What Threats Are Unique To My Mobile Device?

Imagine your body being targeted by 75 million viruses. That is exactly what’s happening to your digital devices and mobile devices are being targeted like never before. Mobile smartphone and tablets are being targeted in record numbers.

Android has become the most popular platform for new malware, and in McAfee’s Second Quarter Threats Report, was targeted exclusively by all new forms of mobile malware. The Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of viruses, but Android is the main target for hackers now.

With the increase in mobile malware, it’s always a good idea to stay educated on how you could be exposed. And there are some things to be aware of that are unique threats to your mobile device such as:

QR Code Scams
QR code infections are relatively new. A QR scamworks because, as with a shortened URL, the link destination is obscured by the link itself. Once scanned, a QR code may link to a malicious website or download an unwanted application or mobile virus.It’s a good idea to refrain from clicking QR codes from unfamiliar sources. Stick to codes provided by known advertisers or vendors, as these are least likely to be infected.

SMiShing
SMiShing is a version of phishingin which scammers send text messages rather than emails, which appear to have been sent by a legitimate, trusted organization and request that you click on a link or provide credentials in a text message reply. The term is a condensed way of referring to “short message service phishing,” or “SMS phishing.”Once you understand how it works, you are better positioned to recognize SMiShing, and to avoid clicking links within text messages or otherwise responding to such ruses.

Premium SMS fraud
McAfee Labs™ reports one of the simplest ways to generate profit from malware attacks on mobile devices is to place a call or send texts to pay-for premium numbers. If this activity is infrequent (for example, only once a week during the night) and concealed (by erasing the logs and using the hiding capabilities of rootkits), then it may go unnoticed for a long time.The key property to this malware’s popularity is the software’s ability to covertly send messages. In this case, Android is more risky than iOS because in Android permissions are assigned once at installation and cannot be dynamically controlled.

Jailbreaking or Rooting
Jailbreaking is the process of removing the limitations imposed by Apple and associated carriers on devices running the iOS. To ”jailbreak” means to allows the phones owner to gain full root access to the OS and access all its features. Similar to jailbreaking, “rooting” is the term involving the process of removing the limitations on any mobile or tablet running the Android operating system.Jailbroken and rooted phones are much more susceptible to viruses and malware because users can avoid Apple and Google application vetting processes that help ensure users download virus-free apps.

Expect more scams and more scam warnings directed toward your mobile devices going forward. As mobile cybercrime evolves and criminals begin to make some money, they will have the resources to hire crackerjack programmers to do their deeds. The time is now to secure your devices.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

What Makes My Passwords Vulnerable?

There is no such thing as a truly secure pass­word. There are only more secure or less secure passwords. Passwords are currently the most convenient and effective way to control access to your accounts.

Most people aren’t aware of the numerous com­mon techniques for cracking passwords:

Dictionary attacks: There are free online tools that make password cracking almost effortless. Dictionary attacks rely on software that automatically plugs com­mon words into password fields. So, don’t use dictionary words, slang terms, common misspellings, or words spelled backward. Avoid consecutive keyboard combinations such as qwerty or asdfg.

Cracking security questions: When you click the “Forgot Password” link within a webmail service or other website, you’re asked to answer a question or series of questions to verify your identity. Many people use names of spouses, kids, other relatives, or pets in security questions or as passwords themselves. These types of answers can be deduced with a little research, and can often be found on your social media profile. Don’t use traceable personal information in your security questions or passwords.

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed.

Reuse of passwords across multiple sites: When one data breach compro­mises passwords, that same login infor­mation can often be used to hack into users’ other accounts. Two recent breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft.

Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional hacking. Social engineering can be employed to trick tar­gets into disclosing passwords.

One day we will develop a truly secure password, perhaps a cross-pollination of various access control tools such as biometrics, dynamic-based biometrics, image-based access, and multi-factor authentication. In the meantime, protect your information by creating a secure password that makes sense to you, but not to others.

Use different passwords for each of your accounts.

Be sure no one watches as you enter your password.

Always log off if there are other people in the vicinity of your laptop or other device. It only takes a moment for some­one to steal or change your password.

Use comprehensive security software and keep it up to date to avoid keystroke log­gers and other malware.

Avoid entering passwords on computers you don’t control, such as at an Internet café or library. These computers may have malware that steals passwords.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop. Hackers can intercept your passwords and other data over this unsecured connection.

 

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Internet Safety Is Not A Technology Problem, It Is A Parenting Problem

A recent story about a teen romance gone wrong, had reportedly started on Xbox. Now their parents and police say the four Iowa teens have run away from their homes. Two teenage girls from Shellsburg and two teenage boys from Atlantic went missing in what police think may have been a plotted escape.

One of the boy’s mothers said, “I don’t let him have a Facebook account because I don’t want him meeting people online.” She added, “I didn’t realize they could do so much on Xbox.”

Parents need to understand the technology that their kids are using, not just let them blindly do whatever they want.  Yes, this takes time.  And, yes, this is more trouble than my parents had to deal with.  But, this is the era we live in.

A study recently conducted by McAfee and MSI Research called, “The Digital Divide,” revealed that this instant access to information and digital devices is impacting our teens more than many of us parents realize. Some of the findings include:

Meeting strangers – 12% of 13-17 year olds, after communicating with a stranger online met them in the real world.

Physical safety – 7% feared for their safety because of something that happened online, and 5% reported getting into a physical fight because of a problem that started online.

Criminal record – 15% said they have hacked someone’s social networking account and 31% have pirated music and movies.

Innocence – 46% of teens report accidentally accessing pornography online and 32% reported accessing pornography intentionally.

And what about the parents? The study showed:

1 in 3 believes their teen to be much more tech-savvy then they are, leaving them feeling helpless to keep up with their teen’s online behaviors.

22% of parents do not believe their kids can get into trouble online.

Less than 1 in 10 parents are aware their teens are hacking accounts or downloading pirated content.

78% of parents are not worried about their kids cheating at school.

Only 12% of parents thought their children accessed pornography online.

How can this be prevented?

Parents, you must stay in-the-know. Since your teens have grown up in an online world, they may be more online savvy than their parents, but you can’t give up. You must challenge yourselves to become familiar with the complexities of the teen online universe and stay educated on the various devices your teens are using to go online.

What are the conversations that parents should be having with their teens?

As a parent of two young girls, I proactively participate in their online activities and talk to them about the “rules of the road” for the Internet. Talk with your kids about the risks and rewards of the online world, and be specific about threats that exist. Stay involved in their online activities by asking them to show you things they enjoy online and sites they visit.

Stay involved in your teens social networking activities by joining the sites and connecting to them. Talk with them about strangers, new friends and suspicious messages.

Ask them what sites they use to communicate with others. There are many lesser-known networks used by teens to communicate with one another — such as Skout,  MeetMe, Tagged, Tumblr and many more.

Consider using tools to help keep your kids safe online and support family Internet rules. While Anti-virus software protects against security threats, parental control software such as McAfee Safe Eyes gives parents tools to protect their kids from inappropriate contact and stay informed about their online behavior.

How can parents become more tech savvy?

Get device savvy: Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless, or software, learn it. No excuses. No more, “My kids know more than I do,” or, “All I know how to do is push that button-thingy.” Take the time to learn enough about your devices to wear them out or outgrow them.

Get social: One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software. Keep in mind that “getting social” doesn’t entail exposing all your deepest, darkest secrets, or even telling the world you just ate a tuna sandwich. Proceed with caution here.

Manage your/their online reputation: Whether you are socially active or not, whether you have a website or not, there are plenty of websites that know who you are, that are either discussing you or listing your information in some fashion. Google yourself and your kids to see what’s being said. Developing your online persona through social media and blogging will help you establish and maintain a strong online presence.

Get secure: There are more ways to scam people online than ever before. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing, and firewalls. Getting security-savvy is a great way to start a new year.

I’m hoping that this report and new case opens other parent’s eyes so they’ll become more involved in educating their teens with advice and tools.

For more information, please visit:

Full report: http://www.mcafee.com/us/resources/misc/digital-divide-study.pdf

Press release: http://www.mcafee.com/us/about/news/2012/q2/20120625-01.aspx

Actress Sofia Vergara’s Personal Photos Hacked or Stolen Via Mobile

In my line of work I get emails such as this one: “Hi Robert, I’m not sure if you saw what had happened on my Facebook page last night, but someone stole my cell phone while I was at a concert, and posted all of my naked pictures off of my phone and posted them to my wall. They were up there for hours.”

