAfee Blogs.

Understand the Gramm-Leach-Bliley Act

When it comes to data protection acts, the Gramm-Leach-Bliley Act is one of the more important ones to understand. Also known as the Financial Modernization Act of 1999, it is a United States federal law that requires financial institutions to document and explain how they protect the personal data of their consumers. In order to be compliance with the Gramm-Leach-Bliley Act, they have to explain to their customers how their data is being shared and used. They also have to provide a way for customers to opt out if they don’t want their sensitive personal data shared to third-party providers. Financial institutions should also apply specific protections for their customer’s personal data based on a written information security plan created by the institution.

The main implications of GLBA compliance is outlined by the Safeguards Rule. The Privacy of Consumer Financial Information Rule provides additional requirements. GLBA compliance is enforced by the FTC, along with federal banking agencies, other federal regulatory authorities, and state insurance oversight agencies.

Gramm-Leach-Bliley Act Benefits

GLBA compliance provides several benefits for a financial institution. First, it lowers the risk of penalties or damage to their reputation due to unauthorized sharing of their customer’s private data. Other benefits include:

  • Customer’s private information should be secured from unauthorized access.
  • Activities of users should be tracked, which includes accessing protected records and data.
  • All sharing of private information should be shared to customers, whether it is with other financial institutions or third-party providers. An opt-out option should also be present.

Compliance with the Gramm-Leach-Bliley Act protects the consumers, which leads to reliability with the financial institution. They gain a certain assurance that they can trust the financial institution with their data and will continue to patronize their services.

How Gramm-Leach-Bliley Act Compliance Works

The Gramm-Leach-Bliley Act focuses on the security for Non-public Personal Information, or NPI, which includes social security numbers, bank account numbers, credit history, phone numbers, physical addresses, names, and any other personal data received by the financial institution from the customer. Financial institutions are required to create an information security plan according to the Safeguard Rules, which describe how the data is protected. It must be tailored to the financial institution’s size, complexity, and operations, along with the type of sensitive information that they get from customers. Financial institutions must meet the following criteria:

  • At least one employee should be designated to coordinate information security systems.
  • They must assess and identify any risk to customer information within all relevant areas of the institution’s operation and evaluate the efficiency of the safeguard protocols for each risk.
  • They should use service providers with the ability to maintain proper safeguards and ensure that the contract states that they will maintain these safeguards, as well as oversee how they handle customer data.
  • They must design safeguard protocols and programs and regularly monitor their efficiency.
  • They must evaluate and make adjustments to the safeguard protocols based on recent events, such as changes to the business’s operations. or based on tests.

To achieve compliance with the Gramm-Leach-Bliley Act, financial institutions should pay close attention to employee management, training, security management, and information systems.

Penalties for Gramm-Leach-Bliley Act Non-compliance

If non-compliance to the Gramm-Leach-Bliley Act is proven, financial institutions could face business — and in some cases, even life-altering — penalties. This includes that:

  • Financial institutions are fined $100,000 for each violation.
  • Individuals responsible for non-compliance are fined $100,000 for each violation.
  • Individuals responsible for non-compliance can be jailed for up to five years.

Non-compliance Examples

There have been several examples of non-compliance of the Gramm-Leach-Bliley Act since it was enacted.

Paypal (as Venmo)

They allegedly violated the Gramm-Leach-Bliley Act and the Federal Trade Act, and according to a source:

“The FTC also asserts that the privacy practices it alleges violate the GLBA and its Privacy Rule, and that the security failures it alleges violate the GLBA and the Safeguarding Rule.”

Mortgage Companies

Early in its enactment, the FTC used the Gramm-Leach-Bliley Act against numerous mortgage companies for several violations.

Gramm-Leach-Bliley Act Best Practices

The main focus of the Gramm-Leach-Bliley Act is to strengthen data protection. With that, the primary focus of financial institutions should be to create proper safeguards and programs to protect the private data that they manage. It is critical for any financial institution to maintain Gramm-Leach-Bliley Act compliance, as violations can be detrimental to their operations as a whole.

The post Understand the Gramm-Leach-Bliley Act appeared first on .

Regulation readiness: Embracing the privacy legislation wave ahead

There are a few certainties in life. Your attempt to use the fifteen-item express checkout line with sixteen items will be denied by the seventeen-year-old cashier. The motorcycle cop will write you a $150 ticket instead of warning for going just three miles over the speed limit in your neighborhood. Your tactic of ignoring that federal privacy regulation just enacted will result in significant fines and penalties for your burgeoning business. Whatever the scenario, the … More

The post Regulation readiness: Embracing the privacy legislation wave ahead appeared first on Help Net Security.

One year of GDPR application: Europeans well aware of their digital rights

Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they can turn for help when their rights are violated, according to the European Commission. “European citizens have become more aware of their digital rights and this is encouraging news. However, only three in ten Europeans have heard of all their new data rights. For companies, their customers’ trust is hard currency … More

The post One year of GDPR application: Europeans well aware of their digital rights appeared first on Help Net Security.

How employees and their organizations are prioritizing data privacy

Employees in the UK expressed greater understanding of privacy laws, and better training opportunities, than those in the U.S., the ObserveIT survey reveals. The survey polled 1,000 full-time employees in the United States and United Kingdom to determine their understanding of their organizations’ current privacy regulations. New policies and regulations dictating organizations’ handling of sensitive consumer information – such as the GDPR, the CCPA and Vermont’s data privacy law – have brought to light the … More

The post How employees and their organizations are prioritizing data privacy appeared first on Help Net Security.

GDPR implementation lessons can help with CCPA compliance

The ever increasing number of data breaches has made consumers more aware of how their data is being used and has emphasized the importance of keeping personal data private, says Sovan Bin, CEO and founder of cloud data management firm Odaseva. “In terms of the general public, the California Consumer Privacy Act (CCPA) is a wake-up call for consumers to know and understand their data privacy rights. They should feel free to exercise these rights … More

The post GDPR implementation lessons can help with CCPA compliance appeared first on Help Net Security.

Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel

With summertime just around the corner, families are eagerly looking to book their next getaway. Since vacation is so top-of-mind during the summer months, users are bound to come across websites offering cheap deals on flights, accommodations, and other experiences and activities. With so many websites claiming to offer these “can’t-miss deals,” how do you know who to trust?

It turns out that this is a common concern among folks looking for a little summer getaway. According to our recent survey of 8,000 people across the UK, US, Canada, Australia, France, Germany, Spain, and Singapore, 54% of respondents worry about their identity being stolen while booking and purchasing travel and accommodation online. However, 27% don’t check the authenticity of a website before booking their vacation online. Over half of these respondents say that it doesn’t cross their minds to do so.

These so-called “great deals” can be difficult to pass up. Unfortunately, 30% of respondents have been defrauded thanks to holiday travel deals that were just too good to be true. What’s more, 46.3% of these victims didn’t realize they had been ripped off until they arrived at their holiday rental to find that the booking wasn’t actually valid.

In addition to avoiding bogus bookings, users should also refrain from risky online behavior while enjoying their summer holidays. According to our survey, 44.5% of respondents are putting themselves at risk while traveling by not checking the security of their internet connection or willingly connecting to an unsecured network. 61% also stated that they never use a VPN, while 22% don’t know what a VPN is.

Unfortunately, travel-related attacks aren’t limited to just travelers either; hotels are popular targets for cybercriminals. According to analysis conducted by the McAfee Advanced Threat Research team, the most popular attack vectors are POS malware and account hijacking. Due to these attacks, eager vacationers have had their customer payment, credit card data, and personally identifiable information stolen. In order for users to enjoy a worry-free vacation this summer, it’s important that they are aware of the potential cyberthreats involved when booking their trips online and what they can do to prevent them.

Together with HomeAway, we here at McAfee are working to help inform users of the risks they face when booking through unsecured or unreliable websites as well as when they’re enjoying some summertime R&R. Check out the following tips so you can enjoy your vacation without questioning the status of your cybersecurity:

  • Always connect with caution. If you need to conduct transactions on a public Wi-Fi connection, use a virtual private network (VPN) to help keep your connection secure.
  • Think before you click. Often times, cybercriminals use phishing emails or fake sites to lure consumers into clicking links for products or services that could lead to malware. If you receive an email asking you to click on a link with a suspicious URL, it’s best to avoid interacting with the message altogether.
  • Browse with security protection. Use a comprehensive security solution, like McAfee Total Protection, which includes McAfee WebAdvisor that can help identify malicious websites.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help protect personally identifiable information from identity theft and fraud.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Bargain or Bogus Booking? Learn How to Securely Plan Summer Travel appeared first on McAfee Blogs.

1.1M Emuparadise Accounts Exposed in Data Breach

If you’re an avid gamer or know someone who is, you might be familiar with the retro gaming site Emuparadise. This website boasts a large community, a vast collection of gaming music, game-related videos, game guides, magazines, comics, video game translations, and more. Unfortunately, news just broke that Emuparadise recently suffered a data breach in April 2018, exposing the data of about 1.1 million of their forum members.

The operators of the hacked-database search engine, DeHashed, shared this compromised data with the data breach reference site Have I Been Pwned. According to the site’s owner Troy Hunt, the breach impacted 1,131,229 accounts and involved stolen email addresses, IP addresses, usernames, and passwords stored as salted MD5 hashes. Password salting is a process of securing passwords by inputting unique, random data to users’ passwords. However, the MD5 algorithm is no longer considered sufficient for protecting passwords, creating cause for cybersecurity concern.

Emuparadise forced a credential reset after the breach occurred in April 2018. It’s important that users of Emuparadise games take steps to help protect their private information. If you know someone who’s an avid gamer, pass along the following tips to help safeguard their security:

  • Change up your password. If you have an Emuparadise account, you should change up your account password and email password immediately. Make sure the next one you create is strong and unique so it’s more difficult for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the better!
  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage stolen information for phishing emails and social engineering scams. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided.
  • Check to see if you’ve been affected. If you or someone you know has made an Emuparadise account, use this tool to check if you could have been potentially affected.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 1.1M Emuparadise Accounts Exposed in Data Breach appeared first on McAfee Blogs.

Say So Long to Robocalls

For as long as you’ve had a phone, you’ve probably experienced in one form or another a robocall. These days it seems like they are only becoming more prevalent too. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. While these scams vary by country, the most common type features the impersonation of legitimate organizations — like global tech companies, big banks, or the IRS — with the goal of acquiring user data and money. When a robocall hits, users need to be careful to ensure their personal information is protected.

It’s almost impossible not to feel anxious when receiving a robocall. Whether the calls are just annoying, or a cybercriminal uses the call to scam consumers out of cash or information, this scheme is a big headache for all. To combat robocalls, there has been an uptick in apps and government intervention dedicated to fighting this ever-present annoyance. Unfortunately, things don’t seem to be getting better — while some savvy users are successful at avoiding these schemes, there are still plenty of other vulnerable targets.

Falling into a cybercriminal’s robocall trap can happen for a few reasons. First off, many users don’t know that if they answer a robocall, they may trigger more as a result. That’s because, once a user answers, hackers know there is someone on the other end of the phone line and they have an incentive to keep calling. Cybercriminals also have the ability to spoof numbers, mimic voices, and provide “concrete” background information that makes them sound legitimate. Lastly, it might surprise you to learn that robocalls are actually perfectly legal. It starts to become a grey area, however, when calls come through from predatory callers who are operating on a not-so-legal basis.

While government agencies, like the Federal Communications Commission and Federal Trade Commission, do their part to curb robocalls, the fight to stop robocalls is far from over, and more can always be done. Here are some proactive ways you can say so long to pesky scammers calling your phone.

  1. There’s an app for that. Consider downloading the app Robokiller that will stop robocalls before you even pick up. The app’s block list is constantly updating, so you’re protected.
  2. Let unknown calls go to voicemail. Unless you recognize the number, don’t answer your phone.
  3. Never share personal details over the phone. Unfortunately, there’s a chance that cybercriminals may have previously obtained some of your personal information from other sources to bolster their scheme. However, do not provide any further personal or financial information over the phone, like SSNs or credit card information.
  4. Register for the FCC’s “Do Not Call” list. This can help keep you protected from cybercriminals and telemarketers alike by keeping your number off of their lists.
  5. Consider a comprehensive mobile security platform. Utilize the call blocker capability feature from McAfee Mobile Security. This tool can help reduce the number of calls that come through.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Say So Long to Robocalls appeared first on McAfee Blogs.

What is HIPAA Compliance?

HIPAA Definition

The Health Insurance Portability and Accountability Act (HIPAA) is a bill that was signed by then-President Bill Clinton in 1996. One of this act’s main goals is to update the flow of healthcare information and consequently improve the protection of patient data. Through HIPAA compliance, reducing of health care fraud and abuse is thoroughly addressed.

HIPAA targets to mandate all institutions that deal with PHI (protected health information) to adhere to industry-wide standards. This is structured to guarantee that all healthcare information is protected through implementing physical, network, and process security measures.

What Is HIPAA Compliance? — HIPAA Privacy Rule

The HIPAA Privacy Rule sets principles that aim to protect certain electronic healthcare-related information. Its main objective is to secure patients’ medical records and other personal healthcare data. Medical information that is appended with this HIPAA compliance rule includes:

  • HIV/AIDS.
  • Substance/Alcohol Abuse.
  • Mental Health.

Through the implementation of the HIPAA Privacy Rule, patients can ensure that the privacy of all their sensitive healthcare data is being safeguarded by appropriate protocols. Through HIPAA compliance, they can guarantee that unauthorized disclosure of such data will be strictly monitored.

Patients can also retain their rights over their own medical data. This means that they are entitled to request a copy of their healthcare records and appeal for corrections when deemed necessary.

What Is HIPAA Compliance? — HIPAA Security Rule

The HIPAA Security Rule outlines standards that will assure top-grade protection for all electronic healthcare information. These include any medical data that are created, received, used, or maintained in electronic form.

To ensure proper implementation of the HIPAA Security Rule, the law mandates that all administrative, physical, and technical safeguards must be in place. Here is a brief guide about these required safeguards:

Administrative safeguards are organizational policies and procedures that are set as guidelines to implement and maintain proper medical data security measures. These include proper supervision of employee conduct with regards to sensitive healthcare information security.

Physical safeguards refer to all physical electronic medical data security measures and policies that need to be administered. These include workstation use and security, device and media controls, and full access control to facilities.

Technical safeguards aim to administer the technology and the corresponding policies and procedures for the technology’s usage and implementation.

What Is HIPAA Compliance’s Importance?

With more and more healthcare-related institutions adopting modernized technologies in their operations, almost all healthcare records are now saved in electronic form. This makes HIPAA compliance a standard in today’s healthcare industry landscape.

The good thing with HIPAA compliance is that it is flexible and scalable for any covered institution. Any healthcare industry company will be able to distinguish the appropriate privacy and security measures that they should implement to obtain rigid medical data security.

To better understand HIPAA, here are a few best practices with regards to HIPAA compliance:

What Is HIPAA Compliance? — Best Practices

  1. Security measures must include an up-to-date training program for employees about the proper management and handling of sensitive healthcare records.
  2. Avoid accessing a patient’s record unless given proper authorization or when it is extremely necessary.
  3. All computer programs containing sensitive medical data must be locked down when not in use.
  4. Install a reliable anti-virus software on all computers. This IT solution is designed to keep all malware and other security risks out of your computer systems.

What Is HIPAA Compliance? — Conclusion

Non-compliance to HIPAA can be costly. Depending on the gravity of the violation, penalties can reach up to USD250,000. That is why healthcare industry companies must take HIPAA compliance with the utmost importance. After all, HIPAA aims to improve the protection of all patients’ electronically saved medical records.

Related Resources:

Healthcare Data Security Services and Processes

How Healthcare Organizations Can Solve Cybersecurity Issues

The post What is HIPAA Compliance? appeared first on .

4 Tips to Protect Your Information During Medical Data Breaches

As the companies we trust with our data become more digital, it’s important for users to realize how this affects their own cybersecurity. Take your medical care provider, for instance. You walk into a doctor’s office and fill out a form on a clipboard. This information is then transferred to a computer where a patient Electronic Health Record is created or added to. We trust that our healthcare provider has taken the proper precautions to safely store this data. Unfortunately, medical data breaches are on the rise with a 70% increase over the past seven years. In fact, medical testing company LabCorp just announced that it experienced a breach affecting approximately 7.7 million customers.

How exactly did this breach occur? The information was exposed as a result of an issue with a third-party billing collections vendor, American Medical Collection Agency (AMCA). The information exposed includes names, addresses, birth dates, balance information, and credit card or bank account information provided by customers to AMCA. This breach comes just a few days after Quest Diagnostics, another company who worked with AMCA, announced that they too experienced a breach affecting 11.9 million users.

Luckily, LabCorp stated that they do not store or maintain Social Security numbers and insurance information for their customers. Additionally, the company provided no ordered test, lab results, or diagnostic information to AMCA. LabCorp stated that they intend to provide 200,000 affected users with more specific information regarding the breach and offer them with identity protection and credit monitoring services for two years. And after receiving information on the possible security compromise, AMCA took down its web payments page and hired an external forensics firm to investigate the situation.

Medical data is essentially nonperishable in nature, making it extremely valuable to cybercrooks. It turns out that quite a few security vulnerabilities exist in the healthcare industry, such as unencrypted traffic between servers, the ability to create admin accounts remotely, and disclosure of private information. These types of vulnerabilities could allow cybercriminals to access healthcare systems, as our McAfee Labs researchers discovered. If someone with malicious intent did access the system, they would have the ability to permanently alter medical images, use medical research data for extortion, and more.

Cybercriminals are constantly pivoting their tactics and changing their targets in order to best complete their schemes. As it turns out, medical data has become a hot commodity for cybercrooks. According to the McAfee Labs Threats Report from March 2018, the healthcare sector has experienced a 210% increase in publicly disclosed security incidents from 2016 to 2017. The McAfee Advanced Threat Research Team concluded that many of the incidents were caused by failures to comply with security best practices or to address vulnerabilities in medical software.

While medical care providers should do all that they can to ensure the security of their patients, there are steps users can take to help maintain their privacy. If you think your personal or financial information might be affected by the recent breaches, check out the following tips to help keep your personal data secure:

  • Place a fraud alert.If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit.Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection.A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.
  • Be vigilant about checking your accounts.If you suspect that your personal data has been compromised, frequently check your bank account and credit activity. Many banks and credit card companies offer free alerts that notify you via email or text messages when new purchases are made, if there’s an unusual charge, or when your account balance drops to a certain level. This will help you stop fraudulent activity in its tracks.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blogs.

Cisco Security & Trust at Cisco Live US

At Cisco, cybersecurity is our top priority; from product development, to operations, to data protection and privacy, we are embedding security everywhere. Our journey starts with protecting the Cisco enterprise. We invite you to learn more about how we securely enable business for our customers, partners, and ourselves at Cisco Live US, taking place June 9th through the 13th in San Diego, CA.

The sessions listed below will help participants to build a more secure network foundation for their enterprise. Specific topics to be covered include, among others

  • Trustworthy solutions
  • Security analytics
  • Threat intelligence
  • Cloud security
  • Endpoint protection
  • Secure access
  • Data protection and privacy
  • Privacy engineering

Attacks on Network Infrastructure: Protecting Network Integrity with Cisco Trustworthy Tech David Lapier, Sr. Technical Leader of Software Engineering | Monday, June 10th, 1-2 PM

Understanding Encrypted Traffic Using Joy for Monitoring and Forensics Bill Hudson, Sr. Technical Leader of Software Engineering | Tuesday, June 11th, 3-3:45 PM

Securely Enabling Your Organization Steve Martino, Chief Information Security Officer | Wednesday, June 12th, 11-11:40 AM

Inside Cisco IT: How to Move to the Cloud David Jones, Information Technology Architect & Jason Freeth, Information Security Architect | Wednesday, June 12th, 4-5:30 PM

Privacy by Design Lisa Bobbitt, Data Privacy Architect, Jonathan Fox, Data Privacy Director, & Mike Tibodeau, Data Protection & Privacy Operations Manager | Thursday, June 13th, 9:30-11:30 AM

Join us for world-class technical and cybersecurity training and enjoy the fun social activities in store.

The post Cisco Security & Trust at Cisco Live US appeared first on Cisco Blog.

Why zero trust is crucial to compliance

The enterprise faces a brand new world when it comes to data privacy and security. New regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have joined PCI-DSS, HIPAA, and more than 25,000 other cybersecurity regulations passed since 2008. Together, these regulations have vastly increased the workload on security teams already stretched thin by the sheer scale and complexity of modern software business services. The challenge posed by these … More

The post Why zero trust is crucial to compliance appeared first on Help Net Security.

Chrome extension devs must drop deceptive installation tactics

After announcing its intention to limit third-party developers’ access to Chrome’s webRequest API, which is used by many ad-blocking extensions to filter out content, Google has followed up with announcements for a few more changes meant “to create stronger security, privacy, and performance guarantees”: Chrome extension developers must ditch any deceptive installation tactic they have been using Extensions must only request access to the appropriate data needed to implement their features Extensions that handle user-provided … More

The post Chrome extension devs must drop deceptive installation tactics appeared first on Help Net Security.

G Suite to get Gmail confidential mode, on by default

Earlier this year, Google introduced Gmail confidential mode for both consumer and G Suite users. While the former were able to use it immediately, the latter depended on whether their domain admin chose to enable it (as it was and is still in beta). But, starting on June 25, the feature will be turned on by default and it will be on admins to turn it off – if they don’t explicitly choose to disable … More

The post G Suite to get Gmail confidential mode, on by default appeared first on Help Net Security.

Attention Graphic Designers: It’s Time to Secure Your Canva Credentials

Online graphic design tools are extremely useful when it comes to creating resumes, social media graphics, invitations, and other designs and documents. Unfortunately, these platforms aren’t immune to malicious online activity. Canva, a popular Australian web design service, was recently breached by a malicious hacker, resulting in 139 million user records compromised.

So, how was this breach discovered? The hacker, who goes by the name GnosticPlayers, contacted a security reporter from ZDNet on May 24th and made him aware of the situation. The hacker claims to have stolen data pertaining to 1 billion users from multiple websites. The compromised data from Canva includes names, usernames, email addresses, city, and country information.

Canva claims to securely store all user passwords using the highest standards via a Bcrypt algorithm. Bcrypt is a strong, slow password-hashing algorithm designed to be difficult and time-consuming for hackers to crack since hashing causes one-way encryption. Additionally, each Canva password was salted, meaning that random data was added to passwords to prevent revealing identical passwords used across the platform. According to ZDNet, 61 million users had their passwords encrypted with the Bcrypt algorithm, resulting in 78 million users having their Gmail addresses exposed in the breach.

Canva has notified users of the breach through email and ensured that their payment card and other financial data is safe. However, even if you aren’t a Canva user, it’s important to be aware of what cybersecurity precautions you should take in the event of a data breach. Check out the following tips:

  • Change your passwords. As an added precaution, Canva is encouraging their community of users to change their email and Canva account passwords. If a cybercriminal got a hold of the exposed data, they could gain access to your other accounts if your login credentials were the same across different platforms.
  • Check to see if you’ve been affected. If you’ve used Canva and believe your data might have been exposed, use this tool to check or set an alert to be notified of other potential data breaches.
  • Secure your personal data. Use a security solution like McAfee Identity Theft Protection. If your information is compromised during a breach, Identity Theft Protection helps monitor and keep tabs on your data in case a cybercriminal attempts to use it.

And, as always, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Attention Graphic Designers: It’s Time to Secure Your Canva Credentials appeared first on McAfee Blogs.

Handle personal data: What we forget is as important as what we remember

This spring, Facebook addressed the issue of permanence across its messaging platforms – from Instagram to Messenger to WhatsApp – with the aim to “set a new standard” for consumers’ private communication platforms. Shortly after, Telegram took it further, announcing new capabilities that enable users to delete any message in both ends of any private chat, at any time. While these announcements focus on the consumer audience, global businesses have been grappling with the same … More

The post Handle personal data: What we forget is as important as what we remember appeared first on Help Net Security.

