Category Archives: Mobile Security

Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.

Associate Microsoft and Pradeo to manage and secure Android Enterprise mobile devices

Want to learn more on how Android Enterprise works with existing mobility management and security solutions? This article will explain how Android Enterprise fits in a standard mobile ecosystem made of Microsoft Endpoint Manager solution and Pradeo Security Mobile Threat Defense.

Android Enterprise arrived like a call to action in the era of mobility. Even though it has its roots in Android 5.0 (Lollipop) launched in 2014, it comes now as a mandatory feature on all Android 10 devices when managed with an Enterprise Mobility Management solution.

Android Enterprise integrates smoothly into Microsoft Endpoint Manager to empower its capabilities and complements with Pradeo Security Mobile Threat Defense to ensure a full real-time protection.

To get a clear understanding on what to expect from Android Enterprise, we will firstly detail its DNA to then extend to its complementariness into the mobile landscape.

The homogenization of management capabilities as Android Enterprise DNA

To interact with devices, Unified Endpoint Management (UEM) solutions used to rely on manufacturers APIs implemented on top of the Android system and bringing a lot of inconsistency from one device to another. To reduce the hassle, Google created a native bundle of APIs enabled for all Android devices, regardless of the manufacturer. This homogenization of management across devices comes along with two key benefits being the creation of a containerized work/personal profile on the device and a managed Google Play store with work-approved applications.

Let’s dive a bit more into the different setup modes of work and personal profiles.

An image for the different setup modes of work and personal profiles.

The first mode from left to right called “BYOD” (acronym for Bring Your Own Device) refers to devices personally owned by the collaborators, but which are also used in a corporate context. The core principle in this configuration is that the device is not managed by the company and a containerized area is created for work activities (files, applications…). Therefore, the personal environment masters the device and the company only has control over the work profile.

The second hybrid mode takes the opposing view to BYOD configuration. Here, the work profile masters the whole device and the work/life separation lies in a personal sub-area. This configuration is usually known as COPE standing for Corporate Owned Personally Enabled.

In both COPE and BYOD modes, the separation consists in isolating work/life files, applications, and resources (messages, contacts, call logs…).

The Corporate Owned Business Only (COBO) configuration depicts a device fully managed by the company and strictly aimed for work. Thus, there is no dedicated area for personal activities and the enterprise has a complete view on the device.

Lastly, kiosk-managed devices also referred as COSU (Corporate Owned/Single Use) stick to COBO configuration where the work profile is locked down to only enable a targeted usage.

With these four specific types of configuration, organizations are free to have more or less control over the user device. With an ever-growing BYOD landscape, companies can decide to let employees work on their personal devices, while still having control over the work profile.

Ultimately, this containerization capability, already available in UEMs for some time, simplifies and unifies Android management but doesn’t really add a structuring security piece. At the same time, the managed Google Play store reflects the legacy mobile application management functionality delivered by UEMs.

Therefore, when implementing Microsoft Endpoint Point Manager, administrators will have to determine in which mode they will manage their corporate fleet. To add a layer of security on top of the combo Android Enterprise/Microsoft Endpoint Manager, they will have to pair it with a security layer like Pradeo Security Mobile Threat Defense.

Additional security awareness

Setting up a work/life separation as a data privacy measure adds an extra level of security. This should not be considered as a security gate. The exposure of corporate data through various setup modes needs extra consideration.

Network and device criteria apply for the entire device and a Man-In-The-Middle threat or a root/jailbreak exploit will injure the work profile the same way. Looking at applications, if validating the security level of applications prior to their distribution to the work area is a must-have, the assessment of on-device applications is not to forget. By downloading an application from the store either on the work or personal profile, corporate data are exposed to malware (screen logger, keylogger…) and intrusive or leaky applications (e.g.: exfiltrating contacts…) that could hit from one profile to the other.

In sum, the same security posture requires to be taken to protect Android Enterprise mobile devices as any other device.

Associate Microsoft and Pradeo to manage and secure Android Enterprise mobile devices

Pradeo and Microsoft’s long-lasting partnership aims at bringing security on top of devices management and fully applies in an Android Enterprise environment. The collaboration between the companies covers the two following use cases:

  • Agentless application vetting: Pradeo Security solution directly plugs in Microsoft Endpoint Manager (including Microsoft Intune) to retrieve the list of applications installed on the fleet and assess the security level of devices.
  • On-device security: the installation of the Pradeo Security agent on devices provides a 360° security coverage and real-time remediation.

Android Enterprise represents a core add-on to the Android framework homogenizing the management of devices across manufacturers and concretizing the undeniable work/life hybrid usage. If Android Enterprise capabilities draw the path of device administration, it does not however provide corporate tailored security, and this is the pitfall to be avoided when implementing it. Like any other device (Android, iOS), Android Enterprise must fall under the company security policy and benefit from real-time threat defense to ensure the protection of corporate data. Microsoft and Pradeo combine their capabilities to provide a thorough and dynamic security posture to Microsoft Endpoint Manager users and protect all the devices of the mobile fleet.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Associate Microsoft and Pradeo to manage and secure Android Enterprise mobile devices appeared first on Microsoft Security.

What to Do When Your Social Media Account Gets Hacked

You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account may have been hacked. What do you do? 

This is a timely question considering that social media breaches have been on the rise. A recent survey revealed that 22% of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once. 

So, how should you respond if you find yourself in a social media predicament such as this? Your first move—and a crucial one—is to change your password right away and notify your connections that your account may have been compromised. This way, your friends know not to click on any suspicious posts or messages that appear to be coming from you because they might contain malware or phishing attempts. But that’s not all. There may be other hidden threats to having your social media account hacked. 

