What You Should be Aware of When Using Your Android Device

As we all migrate towards using smartphones and tablets, we need to be aware of the risks associated with them. Most of us know that we need to protect our computers with security software, but we don’t always take that precaution with our mobile devices. In fact nearly 75% of Americans do not use mobile security software and 36% of us don’t even use a basic PIN to lock our devices.

And if you’re an Android user there are some things you want to be aware of.

Mobile malware is growing and mostly on Android – Android has become the most popular mobile platform for hackers to target, and this past quarter, McAfee Labs™ found that all new forms of malicious mobile software were aimed solely at the Android operating system (OS).

There are a number of factors why mobile malware is growing rapidly on the Android OS. One of which it is the fastest growing platform and has the largest share of the mobile marketplace, and by nature, cybercriminals go where the large numbers are.

Malicious mobile activity is growing via apps – the mobile malware growth above is mostly from bad apps. And these bad apps can do anything from access your contacts and send them emails to “see” everything you do on your mobile device including typing in your user name and passwords to your financial accounts.

Watch app permissions – Android developers can choose from over 150 different permissions that the app can access on your mobile device. Some of these include turning on your camera and recording what it sees, accessing all your contacts and even accessing your IMEI code (which is like your phone’s Social Security number)! You just need to be aware of the type of app and why it would need to access certain information so it’s not sending your personal information to hackers.

For the moment, the amount of detected smartphone malware is relatively low compared to malware that targets desktop or laptop PCs; but being aware that it exists is the first step toward protecting yourself and your data. Here are some steps you can do to protect yourself:

First and foremost, use a PIN to lock your device.

Like with your computer, be cautious when clicking on links, especially from people you don’t know. And make sure you have web protection software which will prevent you from going to malicious sites.

When downloading apps, do your research and check it out before downloading. Read the ratings and reviews and only purchase apps from well-known reputable apps stores.

When you install an app, make sure you review the permissions it’s accessing on your device. And use an app protection feature that warns you if your apps are accessing information on your mobile that it doesn’t need to.

Install a comprehensive mobile security solution like McAfee Mobile Security that includes anti-malware as well as web protection, anti-theft and app protection features. Or if you want to protect all your devices, including your mobile devices, you can use McAfee All Access that protects all your PCs, Macs, smartphones and tablets.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Take Privacy Seriously When Transferring Money Overseas

According to a study done by the World Bank, money sent home by expatriates last year totaled a staggering £335 billion (about $509 billion) – or three times the amount of global aid budgets. It’s common for workers all over the world to supplement the incomes of their families back home, but the current amount and frequency has also given rise to transfer fraud.

The most common methods are notifications of fake awards, a bogus money inheritance or requests for bank account information (there are countless – often imaginative – stories that fraudsters use to extract this data).

For example, an individual dressed as a policeman may approach you, saying that a relative or friend of yours has been in an accident and then request that you send money immediately for his or her hospital fees. Another example is an email request for proof of funds to make reservations for your holiday accommodation overseas. Thousands of people fall for these scams every year; use these tips to avoid falling foul of wire transfer fraud.

Secure your online banking
Obviously, the easiest way to avoid a scam is to verify the identity of the recipient. If you trade in different countries and pay suppliers all over the world, however, it can be difficult to verify every single party before transactions can be made. One way to secure payments is to work with a bank that’s linked with your home branch and which provides secure online banking. Remember that your bank will never ask you to verify your details via email.

A healthy dose of skepticism
Some of the best-known scams are those that claim you’ve won a prize in a foreign lottery and that you need to send over your bank details to receive it. Similar are the “Nigerian Prince” or “419” scams that offer non-existent rare pets, unclaimed properties – even romance – in exchange for your details and payments. Apply common sense when someone you don’t know contacts you – especially if you haven’t played the lottery in Nigeria recently.

It’s too good to be true
Another common type of financial scam is an offer to sell something at an incredibly attractive price through classified ads. The recipient will accept your money but you won’t receive the item in return. Remember that if an item seems too good to be true, it probably is.

Every day, scam artists are thinking up sneakier ways of scamming you out of your hard-earned cash, but they require a certain amount of trust from you to make a sale or obtain information. As long you remain skeptical and aware that these scams exist, you can avoid most of the common pitfalls. Keep up to date with the latest scams to ensure you don’t fall victim to wire fraud.

If you think you have been a victim of fraud or want to learn more about digital life, you can read more information here.

How NFC and Security Work Hand in Hand

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point-of-sale device, such as a credit card reader at a checkout counter. NFC can be used in other ways beyond credit card transactions. It can integrate with hardware, such as your car, to lock or unlock a door.

Consumers perceive a lack of security with NFC, but in fact NFC is much more secure than having your data stored on a magnetically striped credit card, which can be more easily compromised. There are numerous layers of security in an NFC payment, including both hardware and software, and major payment networks such as MasterCard and Visa require certification before any payment application or hardware is let loose on the public.

There are important key features that reinforce mobile NFC security:

1) NFC SIM cards storing a consumer’s payment credentials and the payment applications are certified according to security standards. These standards are defined by financial services’ authorities and are comparable to CHIP-N-PIN security.

2) Consumers can choose to authenticate transactions by entering a PIN code on the payment application. Consumers can also request the PIN to be entered for all payments, even for small amounts—providing the end-user with complete control over protection features.

3) Secure over-the-air technology for remote management enables immediate remote blocking of the payment application. This works in a similar fashion to blocking a bank card in opposition mode.

Check out NFC and see if your device offers NFC here and definitely give it a try!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Criminals Prefer Pheasting on Phish Over Spam

Most of us are aware of spam, and while we may think it’s just an annoyance, what’s really dangerous about it is the fact that most spam are phishing attempts. Phishing is when cybercriminals attempt to fraudulently acquire your personal information, such as passwords and credit card details, by masquerading as a trustworthy person or business in electronic communications, such as email, texts or instant messages.

Criminals have long known there’s a sucker born every minute. In fact, more than 9 million households have had at least one member who gave up their information to phishers. And in the first half of 2012, these cybercriminals netted over $680 million which may be one of the reasons that McAfee Labs™ saw the average number of phishing sites found each day, increase by 70% between January and September of 2012. They also found 3-1/2 times more phishing URLs than spam URLs for the first time ever. This means spam is losing favor (and flavor) to phishing as cybercriminals are tossing out wide phish nets.

Here’s a graphic that explains how phishing works:

capture 2

There are no depleted phish stocks in the sea of scamming, so to protect yourself from phishing you should:

Be suspicious of emails that ask for personal or financial information. Most banks and legitimate businesses will not send you an email asking you to provide this type of information.

If you suspect that an email or chat message may not be authentic, or you don’t recognize the sender, do not click any links included in the message.

Check your bank, credit and debit account statements regularly for any unauthorized transactions. If you notice any suspicious or unfamiliar transactions, contact your bank and/or card issuer immediately.

Make sure to keep your browser and operating system up to date and install any necessary security patches.

Use comprehensive security software, like McAfee All Access, on all your devices and make sure they include a safe search tool that identifies risky websites in email, chat, social networking sites and search engine results to protect you from phishing.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Protect Yourself from Tax Time Scams

Tax season is now upon us, and more than ever, we are opting for the convenience of filing taxes online (81% of us did in 2012). While filing online may be faster and more convenient, there is also some risk that you need to be aware of. During 2012, the IRS discovered  $20 billion of fraudulent refunds, including those related to identity theft, compared with $14 billion in 2011.*

Hackers have developed sophisticated methods to gain access to your financial information, and they are targeting consumer and small to medium sized business owners. Consumers and small businesses are the low-hanging fruit—the path of least resistance—because they don’t usually have as much security in place as larger companies.

The number of daily targeted attacks specifically aimed at small and midsize businesses more than doubled in the first six months of 2012. One of the best ways to help protect yourself is to be aware of these tax time scams. Some of these are:

Phishing scams: Unsolicited emails that appear to be from the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS) asking for personal information or stating you are being audited, are not to be trusted. The IRS does not contact taxpayers by email or social media tools. You should report this by sending the email to phishing@irs.gov . You may also see phishing scams from online tax companies like the recent TurboTax scam.

Fake IRS agents: Beware of scammers posing as IRS agents. They contact you via phone or email, and are often prepared with a few personal details (most likely garnered from your trash or social media sites), which they use to convince you of their IRS affiliation. If you are suspicious, check the IRS phishing page at IRS.gov/phishing to determine if it is a legitimate IRS notice or letter.

