Risky Mobile Applications Plague Users

Once you own a smartphone or tablet, you are not likely to give it up. But it is essential that you can understand where the risks are and steer around them as you enjoy your mobile digital life.

With the growth in mobile exploding, it is only natural for cybercriminals to move towards that device as a means for profit since it has such large numbers. And for us as consumers this means learning about these new ways hackers can trick or deceive us.

Part of the education process is understanding where and how all this malicious activity happens. Unlike PCs where infections typically happen through email (attachments or links) or from visiting an infected website, for mobile devices, malicious software (malware) is distributed primarily through infected apps.

In their Mobile Security: McAfee Consumer Trends Report, McAfee analyzed data from McAfee Mobile Security users on Android devices and found:

16% (or 1 in 6) of apps are infected with malware or contain links to risky URLs

40% of malware do more than one malicious activity (for instance it may not only send your mobile # and device ID to the hacker, but it may also open a “door” so the hacker can get future information from other apps)

The #1 malicious activity the malicious apps did was send handset and personal information to the hacker

Spyware represents about 1/3 of all malware families in our zoo and 23% of mobile spyware joins a botnet or opens a backdoor, increasing the risk of data loss or device abuse

What does this mean for you?

It means you better be careful with your mobile device and especially what apps you download and use. I don’t know about you, but my smartphone has become an extension of me and without it I’d be lost. And if all the data that was on my phone got into the wrong hands, I shudder to think of what could happen.

That’s why it’s critical that you are careful when using apps. Here’s some tips to stay safe:

Watch where you download: Only download apps from reputable app stores

Investigate the app: Researching it by reading reviews and checking its ratings

Check the permissions: Make sure the app is only accessing data it really needs to function- studies have shown that 1/3 of apps ask for more permission than they need.

Don’t store your logins: Do not choose the “remember me” option for apps and mobile browser for your login information, even though this is not as easy. This way, if a stranger accesses your device they cannot log into your accounts as you.

Use security software: Software such as McAfee® Mobile Security can also help protect your phone against malware, bad apps and other mobile threats. It also allows you to remotely locate, track and lock your device in the case of loss or theft.

Even though 51% of us would rather lose our wallet than our smartphone, only 4% use mobile security software.  It’s time….save yourself the hassle later and make security a priority for your mobile device and yourself.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Mobile Security Myths

Mobile computing is the new frontier of personal technology. Whether you are on a phone or tablet, if you have a carrier connection, you are mobile.

Today, most of us can’t live without our mobile devices. We live in an always on, always connected world. While this is convenient in many ways, it also brings about new security risks that many people don’t think about.

For example, most of us know that we need to use security software on our PCs. But how many of us know to use security on our mobile devices? Mobile devices are our most personal computers, yet they open the door to many vulnerabilities that don’t exist on a traditional PC.

Here’s some fact vs. fiction around mobile devices:

Mobile Myth #1: The best way to locate my lost phone is by calling it.

False. While “Call Me Maybe” may be your theme song, and this is sometimes a viable option, it’s much easier to use security software that lets you locate your phone by GPS or make it “scream” so you can find it (this is much louder than your ring tone). You can also display a message on your lost phone if anyone does find it, so you can tell them how to get in touch with you.

Mobile Myth #2: It’s ok to have my apps automatically log in to my accounts if I have my phone protected with a PIN.

False. Even though a PIN is a good start, this is not complete protection. Hackers are often able to guess PIN codes and also have programs to help them quickly figure out your 4 digit combination. Make sure you use a PIN that is not 1111 or 1234 and that you do not set your apps or mobile browser to use the “remember me” function. If your phone falls into the wrong hands, that gives the person easy access to your accounts.

Mobile Myth #3: Phishing is just for PC users.

False. In fact, one study showed that mobile users are 3x more vulnerable to phishing scams than PC users. Hackers can use phishing attempts via email (if you access your email via your phone or tablet) but also via text and social media apps. Also, it is much harder to tell if links are “real” in a mobile browser or email, so you should use mobile security software that warns you if you are going to a malicious site.

These are just a few mobile myths that exist out there. To really test your mobile knowledge, play ourMobile Mythbusters quiz on Facebook, where you can also enter to win great prizes like a Galaxy tablet, Kindle Fire, or a copy of my e-book “99 Things You Wish You Knew Before Your Mobile Device Was Hacked,” all with a 1-year subscription to McAfee Mobile Security.


In addition, share you’re your mobile myths with @McAfeeConsumer using the hashtag #MobileMyths to help debunk mobile security myths and protect yourself and others. Top tweeters will win a copy of McAfee All Access or McAfee Mobile Security.

And if you’re going to be at Mobile World Congress, stop by to visit McAfee and see our product demos. We’re in the Intel booth in Hall 3, Stand C34. You may even get a small gift if you show that you’ve liked McAfee on Facebook or followed us on Twitter when you come see the people in the red shirts!