Most global workers noticed stricter policies at work as a result of GDPR

When enforcement of the GDPR went into effect on May 25, 2018, it had worldwide implications on data protection and privacy legislation. One year later, there are conflicting sentiments from the global workforce about whether the regulation has been effective, according to Snow Software. A new survey, which polled 3,000 professionals in the United States, Europe and Asia Pacific region, found that only 39% of respondents feel their personal data is better protected since GDPR … More

The post Most global workers noticed stricter policies at work as a result of GDPR appeared first on Help Net Security.

How many adults trust companies with their personal data?

More than one third (36%) of adults aged 16–75 trust companies and organizations with their personal data more since GDPR came into effect one year ago, according to TrustArc. There are positive sentiments toward enforcement activity, and half (47%) of respondents have exercised some of their GDPR privacy rights. 57% of respondents are also more likely to use websites that have a certification mark or seal to demonstrate GDPR compliance. “The research tells a tale … More

The post How many adults trust companies with their personal data? appeared first on Help Net Security.

TalkTalk’s Databreach Made Secret, Exposed In A Google Search

Having the Google search engine is a blessing for many people who are searching for answers to whatever questions they may have. However, for the telecommunication conglomerate TalkTalk, having Google is a nightmare, as their data breach that they kept secret from their customers was inadvertently exposed by just a simple Google Search. An estimated 4,545 customer records were discovered by just a Google Search, which TalkTalk tried to hide from the public.

Styling itself as: “We do what’s right. We’re also passionate about keeping our teams engaged, happy and proud to work here. It’s all about empowering customers through great TalkTalk technology, and great TalkTalk people.” With leaving the customers in the dark, the company may be subjected to a penalty by the United Kingdom.

The data breach issue was not disclosed by the conglomerate, and it was also unreported to the ICO (UK”s Information Commissioner’s Office), which according to law should receive all reports of data breaches in accordance to the Data Protection Act of 1998. It was later found out through a Google search that the data leak includes personally identifiable information like customer full name, birthdate, address, account numbers, financial information, and contact information. Due to the news blackout fiasco, TalkTalk was forced to issue letters of apology to the affected customers of the 2015 data breach, the origin of the data came from the conglomerate’s own database.

“The 2015 incident impacted 4% of TalkTalk customers and at the time, we wrote to all those impacted. In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud. A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologize. 99.9 percent of customers received the correct notification in 2015. On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss,” explained a TalkTalk representative.

Security experts expressed their concern of companies not being honest when it comes to the welfare of their customers. Even though bad for the reputation of the company at first, customers will appreciate if companies that encounter trouble can face the music by being honest with their customers.

Related Resources:

Ways to Prevent Healthcare Data Breaches

Human Error: The Reason behind 88% of all UK Data Breaches

The Top 10 Worst Data Breaches of all Time

Six Critical Mistakes That Could Lead to Data Security Breaches

The post TalkTalk’s Databreach Made Secret, Exposed In A Google Search appeared first on .

A closer look at mobile permissions one year into GDPR

With GDPR reaching its one year anniversary May 25, Airship revealed top-level results of its global benchmark study, examining the state of mobile app user permissions across nearly 700 million people worldwide. Meet new regulatory requirements While marketers trimmed customer lists to meet new regulatory requirements for “traditional” channels (i.e., email), mobile app audiences continue to grow — up globally by +16.6 percent year over year. Businesses are also sending more notifications — averaging 36 … More

The post A closer look at mobile permissions one year into GDPR appeared first on Help Net Security.

Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns

Apps not only provide users with a form of entertainment, but they also help us become more efficient or learn new things. One such app is Game Golf, which comes as a free app, a paid pro version with coaching tools, or with a wearable analyzer. With over 50,000 downloads on Google Play, the app helps golfers track their on-course performance and use the data to help improve their game. Unfortunately, millions of golfer records from the Game Golf app were recently exposed to anyone with an internet connection, thanks to a cloud database lacking password protection.

According to researchers, this exposure consisted of millions of records, including details on 134 million rounds of golf, 4.9 million user notifications, and 19.2 million records in an activity feed folder. Additionally, the database contained profile data like usernames, hashed passwords, emails, gender, Facebook IDs, and authorization tokens. The database also contained network information for the company behind the Game Golf app, Game Your Game Inc., including IP addresses, ports, pathways, and storage information that cybercrooks could potentially exploit to further access the network. A combination of all of this data could theoretically provide cybercriminals with more information on the user, creating greater privacy concerns. Thankfully, the database was secured about two weeks after the company was initially notified of the exposure.

Although it is still unclear as to whether cybercriminals took a swing at this data, the magnitude of the information exposed by the app is cause for concern. Luckily, users can follow these tips to help safeguard their data:

  • Change your passwords. If a cybercriminal got a hold of the exposed data, they could easily gain access into other online accounts if your login credentials were the same across different platforms. Err on the side of caution and change your passwords to something strong and unique for each account.
  • Check to see if you’ve been affected. If you’ve used the Game Golf app and believe your data might have been exposed, use this tool to check or set an alert to be notified of other potential exposures.
  • Secure your online profiles. Use a security solution like McAfee Safe Connect to encrypt your online activity, help protect your privacy by hiding your IP address, and better defend against cybercriminals.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Game Golf Exposure Leaves Users in a Sand Trap of Data Concerns appeared first on McAfee Blogs.

Data privacy: A hot-button issue for Americans one year after GDPR

The General Data Protection Regulation (GDPR) went into effect in the European Union a year ago this month. GDPR, which gives EU citizens more control over their personal data by mandating how businesses must handle that information, has attracted great interest around the world. In addition, it has inspired government officials elsewhere in the world to develop laws addressing consumer data privacy concerns. In recognition of GDPR’s first anniversary, nCipher Security conducted a survey to … More

The post Data privacy: A hot-button issue for Americans one year after GDPR appeared first on Help Net Security.

Cybersecurity roundup – Jan to April ‘19

Estimated reading time: 2 minutes

2019 is not even halfway over and there is already a flurry of cyber attacks all over the globe. Network administrators and cybersecurity experts have to always be on their toes as, no one is safe from the risk of an attack or a data breach. Here is a list of some of the top incidents which made headlines when it comes to cybersecurity:

  • Facebook accidentally uploads email contacts of 1.5 million users

The world-renowned social networking giant just couldn’t catch a break. Facebook made global headlines for all the wrong reasons again in April 2019. It admitted in an announcement that it may have “unintentionally uploaded” email contacts of 1.5 million new users since May 2016. The beleaguered social networking giant stated these contacts were not shared with anyone else and were being deleted.

  • Personal data of German politicians leaked online

Germany was plunged into chaos when sensitive data belonging to hundreds of German politicians, celebrities and online figures were leaked online on a Twitter account in a huge leak in the country’s history. These documents included deeply personal identifiable information including private chats, credit card details, addresses, etc. The Chancellor of Germany, Angela Merkel was also amongst those who found their personal information leaked. Police later arrested a 20-year-old German man who admitted to being behind the hacking, telling police that he had taken advantage of weak passwords.

  • Security Lapse at Indane exposes millions of Aadhar numbers

Closer home in India, questions continue to arise over the cybersecurity preparedness of some of the country’s biggest companies. A French security researcher claimed that he discovered a security lapse which exposed millions of Aadhaar numbers of dealers and distributors associated with Indian oil company, Indane. The Aadhaar data of nearly 6.7 million were accessible and were left exposed. Indane later responded saying they did not host any Aadhaar data and hence there was no leak.

  • 6 TB of data stolen from US government contractor

The fact that no organization in the world is really safe from cyber attacks became even more evident in March, when the news emerged that Iranian-backed hackers had stolen a staggering 6 TB of data from Citrix Systems, a software company that handles sensitive projects for the US government. The data stolen included extremely confidential information related to NASA, aerospace contracts, FBI information, Saudi Arabia’s oil-related information, giving an idea of the sheer scale of the attack. The most important cybersecurity lesson to be learnt from this? The hackers got access through “password spraying” – guessing weak passwords and then going inside.

  • Data breach at Airbus

The aircraft manufacturing giant faced a crisis this year, when it reported that it had detected a cyber attack on its information systems which resulted in a data breach. Though it did not affect their operations, Airbus did admit that employee-related details had been lost in the breach. While they did not reveal the number of records, the fact that a breach could take place on the servers of the world’s second-largest aircraft manufacturers, reveals that even the biggest companies are still coming to terms with increasingly changing threats in the murky world of cybersecurity.

The post Cybersecurity roundup – Jan to April ‘19 appeared first on Seqrite Blog.

Google Decided to End Business with Huawei. How This Impacts Users.

Sad and worrying news for Huawei mobile users, like you and me. Google recently announced that it will no longer provide support to the giant Chinese company for many Android hardware and software operations. 

This move is followed by a Trump administration decision to add Huawei Technologies Co Ltd to the trade blacklist and impose restrictions that will affect how the company will do business with other U.S. organizations. 

On top of that, important US chipmakers like Intel, Qualcomm, and others have also joined Google and cut off deals with the Chinese company, Bloomberg reported 

So, the big US tech players decided to comply with this new legislation, but the consequences will surely impact the tech industry, consumers, and each of us, in general.  

While we are aware of the geopolitical implications involved, a trade war between China and US, which will probably lead to an imminent technological cold war, there are also actual real-life implications for those who have (at least) one Huawei device at home. 

All the buzz around the recent Huawei ban has probably sparked confusion and raised some key questions like: 

Is my Huawei device safe? Should I stop using it and switch to another alternative?  What about Android security updates? I want to purchase a new Huawei smartphone, is it safe or not? 

In this article, we’ll try to understand what’s the best approach to dealing with this situation and provide actionable and useful tips you can apply for a better user experience. 

 Here are some key aspects related to the Huawei ban to keep in mind                

The US Government applied new regulations for Huawei Chinese companies, by adding it to the “Entity List” which means it can’t “buy parts of technology from US suppliers without government approval as its equipment is considered potential tools for Chinese espionage”.  

Following this ban, the US Department of Industry and Security, Commerce said Huawei still has a 90-day “temporary general license” which allows the company to continue using the US intel with the license.  

During this limited license available until August 19, 2019, Huawei will work closely with US corporations to maintain business relationships and provide software updates for the existing Huawei devices. Read more details about this temporary license. 

From a positive perspective, ZTE telecom Chinese company went through a similar situation. It was blacklisted by the US government, but it finally lifted the trade ban and allowed the company to continue getting essential hardware parts and software from US companies.      

However, in the case of Huawei, Google decided not to provide software hardware, and technical services to the Chinese phone maker. This means that the giant tech player will control the Chinese company’s access to Android, its core operating system, and parts of it, such as: 

  • Its Play store 
  • Own applications 
  • Google Assistant
  • Gmail email service 
  • Tools that require access to third-party services. 

While the US-based technology companies such as Intel and Qualcomm decided to comply with the latest US government order, it looks like Microsoft remains silent on potential Windows ban which will block Huawei’s access to get Windows licenses. The Verge tried to reach out to Microsoft reps, but no further commend has been given on this situation. However, it appears that the company stopped selling Huawei’s MateBook X Pro, one of the Windows laptops in the US, at its online store. 

In anticipation of this move and current tensions between US government and China, Huawei has worked on a plan B and already started developing a proprietary operating system, for both smartphones and computers, as an alternative to Google’s Android OS. We’ll see how things will evolve going forward. 

“We have prepared our own operating system, if it turns out we can no longer use these systems [Android], we will be ready and have our plan B.”

declared Huawei executive, Richard Yu.

In a recent interview, Huawei’s founder Ren Zhengfei said that the company’s “5G would not be affected and predicted that no other parties would be able to catch up with the company in 5G technology in the next 2-3 years”. He also added that the U.S. authorities are underestimated Huawei’s capabilities. Are they?  

Smartphones sales experienced a decline in the first months of 2019, but Huawei saw a significant increase in shipments by 50% (all running Android OS), and “made a strong statement by growing volume and share despite market headwinds”, according to IDC new report.    

What the current Huawei device owners need to know 

Google declared that consumers who currently have a Huawei device can still use the company’s services such as the Google Play Store, Google Search, Gmail, Google Maps, and security from Google Play Protect. 

 The official statement from Huawei also confirmed that it “will continue to provide security updates and after-sales services to all existing Huawei and Honor smartphone and tablet products.” 

So, this means that all current Huawei devices will work normally, without being affected in any way. In the medium-to-long term, we don’t know exactly what’s going to happen, but it will depend on the relationship between the US and China.    

Yes, you can still perform your daily tasks, download any app from the Google Play and rest assured that all software updates are being delivered at time.  

We all know how essential software patching is and why security experts have taken every opportunity to encourage both regular users and organizations to apply them.    

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

 How does this situation impact any future Huawei smartphone?  

If you’re going to purchase a new Huawei smartphone in the upcoming months, there will be limitations regarding the access to Google services and other implied restrictions that you need to know about.  

  • First off, all the upcoming Huawei devices will not be certified by Google and they won’t have built-in Google’s most popular applications and programs.  

This decision won’t impact the Chinese consumers, who already can’t access most of Google’s top services, but will be reflected in Europe and other parts of the globe.  

  • Without access to Google Mobile Services, third-party developers won’t be able to use Google’s API on new Huawei handsets. 
  • For future devices, Huawei can no longer benefit from the Google Play services, but it still has access to Android OS, since it is an open source system. 
  • Each new addition Google will be done to Android via the Google Play Services will no longer be available to the Chinese company for its global devices. 
  • New versions of Huawei smartphones outside China will not ship with key Google services such as Google Play, Gmail apps, Maps, or YouTube. Even if you try to install them, they won’t work. 
  • Without access to Google Play store, users will probably try to download their apps and programs from other sources which can pose as real security risks and provide new opportunities for cybercriminals to inject malware thought fake apps. 
  • Also, new Huawei smartphones could not receive future releases of Android OS and be stuck with an old version. This means there will be no access to new improvements and features developed by the company, but we know that Huawei usually changes the standard Android experience by adding its own user interfaces.                                                                                                                                         

 Protection guide for Huawei device users 

 There’s no secret to anyone that Huawei is the largest smartphone vendor in China and a key player on the global market.  

However, the company still relies on the US suppliers to obtain hardware that will make it develop high quality and popular devices all over the world. 

If you have a deep fondness for your Huawei smartphone and you don’t want to give up on it, here are some key security measures you should apply: 

  1. Apply available software updates and consider turning on the “automatic updates” feature, if you have it. Thus, you will avoid seeing your device an easy target for as malware and ransomware which usually target outdated programs and apps. 
  2. Use a specialized security solution like Thor Free to handle software updates, automatically and silently, by allowing users to save time and energy.
  3. If your Huawei device is more vulnerable to cyber attacks, it is recommended to use a multi-layered security solution like Thor Premium Home. Given its proactive and unique threat intel, alongside a next-gen Antivirus, your sensitive information and digital life is secure and protected with a complete and all-in-one security suite. 
  4. Be proactive and stay up to date with the latest news about this debate, if you’re going to invest in a Huawei device. Make sure you follow the company’s latest announcements on this matter and keep an eye on the security updates for your specific device.
  5. Learn about the online dangers and build a strong defense against cyber threats by checking out one of our valuable educational resources that will teach you actionable and applicable security tips.      
Final thoughts 

In the long run, this decision coming from the US Government to crack down the Chinese companies will probably escalate to something even bigger. There’s an ongoing battle between the United States and China which we don’t know exactly how will end, but the future remains unclear for the Chinese company. 

The other day, I heard one of my colleagues in the office saying that Huawei is no longer a viable option. I, for one, will continue to use my current Huawei smartphone and stay informed with the latest news from the company.

What are your thoughts on this subject? Are you still going to invest your money in a Huawei phone or consider other options?  

The post Google Decided to End Business with Huawei. How This Impacts Users. appeared first on Heimdal Security Blog.

Data Security in the Cloud: How to Lock Down the Next-Gen Perimeter

Enjoy the video replay of the recent Threatpost cloud security webinar, featuring a panel of experts offering best practices and ideas for managing data in a cloudified world.

Traditional approach to data security hindering digital transformation initiatives

Security professionals who adopted a more traditional or reactive approach to their data protection and security program did not believe they would reach their digital transformation goals, according to a TITUS report. The report, “The Vital Role of Security in Digital Transformation,” is based on a survey conducted by Market Strategies International of more than 600 IT decision makers at leading brands across a diverse set of industries in the United States, Canada and the … More

The post Traditional approach to data security hindering digital transformation initiatives appeared first on Help Net Security.

Half of companies missed GDPR deadline, 70% admit systems won’t scale

Even if given two years notice to achieve GDPR compliance, only half of companies self-reported as compliant by May 25, 2018, a DataGrail survey reveals. “The Age of Privacy: The Cost of Continuous Compliance” report benchmarks the operational impact of the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as well as sharing insights into lessons learned and attitudes toward privacy regulations. DataGrail surveyed more than 300 U.S. privacy management … More

The post Half of companies missed GDPR deadline, 70% admit systems won’t scale appeared first on Help Net Security.

The iOS Twitter Bug: 3 Tips to Protect Your Location Data

Many of us use social media to keep our family and friends up-to-date on our everyday lives. We don’t typically expect social media companies to keep their partners updated on our every move as well. But for some Twitter users, this is exactly the situation they’ve found themselves in. On Monday afternoon, the social media company disclosed a bug that resulted in some Twitter users’ locations being shared with an unnamed Twitter partner.

So, how exactly did this bug disclose the locations of certain Twitter users? The social network accidentally sent advertising partners location data for a process called real-time bidding. This process lets advertisers pay for space based on certain users’ locations. Twitter intended to remove the location data from what it sent to its partners but failed to do so. Affected users include those who had more than one Twitter account on an iOS device. If the user chose to share their precise location on one account, Twitter says it may have collected and shared data for the other account on the same mobile device even if that account had opted out of location sharing. Although the location data was “fuzzed” to only show a ZIP code or city, it is still unclear as to how long this location sharing took place.

According to Twitter, the location data was not retained by the partner and they have fixed the problem to ensure that it doesn’t happen again. And while affected users have already been notified by the social network, there are some steps users can take to help protect their data:

  • Turn off location services. While social media is meant for sharing, there is some information, like your location, that ought to be kept private. If a cybercriminal knows where you are at a specific point in time, they could potentially use that information to your disadvantage. Consider your overall privacy and opt out of sharing your location data with social media platforms.
  • Update, update, update. No matter what type of bug might be affecting a certain platform, it’s always crucial to keep your software up-to-date. Turning on automatic updates will ensure that you are always equipped with the latest patches and security fixes.
  • Use a comprehensive security solution. Using a solution like McAfee Total Protection helps to add an extra layer of security in case a bug does expose your device or data.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The iOS Twitter Bug: 3 Tips to Protect Your Location Data appeared first on McAfee Blogs.

Privacy Awareness Week 2019 – Are You In The Dark About Your Online Privacy?

If you haven’t given your online privacy much attention lately then things need to change. In our era of weekly data breaches, the ‘I’ve got nothing to hide’ excuse no longer cuts it. In my opinion, ensuring your privacy is protected online is probably more important than protecting your home and car! A sloppy approach to online privacy can have devastating ramifications to your financial health, your career and even your physical wellbeing.

This week is Privacy Awareness Week in Australia – a great reminder to give our online privacy a ‘check-up’ and work out what we can do to ensure the information we share online (and who sees it) is locked down.

What Do We Need to Protect?

When we think about online privacy, we often think about protecting our password and financial data online. But it’s a little more complicated. There are 2 categories of information that we share in our online life that requires protection.

  1. Personally Identifying Information (PII) – this includes our name, birthdate, address and Medicare number
  2. Non-Personally Identifying Information – this includes the information about what we do online. It’s a combination of the websites we visit, what we buy online, our online searches and the pages we like on our social media profiles. Our online activity creates a digital folder about ourselves and many companies just love this data so they can send targeted ads your way. Ever wondered why you receive ads about holiday destinations after a few wishful holiday Google searches?

Without adequate online privacy, all the information about our online activities can be collected and analysed by third parties. In fact, data collected (legally) about you by websites can be very lucrative! Companies, known as data brokers, collect and maintain data on millions on people and charge handsomely for their services!

Why Do I Need To Worry About My Online Privacy?

Just think for a moment about some of the information that is stored about you online…

  • Your PII is stored in the background of probably every online account you have including social media, news and banking
  • Your online banking and superannuation sites contain details of all your accounts and your net worth
  • Your health and taxation records maybe accessible online which may contain sensitive information you would prefer not to be shared
  • If you haven’t disabled location services on your phone, your whereabouts can be tracked by clever parties on a daily basis
  • Your pictures and videos

While some of this information is stored without your control, there are steps you can take to tighten up access.

Now, think about your daily online activity…

  • Anything you order online via your web browser can be recorded
  • Anytime you send an email with sensitive information, there is a risk this will also be shared
  • Anytime you pay on the go using a facility like Apple Pay, your purchase will be tracked
  • Anything you search for, the articles you read, the movie tickets you buy and even your weekly online grocery order can be tracked

If this comes as a shock to you then you’re not alone. Many Aussies have been in the dark about what information is available about them online. But, don’t throw the towel in – there are strategies to tighten up your online privacy.

How To Get Your Online Privacy Under Control

There are a few simple steps you can take to lock down your valuable online information. So, make yourself a nice cuppa and let’s get to work:

  1. Manage Your Passwords

Your online passwords are as important as your house keys. In fact, in many cases, it is the only thing stopping cybercriminals from accessing our vital information that we have saved online. So, if you want to tighten up access to your online banking, your social media platforms and your favourite online shopping sites then you need to think carefully about how you manage your passwords.

Passwords need to be complex and unique with at least 8-10 characters and a combination of letters, numbers and symbols. And each of your online accounts should have a separate password which should be changed regularly. Too hard? Consider a Password Manager which creates and manages complex passwords for each of your online accounts – a complete no brainer!! McAfee’s Total Protection software includes a Password Manager which stores, auto-fills and generates unique passwords for all your online accounts. All you need to do is remember one master password! Easy!

And don’t forget, if one of your online accounts is affected by a data breach, then you need to change that password ASAP. If you have a password manager, simply have it generate another password for you.

  1. Use Public Wi-Fi With Caution

If you are serious about your online privacy then you need to use public Wi-Fi sparingly. Unsecured public Wi-Fi is a very risky business. Anything you share could easily find its way into the hands of cybercriminals. So, please avoid sharing any sensitive or personal information while using public Wi-Fi. If you travel regularly or spend the bulk of your time on the road then consider investing in a VPN. A VPN (Virtual Private Network) encrypts your activity which means your login details and other sensitive information is protected. McAfee has a great VPN product called Safe Connect. An excellent insurance policy!

  1. Use 2-Factor Authentication

Adding an additional layer of security to protect yourself when accessing your online accounts is another great way of guarding your online privacy. Turn on two-factor authentication for Google, Dropbox, Facebook and whatever other site offers it. For those new to this option, this means that in addition to your password, you will need to provide another form of identification to ensure you are who you say you are. Most commonly, this is a code sent to your mobile phone or generated by a smart phone app.

  1. Keep Your Software Updated

Software updates and patches are often designed to address a security vulnerability so ALWAYS install them so the bad guys can’t take advantage of security hole in your system. If it all becomes to hard, why not automate the updates?

  1. Invest in Security Software for ALL Your Devices

Installing comprehensive security software on all your devices including laptops, tablets and smartphones adds another layer of protection to your vital online information. Check out McAfee’s Total Protection software that will ensure you and your devices are protected against viruses, malware spyware and ransomware.

  1. Consider a Search Engine that Doesn’t Track Your Every Move Online

If you would prefer that your search engines didn’t collect and store the information you enter then consider an alternative ‘privacy focussed’ search engine. Check out DuckDuckGo that doesn’t profile users or track or sell your information to third parties.