The risks associated with a hacker poking around your social media have a lot to do with how much personal information you share. Does your account include personal information that could be used to steal your identity, or guess your security questions on other accounts? 

These could include your date of birth, address, hometown, or names of family members and pets. Just remember, even if you keep your profile locked down with strong privacy settings, once the hacker logs in as you, everything you have posted is up for grabs. 

You should also consider whether the password for the compromised account is being used on any of your other accounts, because if so, you should change those as well. A clever hacker could easily try your email address and known password on a variety of sites to see if they can log in as you, including on banking sites. 

Next, you have to address the fact that your account could have been used to spread scams or malware. Hackers often infect accounts so they can profit off clicks using adware, or steal even more valuable information from you and your contacts. 

You may have already seen the scam for “discount  sunglasses that plagued Facebook a couple of years ago, and recently took over Instagram. This piece of malware posts phony ads to the infected user’s account, and then tags their friends in the post. Because the posts appear in a trusted friend’s feed, users are often tricked into clicking on it, which in turn compromises their own account. 

So, in addition to warning your contacts not to click on suspicious messages that may have been sent using your account, you should flag the messages as scams to the social media site, and delete them from your profile page. 

Finally, you’ll want to check to see if there are any new apps or games installed to your account that you didn’t download. If so, delete them since they may be another attempt to compromise your account. 

Now that you know what do to after a social media account is hacked, here’s how to prevent it from happening in the first place. 

How to Keep Your Social Accounts Secure 

  • Don’t click on suspicious messages or links, even if they appear to be posted by someone you know. 
  • Flag any scam posts or messages you encounter on social media to the respective platform, so they can help stop the threat from spreading. 
  • Use unique, complex passwords for all your accounts. Use a password generator to help you create strong passwords and a password manager can help store them.  
  • If the site offers multi-factor authentication, use it, and choose the highest privacy setting available. 
  • Avoid posting any identity information or personal details that might allow a hacker to guess your security questions. 
  • Don’t log in to your social accounts while using public Wi-Fi, since these networks are often unsecured and your information could be stolen. 
  • Always use comprehensive security software that can keep you protected from the latest threats. 
  • Keep up-to-date on the latest scams and malware threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook. 

The post What to Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.

iPhone Hacks: What You Need to Know About Mobile Security

Guest Post by Jennifer Bell

Learn How Hackers Steal and Exploit Information to Ensure This Doesn’t Happen to You 


Cybersecurity is an important topic to know and understand in order to keep your information safe and secure. Even more specifically, it’s important to know and understand mobile security as well. Mobile security, especially with iPhones, is crucial as hackers are becoming smarter and more creative when it comes to iCloud hacks. Apple has partnered with network hardware and insurance companies such as Cisco and Aon to provide security against data breaches; but how can you ensure that even with these Apple partnerships that your iPhone is secure and protected against hackers? Here are the most common ways that hackers get into iPhones to steal or exploit personal information, keep these points in mind to best protect yourself from mobile security hacks.


Poor Passwords
Often, poor password choices or poor password management allows hackers to easily hack into iPhones and other Apple products. Hackers are skilled at obtaining Apple IDs and passwords using phishing scams which are attempts to obtain personal data and information by posing as credible and trustworthy electronic entities. Here are some tips to protect your password from hackers and phishing scams:

  • Set up two-factor authentication for your Apple account 
  • Choose passwords that have no significant personal meaning; such as birthdays or names of family or pets. Hackers can easily do their research and make educated guesses as to what a password maybe 
  • Back up information in other places besides just the iCloud 
  • Change all passwords if even just one account is hacked 
Untrustworthy Websites
One of the most common ways that hackers make their way into iPhones and other Apple products is by using websites that are not credible. These websites either have holes in the software that allows hackers to get into an iPhone or, they use websites to ask for personal information such as credit card information or contact information. How do you know if a website is credible?
  • Ask yourself, does this website look trustworthy? Have I ever heard of it? Does it make sense for it to be asking me these questions? 
  • Use a secure middle layer payment option for purchases. Using PayPal or Visa Checkout is a great way to make payments online because the payment is not directly connected to any of your bank information 
  • Don’t open emails or any attachments that link you to a website if it comes from an untrusted sender 
  • Look up websites if you haven't ever heard of them. If the website is untrustworthy, it’s likely that people have been scammed or hacked on there before and have shared/posted their story 
Public WiFi Networks
Hackers have been known to gain access to iPhones using WiFi spoofing which is creating a WiFi network that doesn’t require a password and seems like a trustworthy network. Computer forensic services have also discovered that if your iPhone is set up to automatically connect to WiFi, your iPhone will automatically sync up to a spoofed WiFi network and will open your phone up to hackers without you knowing. Avoiding public WiFi networks can potentially save your iPhone from hackers; similarly, avoid public hotspots for the same reason. 

Protect Your iPhone From Cyberattacks
Hackers are becoming more and more knowledgeable when it comes to stealing and exploiting people’s personal information found on their iPhones. Keep these points in mind and remember to keep your iPhone’s software up to date; these things can ultimately secure your personal information and save you from falling victim to hackers’ harsh motives.

About the Author 

Jennifer Bell is a freelance writer, blogger, dog-enthusiast and avid beachgoer operating out of Southern New Jersey

Why Should You Pay for a Security Solution?

