New Mobile Security App for Android Smartphones

Consumers with smartphones understand they are carrying around the functions of a computer, but most users are unaware that smartphones are susceptible to the same security threats that plague laptops and desktops.

As more online retailers introduce mobile e-commerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application.

Malicious software (malware) can invade a device when consumers click a malicious link in a text message or email, surf a risky website or download a potentially unsafe app.  Once the device is infected, malware allows the collection of data from the device such as a location information, financial information, and login credentials.

Verizon Wireless has always protected devices on its network using sophisticated network intrusion and data analysis tools.  Now they will extend their network security to customers with the introduction of Verizon Mobile Security, an application that helps secure and protect Android smartphones against digital and physical threats.

The new offering covers concerns such as device infection, misplacement or loss, reaffirming Verizon Wireless’ commitment to protect its customers, devices and network by providing resources with robust security capabilities. Representing the next level of protection, Verizon Mobile Security, co-developed by Asurion and McAfee, is available on Android smartphones running Android 2.1 or higher.

To help protect yourself, I also recommend:

Refrain from clicking links in text messages, emails, especially if they are from someone you don’t know

Set your smartphone to lock automatically and unlock only when you enter a PIN

Keep your phone’s operating system updated with the latest patches

Invest in mobile security protection, which includes antivirus, for your smartphone

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Celebrities Are Lures For Scammers

“Just Google it.” You’ve probably heard this phrase a thousand times before, and for good reason—search is one of the top activities we do online[1]. But while you are searching online for information and content, keep in mind that scammers are also searching for victims.

Scammers have been very productive in creating fake or infected websites, which are designed to do harm to your computer, your finances or your identity. The bait that lures us to these infected websites may be the latest Twitter trend, a breaking news story, a significant world event, downloads, and even celebrity pictures or gossip. And, the more popular the search, the more likely you are to run into dangerous results.

For the 6th year in a row, McAfee researched popular culture’s most famous people to reveal which ones are the riskiest to search for online. Emma Watson has taken over the #1 spot from Heidi Klum as the Most Dangerous Celebrity to search for on the Web (#riskyceleb). This year also marks the first time that the entire Top 10 list is comprised of all women. The top 10 celebrities from this year’s study with the highest percentages of risk are:

Cybercriminals often use the names of popular celebrities to tempt viewers to visit websites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of the trendy content they were expecting.

And beware of “free” things. Scammers know that this is a word that can get a lot of attention and will use this as a way to get to you. This year, when searching for “Emma Watson and ‘free’ downloads,” and “Emma Watson and hot pictures” and “Emma Watson and videos” you run the risk of running into online threats designed to steal your personal information.

Here’s some tips to help you stay safe while searching online (whether it be from your PC or mobile device):

Use common sense: if it sounds too good to be true, it probably is.

Always double-check the web address (URL) that you are going to. For example, if you are searching for Amazon.com and get a result for “Amazzon.cn”, you should know not to click.

Use a safe search plug-in, such as McAfee® SiteAdvisor® software that displays a red, yellow, or green ratings in search results, warning you to potential risky sites before you click on them.

Use comprehensive security software to protect against the latest threats.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

What Are The Risks Of A Lost Or Stolen Mobile Device?

Have you ever thought about what would happen if you lost your mobile phone? These days we rely on our mobile phones more than ever. For a lot of us, it can also be a nightmare if it’s lost, stolen or hacked, especially since today it’s become our most personal computer,

But despite the fact that 1/2 of of us would rather lose our wallet than our mobile phone, only 4% of us have taken steps to protect our mobile device with security.

For most of us, our first reaction when we lose our wallet is I have to cancel my credits cards, get a new license, etc. When we lose our phones, we think about the pain and cost of replacing the device. But that’s just the tip of the iceberg.

We don’t realize that our photos, emails, text messages and our apps can be an open door for thieves into our personal information, privacy and financial accounts.

And the time to replace your smartphone and its contents can consume as much as 18 hours of your life.

Mobile devices are on the move, meaning they can more easily be lost or stolen and their screens and keyboards are easier targets for “over the shoulder” browsing. Below are some tips to protect you and your device.

Never leave your phone unattended in a public place

Put a password on your mobile and set it to auto-lock after a certain period of time.

If you use online banking and shopping sites, always log out and don’t select the “remember me” function

Use mobile device protection that provides anti-theft which can backup and restore the information on your phone, as well as remotely locate it and wipe data in the case of loss or theft, as well as antivirus and web and app protection.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Scams Are a Sport This Summer

Scammers tend to follow an editorial calendar much like journalists do. For example when the holiday season is coming journalists often write about bargains to be had while scammers use the season as an opportunity to try and entice users with deals that are “too good to be true.”

This same practice is also used for high-value news items such as a natural disasters, celebrities and high-profile sporting events. Many of us are not aware of the risks and threats associated with such high-profile sporting events and the impact this could have on you, your devices and your personal data. In fact, in a recent survey done by OnePoll for McAfee, only 13% of Brits are worried about a cyber threat spoiling their enjoyment of the summer’s sporting events.

As the world descends into a sporting frenzy this summer, it can be easy to become a little sloppy about keeping your mobile devices safe and secure. However, now is the time when we need to be more cautious.

McAfee has recently identified several scams related to sports which encourage consumers to share their personal details. These can take the form of text messages, social network spam or emails offering fake tickets or lottery wins.

In order to help you keep your mobile devices protected during this summer of sport, you should:

Heed the advice of too good to be true
Be wary of phony websites, emails, texts and pop-ads offering “too good to be true” deals on tickets to sporting events, autographed merchandise, and “winning” a trip to events.

Back-up your data
Before you leave on a vacation to a major sporting event, make sure you’ve made a replica of your data from your smartphone, tablet, laptop or any other devices you’re taking with you. That way in case your device is lost or stolen, you still have all our data. Also consider deleting any personal information on the device that isn’t absolutely necessary.

Disable location services
Before posting photos on sites like Facebook, turn off GPS to avoid having your location information falling into the wrong hands.

Don’t let your apps remember your user names and passwords: Also make sure you don’t store credit card information or passwords on websites. If your smartphone or laptop is lost criminals can easily access these accounts

Be careful when using Wi-Fi networks
Avoid using public or free Wi-Fi networks when trying to access information online. Your information could easily be stolen without your knowledge and you should log in to any financial or shopping sites.

Use “safe search” technology
Make sure that install software the alerts you to risky sites that you may receive via email, texts, IMs or social networking sites. This will prevent you from going to a site that could download malicious software on your mobile device that could steal your identity and financial information.

The world’s biggest sporting event is something to be enjoyed by all and by following these tips, you can stay safe and just enjoy the event!

Robert Siciliano is an Online Security Expert to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

What Are The Risks Of A Lost Or Stolen Mobile Device?

Have you ever thought about what would happen if you lost your mobile phone? These days we rely on our mobile phones more than ever. For a lot of us, it can also be a nightmare if it’s lost, stolen or hacked, especially since today it’s become our most personal computer,

But despite the fact that 1/2 of of us would rather lose our wallet than our mobile phone, only 4% of us have taken steps to protect our mobile device with security.

For most of us, our first reaction when we lose our wallet is I have to cancel my credits cards, get a new license, etc. When we lose our phones, we think about the pain and cost of replacing the device. But that’s just the tip of the iceberg.

We don’t realize that our photos, emails, text messages and our apps can be an open door for thieves into our personal information, privacy and financial accounts.

And the time to replace your smartphone and its contents can consume as much as 18 hours of your life.

Mobile devices are on the move, meaning they can more easily be lost or stolen and their screens and keyboards are easier targets for “over the shoulder” browsing.

Below is an infographic that shows why you should protect your smartphone and some tips to protect you and your device.

 

Take time to protect your mobile device. Here’s some tips to keep your mobile safe:

Never leave your phone unattended in a public place

Put a password on your mobile and set it to auto-lock after a certain period of time.

If you use online banking and shopping sites, always log out and don’t select the “remember me” function

Use mobile device protection that provides anti-theft which can backup and restore the information on your phone, as well as remotely locate it and wipe data in the case of loss or theft, as well as antivirus and web and app protection.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Phisher Use Olympic Lottery Scams For Summer Games

Fishing, of course, is the sport of tossing a baited hook into the water and then patiently waiting for a fish to bite.

Phishing is similar. The cybercrook sends out spam email and waits for a victim to take the bait. A phisher can send thousands of phishing emails a day, and eventually some people will get hooked.

Phishing is a multi-billion dollar business. Unlike the ongoing depletion of the ocean’s fisheries, there are still plenty of people out there to phish. Today, many victims in developing nations like India and China have only recently gotten broad­band Internet access, and are considered fresh meat by the bad guys.

Phishers follow a similar editorial calendar as newspaper and magazine editors, coordinating their attacks around holidays and the change in seasons. They capitalize on significant events and natural disasters, such as Hurricane Katrina, the Japanese Tsunami and the swine flu. On their radar right now is the 2012 Olympics.

