Consumer – McAfee Blogs https://www.mcafee.com/blogs Securing Tomorrow. Today. Thu, 07 Oct 2021 21:20:49 +0000 en-US hourly 1 https://wordpress.org/?v=5.6.3 https://www.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Consumer – McAfee Blogs https://www.mcafee.com/blogs 32 32 Phishing Android Malware Targets Taxpayers in India https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india/ Fri, 03 Sep 2021 18:33:11 +0000 https://www.mcafee.com/blogs/?p=127133

Authored by ChanUng Pak   McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending...

The post Phishing Android Malware Targets Taxpayers in India appeared first on McAfee Blogs.

]]>

Authored by ChanUng Pak  

McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending to be a tax-filing application. We have identified two main campaigns that used different fake app themes to lure in taxpayers. The first campaign from November 2020 pretended to be a fake IT certificate application while the second campaign, first seen in May 2021, used the fake tax-filing theme. With this discovery, the McAfee Mobile Research team has been able to update McAfee Mobile Security so that it detects this threat as Android/Elibomi and alerts mobile users if this malware is present in their devices. 

During our investigation, we found that in the latest campaign the malware is delivered using an SMS text phishing attack. The SMS message pretends to be from the Income Tax Department in India and uses the name of the targeted user to make the SMS phishing attack more credible and increase the chances of infecting the device. The fake app used in this campaign is designed to capture and steal the victim’s sensitive personal and financial information by tricking the user into believing that it is a legitimate tax-filing app. 

We also found that Elibomi exposes the stolen sensitive information to anyone on the Internet. The stolen data includes e-mail addresses, phone numbers, SMS/MMS messages among other financial and personal identifiable information. McAfee has reported the servers exposing the data and at the time of publication of this blog the exposed information is no longer available. 

Pretending to be an app from the Income Tax Department in India 

The latest and most recent Elibomi campaign uses a fake tax-filing app theme and pretends to be from the Income Tax Department from the Indian government. They even use the original logo to trick the users into installing the app. The package names (unique app identifiers) of these fake apps consist of a random word + another random string + imobile (e.g. “direct.uujgiq.imobile” and “olayan.aznohomqlq.imobile”). As mentioned before this campaign has been active since at least May 2021. 

Figure 1. Fake iMobile app pretending to be from the Income Tax Department and asking SMS permissions 

After all the required permissions are granted, Elibomi attempts to collect personal information like e-mail address, phone number and SMS/MMS messages stored in the infected device: 

Figure 2. Elibomi stealing SMS messages 

Prevention and defense 

Here are our recommendations to avoid being affected by this and other Android threats that use social engineering to convince users to install malware disguised as legitimate apps: 

  • Have a reliable and updated security application like McAfee Mobile Security installed in your mobile devices to protect you against this and other malicious applications. 
  • Do not click on suspicious links received from text messages or social media, particularly from unknown sources. Always double check by other means if a contact that sends a link without context was really sent by that person because it could lead to the download of a malicious application. 

Conclusion 

Android/Elibomi is just another example of the effectiveness of personalized phishing attacks to trick users into installing a malicious application even when Android itself prevents that from happening. By pretending to be an “Income Tax” app from the Indian government, Android/Elibomi has been able to gather very sensitive and private personal and financial information from affected users which could be used to perform identify and/or financial fraud. Even more worryingly, the information was not only in cybercriminals’ hands, but it was also unexpectedly exposed on the Internet which could have a greater impact on the victims. As long as social engineering attacks remain effective, we expect that cybercriminals will continue to evolve their campaigns to trick even more users with different fake apps including ones related to financial and tax services. 

McAfee Mobile Security detects this threat as Android/Elibomi and alerts mobile users if it is present. For more information about McAfee Mobile Security, visit https://www.mcafeemobilesecurity.com 

For those interested in a deeper dive into our research… 

Distribution method and stolen data exposed on the Internet 

During our investigation, we found the main distribution method of the latest campaign in one of the stolen SMS messages exposed in one of the C2 servers. The SMS body field in the screenshot below shows the Smishing attack used to deliver the malware. Interestingly, the message includes the victim’s name in order to make the message more personal and therefore more credible. It also urges the user to click on a suspicious link with the excuse of checking an urgent update regarding the victim’s Income Tax return: 

Figure 3. Exposed information includes the SMS phishing attack used to originally deliver the malware 

Elibomi not only exposes stolen SMS messages, but it also captures and exposes the list of all accounts logged in the infected devices: 

Figure 4. Example of account information exposed in one of the C2 servers

If the targeted user clicks on the link in the text message, a phishing page will be shown pretending to be from the Income Tax Department from the Indian government which addresses the user by its name to make the phishing attack more credible: 

Figure 5. Fake e-Filing phishing page pretending to be from the Income Tax Department in India 

Each targeted user has a different application. For example in the screenshot below we have the app “cisco.uemoveqlg.imobile” on the left and “komatsu.mjeqls.imobile” on the right: 

Figure 6. Different malicious applications for different users

During our investigation, we found that there are several variants of Elibomi for the same iMobile fake Income tax app. For example, some iMobile apps only have the login page while in others have the option to “register” and request a fake tax refund: 

Figure 7. Fake iMobile screens designed to capture personal and financial information 

The sensitive financial information provided by the tricked user is also exposed on the Internet: 

Figure 8. Example of exposed financial information stolen by Elibomi using a fake tax filling app 

Related Fake IT Certificate applications 

The first Elibomi campaign pretended to be a fake “IT Certificate” app was found to be distributed in November 2020.  In the following figure we can see the similarities in the code between the two malware campaigns: 

Figure 9. Code similarity between Elibomi campaigns 

The malicious application impersonated an IT certificate management module that is purposedly used to validate the device in a non-existent verification server. Just like the most recent version of Elibomi, this fake ITCertificate app requests SMS permissions but it also requests device administrator privileges, probably to make more difficult its removal. The malicious application also simulates a “Security Scan” but in reality what it is doing in the background is stealing personal information like e-mail, phone number and SMS/MMS messages stored in the infected device: 

Figure 10. Fake ITCertificate app pretending to do a security scan while it steals personal data in the background 

Just like with the most recent “iMobile” campaign, this fake “ITCertificate” also exposes the stolen data in one of the C2 servers. Here’s an example of a stolen SMS message that uses the same log fields and structure as the “iMobile” campaign: 

Figure 11. SMS message is stolen by the fake “ITCertificate” using the same log structure as “iMobile” 

Interesting string obfuscation technique 

The cybercriminals behind these two pieces of malware designed a simple but interesting string obfuscation technique. All strings are decoded by calling different classes and each class has a completely different table value

Figure 12. Calling the de-obfuscation method with different parameters 

Figure 13. String de-obfuscation method 

Figure 14. String de-obfuscation table 

The algorithm is a simple substitution cipher. For example, 35 is replaced with ‘h’ and 80 is replaced with ‘t’ to obfuscate the string. 

Appendix – Technical Data and IOCs 

Hash  Package name 
1e8fba3c530c3cd7d72e208e25fbf704ad7699c0a6728ab1b290c645995ddd56  direct.uujgiq.imobile 
7f7b0555563e08e0763fe52f1790c86033dab8004aa540903782957d0116b87f  ferrero.uabxzraglk.imobile 

 

120a51611a02d1d8bd404bb426e07959ef79e808f1a55ce5bff33f04de1784ac  erni.zbvbqlk.imobile 

 

ecbd905c44b1519590df5465ea8acee9d3c155334b497fd86f6599b1c16345ef  olayan.bxynrqlq.imobile 

 

da900a00150fcd608a09dab8a8ccdcf33e9efc089269f9e0e6b3daadb9126231  foundation.aznohomqlq.imobile 
795425dfc701463f1b55da0fa4e7c9bb714f99fecf7b7cdb6f91303e50d1efc0  fresenius.bowqpd.immobile 
b41c9f27c49386e61d87e7fc429b930f5e01038d17ff3840d7a3598292c935d7  cisco.uemoveqlg.immobile 
8de8c8c95fecd0b1d7b1f352cbaf839cba1c3b847997c804dfa2d5e3c0c87dfe  komatsu.mjeqls.imobile 
ecbd905c44b1519590df5465ea8acee9d3c155334b497fd86f6599b1c16345ef  olayan.bxynrqlq.imobile 
326d81ba7a715a57ba7aa2398824b420fff84cda85c0dd143462300af4e0a37a  alstom.zjeubopqf.certificate 
154cfd0dbb7eb2a4f4e5193849d314fa70dcc3caebfb9ab11b4ee26e98cb08f7  alstom.zjeubopqf.certificate 
c59ecd344729dac99d9402609e248c80e10d39c4d4d712edef0df9ee460fbd7b  alstom.zjeubopqf.certificate 
16284cad1b5a36e2d2ea9f67f5c772af01b64d785f181fd31d2e2bec2d98ce98  alstom.zjeubopqf.certificate 
98fc0d5f914ae47b61bc7b54986295d86b502a9264d7f74739ca452fac65a179  alstom.zjeubopqf.certificate 
32724a3d2a3543cc982c7632f40f9e831b16d3f88025348d9eda0d2dfbb75dfe 

 

computer.yvyjmbtlk.transferInstant 

 

The post Phishing Android Malware Targets Taxpayers in India appeared first on McAfee Blogs.

]]>
What You Need to Know About Among Us https://www.mcafee.com/blogs/family-safety/what-you-need-to-know-about-among-us/ Tue, 10 Nov 2020 01:28:13 +0000 /blogs/?p=110419

Among Us – one of the Most Popular Online Game of 2020 (pictured credit: axel 795, Pixabay) If you have...

The post What You Need to Know About Among Us appeared first on McAfee Blogs.

]]>

Among Us – one of the Most Popular Online Game of 2020

(pictured credit: axel 795, Pixabay)

If you have teens and you haven’t yet heard of ‘Among Us’ then I guarantee it won’t be long. Among Us is an online deception and strategy game that is having a real moment worldwide. Over the last six months, it has amassed 85 million players on both PC and mobile. In September, it broke the all-time record-setting peak player ceiling on Steam when nearly 400,000 people played it simultaneously and, Google Trends reports that there were 50 times more Google searches for it at the beginning of October, as compared to the beginning of August.

What’s The Game About?

Among Us is an online multi-player game that is set on a failing spaceship. Suitable for up to 10 players, it has been compared to ‘Murder in the Dark’ or ‘Murder Wink’ – the old-school party game you may have played as children.

At the start of the game, you’re advised whether you are a regular crew member or an imposter. Crew mates are tasked with completing small tasks that benefit the spaceship eg cleaning our air-conditioning ducts whereas imposters (between 1-3 players) create havoc on the spaceship and seek out victims to kill – without letting anyone know.

Every time a dead body is found, a crewmember will call a meeting to workshop who they think the imposter is. This is one of the few times players can talk to each other. As you can imagine, this can get very heated (and entertaining) as players try to implicate others and remove themselves from focus. All players then vote on who they think the imposter is – and the player with the most votes is ejected from the spaceship’s airlock.

Crewmates win by managing to repair the ship and eject all the imposters while the imposter wins by killing all the crewmates before they complete their jobs.

Why Has It Become So Popular?

Among Us was actually launched in 2018 but to little fanfare. But the planets have aligned for the developers at InnerSloth and it has become one of the biggest online games ever. In fact, it’s so successful that the developers have abandoned plans for a sequel and are instead, investing their resources into perfecting the original.

There’s no doubt that pandemic life has contributed to the popularity of Among Us with many touting it as the ultimate group party game. In fact, some believe it brings all the energy and pizazz of board game night – just virtually.

It is extremely easy to learn. So, if you aren’t a gamer with years of experience (that’s me) you can absolutely play. This concept has been described by popular YouTube gamer Pegasus as ‘ingenious’ for its simplicity, and praised for its ‘extremely social’ nature.

The game is also very well priced. In fact, it’s free on mobile – but you will have to view some ads. And it’s only around $7 on a PC – so much cheaper than anything my kids have played in years!

What Parents Are Asking

Is it Suitable?

The Classification Board here is Australia gives Among Us a PG rating which means the content is mild in impact. But they do state that PG rated content is ‘not recommended for viewing by people under the age of 15 without guidance from parents, teachers or guardians.’

In Australia, the game is rated as suitable for 9+ on the App Store. On Google Play it is nominated as suitable for ages 10+.

The role of the imposter in the game to hunt and murder players is aggressive and violent. Yes, it is a cartoon-like visual which does reduce the impact but there are still bodies left lying around after the deed is done.

Parents know their children the best. Absolutely take heed of the advice, but ultimately, you need to decide what’s suitable for them. If you do decide to let your younger children play – or they’ve already discovered it – please talk about violence in video games. Does watching violent images make them feel scared or more aggressive? Do they feel better if they talk about it or, in fact, choose to watch something less violent?

Can They Chat With Strangers During The Game?

There is opportunity to chat with strangers in the game but it is less than most online games. Players can chat in the online waiting room before a game starts and of course, there is also interaction in the meetings during which the group tries to work out who the imposter is. Enabling the censor chat mode is a good option here – this limits word and aims to block out expletives however I understand that isn’t completely fool proof.

But you can choose to play the game offline, locally, which means you play only with people you know. You simply share a generated code with the players you want to join the game. I highly recommend this for younger children and teens or if you want to play the game as a family. The game can be played with as few as four players which makes an offline game far easier to get happening.

Does It Share A Positive Message?

Both trust and deceit are at the core of this game. Learning who to place your trust in is part of being a successful crewmember in Among Us whilst being a master of deceit will win you the game as an imposter.

You could argue that these themes are no different to playing Murder in the Dark or even the old classic Cluedo. However, I would absolutely have a conversation with your kids about the difference between real life and online (or gaming) life. Why not weave it into your dinnertime conversation?

My boys are really enjoying playing Among Us, in fact – we have earmarked this weekend for a family game. But please ensure you are comfortable with the game before you give your kids the green light. And if you do, be assured that one of the reasons this game is so popular is because players feel like they are part of a community – and isn’t that what we all need at the moment?

‘till next time.

Alex xx

The post What You Need to Know About Among Us appeared first on McAfee Blogs.

]]>
Beware When You Search for These TV Shows and Movies https://www.mcafee.com/blogs/consumer/au-beware-when-you-search-for-these-tv-shows-and-movies/ Tue, 16 Jun 2020 04:04:50 +0000 /blogs/?p=101911

Beware When You Search for These TV Shows and Movies If you’ve been following recent stay-at-home orders, it’s likely that...

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>

Beware When You Search for These TV Shows and Movies

If you’ve been following recent stay-at-home orders, it’s likely that you’ve been scavenging the internet for new content to help pass the time.

But having multiple streaming subscriptions can quickly add up. Consequentially, users who are hesitant to pay more for online streaming subscriptions

Criminals are often behind these websites, luring unsuspecting users into schemes via “free” downloads of popular movies and TV shows. Some of these movies and shows are risker than others, however, as McAfee WebAdvisor data has revealed* certain titles are tied to potential malware and phishing threats.

Let’s take a look at the TV shows and movies that could lead you to a dangerous download instead of your next film spree, as well as discuss what users can do to stay secure.

 Top 10 Australian TV and Movie Titles

Top 10 Australian TV Titles With Risky Results With Risky Results
1.      Unorthadox Ace Ventura
2.      You Green Book
3.      Family Guy John Wick
4.      Big Mouth The Machinist
5.      Homeland Annihilation
6.      The Vampire Diaries Ex Machina
7.      Dynasty A Star Is Born
8.      Lost Fyre
9.      Brooklyn Nine-Nine Lady Macbeth
10.  Stranger Things Bird Box

 Stay Protected While Streaming

While consumers search for new content from home, criminals are clearly searching for ways to trick eager TV and movie fans. However, there’s still a way users can stay both entertained and secure during this time. Follow these tips to help ensure that your online entertainment experience is safe:

 Watch what you click

Users looking to catch up on Season 2 of “You” or watch the “The Incredibles” on repeat should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.

 Refrain from using illegal streaming sites

Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.

Use a comprehensive security Solution

Use a solution like McAfee Total Protection. This can help protect your devices from malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor, which helps alert users of malicious websites. Additionally, McAfee WebAdvisor can be accessed as a free download.

Use parental control software

Kids are tech-savvy and may search for movies by themselves. Ensure that limits are set on your child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

 

*Methodology: McAfee pulled the most popular TV and movie titles available on Australian streaming sites according to “best of” articles by a range of Australian publications. The web results for the searches of the entertainment titles with modifying terms, such as “TV show” and “torrent,” were then analyzed. Other popular modifying search terms include “free download,” “free login,” “free,” and “pirated download.” From there, the resulting URLs and domains were measured using McAfee WebAdvisor data and assigned a score of high, medium, or unverified risk. The results identified the top 10 TV shows and movie titles with the highest risk of being used by criminals to spread malware and phishing threats.

 

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>
Beware When You Search for These TV Shows and Movies https://www.mcafee.com/blogs/consumer/india-beware-when-you-search-for-these-tv-shows-and-movies/ Sun, 14 Jun 2020 04:02:39 +0000 /blogs/?p=101898

Beware When You Search for These TV Shows and Movies If you’ve been following recent stay-at-home orders, it’s likely that...

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>

Beware When You Search for These TV Shows and Movies

If you’ve been following recent stay-at-home orders, it’s likely that you’ve been scavenging the internet for new content to help pass the time.

But having multiple streaming subscriptions can quickly add up. Consequentially, users who are hesitant to pay more for online streaming subscriptions

Criminals are often behind these websites, luring unsuspecting users into schemes via “free” downloads of popular movies and TV shows. Some of these movies and shows are risker than others, however, as McAfee WebAdvisor data has revealed* certain titles are tied to potential malware and phishing threats.

Let’s take a look at the TV shows and movies that could lead you to a dangerous download instead of your next film spree, as well as discuss what users can do to stay secure.

Top 10 Indian TV Titles With Risky Results With Risky Results
1.      Delhi Crime Mardaani 2
2.      Brooklyn Nine-Nine Zootopia
3.      Panchayat Jawaani Jaaneman
4.      Akoori Chapaak
5.      Fauda Love Aaj Kal
6.      Ghoul Inception
7.      Mindhunter Bahubali
8.      Narcos Rajnigandha
9.      Devlok Gully Boy
10.   Lost Bala

Stay Protected While Streaming

While consumers search for new content from home, criminals are clearly searching for ways to trick eager TV and movie fans. However, there’s still a way users can stay both entertained and secure during this time. Follow these tips to help ensure that your online entertainment experience is safe:

 Watch what you click

Users looking to catch up on Season 2 of “You” or watch the “The Incredibles” on repeat should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.

 Refrain from using illegal streaming sites

Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.

Use a comprehensive security Solution

Use a solution like McAfee Total Protection. This can help protect your devices from malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor, which helps alert users of malicious websites. Additionally, McAfee WebAdvisor can be accessed as a free download.

Use parental control software

Kids are tech-savvy and may search for movies by themselves. Ensure that limits are set on your child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

*Methodology: McAfee pulled the most popular TV and movie titles available on Asian streaming sites according to “best of” articles by a range of Asian publications. The web results for the searches of the entertainment titles with modifying terms, such as “TV show” and “torrent,” were then analyzed. Other popular modifying search terms include “free download,” “free login,” “free,” and “pirated download.” From there, the resulting URLs and domains were measured using McAfee WebAdvisor data and assigned a score of high, medium, or unverified risk. The results identified the top 10 TV shows and movie titles with the highest risk of being used by criminals to spread malware and phishing threats.

 

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>
Beware When You Search for These TV Shows and Movies https://www.mcafee.com/blogs/consumer/au-beware-when-you-search-for-these-tv-shows-and-movies-2/ Sat, 13 Jun 2020 04:01:17 +0000 /blogs/?p=101895

Beware When You Search for These TV Shows and Movies If you’ve been following recent stay-at-home orders, it’s likely that...

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>

Beware When You Search for These TV Shows and Movies

If you’ve been following recent stay-at-home orders, it’s likely that you’ve been scavenging the internet for new content to help pass the time.

But having multiple streaming subscriptions can quickly add up. Consequentially, users who are hesitant to pay more for online streaming subscriptions

Criminals are often behind these websites, luring unsuspecting users into schemes via “free” downloads of popular movies and TV shows. Some of these movies and shows are risker than others, however, as McAfee WebAdvisor data has revealed* certain titles are tied to potential malware and phishing threats.

Let’s take a look at the TV shows and movies that could lead you to a dangerous download instead of your next film spree, as well as discuss what users can do to stay secure.

 Top 10 Australian TV and Movie Titles

Top 10 Australian TV Titles With Risky Results With Risky Results
1.      Unorthadox Ace Ventura
2.      You Green Book
3.      Family Guy John Wick
4.      Big Mouth The Machinist
5.      Homeland Annihilation
6.      The Vampire Diaries Ex Machina
7.      Dynasty A Star Is Born
8.      Lost Fyre
9.      Brooklyn Nine-Nine Lady Macbeth
10.  Stranger Things Bird Box

 Stay Protected While Streaming

While consumers search for new content from home, criminals are clearly searching for ways to trick eager TV and movie fans. However, there’s still a way users can stay both entertained and secure during this time. Follow these tips to help ensure that your online entertainment experience is safe:

 Watch what you click

Users looking to catch up on Season 2 of “You” or watch the “The Incredibles” on repeat should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.

 Refrain from using illegal streaming sites

Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.

Use a comprehensive security Solution

Use a solution like McAfee Total Protection. This can help protect your devices from malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor, which helps alert users of malicious websites. Additionally, McAfee WebAdvisor can be accessed as a free download.

Use parental control software

Kids are tech-savvy and may search for movies by themselves. Ensure that limits are set on your child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

*Methodology: McAfee pulled the most popular TV and movie titles available on Australian streaming sites according to “best of” articles by a range of Australian publications. The web results for the searches of the entertainment titles with modifying terms, such as “TV show” and “torrent,” were then analyzed. Other popular modifying search terms include “free download,” “free login,” “free,” and “pirated download.” From there, the resulting URLs and domains were measured using McAfee WebAdvisor data and assigned a score of high, medium, or unverified risk. The results identified the top 10 TV shows and movie titles with the highest risk of being used by criminals to spread malware and phishing threats.

 

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>
Beware When You Search for These TV Shows and Movies https://www.mcafee.com/blogs/consumer/uk-beware-when-you-search-for-these-tv-shows-and-movies-2/ Fri, 12 Jun 2020 04:00:52 +0000 /blogs/?p=101914

Beware When You Search for These TV Shows and Movies If you’ve been following recent stay-at-home orders, it’s likely that...

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>

Beware When You Search for These TV Shows and Movies

If you’ve been following recent stay-at-home orders, it’s likely that you’ve been scavenging the internet for new content to help pass the time.

But having multiple streaming subscriptions can quickly add up. Consequentially, users who are hesitant to pay more for online streaming subscriptions

Criminals are often behind these websites, luring unsuspecting users into schemes via “free” downloads of popular movies and TV shows. Some of these movies and shows are risker than others, however, as McAfee WebAdvisor data has revealed* certain titles are tied to potential malware and phishing threats.