Safe Online Dating

Do you ever go a single day without using a digital device? The answer is probably not. According to the Digital 2019 report by Hootsuite and We Are Social, users spend almost 7 hours a day online. And due to the recent stay-at-home orders, that number has only increased (internet hits recently surged between 50% to 70%). What’s more, U.S. households are now estimated to have an average of 11 connected devices – that’s almost 3 devices per person in my family!  

As the use of devices, apps, and online services increases daily, so do the number of online threats consumers face. That’s why it is important users consider what the best method is for securing their digital life 

My advice? Use a comprehensive security solution (and I’m not only saying this because I work for McAfee). Here’s why. 

The Limitations of Free Security Tools

Let’s be real – we all love free stuff (Costco samples anyone?). However, when it comes to my family’s security, am I willing to risk their safety due to the limitations of free solutions?  

Free tools simply don’t offer the level of advanced protection that modern technology users need. Today’s users require solutions that are as sophisticated as the threats they face, including everything from new strains of malware to hacking-based attacks. These solutions also quite literally limit consumers’ online activity too, as many impose limits on which browser or email program the user can leverage, which can be inconvenient as many already have a preferred browser or email platform (I know I do).  

Free security solutions also carry in-app advertising for premium products or, more importantly, may try to sell user data. Also, by advertising for premium products, the vendor indirectly admits that a free solution doesn’t provide enough security. These tools also offer little to no customer support, leaving users to handle any technical difficulties on their own. What’s more, most free security solutions are meant for use on only one device, whereas the average consumer owns over three connected devices. 

Security should provide a forcefield that covers users in every sense of the word – the devices they use, where they go online, how they manage and store information, and their personal data itself 

Connected Consumers Need Comprehensive Solutions

Today’s users need more than just free tools to live their desired digital life. To truly protect consumers from the evolving threat landscape, a security solution must be comprehensive. This means covering not only the user’s computers and devices, but also their connections and online behaviors. Because today’s users are so reliant on their devices and connections to bridge the gap between themselves and the outside world, security solutions must work seamlessly to shield their online activity – so seamlessly that they almost forget the solution is there. This provides the user with the protection they need without the added distractions of in-app advertising or the constant worry that their subpar solution might not secure them from common online threats.  

Why McAfee Matters

Free security products might provide the basics, but a comprehensive solution can protect the user from a host of other risks that could get in the way of living their life to the fullest. McAfee knows that users want to live their digital lives free from worry. That’s why we’ve created a line of products to help consumers do just that. With McAfee® Total Protection, users can enjoy robust security software with a comprehensive, yet holistic approach to protection.  

First, consumers are safeguarded from malware with cloud-based threat protection that uses behavioral algorithms to detect new threats – specifically protecting the device and web browsing. The software’s detection capabilities are constantly being updated and enhanced, without compromising the performance of users’ devices.  

McAfee also provides users with protection while surfing the web, where they can face a minefield of malicious ads or fraudulent websites. These pesky threats are designed to download malware and steal private information. That’s why McAfee® LiveSafe and McAfee® Total Protection include McAfee® WebAdvisor – web protection that enables users to sidestep attacks before they happen with clear warnings of risky websites, links, and files. They also include McAfee® Identity Theft Protection, which helps users stay ahead of fraud with Dark Web monitoring and SSN Trace to see if personal information has been put at risk 

Finally, we can’t forget about the importance of mobile threat detection, given that consumers spend nearly half of their online time via their mobile devices. Hackers are fully aware that we live in a mobile world, and coincidentally they’ve stepped up mobile attacks. That’s why McAfee solutions provide multi-device protection so you can safely connect while on the go.  

With robust, comprehensive security in placeyour family’s devices will be consistently protected from the latest threats in the ever-evolving security landscape. With all these devices safeeveryone’s online life is free from worry.   

Stay Updated

To stay updated on all things  McAfee  and on top of the latest consumer and mobile security threats, follow @McAfee_Homeon Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post Why Should You Pay for a Security Solution? appeared first on McAfee Blogs.

70% apps in common use have security flaws. Are you protected?

Most of the popular applications we use today are built upon open-source libraries – free code repositories that help developers to create readymade applications. But, how safe are those libraries? According to a recent report, not very. Almost 70 percent of apps in common use were found to have flaws…

Cool and Helpful McAfee Tech to Help Secure Your Online Life

These days, we’re all actively engaging onlineWhether it’s my kids scrolling through social media, my wife video chatting with her friends and online shopping, or me checking my emails, we’re all leveraging the devices in front of us to keep our lives moving forward.   

What many people don’t realize is that there are technologies that we can implement into our daily online routines that will not only help us achieve our digital tasks more effectively but safeguard our privacy as well. If there’s a way I can browse the internet more quickly and securely than before, I’m here for it!  

Tools Anyone Can Use

There are a lot of free and easy-to-use technologies out there that can benefit you – you just need to learn what they are first! With that, let’s explore cool technologies that not too many people may know about, which can positively impact your online life.  

Safe Browsing Solutions

The internet is a vast sea of content, both good and bad. And we’re all navigating that sea to learn, work, and socialize online. But when you’re trying to browse as efficiently as possible, it can be tricky to tell the safe websites from the suspicious ones. That’s where a security solution like McAfee® WebAdvisor comes in to play.  

McAfee® WebAdvisor can help keep you safe from online threats like malware and phishing attempts while you surf the web. For example, the tool places a checkmark next to all the safe links, making security decisions much easier for the everyday internet user, like my wife when she’s on a mission to shop online. And it is free too! 

Virtual Private Network (VPN)

Even the average internet surfer like you and me should consider using a Virtual Private Network (VPN), as it essentially allows you to send and receive data across a public network as if it were a private network. A VPN encrypts  or scrambles  your information so others cant read it, helping to safeguard your data. VPNs are especially handy for when you are working remote or if you want full access to the internet while you’re traveling, or if you simply want to protect your privacy. McAfee® Safe Connect is a great and affordable option (with a limited free version available too) for users who are looking for a solution that is not only easy to implement, but one that also provides bank-grade encryption and private browsing to protect all online activities 

Password Managers

Speaking of pesky passwords, another way to easily secure your online accounts is with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically. Who says staying secure has to be complicated? 

While many password managers are free, its important users do their research and adopt password managers from companies they trust. Another option? Some password managers also come included in a comprehensive security solution, like McAfee® Total Protection. 

Robocall Blocking Apps

At one time or another, you’ve probably experienced a mysterious phone call from an “Unknown Caller.” If you’ve ever actually bothered to pick up one of these calls, you’ve likely heard a strange, robotic voice on the other end claiming to be from a certain organization or asking you to take action. Whether the call itself is just annoying or is coming from a criminal looking to scam consumers out of cash or information, one thing is certain – robocalls are a huge headache.  

Unfortunately, these pesky phone calls have shown no signs of slowing down. In fact, it was recently reported that robocall scams surged to 85 million globally, up 325% from 2017. Luckily there are multiple robocall blocking apps and tools users can adopt to avoid phone spam. Additionally, you can register on the FCC’s National Do Not Call list for added protection. 

Multi-Factor Authentication

If you read my previous blog, you know that many of the common password habits that we use can lead to multiple security concerns. That said, passwords are just the first line of defense when it comes to securing online accounts – so what happens if a hacker makes it through that security barrier? Enter two-factor or multi-factor authentication.  

These days, most people have heard of two-factor authentication. To put it simply, the tech utilizes two checkpoints to verify the user’s identity. These could be answers to security questions, a one-time password texted to your smartphone, a fingerprint scan, or facial recognition. While two-factor authentication is a great starting point, there’s also multi-factor authentication – which, as it sounds, means a user must address multiple types of proof points before gaining access to an account or device. In fact, multi-factor authentication is becoming more and more intuitive thanks to artificial intelligence, as it can select a combination of authentication factors based on a user’s risk profile and habits.  

This technology is easy to integrate into your life, as it’s often a simple add-on to a lot of the things we already own. For example, you can activate face-ID on your iOS phone or fingerprint on your Android phone and boom, you’ve got two-factor authentication! 

Tools for Current McAfee Subscribers

Are you currently subscribed to McAfee® Total Protection or McAfee® LiveSafe? If so, there might be some cool tools within these solutions that you aren’t taking full advantage of that can help boost your security and improve your online experience. The more you know, right? 

For example, if you are a current McAfee® LiveSafe subscriber, you automatically have access to McAfee’s secure VPN and McAfee File Lock. If you are currently subscribed to McAfee® Total Protection, you have access to a whole host of security tools including a password manager and VPN. Additionally, McAfee® Total Protection gives you access to McAfee® Identity Theft Protectionwhich is a great tool for monitoring fraud. Finally, if you’re looking to delete some sensitive files, you can use McAfee® Shredder™ to completely ensure that no traces are left behind. By employing the full range of these tools, current McAfee subscribers can take their security to the next level and surf the internet without missing a beat.  

Cool Tech, Stronger Security

By taking advantage of these free, existing, and easily accessible tools, you can both improve every facet of your online life – whether that means social interactions, online shopping, or sending emails – and keep your information secure. You can have fun online and easily integrate security into your day-to-day which, in my opinion, is a win win. 

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post Cool and Helpful McAfee Tech to Help Secure Your Online Life appeared first on McAfee Blogs.

Protect Yourself Against Phishing Scams With These Security Tips

Making Media #FromHome

Phishing is one of the oldest cyberthreats in the book, and yet still one of the most effective. As people across the globe find themselves taking to the internet more than ever before, criminals see this as an opportunity to release phishing attacks on unsuspecting users. In fact, Security Boulevard found a 600% rise in phishing campaigns in the last month. So, as users leverage the World Wide Web to stay connected with friends and loved ones, it’s imperative that they remain wary of scammers looking to exploit our need to virtually communicate. With that, let’s take a look at why phishing is so effective even in 2020 and explore what actions users can take to stay protected. 

What is Phishing?

Phishing attacks occur when scammers attempt to trick users out of money or personal information, usually by email, phone, or text. With so many avenues for criminals to hook victims, phishing is one of the most prevalent threats we see today. As part of their phishing schemes, scammers often use something called social engineering to manipulate users into trusting them for fraudulent purposes, often by pretending to be a legitimate person or business. Through these phishing attacks, criminals can spread malware and other malicious content.  

The Evolution of Phishing

As new technology and circumstances arise, scammers find new ways to evolve the age-old technique of phishing. What originated as email and instant messages attempting to steal users’ credentials has since taken on new forms like SMiShing or adapted its content to hook the victim with a shocking subject line. 

Why has this technique continued to plague users since its inception? Hackernoon argues that it’s because phishing doesn’t require in-depth networking knowledge or even basic programming skills. It simply relies on human error and the lack of online security awareness, manipulating human psychology just as much as technological tools.  

Phishing Capitalizes on Emotion

Let’s face it – we’re all human. Our inherent psychology makes us quick to act on emotion. However, this is much of the reason why phishing has forged on as a favorite among hackers. Unfortunately, criminals tend to capitalize on bad or shocking news to grasp the victim’s attention, leading them to click on malicious links or give up personal data all too eagerly. Take today’s environment, for example. As businesses are faced with budget cuts and organizational restructuring, many users might be uncertain about their job security – an opportunity that scammers are eager to exploit. In fact, some organizations have recently observed phishing emails with subject lines reading “HR Termination List.” Through these malicious attempts, fraudsters use fear tactics to tempt recipients into clicking on links in emails or downloading dangerous content.  

With millions of users suddenly out of work, a lot of people have found themselves desperately looking for new job opportunities or seeking financial help. However, users should not let their guard down while job hunting, as this could prevent them from noticing the tell-tale signs of phishing. According to The Motley Fool, some phishing emails and text messages claim to offer work-from-home job opportunities, information about health insurance or Medicare, or loans or other forms of financial reliefIn fact, the Federal Communications Commission (FCC) reported that many Americans have received texts from the “FCC Financial Care Center” offering $30,000 in relief for those who have recently been laid off or furloughed. While this might appear to be a saving grace, it’s a stealthy demise to trick users into giving up their credentials.  

Act Now to Stay Protected

So, whether you’re working from homeparticipating in distance learning to complete college courses, or video chatting with loved ones, there will always be fraudsters looking to exploit your online activity. However, there are proactive measures you can take to help ensure your security. First and foremost is using comprehensive security softwareIf you’ve never been targeted by a phishing scam, it might be difficult to envision the benefit of installing a security solution. You might even be convinced that if you haven’t been targeted yet, then you won’t be in the future. However, there’s no off-season when it comes to security. As fraudsters continue to evolve their techniques, employing the help of security software will act as an added safety net in the event that a phishing email appears in your inbox.  

Aside from using comprehensive security software, here are some other tips to help protect your online security.  

Go directly to the source

Be skeptical of emails or text messages claiming to be from organizations with peculiar asks or with information that seems too good to be true. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service. 

Be cautious of emails asking you to act

If you receive an email or text asking you to take a certain action or download software, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links. 

Hover over links to see and verify the URL

If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether. 

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post Protect Yourself Against Phishing Scams With These Security Tips appeared first on McAfee Blogs.

World Password Day 2020

Are Your Password Habits Keeping You Safe Online?

Learning how to navigate our entire lives online has definitely been a steep learning curve for many of us over the last few weeks. Whether it’s working from home, helping our kids learn from home, conducting ‘wine time’ from home or even doing our Zumba classes from home – it’s essential now more than ever that we are doing this safely. And one of the most powerful yet simple ways we can ‘sure-up’ our online safety is by being smart with our passwords.

World Password Day – Take A Minute To Check Your Approach

Today is World Password Day – the perfect opportunity to ensure we are doing all we can to manage our online logins. It’s quite unsettling to think that one of the easiest ways for cybercriminals to get their hands on the sensitive information we store in our online accounts is through our passwords.

Passwords act like a key to our digital identity. Not only do they allow us to bank, shop, work, learn, date and socialise online but they also protect us as well. Strong, complex passwords ensure all the information we store online (aka our digital assets) are protected which is essential for our privacy and financial and personal security.

So, let’s use this annual event to make sure we are doing all we can to lock down our precious online data by managing our passwords properly.

Same Password For Every Account? – Rookie Error

If I had to count up all my online accounts on my fingers and toes, I would quickly run out of body parts! With so many logins to remember, many of us end of using the same password for every account. And while that might seem so practical it, in fact, makes us very vulnerable. Just think about this scenario: if you become the victim of an online scam and the password to one of your online accounts is stolen, then a cybercriminal can then use this same password to access all your online accounts.

So, before you know it, a cybercriminal can access your emails, bank accounts, online shopping accounts – that may have stored credit cards, private photo and video files.

What You Can Do TODAY to Ensure your Password Habits are Keeping you Safe

Yes, we are all human which means we are going to take shortcuts. I get it! I love shortcuts – I’m a fan of using pasta sauce from the jar! But if there’s one area where shortcuts should NOT be used it’s with passwords. So, here are my top suggestions on how you can stop your private online data falling into the wrong hands and block cybercriminals at the very first point of entry.

  1. Commit to NOT Using Common Passwords

If your password is ‘123456’ then you need to change it now. The UK’s National Cyber Safety Centre showed in a survey last year that this is the most commonly used password. In fact, in the eight years since I’ve been doing this job, this password has annually topped surveys.

Passwords are the gateway to our digital lives. To avoid giving the wrong people access to your accounts, make sure you create strong and unique passwords. This means including numbers, lowercase and uppercase letters and symbols. The more complex your password, the more difficult it is to crack. Why not create a nonsensical phrase or sentence? And always avoid using simple personal details within your password altogether. Your date of birth, middle name or pet names are things cybercriminals can trace through your social media accounts.

  1. Same Password For Every Account? Think Again

The idea of having one password across all online accounts is alluring because let’s admit it…we’ve all been locked out of an account after failing to remember the password! While having one password to remember for all accounts seems to make life easier, it increases the risk of your vital online data being compromised at once across different accounts. So, ensure that your logins are unique for every account to avoid having all your accounts becoming vulnerable in case you are hacked.

  1. ALWAYS Select Multi-Factor Authentication

Wherever possible, embrace multifactor authentication (MFA) for online accounts. MFA is a security system that requires more than one way of identification before gaining access to an account. Most commonly, it involves a security code sent to your smartphone, security questions or even a fingerprint, on top of the password. An extra layer of defence to stop sham access to vital online data? Yes please!

