Selling Your Old Smartphone? Not Smart

It has become standard practice to upgrade to a newer device, and people often sell, donate, or discard the old one. Or maybe you’ve received a new computer or mobile phone as a holiday gift and need to get rid of the old one. You consider selling them so you can get some money back—maybe to purchase your newest device, but is this really worth it?

After what I’ve seen, I don’t think so. I conducted a test where I purchased a bunch of used devices off of Craigslist and eBay to see if I could still find personal data on the devices. I found a startling amount of personal data including photos, phone numbers, addresses, emails, text messages and even passwords.

While most of us would think we were safe if we did a factory reset on our mobile device, we also need to remember to remove or wipe any media like internal drives, SD cards, and anything else that stores data really should be destroyed. And for Android phones, even though some of the phones had done a factory reset, I was still able to find data on them. Furthermore, after having spent a few months working with a forensics expert, I’ve come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something.

So whether you destroy your smartphone with a sledgehammer, use a drill press to turn it into swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don’t sell it on eBay or Craigslist. Yes, this will not provide much help for resale value, but you’ll have some fun and know that your information is safe.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

17 Percent of PCs Are Exposed

Exposed as in streaking through life naked without a stitch of security. There are things I do and things I don’t do, and no security isn’t on my “do” list. Come on, people!

McAfee used its Windows-based Security Scan Plus scan an average of 17 million PCs per month in 24 different countries. This was the first industry study of its kind, thought to be the most accurate snapshot of consumer PC protection to date.

83% of computers scanned were found to be protected with the basics. Basic security protection includes working antivirus software, anti-spyware protection, and firewalls. That leaves 17% with no or essentially no protection from malware and other threats.

Other key findings include:

Finland is the most protected country with only 9.7% of PCs lacking any security protection

Singapore ranked at the bottom with 21.75% of consumer PCs completely unprotected

11.75% of Singapore’s PCs have security software installed, but it is disabled

Spain had the highest percentage of PCs without any installed basic security protection at 16.33%

The United States is the 5th least protected country, with 19.32% of Americans browsing the Internet without any protection; 12.25% of consumers have zero security protection installed; 7.07% have security software installed but it is disabled

If you are part of the 17% without security software installed, listen up: there are millions of viruses out there that will ravage your PC to death. Some can make your PC completely inoperable, while others allow criminals to control your PC remotely, making it part of a “botnet,” used for nefarious ends by a criminal network. But worst of all are viruses that allow criminals to access your data in order to steal your identity.

So please, protect your PC with comprehensive security software that includes antivirus, anti-spyware, anti-spam, anti-phishing and firewall protection, and save us all the discomfort of having to look at your naked PC.

Robert Siciliano is an Online Security Evangelist to McAfee. See him on Anderson Cooper discussing mobile security and identity theft. (Disclosures)

What Are The Risks Of Mobile Spam?

Spammers send unwanted emails or texts that are both annoying and frightening. Most spam messages are useless advertisements selling stuff you don’t need or want.

In 1995, 8,069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands. By 2010, 54 million unique pieces of malware were detected and more than 90% of all email was spam.

SMS spam (or spam via texting) is so prevalent today because those sending it are often scammers using robocall techniques that sequentially dial numbers in any area code and extension. An online search for “mass sms software” turns up plenty of free and low-fee programs that facilitate mass texting.

Also, when you enter your mobile number on a website you might end up clicking a terms of service agreement where you allow the company to send you text advertisements. And entering your information on a mobile app is no different. If you are not careful, you could unknowingly be opening yourself up to spam from the app and any third parties they work with.

While spam is mostly annoying, it can also pose some risks to you. You could even be tricked into paying for products and services that turn out to be illegitimate or nonexistent. Spam can also be used to distribute Trojans, spyware, and exploit code that can infect your mobile device or steal your information.

To protect yourself from SMS spam, you should:

Unsubscribe to unwanted text messages – Try to reduce the amount of marketing lists that have your mobile number, If you haven’t signed up to receive text messages from an organization and don’t recognize the sender, don’t open the text or unsubscribe from the list, since this lets the spammer know that your phone is active. The best thing to do is just delete the message.

Protect your mobile phone number – Don’t give your mobile number to companies or people you don’t know. And, if you do need to give out your mobile number, make sure you should understand the company’s privacy policy to see if your information is being shared with any third parties.