Let’s take a look at the TV shows and movies that could lead you to a dangerous download instead of your next film spree, as well as discuss what users can do to stay secure.

 Top 10 UK TV and Movie Titles That Could Lead You to a Dangerous Download:

Top 10 UK TV Titles With Risky Results With Risky Results
1.      Homeland Swingers
2.      Brooklyn nine-nine Step Brothers
3.      Criminal Black Panther
4.      Jane the Virgin Lost Girls
5.      Elite Zombieland
6.      Doctor Who Lion
7.      Altered Carbon Aeronauts
8.      Good Girls Kingsman
9.      Big Mouth Uncut Gems
10.  Merlin IT

Stay Protected While Streaming

While consumers search for new content from home, criminals are clearly searching for ways to trick eager TV and movie fans. However, there’s still a way users can stay both entertained and secure during this time. Follow these tips to help ensure that your online entertainment experience is safe:

 Watch what you click

Users looking to catch up on Season 2 of “You” or watch the “The Incredibles” on repeat should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.

 Refrain from using illegal streaming sites

Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.

Use a comprehensive security Solution

Use a solution like McAfee Total Protection. This can help protect your devices from malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor, which helps alert users of malicious websites. Additionally, McAfee WebAdvisor can be accessed as a free download.

Use parental control software

Kids are tech-savvy and may search for movies by themselves. Ensure that limits are set on your child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

 

The post Beware When You Search for These TV Shows and Movies appeared first on McAfee Blogs.

]]>
Entertainment #FromHome: How to start your own podcast https://www.mcafee.com/blogs/consumer/entertainment-fromhome-how-to-start-your-own-podcast/ Fri, 05 Jun 2020 21:01:31 +0000 /blogs/?p=101706 Making Media #FromHome

How to start your own podcast Start your own podcast? Why not? Instead of streaming someone else’s show, maybe it’s...

The post Entertainment #FromHome: How to start your own podcast appeared first on McAfee Blogs.

]]>
Making Media #FromHome

How to start your own podcast

Start your own podcast? Why not? Instead of streaming someone else’s show, maybe it’s time to create one of your own. And a fine time to start a podcast it is. Podcasting once took a bit of effort to get into. The recording software, the hosting, and the equipment could end up costing a reasonable amount of money and took a certain degree of technical savvy to use. Yet like so many things on today’s internet, those barriers have dropped, particularly for folks who simply want to dive in and give it a try. With a pair of headsets, a built-in microphone, and some free software, you can start podcasting now with your computer or even your phone. So, if you’re ready to give it shot, let’s take a look at some of the resources available to you.

Coming up with an idea for your podcast

More so than choosing this software or that, the process really starts with a basic concept for your podcast. You’ll have a topic that you want to cover, a format such as a one-person show or a talk format where you have multiple hosts or guests, and a target length for your show. 

For example, let’s assume that you’re trying out podcasting as part of a little family project. Maybe you and your daughter want to talk about going on adventures like hiking, canoeing on lakes, and fishing. A great concept for you could be a 20-minute show about adventures kids and parents can take together. You can talk about how you decide on your adventures, plan for them, and tell some stories about your triumphs and pitfalls along the way. What does it feel like to catch your first bass, or how does it feel to set up your tent in a sudden downpour? People love hearing stories that’ll inspire them or make them laugh or, better yet, both. 

Another idea is to approach it like as a learning opportunity for your kids. Recently, I posted an article on project-based learning for kids at home. One of the suggestions was for kids to make a short podcast of their own to show what they’ve learned about after researching a that they’re interested in. What you learn here in this article could point the way for them to create their own show, whether with your help or independently. 

That’s just a few examples. And really, coming up with an idea for a podcast is a topic in and of itself. For more on that, check out this article on creating a podcast from National Public Radio. While written for students, it’s packed with plenty of solid advice for anyone who wants to get started in podcasting, plus several pro tips for making your show sound great.

What about podcasting equipment?

Chances are you already have the basics. If you have a set of headphones with a built-in microphone and a computer or phone you can attach them to, that’s a great start. Of course, people who invest more time and money into their podcasting pursuit will have things like a podcasting microphone mounted on a miniature boom arm, a “pop filter” that prevents you from popping your “P’s” in the microphone, and maybe even a small mixing board. But, for just getting started or just having some fun as a family, you really don’t need those things. 

Free podcasting software and hosting

What you will need is some software that lets you record your show and even do some basic editing too. Here are a few free options that’ll cover your recording and editing while giving you a place to post your shows too:

Anchor FM

Anchor gives you standard recording features, plus extra bells and whistles like importing voice messages from your phone, group chat, and transitions. As Anchor is part of streaming music provider Spotify, you can also import music into your podcast from there. And when you’re done recording, Anchor offers free hosting for creators. If you’re creating a multiple-host podcast, your co-host or guests can use the Anchor app on their phone and join in.

Spreaker

It may look like a typo, yet Spreaker is the name for this offering. Much akin to Anchor, it offers a combination of recording software and hosting capabilities so that you can add things like music and sound effects to your podcast. The app also supports Google Hangouts and Skype so that you can bring on a co-host or guest.

Podbean

A third popular option is Podbean. It also allows you to record and publish your podcast for free as part of a basic plan that offers 500 MB of storage space and 100GB of bandwidth per month (meaning, a 500 MB could be downloaded 200 times at no cost—where 500 MB is approximately 5 hours of showtime).

Free options for editing your podcast

If you already have a way of recording your podcast, such as with a simple audio recorder on your phone, computer, or laptop, you can drop those audio files into free audio editing software to edit your show together. 

These are more formally known as Digital Audio Workstations (DAWs). Depending on which one you select, these apps offer functionality similar to what the pros use to record and edit their audio. You’ll see things like multiple tracks where you can place people, music, and sound effects on their own timeline that you can mix together, different options for exporting your show to different file types, settings to sweeten sound quality, and much more. As you might imagine, audio editing and mixing is a pursuit unto itself, and you can really dive deep here if the podcasting bug bites you. Here’s a rundown of what’s out there:

GarageBand

Apple users will probably know this app. Garageband is available only on Mac and iOS devices (iPad and iPhone). It has all the watermarks of an Apple application, where it’s an app that looks good and simplifies an otherwise complicated process. Above, we mentioned multi-track recording. If you’re new to that, it can feel a little overwhelming at first, yet GarageBand color-codes its tracks and leans heavily on drag-and-drop editing. That lends itself to ease of use, exploration, and even a fair share of trial-and-error as you get comfortable with it. Plus, as its name would imply, GarageBand features a library of musical instruments. So when you get tired of podcasting, you can play around with it and drop some beats.

Audacity

Slightly further along the audio editing learning curve is Audacity, which is a free download for multiple platforms. Visually, it’s a contrast to GarageBand yet its functionality goes much deeper. One appealing aspect of Audacity is that it’s celebrating a 20-year run as open source software—meaning that it’s a community-supported effort. So if you’re dedicated to learning audio editing, there are numerous resources out there that can help you learn the Audacity interface and feel confident that you’re learning an audio app that’ll be around for some time.

Reaper Digital Audio Workstation

And of our three free options, Reaper is the most full-functioned editor, which you can download for a free 60-day trial. If you’re completely new to audio editing, you may want to start with one of the other options just to get familiar with the basics. Otherwise, if you’ve used some other simpler platforms before and feel ready to move up, Reaper is a fine choice. 

Your podcast and your privacy

Here’s the thing with dipping your toe into the world of podcasting: you don’t have to post your podcast for others to hear. As we talked about at the start of this article, this could just be an entertaining project or exploration for you and your family. You can hang on to your podcast and just share it with family at home, or you could send it to some friends and family for them to listen to it too. Regardless of what you decide to do with your podcast once you’ve recorded it, you’ll want to think about your privacy.

Online privacy isn’t a topic that’s discussed much in many “how-to start your own podcast” articles. Yet it’s a vital topic. (In fact, we discuss privacy all the time on our own Hackable? podcast.) Keep privacy in mind when you podcast. Just like anything else you post online, a picture, a status update, a blog, or what have you, you’re exposing yourself to the entire online world. When it comes to anything digital, what you say and what you share is forever. It can be copied, shared, disseminated, and even reconstructed in umpteen different ways. 

So the general rule with podcasting is much the same as everything else you do online: think before you post. 

Before you post, consider …

Just as you go back and look at what you’ve typed in that email or that status update, go back and review your show before you post or share it with others. Listen for things like:

  1. Have you overtly or inadvertently shared some information about yourself and your family—like birthdays, when you typically go on vacation, or other information that uniquely identifies you in a way? Hackers and crooks could find this useful when it comes to online identity theft or physical theft on your property.
  2. Are you keeping your family business and friendships private? “Sharenting” details about your children, good or bad, or talking about your relationships with others could lead to embarrassment or hurt feelings amongst family and friends.
  3. Can anything you’ve said be construed as hurtful, casting someone in a bad light, or simply mocking? Remove it from your podcast or simply don’t post it. You could be held legally responsible. Laws will vary across countries and locales, so make a point of understanding what they are with regards to defamation, libel, and slander in your area.

Again, stop and think before you post. Could this compromise you, your family, your friends, or someone else now or in the future? If so, and even if you’re uncertain of the answer, don’t post. 

Start your podcast!

These are just a few of the numerous, and often free, options that allow practically anyone to get started in podcasting, and there are plenty more. Just be sure as you’re surfing around for software, tutorials, and resources, use comprehensive security software to protect you from threats—particularly a browser advisor app that will steer you clear of malware, bad downloads, and suspicious links. Also, caveat emptor, buyer beware. When researching apps, always look at the reviews so that you can spot any issues before you download or use an app.

With that, I hope this inspires an interesting side project, or even a new pastime for you and your family. Get out there and have some fun!

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

 

 

The post Entertainment #FromHome: How to start your own podcast appeared first on McAfee Blogs.

]]>
Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You https://www.mcafee.com/blogs/mobile-security/four-surprising-mobile-threats/ Tue, 03 Sep 2019 18:17:39 +0000 https://securingtomorrow.mcafee.com/?p=96590

It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have...

The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blogs.

]]>

It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.

Watch out for SMSishing Hooks

If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.

While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:

  1. Always double-check the message’s source. If you receive a text from your bank or credit card company, call the organization directly to ensure the message is legit.
  2. Delete potential SMSishing Do not reply to or click on any links within a suspected malicious text, as that could lead to more SMSishing attempts bombarding your phone.
  3. Invest in comprehensive mobile security. Adding an extra level of security can not only help protect your device but can also notify you when a threat arises.

Public Wi-Fi Woes  

Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:

  1. Look for password-protected networks. As strange as it sounds, if you purposely enter the incorrect password but are still allowed access, the network is most likely a fraud.
  2. Pay attention to page load times. If the network you are using is very slow, it is more likely a cybercriminal is using an unreliable mobile hotspot to connect your mobile device to the web.
  3. Use a virtual private network or VPN. While you’re on-the-go and using public Wi-Fi, add an extra layer of security in the event you accidentally connect to a malicious network. VPNs can encrypt your online activity and keep it away from prying eyes. 

Malicious Apps: Fake It till They Make It

Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.

In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:

  1. Check for typos and poor grammar. Always check the app developer name, product title, and description for typos and grammatical errors. Often, malicious developers will spoof real developer IDs, even just by a single letter or number, to seem legitimate.
  2. Examine the download statistics. If you’re attempting to download a popular app, but it has a surprisingly low number of downloads, that is a good indicator that an app is most likely fake.
  3. Read the reviews. With malicious apps, user reviews are your friend. By reading a few, you can receive vital information that can help you determine whether the app is fake or not.

The Sly Operation of Grayware

With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:

  1. Be sure to update your device. Grayware looks for vulnerabilities that can be exploited, so be sure to always keep your device’s software up-to-date.
  2. Beware of rogue apps. As mentioned in the previous section, fake apps are now a part of owning a smartphone. Use the tips in the above section to ensure you keep malicious apps off of your device that may contain grayware.
  3. Consider a comprehensive mobile security system. By adding an extra level of security, you can help protect your devices from threats, both old and new.

Can’t get enough mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blogs.

]]>
How To Help Your Kids Manage Our ‘Culture of Likes’ https://www.mcafee.com/blogs/family-safety/how-to-help-your-kids-manage-our-culture-of-likes/ Wed, 14 Aug 2019 03:29:33 +0000 https://securingtomorrow.mcafee.com/?p=96421

As a mum of 4 sons, my biggest concerns about the era of social media is the impact of the...

The post How To Help Your Kids Manage Our ‘Culture of Likes’ appeared first on McAfee Blogs.

]]>

As a mum of 4 sons, my biggest concerns about the era of social media is the impact of the ‘like culture’ on our children’s mental health. The need to generate likes online has become a biological compulsion for many teens and let’s be honest – adults too! The rush of dopamine that surges through one’s body when a new like has been received can make this like culture understandably addictive.

 

Research Shows Likes Can Make You Feel As Good As Chocolate!

The reason why our offspring (and even us) just can’t give up social media is because it can make us feel just so damn good! In fact, the dopamine surges we get from the likes we collect can give us a true psychological high and create a reward loop that is almost impossible to break. Research published in Psychological Science, a journal of the Association for Psychological Science, shows the brain circuits that are activated by eating chocolate and winning money are also activated when teens see large numbers of ‘likes’ on their own photos or photos of peers in a social network.

Likes and Self Worth

Approval and validation by our peers has, unfortunately, always had an impact on our sense of self-worth. Before the era of social media, teens may have measured this approval by the number of invitations they received to parties or the number of cards they received on their birthday. But in the digital world of the 21st  century, this is measured very publicly through the number of followers we have or the number of likes we receive on our posts.

But this is dangerous territory. Living our lives purely for the approval of others is a perilous game. If our self-worth is reliant on the amount of likes we receive then we are living very fragile existences.

Instagram’s Big Move

In recognition of the competition social media has become for many, Instagram has decided to trial hiding the likes tally on posts. Instagram believes this move, which is also being trialled in six other countries including Canada and New Zealand, will improve the well-being of users and allow them to focus more on ‘telling their story’ and less on their likes tally.

But the move has been met with criticism. Some believe Instagram is ‘mollycoddling’ the more fragile members of our community whilst others believe it is threatening the livelihood of ‘Insta influencers’ whose income is reliant on public displays of likes.

Does Instagram’s Move Really Solve Address our Likes Culture?

While I applaud Instagram for taking a step to address the wellbeing and mental health of users, I believe that it won’t be long before users simply find another method of social validation to replace our likes stats. Whether it’s follower numbers or the amount of comments or shares, many of us have been wired to view social media platforms like Instagram as a digital popularity contest so will adjust accordingly. Preparing our kids for the harshness of this competitive digital environment needs to be a priority for all parents.

What Can Parents Do?

Before your child joins social media, it is imperative that you do your prep work with your child. There are several things that need to be discussed:

  1. Your Kids Are So Much More Than Their Likes Tally

It is not uncommon for tweens and teens to judge their worth by the number of followers or likes they receive on their social media posts. Clearly, this is crazy but a common trend/ So, please discuss the irrationality of the likes culture and online popularity contest that has become a feature of almost all social media platforms. Make sure they understand that social media platforms play on the ‘reward loop’ that keep us coming back for more. Likes on our posts and validating comments from our followers provide hits of dopamine that means we find it hard to step away. While many tweens and teens view likes as a measure of social acceptance, it is essential that you continue to tell them that this is not a true measure of a person.

  1. Encourage Off-Line Activities

Help your kids develop skills and relationships that are not dependent on screens. Fill their time with activities that build face-to-face friendships and develop their individual talents. Whether it’s sport, music, drama, volunteering or even a part time job – ensuring your child has a life away from screens is essential to creating balance.

  1. Education is Key

Teaching your kids to be cyber safe and good digital citizens will minimise the chances of them experiencing any issues online. Reminding them about the perils of oversharing online, the importance of proactively managing their digital reputation and the harsh reality of online predators will prepare them for the inevitable challenges they will have to navigate.

  1. Keep the Communication Channels Open – Always!

Ensuring your kids really understand that they can speak to you about ANYTHING that is worrying them online is one of the best digital parenting insurance policies available. If they do come to you with an issue, it is essential that you remain calm and do not threaten to disconnect them from their online life. Whether it’s cyberbullying, inappropriate texting or a leak of their personal information, working with them to troubleshoot and solve problems and challenges they face is a must for all digital parents.

Like many parents, I wish I could wave a magic wand and get rid of the competition the likes culture has created online for many of our teens. But that is not possible. So, instead let’s work with our kids to educate them about its futility and help them develop a genuine sense of self-worth that will buffer them from harshness this likes culture has created.

Alex xx

The post How To Help Your Kids Manage Our ‘Culture of Likes’ appeared first on McAfee Blogs.

]]>
Evolved IoT Linux Worm Targets Users’ Devices https://www.mcafee.com/blogs/mobile-security/evolution-of-iot-linux-worm/ Tue, 09 Jul 2019 13:00:19 +0000 https://securingtomorrow.mcafee.com/?p=95814

Since the early ‘90s, Linux has been a cornerstone of computer operating systems. Today, Linux is everywhere — from smartphones...

The post Evolved IoT Linux Worm Targets Users’ Devices appeared first on McAfee Blogs.

]]>

Since the early ‘90s, Linux has been a cornerstone of computer operating systems. Today, Linux is everywhere — from smartphones and streaming devices to smart cars and refrigerators. This operating system has been historically less susceptible to malware, unlike its contemporaries such as Windows or Mac OS. However, the widespread adoption of IoT devices has changed that, as security vulnerabilities within Linux have been found over time. These flaws have been both examined by researchers in order to make repairs and also exploited by hackers in order to cause disruption.

As recently as last month, a new strain of a Linux bricking worm appeared, targeting IoT devices– like tablets, wearables, and other multimedia players. A bricking worm is a type of malware that aims to permanently disable the system it infects. This particular strain, dubbed Silex, was able to break the operating systems of at least 4,000 devices. By targeting unsecured IoT devices running on Linux, or Unix configurations, the malware went to work. It quickly rendered devices unusable by trashing device storage, as well as removing firewalls and other network configurations. With this threat, many users will initially think their IoT device is broken, when really it is momentarily infected. To resolve the issue, users must manually download and reinstall the device’s firmware, which can be a time consuming and difficult task. And while this incident is now resolved, Silex serves as a cautionary tale to users and manufacturers alike as IoT devices continue to proliferate almost every aspect of everyday life.

With an estimated 75.4 billion IoT connected devices installed worldwide by 2025, it’s important for users to remain focused on securing all their devices. Consider these tips to up your personal device security:

  • Keep your security software up-to-date. Software and firmware patches are always being released by companies. These updates are made to combat newly discovered vulnerabilities, so be sure to update every time you’re prompted to.
  • Pay attention to the news. With more and more information coming out around vulnerabilities and flaws, companies are more frequently sending out updates for IoT devices. While these should come to you automatically, be sure to pay attention to what is going on in the space of IoT security to ensure you’re always in the know.
  • Change your device’s factory security settings. When it comes to IoT products, many manufacturers aren’t thinking “security first.” A device may be vulnerable as soon as the box is opened, and many cybercriminals know how to get into vulnerable IoT devices via default settings. By changing the factory settings, you are instantly upgrading your device’s security.
  • Use best practices for linked accounts. If you connect a service that leverages a credit card, protect that linked service account with strong passwords and two-factor authentication (2FA) where possible. In addition, pay attention to notification emails, especially those regarding new orders for goods or services. If you notice suspicious activity, act accordingly.
  • Set up a separate IoT network. Consider setting up a second network for your IoT devices that doesn’t share access with your other devices and data. You can check your router manufacturer’s website to learn how. You may also want to add another network for guests and their devices.
  • Get security at the start. Lastly, consider getting a router with built-in security features to make it easier to protect all the devices in your home from one place.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Evolved IoT Linux Worm Targets Users’ Devices appeared first on McAfee Blogs.

]]>
How to Book Your Next Holiday Online and NOT Get Scammed https://www.mcafee.com/blogs/family-safety/how-to-book-your-next-holiday-online-and-not-get-scammed/ Mon, 17 Jun 2019 04:04:44 +0000 https://securingtomorrow.mcafee.com/?p=95632

Taking our tribe on an annual family holiday has always been a top priority for my husband and me. But...

The post How to Book Your Next Holiday Online and NOT Get Scammed appeared first on McAfee Blogs.

]]>

Taking our tribe on an annual family holiday has always been a top priority for my husband and me. But with 4 sons – who all eat like ridiculous amounts – this can be an expensive exercise. So, like most people, I am always on the lookout for deals and ways to save money to our favourite holiday destinations.

But according to research from McAfee, our need to secure a great deal to a hot destination may mean we are cutting corners and taking risks online. Over one-third of us (32%) report that we are likely to use a website we have never heard of before just because it offers great deals!

And cybercriminals are fully aware of this, so they spend a lot of time and effort creating malicious travel websites and fraudulent links to lure us ‘travel nuts’ away from the reputable online travel players. Their goal is to get us to their fraudulent site, install malware on our devices so they can steal our personal information, passwords and, ideally, our money!

How Many Aussies Have Been Scammed?

McAfee’s research also shows that 1 in 5 of us have either been scammed or nearly scammed when booking a holiday online with many of us (32%) signing up for a deal that turned out to be fake. And horrifyingly, 28% of holiday scam victims only realised that they had been scammed when checking-in to their holiday accommodation!! Can you imagine breaking the news to the kids? Or worse still having to pay twice for the one holiday?

Cybercriminals Also Have Favourite Holiday Hot Spots

Not only are cybercriminals capitalising on our need for a deal when booking a holiday, but they are also targeting our favourite destinations. The findings from McAfee’s research show holiday hot spots such as Thailand, India, the Philippines and the UK generate the riskiest search results when people are on the hunt for holidays online.

The top holiday destinations for Aussies that hackers are targeting via potentially malicious sites:

  1. New Delhi, India
  2. Bangkok, Thailand
  3. London, England
  4. Phuket, Thailand
  5. Manila, Philippines

Cybercriminals take advantage of the high search volumes for accommodation and deals in these popular destinations and drive unsuspecting users to their malicious websites often using professional looking links, pop-up ads and even text messages.

What You Can Do to Avoid Being Scammed

With Aussie school holiday just a few weeks away, do not despair! There are definitely steps you can take to protect yourself when booking your Winter getaway. Here are my top tips:

  1. Think Before You Click

With 25% of holiday bookings occurring through email promotions and pop-up ads, it’s essential to properly research the company behind the ads before you proceed with payment. Check out reviews and travel forums to ensure it is a legitimate online travel store. And it’s always best to use a trusted online retailer with a solid reputation even if it costs a little more.

  1. Use Wi-Fi With Caution

Using unsecured Wi-Fi is a risky business when you are travelling. If you absolutely must, ensure it is secured BUT never conduct any financial or sensitive transactions when connected. Investing in a virtual private network (VPN) such as McAfee Safe Connect is the best way to ensure that your connection is secure and your data remains private.

  1. Protect Yourself

Ensuring your device has current comprehensive security protection, like McAfee Total Protection, will ensure any malicious websites will be identified when you are browsing. It will also protect your device against malware – which could come in handy if you are tricked into visiting a fraudulent site.

So, next time you come across an amazing, bargain-basement deal to Thailand, PLEASE take the time to do your homework. Is the retailer legitimate? What do the reviews say? What are the terms and conditions? And, if it isn’t looking rosy, remember, if it looks too good to be true, it probably is!

‘till next time

Alex xx

 

The post How to Book Your Next Holiday Online and NOT Get Scammed appeared first on McAfee Blogs.

]]>
5 Digital Risks to Help Your Teen Navigate this Summer https://www.mcafee.com/blogs/family-safety/5-digital-risks-to-help-your-teen-navigate-this-summer/ Sat, 15 Jun 2019 14:00:01 +0000 https://securingtomorrow.mcafee.com/?p=95584

S’mores. Sparklers. Snow cones. Sunburns. Fireflies. Remember when summer was simple? Before smartphones and social networks, there was less uploading...

The post 5 Digital Risks to Help Your Teen Navigate this Summer appeared first on McAfee Blogs.

]]>

S’mores.
Sparklers.
Snow cones.
Sunburns.
Fireflies.

Remember when summer was simple? Before smartphones and social networks, there was less uploading and more unwinding; less commenting and more savoring. 

There’s a new summer now. It’s the social summer, and tweens and teens know it well. It’s those few months away from school where the pressure (and compulsion) to show up and show off online can double. On Instagram and Snapchat, it’s a 24/7 stream of bikinis, vacations, friend groups, and summer abs. On gaming platforms, there’s more connecting and competing. 

With more of summer playing out on social, there’s also more risk. And that’s where parents come in. 

While it’s unlikely you can get kids to ditch their devices for weeks or even days at a time this summer, it is possible to coach kids through the risks to restore some of the simplicity and safety to summer.

5 summer risks to coach kids through:

  1. Body image. Every day your child — male or female — faces a non-stop, digital tidal wave of pressure to be ‘as- beautiful’ or ‘as-perfect’ as their peers online. Summer can magnify body image issues for kids.
    What you can do: Talk with your kids about social media’s power to subtly distort body image. Help kids decipher the visual world around them — what’s real, what’s imagined, and what’s relevant. Keep an eye on your child’s moods, eating habits, and digital behaviors. Are comments or captions focused only on looks? If so, help your child expand his or her focus. Get serious about screen limits if you suspect too much scrolling is negatively impacting your child’s physical or emotional health.
  2. Gaming addiction. The risks connected with gaming can multiply in the summer months. Many gaming platforms serve as social networks that allow kids to talk, play, and connect with friends all day, every day, without ever leaving their rooms. With more summer gaming comes to the risk for addiction as well as gaming scams, inappropriate content, and bullying.
    What you can do: Don’t ignore the signs of excessive gaming, which include preoccupation with gaming, anger, irritation, lying to cover playing time, withdrawal and isolation, exchanging sleep for gaming. Be swift and take action. Set gaming ground rules specific to summer. Consider parental control software to help with time limits. Remember: Kids love to circumvent time limits at home by going to a friend’s house to play video games. Also, plan summer activities out of the house and away from devices.
  3. Cyberbullying. Making fun of others, threatening, name-calling, exclusion, and racial or gender discrimination are all serious issues online. With more time on their hands in the summer months, some kids can find new ways to torment others.
    What you can do: Listen in on (monitor) your child’s social media accounts (without commenting or liking). What is the tone of your child’s comments or the comments of others? Pay attention to your child’s moods, behaviors, and online friend groups. Note: Your child could be the target of cyberbullying or the cyberbully, so keep your digital eyes open and objective.
  4. Smartphone anxiety. Anxiety is a growing issue for teens that can compound in the summer months if left unchecked. A 2018 survey from the Pew Research Center reveals that 56 percent of teens feel anxious, lonely, or upset when they don’t have their cell phones.
    What you can do:
    Pay attention to your child’s physical and emotional health. Signs of anxiety include extreme apprehension or worry, self-doubt, sleeplessness, stomach or headache complaints, isolation, panic attacks, and excessive fear. Establish screen limits and plan phone-free outings with your child. Set aside daily one-on-one time with your child to re-connect and seek out professional help if needed.
  5. Social Conflict. More hours in the day + more social media = potential for more conflict. Digital conflict in group chats or social networks can quickly get out of hand. Being excluded, misunderstood, or criticized hurts, even more, when it plays out on a public, digital stage.
    What you can do: While conflict is a normal part of life and healthy friendships, it can spiral in the online space where fingers are quick to fire off responses. Offer your child your ears before your advice. Just listen. Hear them out and (if asked) help them brainstorm ways to work through the conflict. Offer options like responding well, not engaging, and handling a situation face-to-face. Avoid the temptation to jump in and referee or solve.

Summer doesn’t have to be stressful for kids, and the smartphone doesn’t have to win the majority of your child’s attention. With listening, monitoring, and timely coaching, parents can help kids avoid common digital risks and enjoy the ease and fun of summer. 

The post 5 Digital Risks to Help Your Teen Navigate this Summer appeared first on McAfee Blogs.

]]>
From Internet to Internet of Things https://www.mcafee.com/blogs/mobile-security/internet-to-iot/ Mon, 22 Apr 2019 13:00:23 +0000 https://securingtomorrow.mcafee.com/?p=94965

Thirty years ago, Tim Berners-Lee set out to accomplish an ambitious idea – the World Wide Web. While most of...

The post From Internet to Internet of Things appeared first on McAfee Blogs.

]]>

Thirty years ago, Tim Berners-Lee set out to accomplish an ambitious idea – the World Wide Web. While most of us take this invention for granted, we have the internet to thank for the technological advances that make up today’s smart home. From smart plugs to voice assistants – these connected devices have changed the modern consumer digital lifestyle dramatically. In 2019, the Internet of Things dominates the technological realm we have grown accustomed to – which makes us wonder, where do we go from here? Below, we take a closer look at where IoT began and where it is headed.

A Connected Evolution

Our connected world started to blossom with our first form of digital communication in the late 1800s –– Morse code. From there, technological advancements like the telephone, radio, and satellites made the world a smaller place. By the time the 1970s came about, email became possible through the creation of the internet. Soon enough the internet spread like wildfire, and in the 1990s we got the invention of the World Wide Web, which revolutionized the way people lived around the world. Little did Berners-Lee know that his invention would be used decades, probably even centuries, later to enable the devices that contribute to our connected lives.

Just ten years ago, there were less than one billion IoT devices in use around the world. In the year 2019, that number has been projected to skyrocket to over eight billion throughout the course of this year. In fact, it is predicted that by 2025, there will be almost twenty-two billion IoT devices in use throughout the world. Locks, doorbells, thermostats and other everyday items are becoming “smart,” while security for these devices is lacking quite significantly. With these devices creating more access points throughout our smart homes, it is comparable to leaving a backdoor unlocked for intruders. Without proper security in place, these devices, and by extension our smart homes, are vulnerable to cyberattacks.

Moving Forward with Security Top of Mind

If we’ve learned one thing from this technological evolution, it’s that we aren’t moving backward anytime soon. Society will continue to push the boundaries of what is possible – like taking the first a picture of a black hole. However, in conjunction with these advancements, to steer in the right direction, we have to prioritize security, as well as ease of use. For these reasons, it’s vital to have a security partner that you can trust, that will continue to grow to not only fit evolving needs, but evolving technologies, too. At McAfee, we make IoT device security a priority. We believe that when security is built in from the start, user data is more secure. Therefore, we call on manufacturers, users, and organizations to all equally do their part to safeguard connected devices and protect precious data. From there, we can all enjoy these technological advancements in a secure and stress-free way.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post From Internet to Internet of Things appeared first on McAfee Blogs.

]]>
What’s in Your IoT Cybersecurity Kit? https://www.mcafee.com/blogs/mobile-security/iot-cybersecurity-kit/ Tue, 09 Apr 2019 13:00:08 +0000 https://securingtomorrow.mcafee.com/?p=94879

Did you know the average internet-enabled household contains more than ten connected devices? With IoT devices proliferating almost every aspect...

The post What’s in Your IoT Cybersecurity Kit? appeared first on McAfee Blogs.

]]>

Did you know the average internet-enabled household contains more than ten connected devices? With IoT devices proliferating almost every aspect of our everyday lives, it’s no wonder IoT-based attacks are becoming smarter and more widespread than ever before. From DDoS to home network exposures, it appears cybercriminals have set their sights on the digital dependence inside the smart home — and users must be prepared.

A smart home in today’s world is no longer a wave of the future, but rather just a sign of the times we live in. You would be hard pressed to find a home that didn’t contain some form of smart device. From digital assistants to smart plugs, with more endpoints comes more avenues bad actors can use to access home networks. As recently as 2018, users saw virtual assistants, smart TVs, and even smart plugs appear secure, but under the surface have security flaws that could facilitate home network exposures by bad actors in the future. Whereas some IoT devices were actually used to conduct botnet attacks, like an IoT thermometer and home Wi-Fi routers.

While federal agencies, like the FBI, and IoT device manufacturers are stepping up to do their part to combat IoT-based cyberattacks, there are still precautions users should take to ensure their smart home and family remain secure. Consider this your IoT cybersecurity kit to keep unwelcome visitors out of your home network.

  • When purchasing an IoT device, make security priority #1. Before your next purchase, conduct due diligence. Prioritize devices that have been on the market for an extended period of time, have a trusted name brand, and/or have a lot of online reviews. By following this vetting protocol, the chances are that the device’s security standards will be higher.
  • Keep your software up-to-date on all devices. To protect against potential vulnerabilities, manufacturers release software updates often. Set your device to auto-update, if possible, so you always have the latest software. This includes the apps you use to control the device.
  • Change factory settings immediately. Once you bring a new device into your home, change the default password to something difficult to guess. Cybercriminals often can find the default settings online and can use them to access your devices. If the device has advanced capabilities, use them.
  • Secure your home network. It’s important to think about security as integrated, not disconnected. Not all IoT devices stay in the home. Many are mobile but reconnect to home networks once they are back in the vicinity of the router. Protect your network of connected devices no matter where they go. Consider investing in advanced internet router that has built-in protection that can secure and monitor any device that connects to your home network.
  • Use comprehensive security software. Vulnerabilities and threats emerge and evolve every day. Protect your network of connected devices no matter where you are with a tool like McAfee Total Protection.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post What’s in Your IoT Cybersecurity Kit? appeared first on McAfee Blogs.

]]>
The Ultimate CyberParenting Hack – Managing Your Family’s Cybersafety with the help of your Wi-Fi Router! https://www.mcafee.com/blogs/family-safety/the-ultimate-cyberparenting-hack-managing-your-familys-cybersafety-with-the-help-of-your-wi-fi-router/ Tue, 26 Mar 2019 06:14:28 +0000 https://securingtomorrow.mcafee.com/?p=94788

Managing your family’s cybersafety can often feel overwhelming. But one thing I have learnt in my 22 years of parenting...

The post The Ultimate CyberParenting Hack – Managing Your Family’s Cybersafety with the help of your Wi-Fi Router! appeared first on McAfee Blogs.

]]>

Managing your family’s cybersafety can often feel overwhelming. But one thing I have learnt in my 22 years of parenting is that there are no silver bullets for any parenting issues. Whether it’s toilet training or driver training, it takes time and often a combination of strategies. Teaching your kids about online safety is no different. Yes, you need to put in the hard work and continue to have the conversations. BUT if it was possible to supplement the talking with some strategic parental controls and an automatic layer of cybersecurity, then I would consider that to be a parenting no brainer!

Well, this parenting no-brainer exists. Let me introduce you D-Link’s latest D-Fend Router which not only includes McAfee’s Secure Home Platform which automatically protects all your Wi-Fi connected devices but some pretty impressive parental controls too. And all this happens while users are delivered fast wireless connectivity with increased range and reliability. Awesome!

Being a First-Generation Digital Parent Is A Tough Gig

As a generation of parents, I believe we are the busiest yet. Not only are we juggling our brood of kids and their lives but many of us are also managing ageing parents, plus our own careers, relationships and social lives. And just to complicate things a little further, we are also the first generation of digital parents. Managing our kids and their fleet of devices comes with no guidebook or tried and tested generational wisdom, which makes our job even more complex. How easy did my parents have it – all they had to do was buy the Atari console in the 80’s!

But the job of a digital parent is only set to become more complex with Gartner estimating that by 2020 there will be 20.4 billion IoT devices operating in our world.

Many Parents Don’t Know Where To Start With Cyber Safety At Home

When I speak with parents about how they manage their kids and devices, there is a recurring theme – many parents know they need to be doing something to protect their kids from online risks, but they often don’t know where to start. As a result, nothing often happens. Research from McAfee confirms this too with almost a third of Aussies taking no steps at all to install security protection on either their own or their kids’ internet connected devices.

But there is no doubt that many parents are concerned about the risks. Research by Life Education in partnership with Hyundai Help for Kids shows that an overwhelming 95% of Aussie parents rated online safety as a very important issue which is very encouraging.

What Online Risks Concern Aussie Parents the Most?

Aussie parents have many concerns about the risks posed by the online world. I believe however, the following are the ones that increase parents’ blood pressure the most!

Screen time – The time our kids spend glued to screens is a huge concern for many Aussie parents. Whether you are concerned about ‘tech neck’, the growing rates of childhood obesity or simply, the lack of conversation at home – you would not be alone! Research by The Australian Institute of Family Studies shows that 12-13 year old Aussie kids are spending a whopping 3 hours a day in front of screens during the week and then 4 hours on the weekends. No wonder many parents are concerned.

Gaming – Recent research conducted by McAfee shows that some Aussie teens are spending up to 4 hours a day gaming. And while parents naturally worry about the opportunity cost associated with the time, their greater concern is around the risk of online grooming and of exposure to inappropriate and violent material.

Cyberbullying – This is the big one for many parents and rightly so. Cyberbullying can be absolutely devastating for victims. A quick google provides just far too many examples of young adults who have suffered significant psychological trauma or even lost their lives as a result of unchecked cyberbullying. Last year, our e-Safety Commissioner reported a 35% increase in cases of reported cyberbullying as compared to the previous year.

But Why Aren’t Parents Taking Action?

As a group of parents, there is no doubt we are concerned about screen time, gaming addiction, online grooming, and cyberbullying but many of us aren’t taking the necessary action to intervene and protect our kids. So, McAfee probed a little deeper in recent research and discovered that almost half of Aussie parents believe that their children can manage their own cyber safety from the age of just 10. Now, when my boys when 10, they were barely able to manage their own lunchboxes! So, this belief truly stuns me.

So, we have some parents who just don’t know where to start and others who believe it isn’t their responsibility. Regardless, there is clearly a need to take some decisive action to protect our kids from both online risks and problematic anti-social behaviours.

What Steps Can Parents Take Now to Protect Their Kids Digital Lives?

The good news is there are a few simple things parents can do to protect their kids and their growing fleet of internet connected devices. Here are my top tips:

  • Check a Device’s Security Track Record

Before buying any connected device, always research the brand and read reviews on a product’s security (or lack of). A quick web search will give you some pretty fast insight into the potential device’s security standards. Going with a notable brand that has a proven security track record is often the best option.

  • Always Change Default Settings, Use Strong Passwords & Enable Two-Factor Authentication

Default and weak passwords are the biggest threat to the security of internet connected devices. Hackers are very familiar with both default and obvious passwords which makes it super easy to access the data on your devices. Know these passwords and use them to access the data on your devices. If the thought of remembering several passphrases daunts you, go for a password manager. While a strong and unique password is a great place to start, enabling two-factor authentication on your devices and accounts will mean you’ll need to verify your identity with something that you (and only you) have access to. This is most commonly a mobile device, which ensures a higher-level of security.

  • Keep Your Devices Up To Date

Device software updates are often always designed to protect your device from recently discovered security bugs, vulnerabilities and threats. If you’re in the common habit of ignoring update notifications, turning on auto-update will ensure you apply these patches in real time and have maximum protection.

  • Invest in a Router that Protects Your Devices & Offers Parental Controls!

Investing in a Wi-Fi router with built-in protection like McAfee’s Secure Home Platform is one of the easiest ways of both managing and protecting your family’s fleet of devices. Not only does it automatically protect any device that connects to the Wi-Fi but it comes with some very strategic parental controls. So not only can you take back control and proactively manage your kids’ screen time but you can set up customised profiles to ensure they are visiting only suitable sites.

As a mum of 4, I believe that managing the risk in our kids’ cyber lives needs to be a genuine priority for us all. So, yes, let’s keep talking to our kids about online risks and the need to self-regulate our online behaviour. But, if we could also add in a later of automatic protection for our kids’ devices from McAfee’s Secure Home Platform and some savvy parental controls to ensure our kids are on track then I think that’s a pretty compelling parenting hack for us first generation digital parents!

Take Care

Alex xx

 

The post The Ultimate CyberParenting Hack – Managing Your Family’s Cybersafety with the help of your Wi-Fi Router! appeared first on McAfee Blogs.

]]>
How Safe is Your Child’s School WiFi? https://www.mcafee.com/blogs/family-safety/how-safe-is-your-childs-school-wifi/ Thu, 24 Jan 2019 03:15:43 +0000 https://securingtomorrow.mcafee.com/?p=93950

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily...

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.

]]>

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily life than the canteen!! And that is saying something…

You’d be hard pressed to find a child who rocked up to school without a device in their backpack in our digital age. The vast majority of schools have embraced the many positive learning benefits that internet-connected devices offer our kids. The traditional blackboard and textbook lessons that were confined to the four walls of the classroom are gone. Instead our kids can research, discover, collaborate, create and most importantly, learn like never before.

But in order for this new learning to occur, our kids need to be internet connected. And this is where school WiFi comes into play.

Do Parents Need to Be Concerned About School WiFi?

As parents, we have a responsibility to ensure our kids are safe and not at risk – and that includes when they are using the WiFi at school. Ideally, your child’s school should have a secure WiFi network but unfortunately, that doesn’t mean that they do. School budgets are tight and top-notch secure WiFi networks are expensive, so in some cases, security maybe jeopardised.

The other factor we shouldn’t ignore is that our batch of digital natives are very tech literate. The possibility that one of them may choose to cause some mayhem to their school WiFi network should also not be ignored!!

At the end of the day, the security of a WiFi network is all about whether it has tight access controls. If it allows only approved devices and people to connect via a secure login then it is more secure than public WiFi. However, if it is open to anyone or easy for anyone to connect to it, then you need to treat it like public WiFi.

What Are the Risks?

An unsecured school WiFi network is as risky as public WiFi which, according to the Harvard Business Review, is as risky as rolling a dice,

Students and staff who use an unsecured WiFi network are at risk of receiving phishing emails, being the victim of a ransomware attack or even having their data or personal details stolen. There is also a risk that the entire school’s operations could be disrupted and possibly even closed down through a DDOS – a Denial of Service Attack.

What Can Parents Do to Ensure Their Kids Are Safe Using School WiFi?

There are several steps parents can take to minimise the risks when their offspring use school WiFi.

  1. Talk To Your School

The first thing to do is speak to your child’s school to understand exactly how secure their network is. I’d recommend asking who has access to the network, what security practices they have in place and how they manage your child’s private data.

  1. Install Security Software

Operating a device without security software is no different to leaving your front door unlocked. Installing security software on all devices, including smartphones, will provide protection against viruses, online threats, risky websites and dangerous downloads. Check out McAfee’s Total Protection security software for total peace of mind!

  1. Keep Device Software Up To Date

Software updates are commonly designed to address security issues. So ensuring ALL your devices are up to date is a relatively easy way of minimising the risk of being hacked.

  1. Schedule Regular Data Back Up

If you are the victim of a ransomware attack and your data is backed up then you won’t even have to consider paying the hefty fee to retrieve your (or your child’s) data. Backing up data regularly should be not negotiable however life can often get in the way. Why not schedule automatic backups? I personally love online backup options such as Dropbox and Google Drive however you may choose to invest in a hard drive.

  1. Public Wi-Fi Rules?

If after talking to your school, you aren’t convinced that your child’s school WiFi network is secure, then I recommend that your kids should treat it as if it was public WiFi. This means that they should NEVER conduct any financial transactions using it and never share any personal details. But the absolute best way of ensuring your child is safe using an unsecured WiFi network, is to use a Virtual Private Network (VPN). A VPN like McAfee’s Safe Connect creates an encrypted tunnel so anything that is shared over WiFi is completely safe.

As a mum of 4, I am very keen to ensure my kids are engaged with their learning. And in our digital times, this means devices and WiFi. So, let’s support our kids and their teachers in their quest for interactive, digital learning but please don’t forget to check in and ensure your kids are as safe as possible while using WiFi at school.

Take Care

Alex xx

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.

]]>
5G Is Coming: Security Risks You Need to Know About https://www.mcafee.com/blogs/mobile-security/5g-security-risks-you-need-to-know/ Tue, 22 Jan 2019 19:08:43 +0000 https://securingtomorrow.mcafee.com/?p=93911

The future of connectivity is here ­– 5G. This new network is set to roll out across the nation this...

The post 5G Is Coming: Security Risks You Need to Know About appeared first on McAfee Blogs.

]]>

The future of connectivity is here ­– 5G. This new network is set to roll out across the nation this coming year and bring greater speed to our handheld devices, which means more data and lower latency. But perhaps one of the most anticipated and popular benefits is it will allow even more IoT devices to come online and encourage more connection between said devices. This would enable users to remotely connect to or monitor their IoT devices like kitchen or security gadgets. The promise of more connectivity, smoother IoT user experience, and even more devices online, means there are likely more opportunities and avenues for cyberattacks. 5G will no doubt shape the foreseeable future, let’s see how.

Today, interconnected devices operate on low-powered, low-data-rate networks, such as Cat-M and NB-IoT. With the introduction of 5G networks across the world, the capabilities of VR and AR, AI and ML, and automation and robotics will enhance immensely. Take self-driving cars, for example. These machines require close proximity to their computing to reduce the latency of decision making. The capabilities of 5G don’t end there either. From manufacturing, transportation and logistics, to public safety and the establishment of smart cities, industries are at the ready to take their business to the next level with 5G. With this newfound growing anticipation for the future of 5G, the question has to be asked, what are the security implications for smaller IoT devices?

From an innovation standpoint, 5G is a beacon of light, but from a cybersecurity standpoint, 5G is a “hotbed for a new era of intensified cyberwar.” Denial-of-service attacks, or DDoS, are particular causes of concern for cybersecurity researchers. Devices like refrigerators, thermometers, even light bulbs, will be able to come online because of 5G. Users will be able to remotely check on these appliances through a simple app, but these devices can also be usurped by malicious characters. This increased connectivity and power could see big name sites down for days, or even affect city utility capabilities. Government agencies and private entities are not immune either, but they do have plans in place in the event a DDoS attack occurs.

While consumers can only wait and see what happens with the rollout, industries across the board will want to harness the benefits of 5G. However, consumers and organizations alike need to be cautious in terms of how 5G could be used to help, or hinder, us in the future. Rest assured, even if malicious actors utilize this technology, McAfee’s security strategy will continue to keep pace with the ever-changing threat landscape.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post 5G Is Coming: Security Risks You Need to Know About appeared first on McAfee Blogs.

