Posts

How to Stop Your Cellphone from Getting Hacked

If you are like most of us, you probably have a password, antivirus program, and a firewall for your home computer to protect it from hackers. Are you doing the same thing for your phone?

From 2015 to 2016 malware infections on smartphones swelled by 96%, and about 71% of the smartphones out there do not have any software at all to protect them. What does that mean for you? It means the odds are against you when it comes to getting your phone hacked. Luckily, there are some things you can do to protect your mobile phone from hackers:

  • Update Your Operating System – Many people skip updates for some reason. Don’t put it off. Most of these updates contain security fixes that your old operating system didn’t have.
  • Put a Lock On It – If your phone doesn’t have a passcode on it, it’s like leaving the front door of your home open for burglars. Hackers will get in; it’s just a matter of time. If you can, use a biometric method, like a swipe or finger tap. In addition, set up a good passcode. Make sure it’s totally unique and nothing a hacker can guess, like your address or birthday.
  • Use Caution with Public Wi-Fi – Public Wi-Fi is great, in theory, but it can also be dangerous, as it is very easy for hackers to access your info. It’s usually pretty safe to use a public Wi-Fi connection for things like catching up on the news or watching a movie, but don’t put any personal information into your device such as your banking password or credit card number.
  • Check Up On Your Apps – Hackers often use phone apps to access data. So, to make sure you are really safe, make sure to delete any apps that you aren’t using regularly. An outdated app can be dangerous, too, so make sure to always update when one is available. Also, only download apps from reputable sources like Google Play and iTunes.
  • Use a VPN – Finally, use a VPN, or virtual private network. This will encrypt your information when you use it over a public network. They are free or cheap, usually $5 to $30, and that small investment is definitely worth it for your safety.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Mobile SIMs Hacks Cause Concern

A crook can steal your identity by taking control of your wireless phone account—by pretending to be you in person at the mobile store. The villain can then buy pricey mobiles and sell them—and guess who gets the bill but not the profit.

4DSymptoms of Hijacked Account

  • Suddenly losing service
  • Your carrier says you went to a store, upgraded a few phones, then shut down your old device.
  • Or, the rep will straight-out ask if the problem is with your new iPhone—even though you never purchased one.
  • You were never at the store and never authorized any account changes.

If this happens to you, says an article at nbc-2.com, you’ll need to visit the carrier’s local store, show your ID and get new SIM cards. The carrier absorbs the costs of the stolen new phones.

But it’s not as simple as it sounds. What if in the interim, you need to use your phone—like during an emergency or while conducting business? Or your phone goes dead just as your teen calls and says she’s in trouble?

The thief, with a fake ID, waltzes into a store that does not have tight owner-verification protocols, and gets away with changing the victim’s account and buying expensive phones.

The nbc-2.com report says that this crime is on the increase and is affecting all four of the major mobile carriers: AT&T, T-Mobile, Verizon and Sprint.

Here’s another thing to consider: The thief may keep the new phone, which still has your number, to gain access to your online accounts via the two-factor authentication process—which works by sending a one-time numerical text or voice message to the accountholder’s phone.

The thief, who already has your online account’s password, will receive this code and be able to log into the account. So as innocuous as stolen phones may seem, this can be a gateway to cleaning out your bank account. The thief can also go on a shopping spree with mobile phone based shopping.

We’re all anxiously waiting for mobile carriers to upgrade their store security so that people just can’t strut in and get away with pretending to be an accountholder. Biometrics come to mind. Photo IDs are worthless.

In the meantime, accountholders can create a PIN or password that’s required prior to changing anything on the account.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Eight ways to secure your employees’ mobile devices

Between half and three quarters of all employees have downloaded personal apps to company tablets and phones, according to surveys. At the same time, people are increasingly using use personal phones for work purposes like email, document-sharing and the list goes on.

2DWhat does it all mean? Companies must take extra precautions to ensure that sensitive data doesn’t get into the wrong hands.

Protecting your data

Fortunately, there are several steps that a business owner can take to protect the information on employees’ mobile devices. Here are some tips:

  1. Make sure all devices are password protected.
  2. Require all employees to use an “erase data” function after a certain number of failed password attempts.
  3. Make sure all devices used for business purposes have a “wipe” ability. This allows you to wipe the information on the phone remotely in case it is stolen.
  4. Make sure your staff installs any security patches or updates that become available. These are often published due to security vulnerabilities.
  5. Employees should only download software from approved application providers with solid reputations.
  6. Antivirus protection must be a requirement for Androids.
  7. Make sure employees are discerning about the websites they visit and the links they click on. Too many clicks may lead them to a malicious site that could put data at risk. This also applies to e-mail and text messages.
  8. Employees should know that Wi-Fi is not secure. This is especially true of public Wi-Fi connections. To help guard their information, consider using a virtual private network service.

It doesn’t take much to secure the info your staff needs to do their jobs. A few simple strategies can provide a protective shield that will keep your company’s information safe, no matter where employees find themselves.

Consultant Robert Siciliano is an expert in personal privacy, security and identity theft prevention. Learn more about Carbonite’s cloud and hybrid backup solutions for small and midsize businesses. Disclosures.

How to shop securely with a Mobile Phone

“You can buy things with your phone!” No kidding! But imagine what the response would have been had you made this statement in 1984: “Off your meds, eh?”

7WPurchasing via the smartphone may very well eclipse the popularity of shopping via laptop. And cyber thieves know this. They’re counting on you to slip up.

  • Never click a link inside an e-mail, even if the subject line is a warning or alert to a fabulous sale. Cyber crooks know that the small screens on mobiles can easily hide tell-tale signs of scam e-mails, people are especially vulnerable to subject lines blaring great deals.
  • If you’re too tempted to ignore the great deal, then visit the merchant’s site by typing their name into the search engine rather than clicking the link inside the e-mail! That link could lead to a virus download.
  • Never use public Wi-Fi (e.g., at the airport or hotel) to shop. Stick to your phone’s mobile broadband network or at a minimum use a virtual private network (VPN).
  • When shopping with your phone, use a credit card, never a debit.
  • When using your phone, make sure nobody is spying. This really happens; it’s called visual hacking. It can even be done with the crook’s phone—capturing on video the sensitive information you’re entering on your phone.
  • You accidentally mis-type the URL of a major retailer (but don’t know it), and you end up on their site. It’s called typo squatting. How is this possible? The site is the crook’s. He knows people will commit typos and he takes advantage of this: owning a website that mocks the real one, and you’re lured into “buying” off of it—entering your credit card or PayPal information—which he then has. And he knows you won’t pick up that the site is an imposter because your phone’s screen is so small.
  • Keep the phone’s software updated.
  • Deactivate autosave logins.
  • Your phone contains so much sensitive information about you and your family, financial data, maybe medical history, etc. What if a crook gets ahold of it? Set up a personal identification number (PIN) for login.

Download only from official app stores: Apple App Store, Google Play and Amazon. Don’t download from third-party vendors.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Want Mobile Privacy? Read

If you don’t want your smartphone to know more about you than you do, here are top choices, as detailed on gizmodo.com:

2PBlackPhone 2

  • The Blackphone 2 will black out the federal government from spying on you.
  • Has a five inch handset with full HD screen (with Gorilla Glass 3 that prevents shoulder surfing).
  • 3 GB or RAM
  • Its Silent Circle’s PrivateOS 1.1 provides a “Spaces” UI: Data will be encrypted and compartmentalized.
  • The “Spaces” allow you to set up distinct spaces for different types of data, including a Silent Space that’s akin to Chrome’s incognito mode.
  • The Silent Suite allows you to keep various kinds of communications encrypted.
  • Also provides a Silent Store for apps.

Nokia 3310

  • This outdated “dumb phone” might still be available out there, somewhere.
  • The dumb phone is not capable of transmitting data through cyberspace. Thus, you don’t ever have to worry about being “followed,” “tracked” or hacked into.
  • If you’re comfortable not being connected to the Internet of Things, this phone is for you—if you can find one.

Payphones

  • If you want to pretty much guarantee that you’ll be untraceable, then use payphones.
  • Locate the payphones in your town and anywhere you normally travel, so that when it’s time to make a call, you won’t be spending time hunting for the phone.
  • Always have change on you, too.
  • To be even more non-traceable, always have in your car a thin pair of gloves to prevent your fingerprints from being on the phone.

Honorable Mention: Apple iPhone/Microsoft Lumia 930/Google Nexus 5

  • Apple, Microsoft and Google are no more crazier about government surveillance programs than you are.
  • Nevertheless, their phones gather data—but at least it goes to the maker of these devices rather than to the government.
  • The manufacturers analyze the data in the name of giving the user a better experience with the product.

Let’s also throw in the landline. Your calls can be traced, but at least data about you like your shopping preferences, health, income, marital status, etc., won’t go leaking out anywhere.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Mobile Apps Failing Security Tests

It’s been said that there are over a million different apps for the smartphone. Well, however many may exist, know that not all of them are passing security tests with flying colors.

5WYou may already be a user of at least several of the 25 most downloaded apps And what’s so special about the top 25? 18 of them flunked a security test that was given by McAfee Labs™ this past January. And they flunked the test four months after their developers had been notified of these vulnerabilities.

App creators’ first priority is to produce the next winning app before their competitors do. Hence, how secure it is doesn’t top the priority list, and that’s why there’s such a pervasive problem with security in the mobile app world.

Because these apps failed to set up secure connections, this opens the door for cybercriminals to snatch your personal information such as credit card numbers and passwords. And this is growing because this weakness in apps is so well known and it’s pretty easy for cybercriminals to purchase toolkits that help them infect smartphones via these vulnerable apps.

The technique is called a “man in the middle” attack. The “man” stands between you and the hacker, seizing your personal information. The “man” may capture your usernames and passwords for social media accounts and so much more—enough to open up a credit card account in your name and then max it out (guess who will get the bills); and enough to commit a lot of damage by manipulating your Facebook account.

So What Can You Do?

Here’s some tips to help you protect yourself from these unsecure apps:

  • Before purchasing an app, get familiar with its security features—read reviews and check what permissions the app is asking access to. You don’t want to end up with an app that accesses way more information about you than necessary for what you want the app for in the first place.
  • Download only from reputable app stores, not third-party vendors. This will reduce your chance of downloading a malicious app.
  • Don’t have your apps set to auto login. Even though it may be a pain when you want to access Facebook, it’s better to be safe than sorry.
  • Make sure you use different passwords for each of your apps. Sorry, I know that’s a hassle, but that’s what you must do. And make sure your password is long and strong.

Here’s to staying safe on our mobile devices.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Don’t Believe These 6 Mobile Security Myths

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security flaws in the news, it seems like a lot of us don’t think it applies to our mobile device. Here are some of the most common mobile security myths.
5W

  1. “Antivirus protection isn’t worth it for a smartphone.” Just because this device fits in the palm of your hand doesn’t mean it’s not worthy of as much protection as your computer. It should have comprehensive security that includes, antivirus, anti-malware and anti-spyware. Think of how often and indiscriminately you use that little thing, even while you’re in between bench press sets or stuck in line somewhere. The more you use it, the more important protecting the information on it becomes.
  2. “If I lose my phone I’ll just call it to find it.” A better way to locate it is to use an app with global positioning system (GPS), like McAfee® Mobile Security. With GPS, you can see the location of your device on a map, much easier than trying to hear your ringtone.
  3. “Smartphones don’t get phishing scams.” Actually, phishing scams can occur via text (also known as SMiShing ) and social media apps. Plus, the mobile device’s smaller screen makes it harder to detect suspicious links.
  4. “Apps for my phone are safe if they’re from trusted brands.” Fraudsters can easily make a malicious app look safe, and can even find its way into a reputable app store. McAfee Labs™ found that over 80% of Android apps track you and collect your personal information. Apps are also the main way that malware can be downloaded to your smartphone or tablet.
  5. “As long as my phone has PIN protection, it’s fine to have apps automatically log into my accounts.” A PIN is incomplete protection because hackers may guess the PIN code or use software to nail the four-digit sequence. You’d be surprised how many people’s PINs are 1234 or 2222. Even if you have a longer PIN or passcode on your device, it’s good practice to not have your apps automatically log you in, even though this may be convenient. You don’t want something to be able to easily access your bank accounts or post random messages on your social accounts.
  6. “SMS” adds protection. The short message service does not provide protection or monitoring of any kind. This means that text messaging is not secure and in fact, it’s often subject to spam.

Keep your mobile device safe with McAfee® Mobile Security, available on both Android and Apple devices. The Android version includes antivirus and anti-malware software, an app manager, anti-theft features, and web protection. The Apple version includes Secure Vault to protect your pictures and videos from prying eyes.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The Guide to Securing Your New Tech Toys

Ho ho ho! It seems that this year, Santa’s sleigh was filled with technology—laptops, smartphones, gaming consoles, etc. Playing with and learning about your new tech toy is fun, but remember to secure your device. It would be a total bummer if your new toy was suddenly compromised by a virus or hacked into. Luckily, there are a few things you can do to protect your new device.

7WComputer/laptop

Install security software. Free software is not recommended, as it provides only basic protection and you’ll likely end up purchasing more anyways. Your security software should include:

  • A two-way firewall: monitors the activity on your devices making sure nothing bad is coming in (like unauthorized access) and nothing good is leaving (like your data).
  • Anti-virus software: protects your devices from malicious keyloggers and other malware.
  • Anti-phishing software: watches your browser and email for suspicious inbox activity.
  • Anti-spyware software: keep your PC spyware free.
  • Safe search capacities: McAfee® SiteAdvisor® tells you what websites are good and which are suspicious.