Apparently if you are under the age of 40 this is common place. After the age of 40, not so much.

My response: “Horrible lesson learned. And, ahm, maybe no naked pics on your phone? Jeesh. Digital is forever.”

Her response: “That’s what everyone keeps telling me, I should’ve deleted them. Just never thought someone would do that. They could’ve just taken the phone, they didn’t have to embarrass me like that.”

The problem is “they” don’t just look to embarrass someone, they try to sell them, and in some cases extort the victim. We must remember some people aren’t looking to play nice.

The NY Post reports, ““Personal” photos of stunning actress Sofia Vergara have been put up for sale after being allegedly stolen from her fiancé Nick Loeb’s BlackBerry. The sexy pictures, which we’re told are personal in nature but are not nude images, were somehow hacked or stolen from Loeb’s phone before the couple got engaged in July.”

In both of these situations just simply locking the device would solve this issue.

Have you ever thought about what would happen if you lost your mobile phone? For a lot of us, it can also be a nightmare if it’s lost, stolen or hacked, especially since an untold amount of people are using their mobiles like a bedroom accessory.

But despite the fact that 1/2 of us would rather lose our wallet than our mobile phone, only 4% of us have taken steps to protect our mobile device with security.

We don’t realize that our photos, emails, text messages and our apps can be an open door for thieves into our personal information, privacy and financial accounts.

Mobile devices are on the move, meaning they can more easily be lost or stolen and their screens and keyboards are easier targets for “over the shoulder” browsing. Below are some tips to protect you and your device.

Never leave your phone unattended in a public place

Put a password on your mobile

Set your phone to auto-lock after a certain period of time

When doing online banking and shopping, always log out and don’t select the “remember me” function

Use mobile device protection that provides anti-theft

Mobile device protection can be used to backup and restore the information on your phone, as well as remotely locate it and wipe data in the case of loss or theft. Plus mobile device protection offers as virus and web and app protection.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video.Disclosures.

The Seedy Site of Web Searches

Ever seek out information online and end up somewhere you never meant to go? I’m not talking about some website that didn’t have what you were looking for, I’m talking about a website that you REALLY didn’t want to go to or would never go to. This is the dark side of the Net.

Think of it like this: when you drive, you might make take a wrong turn, and that wrong turn may result in you entering a bad neighborhood. But what’s scary about the dark side of the Web is that you didn’t end of on that website because you took a wrong turn, it’s because you were most likely re-directed there by cybercriminals.

There are 131 billion web searches conducted worldwide every month. Search engines consider numerous factors when you enter terms into a search query to determine what results to send back to you, including the popularity of the search, the number of times a page contains what you are searching on, what the search engines knows about you (like your device type and location), and the reputation of the links. These factors are utilized by marketing teams to make sure that relevant content is seen by you when you enter words to search for in your browser.

But this same process is also used by criminals who are looking to infect your device, and steal your personal information and finances. Criminals know that popular topics are ones that receive a lot of search queries and they use these topics to set up fake sites that are meant to cause you or your device harm.

Currently, there are more than 700,000 websites serving up malicious software and every minute a new phishing site is detected. In order to help you navigate the dark side of the Web and search safely, you should:

Be suspicious: Any links to free stuff or too good to be true offers are suspect.

Be cautious: Searches on hot topics, popular photos or videos are big targets for cybercriminals.

Check the URL: Typosquatting (common misspellings that direct you to a fake site) or even expired domains can direct you to the dark side of the Net.

Protect yourself: Use tools that offer secure Internet surfing. Make sure you use up-to-date comprehensive security software with a safe search plug-in on all your devices and that you are using the latest version of the operating system and browser on your device.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

It’s National Cyber Security Awareness Month

There are few pseudo holiday celebration days or months that truly get my attention. But National Cyber Security Awareness Month definitely does! It’s the one month a year that consumers are consistently reminded by news reporters, government agencies, non-profits and security companies that security is everyone’s responsibility.  All of us need to take actions to protect our personal security, our nation’s critical infrastructure and be good digital citizens.

The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cyber security awareness and education for all digital citizens, partnered with McAfee on a new survey to examine U.S. residents’ online safety posture.  The findings reveal a substantial disconnect between our respective online security perceptions and our actual practices while on the Internet. The online safety survey shows that all of us can increase our efforts to make the Internet safer in light of such notable statistics:

90% of Americans agree that a safe and secure Internet is crucial to our nation’s economic security

50% say their job is dependent on a safe and secure Internet and 79% say losing Internet access for 48 consecutive hours would be disruptive

90% of us do not feel completely safe from viruses, malware and hackers while on the Internet

25% of us have been notified by a business, online service provider or organization that our personally identifiable information (e.g. password, credit card number, email address, etc.) was lost or compromised because of a data breach

This data shows that Americans can improve their online safety practices in a number of areas, especially when it comes to accessing the Internet from their personal devices. We can all increase our online safety practices by starting with these simple ways to stay safe online:

Keep your machine clean
Use up-to-date comprehensive security software and use the latest versions of your Web browser, and operating systems.

Own your online presence
When available, set the privacy and security settings on websites to your comfort level for information sharing—it’s good practice limit who you share information with.

Make passwords long, strong and unique
Use a combinations of upper and lowercase letters, numbers and symbols create a more secure password and don’t use the same password for all your sites.

Protect all your devices that connect to the Internet
Along with your PC, make sure to protect your Macs, smartphones, tablets and other Internet-enabled devices.

Connect with care
Get savvy about Wi-Fi hotspots and the potential risks of using them. Also, when banking and shopping, check to be sure the site’s security is enabled.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Protect Your Facebook Photos

Imagine you have a baby and want to share your newborn’s photos with your Facebook friends and family all across the country. You snap the pictures and post and receive lots of fun and exciting feedback.

Then a week later you are scanning Craigslist to buy some second hand baby stuff like strollers and maybe baby clothes. In the process of searching “baby” you see an ad for “ADOPT MY NEWBORN” and out of  curiosity you click the ad and see a picture of your child!!!!

This has happened and will happen again. People are weird and do weird things with your images.

Yes, your digital assets can be stolen and used without your permission. In general, if its digital. It’s repeatable which means it can be downloaded, copied, pasted etc. And up until now, there wasn’t much consumers could do about that.

Just because your Facebook profile is set to “Private” doesn’t mean that your photos can’t go public. McAfee® Social Protection safeguards your Facebook photos by letting you control exactly who can view them.

When you upload your photos using the app, your photos will appear blurry and indistinguishable to people you don’t know. What’s more, no one –not even your friends and family who you’ve granted access to your photos– can save, print, download or screen capture them.  It also disables the share button preventing further displays of your pictures without your permission.

In short, your photos, stay your photos.

Pretty cool. Go to the McAfee Facebook page and check out McAfee Social Protection today!

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Technology Fuels Cyberbullying and Cheating in Teens

McAfee’s study “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” shows an alarming 70% of teens have hidden their online behavior from their parents, up from 45% in 2010. And yet half of parents live under the assumption that their teen tells them everything he/she does online.

The school year is now upon us. If you haven’t already, you will soon start packing up the kids to send them off to school. Outfitting your kids with new clothes are new technologies is often a big part of back to school preparations.

However, these technologies can have drawbacks and even some dangers that parents need to address: cyberbullying and cheating.

Here are some startling facts that we as parents need to be aware of:

Cyberbullying

Almost 25% of teens claimed to be targets of cyber bullying and 2/3 of all teens havewitnessed cruel behavior online

Only 10% of parents are aware of their teens are targets of cyber bullying

Facebook has become the new school yard for bullies with 92.6% of teens saying that cruel behavior takes place on Facebook, and 23.8% on Twitter, 17.7% on MySpace and 15.2% via Instant Messenger

When witnessing others being attacked, 40% of teens have told the person to stop, 21% have told an adult and 6% joined in

When being attacked themselves, 66% of teens responded to the attacker (with 35% responding in person), 15.4% avoided school, and an alarming 4.5% have been in a physical fight with their attacker

Cheating

Only 23% of parents express concern about their teen going online to cheat in school, yet nearly half of all teens (48%) admit they’ve looked up answers to a test or assignment online

22% cheated specifically on a test via online or mobile phone; while only 5% of parents believed their children did this.

15.8% of teens have admitted to cheating on a test by looking up answers on their phone yet only 3.2% of parents thought their teens cheated this way

14.1% of teens admitted to looking up how to cheat on a test online

Overall, 77.2% of parents said they were not worried about their teens cheating online

Parents, you must stay in-the-know. Since your teens have grown up in an online world, they may be more online savvy than you, but you can’t give up. You must challenge yourself to become familiar with the complexities of the teen online universe and stay educated on the various devices your teens are using to go online.

As a parent, I proactively participate in my kids’ online activities and talk to them about the “rules of the road” for the Internet. I’m hoping that this report opens other parent’s eyes so they’ll become more involved in educating their teens with advice and tools

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

 

No Surprise—Ransomware On the Rise

McAfee’s latest Threats Report shows a 1.5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012.

With the malware growth rate up nearly 100,000 per day, McAfee has identified these key variations of malware affecting everyone, which include, mobile malware, Twitter hackers web threats and specifically ransomware.

Data can sometimes be held hostage with the help of “ransomware,” also known as “ransom software.” This software infiltrates your com­puter when you download an infected attachment or clicking a link within the body of an email. You can also get ransomware simply by visiting the wrong website, in what is called a “drive-by.”

Once your computer or mobile device is infected with ransom­ware, it locks down your files to prevent you from accessing them and gives a hacker full control of your machine. Sometimes the ran­somware poses as a “Browser Security” or “Anti-Adware” security product whose license has expired. Computers running Windows that are infected by ransomware are confronted by a full-screen message that resembles a Windows “error alert”.

Ransomware is not common, but it’s definitely a rising malware threat. The best way to avoid ransomware is to make sure that your computer is running the most current version of your operating system and has updated antivirus software. It’s also very important not to click on links in the body of an email or visit unfamiliar websites that may contain viruses that will attempt to inject them­selves through any security vulnerabilities in your browser.

As PC malware writers master their craft, they are transferring their skills to other popular consumer and business platforms, such as Android devices. After the mobile malware “explosion” in Q1 2012, Android malware shows no signs of slowing down, putting users on high alert.

While malware most typically affects PCs due to Windows software, malware can be written for any operating system and platform. Cautioning all Mac fans they too are susceptible to malware, the McAfee Threat Report notes Mac malware’s steady growth, with more than 100 new samples over Q1 2012.

Users must understand how criminals use psychology with lures of easy money. The most effective way to protect yourself is to install a full suite of security protection on your computer so your money and your information remain guarded.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

 

Malicious Websites – The Web is a Dangerous Place

McAfee’s latest Threats Report shows a growth in malicious websites replacing botnets as the primary infection mechanism. This means that by just simply visiting a website you could be exposed to malicious things that can do harm to your computer, mobile device, finances or identity.

Websites with bad reputations are influenced by the hosting of malicious software (malware), potentially unwanted programs, or phishing sites. By the end of June 2012, the total number of bad URLs referenced by McAfee Labs™ overtook 36 million! This quarter McAfee recorded an average of 2.7 million new bad URLs per month. Of the new bad-reputation URLs, 94.2% host malware that have been specifically designed to hijack your computer.

It is important to make sure you are aware of things that can happen when you are exposed to a malicious site. The web is a dangerous place for the uninformed and unprotected. Protect yourself:

Make sure your OS is updated: Keeping your operating system updated is a must to protect against security threats. The updates protect you from any known holes that could expose you.

Keep your browser updated: Running the latest versions of the browser also help to protect you against threats that you could be exposed to.

Use security software: Having up to date comprehensive security software is a must. It should include antivirus, anti-spyware, anti-spam, anti-phishing, a firewall and a safe search tool.

Use strong passwords: Little yellow sticky notes on your monitor with your passwords isn’t good. Use a combination of upper and lower case letters, numbers and symbols that are at least 8 characters in length. Also use different passwords for each of your accounts and if possible consider changing them up every 6 months.

Stay educated: Make sure you stay up to date on the latest tricks and tools that hackers use by reading blogs, and getting tips from trusted security sources.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)