]]>
How to Get Technology Working for You This Christmas https://www.mcafee.com/blogs/family-safety/how-to-get-technology-working-for-you-this-christmas/ Thu, 20 Dec 2018 09:10:32 +0000 https://securingtomorrow.mcafee.com/?p=93320

Harnessing the power of the internet and technology this Christmas may just be what you need to get over this...

The post How to Get Technology Working for You This Christmas appeared first on McAfee Blogs.

]]>

Harnessing the power of the internet and technology this Christmas may just be what you need to get over this extraordinarily stressful period. While many of you maybe all sorted for the big day, there are still many of us who aren’t.

Many of us are still attending daily Christmas gatherings, still working, still trying to entertain kids, shop & most importantly, work out what we are going to serve to 25 people on Christmas day!!

So, let me share with you my top tips on how we can all use the wonders of the internet and technology to get through:

  1. E-Cards

If you haven’t done these yet – and let’s be honest very few do now – then scrap this idea immediately. But if your guilt just can’t be silenced then check out ecards. I personally love Smilebox but Lifewire has put together a list of the top ecard sites. But remember, always use a reputable site so your recipients as more likely to open them. Cybercrims have been known to send unsuspecting recipients ecards with the aim of trying to extract their personal information.

  1. Online Gift Shopping

Getting to the bottom of the Christmas gift list takes time. So, if you still have presents to buy then avoid the crowds and get online. There are still plenty of retailers who are guaranteeing delivery before Christmas. So, make yourself a cup of tea and set the timer for an hour. You’ll be surprised how much you can get done when you have a deadline! Finder.com has put together a list of the top 50 Australian shopping sites – check it out! I do have to disclose I have a soft spot for Peter’s of Kensington, Country Road and Myer online. Great service and speedy delivery!

But please remember to observe safe online shopping habits. Only buy from trusted retailers, look for a padlock at the start of a web address to ensure transactions are encrypted, avoid offers that are ‘too good to be true’ and don’t ever use public Wi-Fi to do your shopping.

  1. Get Some Extra Help Online

If you haven’t yet used Airtasker to help you work through your to-do list, then you need to start ASAP. Airtasker brings jobs and helpers together in an easy to use app. If your house needs a clean or the garden needs a makeover before the relatives arrive, then log on and create a job and wait for Airtaskers to bid on it. So easy!

  1. Create an Online To-Do List

There’s nothing like a bit of planning to reduce pressure. Why not create a to-do list in Google Docs or an Excel spreadsheet to identify which family member is responsible for what on the big day? Alternatively, you could create your to-do list in an app like Todoist and then send each person’s task directly to their inbox? Very organised indeed!

So, let’s all take a deep breath. Christmas 2018 is going to be fantastic. Let’s get technology working for us so we can get through our to-do lists and be super parents – even though we all know they just don’t exist!

Merry Christmas

Alex xx

The post How to Get Technology Working for You This Christmas appeared first on McAfee Blogs.

]]>
McAfee Labs 2019 年威胁预测 https://www.mcafee.com/blogs/consumer/mcafee-labs-threats-report-examines-cybercriminal-underground-iot-malware-other-threats-2/ Tue, 11 Dec 2018 22:24:46 +0000 https://securingtomorrow.mcafee.com/?p=93055

以下内容是对 2019 年安全威胁的预测分析,由 Eoin Carroll、Taylor Dunton、John Fokker、German Lancioni、Lee Munson、Yukihiro Okutomi、Thomas Roccia、Raj Samani、Sekhar Sarukkai、Dan Sommer 和 Carl Woodward 共同撰写。 2018 年即将进入尾声,在这一年,尽管...

The post McAfee Labs 2019 年威胁预测 appeared first on McAfee Blogs.

]]>

以下内容是对 2019 年安全威胁的预测分析,由 Eoin Carroll、Taylor Dunton、John Fokker、German Lancioni、Lee Munson、Yukihiro Okutomi、Thomas Roccia、Raj Samani、Sekhar Sarukkai、Dan Sommer 和 Carl Woodward 共同撰写。

2018 年即将进入尾声,在这一年,尽管 GandCrab 和 SamSam 勒索软件的新型变种不断兴风作浪,各种威胁恣意猖獗,但是勒索软件并没有呈现出横行泛滥的气候,或许,我们应该对此心存感激。在预测分析 2019 年的安全威胁时,我们的作法一改过去只评估某种特定威胁的兴起或衰败,取而代之,我们更加关注从当前的网络犯罪中观察到的种种迹象,这些迹象可能会逐渐形成趋势,若不严加防范,势必会演变成实质性的威胁。

根据我们的观察,网络犯罪分子越来越倾向于利用地下市场实施抱团作案,以此来提高其产品的效能。多年来,网络犯罪分子一直以这种方式联合作案;预计在 2019 年,这种地下市场经济必将扩张。有鉴于此,安全行业与勒索软件开发者之间的猫鼠游戏也会愈演愈烈,安全行业需要采取比以往更快、更有效的应对措施。

社交媒体进入我们的日常生活已十年有余。最近,一些民族国家罔顾声誉,利用社交媒体传播虚假信息。2019 年,我们预计犯罪分子将会开始借用这样的手段来谋取私利。同样,随着物联网逐渐走进千家万户,犯罪分子会将这些家庭中的设备作为攻击对象,借此收敛钱财。

有一点是可以肯定的:我们对技术的依赖已经渗透到生活的方方面面。有报告显示,因身份验证平台遭到破坏,多达 5000 万的用户为此而受到影响。现如今,一旦某个平台遭到入侵,受影响的决不再仅仅是这一个平台。一切皆有联系,只有当您与外界的关联越来越少时,所处的环境才会愈发安全。哪些与外界关联最弱的环境会遭受攻击?这将是我们日后面临的问题。

—Raj Samani,McAfee Advanced Threat Research 团队成员和首席科学家

Twitter @Raj_Samani

 

预测

地下网络犯罪分子将整合力量,建立更多联盟,以助推多种威胁的发展

未来,规避技术将应用人工智能

协同作用的威胁会成倍增长,我们需要采取综合的应对措施

虚假信息、敲诈型活动将危害企业的品牌形象

数据渗漏式攻击将瞄准云

IoT 设备中,语音控制的数字助理将成为下一个攻击目标

网络犯罪分子将增加对身份验证平台的攻击,边缘设备将成为围攻对象

 

地下网络犯罪分子将整合力量,建立更多联盟,以助推多种威胁的发展

地下黑客论坛和聊天小组已成为网络犯罪分子的交易市场,他们可以在那里购买恶意软件、漏洞利用工具包、僵尸网络和其他违禁产品/服务。有了这些现成的产品,犯罪分子,不论其经验和技术如何,都可以轻松地发起攻击。我们预计在 2019 年,地下网络犯罪市场将进行整合,一批为数不多但更具实力的“malware-as-a-service”(恶意软件即服务)团体会随之应运而生,他们彼此之间将开展积极的合作。伴随这些恶意软件团队的日益壮大,加密货币挖掘手段将变得更加复杂,新漏洞会快速得以利用,移动设备恶意软件、盗取信用卡和凭据的事件也将增加。

我们预计会有更多的分支机构加入到大型的恶意软件家族中,这是因为大型团队易于运作,并且与其他重要的顶级服务(包括漏洞利用工具包、加密服务、比特币混合器和抵御防恶意软件服务)建立了战略联盟。例如,我们在两年前就看到许多大型勒索软件团体招募附属机构。另外,我们还注意到尽管各类勒索软件层出不穷,但最终只有少数几个存活下来,这是因为与大型勒索软件品牌相比,绝大多数的勒索软件都无法吸引到足够多的业务;而且大型勒索软件在感染率和运作及财务安全方面更具优势。当前,这些大型勒索软件家族正大肆宣传其产品;作为实力强大的品牌(请参阅 GandCrab),并且与其他顶级服务(例如,洗钱或可规避检测的恶意软件)结盟,它们的业务可谓“蒸蒸日上”。

地下交易之所以能成功,是因为它们在基于信任的系统中运作。这或许和“盗亦有道”不是一回事,但是,犯罪分子在地下论坛的小圈子里似乎会有一种安全感,深信自己可以安然无恙。我们过去曾见识过这种信任感,例如,在本世纪的头十年,信用卡支付日渐兴起,这成为网络犯罪的主要源头,直到警察重拳出击,方才打破了这种信任模式。

随着终端检测技术日益强大,具有安全漏洞的远程桌面协议 (RDP) 将成为网络犯罪分子的新目标。根据我们的预测,在 2019 年,恶意软件,尤其是勒索软件,将会越来越多地使用 RDP 作为发起病毒感染的入口。当前,除了勒索软件之外,大多数地下市场的商家还极力宣传 RDP 访问权限所具有的其他用途,RDP 通常可用作获取 Amazon 帐户访问权限的手段,或用作盗取信用卡的代理。实施针对性攻击的勒索软件团体以及“勒索软件即服务”(RaaS) 模型都将利用 RDP,我们已经见识过采用这种策略,达到掩人耳目、成功发起攻击的案例。攻击者先寻找存在 RDP 薄弱环节的系统,接着使用勒索软件攻击这个系统,然后通过网络使用“因利乘便”的技术或蠕虫功能 (EternalBlue) 传播勒索病毒。有证据表明,GandCrab 的编写者已经开始处理 RDP 选项。

此外,根据我们的预测,与加密货币挖掘相关的恶意软件会变得更加复杂,它们可以根据攻击对象计算机上使用的处理硬件 (WebCobra) 以及特定货币在给定时间内的价值,来选择要挖掘哪一种货币。

我们预测在明年,从发现漏洞开始,到利用该漏洞实施攻击,这其中的时间期限会变得越来越短。我们注意到网络犯罪分子在其产品开发过程中变得日益敏捷,这已然成为一种趋势。网络犯罪分子会从在线论坛以及“通用漏洞披露”(Common Vulnerabilities and Exposures) 数据库中收集漏洞数据,并将这些数据添加到其开发的恶意软件中。我们预计在将来,网络犯罪分子有时只需一天、甚至几个小时的时间,就可以对软件和硬件的最新漏洞发起攻击。

此外,围绕移动设备恶意软件的地下讨论将会有所增加,讨论主要是针对 Android 移动设备,具体内容涉及僵尸网络、银行诈骗、勒索软件,以及双重身份验证安全措施的规避手段。移动手机为网络犯罪分子提供了大量的可趁之机,这是因为网络犯罪分子可以从手机中窃取大量敏感信息(例如,银行帐户),有鉴于此,移动平台的“利用”价值当前其实是被低估了。

与此同时,信用卡诈骗和窃取信用卡信息的现象将会屡见不鲜,其中,犯罪分子会把更多的注意力转向针对大型电子商务网站第三方支付平台的在线窃读操作。在这些电子商务网站上,犯罪分子可以悄无声息地一次性窃取成千上万个新注册信用卡的详细信息。不仅如此,犯罪分子现在还可以通过社交媒体来利用毫不知情的用户;用户在转运货物或提供金融服务时,其实就有可能是在帮助犯罪分子实施犯罪行为,但是用户对此却一无所知。

考虑到近日大规模的数据泄露以及用户在使用密码时的不良习惯,我们预测“窃取凭据”这个市场会进一步扩张。例如,随着数据遭到泄露,出售选民记录和黑客攻击电子邮件帐户等行为就会接踵而至。这些攻击每天都在发生。

—John Fokker

 

未来,规避技术将应用人工智能

为了提高成功概率,攻击者一直都在使用规避技术来绕过安全措施,并避免接受检测和分析。打包程序、加密程序以及其他规避工具,都是攻击者工具库中的常用组件。实际上,协助犯罪活动的产品和专属服务已经形成了一个完整的地下经济。由于犯罪分子现在可以轻松地将攻击活动中的关键部分外包给他人,我们预测在 2019 年,规避技术会因为应用人工智能而变得更加敏捷。想想看,抵御防病毒软件的技术现在是不是已经很普遍了?然而,这只是开始。

2018 年,我们见识了新型的进程注入技术,例如 SynAck 勒索软件使用的“Process Doppelgänging”代码注入技术,以及 RigExploit Kit 提供的 PROPagate 注入技术。在应用人工智能等技术后,规避技术将可以进一步规避安全保护措施。

不同的恶意软件使用不同的规避技术

根据我们的观察,2018 年出现了新型威胁,例如,可以从遭受感染的计算机中劫持资源的加密货币挖掘程序。而且每一种威胁都伴随着新发明的规避技术:

  • 加密货币挖掘:挖掘程序可实施一系列规避技术。例如,WaterMiner 挖掘程序可以在攻击对象运行“任务管理器”或防恶意软件扫描时,立即停止其挖掘进程。
  • 漏洞利用工具包:常见的规避技术包括进程注入(即操纵内存空间)和添加任意代码。内存注入是为了在交付过程中规避检测而常用的一种感染方式。
  • 僵尸网络:可同时感染数千台计算机的大型僵尸,通常使用网络代码混淆或反-反汇编技术。2018 年 5 月,我们发现 AdvisorsBot 使用垃圾代码、虚假条件指令、XOR 加密,甚至使用 API 哈希算法。由于僵尸网络倾向于广泛传播,程序编写者实施了多种规避技术来减缓逆向工程的速度。此外,编写者还使用了混淆机制,模糊僵尸网络与控制服务器之间的通信。犯罪分子可使用僵尸网络来实施各种不法活动,例如 DDoS-for-Hire(雇佣黑客发起 DDoS 攻击)、各种代理、垃圾邮件或其他恶意软件交付。为了避免或延迟僵尸网络遭到清除,规避技术已成为犯罪分子不可或缺的手段。
  • 高级的持续性威胁:攻击者通常使用在地下网络犯罪市场购买的盗用证书,发起具有针对性的攻击,并绕过防恶意软件检测。攻击者还会使用风险级别较低的恶意软件,例如 Rootkit 或基于固件的威胁。例如,2018 年 ESET 发现了首个 UEFI Rootkit,即 LoJax。此外,安全研究人员还发现犯罪分子使用了具有破坏性的反取证技术:OlympicDestroyer 恶意软件攻击了奥林匹克运动会组织,并且为了规避调查而抹除了事件日志和备份。

人工智能将成为新一代武器

近年来,我们观察到恶意软件企图使用规避技术来绕过机器学习引擎。例如,2017 年,Cerber 勒索软件通过在系统中投放合法文件来欺骗对文件进行分类的引擎。2018 年,PyLocky 勒索软件使用 InnoSetup 打包恶意软件,以此来规避基于机器学习的检测。

显而易见,犯罪分子已将规避人工智能引擎检测列入其待办事项清单;不仅如此,犯罪分子还可能会将人工智能应用于开发恶意软件。根据我们的预测,规避技术将开始利用人工智能来自动选择攻击目标,或者将先使用人工智能检查受感染的环境,然后再部署后续行动,进而规避检测。

这将导致威胁领域发生翻天覆地的变化。我们预测人工智能不久便会成为犯罪分子的新武器。

—Thomas Roccia

 

协同作用的威胁会成倍增长,我们需要采取综合的应对措施

在这一年,我们观察到各种网络威胁正在以前所未有的速度不断发展、不断演变。我们注意到勒索软件变得更加有效,它还可以充当烟雾弹使用。另外,比勒索软件更有效、更可靠,投资回报率更高的 Cryptojacking(加密货币劫持)攻击开始迅速蔓延。我们还看到,网络钓鱼技术日益强大,并且能够找到可加以利用的新漏洞。此外,我们也注意到无文件和“因利乘便”式的威胁比以往任何时候都更加狡猾、更擅于规避;我们甚至还看到了针对平昌奥运会推广活动的潜伏型隐写恶意软件。我们预测在 2019 年,攻击者将越来越倾向于整合各种手段,创建可从多方面协同攻击的安全威胁。

还有比这更糟糕的吗?

通常情况下,不法分子会集中精力,使用一种威胁来发起攻击。为了确保能够发起有效的攻击并成功规避检测,不法分子通常会集中精力,一次只开发一种威胁,并不断进行完善。当不法分子成功实施攻击后,该攻击将被划分为恶意软件、加密货币劫持、数据渗漏等,而且与之抗衡的防御措施也会相继出台。届时,这种攻击的成功概率将大幅缩减。然而,如果某种攻击非常复杂,其中涉及到 5 项协同合作的顶级威胁技术,那么制定相应的防御措施就会变得十分困难。尝试识别攻击并缓解攻击产生的影响,就成为了一件颇具挑战的事情。由于无法确定最终的攻击目标,而且各个威胁都在攻击链中发挥了作用,所以分析人员在面对各个威胁的详细信息时,可能会感到无从下手。

不法分子之所以能够实现协同威胁,其中一个原因便是他们在不断地发展技术基础设施、工具包和可重复利用的威胁工具,进而提高自身的技能。随着攻击者有组织地开展活动,并逐步形成黑市业务模型,他们现在可以集中精力增强和完善先前已构建的业务板块。通过这种策略,攻击者能够整合多种威胁技术,以实现其目标,而不是仅仅依赖于其中的一种技术。

示例胜过千言万语

设想一下,某个攻击最初是一种网络钓鱼威胁,它不是常见的使用 Word 文档发起的促销活动,而是一种新型的网络钓鱼技术。这封网络钓鱼电子邮件包含一个视频附件。打开该视频时,系统提示您的视频播放器无法播放,并提醒您更新编解码器。当您运行此更新时,系统上将会部署一个隐写的多语言文件(一个简单的 GIF 文件)。因为该 GIF 文件是一个多语言文件(可同时遵循多种格式的文件),所以可安排一项任务,即提取在遭受入侵的系统上托管的无文件脚本。该脚本在内存中运行,用来评估和分析您的系统,并确定是要在您的系统上运行勒索软件还是加密货币挖掘程序。此时发挥作用的其实是一种危险的协同型威胁。

这种攻击让您产生了许多疑问:您面对的是什么威胁?是网络钓鱼 2.0 版?是隐写软件?是“因利乘便”式的无文件攻击?是加密货币劫持?还是勒索软件?实际上,您要同时面对以上所有的威胁。

上述示例虽然复杂但实际上是可以实现的,它充分表明为了检测或解决某个攻击,我们或许不能只关注一种威胁。如果您执意要将攻击划分到某个特定的类别,则有可能无法窥探全局,进而无法找到有效的解决方法。即使在中途成功阻截了攻击,但是为了抵御日后的攻击,仍有必要了解攻击的起始阶段和结束阶段。

保持好奇,保持创新,整合防护措施

要解决基于协同威胁的复杂攻击,我们需要对每种威胁怀着质疑和探询的态度。如果这次勒索软件攻击只是冰山一角呢?如果此封网络钓鱼电子邮件可以演变为一种新型技术,而安全人员尚未接受相关技术的培训,我们该怎么办?如果我们没有发现此次攻击的真实目标呢?

牢记这些问题不仅有助于全面了解攻击事件,而且还有助于找到最有效的安全防护解决方案。我们预测犯罪分子将会进一步整合各种攻击工具,然而与此同时,我们也同样可以整合安全防御工具。

—German Lancioni 和 Carl Woodward

 

网络犯罪分子使用社交媒体虚假信息、敲诈型促销活动,危害企业的品牌形象

“选举的背后有人操纵,虚假新闻泛滥,社交媒体用户实际上全部都是外国政府操控的机器人。”上述言论至少反映了人们在一些情况下的真实感受。如果说社交媒体公司近年来麻烦一直不断,那么这种说法或许有些过于轻描淡写。在此期间,随着自动帐户信息遭到窃取,广告手段日新月异,僵尸网络帐户伪装得越来越合法,一场猫鼠游戏拉开了帷幕。根据我们的预测,2019 年,犯罪团伙而不是民族国家活动分子将利用社交媒体发布更多的虚假信息和敲诈型促销活动,而品牌将成为主要的攻击对象。

民族国家将利用机器人阵营来传播信息或操纵舆论,机器人在其中发挥的作用不容小觑。机器人通常会阐述事件的正反两面,借此激发讨论,这种手段屡试不爽。机器人操作者能够使用某种机制来增加支持人数并测试信息(包括井号标签),进而确定成功率;由此可见,机器人操作者真实了解如何在重大事件上引导公众舆论。

例如,一个仅创建 2 周的帐户在获得 279 位粉丝(其中大多数粉丝是由其他机器人扮演)后,开始对某个组织发起恶意骚扰活动。短短 4 周,这个帐户仅通过推送有关其攻击对象的恶意内容,就获得了 1,500 位新粉丝。

旨在操纵公众舆论的活动已经被详细记录下来,从中可以看出,机器人非常精通于操控对话,进而倡导特定的意图或立场。根据我们的预测,明年网络犯罪分子将故技重施,不过,他们的目的将会是通过危害企业品牌来进行勒索。因此,企业将面临重大威胁。

—Raj Samani

数据渗漏式攻击将瞄准云

过去两年内,企业广泛采用了“软件即服务”业务模型(例如 Office 365),以及“基础设施即服务”和“平台即服务”云业务模型(例如 AWS 和 Azure)。在这种情况下,当前越来越多的企业数据将存储在云中。为此,我们预计 2019 年针对云数据的攻击会大幅增加。

随着 Office 365 的采用率日渐加大,我们已经注意到出现了大量针对此项服务的攻击,尤其是入侵电子邮件的这类攻击。McAfee 云团队曾披露了一种名为 KnockKnock 的僵尸网络威胁,这种威胁专门攻击通常不采用多重身份验证的系统帐户。此外,我们还注意到有犯罪分子利用开放授权标准中信任模型存在的安全漏洞。俄罗斯网络间谍组织 Fancy Bear 曾发起过数据渗漏式的网络钓鱼攻击,该组织使用伪造的 Google 安全应用程序来获取用户数据的访问权限。

同样地,由于 Amazon S3 存储桶配置不当,近几年来也发生了很多重大的配置文件数据泄露事件。这些数据泄露事件显然不能归咎于 AWS。根据责任共享模型,客户有责任正确配置 IaaS/PaaS 基础设施,并采取适当措施保护其企业数据和用户访问权限。但是事情并非这么简单,很多配置不当的存储桶的所有者并不是遭受攻击的企业,而是位于其供应链中的供应商。在获取了大量开放存储桶和凭据的访问权限后,不法分子会越来越倾向于选择容易攻击的目标。

据 McAfee 发现,在云中存储的所有数据中,有 21% 的数据属于敏感数据,例如知识产权、客户数据和个人数据(请参阅McAfee 云应用和风险报告》。去年,共享此类数据的用户数增加了 33%,这让网络犯罪分子知道了如何找到更多的攻击目标:

  • 瞄准保护力薄弱的 API 或未经治理的 API 终端,发起云原生攻击,以访问 SaaS 及 PaaS 和无服务器的工作负载中的数据
  • 对云数据库(PaaS 或 IaaS 中部署的自定义应用程序)中的数据加大侦测和渗漏,将 S3 数据渗漏方式扩展到数据库或数据湖中的结构化数据
  • 利用云作为跳板,发起云原生攻击(例如,可利用公开可写入的 S3 存储桶的 GhostWriter,这个安全漏洞是因为客户配置不当引起的),这种攻击是在中途发起的,是将加密货币劫持或勒索软件攻击整合到 MITM 攻击的其他变体中

