Category Archives: Mobile Security

Protect Yourself Against Phishing Scams With These Security Tips

Phishing is one of the oldest cyberthreats in the book, and yet still one of the most effective. As people across the globe find themselves taking to the internet more than ever before, criminals see this as an opportunity to release phishing attacks on unsuspecting users. In fact, Security Boulevard found a 600% rise in phishing campaigns in the last month. So, as users leverage the World Wide Web to stay connected with friends and loved ones, it’s imperative that they remain wary of scammers looking to exploit our need to virtually communicate. With that, let’s take a look at why phishing is so effective even in 2020 and explore what actions users can take to stay protected. 

What is Phishing?

Phishing attacks occur when scammers attempt to trick users out of money or personal information, usually by email, phone, or text. With so many avenues for criminals to hook victims, phishing is one of the most prevalent threats we see today. As part of their phishing schemes, scammers often use something called social engineering to manipulate users into trusting them for fraudulent purposes, often by pretending to be a legitimate person or business. Through these phishing attacks, criminals can spread malware and other malicious content.  

The Evolution of Phishing

As new technology and circumstances arise, scammers find new ways to evolve the age-old technique of phishing. What originated as email and instant messages attempting to steal users’ credentials has since taken on new forms like SMiShing or adapted its content to hook the victim with a shocking subject line. 

Why has this technique continued to plague users since its inception? Hackernoon argues that it’s because phishing doesn’t require in-depth networking knowledge or even basic programming skills. It simply relies on human error and the lack of online security awareness, manipulating human psychology just as much as technological tools.  

Phishing Capitalizes on Emotion

Let’s face it – we’re all human. Our inherent psychology makes us quick to act on emotion. However, this is much of the reason why phishing has forged on as a favorite among hackers. Unfortunately, criminals tend to capitalize on bad or shocking news to grasp the victim’s attention, leading them to click on malicious links or give up personal data all too eagerly. Take today’s environment, for example. As businesses are faced with budget cuts and organizational restructuring, many users might be uncertain about their job security – an opportunity that scammers are eager to exploit. In fact, some organizations have recently observed phishing emails with subject lines reading “HR Termination List.” Through these malicious attempts, fraudsters use fear tactics to tempt recipients into clicking on links in emails or downloading dangerous content.  

With millions of users suddenly out of work, a lot of people have found themselves desperately looking for new job opportunities or seeking financial help. However, users should not let their guard down while job hunting, as this could prevent them from noticing the tell-tale signs of phishing. According to The Motley Fool, some phishing emails and text messages claim to offer work-from-home job opportunities, information about health insurance or Medicare, or loans or other forms of financial reliefIn fact, the Federal Communications Commission (FCC) reported that many Americans have received texts from the “FCC Financial Care Center” offering $30,000 in relief for those who have recently been laid off or furloughed. While this might appear to be a saving grace, it’s a stealthy demise to trick users into giving up their credentials.  

Act Now to Stay Protected

So, whether you’re working from homeparticipating in distance learning to complete college courses, or video chatting with loved ones, there will always be fraudsters looking to exploit your online activity. However, there are proactive measures you can take to help ensure your security. First and foremost is using comprehensive security softwareIf you’ve never been targeted by a phishing scam, it might be difficult to envision the benefit of installing a security solution. You might even be convinced that if you haven’t been targeted yet, then you won’t be in the future. However, there’s no off-season when it comes to security. As fraudsters continue to evolve their techniques, employing the help of security software will act as an added safety net in the event that a phishing email appears in your inbox.  

Aside from using comprehensive security software, here are some other tips to help protect your online security.  

Go directly to the source

Be skeptical of emails or text messages claiming to be from organizations with peculiar asks or with information that seems too good to be true. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service. 

Be cautious of emails asking you to act

If you receive an email or text asking you to take a certain action or download software, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links. 

Hover over links to see and verify the URL

If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether. 

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post Protect Yourself Against Phishing Scams With These Security Tips appeared first on McAfee Blogs.

The Rise of Progressive Web Apps

A Progressive Web App (PWA) represents a special kind of a web page that looks, feels, and functions as a native mobile application. PWAs are accessible via a browser, and they are stored mainly on the company’s servers instead of the user’s phone. Since all users run the same version of the page’s code, no updating on the client’s side is necessary.

The main interest around PWAs stems from their ability to create immediate engagement. PWAs allow businesses to bypass the process of convincing their customers to install an application without losing to native apps in look and functionality.

What are the Benefits of PWAs Compared to Mobile Applications?

To promote a mobile application, companies need to invest sometimes inordinate amounts of time, money, and effort into marketing. Several marketing strategies are needed to attract new customers and to maintain the interest of the existing audience. These processes tend to deplete the brand’s resources. Consequently, web projects of such companies might receive smaller budgets, thus leading to the loss of customers. PWAs simply work better as the first line of interaction, and they require significantly fewer resources to develop.

With that being said, mobile apps are truly essential in many cases. They help connect to customers better, maintain the interest, deliver updates quickly, and supplement the business in a meaningful way, improving customer loyalty. For many businesses, taking the time to work with a mobile application development agency is an incredibly profitable investment.

To assess whether a mobile app or a PWA is likely to work better, consider the product that you are offering. If it can be effectively represented in the browser, a PWA is a way to go. If it’s tailored specifically to be accessed via smartphones (i.e., a running app), a mobile application is a better solution.

Top Reasons Why PWAs are on the Rise

Users Don’t Need to Install Them

Accessibility is the cornerstone of successful customer acquisition and retention. Web-based PWAs remain much closer to users than applications that must be downloaded and installed from an app store. Unlike it is with native apps, a PWA is already there when a person first encounters a brand, and it helps create interest without any action from the customer required.

PWAs load Faster than Native Applications

The loading time standard for a good PWA is less than three seconds. This is the period during which a visitor maintains their interest. PWAs’ shell architecture typically consists of HTML, CSS, and JavaScript, which allow some lightweight elements to be loaded incredibly quickly during the first visit.

PWAs Use Less Storage Space

Some data from PWAs is normally stored on a user’s device, particularly when significant offline functionality is required. However, these applications tend to use less storage than apps that require installation. This is mainly possible because PWAs are stored on the cloud instead of a user’s device.

Some Features Can Work Offline

PWAs can save certain data from previous visits to facilitate offline functioning and user interaction. Although the Internet connection is still required for the best experience, PWAs perform much better than standard mobile versions of websites when they are offline. The scope of this feature is defined by each app’s purpose and design.

Push Notifications are Available

Typical web pages don’t send push notifications to a user’s device, particularly when the user is offline. PWAs, however, have push notifications as one of their distinctive features. It helps connect to customers better, maintain their interest, and improve the engagement rate. The ability to send notifications without requiring people to install an app is one of the most invaluable features of PWAs that businesses can benefit from.

A PWA Can Have an On-Screen Icon

PWAs can generate icons on the user’s home screen when used. This feature allows people to access a particular PWA without typing its URL into a browser. The app still has a limited presence on the customer’s device, but it’s available at the person’s fingertips, significantly improving engagement.

PWAs Can Be Shared via a URL

Mobile applications are not perfectly suited to be shared, even when such an option is present on the app store’s page for this software. When it comes to PWAs, sharing is as simple as sending the link to a friend. Since PWAs are accessible via a URL like normal websites, they are much more likely to be recommended and used by other people through existing customers.

Wrapping Up

Progressive Web Applications exist to fill the gap between isolated native applications and limited mobile versions of web pages. These apps are lightweight, accessible via a browser, and easily shared. For some businesses, PWAs can present a great alternative to costly and bulky mobile applications, particularly when their products are not specifically designed to run on smartphones.

