Posts

Russian Organized Crime: Krem D’la Krem of Hackers

The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.

11DAnd these Russians didn’t discriminate: Any website they could bust into, they did, ranging from big U.S. companies to little websites—anything. Most of these sites remain vulnerable.

Apparently, the thieves are not working for Russia’s government (which rarely goes after hackers anyways), nor have they sold the stolen information…yet. They’ve been paid by third-party entities who want to send out spam.

This gang of thieves operates like a business, with some doing the programming and others doing the stealing. The crooks use botnets to scope a site’s weaknesses, then plow in there.

This massive breach has called attention to the reliance that businesses have on usernames and passwords; this will need to be changed.

Tips for Preventing Getting Hacked

  • Say NO to clicking on links inside e-mails, even if the apparent (note “apparent”) recipient is your bank or a friend.
  • URL security. Trust only sites whose URL starts with a padlock icon and “https.” An “http” won’t cut it.
  • Two-step verification. If your financial institution offers this, then activate it. Call the bank if its website doesn’t have this information.
  • Online banking. If possible, conduct this on a separate computer just for this purpose.
  • Change the router’s default password; otherwise it will be easy for hackers to do their job.
  • Wired ethernet link. This is better than a powerline or Wi-Fi for protection. To carry out an ethernet attack, the thief would probably have to break into a home and set up a device, whereas Wi-Fi data can be snatched out of the air, and powerline data can leak into next-door.
  • Encryption. If you must use Wi-Fi or powerline networks, encryption will scramble data, but a hacker can crack into Wi’Fi’s WEP.
  • Say no to third-party Wi-Fi hotspots.
  • Security updates. Keeping up to date will guard against hackers who use a keylogger to figure out your keystroke pattern—which can tell him your passwords.
  • Hotshot Shield; This service protects you from fraudulent activity when you’re working online in an unprotected network (wired or wireless), such as at airports, hotels or coffee houses.
  • Get identity theft protection. Generally your identity is protected from new account fraud. Many of the services monitor your data on the dark web.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Ways you may get Hacked this Summer

Can you name 10 ways you can get hacked this summer? I can.

Hotel Hacking

4DThose hotel electronic card locks for doors aren’t as secure as you think. A criminal attaches a little electronic gizmo beneath the lock, and presto, he’s in your room. You can’t stop this, but you can make the burglary worthless by not leaving valuables in your room. Always have your door locked overnight.

Car Hacking

Forget the bent coat hanger trick — that’s for rookies. But even a dimwitted thief could hack into your car this summer. For only $5, the thief buys a “black box,” a key fob spoofer, that electronically forces car doors open. Short of disabling your keyless entry, what you can do is park your car in lighted areas and keep valuable out of it. Or have your mechanic install a kill switch.

Credit Card Skimming

Criminals set up those card readers at stores with devices that will steal your card information. If you can’t pay with cash, use a credit card since there’s a delay in payment, whereas a debit card takes money from your account at the point of purchase. Keep a close eye on your credit card statements and bank account.

Hacking a Charging Phone

Avoid charging up your phone at a public kiosk. It doesn’t take a mental giant to install malware into these kiosk plugs. Once your phone gets plugged in, it’ll get infected. Use only your plug or wall outlets.

Finders Keepers Finders Weepers

If you happen to find a CD-ROM or thumb drive lying around in public, leave it be, even if it’s labeled “Hot Summer Babes at the Seashore.” You can bet that a crook left it there on purpose and wants you to plug it into your computer. You’ll end up installing malware that will allow the thief to remotely control your computer.

Phishing for Victims

You get an e-mail with a striking message in the subject line such as “Pics of you drunk at my party!” A percentage of people for whom these messages apply to will open the e-mail and take the bait: a link to click to see the photos. The link is malware and will infect your computer.