Sekhar Sarukkai

IoT 设备中,语音控制的数字助理将成为下一个攻击目标

随着技术爱好者不断地在家中安装智能设备,从插头到电视,从咖啡机到冰箱,从运动传感器到照明等等,入侵家庭网络的方式正快速增多,尤其是考虑到许多 IoT 设备尚未得到足够的安全保护。

但是,明年,语言控制数字助理将成为入侵家庭网络的主要入口,因为此类设备在一定程度上就是为集中管理家中所有 IoT 设备而设计的。由于数字助理的销量在上涨,而且有可能会在休假旺季暴增,网络犯罪分子将会倾向于利用数字助理来入侵网络中其真正感兴趣的设备,这种趋势日后绝对会越来越明显。

现在,语音助理市场方兴未艾,许多品牌仍在以各种方式抢占市场,究竟哪种设备将得到广泛使用还尚不可知。如果某种设备在市场上占据了主导位置,那么在其隐私问题得到全面细致的审核之前,媒体或许就会迫不及待地详细剖析这种设备的安全性能。

(我们去年就曾强调,隐私是家用 IoT 设备的首要考虑因素。虽然隐私今后仍然会是一个考虑因素,但是网络犯罪分子会将更多的精力投入到开发僵尸网络、发起勒索,以及威胁家庭和企业的财产安全。)

网络犯罪分子将不会错过这个控制家用设备或办公设备的机会,与语音助理市场的获胜者相比,犯罪分子将在语音助理的程序中写入完全不同的内容,他们将写入恶意代码,进而攻击 IoT 设备以及因获取了大量授权而能够与这些设备交流的数字助理。

智能手机早已成为实施攻击的入口。2019 年,智能手机很有可能会犯罪行为提供更多机会。2016 年首次爆发的 Mirai 僵尸网络,以及 2017 年的 IoT Reaper,都向我们展示了网络犯罪分子可以对未受保护的设备实施的攻击。这些 IoT 恶意软件能以多种不同形式呈现,可以攻击多种联网设备,例如路由器、网络视频录像机和 IP 摄像头。这些恶意软件还可以破解密码并利用已知的安全漏洞来扩大其攻击范围,进而在全球范围内构建机器人网络。

根据我们的预测,在明年,路由器和智能手机/平板电脑将成为家用 IoT 设备攻击的两大主要对象。Mirai 僵尸网络已经证明了路由器缺乏安全性。智能手机已经可以用来监控家用设备,因此将会成为网络犯罪分子的主要攻击目标,网络犯罪分子将利用当前技术以及新技术来感染智能手机,进而取得控制权。

恶意软件编写者将利用已成为受信任控制器的手机和平板电脑,通过破解密码和利用安全漏洞,来控制 IoT 设备。由于网络流量来自于受信任的设备,所以这种攻击不会引起怀疑。基于这种情况,攻击的成功概率将提升,而且攻击路线难以确定。受感染的智能手机可能会引发另外一种攻击,即劫持路由器上的 DNS 设置。现在,犯罪分子也能够轻松利用移动设备应用程序和云应用程序中的安全漏洞,不过,智能手机仍是犯罪分子的核心目标。

受感染的 IoT 设备将产生僵尸网络,进而发起 DDoS 攻击并盗取个人数据。更加复杂的 IoT 恶意软件可以利用语音控制数字助理来隐藏其可疑活动,进而成功规避用户和家庭网络安全软件的检测。犯罪分子可以通过用户语音命令(“播放音乐”和“今天的天气如何”等等)实施不法活动,例如开门和连接到控制服务器。不久后,我们或许会听到受感染的 IoT 设备发出指令:“助手!打开后门。”

—Lee Munson Yukihiro Okutomi

  

网络犯罪分子将增加对身份验证平台的攻击,边缘设备将成为围攻对象

2018 年,身份验证平台(一种集中式管理平台,可以对 IT 环境中的所有用户、设备和服务进行身份安全验证和授权)出现大规模数据泄露,此类事件已有详细记录。与此同时,犯罪分子还在反复使用被盗取的数据,进一步侵害受害者的权益。2019 年,我们预计大规模的社交媒体平台将会实施更多安全措施,以保障用户的信息安全。但是,由于社交媒体平台日益增多,而且其存储着大量数据,我们预测犯罪分子会投入更多的资源来攻击此类平台。因此,犯罪分子与大型社交媒体平台之间的博弈将成为下一个主战场。

旨在攻击工业控制系统 (ICS) 的 Triton 恶意软件已表明,犯罪分子能够通过其临近的 IT 环境远程攻击生产环境。由于生产环境中普遍使用静态密码,而且边缘设备因为设计限制而不具备安全系统要求,因此入侵身份验证平台和“边缘设备”日后将成为犯罪分子发起远程 ICS 攻击的关键。(边缘设备是指 IoT 产品中任何可连接到网络的系统硬件或协议。)在愈演愈烈的对抗中,我们预测多重身份验证和智能身份技术将成为保护安全的最佳方式。此外,我们还预测智能身份技术将与多重身份验证互为补充,共同用于增强身份验证平台的安全保障。

身份验证是保障 IoT 设备安全的一个基本要素。在 IoT 生态系统中,设备和服务必须能够安全地识别出受信任的设备,进而才能忽略其他不受信任的设备。身份验证模型已经从传统 IT 系统中的“以用户为中心”发展到 IoT 系统中的“以机器中心”。但遗憾的是,由于运营技术的集成以及“边缘设备”在设计上存在的不安全因素,IoT 信任模型是以假设信任和基于边界的安全模型为基础的,而这种模型安全性较差。

在 2018 年美国 BlackHat 大会和 DEFCON 大会上,举办了 30 场有关 IoT 边缘设备安全漏洞的讨论。与 2017 年相比,增加了许多围绕这个主题的讨论内容(2017 年开展了 19 场讨论)。人们对这个主题的关注更多地体现在 ICS、消费者、医疗和“智能城市”等方面。(参见图 1。)凭借智能边缘设备和高速连接能力,IoT 生态系统日益壮大,但是在快速发展的同时,IoT 生态系统的安全性遭受到了威胁。

1:随着未受到足够保护的设备面临日益增多的威胁,以 IoT 设备安全性为主题的会议数量有所增加。

由于大多数 IoT 边缘设备不提供自我防御(隔离关键功能、内存保护、固件保护、最低权限或默认安全级别),因此只需成功利用一个安全漏洞,即可完全控制该设备。由于在多种设备类型和同一种设备的不同位置中使用不安全组件,IoT 设备还会遭受“一旦突破,即可到处使用”这类攻击。(请参阅有关 WingOS逆向工程的文章)。

McAfee Advanced Threat Research 团队的工程师们展示了不法分子可以如何利用医疗设备协议实施危害生命健康的行为,并通过假设信任模型侵犯病人隐私。这些例子只是冰山一角,因此我们有理由相信犯罪分子将选择 IoT 边缘设备作为其入侵的主要途径,因为这是实现其目标最顺畅的途径。在过去十年,我们加强了服务器的安全,但是在 IoT 硬件方面,做得还远远不够。在了解犯罪分子的动机和可趁之机(攻击入口和访问能力)后,我们可以跳出特定攻击的局限,确定一系列普遍适用的安全要求。

图 2 对 IoT 边缘设备中安全漏洞类型进行了细分,并着重突出了可通过在边缘硬件设备中构建身份验证管理和完整性筛查功能来解决的安全薄弱点,这些功能可确保 IoT 边缘设备能够抵御攻击。

2:不安全的协议是攻击 IoT 边缘设备的主要入口。

为保障 IoT 安全,我们必须从零信任模型入手,使用硬件信任根源作为核心构建板块,进而抵御黑客攻击和其他威胁。鉴于智能城市的兴起以及 ICS 活动的增多,McAfee 预测 2019 年,针对身份验证平台和 IoT 边缘设备的入侵攻击将会增加。

 

—Eoin Carroll

The post McAfee Labs 2019 年威胁预测 appeared first on McAfee Blogs.

]]>
Holiday Stress Can Make You More Careless Online https://www.mcafee.com/blogs/family-safety/holiday-stress/ Thu, 15 Nov 2018 01:59:36 +0000 https://securingtomorrow.mcafee.com/?p=92727

Holiday stress. Every year, come November, my resting heart rate starts to rise: the festive season is approaching. Not only...

The post Holiday Stress Can Make You More Careless Online appeared first on McAfee Blogs.

]]>
Holiday stress. Every year, come November, my resting heart rate starts to rise: the festive season is approaching. Not only is there so much to do but there’s so much to spend money on. There are presents to purchase, feasts to prepare and party outfits to buy. Throw in a holiday to fill the long Summer break, and both the credit cards and my stress levels are starting to rapidly increase!

Holiday Financial Stress Results in Poor Decision Making Online

But did you know that this stress can affect our online safety? Research conducted by McAfee shows that almost 80% of us believe the holiday period causes financial stress. And nearly half of us (46%) believe the stress of the holiday season can cause us to behave carelessly online.  Risky behaviours can put our online safety at risk. For instance, using public Wi-Fi to snag a last-minute purchase. Or buying something from an unfamiliar website because it’s cheaper.

Aussie Shoppers Love an Online Bargain 

In 2017, Aussies spent a record $21.3 million online – a whopping 19% increase over 2016. McAfee’s research shows that Aussie consumers love securing a bargain online – who doesn’t!! But many will seek out a great deal even if it means potentially jeopardising their online safety. The research shows that 64% of consumers are willing to use an unfamiliar website if it means they can save money on their purchase. Even more concerning, a third of Aussies admitted to clicking links in suspicious emails for better deals!! Yikes!!

The Thing Is, Cyber Criminals Love Your Holiday Shopping Too

Cyber criminals work very hard to take advantage of us during the busy Holiday season. They come up with all sorts of ingenious ways to target time-poor and budget-conscious consumers online. They know very well that many of us will cut corners with our online security. Particularly if we think we can save money on presents, outfits or even a holiday.

And they scheme accordingly: charity phishing emails, fake online stores, bogus delivery emails, e-voucher scams and more. Cyber criminals have tried and tested strategies to either steal our personal information or our identity.

How You Can Stay Safe While Shopping Online This Holiday Season

So, don’t feel like you need to battle the crowds at Westfield this festive season. You can still shop online safely if you follow a few simple steps:

  1. Connect with Caution

Public Wi-Fi is just so convenient, but it is a risky business. Users could unknowingly share their personal information with cyber criminals who are snooping on the network. So, if you absolutely have to use public Wi-Fi for a great online shopping deal, always use a Virtual Private Network (VPN) such as McAfee Safe Connect which creates a bank-grade encrypted connection.

  1. Think Before You Click

One of the easiest ways for a cyber criminal to target victims is using phishing emails to trick consumers into sharing their personal information. Phishing emails could be disguised as holiday savings or even a shopping notification. Instead of clicking on a link in an email, always check directly with the source to verify an offer or shipment.

  1. Always Shop with Security Protection

Shopping online without security protection is like driving without a seat belt – dangerous! Comprehensive antivirus software like McAfee Total Protection will help shield your devices against malware, phishing attacks and other threats. It also provides a firewall, an anti-spam function, parental controls and a password management tool. A complete no-brainer!

But this year, I’m going to commit to lowering my stress. That way I can really enjoy my time with my family and friends. To get ahead of the game I plan to:

  • Start my online shopping earlier so I don’t ‘cut corners’ with my online safety,
  • Create a realistic budget, and
  • Start filling my freezer with some holiday food – now

And most importantly, get that resting heart rate under control!!

Happy Holidays Everyone!

Alex xx

The post Holiday Stress Can Make You More Careless Online appeared first on McAfee Blogs.

]]>
Hackable?, the Original Podcast from McAfee, is Back for Season Three https://www.mcafee.com/blogs/consumer-threat-reports/hackable-podcast-season-three/ Tue, 06 Nov 2018 17:00:23 +0000 https://securingtomorrow.mcafee.com/?p=92467 Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation...

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age.

But we can’t fight it alone.

That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. The more we can educate and collaborate, the better we can fight cybercrime together.

That’s why I’m so excited to announce that our award-winning podcast “Hackable?” has returned for its third season. I’m proud that its resonated and been downloaded millions of times by loyal listeners.

For two seasons, host Geoff Siskind and cybersecurity expert Bruce Snell have used rich storytelling and expert advice to captivate audiences while raising cybersecurity awareness. Each episode, Geoff invites a white-hat hacker to try and crack a device he is using. These hacks are inspired by TV shows and movies, and in the second season, he put his own passwords and credit cards on the line and was even trapped in an internet-connected car wash.

In the third season, Geoff is going to strap on a hacked virtual reality headset, risk his laptop’s security, investigate if drones are vulnerable and much more.

Thankfully, Bruce is there to provide tips and help make sure that none of this happens to any of the show’s listeners.

After all, internet-connected devices are great. They offer entertainment, utility, and convenience. “Hackable?” isn’t about scaring you from using smart technologies, but about raising awareness so that you can understand where they are susceptible to a cyberattack. Often, a few simple steps are all it takes to protect you, your home, your loved ones, and your personal data.

New episodes of Hackable? will launch every two weeks. Listen on Apple Podcasts, Spotify, Castbox, Stitcher, Google Podcasts, and Radio Public. Don’t forget to rate, review, and subscribe! Check out the podcast site for bonus content, illustrations, and a behind-the-scenes look at each episode.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Hackable? Is Putting Virtual Reality to the Test https://www.mcafee.com/blogs/consumer/hackable-is-putting-virtual-reality-to-the-test-2/ Tue, 06 Nov 2018 17:00:21 +0000 https://securingtomorrow.mcafee.com/?p=92450 From gaming to helping people conquer their fear of spiders and getting quarterbacks ready for Sunday, virtual reality is a...

The post Hackable? Is Putting Virtual Reality to the Test appeared first on McAfee Blogs.

]]>
From gaming to helping people conquer their fear of spiders and getting quarterbacks ready for Sunday, virtual reality is a much-hyped emerging technology. But is it hackable?  

In Ep. 18 of of Hackable?, “Virtually Vulnerable”, Geoff straps on a headset and tests his mettle against white-hat hackers manipulating his virtual experience. Can he withstand ransomware, a human joystick attack, and a disorientation attack?  

Listen now to the award-winning podcast Hackable?, you don’t want to miss this episode.

 

The post Hackable? Is Putting Virtual Reality to the Test appeared first on McAfee Blogs.

]]>
Mobile and Digital Payments: Worth the Risk? https://www.mcafee.com/blogs/mobile-security/sending-money-over-mobile-devices/ Tue, 18 Sep 2018 13:00:54 +0000 https://securingtomorrow.mcafee.com/?p=91540 Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on...

The post Mobile and Digital Payments: Worth the Risk? appeared first on McAfee Blogs.

]]>
Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on instant gratification. From accessing information on the web to doing work –and now sending and receiving digital payments– our devices and applications support us while we’re on the go. Whether we’re paying a friend for dinner, our roommate for rent, or otherwise, many of us use peer-to-peer (P2P) mobile and digital payment apps rather than cash to settle our bills.

P2P mobile and digital payment apps like Cash App, PayPal, Venmo, and Zelle have changed the way we transfer money; today it’s faster, simpler, and easier than ever. In fact, they’re so popular that it’s estimated that in 2018, $700 billion will be transferred in this manner. With so much money being sent and received in this way, the ease of transfer begs the question, how secure are these apps?

While some have turned to using cryptocurrency and blockchain to curtail the known dangers of traditional mobile payment apps, recent cryptojacking incidents have proven that even this new technology is not foolproof when it comes to cybersecurity and the determination of cybercriminals. And while the convenience of digital payments can’t be denied, we seem to be prioritizing ease of use over security. Let’s take a look at how digital payments work, as well as their security implications.

How Digital Payments Work

P2P apps like Venmo, Cash App, and others essentially all work in the same way.  Functioning as a digital wallet, users link the app to their bank accounts or credit and debit cards. Then the app adds or subtracts money based on when users receive or send a payment. From there, users can “cash out” their balance to their preferred digital property, such as the account attached to a card or bank account.

P2P Money Transfer Apps and Cybersecurity Concerns

On the surface, digital money transfers may seem harmless, when in fact, they could lead to a headache of unforeseen cybersecurity concerns. The good news is that most money transfer apps will reimburse you for fraudulent charges. However, if someone has physical access to your phone and you don’t keep it locked, they can send money to themselves or others and you won’t get that money back.

Aside from the obvious concern of losing your phone, if you use an unsecured network to transfer money, it’s easier for someone to launch a phishing attack to gain access to your data. That’s because some payment apps will send request links from other users to download the app on their device. These links can be manipulated by cybercriminals and often contain just a letter or number off so that these changes go unnoticed by day-to-day users. When clicked on, a user can be redirected to a web page and presented with malware or a virus and might be prompted to download it– giving an unfriendly host access to your financial information. Thankfully, leveraging your data plan or a VPN rather than an unsecured or pubic Wi-Fi network can help create an extra layer of protection, making it more difficult for cybercriminals to access your sensitive data.

Lastly, there are often unforeseen holes in software that provide backdoor access to your financial information. Meticulously updating the software on your mobile device can help patch up known security issues, also making it easier to protect your data.

Tips to Stay Safe While Using Peer-to-Peer Money Transfer Apps

If you already use a peer-to-peer money transfer app or are on the fence about downloading one, here are some tips to take into account. By practicing multiple security habits simultaneously, your financial information is much more likely to remain safe on your devices and apps:

  • Set up additional security measures. P2P payment platforms require access to sensitive financial information. Check your account settings to see if you can enable multi-factor authentication, PIN/Password requirement, or use fingerprint recognition.
  • Check your preferred app’s permission or settings. Some might share information about your transactions on social media or on the platform itself, like Venmo. Make adjustments to these settings if and when you see fit.
  • Update your software and apps. It’s a best practice to update software and apps when prompted to help seal vulnerabilities when they’re found.
  • Be aware of where you are conducting your money transfers. Opt to use your data plan or a secure, private Wi-Fi network when using a P2P payment app. If you connected to public Wi-Fi, cybercriminals could use the holes in these networks to access your personal banking information and possibly access your P2P app account. If you must use public Wi-Fi, then it’s a good idea to use a Virtual Private Network (VPN).
  • Confirm the deposit went through. When you receive a payment, that money is added to your in-system balance. This is where it will remain until you initiate the transfer to your bank account or use it for another transaction within the app. If you transfer the balance to your bank, confirm it went through. This could take anywhere from a few days to a week. If it takes longer, it’s worth investigating to stop suspicious behavior in its tracks.
  • Be wary of scammers and cybercriminals. If you don’t know the person to which you are sending a digital transfer (say to purchase tickets to an event), look for poor spelling or grammar from them and read links carefully. If something doesn’t look right, that’s often a tell-tale sign that you’re being led astray. Try to find an alternative way to pay, or better yet – find someone who is more trustworthy.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Mobile and Digital Payments: Worth the Risk? appeared first on McAfee Blogs.

]]>
Share Kids Images Safely https://www.mcafee.com/blogs/family-safety/sharing-and-caring/ Mon, 27 Aug 2018 03:07:23 +0000 https://securingtomorrow.mcafee.com/?p=91256 Kids images online. I’m not a big sharer online but I do love popping up a few pics of an...

The post Share Kids Images Safely appeared first on McAfee Blogs.

]]>
Kids images online. I’m not a big sharer online but I do love popping up a few pics of an important family milestone on Facebook. You know the ones: a child starting a new school, an amazing family holiday or a hilarious birthday pic. Sharing family snaps online is a great way to keep your friends and family up-to-date with what’s going on in your world. But I’m the first to admit that this can be a risky business!!

The Lure of Likes

It appears that the validation (and dopamine hit) we receive from posting online clouds our rational brain. New research by McAfee has shown that Aussie parents are continuing to regularly post pics of their kids online and choosing to ignore their own concerns. In fact:

  • 30% of parents post a pic a week of their children online, and
  • 40% of parents happily include an image of their kids in school uniform in their regular posts.

And this is despite 50% of parents being concerned by the risks associated with posting online including pedophilia, stalking, kidnapping and cyberbullying.

What Are The Risks We Should Consider When Posting Pictures of Our Kids Online?

The research shows that Aussie parents seem to understand the ‘physical’ or security risks associated with posting pics of our kids online but don’t always factor in the ‘emotional’ or psychological ones. Out of the 1000 parents who were surveyed, as stated above some 50% nominated the physical risks as being their prime concern.

However, far fewer of us were concerned about the emotional risks of posting our kids images in pics and videos online.

  • Only 28% of parents were concerned that posting an image of their child could lead to worry or anxiety.
  • Just under 30% considered that their child could be embarrassed by images they share but decided to post them anyway!

But we need to take this a whole lot more seriously as it appears what we post may well be causing our kids anxiety. A survey from British research agency ComRes shows that more than 1 in 4 kids between 10 and 12 feel embarrassed, anxious or worried when their parents post pictures of them online. Interestingly, it appears more mums consider the embarrassment factor than dads. 35% of dads assume their children will get over or not care about embarrassing content, compared to just 24% of mums.

Do We Need Consent To Post Pics Of Our Kids Online?

Legally, I don’t believe we require the consent of our children before posting pics of them online but we need to tread carefully here! If you are interested in maintaining a good relationship with your kids and you post images without checking with them first, you need to rethink your approach. But many don’t! 60% of the parents we surveyed do not consult their kids before posting an image of them online. And almost 40% believe they have the right to share images of their kids online without their consent.

I believe trust and respect are fundamental ingredients in successful family relationships. The research clearly shows that many children feel anxious when their parent post pics of them online. Asking your child for consent before you post demonstrates to them that you respect their opinion and take their feelings seriously.

When Should I Start Asking My Child For Consent-

There is always much debate around this one and clearly it depends on the maturity level of the child. Parents we surveyed suggested that when a child is 10 they should be asked for their consent before their parents post pics of them online.

I believe you should start weaving it in to conversations even earlier as it is a great way of modelling good digital citizenship. When your child is mature enough to understand what you are doing and has the relevant vocabulary, you could try something as simple as: ‘mummy would like to post this lovely picture of you with nana. Do you think it’s a good idea?’.

And posting cute nudie baby pics is not OK in any online scenario. Even if you are sharing photos to your private social media account, there is still a risk that it could end up in the wrong hands. The overwhelming majority (82%) of Aussie parents stated that they haven’t or would never share an image of their child without clothes on over social media. Which is very reassuring!

How To Share Safely

Here are my tips on how you can share your kids images safely online:

  1. Lock Down Privacy Settings

Only share photos and other social media posts with your intended audience. Services like Facebook and Instagram have features that allow posts to be shared only with confirmed connections, but everything posted on a social network should be treated as if it’s public.

  1. Set Ground Rules with Friends and Family

Be clear with friends and family about your expectations when they post images of your kids. If you are uncomfortable with anything they post, you are well within your rights to ask them to remove it. Ideally, they should ask you (or your child) before they post it.  Remember your job is to protect your child from embarrassment, anxiety or even potential cyberbullying.

  1. Don’t Forget About Your Child’s Digital Reputation

Everything that is posted about someone forms part of their digital reputation. We all want our kids to have bright futures filled with opportunity. So, always consider whether what you are considering posting could negatively impact this. And encourage your teens to regularly check the posts and images they are tagged in online too. Whether they are after a job at Coles, a prefect position at school or their dream career job, a negative digital reputation can have far-reaching consequences.

  1. Watch Out For Geo-Tagging

Many social networks will tag a user’s location when a photo is uploaded. Parents should ensure this feature is turned off to avoid having their child’s location shared. This is especially important when posting photos away from home.

  1. Ask For Consent But Be Prepared For Your Child To Say NO

Asking for an older child’s consent before you post pics is essential but be prepared for them to say NO! Remember, a good relationship is built on trust and respect!

So, don’t stress – you don’t need to close your social media accounts, but you may need to pull your activity back a little. Take a minute to check in with your tweens and teens before posting pics of them. And ensure what you post is appropriate and shared only with your intended audience. Lastly, if you’re still craving a dopamine hit with your reduced posting regime, why not listen to music, exercise or even meditate – research shows it can be just as effective!

Alex xx

 

 

The post Share Kids Images Safely appeared first on McAfee Blogs.

]]>
Are Fake Apps Taking Over Your Phone? https://www.mcafee.com/blogs/mobile-security/fake-apps-taking-over-phone/ Tue, 24 Jul 2018 13:00:48 +0000 https://securingtomorrow.mcafee.com/?p=90443 It seems some malicious app developers have taken the phrase “fake it ‘til you make it” to heart, as fake...

The post Are Fake Apps Taking Over Your Phone? appeared first on McAfee Blogs.

]]>
It seems some malicious app developers have taken the phrase “fake it ‘til you make it” to heart, as fake apps have become a rampant problem for Android and iPhone users alike. Even legitimate sources, such as Google Play and Apple’s App Store, have been infiltrated with illegitimate applications, despite their own due diligence in combating this phenomenon.

After downloading a fake app, cybercriminals leverage ransomware or malware through ads to run in the background of your device to do damage, making it difficult to notice something’s off. But while you’re minding your own business, your personal data –such as usernames, photos, passwords, and credit card information– can be compromised.

Malicious apps have become more challenging to detect, and even more difficult to delete from a device without causing further damage. The trend of fake apps shows no sign of slowing down either, as bad actors have become more brazen with the apps they work to imitate. From Nordstrom to Fortnite to WhatsApp, it seems no business or industry is off limits.

Luckily, cybercriminals have yet to figure out a sure-fire way to get their fake apps onto our devices. By paying extra attention to detail, you can learn to identify a fake app before downloading it. Here’s how:

  • Check for typos and poor grammar. Double check the app developer name, product title, and description for typos and grammatical errors. Malicious developers often spoof real developer IDs, even just by a single letter, to seem legitimate. If there are promises of discounts, or the description just feels off, those signals should be taken as red flags.
  • Look at the download statistics. If you’re attempting to download a popular app like WhatsApp, but it has an inexplicably low number of downloads, that’s a fairly good indicator that an app is most likely fraudulent.
  • Read what others are saying. When it comes to fake apps, user reviews are your ally. Breezing through a few can provide vital information as to whether an app is authentic or not, so don’t be afraid to crowdsource those insights when you can.

If you do find yourself having accidentally downloaded a fake app, there are steps you can take to rid your phone of it. Here’s what to do:

  • Delete the app immediately or as soon as you notice anything suspicious. If you can’t find it, but you’re still having issues, the app could still be on your device. That’s because, in the interest of self-preservation, fake apps can try and protect themselves from disposal by making their icon and title disappear. If that happens, go to your installed apps page(s) and look for blank spaces, as it may be hiding there.
  • Check the permissions. After installation, check the app’s permissions. Fake apps usually give long lists of frivolous requests in an effort to get access to more data.
  • Clear the app’s cache and data. If you do find the app you want to delete, this is the first step you must take in order to get the app completely off your phone.
  • Take it into your provider. If you’re still having issues after you’ve deleted an app, consider taking your device into your provider to run a diagnostic test.
  • Factory reset. As a last resort, if you can’t find the app because it has “disappeared,” or traces of the app and malware linger, the best way to ensure it is completely gone is to wipe the data, factory reset your device, and start over. This is why it is vital to have backups of your devices.

Even as this ever-growing trend of malicious developers spoofing legitimate applications to gain access to victims’ personal information continues, we can deter their advances simply by paying closer attention to detail. Remember to be vigilant about being aware of the signs to avoid fake apps at all costs.

Interested in learning more about IoT and mobile security tips and trends? Stop by ProtectWhatMatters.online, follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Are Fake Apps Taking Over Your Phone? appeared first on McAfee Blogs.

]]>
Teens, Gaming and Risk https://www.mcafee.com/blogs/family-safety/teens-gaming-and-risk/ Wed, 20 Jun 2018 14:00:11 +0000 https://securingtomorrow.mcafee.com/?p=89947 How Are Your Kids Navigating the Dangers? It’s no secret that our generation of digital natives love their gaming. Whether...

The post Teens, Gaming and Risk appeared first on McAfee Blogs.

]]>
How Are Your Kids Navigating the Dangers?

It’s no secret that our generation of digital natives love their gaming. Whether it’s on their smartphones, laptops or their dedicated gaming consoles – it’s quite mind boggling just how much gaming they can squeeze into their day-to-day lives!

Well, new research by McAfee shows exactly how much time our Aussie kids are spending working on their latest gaming quest – up to a whopping 4 hours a day! And while we would love them to be directing this time to homework, my bigger concern is around the risks.

Gaming Is Not All Bad News

When managed properly, gaming can be a terrific activity that provides some genuine benefits for players. Research shows it can help manage anxiety and depression, reduce pain and even help improve the memory and resilience of players. It can also provide terrific opportunities for social interactions by breaking down the barriers of physical social groups. Sounds idyllic, doesn’t it!!

Parents Concerned About Risks With Gaming

Despite our offspring assuring us otherwise, the majority of us parents do realise that there are some potential dangers associated with gaming. Two-thirds of us (65%) believe our kids are at risk of online grooming. 68% of us are concerned about cyberbullying and 58% worry that our children will become the victim of a cybercriminal’s scam.

What Are Parents Doing To Manage Risks of Online Gaming?

As first generation digital parents, we have a tough gig. Many of us are furiously trying to get our own heads around the constantly changing digital world without any intel from previous generations. Meanwhile, we need to be educating our kids about the challenges and pitfalls of the online world. It’s a big task!

Many parents do an amazing job but unfortunately, not all of us are taking the necessary steps to protect our kids and teach them how to navigate the challenges. According to the research:

  • almost 1 in 5 parents (18%) never monitor what their children are doing online;
  • 32% of parents do not follow the age ratings of games; and
  • 86% of parents allow their children to play online games recommended for older children.

This is despite the fact that many of us worry that our children will be exposed to violence, sex, drugs and gambling according to the research.

How Can We Protect Our Kids While Playing Video Games

It’s clearly one of the most popular hobbies for Aussie tweens and teens, so our job as parents is to ensure our kids are gaming as safely as possible. Here is my advice on the steps you should take to protect your kids:

  • Start Conversations Early

If you start talking about ways to game safely early, it will make your job that much easier when your children get older. If your kids are young, start with simple rules like: “don’t open messages from people you don’t know” and “decline friend requests from strangers.” You want online safety to be part of normal behaviour.

  • Be Careful What You Click

Most children have been using digital activities for entertainment from an early age, desensitising them to the potentials risks of online behaviour. Cybercriminals can use the popularity of video games to entice gamers to click on potentially malicious links. Think about what you are clicking on and ensure that it’s from a reliable source.

  • Control How Long They Play

Set a good example by minimising your use of devices around the home. Why not invest in parental control software to set time limits on your child’s device usage? Not only will you be reducing their exposure to potentially malicious or inappropriate websites, but they will probably get more homework done!

  • Avoid Malicious Links

If your children are searching online for gaming tips or new games to download, a tool like McAfee WebAdvisor can help them avoid dangerous websites and links, and will warn them if they do accidentally click on something malicious.

  • Be Protected

No matter what anyone in the family is doing online, invest in a security product like McAfee Total Protection that can help keep connected devices safe from malware. Just like any PC application, be sure to keep security software updated.

Responsible Gaming Could Actually Prepare Your Child for Their Career

In my opinion, parenting is all about preparing your child for their adult life. And a big part of that is ensuring they are employable. So, before you crack down too harshly on your child’s gaming habits consider this. A recent report by McAfee, entitled Winning The Game, identified that gamers have a skills set that may help fill the current and future demand for cyber security experts. Whether it’s cracking systems, avoiding counter attacks or deciphering codes, these gaming skills were nominated by almost 1000 cyber security professionals as easily transferable to a security professional role.

So, let your kids keep playing but absolutely minimise the risks. Introduce time limits, ensure a game is suitable and teach your kids how to navigate the challenges. That way, if they end up with an illustrious career in cybersecurity, you can take all the credit!!

Take care,

Alex xx

The post Teens, Gaming and Risk appeared first on McAfee Blogs.

]]>
What the Mobile-Born Mean for IoT and Cybersecurity https://www.mcafee.com/blogs/mobile-security/mobile-born-iot-cybersecurity/ Tue, 05 Jun 2018 13:00:52 +0000 https://securingtomorrow.mcafee.com/?p=89306 Since before they knew how to walk, Gen Z – or the mobile-born generation – has had a wealth of...

The post What the Mobile-Born Mean for IoT and Cybersecurity appeared first on McAfee Blogs.

]]>
Since before they knew how to walk, Gen Z – or the mobile-born generation – has had a wealth of information, quite literally, at their fingertips. Their lives are exponentially hyper-connected with social media, music, ride sharing, shopping, and more, all through their mobile devices. But Gen Z’s haste to be on the cutting edge of technology and trends can often leave them arrogant to the security implications. They prioritize personalization over privacy and willingly share personal data so they can have a more predictive and personalized experience, without the same sense of security awareness as that of previous generations. Through increased data sharing, and the modern-day usage of social media, the mobile-born could be naively exposing themselves, and loved ones, to security issues they don’t fully realize or understand.

Social Media

Apps such as Snapchat and Facebook constantly know where consumers are located through default settings, geotagging photos, and videos, “checking in” to reap promotional rewards or to just show off their latest experiences. This may not seem pressing, but in actuality, it tells people where you are at any given moment and, depending on your privacy settings, this information could get out to audiences that it wasn’t intended for. If you posted a picture while at home, you are likely taking a GPS location snapshot and potentially letting your home address get into the wrong hands. The metadata within your photo can now be used by cybercriminals to track where you live, opening up your home and devices to a slew of cybersecurity concerns. Geotagging can be fun and beneficial, but issues arise when user data is distributed unknowingly.

Furthermore, past generations have learned the hard way that once something is on the internet, it’s nearly impossible to get it back. We’ve gotten into the habit of oversharing our experiences online – whether mere photos of friends, our pets, birthday celebrations or the address of your favorite spot to hang out on the weekends, you may be giving the keys to all of your data. How does this seemingly harmless series of posts affect personal security? A combination of the information being shared on these social media sites can also be utilized to crack common passwords.

Passwords

Another common theme among Gen Z is poor password hygiene. There is more importance placed on ease and convenience rather than data security. Passwords are often the weakest entry point for hackers and, according to a recent McAfee survey, nearly a quarter of people currently use passwords that are 10 or more years old. While Post-Millennials may not have passwords that old, they still display poor password hygiene by reusing the same credentials among multiple online sites and granting login access to third-party applications through networking platforms like Facebook.

If a cybercriminal cracks one password, they now have the skeleton key to the rest of your digital life. Passwords are our data’s first defense when it comes to cybercriminals, so by differentiating passwords across several accounts or using a password manager, Gen Z-ers can make sure the proper precautions are in place and better defend against unwanted access.

Public Wi-Fi

The mobile-born generation has a totally new outlook on digital experiences and their connection to the online world. They expect to have free, authentic, and secure Internet provided to them at all times, without having to take the necessary security precautions themselves. The internet isn’t just a tool for these digital natives, but rather a way of life and with that expectation, they will connect to public Wi-Fi networks without a second thought toward who’s hosting it and if it’s secure.

If they head to the library or a coffee shop to do homework or stream a video while out to lunch, they’re likely connecting to an unsecured public Wi-Fi network. Connecting to public Wi-Fi can be an easy data/money-saving trick for those on a family shared data plan, but it may be one that puts your data at risk. Much like all individuals have a social security number, all devices have a unique Internet Protocol (IP) address being tracked by Internet Service Providers (ISPs). This allows a device to communicate with the network, but if it’s doing so insecurely, it can act as a watering hole for cybercriminals to eavesdrop, steal personal information, and potentially infect devices with malware.

Educating the Next Generation

Whether it’s ignorant use of social media, poor password protection or careless connection to the internet, the iGeneration does not show the same level of security knowledge or experience as previous generations. Maybe they just don’t know about the various threats out there, or they don’t have the proper education to be using their devices and the internet safely, but it’s our duty to educate our kids about the implications of cybercriminals, privacy breaches, and data exploits to ensure proper cyber hygiene for years to come.

Consider these tips when setting ground rules for keeping you and your family safe:

  • Parental Controls. While these may be a nuisance sometimes, they are also a necessity in keeping you and your children safe from malicious sites. Consider using McAfee Secure Home Platform to ensure your family’s security while in the home.
  • Turn off geolocation. In ‘Settings’ on your device, you can select which apps are allowed to use your location. Make sure only the ones you know you can trust are selected.
  • Restrict access to your information. If you go into your browser, you can adjust your privacy settings to delete information from your browsing history (i.e. cookies, history, saved passwords, or banking information).
  • Install a Virtual Private Network (VPN). A personal VPN extends a private network across a public Wi-Fi network to help secure and encrypt your data and keep your connections safe. Software like McAfee Safe Connect can help protect your data at home and on the go.
  • Talk with your children. Understanding that their personal information is invaluable is the first step towards creating and maintaining safe online habits.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post What the Mobile-Born Mean for IoT and Cybersecurity appeared first on McAfee Blogs.

]]>
Trivia Time: Test Your Family’s Password Safety Knowledge https://www.mcafee.com/blogs/family-safety/trivia-time-test-your-familys-password-safety-knowledge/ Sat, 05 May 2018 14:00:54 +0000 https://securingtomorrow.mcafee.com/?p=88660 Passwords have become critical tools for every citizen of the digital world. Passwords stand between your family’s gold mine of...

The post Trivia Time: Test Your Family’s Password Safety Knowledge appeared first on McAfee Blogs.

]]>
Strong PasswordPasswords have become critical tools for every citizen of the digital world. Passwords stand between your family’s gold mine of personal data and the entirety of the internet. While most of us have a love-hate relationship with passwords, it’s beneficial to remember they do serve a powerful purpose when created and treated with intention.

But asking your kids to up their password game is like asking them to recite the state capitals — booooring! So, during this first week of May as we celebrate World Password Day, add a dash of fun to the mix. Encourage your family to test their knowledge with some Cybersavvy Trivia.

Want to find out what kind of password would take two centuries to crack? Or, discover the #1 trick thieves use to crack your password? Then take the quiz and see which family member genuinely knows how to create an awesome password.

We’ve come a long way in our understanding of what makes a strong password and the many ways nefarious strangers crack our most brilliant ones. We know that unique passwords are the hardest to crack, but we also know that human nature means we lean toward creating passwords that are also easy to remember. So striking a balance between strong and memorable may be the most prudent challenge to issue to your family this year.

Several foundational principles remain when it comes to creating strong passwords. Share them with your family and friends and take some of the worries out of password strength once and for all.

5 Password Power Principles

  1. Unique = power. A strong password includes numbers, lowercase and uppercase letters, and symbols. The more complicated your password is, the more difficult it will be to crack. Another option is a password that is a Strong Passwordpassphrase only you could know. For instance, look across the room and what do you see? I can see my dog. Only I know her personality; her likes and dislikes. So, a possible password for me might be #BaconDoodle$. You can even throw in a misspelling of your password to increase its strength such as Passwurd4Life. Just be sure to remember your intentional typos if you choose this option.
  2. Diverse = power. Mixing up your passwords for different websites, apps, and accounts can be a hassle to remember but it’s necessary for online security. Try to use different passwords for online accounts so that if one account is compromised, several accounts aren’t put in jeopardy.
  3. Password manager = power. Working in conjunction with our #2 tip, forget about remembering every password for every account. Let a password manager do the hard work for you. A password manager is a tech tool for generating and storing passwords, so you don’t have to. It will also auto-log you onto frequently visited sites.
  4. Private = power. The strongest password is the one that’s kept private. Kids especially like to share passwords as a sign of loyalty between friends. They also share passwords to allow friends to take over their Snapchat streaks if they can’t log on each day. This is an unwise practice that can easily backfire. The most Strong Passwordpowerful password is the one that is kept private.
  5. 2-step verification = power. Use multi-factor (two-step) authentication whenever possible. Multiple login steps can make a huge difference in securing important online accounts. Sometimes the steps can be a password plus a text confirmation or a PIN plus a fingerprint. These steps help keep the bad guys out even if they happen to gain access to your password.

It’s a lot to manage, this digital life but once you’ve got the safety basics down, you can enjoy all the benefits of online life without the worry of your information getting into the wrong hands. So have a fun and stay informed knowing you’ve equipped your family to live their safest online life!

toni page birdsong

 

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Trivia Time: Test Your Family’s Password Safety Knowledge appeared first on McAfee Blogs.

]]>
Security Calling: Celebrate National Telephone Day by Securing Your Mobile Devices https://www.mcafee.com/blogs/mobile-security/national-telephone-day-2018/ Tue, 24 Apr 2018 13:00:03 +0000 https://securingtomorrow.mcafee.com/?p=88573 April 25 – otherwise known as National Telephone Day – rolls around once a year to remind us of the...

The post Security Calling: Celebrate National Telephone Day by Securing Your Mobile Devices appeared first on McAfee Blogs.

]]>
April 25 – otherwise known as National Telephone Day – rolls around once a year to remind us of the sheer technologic prowess and influence of the phone. What first started as an industrial revolution invention from Alexander Graham Bell, the phone has undergone quite a remarkable evolution over its nearly 150 years of existence. When people say the word ‘phone’ today, the device they’re talking about is widely different. The phone of the past has become the gateway into our digital identities and now holds the keys to all the connected things in our homes. As dependency on our mobile devices continues to grow, potential cyberthreats and need for mobile security does as well.

Consumers have been quick to adopt mobile phones, more so than at any point in the telephone’s storied history. It’s estimated that 95% of Americans own a cell phone today. This goes to show that the phone has not only become an instrumental device in today’s society, but it also speaks to how it has evolved beyond its initial capabilities to serve as a device that contains our digital persona. A phone is no longer a convenient piece of equipment but a fundamental element of many people’s lifestyles, so much so that many can’t even unplug while on vacation—only 27% say they’re unwilling to leave their smartphones at home when on vacation. As today’s world becomes more digital and interconnected, our mobile phones are at the heart of this transformation.

Of course, with any device that contains this much power and influence, the mobile phone has also become the target of cybercriminals and hackers, making mobile security a cause for much concern. McAfee Labs detected over 16 million mobile malware infestations in the third quarter of 2017, and new threats continue to emerge around the world, most of which target a consumer’s money. However, according to a recent CES Survey, 52% of respondents are either unsure of or have no idea how to check to see if their mobile devices and apps are secure against these kinds of threats—which is worrisome considering these latest mobile trends:

  • More targeted attacks – Following the money, a global spike in banking Trojans has occurred, targeting large multinationals and small regional banks.
  • Virtual bank robberies – With the growing interest in cryptocurrencies, cybercriminals are attempting virtual bank robberies by distributing fake mobile wallets and targeting the cryptocurrency industry.
  • States using malware – North Korean dissidents and journalists using the popular South Korean chat app KakaoTalk were recently targeted in a State-instigated malware attack, with the aim of implanting spyware on the victim’s device.
  • Persistent threats – The increasing proliferation of Internet of Things (IoT) devices are significantly heightening the threat landscape, increasing the number of possible points of attack.

In order to feel safe and secure when you shout “Call me, maybe!”, take some time out of whatever festivities you may have planned for National Telephone Day to consider these tips on how to keep your mobile phones and devices secure:

  • Update regularly – Regularly updating your devices helps ensure they are armed with critical patches that protect against bugs or flaws in their operating systems that cybercriminals can leverage. Though it’s very tempting to skip out on these updates, taking a few minutes to download them means you aren’t recklessly leaving your devices open for hackers. This also applies to apps on your phone as well.
  • Use a complex password – A complex password is a secure password, so there’s no excuse to skate by with your own birthdate or a “1234” code for your mobile devices anymore. It’s good practice to have distinct passwords for every device, even though it’s a bit more burdensome on you. Still, choosing a safe and secure password is always the priority. Be sure to throw in a mix of numbers and symbols to avoid making it easy for potential hackers.
  • Turn off geolocation – When it comes to geolocation or sharing your location with apps and other services on your phone, approach with caution. It’s a good rule of thumb to only activate geolocation permissions when it’s crucial for an app’s ability to work (i.e. Uber, Google Maps, etc.). Otherwise, hackers can start to uncover your exact whereabouts and understand your movement patterns.
  • Use security software – Finally, I can’t stress enough how important it is to use comprehensive security software to protect your mobile phones and devices from the inside out.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Security Calling: Celebrate National Telephone Day by Securing Your Mobile Devices appeared first on McAfee Blogs.

]]>
Teen Gaming, Cybersecurity Specialist Training https://www.mcafee.com/blogs/family-safety/teen-gaming-cybersecurity-specialist-training/ Wed, 04 Apr 2018 23:22:24 +0000 https://securingtomorrow.mcafee.com/?p=88199 Many of us parents have a love/hate relationship with teen gaming. While it seems to cast a spell over many...

The post Teen Gaming, Cybersecurity Specialist Training appeared first on McAfee Blogs.

]]>
Many of us parents have a love/hate relationship with teen gaming. While it seems to cast a spell over many kids and lure them into a trance, gaming does provide some quite welcome ‘time-out’ for all family members! But I can honestly say that in my household, disputes over allocated ‘Xbox’ time would be by far the most common variety. And they can drive me insane!!

Now new research from McAfee may just get me rethinking my often negative attitude to gaming. The Winning The Game report investigates the key challenges facing the IT Security industry in the ongoing fight against cyber threats. Just under 1000 cybersecurity managers across the US, UK, Germany, Singapore, Australia and Japan took part in the research which found that gamers may play a very big role in keeping cybercriminals at bay!

Click to view Winning the Game report

The Cybersecurity Skills Shortage

Worldwide the cybersecurity industry currently has a zero-percent unemployment rate. Many experts predict that this will remain the case until at least 2021. While this is great if you are job hunting, it isn’t great news for Government departments, corporations and businesses. The increasing number of cyberattacks means these organisations are struggling to find cybersecurity professionals to help deal with these threats. Which is ultimately putting a lot of us at risk.