Smartphone or tablet

  • Be leery of third-party apps.
  • Turn off automatic connections to Bluetooth and Wi-fi.
  • Apply app and OS updates.
  • Never store sensitive information on your device.
  • Use mobile security software for iOS or Android that includes anti-virus, anti-theft, app, and web protection.

Gaming or electronic device

  • Create backups.
  • Don’t store personal info on the device.
  • Connect only to a secure Wi-Fi network.
  • Make sure you apply any OS updates.

Now have a great time with your new tech device. Play with ease of mind, knowing your device is secure.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Mobile Carriers spying on Users

How does my mobile phone know I like tools, electronic gadgets and tarantulas? It keeps showing me ads for these products! Christmas is coming and my kids like bugs, big bugs.

10DHow does it know? It’s called “supercookies”. And they aren’t yummy.

If Verizon is your carrier, that’s why. Verizon uses a “unique identifier token header” for every website the user visits. There are cookies that tag along with the user wherever they go in cyberspace. Advertisers gorge on these cookies because they tell them what products to advertise for each unique person.

You can opt out of Verizon’s program, but this won’t prevent the UIDH (this a Unique Identifier Header) from being stamped on any site you visit and then be visible to a web server.

Even Android’s and iOS’s systems can’t supersede the UIDH system. The UIDH HTTP header is not the same as a typical Internet cookie. This is a lot to digest, it is what it is.

At present, there is no opt-out technology to truly eradicate what some consider spying, and it won’t be around soon, either. And look for AT&T to think possibilities by adopting this UIDH system to track their subscribers’ web journeys.

Though there’s no opt-out-like feature to stop this, there is a way to block it: VPN (virtual private network). Some smartphones have a VPN mode; once activated it will make the user anonymous. I like Hotspot Shield (HSS), which works on Androids and iPhones, easy. And don’t twiddle your thumbs waiting for universal encryption; your toddler will be entering college by then.

If targeted ads (hey, maybe you just love those handbag adverts) don’t phase you, then consider this: Cyber thieves can get ahold of all the sensitive information you have in your phone and learn all sorts of things about you, including any sordid details. Or maybe they just want to steal your identity to drain your bank account. Everyone is being watched by everybody.

Should you worry? That all depends. The Electronic Frontier Foundation is worried. They no likey.

This is where the VPN comes in, especially if you use public Wi-Fi, which is not encrypted. HSS, which is free, will protect your data. There’s also an upgraded version that you pay for; it’s faster. Either version will guard your Internet activities from prying eyes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Card Company’s boosting Payment Security with Mobile

Whoever thought that one day, paying with green paper would be viewed as primitive as a horse and buggy? We seem to be getting closer to that time, especially since the security of making payments via smartphone is always being improved.

5WOne way is with fingerprint scanning. Some smartphones already have this biometric feature. But what about credit cards and biometrics? Visa is currently experimenting with biometrics, but nothing yet has been deployed to the public. Nevertheless, a credit card company trying to develop something with biometrics will likely need to get involved in the smartphone arena.

There will always be the consumers who want to stick to the old-fashioned method of using cash, just like there are always those strange people who insist on buying the kind of stamps that you must lick (or wet with tissue paper) rather than the self-stick ones. But hopefully, credit card companies will cater to both kinds of people amking the new technology stupid simple.

If the credit card companies come out with biometrics tied into the mobile device, it will likely be a fingerprint scanner vs. face or voice recognition, but the fingerprint password will be sufficient security after long term testing.

New technology is never carved in stone, but let’s at least get it out there and see how it works. Let’s see how new technology like biometrics in a mobile (like Apple pay) can combat credit card fraud.

In the meantime, card companies and consumers (and banks) must continue to wrestle with the rampant crimes involving credit cards. Recently, MasterCard teamed with Syniverse, a mobile technology company, with the goal of stifling fraudulent use of credit cards.

MasterCard’s approach relies upon the smartphone geolocator. The company’s plan enables the card to be used only if it’s within a certain range of the owner’s smartphone. Though at first, this sounds fool-proof, it has a flaw: What if the thief is within that range? Obviously, if the card is swiped a thousand miles away from the holder’s mobile device, the thief will fail. This new technology hinges upon the thief being outside that range.

A perk of this new technology is that it eliminates the hassle of the holder having to notify the company that they’re traveling so that transactions won’t be declined—because the transaction will occur near the holder’s smartphone—unless a thief makes off with the smartphone and just happens to get out of range.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.