The post The Rise of Progressive Web Apps appeared first on .

World Password Day 2020

Are Your Password Habits Keeping You Safe Online?

Learning how to navigate our entire lives online has definitely been a steep learning curve for many of us over the last few weeks. Whether it’s working from home, helping our kids learn from home, conducting ‘wine time’ from home or even doing our Zumba classes from home – it’s essential now more than ever that we are doing this safely. And one of the most powerful yet simple ways we can ‘sure-up’ our online safety is by being smart with our passwords.

World Password Day – Take A Minute To Check Your Approach

Today is World Password Day – the perfect opportunity to ensure we are doing all we can to manage our online logins. It’s quite unsettling to think that one of the easiest ways for cybercriminals to get their hands on the sensitive information we store in our online accounts is through our passwords.

Passwords act like a key to our digital identity. Not only do they allow us to bank, shop, work, learn, date and socialise online but they also protect us as well. Strong, complex passwords ensure all the information we store online (aka our digital assets) are protected which is essential for our privacy and financial and personal security.

So, let’s use this annual event to make sure we are doing all we can to lock down our precious online data by managing our passwords properly.

Same Password For Every Account? – Rookie Error

If I had to count up all my online accounts on my fingers and toes, I would quickly run out of body parts! With so many logins to remember, many of us end of using the same password for every account. And while that might seem so practical it, in fact, makes us very vulnerable. Just think about this scenario: if you become the victim of an online scam and the password to one of your online accounts is stolen, then a cybercriminal can then use this same password to access all your online accounts.

So, before you know it, a cybercriminal can access your emails, bank accounts, online shopping accounts – that may have stored credit cards, private photo and video files.

What You Can Do TODAY to Ensure your Password Habits are Keeping you Safe

Yes, we are all human which means we are going to take shortcuts. I get it! I love shortcuts – I’m a fan of using pasta sauce from the jar! But if there’s one area where shortcuts should NOT be used it’s with passwords. So, here are my top suggestions on how you can stop your private online data falling into the wrong hands and block cybercriminals at the very first point of entry.

  1. Commit to NOT Using Common Passwords

If your password is ‘123456’ then you need to change it now. The UK’s National Cyber Safety Centre showed in a survey last year that this is the most commonly used password. In fact, in the eight years since I’ve been doing this job, this password has annually topped surveys.

Passwords are the gateway to our digital lives. To avoid giving the wrong people access to your accounts, make sure you create strong and unique passwords. This means including numbers, lowercase and uppercase letters and symbols. The more complex your password, the more difficult it is to crack. Why not create a nonsensical phrase or sentence? And always avoid using simple personal details within your password altogether. Your date of birth, middle name or pet names are things cybercriminals can trace through your social media accounts.

  1. Same Password For Every Account? Think Again

The idea of having one password across all online accounts is alluring because let’s admit it…we’ve all been locked out of an account after failing to remember the password! While having one password to remember for all accounts seems to make life easier, it increases the risk of your vital online data being compromised at once across different accounts. So, ensure that your logins are unique for every account to avoid having all your accounts becoming vulnerable in case you are hacked.

  1. ALWAYS Select Multi-Factor Authentication

Wherever possible, embrace multifactor authentication (MFA) for online accounts. MFA is a security system that requires more than one way of identification before gaining access to an account. Most commonly, it involves a security code sent to your smartphone, security questions or even a fingerprint, on top of the password. An extra layer of defence to stop sham access to vital online data? Yes please!

  1. Give Your Passwords a Health Check

What better way to check the health of your passwords than to see whether they’ve been compromised in a data breach. The website www.haveibeenpwned.com.au is an effective way to check whether a cybercriminal has discovered your passwords. If yes, give your passwords an overhaul and change them wherever they are used to safeguard your data.

  1. Employ A Password Manager

If you are currently feeling a tad overwhelmed at the thought of creating and managing unique passwords for your multiple online accounts, do not stress – I have a solution – a password manager. This marvellous software program will create random and complex passwords for each of your accounts and store them securely which means you don’t need to! All you need to do is remember the master password!! When choosing a password manager, ensure it uses multi-factor authentication to identify you eg facial recognition, fingerprint and a password.

If you have a spare 30 minutes today then please take the time to give your password habits an overhaul. I know we are all so flat out juggling work and kids at the moment but a careless approach to password security is no different to a careless approach to home security. So, get your passwords working for you so you can continue living your life online – especially Friday night ‘virtual drinks’!!

 

 

The post World Password Day 2020 appeared first on McAfee Blogs.

Connect With Confidence: Benefits of Using a Personal VPN 

Protect your digital life 

The recent surge in work from home is likely accompanied by a corresponding increase in corporate VPN (virtual private network) usage. More and more employees who would typically be connected at the office are using these protected networks to access confidential documents and sites. To some, these corporate VPNs are simply a tunnel into their work lives. But what about the benefits of a personal VPN? What is a VPN exactly, and why use one 

Encrypt your data 

While a home network with a strong password can help set a good foundation for your digital safety, it is worth considering additional privacy fortifications as more devices connect (and perhaps stay connected for longer periods of time)Whether it’s kids taking their classes and gaming online or parents trying to run errands remotely, we want to help you protect your digital life. 

At their cores, a corporate VPN and personal VPN perform the same functions. They encrypt (or scramble) your data when you connect to the Internet and enable you to browse or bank in confidence with your credentials and history protected. Should there be any malicious actors attempting to intercept your web traffic, they would only be able to see garbled content thanks to your VPN’s encryption functionality.  

Need for VPN 

Constant online connection is becoming the new normal as we limit the time we spend outdoors. And, as the number of devices online increases, so does the number of threats.  

With many retailers reducing their physical footprints or even closing entirely, such services have shifted online – whether you prefer it or not. Learn how to navigate this changing digital landscape with the following VPN tips and tricks below.  

One classic cyberattack is the “maninthemiddle,” especially prevalent in places with public Wi-Fi connections such as cafes or open Wi-Fi connections at an apartment buildingMalicious actors take advantage of weak network security to intercept and read potentially sensitive information such as bank login credentials or even credit card information. strong VPN with bank-grade encryption can render this attack useless and help keep sensitive data away from prying eyes.  

Which VPN should I choose? 

Not all VPNs are created equal! Make sure that the service you select meets your needs:  

Browser vs Desktop/Mobile 

A browser-level VPN acts as an extension and will only help protect web traffic on the specific browser it is installed on. While this degree of privacy may work for some users, a device-level VPN such as McAfee® Safe Connect can generally help protect web traffic regardless of browser or application selected.  

Level of Security 

It is important to review each service’s privacy terms before you decide which one to use as your trusted gateway. Some VPN services, especially free ones, implement trackers that record your demographic, location, and system information. You can sometimes refer to third party security audits to help validate these privacy claims.  

Bandwidth 

Depending on how much you plan to use your VPN, you can consider searching for services that have either limited or unlimited data plans. If you plan to consume multimedia such as streaming video or uploading large files, an unlimited plan may work better for you.  

Variety of locations 

For general use, it is advisable to let your VPN connect to the nearest and fastest server location. But, having a diverse list of countries to choose from will allow you greater flexibility if the server is slow in one location.  

Ease of Use 

Ultimately, you should choose a VPN that’s easy to use and understand. We are all embarking on digital journeys from different places of technical comfort, but consider starting with products that offer a streamlined and simplified experience.  

If you’d like to learn more about VPNs, read more here, or dive into VPNs for Android and iOS

The post Connect With Confidence: Benefits of Using a Personal VPN  appeared first on McAfee Blogs.