In addition to the skills shortage, many IT professionals believe cybersecurity defences are under unprecedented levels of attack. With malware, ransomware, sophisticated advanced threats and modes of attack, many professionals see the cyberthreat landscape as more complex than ever. Nearly half of the cybersecurity professionals who participated  in the survey expressed concern that they will find it difficult or impossible to keep up with the increase and/or complexity of threats over the next year.

So, amid these constantly evolving cyberthreats the pressure is on to find a solution to the skills crisis.

Gamers Could Be the Answer

Well apparently the long list of skills gamers acquire while learning their craft are precisely those required by cybersecurity professionals. Whether it’s cracking systems, avoiding counter attacks or deciphering codes, these talents are very easily transferrable to a security professional role.

Many of us parents might struggle to believe that the hours our teens have spent playing games could in fact have set them up for a career in cybersecurity. But the skills learnt during these ‘training’ hours – including understanding how to approach adversaries, perseverance and logic – are exactly what sets gamers apart ‘from the pack’. The statistics from the report confirm that.

  • Almost all respondents to the survey (92%) believe that gamers possess skills that make them well-suited to a career in cybersecurity. Further, they provide a fresh outlook compared to traditional cybersecurity hires.
  • 72% of respondents agreed that hiring experienced video gamers into their IT departments is a good way of plugging the cybersecurity skills gap.
  • 75% of respondents said they would consider hiring gamers even if they had no prior cybersecurity experience or training.

It’s clearly time to change our perspective, parents!

Everything in Moderation, Kids!

Whether you decide to share this information with your offspring or not, this research is clearly compelling. However, don’t think for a minute that I am suggesting a 24/7 game fest. No, no, no! Time limits, input into/supervision of game purchases and respectful online gaming behaviour still apply!

And please keep an eye out for any signs of addiction. We all know how children’s mood and behaviour can change after lengthy periods in front of a screen. But if you think your child’s interest has gone beyond enthusiasm and that there may be an issue, work through this checklist for gaming addiction. If required, please seek professional help.

Where to From Here?

In my house, nothing will change. There will still be no gaming Monday to Friday, and pre-agreed time limits will still apply. And I’m just wondering how long I can keep this information away from my four boys? Because as soon as they find out, I will be accused of ruining their prospective cybersecurity careers with my strict regime! How dare I!

Take care,

Alex x

 

The post Teen Gaming, Cybersecurity Specialist Training appeared first on McAfee Blogs.

]]>
#DeleteFacebook: Do You Really Need To? https://www.mcafee.com/blogs/family-safety/deletefacebook-do-you-really-need-to/ Wed, 28 Mar 2018 05:00:01 +0000 https://securingtomorrow.mcafee.com/?p=87984 Is it time to #deleteFacebook? Facebook’s long line of dramas has many of us rethinking our dependence on Mark Zuckerberg’s...

The post #DeleteFacebook: Do You Really Need To? appeared first on McAfee Blogs.

]]>
Is it time to #deleteFacebook? Facebook’s long line of dramas has many of us rethinking our dependence on Mark Zuckerberg’s largest social media platform. While many of us were alarmed at the fake news allegations last year, the recent scandal with Cambridge Analytica has us genuinely spooked and now asking ourselves this question.

The fact that Facebook allowed British data analysis firm Cambridge Analytica to tap the Facebook profiles of more than 50 million users without their knowledge has many of us questioning both our – and our children’s – relationship with the social media platform. How compromised is our privacy? What’s really happening with our data? Is our every online move really being monitored?

The immediate reaction of many is to delete their Facebook accounts and insist their kids do the same. When news broke of the Cambridge Analytica scandal, the #deleteFacebook hashtag trended heavily on Twitter. Many high profile tech types deleted their personal and business Facebook accounts and, consequently, drove the Twittersphere into a frenzy.

To #DeleteFacebook Or Not To #DeleteFacebook?

But many of us can’t really afford to be idealists. Some of us run online businesses and rely heavily on Facebook. Others use Facebook for our jobs. Many of us (and our kids) use Facebook to run our social lives – organise events and parties, remember birthdays and stay in touch with friends and family across the world. And for nearly all of us, it is our digital scrapbook that preserves our important life events, shared moments and memories. In short, we would be lost without it.

While the black and white idealist in me absolutely agrees that we should delete Facebook, the realist in me acknowledges that life is often lived in the shades of grey. Facebook has spent more than a decade making itself a deeply entrenched part of our modern society. Saying farewell to this part of your life is a decision that I believe many of us would find almost impossible to make.

So, while deleting Facebook from your online life is the most drastic way of protecting your data, there are steps you can take to keep your account more secure and your personal information more private. Here are my top recommendations:

  1. Set up new logins for each app you are using.

    Setting up a new login and password for each app you’re using is a great way to protect yourself and your data online. Login may take fractionally longer but it will help ensure your data is not shared between different services.

  2. Review your third party apps – the ones you joined using Facebook.

    Facebook has made it just so easy for us to download apps using our Facebook settings that many of us have acquired quite the collection of apps. The problem is that Facebook provides these apps with our data including our name, location, email or even our friends list. So, review these apps, people! Not sure where to start? Go to Settings > Apps > Logged in with Facebook and remove anything that doesn’t absolutely need access to your Facebook profile. You will still have to contact the app developer to ensure they have deleted the data they already have gathered on you. Tedious but worth it!

  3. Don’t overshare on social media.

    Oversharing online gets many of us including our kids into trouble and allows cybercriminals and ‘data analysis types’ the ability to form an accurate picture of us very quickly! Being conscious of what is publicly available from your social media profiles is essential. Ensure every member of the family knows to NEVER share their telephone number, address or details of their school online. Also rethink whether you really want your relationship status made public, or the city of your birth.

  4. Cull your Friends list.

    The Cambridge Analytica scandal should provide us all with a reality check about how we manage online friends. In 2015, an app entitled ‘this is your digital life’ was developed by Cambridge Professor Dr Aleksandr Kogan and then downloaded by 270,000 users. Those who opted in allowed the app access to their information – including their friends – which then gave Kogan access to the data of over 50 million Facebook users. Facebook have reportedly since changed their terms of service and claim app developers can no longer access this detail, or at least, not at the same level of detail. So, go through your friend list and delete those you barely know or who were just passing acquaintances. Do you really want to share your personal or family updates with these people?

  5. Choose a different social media platform to connect to apps.

    If an app lets you choose which account you use to login, pick one which holds limited data about its users. Twitter could be a good choice as it tends to hold less personal information about you.

And while I salute those who are bold enough to #deleteFacebook and insist their kids do so, I know that it isn’t for me. I choose to stay. I’ll navigate my way around the risks and flaws, so I can enjoy the upside – belonging to my community, keeping my job and adding to my digital scrapbook.

Till next time,

Alex x

The post #DeleteFacebook: Do You Really Need To? appeared first on McAfee Blogs.

]]>
Cyberbullying – How Parents Can Minimize Impact On Kids https://www.mcafee.com/blogs/family-safety/parents-minimize-cyberbullying-impact/ Fri, 23 Mar 2018 06:00:46 +0000 https://securingtomorrow.mcafee.com/?p=87591 Cyberbullying: if you have a tween or teen and haven’t workshopped this with your kids then you need to put...

The post Cyberbullying – How Parents Can Minimize Impact On Kids appeared first on McAfee Blogs.

]]>
Cyberbullying: if you have a tween or teen and haven’t workshopped this with your kids then you need to put a time in the diary now. Cyberbullying is one of the biggest challenges our children’s generation will face and unfortunately, it isn’t going away.

The recent tragic suicide of 14 year old Aussie girl Amy ‘Dolly’ Everett as a result of online bullying needs to be a wake-up call for parents. Many kids who are bullied online feel completely ashamed and publicly humiliated and can’t see a way past the embarrassment. They don’t have the skills to handle it and don’t know where to seek help. Yes, we are first-generation digital parents BUT we need to prioritise our children’s safety and well-being online. And sort this out FAST!

How Big An Issue Is Cyberbullying?

Image of crying girl in silhouette surrounded by cyberbullying text messages.
Aussie tweens/teens aged 12-16 are the primary targets of cyberbullying. 63% of the victims are girls.

In its 2016-17 annual report, the Office of the e-Safety Commissioner reveals an increase of 60% in the reported cases of cyberbullying compared with the previous year. The report also shows that:

  • Aussie tweens/teens between the ages of 12 and 16 are the primary targets of cyberbullying
  • Girls made up 63% of the victims

And it isn’t just us parents that consider this to be a big issue – our teens are also concerned. A study of 5000 teens across eleven countries by Vodafone in 2015 showed that in fact over half the teens surveyed considered cyberbullying to be worse than face-to-face bullying, and that 43% believe it is a bigger problem for young people than drug abuse!

So, clearly we have a problem on our hands – and one that isn’t getting better over time.

Why Is Cyberbullying Occurring More Frequently?

Many parenting experts believe a lack of empathy to be a major factor in cyberbullying. In her book, Unselfie, US Parenting Expert Dr Michele Borba explains that we are in the midst of an ‘empathy crisis’ which is contributing to bullying behaviour. She believes teens today are far less empathetic than they were 30 years ago.

Giving children access to devices and social media before they have the emotional smarts to navigate the online world is another factor. You would be hard-pressed to find a child in Year 5 or 6 at a primary school in any Australian capital city who doesn’t have access to or own a smartphone. And once that phone has been given to your child, it’s impossible to supervise their every move. Within minutes they can join social media platforms (some creativity required on the age), enter chat rooms, and view highly disturbing images.

The younger the child, the less likely he or she is to have the emotional intelligence to either navigate tricky situations or make smart decisions online. Perhaps we should all take a lesson from Microsoft co-founder Bill Gates who made his kids wait till they were 14 until being given a phone?

How To Minimise The Risk Of Your Child Being Cyberbullied

There are no guarantees in life, but there are certain steps we can take to reduce the chance of our children being impacted by cyberbullying. Here are my top 5 suggestions:

  1. Communicate.
    Establishing a culture where honest, two-way communication is part of the family dynamic is one of the absolute best things you can do. Let your children know they can confide in you, that nothing is off-limits and that you won’t overreact. Then they will be more likely to open up to you about a problem before it becomes insurmountable.
  2. Understand Their World.
    With a deep understanding of your child’s world (their friends, their favourite activities, the movies they see) you’re better equipped to notice when things aren’t swimming along nicely. Establishing relationships with your child’s teachers or year group mentors is another way to keep your ear to the ground. When a child’s behaviour and activity level changes, it could be an indicator that all is not well. So some parental detective work may be required!
  3. Weave Cyber Safety Into Your Family Dialogue.
    We all talk about sun safety and road safety with our children from a young age. But we need to commit to doing the same about cyber safety. Teach your kids never to share passwords, never to give out identifying information of any kind online, never to respond to online trolls or bullies. Then they will definitely add a layer of armour to shield them from becoming a victim of cyberbullying.
  4. Limit Screen Time.
    I know it seems like an ongoing battle but limiting screen time for social media is essential. One of the easiest ways of doing this is by offering them attractive real-life options. Bike rides, beach visits and outings with friends and family are all good ways of redirecting their attention. And make sure their phone/tablet is out of easy reach at night. Yes, it is more effort but it is so worth it. Less time online = less risk!
  5. Teach Your Kids What To Do If They Are Cyberbullied.
    It is essential your kids know what to do if they are being cyberbullied. Blocking the bullying is critical, so take some time with your kids to understand the block features on the social networks they use. Collecting evidence is crucial, everything should be screen-shot – ensure your child knows how to do this. You can report the cyberbullying incident to the Office of the eSafety Commissioner who work to have offensive material removed and cyberbullying situations addressed. And why not check out the support offered by your child’s school? It’s important your kids know they have a number of trusted adults in their life they can get help from if things get tough.

So, let’s commit to doing what we can to protect our kids from cyberbullying. Your kids need to know that they can talk to you about anything that is bothering them online – even if it is tough or awkward. Dolly Everett’s final drawing, before she took her life, included the heart-rending caption ‘…speak even if your voice shakes.’ Please encourage your kids to do so.

Alex xx

The post Cyberbullying – How Parents Can Minimize Impact On Kids appeared first on McAfee Blogs.

]]>
Key Mobile Threat Takeaways from the 2018 Mobile Threat Report https://www.mcafee.com/blogs/mobile-security/key-mobile-threat-takeaways-2018-mobile-threats-report/ Wed, 28 Feb 2018 14:00:20 +0000 https://securingtomorrow.mcafee.com/?p=84808 Mobile BRATA

The term “mobile” has come to encompass a wide range of devices these days. Mobile devices have become much more...

The post Key Mobile Threat Takeaways from the 2018 Mobile Threat Report appeared first on McAfee Blogs.

]]>
Mobile BRATA

The term “mobile” has come to encompass a wide range of devices these days. Mobile devices have become much more than our Androids and iPhones. Wearable watches, tablets, even home devices all fall under the mobile umbrella of IoT and have the ability to impact our lives for better, or for worse.

This rich IoT landscape holds the key to your digital identity, your connected home and potentially, even your kid’s digital future. Gartner predicts that by the year 2020, 20.8 billion connected devices will populate the consumer home. (Current global population is 7.6 billion people.) As these devices continue to increase in presence in our daily lives, it’s important to understand not only the convenience they offer, but the threats they pose as well.

With the dawn of an even more connected era fast approaching, we at McAfee are examining the mobile threats that might be waiting on the horizon. This year’s Mobile Threat Report, takes a deep dive into some significant trends that demonstrate just how these mobile platforms are targeting what’s most sacred to us – our home. Let’s take a look into some of the most common trends in mobile malware, and a few tips on how to protect your home.

Mobile Malware in the IoT Home  

According to Gartner, 8.4 billion connected “things” were in use last year, and chances are one or more of these devices is living in your home today. While many of these devices bring convenience and ease to the home, it’s important to note that they also significantly increase the risk of attack. Many of these devices are developed with innovation in mind, and little to no focus on – security. With that being said, everyday users of mobile devices have grown phenomenally, hence the increased need for security as the frequency of mobile attacks continues to grow.

DDoS Causes SOS  

IoT attacks such as Mirai and Reaper showed the world just how vulnerable smart homes and connected devices can be to malicious code. These attacks targeted millions of IoT devices with the intent of creating a botnet army from trusted connected items within the household.

The Mirai malware authors, leveraged consumer devices such as IP cameras and home routers to create a botnet army, launching distributed denial of service (DDoS) attacks against popular websites. By taking advantage of the low-levels of security on most home connected devices, this malware was able to seize control of millions of devices. All it had to do was guess the factory default password.

The “Reaper” malware strain also took advantage of limited security of many connected home devices. However, these malware authors evolved their tactics by looking for devices with known vulnerabilities to exploit and by implementing a set of hacking tools that showed greater sophistication. The IoT reaper clocked in as many as 2 million infected devices, at nearly ten times the rate as Mirai.

The evolution of the malicious code targeting mobile and IoT devices represents a growing threat to consumers who wish to embrace a culture of connected living. So how can we welcome these devices into our homes without opening the door to cyberthreats? Here are a few tips to consider:

  • Protect your devices, protect your home. As we continue to embrace a culture of smart homes and connected devices, it is also important for us to embrace internet security at a network level. With the presence of targeted attacks growing globally, we must remain vigilant in protecting our connected lives by making sure each individual device is secure, especially the home network. The MTR has dubbed 2018 as “The Year of Mobile Malware,” and very tech user should consider using a home gateway with built-in security to ensure every device in their home is protected.
  • Download apps with caution and update them regularly. Malware campaigns having been targeting users on the Google Play stores almost since its inception. In fact, McAfee recently discovered Android Grabos, one of the most significant campaigns of this year, found present within 144 apps on Google Play. Stay current on which applications are supported in your application store and update them regularly. If an app is no longer supported in the play store, delete it immediately.
  • Invest in comprehensive security. I can’t stress enough how important is to use comprehensive security software to protect your personal devices. Malware is constantly evolving with technology, so ensure your all of your devices are secured with built-in protection.

Interested in learning more about IT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Key Mobile Threat Takeaways from the 2018 Mobile Threat Report appeared first on McAfee Blogs.

]]>
Warning: Crypto-Currency Mining is Targeting Your Android https://www.mcafee.com/blogs/mobile-security/warning-crypto-currency-mining-targeting-android/ Thu, 15 Feb 2018 15:00:13 +0000 https://securingtomorrow.mcafee.com/?p=84485 Cryptocurrency, a virtual form of currency designed to work as a secure form of exchange, has gained a lot of...

The post Warning: Crypto-Currency Mining is Targeting Your Android appeared first on McAfee Blogs.

]]>
Cryptocurrency, a virtual form of currency designed to work as a secure form of exchange, has gained a lot of traction in the world of finance and technology. But for many, the concept of obtaining cryptocurrency, or “crypto-mining,” is obscure. Investopedia defines crypto-mining as, “the process by which transactions are verified and added to the public ledger, known as the blockchain, and also the means through which new currencies such as Bitcoin and Ethereum are released.”

The practice has been around since 2009, and anyone with access to the Internet, the required programs and hardware can participate in mining. In fact, by the end of this month, Forbes Magazine will have published its first “Top Richest” list dedicated to Crypto Millionaires.

With the rise in popularity of digital currency, it’s no surprise that cybercriminals across the globe are leveraging malicious code to obtain it. Hackers would rather develop or utilize mining malware instead of paying the expensive price tag associated with mining machines, which can be upwards of $5000. In China, the ADB Miner malware is spreading and targeting thousands of Android devices for the primary purpose of mining cryptocurrency. The malware is spread through the publicly accessible Android Debug Bridge (abd) on an opened port 5555. This port is typically closed but can be opened by an ADB debug tool. Once infected, a device will look for other devices with the same vulnerability to spread the malware and leverage other Android-based smartphones, tablets, and televisions for crypto-mining.

So why are cybercriminals now targeting Android mobile devices? This could be due to the fact that hackers know they can easily manipulate vulnerabilities in Google Play’s app vetting system. Last year McAfee Mobile Threat Research identified more than 4,000 apps that were removed from Google Play without notification to users. Currently, the app store does not have consistent or centralized reporting available for app purchasers. Even if an app is supported by Google Play at the time of download, it could later be identified as malicious and Android users may be unaware of the fact that they’re harboring a bad app.

Researchers have found over 600 blacklisted malicious cryptocurrency apps across 20 app stores including Apple and Google Play. Google Play was found to have the highest amount of malicious crypto apps, with 272 available for download. In the United States, researchers have found another crypto-mining malware that is so demanding of phone processors, its causing them to implode. Loapi, a newly-discovered Trojan crypto-miner, can cause phone batteries to swell up and burst open the device’s back cover, and has been found in up to 20 mobile apps.

Crypto-mining malware isn’t a new phenomenon. Before the WannaCry attacks last summer, cryptocurrency malware sprung up as another malicious software looking to take advantage of the same Windows vulnerabilities that WannaCry exploited. But, instead of locking down systems with ransomware, these cybercriminals were putting them to work, using a cryptocurrency mining malware called Adylkuzz.

Here are a few tips to ensure your Android-devices are protected from crypto-mining malware:

  • Download your apps from a legitimate source. While some malicious apps may slip through the cracks, app stores like Google Play do have security measures in place to protect users, and it’s much safer than downloading from an unknown source.
  • Delete any apps that you haven’t used over the past 6-months. An app’s security can change over time; applications that were once supported by an app store can be flagged as malicious and removed from the platform without notification. If an app is no longer supported in the app store, you should delete it immediately.
  • Keep all of your software up to date. Many of the more harmful malware attacks we’ve seen, like the Equifax data breach, take advantage of software vulnerabilities in common applications, such as operating systems and browsers. Having the latest software and application versions ensures that any known bugs or exploits are patched, and is one of the best defenses against viruses and malware.
  • Double up on your mobile security software. I can’t stress enough how important is to use comprehensive security software to protect your personal devices.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post Warning: Crypto-Currency Mining is Targeting Your Android appeared first on McAfee Blogs.

]]>
Your Kids Are My Problem, Here’s Why https://www.mcafee.com/blogs/family-safety/kids-problem-heres/ Thu, 01 Feb 2018 15:00:16 +0000 https://securingtomorrow.mcafee.com/?p=84042 This post was written by Jessica Brookes Snow falls outside the large steamy windows at a popular coffee shop in...

The post Your Kids Are My Problem, Here’s Why appeared first on McAfee Blogs.

]]>
This post was written by Jessica Brookes

Snow falls outside the large steamy windows at a popular coffee shop in the suburbs of London. It’s crowded with dogs, children, people on laptops, people on mobiles and people on another planet. At a corner table, two friends are talking about how much (or how little) they know about keeping their children safe “on devices”.  One remarks they rely on the parental settings in web browsers whilst the other confesses not to know if their mobile phone has parental controls. “Must do better”, “must look into that” is the closing sentiment but not before both do some personal admin whilst chatting; online banking for one and eBay listings for the other. The coffee shop is not unusual and neither are these parents.

According to the latest impact report from Internet Matters, the pace of change from 2013 to 2016 shows that parents’ concern increased in almost every area of online issues children face. Yet Parenting Digital Natives, also from Internet Matters, shows that only 49% of the parents surveyed had spoken to their 6-10 year olds about online safety in the last month, yet 78% of 10-12 year olds have social media accounts and online has overtaken TV with 5-15 year olds spending an average of 15 hours a week online. But what does all this research mean?

It means the children that surround us are spending more time online, potentially without adult insight into what they are doing, seeing and sharing. In contrast to television, knowing what is happening on a tablet, phone or laptop requires being involved. It also requires being educated about the risks as well as benefits of social Apps, games and websites children are frequenting. In order to facilitate information sharing and constructive discussions about how to stay safe it’s imperative, as adults, we know what we are talking about. We may not know more than our children, students, neighbours, grandchildren, nieces, nephews etc but we have an obligation to know as much as they do. If they are using the Apps we should be too; especially parents, carers and teachers. And if we can’t keep up to date on the latest, then we can ask the right questions: what are you sharing? Can you chat on it? Can you make friends on it? Can you play games on it? One area often overlooked in social media are the T&Cs. As an example, children usually think they are protected because parents are saying it’s ok. Snapchat is a favourite because the photos disappear after 24 hours, however, the terms and conditions mean that they can and are sold as stock images.

Why all the questions? The question and answer portion of my day is normally at the bequest of my eight-year-old twins, not the other way around. But I know that will change soon. And when it does I want to ensure the lines of communication are open and I know enough about what they are doing to give them practical (even if not always welcome) advice on how to stay safe online. Why then, should other adults in their life or in my community for that matter to also have enough awareness to hold an intelligent conversation with a 10-year-old about online safety? Social apps an online activity are replacing the block party/neighbourhood get together culture I grew up with. I firmly believe that as adults we all have a social responsibility for educating and keeping children safe or society will degrade to the point where the monkeys are running the zoo.

