Category Archives: McAfee Mobile Security

Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know

cash appsI can’t recall the last time I gave my teenage daughter cash for anything. If she needs money for gas, I Venmo it. A Taco Bell study break with the roommates? No problem. With one click, I transfer money from my Venmo account to hers. She uses a Venmo credit card to make her purchase. To this mom, cash apps may be the best thing to happen to parenting since location tracking became possible. But as convenient as these apps may be, are they safe for your family to use?

How do they work?

The research company, eMarketer, estimates that 96.0 million people used Peer-to-Peer (P2P) payment services this year (that’s 40.4% of all mobile phone users), up from an estimated 82.5 million last year.

P2P technology allows you to create a profile on a transfer app and link your bank account or credit card to it. Once your banking information is set up, you can locate another person’s account on the app (or invite someone to the app) and transfer funds instantly into their P2P account (without the hassle of getting a bank account number, email, or phone number). That person can leave the money in their app account, move it into his or her bank account, or use a debit card issued by the P2P app to use the funds immediately. If the app offers a credit card (like Venmo does), the recipient can use the Venmo card like a credit card at retailers most anywhere. 

Some of the more popular P2P apps include Venmo, Cash App, Zelle, Apple Pay, Google Wallet, PayPal.me, Facebook Messenger, and Snapcash, among others. Because of the P2P platform’s rapid growth, more and more investors are entering the market each day to introduce new cash apps, which is causing many analysts to speculate on need for paper check transactions in the future.

Are they safe?

While sending your hard-earned money back and forth through cyberspace on an app doesn’t sound safe, in general, it is. Are there some exceptions? Always. 

Online scam trends often follow consumer purchasing trends and, right now, the hot transaction spot is P2P platforms. Because P2P money is transferred instantly (and irreversibly), scammers exploit this and are figuring out how to take people’s money. After getting a P2P payment, scammers then delete their accounts and disappear — instantly

In 2018 Consumer Reports (CR) compared the potential financial and privacy risks of five mobile P2P services with a focus on payment authentication and data privacy. CR found all the apps had acceptable encryption but some were dinged for not clearly explaining how they protected user data. The consumer advocacy group ranked app safety strength in this order: Apple Pay, Venmo, Cash App, Facebook Messenger, and Zelle. CR also noted they “found nothing to suggest that using these products would threaten the security of your financial and personal data.”

While any app’s architecture may be deemed safe, no app user is immune from scams, which is where app safety can make every difference. If your family uses P2P apps regularly, confirm each user understands the potential risks. Here are just a few of the schemes that have been connected to P2P apps.

cash apps

Potential scams

Fraudulent sellers. This scam targets an unassuming buyer who sends money through a P2P app to purchase an item from someone they met online. The friendly seller casually suggests the buyer “just Venmo or Cash App me.” The buyer sends the money, but the item is never received, and the seller vanishes. This scam has been known to happen in online marketplaces and other trading sites and apps.

Malicious emails. Another scam is sending people an email telling them that someone has deposited money in their P2P account. They are prompted to click a link to go directly to the app, but instead, the malicious link downloads malware onto the person’s phone or computer. The scammer can then glean personal information from the person’s devices. To avoid a malware attack, consider installing comprehensive security software on your family’s computers and devices.

Ticket scams. Beware of anyone selling concert or sporting event tickets online. Buyers can get caught up in the excitement of scoring tickets for their favorite events, send the money via a P2P app, but the seller leaves them empty-handed.

Puppy and romance scams. In this cruel scam, a pet lover falls in love with a photo of a puppy online, uses a P2P app to pay for it, and the seller deletes his or her account and disappears. Likewise, catfish scammers gain someone’s trust. As the romantic relationship grows, the fraudulent person eventually asks to borrow money. The victim sends money using a P2P app only to have their love interest end all communication and vanish.  

P2P safety: Talking points for families

Only connect with family and friends. When using cash apps, only exchange money with people you know. Unlike an insured bank, P2P apps do not refund the money you’ve paid out accidentally or in a scam scenario. P2P apps hold users 100% responsible for transfers. 

Verify details of each transfer. The sender is responsible for funds, even in the case of an accidental transfer. So, if you are paying Joe Smith your half of the rent, be sure you select the correct Joe Smith, (not Joe Smith_1, or Joe Smithe) before you hit send. There could be dozens of name variations to choose from in an app’s directory. Also, verify with your bank that each P2P transaction registers.

Avoid public Wi-Fi transfers. Public Wi-Fi is susceptible to hackers trying to access valuable financial and personal information. For this reason, only use a secure, private Wi-Fi network when using a P2P payment app. If you must use public Wi-Fi, consider using a Virtual Private Network (VPN).

cash apps

Don’t use P2P apps for business. P2P apps are designed to be used between friends and include no-commercial-use clauses in their policies. For larger business transactions such as buying and selling goods or services use apps like PayPal. 

Lock your app. When you have a P2P app on your phone, it’s like carrying cash. If someone steals your phone, they can go into an unlocked P2P app and send themselves money from your bank account. Set up extra security on your app. Most apps offer PINs, fingerprint IDs, and two-factor authentication. Also, always lock your device home screen.

Adjust privacy settings. Venmo includes a feed that auto shares when users exchange funds, much like a social media feed. To avoid a stranger seeing that you paid a friend for Ed Sheeran tickets (and won’t be home that night), be sure to adjust your privacy settings. 

Read disclosures. One way to assess an app’s safety is to read its disclosures. How does the app protect your privacy and security? How does the app use your data? What is the app’s error-resolution policy? Feel secure with the app you choose.

We’ve learned that the most significant factor in determining an app’s safety comes back to the person using it. If your family loves using P2P apps, be sure to take the time to discuss the responsibility that comes with exchanging cash through apps. 

The post Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know appeared first on McAfee Blogs.

3 Things You [Probably] Do Online Every Day that Jeopardize Your Family’s Privacy

Even though most of us are aware of the potential risks, we continue to journal and archive our daily lives online publically. It’s as if we just can’t help it. Our kids are just so darn cute, right? And, everyone else is doing it, so why not join the fun?

One example of this has become the digital tradition of parents sharing first-day back-to-school photos. The photos feature fresh-faced, excited kids holding signs to commemorate the big day. The signs often include the child’s name, age, grade, and school. Some back-to-school photos go as far as to include the child’s best friend’s name, favorite TV show, favorite food, their height, weight, and what they want to be when they grow up.

Are these kinds of photos adorable and share-worthy? Absolutely. Could they also be putting your child’s safety and your family’s privacy at risk? Absolutely.

1. Posting identifying family photos

Think about it. If you are a hacker combing social profiles to steal personal information, all those extra details hidden in photos can be quite helpful. For instance, a seemingly harmless back-to-school photo can expose a home address or a street sign in the background. Cyber thieves can zoom in on a photo to see the name on a pet collar, which could be a password clue, or grab details from a piece of mail or a post-it on the refrigerator to add to your identity theft file. On the safety side, a school uniform, team jersey, or backpack emblem could give away a child’s daily location to a predator.

Family Safety Tips
  • Share selectively. Facebook has a private sharing option that allows you to share a photo with specific friends. Instagram has a similar feature.
  • Private groups. Start a private Family & Friends Facebook group, phone text, or start a family chat on an app like GroupMe. This way, grandma and Aunt June feel included in important events, and your family’s personal life remains intact.
  • Photo albums. Go old school. Print and store photos in a family photo album at home away from the public spotlight.
  • Scrutinize your content. Think before you post. Ask yourself if the likes and comments are worth the privacy risk. Pay attention to what’s in the foreground or background of a photo.
  • Use children’s initials. Instead of using your child’s name online, use his or her initials or even a digital nickname when posting. Ask family members to do the same.

2. Using trendy apps, quizzes & challengesfamily privacy

It doesn’t take much to grab our attention or our data these days. A survey recently conducted by the Center for Data Innovation found that 58 percent of Americans are “willing to share their most sensitive personal data” (including medical and location data) in return for using apps and services.

If you love those trendy face-morphing apps, quizzes that reveal what celebrity you look like, and taking part in online challenges, you are likely part of the above statistic. As we learned just recently, people who downloaded the popular FaceApp to age their faces didn’t realize the privacy implications. Online quizzes and challenges (often circulated on Facebook) can open you up to similar risk.

Family Safety Tips

  • Slow down. Read an app’s privacy policy and terms. How will your content or data be used? Is this momentary fun worth exchanging my data?
  • Max privacy settings. If you download an app, adjust your device settings to control app permissions immediately.
  • Delete unused apps. An app you downloaded five years ago and forgot about can still be collecting data from your phone. Clean up and delete apps routinely.
  • Protect your devices. Apps, quizzes, and challenges online can be channels for malicious malware. Take the extra step to ensure your devices are protected.

