How Likely Am I to Be a Victim of Mobile Crime or Data Theft?

Imagine your body being targeted by 100 million viruses. That is exactly what’s happening to your networked digital devices. Laptops, desktops, netbooks, Macs, iPads, iPhones, BlackBerrys, Androids and Symbian mobile phones are all at risk. Research from McAfee Labs reveals a variety of threats:

  • Mobile: Android has become the most popular platform for mobile malware. Hundreds of Android threats soared from the middle of 2011 into thousands of threats in early 2012 into 2013. The bulk of these threats spread through third-party app stores and were financially motivated.
  • Malware: In the first quarter of 2012, PC malware developers delivered their most productive quarter ever, supporting a forecast of 100 million pieces of malware before the end of 2013. Malicious developers are building more rootkits (software designed to evade detection) and password-stealing Trojans (software that collects the information required to break into a device or an account). Like many consumers, they also like the Mac.
  • Spam and phishing: Believe it or not, spam volume has decreased to a mere one trillion messages per month. McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” By using information they collect about you, spear phishers create more realistic messages that increase the chance you will click. In 2012, nearly all targeted attacks started with a spear phish cast.
  • Botnets: Botnets are groups of infected computers—often consumer PCs—that criminals manipulate to send spam, process fraudulent transactions, or conceal other nefarious activities. In 2012, infected bots reached five million.
  • Bad URLs: McAfee is recording 10,000 new risky or malicious websites each day. Website URLs, domains, subdomains and particular IP addresses can be deemed “bad” because they are used to host malware, phishing websites or potentially unwanted programs.

While these numbers do not yet approach the volumes of incidents occurring on PCs, they make it clear that mobile devices are genuine and increasing targets. For you as a user, forewarned is forearmed.

To avoid becoming a victim:

  1. Keep mobile security software current. The latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
  2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
  3. Use a private VPN. Hotspot Shield VPN, which is free to download, creates a virtual private network (VPN) between your iPhone, Android or tablet and any internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures

Children Heading Back to School Face Identity Theft Risk

This isn’t rocket science. We have millions of children registering for schools in person, online, over the phone, via email and through the mail. All of these transactions involve personal identifying information including names, addresses and Social Security numbers.

All of these exchanges of data can be breached in some way by those on the inside of these organizations, hackers from the outside or simply from someone stealing mail or going through the organization’s trash.

The problem here is that once a bad guy gets hold of the child’s Social Security number, he or she can then open new lines of credit under that child’s identity simply by lying and saying the child is 18 years or older. With that information in the wrong hands, that child will face serious issues as a young adult when he/she is starting a new life and career out of high school.

Dallas News reports, “Criminals create a synthetic ID by combining a child’s Social Security number with a different date of birth to fabricate an identity that can be used to commit fraud. ‘Synthetic identities are very difficult to detect,’ reported a Javelin study. Guarding your child’s Social Security number is critical to protecting his or her identity.”

Guarding a child’s Social Security number is like guarding a credit card number. It’s bad advice and doesn’t work. You can’t protect numbers once they are handed over to anyone. Once in the wild, they are vulnerable.

Best advice:

  1. Apply for a fraud alert through the three credit bureaus every quarter to six months to confirm no credit report has been issued. However, this may or may not produce a report based on synthetic identity theft—and it’s also time consuming.
  2. Invest in a family identity theft plan that also protects your children. The service will watch their Social Security numbers in the wild, and a good service will repair any damage done if the theft isn’t caught up front.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. For Robert’s FREE ebook, text SECURE Your@emailaddress to 411247. Disclosures.

4 Tactics Cybercriminals Are Using to Steal From Us

Today McAfee Labs™ released the McAfee Threats Report: Second Quarter 2013, which reported that the cybercriminal community is using four main tactics to steal our identities, and our money. As consumers, it’s critical that we are aware of the ways the hackers are trying to attack us and here’s the four main ways:

1. Malicious apps on Android-based mobile devices
2. Infecting websites to distribute malware
3. Holding your devices hostage with ransomware
4. Sending spam promoting fake pharmaceutical drug offers

1. Malicious apps for Android
This quarter nearly 18,000 new Android malware samples were added to the McAfee Labs database. Most of this growth is from malicious apps that are designed to steal your information, spy on your phone activities, or take your money. Halfway through 2013, McAfee Labs has already collected almost as many mobile malware samples as it did in all of 2012.

The motivation for deploying mobile threats is rooted in the inherent value of the information found on mobile devices, including passwords, contacts and access to financial information. You need to be proactive and protect your mobile devices with comprehensive security software and be especially mindful of where you download apps from, and what permissions it is asking to access on your mobile device, before you install them.

AndroidMalware_Q2ThreatsGraphic

2. Infecting websites to distribute malware
McAfee Labs very carefully tracks suspicious websites on an hourly basis. This quarter, they observed a 16% increase in suspicious URLs, bringing the total to nearly 75 million. Adding to the growth from last quarter, cybercriminals are continuing the move to drive-by downloads as their primary means to distribute malware.

96% of these suspicious URLs host malware, exploits, or codes that have been designed specifically to compromise computers. This growth shows that these sites are an easy and successful way for cybercriminals to distribute malware. You should take care to make sure you’re using a safe search tool to visit sites so you know they are safe before you click.

3. Holding your devices hostage with ransomware
Ransomware holds your computer or mobile device and the data on it hostage until you pay to free it. Ransomware is a serious threat and it’s getting worse—McAfee Labs found more than 320,000 new, unique samples this past quarter, more than double from the first quarter of this year.

Anonymous payment methods make this an efficient way for cybercriminals to make money without a lot of implications of being caught. You should always take precautions to back up your valuable data and should not pay the ransom to get your computer “back,” as often times even when the fee is paid, the cybercriminal does not “free” your computer or mobile device.

4. Sending spam promoting fake pharmaceutical drug offers
After almost three years of declining volume, global spam increased this quarter. In April, spam volume surpassed 2 trillion messages, the highest figure since December 2010. A slight decline in May and June still left the count higher than any time since May 2011. More than 5.5 trillion spam messages were delivered this quarter, representing approximately 70% of global email volume.

Pharmaceutical drug offers are one of the top spam subject lines for and compromise anywhere from 17 to 50% of the subject lines depending on the country. To protect yourself from spam, you should make sure your security software includes an anti-spam feature as well as making sure that you don’t open or click on any links in the spam messages.

Just like protecting yourself from crime in the physical world, you need to protect yourself in the digital world. One way to do this is to protect all your devices including PCs, Macs, smartphones and tablets with one solution, McAfee LiveSafe™ service. Of course you should still take care to educate yourself on the latest threats and techniques that cybercriminals use and be suspicious of anything that doesn’t seem right.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

5 ways to Protect Privacy on Mobile Devices

Privacy advocates are working to prevent the worst and most extreme outcomes of personal data collection. They know that without checks and balances—without consumers knowing their rights and actively protecting their own privacy and personal data—that data could be used unethically.

Privacy is your right. But in our digital, interconnected world, privacy only really consists of what you say and do within your own home, legally, with the shades pulled down. It’s that part of life that is shared between you and your loved ones and which is not communicated, recorded, broadcast or reproduced on the internet or any public forum in any way. Beyond that, especially when taking advantage of various online resources, be sure that you know what it is you’re agreeing to and take precautions to protect yourself.

In addition to reading “terms and conditions” and the privacy policies of apps and websites, now is a good time to check your privacy settings on social networking sites and other sites you already use. Don’t share by default; share by choice. Ensure you have a strong password and be aware of where and with whom you are sharing your personal data.

In addition, turn off features on your device that expose your device and may share information about you, such as location, GPS and Bluetooth. When you want to use these features, you can always turn them on temporarily.

  1. Install the latest antivirus software on your devices. Antivirus software is a must-have utility to protect your computer from viruses, spyware, Trojans and worms. These malicious programs are designed to invade your privacy and steal your personal data. As such, it’s critical for you to protect your devices with the latest antivirus program(s).
  2. Use a personal virtual private network (VPN). While antivirus programs do a good job of protecting your computer, it doesn’t secure your browsing session or your internet communications. A VPN is a perfect complement to an antivirus program. VPN services such as Hotspot Shield VPN protect your privacy online and secure your web sessions by creating a secure “tunnel” on the internet between the VPN server and your device. Hotspot Shield is available for iPhone/iPad and Android devices
  3. Use strong passwords. Most people tend to use their names, birthdates, driver’s license numbers or phone numbers to create passwords. The most common password, believe it or not, is the word “password.”
  4. Be careful what you share on social networking sites. Social networking sites such as Facebook have very vague and complicated privacy policies. In fact, their business models are based on trading, sharing or selling your private data to advertisers and marketers.
  5. Delete or clear the tracking cookies. Tracking cookies are small pieces of code that websites attach to your computer to store information about your online activities.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Making a Case for Mobile Payment

Mobile payment can transform your shopping experience, making it more convenient and easy—and it’s secure, too!

Forbes reports, “Shopping has become very impersonal. Few people have a relationship with a salesperson who knows their style and preferences and can direct them to the right items at the right prices as soon as they walk in the door. But wouldn’t that be nice? Preferable, certainly, to wandering cavernous stores, fending off pushy salespeople who don’t even bother to learn our names, much less our favorite colors and fabrics.”

Mobile payment will mean much more one-to-one marketing—meaning specific deals and promos could be specially targeted to individual consumers based on their buying habits. Sooner rather than later, based on the information on a mobile phone app that consumers carry while shopping, they will be “recognized” as being in the store and recommendations, discounts, coupons—all in the form of specific customized offers—will pop up.

And mobile is secure, too. There are various mobile payment delivery options. Near field communication is a contactless delivery system that involves a chip that is either built into the phone itself, into a card within the phone, or a sticker attached to the phone. There are also new applications that facilitate mobile payments, most of which involve a barcode that the user scans at a store register.

As you increasingly use your phone for mobile payments, be aware that the phone correspondingly increases in value to thieves and hackers. So keep track of your cell phone. You wouldn’t leave your wallet on a bar and walk away, and you shouldn’t do that with your phone, either. And be cautious when visiting websites on your phone’s browser, clicking on links or responding to text messages.

So how do I conduct safe mobile payments?

  • Pay attention to your credit card statements to check that you are paying for what you actually purchased.
  • Only download mobile payment applications from a reputable app store. Check user reviews of the app and make sure to read the app’s privacy policy regarding what data of yours it is accessing and sharing.
  • Don’t conduct any mobile transactions over an unsecured WiFi connection. It’s much more secure to use your mobile data network.
  • Keep your mobile software current. This includes installing the latest updates for your operating system, mobile browser and mobile security software.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Serious Growth for mCommerce in 2012

The practice of mCommerce (or M-commerce) is using a mobile phone to make purchases. Like credit card transactions, your card/device can be either present or not present.

Mobile payment has been around for years in numerous forms for purchases such as downloading music, ringtones and various other services, and it is now gaining traction for retail purchases in the U.S. But its implementation in the U.S. is a bit slower due to a lack of standardization of payment methods and the overall security concerns of mCommerce.

Some consumers in the U.S. have had bad experiences with criminal hacking and data breaches and so are concerned about their security. As a result, they are waiting for the various handset manufacturers (in other words, those who make the phones), mobile carriers (those who provide mobile service) and third-party technology providers (those who make the technology that facilitates financial transactions) to agree on standardization that will lead to more secure transactions.

Regardless, EcommerceTimes.com reports in its holiday retail edition that Foresee, a customer experience analytics firm, saw the Mobile Satisfaction Index jump two points over Christmas 2011 to a score of 78 on a 100-point scale.

When it comes to individual companies, Amazon took the number-one spot with a score of 85. Apple and QVC were next with scores of 83, with NewEgg and Victoria’s Secret coming in at 80 in the report. Those at the bottom of the list of 25 mobile retailers include Shop NBC with a score of 73, and Sears, RueLaLa, Overstock and Gilt.com, which each earned a 74 in the ratings.

The study shows that the mobile platform is maturing faster than the traditional web. But this will also mean criminals are moving to mobile as an attack vector.

To stay safe while mobile shopping:

  1. Keep mobile security software current. The latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats.
  2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.
    1. Use a private VPN. Hotspot Shield, which is free to download, creates a virtual private network (VPN) between your laptop, iPhone, Android or tablet and any internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network. Hotspot Shield is available for iPhone/iPad and Android devices

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

What is a Keylogger?

Whether it is called a keylogger, spyware or monitoring software, it can be the equivalent of digital surveillance, revealing every click and touch, every download and conversation.

A keylogger (short for keystroke logger) is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don’t know that your actions are being monitored. This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.

Legitimate uses do exist for keyloggers. Parents can monitor their children’s online activity or law enforcement may use it to analyze and track incidents linked to the use of personal computers, and employers can make sure their employees are working instead of surfing the web all day.

Nevertheless, keyloggers can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cybercriminals can get PIN codes and account numbers for your financial accounts, passwords to your email and social networking accounts and then use this information to take your money, steal your identity and possibly extort information and money from your friends and family.

How would I get a keylogger?

Keyloggers spread in much the same way that other malicious programs spread. Excluding cases where keyloggers are purchased and installed by a jealous spouse or partner, and the use of keyloggers by security services, keyloggers are installed on your system when you open a file attachment that you received via email, text message, P2P networks, instant message or social networks. Keyloggers can also be installed just by you visiting a website if that site is infected.

How do you detect a keylogger?
Keyloggers are tricky to detect. Some signs that you may have a keylogger on your device include: slower performance when web browsing, your mouse or keystrokes pause or don’t show up onscreen as what you are actually typing or if you receive error screens when loading graphics or web pages.

What can you do to protect yourself?

Just as you maintain your own health on a daily basis by eating well-balanced meals, getting plenty of rest and exercising, you must also maintain your computer or mobile device’s health. That means avoiding keyloggers by avoiding actions that could negatively affect your computer, smartphone or tablet, like visiting dangerous websites or downloading infected programs, videos or games. Here are some tips:

Use caution when opening attachments – files received via email, P2P networks, chat, social networks, or even text messages (for mobile devices) can be embedded with malicious software that has a keylogger.

Watch your passwords – Consider using one-time passwords and make sure key sites you log into offer two-step verification. You could also use a password manager like McAfee SafeKey that is available with McAfee LiveSafe™ service, which will automatically remember your user name and passwords, but also prevent keylogging since you are not typing in any information on the site as the password manager will do that for you.

Try an alternative keyboard layout – Most of the keylogger software available is based on the traditional QWERTY layout so if you use a keyboard layout such as DVORAK, the captured keystrokes does not make sense unless converted.

Use a comprehensive security solution – Protect all your devices—PCs, Macs, smartphones and tablets—with a solution like McAfee LiveSafe, that offers antivirus, firewall, as well as identity and data protection.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Cheating and Bullying: It’s a Bigger Problem than You Think!

The whole purpose of your “youth” is to grow and learn. It’s time to take in lots of information, so ultimately they can evolve, accomplish, and get ahead. However the pressure to grow and climb the ladder of life often leads to unwanted behaviors and actions that lead to significant negative consequences. And with everyone being online these days, it only adds to these consequences.

Technology has really added fuel to the fire for two well-known tween-teenage activities: bullying and cheating. Bullying has moved from the playground to online and cheating has a whole new realm beyond writing information on your hand or arm.

According to McAfee’s 2013 Digital Deception: Exploring the Online Disconnect between Parents and Kids study, children are witnessing bullying online in great numbers and parents are not fully aware of the issues. Additionally, children are continuing to find ways to use technology to cheat, while only half of the parents of cheating kids believed they had done so.

Cyberbullying

Social media isn’t all fun and games – 89% of all youth (ages 10-23) surveyed say they witnessed mean behavior on Facebook and 40% on Twitter.

Kids don’t outgrow bullying – 17% of children ages 10-12 say they have witnessed mean behavior directed at a classmate or friend online, but that number jumps to 34% for young adults ages 18-23.

Parents don’t know the full extent of the problem – Only 9% of parents believe their child or children have witnessed cruel behavior online; even worse, only 6% think that their son or daughter has been a target of this cyber bullying, when in reality 13% of youth report they have been targeted online.

Peer pressure spreads to the Internet – 4% of youth said they’ve been pressured into bullying someone online.

Cheating

It’s a bigger problem than you think – More than half of all 13-23 year olds surveyed admitted to looking up the answer to a test or assignment online; only 17% of parents believe their child has done so.

Smartphones are making us dumber – While only 10% of 10-12 year olds said they had cheated on at test using a cell phone, this percentage doubles when looking at 18-23 demographic.

The Internet is teaching kids things you don’t want them to know – Only 2% of parents believe their child has ever cheated on a test using a technique they found online when in reality more than 1 in every 10 youth surveyed admitted to doing so.

Growing up is hard to do – More than a quarter of young adults ages 18-23 cheated with help from technology as opposed to 14% of 10-12 year olds.

So what do we as parents do to help change this negative behaviors? We must stay in-the-know. Since your kids have grown up in an online world, they may be more online savvy than you, but you can’t give up. You must challenge yourselves to become familiar with the complexities of the teen online universe and stay educated on the various devices your teens are using to go online.

Make sure you talk to your kids about Internet safety and what is and is not appropriate behavior online.

Establish clear guidelines that you all agree on including time spent online, and what type of content is ok post online.

Teach your kids to recognize cyberbullying and encourage them to talk to you about it.

Learn what your kids are doing with their mobile devices while they are in and out of school. It may surprise you to know how much time they are spending on them.

Consider using tools to help keep your kids safe online and support family Internet rules. Parental control software such as McAfee Safe Eyes lets you protect your kids from inappropriate sites and stay informed about their online activities.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

 

What is a Mobile Botnet?

The word botnet is short for robot network, a group of internet-connected computers that have been infected by a malicious application. The malware allows a hacker to control the infected computers without alerting the computers’ owners. Since the infected computers are controlled remotely, they are known as bots, robots or zombies.

When a virus recruits an infected computer and converts it into a botnet, a criminal hacker is able to remotely control that computer, install other malware and access all the data on that computer. For example, the so-called Zeus botnet malware can collect your banking and login credentials and use them to impersonate you or take money from your account.

Mobile botnets give criminals some advantages over PC-based botnets. First, the devices attach to many different networks, including business networks, making them a good carrier for infecting other devices. Second, the devices can be controlled using text messages, which are small, efficient and always get delivered.

McAfee Labs points out:

Due to their wide choice of hardware, botnets can initiate more types of attacks (voice, video, GPS) and serve as launch pads for infections of other computers via any connection (PC, WiFi, Bluetooth, SD card, USB, etc.).

Keep your device from becoming part of a mobile botnet:

  • Use antimalware, antivirus and antispyware on your mobile device.
  • Often, botnets’ malware comes as part of an app, so only install apps from reputable app stores.
  • Keep an eye on your monthly bill. If you start unexpectedly seeing a spike up in text messages received or data charges, call your carrier to investigate.
  • Install Hotspot Shield VPN. Hotspot Shield VPN is a versatile internet security and privacy solution. In addition to protecting you from dangerous online threats, it also protects your privacy and enables you to access any blocked websites and content.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

The Benefits of Having Keyless Locks

You already know what a keyless lock is. It’s simply a “combination lock,” but much more advanced and sophisticated than the ones you had on your high school locker. The old combo locks required three turns in a clockwise/counterclockwise direction to open. Combo locks are cumbersome, confusing and sometimes don’t pass the “grandmother test”.

But today’s keyless locks are push button or touch pads numbered 0-9, like a telephone keypad or ATM. Newer-model automobiles have keyless locks too. Pressing “1276” is much easier for Grandma, and she doesn’t have to worry about fumbling around for or losing her keys. (And, just like combo locks and automobiles, keyless locks also have a key as a backup.)

When going keyless, there are no more keys to lose, hide, carry or forget, so you can secure your home while you run or walk around the neighborhood. I run and used to have to wear a small runner’s pouch just to keep my house key on my person, but not anymore.

Schlage’s Touchscreen Deadbolt is the best keyless lock out there. It’s a motorized bolt that automatically locks and unlocks when a four-digit user code is entered and its lock-and-leave functionality requires only one touch to instantly safeguard the home.

Every aspect of the Touchscreen Deadbolt has been designed with homeowners’ security in mind. Backed by more than 90 years of inventive Schlage design, the Touchscreen Deadbolt delivers an American National Standards Institute (ANSI) grade 1 security rating, the highest residential rating awarded on the market, as certified by Builders Hardware Manufacturers Association (BHMA).

The Touchscreen Deadbolt can hold up to 30 unique access codes and is designed to support temporary codes for homeowner convenience. For example, codes can be tailored to specific days and times of the week to provide home access only when scheduled, such as for cleaning service personnel.

Built-in Alarm Lock Technology

Keeping families safe, the Touchscreen Deadbolt is armed with built-in alarm technology, sensing a range of activity and alerting homeowners with three different automated sounds for three different situations. For example, the Activity Alert sounds when it detects that someone is leaving or entering the house; the Tamper Alert sounds when the lock is being disturbed; and the Forced Entry Alert sounds after identifying significant pressure, such as a kick to the door or a shove to the lock.

It’s a battery-operated lock, so if the power goes out you’re still covered. The battery lasts approximately one year,

What happens when the battery is dead? Well, you’d need to use your key. However, keyless locks are pretty much idiot-proof—meaning there are numerous warning lights and alarm sounds telling you to change the battery when it’s low. My recommendation is to change your keyless locks’ batteries when you change your smoke alarm batteries which is supposed to be with Daylight Saving Time, but January 1 and July 1 are the dates I use to make my changes. Learn how to change the battery here.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.