Use great caution when opening attachments – Never open unsolicited business emails, or attachments that you’re not expecting—even from people you know.

Watch out for phishing scams. Don’t click on links in text messages. Instead, open your mobile browser and visit the site directly.

Do not reply to spam. Never send your credit card information, Social Security number, and other private information via email or instant message.

Watch your permissions – Make sure you know what information your apps have access to as you may be allowing them to send you text messages by just downloading the app. Read the reviews and privacy policy for the app.

Taking the time to practice some simple steps will help protect you against the risks of spam.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Mobile and Phishing – Why It’s More Dangerous

Phishing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. SMiShing is a version of phishing in which scammers send text messages rather than emails, which, as with phishing emails, appear to have been sent by a legitimate, trusted organization. The terms reference a scammers’ strategy of fishing for personal information.

For instance, you could receive an email or text message from someone posing as your credit card company, asking you to confirm your account numbers or passwords.  It’s much easier to fall for these tricks on your mobile device because a lot of the things you can do to check if an email is legitimate are not available.

For instance, because of the limited screen space on your mobile device, you probably can’t see a site’s full web address, or an email sender’s full return address. Without being able to see a full address, it’s difficult to tell if the website or sender is legitimate. You also can’t “hover over” a link like you can from your computer and get a preview of a linked word or graphic.

Another factor is the “always on” nature of mobile devices. Most mobile users are more likely to immediately read their email messages and forget to apply their security practices, such as checking to see if an email is from someone they know and if any included links appear real. Because messages are checked continuously, you are more likely to encounter phishing attacks within the first few hours of launch, before security filters have a chance to mitigate the threat.

If you do click on a dangerous search result or stumble upon a malicious webpage, you could wind up accidentally downloading malware onto your phone, or simply run into inappropriate content.

To protect yourself from a mobile phishing scam, you should:

Don’t click on any links from people or companies you don’t know

Even if you do know the person or company who sent the email or text, take the time to double-check a website’s address and make sure that it appears legitimate.

Be wary of any retail site with deeply discounted prices, and always check other users’ comments and reviews before purchasing online.

Rather than doing a search for your bank’s website, type in the correct address to avoid running into any phony sites, or use your bank’s official app.

Use a comprehensive mobile security product such as McAfee® Mobile Security, which offers mobile antivirus protection, safe search, backup and restore functions, call and text filtering and the ability to locate your phone and wipe personal information in the case of loss.

The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages or otherwise responding to such ruses.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Free Mobile Apps = Drained Battery

Go through your smartphone right now. Look at each app and seriously consider whether you need it. If not, delete it. Then, determine which of the free apps are worth upgrading to the paid versions, since free apps that contain advertising that puts an additional drain on your battery.

Using a special energy-profiling tool, researchers from Microsoft and Purdue University found that when a mobile is run over a 3G connection, Android and Windows Mobile apps operating third-party ad services dedicate up to 75% of their power requirements to ads rather than game play.

Applications often communicate with their sources, transferring data back and forth between your mobile phone and the app’s home server. This information could be about you, gleaned from your mobile use, or it could be new advertising. The most effective way to deal with this is to either delete the app, or in some cases you are given an option to prevent it from running in the background.

But don’t stop there. There are numerous other battery drains affecting your smartphone. To preserve battery life:

Set your phone to lock automatically after being idle for one minute

Disable Wi-Fi and Bluetooth when they are not in use

Disable all unnecessary notifications

Disable any unused location services

It’s also a good idea to get yourself set up with extra chargers for your car, travel bag, and various rooms of your home. I like getting a mix of extra long and very short cables for different applications. They can often be found inexpensively on eBay.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Spring Cleaning Your PC

If your PC is bogged down with useless software and your desktop is jammed with icons and documents, then your PC is next to useless as a productivity tool. Even scarier is the increased likelihood that if you have lost track of your files, you could easily have sensitive personal information exposed without your knowledge.

Begin by emptying your trash, since these unwanted files are still taking up valuable space on your hard drive, then follow these tips for a cleaner, faster machine:

Organize software: Gather all your software disks and serial numbers, and back them up in two or three different locations. I keep all my software on the original CDs or DVDs, and I’ve also ripped copies, which I save in organized folders on external hard drives. (Ripping is the process of copying audio files, video files, or software to a hard disk.) This includes all your drivers, recent versions of browsers, antivirus and anti-spyware software, and any free applications you use.