Security Threats Facing Modern Mobile Apps

We use mobile apps every day from a number of different developers, but do we ever stop to think about how much thought and effort went into the security of these apps?

It is believed that 1 out of every 36 mobile devices has been compromised by a mobile app security breach. And with more than 5 billion mobile devices globally, you do the math.

The news that a consumer-facing application or business has experienced a security breach is a story that breaks far too often. As of late, video conferencing apps like Zoom and Houseparty have been the centre of attention in the news cycle.

As apps continue to integrate into the everyday life of our users, we cannot wait for a breach to start considering the efficacy of our security measures. When users shop online, update their fitness training log, review a financial statement, or connect with a colleague over video, we are wielding their personal data and must do so responsibly.

Let’s cover some of the ways hackers access sensitive information and tips to prevent these hacks from happening to you.

The Authentication Problem

Authentication is the ability to reliably determine that the person trying to access a given account is the actual person who owns that account. One factor authentication would be accepting a username and password to authenticate a user, but as we know, people use the same insecure passwords and then reuse them for all their accounts.

If a hacker accesses a user’s username and password, even if through no fault of yours, they are able to access that user’s account information.

Although two-factor authentication (2FA) can feel superfluous at times, it is a simple way to protect user accounts from hackers.


2FA uses a secondary means of authenticating the user, such as sending a confirmation code to a mobile device or email address. This adds another layer of protection by making it more difficult for hackers to fake authentication. 

Consider using services that handle authentication securely and having users sign in with them. Google and Facebook, for example, are used by billions of people and they have had to solve authentication problems on a large scale.
Reverse Engineering

Reverse engineering is when hackers develop a clone of an app to get innocent people to download malware. How is this accomplished? All the hacker has to do is gain access to the source code. And if your team is not cautious with permissions and version control systems, a hacker can walk right in unannounced and gain access to the source code along with private environment variables.

One way to safeguard against this is to obfuscate code. Obfuscation and minification make the code less readable to hackers. That way, they’re unable to conduct reverse engineering on an app. You should also make sure your code is in a private repository, secret keys and variables are encrypted, and your team is aware of best practices.

If you’re interested in learning more ways hackers can breach mobile app security, check out the infographic below from CleverTap.



Authored by Drew Page Drew is a content marketing lead from San Diego, where he helps create epic content for companies like CleverTap. He loves learning, writing and playing music. When not surfing the web, you can find him actually surfing, in the kitchen or in a book.

Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone

virtual play date

Every day we discover (or stumble over) new ways of coping and connecting during this unique chapter in family life. Still, as every age group under your roof finds their favorite virtual play date and hangout apps, parents may need to add a few safety rails to make sure the fun stays fun.

IRL community resurfaces

virtual play date

While this health crisis is devastating in so many ways, it’s also put a spotlight on the many heartwarming ways to connect in real life (IRL). We’re placing teddy bears in our windows for solidarity, creating scavenger hunts for neighborhood kids, serenading shut-ins, publically supporting first responders, celebrating birthdays and graduations with drive-by parades, and so, so much more.

The ongoing infusion of true, human connection has softened the uncertainty. Still, kids of every age need to maintain an emotional connection with peers. Here are a few things to think about as kids of every age connect with friends online.

Pre-K and Elementary Virtual Play Dates

Since health experts have put restrictions on familiar fun for little ones such as playgrounds, sports leagues, sleepovers, playdates, and even visits with grandparents, parents are relaxing screen time rules and looking for ways to have virtual playdates. Free video tools such as FaceTime and Zoom are proving lifesavers for group art, play, and learning, as are safe websites for young ones and phone apps. (If you run out things to do, here’s a great list of fun to tap and great learning sites for every age group).

Keep Them Safe

  • Share online experiences with young children at all times. Sit with them to teach, monitor, and explain the context of new digital environments. Also, keep computers and phones in a common area.
  • Try to keep screen time brief. Even young kids can become too screen-reliant.
  • Maximize privacy settings on all devices and turn on and safe mode or search on websites and apps.
  • Introduce concepts such as cyberbullying and strangers in age-appropriate language.
  • Start family security efforts early. Consider the benefits of filtering software, safe browsing, and encrypting your family’s digital activity with a Virtual Private Network (VPN).

Middle and High Schooler Virtual Hang Outs

While screen time has spiked, digital connection while homebound is also essential for tweens and teens for both learning and peer relationships. Kids finding their new virtual hangouts on social networks, group chats, and video games. They are also playing virtual board games using sites such as Pogo, Let’s Play Uno, and Zoom. Netflix Party has become a fun way to watch Netflix with groups of friends.

Keep Them Safe

  • At this age many kids (own or will soon own) a smartphone. With increased time online, you may want to review the basics, such as privacy and location settings. This includes gaming devices.
  • With increased internet use and most schools closed for the year, using parental control software and gaming security software can help parents reduce online risks for children of all ages.
  • Be aware of and talk about trending, risky digital behaviors, and challenges that can surface on apps such as TikTok, and WhatsApp.
  • Review and approve games and apps before they are downloaded and consider monitoring your children’s devices as well as social profiles and posts.
  • This age group is quick to jump on public wifi, which puts your family’s data at risk. Exploring using a family VPN is critical for this age group.
  • Discuss the danger of connecting with strangers online. Also, discuss the risks of oversharing personal information and photos, even in seemingly private chats and texts. Don’t let boredom lead to bad choices.
  • Discuss cyberbullying and how to block and report accounts that express hateful, racist, or threatening behavior.
  • Coach your kids on using strong passwords and how to verify legitimate websites and identity online scams.

There’s nothing normal for families about this time, but there is something special. Grab it. Keep talking and laughing, especially on the hard days. Have a daily “heart check-in” with your teen if he or she seems to be isolating. Give one another space for topsy turvy moods. And, don’t forget parents, before this is all over, be sure to nail that TikTok dance with your kids and share it with the world!

The post Keeping Virtual Play Dates, Hang Outs, and Video Chats Safe for Everyone appeared first on McAfee Blogs.

Apple Phishing Is on the Rise

Whereas Apple computer infections show a growing trend, users can fall victim to other cyber-attacks that involve phishing and may lead to identity theft, financial losses, and other serious issues. Phishing is one of the dominating forms of today’s online attacks. With social engineering at its core, it mainly relies on booby-trapped links, typically arriving with emails, to hoodwink recipients into disclosing their personal information to fraudsters.

The particularly unnerving thing is that phishing kits available on darknet sources can be easily accessed by individuals who don’t have a solid programming background. It means that even people with basic computer skills may zero in on you.

Here’s some food for thought: there are currently about 1.5 billion Apple devices in use worldwide. All of them require unique Apple IDs to access the manufacturer’s proprietary services such as iCloud, App Store, iMessage, Apple TV, Apple Music, FaceTime, and many others. It means the potential attack audience is huge and the entry point is the Apple ID password, one secret combo of characters and numbers.

Why may fraudsters want to steal your Apple ID?

Apple ID is your key to using all Apple services and implies unlimited access to a plethora of sensitive information. Here’s a brief overview of its common use cases:

  • No matter if you own an iDevice or a Mac, you use your Apple ID to sign in to it and unleash its full potential and features. It’s within the realms of possibility that it will also be a way to log in to Apple’s future self-driving electric car, which is rumored to be a work in progress at this point.
  • Apple ID retains your payment and shipping details to facilitate the process of buying apps, service subscriptions, and devices from Apple.
  • Your Apple ID is the conduit to accessing your security settings and extensive details on all app and service purchases you completed with it.
  • You use Apple ID to access your iCloud account, a place where you store your photos, videos, and other personal data. If stolen, these files can be mishandled to perpetrate blackmail attacks.