  1. Delete All Cookies

Cookies are another way your online activity can be tracked. While some are harmless and used to simply remember things about you such as your login information and language, others known as  tracking cookies remain permanently constantly gathering information about your behaviour and what you click on. So, let’s get rid of them! Head into your web browser’s Privacy settings and clean them out.

So, let’s get our online privacy under control this Privacy Awareness Week. But don’t forget about your kids and elderly relatives too! Proactively managing one’s online privacy needs to be a priority for everyone. Why not start a conversation at the dinner table? Perhaps give the family a daily privacy related task every day during Privacy Awareness Week? For example:

Monday – Clean up your passwords or set up a Password Manager

Tuesday –  Research a VPN

Wednesday – Set up 2 factor authentication

Thursday – Ensure all your software is up to date and set up auto-updates where possible

Friday – Research privacy focussed search engines and delete all cookies

Over to you mums and dads. Would love to hear how you go.

Alex xx

 

 

The post Privacy Awareness Week 2019 – Are You In The Dark About Your Online Privacy? appeared first on McAfee Blogs.

Avoid a Security Endgame: Learn About the Latest “Avengers” Scam

Marvel Studio’s $2.2 billion box-office hit “Avengers: Endgame” has quickly risen to the second-highest grossing film of all time in its first two weekends. Not surprisingly, cybercriminals have wasted no time in capitalizing on the movie’s success by luring victims with free digital downloads of the film. How? By tempting users with security shortcuts so they can watch the film without worrying about spoilers or sold-out movie tickets.

When a victim goes to download the movie from one of the many scam sites popping up around the web, the streaming appears to begin automatically. What the user doesn’t know is that the footage being streamed is just from the movie’s trailer. Soon after, a message pops up stating that the user needs to create an account to continue with the download. The “free” account prompts the user to create a username and password in advance, which could potentially be useful for cybercriminals due to the common practice of password reuse. Once a victim creates an account, they are asked for billing information and credit card details in order to “verify location” and make sure the service is “licensed to distribute” the movie in the victim’s region. These crooks are then able to scrape the victim’s personal and financial data, potentially leading to online account hacks, stolen funds, identity theft, and more.

Luckily, Marvel fans can protect their online data to avoid a cybersecurity endgame by using the following tips:

  • Look out for potential scam activity. If it seems too good to be true, then it probably is. Be wary of websites promising free movie downloads, especially for movies that are still in theaters.
  • Shield your financial data. Be suspicious of “free downloads” that still require you to fill out billing information. If an unknown website asks for your credit card information or your bank account data, it’s best to avoid the site altogether.
  • Make sure your credentials are unique. With this scam, threat actors could use the login credentials provided by the victim to access their other accounts if they didn’t have a unique login. Avoiding username and password reuse makes it a lot harder for cybercriminals to hack into your other online accounts if they gain access to one.
  • Assemble a team of comprehensive security tools. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links and will warn you in the event that you do accidentally click on something malicious.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Avoid a Security Endgame: Learn About the Latest “Avengers” Scam appeared first on McAfee Blogs.

How to Secure your PC after a Fresh Windows Installation [Updated 2019]

 

You chose to install Windows operating system on your computer or, maybe, for various technical reasons, you had to reinstall it. No matter your reasons, it’s important to keep in mind various security layers after this procedure, so your computer is safe from threats.

How to secure your PC after a fresh Windows installation

After finishing the Windows installation, whether it’s Windows 7, 10 or another operating system, we encourage you to follow these security measures below to enhance protection:

1. Keep your Windows operating system up to date

Probably the most important step to do is checking for the latest security updates and patches available for your Windows operating system.

To get the security updates automatically, go to “Control Panel” and check if your automatic updating system is enabled or follow these steps:

  1. Access the search box in your Windows operating system, type Windows Update.
  2. Select Advanced options.
  3. Click on Automatically download updates in case it is not already selected/turned on.

After checking for available updates for your Windows operating system, keep the automatic update turned on in order to download and install the important updates that can help protect your PC against new viruses or next-generation malware.

Always remember to keep your OS up to date with the latest security available. Software patching remains an essential key to improve online safety and security experts make a good case of emphasizing its importance. Cybercriminals still try to benefit from security holes found in users’ systems and PCs. That’s one of the reasons why cyber attacks still work and they make a lot of money of it.

 2. Update your software

You don’t have to update only the Windows operating system, but your software as well. Therefore, make sure all the latest updates and security patches for your main programs and apps are installed.

Needless to say that most popular pieces of software (such as Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader), especially the outdated ones, are always under threat from malicious actors who exploit them to get easier access to your sensitive data.

Since these pieces of software are always under threat from criminal minds, don’t just rely on your memory to manually update every program or application you have installed.

A better option would be to start using a dedicated cyber security solution for you and keep your software program up to date.

3. Create a restore point

If you already installed the security updates for Windows OS, the next step recommended is to create a restore point in Windows.

You can do this by clicking on the Start button, then select Control Panel -> System and Maintenance (or System and Security) -> System. Then select System protection and click the Create button.

After installing Windows, you can create the Restore Point and name it Clean installation, and continue installing drivers and applications.

If one of the drivers causes issues on the system, you can always go back to the Clean installation restore point.

system_restore

 4. Install a traditional antivirus product

When you consider installing an antivirus program on your PC, make sure you use one from a legitimate company, because there can be fake software programs out there. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update, and a firewall.

To find the best antivirus that suits your needs, read this ultimate guide that will teach you more about antiviruses, its main features and what should you look for.

If you choose to install a security product that doesn’t have a firewall, make sure you have turned on the Windows firewall.

To turn it on, go to Control Panel, select System and Security, then Windows Defender Firewall and turn it on or off.


Super useful guide on how to secure your PC after a fresh Windows installation:
Click To Tweet


5. Install a proactive security solution for multi-layered protection

On our blog, we explained on many occasions why traditional antivirus is no longer the go-to solution, simply because it cannot keep up with the rise of new and advanced online threats. Financial malware especially is created to steal sensitive data and confidential information and it uses sophisticated methods to do so.

Next-gen malware usually has the ability to evade detection and bypass antivirus software that users have installed on their PCs to keep their data safe. We recommend reading these 12 examples of spam campaigns behind the scenes indicating a low detection rate for AV engines during the first stages of a cyber attack.

With the help of a proactive cybersecurity solution, you get the best protection against financial and data-stealing malware, such as Zeus or Cryptolocker.

To improve the financial control of your online banking account, you can always set banking alerts to track your account activity and apply these simple and effective financial protection tips.

 

6. Back up your system

You updated the operating system and your system applications, you have installed additional security products for your system safe and even created a Clean installation restore point for your Windows.

The steps above are meant to keep you safe from malicious software and online threats, but you may still encounter hardware issues that could endanger your private information.

To make sure your data stays safe, you should be using a twofold strategy, which should include combining an external hard drive usage with an online backup service.

We need to emphasize the importance of having a backup solution which provides stability (look for a big company name), it’s easy to use (so you won’t have a headache backing up from files), allows you to synchronize your files with the online backup servers and provides some sort of security, such as encryption capabilities.

Online Backup

Our guide on how to do a data backup includes more information on most popular backup solutions available and what the best ways to keep your data safe are.

At the same time, you could simply use your Windows Backup system. To set it up, access your Windows Control Panel and then click Backup and Restore to access the location. From this place, you can set an automatic backup, create a schedule and even choose a network location for your backup files.

7. Use a standard user account

Windows provides a certain level of rights and privileges depending on what kind of user account you have. You may use a standard user account or an administrator user account.

To secure your PC, it is recommended to have a standard account to prevent users from making changes that affect everyone who uses the computer, such as deleting important Windows files necessary for the system.

With a Standard user account, you have limited rights and cannot do things like changing system settings, or installing new software apps, hardware or changing the username and passwords. Here’s why you should use an account like this one and how to create it.

If you want to install an application or make security changes, remember that you will need an administrator account.

We also recommend that you set a strong password for your Windows user account.

Use this security guide that will help you set unique and strong passwords and manage them like an expert.

Top Security Tip:
Using a standard account ensures that a piece of malware which infects a limited-user account won’t do much damage as one infecting an administrator account.

Windows account

8. Keep your User Account Control enabled

User Account Control (UAC) is an essential security feature of Windows that prevents unauthorized changes to the operating system. Many users have the tendency to disable it after installing/reinstalling the Windows operating system.

We don’t recommend to turn it off. Instead of disabling the UAC, you can decrease the intensity level using a slider in the Control Panel.

UAC monitors what changes are going to be made to your computer. When important changes appear, such as installing a program or removing an application, the UAC pops up asking for an administrator-level permission.

In case your user account is infected with malware, UAC helps you by keeping suspicious programs and activities from making changes to the system.

 

UAC

 

9. Secure your web browser before going online

Here’s another thing to do after installing Windows: pay attention to browser security. Since our web browser is the main tool used to access the Internet, it is important to keep it safe before going online.

The vulnerabilities in your web browser are like open door invitations to cybercriminals who find creative ways to harvest your most important data. For example, if you are using Adobe Flash, be aware of its security flaws and how it can expose you to attacks.

To stay safe while accessing various web pages, follow these steps:

  1. Choose the latest version for your browser.
  2. Keep it updated.
  3. Choose a private browsing session when you access a website you are not sure about. Choosing this mode will prevent authentication credentials (or cookies) from being stored and steal by attackers.
  4. Since data-stealing malware spreads through malicious code embedded in pop-up windows even in legitimate websites, make sure your web browser can block pop-ups:

And there’s, even more, you can do. Use these step-by-step instructions to enjoy the best secure browsing.


On my next Windows install, I’ll follow these security tips to improve my data safety:
Click To Tweet


10. Use an encryption software tool for your hard drive

Even if you set a password to your Windows account, malicious actors can still get unauthorized access to your private files and documents. They can do this by simply booting into their own operating system – Linux, for example – from a special disc or USB flash drive.

A solution for this case is to encrypt your hard drive and protect all your sensitive files. It is recommended to use this level of security if you have a laptop, which can be very easily stolen. The same thing applies to a computer.

A free encryption tool you can use is BitLocker, which is available on the latest Windows operating systems and you can enable it at any moment. Even after you have enabled the BitLocker protection, you won’t notice any difference because you don’t have to insert anything else but your normal Windows user account password. The benefits of using this encryption tool:

  • It encrypts your entire drive, which makes it impossible for malicious actors stealing your laptop to remove the hard drive and read your files.
  • It’s also a great encryption software if it happens to lose your PC/laptop or get it stolen.
  • Easy to use and already integrated into your Windows OS, so there’s no need to add another encryption software.

If you’d rather want to use another solution, here’s a full list of encryption software tools you can choose to protect your data.

 11. Be careful online and don’t click on suspicious links

To make sure you won’t be infected by clicking on dangerous links, hover the mouse over the link to see if you are directed to a legitimate location. If you were supposed to reach your favorite news website, such as “www.cnn.com”, but the link indicates “hfieo88.net“, then you probably shouldn’t access it. Chances are you’ll be infected with malware and cybercriminals steal your sensitive data.

It’s worth trying shortening services, such as goo.gl or tinyurl. But in some cases, an unknown link may send you to a malicious site that can install malware on the system.

So, how can you know where you’ll arrive if you click it?

To make sure you are going to the right direction, use a free tool such as Redirect Detective that will allow you to see the complete path of a redirected link. Another tool which can provide very helpful in checking suspicious links is the reliable URL checker, VirusTotal.

For more information on how to maximize your financial data protection, check out this article.

 Conclusion

It’s not just about staying safe. 

This guide above is meant to keep you safe online. But, at the same time, following these security measures mean that you also set up your system to work smoothly for online browsing and financial operations, activities you do every day.

Since there are many other solutions to protect a system after a Windows installation, we would like to know your opinion on this.

How do you increase your security after a Windows installation?
Do you have a particular routine?
We’d love to add your tips to the list, so share them in the comments below.

Spend time with your family, not updating their apps!
Thor Foresight Home anti malware and ransomware protection heimdal security
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Thor FREE

The post How to Secure your PC after a Fresh Windows Installation [Updated 2019] appeared first on Heimdal Security Blog.

GDPR and Data Breach Risks: An Interview with Bogdan Manolea of ApTI

May 2018 brought on the mandatory implementation of GDPR regulations for Europe, but, de facto, for the entire world since European users can freely roam across the internet of pretty much all countries.

Much to the fretting of virtually everyone else around the world, lots of companies and websites located outside of EU had to review and restructure not just the text from their privacy policies, but their actual data collection practices.

GDPR One Year Later: An Interview with Bogdan Manolea

Now, a year later, on the law’s 1st anniversary since its implementation, I decided to have a talk with someone who understands much more about it than me, namely with Bogdan Manolea from the Romanian Association for Technology and Internet (APTI) and from Trusted.ro (the 3rd party seal of approval for e-commerce websites, vouching for their safety and honesty following independent tests).

bogdan manolea from apti

Bogdan Manolea delivering a conference talk. Photo credit: CristalStudio.ro

He doesn’t like the word expert, but I don’t really know how to introduce him avoiding the word. Let’s just say he’s the first person who comes to my mind whenever I have some issues and doubts regarding digital rights in general (not just the very recent GDPR).

Here’s what we talked about and what his answers were. [The interview was a bit edited for length and clarity.]

1. As a GDPR expert, what’s your take on how this law was implemented in Europe and beyond, now, almost one year later since its principles became enforced?

First, I hate the words “GDPR expert”. I don’t understand how you can be an expert in a law that was adopted three years ago and it started to be implemented one year ago. This is just marketing bullshit, IMHO.

Moreover, the truth is that data protection existed for a long time in Europe as a specific domain and the Council of Europe Convention 108 on automatic processing of personal data exists from 1981. Even the first EU directive exists from 1995.

So, the fact that some media picked up the subject only recently or that companies have become much more aware since the huge fines from GDPR were advertised, that is just their problem.

But the concern for privacy and personal data protection, including specific legislation on the matter, have existed in Europe for decades. Even the principles are almost the same from 1981.

The need for a law more in line with the digital processing of personal data has been discussed for years and the digital rights groups from Europe (including myself from APTI in Romania) have been active in pinpointing the limits of the previous directive from 1995 and asking for a better legislation that is unique at the entire EU space level. This is why GDPR was adopted in 2016 and it started being applied in 2018.

So the principles should have been enforced for some time, actually. The fact that we are still discussing how companies are implementing the data protection principles after decades of laws in this domain shows us that the legislation was basically inefficient, to a large extent.

2. Do you think companies have mostly adapted to this new framework, by and large? Have you noticed a great array of differences between various categories of businesses implement GDPR? For example, companies from a certain niche versus others in a different niche, or based on company size, or on their location?

It would be almost impossible for one person to have a pan-European overview of how GDPR was implemented so far. The situation depends on so many factors – size, niche, location, country, compliance with previous legislation, the quantity of data collected, etc.

From my empiric evidence, there is a huge wide range of compliance – from a high level of compliance in multinationals that are more used to compliance mechanisms and new regulations, especially if they come from countries with traditional strong data protection regimes (e.g. Germany) to no compliance at all in SMEs [n. a – Small to Medium Enterprises] that do not use digital tools and are in one of the countries where the DPA (Data Protection Authority) is very weak in its enforcement.

3. So what would be in your opinion the good and bad in GDPR implementation so far?

The good thing with GDPR is that it forced companies to think more (in depth) about the personal data they are collecting in order to answer the basic questions posed by GDPR (What data? How do we collect it? For what purposes? For how long? Etc.)

There are several bad things that are worrying me:

  • The risk of missing the purpose and scope of GDPR. Instead of protecting the personal data of European citizens, we might create a layer of bureaucracy which does little for achieving this aim;
  • The absolute need for simplification and guidance for SMEs in understanding the exact steps to be done for compliance on data protection;
  • The crucial role of the DPAs in implementing the GDPR. With a dormant DPA, all the while GDPR seems like just a nice story, with no real effects.

4. What’s the no #1 mistake companies can do when it comes to preventing data breaches?

There are a lot of actions that can be done and it depends on the size of the company and the importance of the data that is being processed.

But one thing that strikes me personally, in almost all companies, as a measure that is easy to do and could save a lot of hassle later, is disk encryption by default (before booting the OS) of all mobile devices (laptops, mobile phones, and tablets).

I mean, these types of devices are being lost or stolen regularly all over the world. This is just human nature and it is very possible to happen to your company sooner or later. It’s almost impossible not to have any personal data on them. But still, very few companies have a mandatory policy of having all their mobile devices encrypted by default.

bogdan manolea from Gpec and apti

Bogdan Manolea delivering a conference talk. Photo credit: CristalStudio.ro

5. How about the no #1 mistake they may do once a data breach already occurs?

Probably to panic. 🙂

This is why it is helpful to have a data breach procedure and to test it from time to time. Especially in big companies, this should be a must.

6. I don’t mean to sound fatalistic, but do you think there’s a certain unavoidable component to data breaches in this new law framework? Can a company avoid penalties with a certainty of 100% through preparation? I, for one, certainly hope so & think so, but I think there are a lot of defeatist voices among company reps having a hard time adapting to the new rules.

Of course, it is unavoidable. The question about data breaches is when it will happen, not if it will happen. If it never happens, then you’re very, very lucky or you just don’t know about it.

But this is why if you report a data breach, it doesn’t automatically mean that you will be fined. Look at the numbers compiled by our colleagues from civil society (based on FoI requests to DPAs) from all over the EU and you will see this is true. But it also shows that probably the level of reporting is very different from one country to another.

You can see the table of facts and figures here.

So, in Romania, for example, by March 2019 there were reported 414 data breaches and, as far as we know, there wasn’t any fine yet.

7. Do you know if the position of Data Protection Officer was actually created within companies, on a significant scale? As in, did companies really hire a person to fulfill this role alone, without other ‘merry weather’ responsibilities?

First, let me emphasize again that not all companies need a DPO. The art 37 of the GDPR makes it clear that only in two situations private companies must employ a DPO:

(b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offenses referred to in Article 10.

Also, the DPO can be external, you don’t have to have an internal staff role for this.

Moreover, GDPR doesn’t say that it must do only that – however, it is worth emphasizing that a DPO may have other tasks that are in a conflict of interest with this position – for details see Art 29 with regards to DPOs – Chapter 3.5.

8. What do you think of the new laws the US authorities are striving to adopt soon regarding data protection? I know there are some debates within the US to adopt new laws, but EU representatives are a bit critical of American efforts so far.

I haven’t followed the topic too closely, but I can point out is that EU is actually the most advanced globally in the field of data protection legislation, so it starts to “export” this legislation in several other areas, not just to the US.

Also, I think that California, with this act, may be more advanced than other US states in these activities.

9. What’s your no #1 advice to companies trying to navigate the post-GDPR framework of digital consumer rights?

From a privacy advocate perspective, I think there are two basic things all companies should do:

  • Do an analysis on what data you collected and if you can live without it (thinking about your users and their rights, not with the idea “it might be helpful in the future, who knows?”). This is part of the “data minimization” direction within GDPR and if you do it properly you can actually collect less data (renouncing those bits that might have been collected for an unclear purpose anyway.)
  • Keep your users informed about what you do with their data. Article 29WP has a pretty simple table as an Annex to their Opinion on transparency, which is a great guide.

For Romanian readers, I’ve written a very user-friendly guide here, on the topic of protecting yourself from conflicts with your consumers over data privacy.

10. Finally, do you have a remarkable data breach story to share, one which we could all learn a bit from? What’s the most interesting/crazy/serious/impressive case of data breach fulfilled (or averted) that you heard of?

What is remarkable for me is the long history of Facebook data breaches from the past couple of years (see the latest), some with ridiculous mistakes (Plaintext passwords? Really?) and how they got away with it. So far, at least…

Thank you, Bogdan, for your time and answers.

The post GDPR and Data Breach Risks: An Interview with Bogdan Manolea of ApTI appeared first on Heimdal Security Blog.

Here are the Top Online Scams You Need to Avoid Today [Updated 2019]

We truly want to believe that the Internet is a safe place where you can’t fall for all types of online scams, but it’s always a good reminder to do a “reality check”. We, humans, can become an easy target for malicious actors who want to steal our most valuable personal data.

Criminal minds can reach these days further than before, into our private lives, our homes and work offices. And there is little we can do about it. Attack tactics and tools vary from traditional attack vectors, which use malicious software and vulnerabilities present in almost all the programs and apps (even in the popular Windows operating systems), to ingenious phishing scams deployed from unexpected regions of the world, where justice can’t easily reach out to catch the eventual perpetrators.

According to a report from the Federal Trade Commission (FTC), millennials are particularly more vulnerable to online scams than seniors, as shocking as it may seem. The research finds that “40 percent of adults age 20-29 who have reported fraud ended up losing money in a fraud case”.

Here are the findings of a report about financial scams

Source: Federal Trade Commision

For this reason, we need to know what are the most popular techniques malicious actors are using to get unauthorized access to our private information and financial data.

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

We must not forget their final target is always our money and there is nothing they won’t do to accomplish their mission.

Use the links below to quickly navigate the list of online scams you need to stay away from right now.

Phishing email scams
The Nigerian scam
Greeting card scams
Bank loan or credit card scam
Lottery scam
Hitman scam
Romance scams
Fake antivirus software
Facebook impersonation scam (hijacked profile scam)
Make money fast scams (Economic scams)
Travel scams
Bitcoin scams
Fake news scam
Fake shopping websites
Loyalty points phishing scam
Job offer scams
SMS Scaming(Smshing)
Overpayment Online Scam
Tech Support Online Scams

1. Phishing email scams

More than one third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new report from F-Secure.

Phishing scams continue to evolve and be a significant online threat for both users and organizations that could see their valuable data in the hands of malicious actors.

The effects of phishing attacks can be daunting, so it is essential to stay safe and learn how to detect and prevent these attacks.

Phishing scams are based on communication made via email or on social networks. In many cases, cyber criminals will send users messages/emails by trying to trick them into providing them valuable and sensitive data ( login credentials – from bank account, social network, work account, cloud storage) that can prove to be valuable for them.

Moreover, these emails will seem to come from an official source (like bank institutions or any other financial authority, legitime companies or social networks representatives for users.)

This way, they’ll use social engineering techniques by convincing you to click on a specific (and) malicious link and access a website that looks legit, but it’s actually controlled by them. You will be redirect to a fake login access page that resembles the real website. If you’re not paying attention, you might end up giving your login credentials and other personal information.

We’ve seen many spam email campaigns in which phishing were the main attack vector for malicious criminals used to spread financial and data stealing malware.

In order for their success rate to grow, scammers create a sense of urgency. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access as soon as possible a site where you must insert your credentials in order to confirm your identity or your account.

After you fill in your online banking credentials, cyber criminals use them to breach your real bank account or to sell them on the dark web to other interested parties.

Here’s an example of a sophisticated email scam making the rounds that you should be very careful.

An example of phishing scam

Source: News.com.au

Use this complete guide on how to detect and prevent phishing attacks (filled with screenshots and actionable tips) to better fight these attacks.

2. The Nigerian scam

Probably one of the oldest and most popular Internet scam used mostly by a member of a Nigerian family with wealth to trick different people. It is also known as “Nigerian 419”, and named after the section of Nigeria’s Criminal Code which banned the practice.

A typical Nigerian scam involves an emotional email, letter, text message or social networking message coming from a scammer (which can be an official government member, a businessman or a member of a very wealthy family member – usually a woman) who asks you to give help in retrieving a large sum of money from a bank, paying initially small fees for papers and legal matters. In exchange for your help, they promise you a very large sum of money.

They will be persistent and ask you to pay more and more money for additional services, such as transactions or transfer costs. You’ll even receive papers that are supposed to make you believe that it’s all for real. In the end, you are left broke and without any of the promised money.

Here’s how a Nigerian scam could look like:

one of the most common online scamsSource: MotherJones.com

3. Greeting card scams

Whether it’s Christmas or Easter, we all get all kind of holiday greeting cards in our email inbox that seem to be coming from a friend or someone we care.

