Uncategorized

Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You.

It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.

Watch out for SMSishing Hooks

If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.

While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:

  1. Always double-check the message’s source. If you receive a text from your bank or credit card company, call the organization directly to ensure the message is legit.
  2. Delete potential SMSishing Do not reply to or click on any links within a suspected malicious text, as that could lead to more SMSishing attempts bombarding your phone.
  3. Invest in comprehensive mobile security. Adding an extra level of security can not only help protect your device but can also notify you when a threat arises.

Public Wi-Fi Woes  

Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:

  1. Look for password-protected networks. As strange as it sounds, if you purposely enter the incorrect password but are still allowed access, the network is most likely a fraud.
  2. Pay attention to page load times. If the network you are using is very slow, it is more likely a cybercriminal is using an unreliable mobile hotspot to connect your mobile device to the web.
  3. Use a virtual private network or VPN. While you’re on-the-go and using public Wi-Fi, add an extra layer of security in the event you accidentally connect to a malicious network. VPNs can encrypt your online activity and keep it away from prying eyes. 

Malicious Apps: Fake It till They Make It

Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.

In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:

  1. Check for typos and poor grammar. Always check the app developer name, product title, and description for typos and grammatical errors. Often, malicious developers will spoof real developer IDs, even just by a single letter or number, to seem legitimate.
  2. Examine the download statistics. If you’re attempting to download a popular app, but it has a surprisingly low number of downloads, that is a good indicator that an app is most likely fake.
  3. Read the reviews. With malicious apps, user reviews are your friend. By reading a few, you can receive vital information that can help you determine whether the app is fake or not.

The Sly Operation of Grayware

With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:

  1. Be sure to update your device. Grayware looks for vulnerabilities that can be exploited, so be sure to always keep your device’s software up-to-date.
  2. Beware of rogue apps. As mentioned in the previous section, fake apps are now a part of owning a smartphone. Use the tips in the above section to ensure you keep malicious apps off of your device that may contain grayware.
  3. Consider a comprehensive mobile security system. By adding an extra level of security, you can help protect your devices from threats, both old and new.
technology

8 Ways Your WhatsApp Messages Can Be Hacked.

  1. Remote Code Execution via GIF
    remote execution with laptop
    In October 2019, security researcher Awakened revealed a vulnerability in WhatsApp that let hackers take control of the app using a GIF image. The hack works by taking advantage of the way that WhatsApp processes images when the user opens the Gallery view to send a media file.

When this happens, the app parses the GIF to show a preview of the file. GIF files are special because they have multiple encoded frames. This means that code can be hidden within the image.

If a hacker were to send a malicious GIF to a user, they could compromise the user’s entire chat history. The hackers would be able to see who the user had been messaging and what they had been saying. They could also see users’ files, photos, and videos sent through WhatsApp.

The vulnerability affected versions of WhatsApp up to 2.19.230 on Android 8.1 and 9. Fortunately, Awakened disclosed the vulnerability responsibly and Facebook, which owns WhatsApp, patched the issue. To keep yourself safe from this problem, you should update WhatsApp to version 2.19.244 or above.

  1. The Pegasus Voice Call Attack
    user on a whatsapp chat
    Another WhatsApp vulnerability discovered in early 2019 was the Pegasus voice call hack.

This scary attack allowed hackers to access a device simply by placing a WhatsApp voice call to their target. Even if the target didn’t answer the call, the attack could still be effective. And the target may not even be aware that malware has been installed on their device.

This worked through a method known as buffer overflow. This is where an attack deliberately puts too much code into a small buffer so that it “overflows” and writes code into a location it shouldn’t be able to access. When the hacker can run code in a location that should be secure, they can take malicious steps.

This attack installed an older and well-known piece of spyware called Pegasus. This allowed hackers to collect data on phone calls, messages, photos, and video. It even let them activate devices’ cameras and microphones to take recordings.

This vulnerability applied to Android, iOS, Windows 10 Mobile, and Tizen devices. It was used by the Israeli firm NSO Group which has been accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack.

If you are running WhatsApp version 2.19.134 or earlier on Android or version 2.19.51 or earlier on iOS, then you need to update your app immediately.

  1. Socially Engineered Attacks

Another way that WhatsApp is vulnerable is through socially engineered attacks. These exploit human psychology to steal information or spread misinformation.

A security firm called Check Point Research revealed one such attack they named FakesApp. This allowed people to misuse the quote feature in group chat and to alter the text of another person’s reply. Essentially, hackers could plant fake statements that appear to be from other legitimate users.

The researchers could do this by decrypting WhatsApp communications. This allowed them to see data sent between the mobile version and the web version of WhatsApp.

And from here, they could change values in group chats. Then they could impersonate other people, sending messages which appeared to be from them. They could also change the text of replies.