Wi-Fi Sharing

Using a public computer is always risky, as anyone can monitor your online actions. Hackers can even “make” your device go to malicious websites that will infect your device. Stay away from public Wi-Fi or use a VPN (virtual private network) like Hotspot Shield. A VPN will protect you summertime and all time at public WiFis.

Photo Geotagging

Every time you take a picture and post online, your location will be up for grabs in cyberspace, unless you’ve disabled your device’s geotagging.

Social Media

Beware of clickjacking and XSS. Clickjackers place a phony screen over an obscured malicious link, luring you to click. The hidden link then is triggered and gives the hacker your contacts, taking you to a malicious site. XSS puts a malicious script right in your browser that will install malware. So be judicious about clicking on popular videos and whatnot.

Airplane WiFi Hacking

Connect while 35,000 feet high and you can be revealing all sorts of private goodies. Airplanes lack online security. The aforementioned VPN is your best bet when connecting to airplane WiFi

Start your summer off securely by avoiding becoming a victim of hackers.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Protecting Your Business’s Data From Organized Crime

Organized crime rings are using brains, not brawn, to target small businesses and steal critical data. Protect your business by putting these 11 security measures into place.

1DOrganized crime has always been known to be all about muscle … but even the bad guys have evolved. Seems organized crime syndicates have discovered that more money can be made in less time with less hassle simply by employing brains over brawn.

As technology and technology skills have evolved, it’s become painfully easy to employ hackers to break into small businesses’ networks and seek out sensitive data and personal information.

Meet the members of your friendly neighborhood crime ring:

Programmers: skilled technicians who write and code viruses that target a business’s network PCs.

Carders: specialists in distributing and selling stolen card data and sometimes transferring data onto blank “white cards” then embossing them with foil in order to create exact clones.

Hackers: black-hat intruders who look for and exploit vulnerabilities in networks.

Social engineers: scammers who may work with psychologists who dream up the different scams and then con victims via phone, phishing or in person.

Rogue systems providers: unethical businesses that provide servers for criminals.

Money mules: often drug addicts or naïve Americans who buy items at retailers with stolen credit cards. Some mules ship products, and others launder money. Mules may be from a foreign crime syndicate’s nation and travel to the U.S. to gain employment within an organization and open bank accounts to store money until transfer.

Bosses: in charge of the entire operation. Bosses delegate, hire talent and make all the money.

Why Target Small Businesses?

Organized criminal hackers all over the world use sophisticated hacking tools to penetrate databases that house a small business’s client data. In general, they’re seeking:

  • Social Security numbers
  • Credit card numbers
  • Bank account information
  • Home and business addresses
  • Birth dates
  • Email addresses

Why do they do it? Simple—their primary motivation is to get paid. They accomplish this by opening new lines of credit or taking over existing accounts. Transactions include making charges to credit cards, initiating electronic fund transfers or using email addresses for large phishing or spear phishing campaigns.

How Hackers Hack

Hackers are the bad guys who use penetration-testing tools—both legal and illegal—that are available commercially or only available on the black market. Their tools come in different forms of hardware and software that seek out vulnerabilities within a small business’s network.

Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the phone, sends an email or shows up in person and cons a target using any of a variety of methods.

Protecting Your Data

There are plenty of ways to get taken. But there are also plenty of ways not to. The fundamentals of protecting your business’s data include:

  • Maintaining updated operating systems, including critical security patches
  • Installing and running antivirus, antispyware and antiphising software and a firewall
  • Keeping browsers updated with the latest version
  • Updating all system software, including Java and Adobe
  • Locking down wireless Internet with encryption
  • Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
  • Utilizing filtering that controls who has access to what kind of data
  • Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
  • Possible disabling or removing USB ports to prevent the downloading of malicious data
  • Incorporating strict password policies
  • Encrypting files, folders and entire drives

These 11 steps are a good start. However, standard security measures are never enough. Depending on the size, scope, type of data requiring protection, compliance and regulatory environment, possible insider threats, and what “bring your own device” policies may be in place, risks and threats must be defined and prioritized. This often requires consulting a professional.

There are two considerations small businesses must take into account that go beyond a low-budget, “do it yourself” mentality:

1. Data loss prevention and risk assessment software. This type of software monitors an entire network’s activities and behaviors to seek out events that might lead to a breach and then stop them before data loss.

2. Penetration testers. These are white-hat hackers who use similar tools as black hats to seek out vulnerabilities and exploit those vulnerabilities as far as they’re allowed by the client. They might use automated tools to seek technology vulnerabilities, or employ virtual or physical social engineering. For instance, some penetration testers will test the physical security of a building during or after hours. Penetration testing involves real-world attacks that have been proven to work elsewhere, along with seeking out flaws in a business’s networks.

The worst thing any small business can do is nothing. Failure to test your networks and put layers of security in place will inevitably result in a breach. Forewarned is forearmed.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How To Stop Criminal Hackers In Their Tracks

Do you offer free WiFi? Put these three safeguards in place to protect your customers and your business.

3DOn a recent trip from Boston to New York on an Acela Express train, I was writing blogs and doing some research using Amtrak’s free wireless Internet. “Free” usually translates to “unsecured,” which means a criminal hacker with the right hardware and software could have sniffed out my wireless communications and grabbed my data. That same hacker, depending on my device’s firewall, setup and sharing settings, might also have been able to access my drive and files and even plant a virus on my device.

But I wasn’t worried because I use a virtual private network software that allows me to surf on an unsecured connection.

Amtrak also knows its free wireless is risky for its users, so before you can use it, you have to agree to the terms and conditions of the Wi-Fi’s use that indemnify Amtrak.

Protecting Your Business

Free wireless is everywhere, because Wi-Fi brings in customers and is a great tool to help create customer loyalty as well. Numerous merchants, including hotels, coffee joints, fast food places and numerous others with a storefront, offer free Wi-Fi to attract people and increase sales.

But it has its downsides, too. If you’re offering it in your place of business, you need to understand that your access point can be used for criminal activity—and to hack your own business, too.

So what are criminals looking for? Criminals connect to free Wi-Fi for:

  • Pirating music, movies and software via P2P programs. This criminal activity costs the recording and motion picture industries billions of dollars every year. The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) are cracking down on any IP address associated with illegal downloading and will come after your business too.
  • Child pornography. Law enforcement spends lots of time in chatrooms posing as vulnerable kids, chatting it up with pedophiles who buy sell and trade in child pornography. If your IP address is used for this purpose, you will get a knock on the door with a battering ram.
  • Criminal hacking. Bad-guy hackers look for vulnerabilities in others’ devices when using free Wi-Fi networks. They steal keystrokes, usernames, passwords and account info, and install spyware and viruses.

You’re not powerless against these hackers. These three safeguards are the first hurdles you can put in place to secure your company’s Wi-Fi:

1. Use a web proxy/filter. IT security vendors sell software that filters out or blocks known websites and prevents the sharing of P2P files. For more details on what kind of information can be accessed, search “internet access control software” to find a suitable vendor.

2. Add an agreeable use policy. There are numerous phrases a small business can incorporate into an agreeable guest use policy. You may want to include such language as “User agrees not to …”

  • Willfully, without authorization, gain access to any computer, software, program, documentation or property contained in any computer or network, including obtaining the password(s) of other persons. Intercepting or attempting to intercept or otherwise monitor any communications not explicitly intended for him or her without authorization is prohibited.
  • Make, distribute and/or use unauthorized duplicates of copyrighted material, including software applications, proprietary data and information technology resources. This includes the sharing of entertainment (e.g., music, movies, video games) files in violation of copyright law.

You may want to search for and read other business’s agreeable use policies in order to help you compose your own. And be sure to have your lawyer or legal department review it before you begin having customers agree to it.

3. Implement a secure Wi-Fi. Wi-Fi that requires users to log in with a username and password to charge even a dollar will then have their credit card number on file. This would mostly eliminate any anonymity, thus preventing numerous e-crimes.

Don’t think for a second something bad can’t happen to your business. Performing due diligence, knowing your options and implementing these barriers will keep both you and your customers from legal troubles and from getting hacked.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Data brokers hacked and used for identity theft

Did you know you can buy Social Security numbers (SSNs) online? It’s legal to do so in most cases, and pretty much anyone who has an internet connection can make a purchase. Information brokers or data brokers, as they are known, sell this information in the form of background checks. In some instances, the SSN needs to be provided to get the background check; in other instances, the SSN is available as part of an information package. There are plenty of legitimate reasons one would have to procure this information.

Recently, researchers discovered a few of the major data brokers had been breached in a way that allowed criminal hackers to install malware that allowed them through the back door of the data brokers’ servers. As a result, these same hackers set up their own website reselling the hacked data. The customers of the hacked data, it seems, are identity thieves—many of them organized criminals using the data for various scams and to open new lines of credit or take over existing lines of credit.

CNET reports, “The service’s customers have, the report said, ‘spent hundreds of thousands of dollars looking up SSNs, birthdays, driver’s license records, and obtaining unauthorized credit and background reports on more than four million Americans.’”

This goes to show you that some of the largest companies on the planet that spend the most amount of money on security and have the most to lose are hackable…which means you and I are even softer targets, and our identities are at risk everywhere.

You can’t rely on your government or corporations to protect your identity. It is essential you take proactive action and do it yourself. There are two approaches that work best when done together. I do both; you should too:

  1. Get a credit freeze. Search “credit freeze,” then individually visit each credit bureau (Experian, TransUnion and Equifax) and follow their process for a credit freeze.
  2. Invest in identity theft protection. It’s not enough just to get a credit freeze. There are many times when your credit won’t be frozen, and when your data is used to either open new accounts or take over existing accounts—and depending on the identity theft protection service, you will be assisted to mitigate any fraud.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Where You’ll Get Hacked

Criminal hackers are targeting large enterprises and breaching millions of records every year. They are also targeting small mom-and-pop operations that don’t have the security budgets the big companies do. But you and I, the lowly consumer, are also being targeted because many of us are clueless when it comes to information security.

Some unfortunate and frankly unsurprising statistics:

  • 98%: credit cards being the primary data type stolen by criminal hackers in 2011 and 2012
  • 12.6 million: victims of identity theft in 2012
  • 3 seconds: how often someone becomes a victim of identity theft
  • $21 billion: financial losses to identity theft in 2012
  • 7%: percentage of American households falling victim to identity theft in 2012
  • 47%: hacker attacks using remote access, perhaps in the form of a Trojan that compromises a username or password, or by a victim giving up passwords in a phishing attack that gives hackers back-door access to a network or PC.
  • 1%: data compromised as a result of physical theft of a device. If that device isn’t password protected and/or encrypted, the information is up for grabs.
  • 72%: victims of a mock phishing scam who believed their friend was sending them a fraudulent link. This tells me people are too trusting.
  • 19%: home/office WiFi users who still use WEP encryption, which is very hackable. Use WPA2, which is much more secure.
  • 89%: public WiFi that is unsecured. So any time you use public WiFi, use Hotspot Shield VPN.
  • 10%: amount of spam that’s virus laden

Capture

2

How do you protect yourself from this mess?

  1. Create strong passwords using letters (uppercase/lowercase) and numbers.
  2. Use a secure updated browser and only plug in personal information when it reads HTTPS (S means it’s secure) in the address bar.
  3. Disable autorun, which can automatically download and install software—including malware.
  4. When using public WiFi, disable sharing and use a VPN to encrypt your online traffic.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Robert’s FREE ebook text- SECURE Your@emailaddress -to 411247.

Aquaman, King of the Seven Seas May Also be King of Threats

Wonder Twin powers activate! Shape of a Pterodactyl! Form of an icicle! Watching the Super Friends on Saturday mornings in my pjs while eating sugared cereal for breakfast and reading comic books was the extent of my relationship with super heroes. Ahh… those were much simpler times.

