More Than 30% of People Don’t Password Protect Their Mobile Devices

Are you guilty as charged?

Whenever I bring this up in a group setting, it astonishes me how many people raise their hands. I wonder if they realize that they are putting all the personal information contained on their mobile device at risk. The unfortunate reality is that everyone loses things, and our devices can get stolen. And when that happens to your smartphone or tablet, it can be devastating.

Many of us use upwards of ten apps on our devices during a typical week. The majority of these apps are logged into our most critical accounts including email, text, banking, social media, payment apps and others that are linked to our credit cards. And because mobile app developers know that we are more apt to use their programs if they are easy to access and convenient to use, a lot of apps are programmed to automatically keep you logged in for days, weeks, months, or until you manually revoke access.

If your devices are not password protected and are then lost or stolen, your accounts are 100% accessible to whoever has control of your device. This is bad—and yet, 36% of us still do not use password protection!

According to a recent global survey by McAfee and One Poll, consumers seem largely unconcerned about keeping data on their mobile devices safe. For example, only one in five respondents have backed up the data on their smartphone and tablet, and more than one in ten (15%) save password information on their phone. This means that if their phone falls into the wrong hands, they risk opening up all sorts of personal information such as bank details and online logins to whoever finds the device.

Setting up a password or PIN is no guarantee that data will stay safe, and over half (55%) of all respondents admitted that they have shared these details with others, including their kids.

What’s particularly interesting is that men and women also behave differently with their mobile devices, not only in terms of how much risk they are willing to take, but also in terms of what they value.

Here are a few steps to make sure you and your mobile devices stay protected:

Password protect all your devices (and don’t use easy ones like 1234 or 1111)

Never use the “remember me” function on your apps or mobile web browser, and take care to log out of your accounts

Consider not sharing your PIN/password—this might be a tough one, but in the long run it will save you from possible heartacheUse a mobile security product like McAfee Mobile Security (and also McAfee All Access), that has not only anti-malware, but web protection and app protection. With app protection, not only are you warned if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, you can ensure your personal information remains personal by locking some or all of your apps

Stay educated on the latest ways to protect your mobile device. For a fun quiz to help you learn about mobile security, visit the McAfee Facebook page. Play the Mobile Mythbusters quiz and get a chance to win a Galaxy Tablet or Kindle Fire!

And if you’re at Mobile World Congress, stop by and see McAfee in Hall 3, Stand C34. If you show our team in the red shirts that you’ve liked them on Facebook or followed them on Twitter, you’ll get a prize!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!Disclosures.

Europol: Credit Card Fraud Spells Low Risk and High Profits

Capture 1report from Europol states that payment card fraud is a low-risk and highly profitable criminal activity that brings EU-based organized crime groups a yearly income of around 1.5 billion euros. These criminal assets can be invested in further developing criminal techniques, used to finance other criminal activities, or even facilitate the start-up of legal businesses.

Payment card data is the ideal illicit Internet commodity, as it is internationally transferable. Europol, in its report on Internet-facilitated organized crime (iOCTA), concluded that organized crime groups (OCGs) clearly benefit from globalization, using foreign payment card data to purchase goods and services online. Credit card information and bank account credentials are the most advertised goods on the underground economy’s servers; according to Europol’s intelligence, around 60 percent of payment card fraud losses, totaling 900 million euros, were caused by card-not-present (CNP) fraud in 2011.

Within the major card-not-present fraud investigations supported by Europol, the main sources of illegal data were data breaches, often facilitated by insiders and malicious software. In most of these cases, the quantity of compromised card details was substantial, reaching hundreds of thousands or millions, and enabling criminals to sell the data in bulk on tonline.

In the US, the FFIEC updated the security requirements recommended for banks. One of the recommendations encourages financial institutions to employ complex device identification. Oregon-based security firm iovation goes a step further by offering device reputation technology, which builds on device identification by offering real-time risk assessments. The technology exposes any history of fraud associated with a particular device or group of devices, and investigates relationships between devices and accounts that have been associated with fraud to expose fraudsters working in cahoots to steal from online businesses.

Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Risky Mobile Applications Plague Users

Once you own a smartphone or tablet, you are not likely to give it up. But it is essential that you can understand where the risks are and steer around them as you enjoy your mobile digital life.

With the growth in mobile exploding, it is only natural for cybercriminals to move towards that device as a means for profit since it has such large numbers. And for us as consumers this means learning about these new ways hackers can trick or deceive us.

Part of the education process is understanding where and how all this malicious activity happens. Unlike PCs where infections typically happen through email (attachments or links) or from visiting an infected website, for mobile devices, malicious software (malware) is distributed primarily through infected apps.

In their Mobile Security: McAfee Consumer Trends Report, McAfee analyzed data from McAfee Mobile Security users on Android devices and found:

16% (or 1 in 6) of apps are infected with malware or contain links to risky URLs

40% of malware do more than one malicious activity (for instance it may not only send your mobile # and device ID to the hacker, but it may also open a “door” so the hacker can get future information from other apps)

The #1 malicious activity the malicious apps did was send handset and personal information to the hacker

Spyware represents about 1/3 of all malware families in our zoo and 23% of mobile spyware joins a botnet or opens a backdoor, increasing the risk of data loss or device abuse

What does this mean for you?

It means you better be careful with your mobile device and especially what apps you download and use. I don’t know about you, but my smartphone has become an extension of me and without it I’d be lost. And if all the data that was on my phone got into the wrong hands, I shudder to think of what could happen.

That’s why it’s critical that you are careful when using apps. Here’s some tips to stay safe:

Watch where you download: Only download apps from reputable app stores

Investigate the app: Researching it by reading reviews and checking its ratings

Check the permissions: Make sure the app is only accessing data it really needs to function- studies have shown that 1/3 of apps ask for more permission than they need.

Don’t store your logins: Do not choose the “remember me” option for apps and mobile browser for your login information, even though this is not as easy. This way, if a stranger accesses your device they cannot log into your accounts as you.

Use security software: Software such as McAfee® Mobile Security can also help protect your phone against malware, bad apps and other mobile threats. It also allows you to remotely locate, track and lock your device in the case of loss or theft.

Even though 51% of us would rather lose our wallet than our smartphone, only 4% use mobile security software.  It’s time….save yourself the hassle later and make security a priority for your mobile device and yourself.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

FTC and Consumers Want Companies to Take Privacy More Seriously

A recent Wall StreetJournal article drew attention to the fact that, “Companies are watching you. They want to know where you go on the web, what you buy and what causes you support—with the hope of sending you targeted offers based on your preferences and lifestyle choices.”

When browsing the internet, consumers without proper protection are unknowingly sharing lots of personal information they probably wouldn’t if they knew they were being watched.

Now Google Inc., another company known for watching over our shoulders, has reached a  $7 million settlement with some 30 U.S. states over a 2010 “Wi-Spy” incident in which its Street View mapping cars collected passwords and other personal data from home wireless networks.

The chairman of the Federal Trade Commission Edith Ramirez recently remarked, “Over the last three years, the FTC has issued more than 50 enforcement actions on privacy and data enforcement, and no fewer than five major policy reports giving guidance to companies.”  Concern about data privacy is reaching critical mass.

It’s no wonder why AnchorFree, the provider of the world’s most popular consumer virtual private network (VPN), is Forbessixth most promising company in America.

The Silicon Valley start-up has provided over 100 million global users with Hotspot Shield—a free app that enables secure browsing, online privacy protection, mobile data compression, and freedom to access all internetcontent across iPhones, Android devices, PCs and Macs.

Companies taking consumer privacy seriously are getting the attention of consumers and government agencies alike.

According to AnchorFree’s CEO, David Gorodyansky, “Being selected as the sixth most promising company demonstrates the importance of empowering consumers with choice and control over their personal information online. From safeguarding personal privacy to protecting against hackers and identity theft, VPNs such as AnchorFree’s Hotspot Shield arm us with the tools we need to enjoy all the information and communication benefits that the internethas to offer—safely.”

I couldn’t have said it better myself.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Devil is in the Details

In unwanted credit card charges, the details are the fine print—and the fine print often results in devilish “grey charges.”Grey charges are those credit card charges that appear on your statement from out of the blue, charging us small or large fees—or sometimes a single charge—monthly or annually.

The fine print can sometimes be expensive. And with unwanted credit cards, charges happen when we think we are paying attention or a sleight-of-hand action by a scammy retailer hooks us.

Boldface lies.The fine print may begin with lies. A website might look professionally done, complete with a believable story based on a plausible scenario andphotos representing real people with genuine-sounding comments. But in reality, it’s smoke and mirrors meant to deceive you.

Bogus trial periods.Trial periods with 30-day money-back guarantees are often rife with lies ending in grey charges. The fine print might read, “Delivery time is subtracted from your trial period”—in other words, if the package takes two weeks to get to you, you only have two weeks to try the product. But the clock starts ticking from the moment the package leaves the facility. After thinking you have 30 days from the delivery date, you decide to return the unwanted item—and you learn too late that you are out of time and out of luck.

Twice-bought scams. You buy a product in January, and when you receive it the product is damaged or of poor quality, so you immediately return it and get your money back. Then six months goes by and you see the same ad. You still want the product and figure you’ll give the company a second try; perhapsthey’ll have their act together by now. But when you get the product a second time, it’s just as bad as the first—and in the fine print it says, “We do not honor refunds to customers who have purchased the same product in the past.”

Free trials. Like Mom said, “There is no free lunch” and “If it’s too good to be true, it is.” This applies to free trial periods as well. Often, the upfront cost of the item is just a few dollars. You make the purchase,and the free trial begins the same day you purchased the product—not when you receive it—so themerchant weaves in the bogus trial period. Then, after the free trial period expires, you learn the actual cost of the item might be 10 to 20 times the initial charge.

Outwit the devil by paying attention to the details:

  • Pay attention to the fine print, as hard as that may be
  • Ask as many questions as you need to before laying down your credit card number
  • Use a credit card and not a debit card
  • Watch your statements closely
  • Get BillGuard to watch the grey charges for you

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Phony Identities Result in $200 Million Fraud

Recently, the FBI arrested 13 people in four states. Their crime? Allegedly creating thousands of phony identities with which to steal at least $200 million in one of the largest credit card fraud schemes ever charged by the Department of Justice.

Bloomberg reports that after using 7,000 false identities to obtain 25,000 credit cards, the conspirators ran the scam through real businesses such as jewelry stores, and at least 80 sham companies under more than 1,800 addresses. Capture

The defendants charged in the complaint allegedly used fake Social Security numbers to fabricate identities and obtain credit cards, doctoring credit reports to pump up the cards’ spending and borrowing power. They would then borrow or spend as much as they could (based on their fraudulently-obtained credit history) and proceed to default on the debts, robbing businesses and financial institutions of more than $200 million in confirmed losses. When the credit card balances went unpaid, there was no one to hold responsible. In the end, however, retailers, merchants, banks, and credit card companies paid the bills.

According to a statement by the FBI, “This elaborate network utilized thousands of false identities, fraudulent bank accounts, fake companies, and collusive merchants to defraud financial institutions of hundreds of millions of dollars in order to facilitate extravagant lifestyles they could otherwise not afford.”

It appears that this scam was particularly lucrative for the criminals because there were no actual flesh-and-blood victims of identity theft to take notice.  One device may be opening a new credit card account—then going to an online retailer and applying for instant credit—all within minutes. Frauds like this, while highly sophisticated in nature, can be detected early with the right tool in place. Through velocity triggers and shared experience across multiple businesses, iovation can proactively detect the activity, alert affected businesses, and thwart the attacks. This is great news for the protected businesses, and also great news for the consumers who would otherwise be dealing with fraudulent charges made under their identities.

Robert is a personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Mobile Security Myths

Mobile computing is the new frontier of personal technology. Whether you are on a phone or tablet, if you have a carrier connection, you are mobile.

Today, most of us can’t live without our mobile devices. We live in an always on, always connected world. While this is convenient in many ways, it also brings about new security risks that many people don’t think about.

For example, most of us know that we need to use security software on our PCs. But how many of us know to use security on our mobile devices? Mobile devices are our most personal computers, yet they open the door to many vulnerabilities that don’t exist on a traditional PC.

Here’s some fact vs. fiction around mobile devices:

Mobile Myth #1: The best way to locate my lost phone is by calling it.

False. While “Call Me Maybe” may be your theme song, and this is sometimes a viable option, it’s much easier to use security software that lets you locate your phone by GPS or make it “scream” so you can find it (this is much louder than your ring tone). You can also display a message on your lost phone if anyone does find it, so you can tell them how to get in touch with you.

Mobile Myth #2: It’s ok to have my apps automatically log in to my accounts if I have my phone protected with a PIN.

False. Even though a PIN is a good start, this is not complete protection. Hackers are often able to guess PIN codes and also have programs to help them quickly figure out your 4 digit combination. Make sure you use a PIN that is not 1111 or 1234 and that you do not set your apps or mobile browser to use the “remember me” function. If your phone falls into the wrong hands, that gives the person easy access to your accounts.

Mobile Myth #3: Phishing is just for PC users.

False. In fact, one study showed that mobile users are 3x more vulnerable to phishing scams than PC users. Hackers can use phishing attempts via email (if you access your email via your phone or tablet) but also via text and social media apps. Also, it is much harder to tell if links are “real” in a mobile browser or email, so you should use mobile security software that warns you if you are going to a malicious site.

These are just a few mobile myths that exist out there. To really test your mobile knowledge, play ourMobile Mythbusters quiz on Facebook, where you can also enter to win great prizes like a Galaxy tablet, Kindle Fire, or a copy of my e-book “99 Things You Wish You Knew Before Your Mobile Device Was Hacked,” all with a 1-year subscription to McAfee Mobile Security.

Capture

In addition, share you’re your mobile myths with @McAfeeConsumer using the hashtag #MobileMyths to help debunk mobile security myths and protect yourself and others. Top tweeters will win a copy of McAfee All Access or McAfee Mobile Security.