Greeting card scams are another old Internet scams used by malicious actors to inject malware and harvest users’ most valuable data.

If you open such an email and click on the card, you usually end up with malicious software that is being downloaded and installed on your operating system. The malware may be an annoying program that will launch pop-ups with ads, unexpected windows all over the screen.

If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. If this happens, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.


I never thought cyber criminals could be so creative! Check out these online scams to stay away from
Click To Tweet


To keep yourself safe from identity theft and data breach, we recommend using a specialized security program against this type of online threats.

To find out more information about financial malware, read this article. And here’s how you can tell if your computer was infected with malware.

Another common Internet scamSource: The Beacon Bulletin

4. Bank loan or credit card scam

People can be easily scammed by “too good to be true” bank offers that might guarantee large amounts of money and have already been pre-approved by the bank. If such an incredible pre-approved loan is offered to you, ask yourself:

“How is it possible for a bank to offer you such a large sum of money without even checking and analyzing your financial situation?”

Though it may seem unlikely for people to get trapped by this scam, there’s still a big number of people who lost money by paying the “mandatory” processing fees required by the scammers.

Here are 9 warning signs and sneaky tactics to watch out and avoid becoming a business loan scam.

As regards to credit card scams, a recent report from the Identity Theft Resources Center said that the number of credit and debit card breaches have been on the rise last year. To better safeguard your data and prevent thieves from getting access to your payment card details, consider:

  • Watching your accounts closely and monitor your online transactions;
  • Taking advantage of free consumer protection services;
  • Signing up for free credit monitoring.

Source: ChaffeurDriven.com

5. Lottery scam

This is another classic Internet scam which doesn’t seem to get old. A lottery scam comes as an email message informing you that you won a huge amount of money and, in order to claim your prize or winnings, you need to pay some small fees.

Lucky you, right?! It doesn’t even matter that you don’t recall ever purchasing lottery tickets.

Since it addresses some of our wildest fantasies, such as quitting our jobs and living off the fortune for the rest of our lives, without ever having to work again, our imagination falls prey easily to amazing scenarios someone can only dream of.

But the dream ends as soon as you realize you have been just another scam victim. DO NOT fall for this online scam and have a look at this checklist to see if you are getting scammed.

This is an example of a lottery scamSource: Ripandscam.com

6. Hitman scam

One of the most frequent Internet scams you can meet online is the “hitman” extortion attempt. Cyber criminals will send you an email threatening to extort money from you. This type of online scam may come in various forms, such as the one threatening that they will kidnap a family member unless a ransom is paid in a time frame provided by the scammers.

To create the appearance of a real danger, the message is filled with details from the victim’s life, collected from an online account, a personal blog or from a social network account.

That’s why it’s not safe to provide any sensitive or personal information about you on social media channels. It might seem like a safe and private place, where you’re only surrounded by friends, but in reality you can never know for sure who’s watching you.

Also,it’s better to be a little bit paranoid and protect all your digital assets like everyone is watching. Here’s how a Hitman scam looks like:

7. Online dating (romance) scams

As the Internet plays an important role in our social lives, with apps like Facebook or Instagram we access everyday, it’s inevitable to use apps to look for love as well.

Online dating apps are very popular these days and they are a great way to meet your future life partners. I have actually an example with a friend of mine who was lucky enough to find her future husband on a dating site.

But not all scenarios have a “happy end” like this one, and you need to be very careful, because you never know who can you meet.

A romance scam usually takes place on social dating networks, like Facebook, or by sending a simple email to the potential target, and affect thousands of victims from all over the world.

The male scammers are often located in West Africa, while the female scammers are mostly from the eastern parts of Europe.

Cyber criminals have abused this scamming method for years by using the online dating services. They improved their approach just by testing the potential victims’ reactions.

According to a research published in the British Journal of Criminology last month, the techniques (and psychological methods) used by scammers in online romance scams are similar with those used in the domestic violence cases.

To avoid becoming a victim of these Internet scams, you need to learn how to better protect yourself.

Knowing that hundreds of women and men from all over the globe are victims of this online scams, we recommend using these security tips for defensive online dating, including warning signs that could help you from becoming an easy target.

I would also recommend reading these real stories and learn from them, so you don’t fall for these online scams:

 

8. Fake antivirus software

We all saw at least once this message on our screens: “You have been infected! Download antivirus X right now to protect your computer!

Many of these pop-ups were very well created to look like legitimate messages that you might get from Windows or any other security product.

If you are lucky, there is nothing more than an innocent hoax that will bother you by displaying unwanted pop-ups on your screen while you browse online. In this case, to get rid of the annoying pop-ups, we recommend scanning your system using a good antivirus product.

If you are not so lucky, your system can end up getting infected with malware, such as a Trojan or a keylogger. This kind of message could also come from one of the most dangerous ransomware threats around, such as CryptoLocker, which is capable of blocking and encrypting your operating system and requesting you a sum of money in exchange for the decryption key.

To avoid this situation, we recommend enhancing your online protection with a  specialized security product against financial malware, and complement your traditional antivirus program.

Also, make sure you do not click on pop-up windows that annoyingly warn you’ve been infected with virus. Remember to always apply the existing updates for your software products, and install only legitimate software programs from verified websites.

If you’ve been infected, you can use an antimalware tool such as Malwarebytes to try removing the malware infection or pay attention to these warning signs and learn how to find a doable solution.

9. Facebook impersonation scam (hijacked profile scam)

Facebook. Everyone is talking about it these days, and the scandal about Cambridge Analytica firm harvesting personal data taken from millions of this social media channel without users’ consent.

It’s still the most popular social media network where everyone is active and use it on a daily basis to keep in touch with friends and colleagues. Unfortunately, it has become also the perfect place for online scammers to find their victims.

Just imagine your account being hacked by a cyber criminal and gaining access to your close friends and family. Nobody wants that!

Since it is so important for your privacy and online security, you should be very careful in protecting your personal online accounts just the way you protect your banking or email account.

Facebook security wise, these tips might help you stay away from these online scams:

  • Do not accept friend requests from people you don’t know
  • Do not share your password with others
  • When log in, use two-factor authentication
  • Avoid connecting to public and free Wi-Fi networks
  • Keep your browser and apps updated
  • Add an additional layer of security and use a proactive cyber security software.

To enhance your online privacy, I recommend reading our full guide on Facebook security and privacy.

facebook-scam

10. Make money fast scams (Economic scams)

Cyber criminals will lure you into believing you can make money easy and fast on the internet. They’ll promise you non-existent jobs, including plans and methods of getting rich quickly.

It is a quite simple and effective approach, because it addresses a basic need for money, especially when someone is in a difficult financial situation.

This scamming method is similar to the romance scam mentioned above, where the cyber attackers address the emotional side of victims. The fraudulent posting of non-existent jobs for a variety of positions is part of the online criminals’ arsenal.

Using various job types, such as work-at-home scams, the victim is lured into giving away personal information and financial data with the promise of a well paid job that will bring lots of money in a very short period of time.

Read and apply these ten tips that can help you avoid some of the most common financial scams.

this is how a financial scam looks likeSource: Makerealmoneyonlinefree.com

11. Travel scams

These scams are commonly used during hot summer months or before the short winter vacations, for Christmas or New Year’s Day.

Here’s how it happens: you receive an email containing an amazing offer for an exceptional and hard to refuse destination (usually an exotic place) that expires in a short period of time which you can’t miss. If it sounds too good to be true, it might look like a travel scam, so don’t fall for it!

The problem is that some of these offers actually hide some necessary costs until you pay for the initial offer. Others just take your money without sending you anywhere.

In such cases, we suggest that you study carefully the travel offer and look for hidden costs, such as: airport taxes, tickets that you need to pay to access a local attraction, check if the meals are included or not, other local transportation fees between your airport and the hotel or between the hotel and the main attractions mentioned in the initial offer, etc.

As a general rule, we suggest that you go with the trustworthy, well known travel agencies. You can also check if by paying individually for plane tickets and for accommodation you receive the same results as in the received offer.

If you love to travel, you can easily fall prey to airline scams by simply looking for free airline tickets. Airline scams are some of the most popular travel scams, and we recommend applying these valuable tips.

travel

12. Bitcoin scams

If you (want to) invest in Bitcoin technology, we advise you to be aware of online scams. Digital wallets can be open to hacking and scammers take advantage of this new technology to steal sensitive data.

Bitcoin transactions should be safe, but these five examples of Bitcoin scams show how they happen and how you can lose your money.

The most common online scams to watch out for:

  • Fake Bitcoin exchanges
  • Ponzi schemes
  • Everyday scam attempts
  • Malware

Here’s how you can spot a Bitcoin scam and how to stay safe online.

Source: Express.co.uk

13. Fake news scam

The spread of fake news on the Internet is a danger to all of us, because it has an impact on the way we filter all the information we found and read on social media. It’s a serious problem that should concern our society, mostly for the misleading resources and content found online, making it impossible for people to distinguish between what’s real and what is not.

We recommend accessing/reading only reliable sources of information coming from friends or people you know read regular feeds from trusted sources: bloggers, industry experts, in order to avoid fake news.


If it seems too good to be true, it’s most likely a scam. Take a look over these online scams
Click To Tweet


This type of scam could come in the form of a trustworthy website you know and often visit, but being a fake one created by scammers with the main purpose to rip you off. It could be a spoofing attack which is also involved in fake news, and refers to fake websites that might link you to a buy page for a specific product, where you can place an order using your credit card.

To avoid becoming a victim of online scams, you can use tech tools such as Fact Check from Google or Facebook’s tool aimed at detecting whether a site is legitimate or not, analyzing its reputation and data.

Cyber security experts believe that these Internet scams represent a threat for both organizations and employees, exposing and infecting their computers with potential malware.

Source: Opportunitychecker.com

14. Fake shopping websites

We all love shopping and it’s easier and more convenient to do it on the Internet with a few clicks. But for your online safety, be cautious about the sites you visit. There are thousands of websites out there that provide false information, and might redirect you to malicious links, giving hackers access to your most valuable data.

If you spot a great online offer which is “too good to be true”, you might be tempting to say “yes” instantly, but you need to learn how to spot a fake shopping site so you don’t get scammed.

We strongly recommend reading these online shopping security tips to keep yourself safe from data breaches, phishing attacks or other online threats.

Source: Originalo.de

15. Loyalty points phishing scam

Many websites have a loyalty program to reward their customers for making different purchases, by offering points or coupons. This is subject to another online scam, because cyber criminals can target them and steal your sensitive data. If you think anyone wouldn’t want to access them, think again.

The most common attack is a phishing scam that looks like a real email coming from your loyalty program, but it’s not. Malicious hackers are everywhere, and it takes only one click for malware to be installed on your PC and for hackers to have access to your data.

As it might be difficult to detect these phishing scams, you may find useful this example of a current phishing campaign targets holders of Payback couponing cards, as well as some useful tips and tricks to avoid being phished.

Source: G Data Security Blog

16. Job offer scams

Sadly, there are scammers everywhere – even when you are looking for a job – posing as recruiters or employers. They use fake and “attractive” job opportunities to trick people.

It starts with a phone call (or a direct message on LinkedIn) from someone claiming to be a recruiter from a well-known company who saw your CV and saying they are interested in hiring you. Whether you’ve applied or not, the offer might be very appealing, but don’t fall into this trap.

To protect yourself from job offer scams, it’s very important to:

  • Do a thorough research about the company and see what information you can find about it;
  • Check the person who’s been contacted you on social media channels;
  • Ask for many details and references and check them out;
  • Ask your friends or trustworthy people if they know or interacted with the potential employer.

To avoid these types of online job scams, check this article.

Source: Drexel.edu

17. SMS Scaming (Smshing)

Smartphones. You can’t live without them in the era of Internet. They’ve become essential for communication, online shopping, banking or any other online activity.

Needless to say the amount of data we store on our personal devices which make them vulnerable to cyber criminals, always prepared to steal our online identities or empty our bank accounts.

Smishing (using SMS text messages) is a similar technique to phishing, but, instead of sending emails, malicious hackers send text messages to their potential victims.

How this happens? You receive an urgent text message on your smartphone with a link attached saying that it’s from your bank and you need to access it in order to update your bank information, or other online banking information.

Be careful about these SMS you receive and don’t click on suspicious links that could redirect to malicious sites trying to steal your valuable data. These useful tips can help you easily spot these types of online scams.

Source: Malwarebytes Labs

18. Overpayment Online Scam

If you are considering selling different items on specialized online sites, we strongly recommend watching out for overpayment scam.

A typically overpayment online scam like this works by getting the potential victim “to refund” the scammer an extra amount of money because he/she send too much money. The offer will often be quite generous and bigger than the agreed price. The overpay (extra money) is to cover the costs of shipping or certain custom fees.

One such story can unfold right now and can happen to each of you. This happened to one of our Heimdal Security team members. After smiling a bit and seeing the method, we did realize that’s a common online scam and we had to share it with you. Also, we included a few security tips and actionable advice to prevent falling prey to overpayment online scam.

Our colleague posted a sofa for sale on a Danish site called dba.dk which is a sort of a flea market online. After a few days, he received a message from a person claiming to be interested in the item and willing to pay more than the price offered, via PayPal account.

Here’s how a scam email looks like in which the malicious person asks for personal information to transfer the money.

Also, here’s the confirmation email coming from the scammer which shows that he paid an extra amount for the sofa, including extra shipping fees and MoneyGram charges the extra fee for transportation.

After that, he also got another email saying that he needs to refund the extra amount of money, including the shipping and transportation charges to a certain shipping agent via MoneyGram transfer.

Here’s how the phishing email looks like that you should be very careful and don’t fall for it:

Follow these security tips to protect yourself from overpayment online scam:

  • If you notice a suspicious email coming from untrusted source or something out of ordinary, you should report it as soon as possible.
  • If you receive a similar email like the one our colleague got, do not transfer extra money to someone you don’t know, especially if he/she wants to overpay. A legitimate buyer won’t do that.
  • Also, do not transfer money to a fake shipping company or some private shipping agent, because it’s part of scam and you need to be very careful.
  • Do not provide personal information to people who don’t show a genuine interest in buying your item.
  • Do not send the product to the buyer until the payment was completed and received in your bank account.

19. Tech Support Online Scams

Here’s another online scam that is common and you need to be extra careful. The next time your smartphone rings and you don’t know the number, think twice before answering. Maybe it’s not your friend on the other end of the phone, maybe it’s the scammer!

According to a recent report “nearly half of all cellphone calls next year will come from scammers”, so we need to learn how to better detect and prevent such malicious actions coming from skilled persons.

Tech support scams are very common and widespread these days. Scammers use various social engineering techniques to trick potential victims into giving their sensitive information. Even worst, they try to convince potential victims to pay for unnecessary technical support services.

These tech “experts” pretend to know everything about your computer, how it got hacked and many other details that help them gain your trust and convince victims to fall prey for their scams.

A scenario like this can happen as we write this, and one of our Heimdal Security team members recently got a phone scam call. While we got amused by the conversation he had with the person pretending to work for an Indian tech support company, we realized it can happen to anyone which can become an easy target.

What happened?

The person, pretending to be the representative of a software company and experienced one, is informing our colleague that his computer got hacked by cybercriminals, and offers to guide him and solve this urgent problem.

With poor English skills, he gives details about the serial number of the computer, and provide guidance to access the unique computer ID, trying to misrepresent normal system as having serious issues. After a few minutes, the call is transferred to another tech representative who informs our colleague that they detected unusual activity going through his computer. He’s been told that multiple attempts have been seen on the PC in which hackers tried to get unauthorized access to his computer.

Our colleague detected this as being scam and didn’t go along with it, but for someone without technical knowledge, it may not be so easy to spot.

You can listen to this call here:

If someone else would have fallen prey for this online scam, things would have gone even further. The so-called tech scammers could persuade the potential victim to give them remote access to the system. To “help” the victim, scammers mention about additional software that are required to be installed and victims need to pay for these software victims, hence, provide credit card details. You can find out more info here

How to avoid getting scammed by tech support “specialists”

To avoid becoming an easy target of these sneaky tech support scammers, we strongly recommend following these basic rules:

  • Do not trust phone calls coming from people pretending to come from tech “experts”, especially if they are requesting for personal or financial information;
  • DO NOT PROVIDE sensitive data to them or purchase any software services scammers may suggest you as a solution to fix your tech problem.
  • DO NOT allow strangers to remotely access your computer and potentially install malicious software;
  • Make sure you download software apps and services only from official vendor sites;
  • Don’t take it for granted when a stranger calls you out of the blue, pretending to have a technical solution for your issues. Make sure you ask for proof of their identity and do a quick research about the company they are calling you from;
  • Always have an antivirus program installed on your computer, and for more protection, consider adding multiple layers of security with a proactive security solution like our Thor Premium Home, which will stop any type of online threats.
  • Have a security-first mindset and be suspicious about everything around you. Also, consider investing in education and learn as much as possible about cyber security. Here’s how you can reduce spam phone calls.

 Conclusion

Since some scams are so well organized and really convincing, and people behind them so difficult to catch, we need to always keep our guard up. Stay informed about the latest scamming strategies.

Have you met some of the above scams while browsing or in your email inbox? What were the most convincing ones?

*This article was initially published by Andra Zaharia in January 2016.”

Spend time with your family, not updating their apps!
Thor Foresight Home anti malware and ransomware protection heimdal security
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Thor FREE

The post Here are the Top Online Scams You Need to Avoid Today [Updated 2019] appeared first on Heimdal Security Blog.

The privacy paradox: why do people keep using tech firms that abuse their data? | John Naughton

Despite privacy scandals, Facebook is more profitable than ever – journalists must use the tools of tech to understand why

A dark shadow looms over our networked world. It’s called the “privacy paradox”. The main commercial engine of this world involves erosion of, and intrusions upon, our privacy. Whenever researchers, opinion pollsters and other busybodies ask people if they value their privacy, they invariably respond with a resounding “yes”. The paradox arises from the fact that they nevertheless continue to use the services that undermine their beloved privacy.

If you want confirmation, then look no further than Facebook. In privacy-scandal terms, 2018 was an annus horribilis for the company. Yet the results show that by almost every measure that matters to Wall Street, it has had a bumper year. The number of daily active users everywhere is up; average revenue per user is up 19% on last year, while overall revenue for the last quarter of 2018 is 30.4% up on the same quarter in 2017. In privacy terms, the company should be a pariah. At least some of its users must be aware of this. But it apparently makes no difference to their behaviour.

Related: Secretive hard-Brexit Facebook campaign got 1m responses

Continue reading...

Is Pornhub Safe? How to Browse Adult Websites Securely

This is a question we get asked a lot and one which is floating all over the internet too, especially on discussion forums where people can stay anonymous if they want: Is Pornhub safe? Is it a safe site to enter? We decided to address it here since we’d rather let people get their facts straight on cybersecurity directly from the industry instead of scraping for half-truths around the web.

So, is Pornhub safe to browse? What should you do and not do when browsing Pornhub? What are the cybersecurity risks associated with browsing Pornhub? Can you get viruses into your computer? How about malware? What about other adult websites, how safe are those?

What can you do to protect your computer when accessing Pornhub or other adult content websites? How about your privacy, who can see what sites you are browsing and how can you hide your activity?

We’ll answer all these questions and more, right below. Keep scrolling and learn how to stay safe when browsing Pornub and other adult websites.

Is Pornhub safe to browse for your cybersecurity?

The short answer is that no, Pornhub is not completely safe to browse, however, whenever, without taking some necessary precautions. That doesn’t mean that Pornhub is a malware or cybercriminal hub bent on causing its users harm on purpose, quite the contrary. However, there can be risks associated with browsing Pornhub which go beyond the website’s control.

Given that its popularity is so high (there were over 33.5 billion visits to Pornhub last year, according to the website’s official data) and that in many cases its visitors are not necessarily tech-savvy, it’s no wonder that Pornhub can attract cybercriminals bent on using this opportunity.

As we said, Pornhub in itself is safe and strives to stay that way, as a huge business employing lots of tech people tasked to keep the website primed. But you can still become a target for cybercriminal groups and hackers while visiting Pornhub and other adult-themed websites (especially less popular ones, with less developed security policies). This is mostly due to the ads displayed on the porn website, over which the website has little control.

Unfortunately, the prevalence of malware on porn websites is very high. According to security researcher Conrad Longmore, there’s a 53% chance of encountering malware while browsing Pornhub. Of course, security employees from Pornhub and similar websites are doing their best to keep it safe for their users and catch malware as fast as possible. But the truth remains that porn sites are still one of the most popular destinations for hackers and uploaders of malicious code.

What Are the Main Cybersecurity Risks of Pornhub?

What can these cybercriminals targeting the visitors of porn sites be after? What are the main risks you are exposed to while browsing?

#1. Computer viruses (Trojans)

Well, for one, to infect your computer with viruses. While the vast majority of viruses you can contract this way are mostly harmless, they can still slow your system significantly, as well as serve as a gateway for more dangerous stuff. These very common viruses to be found on ads displayed on porn websites can be Trojans, for the most part.

Such viruses don’t pose a huge security risk but they can make your computer slower, as well as create more vulnerabilities into your system, which can then be exploited for more dangerous malware to enter.

#2. Adware

Other viruses you can get from the ads displayed on Pornhub or similar websites are adware. This means that once they take root into your computer, they will cause more ads and spammy content to be displayed to you even if you’re not browsing Pornhub anymore.

This is not just annoying since it can also slow down your system, but it can also be privacy-infringing since the ads can be adult content related. If you share your computer with other family members, you probably don’t want indecent ads popping up when other people are using the device.

#3. Malware or Spyware

Other types of malware which you can contract from clicking ads on Pornhub or similar sites are more dangerous. The cybercriminals behind them can be after your data, and considering the nature of the content you are browsing, this can be very sensitive data related to the type of adult content you are interested in, your online behavior and so on.

Sextortion scams are very common. This is when you get an email from hackers claiming to have installed spyware into your computer and filmed you while you were browsing adult websites, recording also everything you have watched and so on. They will also tell you that unless you send them money, they will send this data to your employer, family, friends and so on.

For the most part, these claims are bogus and the hackers are just fishing for the users gullible or scared enough in order to make some easy money. But in some cases, they may be real. Don’t take that chance and make sure you stay safe, first and foremost by having your device protected by a reliable anti-malware solution.

How Safe Are Other Adult Content Websites?

What about other adult websites, besides Pornhub? Are their security risks the same?

Well, for the most part, we should stress again that Pornhub is still overall safe-ish. It’s the content from third parties (ads) that you need to be wary of. The same risks from ads are also true for every other adult-themed site out there, especially those who allow publishers to stream their own content (the ‘tube’ type of porn websites).

This is because such websites make money from allowing advertisers to run embedded ads from traffic networks. In many cases, this embedded content has malicious code included in it. While the host website (the porn website running these ads) removes all ads containing malicious scripts, it can take a while for these risky ads to get detected.

But in the case of lesser-known websites, with fewer employees and less of a security network in place, the risks may actually be greater than with Ponhub. If another website you’d like to browse is also a huge one, well-known and with millions of users, the risks are probably about the same.

If we’re talking about obscure porn websites, then not only they are more likely to get infected with malware from third parties (advertisers) but they may be a front for cyber-criminality in themselves.

How to Protect Your Privacy when Browsing Pornhub?

The issue of safety has two aspects: protecting yourself from viruses, extortion, hackers, and so on, rounded up under the umbrella term ‘cybersecurity’ and the second issue of protecting your privacy from everyone around you.

Let’s start by addressing privacy first.

You may be tempted to browse Pornhub incognito to make sure no one but you knows about it. While this can be a partial solution (not to store search history, cookies and so on), incognito browsing is not really private.

Major browsers like Google Chrome and Mozilla are very upfront about it whenever you open up a new incognito browser window.

browser incognito message

If your main concern is to prevent the people you live with or share a computer with from finding traces of your online activity, then incognito browsing is ok. But your internet service provider or your employer (if you ever get the bright idea of accessing such websites from your workplace’s network) can still find out the list of domains which got accessed from your computer. If people with access to your home network are a bit tech-savvy, they can figure it out too.

Also, as mentioned above, ads are one of the main sources of malicious code on porn websites. While a Chrome extension that works like an ad blocker can keep some of the risk at bay, you should know that ad blockers tend to be automatically disabled once you enter incognito browsing mode. You can manually set exceptions to ensure ad blockers work for incognito browser tabs too, but you need to do a bit of tinkering with it.

What else should you remember about your privacy when browsing Pornhub or other porn websites?

Even while browsing incognito, the website you are browsing will still collect some data about you via cookies. This is entirely normal and, in theory, protects your anonymity (they just store data about user statistics but without personally identifiable information). But if they ever get hacked, or if you install malicious software by clicking on ads while browsing, this data could be at risk of being misused or used to identify you.

The only thing which can completely protect your anonymity while browsing Pornhub and other adult websites is a VPN service. Lots of users opt for one in order to stay more anonymous online.

As for the issue of cybersecurity on adult websites as a whole, beyond privacy, here’s how you can make Pornhub browsing safe.

How to Access Pornhub Safely: 5 Tips

First and foremost, learn more about the dangers of the internet and about strengthening your online safety as a whole. It’s never too late to start educating yourself in cybersecurity for laymen. Just being here and reading this guide to Pornhub safety is a great start.

But beyond being simply aware of online risks, here’s what else you can do to stay safe while browsing Pornhub or other adult websites.

#1. Up your protection with a good anti-malware solution

This should be obvious, but to make sure you stay safe from any malware danger, you need to have an active next-generation anti-virus software. A product like our Thor Vigilance is trained to prevent the latest type of intelligent threats and protect your privacy as well.

#2. Go for a traffic filter-based security product (it’s a must!)

Next, and definitely, more importantly, traffic filtering is the advanced type of protection you most definitely need. This is especially true if you sometimes browse potentially risky websites like adult-themed ones.

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

In today’s cybersecurity age, when the methods of hackers are getting more and more sophisticated, traditional anti-virus is not enough anymore. An anti-virus, no matter how good it is, reacts to known threats once they already reach your system. If you’re dealing with an APT (advanced persistent threat) this may be too late.

But a traffic filtering solution, like our Thor Foresight, is based on AI and can intelligently detect threats before they reach your system. Such protective software actively scans incoming traffic and blocks malicious code before it gets a chance to target you. This way, even if you accidentally click on a malicious ad while browsing Pornhub, you’re still safe.

#3. Don’t click on ads while browsing Pornhub

Speaking of ads on Pornhub or other adult websites, don’t click them. While some may be harmless, this is where the dangers associated with porn websites are usually hidden. If you really wish to support your favorite porn website, you can find other ways to do that (like signing up for a premium subscription, for example).

#4. Don’t download anything from adult websites or related pop-ups

If the ads displayed on Pornhub and porn websites, in general, are truly malicious, they will probably try to convince you to download something. They will promise you some more HD content completely free of charge or something similar, on condition that you install some no-name video player, etc. Don’t fall for this trap!

The software such ads are asking you to install is most likely spyware or malware. Don’t install anything and close all browser windows immediately if you are prompted to start a download.

#.5 Don’t buy anything (or enter credit card info) from 3rd parties

Under no circumstances should you enter your credit card info while browsing less-known, shady porn websites. You can buy a subscription from the major adult website you are browsing (like Pornhub and similar sites) if you want, this is safe.

But if you start browsing the independent websites of publishers or other websites you reached starting from your initial browsing, be mindful not to enter any sensitive information like credit card data. You may be tempted by a special access offer (either for a major discount or completely free, but only if you create a member account, which also asks for credit card info). Don’t fall for it!

The post Is Pornhub Safe? How to Browse Adult Websites Securely appeared first on Heimdal Security Blog.

Fallout from Gavin Williamson sacking | Letters

Readers respond to the sacking of the defence secretary Gavin Williamson over accusations of leaking

While I am delighted that Gavin Williamson (May tells defence secretary: ‘You leaked, you are fired’, 2 May) has been removed from the government – remember he said that all British jihadists should be hunted down and killed in the Middle East rather than returned for trial here – I am sorry that as a result Rory Stewart no longer has responsibility for prisons. His is a deserved promotion, but as prisons minister he was the first member of the government to make any attempt to get to grips with the problems of our criminal justice system and offered to resign if things did not improve. How sad that there are not more of that ilk in public life these days.
Maureen Panton
Malvern, Worcestershire

• Is the Gavin Williamson who has just been sacked as defence secretary for allegedly leaking plans discussed in the National Security Council to allow Huawei to be involved in building the UK’s 5G network the same Gavin Williamson who told us last year that it’s Jeremy Corbyn that “cannot be trusted”?
Sasha Simic
London

Continue reading...

It’s World Password Day – the Perfect Excuse to give your Passwords an Overhaul!

How much of your personal data is stored online? Well, if you are anything like the ‘average Jo’ – the answer is a lot! In 2019, the vast majority of us bank and shop online, have official documentation stored online, have all sorts of personal information stored in our emails and let’s not forget about our photos and videos.

And the scary thing – the only thing that is stopping cybercriminals from accessing our vital information that is saved online is our passwords.

Today is World Password Day – a perfect opportunity to give our password strategy a health check.  Because if we are serious about protecting our vital data that is stored online then we need to get SUPER serious about managing our passwords!

So, let’s give your passwords an overhaul. Why not schedule some time in your calendar to ensure your passwords are in the best shape? Here are my top tips on what you can do today to ensure you are doing all you can to protect your private online data.

How To Give Your Passwords A Health Check:

1. Check To See Whether Your Passwords Have Been Exposed

The first step is to see whether your passwords have been compromised in a data breach. Check out  www.haveibeenpwned.com.au to see whether cybercriminals have already discovered your passwords. If so, then they need to be changed wherever they are used ASAP.

2. Commit to Not Using Common Passwords

Using common passwords such as ‘password’, ‘123456’ or ‘qwerty’ is quite frankly, a waste of time. It would take cybercriminals a matter of seconds to unlock your online banking data. Also avoid using simple personal details within your passwords such as your birthday, name or kids and pet names as a quick scan of your social media accounts would allow cybercriminals to find this in just seconds. Always make your passwords random and obscure. Why not consider a nonsensical sentence?

3. Add Numbers and Symbols to Your Passwords

When you are setting up a new online account, many organisations will require you to add a number or symbol to your proposed password to give it additional ‘password strength’. Passwords that include a variety of capital and lowercase letters, numbers and symbols are far harder to crack so get creative and layer up your passwords.

4. Ensure Every Password Is Unique

Many people use the same password across all of their online accounts. And while this makes life easier, it increases your risk of your vital online data being compromised big time. Remember, if a hacker discovers just one of your passwords – and it’s the only one you use – all of your online personal information is at risk! Therefore, it is crucial to ensure all your passwords are different! I know, it sounds like a lot of work and brain power!

5. Simplify Your Life with a Password Manager

If the idea of creating individual complex passwords for each of your online accounts – oh, and changing them every 2 months, is giving you palpitations, then I have a solution – a password manager!

McAfee’s Total Protection includes Password Manager, which stores, auto-fills and even generates unique passwords. Creating and remembering (!) complex password for each online account is taken care off. All you need to do is remember one master password in order to access the rest of the passwords! And if there is a data breach, it’s super easy to quickly change a password too.

6. Set up Two-Factor Authentication Where Possible

If you have the option to enable two-factor or multi-factor authentication with any of your online accounts, then do it!! In simple terms, this will mean that you need to provide more than one way of identifying yourself before gaining access to your account. Often it is your password plus a code sent to your smartphone or even your fingerprint. It’s an absolute no-brainer as it adds another layer of security making it harder to cybercriminals to access your vital online data.

Now, if you are thinking about skipping out of your password overhaul, then please think again! Passwords are the first line of defence to protect your vital online data from cybercriminals. So, put the kettle on and make today the day!

Till next time!

Alex xx

 

The post It’s World Password Day – the Perfect Excuse to give your Passwords an Overhaul! appeared first on McAfee Blogs.

Biometric Authentication Overview, Advantages & Disadvantages [Updated 2019]

What is biometric authentication?

Biometric authentication is simply the process of verifying your identity using your measurements or other unique characteristics of your body, then logging you in a service, an app, a device and so on. What’s complicated is the technology behind it, so let’s see how it works.

How biometric authentication works

To understand it better, just know that biometrics is the name for any type of body measurements and calculations. Biometric identification verifies you are you based on your body measurements. Biometric authentication goes one step further and uses that information to compare you against a database and enters your information in a service.

Think of it like this: biometric identification is like a neighbor who looks through the peeping hole at the 2 people who just rung the bell. The neighbor decides which one of them is Dave based on height, hair color, eye color and so on.
Biometric authentication is the neighbor who looks through the peeping hole to see who is calling the door. If it’s Dave, the neighbor lets him in.
If it’s not Dave, the door remains shut.

CHECK YOUR CYBER SECURITY HABITS
Would you rather use a password or a biometric authentication method?

This is just the simplified explanation for biometric authentication but stay tuned!

Here’s what we will cover in this extensive explanation of biometric authentication, a fascinating technology with significant adoption in the present and huge potential in the future.

Table of contents

How biometric authentication works

Biometric authentication works by comparing two sets of data: the first one is preset by the owner of the device, while the second one belongs to a device visitor. If the two data are nearly identical, the device knows that “visitor” and “owner” are one and the same, and gives access to the person.

The important thing to note is that the match between the two data sets has to be nearly identical but not exactly identical. This is because it’s close to impossible for 2 biometric data to match 100%. For instance, you might have a slightly sweaty finger or a tiny, tiny scar that changes the print pattern.

Designing the process so that it doesn’t require an exact match greatly diminishes the chance of a false negative (the device doesn’t recognize your fingerprint) but also increases the odds that a fake fingerprint might be considered genuine.

How biometric authentication works

Popular biometric authentication methods and how they work

There are quite a few types of identifying a user by way of his own body. Below are the most popular biometric technologies that have made their way into users’ hands.

Fingerprint Scanners and how they are stored

There are three types of fingerprint scanners: optical, capacitive and ultrasound.

  • An optical scanner takes a photo of the finger, identifies the print pattern, and then compiles it into an identification code.

optical fingerprint scanner 1

Source

  • A capacitive scanner works by measuring electrical signals sent from the finger to the scanner. Print ridges directly touch the scanner, sending electrical current, while the valleys between print ridges create air gaps. A capacitive scanner basically maps out these contact points and air gaps, resulting in an absolutely unique pattern. These are ones used in smartphones and laptops.
  • Ultrasonic scanners will make their appearance in the newest generation of smartphones. Basically, these will emit ultrasounds that will reflect back into the scanner. Similar to a capacitive one, it forms a map of the finger unique to the individual.

How are your fingerprints stored?

Both Google and Apple store your fingerprint on the device itself and do not make a copy of it on their own servers.

Apple’s TouchID won’t store the actual image of the fingerprint, but a mathematical representation of it. So even if a malicious hacker reaches this mathematical representation, he cannot reverse engineer it to reveal an actual image of your fingerprint. Not only that, but the fingerprint data itself is encrypted.

As this security researcher pointed out, TouchID can be hacked but it’s still an extremely safe method of biometric authentication. For someone to hack an iPhone using TouchID sensors, they would need a really good copy of someone’s fingerprint. This will get them access to your unlocked phone, but not to a copy of your fingerprint, so it differs from stealing a password.

apple touch id finger

Source

Also, not even the device’s OS can access the fingerprint data directly, much less an app. Instead, there’s a gatekeeper security software called Secure Enclave that sits between the fingerprint data, and the program making the fingerprint scan request.

Android phones operate under similar guidelines. They store the fingerprint data in a secure part of the main processor called Trusted Execution Environment, or TEE for short. The TEE is isolated from other parts of the processor and doesn’t directly interact with installed apps.

Just as with Apple devices, fingerprint data is stored in an encrypted state. In addition, removing a user from the device should also delete any fingerprints stored on it.

While Apple has moved away from fingerprint scanning authentication and replaced TouchID with FaceID, other companies still rely on it.

Indeed, in 2018, a lot of smartphone developers are aiming to incorporate fingerprint scanners in the screen itself. Vivo is the first one to market such a device. The Vivo phone has a Synaptic CMOS sensor, a small camera, taped to the back of the OLED panel. Whenever the OLED screen lights up, it also illuminates your fingerprint, which the sensor sees and then compares it to the info already stored. For users, the result is a seamless experience: simply touch the screen with your finger and your phone will unlock.

Here’s how Android and iPhones store your fingerprint and other biometric data

CLICK TO TWEET

Eye scanners

Security researchers consider the eye as one of the most reliable body parts for biometric authentication since it the retina and iris remains almost completely unchanged during a person’s lifetime.

  • A retinal scan will illuminate the complex blood vessels in a person’s eye using infrared light, making them more visible than the surrounding tissue. Just like fingerprints, no two persons will ever have the same retinal pattern.

retina 1

Source

  • Iris scanners rely on high-quality photos or videos of one or both irises of a person. Irises too are unique to the individual. However, iris scanners have proven to be easy to trick simply by using a high-quality photograph of the subject’s eyes or face.

How iris scanners work

When it comes to biometrics, the iris has several major advantages compared to a fingerprint:

  • You don’t spread the information around every time you touch something.
  • The iris stays virtually unchanged throughout a person’s life. A fingerprint, on the other hand, can be dirtied, scarred or eroded.
  • You can’t use a fingerprint with dirty or sweaty hands. Irises, however, have no such problem.

The only major disadvantage of an iris scanner is that high-quality photos of your face or eyes can trick the scanner and unlock the device. iris scanner 1

Source

Despite these limitations, the technology has made its way as a security feature in airports, banks, and other sensitive buildings. Of course, just like with other security measures, it’s used in conjunction with multiple authentication technologies.

How it works. In the enrollment phase, the scanner will make a photograph of your iris using both normal light, as well as infrared light to capture details that wouldn’t be visible otherwise.

After the device records the person’s iris, it will remove any unnecessary details, such as eyelashes, and then transform the information into mathematical data and encrypt it.

During verification, an iris scanner will again emit infrared light to spot those hidden details. Because an iris scanner supplies its own light, it also works in low light or dark conditions.

Speaker recognition

Speaker recognition, unlike voice recognition, wants to identify who is talking, and not what is being said.

Source

In order to identify the speaker, the specialized software will break down their words into packets of frequencies called formants. These packets of formants also include a user’s tone, and together they form his voice print.

Speaker recognition technology is either:

  • Text-dependent, meaning it unlocks after identifying certain words or phrases (think “Hey Alexa!” for the Amazon Echo).
  • Text-independent, where it tries to recognize the voice itself but ignores what is actually said.

Unlike other methods mentioned here, speaker recognition comes with a significant usability problem, since it’s easy for background noises to distort the person’s voice and make it unrecognizable.

When it comes to consumer devices, voice activation can come across as awkward (a.k.a. talking to Siri in the subway).

But the biggest issue with speech recognition is how easy it is to create a high-quality reproduction of a person’s voice. Even low-quality smartphones can accurately record a person’s voice, complete with inflections, tone, and accents.

This hasn’t stopped speaker recognition and similar technologies from gaining mainstream adoption. Just look at the success of Amazon Echo, Google Home, and other voice controlled speakers integrated into a lot of smart homes. What do you get when you combine an Amazon Alexa with an Amazon Key that unlocks your home to couriers when you’re at work?

It’s an amazing biometric authentication experience for users. At the same time, it’s a security risk of nightmare proportions.

We don’t mean just biometric authentication exploits, but “classic” hacker methods as well. Rhino Security Labs demonstrated just how to attack Amazon Key via WiFi so the camera is blind to whoever would enter your home.

We covered the risk of using IoT devices and we explained how to secure them here. In this guide, you’ll find the best ways to protect your home wireless network. But let’s return to biometric authentication types and how they work because we’ll later explain how their advantages and disadvantages.

Other biometric technologies

The methods above are the most well known and most popular, but not the only ones. Here are some other technologies:

Facial recognition systems

Generally speaking, facial recognition systems approach biometric authentication from a lot of angles.

Source

The classic way is to simply extract your face’s features from an image (eyes, nose, distance between your lips and your nose etc) and compare them to other images to find a match.

Through skin texture analysis, your unique lines, beauty marks, wrinkles and so on are turned into a mathematical space, which is then compared to other images.

Both of them can be easily fooled with makeup, masks or, in some cases, simply obstructing part of your face. This is where thermal imagery and other technologies stepped up the game until we got to this point – that of widespread adoption of systems like the Apple FaceID.

The iPhone FaceID uses more than 30,000 infrared dots to map your face, then creates essentially a 3D map of your features. This map, like Touch ID, is sent to the Secure Enclave in the CPU to be compared with the one already stored on the device. The result? Your phone is unlocked just by looking at it.

In the marketing materials, Apple said there is a 1 in a million chance for someone else to unlock an iPhone using FaceID. Of course, that just sounded like a challenge for security experts. A researcher from Vietnam fooled FaceID with a 3D printed mask made from silicone and paper tape.

2. Hand and finger geometry

While not as unique as prints, iris scanners or tridimensional face maps, our hands are different enough from other people’s. That makes them a viable authentication method in certain cases.

hand geomtry

Source: Eter.it

A hand geometry scanner will measure palm thickness, finger length and width, knuckle distance and so on.

Advantages of this kind of system are cheapness, ease of use and unobtrusiveness. It also has a few major disadvantages. A hand’s size can vary over the time. Health problems might limit movements.  More importantly, a hand is not that unique, so the system has low accuracy.

hand geometry 1

Source

2.    Vein geometry

Our vein layout is completely unique and not even twins have the same vein geometry. In fact, the overall layout is different from hand one hand to another.

Veins have an added advantage since they are incredibly difficult to copy and steal because they are visible under tightly controlled circumstances.

A vein geometry scanner will light up the veins with near-infrared light, which makes your veins visible on the picture.

vein biometrics 1

Source

Advantages and disadvantages of biometric authentication

Ultimately, biometric authentication techniques are all about security. As a feature, their main competitor is the password (or PIN code, on occasion), so a comparison between the two will reveal both their flaws and weaknesses. Let’s see.

Advantage: Ease of use

A fingerprint or iris scan is much easier to use than a password, especially a long one. It only takes a second (if that) for the most modern smartphones to recognize a fingerprint and allow a user to access the phone. Ultrasound scanners will soon become commonplace, since manufacturers can place them directly behind the screen, without taking any extra real estate on a phone.

Voice recognition, on the other hand, is a bit iffier and background noises can easily scramble the process and render it inoperable.

Disadvantage: You cannot revoke the fingerprint/iris/voice print remotely

A big disadvantage of biometric security is that a user cannot remotely alter them. If you lose access to an email, you can always initiate a remote recovery to help you regain control. During the process, you will be able to change your password or add two-factor authentication to double your account’s security.

Biometrics, however, don’t work like that. You have to be physically near the device to change its initial, secure data set.

A thief could steal your smartphone, create a fake finger, and then use it to unlock the phone at will. Unless you quickly locked your phone remotely, a thief would quickly steal every bit of information on the device.

Advantage: The malicious hacker has to be near you

The biggest advantage of biometrics is that a malicious hacker has to be in your physical proximity in order to collect the information required to bypass the login.

smartphone 1445448 640

Source

This narrows down the circle of possible suspects in case your biometric lock is somehow bypassed.

The proximity also puts him at risk of getting caught red-handed, in a way that regular malicious hackers working from another continent cannot.

Disadvantage: “Master fingerprints” can trick many phones and scanners

When you first register a fingerprint, the device will ask you for multiple presses from different angles. These samples will then be used as the original data set to compare with subsequent unlock attempts.

However, smartphone sensors are small, so they often rely on partial matches of fingerprints.

Researchers have discovered that a set of 5 “master fingerprints” can exploit these partial matches, and open about 65% of devices.

The number is likely to go down in real life conditions, but an open rate of even 10% to 15% is huge and can expose millions of devices.

Disadvantage: Biometrics last a lifetime

You can always change your password if somebody learns it, but there’s no way to modify your iris, retina or fingerprint. Once somebody has a working copy of these, there’s not much you can do to stay safe, other than switching to passwords or using another finger.

In one of the biggest hacks ever, the US Office of Personnel Management leaked 5.6 million employee fingerprints. For the people involved, a part of their identity will always be compromised. In CPO Magazine, we explored even more risks of using biometric data, especially in the context of law enforcement.

Disadvantage: Vulnerabilities in biometric authentication software

A couple of years ago, security researchers discovered weaknesses in Android devices that allowed them to remotely extract a user’s fingerprint, use backdoors in the software to hijack mobile payments or even install malware.

What’s more, they were able to do this remotely, without having physical access to the device.

Since then, patches have come for the vulnerabilities, but bug hunters are constantly on the hunt for new ones.

Hacking methods

Whitehat security researchers have proved time and again how to fool fingerprint or iris scanners. Here are just some of the methods they use.

Creating a fake finger (spoofing the fingerprint)

To open up a smartphone secured with a fingerprint, the attacker will first need to find a high-quality print, that contains a sufficient amount of specific patterns to open up the device.

Next, an attacker will lift the fingerprint, place it on a plastic laminate, and then cast a finger to fit this mold.

fake fingerprint 1

Source

Once the malicious hacker creates the fake finger, all he has to do is to place it on the scanner, press with his finger to conduct electricity and then use the unlocked phone.

Tricking an iris scanner

For some iris scanners, all it takes is taking a photo with a cheap camera in night mode, print the iris on paper, and then putting a wet contact lens to mimic the roundness of the human eye.

Hacking the biometric sensor and stealing the data

Another, more insidious method of obtaining the fingerprint data of a phone, and unlocking it, is to directly hack the part of the phone responsible for storing the information.

For iOS devices, this means breaking into the Secure Enclave. Technically, this is possible, but it is far beyond the scope of your average, day-to-day cyber criminal. The few confirmed hackings have been done by Cellebrite.

Still, the software and expertise might reach mass-market, and into the hands of script kiddies.

In the case of Android devices, researchers have proven it is possible to trick the Qualcomm provided Trusted Execution Environment by loading a customized app, which then runs a privilege escalation until it obtains greater access to the TEE.

Fortunately for us users, a cybercriminal would need considerable expertise to hack your phone in such a way.

Biometric security for mobile devices, such as smartphones and laptops

A fingerprint lock is useless if somebody steals your smartphone, and then simply lifts the print off from the device.

ext

Source

How to secure smartphone/laptop fingerprint readers

Here are a few simple tips to help minimize the number of prints that are on your phone:

  • Dress your phone with a fingerprint-resistant or oleophobic cover and screen protector.
  • Use a different finger other than your index or thumb.
  • If convenience is not your primary concern, use both the fingerprint and the password/PIN lock. This is especially useful for sensitive business smartphones and laptops. Here is a comprehensive guide for your smartphone security, and we compiled the best password tips here.
  • If your laptop or other device supports it, use a fingerprint randomizer. In short, you register 2-3 fingerprints, and the lock screen will ask you provide a different finger each time you log in.

Here are a few tips to prevent thieves from stealing fingerprints off your smartphone

CLICK TO TWEET

Conclusion

Biometric authentication has strongly expanded in the last few years, with more and more consumers relying on it and even demanding for it.

Do you use any sort of biometric technology? How do you feel about it, especially in government’s hands, and how secure do you think is?

This post was originally published in July 2017 by Paul Cucu and updated on January 12, 2018 by Ana Dascalescu.

Spend time with your family, not updating their apps!
Thor Foresight Home anti malware and ransomware protection heimdal security
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Thor FREE

The post Biometric Authentication Overview, Advantages & Disadvantages [Updated 2019] appeared first on Heimdal Security Blog.

Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed

Logging onto a free Wi-Fi network can be tempting, especially when you’re out running errands or waiting to catch a flight at the airport. But this could have serious cybersecurity consequences. One popular Android app, which allowed anyone to search for nearby Wi-Fi networks, was recently left exposed, leaving a database containing over 2 million network passwords unprotected.

How exactly were these passwords exposed? The app, which had been downloaded by millions of users, allowed anyone to search for Wi-Fi networks in their area. The app also lets users upload their Wi-Fi network passwords from their devices to its database for others to use. When the database was left exposed and unprotected, anyone could access and download its contents. Each record in the database contained the Wi-Fi network name, its precise geolocation, its basic service set identifier, and the network password in plaintext. Because the app didn’t require users to obtain permission from the network owner, it would be quite easy for a cybercriminal to modify router settings and point unsuspecting users to malicious websites. What’s more, a threat actor could also read unencrypted traffic that goes across a wireless network, allowing them to steal passwords and private data.

Thankfully, the web host was able to take down the database containing the Wi-Fi passwords within a day of being notified. But it’s important for users to be aware of the cybersecurity implications that free or public Wi-Fi presents. Check out the following tips to help protect your data:

  • Change your Wi-Fi password. If you think your password may have been affected by this exposure, err on the side of caution and reset it. Be sure to make your new password complex and unique.
  • Keep your network password private. Wi-Fi networks could be susceptible to a number of threats if their passwords are left in the wrong hands. Only share your passwords with family, friends, and those you trust, and never upload your password to a public database for strangers to use.
  • Safeguard your online privacy. Use a security solution like McAfee Safe Connect to encrypt your online activity, protect your privacy by hiding your IP address, and better defend against cybercriminals.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Wi-Fi Woes: Android Hotspot App Leaves 2 Million Passwords Exposed appeared first on McAfee Blogs.

Digital Parenting: ‘Eat Your Veggies, Brush Your Teeth, Strengthen Your Passwords’

strong password

strong passwordAs adults, we know the importance of strong passwords, and we’ve likely preached the message to our kids. But let’s rewind for a minute. Do our kids understand why strong passwords are important and why it needs to become a habit much like personal health and hygiene?

If we want the habit to stick, the reason why can’t be simply because we told them so. We’ve got to make it personal and logical.

Think about the habits you’ve already successfully instilled and the reasoning you’ve attached to them.

Brush your teeth to prevent disease and so they don’t fall out.
Eat a balanced diet so you have fuel for the day and to protect yourself from illness and disease.
Get enough sleep to restore your body and keep your mind sharp for learning.
Bathe and groom to wash away germs (and to keep people from falling over when you walk by). 

The same reasoning applies to online hygiene: We change our passwords (about every three months) to stay as safe as possible online and protect what matters. When talking to kids, the things that matter include our home address, our school name, our personal information (such as a parent’s credit card information, our social security number, or other account access).

Kids Targeted

We falsely believe that an adult’s information is more valuable than a child’s. On the contrary, given a choice, 10 out of 10 hackers would mine a child’s information over an adult’s because it’s unblemished. Determined identity thieves will use a child’s Social Security number to apply for government benefits, open bank, and credit card accounts, apply for a loan or utility service or rent an apartment. Also, once a child’s information is hacked, a thief can usually get to a parent’s information.

How to Stay Safe

It’s a tall task to prevent some of the massive data breaches in the news that target kids’ information. However, what is in our control, the ability to practice and teach healthy password habits in our home.

Tips for Families

strong passwordShake it up. According to McAfee Chief Consumer Security Evangelist Gary Davis, to bulletproof your passwords, make sure they are at least 12 characters long and include numbers, symbols, and upper and lowercase letters. Consider substituting numbers and symbols for letters, such as zero for “O” or @ for “A”.

Encourage kids to get creative and create passwords or phrases that mean something to them. For instance, advises Gary, “If you love crime novels you might pick the phrase: ILoveBooksOnCrime
Then you would substitute some letters for numbers and characters, and put a portion in all caps to make it even stronger, such as 1L0VEBook$oNcRIM3!”

Three random words. Password wisdom has morphed over the years as we learn more and more about hacking practices. According to the National Cyber Security Centre, another way to create a strong password is by using three random words (not birthdates, addresses, or sports numbers) that mean something to you. For instance: ‘lovepuppypaws’ or ‘drakegagacardib’ or ‘eatsleeprepeat’ or ‘tacospizzanutella’.

More than one password. Creating a new password for each account will head off cybercriminals if any of your other passwords are cracked. Consider a password manager to help you keep track of your passwords.

Change product default passwords immediately. If you purchase products for kids such as internet-connected gaming devices, routers, or speakers, make sure to change the default passwords to something unique, since hackers often know the manufacturer’s default settings.

When shopping online, don’t save info. Teach kids that when shopping on their favorite retail or gaming sites, not to save credit card information. Saving personal information to different accounts may speed up the checkout process. However, it also compromises data.

Employ extra protection. Comprehensive security software can protect you from several threats such as viruses, identity theft, privacy breaches, and malware designed to grab your data. Security software can cover your whole family as well as multiple devices.

Web Advisor. Keep your software up-to-date with a free web advisor that helps protect you from accidentally typing passwords into phishing sites.

strong password

Use unique passwords and MFA. This is also called “layering up.” 1) Use unique passwords for each of your accounts. By using different passwords, you avoid having all of your accounts become vulnerable if you are hacked (think domino effect). 2) MFA is Multi-Factor Authentication (also called two-step verification or authentication ). MFA confirms a user’s identity only after presenting two or more pieces of evidence. Though not 100% secure, this practice adds a layer of security to an account.

Keep it private. Kids love to show one another loyalty by sharing passwords and giving one another access to their social network accounts. DO NOT encourage this behavior. It’s reckless and could carry some serious privacy consequences. (Of course, sharing with parents, is recommended).

Credential Cracking

According to the Identity Theft Resource Center® (ITRC), the reported number of consumer records exposed containing sensitive personally identifiable information jumped 126 percent in 2018. The report explicitly stated password cracking as an issue: “The exploitation of usernames and passwords by nefarious actors continues to be a ripe target due to the increase in credential cracking activities – not to mention the amount of data that can be gleaned by accessing accounts that reuse the same credentials.”

May 2 is World Password Day and the perfect time to consider going over these password basics with your family.

The post Digital Parenting: ‘Eat Your Veggies, Brush Your Teeth, Strengthen Your Passwords’ appeared first on McAfee Blogs.

Parenting club Bounty fined £400,000 for selling users’ data

Company illegally shared 34.4m records with 39 companies, information commissioner finds

The parenting club Bounty has been fined £400,000 – one of the largest penalties possible – for sharing its data with marketing agencies without users’ permission.

Bounty offers support and advice to new parents who sign up through its website and mobile app, or are directly recruited on maternity wards. Without securing consent from those parents, the company sold their information to data brokers including Acxiom, Equifax and Sky, the Information Commissioner’s Office (ICO) said.

Continue reading...

Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home

Like most parents, before you go to sleep each night, you take extra care to lock doors and windows to keep your family safe from any outside threats. The only thing you may have overlooked is the smartphone illuminated on your nightstand. And if you were to add up the smartphones humming all over your house, suddenly you’d have a number of unlocked doors that a determined criminal could enter through. Maybe not tonight — but eventually.

Digital Ecosystem

Over time you’ve purchased and plugged in devices throughout your home. You might have a voice assistant, a baby monitor, a thermostat, a treadmill, a gaming system, a fitness watch, smart TVs, a refrigerator, and many other fun, useful gadgets. Each purchase likely connects to your smartphone. Take stock: You now have a digital ecosystem growing all around you. And while you rarely stop to take notice of this invisible power grid around you, hackers can’t stop thinking about it.

This digital framework that pulsates within your home gives cybercriminals potential new entryways into your life and your data. Depending on your devices, by accessing your smartphone, outsiders may be able to unlock your literal doors while you are away (via your home security system), eavesdrop on your family conversations and collect important information (via your voice assistant), access financial information (via your gaming system, tablet, or laptop).

What you can do:

  • Change factory security settings. Before you fire up that smart TV, drone, or sound system, be sure to change each product’s factory settings and replace it with a bulletproof password to put a layer of protection between you and would-be hackers.
  • Protect your home network. We are connected people living in connected homes. So, part of the wired lifestyle is taking the lead on doing all we can to protect it. One way to do that is at the router level with built-in network security, which can help secure your connected devices.
  • Stay on top of software updates. Cybercrooks rely on consumers to ignore software updates; it makes their job so much easier. So be sure to install updates to your devices, security software, and IoT products when alerted to do so.

Smartphone = Front Gate

The most common entry point to all of these connected things is your smartphone. While you’ve done a lot of things to protect your phone — a lock screen, secure passwords on accounts, and system updates — there are hacking tactics you likely know nothing about. According to McAfee’s recent  Mobile Threat Report, you don’t know because the scope and complexity of mobile hacks are increasing at alarming rates.

Hidden Apps

The latest statistics report that the average person has between 60-90 apps installed on their phones. Multiply that between all the users in your home, and you are looking at anywhere from 200-500 apps living under your digital roof. Hackers gravitate toward digital trends. They go where the most people congregate because that’s where they can grab the most money. Many of us control everything in our homes from our apps, so app downloads are off the charts, which is why crooks have engineered some of their most sophisticated schemes specifically around app users.

Hidden apps are a way that crooks trick users into letting them inside their phones. Typically, hidden apps (such as TimpDoor) get to users via Google Play when they download games or customized tools. TimpDoor will then directly communicate with users via a text with a link to a voice message that gives detailed instructions to enable apps from unknown sources. That link downloads malware which will run in the background after the app closes. Users often forget they’ve downloaded this and go on with life while the malware runs in the background and can access other internal networks on the smartphone.

What you can do:

  • Stay alert. Don’t fall for the traps or click links to other apps sent via text message.
  • Stay legit. Only download apps hosted by the original trusted stores and verified partner sites.
  • Avoid spam. Don’t click on any email links, pop-ups, or direct messages that include suspicious links, password prompts, or fake attachments. Delete and block spam emails and texts.
  • Disable and delete. If you are not using an app, disable it. And, as a safety habit, remove apps from your phone, tablet, or laptop you no longer use.

Fake Apps

Again, crooks go where the most people congregate, and this year it is the 60 million+ downloaded game Fortnite. The Fortnite craze has lead hackers to design fake Fortnite apps masquerading as the real thing. The fraudulent app designers go to great lengths to make the download look legitimate. They offer enticing downloads and promise users a ton of free perks and add ons. Once users download the fake app, crooks can collect money through ads, send text messages with more bad app links, crypto jack users, or install malware or spyware.

What you can do:

  • Don’t install apps from unknown sources. Not all gaming companies distribute via Google Play or the App Store. This makes it even harder for users to know that the app they are downloading is legit. Do all you can to verify the legitimacy of the site you are downloading from.
  • Delete suspicious acting apps. If you download an app and it begins to request access to anything outside of its service, delete it immediately from your device.
  • Update devices regularly. Keep new bugs and threats at bay by updating your devices automatically.
  • Monitor bank statements. Check statements regularly to monitor the activity of the card linked to your Fortnite account. If you notice repeat or multiple transactions from your account or see charges that you don’t recognize, alert your bank immediately.
  • Be a savvy app user. Verify an app’s legitimacy. Read other user reviews and be discerning before you download anything. This practice also applies to partner sites that sell game hacks, credits, patches, or virtual assets players use to gain rank within a game. Beware of “free” downloads and avoid illegal file-sharing sites. Free downloads can be hotbeds for malware. Stick with the safer, paid options from a reputable source.

The post Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home appeared first on McAfee Blogs.

You Rang? New Voice Phishing Attack Tricks Unsuspecting Users

In this digital day and age, the average user is likely familiar with the techniques and avenues cybercriminals use to get ahold of personal data and money. With this knowledge, we’ve become smarter and keen to the tricks of the cybercrime trade. However, cybercriminals have become smarter too, and therefore their attacks have become more complex. Take phishing, for example. There has been a dramatic shift in phishing attacks, from simple and general to complex and personalized. What was once spoofing emails or websites has now evolved into something more devious – vishing, or voice phishing. This method involves a cybercriminal attempting to gain access to a victim’s personal or financial information by pretending to be a financial institution via phone call. And now a new vishing attack is proving to be more difficult to detect than the typical phishing scams.

In April 2018, Min-Chang Jang, a manager at Korea Financial Security Institute and Korea University, made a breakthrough in his investigation into malicious apps designed to intercept calls to users from legitimate numbers. This tactic puts a new but troubling twist on the original voice phishing cyberattack. To be successful in this venture, a hacker must first convince a user to download a fake app. To do this, a link is sent to the victim, luring them in with an amazing offer around loan refinancing or something similar, which then prompts the user to download the faulty app. If the target takes the bait, calls will start to come in from the financial institution following up on the possible loan refinancing offer. The call, however, isn’t connected to the actual financial company, rather it is intercepted and connected to the bad actor.

We know that as we adjust to the world around us and become smarter about our security, cybercriminals will do the same with their thievery. Today it’s an advanced vishing attack, tomorrow it could be a different type of phishing vector. However, users can rest assured that companies like McAfee are working tirelessly to ensure our users can thwart any cyberattack that comes their way. While this voice phishing attack is hard to detect, here are some proactive steps you can take to ensure you don’t fall victim to cybercriminals’ schemes:

  • Only install apps from authorized sources. To avoid malicious apps getting ahold of your data, only download apps from authorized vendors. For Android users, use the Google Play Store. For iPhone users, use the Apple App Store. Never trust a third-party app with information that could be exploited in the wrong hands.
  • Turn on caller ID or other services. Numerous carriers now offer free services that notify users of possible scam calls. And a lot of phones come with call-identifying capabilities that can give the user a quick diagnostic of whether the call is legitimate or not. With this feature, users can report scam calls to a database too.
  • Always think twice. In addition to tips and apps, there’s no better judge than common sense so if an offer or deal sounds too good to be true, it most likely is.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post You Rang? New Voice Phishing Attack Tricks Unsuspecting Users appeared first on McAfee Blogs.

809 Million Records Left Exposed: How Users Can Protect Their Data

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection #1 data breach exposed 773 million email addresses, it seems we have another massive data dump in our midst. Last week, researchers discovered a 150-gigabyte database containing 809 million records exposed by the email validation firm, Verifications.io.

You may be wondering how Verifications.io had so much data left to be exposed. Most people have heard of email marketing, but very few realize that these companies often vet user email addresses to ensure their validity. Enter Verifications.io. This company serves as a way email marketing firms can outsource the extensive work involved with validating mass amounts of emails and avoid the risk of having their infrastructure blacklisted by spam filters. Verifications.io was entrusted with a lot of data provided by email marketing firms looking to streamline their processes, creating an information-heavy database.

This unusual data trove contains tons of sensitive information like names, email addresses, phone numbers, physical addresses, gender, date of birth, personal mortgage amounts, interest rates, social media accounts, and characterizations of people’s credit scores. While the data doesn’t contain Social Security Numbers or credit card information, that amount of aggregated data makes it much easier for cybercriminals to run new social engineering scams or expand their target audience. According to security researcher Troy Hunt, owner of HaveIBeenPwned, 35% of the data exposed by Verifications.io is new to his database. With that said, it was the second largest data dump added in terms of email addresses to Hunt’s website, which allows users to check whether their data has been exposed or breached.

Upon discovery, the firm was made aware of the incident. And while proper security measures were taken, users can take various steps themselves to protect their information in the event of largescale data exposure. Check out the following tips:

  • Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
  • Use strong, unique passwords. Make sure to use complex passwords for each of your individual accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords on a consistent basis to further protect your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

Don’t Let Thunderclap Flaws Strike Your Device

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial information, or run detrimental code on the system if a malicious device is plugged into a machine’s port while it’s running.

So, how can attackers exploit this flaw? Thunderbolt accessories are granted direct-memory access (DMA), which is a method of transferring data from a computer’s random-access memory (RAM) to another part of the computer without it needing to pass through the central processing unit (CPU). DMA can save processing time and is a more efficient way to move data from the computer’s memory to other devices. However, attackers with physical access to the computer can take advantage of DMA by running arbitrary code on the device plugged into the Thunderbolt port. This allows criminals to steal sensitive data from the computer. Mind you, Thunderclap vulnerabilities also provide cybercriminals with direct and unlimited access to the machine’s memory, allowing for greater malicious activity.

Thunderclap-based attacks can be carried out with either specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to. What’s more, they can compromise a vulnerable computer in just a matter of seconds. Researchers who discovered this vulnerability informed manufacturers and fixes have been deployed, but it’s always good to take extra precautions. So, here are some ways users can defend themselves against these flaws:

  • Disable the Thunderbolt interface on your computer. To remove Thunderbolt accessibility on a Mac, go to the Network Preference panel, click “OK” on the New Interface Detected dialog, and select “Thunderbolt Bridge” from the sidebar. Click the [-] button to delete the option as a networking interface and choose “Apply.” PCs often allow users to disable Thunderbolt in BIOS or UEFI firmware settings, which connect a computer’s firmware to its operating system.
  • Don’t leave your computer unattended. Because this flaw requires a cybercriminal to have physical access to your device, make sure you keep a close eye on your laptop or PC to ensure no one can plug anything into your machine without permission.
  • Don’t borrow chargers or use publicly available charging stations. Public chargers may have been maliciously altered without your knowledge, so always use your own computer accessories.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

How To Secure Your Smart Home

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by giving cybercrooks new opportunities to access our information, and even launch attacks.

You may remember a couple of years ago when thousands of infected devices were used to take down the websites of internet giants like Twitter and Netflix by overwhelming them with traffic. The owners of those devices were regular consumers, who had no idea that their IP cameras and DVRs had been compromised. You may also have heard stories of people who were eavesdropped on via their baby monitors, digital assistants, and webcams when their private networks were breached.

Unfortunately, these are not rare cases. In recent months, the “Internet of Things” (IoT) has been used repeatedly to spy on businesses, launch attacks, or even deliver cryptojacking malware or ransomware.

Still, given the benefits we get from these devices, they are probably here to stay.  We just need to acknowledge that today’s “smart” devices can be a little “dumb” when it comes to security. Many lack built-in security protections, and consumers are still learning about the risks they can pose. This is particularly concerning since the market for smart devices is large and growing. There are currently 7 billion IoT devices being used worldwide, and that number is expected to grow to 22 billion by 2025.

Cybercrooks have already taken note of these opportunities since malware attacks on smart devices have escalated rapidly. In fact, McAfee reported that malware directed at IoT devices was up 73%in the third quarter of 2018 alone.

So, whether you have one IoT device, or many, it’s worth learning how to use them safely.

Follow these smart home safety tips:

  • Research before you buy—Although most IoT devices don’t have built-in protection, some are safer than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks many of these features, consider upgrading it.
  • Safeguard your devices—Before you connect a new IoT device to your home network — allowing it to potentially connect with other data-rich devices, like smartphones and computers— change the default username and password to something strong, and unique. Hackers often know the default settings and share them online.Then, turn off any manufacturer settings that do not benefit you, like remote access. This is a feature some manufacturers use to monitor their products, but it could also be used by cybercrooks to access your system. Finally, make sure that your device software is up-to-date by checking the manufacturer’s website. This ensures that you are protected from any known vulnerabilities.
  • Secure your network—Your router is the central hub that connects all of the devices in your home, so you need to make sure that it’s secure. If you haven’t already, change the default password and name of your router. Make sure your network name does not give away your address, so hackers can’t locate it. Then check that your router is using an encryption method, like WPA2, which will keep your communications secure. Consider setting up a “guest network” for your IoT devices. This is a second network on your router that allows you to keep your computers and smartphones separate from IoT devices. So, if a device is compromised, a hacker still cannot get to all the valuable information that is saved on your computers. Check your router’s manual for instructions on how to set up a guest network. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
  • Install comprehensive security software –Finally, use comprehensive security software that can safeguard all your devices and data from known vulnerabilities and emerging threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

How to Steer Clear of Tax Season Scams

*This blog contains research discovered by Elizabeth Farrell

It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.

So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.

In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. Even back in December, we saw a surge of new email phishing scams trying to fool consumers into thinking the message was coming from the IRS or other members of the tax community. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.

Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.

Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:

  • File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
  • Obtain a copy of your credit report. FYI – you’re entitled to a free copy of your credit report from each of the major bureaus once a year. So, make it a habit to request a copy of your file every three to four months, each time from a different credit bureau. That way, you can keep better track of and monitor any suspicious activity and act early if something appears fishy.
  • Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Be wary of strange file attachment names such as “virus-for-you.doc.” Remember: the IRS only contacts people by snail mail, so if you get an email from someone claiming to be from the IRS, stay away.
  • Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
  • Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

Why it’s too easy to manipulate voters – and steal the EU elections | Eleonora Nestola

It’s time to act, as personal data is being used to target voters – and the EU commission isn’t doing enough to stop this

On 11 July last year the UK Information Commissioner’s Office (ICO) published its first report on the Cambridge Analytica scandal. This is a date I will never forget, a date that substantially changed my vision of the current threats to our democratic society. It is a day that became a call to arms for me – and, for once, I had the understanding, the knowledge and the expertise to support the fight. I felt it was time to put all of this to good use for civil society, and so I set out to discover how online electoral campaigning works. And let me tell you, the system is not in good health and we Europeans should all be made more aware of that.

Related: This is Europe: stay close with the Guardian’s email updates

Voters become unaware they are receiving political messages based on bias. The risks are enormous

Related: Data protection laws are shining a needed light on a secretive industry | Bruce Schneier

Continue reading...

McAfee Partners With Telefónica To Help Secure Consumers Worldwide

These days, cyberattacks can feel relentless. Due to the interconnected nature of the world we live in, cybercriminals have managed to infiltrate our personal devices, our networks, and even our homes. That’s why we at McAfee believe it’s important now more than ever to secure every facet of the modern consumer lifestyle. And we’ve partnered with Telefónica to do just that.

This partnership first began back in February of last year, when ElevenPaths, Telefónica Cyber Security Unit, and McAfee announced we’re working together to reinforce the online security of Telefónica’s broadband and mobile customers across multiple markets. This partnership covers Europe and Latin America with plans to progressively roll out solutions in the different countries where Telefónica operates. It’s the first time a telecommunications company has delivered a security service to all of its customers, regardless of where they connect from. Fast forward to present day, and this partnership has only expanded. The global product developed by Telefónica and powered by McAfee was first launched in Spain as Movistar Conexión Segura, a service that protects home and mobile customers’ connectivity. Telefónica protects Fusión customers’ home connections with a smart router, thanks to the ElevenPaths solution powered by McAfee Secure Home Platform, which enables seamless security and easy activation. Conexión Segura is also available for Movistar mobile customers, including network protection and one license of Seguridad Dispositivo, a multi-device security protection. Only a few weeks after Spain, Movistar Argentina launched the solution for its fixed and mobile customers. These services help realize Telefónica’s “Security by Default” strategy, offering customers a more robust security solution that protects against threats like viruses, malware, phishing, and emerging IoT threats.

Telefónica and McAfee’s 360 partnership is dedicated to protecting the productivity of consumers everywhere. “This agreement gives customers current and contextual information on their cybersecurity status so they can stay connected with confidence,” said Pedro Pablo Pérez, Global Security VP of Telefónica and CEO of ElevenPaths, Telefónica Cybersecurity Unit.

ElevenPaths and Mcafee’s joint vision to create a more secure tomorrow brings us a step closer to stopping widespread cyberattacks. By joining forces to implement more robust security solutions around the world, we can ensure that our connectivity goes undisrupted. Because together is power.

To learn more about consumer security and our approach to it, be sure to follow us at @ElevenPaths and @McAfee.

The post McAfee Partners With Telefónica To Help Secure Consumers Worldwide appeared first on McAfee Blogs.

MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize on a daily basis. However, as manufacturers continue to push out the latest technology to stay ahead of their competitors, device security isn’t always top-of-mind. As a result, the level of confidence consumers have in their devices is reduced. At McAfee, we understand that the notion of digital trust is imperative to the future of security as we adopt technologies shaped by the likes of 5G networks, the Internet of Things (IoT), artificial intelligence (AI), and big data. And as we head into Mobile World Congress 2019 (MWC), one can’t help but wonder, how will these advancements shape the future of mobile connectivity?

Almost every new device is built to connect, and as our 2019 Threats Predictions Report showed us, our dependence on technology is ubiquitous. Take your smartphone, for example. Everywhere you go, this minicomputer allows you to chat with your friends online, send emails, and look up new information with just the press of a button. Only upping the ante, 5G is set to roll out across the nation, bringing greater speed to handheld devices with more data and lower latency. These benefits will set the stage for more IoT devices, such as your smart refrigerator or smart plug, to connect to the network as well. The ability to control the temperature of your refrigerator from your smartphone is a pretty cool capability. But what happens if your smartphone gets hacked and a cybercriminal remotely disables your refrigerator? You may be left with a bigger problem than some spoiled food.

With all of your smart devices on the same 5G network, malicious actors can gain full access to the data that lives in your smart home technology through just your mobile phone. The increase in devices on the 5G network also increases the risk of Distributed Denial-of-service, or DDoS, attacks. These attacks are caused by cybercriminals flooding a network with so much traffic that it can’t operate or communicate as it normally would. And with more IoT devices operating on the 5G network, the consequences of such a cyberattack could be truly crippling. So, how can we continue to trust the devices we use on a daily basis despite the cybersecurity risks caused by greater connectivity?

Digital trust, or the level of confidence consumers have in their technology and mobile devices, is extremely delicate. And as our experiences with our devices become more and more personalized thanks to intelligent connectivity, it’s important to realize that it can’t be intelligent if there is no trust. That’s why consumers should embrace advancements in mobile technology but remember to keep cybersecurity practices at the forefront.

Whether you’re headed out to Barcelona for MWC 2019 or watching from afar, we here at McAfee are committed to helping you take the necessary precautions required in order to connect with confidence in a world where everything is built to connect.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

The Risks of Public Wi-Fi and How to Close the Security Gap

public wi-fi risksAs I write this blog post, I’m digitally exposed, and I know it. For the past week, I’ve had to log on to a hospital’s public Wi-Fi each day to work while a loved one recuperates.

What seems like a routine, casual connection to the hospital’s Wi-Fi isn’t. Using public Wi-Fi is a daily choice loaded with risk. Sure, I’m conducting business and knocking out my to-do list like a rock star but at what cost to my security?

The Risks

By using public Wi-Fi, I’ve opened my online activity and personal data (via my laptop) up to a variety of threats including eavesdropping, malware distribution, and bitcoin mining. There’s even a chance I could have logged on to a malicious hotspot that looked like the hospital network.

Like many public Wi-Fi spots, the hospital’s network could lack encryption, which is a security measure that scrambles the information sent from my computer to the hospital’s router so other people can’t read it. Minus encryption, whatever I send over the hospital’s network could potentially be intercepted and used maliciously by cybercriminals.

Because logging on to public Wi-Fi is often a necessity — like my situation this week — security isn’t always the first thing on our minds. But over the past year, a new normal is emerging. A lot of us are thinking twice. With data breaches, privacy concerns, the increase in the market for stolen credentials, and increasingly sophisticated online scams making the headlines every day, the risks of using public Wi-Fi are front and center.

Rising Star: VPNpublic wi-fi risks

The solution to risky public Wi-Fi? A Virtual Private Network (VPN). A VPN allows users to securely access a private network and share data remotely through public networks. Much like a firewall protects the data on your computer, a VPN protects your online activity by encrypting your data when you connect to the internet from a remote or public location. A VPN also conceals your location, IP address, and online activity.

Using a VPN helps protect you from potential hackers using public Wi-Fi, which is one of their favorite easy-to-access security loopholes.

Who Needs a VPN?

If you (or your family members) travel and love to shop online, access your bank account, watch movies, and do everyday business via your phone or laptop, a VPN would allow you to connect safely and encrypt your data no matter where you are.

A VPN can mask, or scramble, your physical location, banking account credentials, and credit card information.

Also, if you have a family data plan you’ve likely encouraged your kids to save data by connecting to public Wi-Fi whenever possible. Using a VPN, this habit would be secured from criminal sniffers and snoopers.

A VPN allows you to connect to a proxy server that will access online sites on your behalf and enables a secure connection most anywhere you go. A VPN also allows hides your IP address and allows you to browse anonymously from any location.

How VPNs work

To use a VPN you subscribe to VPN service, download the app onto your desktop or phone, set up your account, and then log onto a VPN server to conduct your online activity privately.

If you are still logging on to public Wi-Fi, here are a few tips to keep you safe until VPNs become as popular as Wi-Fi.

Stay Safe on Public Wi-Fi 

Verify your connection. Fake networks that mine your data abound. If you are logging on to Wi-Fi in a coffee shop, hotel, airport, or library, verify the exact name of the network with an employee. Also, only use Wi-Fi that requires a password to log on.public wi-fi risks

Don’t get distracted. For adults, as well as kids, it’s easy to get distracted and absorbed with our screens — this is risky when on public Wi-Fi, according to Diana Graber, author of Raising Humans in a Digital World. “Knowing how to guard their personal information online is one of the most important skills parents need to equip their young kids with today,” says Graber. “Lots of young people visit public spaces, like a local coffee shop or library, and use public Wi-Fi to do homework, for example. It’s not uncommon for them to get distracted by something else online or even tempted to buy something, without realizing their personal information (or yours!) might be at risk.”

Disable auto Wi-Fi connect. If your phone automatically joins surrounding networks, you can disable this function in your settings. Avoid linking to unknown or unrecognized networks.

Turn off Wi-Fi when done. Your computer or phone can still transmit data even when you are not using it. Be sure to disable your Wi-Fi from the network when you are finished using it.

Avoid financial transactions. If you must use public Wi-Fi, don’t conduct a sensitive transaction such as banking, shopping, or any kind of activity that requires your social security or credit card numbers or password use. Wait until you get to a secured home network to conduct personal business.

Look for the HTTPS. Fake or unsecured websites will not have the HTTPS in their address. Also, look for the little lock icon in the address bar to confirm a secure connection.

Secure your devices. Use a personal VPN as an extra layer of security against hackers and malware.

The post The Risks of Public Wi-Fi and How to Close the Security Gap appeared first on McAfee Blogs.

How To Sidestep Popular Social Scams

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you know what to look out for.

Nosy Quizzes & Questionnaires

Quizzes circulating on Facebook, Twitter, and other social platforms may look like a fun way to win free stuff, but often they are phishing attacks in disguise. Many appear to be sponsored by big-name brands such as airlines and major retailers, offering free products or discount tickets if you just answer a few questions. The questions are designed to get you to reveal personal information that can be used to guess your passwords or security questions, such as your mother’s maiden name, or your hometown.

Creepy Crypto Scams 

While cryptocurrencies lost a lot of value over the last year, the same cannot be said for cryptocurrency scams. The majority of them center on distributing crypto mining malware, which allows hackers to access a person’s computer or device without their permission in order to mine for cryptocurrencies. In fact, these scams have been so prolific that at the end of 2018 McAfee reported that coin mining malware had grown more than 4000% in the previous year.

Many of these miners were distributed through phishing emails and websites, using “giveaway” scams on social media, or even via crypto mining chat groups on platforms such as Slack. Cybercrooks enter the chat rooms, pretending to be fellow miners, and encourage users to download malware disguised as “fixes” to crypto issues.

Romance & “Sextortion” Scams 

The meteoric rise of online dating has led to a similar increase in romance scams. These often involve bad actors preying on lonely people who are looking to connect. Scammers build up a sense of trust over online dating and social media platforms, before asking for money. They often claim the money is for an emergency, or a plane ticket to visit. This kind of manipulation works so well that the Better Business Bureau estimates that victims in the U.S. and Canada lost nearly $1 billion to romance scams between 2015 and 2018.

And while romance is one way to manipulate users, another driver is fear. This is certainly the case with the recent rise in so-called “sextortion” scams, which scare users into paying money to prevent incriminating pictures or videos of them from getting out. The bad guys claim that they obtained the embarrassing content by infecting the victim’s device with malware, and often send part of an old, leaked password as proof that they could have accessed their account.

Topical News Hooks

Whenever a major story sweeps the news, chances are the scammers are looking for ways to capitalize on it. This is exactly what happened during the recent U.S. government shutdown, which left 800,000 federal employees out of work for over a month. Since many of these workers were looking for extra income, job scams abounded. Some phony job ads asked workers to fill out detailed job application forms, in order to steal their Social Security numbers and other private information.

In another ruse, scammers sent out phony emails that appeared to be from the IRS, saying that the recipient could get a discount on their tax bills if they paid during the shutdown.

Tried-and-True Scams

Package Delivery— Phony package delivery emails usually spike around the holidays, but in the age of Amazon Prime delivery scams are circulating year-round. Be on the lookout for more recent Amazon scams that come in the form of a phishing email, asking you to review a product to get rewards. If you click on the link it could deliver malware, or even ransomware.

Tech Support— This is one of the oldest, but most persistent scams to date. Phishing websites and phony pop-up warnings that a computer or device is infected have led thousands of people to hand over personal and financial information to fix a problem they don’t really have.

Even though consumers have become savvier about these scams, a recent Microsoft survey found that 3 out of 5 people have been exposed to tech support scams over the last year.

So, now that you know what to look out for, here are our top tips for sidestepping the scammers:

  • Be careful where you click—Don’t open suspicious links and attachments, and never click on pop-up messages from an unknown source. If you get a suspicious login or payment request, go directly to the provider’s official website to see if the request is legitimate.
  • Know how to spot the fake—Phony messages or documents will often look like a simplified version of the real thing, with poor quality graphics, incorrect grammar and spelling, and a generic personal greeting.
  • Keep your personal information private—Avoid online quizzes, and never share personal or financial details with someone you don’t know in real life. Review your privacy and security settings on social sites to make sure that you aren’t leaking information.
  • Be a smart online shopper—Only buy from reputable websites, and steer away from deals that seem too good to be true. Be suspicious of unusual payment requests, such as buying gift cards or using virtual currency.
  • Become a password pro—Choose complex and unique passwords for all of your accounts. Consider using a password manager to help you create and store complicated passwords securely.
  • Protect your computers and devices—Use comprehensive security software that can safeguard you from the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

Roses Are Red, Violets Are Blue – What Does Your Personal Data Say About You?

A classic meet-cute – the moment where two people, destined to be together, meet for the first time. This rom-com cornerstone is turned on its head by Netflix’s latest bingeable series “You.” For those who have watched, we have learned two things. One, never trust someone who is overly protective of their basement. And two, in the era of social media and dating apps, it’s incredibly easy to take advantage of the amount of personal data consumers readily, and somewhat naively, share online and with the cloud every day.

We first meet Joe Goldberg and Guinevere Beck – the show’s lead characters – in a bookstore, she’s looking for a book, he’s a book clerk. They flirt, she buys a book, he learns her name. For all intents and purposes, this is where their story should end – but it doesn’t. With a simple search of her name, Joe discovers the world of Guinevere Beck’s social media channels, all conveniently set to public. And before we know it, Joe has made himself a figurative rear-window into Beck’s life, which brings to light the dangers of social media and highlights how a lack of digital privacy could put users in situations of unnecessary risk. With this information on Beck, Joe soon becomes both a physical and digital stalker, even managing to steal her phone while trailing her one day, which as luck would have it, is not password protected. From there, Joe follows her every text, plan and move thanks to the cloud.

Now, while Joe and Beck’s situation is unique (and a tad dramatized), the amount of data exposed via their interactions could potentially occur through another romantic avenue – online dating. Many millennial couples meet on dating sites where users are invited to share personal anecdotes, answer questions, and post photos of themselves. The nature of these apps is to get to know a stranger better, but the amount of personal information we choose to share can create security risks. We have to be careful as the line between creepy and cute quickly blurs when users can access someone’s every status update, tweet, and geotagged photo.

While “You” is an extreme case of social media gone wrong, dating app, social media, and cloud usage are all very predominant in 2019. Therefore, if you’re a digital user, be sure to consider these precautions:

  • Always set privacy and security settings. Anyone with access to the internet can view your social media if it’s public, so turn your profiles to private in order to have control over who can follow you. Take it a step further and go into your app settings to control which apps you want to share your location with and which ones you don’t.
  • Use a screen name for social media accounts. If you don’t want a simple search of your name on Google to lead to all your social media accounts, consider using a different variation of your real name.
  • Watch what you post. Before tagging your friends or location on Instagram and posting your location on Facebook, think about what this private information reveals about you publicly and how it could be used by a third-party.
  • Use strong passwords. In the chance your data does become exposed, or your device is stolen, a strong, unique password can help prevent your accounts from being hacked.
  • Leverage two-factor authentication. Remember to always implement two-factor authentication to add an extra layer of security to your device. This will help strengthen your online accounts with a unique, one-time code required to log in and access your data.
  • Use the cloud with caution. If you plan to store your data in the cloud, be sure to set up an additional layer of access security (one way of doing this is through two-factor authentication) so that no one can access the wealth of information your cloud holds. If your smartphone is lost or stolen, you can access your password protected cloud account to lock third-parties out of your device, and more importantly your personal data.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Roses Are Red, Violets Are Blue – What Does Your Personal Data Say About You? appeared first on McAfee Blogs.

How Online Gamers Can Play It Safe

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk.

From malware and phishing scams, to phony game hacks, identity theft, and more, gamers of all stripes now face a minefield of obstacles online and in real life. So, if you’re going to play games, it’s best to play it safe.

Here’s what to look out for:

Dodgy Downloads

Gamers who play on their computer or mobile device need to watch out for dangerous links or malicious apps disguised as popular or “free” games. Hackers often use innocent-looking downloads to deliver viruses and spyware, or even sign you up for paid services, without your consent. In one prominent case, more than 2.6 million Android users downloaded fake Minecraft apps that allowed hackers to take control of their devices.

Researchers have even discovered a ransomware threat that targets gamers. TeslaCrypt was designed to encrypt game-play data until a ransom is paid. Originally distributed through a malicious website, it has since been circulating via spam.

And while it’s true that game consoles like PlayStation and Xbox aren’t as vulnerable to viruses, since they are closed systems, that doesn’t mean that their users don’t face other risks.

Social Scams

Players on any platform could wind up with malware, sent directly from other players via chat messages. Some scammers use social engineering tricks, like inviting other players to download “helpful” tools that turn out to be malware instead. When you consider that 62% of kids play games where they speak to others, the odds of a risky interaction with a stranger seems quite real.

Players of the Origin and Steam services, for instance, were targeted by hackers posing as other players, inviting them to play on their teams. Over chat message, they suggested the players download an “audio tool” that turned out to be a keystroke logger, aimed at stealing their access credentials for the game.

Other social scams include malicious YouTube videos or websites, offering game bonuses and currency, for free.

Another widespread social threat is account takeover, or ATO for short. This is when a scammer hacks a real account in order to post spammy links, and scam messages that appear to come from a trusted contact. Some accounts, for games like League of Legends, have even been stolen and sold online for money because they boasted a high level, or rare skins.

Phishing

Finally, be on the lookout for phishing websites, offering free games or bonuses, or phishy emails prompting you to login to your account, with a link leading to a copycat gaming site. Often, these are designed to steal your login credentials or distribute fake games that contain malware.

Players of the wildly popular Fortnite, for example, have been particularly targeted. The latest phishing scam is aimed at stealing the third-party sign-in tokens that allow cybercriminals to access a user’s account, and the payment details associated with it.

So now that you know about a little more about gaming threats, here’s how to win at playing it safe:

  1. Do Your Research—Before downloading any games from the Internet or app stores, make sure to read other users’ reviews first to see that they are safe. This also goes for sites that sell game hacks, credits, patches, or virtual assets typically used to gain rank within a game. Avoid illegal file-sharing sites and “free” downloads, since these are often peppered with malware. It’s always best to go for a safer, paid option from a reputable source.
  2. Play Undercover— Be very careful about sharing personal information, in both your profile information, and your chat messages. Private information, such as your full name, address, pet’s name, school, or work details, could be used to guess your account password clues, or even impersonate you. Consider playing under an alias.
  3. Be Suspicious—Since scammers use the social aspect of games to fool people, you need to keep your guard up when you receive messages from strangers, or even read reviews.
    Some YouTube and social media reviews are placed there to trick users into thinking that the game or asset is legitimate. Dig deep, and avoid looking for free hacks. Ask gamers you know in real life for recommendations that worked for them.
  4. Protect Yourself—Avoid using older versions of games, and make sure that games you do play are updated with patches and fixes. And if you think a gaming account may already have been compromised, change your passwords immediately to something unique and complex.Safeguard your computers and devices from known and emerging threats by investing in comprehensive security software, and keep yourself up-to-date on the latest scams.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1]According to The 2017 Year In Review Report by SuperData

The post How Online Gamers Can Play It Safe appeared first on McAfee Blogs.

Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure

Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a malicious website is attempting to trick users into handing over their McAfee activation keys and personally identifiable information (PII) data by disguising themselves as the official McAfee customer support website.

So how exactly does this cyberthreat work? First, malicious actors advertise the fake website on Twitter. If a user clicks on the ad, they are presented with a “Download McAfee” button. When the user clicks on the download button, they are redirected to a screen prompting them to enter their name, email address, contact number, and product activation key to proceed with the download. However, when the user clicks on the “Start Download” button, they are redirected to a screen stating that their download failed due to an unexpected error.

 

At this point, the site owner has received the user’s personal data, which they could exploit in a variety of ways. And while this scheme may seem tricky to spot, there are a number of ways users can defend themselves from similar scams:

  • Be vigilant when clicking on social media links. Although it may be tempting to click on advertisements on your social media feed, these ads could possibly house sketchy websites developed by cybercriminals. Use caution when interacting with social media ads.
  • Go straight to the source. If you come across an advertisement claiming to be from a company and the link asks for personal data, it’s best to go directly to the company’s website instead. Use the official McAfee customer support page if you require technical support or assistance with your McAfee product.
  • Use security software. A security solution like McAfee WebAdvisor can help you spot suspicious websites and protect you from accidentally clicking on malicious links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure appeared first on McAfee Blogs.

Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy

It’s 2019 and technology is becoming more sophisticated and prevalent than ever. With more technology comes greater connectivity. In fact, by 2020, there will be more than 20 billion internet-connected devices around the world. This equates to more than four devices per person. As we adopt new technology into our everyday lives, it’s important to consider how this emerging technology could lead to greater privacy risks if we don’t take steps to protect our data. That’s why the National Cyber Security Alliance (NCSA) started Data Privacy Day to help create awareness surrounding the importance of recognizing our digital footprints and safeguarding our data. To further investigate the impact of these footprints, let’s take a look at how we perceive the way data is shared and whose responsibility it is to keep our information safe.

The Impact of Social Media

Most of us interact with multiple social media platforms every day. And while social media is a great way to update your friends and family on your daily life, we often forget that these platforms also allow people we don’t really know to glimpse into our personal lives. For example, 82% of online stalkers use social media to find out information about potential victims, such as where they live or where they go to school. In other words, social media could expose your personal information to users beyond your intended audience.

Certain social media trends also bring up issues of privacy in the world of evolving technology. Take Facebook’s 10-year challenge, a recent viral trend encouraging users to post a side-by-side image of their profile pictures from 2009 and 2019. As WIRED reporter Katie O’Neill points out, the images offered in this trending challenge could potentially be used to train facial recognition software for age progression and age recognition. While the potential of this technology is mostly mundane, there is still a risk that this information could be used inequitably.

How to Approach Requests for Personal Data

Whether we’re using social media or other online resources, we all need to be aware of what personal data we’re offering out and consider the consequences of providing the information. While there are some instances where we can’t avoid sharing our personal data, such as for a government document or legal form, there are other areas where we can stand to be a little more conservative with the data that we divulge. For example, many of us have more than just our close family and friends on our social networks. So, if you’re sharing your location on your latest post, every single person who follows you has access to this information. The same goes for those online personality quizzes. While they may be entertaining, they put an unnecessary amount of your personal information out in the open. This is why it’s crucial to be thoughtful of how your data is collected and stored.

So, what steps can you take to better protect your online privacy? Check out the following tips to help safeguard your data:

  • Think before you post. Before tagging your friends on Instagram, sharing your location on Facebook, or enabling facial recognition, consider what this information reveals and how it could be used by a third-party.
  • Set privacy and security settings. If you don’t want the entire World Wide Web to be able to access your social media, turn your profiles to private. You can also go to your device settings and choose which apps or browsers you want to share your location with and which ones you don’t.
  • Enable two-factor authentication. In the chance your data does become exposed, a strong, unique password can help prevent your accounts from being hacked. Furthermore, you can implement two-factor authentication to stay secure. This will help strengthen your online accounts with a unique, one-time code required to log in and access your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy appeared first on McAfee Blogs.

How Safe is Your Child’s School WiFi?

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily life than the canteen!! And that is saying something…

You’d be hard pressed to find a child who rocked up to school without a device in their backpack in our digital age. The vast majority of schools have embraced the many positive learning benefits that internet-connected devices offer our kids. The traditional blackboard and textbook lessons that were confined to the four walls of the classroom are gone. Instead our kids can research, discover, collaborate, create and most importantly, learn like never before.

But in order for this new learning to occur, our kids need to be internet connected. And this is where school WiFi comes into play.

Do Parents Need to Be Concerned About School WiFi?

As parents, we have a responsibility to ensure our kids are safe and not at risk – and that includes when they are using the WiFi at school. Ideally, your child’s school should have a secure WiFi network but unfortunately, that doesn’t mean that they do. School budgets are tight and top-notch secure WiFi networks are expensive, so in some cases, security maybe jeopardised.

The other factor we shouldn’t ignore is that our batch of digital natives are very tech literate. The possibility that one of them may choose to cause some mayhem to their school WiFi network should also not be ignored!!

At the end of the day, the security of a WiFi network is all about whether it has tight access controls. If it allows only approved devices and people to connect via a secure login then it is more secure than public WiFi. However, if it is open to anyone or easy for anyone to connect to it, then you need to treat it like public WiFi.

What Are the Risks?

An unsecured school WiFi network is as risky as public WiFi which, according to the Harvard Business Review, is as risky as rolling a dice,

Students and staff who use an unsecured WiFi network are at risk of receiving phishing emails, being the victim of a ransomware attack or even having their data or personal details stolen. There is also a risk that the entire school’s operations could be disrupted and possibly even closed down through a DDOS – a Denial of Service Attack.

What Can Parents Do to Ensure Their Kids Are Safe Using School WiFi?

There are several steps parents can take to minimise the risks when their offspring use school WiFi.

  1. Talk To Your School

The first thing to do is speak to your child’s school to understand exactly how secure their network is. I’d recommend asking who has access to the network, what security practices they have in place and how they manage your child’s private data.

  1. Install Security Software

Operating a device without security software is no different to leaving your front door unlocked. Installing security software on all devices, including smartphones, will provide protection against viruses, online threats, risky websites and dangerous downloads. Check out McAfee’s Total Protection security software for total peace of mind!

  1. Keep Device Software Up To Date

Software updates are commonly designed to address security issues. So ensuring ALL your devices are up to date is a relatively easy way of minimising the risk of being hacked.

  1. Schedule Regular Data Back Up

If you are the victim of a ransomware attack and your data is backed up then you won’t even have to consider paying the hefty fee to retrieve your (or your child’s) data. Backing up data regularly should be not negotiable however life can often get in the way. Why not schedule automatic backups? I personally love online backup options such as Dropbox and Google Drive however you may choose to invest in a hard drive.