Today kids can find everything they need to know (and more) about their favorite superhero online. And with computers, Internet-connected game consoles and mobile devices all readily available, they can access this information at any time. But now searching for these super heroes may not be all that innocent as just looking for fun facts.

With the resurgence of the superheroes into mainstream movies (think Iron Man, Hulk, Captain America to name a few), hackers are leveraging their popularity to target consumers. Hackers are most successful when they can attract a large number of victims. One way to target big crowds online is to track current events—everything from celebrity meltdowns and natural disasters to holidays and popular music—and now, superheroes.

McAfee reveals the top Most Toxic Superheroes (#toxicsuperhero) that result in the greatest number of risky websites when you search for them online. The research found that searching for the latest “Aquaman and free torrent download,” “Aquaman and watch,” “Aquaman and online,” and “Aquaman and free trailer” yields a 18.6% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

The study uses McAfee® SiteAdvisor® site ratings, which indicate which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage. The top Superheroes from the research with the highest percentage of risk are:

Aquaman                   18.60%

Mr. Fantastic            18.22%

The Hulk                    17.30%

Wonder Woman       16.77%

Daredevil                   16.70%

Iron Man                    15.63%

Superman                   15.21%

Thor                            15.10%

Green Lantern          15.00%

Cyclops                       14.40%

Wolverine                   14.27%

Invisible Woman      12.40%

Batman                       12.30%

Captain America        11.77%

Spider-Man                 11.15%

Here’s some tips to help you stay safe while searching online (whether it be from your PC or mobile device):

Be suspicious: If a search turns up a link to free content or too-good-to-be-true offers, be wary

Double-check the web address: Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquattting)

Search safely: Use a safe search plug-in, such as McAfee SiteAdvisor software that displays a red, yellow, or green ratings in search results, warning you to potential risky sites before you click on them

Protect yourself: Use comprehensive security software on all your devices, like McAfee LiveSafe™,to protect yourself against the latest threats

Broadly speaking, this study confirms that scammers consider popular trends when deciding which victims to target. This makes common sense. If hackers are motivated largely by profit, the biggest profits can be wrung from the largest pools of potential victims. And on the web, popular trends and visitor traffic are highly correlated—so be smart and don’t fall into their trap.

Discuss on Twitter using #toxicsuperhero

Robert

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Are you Hackable or Uncrackable? “Password Day” is Today!

Yes, such a day exists and it’s today, May 7th 2013. Intel and McAfee are working to make sure consumers increase their security awareness and front line of digital protection by asking everyone to change their passwords today.

Reuse of passwords across multiple sites is a big problem. In the digital world, many of us are much more vulnerable than we need to be. For example, it’s very likely that your Amazon password is the same as your Gmail password and also the same one you use for online banking and your Facebook account.

In fact, 74% of Internet users use the same password across multiple websites1, so if a hacker gets your password, they now have access to all your accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft and financial loss.

And what’s worse is that many people use simple, easy to guess passwords. A recent study found that the most common passwords people use are “password,” “123456,” and “12345678.”2 No wonder cybercriminals are finding it so easy to get into our accounts.

The solution is as simple as changing your habits. Take a moment to protect yourself in a basic area of security, and you can save hours of trouble. In fact you can test how hackable your password is with this tool from Intel.

If you need help moving from just one password, here’s a trick: Use one for your bank accounts, another for email and social networking accounts, so if your email account gets hacked, your bank account isn’t compromised. For more tips on how to create a simple, secure password, read this article.

ChangedMyPasswordInfographicTall

Here are some other tips to protect your password:

Avoid logging onto sites that require passwords on public computers, such as those at an Internet café or library—these computers may contain malware that could “record” what you are typing.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop—your passwords and other data can be intercepted by hackers over this unsecured connection.

Don’t use the “remember me” function on your browser or within apps—if you walk away or lose your device, someone could easily login to your accounts.

Use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date to avoid malware that could “see” what you are typing on your device or unknowingly send data to hackers.

Password Day is more than a day, it’s a way of life. Don’t leave the backdoor to your life open. Pledge to change yours today.

For more information, join @Intel@McAfeeConsumer@StopThnkConnect and @Cyber (the Department of Homeland Security) for a tweet chat today at 3pm ET on protecting your passwords. To participate simply use the hashtag #ChatSTC.

 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

How Hackers Use Our Information Against Us

We hear an awful lot about hackers breaking into systems and taking down networks or stealing millions of data records. The general understanding we have for hacking is bad guys want to disrupt things to make a point or to make money. But how do they really use our personal information against us?

Whether you realize it or not, you expose a lot of your personal information online and even through the technologies you use. From information posted to social networking sites to data sent over unsecured wireless networks, you reveal bits of information that hackers can piece together to either scam or impersonate you.

This information is currency to hackers because it allows them to get what they want—your money. Or worse, a criminal can take your information and make you look really bad and completely tarnish your good name.

With your Social security number they can open various lines of credit under your name and never pay the bills, thus damaging your credit rating and creating a lot of work to for you to clear your name.

If they hack in to your devices and get your usernames and passwords then they can wreak some serious havoc. Banks accounts can be emptied, social media and email accounts can be used to scam your friends or disparage you or your loved ones, and if they access your medical accounts or history, you could be denied services when you need them most.

What all this means is you have to protect your devices and protect your personal information to avoid this from happening. To help protect yourself you should:

Use a firewall – Firewalls filter information from the Internet to your network or computer, providing an important first line of defense. If you have a home wireless network, make sure that the firewall on your router is enabled, and use a software firewall to protect your computer.

Use comprehensive computer security – Because there are a variety of ways in which hackers can access your information, you need to make sure that you employ a comprehensive security solution like McAfee® All Access to safeguard all of your devices.

Educate yourself – Keep up to date about the latest scams and tricks cybercriminals use to grab your information so you can avoid potential attacks.

Use common sense – Follow the old caveats about not clicking on links in emails and instant messages from people you don’t know, and always exercise caution when it comes to sharing any sensitive information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

 

What Security Challenges to Focus on in the New Year

In 2012, security challenges we faced were often the ribbon cuttings and business plans that startup criminal organizations launched. In 2013, those criminal enterprise business plans will come together—and we need to be ready.

Social media is high on criminal hackers radar. Criminals scan social media looking for people who they can scam. One such scam seeks out entire families and usually targets a grandparent. Criminals will pose as the grandchild and call granny asking for money to be wired. They are also looking at your page to crack password resets. Only friend those you know like and trust and lock down your privacy settings.

With Windows 8 out, criminals have set their sights on this new operating system and are seeking out its vulnerabilities. Old Win XP machines will be as vulnerable as ever. Macs are higher on hackers’ radars, too. Protecting your devices with essential security such as antivirus protection and keeping the OS updated are critical.

Mobile also is high on the hackers’ radar. McAfee predicts that as mobile malware grows, we can expect to see malicious apps that can buy additional apps from an app store without your permission. Buying apps developed by malware authors puts money into their pockets. We also expect to see attacks that can happen without you having to install an app, so no interaction on your part is needed to spread the malicious app.

Mobile ransomware quickly is moving from the PC to mobile devices. Criminals hijack your ability to access data on your phone or even use your phone, so you are faced with losing your contacts, calls, photos, etc. or paying a ransom—and even when you pay the ransom, you don’t always get your data back.

Protect yourself by refraining from clicking links in text messages, emails or unfamiliar web pages displayed on your phone’s browser. Set your mobile phone to lock automatically, and unlock it only when you enter a PIN. Consider investing a service that locates a lost phone, locks it and wipes the data if necessary, as well as restoring that data on a new phone. Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures