Why are Cybercriminals Moving from PCs to Mobile Devices?

The number of households in the United States that rely solely on mobile phones continues to increase. As of July 2011, 31% of households had mobile phones and no landlines. Additionally, almost one in six households used mobile phones exclusively or almost exclusively, despite still having a landline.

This is the first time that adults (of any age range) have been more likely to go without landlines. Most likely, in one to two decades, the landline will be as obsolete as the rotary phone is today.

With almost half a billion smartphones shipped, sales of smartphones in 2011 outnumbered sales of all PCs. Tablets are counted as PCs, but they run Google Android and Apple iOS software just like smartphones do. If you add together smartphone and tablet sales, it’s clear the mobile device market is much larger than the traditional PC market.

The growth in sales volume of both smartphones and tablets creates a huge audience for mobile device software developers, both commercial and criminal. And since cybercriminals go where the numbers are, they are moving their attacks to mobile devices.

Whenever there’s a major transition in technology, the uncertainty and newness create a perfect opportunity for scammers to launch attacks. Hackers and other criminals are seizing the opportunity, creating swindles, malicious apps and viruses that suit their criminal purposes. And there’s no reason to expect them to stop before some other technology nudges aside mobile in popularity.

There are approximately 40,000 viruses targeting the Android operating system today. In Android’s young life, that’s astounding compared to a similar lifespan dating back to when Microsoft Windows was first launched.

So you need to make sure you protect yourself, because for most of us, our mobile devices are our most personal computers. Here are some things you should do to protect yourself:

Use a PIN to lock your device and set it to auto-lock after a certain period of time

Only download apps from reputable app stores, and review the app permissions to make sure you’re comfortable with what information on your device the app can access

Don’t store sensitive information on your phone like user names and passwords

If you use online banking and shopping sites, always log out and don’t select the “remember me” function and don’t access these site when using free Wi-Fi connections

Regularly review your mobile statements to check for any suspicious charges. If you do see charges you have not made, contact your service provider immediately.

Never respond to text or voicemail with personal information like credit card numbers or passwords

Never click on a link in an email, social networking site or message from someone you do not know

Use mobile devices security like McAfee Mobile Security, or McAfee All Access which protects all your devices

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Self-checking Your Online Identity

Googling yourself (or “egosurfing”) is formally known as vanity searching—the practice of searching for one’s own name, pseudonym or screen name on a popular search engine in order to review the results.

The term egosurfing bugs me a bit because it insinuates people do it because they are narcissistic by nature. However, egosurfing really should be called “reputation surfing” because it’s extremely important to check your online reputation for any errors, inaccuracies, slander or unwanted exposure.

Think about background checks. Background checks are a necessary tool in today’s sometimes violent and certainly litigious society. It’s common sense to require employment background checks for school volunteers, coaches, teachers, janitorial staff—really, employees of all kinds. As a small business, one the worst things you can do is hire an employee who becomes a legal liability or has a history of crime that comes back to bite you.

As a self-check, you’ll want to perform your own background checks to make sure there isn’t any erroneous information out there, or to prepare yourself if a potential employer, landlord or school administrator points out something that makes you look bad.

Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU.

Manage your online reputation and do a self-check often. Here’s how:

Start doing things online to boost your online reputation. Register your full name and those of your spouse and kids (owning your kids domains is better than someone else owning them) on the most trafficked social media sites, blogs, domains and web-based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio.

Set up a free Google Alert for your name and get an email every time your name pops up online. If you encounter a site that disparages you, Google has advice. Get a Google Profile. It’s free and it shows up on page one.

Go to Knowem.com. This is an online portal that goes out and registers your name at what it considers to be the top 150 social media sites.

Get a WordPress blog with your name in the address bar and blog often. You want Google to show your given name at the top of search results in its best light, so when anyone is searching for you the person will see good things. Frequent blogging buries bad stuff deep the in search results.

Buy a domain name that is, or is close to, your real name and plaster your name in the HTML header so it comes up in search results.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

2013 SXSWi Security Trends in Technology

South by Southwest Interactive (SXSWi) is an incubator of cutting-edge technologies. The event, which takes place every March, features five days of compelling presentations from the brightest minds in emerging technology, scores of exciting networking events hosted by industry leaders, and an unbeatable lineup of special programs showcasing the best new websites, video games and startup ideas the community has to offer.

At the SXSWi conference this year, mobile was a big deal—which meant mobile applications and their security are high on developers’ radars.

Mobile Security

Access Point states, “Developers need to make sure they cover one other major concern when creating a mobile app: security. Consumers need to feel and know that their information is secure at all times, and developers need to lead the charge before they ask for additional measures. Creating simple but effective security checkpoints is a must—just make sure they are not so obtrusive that your users get annoyed and are resistant to adopting your application.”

Another point of interest at this year’s SXSWi was authentication. With all the data breaches over the last decade, the conversation to eliminate the username/password as a simple access point has begun. One painfully overlooked authenticator is the driver’s license. Gemalto presented a compelling program on why the simple plastic license needs a makeover.

Driver’s Licenses

Technology impacts our lives daily, but one item is not advancing—your driver’s license. A simple card made of plastic with a few bar codes, a magnetic stripe and a photo is all it is. By finding or even simply viewing one, someone can immediately access your personal information to use for fraudulent purposes. Stealing someone’s identity is way too easy. Most industries have already gone digital; now it’s time to tackle the DMV.

A new method of identification is needed: an electronic driver’s license (eDL). One simple chip (or smart card) could revolutionize decades of using the same technology—paper and plastic. EDLs stand to increase security and offer more privacy. The adoption of eDLs also lays the groundwork for a truly mobile wallet solution.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Unknown Credit Card Charges: Fraud or Legit?

Recently, my mother-in-law discovered that a pretty significant piece of jewelry had gone missing. There had been a number of construction workers in the house for a few weeks and when she went to get her jewelry, it was gone. After searching like a crazy person under/in/on top of everything, she called the police.

When the police arrived they asked a bunch of questions, did an onsite investigation and calmly and collectively stated to her: “You misplaced it. It probably hasn’t been stolen. You will find it in a few days.”

Visibly upset and a little teary eyed, she thanked the officer for his time and collapsed in her chair. Two days later, as she was folding laundry, there it was, nestled with her undergarments. She swears to this day she didn’t put it there, but it must have fallen into the drawer from the top of the dresser on a day she was putting laundry away.

Frankly, minus the calling the police, I’ve done the exact same thing.

When charges are made to our credit cards, it’s very easy to look at a charge, not be familiar with it and immediately suspect fraud. Each month, I reconcile my statements at least twice—first weekly when current charges are made and then when my final statement comes in. And without fail, there is at least one charge that gets me all in a tizzy and requires me to do my own investigation.

When you come across one of those questionable charges (and you will), don’t panic until you take these steps.

#1: Look up the name of the company online. Generally you will find something that will immediately trigger your memory as to what you bought and from whom.

#2: Check your receipts against the dollar amount charged and also look for the company name.

#3: Some merchants include a phone number as part of their merchant information on the receipt. Call the number and be cordial to the person on the phone.

#4: If all else fails, call your credit card company and dispute the charge. You will have to give up some basic information,but the credit card company will get to the bottom of it within two billing cycles.

#5: Sign up for BillGuard for free. BillGuard monitors your credit card charges and alerts you to any potential fraud. If there are any grey charges, BillGuard will flag them and let you know.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

College Students Need to Protect Wireless on iPads

A recent study estimated that nine out of ten undergraduate students will own a smartphone by the time this year’s crop of freshmen is slated to graduate. As this demographic grows, college students are increasingly at risk of having their privacy compromised. Mobile-using students also tend to use unprotected public WiFi networks more, which adds additional risk factors to their profile. These factors combine to transform the generation that grew up using the internet most frequently into the generation that’s the most vulnerable online.

Hotspot Shield a wireless VPN has been downloaded more than 100 million times on PCs, Macs, iOS and Android platforms. The company experienced explosive growth in 2012 and, according to Quantcast, is among the top 35 online destinations based on total internet traffic.

The new version of the popular application includes:

  • Privacy protection for anonymous web communication, browsing and sharing online at dorms, cafes and offices.
  • Twenty percent greater mobile data savings capabilities, saving users up to $30 per month in mobile data fees.
  • The ability to access US and UK TV shows and other services online by switching IP addresses—a must-have when traveling abroad.
  • A new user interface that makes it easier than ever to view bandwidth savings and manage features.

To celebrate the launch, AnchorFree will kick off a contest to help US and UK college students keep their digital lives private and secure: the Hotspot Shield College Privacy Challenge, with $50,000 in scholarship awards distributed among the top three finishing universities. During the Challenge, any college student registering with a school-provided “.edu” or, in the United Kingdom, “.ac.uk,” email address will receive a free subscription to Hotspot Shield VPN for iPhone,Android, PC and Mac for one full year—up to a $42 value. The contest begins April 1 and will run through June 9.

More information about the Hotspot Shield College Privacy Challenge can be found at http://college.hotspotshield.com.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What You Should be Aware of When Using Your Android Device

As we all migrate towards using smartphones and tablets, we need to be aware of the risks associated with them. Most of us know that we need to protect our computers with security software, but we don’t always take that precaution with our mobile devices. In fact nearly 75% of Americans do not use mobile security software and 36% of us don’t even use a basic PIN to lock our devices.

And if you’re an Android user there are some things you want to be aware of.

Mobile malware is growing and mostly on Android – Android has become the most popular mobile platform for hackers to target, and this past quarter, McAfee Labs™ found that all new forms of malicious mobile software were aimed solely at the Android operating system (OS).