Rogue tax preparers. Be careful who you use if you have someone prepare your tax return for you. Some of these return preparers have been known to skim off some of your refund or charge inflated fees for getting you a larger return.  Make sure you use a reputable service if you are not doing your own taxes.

Here’s some additional tips that you should follow to protect yourself when filing online:

Protect your data. This means that all sensitive documents, including anything that includes tax or investment records, credit, debit or bank account numbers, or a Social Security number, must be secured from the moment they arrive in your mailbox.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you will thwart any criminal’s attempt to file on your behalf and collect your refund.

Use a clean PC. Make sure you are not using a computer that is infected or does not have any security software. You should also make sure that the computer’s operating system and browser are updated and that you use up-to-date, comprehensive security software like McAfee All Access that protects all your devices.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Iran Blocking VPNs on its Already Strangled Internet

Free societies really have no idea what it’s like to live in a censored and controlled nation that locks down the internet and filters what citizens are allowed to consume.

Imagine wanting to login and research information on health or find a friend online or simply watch some funny videos on YouTube…only to discover that your government doesn’t allow it.

In Iran, the UK-based group Small Media reported,“Prominent Persian-language websites and other online services have been filtered one by one, and communications with external platforms is becoming progressively more difficult.”

Iran isn’t the only country like this. Countries with some kind of internet censorship are frequently Middle East and North Africa (MENA) countries, as well as some countries in Southeast Asia and China. Specifically, Saudi Arabia, UAE, Qatar, Bahrain, Yemen and others in the MENA region block a lot of content and often communication applications like Skype, Viber and social media sites. Pakistan has blocked YouTube; in Vietnam, some ISPs block Facebook; some Central American countries block communication apps as well.

Reuters reports, “A widespread government internet filter prevents Iranians from accessing many sites on the official grounds they are offensive or criminal.”

“Many Iranians evade the filter through use of VPN software, which provides encrypted links directly to private networks based abroad, and can allow a computer to behave as if it is based in another country.”

“But authorities have now blocked ‘illegal’ VPN access, an Iranian legislator told the Mehr news agency on Sunday. Iranian web users confirmed that VPNs were blocked.”

It’s not just users in Iran who relyon US or European-based services that enable them to tunnel around the government censorship.

Robert Siciliano is an Identity Theft Expert. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Top 6 Sources of Grey Charges

Those out-of-the-blue credit card charges that sneak up on us and require our time, attention, persistence and aggravation to squelch are called grey charges. Thanks to these insidious leaks, millions of people lose billions of dollars.

Sleazy, scheming merchants have perfected the art of the grey charge by capitalizing on the fact that we don’t payattention to the fine print and often do not pay much attention to our statements, either. But by being aware of these scammy sales techniques, you can prevent getting caught up in a vicious circle of grey charges.

Here are the top six sources of grey charges:

#1 Unknown subscriptions. In the process of checking outduring an online transaction, you might check or uncheck a box in regard to an offer or discount. Either way, a few months later you start getting all these charges for services you never wanted or ordered.

#2 Zombie subscriptions. After you recognize a grey charge for an unknown subscription, you might get the charge removed—only to find out months later it’s back from the dead and you’re being charged again.

#3 Auto-renewals. When signing up for a service that bills you monthly, quarterly or annually, a forthright retailer will let you know when your renewal date is coming and will inform you of upcoming charges. But shady companies don’t say a word and re-charge you without notification, sticking you with the bill even after you complain—all because you were “too late.”

#4 Negative-option marketing. When buying a product, you ultimately buy a suite of services you never wanted.

#5 Free to paid. When getting something “for free”and you have to cough up your credit card, there is always a catch. That catch is usually in the form of ongoing charges that are difficult to remove.

#6 Cost creep. The initial purchase price might have been $9.99 for the first three months, but then it becomes $19.99 a month thereafter. Then the merchant tacks on an annual $99.99 membership fee.Then you want to crawl through the phone and choke someone.

Stay out of trouble by keeping these tips in mind:

  • Pay attention. Nothing is free.
  • Monitor your purchases. Know what you’re getting into.
  • Check statements biweekly. Look for grey charges
  • Sign up for BillGuard to watch your statements. It’s free, easy and effective.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Fake Friends Fool Facebook Users

The word friend is defined as “one who entertains for another such sentiments of esteem, respect and affection; an intimate associate.” But that definition seems to have gone out the window with the advent of social networks.

Studies show 50% of people will accept a Facebook “friend” or LinkedIn invitation from a total stranger. So do you consider the hundreds of friends on these social networks as people who you have an intimate affection for? Probably not.

This is why fraudsters have set up 15 million fake profiles that are used for spam and fraud. Just about anyone can set up a fake account on just about any website. Facebook and other social media sites are popular targets due to the amount of users on those sites and how much time people spend on those sites.

People share an awful lot of information including their birth date, high school, email, phone number, pet’s name, kids’ names, maiden name and more on social networking sites. The fraudsters then use this information to send you phishing messages to try and get access to your accounts and passwords. And, since these messages appear like they “know” you, they seem more legitimate and you are more apt to trust the message.
capturejcapture k

What can you do? Be a good friend to yourself and your true friends. Protect yourself.

Only friend people you know in the physical world, ones that you like and trust.

Beware of offers with the word “free” or that sound too good to be true.

Stop and think before you click. Be wary of links in chat, text and email as this is one of the main ways hackers can “hook” you.

Protect your devices. Use up-to-date, comprehensive security software on all your devices that has a safe search plug-in to protect you from going to malicious sites.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

10 Tips for a Safe and Secure Spring Break

Spring has arrived, and students are gearing up to head to warmer climes and tear it up on spring break. Coming from a dad who a) tore it up a bit at that age himself and b) lives and breathes safety/security, I have a few tips—from low tech to high tech– to keep teens and twentysomethings from getting into trouble, becoming victimsorhaving their identity stolen, which—believe-me—will put a real damper on a vacation.

#1 Don’t be stupid. I know this is easier said than done. Anyone who plans a spring break trip which involves partying amongst thousands of other teens is actually planning on getting stupid. That’s not a successful plan. Make smart choices and be careful.

#2 Eat. You’re probably going to be consuming alcohol. Eat and eat often. Alcohol is poisonous; food absorbs the poison and can helpprevent you from getting sick or too intoxicated (in-toxic-ated).

#3 Moderation. Everything in moderation, including alcohol. Negative side effects of too much alcohol can mean bad hangovers or even death.

#4 Cover your drink. There are lots of idiots who think it’s fun and funny to drug people by slipping drugs into drinks. Get your own drink and cover it up with your hand or a napkin.

#5 Use the buddy system. Never leave a friend alone, especially if he or she is inebriated.

#6 Use a designated driver. Seriously. Or cab it.

#7 Watch out for aggressive people. It is a sad fact that too much alcohol makes men get aggressive and women sometimes become vulnerable. Beware of this and don’t become a Spring Break statistic.

#8 Protect your wallet. Cash, credit cards, IDs, etc. should go in your front pocket. Have a photocopy of everything accessible online.

#9 Locate/Lost/Wipe. Install software to locate or wipe a lost mobile device, and make sure it’s password protected.

#10 WiFi security. Whether on a mobile, tablet or laptop, you’re going to be connected to the internet at some point. And just like there are predators out there waiting for you to slip up so they can take advantage of you, there are criminal hackers looking to swipe your wireless data and access your accounts to steal your identity. Download Hotspot Shield VPN for your iOS, Android, PC and Mac to encrypt all your wireless internet traffic.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is a Botnet?

The word botnet or bot is short for robot network.  A botnet is a group of Internet-connected personal computers that have been infected by a malicious applica­tion (malware) that allows a hacker to control the infected computers or mobile devices without the knowledge of the device owners. When malware is launched on your computer or mobile device, it “recruits” your infected device into a botnet, and the hacker is now able to remotely control your device and access all the data on your device.

A botnet can consist of as few as ten computers, or tens or hundreds of thousands. Millions of personal computers are potentially part of bot­nets. Computers that aren’t properly secured are at risk of being turned into bots, or zombies.

Consumers’ and small businesses’ relaxed secu­rity practices give scammers a base from which to launch attacks, by allowing them to create botnets without being detected. Hackers use bot­nets to send spam and phishing emails and to deliver viruses and other malware and thus make money.

Here’s a graphic that explains how your device could easily become a “zombie” computer or part of a botnet.

Zombie-EN11

To stay protected, you should:

Don’t click on links from people you don’t know

Be cautious downloading content from peer-to-peer sites

Be wary of free downloads (is it really free?)

Keep your operating system and browser updated

Make sure you have updated security software for all your devices, like McAfee All Access

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)