This could be used in worrying ways to spread scams or fake news. Even though the vulnerability was disclosed in 2018, it had still not been patched by the time the researchers spoke at the Black Hat conference in Las Vegas in 2019, according to ZNet.

  1. Media File Jacking

Media File Jacking affects both WhatsApp and Telegram. This attack takes advantage of the way that apps receive media files like photos or videos and write those files to a device’s external storage.

The attack starts by installing malware hidden inside an apparently harmless app. This can then monitor incoming files for Telegram or WhatsApp. When a new file comes in, the malware can swap out the real file for a fake one. Symantec, the company that discovered the issue, suggests it could be used to scam people or to spread fake news.

There is a quick fix for this issue. In WhatsApp, you should look in Settings and go to Chat Settings. Then find the Save to Gallery option and make sure it is set to Off. This will protect you from this vulnerability. However, a true fix for the issue will require app developers to entirely change the way that apps handle media files in the future.

  1. Facebook Could Spy on WhatsApp Chats.
    man with facebook binoculars snooping on you
    In a blog post, WhatsApp implied that because it uses end-to-end encryption, it is impossible for Facebook to read WhatsApp content:

“When you and the people you message are using the latest version of WhatsApp, your messages are encrypted by default, which means you’re the only people who can read them. Even as we coordinate more with Facebook in the months ahead, your encrypted messages stay private and no one else can read them. Not WhatsApp, not Facebook, nor anyone else.”

The fact WhatsApp uses end-to-end encryption does not mean all messages are private. On an operating system like iOS 8 and above, apps can access files in a “shared container.”

Both the Facebook and WhatsApp apps use the same shared container on devices. And while chats are encrypted when they are sent, they are not necessarily encrypted on the originating device. This means the Facebook app could potentially copy information from the WhatsApp app.

To be clear, there is no evidence that Facebook has used shared containers to view private WhatsApp messages. But the potential is there for them to do so. Even with end-to-end encryption, your messages may not be private from Facebook’s all-seeing eye.

  1. Paid Third-Party Apps
    paid-apps-for-hacking
    You’d be surprised how many paid legal apps have sprung up in the market that solely exist for hacking into secure systems.

This could be done by big corporations working hand-in-hand with oppressive regimes to target activists and journalists; or by cybercriminals, intent on getting your personal information.

Apps like Spyzie and mSPY can easily hack into your WhatsApp account for your stealing your private data.

All you need to do is purchase the app, install it, and activate it on the target phone. Finally, you can sit back and connect to your app dashboard from the web browser, and snoop in on private WhatsApp data like messages, contacts, status, etc. But obviously we advise against anyone actually doing this!

  1. Fake WhatsApp Clones
    whatsapp clones
    Using fake websites clones for installing malware is an old hacking strategy still implemented by many hackers all over the world. These clone sites are known as malicious websites.

The hacking tactic has now also been adopted for breaking into Android systems. To hack into your WhatsApp account, an attacker will first try to install a clone of WhatsApp, which might look strikingly similar to the original app.

Take the case of the WhatsApp Pink scam, for instance. A clone of the original WhatsApp, it claims to change the standard green WhatsApp background to pink. Here’s how it works.

An unsuspecting user receives a link to download the WhatsApp Pink app for changing the background color of their app. And even though it really does change the background color of your app to pink, as soon as you install the app, it will start collecting data not just from your WhatsApp but also from everything else stored on your phone.

  1. WhatsApp Web
    whatsapp web home page
    WhatsApp Web is a neat tool for someone who spends most of their day on a computer. It provides the ease of accessibility to such WhatsApp users, as they won’t have to pick up their phone again and again for messaging. The big screen and keyboard provides an overall better user experience too.

Here’s the caveat, though. As handy as the web version is, it can be easily used to hack into your WhatsApp chats. This danger arises when you’re using the WhatsApp Web on someone else’s computer.

So, if the owner of the computer has selected the keep me signed in box during login, then your WhatsApp account will stay signed-in even after you close the browser.

The computer owner can then access your information without much difficulty.

You can avoid this by making sure that you log out from WhatsApp Web before you leave. But as they say, prevention is better than cure. The best approach is to avoid using anything other than your personal computer for the web version of WhatsApp altogether.

To learn more about whether WhatsApp is safe, you need to brush up your knowledge of WhatsApp security threats.

These are just a few examples of how WhatsApp can be hacked. While some of these issues have been patched since their disclosure, others have not, so it’s important to stay vigilant.

technology

Internet safety risks for school-age children.

There are four main kinds of internet risks for children.

Content risks
For school-age children these risks include things that they might find upsetting, disgusting or otherwise uncomfortable, if they come across them accidentally. This might include sexual content in games, pornography, images of cruelty to animals, and real or simulated violence.

Contact risks
These risks include children coming into contact with people they don’t know or with adults posing as children online. For example, a child might be persuaded to share personal information with strangers, provide contact details after clicking on pop-up messages, or meet in person with someone they’ve met online.