Francois Paget, Senior Threat Researcher at McAfee discovered numerous emails combining scam lotteries and the Olympics. Like chocolate and peanut butter these two topics go great together.

“These mails inform the recipients that they have won a substantial amount of money. After contacting the lottery manager, the victims of these rip-offs will be asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. In some cases, the organizers ask for a copy of the winner’s passport, national ID, or driver’s license. With that personal information compromised, future identity theft activities are guaranteed.”

Awareness is the best way to avoid being scammed. Knowing what the bad guys are doing to hook their victims and learning not getting caught is your best protection. Here’s  a video that explains what phishing is and how to detect if an email is phishing. You should also be aware of phishing when reading emails on our mobile phone. For more information about mobile phishing, read this.

Invest in security software that includes antivirus, anti-spyware anti-phishing and a firewall.

Never click links in the body of an email unless you are 100% sure it’s legit

Don’t go snooping around your spam folders opening emails that look suspect.

When in doubt, delete. Like mom said, if it’s too good to be true, it is.

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Yahoo! Hacked: 15 Tips To Better Password Security

In light of the Yahoo Voices hack where 450,000 passwords have been compromised, it’s time again to let the world know what they are doing wrong when it comes to passwords. CNET pointed out that:

2,295: The number of times a sequential list of numbers was used, with “123456″ by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.

160: The number of times “111111″ is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000″ is used 71 times.

Protect your information by creating a secure password that makes sense to you, but not to others.

Most people don’t realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords.

Common Ways Hacks Happen

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.

Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research. When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.

Tips to Make Your Passwords Secure

Make sure you use different passwords for each of your accounts.

Be sure no one watches when you enter your password.

Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.

Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.

Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.

Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.

Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.

Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.

Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy

Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

In the end, it’s the responsibility to the public to protect themselves. This disclosure now requires those currently exposed to change their password. The rule of thumb is to change your passwords frequently, every six months. It’s a cliché, but true, passwords need to be strong. Let the keyboard be your palate and be creative. A common mistake people make is that they use dictionary or slang terms. Beware. Dictionary attacks use software that automatically plugs common words into password fields making password cracking effortless for various tools.

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube. (Disclosures)

NFC at the Summer Games Could Be Exploited

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

Visa is testing out its NFC service PayWave contactless payment service at the Summer Olympics in London. Every athlete will get a Samsung Galaxy SIII phone enabled with near-field communication (NFC) along with Visa’s payment app.

NFC can be used in other ways beyond credit card transactions. It can integrate with hardware, such as your car, to unlock a door. It can activate software.

Soon enough, using your phone as a credit card will be commonplace. Mobile contactless payments, in which you pay by holding your phone near the payment reader at the register, are expected to increase by 1,077% by 2015.

All of this is good and well, however, there are security issues with NFC that still need addressing. McAfee researchers point out a scam called “fuzzing the hardware”, which involves feeding corrupt or damaged data to an app to discover vulnerabilities. Once such vulnerability is found, the attacker must research and develop an exploit to perform various attacks (e.g. steal credit card info. export the data to the attacker, leak credit card info to any requester). The attacker will then need to find a method to have the victim run the exploit. This entire process costs attackers and criminals in time and money, which can be justified in the case of NFC enabled phones and a multitude of stores with card readers.

McAfee discovered exploitable vulnerabilities on Android and iOS phones. If someone has NFC turned on, an attacker in close proximity can pick up every signal to gather private information or payment information on an athlete’s device.  It is almost like pick pocketing, but they don’t even have to touch you.

McAfee researcher Jimmy Shah stated an attacker wishing to target the Samsung Galaxy SIII devices at the summer games can purchase one easily and use the researcher’s data to help find vulnerabilities and eventually develop exploits to steal a victim’s credit card. The large number of readers at the Olympics will provide places where a successful attacker can use stolen credentials to make purchases.

Users can protect themselves by obtaining apps from the Google Play Market, Amazon’s Appstore, or their carrier’s app store, avoiding 3rd party stores that may have pirated or maliciously modified software. Reviews from other users are also helpful in determining safer apps.

NFC handsets are set to increase to about 80 million next year. Gartner estimates that that 50% of Smartphone’s will have NFC capability by 2015. Pay attention to what’s happening in the world of NFC, mobile payment and mobile security  because before you know it, your wallet will be your mobile phone.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Do You Know What Your Teens Are Doing Online?

A new study called “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” (conducted by Tru Research and commissioned by McAfee) shows an alarming 70% of teens have hidden their online behavior from their parents, up from 45% in 2010. And yet half of parents live under the assumption that their teen tells them everything he/she does online.

It’s perfectly normal for teens to be less than forthcoming during these years when their hormones are raging and teen angst boggles their brain and body. However the Internet has drastically changed our culture and teens today have access to an incredible amount of information that they didn’t have, just a decade ago.

This instant access to information and digital devices is having an impact on our teens that many of us as parents don’t realize. Some of the revealing consequences are:

Friendships – 20% of teens said they had ended a friendship with someone because of something that happened on a social network.

Physical safety – 7% feared for their safety because of something that happened online, and 5% reported getting into a physical fight because of a problem that started online. More than 1 in 10 (12%) of teens have met someone in real life that they only knew online.

Criminal record – 15% said they have hacked someone’s social networking account and 31% have pirated music and movies.

Cheating – 48% of teens admitted to looking for test answers online, and 16% have used a smartphone to do this.

Innocence – 46% of teens report accidentally accessing pornography online and 32% reported accessing pornography intentionally.

 

 

 

 

 

 

 

 

 

And what about the parents? The study showed:

1 in 3 believes their teen to be much more tech-savvy then they are, leaving them feeling helpless to keep up with their teen’s online behaviors.

22% of parents do not believe their kids can get into trouble online.

Less than 1 in 10 parents are aware their teens are hacking accounts or downloading pirated content.

78% of parents are not worried about their kids cheating at school.

Only 12% of parents thought their children accessed pornography online.

 

 

 

 

 

 

 

 

 

Parents, you must stay in-the-know. Since your teens have grown up in an online world, they may be more online savvy than their parents, but you can’t give up. You must challenge yourselves to become familiar with the complexities of the teen online universe and stay educated on the various devices your teens are using to go online.

As a parent of two young girls, I proactively participate in their online activities and talk to them about the “rules of the road” for the Internet. I’m hoping that this report opens other parent’s eyes so they’ll become more involved in educating their teens with advice and tools.

For more information, please visit:

Full report: http://www.mcafee.com/us/resources/misc/digital-divide-study.pdf

Press release: http://www.mcafee.com/us/about/news/2012/q2/20120625-01.aspx

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

70% of Teens Hide Online Activities from Parents—Why We Should be Concerned

Most major media picked up on a study that McAfee released called “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” that shines a scary light on how much trouble kids are getting themselves in online and how clueless most parents are.

Many people commented saying “I don’t need McAfee telling me kids lie” and I get that. But those who recognize the obvious may not realize the actions and consequences of those lies.

I’ll be the first to admit, and I’ve said this on national TV and radio, I should be buried 6 feet under based on the way I lived my teen years. I lied as a means of survival to cover up my various acts that would have surely got me the belt. But what I did compared to what teens are doing today was a different kind of trouble.

People snicker when they learn that almost half of teens are looking at porn weekly. Really? This is no big deal? It’s true they say “we become what we think about” and a 13-year old isn’t in an emotional or physical position to be consuming hard core violent porn.

Another example is that more than 10% of 13-17 year olds are meeting strangers online then actually meeting them in the real world. I doubt before social media there were as many teenage girls meeting 30-year old men on the street and then getting in his car. But with the Internet these “friends” can seduce teens girls via text or social networking sites and fill her emotional needs until he’s “got her.”

Are you really aware what this hidden behavior and lying is concealing? From the study, McAfee revealed that teens readily admitted to:

Breaking into others’ social media accounts

Hacking and manipulating grades in school

Downloading illegally pirated movies, music and software

Bullying, whether it was actively being a bully, being bullied or witnessing bullying

All of these activities could potentially get you, as parents, involved in numerous lawsuits because of these illegal activities.

This study more than anything points out how outrageous kids are acting online and how oblivious and overwhelmed their parents are. Perhaps Kevin Parrish, journalist and parent of teens from Toms Guidesummed it up best when he said:

“The Internet can be a dangerous place, and allowing teens to run free in a virtual new frontier seemingly run by hackers is just downright insane. Allowing children to do whatever they want online is a huge security risk to your personal data, and a potential legal risk for them. Bottom line, the Internet is a privilege, not a right. Teens should be allowed to express themselves, but not to the point where predators come calling or the FBI comes knocking at the front door. Teens are propelled by emotion, not knowledge and experience, especially early on.”

At least one parent gets it.

Here’s the top 10 ways teens fool their parents. Are you aware of all these?

 

 

 

 

 

 

 

 

 

 

Robert Siciliano is an Online Security Expert to McAfee