  1. Give Your Passwords a Health Check

What better way to check the health of your passwords than to see whether they’ve been compromised in a data breach. The website www.haveibeenpwned.com.au is an effective way to check whether a cybercriminal has discovered your passwords. If yes, give your passwords an overhaul and change them wherever they are used to safeguard your data.

  1. Employ A Password Manager

If you are currently feeling a tad overwhelmed at the thought of creating and managing unique passwords for your multiple online accounts, do not stress – I have a solution – a password manager. This marvellous software program will create random and complex passwords for each of your accounts and store them securely which means you don’t need to! All you need to do is remember the master password!! When choosing a password manager, ensure it uses multi-factor authentication to identify you eg facial recognition, fingerprint and a password.

If you have a spare 30 minutes today then please take the time to give your password habits an overhaul. I know we are all so flat out juggling work and kids at the moment but a careless approach to password security is no different to a careless approach to home security. So, get your passwords working for you so you can continue living your life online – especially Friday night ‘virtual drinks’!!

 

 

The post World Password Day 2020 appeared first on McAfee Blogs.

Connect With Confidence: Benefits of Using a Personal VPN 

Protect your digital life 

The recent surge in work from home is likely accompanied by a corresponding increase in corporate VPN (virtual private network) usage. More and more employees who would typically be connected at the office are using these protected networks to access confidential documents and sites. To some, these corporate VPNs are simply a tunnel into their work lives. But what about the benefits of a personal VPN? What is a VPN exactly, and why use one 

Encrypt your data 

While a home network with a strong password can help set a good foundation for your digital safety, it is worth considering additional privacy fortifications as more devices connect (and perhaps stay connected for longer periods of time)Whether it’s kids taking their classes and gaming online or parents trying to run errands remotely, we want to help you protect your digital life. 

At their cores, a corporate VPN and personal VPN perform the same functions. They encrypt (or scramble) your data when you connect to the Internet and enable you to browse or bank in confidence with your credentials and history protected. Should there be any malicious actors attempting to intercept your web traffic, they would only be able to see garbled content thanks to your VPN’s encryption functionality.  

Need for VPN 

Constant online connection is becoming the new normal as we limit the time we spend outdoors. And, as the number of devices online increases, so does the number of threats.  

With many retailers reducing their physical footprints or even closing entirely, such services have shifted online – whether you prefer it or not. Learn how to navigate this changing digital landscape with the following VPN tips and tricks below.  

One classic cyberattack is the “maninthemiddle,” especially prevalent in places with public Wi-Fi connections such as cafes or open Wi-Fi connections at an apartment buildingMalicious actors take advantage of weak network security to intercept and read potentially sensitive information such as bank login credentials or even credit card information. strong VPN with bank-grade encryption can render this attack useless and help keep sensitive data away from prying eyes.  

Which VPN should I choose? 

Not all VPNs are created equal! Make sure that the service you select meets your needs:  

Browser vs Desktop/Mobile 

A browser-level VPN acts as an extension and will only help protect web traffic on the specific browser it is installed on. While this degree of privacy may work for some users, a device-level VPN such as McAfee® Safe Connect can generally help protect web traffic regardless of browser or application selected.  

Level of Security 

It is important to review each service’s privacy terms before you decide which one to use as your trusted gateway. Some VPN services, especially free ones, implement trackers that record your demographic, location, and system information. You can sometimes refer to third party security audits to help validate these privacy claims.  

Bandwidth 

Depending on how much you plan to use your VPN, you can consider searching for services that have either limited or unlimited data plans. If you plan to consume multimedia such as streaming video or uploading large files, an unlimited plan may work better for you.  

Variety of locations 

For general use, it is advisable to let your VPN connect to the nearest and fastest server location. But, having a diverse list of countries to choose from will allow you greater flexibility if the server is slow in one location.  

Ease of Use 

Ultimately, you should choose a VPN that’s easy to use and understand. We are all embarking on digital journeys from different places of technical comfort, but consider starting with products that offer a streamlined and simplified experience.  

If you’d like to learn more about VPNs, read more here, or dive into VPNs for Android and iOS

The post Connect With Confidence: Benefits of Using a Personal VPN  appeared first on McAfee Blogs.

Security Threats Facing Modern Mobile Apps

We use mobile apps every day from a number of different developers, but do we ever stop to think about how much thought and effort went into the security of these apps?

It is believed that 1 out of every 36 mobile devices has been compromised by a mobile app security breach. And with more than 5 billion mobile devices globally, you do the math.

The news that a consumer-facing application or business has experienced a security breach is a story that breaks far too often. As of late, video conferencing apps like Zoom and Houseparty have been the centre of attention in the news cycle.

As apps continue to integrate into the everyday life of our users, we cannot wait for a breach to start considering the efficacy of our security measures. When users shop online, update their fitness training log, review a financial statement, or connect with a colleague over video, we are wielding their personal data and must do so responsibly.

Let’s cover some of the ways hackers access sensitive information and tips to prevent these hacks from happening to you.

The Authentication Problem

Authentication is the ability to reliably determine that the person trying to access a given account is the actual person who owns that account. One factor authentication would be accepting a username and password to authenticate a user, but as we know, people use the same insecure passwords and then reuse them for all their accounts.

If a hacker accesses a user’s username and password, even if through no fault of yours, they are able to access that user’s account information.

Although two-factor authentication (2FA) can feel superfluous at times, it is a simple way to protect user accounts from hackers.


2FA uses a secondary means of authenticating the user, such as sending a confirmation code to a mobile device or email address. This adds another layer of protection by making it more difficult for hackers to fake authentication. 

Consider using services that handle authentication securely and having users sign in with them. Google and Facebook, for example, are used by billions of people and they have had to solve authentication problems on a large scale.
Reverse Engineering

Reverse engineering is when hackers develop a clone of an app to get innocent people to download malware. How is this accomplished? All the hacker has to do is gain access to the source code. And if your team is not cautious with permissions and version control systems, a hacker can walk right in unannounced and gain access to the source code along with private environment variables.

One way to safeguard against this is to obfuscate code. Obfuscation and minification make the code less readable to hackers. That way, they’re unable to conduct reverse engineering on an app. You should also make sure your code is in a private repository, secret keys and variables are encrypted, and your team is aware of best practices.

If you’re interested in learning more ways hackers can breach mobile app security, check out the infographic below from CleverTap.



Authored by Drew Page Drew is a content marketing lead from San Diego, where he helps create epic content for companies like CleverTap. He loves learning, writing and playing music. When not surfing the web, you can find him actually surfing, in the kitchen or in a book.

Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone

virtual play date

Every day we discover (or stumble over) new ways of coping and connecting during this unique chapter in family life. Still, as every age group under your roof finds their favorite virtual play date and hangout apps, parents may need to add a few safety rails to make sure the fun stays fun.

IRL community resurfaces

virtual play date

While this health crisis is devastating in so many ways, it’s also put a spotlight on the many heartwarming ways to connect in real life (IRL). We’re placing teddy bears in our windows for solidarity, creating scavenger hunts for neighborhood kids, serenading shut-ins, publically supporting first responders, celebrating birthdays and graduations with drive-by parades, and so, so much more.

The ongoing infusion of true, human connection has softened the uncertainty. Still, kids of every age need to maintain an emotional connection with peers. Here are a few things to think about as kids of every age connect with friends online.

Pre-K and Elementary Virtual Play Dates

Since health experts have put restrictions on familiar fun for little ones such as playgrounds, sports leagues, sleepovers, playdates, and even visits with grandparents, parents are relaxing screen time rules and looking for ways to have virtual playdates. Free video tools such as FaceTime and Zoom are proving lifesavers for group art, play, and learning, as are safe websites for young ones and phone apps. (If you run out things to do, here’s a great list of fun to tap and great learning sites for every age group).

Keep Them Safe

  • Share online experiences with young children at all times. Sit with them to teach, monitor, and explain the context of new digital environments. Also, keep computers and phones in a common area.
  • Try to keep screen time brief. Even young kids can become too screen-reliant.
  • Maximize privacy settings on all devices and turn on and safe mode or search on websites and apps.
  • Introduce concepts such as cyberbullying and strangers in age-appropriate language.
  • Start family security efforts early. Consider the benefits of filtering software, safe browsing, and encrypting your family’s digital activity with a Virtual Private Network (VPN).

Middle and High Schooler Virtual Hang Outs

While screen time has spiked, digital connection while homebound is also essential for tweens and teens for both learning and peer relationships. Kids finding their new virtual hangouts on social networks, group chats, and video games. They are also playing virtual board games using sites such as Pogo, Let’s Play Uno, and Zoom. Netflix Party has become a fun way to watch Netflix with groups of friends.

Keep Them Safe

  • At this age many kids (own or will soon own) a smartphone. With increased time online, you may want to review the basics, such as privacy and location settings. This includes gaming devices.
  • With increased internet use and most schools closed for the year, using parental control software and gaming security software can help parents reduce online risks for children of all ages.
  • Be aware of and talk about trending, risky digital behaviors, and challenges that can surface on apps such as TikTok, and WhatsApp.
  • Review and approve games and apps before they are downloaded and consider monitoring your children’s devices as well as social profiles and posts.
  • This age group is quick to jump on public wifi, which puts your family’s data at risk. Exploring using a family VPN is critical for this age group.
  • Discuss the danger of connecting with strangers online. Also, discuss the risks of oversharing personal information and photos, even in seemingly private chats and texts. Don’t let boredom lead to bad choices.
  • Discuss cyberbullying and how to block and report accounts that express hateful, racist, or threatening behavior.
  • Coach your kids on using strong passwords and how to verify legitimate websites and identity online scams.

There’s nothing normal for families about this time, but there is something special. Grab it. Keep talking and laughing, especially on the hard days. Have a daily “heart check-in” with your teen if he or she seems to be isolating. Give one another space for topsy turvy moods. And, don’t forget parents, before this is all over, be sure to nail that TikTok dance with your kids and share it with the world!

The post Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone appeared first on McAfee Blogs.

Apple Phishing Is on the Rise

Whereas Apple computer infections show a growing trend, users can fall victim to other cyber-attacks that involve phishing and may lead to identity theft, financial losses, and other serious issues. Phishing is one of the dominating forms of today’s online attacks. With social engineering at its core, it mainly relies on booby-trapped links, typically arriving with emails, to hoodwink recipients into disclosing their personal information to fraudsters.

The particularly unnerving thing is that phishing kits available on darknet sources can be easily accessed by individuals who don’t have a solid programming background. It means that even people with basic computer skills may zero in on you.

Here’s some food for thought: there are currently about 1.5 billion Apple devices in use worldwide. All of them require unique Apple IDs to access the manufacturer’s proprietary services such as iCloud, App Store, iMessage, Apple TV, Apple Music, FaceTime, and many others. It means the potential attack audience is huge and the entry point is the Apple ID password, one secret combo of characters and numbers.