3. Unintentionally posting personal details

Is it wrong to want an interesting Facebook or Instagram profile? Not at all. But be mindful you are painting a picture with each detail you share. For instance: It’s easy to show off your new dog Fergie and add your email address and phone number to your social profile so friends can easily stay in touch. It’s natural to feel pride in your hometown of Muskogee, to celebrate Katie Beth‘s scholarship and Justin‘s home run. It’s natural to want to post your 23rd anniversary to your beloved Michael (who everyone calls Mickey Dee) on December 15. It’s also common to post about a family reunion with the maternal side of your family, the VanDerhoots.

family privacyWhile it may be common to share this kind of information, it’s still unwise since this one paragraph just gave a hacker 10+ personal details to use in figuring out your passwords.

Family Safety Tips

  • Use, refresh strong passwords. Change your passwords often and be sure to use a robust and unique password or passphrase (i.e., grannymakesmoonshine or glutenfreeformeplease) and make sure you vary passwords between different logins. Use two-factor authentication whenever possible.
  • Become more mysterious. Make your social accounts private, use selective sharing options, and keep your profile information as minimal as possible.
  • Reduce your friend lists. Do you know the people who can daily view your information? To boost your security, consider curating your friend lists every few months.
  • Fib on security questions. Ethical hacker Stephanie Carruthers advises people who want extra protection online to lie on security questions. So, when asked for your mother’s maiden name, your birthplace, or your childhood friend, answer with Nutella, Disneyland, or Dora the Explorer.

We’ve all unwittingly uploaded content, used apps, or clicked buttons that may have compromised our privacy. That’s okay, don’t beat yourself up. Just take a few hours and clean up, lockdown, and streamline your social content. With new knowledge comes new power to close the security gaps and create new digital habits.

The post 3 Things You [Probably] Do Online Every Day that Jeopardize Your Family’s Privacy appeared first on McAfee Blogs.

7 Questions to Ask Your Child’s School About Cybersecurity Protocols

Just a few weeks into the new school year and, already, reports of malicious cyberattacks in schools have hit the headlines. While you’ve made digital security strides in your home, what concerns if any should you have about your child’s data being compromised at school?

There’s a long and short answer to that question. The short answer is don’t lose sleep (it’s out of your control) but get clarity and peace of mind by asking your school officials the right questions. 

The long answer is that cybercriminals have schools in their digital crosshairs. According to a recent report in The Hill, school districts are becoming top targets of malicious attacks, and government entities are scrambling to fight back. These attacks are costing school districts (taxpayers) serious dollars and costing kids (and parents) their privacy.


Prime Targets

According to one report, a U.S. school district becomes the victim of cyberattack as often as every three days. The reason for this is that cybercriminals want clean data to exploit for dozens of nefarious purposes. The best place to harvest pure data is schools where social security numbers are usually unblemished and go unchecked for years. At the same time, student data can be collected and sold on the dark web. Data at risk include vaccination records, birthdates, addresses, phone numbers, and contacts used for identity theft. 

Top three cyberthreats

The top three threats against schools are data breaches, phishing scams, and ransomware. Data breaches can happen through phishing scams and malware attacks that could include malicious email links or fake accounts posing as acquaintances. In a ransomware attack, a hacker locks down a school’s digital network and holds data for a ransom. 

Over the past month, hackers have hit K-12 schools in New Jersey, New York, Wisconsin, Virginia, Oklahoma, Connecticut, and Louisiana. Universities are also targeted.

In the schools impacted, criminals were able to find loopholes in their security protocols. A loophole can be an unprotected device, a printer, or a malicious email link opened by a new employee. It can even be a calculated scam like the Virginia school duped into paying a fraudulent vendor $600,000 for a football field. The cybercrime scenarios are endless. 

7 key questions to ask

  1. Does the school have a data security and privacy policy in place as well as cyberattack response plan?
  2. Does the school have a system to educate staff, parents, and students about potential risks and safety protocols? 
  3. Does the school have a data protection officer on staff responsible for implementing security and privacy policies?
  4. Does the school have reputable third-party vendors to ensure the proper technology is in place to secure staff and student data?
  5. Are data security and student privacy a fundamental part of onboarding new school employees?
  6. Does the school create backups of valuable information and store them separately from the central server to protect against ransomware attacks?
  7. Does the school have any new technology initiatives planned? If so, how will it address student data protection?

The majority of schools are far from negligent. Leaders know the risks, and many have put recognized cybersecurity frameworks in place. Also, schools have the pressing challenge of 1) providing a technology-driven education to students while at the same time, 2) protecting student/staff privacy and 3) finding funds to address the escalating risk.

Families can add a layer of protection to a child’s data while at school by making sure devices are protected in a Bring Your Own Device (BYOD) setting. Cybersecurity is a shared responsibility. While schools work hard to implement safeguards, be sure you are taking responsibility in your digital life and equipping your kids to do the same. 

 

The post 7 Questions to Ask Your Child’s School About Cybersecurity Protocols appeared first on McAfee Blogs.

Say So Long to Robocalls

For as long as you’ve had a phone, you’ve probably experienced in one form or another a robocall. These days it seems like they are only becoming more prevalent too. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. While these scams vary by country, the most common type features the impersonation of legitimate organizations — like global tech companies, big banks, or the IRS — with the goal of acquiring user data and money. When a robocall hits, users need to be careful to ensure their personal information is protected.

It’s almost impossible not to feel anxious when receiving a robocall. Whether the calls are just annoying, or a cybercriminal uses the call to scam consumers out of cash or information, this scheme is a big headache for all. To combat robocalls, there has been an uptick in apps and government intervention dedicated to fighting this ever-present annoyance. Unfortunately, things don’t seem to be getting better — while some savvy users are successful at avoiding these schemes, there are still plenty of other vulnerable targets.

Falling into a cybercriminal’s robocall trap can happen for a few reasons. First off, many users don’t know that if they answer a robocall, they may trigger more as a result. That’s because, once a user answers, hackers know there is someone on the other end of the phone line and they have an incentive to keep calling. Cybercriminals also have the ability to spoof numbers, mimic voices, and provide “concrete” background information that makes them sound legitimate. Lastly, it might surprise you to learn that robocalls are actually perfectly legal. It starts to become a grey area, however, when calls come through from predatory callers who are operating on a not-so-legal basis.

While government agencies, like the Federal Communications Commission and Federal Trade Commission, do their part to curb robocalls, the fight to stop robocalls is far from over, and more can always be done. Here are some proactive ways you can say so long to pesky scammers calling your phone.

  1. There’s an app for that. Consider downloading the app Robokiller that will stop robocalls before you even pick up. The app’s block list is constantly updating, so you’re protected.
  2. Let unknown calls go to voicemail. Unless you recognize the number, don’t answer your phone.
  3. Never share personal details over the phone. Unfortunately, there’s a chance that cybercriminals may have previously obtained some of your personal information from other sources to bolster their scheme. However, do not provide any further personal or financial information over the phone, like SSNs or credit card information.
  4. Register for the FCC’s “Do Not Call” list. This can help keep you protected from cybercriminals and telemarketers alike by keeping your number off of their lists.
  5. Consider a comprehensive mobile security platform. Utilize the call blocker capability feature from McAfee Mobile Security. This tool can help reduce the number of calls that come through.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Say So Long to Robocalls appeared first on McAfee Blogs.

3 Tips for Protecting Against the New WhatsApp Bug

Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security vulnerability that exposes both iOS and Android devices to malicious spyware.

So, how does this cyberthreat work, exactly? Leveraging the new WhatsApp bug, hackers first begin the scheme by calling an innocent user via the app. Regardless of whether the user picks up or not, the attacker can use that phone call to infect the device with malicious spyware. From there, crooks can potentially snoop around the user’s device, likely without the victim’s knowledge.

Fortunately, WhatsApp has already issued a patch that solves for the problem – which means users will fix the bug if they update their app immediately. But that doesn’t mean users shouldn’t still keep security top of mind now and in the future when it comes to messaging apps and the crucial data they contain. With that said, here are a few security steps to follow:

  • Flip on automatic updates. No matter the type of application or platform, it’s always crucial to keep your software up-to-date, as fixes for vulnerabilities are usually included in each new version. Turning on automatic updates will ensure that you are always equipped with the latest security patches.
  • Be selective about what information you share. When chatting with fellow users on WhatsApp and other messaging platforms, it’s important you’re always careful of sharing personal data. Never exchange financial information or crucial personal details over the app, as they can possibly be stolen in the chance your device does become compromised with spyware or other malware.
  • Protect your mobile phones from spyware. To help prevent your device from becoming compromised by malicious software, such as this WhatsApp spyware, be sure to add an extra layer of security to it by leveraging a mobile security solution. With McAfee Mobile Security being available for both iOS and Android, devices of all types will remain protected from cyberthreats.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.