There are a number of factors why mobile malware is growing rapidly on the Android OS. One of which it is the fastest growing platform and has the largest share of the mobile marketplace, and by nature, cybercriminals go where the large numbers are.

Malicious mobile activity is growing via apps – the mobile malware growth above is mostly from bad apps. And these bad apps can do anything from access your contacts and send them emails to “see” everything you do on your mobile device including typing in your user name and passwords to your financial accounts.

Watch app permissions – Android developers can choose from over 150 different permissions that the app can access on your mobile device. Some of these include turning on your camera and recording what it sees, accessing all your contacts and even accessing your IMEI code (which is like your phone’s Social Security number)! You just need to be aware of the type of app and why it would need to access certain information so it’s not sending your personal information to hackers.

For the moment, the amount of detected smartphone malware is relatively low compared to malware that targets desktop or laptop PCs; but being aware that it exists is the first step toward protecting yourself and your data. Here are some steps you can do to protect yourself:

First and foremost, use a PIN to lock your device.

Like with your computer, be cautious when clicking on links, especially from people you don’t know. And make sure you have web protection software which will prevent you from going to malicious sites.

When downloading apps, do your research and check it out before downloading. Read the ratings and reviews and only purchase apps from well-known reputable apps stores.

When you install an app, make sure you review the permissions it’s accessing on your device. And use an app protection feature that warns you if your apps are accessing information on your mobile that it doesn’t need to.

Install a comprehensive mobile security solution like McAfee Mobile Security that includes anti-malware as well as web protection, anti-theft and app protection features. Or if you want to protect all your devices, including your mobile devices, you can use McAfee All Access that protects all your PCs, Macs, smartphones and tablets.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Take Privacy Seriously When Transferring Money Overseas

According to a study done by the World Bank, money sent home by expatriates last year totaled a staggering £335 billion (about $509 billion) – or three times the amount of global aid budgets. It’s common for workers all over the world to supplement the incomes of their families back home, but the current amount and frequency has also given rise to transfer fraud.

The most common methods are notifications of fake awards, a bogus money inheritance or requests for bank account information (there are countless – often imaginative – stories that fraudsters use to extract this data).

For example, an individual dressed as a policeman may approach you, saying that a relative or friend of yours has been in an accident and then request that you send money immediately for his or her hospital fees. Another example is an email request for proof of funds to make reservations for your holiday accommodation overseas. Thousands of people fall for these scams every year; use these tips to avoid falling foul of wire transfer fraud.

Secure your online banking
Obviously, the easiest way to avoid a scam is to verify the identity of the recipient. If you trade in different countries and pay suppliers all over the world, however, it can be difficult to verify every single party before transactions can be made. One way to secure payments is to work with a bank that’s linked with your home branch and which provides secure online banking. Remember that your bank will never ask you to verify your details via email.

A healthy dose of skepticism
Some of the best-known scams are those that claim you’ve won a prize in a foreign lottery and that you need to send over your bank details to receive it. Similar are the “Nigerian Prince” or “419” scams that offer non-existent rare pets, unclaimed properties – even romance – in exchange for your details and payments. Apply common sense when someone you don’t know contacts you – especially if you haven’t played the lottery in Nigeria recently.

It’s too good to be true
Another common type of financial scam is an offer to sell something at an incredibly attractive price through classified ads. The recipient will accept your money but you won’t receive the item in return. Remember that if an item seems too good to be true, it probably is.

Every day, scam artists are thinking up sneakier ways of scamming you out of your hard-earned cash, but they require a certain amount of trust from you to make a sale or obtain information. As long you remain skeptical and aware that these scams exist, you can avoid most of the common pitfalls. Keep up to date with the latest scams to ensure you don’t fall victim to wire fraud.

If you think you have been a victim of fraud or want to learn more about digital life, you can read more information here.

How NFC and Security Work Hand in Hand

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point-of-sale device, such as a credit card reader at a checkout counter. NFC can be used in other ways beyond credit card transactions. It can integrate with hardware, such as your car, to lock or unlock a door.

Consumers perceive a lack of security with NFC, but in fact NFC is much more secure than having your data stored on a magnetically striped credit card, which can be more easily compromised. There are numerous layers of security in an NFC payment, including both hardware and software, and major payment networks such as MasterCard and Visa require certification before any payment application or hardware is let loose on the public.

There are important key features that reinforce mobile NFC security:

1) NFC SIM cards storing a consumer’s payment credentials and the payment applications are certified according to security standards. These standards are defined by financial services’ authorities and are comparable to CHIP-N-PIN security.

2) Consumers can choose to authenticate transactions by entering a PIN code on the payment application. Consumers can also request the PIN to be entered for all payments, even for small amounts—providing the end-user with complete control over protection features.

3) Secure over-the-air technology for remote management enables immediate remote blocking of the payment application. This works in a similar fashion to blocking a bank card in opposition mode.

Check out NFC and see if your device offers NFC here and definitely give it a try!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures