Your Library for the latest IT Security News, Alerts, Threats and Tips and Android Games
Recent Articles
Showing posts with label identiy theft. Show all posts
Showing posts with label identiy theft. Show all posts

Thursday, 27 November 2014

keep your Android smartphone and Any Device secure?

Thursday, 27 November 2014 - 0 Comments



Don't panic about reports that 99% of malware targets Android devices, but do take precautions to ensure your device is secure

Android is the most popular operating system for smartphones, by far, and it's also the most open, in terms of how much you can customise your device – replacing its default keyboard, for example – as well as the approval process for developers to release new apps for it.

This openness is a boon for the tech-savvy Android user, because pretty much anything on their device that they don’t like can be swapped out for something better. They also tend to be pretty good at not installing apps that might play fast and loose with personal data. For them, Android doesn’t have a security problem.

What about everyone else, though? Android’s status as the world’s most popular smartphone OS means it has hundreds of millions of users who aren’t so clued-in on security. They’re not stupid or lazy: they’re just normal people. They’re the reason so many developers of viruses, other malware and privacy-flouting apps are targeting Android.

Cisco’s annual security report claimed in January that 99% of all malware in 2013 targeted Android devices, while security firm Kaspersky Lab suggested a similar figure of 98% in December last year.

"Android ticks all the boxes for cyber criminals – it’s a widely used OS that is easy to use for both app developers and malware authors alike," said Kaspersky's senior virus analyst Christian Funk, at a time when his company was detecting 315,000 new malicious files every day.

So, does Android have a big security problem? This is a question that is complicated by the fact that many of the companies warning about Android malware are also selling apps and services that promise to protect against it. They have a good view of what’s out there, but also an interest in talking up the risks.

But keeping your data safe on an Android device can be more about taking common-sense steps to minimise your risks, rather than assuming you need to splash out on a monthly security subscription – although there are plenty of choices for the latter if you decide that’s the route for you.

With that in mind, here are five tips for ensuring that your Android device is safe:

1. Be cautious when installing apps


Using the Google Play Store to download apps (or Amazon’s Appstore if you own one of its devices) already makes you among the more secure tiers of Android users – many dodgy apps are distributed through third-party Android app stores rather than the official ones.

Still, it’s best to exercise caution, especially when you happen upon what looks like a brand new version of a popular game. Candy Crush Saga, Angry Birds, Clash of Clans… fake versions of these regularly appear, so if something sets off warning bells (Candy Crush Saga 2, anyone?) it’s worth googling its title and checking its developer’s website to see if it’s a fake.

Also, read the reviews on the Google Play store – a surfeit of one-star reviews is a sign that something's wrong – and check the permissions that an app asks for before you install it. If anything here sets off warning bells – or simply makes you uncomfortable – it's a good prompt to walk away.

2. Watch out for phishing / SMS

Security on Android isn't just about the apps that you install on your phone. As with any device – Android or otherwise – be on your guard for phishing, sites that try to get you to enter personal data and/or credit card details. Text messages and emails can all be phishing methods, and just because you're on your phone doesn't make them less dangerous.

Combating phishing on Android isn't so different from on your computer: useful advice from the Citizens Advice Bureau, Microsoft and Symantec will get you up to speed, while an additional tip is to never tap on a link in a text message from someone you don't know – even if it looks like a company you do business with.

3. Lock screen security

Another point that applies to every smartphone OS, not just Android. Have you got your device's lock-screen settings sorted, so that if it gets stolen, the thief can't access your apps and data? Google’s default settings will see you fair, but there are some third-party apps that take interesting and unusual spins on unlocking the phone.

Picture Password Lockscreen, for example, gets you to unlock your phone by drawing points, lines and circles on any image you like. ERGO scans your ear and then gets you to unlock the device by holding it up to said lug. Fingerprint Scanner LockScreen is a cheeky Android equivalent of Apple’s iPhone 5s’ Touch ID – it pretends to scan your fingerprint, but really it’s just measuring how long your thumb rests on the screen.

4. Consider anti-virus software

If you'd still like to take the extra step of installing anti-virus software – or if you're thinking of putting it on the device of someone else (an older parent, for example) – a number of options are available from the big names of the security world.

AVAST Software's Mobile Security & Antivirus, Bitdefender's Mobile Security & Antivirus, Lookout Security & Antivirus, Kaspersky Internet Security, Trend Micro's Mobile Security & Antivirus, Norton Security antivirus and McAfee Antivirus & Security all have four-star-plus ratings on Google play from thousands of reviewers, with the competitive market meaning they add new features regularly.

Which you choose depends more on which you've used on your computer before, but all offer a good level of security if you're concerned.

5. Consider a parental control app

You can follow many of the steps above, but can your children if they’re using your device, or have their own Android tablet and/or smartphone? A number of companies are trying to help with this challenge too, with parental control software capable of ensuring children don’t install apps that they shouldn’t, or compromise data on a shared device.

Kids Place, Famigo, MMGuardian and Norton Family are four of the most popular examples, with varying features to control what apps are installed, what sites are being visited, and to set time limits on usage – and in some cases, add time as a reward for good behaviour.

Alternatively, you could spend a bit of time getting to grips with Android’s default features to set up different user profiles on a tablet, and make some of them restricted – found via the users option in your settings menu. But parenting skills are also important here: talking to your children about safe usage of their Android device is as important as trying to lock it down for them.

Wednesday, 19 November 2014

What is Phishing and How to Avoid it?

Wednesday, 19 November 2014 - 0 Comments

Phishing is one of the oldest tricks in the book of hackers. But as old as it might be, phishing still remains the most lucrative tool for cyber criminals; as they say, old is gold. This post tells you about phishing and measures you can take to avoid it.

What is Phishing?

Phishing is a fraudulent activity that is designed to trick the victim into revealing their personal and confidential information. This information usually includes bank account details, credit card numbers, and social security numbers to name a few. There are different ways a hacker can launch a phishing attack on his targets.

Phishing by Email

This is the most common phishing technique deployed by cyber criminals. Fake emails posing as crucial communication from a bank, ecommerce site or known legitimate entities are sent to the victim. These emails contain links to a fake Web site, which usually appears like a legitimate site and prompts the victim to sign in or divulge their personal information. In some instances, the phishing email itself contains an attachment of a form to be filled out by the victim. To trick the victim into visiting the fake Web site or fill out the form, such emails show a sense of urgency or a threatening situation. For instance, the target is informed that their bank account is at a risk of identity theft. To fix the issue, the user must verify their account by providing their banking details. The email might also claim that unverified accounts will be discontinued.

Here is an example of a phishing email that looks like it has come from Lloyds Bank:
                                               [Source: http://www.banksafeonline.org.uk]

Phishing by Call

Phishing is no more dependent on emails. Fraudsters have started using the telephone as their new pawn. In a phishing call scam, the victim will receive a phone call from a person posing as an employee of a bank, a software firm, or any other known organization. If it is from a bank, then the issue will be usually related to the security of the victim’s bank account. The caller instructs the victim to call another number, which in most cases, will be an automated attendant. The attendant will ask the caller for their bank account details like account number, pin number, password, etc. In some instances, a phishing email may instruct the victim to call a number, instead of urging them to visit a website or open an attachment. Phishing by phone is also called vishing.

This is how a phishing call might go:


“Is this Mr. Brown? This is a call for you from (a popular) Bank. We have received reports of illegal withdrawals from your bank account. In order to contain the situation, and safeguard your account, we need to confirm your account number, expiration date, four digits at the back…” and so on.

SMiShing

Cyber criminals leave no stone unturned when it comes to having their way. Recently, there has been a sharp surge of phishing attacks that involve Short Message Service (SMS). Targets will be sent SMSs where they will be asked to click a link to a spoofed website. The website might ask the target for their personal information, or infect their computer with a malware. In some SMSs, the target is asked to call a certain number (sometimes toll free) and verify their personal information. Even here, phishers use scare tactics to trick the target. For instance, you might receive an SMS reading that your ATM card has been suspended or deactivated. To reactivate the service, you must call xxxxxxxxxxxx immediately.

Example:
Credit Union N.A. Please call us immediately at 1-888-xxx-xxxx regarding a recent restriction placed on your account. Thank you. [Source: www.t-mobile.com]

How to Avoid Phishing Attacks
Here are some simple measures you can take to prevent phishing attacks.

- Never entertain unsolicited emails, calls or SMSs.

- Your bank will never ask you for confidential information via emails, calls or texts. If you do receive any such communication, do not respond; even better, report the incident to your bank.

- Avoid accessing websites via links in email messages; especially those asking for personal information. It is always a safe bet to type the URL manually into the web browser.

- Do not fill any kind of form that comes along with an email.

- Provide your personal information only on secure websites. A secure website’s URL should always begin with “https” instead of “http”. Also important is the presence of a lock symbol on the website (see figure A). Clicking the lock icon should display the digital certificate that verifies the authenticity of the website.
Fig A.

- Look for spelling mistakes, grammatical errors or bad language in any email you receive; especially the ones you were not expecting. Emails from a genuine organization are proofread and edited before they are sent out to the customers.

- If you receive an email containing link(s), do not click it. Hover your mouse over the link and take a look at the left hand corner of the browser. It will display a link. Check if this link matches the one in the email. If it doesn’t, then suspect it as a phishing attack.

- If you receive any email from your bank that conveys a sense of urgency or threat, then call up your bank and verify the situation.

- Keep your system’s operating system updated and patched

- Go for an antivirus program that is capable of blocking phishing emails and websites.

- Keep a regular check on your bank account. Even if there is anything amiss, you will have enough time to contain the situation.

- Keep your web browsers updated and patched.

There is no silver bullet for phishing attacks or cybercrime for that matter. But taking the right precautionary measures, seeking help from the right authorities, and using the right security solution, do place us at a safer spot.

Get Our App

Subscribe

Please Enter Your Email Id

© 2013 Blogger World. All rights reserved.
Designed by Think Exchanger