Get Belarc Advisor: This free utility takes a snapshot of your entire system and generates a convenient list of everything that’s installed, including serial numbers. This helps you identify and eliminate bloat—programs with an excess of superfluous features that are unnecessary for users.

Remove old programs: If you have software that you haven’t used for at least a year, it is time to remove these programs from your PC as they are taking up space and could contribute to a slow down your PC.

Eliminate clutter and back up important files: Delete files that aren’t important to you and organize the files that you want to save into clearly labeled, easy to find folders.

Defrag: If you have a Windows machine, find “disk defragmentation” in your programs menu to start this process.

Upgrade your operating system: Upgrades usually offer new features that can help your machine run smoothly, and often include security patches that keep your computer protected from the latest threats.

Clear your cache: Clearing your browser’s cache of temporary files and cookies can free up a lot of space on your hard drive. Search online for specific instructions on how to clean your browser’s cache.

Do a reinstall: Adventurous and tech-savvy types can bypass all of the above and do a full reinstall. This means gathering all your installation CDs, software and files on external CDs or drives and then wiping the hard drive clean.

If you need help identifying problems with your computer, try McAfee TechCheck, a free diagnostic tool that quickly scans your PC to pinpoint possible problems with your operating system, network, applications, hardware, or peripherals.

If you want help maintaining your computer or have more serious issues, check out McAfee TechMasterservice, which can rescue an ailing PC or help you set up and optimize a new computer or smartphone. They can also help you set up, troubleshoot, and protect monitors, printers, and other peripherals as well as help you set up a home wireless network—all from the comfort of your home! And McAfee TechMaster is available 24 hours a day, 365 days a year.

So before the summer rolls around, make sure you finish this last bit of spring cleaning.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Your New Best Friend May Not Protect You

Your mobile phone may arguably be your new best friend. There are few people, places, or things in our lives today that get as many hours of attention as your mobile phone or is with you as often (and for some of us, that means 24/7). Four out of seven people on the planet have mobile phones, because a phone really is a great companion that brings us into contact with all the actual people we love, media that entertains us, music that makes us feel good, and finances that help us eat.

But unlike a German Shepherd, your mobile isn’t exactly a security device. Certainly, it can help you get help, but we often forget that our smartphones are our most personal computer and are usually with us most of the time. Even though we use our smartphones for way more than just calling people, we don’t protect it like we should. Below are some tips from McAfee on mobile security.

Lock it: Configure your phone to lock automatically after two or three minutes, and to require a PIN to unlock. And make sure you’re not using a PIN like 1234 or 1111.

Install trusted apps: Only download from reputable app stores. Third parties are risky. Use crowdsourcing and checking reviews before downloading any app.

Back up: Most smartphones have the ability to back up wirelessly, locally or to the cloud. Just like your computer, it’s good to do this with your smartphone on a regular basis.

Update your OS: Operating system updates are meant to patch vulnerabilities in your OS and allow it to play well with other apps.

No “jailbreaking” or “rooting”: These terms refer to the act of hacking your device so that it can go beyond the intended walls it was designed to stay behind. Those walls offer protection you won’t get otherwise.

Log out: Just like on a PC, before you close that window or walk away from the device, log out of any websites or programs. And remember, don’t “save” your information so that you can automatically log in the next time—if your mobile is lost or stolen, someone else can easily access your accounts or files.

Turn off WiFi/Bluetooth: If you aren’t using wireless services, shut them down. Open, unattended wireless connections are easy targets for criminals.

Don’t get scammed: Any emails or text messages you receive requesting personal information are usually scams. Unless you specifically initiated the conversation, just hit delete.

Don’t click links in emails or texts: Unless I’m expecting an email from a friend, colleague, or company as a result of an action I’ve taken, I don’t click links, since they can often result in your device becoming infected with malware. And it’s much harder to see if a link is not valid from your mobile device vs. your computer.

Install mobile security: Comprehensive security is as important and necessary for your smartphone as for your PC and even your Mac. And don’t forget that just like your computer, you need more than antivirus.

McAfee’s 10 Quick Tips To Mobile Security

http://robertsicilian.wpengine.com/wp-content/uploads/2012/04/MobileeGuide_Jan2012.pdf

You can download these tips in a PDF document to share with your friends and family.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

FCC and Carriers to Create Stolen Phone Consortium

Stolen phones are a big problem here in the US. Many are stolen in robberies. Robberies are, by definition, violent crimes, and there are many instances of robberies of mobile phones that resulted in serious injury or even death.

TechNewsWorld reports “Ten years ago, mobile phone thefts accounted for about 8% of New York City’s overall robbery cases, but since then the number has climbed to 40%, according to Ray Kelly, commissioner of the New York City Police Department.”

Similar statistics like 38% of all robberies in Washington, D.C. and other big cities have prompted the Federal Communications Commission, wireless carriers, law enforcement across the country and a few outspoken politicians to work together and create the PROTECT Initiative.

A month ago a journalist asked me if the wireless carriers will ever agree to create a joint effort consortium to identify, catalog and dead end stolen mobile devices. I said never, no way, won’t happen, they make too much money off the contracts to turn down a stolen phone. But now that lawmakers have stepped in, the wireless industry will want to have a say before any laws are passed that tie their hands.

PROTECT is a good thing. It helps create awareness – people still don’t get that they need mobile security. In the coming months we will see more buzz from the wireless community about what systems are in place to protect you and what responsibilities you have as a consumer to protect yourself.

Meanwhile software like McAfee Mobile Security not only protects against viruses and malware but can help prevent a criminal from accessing your personal and private data if your phone is lost or stolen. You can remotely locate your phones, even if the GPS is turned off, lock the device, back up the data and if necessary, wipe everything from your phone. If your mobile phone was ripped from you right now, how vulnerable would you be?

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Utah Medicaid Breach Serves as Another Wakeup Call

An employee of the Utah State Department of technology must have hit the snooze button when he launched a test server that resulted in the breach of 780,000 Medicaid records including over 250,000 Social Security numbers.

The Governor of Utah was quoted in the Salt Lake Tribune saying “Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised.”

Words like “tragic” are generally associated with death, not data breaches, nonetheless, it’s not good to have your Social Security number in the hands of a criminal. The data breached will most certainly cause thousands of people to suffer from identity theft. New lines of credit opened by the thief will go unpaid and ruin good credit ratings.

While we do not have all of the specific details of the incident in Salt Lake City, it appears that the systems in question may have had the encryption measures required, but that a single weak password may have provided access to these sensitive records. This is another reminder that the failure to implement organizational security policies is, in itself, a weak link in IT security.

Security is the responsibility of the ones who are in charge, those who hold the keys. In my home, it’s me. In your house, it’s you. And you can put all the locks on a house that you need, but if you leave a window open or a thief chooses to look under your doormat for a front door key, he can easily enter and rob you blind.

For consumers a comprehensive antivirus, antispyware, antiphishing and firewall is just the beginning. Make sure your computer us up-to-date with all its critical security patches and your browser is secured too.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

What Happens to Your Profile After You Die?

If you were hit by a bus, and passed on to whatever heaven might exist, would you care about your Facebook page? Probably not. But your loved ones more than likely would. Things like email, websites, and social media profiles are considered “digital assets,” which may have some monetary value, but for the most part offer sentimental value to the family of the deceased.

I went to high school with a darling young woman who passed away at far too young an age. Her Facebook page sees a lot of activity. Not a day goes by that someone doesn’t make use of this forum to leave a message telling her they love her. It’s quite nice to visit her page and witness this outpouring of affection.

When Facebook is informed that a profile’s owner has passed away, the account is memorialized, which means that nobody can access or edit the account, nor can any new friends be accepted, but people can still post messages and comments.

However, the inability to access an account might pose a burden to the family of the deceased, who might wish to learn more about their loved one or need administrative abilities in order to access crucial information, alert loved ones, or even finalize the deceased’s affairs.

The Associated Press reports, “Now lawmakers and attorneys in at least two states are considering proposals that would require Facebook and other social networks to grant access to loved ones when a family member dies, essentially making the site contents part of a person’s digital estate. The issue is growing increasingly important as people record more thoughts and experiences online and more disputes break out over that material.”

Facebook currently provides an online form that can be used to report a user’s death. “If prior consent is obtained from or decreed by the deceased or mandated by law,” Facebook will provide the family of the deceased with a download of all account data.

Though you may not particularly care to acknowledge it, now might be a good time to instruct a trusted friend or family member on how to access your various social media assets in the event that something bad should happen.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)