Conduct risks
These risks include children acting in ways that might hurt others, or being the victim of this kind of behaviour. For example, a child might destroy a game that a friend or sibling has created. Another conduct risk is accidentally making in-app purchases.

Contract risks
These risks include children signing up to unfair contracts, terms or conditions that they aren’t aware of or don’t understand. For example, children might click a button that allows a business to send them inappropriate marketing messages or collect their personal or family data. Or children might use a toy, app or device with weak internet security, which leaves them open to identity theft or fraud.

Protecting children from internet safety risks: tips
You can use a range of different strategies to help your school-age child stay safe online.

Here are some ideas:

Create a family media plan. It’s best to create your plan with your child and ask them for suggestions. Your plan could cover things like screen-free areas in your house, internet safety rules like not giving out personal information, and programs and apps that are OK for your child to use.
Use child-friendly search engines like Kiddle or Kidtopia, or content providers like ABC Kids, CBeebies, YouTube Kids and KIDOZ, or messaging apps like Messenger Kids.
Check that games, websites and TV programs are appropriate for your child. You can do this by looking at reviews on Common Sense Media.
Use the internet with your child or make sure you’re close by and aware of what your child is doing online. This way you can act quickly and reassure your child if they’re concerned or upset by something they’ve seen online.
Check privacy settings and location services, use parental controls, and use safe search settings on browsers, apps, search engines and YouTube. Limit camera and video functions so your child doesn’t accidentally take photos of themselves or others.
If you use TV streaming services, set up profiles for different household members so your child is less likely to come across inappropriate programs.
Find out how to make complaints about offensive online content.
Block in-app purchases and disable one-click payment options on your devices.
Encourage all your children, including older siblings, to help each other use the internet safely and responsibly – for example, by watching only age-appropriate programs.
Trust between you and your child helps keep your child safe online. Calm, open conversations about internet use can help your child feel that you trust them to be responsible online. And if your child feels trusted, they’re more likely to talk with you about what they do online and tell you about online content and contacts that worry them.

It’s best to avoid using surveillance apps that let you secretly monitor your child’s online activity. Using these apps sends the message that you don’t trust your child. It’s better to talk openly about your own internet use and encourage your child to do the same.

If you do choose to monitor your child’s internet use while they’re online or by reviewing their browser history, it’s good to talk about this with your child.

As your child gets older and more confident and starts using the internet independently, you’ll need to review your strategies. Our article on internet safety for children aged 9-11 years has ideas.

Teaching safe and responsible online behaviour
You can help your child learn how to use the internet safely, responsibly and enjoyably. If you teach your child how to manage internet safety risks and worrying experiences, your child will build digital resilience. This is the ability to deal with and respond positively to any risks they encounter online.

You can do this by:

going online with your child
talking with your child about online content and listening to their views
being a good role model
teaching your child to be careful with personal information
teaching your child to avoid online purchases
talking about appropriate online behaviour.
Going online with children
Going online with your child gives you the opportunity to see the apps or games your child plays, or the videos they watch.

You can share your child’s experience while also checking that the content is appropriate. One way to do this is by asking questions that show interest in what your child is doing – for example, ‘That looks like an interesting game. Can you teach me to play too?’

You can also show your child sites that are fun, interesting or educational and show your child how to bookmark them for later. You could help your child find information they need for homework by using the right kind of search words. For example, for information on a school project about how people lived in the past, your child might use a phrase like ‘life in Australia in the 1900s’, rather than ‘past life’.

If you come across pop-up advertisements while you’re online together, it’s a good opportunity to talk with your child about not clicking them. You can explain that pop-up ads can lead to sites with unpleasant pictures or sites that want your personal or financial information.

Talking about online content
It’s a good idea to explain to your child that the internet has all sorts of content and that some of it isn’t for children.

You could explain that there are parental controls, safe browsing settings and internet filters set up on most devices to protect children from inappropriate content. But these are not a guarantee and your child could still come across inappropriate content.

So it’s also a good idea to encourage your child to talk to you or another trusted adult if they see something that worries them. For example, you might say, ‘Sometimes people put horrible things on the internet. Some of it’s made up and some of it’s real. If you see anything that upsets you or makes you feel uncomfortable, let me know’.

If you name things to look out for, it can help your child identify unsuitable material. For example, ‘If you see a site with upsetting, scary or rude pictures, swearing or angry words, let me know. It’s not a good site for you to look at’.

You could also explain that not all information on the internet is true or helpful – for example, some news is made up. Encouraging your child to question things they find on the internet helps your child develop the ability to tell whether a website has good-quality information. This is an important part of digital and media literacy.

Being a good role model
Your child learns from you. This means you can model safe and healthy internet use by using digital media in the way you want your child to use it now and in the future. For example, you might keep internet-connected devices out of bedrooms, and use technology for positive purposes like sending supportive messages to friends.

Taking care with privacy and personal information
It’s a good idea to make sure your child knows not to communicate online with people they don’t know in person. This is particularly important if your child is using in-game social networks. For example, gaming sites like Roblox and Minecraft are targeted at children but have messaging features that might allow strangers to communicate with your child.

Encourage your child to:

tell you if someone they don’t know contacts them online
not give out personal information. You could say, ‘Some people online are fakers. Never tell anyone online your name, address, phone number or birthday. Never send or post images of yourself’
check with you before filling out membership forms on gaming sites, online competition entry forms and so on
ask you before they use a new app, so you can show them how to check the privacy settings to keep their personal information safe.
Avoiding online purchases
You can help stop any accidental in-app purchases by switching off in-app purchases and one-click payments on your devices.

It’s also a good idea for you and your child to agree on clear rules about not accepting in-app purchases. You might say, ‘It’s important that we don’t waste our money on things we don’t need. If you want to buy a new game or something in a game, please ask me’.

Talking about appropriate online behaviour
Talking with your child about appropriate and inappropriate online behaviour will help your child learn how to stay safe. For example, you could:

tell your child not to do or say anything online that they wouldn’t do or say face to face with someone
encourage your child to think before posting photos or comments
help your child to walk away from online arguments. You could say, ‘Friends can say things they don’t mean. It’s good to let people get over their moods and not talk to them online for a little while.

technology

How to Spot the Signs of a Romance Scammer.

Each year thousands of people who are searching for love end up with nothing but a broken heart and an empty wallet.

While online dating and social media sites have become increasingly popular tools to find love and friendship, they’ve unfortunately also become popular tools for fraudsters known as romance scammers. These con artists create fake profiles to lure in victims, establish romantic relationships and eventually, extort money.

Signs of an Online Romance Scam.

4 Common Signs of a Romance Scammer
Romance scammers are experts in social manipulation and can sound very convincing. Many of the signs of a romance scammer are subtle and insidious because the scammer is trying to build trust before they exploit you. To avoid online dating scams, be on the lookout for these four red flags when you’re getting to know someone online:

  1. Romance scammers profess love quickly, without actually meeting you.
    Often times, the first sign of an online dating scam shows up when a romance scammer expresses strong emotions in a relatively short period of time. They may even say that they’re in love with you, but it’s a tactic they’re using to get you to give up personal details and answers to the security questions that you use to lock down your accounts across the Internet. Guard your personal information carefully, and be wary if a new love interest asks for personal details soon after contact.
  2. Romance scammers claim to need money for emergencies, hospital bills or travel.
    Be suspicious of anyone who asks you for financial assistance, no matter how dire their circumstances seem to be. If you encounter one of these storylines when you’re talking to a new love interest on the internet, there’s a good chance they’re scamming you.

“I need money to support a sick relative.”
“I need a short-term loan for airfare to visit you.”
“I need some startup money for a business venture.”
“I need funds to finalize a loved one’s funeral.”
“I’m a US service member overseas, and I need some money.”

  1. Online romance scammers try to lure you off the dating site.
    Often times, scammers convince victims to leave the dating site and use personal email or instant messaging to continue communication. At first, this might not seem like a red flag. When you are getting to know someone, you’ll naturally want to move beyond the dating site and use other forms of communication. Be very cautious when someone asks for your phone number or email address. This makes it even easier for them to access your personal information.

If you want to communicate outside of the dating site, set up an alternate email address or utilize an instant messaging app that isn’t connected to personal information like your primary email and phone number.

  1. Romance scammers plan to visit, but they always cancel because of some “emergency.”
    If an online love interest makes plans to visit but always seems to change their plans at the last second because of a traumatic event, family drama or a business loss, you should be very suspicious. Often, their cancellation will be accompanied by a request for a short-term loan. Look out for someone who says something like, “I really want to meet you, but I can’t buy a plane ticket right now because of x. If you buy me a ticket, I will pay you back! I just want to be together.”

Tips to Avoid Online Dating Scams
Tips for Avoiding Online Dating Scams
Once you know how to tell if someone is scamming you online, you should have better success avoiding online dating scams, and you will maintain better overall online safety. The Federal Trade Commission (FTC) recommends taking the following precautions when you’re using dating sites and social media to meet people:

Cross-check and verify. Conduct an online search to cross-check the person’s name, photo, location, email address and other details for legitimacy.
Slow down and talk to someone you trust. Tell a friend or family member about your situation, and discuss your next steps with them. A romance scammer might try to isolate you from friends and family or pressure you to make impulsive decisions alone. Don’t let a scammer rush you into making any sort of decision.
Do not send money. Never wire money, put money on a gift card or cash reload card, or send cash to an online love interest. You won’t get it back.
If you have already sent money, report it. Contact your financial institution right away if you think you’ve sent money to a scammer.
How to Report an Online Dating Scammer
If you are concerned that you or a loved one has fallen victim to an online dating scam, you should report your experience to whichever online dating or social media site you were on. You should also file a complaint with the FTC.

What Really Matters
When you know how to report a dating scammer, it can be empowering. Many times, victims who report a scam feel a sense of relief after notifying authorities. Not only can it help with their personal circumstance, it can also prevent people from falling victim to the romance scammer in the future. Once you report a suspected scam, your financial institution will work with you on the next steps you can take to protect yourself and your loved ones.

Uncategorized

How Do Hackers Hack Phones and How Can I Prevent It?

The threat of having your phone hacked has become a common and rational fear. The cold hard truth is that it is now possible to hack any phone. With the advancement of technology, where discovery of knowledge and information advances the understanding of technology, hackers are able to hack even some of the most sophisticated phone software. But how?

Hacking Software

Did you know that hacking software for Android and other mobile devices exists? And did you know there are countless hacking software options online for free? Hacking software is a method used by hackers to get information from a phone. Check out our 2020 Mobile Threat Report to dig deeper.

The serious hackers can buy hacking software anywhere, such as a phone Spy App, which must be installed on the target phone. Not all hackers need to handle a phone physically in order to install hacking software, but in some cases they must.

Keylogging is an approach that involves downloading a spyware app to target the phone and take the phone’s data before encryption. This type of software can be utilized by accessing the phone physically.

Trojan is a type of malware that can be disguised in your phone to extract important data, such as credit card account details or personal information. To install Trojan Malware, hackers use techniques like phishing to influence you into the trap.

Phishing

Phishing is a method used by hackers where they impersonate a company or trusted individual in order to gain confidential data. Hackers use this method by sending official-looking codes, images, and messages, most commonly found in email and text messages. When this malicious content is clicked on, the URLs can hack your phone because the link has been infected with a hacking virus or software that can take your personal information.

Hacking Using a Phone Number

In order to be able to hack using only a phone number, you must know and understand the technicalities of phone hacking. SS7 signaling is the system used to connect cell phone networks to one another, but in order to use this system as a method of hacking phones, one must have access to it. Recording calls, forwarding calls, reading messages, and finding locations of a particular device can be done with access to the SS7 system. Although, due to the level of difficulty, it is unlikely that the average person would be able to hack a phone in this manner.

SIM Card Hacking

In August of 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping using the phishing method. SIM card swapping is performed when the hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be stolen. This means the hacker has taken over your phone calls, messages, etc. This method of hacking is relatively easy if the hacker can convince the provider that they are you. Keeping personal details to yourself is an important part of ensuring that hackers cannot pretend to be you.

AdaptiveMobile Security discovered a new way hackers were getting into phones using the SIM card—a method they call Simjacker. This way of hacking is more complex than phishing as it targets a SIM card by sending a signal to the target device. If the message is opened and clicked on, hackers are able to spy on the hacked device and even find out the location of the device.

Bluetooth Hacking

Professional hackers can use special software products to search for vulnerable mobile devices with an operating Bluetooth connection. These types of hacks are done when a hacker is in range of your phone, usually in a populated area. When hackers are connected to your Bluetooth, they have access to all of the information available and the internet connection to access the web, but the data must be downloaded while the phone is within range.

Prevent you become a victim of phone hacking

There are many different ways a hacker can get into your phone and steal personal and critical information. Here are a few tips to ensure that you are not a victim of phone hacking:

1. Keep Your Phone in Your Possession

The easiest way for a hacker to steal your phone’s information is to gain access to it — therefore, it is always important to keep your phone in your possession. If you have been away from your phone around a group of strangers and are concerned about possible hacking, check your settings and look for strange apps.

2. Encrypt Your Device

Encrypting your cell phone can save you from being hacked and can protect your calls, messages, and critical information. To check if a device is encrypted: iPhone users can go into Touch ID & Passcode, scroll to the bottom, and enable Data protection. Android users have automatic encryption depending on the type of phone.

3. SIM Card Locking

Putting a passcode on your SIM card can protect it from being hacked. Setting this code can be done on an iPhone by going to Settings > Cellular > SIM PIN. Enter your existing PIN to enable the lock. Android users can go to Settings > Lock screen and Security > Other security settings > Set up SIM card lock. Here you can enable the option to lock your SIM card.

4. Turn Off WIFI and Bluetooth

It is fairly easy for hackers to connect to your phone using WIFI or Bluetooth, so turn them off when not needed because there is no warning when a hacker attacks you. If you fear being hacked in a public space, turning off your phone can block a hacker’s ability to hack you — this is an effective preventative method.

5. Use Security Protection

Protecting your device from spyware can be done for free and simply through A Mobile Security app on an iPhone and Android can help protect cell phones from hackers.

Stay protected

Making a point to understand how hacking works can help you practice security in your every day life. Know how to be prepared for being hacked, so that when it happens you can be on top of how to handle it.

Uncategorized

How to protect yourself against cybercrime.

What are the best ways to protect your computer and your personal data? Here are our top tips:

Keep software and operating system updated

Keeping your software and operating system up to date ensures that you benefit from the latest security patches to protect your computer.

Use anti-virus software and keep it updated

Using anti-virus or a comprehensive internet security. it is a smart way to protect your system from attacks.

Anti-virus software allows you to scan, detect and remove threats before they become a problem. Having this protection in place helps to protect your computer and your data from cybercrime, giving you piece of mind.

If you use anti-virus software, make sure you keep it updated to get the best level of protection.

Use strong passwords

Be sure to use strong passwords that people will not guess and do not record them anywhere. Or use a reputable password manager to generate strong passwords randomly to make this easier.

Never open attachments in spam emails

A classic way that computers get infected by malware attacks and other forms of cybercrime is via email attachments in spam emails. Never open an attachment from a sender you do not know.

Hands typing on laptop keyboard

Do not click on links in spam emails or untrusted websites

Another way people become victims of cybercrime is by clicking on links in spam emails or other messages, or unfamiliar websites. Avoid doing this to stay safe online.

Do not give out personal information unless secure

Never give out personal data over the phone or via email unless you are completely sure the line or email is secure. Make certain that you are speaking to the person you think you are. 

Contact companies directly about suspicious requests

If you get asked for data from a company who has called you, hang up. Call them back using the number on their official website to ensure you are speaking to them and not a cybercriminal. 

Ideally, use a different phone because cybercriminals can hold the line open. When you think you’ve re-dialed, they can pretend to be from the bank or other organization that you think you’re speaking to.

Woman using mobile phone

Be mindful of which website URLs you visit

Keep an eye on the URLs you are clicking on. Do they look legitimate? Avoid clicking on links with unfamiliar or spammy looking URLs.

If your internet security product includes functionality to secure online transactions, ensure it is enabled before carrying out financial transactions online.

Keep an eye on your bank statements

Our tips should help you avoid falling foul of cybercrime. However, if all else fails, spotting that you have become a victim of cybercrime quickly is important.

Keep an eye on your bank statements and query any unfamiliar transactions with the bank. The bank can investigate whether they are fraudulent.

Now you understand the threat of cybercrime, protect yourself from it.

Uncategorized

Internet Safety for Parents

The Internet can be wonderful for kids. They can use it to research school reports, communicate with teachers and other kids, and play interactive games.

But online access also comes with risks, like inappropriate content, cyberbullying, and online predators. Using apps and websites where kids interact, predators may pose as a child or teen looking to make a new friend. They might prod the child to exchange personal information, such as address and phone number, or encourage kids to call them, seeing their phone number via caller ID.

Parents should be aware of what their kids see and hear on the Internet, who they meet, and what they share about themselves. Talk with your kids, use tools to protect them, and keep an eye on their activities.

Internet Safety Laws

A federal law, the Children’s Online Privacy Protection Act (COPPA) helps protect kids younger than 13 when they’re online. It’s designed to keep anyone from getting a child’s personal information without a parent knowing about it and agreeing to it first.

COPPA requires websites to explain their privacy policies and get parental consent before collecting or using a child’s personal information, such as a name, address, phone number, or Social Security number. The law also prohibits a site from requiring a child to provide more personal information than necessary to play a game or enter a contest.

Online Protection Tools

Online tools let you control your kids’ access to adult material and help protect them from Internet predators. Many Internet service providers (ISPs) provide parent-control options. You can also get software that helps block access to sites and restricts personal information from being sent online. Other programs can monitor and track online activity.

Getting Involved in Kids’ Online Activities

More important than blocking objectionable material is teaching your kids safe and responsible online behavior, and keeping an eye on their Internet use.

Basic guidelines to share with your kids for safe online use:

  • Follow the family rules, and those set by the Internet service provider.
  • Never post or trade personal pictures.
  • Never reveal personal information, such as address, phone number, or school name or location.
  • Use only a screen name and don’t share passwords (other than with parents).
  • Never agree to get together in person with anyone met online without parent approval and/or supervision.
  • Never respond to a threatening email, message, post, or text.
  • Always tell a parent or other trusted adult about any communication or conversation that was scary or hurtful.

Basic guidelines for parental supervision:

  • Spend time online together to teach your kids appropriate online behavior.
  • Keep the computer in a common area where you can watch and monitor its use, not in individual bedrooms. Monitor any time spent on smartphones or tablets.
  • Bookmark kids’ favorite sites for easy access.
  • Check your credit card and phone bills for unfamiliar account charges.
  • Find out what, if any, online protection is offered by your child’s school, after-school center, friends’ homes, or any place where kids could use a computer without your supervision.
  • Take your child seriously if he or she reports an uncomfortable online exchange.

Call the National Center for Missing and Exploited Children at (800) 843-5678 if you’re aware of the sending, use, or viewing of child pornography online. Contact your local law enforcement agency or the FBI if your child has received child pornography via the Internet.

Watch for warning signs of a child being targeted by an online predator. These can include:

  • spending long hours online, especially at night
  • phone calls from people you don’t know
  • unsolicited gifts arriving in the mail
  • your child suddenly turning off the computer when you walk into the room
  • withdrawal from family life and reluctance to discuss online activities

Talk to your kids! Keep an open line of communication and make sure that they feel comfortable turning to you when they have problems online.

The Internet and Teens

As kids get older, it gets a little trickier to monitor their time spent online. They may carry a smartphone with them at all times. They probably want — and need — some privacy. This is healthy and normal, as they’re becoming more independent from their parents. The Internet can provide a safe “virtual” environment for exploring some newfound freedom if precautions are taken.

Talk about the sites and apps teens use and their online experiences. Discuss the dangers of interacting with strangers online and remind them that people online don’t always tell the truth. Explain that passwords are there to protect against things like identity theft. They should never share them with anyone, even a boyfriend, girlfriend, or best friend.

Taking an active role in your kids’ Internet activities helps ensure that they benefit from them without being exposed to the potential dangers.

technology

Bluesnarfing: what you need to know.

When buying a technological device today, whether it’s a smartphone, a speaker, a keyboard or a smart watch, one of things people look for is Bluetooth compatibility. And who could blame them when Bluetooth has become a ubiquitous feature of technology that everyone can’t live without. But just like any technology, convenience can quickly turn into chaos when fallen into the wrong hands. With that in mind, here’s what you need to know to guard against cybercriminals when using Bluetooth.

Google paid a settlement fee of $7million for unauthorized data collection from unsecured wireless networks in 2013. While their intention likely wasn’t theft, many disagreed and called them out for Bluesnarfing, a method most hackers are familiar with.

What is it?
Bluesnarfing is the use of Bluetooth connection to steal information from a wireless device, particularly common in smartphones and laptops. Using programming languages that allow them to find Bluetooth devices left continuously on and in “discovery” mode, cybercriminals can attack devices as far as 300 feet away without leaving any trace.

Once a device is compromised, hackers have access to everything on it: contact, emails, passwords, photos, and any other information. To make matters worse, they can also leave victims with costly phone bills by using their phone to tap long distance and 900-number calls.

What preventive measures can you take?
The best way is to disable Bluetooth on your device when you’re not using it, especially in crowded public spaces, a hacker’s sweet spot. Other ways to steer clear of Bluesnarfing include:

Switching your Bluetooth to “non-discovery” mode
Using at least eight characters in your PIN as every digit adds approximately 10,000 more combinations required to crack it
Never accept pairing requests from unknown users
Require user approval for connection requests (configurable in your smartphone’s security features)
Avoid pairing devices for the first time in public areas.

technology

App permission consequences.

Now let’s take a look at some of the categories that apps might ask for access to. The consequences of granting access can be very damaging.

  1. SMS permissions.

If you allow a new app to access SMS, that new utility will be able to access MMS messaging systems as well as any SMS app you have on your phone, not just the one default SMS tool that comes with the Android operating system. Furthermore, an app with permission to access SMS will be able to read all of the messages you have stored in your SMS apps. It will also be able to intercept and read (and possibly alter) incoming messages and it will even be allowed to send out SMS messages from your phone.

  1. Phone call permissions.

The permission to access any communication service on your phone is a gift to any malware that wants to replicate itself by sending out Trojan programs to your Contacts list. If the worm can send those infections out from your Phone number, the hacker that wrote the original virus saves a lot of money and also hides his identity.

A malicious money-making app with permission to access your phone’s call functions can rack up your bill and make a ton of money for its owner by making repeated calls to premium numbers owned by the hacker.

  1. Camera permissions.

Apps that have the permission to access your camera can take screenshots of your activities, take photos and videos of you and your friends, and send those image and video files back to the writer of the app. Similarly, if an app has access to your microphone, any recording tool on your phone can be manipulated to record you without your knowledge.

  1. Location permissions.

The location feature on your phone can tell burglars when you are away from your home and can tell the owners of location-restricted websites and services that you are outside of their operating area so they can block you.

  1. Operating system and storage permissions.

Giving an app permission to access your storage allows data thieves to steal your information. It also opens the door to ransomware that can encrypt all of the files on your device and make them inaccessible until you pay for the decryption key.

Allowing an app to gain control of system settings could mean you lose access to your phone.

Turn off location services completely
On Android, the only way you can turn off access permissions is on a per app basis, as described above. This is the case with all categories except for the Location services of your phone. These can be turned off completely.

Turning off location services defeats geo-restricted websites that try to block your access from other countries. You can bypass their restrictions by using a VPN. However, many sites also check your location in the operating system and that defeats that masking action of the VPN because it gives away your real location.

The strategy of turning off location services completely doesn’t always work to get you into overseas websites. For example, even if you have a VPN operating, the YouTube TV site won’t give you access unless it can also check your phone’s location. You also lose the benefit of being able to track your progress along a route in a web map service.

However, if you want to turn off the location services on your Android phone, go to the Settings screen, scroll down to the Personal section, and tap on Location.

Android location 1

Click on the slider at the top of the Location screen.

Android location 2

Android permission problems
An example of a malware nightmare that will ruin your phone if you allow it to access the system is the Loapi Trojan, which Kaspersky Labs spotted towards the end of 2017. This malware is advertised as an antivirus utility or an adult content app. Once it is installed, the app will constantly demand permission to access the system. It will repeat the demand over and over again until you tap on Allow. You restart your phone to try to turn the app off, but that won’t work. When your phone starts up again, the first thing you will see is that demand for access.

The Loapi Trojan has a wide range of malicious functions. These include launching DDoS attacks on command on other internet connected devices, cryptocurrency mining, and frantic web page access to bump up income from recorded visits. The design of the Trojan enables its controller to load up new attacks on your phone at will. So this is a backdoor that will allow a constant stream of attacks to download onto your phone.

When investigating this Trojan, Kaspersky Labs loaded it onto a smartphone. Within two days, the excessive processing caused by the virus caused the device’s battery to bloat and the phone’s cover to warp. Basically, if you unintentionally download Loapi, you might as well throw your phone away.

The Trojan’s antivirus sweep will detect other antivirus programs running on your phone and alert you to allow removal of those programs, which Loapi falsely labels as malware. Again, the app will not take Deny for an answer. The prompt to allow removal of those programs will not stop until you tap on Allow.

If you have Loapi on your phone, you might try all of the steps outlined in this guide to remove its permissions. However, the defense mechanisms of this malware suite will lock the phone and shut down the settings screens, making it impossible for you to revoke its access rights. This vicious app is just one example of malware that will render your phone unusable.

technology

Virus alert! WhatsApp Pink link will give hackers control of your phone, don’t open it at any cost.

Disguised as a WhatsApp theme-changing APK, WhatsApp Pink is a malware link that installs a virus on your smartphone, giving hackers access to your device.

HIGHLIGHTS:

WhatsApp Pink link is being circulated online that claims to change your WhatsApp theme from green to pink.
This is a malware link that can allow hackers control of your phone.
The APK is disguised as an official WhatsApp update.

A new malware link disguised as a custom WhatsApp theme is making the rounds on WhatsApp group chats. Dubbed as WhatsApp Pink, the malware link claims to change your WhatsApp theme from the original green to pink. However, according to top cybersecurity experts, it’s a virus that allows cybercriminals to hack and take control of your phone. The virus may also take control of your WhatsApp account, and you won’t be able to access it.

What is WhatsApp Pink scam?

This dangerous WhatsApp Pink virus is different from the WhatsApp flaw that was discovered a week back. The flaw only allowed nefarious entities to suspend a user’s WhatsApp account. However, the virus not only restricts users from accessing their WhatsApp account but also gives hackers access to their phone.

Once a user clicks on the link, it takes them to an APK download page. The APK is disguised as an official WhatsApp update, so users might not know that it’s a modified APK that contains the virus. If a user installs the APK, they give hackers access to their phone. There’s a chance that just clicking the link does not download the virus on your phone. So, if you have already clicked on the link but have not downloaded and installed the APK, you might still be safe. If you have not received the WhatsApp Pink message yet, we advise you not to click on the link.

“DO NOT CLICK ON THE WHATSAPP PINK LINK AND INSTALL THE APK FILE. IT WILL LOAD A VIRUS ON YOUR PHONE THAT WILL GIVE HACKERS ACCESS TO YOUR DEVICE.”
WhatsApp has released its official statement on the matter.

“Anyone can get an unusual, uncharacteristic or suspicious message on any service, including email, and anytime that happens we strongly encourage everyone to use caution before responding or engaging. On WhatsApp in particular, we also recommend that people use the tools that we provide within the app to send us a report, report a contact or block contact.”

As much we have berated WhatsApp for its shady practices in the past, this response is genuine. We as users have to take responsibility for such attacks as anyone can send a malware-laced link to us. It’s up to us to judiciously decide whether to click on them or not. The easiest way to avoid such attacks is to never install popular apps from outside Google Play Store. So, beware of the WhatsApp Pink link and any such attempts in the future and protect your online privacy.