And if you’re going to be at Mobile World Congress, stop by to visit McAfee and see our product demos. We’re in the Intel booth in Hall 3, Stand C34. You may even get a small gift if you show that you’ve liked McAfee on Facebook or followed us on Twitter when you come see the people in the red shirts!

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Stop, Think and Connect on Public Wi-Fi

OnGuardOnline.gov, co-managed by the Federal Trade Commission, is the federal government’s website to help you be safe, secure and responsible online.OnGuardOnline.gov is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.

Vulnerabilities

I, for one, am a big fan of the Department of Homeland Security, so I wanted to provide some DHS perspectives on wireless, its vulnerabilities and encryption–such as that obtainable through Hotspot Shield VPN—straight from the government’s mouth: “Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities and other public places are convenient, but they’re often not secure. When using a hotspot, it’s best to send information only to websites that are fully encrypted.

“You can be confident a hotspot is secure only if it asks you to provide a WPA password. If you’re not sure, treat the network as if it were unsecured.”

Encryption

You’ve heard it from this blogger before, but this is what Homeland Security has to say about encrypting your web communications:

“Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so that it’s not accessible to others. When using wireless networks, it’s best to send personal information only if it’s encrypted—either by an encrypted website or a secure WiFinetwork. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.” Homeland Security further states: “Don’t assume a Wi-Fi hotspot is secure. Most Wi-Fi hotspots don’t encrypt the information you send over the internet and are not secure.”

Hence, get yourself a wireless VPN! And use it. Advice straight from the DHS’s mouth.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America. Disclosures.

Steamy Sexts Get Leaked 60% of the Time

McAfee released the study Love, Relationships, and Technology: When Private Data Gets Stuck in the Middle of a Breakup, which examines at the pitfalls of sharing personal data in relationships and discloses how breakups can lead to exposure of private data.

Nearly two-thirds of smartphone owners have personal and intimate information (such as revealing photos, bank account information, passwords, and credit cards) on their mobile devices, yet only 40% have password protection on their devices, leaving a huge gap in personal data protection.

The study shows that 94% of Americans believe their data and revealing photos are safe in the hands of their partners. However, 28% of people regretted sending that personal information and 10% of people have been threatened by their exes that they would expose risqué photos online.

Breakups are rarely, if ever, feel good events left on good terms. But we don’t have to make them worse by potentially having our private data open to being exposed for all to see.

capture 1

 

Capture 2

To make sure you keep your private date private, you should follow these tips:

Don’t share your passwords

Make sure you have lock devices (especially your mobile) with a PIN

Delete any intimate photos/videos on your mobile device

Don’t share photos or videos that you don’t want your grandma seeing

If you’ve shared passwords, change them immediately

Remember the adage that whatever you post online is there forever

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

How Does My IP Address Affect Different Services?

You’ve probably heard the term IP address before but you likely aren’t fully aware of all the ways it is used. Or misused by various entities. Or how you can turn an IP address to your own advantage by taking control of who gets to use it.

An internet protocol (IP) address is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the internet protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: ”A name indicates what we seek. An address indicates where it is. A route indicates how to get there.”

When you visit a website, the website knows your IP address. When you send email or sign up for something online or use any internet-based service, the site knows your IP address. Your IP address matters to many sites for many reasons. Search engines want to know your IP address so they can serve up local search options and local ads and present themselves in the language (English or Chinese etc) associated with the IP address. Retailers want to know your IP address for security reasons.

Various online vendors—such as ecommerce sites, ad networks or retargeting services– want to know your IP address because they may sell web-based products specific to your location or country or browsing history. In some cases, the company may sell products or downloads that may be regulated by specific laws in that country. For example, downloads of copyright-protected content may fall under specific regulations with a particular country and any service that sells that content.

I came across a recent forum post asking the following question and thought the answer would be helpful to my readers: “I have Netflix Canada, but it doesn’t have all the shows that Netflix USA has. 1. Someone said Hotspot Shield would make it appear that I have a U.S. computer IP address (IPS? ISP?). Can anyone give a definitive answer on this? 2. How safe is this Hotspot Shield and would it work?”

So to answer the first question, Yes, Hotspot Shield, when installed on a PC, laptop, Mac or mobile device will use a US-based IP address when running. (If you have the paid version of their service, you can also choose IPs from other countries.) And in answer to the second question,Yes, Hotspot Shield is safe in regard to protecting your data as it travels over the Hotspot Shield VPN. And “would it work”…well, I don’t see why it wouldn’t work. Whether you want to use it in the manner the questioner is proposing is up to you. Keep in mind that the company may have a good reason for placing that restriction in the first place.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was StolenSee him discussing internet and wireless security on Good Morning America. Disclosures.