Category Archives: How To

How to Make Your Startup Super Attractive

The startup scene has, without a doubt, become one of today’s most exciting industries to be a part of. The constant influx of creative and disruptive ideas coming from all over the United States has transformed the way modern business is conducted. From technology startups to new companies transforming the way we get around, the list is endless.

Let’s be honest – there is A LOT that established companies can learn from what startups are doing out there, so let’s tap into Global Resources to determine what exactly makes startups super successful in today’s day and age.

Unique Idea = Easy Sell

Uber has shown us that a unique idea sells. Many startups today are almost guaranteed to succeed, initially, purely because the idea they have is so strong. While the concept of ride-hailing did exist beforehand, Uber linked it with a user-friendly smartphone app that has subsequently produced a multi-billion dollar product.

Make It Cheaper and Simpler

Some startups are not able to rely on a novel idea. Instead, they focus their efforts on creating something that’s more marketable. The virtual reality industries were almost non-existent just a few years ago, and yet today businesses such as Microsoft, Sony and Samsung are all competing for control of the market. Instead of joining that good fight, startup firm Mira has created an augmented reality kit that is cheap and simple enough for the mass market.

Great Talent = Better Investments

An almost guaranteed way to generate interest in a unique idea is to showcase the talent that’s behind it. While startups such as Aurora and Periscope Data are technically categorized as “new companies”, they are actually a collection of former talent from some of the world’s largest companies, including Google, Microsoft, Tesla, and Uber.

It’s very clear that assembling a strong and talented team of individuals attract investors to buy into your product/service.

Be Savvy About Social Media

Building a loyal customer base is critical in today’s day and age. Being able to connect and communicate with your audience can make your brand very powerful. One of the most important factors here is staying consistent and timely. In other words, make sure your social media strategy has a daily routine.

Take time to create an outstanding marketing campaign, complete with animations and videos that can easily be shared on social media. Ultimately, this will help take your company to the next level.

The post How to Make Your Startup Super Attractive appeared first on TechWorm.

How to safeguard your databases from SQL injections

SQL (Structured Query Language) is a popular programming language for managing data kept in relational databases. However, the databases can be breached when an attacker adds SQL statements that attempt to corrupt, delete, extract, or delete the data held in the databases.

With the current rise of SQL injection cases, learning how to protect your databases is critical for achieving your cyber security goals. You can also improve your skills of shielding yourself from this type of attack by watching how professionals do it.

For example, Darren Rainey, who is from the U.K. and has more than four years of experience in cyber security, usually livestreams the measures he employs to safeguard systems from various types of attacks, including SQL injection.

How does an SQL injection take place?

An SQL injection occurs when a hacker “injects” a malicious SQL statement into another statement, causing the database to carry out unintended actions. Such type of injections usually affect applications that formulate SQL statements from user actions such as the values users input on the form of a website.

The main type of SQL injection attacks is error-based attacks. They take place when attackers compromise unsanitized inputs.

If a developer fails to sanitize inputs by eliminating needless characters from inputted data, an attacker can insert wrong values and cause harm to the database.

For example, here is the PHP code of a login web form having username and password fields.

?php
$my_username=$_POST[‘username’];
$my_password=$_POST[‘password’];
$my_sql_query=”SELECT * FROM users WHERE username='”.$my_username.”‘ AND user_password='”.$my_password”‘;”;
?>

The above command would then be sent to a database server to determine correspondence with the data stored, before allowing or denying a user access.

Let’s say that a user inputs “computer” as username and “comp123” as the password, it would lead to the following command.


$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password='”.$comp123″‘;”;

However, the above code is vulnerable to attacks. If an attacker inserts ‘ or ‘a’=’a ‘or’ in the password field, then the variable $my_password will have the value ‘ or ‘a’=’a ‘or’.

In that case, the resulting command will look like the following, which usually leads to a non-empty dataset.

$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password=” or ‘a’=’a’;”;

Consequently, since the statement a=a is always true, the attacker may be granted entry without having valid login credentials.

How to protect your database

  1. Sanitize inputs

An important technique you should use to safeguard your database from SQL injection attacks is to sanitize input strings. If you sanitize the user input on the server side, you will remove any potential harmful commands and ensure that users offer only the right type of input.

For example, in PHP you can use the mysqli\_real\_escape\_string() function for escaping the characters that could alter the characteristics of the SQL command.

Here is the improved version of the code mentioned above.

?php
$my_username= mysqli_real_escape_string$_POST([‘username‘]);
$my_password= mysqli_real_escape_string($_POST[‘password‘]);
$my_sql_query=”SELECT * FROM users WHERE username=‘”.$my_username.”‘ AND user_password=’“.$my_password“‘;”;
?>

With the improvements, the web form would be safeguarded when an attacker includes an escape character (\) in front of single quotes in the fields.

You can also sanitize user inputs by ensuring that numeric or alphanumeric fields lack symbol characters and removing whitespace and new line characters before sending them for processing on the server-side.

Furthermore, you should ensure that user inputs are validated to keep to the guidelines set for length, syntax, and type. For example, if users are providing email addresses in a form, they should be filtered to allow only the characters that constitute an email address.

  1. Restrict database permissions

You should avoid giving users excessive privileges. When your application is connecting to a database, ensure that the users are granted only the necessary privileges for that purpose.

This way, you will lower the effects of any SQL injection attacks that could compromise the security of your database.

For example, if you are using the Microsoft SQL server, you could limit database permissions as follows.

deny select on sys.tables to sqldatabasepermit;

deny select on sys.packages to sqldatabasepermit;

deny select on sys.sysobjects to sqldatabasepermit;

  1. Use parameterized queries

With this simple and effective technique, you can segregate the data provided by the users from the code powering the application.

As such, the two will not interact with one another directly, allowing you to minimize the effects of SQL injection attacks.

Importantly, you should avoid revealing database error information to users. If attackers get hold of the error messages, they can use them to exploit the security of your database.

Conclusion

SQL injection is one of the common types of attacks hackers use to compromise systems. Therefore, you need to stay vigilant and appropriately guard your IT infrastructure from this type of attack.

The techniques listed in this article are simple and may not offer you full protection from this type of attack. That is why you need to learn from the cyber security experts on how to reinforce your protection measures from SQL injections.

The post How to safeguard your databases from SQL injections appeared first on TechWorm.

How to secure your PC after a fresh Windows installation [Updated 2018]

 

You chose to install Windows operating system on your computer or, maybe, for various technical reasons, you had to reinstall it. No matter your reasons, it’s important to keep in mind various security layers after this procedure, so your computer is safe from threats.

How to secure your PC after a fresh Windows installation

After finishing the Windows installation, whether it’s Windows 7, 10 or another operating system, we encourage you to follow these security measures below to enhance protection:

1. Keep your Windows operating system up to date

Probably the most important step to do is checking for the latest security updates and patches available for your Windows operating system.

To get the security updates automatically, go to “Control Panel” and check if your automatic updating system is enabled or follow these steps:

  1. Access the search box in your Windows operating system, type Windows Update.
  2. Select Advanced options.
  3. Click on Automatically download updates in case it is not already selected/turned on.

After checking for available updates for your Windows operating system, keep the automatic update turned on in order to download and install the important updates that can help protect your PC against new viruses or next-generation malware.

Always remember to keep your OS up to date with the latest security available. Software patching remains an essential key to improve online safety and security experts make a good case of emphasizing its importance. Cybercriminals still try to benefit from security holes found in users’ systems and PCs. That’s one of the reasons why cyber attacks still work and they make a lot of money of it.

 2. Update your software

You don’t have to update only the Windows operating system, but your software as well. Therefore, make sure all the latest updates and security patches for your main programs and apps are installed.

Needless to say that most popular pieces of software (such as Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader), especially the outdated ones, are always under threat from malicious actors who exploit them to get easier access to your sensitive data.

Since these pieces of software are always under threat from criminal minds, don’t just rely on your memory to manually update every program or application you have installed.

A better option would be to start using a dedicated cyber security solution for you and keep your software program up to date.

3. Create a restore point

If you already installed the security updates for Windows OS, the next step recommended is to create a restore point in Windows.

You can do this by clicking on the Start button, then select Control Panel -> System and Maintenance (or System and Security) -> System. Then select System protection and click the Create button.

After installing Windows, you can create the Restore Point and name it Clean installation, and continue installing drivers and applications.

If one of the drivers causes issues on the system, you can always go back to the Clean installation restore point.

system_restore

 4. Install a traditional antivirus product

When you consider installing an antivirus program on your PC, make sure you use one from a legitimate company, because there can be fake software programs out there. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update, and a firewall.

To find the best antivirus that suits your needs, read this ultimate guide that will teach you more about antiviruses, its main features and what should you look for.

If you choose to install a security product that doesn’t have a firewall, make sure you have turned on the Windows firewall.

To turn it on, go to Control Panel, select System and Security, then Windows Defender Firewall and turn it on or off.


Super useful guide on how to secure your PC after a fresh Windows installation:
Click To Tweet


5. Install a proactive security solution for multi-layered protection

On our blog, we explained on many occasions why traditional antivirus is no longer the go-to solution, simply because it cannot keep up with the rise of new and advanced online threats. Financial malware especially is created to steal sensitive data and confidential information and it uses sophisticated methods to do so.

Next-gen malware usually has the ability to evade detection and bypass antivirus software that users have installed on their PCs to keep their data safe. We recommend reading these 12 examples of spam campaigns behind the scenes indicating a low detection rate for AV engines during the first stages of a cyber attack.

With the help of a proactive cybersecurity solution, you get the best protection against financial and data-stealing malware, such as Zeus or Cryptolocker.

To improve the financial control of your online banking account, you can always set banking alerts to track your account activity and apply these simple and effective financial protection tips.

 

6. Back up your system

You updated the operating system and your system applications, you have installed additional security products for your system safe and even created a Clean installation restore point for your Windows.

The steps above are meant to keep you safe from malicious software and online threats, but you may still encounter hardware issues that could endanger your private information.

To make sure your data stays safe, you should be using a twofold strategy, which should include combining an external hard drive usage with an online backup service.

We need to emphasize the importance of having a backup solution which provides stability (look for a big company name), it’s easy to use (so you won’t have a headache backing up from files), allows you to synchronize your files with the online backup servers and provides some sort of security, such as encryption capabilities.

Online Backup

Our guide on how to do a data backup includes more information on most popular backup solutions available and what the best ways to keep your data safe are.

At the same time, you could simply use your Windows Backup system. To set it up, access your Windows Control Panel and then click Backup and Restore to access the location. From this place, you can set an automatic backup, create a schedule and even choose a network location for your backup files.

7. Use a standard user account

Windows provides a certain level of rights and privileges depending on what kind of user account you have. You may use a standard user account or an administrator user account.

To secure your PC, it is recommended to have a standard account to prevent users from making changes that affect everyone who uses the computer, such as deleting important Windows files necessary for the system.

With a Standard user account, you have limited rights and cannot do things like changing system settings, or installing new software apps, hardware or changing the username and passwords. Here’s why you should use an account like this one and how to create it.

If you want to install an application or make security changes, remember that you will need an administrator account.

We also recommend that you set a strong password for your Windows user account.

Use this security guide that will help you set unique and strong passwords and manage them like an expert.

Top Security Tip:
Using a standard account ensures that a piece of malware which infects a limited-user account won’t do much damage as one infecting an administrator account.

Windows account

8. Keep your User Account Control enabled

User Account Control (UAC) is an essential security feature of Windows that prevents unauthorized changes to the operating system. Many users have the tendency to disable it after installing/reinstalling the Windows operating system.

We don’t recommend to turn it off. Instead of disabling the UAC, you can decrease the intensity level using a slider in the Control Panel.

UAC monitors what changes are going to be made to your computer. When important changes appear, such as installing a program or removing an application, the UAC pops up asking for an administrator-level permission.

In case your user account is infected with malware, UAC helps you by keeping suspicious programs and activities from making changes to the system.

 

UAC

 

9. Secure your web browser before going online

Here’s another thing to do after installing Windows: pay attention to browser security. Since our web browser is the main tool used to access the Internet, it is important to keep it safe before going online.

The vulnerabilities in your web browser are like open door invitations to cybercriminals who find creative ways to harvest your most important data. For example, if you are using Adobe Flash, be aware of its security flaws and how it can expose you to attacks.

To stay safe while accessing various web pages, follow these steps:

  1. Choose the latest version for your browser.
  2. Keep it updated.
  3. Choose a private browsing session when you access a website you are not sure about. Choosing this mode will prevent authentication credentials (or cookies) from being stored and steal by attackers.
  4. Since data-stealing malware spreads through malicious code embedded in pop-up windows even in legitimate websites, make sure your web browser can block pop-ups:

And there’s, even more, you can do. Use these step-by-step instructions to enjoy the best secure browsing.


On my next Windows install, I’ll follow these security tips to improve my data safety:
Click To Tweet


10. Use an encryption software tool for your hard drive

Even if you set a password to your Windows account, malicious actors can still get unauthorized access to your private files and documents. They can do this by simply booting into their own operating system – Linux, for example – from a special disc or USB flash drive.

A solution for this case is to encrypt your hard drive and protect all your sensitive files. It is recommended to use this level of security if you have a laptop, which can be very easily stolen. The same thing applies to a computer.

A free encryption tool you can use is BitLocker, which is available on the latest Windows operating systems and you can enable it at any moment. Even after you have enabled the BitLocker protection, you won’t notice any difference because you don’t have to insert anything else but your normal Windows user account password. The benefits of using this encryption tool:

  • It encrypts your entire drive, which makes it impossible for malicious actors stealing your laptop to remove the hard drive and read your files.
  • It’s also a great encryption software if it happens to lose your PC/laptop or get it stolen.
  • Easy to use and already integrated into your Windows OS, so there’s no need to add another encryption software.

If you’d rather want to use another solution, here’s a full list of encryption software tools you can choose to protect your data.

 11. Be careful online and don’t click on suspicious links

To make sure you won’t be infected by clicking on dangerous links, hover the mouse over the link to see if you are directed to a legitimate location. If you were supposed to reach your favorite news website, such as “www.cnn.com”, but the link indicates “hfieo88.net“, then you probably shouldn’t access it. Chances are you’ll be infected with malware and cybercriminals steal your sensitive data.

It’s worth trying shortening services, such as goo.gl or tinyurl. But in some cases, an unknown link may send you to a malicious site that can install malware on the system.

So, how can you know where you’ll arrive if you click it?

To make sure you are going to the right direction, use a free tool such as Redirect Detective that will allow you to see the complete path of a redirected link. Another tool which can provide very helpful in checking suspicious links is the reliable URL checker, VirusTotal.

For more information on how to maximize your financial data protection, check out this article.

 Conclusion

It’s not just about staying safe. 

This guide above is meant to keep you safe online. But, at the same time, following these security measures mean that you also set up your system to work smoothly for online browsing and financial operations, activities you do every day.

Since there are many other solutions to protect a system after a Windows installation, we would like to know your opinion on this.

How do you increase your security after a Windows installation?
Do you have a particular routine?
We’d love to add your tips to the list, so share them in the comments below.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

The post How to secure your PC after a fresh Windows installation [Updated 2018] appeared first on Heimdal Security Blog.

Where did the tech support scam blacklist go?

For about five years, we’ve maintained a blacklist of recognized tech support scammers, along with websites and phone numbers they might use to contact victims. The blacklist was part of our Tech support scams: help and resource page, which tells readers how scams work, what tricks to look out for, how to get help after you’ve been scammed, and who to contact to report the scam.

The blacklist was started long before the scale of tech support scamming was understood, and very quickly became unwieldy, hard to search, and, in many cases, outdated. Given the ease with which scammers can stand up low cost infrastructure and switch VOIP numbers on the fly, we decided that a static blacklist is not the best way to share information with other researchers and interested users.

What we’re doing instead

On the Malwarebytes forums, we now have a “Report a Scam” section. (You must be logged in to view it.) After logging in, post any scam number you encounter, along with the URL of the company, if you have it. Posting in the forums makes it much more likely that a researcher will see it and block the scam ASAP.

What if you haven’t been scammed, but still want to help?  How do you find scammers to report?

Digging up fake tech support

Loading a typo squat for a large, popular website can be a good starting point to find a browser locker (which leads to a tech support scam). But varying user agents and locations can deliver actual malware instead of a locker, so use this method at your own risk.

It’s a bit safer to start with social media, where scammers spam links for their fake companies. Searching Twitter for “Malwarebytes Support” yields a few tweets like the following:

More competent scammers will make use of link shortening services so as to not expose their infrastructure to potential takedown requests. We chose an amateur example for simplicity. (Twitter declined to take down the account when we asked.)

Clicking through yields a convincing scam site:

Now that we’ve got a scam URL and phone number, we can stop there and make a report. Or we can take a look at the website metadata and see if the scammer decided to set up a few alternate sites.

Throwing the latest IP into Passivetotal’s query tool yields a whopping 1,029 domains, including historical hits that are no longer active. Most look to be part of an SEO operation, which makes sense because tech support scammers generally hire third-party SEO services to get their sites in front of victims.

Moving to Hurricane Electric, who provides a free pDNS tool without any historical data, yields the following:

Right away we can see two probable candidates for additional scams. Sifting through pDNS can often improve your scam hunting results, as well as help attribute multiple scams to the same threat actor group. Be sure to actually load the sites to confirm scamming, as legitimate tech companies overseas can sometimes exhibit design cues and domain names similar to fake tech support.

Scam hunting is fun and fairly straightforward. But we can’t be everywhere, and tech support scammers excel at setting up infrastructure with bargain hosting companies quickly. So why not help us get better, and report a scam in our forums? Happy hunting—and stay safe.

The post Where did the tech support scam blacklist go? appeared first on Malwarebytes Labs.

5 Steps To Becoming A Professional Pentester

With the current situation in Information Security, penetration testers have seen their professional opportunities rise up to test companies’ networks, applications, and computer systems. The claim for a secure environment could not be any more demanding. To all aspiring professional penetration testers, here are 5 steps you need to follow in order to succeed in this field.


1. Learn to Differentiate Penetration Testing from Hacking

A penetration tester needs to think like a hacker and use many of the same techniques that a hacker does. But unlike hackers, penetration tester works under strict rules of engagement – You go into specific areas only, and have limits on your actions. The purpose is to discover weaknesses, not break into the system for its own sake. You are the professional here, and definitely one of the good guys.

2. Know the Threats in the Real-World & Learn the Strategies and Solutions to Prevent Them

Companies, governments, financial institutions, hospitals, military and other businesses are using advanced technologies to store and process a great deal of confidential data on computers and mobile devices… which puts them at risk. Having the right IT infrastructure is critical to strengthening the company’s security. There are three main classifications to prevent various forms of cyber attacks: hardware solutions, software solutions, and smart-thinking solutions.

3/ Understand the Tasks and Responsibilities Expected from a Professional Penetration Tester

As a penetration tester, you will be the one who conducts the penetration test, creates one or more reports about your findings (vulnerabilities), classifies the severity of the risks (high risk, medium risk, low risk) and explains the reasons why these risks are vulnerable. You will then create an analysis report and deliver it to the company, educating executives and the IT department about what needs to be done in order to solve the researched security flaws. An important note is: You do not fix the vulnerabilities but mainly report them to your company. You do not change anything in the system, but you report the weak spots.

4/ Be Aware of the Various Employment Options 
  • IT Security service firm: You are working as a third-party contractor providing penetration testing as a service
  • In-House: You are directly hired by the company as part of the IT Security department to conduct regular penetration tests of the system
  • Free-lance: You get paid by a project by companies that you help look into their system
  • Your own start-up?

Keep in mind that cybercrime will more than triple the number of job openings over the next 5 years… If you are skilled enough, you’ll have plenty of options 😉

5/ Practice your Skills with Real-Life Scenarios

The most effective way to learn penetration testing is to learn by doing and not by reading. Look for a penetration testing course that provides hands-on training. If you are working for a company, you can ask an experienced IT Security expert to train you with practical exercises. You can also request for virtual labs to be created so you can practice your ethical hacking skills. If your IT team does not have the resources to create labs, you can search for services online that do so. One example is the HERA Virtual Lab.

Aspiring to grow as a Penetration Tester?
Download Our Free Whitepaper “How to Become a Penetration Tester”

Here are the Top Online Scams You Need to Avoid Today [Updated 2018]

We truly want to believe that the Internet is a safe place where you can’t fall for all types of online scams, but it’s always good reminder to do a “reality check”. We, humans, can become an easy target for malicious actors who want to steal our most valuable personal data.

Criminal minds can reach these days further than before, into our private lives, our homes and work offices. And there is little we can do about it. Attack tactics and tools vary from traditional attack vectors, which use malicious software and vulnerabilities present in almost all the programs and apps (even in the popular Windows operating systems), to ingenious phishing scams deployed from unexpected regions of the world, where justice can’t easily reach out to catch the eventual perpetrators.

According to a report from the Federal Trade Commission (FTC), Millenials are particularly more vulnerable to online scams than seniors, as shocking as it may seem. The research finds that “40 percent of adults age 20-29 who have reported fraud ended up losing money in a fraud case”.

Here are the findings of a report about financial scams

Source: Federal Trade Commision

Curious to know what are the most common ways to easily fall victim to a malware attack or phishing scams? It usually happens when you:

  • Shop online
  • Check your email addresses
  • Access your social media networks

For this reason, we need to know what are the most popular techniques malicious actors are using to get unauthorized access to our private information and financial data.

We must not forget their final target is always our money and there is nothing they won’t do to accomplish their mission.

Use the links below to quickly navigate the list of online scams and see the top online scams you need to stay away from right now.

Phishing email scams
The Nigerian scam
Greeting card scams
Bank loan or credit card scam
Lottery scam
Hitman scam
Romance scams
Fake antivirus software
Facebook impersonation scam (hijacked profile scam)
Make money fast scams (Economic scams)
Travel scams
Bitcoin scams
Fake news scam
Fake shopping websites
Loyalty points phishing scam
Job offer scams
SMS Scaming(Smshing)

1. Phishing email scams

More than one third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new report from F-Secure.

Phishing scams continue to evolve and be a significant online threat for both users and organizations that could see their valuable data in the hands of malicious actors.

The effects of phishing attacks can be daunting, so it is essential to stay safe and learn how to detect and prevent these attacks.

Phishing scams are based on communication made via email or on social networks. In many cases, cyber criminals will send users messages/emails by trying to trick them into providing them valuable and sensitive data ( login credentials – from bank account, social network, work account, cloud storage) that can prove to be valuable for them.

Moreover, these emails will seem to come from an official source (like bank institutions or any other financial authority, legitime companies or social networks representatives for users.)

This way, they’ll use social engineering techniques by convincing you to click on a specific (and) malicious link and access a website that looks legit, but it’s actually controlled by them. You will be redirect to a fake login access page that resembles the real website. If you’re not paying attention, you might end up giving your login credentials and other personal information.

We’ve seen many spam email campaigns in which phishing were the main attack vector for malicious criminals used to spread financial and data stealing malware.

In order for their success rate to grow, scammers create a sense of urgency. They’ll tell you a frightening story of how your bank account is under threat and how you really need to access as soon as possible a site where you must insert your credentials in order to confirm your identity or your account.

After you fill in your online banking credentials, cyber criminals use them to breach your real bank account or to sell them on the dark web to other interested parties.

Here’s an example of a sophisticated email scam making the rounds that you should be very careful.

An example of phishing scam

Source: News.com.au

Use this complete guide on how to detect and prevent phishing attacks (filled with screenshots and actionable tips) to better fight these attacks.

2. The Nigerian scam

Probably one of the oldest and most popular Internet scam used mostly by a member of a Nigerian family with wealth to trick different people. It is also known as “Nigerian 419”, and named after the section of Nigeria’s Criminal Code which banned the practice.

A typical Nigerian scam involves an emotional email, letter, text message or social networking message coming from a scammer (which can be an official government member, a businessman or a member of a very wealthy family member – usually a woman) who asks you to give help in retrieving a large sum of money from a bank, paying initially small fees for papers and legal matters. In exchange for your help, they promise you a very large sum of money.

They will be persistent and ask you to pay more and more money for additional services, such as transactions or transfer costs. You’ll even receive papers that are supposed to make you believe that it’s all for real. In the end, you are left broke and without any of the promised money.

Here’s how a Nigerian scam could look like:

one of the most common online scamsSource: MotherJones.com

3. Greeting card scams

Whether it’s Christmas or Easter, we all get all kind of holiday greeting cards in our email inbox that seem to be coming from a friend or someone we care.

Greeting card scams are another old Internet scams used by malicious actors to inject malware and harvest users’ most valuable data.

If you open such an email and click on the card, you usually end up with malicious software that is being downloaded and installed on your operating system. The malware may be an annoying program that will launch pop-ups with ads, unexpected windows all over the screen.

If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. If this happens, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.


I never thought cyber criminals could be so creative! Check out these online scams to stay away from
Click To Tweet


To keep yourself safe from identity theft and data breach, we recommend using a specialized security program against this type of online threats.

To find out more information about financial malware, read this article. And here’s how you can tell if your computer was infected with malware.

Another common Internet scamSource: The Beacon Bulletin

4. Bank loan or credit card scam

People can be easily scammed by “too good to be true” bank offers that might guarantee large amounts of money and have already been pre-approved by the bank. If such an incredible pre-approved loan is offered to you, ask yourself:

“How is it possible for a bank to offer you such a large sum of money without even checking and analyzing your financial situation?”

Though it may seem unlikely for people to get trapped by this scam, there’s still a big number of people who lost money by paying the “mandatory” processing fees required by the scammers.

Here are 9 warning signs and sneaky tactics to watch out and avoid becoming a business loan scam.

As regards to credit card scams, a recent report from the Identity Theft Resources Center said that the number of credit and debit card breaches have been on the rise last year. To better safeguard your data and prevent thieves from getting access to your payment card details, consider:

  • Watching your accounts closely and monitor your online transactions;
  • Taking advantage of free consumer protection services;
  • Signing up for free credit monitoring.

Source: ChaffeurDriven.com

5. Lottery scam

This is another classic Internet scam which doesn’t seem to get old. A lottery scam comes as an email message informing you that you won a huge amount of money and, in order to claim your prize or winnings, you need to pay some small fees.

Lucky you, right?! It doesn’t even matter that you don’t recall ever purchasing lottery tickets.

Since it addresses some of our wildest fantasies, such as quitting our jobs and living off the fortune for the rest of our lives, without ever having to work again, our imagination falls prey easily to amazing scenarios someone can only dream of.

But the dream ends as soon as you realize you have been just another scam victim. DO NOT fall for this online scam and have a look at this checklist to see if you are getting scammed.

This is an example of a lottery scamSource: Ripandscam.com

6. Hitman scam

One of the most frequent Internet scams you can meet online is the “hitman” extortion attempt. Cyber criminals will send you an email threatening to extort money from you. This type of online scam may come in various forms, such as the one threatening that they will kidnap a family member unless a ransom is paid in a time frame provided by the scammers.

To create the appearance of a real danger, the message is filled with details from the victim’s life, collected from an online account, a personal blog or from a social network account.

That’s why it’s not safe to provide any sensitive or personal information about you on social media channels. It might seem like a safe and private place, where you’re only surrounded by friends, but in reality you can never know for sure who’s watching you.

Also,it’s better to be a little bit paranoid and protect all your digital assets like everyone is watching. Here’s how a Hitman scam looks like:

7. Online dating (romance) scams

As the Internet plays an important role in our social lives, with apps like Facebook or Instagram we access everyday, it’s inevitable to use apps to look for love as well.

Online dating apps are very popular these days and they are a great way to meet your future life partners. I have actually an example with a friend of mine who was lucky enough to find her future husband on a dating site.

But not all scenarios have a “happy end” like this one, and you need to be very careful, because you never know who can you meet.

A romance scam usually takes place on social dating networks, like Facebook, or by sending a simple email to the potential target, and affect thousands of victims from all over the world.

The male scammers are often located in West Africa, while the female scammers are mostly from the eastern parts of Europe.

Cyber criminals have abused this scamming method for years by using the online dating services. They improved their approach just by testing the potential victims’ reactions.

According to a research published in the British Journal of Criminology last month, the techniques (and psychological methods) used by scammers in online romance scams are similar with those used in the domestic violence cases.

To avoid becoming a victim of these Internet scams, you need to learn how to better protect yourself.

Knowing that hundreds of women and men from all over the globe are victims of this online scams, we recommend using these security tips for defensive online dating, including warning signs that could help you from becoming an easy target.

I would also recommend reading these real stories and learn from them, so you don’t fall for these online scams:

 

8. Fake antivirus software

We all saw at least once this message on our screens: “You have been infected! Download antivirus X right now to protect your computer!

Many of these pop-ups were very well created to look like legitimate messages that you might get from Windows or any other security product.

If you are lucky, there is nothing more than an innocent hoax that will bother you by displaying unwanted pop-ups on your screen while you browse online. In this case, to get rid of the annoying pop-ups, we recommend scanning your system using a good antivirus product.

If you are not so lucky, your system can end up getting infected with malware, such as a Trojan or a keylogger. This kind of message could also come from one of the most dangerous ransomware threats around, such as CryptoLocker, which is capable of blocking and encrypting your operating system and requesting you a sum of money in exchange for the decryption key.

To avoid this situation, we recommend enhancing your online protection with a  specialized security product against financial malware, and complement your traditional antivirus program.

Also, make sure you do not click on pop-up windows that annoyingly warn you’ve been infected with virus. Remember to always apply the existing updates for your software products, and install only legitimate software programs from verified websites.

If you’ve been infected, you can use an antimalware tool such as Malwarebytes to try removing the malware infection or pay attention to these warning signs and learn how to find a doable solution.

Source: Oreganstate.edu

9. Facebook impersonation scam (hijacked profile scam)

Facebook. Everyone is talking about it these days, and the scandal about Cambridge Analytica firm harvesting personal data taken from millions of this social media channel without users’ consent.

It’s still the most popular social media network where everyone is active and use it on a daily basis to keep in touch with friends and colleagues. Unfortunately, it has become also the perfect place for online scammers to find their victims.

Just imagine your account being hacked by a cyber criminal and gaining access to your close friends and family. Nobody wants that!

Since it is so important for your privacy and online security, you should be very careful in protecting your personal online accounts just the way you protect your banking or email account.

Facebook security wise, these tips might help you stay away from these online scams:

  • Do not accept friend requests from people you don’t know
  • Do not share your password with others
  • When log in, use two-factor authentication
  • Avoid connecting to public and free Wi-Fi networks
  • Keep your browser and apps updated
  • Add an additional layer of security and use a proactive cyber security software.

To enhance your online privacy, I recommend reading our full guide on Facebook security and privacy.

facebook-scam

10. Make money fast scams (Economic scams)

Cyber criminals will lure you into believing you can make money easy and fast on the internet. They’ll promise you non-existent jobs, including plans and methods of getting rich quickly.

It is a quite simple and effective approach, because it addresses a basic need for money, especially when someone is in a difficult financial situation.

This scamming method is similar to the romance scam mentioned above, where the cyber attackers address the emotional side of victims. The fraudulent posting of non-existent jobs for a variety of positions is part of the online criminals’ arsenal.

Using various job types, such as work-at-home scams, the victim is lured into giving away personal information and financial data with the promise of a well paid job that will bring lots of money in a very short period of time.

Read and apply these ten tips that can help you avoid some of the most common financial scams.

this is how a financial scam looks likeSource: Makerealmoneyonlinefree.com

11. Travel scams

These scams are commonly used during hot summer months or before the short winter vacations, for Christmas or New Year’s Day.

Here’s how it happens: you receive an email containing an amazing offer for an exceptional and hard to refuse destination (usually an exotic place) that expires in a short period of time which you can’t miss. If it sounds too good to be true, it might look like a travel scam, so don’t fall for it!

The problem is that some of these offers actually hide some necessary costs until you pay for the initial offer. Others just take your money without sending you anywhere.

In such cases, we suggest that you study carefully the travel offer and look for hidden costs, such as: airport taxes, tickets that you need to pay to access a local attraction, check if the meals are included or not, other local transportation fees between your airport and the hotel or between the hotel and the main attractions mentioned in the initial offer, etc.

As a general rule, we suggest that you go with the trustworthy, well known travel agencies. You can also check if by paying individually for plane tickets and for accommodation you receive the same results as in the received offer.

If you love to travel, you can easily fall prey to airline scams by simply looking for free airline tickets. Airline scams are some of the most popular travel scams, and we recommend applying these valuable tips.

travel

12. Bitcoin scams

If you (want to) invest in Bitcoin technology, we advise you to be aware of online scams. Digital wallets can be open to hacking and scammers take advantage of this new technology to steal sensitive data.

Bitcoin transactions should be safe, but these five examples of Bitcoin scams show how they happen and how you can lose your money.

The most common online scams to watch out for:

  • Fake Bitcoin exchanges
  • Ponzi schemes
  • Everyday scam attempts
  • Malware

Here’s how you can spot a Bitcoin scam and how to stay safe online.

Source: Express.co.uk

13. Fake news scam

The spread of fake news on the Internet is a danger to all of us, because it has an impact on the way we filter all the information we found and read on social media. It’s a serious problem that should concern our society, mostly for the misleading resources and content found online, making it impossible for people to distinguish between what’s real and what is not.

We recommend accessing/reading only reliable sources of information coming from friends or people you know read regular feeds from trusted sources: bloggers, industry experts, in order to avoid fake news.


If it seems too good to be true, it’s most likely a scam. Take a look over these online scams
Click To Tweet


This type of scam could come in the form of a trustworthy website you know and often visit, but being a fake one created by scammers with the main purpose to rip you off. It could be a spoofing attack which is also involved in fake news, and refers to fake websites that might link you to a buy page for a specific product, where you can place an order using your credit card.

To avoid becoming a victim of online scams, you can use tech tools such as Fact Check from Google or Facebook’s tool aimed at detecting whether a site is legitimate or not, analyzing its reputation and data.

Cyber security experts believe that these Internet scams represent a threat for both organizations and employees, exposing and infecting their computers with potential malware.

Source: Opportunitychecker.com

14. Fake shopping websites

We all love shopping and it’s easier and more convenient to do it on the Internet with a few clicks. But for your online safety, be cautious about the sites you visit. There are thousands of websites out there that provide false information, and might redirect you to malicious links, giving hackers access to your most valuable data.

If you spot a great online offer which is “too good to be true”, you might be tempting to say “yes” instantly, but you need to learn how to spot a fake shopping site so you don’t get scammed.

We strongly recommend reading these online shopping security tips to keep yourself safe from data breaches, phishing attacks or other online threats.

Source: Originalo.de

15. Loyalty points phishing scam

Many websites have a loyalty program to reward their customers for making different purchases, by offering points or coupons. This is subject to another online scam, because cyber criminals can target them and steal your sensitive data. If you think anyone wouldn’t want to access them, think again.

The most common attack is a phishing scam that looks like a real email coming from your loyalty program, but it’s not. Malicious hackers are everywhere, and it takes only one click for malware to be installed on your PC and for hackers to have access to your data.

As it might be difficult to detect these phishing scams, you may find useful this example of a current phishing campaign targets holders of Payback couponing cards, as well as some useful tips and tricks to avoid being phished.

Source: G Data Security Blog

16. Job offer scams

Sadly, there are scammers everywhere – even when you are looking for a job – posing as recruiters or employers. They use fake and “attractive” job opportunities to trick people.

It starts with a phone call (or a direct message on LinkedIn) from someone claiming to be a recruiter from a well-known company who saw your CV and saying they are interested in hiring you. Whether you’ve applied or not, the offer might be very appealing, but don’t fall into this trap.

To protect yourself from job offer scams, it’s very important to:

  • Do a thorough research about the company and see what information you can find about it;
  • Check the person who’s been contacted you on social media channels;
  • Ask for many details and references and check them out;
  • Ask your friends or trustworthy people if they know or interacted with the potential employer.

To avoid these types of online job scams, check this article.

Source: Drexel.edu

17. SMS Scaming (Smshing)

Smartphones. You can’t live without them in the era of Internet. They’ve become essential for communication, online shopping, banking or any other online activity.

Needless to say the amount of data we store on our personal devices which make them vulnerable to cyber criminals, always prepared to steal our online identities or empty our bank accounts.

Smishing (using SMS text messages) is a similar technique to phishing, but, instead of sending emails, malicious hackers send text messages to their potential victims.

How this happens? You receive an urgent text message on your smartphone with a link attached saying that it’s from your bank and you need to access it in order to update your bank information, or other online banking information.

Be careful about these SMS you receive and don’t click on suspicious links that could redirect to malicious sites trying to steal your valuable data. These useful tips can help you easily spot these types of online scams.

Source: Malwarebytes Labs

Conclusion

Since some scams are so well organized and really convincing, and people behind them so difficult to catch, we need to always keep our guard up. Stay informed about the latest scamming strategies.

Have you met some of the above scams while browsing or in your email inbox? What were the most convincing ones?

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

The post Here are the Top Online Scams You Need to Avoid Today [Updated 2018] appeared first on Heimdal Security Blog.

Facebook Privacy & Security Guide: Everything You Need to Know [Updated]

The news about Cambridge Analytica firm harvesting personal data taken from millions of Facebook without user consent in 2014 hit the headlines these days.

Everyone is talking about it and everyone should take a few moments of reflection about the privacy of our data on the Internet. Users even started deleting their Facebook accounts (probably) inspired by the big movement #DeleteFacebook (urging people to leave the social network), while others may be really concerned about the exploitation of personal data.

You can follow this thread on Twitter and see what people have to say about it. However, if you aren’t ready to delete your FB profile, or you don’t see this as a viable solution, here’s how to use Facebook in the safest way and take control of privacy settings.

It’s worth reminding that Facebook will *still* know things about you, but at least you can limit its access to your private data.

Almost everyone has a Facebook account, but the problems occur when the distinction between public and private space become blurred. Without a clear understanding of our security and privacy settings, we easily may end up victims to identity theft, phishing attacks or other malicious actions.

Before we begin, here’s a set of helpful links to help you navigate the guide and see what you can learn by reading on:

General Account Settings
Security Settings
Privacy settings
Timeline and tagging settings
Blocking
Mobile
Public post filters and tools
Apps
Ads

Facebook News Feed

Here’s how to keep your Facebook account secure

Start by accessing your Facebook account settings.

To do this, log into your Facebook account and go to the top right corner of the screen and select “Settings” from the drop-down menu.

We’ll take each section and discuss it separately before we continue to the next one, as they appear in the Settings menu.

 1. General Account Settings

After you click on the Settings button, it will take you to the General Account Settings.

Your profile tells a story to the one who’s viewing it, so you can choose how you can want to appear online. From there you’ll be able to manage and edit the basics information about you like name, surname, email address, or choose your legal contact settings.

You can inform Facebook in advance whether you’d like to have your account memorialized after you’ve passed away or permanently deleted from Facebook.

You can also download a copy of your Facebook data. This includes your Timeline info, shared posts, messages, photos, ads you have clicked on, the IP addresses where you’ve logged into your account, and more other details.

You can also have the option to download a copy of your Facebook data. This includes your Timeline info, shared posts, messages, photos, ads you have clicked on, the IP addresses where you’ve logged into your account, and more other details.

Deactivate Your Account

If you are planning on quitting the social network for a while, from this place you can choose to temporarily deactivate your account. Some information will still be available to others, such as your name in their friends list, or the messages you exchanged. You should know that this option doesn’t permanently delete your account and you’ll be able to reactivate it at any time you want.

However, if you’re serious and you want to permanently delete your account, you can do that from here. Keep in mind that it may take up to 90 days before the deletion process begins. You might also want to consider downloading an archive of your data beforehand.

2. Security Settings

We continue to the Security and Login Settings.

From here you’re able to set:

Choose friends to contact if you get locked out

Facebook recommends this feature for its users in case they are locked out of their account. From this place, you can select your close friends that will help you in case you ever have trouble accessing your Facebook account.The option lets users nominate 3 to 5 trusted contacts.

By clicking on Choose friends you will receive instructions to follow. After you have selected your friends, they’ll be able to send you a recovery code with a special URL you can use to get back into your account. You can always change or edit the chosen friends. Find out more info here.

Where you are logged in

This feature provides details about your current location and what browser used. Facebook also tracks your previous sessions offering the following information: logging time, device, address, and IP.

Login

Here you have the option to Change your current password. We highly recommend setting a strong and unique password.

Strong: so that nobody with malicious intentions will be able to guess it. That means no easy and common passwords, no family names, no nicknames, no birth dates, no favorite songs or movies or mottos, no nothing that can easily be found out about you.

Unique: because if one of your accounts is breached, all your other accounts where you used the same password will end up compromised. It doesn’t even have to be your fault.

You might have heard that about 1.9 billion data records were exposed in breaches in the first half of 2017, according to the Breach Level Index.

If you don’t remember your current password, you can reset it by clicking Forgot your password? and follow the steps to reset it. Keep in mind that you’ll need access to the email associated with your account.

Log in with your profile picture

If you are using the Facebook mobile app, you have the option to log in with your profile photo by just tapping on the picture, instead of using a password. Once enabled this feature, you can use it when you log out of the app or uninstall it, and need to log in again. Facebook requires explicit permission to enable it, so you can choose to turn it on or off.

Setting up extra security

To enhance protection, we suggest using the following extra layers of protection. First off, you can enable to receive notifications via email if anyone logs in from a device or browser you don’t usually use. If it doesn’t recognize your usual login, an alert will be sent to your email.

Use two-factor authentication

By activating this option, the network will require you to authenticate with a second security code every time you’ll want to access your account on a new browser or device. Read our dedicated article on why you should use two-factor authentication feature.

You have 7 options:

  • Turn on two-factor authentication;
  • A security code sent by SMS to your mobile device;
  • Security keys for safer logins;
  • Generate a security code using Code Generator from your Facebook mobile app;
  • Recovery codes when you don’t have your phone with you;
  • App passwords you can use instead of your Facebook account password;
  • Authorized logins.

To activate two-factor authentication feature, click the Setup button, confirm this action by enabling it and re-enter your password. You will receive an email (see the photo above) informing you that you’ve activated it. To disable this feature, follow the steps described in the Settings section.

Security keys

You can use a Universal 2nd Factor (U2F) security key to log into your account through USB or NFC.

Code Generator

Use this option together with Login Approvals to create new authentication codes. You’ll use these to access your Facebook account from a new device.

App Passwords

This option helps you create single-use passwords in order to access third-party apps on Facebook and keep your main password safe.

When you’ll log out of the app, the password will not be saved. To access the app again, you’ll need to generate a new, single-use password.

Authorized Logins

This option shows a list of devices where you won’t have to use a login code.

Advanced (Encrypted notification emails)

Facebook offers users the option to add extra security with an Open PGP public keys to their profiles and select to receive encrypted notification emails from Facebook (only you can decrypt these emails).

3. Privacy Settings

The next section is the Privacy Settings and Tools one. From here you’ll be able to tweak basic privacy settings and make sure that your past and future posts won’t be seen by intruders.

Who can see my stuff?

From here you can control the privacy of future posts. Select the appropriate audience for your future posts, you can share them with:

  • Public (if you want everybody to see them)
  • Friends
  • Friends with Acquaintances
  • Only Me
  • Custom Audience (if you use Friends Lists)

It is recommended that you set the default sharing option to Friends. Unless you manually change it, Facebook will remember this option and post all your future statuses as only available to your Friends.

From the same location, you can also review your activity by using the Activity Log.

Keep in mind that even if you choose to hide a post or photo from your Timeline, the post or photo will still be uploaded online. From there on, you can either choose to Remove Tag or even Request the post to be deleted.

And one last feature available in this section: “Limit the Audience for Old Posts on Your Timeline” – guess this is pretty much self-explanatory, right? By using this tool, all the audience for the content from your timeline will be changed.

Who can contact me?

From here you can choose who’s able to send you friend requests.

If you want to be added as a friend by anyone in the world, even if you don’t have any connections in common, you need to set this option to everyone.

Who can look me up?

In this place, you can choose if you want people to find you using your email address or phone number.

From here you can also select if you want search engines, such as Google or Bing, to index your profile and link to it. If you deactivate this setting, your profile will be found only by people searching for your name directly on Facebook.

4. Timeline and Tagging Settings

Next in line: Timeline and Tagging Settings. This place allows you to set other privacy settings, such as who can post to your timeline, timeline visibility, and tagging.

We’ll take each separately.

Who can add things to my timeline?

This one is pretty straightforward. You can choose who can post on your timeline – if you also hate birthday wishes from unknown people who choose to post on your timeline, select “Only Me” instead of “Friends”.

From here you can also choose to review the posts you were tagged in by your friends before they appear on your timeline. Enable this option to keep spam or untrusted posts away.

Don’t forget that these posts will remain online and still appear in Facebook’s search or news feed. You’ll have to manually remove each tag or even ask the friends who uploaded them to delete them.

Who can see things on my timeline?

This option will help you review what other people see when they look at your profile.

From here you’ll be able to see how your Timeline looks like to the public (to users who aren’t connected to you in any way), to your Friends or even to a specific person.

You can use this last feature in case you ever choose to hide a post from specific people and you want to see how it looks like when they look at your profile.

Before you post something on the timeline, you can choose to share the post with a Custom Audience (a specific list of Friends), specific Friends (if you want to manually add their names) or NOT share it with specific Friends (anyone you include here won’t be able to see that post unless you tag them).

From here you can also select who can see posts you’ve been tagged in on your timeline and who can see what others post on your timeline.

How can I manage tags people add and tagging suggestions?

If you activate the option to “Review tags people add to your own posts before they appear on Facebook”, you’ll be able to check and approve those tags. Thus, when someone adds a tag to one of your posts, you’ll be asked to review it before they appear on Facebook.

This is an option for tags added by friends. If someone who’s not your Facebook friend will add a tag to one of your posts, you’ll always be asked to review it.

Another setting from here: when you’re tagged in a post, who do you want to add to the audience if they aren’t already in it? Choose “Friends” if you want them to see the post you were tagged in, “Only Me” if you don’t want your friends to see it, or you can create a custom audience.


I found this comprehensive guide on how to secure my Facebook account
Click To Tweet


5. Blocking

From the Blocking tab, you can restrict the way in which other Facebook users, apps or pages interact with you.

Here’s what exactly you can set from here:

Restricted List

This option is probably extremely popular among kids who don’t want their parents to see what they post, but they still want them to be friends on Facebook.

Here’s how it works: if you want to restrict a friend from seeing anything that you post, you add them to this list. They’ll still be able to see your public posts, those where you are both tagged in or where a mutual friend was tagged in, but that’s it.

Facebook won’t notify them when you add them to this list, so they won’t know.

Keep out

Block users, messages, the app invites, event invites

In case you want to get rid of annoying users, games or events, this is the place to go.

From here you’ll be able to:

  • Block users that you don’t want them to see your Facebook profile, add you as a friend, see what you comment on other profiles or pages or send you any kind of invitations (events or groups).
  • Block someone from sending you messages and video calls. Yes, this one’s separate from the first option. Unless you also block their profile, they’ll still be able to post on your Timeline, tag you, and comment on your posts.
  • Block a page – they won’t be able to interact with you anymore, with your posts or like or reply to your comments. If you currently like that page, by blocking it you will unlike it and unfollow it.
  • Block any other kinds of app invites from someone.

Block event invites from someone – this way, you’ll automatically ignore future event requests from that friend. Use this for those PR people from your list, who try to exploit you by sending you all kind of irrelevant event invites.


I found lots of useful info in this Facebook security and privacy guide:
Click To Tweet


6. Mobile

From the Mobile section, you can enter your mobile phone number (or numbers). You’ll use it when you activate your login credentials and need to receive the unique code for the second-factor authentication.

Here’s also the place where you can activate text messaging from. Facebook Texts are not currently supported by all countries or mobile service providers, but you’ll have a list here.

7. Public Post Filters and Tools

This section also has a few important privacy settings, from here you can:

  • Choose who can follow you. Friends follow you and your posts by default, once you add them to your friends list, but you can also allow people who are not your friends to follow your public posts.
  • Choose who can comment on your public posts. In case you want to somehow keep weird users away (or at least not have them interact with you and your friends).

8. Apps

This one is among the most important privacy settings for your Facebook account.

The Apps section shows you what third-party apps you connected in the past, such as:

  • Games;
  • Other social media apps (Instagram, for example);
  • Other social media websites (Medium, for example);
  • Any other kind of apps or websites where you connected to your Facebook account.

Keep in mind that all these external apps can access all the tons of data collected by Facebook about us.

Review what permissions you gave to each of those apps and if they are allowed to post on Facebook on your behalf (and to what audience).

Decline any kind of intrusive apps and permissions allowed in the past. Disconnect any apps that you don’t remember giving them access or you don’t use anymore. All those are potential vulnerabilities to your security and privacy.

For more details on how to master app permissions, you can read the security guide from our colleague, Andra.

9. Ads

Do you want to allow third-party sites access to your personal information? Do you want Facebook telling your friends what you like? If you want to opt-out from these two options, simply select “No” or “No one” to these options. You are free to take control over your ad experience.

iPhone 5s

Useful tips and tricks to enhance your Facebook security & privacy

  • Stop accepting friend requests from people you don’t know.

You may be targeted by online scammers who want to collect data about users by creating fake Facebook profiles.

Also, if you ever have enough time, do a clean-up of your friends list and remove anybody you don’t know or never interacted with.

  • Do not disclose your password to any of your friends or work colleagues.

Trust me, you’ll regret this!

Even if they are your best friends now and you can’t imagine your life without them, you never know how your relationship is going to evolve.

All that information can end up being used against you (seen that happen way too many times by vengeful ex-employees, ex-lovers or friends who felt betrayed).

  • Keep your browser updated.

This also goes for your plugins and add-ons, but also your operating system.

Keep them patched and up to date, in order to close all the security holes. It will help you reduce the chances of a cyber attack that exploits those vulnerabilities.

  • Use good cyber security software.

A multi-layered security system will help you keep cyber attackers away.

Start by installing a good, trustworthy antivirus (if you don’t already have such a thing).

You can also enforce your security system with a traffic filtering software that works in a proactive way and blocks second generation malware (such as ransomware attacks). Heimdal is that kind of a software.

Pay attention to the various messages you receive from users asking for your personal data.

Follow the previous link for a guide that exposes them and also gives tips on how to stay safe.

  • Limit the connections to free, public wi-fi networks.

You can easily be tracked when you connect to one of those networks, so try to stay away from them as much as possible. However, if you do have to connect, try working through a VPN.
More tips here.

  • Don’t forget to log out of your Facebook account.

In case you have to connect to Facebook from a different computer, one normally used by other persons, don’t forget to log out of your account at the end of the session.

1

Final thoughts

When a website becomes popular, you can also assume that scammers will be there, somehow trying to take advantage of it. Facebook is no exception to that because it is the most popular social network in the world.

Recently, cyber attackers threatened the Facebook users by spreading a suspicious link on Messenger.

It could happen again, so you need to keep your account safe and secure.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

* This article was written by Cristina Chipurici, in June 2016 and updated in September 2017. It was also updated in March 2018.

The post Facebook Privacy & Security Guide: Everything You Need to Know [Updated] appeared first on Heimdal Security Blog.

What is Kodi? Here is the online security guide for watching content with it

Time and time again, our reader asked us to cover media player apps like Kodi and explain how they can use them and not compromise their online security.

Use the links below to quickly navigate this Kodi overview and see how you can use it to watch your favorite media.

What is Kodi?
How to use Kodi
Kodi guide with online security in mind
Kodi security risks

kodi logo

What is Kodi?

Kodi is one of the most popular media player apps in the world. You can call it the best home theater available online. And it’s also free!

Kodi is an open-source program that started more than fifteen years ago as Xbox Media Player and changed its name to Kodi in 2014. For example, other famous media players like Plex or MediaPortal were based on Kodi or Xbox Media Player.

In essence, it allows you to watch any type of content online, from videos to Flickr photos, podcasts, and music.

What’s special about it is that it allows you to do most anything in a single interface. You don’t have to switch between Youtube for example and other apps or sites like that. Most users rely on Kodi to view content on PC, but it can be used on smart TVs, smartphones and so on.

Kodi can also work on smartphones, tablets, Firesticks, Raspberry Pis or consoles like Xbox One, along with a great number of streaming boxes.

If you search on eBay or Amazon you’ll likely find hundreds of Kodi boxes, streaming devices that come with Kodi pre-installed. However, we highly recommend you do not use a Kodi box because of security risks. They can be preloaded with malware and you don’t have the community to keep watch over the box’s security.

While it might be a bit more inconvenient, it’s safer and cheaper to install Kodi on your PC or devices on your own.

Because it’s open source, the community around Kodi has developed hundreds of add-ons for any type of content you can imagine.

Unfortunately, it’s also one of the most widely used tools for online piracy, as its add-ons and repositories can stream unlicensed copyrighted content.

Users can stream or download TV show torrents, watch sports games and so on via so-called “repositories”. Kodi repositories are simply large collections of add-ons that can be installed in bulk and add new Kodi functionalities.

This is one of the biggest dangers when it comes to Kodi and online security. Because anyone can develop their own addon, malicious hackers have an easy way of doing man-in-the-middle attacks and can infect your devices with all kinds of malware.

But we’ll focus on that later on in the guide, now let’s see how to use Kodi with maximum online security.

How to use Kodi

You can store your library of movies, TV shows, podcasts, music and pictures in a simple, intuitive interface.

If you have two PCs or want to join your family’s devices, the uPnP feature connects those PCs so both of them can have access to the same content library.

To install Kodi on a PC you can simply download it from the official website, then run the .exe file. If you have Windows 10 or 8, you can find the app directly in the Windows Store. We highly recommend using the Windows Store option because Kodi updates are done automatically.

kodi on windows store

As you know, you should always update your software as soon as possible!

After installing, simply navigate to the add-ons section and choose what suits you.

In this guide, we’ll focus on using Kodi on PCs, so we can give you the best security tips.

Kodi guide with online security in mind

Due to its open source nature and the fact that anyone can launch an addon, Kodi can be quite risky software if used improperly. Before installing it, we recommend following these steps:

Step 1: Get the best online security possible for your PC

We wrote a comprehensive guide on how to secure your PC against a vast number of attacks an. We recommend you use it before installing software like Kodi.

For Kodi installation purposes, it can be boiled down to two major parts:

Use a good antivirus AND do not skip an anti-malware solution. Due to the way they work, most antiviruses cannot catch modern malware infections, so you need an extra layer.

With these measures in place, your PC is protected from most threats, but here’s what you have to do next.

Step 2: Install a VPN. Never use Kodi without VPN!

A Virtual Private Network, or VPN for short, encrypts your internet connection and prevents third-parties from tracking your IP address.

VPNs are essential nowadays for privacy because advertisers and malicious hackers all want to track your online activity.

They’re also important if you plan on streaming movies and TV shows from torrent files. They hide what you do online from your Internet Service Provider (ISP) and, of course, authorities.

Most people think that downloading movies is illegal, but streaming is perfectly fine. No, it’s actually not. In some countries, you could get a very not-nice letter from the authorities based on your online activity.

A VPN circumvents that but, most importantly, it’s essential for online security!

This is because VPN will provide a good defense against a man-in-the-middle attack. In this scenario, someone could intercept your online traffic and send you a malicious file instead. Bitdefender explained how such an attack could be done with Kodi and we compiled the best VPNs here.


Never use #kodi without a #vpn !
Click To Tweet


Step 3: Use only the official Kodi functionality and do not install third-party add-ons.

This means you should use Kodi to organize and easily access those media files you already own or continue to pay for.

For streaming, we only recommend you connect legitimate sources that offer free videos – think Youtube, Vimeo, Twitch and so on.

While you can indeed pirate with Kodi a lot of media, the repositories and add-ons that allow you to do so are inherently not safe.

kodi screen

The Kodi developers themselves warn against such uses – they’re illegal and expose you to malware that probably won’t be stopped by your antivirus.

Paid services like Netflix, Hulu or Amazon Video do not yet have Kodi add-ons, so to bring that content into Kodi is an adventure – you have to install a Play to Kodi extension in your browser and fiddle with a lot of settings, which creates more security holes in your setup.

We highly recommend skipping that.

Kodi security risks

Here is what the official Kodi developers had to say about the security risks involved in running unofficial Kodi code.

“They create significant privacy risks, given the access they have to your system. They can be updated remotely and made to execute code as part of what can only be viewed as a botnet. They break when we change something, which leads to howls of protest from people who maybe didn’t even realize what they were doing.”

Risk 1 – Malicious add-ons

Any third-party add-ons carry a lot of risks for you, whether you use them to stream content without a license or just trying to add a new functionality.

Furthermore, in Kodi repositories are hundreds, if not thousands of dead or outdated add-ons. If they’re resurrected or hijacked by malicious hackers, they will expose you to malware and man-in-the-middle attacks.

Risk 2 – Man-in-the-middle attacks

Kodi checks for add-on updates constantly and downloads them automatically. Unfortunately, it does it over HTTP, not HTTPS, so there’s no encryption to protect that data transmission.

A malicious hacker can intercept that data transfer and send something else in return. Most likely, you’ll get some malware.
kodi updates automatic insall

As we said above, there are a lot of inactive or outdated add-ons. When Kodi checks for updates, the risk for a MitM attack increases. Your computer could get infected with malware and enslaved in a botnet.

Thousands of users who got the popular unofficial Exodus add-on (used for piracy purposes), had their machines enslaved in a botnet and used to launch DDoS attacks.

Risk 3 – Exposing your IP and habits to your ISP/authorities

We’ve seen a lot of users asking us about Kodi or already using it, without a VPN in place. As we stated in the Kodi guide above, you should never-ever run it without a VPN.

Even if you’re careful to only install legitimate add-ons, there’s still the risk to get some illegal content on your machine. In countries like the US or the UK, you can receive letters from your ISP or the authorities.

Risk 4 – Privacy issues

Kodi is pretty good, especially if you use a VPN but there are still privacy concerns.

Yes, you can stop it from logging your Watched Status so that no one with access to your PC will know what content you viewed.

However, as shown here, Kodi logs in its database any video you ever watched on it, even if you deleted the source video. In the app interface, there is no option to delete that database, but there is a legitimate add-on called Database Pre-Wash Scrub to help you out. If you care about privacy down to the smallest details, it’s worth downloading it.

These are the most important aspects to Kodi we’ve noticed so far. If you have any tips on using it safely or on how to make better use of it for content viewing, please share your thoughts with the community!

The post What is Kodi? Here is the online security guide for watching content with it appeared first on Heimdal Security Blog.

9+ Free Encryption Software Tools To Protect Your Data [Updated 2018]

What exactly is data encryption?

You probably know that data encryption is one of the best protection methods out there you can use to keep all your digital assets safe.

The encryption process uses a key and an algorithm to turn the accessible data into an encoded piece of information.

To decode the encrypted data and render it back to its original form (that can be easily understood), one needs access to the ciphering algorithm and the secret key that was used.

Public key encryption keys 1

Source.

Encryption helps you secure sensitive information from cyber criminals or other online threats and make access harder to them. At the same time, it’s a way that can be used to archive large amounts of data or to secure private communication over the Internet.

Finding the best encryption software to keep your data secure could prove to be a daunting task. This is why we thought it is useful to make this list and help you choose the best encryption software tools.

Free encryption tools are very useful in keeping valuable information hidden from cyber criminals, because it renders the data inaccessible to malicious actors. We strongly advise you to use some encryption to protect your valuable data, no matter if it is stored locally, on your PC, or sent over the Internet.

So which are the best encryption tools? Read on below and choose the free encryption software that can help you keep your data safe.

Before we jump to the best ways to encrypt your files, we have to remind you about the importance of using strong passwords. When setting up your encryption process, you’ll be asked to choose a password that will act as the decryption key. So your encryption is only as good as your password.

CHECK YOUR CYBER SECURITY HABITS
Do you use any encryption tools to protect your sensitive data?

These security tips will help you manage your passwords like a pro and make them unhackable:

  • Set unique and strong passwords, which contain different character types, like uppercase and lowercase letters and numbers, and are more than 15 characters long. There are even several ways you can test if your passwords are strong enough.
  • Also, you’ll need to set passwords which are not easy to remember or guess, and which aren’t used for more than one online account.
  • For your online security, you should not keep your passwords saved in text files or browsers;
  • Never use/reuse the same password for more than one account;
  • Do not share your passwords in emails, instant messages or other online platforms.

We carefully curated and selected some of the best free encryption software tools you can use to keep your most valuable data safe and secure.

Use strong passwords for your online accounts

1. LastPass

lasspass password generator

LastPass is both a password manager and generator we recommend using to better secure your passwords and personal data. With the help of a free encryption software tool like this one, you’ll no longer have to remember or note a password in a notebook or other place.

LastPass is easy to use and can simplify things for you. It has extensions for the main web browsers, such as Mozilla Firefox and Google Chrome. Also, you can use the mobile app available for both Android and Apple.

When you create a new online account, it offers the option to save the new credentials.

This tool encourages you to set a unique and hard to break password and discourages users to reuse it. If you’re using the same password for multiple accounts, it simply recommends selecting a different password.

Other password management tools that are easy-to-use and can offer good password security are Sticky Password  or RoboForm

Managing passwords safely can really become much easier if you follow the steps included in this guide and if you use two-factor authentication whenever you can.

Encryption software tools for your hard drive

2. BitLocker

Bitlocker for Windows 10

Source: Windows Central

There is a large number of encryption tools available out there, which can be used to encrypt data locally. For most users, the easiest way to encrypt sensitive information or maybe the entire hard-disk is to use Microsoft’s BitLocker software, which can be found on most Windows operating systems.

BitLocker is a full-disk encryption tool built-in in the latest Windows operating systems (Windows 10), which uses AES (128 and 256-bit) encryption to encrypt data on the drives.

The Advanced Encryption Standard has been tested and improved and is now used worldwide by most security vendors due to its high level of security and optimization.

Why should you use BitLocker:

  • Easy to use and it’s already integrated into your Windows operating system, so there’s no need to add another encryption software;
  • It’s mainly a free data encryption software tool you can use to prevent data breaches and data exfiltration from your hard disk.
  • It encrypts your entire drive, which makes it impossible for malicious actors stealing your laptop to remove the hard drive and read your files.
  • It’s also a great encryption software if it happens to lose your PC/laptop or get it stolen.
  • When BitLocker Drive Encryption is activated, and you add new files, BitLocker will encrypt them automatically.

Read these in-depth resources about BitLocker in our security guide dedicated to Windows 10.

3. VeraCrypt

Another free encryption software we recommend trying is VeraCrypt which is available for Windows, OS X and Linux operating systems. If you’ve been familiar with the TrueCrypt encryption software that’s been discontinued in 2014, then you will have no problem using VeraCrypt.

Just like BitLocker, it supports Advanced Encryption Standard (AES) and can hide encrypted volumes within other volumes.

veracrypt screenshot 1

This encryption software is a great alternative to TrueCrypt tool and is constantly getting improvements and security enhancements.

You can use its dedicated beginner’s step-by-step guide to get started and download it from here.

4. FileVault 2

Are you interested in encrypting your data stored on your Mac safe? We recommend evaluating this free encryption software tool which is Apple’s implementation of encrypting data on macOS and Mac hardware.

Just like BitLocker and VeraCrypt tools, FileVault 2 (FileVault full-disk encryption) uses XTS-AES-128 encryption with a 256-bit key “to help prevent unauthorized access to the information on your startup disk”.

This version appeared in 2011 and is available in OS X Lion or later to secure users’ data. Use this guide to turn on FileVault.

FileVault

5. DiskCryptor

It is another Windows-only free encryption software you can use to encrypt your internal and external drive, including system partition, and even ISO images.

This software tool provides multiple encryption algorithms such as AES, Twofish, and Serpent, and the working system is quite simple: select your drive and click on “Encrypt” to protect your data available on it.

The file encryption software can be used as a good alternative to TrueCrypt tool and has a quick and easy installation procedure requiring a computer restart to finish. Here’s a tutorial and full review of DiskCryptor.

Source: Lifewire.com

DiskCryptor can also encrypt external USB flash drives or any other storage devices and use it to mount or unmount them. You can download it from here

Software encryption for your files

6. 7-Zip

Many users are not interested in encrypting the entire hard disk, but only specific files and documents that store valuable data or information.

7-Zip is a free encryption software with open source, a powerful and lightweight solution well-known for its simplicity. This software tool is capable of extracting most archives and it features strong AES-256 encryption.

The program is easy to get used to when encrypting your own files and it uses one of the best compression formats. It’s also available in 87 languages and compatible with even the oldest of Windows versions, plus Linux.

7. AxCrypt

Just like 7-Zip, AxCrypt is a free and open source encryption tool for Windows which can be used mainly for protecting essential files from users’ system.

It is a lightweight tool (around 1MB in size) and is efficient to encrypt a file, an entire folder or a group of files with a simple right-click.

The files can be encrypted for a specific period of time and can auto-decrypt later on when that file reaches the destination.

As I said in the beginning, its main purpose is to protect specific files and not entire hard drives, although it does offer protection against major cracking methods used by cyber criminals. Plus, you can use it to encrypt your sensitive data before backing it up in the cloud or on external hard drives. AxCrypt can be downloaded here.

If you’re looking for even more tools and programs that you can use to encrypt computer hard drives or your sensitive data, this list is a great resource to explore!

Software tools to encrypt your online traffic

Encrypting your files is not enough. To enhance protection, you need to make sure no one can eavesdrop on your communication over the Internet.

So, how can I increase my online security without creating too many barriers that may slow down my access to information posted online?

See below a few simple tools you can use to access online content and stay safe from data breaches at the same time.

8. HTTPS Everywhere 

To make sure you always access secure web pages that use encryption mechanisms, we recommend trying a browser extension like HTTPS Everywhere, which is compatible with Mozilla Firefox, Opera, and Google Chrome.

While some security analysts argue that even secure websites aren’t bulletproof, it’s much better than doing nothing. After all, these secure websites have encryption and authentication standards that are meant to ensure the confidentiality of your online activities.

When you use HTTPS Everywhere, your browser will go through an authentication process while connecting to a secure website. This process uses cryptography to verify that a secure connection is maintained.

Using a little extension like HTTPS Everywhere, which encrypts your communication with major websites, will make your online activities more secure from the dangers of cybercrime.


This is a good list of 9+ free #encryption tools to use if you’re concern about your data…
Click To Tweet


9. Tor Browser

If you want something close to complete privacy, try the Tor browser which allows you to access Internet anonymously using the Tor network of computers.

The special Tor browser has been designed to be used by anyone who wants to conceal any browsing activity from prying eyes.

The most recent version of this browser, Tor Browser 8.0a2, is now available and it features many updates and improvements, both in terms of stability and privacy.

For those who don’t know,  Tor is the short version of “The Onion Router” and directs your Internet traffic by encrypting the IP address from where it came. Using an encryption software like Tor will make it more difficult for any Internet activity to be traced back to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”

You can read more details in this review.

10. CyberGhost

Another alternative to becoming anonymous online and encrypt your communications is to use a Virtual Private Network (VPN).

This private network is able to spread across the normal Internet space, using its resources to create an encrypted channel that can keep your communication safe from interception attempts.

Usually, employees who work remotely use a VPN to access the private company network. This way, they can run online operations or transfer highly confidential documents in complete privacy.

But that doesn’t mean VPN software is just for corporate users. I recommend you use this type of software when connecting to unsafe public networks or when you want to access content whose distribution is restricted to a certain geographical area.

CyberGhost is a popular VPN solution to ensure that your web traffic and valuable information remain encrypted. Configuration is simple and easy to use and includes 256-bit AES encryption, to enhance online privacy. Once you activate CyberGhost, you’ll be able to browse anonymously from another country and get access to more than 1,000 servers across 50+ countries.

If you need VPN for day-to-day or occasional use ( free Wifi in airports, hotels, coffee shop and any other places you go), the free ad-supported plan should be a good option to choose.

Source: TechRadar.com

It includes a 30-day money-back guarantee for everything else and friendly support. A VPN service provider like Cyberghost helps you keep your data protected and secure your digital assets. Cyberghost works with Windows, macOS, iOS, Android, Linux or routers.

This video will show you how a VPN works and for more details about this service, you can read this review.

11. ExpressVPN 

For privacy enthusiasts, here’s another VPN service you can use to encrypt your data and keep cybercriminals at bay. Just like CyberGhost, this one uses 256-bit AES encryption technology and the set-up is simple. All you have to do is download, install and connect to ExpressVPN with a few clicks.

Compatible with multiple devices, it works on Windows, Mac, iOS, Android, or Linux and connects to more than 148 locations in 90+ countries. It’s not entirely free, but you can use it free of charge for up to one month and get a 30-day money back guarantee. Here are more free VPN services you can try.

Source: VPNMentor.com

12. Online Proxy Server – Hide Your IP Address

If you find the process of installing and using a VPN or the Tor browser too difficult, you can still rely on a basic privacy measure: an online proxy server. Using a proxy server, you can simply hide your IP address and surf online accessing various sites anonymously.

Keep in mind that a web proxy server can’t offer the encryption channel you get from a VPN solution and can’t hide your online communication through an entire network like Tor. But you’ll still have an indirect link between your computer and the website you access. This should provide basic protection for small browsing activities.

If you’re a Windows 10 user and want to see how you can set up a proxy, use this guide to learn more.

Protection guide to enhance your online safety

To keep your valuable information safe from malicious actors, encryption is not enough. In our blog posts, we often emphasize that no single security solution is enough to offer the best protection for your digital assets. You need multiple layers of security to keep your data safe against online threats like ransomware, data-stealing malware, financial Trojans. Learn more about our product, Heimdal PRO, and what can do for you.

The cyber criminals’ arsenal includes a lot of weapons that we need to shield our systems from. They continuously work on changing their tactics during the cyber attacks, so it’s for your own best to take all the security measures needed.

Since there are so many online threats out there, here what you can do to improve your online security:

  • Keep your browser and operating system updated with the latest security patches. Make sure you have the latest versions running on your system. Online criminals spread malicious tools by using security exploits to take advantage of your system’s vulnerabilities. Patching is key, as the experts said it again and again.
  • Use a reliable security solution from a trusted company. To keep your system safe from the latest threats, the software should include a real-time traffic scanning engine. This ensures that every connection to and from the Internet is scanned for threats. Start with an antivirus, but don’t forget that it, too, is not enough.
  • Be very careful when connecting to public and free wireless networks. One of the favorite methods used by online criminals to retrieve your credentials is to use wireless sniffers to access data you send over unprotected networks.
  • Education remains the main key to better secure your digital assets, so we recommend signing up for this free educational resource, The Daily Security Tip, and learn how to stay safe online.

When you think about encryption, have in mind the whole picture and consider its role in your overall security strategy: it’s a great, reliable way to ensure that your personal information doesn’t get harvested by cyber criminals when you browse the Internet.

How do you see encryption in the bigger picture of Internet security? Are you using any type of encryption for your data at the moment?

Share your thoughts and please let us know what other free encryption software you are using.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

The post 9+ Free Encryption Software Tools To Protect Your Data [Updated 2018] appeared first on Heimdal Security Blog.