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Steamy Sexts Get Leaked 60% of the Time

McAfee released the study Love, Relationships, and Technology: When Private Data Gets Stuck in the Middle of a Breakup, which examines at the pitfalls of sharing personal data in relationships and discloses how breakups can lead to exposure of private data.

Nearly two-thirds of smartphone owners have personal and intimate information (such as revealing photos, bank account information, passwords, and credit cards) on their mobile devices, yet only 40% have password protection on their devices, leaving a huge gap in personal data protection.

The study shows that 94% of Americans believe their data and revealing photos are safe in the hands of their partners. However, 28% of people regretted sending that personal information and 10% of people have been threatened by their exes that they would expose risqué photos online.

Breakups are rarely, if ever, feel good events left on good terms. But we don’t have to make them worse by potentially having our private data open to being exposed for all to see.

capture 1


Capture 2

To make sure you keep your private date private, you should follow these tips:

Don’t share your passwords

Make sure you have lock devices (especially your mobile) with a PIN

Delete any intimate photos/videos on your mobile device

Don’t share photos or videos that you don’t want your grandma seeing

If you’ve shared passwords, change them immediately

Remember the adage that whatever you post online is there forever

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Simplify and Secure Your Passwords

It seems that almost every site on the Web requires a password. At least twice a week, I get an email from someone who wants me to join yet another site, which requires yet another username and password.

You can cop out and use the same username and password combination, but that’s always possible since some sites let you use numbers and symbols in your password and some don’t, or the user name you want may be taken. Besides that’s just asking for trouble. If you use the same password for your banking account, Gmail account, and your medical account you are leaving yourself open to exposure—if one account ends up getting hacked, all those accounts could be hacked.

But how do you manage all those user names and passwords without having a cheat sheet in a file on your computer or stuck on post-it notes next to your computer? Neither option provides the security you should reserve for passwords.

The key to surviving this is to make a small investment in a password management service that stores your passwords on a security-restricted site that you can access from any device as long as you have an Internet connection. The best thing about a password manager is that you ultimately have just the one master password to remember, which gets you access to all the different passwords for each site.

Password managers also allow you to instantly create secure and complex passwords for each of your accounts, so that you don’t end up using the same one for every account. Usually trying to create complex passwords can be tiresome and it isn’t easily remembering them all, but with a password manager it remembers all your passwords for you.

You might ask how having one password manager that holds the “key” to all my user names and passwords safe? Well it’s much safer than what you’re most likely using today and most of these password managers utilize a high-level of encryption that can’t easily be cracked.

The real security vulnerability is with your own computer and devices and any existing or future malware that it may have that could record your keystrokes or take screenshots. To prevent this, you need to make sure you have a clean device and run scans on a regular basis.

Never forget your passwords again with McAfee SafeKey password manager tool. McAfee SafeKey is available with McAfee All Access and it securely stores your usernames and passwords for your favorite sites, and logs in for you—with just one click. And it works and syncs across all your PC, Mac, iPhone or Android devices.

Robert Siciliano is an Online Security Expert to McAfeeDisclosures.

Just One of Many Internet Scams

A good friend of mine called me recently to ask what I knew about scams from online sales. He had placed an ad on CraigsList for something he was trying to sell and had asked for $150 for the item. He had received a call from a woman and she offered to send him a check for the item.

Shortly thereafter, he received a $2,400 check from a major chemical company and was confused about why the check was so much more than the amount he listed and why it was coming from a chemical company.

If you ever run into this, rip up the check. This is advanced fee fraud, or a shipping scam. I explained to him that he would undoubtedly be receiving an email requesting that the difference be paid to shipper via a wire transfer.

But why send a check for $2,400, and why from a chemical company? It was probably the only seemingly legitimate check the scammer on hand from a “business.” If you fall for this scam, you end up sending $2,250 back to the scammer and you never get paid on the $2,400 check.

The day after we spoke, he received this email:

“Hello XXXX,

The check has been delivered, thanks for your honesty towards this transaction so far. Well, the overpayment is meant to cover the cost of shipment for the item alongside my other properties including tax and insurance plus the movers and agents fees.

Please deposit the cheque today so that it clears tomorrow after the check has cleared, All you have to do is go the bank and have the rest of the money withdrawn in cash and have it sent to the movers via wire transfer.

Do let me know your schedule for the week regarding pickup as i have some other properties to be moved alongside the item. Please do act accordingly as agreed after deducting your money for the item, make the rest fund available to the movers via money gram Money Transfer at any of their outlet around you or check on moneygram.com and check for their outlets around and get back to me with the transfer details below (as it appears on the receipt) so i can contact the movers for the pick-up at your location ….Deduct the money gram money transfer charges from my fund also $50 for yourself (meant for any hassle or run around).

1) Sender’s name and address

2) Reference number {which is the 8 digits number on the Money Gram receipt}

3) Actual amount sent after the fee had been deducted

Hope i can trust you with the overpayments? Your Honesty and transparency will be appreciated”


The vast differences in the sale amount of the item versus the amount of the check are a huge red flag. Another thing to pay attention to is the email itself. It’s full of bad grammar and has some inconsistencies in wording that should be a warning sign to you.

This scam works on a small percentage of people who are naïve and by their nature are overly trusting of others. Help put a stop to this kind of fraud by learning about these scams and making an effort to educate others on the risks and pitfalls of phone, email, snail mail and web based scams.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was StolenDisclosures.

5 Ways to Ensure Online Privacy for Kids

Congress and the Federal Trade Commission (FTC) have taken special steps to ensure that children under 13 years of age don’t share their personal information on the Internet without the express approval of their parents. Congress passed the Children’s Online Privacy Protection Act (COPPA) in 1998 and the FTC wrote a rule implementing the law. The FTC currently is conducting a review of what changes, if any, should be made to COPPA to reflect the changes that may have been brought about from technology, such as the rapid adoption of mobile devices.

Parents who lack experience with the Internet, computers, or mobile devices must learn the basics before they can adequately monitor their children’s habits. A parent’s discomfort or unfamiliarity with technology is no excuse to let a child run wild on the Internet. In fact, in McAfee’s study, “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” showed that an alarming 70% of teens have hidden online behavior from their parents.

As with any task, one should start with the fundamentals. Spend as much time as possible with kids in their online world. Learn about the people with whom they interact, the places they visit, and the information they encounter. Be prepared to respond appropriately, regardless of what sort of content they find. Remember, this is family time.

Here’s some tips to help you protect your kids:

Narrow down devices: In the past, many of us set up our family computer in a high-traffic area, like the family room, but this becomes less feasible as more children have their own laptops and mobile phones. I recommend limiting time online and also limiting the number of devices your child has.

Teach then appropriate online behavior: Kids will be kids, but that doesn’t mean it’s okay to say cruel things, send racy pictures, make rude requests, or suggest illegal behavior, just because they are online. If it isn’t okay in the physical world, it isn’t okay on the Internet. Also discuss with your kids what is and is not okay with regards to the kinds of websites they may visit and what type of content is ok to share or not share. They should also be taught to not open attachments or click on links from people they don’t know.

Use parental controls: Consider investing in software with parental controls, which limit the sites your kids can access, times they are allowed online and the amount of time they spend online each day.

Discuss stranger danger: Just like in the real-world, kids should be taught to never meet someone they know only online in person and that they should not chat or friend people they do not know.

The Internet is forever: You and your kids need to understand that once things are posted online, they could live on forever. You no longer have control over that photo or video and it could come back to haunt them. They should follow the rule of thumb that they should not post or share anything they would not share with everyone.

The key to good online parenting lies in the basics of good offline parenting. Talking to your kids about the “rules of the road” for the Internet is just as important as talking to them to about things like looking both ways before they cross the street.

Robert Siciliano is an Online Security Evangelist to McAfee(Disclosures)

Do You Share Passwords with Your Partner?

Do you? I do and I’ve been doing it since I said “I do.” And if you are married or at least in a committed lifelong relationship, knowing each other’s passwords is probably expected. Today, sharing passwords has become a sign of commitment, a signal of love and devotion, like a varsity sweater or friendship ring. But what’s happens when the relationship goes sour (with a divorce rate of 50% to back me up here)?

Chances are good, that your significant other (if they have your passwords) will engage in revenge tactics with your account after a breakup. Despite public awareness of data leaks and high profile celebrity photo scandals, we continue to take risks by sharing personal information and intimate photos with our partners and friends, thus putting ourselves at risk for a “revenge”  situation.

28% of people have regretted (once they broke up) sending intimate content and 32% have asked their ex-partner to delete the personal content. But despite these risks, 36% of Americans still plan to send sexy or romantic photos to their partners via email, text and social media on Valentine’s Day.

People need to be more informed about the consequences of sharing so much private information with their partners. Sharing passwords with your partner might seem harmless, but it could and often does result in critical personal information falling into the wrong hands and landing on a public platform for all to see.

Today, McAfee released the study, Love, Relationships, and Technology: When Private Data Gets Stuck in the Middle of a Breakup, which examines at the pitfalls of sharing personal data in relationships and discloses how breakups can lead to exposure of private data.

Of those surveyed, the actions one’s partner took that led to a person exposing personal data are:

Lying (45.3%)

Cheating (40.6%)

Breaking up with me (26.6%)

Calling off Wedding (14.1%)

Posting pictures with someone else (12.5%)

Other (12.5%)

To make sure this doesn’t happen to you, I’ll make it easy for you. Think twice—digital is forever. It will haunt you and follow you. Just don’t do it.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!   Disclosures.

Get Smart─Lock Down Your Apps

Apps are what make smartphones smart. Without apps, smartphones would just be regular feature phones. Apps are what make our smartphones into our most personal computers. And like our computers, we need to protect our smartphones and apps.

Some of the most commonly used apps on the Android platform such as Facebook, LinkedIn and Gmail don’t require a log in each time they’re launched, which is convenient, but from a security standpoint, not smart.

In my world I have these 2 little gremlins that constantly pick at me for my mobile so they can play games.  But they access different applications and my Facebook status can become “Fubawa%^!aaaaasd;ohjvdasBLADOFIN.” And I look like I’m 4-years old or crazy─definitely, not smart.

And what about this scenario? You hand your smartphone to a buddy to show him some pictures and then your phone gets passed around the table and then it eventually makes its way back to you. The next day you find out that someone at the table thought it was funny to post status updates on your profile that you are looking for your true love (when you’re actually married). Not smart.

This is where “App Lock”  comes in. App Lock, included with McAfee Mobile Security (and also McAfee All Access), safeguards against this privacy danger. It allows Android users to protect installed apps against misuse by locking them with the same PIN that’s tied to their McAfee Mobile Security account. Smart!

Make sure you’re protecting your mobile device and your privacy. Lock your apps!

Robert Siciliano is an Online Security Evangelist to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Students Getting Cyberwise to Become Safe and Responsible Digital Citizens

Australian Prime Minister Julia Gillard unveils the new cyber education module, which was developed in partnership with McAfee and Life Education Australia.
This module expands the Life Education Program that is for primary school children across Australia.












A study called “The Secret Life of Teens 2012 report,” (conducted by TNS Research and commissioned by McAfee) shows an alarming 62% of teens have had a negative experience on a social network and 25% said they had been the victim of cyber bullying. bCyberwise is a program designed to help close that gap. The evidence for developing this program was numerous, but some key points are:

Digital media has become a significant and predominantly positive aspect of the education, leisure and social lives of most of today’s children and young people.

The use of digital media also poses some risks to the safety and well being of children and young people. The most harmful of these appears to be cyber bullying

Other contact risks include exploitive communication, sexting, impersonation, humiliation via doctored images, under-age enrollment on social media sites, and exposure to material that is inappropriate, misleading, unacceptable or illegal

Children and young people need opportunities to learn the skills and values that will enable them to be safe online and become good digital citizens

The middle and upper primary years of schooling represent a sensitive and timely period for introducing students to these skills and values

McAfee and Life Education’s new program content will support the class teacher in this regard, providing an opportunity for young students to learn and practice a set of relevant skills and values (technical, thinking, emotional and social) that are fundamental to the promotion of cyber safety and positive cyber citizenship.

The hope is that being “safe and responsible digital citizens” will hopefully be a part of these students’ lives as they grow up. More info can be found at www.mcafeecybered.com

Robert Siciliano is an Online Security Expert to McAfee.  Disclosures.


What’s on Your Phone? A Lot More than You Realize.

It’s funny to me that when having conversations about technology people still don’t see the parallel between their smartphone and their computer.

Today, smartphone are connected to the Internet and have much of the same information as the personal computer, if not more. Now Androids and other smartphones have become little mini handheld computers. Carriers are announcing that they’ll be upping the speed of the latest version of their networks, doubling download speeds. And new smartphones will have as much as 64 gigabytes of capacity. That’s more hard drive than my three-year old laptop.

For the next generation of users, the smartphone is replacing the PC as their primary device. Nielsen reports, “We are just at the beginning of a new wireless era where smartphones will become the standard device consumers will use to connect to friends, the internet and the world at large. The share of smartphones as a proportion of overall device sales has increased 29% for phone purchasers in the last six months; and 45% of respondents indicated that their next device will be a smartphone.”

For many of us, your mobile device has already become like your right hand (in my case, my left hand). Not only is it your phone, but it’s used to store some of your most private conversations and confidential information—it’s now your address/phone book, email, digital camera, news source, online banking system and even your wallet—all rolled into one device.

With all this invaluable data and information, and the growth in smartphones and tablets, it’s natural for criminal hackers to see these new devices as a huge opportunity, much like they did with the PC.

So if you have a smartphone or tablet, make sure you take steps to protect yourself.

Never leave your phone unattended in a public place

Put a password on your mobile and set your phone to auto-lock after a certain period of time

When doing online banking and shopping, always log out and don’t select the “remember me” function

Use mobile device protection that provides anti-theft, anti-malware/antivirus, app protection and web protection. McAfee makes this easy with McAfee All Access, a single software solution to protect all of your devices or you can use McAfee Mobile Security to protect your smartphone or tablet.


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)