Techniques used to dupe you into visiting Apple ID phishing pages

The scammers’ repertoire spans quite a few types of Apple ID phishing mechanisms. Familiarize yourself with some of the most widespread methods to make sure you don’t fall for them down the road.

  1. Spoof payment statement email

You should be able to identify this phishing attempt by looking at the subject line of the received email. It says “Payment Statement,” “Receipt ID,” “Receipt Order,” or something similar. The goal of this phony message is to make you think your credit card has been used to pay for some products or services.

The natural reaction of most users is to plunge headlong into canceling the order they are clueless about. The email contains a link you can click to supposedly go to the appropriate billing information page. Instead, you will be redirected to a phishing site that instructs you to verify your personal data, including your credit card number and Apple ID password.

There are usually a few giveaways in these emails. First off, the sender field will contain a string that isn’t a valid Apple email address. Furthermore, the message may contain an attachment in MS Word format, a type of file Apple wouldn’t send to its customers. Also, pay attention to the URL that shows up when you hover the mouse over the “Cancel and Manage Orders” (or similar) link – it’s typically something absolutely unrelated to Apple.

With that said, you should refrain from clicking any suspicious links received via email. Unfortunately, there are payment-related phishing messages that look really true to life and feign urgency. They may forward you to a web page that looks just like the legit Apple site, except that some words can be misspelled and the navigation icons at the top aren’t clickable. You should exert caution with dubious emails like that.

  • Apple ID fraudulent phone calls

Hoaxes aimed at wheedling out Apple IDs don’t only revolve around sketchy emails. Some of them may cash in on scam phone calls. To instill a false sense of legitimacy into users, crooks often take advantage of the caller ID spoofing trick so that the phone number displayed on your phone looks like a real Apple number. When you look at the call details, they may even include the authentic company logo and official website. The impostors will usually ask you to provide your sensitive details for account validation or to ensure that you comply with the purportedly updated Terms of Service and can continue to use certain features.

  • Bogus text messages

Apple ID phishing campaigns can also involve text messages sent to your phone. They typically say something like “Your Apple account is suspended” and instruct you to follow a link to find out how to sort out the alleged predicament. You’ll be asked to enter your personal information in a fake form on the linked-to website mimicking an Apple support page.

  • Misleading pop-ups

This type of phishing originally surfaced as a proof of concept, and fortunately, there have been no reports about real-world attacks of that sort so far. However, a researcher named Felix Krause has demonstrated that it’s a viable exploitation vector, and therefore such phishing attempts may appear in the wild anytime soon.

The idea is simple: a malicious app triggers a rogue dialog asking the victim to enter their Apple ID password to sign in to the iTunes store. The authentication details go to the attacker once typed in. Most users take such pop-ups for granted and don’t mind entering their sensitive information to keep using an app they like. To top it off, the alerts look identical to ones routinely generated by iOS.

To check whether the dialog is legit, the above-mentioned security enthusiast recommends tapping the Home button. If the application quits, then you are definitely dealing with a spoof pop up. If it doesn’t close, there is no reason to worry because it’s a genuine iOS request. The difference is that regular system pop-ups like that stem from a separate process rather than posing as a component of an application.

Best practice tips to identify Apple phishing attempts

Although some phishing hoaxes may be harder to pinpoint than others, all of them share a number of telltale signs. Here are some common red flags to look out for:

  • Spelling and grammar inaccuracies;
  • Incompetently designed an email or web page;
  • Dubious sender address unrelated to Apple;
  • Requests to verify sensitive info over email or phone (something Apple never does);
  • Suspicious-looking or shortened hyperlinks;
  • Dodgy email attachments.

How to avoid falling victim to Apple ID phishing scams?

In order to be a moving target, adhere to a number of practices that will help you keep your Apple ID intact and strengthen your personal security posture overall.

  • Stay abreast of cybersecurity news covered by reputable sources.
  • Opt for web browsers equipped with anti-phishing features (Google Chrome is a good example).
  • Abstain from opening email attachments sent by someone you don’t know.
  • Get into the habit of hovering your mouse over hyperlinks before you click. If you notice the slightest hint of danger, don’t click the link.
  • Set up 2FA (two-factor authentication) for your Apple ID and other personal accounts.
  • Make sure you are using the latest macOS or iOS version supported by your device.

Additionally, you should do your homework and peruse some security tips provided by Apple. Many users don’t bother exploring these recommendations until they have been scammed. You are better off safeguarding your accounts proactively and nurturing your phishing awareness. Here are the sources on your must-read checklist:

The post Apple Phishing Is on the Rise appeared first on CyberDB.

Internet Safety for Kids: A Refresher for Homebound Families

internet safety for kids

Editor’s Note: This is part II of our internet safety for kids series. Part I focuses on younger children and can be read here.

Parents have always been concerned about keeping their kids safe online — especially their tweens and teens. That conversation is even more critical with parents and kids now working and learning at home. But as the days turn into weeks, the line between safe and risky digital behavior may get a little blurry. Maybe we can help by refreshing some basics.

Why is internet safety for kids important?

There’s no way around it. Young and old, over time, we’ve tethered nearly every aspect of our lives to the digital realm. If we want to work, bank, shop, pay bills, or connect with family and friends, we have to plugin. A wired life makes internet safety not just important, but mission-critical for parents.

Kids go online for school, to be entertained, and to connect with friends; only they don’t have the emotional maturity or critical thinking skills to process everything they will encounter on the other side of their screens.

That’s where proactive digital parenting comes in.

If our parenting goal is to raise wise, responsible, caring adults, equipped for real life, that goal must also include helping them safeguard their emotional and physical health from online risk. There’s no such thing as a digital platform or product that is 100% safe. So, our best strategy is to learn and pass on skills that mitigate that risk.

What are the dangers of the internet?

Any danger that exists offline is potentially multiplied when we log online due to the vast access the web affords each one of us. In a few clicks, we can unlock a world of possibilities. The flip side? There’s an ever-present battalion of crooks and bullies out to exploit that access. Online we will encounter the best and the worst of humankind. The daily threats to children include bullying, inappropriate content, predators, and the loss of privacy. Add to that list, digital viruses and malware, phishing scams, sharing regrettable content, and gaming addiction.

How can homebound kids avoid digital risk?

So what can we do to ensure the weeks ahead don’t bring more digital risk into our homes? We start by having consistent, candid conversations with our kids about online safety (even if eye-rolling begins). Truth: Your family’s cybersecurity is as strong as the weakest security link in your family. If one family member is lax about internet safety, your entire family’s security is compromised.

So let’s get started with some internet safety basics to share with your tweens and teens. To read internet safety guidelines for younger children, click here.

11 Internet Safety Basics for Homebound Teens

internet safety for kids

  1. Get candid about content. Your tweens and teens have likely come across inappropriate material online. You can minimize further exposure by discussing expectations and family values around acceptable content — both sharing it and receiving it. Reminder: “Vanishing” Snapchats and deleted content can be easily captured in a screenshot — nothing shared online is private. For extra monitoring muscle, consider adding a parental control software to your family’s internet safety plan.
  2. Keep passwords, software, apps updated. Being homebound gives us all extra time for details. Go through personal and family devices and update all passwords. Keeping device software and apps updated also protects kids from outside risk.
  3. Balance life and tech. Kids can lose their entire day surfing, scrolling, and watching YouTube or TikTok videos. Establish screen limits help kids grow healthy tech habits. Consider scheduling device breaks, no phone zones (dinner table, movie time, bedtime), and installing software that features time limits.
  4. Be a leader online. Yoda was on target — with much power comes much responsibility. Many online dangers can be diminished by consistently teaching kids to be upstanders online. Practicing empathy, respect, tolerance, and compassion makes the digital world safer for everyone.
  5. Address peer pressure. Kids with devices can share unwise, personal photos with friends they trust. When friendships end, however, those photos can be shared or used for bullying or extortion. Discuss digital peer pressure with your child and how to respond.
  6. Look out for scams. Talk frequently about the many forms scams can take, such as phishing, malware, catfishing, fake news, and clickbait.
  7. Don’t friend strangers. Sexual predators create fake social media accounts specifically to befriend kids. In turn, kids share personal info, daily plans, location, and may even agree to meet in person with online friends. Discuss these risky scenarios and other manipulation tactics of predators with your child. Be aware of his or her friend circles, and look for chat apps such as WhatsApp or Kik.
  8. Maximize privacy on social profiles. Help kids maximize privacy settings on social profiles and delete any profile or post information that unintentionally gives away personal data. Consider removing the names of family members, pets, school, hometown, and birthdays. Hackers can piece together this information to crack passwords or create authentic-looking phishing scams.
  9. Consider a family VPN. Virtual Private Networks are becoming the most popular way to conduct business, shop, and safeguard a family’s online activity from outsiders. VPN encryption can protect a child against several virtual threats.
  10. Review gaming safety. If your kids spend a lot of time on games like Fortnite and Call of Duty, they can encounter strangers, bullying, and scams that target gamers. Teen gamers should use a firewall to help block would-be attackers from gaining access to their PC and home networks and as well as a comprehensive security solution to protect devices from malware and other threats.
  11. Monitor devices. Consider spot-checking all devices routinely. Review privacy settings on social networks (kids change them), look for new apps, review browsing history, chats, and texts. Need to go a step farther? Keep your child’s phone for a few hours to check notifications that pop up. You may find activity that wasn’t necessarily visible otherwise.

Taming all the moving parts of internet safety isn’t easy, and balancing your relationship with your child and parental monitoring can get turbulent at times. While kids can experience more drama and anxiety by going online, social networks remain critical channels for affirmation, self-expression, and connection. In the weeks to come, take time to listen, learn, and get to know your child’s digital passions and patterns. Identify safety gaps and reinforce those areas. Good luck, parents, you’ve got this!

The post Internet Safety for Kids: A Refresher for Homebound Families appeared first on McAfee Blogs.

Scams Facing Consumers in the New Digital WFH Landscape

With many people having their normal day to day life turned upside down, scammers are capitalizing on consumers’ newfound lifestyles to make a financial gain or wreak havoc on users’ devicesLet’s take a look at the most recent threats that have emerged as a result of the pandemic 

Fraudulent Relief Checks

On Wednesday March 25, the Senate passed a relief bill that contains a substantial increase in unemployment benefits for Americans who have lost their jobs or have been furloughed due to the economic fallout from the pandemicFinancial scammers are likely to use this as an opportunity to steal money offered to Americans who are facing the negative economic effects of the pandemic, as these crooks could make consumers believe they need to pay money as a condition of receiving government relief. The Federal Trade Commission issued a warning to consumers to be on the lookout for fraudulent activity as the government implements these financial relief packages.  

Map Used to Track Pandemic Used to Spread Malware

According to security researcher Brian Krebs, criminals have started disseminating real-time, accurate information about global infection rates to spread malware. In one scheme, an interactive dashboard created by Johns Hopkins University is being used in malicious websites (and possibly in spam emails) to spread password-stealing malware.  Additionally, Krebs flagged a digital pandemic infection kit, which allows other criminals to purchase a bundled version of the map with the scammer’s preferred attack method. 

Texts, WhatsApp, and TikTok Spread Falsehoods

Due to the nature of the rapidly evolving pandemic, criminals are taking advantage of the situation by spreading misinformation. As more communities are being ordered to shelter in placemisleading text messages announcing a national quarantine claiming to come from the White House buzzed onto cell phones around the U.S. According to the Washington Post, the fraudulent text messages encouraged users to, “Stock up on whatever you guys need to make sure you have a two-week supply of everything. Please forward to your network.” These fake texts spread so widely that the White House’s National Security Council debunked the misleading claims in a Twitter post stating, “Text message rumors of a national #quarantine are FAKE. There is no national lockdown.” Communication apps like WhatsApp and social media platforms like TikTok have carried similar examples of this misinformation.  

Robocalls Offering Free Test Kits and Low-Cost Health Insurance

On top of fraudulent messages floating around via SMS, WhatsApp, and TikTok, scammers are also using robocalls to spread misinformation around the global pandemic, especially as more users are at home and available to answer phone calls as a result of self-isolation. According to CNNrobocalls from more than 60 different phone numbers are falsely offering low-priced health insurance and free coronavirus test kitsAnother type of robocall asks users to sign a petition to ban flights from China. Criminals are taking advantage of the fact that new information around the pandemic is constantly being released, presenting them with an opportunity to scam users by impersonating local and federal officials.  

Stay Safe Online With These Tips

During this time of uncertainty, it can be difficult to decipher what is fact from fiction. When it comes to the potential online threats around the recent pandemic, here’s what you can do to stay protected:  

Only trust official news sources

Be sure to only trust reputable news sites. This will help you filter out fake information that is just adding to the noise across the internet.  

Don’t share your personal or financial data

Although financial relief checks are not yet a reality, know that the federal government will not ask you to pay fees or charges upfront to receive these funds. Additionally, the government will not ask you for your Social Security number, bank account, or credit card number.  

Beware of messages from unknown users

If you receive a text, email, social media message, or phone call from an unknown user regarding the pandemic, it’s best to proceed with caution and avoid interacting with the message altogether.  

Go directly to the source

If you receive information regarding the pandemic from an unknown user, go directly to the source instead of clicking on links within messages or attachments. For example, users should only trust the map tracking the pandemic’s spread found on the Johns Hopkins websiteUsing a tool like McAfee WebAdvisor can help users stay safe from similar threats while searching the web.  

Register for the FCC’s “Do Not Call” list

This can help keep you protected from scammers looking to capitalize on current events by keeping your number off their lists. 

Stay updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post Scams Facing Consumers in the New Digital WFH Landscape appeared first on McAfee Blogs.

Is Mobile Malware Playing Hide and Steal on Your Device?

Over the years, we’ve all grown accustomed to using our smartphones and mobile apps to support our lifestyles. We as consumers have developed expectations of how devices can enhance our everyday lives- from online banking transactions to handling work correspondence on the go. But as we become more reliant on our smart devices and apps, hackers use this dependency as an opportunity to gain unwarranted access to our personal data. According to McAfee’s latest Mobile Threat Report, hidden apps are the most active mobile threat facing consumers, generating nearly 50% of all malicious activities in 2019. Let’s dive into these mobile threats and how they could potentially impact your life.

Don’t Let These Mobile Threats Commandeer Your Device

LeifAccess

LeifAccess (also known as Shopper) is an Android-based malware distributed through social media, gaming platforms, and fraudulent advertising. Once installed, this stealthy hides its icon and displays fake security notifications, hoping to trick the user into granting the malware accessibility access. LeifAccess/Shopper has also been found to use third-party logins to cheat app ranking systems and wreak more havoc on victims’ devices. The malware uses the accessibility features in Android to quietly create third-party accounts, automatically download apps from Google Play, and post reviews using names and emails configured from the victim’s device.

According to the Mobile Threat Report, hackers are also tricking users into installing adware onto their devices, redirecting them to a variety of fraudulent ads. Because digital ad revenue is simply based on screens displayed and clicks, hackers are quick to exploit this threat so they can collect fraudulent ad revenue at the expense of unsuspecting users. Due to the volume and speed of the redirects, many consumers don’t even realize that their device is infected or that their data is being collected.

HiddenAds

HiddenAds masquerades as genuine apps like Call of Duty, Spotify, and FaceApp to trick users into downloading them. But once the app is installed on the victim’s device, the app icon changes to one that mimics the Settings icon. When the victim clicks on it, the app displays a fake error message that reads “Application is unavailable in your country. Click OK to uninstall.” However, clicking OK completes the malicious app installation process and then hides the fake Settings icon, making it nearly impossible to find and delete the malware.

MalBus

McAfee researchers also discovered a new targeted attack hidden in a legitimate South Korean transit app. Called MalBus, this new attack method exploits the app developer’s hacked Google Play account. Once the hackers accessed the developer’s account, they added an additional library to the apps and uploaded them to Google Play. Now, MalBus spyware can phish for   with a local webpage that mimics the real Google login screen. Additionally, MalBus can drop a malicious trojan on the victim’s device, searching for specific military or political keywords. If these keywords are found, the victim’s matching files are uploaded to a remote server without their knowledge.

How to Stay Protected

As hackers continue to target consumers through the channels they spend the most time on – their mobile devices – it’s important for users to reflect on the current digital landscape to help protect their data, as well as their family and friends. Follow these security tips to defend against stealthy mobile threats:

  • Do your research. While some malicious apps do make it through the app store screening process, the majority of attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the source and developer.
  • Read app reviews with a critical eye. Reviews and rankings are still a good method of determining whether an app is legitimate. However, watch out for reviews that reuse simple or repetitive phrases, as this could be a sign of a fraudulent review.
  • Update, update, update. Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
  • Use a VPN. A virtual private network, or , allows you to send and receive data across a public network, but it encrypts your information so others can’t read it. This can prevent hackers from spying on your internet activity, therefore protecting your privacy.
  • Keep tabs on your accounts. Use ID monitoring tools to be aware of changes or actions that you did not make. These may have been caused by malware and could indicate that your phone or account has been compromised.
  • Defend your devices with security software. Comprehensive security software across all devices continues to be a strong defensive measure to protect your data and privacy from online threats.

To stay updated on all things McAfee and the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Is Mobile Malware Playing Hide and Steal on Your Device? appeared first on McAfee Blogs.

TikTok Challenge, Hoop App, and Other Headlines You May Have Missed

TikTok Challenge

Digital news that affects families seems to be dominating the headlines these days. To keep parents in the know, here are some of the stories you may want to give extra family discussion time to this week.

Skull Breaker Challenge Proving Unfunny 

Apps — video apps especially — can help kids tap into their creativity and give kids a critical way to connect. Where the fun can take a dangerous turn is in the way kids choose to use their technology. In this case, the poor choice is in the Skull Breaker Challenge (also called the Trip Jump Challenge), a prank resulting in some kids being hospitalized.

The prank, designed to get laughs and accumulate TikTok views, includes two kids tricking a third friend into making a dance video together. Three kids line up side by side for a planned group dance that will be videotaped and posted. As everyone jumps as planned, the two kids on either side swipe the legs out from under the middle person causing him or her to fall backward. According to reports, the prank is surfacing mainly on TikTok but also Youtube.

Safe Family Tip: Consider talking to your child about the dangers of online challenges and the risks already reported in the news. 1) Discuss the physical dangers doctors are warning the public about, including neck strain, concussion, skull fracture, long-term complications, or even death. 2) Using current news stories, explain personal responsibility and what can happen legally if your child hurts another person during a prank.

Snapchat’s Hoop App Being Called ‘Tinder for Teens’

Snapchat users (over 2.5 million in fact) are flocking to a new Tinder-like app called Hoop that interfaces with Snapchat. The developer app allows other Hoop users to swipe through other Hoop users and request to connect via their Snapchat profile name.

While the app asks a user’s age, much like other social sites, there’s no way to prove a user’s age. And, users can change their age at any time after creating an account. This type of app format can be tempting for kids who are naturally curious and seeking to meet new friends outside of their familiar social circle. There’s a potential for common issues such as catfishing, predator behavior, and inappropriate content. Kids as young as 12 can form connections with strangers. While their profile may be harmless, they can’t control the type of content that pops up on their screen from other users. Another red flag: Hoop users are rewarded with “diamonds” for sharing their Snapchat name and getting others to join Hoop, so the incentive to daily share and connect with a wide circle outside of one’s known friend group may prove tough for some kids to resist.TikTok Challenge

Safe Family Tip: While it’s challenging to stay on top of the constant array of new apps, it’s not impossible. One way to understand where your child spends his or her time online is with comprehensive monitoring software. Another way of monitoring activity is to physically check your child’s phone once a week for new app icons (see right) and take the time to talk about his or her favorite apps. Consider explaining the dangers of connecting with strangers and the real possibility that a new “cute 16-year-old” may be a predator attempting to win your child’s trust (it happens every day). Review and agree on which apps are considered safe and the expectations you have for your family’s online choices.

Another app to keep on your radar is Wink. Nearly identical to Hoop, Wink interfaces with Snapchat and is being promoted as a “new friend finder.” It has a similar “swipe” feature that connects kids to random Wink users and is currently ranked #15 in the app store.

Should phones be banned from schools?

A conversation gaining a quiet but consistent buzz is the merit of prohibiting phones from schools — a law France has enforced for two years that has parents, educators, and legislators talking. Several recent studies reveal that phone bans can lead to higher test scores, higher test grades and attention spans, and increased cognitive capacity. Some schools in the U.S. have independently taken steps to curb and ban phones in hopes of focusing on distracted students.

Proponents of phones in school say a ban would be impossible to enforce and that technology is needed to help parents stay in touch with kids during the school day, especially for emergencies. Others say phones at school are a critical part of learning and raising self-sufficient, tech-savvy students prepared for a digital workforce.

Safe Family Tip: Begin the discussion with your child about the pros and cons of devices at school. Listen closely to his or her perspective. Discuss potential device-related issues that can be amplified during the school day such as cyberbullying, group chat conflicts, sexting, gaming during class, and using devices to cheat. Review expectations such as using phones only before and after school to connect with parents.

Stay tuned in the weeks to come as we take a closer look at other apps such as TikTok and WhatsApp Messenger that — when used unwisely — can lead to some surprising risks for kids. Until then, keep the digital safety conversation humming in your home. You’ve got this, parents!

The post TikTok Challenge, Hoop App, and Other Headlines You May Have Missed appeared first on McAfee Blogs.

Consumers want a fully connected life – but at what cost?

Convenience has always, and will always be king. That’s why it’s no surprise that the average person is collecting connected devices left and right and is expected to own 15 connected devices by 2030. While they vary from person to person, recent research shows that the most popular connected devices tend to be smart meters, speakers, activity trackers, and TVs. That said, customers are curious and are keen to go even further, adopting the latest and greatest when it comes connectivity. This could mean anything from a connected toaster, washing machine or garage, but for many, the connected car is the ultimate toy.

The consumer appeal behind device adoption is understandable – they’re entertaining and they make menial, everyday tasks easier to accomplish. A recent study on connected devices by TechUK found that 42% of consumers agree that both qualities are key drivers in their adoption – a similar finding seen in North America and across Europe. This is a huge shift in sentiment from years before when most consumers considered connected devices to be too complex and costly to be worthy of purchasing.

More 5G, more problems? 

As the demand for continuous connectivity grows, 5G will completely reshape the way consumers interact with the world around them. However, with more devices coming into homes, concerns around the way personal data and information is managed, controlled and used by organizations are starting to come into question.

Recent research shows that many consumer worries are specifically based on safety and security related to products being unreliable, data breaches, as well as a lack of trust in smart technology manufacturers. In short, this shows worryingly low levels of trust for suppliers and a lack of knowledge about what fail-safes solutions are in place in case of emergency.

These concerns aren’t unwarranted. Over the past few years, consumers have been witness to some of the worst data breaches and cyber-attacks in history, and many have had a front seat to the growing number of IoT attacks taking hold of homes across the globe. These aren’t our parents’ attackers – today’s cybercriminals are savvy, smart and are fully aware of the lack of adequate security controls on many of these devices, leaving them in a perfect position to cause chaos.

Unfortunately, they’re doing a great job so far. Recent figures show that the total number of IoT malware samples grew 154% over the last year and just recently, McAfee Advanced Threat Research discovered a vulnerability in the Chamberlain MyQ Hub, a garage door automation platform, as well as an insecure design in the McLear NFC Ring that could allow an attacker to easily clone the ring and gain entry to a consumer home.

Next-generation concerns    

There’s no debate that analytics are key to making every day technology smarter, faster and more efficient. They’re integral to the evolution of artificial intelligence (AI), reinforcement learning (RL) and robotic process automation (RPA) as well as cutting-edge consumer technologies like the connected car.

Nearly every modern vehicle uses state-of-the-art sensors that use analytics technologies like AI and ML. These technologies are specifically designed to automate many of the functions that humans would traditionally have done. These can include – but are not limited to – rain-sensors on the windshield to control wiper blades and sensors which detect objects to help avoid collisions.

As these technologies are central to the functionality of autonomous vehicles, researching potential weaknesses in the underlying systems has been key. To do this, the McAfee Advanced Threat Research Team (ATR) and the Advanced Analytics Team (AAT) recently came together to study how AI models within autonomous vehicles could be targeted by adversaries – a process now referred to as “Model Hacking”. To fully understand the potential for threat, the teams focused their efforts on the broadly deployed MobilEye camera system, which is currently used in over 40 million vehicles, including one of the leading connected car manufacturers. Through their research they successfully created a black-box targeted attack, causing the camera to misclassify a 35 mile-per-hour (mph) speed limit sign as 85 mph. This resulted in the vehicle increasing its speed to 85 mph on its own.

While it’s currently unlikely that this type of attack would be used to do harm, being able to get ahead of the problem and understand where potential risks lie is vital. It is also important that industry leaders work together to shift perception that machine learning and AI systems are automatically secure in order to drive success in autonomous driving. This means opening up the discussion and raising awareness of the problems and pitfalls to steer the direction and development of safer next-generation technologies.

 

Taking security into their own hands

Despite the valid concerns around safety, security and information management, the rollout of 5G will only continue to encourage the use of smarter and more efficient IoT devices. But how can consumers fully enjoy the benefits of these new technologies when the most malicious actors continue to evolve and exploit the existing – and arguably – sometimes lackluster security controls in place? Get in control! Consumers must take a stand to safeguard their homes from within and start asking the question – is this device secure?

Running point on your online security may seem overwhelming at first, but it’s possible to both reap the benefits of your connected devices while staying safe – here’s how:

  • Practice proper online security habits: The silver lining of all this security chaos is that there are now countless ‘best practices’ consumers can quickly adopt. These include implementing a strong password policy, putting IoT devices on their own, separate network, and utilizing a dual-factor authentication when possible.
  • Do your research: Before purchasing a new IoT device, take the time to look into its security features and understand the security risks associated. Ensure you have the industry knowledge to make sure you’re buying the safest tools available on the market.
  • Buy through trusted advisors. Some brands have your best interests in mind and unfortunately, some don’t. Being able to identify which ones do can make the difference between being a victim or not.
  • Act: While the accuracy and agility of intelligent systems offers convenience, don’t assume any sort of hiccup is just a fluke. If something seems off with the technology, raise the issue to the manufacturer.
  • Always update: Part of the convenience of connected technologies is they have the ability to update remotely—when one of these such updates is offered by the manufacturer, make sure to take the time to do so as soon as possible.

Of course, the onus does not fully fall solely on the consumer. Brands must do their part in ensuring the supply chain is secure and that consumers’ online lives are fully protected from end-to-end. Doing this starts with designing IoT devices with security in mind. IoT manufacturers must embed security into the architecture, interfaces, and designs of their products. They must ensure device identity and authentication are a part of the provision and configuration process and must work with consumers to empower them to apply proper administration and management throughout the lifecycle of their device.

From 5G and autonomous cars to smart cities and AI, the next few years will no doubt be a transformative time for technology. Though for organizations and consumers to get the full benefits from these technologies, the industry must work together to eliminate risks from the inside out. Sharing the responsibility of safety will be a crucial part in tackling the insidious threats facing us today. It will ensure consumers all across the world will be able to stay connected and live an increasingly digital, convenient and efficient life.

The post Consumers want a fully connected life – but at what cost? appeared first on McAfee Blogs.

Safer Internet Day 2020

What Can You Do To Make The Internet a Better Place

In 2020, you’d be hard-pressed to find an Aussie teen who doesn’t spend a fair whack of their time online. And while many of us parents don’t always love the time our offspring spend glued to screens, most of us have come to accept that the online world is a big part of our kids’ lives.

So, let’s accept that the internet is going to be a feature of our kids’ lives and work out how best we can keep them safe.

Together For A Better Internet

Today is Safer Internet Day  – an international annual event that encourages us all to work together for a better internet. The perfect opportunity to find out what we can do as parents to ensure our kids are as safe as possible online.

Organised by the joint Insafe/INHOPE network, with the support of the European Commission, Safer Internet Day is held each February to promote the safe and positive use of digital technology, especially among children and young people. Safer Internet Day is all about inspiring users to make positive changes online, to raise awareness of online safety issues, and participate in events and activities right across the globe.

What Can We Do As Parents?

As role models and life-educators, parents play an enormous role in shaping our kids’ behaviours and opinions – particularly before they get to the teenage years!! So, why not use Safer Internet Day as a prompt to freshen up your cybersafety chats with your brood.

Not sure where to start? Here are my top messages to weave into your chats with your kids

  1. Be Kind Online

Spread love not hate online. A better internet includes building an online culture where people share positive and encouraging posts and comments. It may be as simple as posting a positive message, liking a post that is encouraging or sharing an inspiring article. Image

It may sound obvious but before you post a comment or a tweet, ask yourself whether the message could offend someone or impact them negatively. And remember to NEVER like, favourite, retweet, post or comment negatively online.

  1. Learn How To Disagree Respectfully Online

No matter how much we try, there will always be some people online who get a kick out of being unkind. If you come across this behaviour, I encourage you to call it out and report it but ALWAYS do so in a respectful fashion. Reciprocating with harsh words or name-calling will only further inflame a toxic situation. A logical, factual response that is respectful will always triumph!

  1. Protecting Your Online Reputation (& Others Too)

If you’re planning on hiring someone or even going on a date with someone, the chances are you’re going to ‘Google’ them first. And what you find online and the opinion you form decides whether the person’s digital reputation is acceptable or not.

So, it’s essential to remember that everything you post online is permanent and public; not to post inappropriate comments or pics of yourself or others; ensure all your online profiles are set to private to avoid strangers ‘screen-grabbing’ your private info and photos; don’t respond to inappropriate requests and most importantly, take a breather when things are getting heated online and you may regret your comments and actions.

  1. Passwords!!!!!

Managing passwords is one of the best ways of taking control of your online life and creating a better internet. Ensuring you have a separate password for every online account means that if you are affected by a data breach, your other online accounts are not at risk. Always choose passwords that have letters, numbers and symbols and ensure they are complex and not obvious. I love using a nonsensical sentence! And if all that’s too hard, why not consider a password manager that not only creates complex passwords for each of your online accounts but remembers them too. All you need to do is remember the master password! Awesome!!

So, why not pledge to change up your cybersafety chats with your kids this Safer Internet Day? And remember – they are watching you too! So, ensure you always model online respect, take your online responsibilities seriously and, also manage your passwords carefully. Because every little step is a step towards a positive change.

 

 

 

 

 

 

The post Safer Internet Day 2020 appeared first on McAfee Blogs.

What You Need to Know About the FedEx SMiShing Scam

You receive a text message saying that you have a package out for delivery. While you might feel exhilarated at first, you should think twice before clicking on that link in the text. According to CNN, users across the U.S. are receiving phony text messages claiming to be from FedEx as part of a stealthy SMS phishing (SMiShing) campaign.

How SMiShing Works

This SMiShing campaign uses text messages that show a supposed tracking code and a link to “set delivery preferences.” The link directs the recipient to a scammer-operated website disguised as a fake Amazon listing. The listing asks the user to take a customer satisfaction survey. After answering a couple of questions, the survey asks the user to enter personal information and a credit card number to claim a free gift, which still requires a small shipping and handling fee. But according to HowtoGeek.com, agreeing to pay the small shipping fee also signs the user up for a 14-day trial to the company that sells the scam products. After the trial period, the user will be billed $98.95 every month. What’s more, the text messages use the recipient’s real name, making this threat even stealthier.

How to Stay Protected

So, what can online shoppers do to defend themselves from this SMiShing scam? Check out the following tips to remain secure:

  • Be careful what you click on. Be sure to only click on links in text messages that are from a trusted source. If you don’t recognize the sender, or the SMS content doesn’t seem familiar, stay cautious and avoid interacting with the message.
  • Go directly to the source. FedEx stated that it would never send text messages or emails to customers that ask for money or personal information. When in doubt about a tracking number, go to the main website of the shipping company and search the tracking number yourself.
  • Enable the feature on your mobile device that blocks texts from the Internet. Many spammers send texts from an Internet service in an attempt to hide their identities. Combat this by using this feature to block texts sent from the Internet.
  • Use mobile security software. Make sure your mobile devices are prepared any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

To stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What You Need to Know About the FedEx SMiShing Scam appeared first on McAfee Blogs.

Cybercrime is moving towards smartphones – this is what you could do to protect your company

By 2021, cybercrimes will cost companies USD 6 trillion, according to a study.

The number of internet users has grown from an estimated at 2 billion in 2015 to 4.4 billion in 2019, but so have the cybercrimes which are expected to cost companies USD 6 trillion worldwide, according to a study by Cybersecurity Ventures.

Similarly, the number of smartphone users has grown from 2.5 billion in 2016 to 3.2 billion in 2019 and is forecasted to grow to 3.8 billion by 2021. Smartphones and the internet will make further inroads to our economic system. But there are certain risks involved as well.

Mobile phones are becoming targets of cybercriminals because of their widespread use and increasing computing power. Consider the fact that more than 60 % of online fraud occurs through mobile phones. This threat is not just towards individual users but businesses as well. It does not matter how large the company is either. 43% of the cyberattacks in 2019 were aimed at smaller businesses because they do not have adequate protection.

Given how vulnerable smartphones are and that the threat from cyber attacks is only expected to increase, here are some measures you can take to protect your business from cybercriminals:

Rethink BYOD:

Bring Your Own Devices (BYOD) offers several benefits to both the organization and employees. Such a policy allows employees at a company to use their mobile phones, tablets, or laptops for work, saving companies the hassle to purchase devices.

However, you need to rethink if you are saving more than what you are losing. Employees have confidential company information on their devices. Such a door into your organization can cost you heavily. Set aside the funds to obtain company devices for use by employees at the office. Consider such an investment as part of your cybersecurity strategy.

 

Cybersecurity assessments:

The cybersecurity threat landscape is ever-evolving due to the fast nature of innovation. Develop a comprehensive cybersecurity program that includes a regular assessment of your company’s security needs. Identify the strengths of your IT infrastructure against potential attacks, and do not let advances in technology or techniques take that away from you. Similarly, you should identify the vulnerabilities in your systems. Make sure any gaps in your defenses are appropriately plugged. A threat assessment should be an integral component of any cybersecurity policy.

Retrain staff:

Make sure that employees at your organization are informed and up to date on the latest in cyber threats. This way they can protect themselves and the company from cybercriminals. Even a single mistake by one employee can end up creating a door for individuals or groups wishing your company harm. All employees must be trained as a matter of policy. This way, they can identify phishing attacks and manage social engineering scams. Another factor your employees must be mindful of is resource monitoring. Suspicious resource use on company devices, whether it is excess internet or battery usage, should raise alarm bells. However, employees may not look into such things in detail because they do not own the devices. Train your staff to keep track of resource use too.

 

Employee monitoring:

Most organizations have some form of an employee monitoring policy and track their workers. If you haven’t done so already, develop such a policy, and keep your employees informed to ensure transparency. If you have decided to use company devices, you can opt to install monitoring apps on them. There are several modern monitoring apps currently available such as XNSPY. The app can keep track of online activities, generate a list of call logs, and remote control the device. Furthermore, you can track the location of the device in real-time, and use features such as geofencing and GPS history. There are other powerful features too, such as ambient recording, multimedia access, and online activity tracking. You can also wipe off all the data from a device in case of theft. Monitoring apps such as XNSPY should be a part of your strategy against cybercriminals.

 

Don’t forget physical infrastructure:

Cybersecurity may involve software updates and training policies, but making sure your physical infrastructure is safe is just as important. Re-evaluate how exposed your digital infrastructure is to physical access. Furthermore, go through the profiles of suppliers and vendors to vet them properly. A small door in any piece of equipment can let cybercriminals through and bypass your entire cybersecurity foundation. Be aware of this threat and make sure that suppliers work by following specific regulations.

Develop a threat monitoring policy:

Anticipating an attack and stopping it is an important part of comprehensive cybersecurity policy. Make sure that you are monitoring your digital infrastructure round the clock.

Invest in threat monitoring software and a team of professionals that can identify, track, and stop an attack.

The concept of designing a cybersecurity system as a fortification is changing to an adaptable system that can accommodate evolving security threats. Furthermore, a monitoring policy also needs to have a clear response plan.

Such a plan details what needs to happen and when in case of an attack. This ensures that there is a speedy response by your company against any threat.

 Conclusion:

Smartphones have become powerful enough that they can be considered as computers in their own right. While this has created scores of opportunities, there are also clear threats posed by cybercrime. These threats are only going to increase as the internet and smartphone use increases. While protecting your business against cyber criminals requires a considerable investment of time and money, it will pay off in the long run.

 

Clark Thomas is an expert in VOIP. He helps businesses both small and medium-sized, in implementing and adopting the best security methods for their organization and network. He gives great advice regarding and assists people in boosting the security measures for their website and business.  

The post Cybercrime is moving towards smartphones – this is what you could do to protect your company appeared first on CyberDB.