  1. Public Wi-Fi Rules?

If after talking to your school, you aren’t convinced that your child’s school WiFi network is secure, then I recommend that your kids should treat it as if it was public WiFi. This means that they should NEVER conduct any financial transactions using it and never share any personal details. But the absolute best way of ensuring your child is safe using an unsecured WiFi network, is to use a Virtual Private Network (VPN). A VPN like McAfee’s Safe Connect creates an encrypted tunnel so anything that is shared over WiFi is completely safe.

As a mum of 4, I am very keen to ensure my kids are engaged with their learning. And in our digital times, this means devices and WiFi. So, let’s support our kids and their teachers in their quest for interactive, digital learning but please don’t forget to check in and ensure your kids are as safe as possible while using WiFi at school.

Take Care

Alex xx

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.

5G Is Coming: Security Risks You Need to Know About

The future of connectivity is here ­– 5G. This new network is set to roll out across the nation this coming year and bring greater speed to our handheld devices, which means more data and lower latency. But perhaps one of the most anticipated and popular benefits is it will allow even more IoT devices to come online and encourage more connection between said devices. This would enable users to remotely connect to or monitor their IoT devices like kitchen or security gadgets. The promise of more connectivity, smoother IoT user experience, and even more devices online, means there are likely more opportunities and avenues for cyberattacks. 5G will no doubt shape the foreseeable future, let’s see how.

Today, interconnected devices operate on low-powered, low-data-rate networks, such as Cat-M and NB-IoT. With the introduction of 5G networks across the world, the capabilities of VR and AR, AI and ML, and automation and robotics will enhance immensely. Take self-driving cars, for example. These machines require close proximity to their computing to reduce the latency of decision making. The capabilities of 5G don’t end there either. From manufacturing, transportation and logistics, to public safety and the establishment of smart cities, industries are at the ready to take their business to the next level with 5G. With this newfound growing anticipation for the future of 5G, the question has to be asked, what are the security implications for smaller IoT devices?

From an innovation standpoint, 5G is a beacon of light, but from a cybersecurity standpoint, 5G is a “hotbed for a new era of intensified cyberwar.” Denial-of-service attacks, or DDoS, are particular causes of concern for cybersecurity researchers. Devices like refrigerators, thermometers, even light bulbs, will be able to come online because of 5G. Users will be able to remotely check on these appliances through a simple app, but these devices can also be usurped by malicious characters. This increased connectivity and power could see big name sites down for days, or even affect city utility capabilities. Government agencies and private entities are not immune either, but they do have plans in place in the event a DDoS attack occurs.

While consumers can only wait and see what happens with the rollout, industries across the board will want to harness the benefits of 5G. However, consumers and organizations alike need to be cautious in terms of how 5G could be used to help, or hinder, us in the future. Rest assured, even if malicious actors utilize this technology, McAfee’s security strategy will continue to keep pace with the ever-changing threat landscape.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post 5G Is Coming: Security Risks You Need to Know About appeared first on McAfee Blogs.

AI & Your Family: The Wows and Potential Risks

artificial intelligenceAm I the only one? When I hear or see the word Artificial Intelligence (AI), my mind instantly defaults to images from sci-fi movies I’ve seen like I, Robot, Matrix, and Ex Machina. There’s always been a futuristic element — and self-imposed distance — between AI and myself.

But AI is anything but futuristic or distant. AI is here, and it’s now. And, we’re using it in ways we may not even realize.

AI has been woven throughout our lives for years in various expressions of technology. AI is in our homes, workplaces, and our hands every day via our smartphones.

Just a few everyday examples of AI:

  • Cell phones with built-in smart assistants
  • Toys that listen and respond to children
  • Social networks that determine what content you see
  • Social networking apps with fun filters
  • GPS apps that help you get where you need to go
  • Movie apps that predict what show you’d enjoy next
  • Music apps that curate playlists that echo your taste
  • Video games that deploy bots to play against you
  • Advertisers who follow you online with targeted ads
  • Refrigerators that alert you when food is about to expire
  • Home assistants that carry out voice commands
  • Flights you take that operate via an AI autopilot

The Technology

While AI sounds a little intimidating, it’s not when you break it down. AI is technology that can be programmed to accomplish a specific set of goals without assistance. In short, it’s a computer’s ability to be predictive — to process data, evaluate it, and take action.

AI is being implemented in education, business, manufacturing, retail, transportation, and just about any other sector of industry and culture you can imagine. It’s the smarter, faster, more profitable way to accomplish manual tasks.

An there’s tons of AI-generated good going on. Instagram — the #2 most popular social network — is now using AI technology to detect and combat cyberbullying on in both comments and photos.

No doubt, AI is having a significant impact on everyday life and is positioned to transform the future.

Still, there are concerns. The self-driving cars. The robots that malfunction. The potential jobs lost to AI robots.

So, as quickly as this popular new technology is being applied, now is a great time to talk with your family about both the exciting potential of AI and the risks that may come with it.

Talking points for families

Fake videos, images. AI is making it easier for people to face swap within images and videos. A desktop application called FakeApp allows users to seamlessly swap faces and share fake videos and images. This has led to the rise in “deep fake” videos that appear remarkably realistic (many of which go viral). Tip: Talk to your family about the power of AI technology and the responsibility and critical thinking they must exercise as they consume and share online content.

Privacy breaches. Following the Cambridge Analytica/Facebook scandal of 2018 that allegedly used AI technology unethically to collect Facebook user data, we’re reminded of those out to gather our private (and public) information for financial or political gain. Tip: Discuss locking down privacy settings on social networks and encourage your kids to be hyper mindful about the information they share in the public feed. That information includes liking and commenting on other content — all of which AI technology can piece together into a broader digital picture for misuse.

Cybercrime. As outlined in McAfee’s 2019 Threats Prediction Report, AI technology will likely allow hackers more ease to bypass security measures on networks undetected. This can lead to data breaches, malware attacks, ransomware, and other criminal activity. Additionally, AI-generated phishing emails are scamming people into handing over sensitive data. Tip: Bogus emails can be highly personalized and trick intelligent users into clicking malicious links. Discuss the sophistication of the AI-related scams and warn your family to think about every click — even those from friends.

IoT security. With homes becoming “smarter” and equipped with AI-powered IoT products, the opportunity for hackers to get into these devices to steal sensitive data is growing. According to McAfee’s Threat Prediction Report, voice-activated assistants are especially vulnerable as a point-of-entry for hackers. Also at risk, say security experts, are routers, smartphones, and tablets. Tip: Be sure to keep all devices updated. Secure all of your connected devices and your home internet at its source — the network. Avoid routers that come with your ISP (Internet Security Provider) since they are often less secure. And, be sure to change the default password and secure your primary network and guest network with strong passwords.

The post AI & Your Family: The Wows and Potential Risks appeared first on McAfee Blogs.

The Collection #1 Data Breach: Insights and Tips on This Cyberthreat

As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the Equifax data breach, a new monster breach now has to become top of mind for us all. Say hello to Collection #1, a data set exposing 772,904,991 unique email addresses and over 21 million unique passwords.

Discovered by security researcher Troy Hunt, Collection #1 first appeared on the popular cloud service called MEGA. The Collection #1 folder held over 12,000 files that weigh in at over 87 gigabytes. When the storage site was taken down, the folder was then transferred to a public hacking site. What’s truly astonishing about this is that the data was not for sale; it was simply available for anyone to take.

You may be wondering, how was all this data collected? It appears that this data was comprised of a breach of breaches, aggregating over 2,000 leaked databases containing cracked passwords, in order to achieve maximum exposure. The sheer volume of this breach makes Collection #1 the second largest in size to Yahoo, and the largest public breach ever (given the data was openly exposed on the internet).

It appears that this data set is designed for use in credential-stuffing attacks, where cybercriminals will use email and password combinations to hack into consumers’ online accounts. The risks could be even greater for those who reuse credentials across multiple accounts. In order to help protect yourself from this threat, it’s vital that users act fast and use the following tips to help protect their data:

  • Use strong, unique passwords. In addition to making sure all of your passwords are strong and unique, never reuse passwords across multiple accounts. You can also enable a password manager to help keep track of your credentials.
  • Change your passwords. Even if it doesn’t appear that your data was breached, it’s better to err on the side of caution and change all of your passwords to better protect yourself.
  • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Collection #1 Data Breach: Insights and Tips on This Cyberthreat appeared first on McAfee Blogs.

Children’s Charity or CryptoMix? Details on This Ransomware Scam

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making a donation instead of a ransom payment. While CryptoMix has used this guise in the past, they’ve recently upped the ante by using legitimate information from crowdfunding pages for sick children to further disguise this scheme.

So, how does CryptoMix trick users into making ransom payments? First, the victim receives a ransom note containing multiple email addresses to contact for payment instructions. When the victim contacts one of the email addresses, the “Worldwide Children Charity Community” responds with a message containing the profile of a sick child and a link to the One Time Secret site. This website service allows users to share a post that can only be read once before it’s deleted. CryptoMix’s developers use One Time Secret to distribute payment instructions to the victim and explain how their contribution will be used to provide medical help to sick children. The message claims that the victim’s data will be restored, and their system will be protected from future attacks as soon as the ransom is paid. In order to encourage the victim to act quickly, the note also warns that the ransom price could double in the next 24 hours.

After the victim makes the payment, the ransomware developers send the victim a link to the decryptor. However, they continue to pretend they are an actual charity, thanking the victim for their contribution and ensuring that a sick child will soon receive medical help.

CryptoMix’s scam tactics show how ransomware developers are evolving their techniques to ensure they make a profit. As ransomware threats become stealthier and more sophisticated, it’s important for users to educate themselves on the best techniques to combat these threats. Check out the following tips to help keep your data safe from ransomware:

  • Back up your data. In order to avoid losing access to your important files, make copies of them on an external hard drive or in the cloud. In the event of a ransomware attack, you will be able to wipe your computer or device and reinstall your files from the backup. Backups can’t always prevent ransomware, but they can help mitigate the risks.
  • Never pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments.
  • Use security software. Adding an extra layer of security with a solution such as McAfee Total Protection, which includes Ransom Guard, can help protect your devices from these types of cyberthreats.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

How to Protect Three Common IoT Devices in 2019

It’s no secret – IoT devices are creeping into every facet of our daily lives. In fact, Gartner estimates there will be 20.4 Billion IoT devices by the year 2020. More devices mean greater connectivity and ease of use for their owners, but connectivity also means more opportunities for hacks. With CES 2019 kicking off this week, we turn our focus toward the year ahead, and take a look at some of the IoT devices that are particularly high-profile targets for cybercriminals: gaming systems, voice tech, routers, and smart cars.

Routers

Routers are very susceptible to attacks as they often come with factory-set passwords that many owners are unaware of or don’t know how to change, making these devices easy targets for hackers. That’s bad news, since a router is the central hub in a connected home. If a router is compromised and all of the devices share the same Wi-Fi network, then they could potentially all be exposed to an attack. How? When an IoT device talks to its connected router, the device could expose many of its internal mechanisms to the internet. If the device does not require re-authentication, hackers can easily scan for devices that have poorly implemented protocols. Then with that information, cybercriminals can exploit manufacturer missteps to execute their attacks. To help protect your router (and thus all your other devices), a best practice is to consider one with a layer of protection built-in, and be sure to use a long and complex password for your Wi-Fi network.

Gaming Systems

Over ten years ago, researchers found that many video gaming consoles were being distributed with major security issues involved with the Universal Plug and Play protocol (UPnP), a feature that allows IoT devices on a network to see each other and interact with one another. However, not much has been done to solve the problem. Through exploiting the UPnP weaknesses in gaming systems to reroute traffic over and over again, cybercriminals have been able to create “multi-purpose proxy botnets,” which they can use for a variety of purposes.  This is just the jumping-off point for malicious behavior by bad actors. With this sort of access into a gaming system, they can execute DDoS attacks, malware distribution, spamming, phishing, account takeovers, click fraud, and credit card theft. Our recent gaming survey found that 64% of respondents either have or know someone who has been directly affected by a cyberattack, which is an astonishing uptick in attacks on gamers. Considering this shift, follow our tips in the section above for routers and Wi-Fi, never use the same password twice, and be weary of what you click on.

Voice Tech

In 2018, 47.3 million adults had access to smart speakers or voice assistants, making them one of the most popular connected devices for the home. Voice-first devices can be vulnerable largely due to what we enable them to be connected with for convenience; delivery, shopping, and transportation services that leverage our credit cards. While it’s important to note that voice-first devices are most often compromised within the home by people who have regular access to your devices (such as kids) when voice recognition is not properly configured, any digital device can be vulnerable to outside attacks too if proper security is not set up. For example, these always-on, always-listening devices could be infiltrated by cybercriminals through a technique called “voice squatting.” By creating “malicious skills,” hackers have been able to trick voice assistants into continuing to listen after a user finishes speaking. In this scenario an unsuspecting person might think they’re connecting to their bank through their voice device, when unbeknownst to them, they’re giving away their personal information.  Because voice-controlled devices are frequently distributed without proper security protocol in place, they are the perfect vehicle in terms of executing a cyberattack on an unsuspecting consumer. To protect your voice assistants, make sure your Wi-Fi password is strong, and be on the lookout for suspicious activity on linked accounts.

While you can’t predict the future of IoT attacks, here are some additional tips and best practices on how to stay ahead of hackers trying to ruin your year:

  • Keep your security software up-to-date. Software and firmware patches are always being released by companies and are made to combat newly discovered vulnerabilities, so be sure to update every time you’re prompted to.
  • Pay attention to the news. With more and more information coming out around vulnerabilities and flaws, companies are more frequently sending out updates for smart cars and other IoT devices. While these should come to you automatically, be sure to pay attention to what is going on in the space of IoT security.
  • Change your device’s factory security settings. This is the single most important step to take to protect all devices. When it comes to products, many manufacturers aren’t thinking “security first.” A device may be vulnerable as soon as opening the box. By changing the factory settings you’re instantly upgrading your device’s security.
  • Use best practices for linked accounts.  For gaming systems and voice-first devices in particular, if you connect a service that leverages a credit card, protect that linked service account with strong passwords and two-factor authentication (2FA) where possible. In addition, pay attention to notification emails, especially those regarding new orders for goods or services. If you notice suspicious activity, act accordingly.
  • Setup a separate IoT network. Consider setting up a second network for your IoT devices that don’t share access to your other devices and data. Check your router manufacturer’s website to learn how. You might also consider adding in another network for guests and unsecured devices from others. Lastly, consider getting a router with built-in security features to make it easier to protect all the devices in your home from one place.
  • Use a firewall. A firewall is a tool that monitors traffic between an Internet connection and devices to detect unusual or suspicious behavior. Even if a device is infected, a firewall can keep a potential attacker from accessing all the other devices on the same network. When looking for a comprehensive security solution, see if a Firewall is included to ensure that your devices are protected.
  • Up your gaming security. Just announced at CES 2019, we’re bringing a sense of security to the virtual world of video games. Get in on the action with McAfee Gamer Security, Beta, it’s free!

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post How to Protect Three Common IoT Devices in 2019 appeared first on McAfee Blogs.

Kicking off CES 2019 with New Security Solutions and Collaborations

Today, we at McAfee are announcing some exciting new security solutions and integrations at CES in Las Vegas. For those of you who are unfamiliar with CES, it is the global stage for innovators to showcase the next generation of consumer technologies. McAfee now delivers protection to more than 500 million customers worldwide, and we understand the importance of creating new solutions for those who want to live their connected lives with confidence. To help empower our customers to do this, we’ve added to our security lineup and are working with other tech innovators who understand the importance of protecting users’ online safety.

One addition to our lineup of security solutions is McAfee Gamer Security. In a recent gaming survey, we discovered that 75% of gamers are worried about the security of gaming as online threats continue to rise. To help combat these threats, we developed McAfee Gamer Security, which protects gamers while optimizing their gaming experience. Some of the product’s key features include Game Mode, a gamer-centric interface, and minimal security resource consumption. These features help optimize gamers’ computing resources, provide system status updates, and equip users with lightweight security protection.

In addition to our latest product advancements, we’ve also teamed up with other companies looking to better the cybersecurity landscape for consumers. The first is Google. In order to further simplify the process of securing today’s connected home, McAfee will provide McAfee Secure Home Platform voice commands for the Google Assistant. McAfee Secure Home Platform provides an extra layer of security to help automatically protect all of the connected devices on the user’s home network. Soon, Google Assistant users can easily manage their connected home security by just using their voice.

While it’s important to secure the connected home, it is also important to protect your mobile and IoT devices as well. According to McAfee Labs 2019 predictions, cybercriminals will leverage trusted devices like smartphones and tablets to try and access users’ IoT devices in the upcoming year. To help customers stay safeguarded from this threat, we’ve teamed up with Verizon to protect their home networks through Verizon Home Network Protection. This McAfee-powered solution helps Verizon Fios customers stay secured against malicious websites, provide parental controls, and protect all devices connected to their home network.

Furthermore, we at McAfee and Dell have teamed up to protect consumers and small businesses as they enjoy the benefits of today’s technology. To do this, we’ve expanded our collaboration to provide pre-installed McAfee software on PCs and laptops globally to both consumer and small business customers. Customers who purchase a new laptop or PC will also have the option to extend McAfee protection beyond their Dell device to their smartphones and tablets. This allows users to have a more robust security shield around all of their connected devices, creating a safer overall online experience. Dell consumer and small business customers who purchase Dell Inspiron, XPS, Vostro, and G-Series laptops will receive a 30-day or 1-year subscription. Customers who purchase Alienware, OptiPlex, Latitude, and Precision will have the option of adding a 30-day free subscription or purchasing a 1-year subscription.

Another one of our latest innovations is the addition of Cryptojacking Blocker to McAfee WebAdvisor. As we observed in our latest McAfee Labs report, coin mining malware is on the rise, growing more than  4000% in the last year. Cryptojacking Blocker helps protect users from having their devices hijacked without their knowledge or permission. The tool helps prevents websites from mining for cryptocurrency and is included in all McAfee suites that include McAfee WebAdvisor. Users can update their existing WebAdvisor software to get Cryptojacking Blocker or download WebAdvisor for free.

So far, CES 2019 has proven that innovation will continue to evolve, just as the cybersecurity landscape will continue to mature. By working together to improve the technology that protects connected devices, we can help users optimize their digital life without compromising their online safety.

To stay on top of McAfee’s CES news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Kicking off CES 2019 with New Security Solutions and Collaborations appeared first on McAfee Blogs.

Businesses Beware: Top 5 Cyber Security Risks

Hackers are working hard to find new ways to get your data. It’s not surprising that cyber security risk is top of mind for every risk owner, in every industry. As the frequency and complexity of malicious attacks persistently grows, every company should recognize that they are susceptible to an attack at any time—whether it comes as an external focused attack, or a social engineering attack. Let’s take a look at the top 5 risks that every risk owner should be preparing for.

  1. Your Own Users. It is commonly known, in the security industry, that people are the weakest link in the security chain. Despite whatever protections you put in place from a technology or process/policy point of view, human error can cause an incident or a breach. Strong security awareness training is imperative, as well as very effective documented policies and procedures. Users should also be “audited” to ensure they understand and acknowledge their role in policy adherence. One area that is often overlooked is the creation of a safe environment, where a user can connect with a security expert on any issue they believe could be a problem, at any time. Your security team should encourage users to reach out. This creates an environment where users are encouraged to be part of your company’s detection and response. To quote the Homeland Security announcements you frequently hear in airports, “If you see something, say something!” The biggest threat to a user is social engineering—the act of coercing a user to do something that would expose sensitive information or a sensitive system.
  2. Phishing. Phishing ranks number three in both the 2018 Verizon Data Breach Investigation Report Top 20 action varieties in incidents and Top 20 action varieties in breaches. These statistics can be somewhat misleading. For example, the first item on the Top 20 action varieties in breaches list is the use of stolen credentials; number four is privilege abuse. What better way to execute both of those attacks than with a phishing scam. Phishing coerces a user through email to either click on a link, disguised as a legitimate business URL, or open an attachment that is disguised as a legitimate business document. When the user executes or opens either, bad things happen. Malware is downloaded on the system, or connectivity to a Command and Control server on the Internet is established. All of this is done using standard network communication and protocols, so the eco-system is none the wiser—unless sophisticated behavioral or AI capabilities are in place. What is the best form of defense here? 1.) Do not run your user systems with administrative rights. This allows any malicious code to execute at root level privilege, and 2.) Train, train, and re-train your users to recognize a phishing email, or more importantly, recognize an email that could be a phishing scam. Then ask the right security resources for help. The best mechanism for training is to run safe targeted phishing campaigns to verify user awareness either internally or with a third-party partner like Connection.
  3. Ignoring Security Patches. One of the most important functions any IT or IT Security Organization can perform is to establish a consistent and complete vulnerability management program. This includes the following key functions:
  • Select and manage a vulnerability scanning system to proactively test for flaws in IT systems and applications.
  • Create and manage a patch management program to guard against vulnerabilities.
  • Create a process to ensure patching is completed.

Most malicious software is created to target missing patches, especially Microsoft patches. We know that WannaCry and Petya, two devastating attacks, targeted systems that were missing Microsoft MS17-010. Eliminating the “low-hanging-fruit” from the attack strategy, by patching known and current vulnerabilities or flaws, significantly reduces the attack-plane for the risk owner.

  1. Partners. Companies spend a lot of time and energy on Information Security Programs to address external and internal infrastructures, exposed Web services, applications and services, policies, controls, user awareness, and behavior. But they ignore a significant attack vector, which is through a partner channel—whether it be a data center support provider or a supply chain partner. We know that high-profile breaches have been executed through third partner channels, Target being the most prominent.The Target breach was a classic supply chain attack, where they were compromised through one of their HVAC vendors. Company policies and controls must extend to all third-party partners that have electronic or physical access to the environment. Ensure your Information Security Program includes all third partner partners or supply chain sources that connect or visit your enterprise. The NIST Cyber Security Framework has a great assessment strategy, where you can evaluate your susceptibility to this often-overlooked risk.
  2. Data Security. In this day and age, data is the new currency. Malicious actors are scouring the Internet and Internet-exposed corporations to look for data that will make them money. The table below from the 2018 Ponemon Institute 2018 Cost of a Data Breach Report shows the cost of a company for a single record data breach.

Cost for a Single Record Data Breach

The Bottom Line

You can see that healthcare continues to be the most lucrative target for data theft, with $408 per record lost. Finance is nearly half this cost. Of course, we know the reason why this is so. A healthcare record has a tremendous amount of personal information, enabling the sale of more sensitive data elements, and in many cases, can be used to build bullet-proof identities for identity theft. The cost of a breach in the US, regardless of industry, averages $7.9 million per event. The cost of a single lost record in the US is $258.

I Can’t Stress It Enough

Data security should be the #1 priority for businesses of all sizes. To build a data protection strategy, your business needs to:

  • Define and document data security requirements
  • Classify and document sensitive data
  • Analyze security of data at rest, in process, and in motion
  • Pay attention to sensitive data like PII, ePHI, EMR, financial accounts, proprietary assets, and more
  • Identify and document data security risks and gaps
  • Execute a remediation strategy

Because it’s a difficult issue, many corporations do not address data security. Unless your business designed classification and data controls from day one, you are already well behind the power curve. Users create and have access to huge amounts of data, and data can exist anywhere—on premises, user laptops, mobile devices, and in the cloud. Data is the common denominator for security. It is the key thing that malicious actors want access to. It’s essential to heed this warning: Do Not Ignore Data Security! You must absolutely create a data security protection program, and implement the proper policies and controls to protect your most important crown jewels.

Cyber criminals are endlessly creative in finding new ways to access sensitive data. It is critical for companies to approach security seriously, with a dynamic program that takes multiple access points into account. While it may seem to be an added expense, the cost of doing nothing could be exponentially higher. So whether it’s working with your internal IT team, utilizing external consultants, or a mix of both, take steps now to assess your current situation and protect your business against a cyber attack. Stay on top of quickly evolving cyber threats. Reach out to one of our security experts today to close your businesses cyber security exposure gap!

The post Businesses Beware: Top 5 Cyber Security Risks appeared first on Connected.