Why may fraudsters want to steal your Apple ID?

Apple ID is your key to using all Apple services and implies unlimited access to a plethora of sensitive information. Here’s a brief overview of its common use cases:

  • No matter if you own an iDevice or a Mac, you use your Apple ID to sign in to it and unleash its full potential and features. It’s within the realms of possibility that it will also be a way to log in to Apple’s future self-driving electric car, which is rumored to be a work in progress at this point.
  • Apple ID retains your payment and shipping details to facilitate the process of buying apps, service subscriptions, and devices from Apple.
  • Your Apple ID is the conduit to accessing your security settings and extensive details on all app and service purchases you completed with it.
  • You use Apple ID to access your iCloud account, a place where you store your photos, videos, and other personal data. If stolen, these files can be mishandled to perpetrate blackmail attacks.

Techniques used to dupe you into visiting Apple ID phishing pages

The scammers’ repertoire spans quite a few types of Apple ID phishing mechanisms. Familiarize yourself with some of the most widespread methods to make sure you don’t fall for them down the road.

  1. Spoof payment statement email

You should be able to identify this phishing attempt by looking at the subject line of the received email. It says “Payment Statement,” “Receipt ID,” “Receipt Order,” or something similar. The goal of this phony message is to make you think your credit card has been used to pay for some products or services.

The natural reaction of most users is to plunge headlong into canceling the order they are clueless about. The email contains a link you can click to supposedly go to the appropriate billing information page. Instead, you will be redirected to a phishing site that instructs you to verify your personal data, including your credit card number and Apple ID password.

There are usually a few giveaways in these emails. First off, the sender field will contain a string that isn’t a valid Apple email address. Furthermore, the message may contain an attachment in MS Word format, a type of file Apple wouldn’t send to its customers. Also, pay attention to the URL that shows up when you hover the mouse over the “Cancel and Manage Orders” (or similar) link – it’s typically something absolutely unrelated to Apple.

With that said, you should refrain from clicking any suspicious links received via email. Unfortunately, there are payment-related phishing messages that look really true to life and feign urgency. They may forward you to a web page that looks just like the legit Apple site, except that some words can be misspelled and the navigation icons at the top aren’t clickable. You should exert caution with dubious emails like that.

  • Apple ID fraudulent phone calls

Hoaxes aimed at wheedling out Apple IDs don’t only revolve around sketchy emails. Some of them may cash in on scam phone calls. To instill a false sense of legitimacy into users, crooks often take advantage of the caller ID spoofing trick so that the phone number displayed on your phone looks like a real Apple number. When you look at the call details, they may even include the authentic company logo and official website. The impostors will usually ask you to provide your sensitive details for account validation or to ensure that you comply with the purportedly updated Terms of Service and can continue to use certain features.

  • Bogus text messages

Apple ID phishing campaigns can also involve text messages sent to your phone. They typically say something like “Your Apple account is suspended” and instruct you to follow a link to find out how to sort out the alleged predicament. You’ll be asked to enter your personal information in a fake form on the linked-to website mimicking an Apple support page.

  • Misleading pop-ups

This type of phishing originally surfaced as a proof of concept, and fortunately, there have been no reports about real-world attacks of that sort so far. However, a researcher named Felix Krause has demonstrated that it’s a viable exploitation vector, and therefore such phishing attempts may appear in the wild anytime soon.

The idea is simple: a malicious app triggers a rogue dialog asking the victim to enter their Apple ID password to sign in to the iTunes store. The authentication details go to the attacker once typed in. Most users take such pop-ups for granted and don’t mind entering their sensitive information to keep using an app they like. To top it off, the alerts look identical to ones routinely generated by iOS.

To check whether the dialog is legit, the above-mentioned security enthusiast recommends tapping the Home button. If the application quits, then you are definitely dealing with a spoof pop up. If it doesn’t close, there is no reason to worry because it’s a genuine iOS request. The difference is that regular system pop-ups like that stem from a separate process rather than posing as a component of an application.

Best practice tips to identify Apple phishing attempts

Although some phishing hoaxes may be harder to pinpoint than others, all of them share a number of telltale signs. Here are some common red flags to look out for:

  • Spelling and grammar inaccuracies;
  • Incompetently designed an email or web page;
  • Dubious sender address unrelated to Apple;
  • Requests to verify sensitive info over email or phone (something Apple never does);
  • Suspicious-looking or shortened hyperlinks;
  • Dodgy email attachments.

How to avoid falling victim to Apple ID phishing scams?

In order to be a moving target, adhere to a number of practices that will help you keep your Apple ID intact and strengthen your personal security posture overall.

  • Stay abreast of cybersecurity news covered by reputable sources.
  • Opt for web browsers equipped with anti-phishing features (Google Chrome is a good example).
  • Abstain from opening email attachments sent by someone you don’t know.
  • Get into the habit of hovering your mouse over hyperlinks before you click. If you notice the slightest hint of danger, don’t click the link.
  • Set up 2FA (two-factor authentication) for your Apple ID and other personal accounts.
  • Make sure you are using the latest macOS or iOS version supported by your device.

Additionally, you should do your homework and peruse some security tips provided by Apple. Many users don’t bother exploring these recommendations until they have been scammed. You are better off safeguarding your accounts proactively and nurturing your phishing awareness. Here are the sources on your must-read checklist:

The post Apple Phishing Is on the Rise appeared first on CyberDB.