I am back in the steamy café with espresso machines hissing, groups laughing and babies gurgling. The friends conducting financial transactions over an unsecured wi-fi connection gather their things to leave. One dog barks, then another and then another. Within seconds it’s turned from a coffee shop into a rowdy kennel and all it takes is one tall human to quiet a pooch and in an equal amount of time order is restored. If each of us take the view that the small humans of today will be running the world of tomorrow it’s our responsibility to participate in what that world looks like.

Follow me on Twitter @JBroLdn
 

The post Your Kids Are My Problem, Here’s Why appeared first on McAfee Blogs.

]]>
The Future of IoT: What to Expect From Our Devices This Year https://www.mcafee.com/blogs/mobile-security/the-future-of-iot-what-to-expect-from-our-devices-this-year/ Tue, 30 Jan 2018 14:00:15 +0000 https://securingtomorrow.mcafee.com/?p=83457 The beginning of the new year is always an exciting time for consumer technology enthusiasts. Business leaders, pioneers and forward-thinking...

The post The Future of IoT: What to Expect From Our Devices This Year appeared first on McAfee Blogs.

]]>
The beginning of the new year is always an exciting time for consumer technology enthusiasts. Business leaders, pioneers and forward-thinking companies gather in Las Vegas to showcase their latest devices at The International Consumer Electronics Show (CES), where next-generation innovations take center-stage and the world gets a glimpse into the future of IoT. I had the pleasure of attending CES with my colleagues this year and was blown away by the breadth of technology showcased. While the innovations stretched across many industries, I’d like to focus on the reoccurring themes in home and personal technology and how we can secure ourselves through the gadget-filled year ahead:

Smart Homes Will Become “Smarter” 

My favorite devices are the ones designed to enhance the smart home. Companies are striving to advance technology and make our lives easier in the comfort of our homes. From smart thermostats to smart assistants, there is certainly no shortage of household innovation; and companies like Google and Samsung are making strides to contribute to the smart home ecosystem. During CES, Samsung pledged to make all of its devices “smarter” by 2020, linking together all devices via its SmartThings cloud. Meanwhile, Google announced that Google Assistant will now be built in (or compatible) with a range of household products including your smart doorbell and ceiling fan.

As our homes become increasingly connected, the need to secure our internet-connected devices is critical. More IoT devices mean more points of data to attack and leverage for cybercrime. Hackers have the ability to access your personal information through connected home devices, which poses a threat to your identity. Consider using a service with built-in security to ensure every device in your home is well protected― especially the ones that often fly under the radar. Secure routers and gateways can protect all of your connected devices, even the ones without screens.

Smart Technology Will Track Your Sleep 

Technology is even changing the way we sleep, with smart sleep solutions for consumers. At CES 2018, Terraillon announced HOMNI, a device designed to help improve a user’s sleep environment. This device tracks the sleeper’s movement, sending your sleep data to a free app so that users can see how well they’ve slept. There’s nothing technology can’t solve for, including a good night’s sleep. However, when it comes to our personal data, it’s wise to be aware of how your data is being tracked or used.

As the use of connected devices in our homes and personal lives grow, so does the need for security beyond your PC or mobile phone. Many of the devices that we welcome into our daily routine aren’t equipped with proper security controls. It’s important to remember that these connected devices often run on our personal information, information such as your name, age, location –and in this case, your sleeping habits. While a sleep tracker may collect your information with the intentions of helping perfect your sleeping patterns, it has the potential to put your information in places that you might not intend. This is another example of why it’s exceedingly important to secure the connection at its source: your home.

“Ask Alexa” Will Live in Your Eyewear

Amazon Alexa has the ability to communicate with just about every connected device, so it’s no wonder that the Alexa Voice Service will have the ability to connect with your glasses soon, too. During CES, Vuzix announced that its latest pair of AR glasses, the Vuzix Blade, can communicate with Amazon Alexa. Blending augmented reality with AI assistant’s functionality, this headset acts as a fully functional computer with the ability to send email and text notifications via Bluetooth through the processing power of Android and unparalleled display.

Amazon Alexa has become a pseudo-family member in many households, offering assistance in the kitchen and even reading bedtime stories to children. To keep Cybercriminals from gaining access to your personal data , be sure you enable an extra measure of security, like setting up a PIN code for your voice command purchases.

Adding an extra layer of security to your smart devices is key to becoming an empowered consumer in today’s day and age. By taking these extra steps you’ll be able to enjoy the benefits of a secured smart home.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

 

The post The Future of IoT: What to Expect From Our Devices This Year appeared first on McAfee Blogs.

]]>
Your Back To School Tech Plan https://www.mcafee.com/blogs/family-safety/your-back-to-school-tech-plan/ Tue, 23 Jan 2018 06:01:36 +0000 https://securingtomorrow.mcafee.com/?p=83845 I am such a fan of school holidays! No music lessons, no sport, no commitments. Bliss!! The crazy school term...

The post Your Back To School Tech Plan appeared first on McAfee Blogs.

]]>
I am such a fan of school holidays! No music lessons, no sport, no commitments. Bliss!! The crazy school term routine is no more and people can just ‘be’. Marvellous!! But all good things must come to an end. So, unless you want the police knocking on your door, the kids must go back to school. Ughh! So much to do. Where to start?

So, there’s shoes, uniforms, enrolments in music, drama and sport, haircuts, stationery and then of course, all things technology! Ah yes, the ‘t’ word. When you’re juggling work, running a house and a tribe of kids, managing your kids and their tech lives can be overwhelming. But as parents, it is essential that we take the time to make sure we have all things technology covered for our kids.

What Are The Main Risks Kids Face Online?

The internet, our connected devices and online activity are such a huge (and permanent) feature of our modern lives. As parents, we owe it to our kids to make sure we can prevent some of the dangers associated with a connected life. Whether it’s phishing scams, online predators, oversharing, downloading malware, falling for an online scam or worst case, becoming the victim of cyberbullying, teaching our kids how to navigate some of the perils of the online world is essential.

How Can I Help My Kids Navigate Online Dangers?

Without a doubt, the absolute best way of protecting our kids is taking the time to better understand how the online world really works. And I understand that means time – something many of just don’t have. But if you could scan the tech news of your favourite online news site every day and then allocate 20 minutes each week to research a new app or social media platform, you’d be surprised how quickly you could get yourself into good cyber parenting shape.

The Back To School To-Do List

But let’s keep it simple. It’s already January and there isn’t a lot of time left to get organised. So, here’s what I think you should focus on tech-wise to make sure you can cross technology off your ‘back to school’ to-do list.

1. Install Security Software On ALL Devices.

Many people invest in security software for their laptops, which is great. However, all devices need to be protected. Anything you can download on a laptop, you can download on a tablet or phone.

Many security software packages will include coverage for a ‘fleet’ of devices. McAfee® Total Protection software provides premium antivirus, identity and privacy protection for all your PCs, Macs, smartphones and tablets – in one subscription. Easy!

2. Know How To Connect Safely On Public Wi-Fi Networks.

Wi-Fi can be an extraordinarily risky affair with hackers spending a lot of time developing ways to extract users’ personal information. If your kids absolutely must connect, ensure it is a secured Wi-Fi which means it requires a password. However, this is still not 100% safe so no banking, financial or shopping transaction should be conducted on Wi-Fi.

Why not consider investing in a Virtual Private Network (VPN)? A VPN provides a secure encrypted connection which means that anything you send or receive is safe. Check out McAfee’s VPN, McAfee® Safe Connect – it provides bank-grade Wi-Fi encryption, which means you can relax!

3. Schedule Regular Data Backups.

‘Losing’ a document is so frustrating! Avoid those late-night homework traumas and ensure your kids regularly scheduled data backups for their main devices. You could choose to back-up to a hard drive, but I think an online backup service is probably easier to use. Whether it’s Google Drive, Dropbox or OneDrive – find an online provider and set this up BEFORE school projects get underway!

4. Ensure All Device Software Is Up-To-Date.

Software updates (and reminders) can be super annoying and interrupt the flow of a busy day. But keeping your software up-to-date is actually one of the best ways of protecting yourself from the latest online threats.

Why not select auto-updates for software on all your devices – including your smartphones? If your software doesn’t offer auto-updates, schedule a monthly reminder in your calendar to check for and install available updates.

5. Understand Your Child’s School BYOD Policy.

Make sure you understand the Bring Your Own Devices (BYOD) policy of your child’s school. Some schools require parents to be responsible (and pay) for repairs, insurance and online security associated with your child’s laptop or tablet; others will provide this for an annual fee. Please take the time to understand this before the school year starts and an issue occurs.

I know it may seem like a bit of work but taking these precautionary steps now means your kids are as protected as can be when enjoying their online lives and of course doing their homework this year! And make sure you also take the same steps to protect the adults (and their devices) in your house as well! They are just as important.

Here’s to a great school year!!

Take care,

Alex xx

 

The post Your Back To School Tech Plan appeared first on McAfee Blogs.

]]>
How to Make Sure That Shiny New Device Does Not Get Hacked this Holiday https://www.mcafee.com/blogs/family-safety/how-hackable-are-your-gifts-you-might-be-surprised/ Tue, 12 Dec 2017 14:00:54 +0000 https://securingtomorrow.mcafee.com/?p=83004 Across the country, there’s an awkward pause on Christmas morning no one wants to talk about. It’s that moment when someone...

The post How to Make Sure That Shiny New Device Does Not Get Hacked this Holiday appeared first on McAfee Blogs.

]]>

Across the country, there’s an awkward pause on Christmas morning no one wants to talk about. It’s that moment when someone opens a gift doesn’t contain some form of shiny, new technology.  Not ready to admit that yet? Okay, Dads, would you prefer a bottle of aftershave or a drone? Moms, would you rather have a pair of slippers that look like hairy bear claws or a fitness tracker? Would Johnny Jr. enjoy a new backpack or a new smartphone? Exactly.

Going gaga over shiny new gadgets is nothing to be ashamed of. Ideally, you should enjoy every moment and megabyte — minus the worry of being hacked. In this third year of McAfee’s Most Hackable Holiday Gifts survey, based on consumer behavior, there are some specific ways to secure your new gifts.

Are You a Ted or a Ned?

This year we’re introducing Ted and Ned, two little elves who have very different ideas of how to protect their digital devices. Going through this fun, short animated clip with your family is a great way to explain digital security to your kids and get them thinking about personal online safety. So, before firing up those new gadgets, take a few minutes to dive into the misadventures of Ted and Ned. Ask your child if he or she will be more like Ted (careful) or a Ned (careless) with their new toys.

Survey: Security Still Not a Priority

Taking the top spot for most-hackable items are our beloved laptops, smartphones, and tablets. Also, drones, digital assistants, connected toys, and digital appliances took top spots. Much like last year, the  2017 survey revealed that while consumers realize the importance of protecting their online identity and internet-connected devices, they still are unsure if they are taking the right security measures or aren’t too concerned with making device security a priority. Of the 1,206 adults surveyed this year, 20% of consumers are not worried about internet security and would still buy a must-have connected device if they knew it was susceptible to security breaches. For 40% of those surveyed, security is not a top priority when purchasing but is considered after purchase.

And concerns about digital toys? Most consumers agree that security is a necessity for laptops, tablets, and smartphones (69%). But, only 22 percent believe connected toys require protection. Also, 29 percent think drones should be protected, and 56 percent believe that digital assistants need to be secured.

The Risks Are Real

Having a toy or a washing machine hacked sounds farfetched but hackers view our digital devices as unlocked doors into homes. They target built-in microphones, cameras, and location-based services to access your family’s personal information in order to conduct financial and physical crimes. With any phone or tablet, thieves can woo you into clicking or downloading malicious links and apps. With drones, consumers need to be aware of risks associated with drone jacking and fake Wi-Fi signals from rogue drones.

In short, as consumers, we still have a security gap to close. Let’s get started! Here are a few tips to give your family clarity on digital security.

  • Keep it simple: Securing a new gift often takes five minutes much like registering for a product warranty. So make going into a product’s privacy settings a holiday routine and teach your kids to do the same. Keep the process simple device security is more likely to become a habit in your family.
  • Research before you purchase: Not all manufacturers take security seriously, especially when it comes to connected toys, so it’s important to research if there have been any reported security vulnerabilities before purchasing toys.
  • Think before you click: One of the easiest ways for cybercriminals to compromise your device is using a malicious link. Don’t trust a link or other solicitation that you are not expecting.
  • Update, update, update: Whether it’s your PC, smartphone, digital assistant or even your drone, keep the software up to date. Manufacturers plug security holes with device updates, so it’s crucial to install the latest versions as soon as possible. When applicable, use up-to-date security software.
  • Beware of shady public Wi-Fi hotspots: Cybercriminals often deploy fake Wi-Fi hotspots that appear to be legitimate but give them visibility into your browsing habits. If you have to use public Wi-Fi refrain from online shopping or banking. Take extra precautions when linking your life to the world-wide web. If you need to shop or bank on public Wi-Fi, use a Virtual Private Network (VPN).
  • Lock down your home network: Secure all of your connected devices and your home internet at its source — the network. Avoid routers that come with your ISP (Internet Security Provider) since they are often less secure. And, be sure to change the default password and secure your primary network and guest network with strong passwords.

 

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post How to Make Sure That Shiny New Device Does Not Get Hacked this Holiday appeared first on McAfee Blogs.

]]>
Warning: Lokibot Is Looking to Access Your Android https://www.mcafee.com/blogs/mobile-security/lokibot-android-malware/ Tue, 14 Nov 2017 14:00:27 +0000 https://securingtomorrow.mcafee.com/?p=81566 This time of year is always busy for me. Between pre-holiday online shopping, and the push to connect with friends...

The post Warning: Lokibot Is Looking to Access Your Android appeared first on McAfee Blogs.

]]>
This time of year is always busy for me. Between pre-holiday online shopping, and the push to connect with friends before the season gets underway, it’s especially a busy time of year for my online activity.

In an age of social technology, we use our apps to help get through our active holiday calendar. We use our messaging apps to connect with friends on the go, and our banking apps to balance accounts, as well as send and receive money from loved ones. We need our apps to make the holidays happen. Which, unfortunately, makes the new LokiBot malware the perfect Trojan horse to infiltrate your mobile device.

What is Lokibot?

Lokibot is a new Android banking trojan that’s targeting mobile banking applications and communication apps like WhatsApp, Skype, and Outlook. Much like its banking Trojan counterparts, Lokibot disguises itself as the login screen of your banking app, hoping to trick you into giving it administrative access. Once it has access, it can use your browser and SMS texts against you to share your personal information with cybercriminals and spread spam to all of your contacts. According to researchers, this Trojan has targeted at least 119 apps already.

How Does Lokibot work?

Lokibot is like an unwanted guest, it just won’t leave. When users realize they’ve been duped and try to remove the trojan’s administrative privileges, it automatically locks the device and turns into ransomware. Fortunately, the Lokibot ransomware feature is faulty and has only been successful at renaming files instead of encrypting them. Unfortunately, Lokibot still has the ability to lock you out of your phone.

How do I protect myself?

The good news is: if your device has been infected, you can give Lokibot the boot by putting your phone into Safe Mode and removing the malicious application along with its admin user privileges. When it comes to cybersecurity, everybody knows that the best defense is a good offense. You can keep your devices safe by following these tips:

 

  • Don’t fall for the money bait. If you see an unanticipated “deposit” notification from your banking app, contact your bank directly. Lokibot is known to use fake notifications to lure unsuspecting users into its trap.
  • Keep an eye out for fishy looking login screens. Trojans are masters of disguise and often gain access when users give up their access for login to what appears to be a trusted app. If it looks suspicious, proceed with caution.
  • Download your apps from a legitimate source. Google Play has strong security standards for their applications. If an app is no longer supported in the play store, you should delete it immediately.

 

Following these steps will help keep you out of Lokibot’s way, so you can enjoy your busy holiday season.

 

Can’t get enough mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post Warning: Lokibot Is Looking to Access Your Android appeared first on McAfee Blogs.

]]>
Fake News: What Every Parent Needs To Know https://www.mcafee.com/blogs/family-safety/fake-news-what-parents-should-know/ Mon, 02 Oct 2017 06:01:15 +0000 https://securingtomorrow.mcafee.com/?p=77553 Fake news: we’ve all heard about it but what does it actually mean? Is it really a new concept or...

The post Fake News: What Every Parent Needs To Know appeared first on McAfee Blogs.

]]>
Fake news: we’ve all heard about it but what does it actually mean? Is it really a new concept or just a fancy buzzword?

What Is Fake News?

Well let’s keep it simple. Fake news is news that deliberately isn’t factually accurate. It’s a type of pseudo-journalism that spreads premeditated misinformation or hoaxes via traditional print and broadcast news media or social media with mischievous or malicious intent. So, it isn’t really a new concept. In fact, many would argue fake news has been around since at least Roman times when Octavian’s fabricated storytelling helped him defeat Mark Antony and become the first emperor of Rome.

Where Did The Term Come From?

While Octavian may have worked the fake news angle in ancient times, it was Mark Zuckerberg and Donald Trump that helped cement the term into our modern vernacular.

The progress of the 2016 U.S. Presidential election campaign prompted much discussion around whether false stories and fake news contributed to the outcome. In response to this, in November 2016 Mark Zuckerberg announced his plan to try and combat the alleged spread of deliberate misinformation on Facebook. And the term ‘fake news’ had traction.

Then President Trump took on the fake news baton. At his first press conference in 2017 as President-elect, he called Senior White House Correspondent for CNN, Jim Acosta, ‘fake news’. Since then, Mr Trump has been calling out major media outlets several times a week for being ‘fake news’ via his Twitter feed.

British World War I poster 'The Hun and the Home'
Example of a British World War I propaganda poster

As noted above, fake news or using the media to distribute propaganda isn’t new. There are countless examples throughout history of savvy strategic types using the media and propaganda with an agenda. Think of the British Government’s efforts in WWI to rouse its people against the Germans whom they labelled ‘the Hun’ or ‘barbarians’.

Why Did Fake News Gain Such Momentum In 2016?

But let’s get back to 2016 and add a few different factors: a social media culture; a U.S. Presidential election; a flamboyant ‘anti-establishment’ candidate who loved conspiracy theories (‘Ted Cruz’s father associated with JFK assassin‘); and some clever internet types who realised they could cash in. So the 21st century fake news phenomenon was born – and rapidly became a trending topic on the public agenda. Which in my view is actually a good thing.

Critical Thinking Cyber Skills Are Essential

Being able to identify fake news online is a vital cyber skill. Anyone with access to a smartphone or computer can publish anything online, so it’s a Wild West mash-up of real news and misinformation! And with research showing that most teens get their news from social media feeds, it is imperative that we arm our kids with critical thinking cyber skills so they can decode and decipher online information for themselves.

Tips To Identify Fake News

So, here are my top tips to help you and your kids  work out what’s fake and what’s factual online:

1. Investigate the site.

Do your ‘due diligence’ on the site. Is it an unusual URL or site name ending in ‘co’ that is trying to look legitimate, but isn’t? Is there contact information on the site? Does the author exist? If the site requires you to register before you can access it, then your alarm bells should be ringing!

2. Is it a solo news story?

Are other credible, mainstream news outlets reporting the same story? If not, you need to dig deeper.

3. Look past the headline.

Headlines may be clickbait – often designed to attract traffic. So don’t rely on the headline for the message, read the whole story.

4. Trust your gut instinct.

If the site is littered with typos, overuses capital letters, makes bold claims with no sources, or hosts pictures of girls in bikinis… there’s a fair chance it isn’t legitimate. Get outta there!

5. Perhaps it’s a joke?

There’s a lot of humour and satire online. Often, if the story is too ‘over the top’, it may be a satirical piece. Check out the site and the author just to be sure.

6. Check your biases.

Are your own beliefs affecting your judgement? Try to maintain some objectivity.

7. How did you react?

Clickbait and fake news often seek an extreme reaction. So if you feel upset or elated after reading a story, it may not be real news!

8. Be a detective – ask some basic questions:
  • What’s the date of publication? Is the story relevant and up-to-date?
  • Who gets paid if you click on this story?
  • Who is affected by the message in the story?
  • Is it a balanced argument? Has anything been left out of the story?
9. Ask an expert.

If you are still unsure, enlist the advice of an expert. A teacher, librarian, or even fact-checking websites such as Snopes or FactCheck.org can help verify the story – or not!

 

I believe the current focus on fake news is a blessing in disguise. Teaching our kids to be independent, critical thinkers should be our top priority as parents. And the prevalence of fake news helps us do just that. So, thank you, Mr President.

Till next time!

Alex x

 

 

The post Fake News: What Every Parent Needs To Know appeared first on McAfee Blogs.

]]>
NoMoreRansom – One year on! https://www.mcafee.com/blogs/other-blogs/executive-perspectives/nomoreransom-one-year/ Tue, 25 Jul 2017 14:20:05 +0000 https://securingtomorrow.mcafee.com/?p=76357 One year on. It is fair to say that the No More Ransom project not only exceeded our expectations, but simply blew these initial expectations out of the water. A collaboration between six partners (McAfee, EC3, Dutch Police, Kaspersky Lab, AWS and Barracuda) has now grown to include more than 100 partners across the public and private sector. We often hear people talk about Public-Private Partnerships, but here is a true example of that commitment in action.

The post NoMoreRansom – One year on! appeared first on McAfee Blogs.

]]>
One year on.  It is fair to say that the No More Ransom project not only exceeded our expectations, but simply blew these initial expectations out of the water.  A collaboration between six partners (McAfee, EC3, Dutch Police, Kaspersky Lab, AWS and Barracuda) has now grown to include more than 100 partners across the public and private sector.  We often hear people talk about Public-Private Partnerships, but here is a true example of that commitment in action.

Because of this commitment from all the partners, this initiative has resulted in the successful decryption of more than 28,000 computers.  Let us put that into context, for zero cost, victims of ransomware who do not have to be customers of any security provider can get their data back for nothing.  They don’t have to fill in a survey, enter their email address, provide their credit card details, in fact they don’t even have to worry about obfuscating their IP address.  For the first time, there is another option.  No longer are victims faced with the option of a) lose my data or b) pay criminals.

So thank you to all of our partners, thank you to those of you that tweeted, blogged about it.  This site has been successful, in fact so successful that we even have ransomware named after us.

Of course, the Queen of England gets a boat named after her, we get ransomware!  Well that’s okay, because it shows that as the tens of millions of dollars we have prevented going into the hands of criminals, they have taken notice.

We will not stop, in fact, we need more partners, more decryption tools, and more successes.   The message of #DontPay seems to be working (as we witnessed with WannaCry and nPetya), and we will continue in our efforts to hurt the bottom line of criminals.

 

The post NoMoreRansom – One year on! appeared first on McAfee Blogs.

]]>
Running from Ransomware: A Mobile User’s Guide https://www.mcafee.com/blogs/mobile-security/leaker-locker-mobile-malware/ Tue, 25 Jul 2017 13:00:52 +0000 https://securingtomorrow.mcafee.com/?p=76322 From the second my alarm goes off, my day goes 100 miles a minute. In addition to getting myself ready...

The post Running from Ransomware: A Mobile User’s Guide appeared first on McAfee Blogs.

]]>
From the second my alarm goes off, my day goes 100 miles a minute. In addition to getting myself ready for work, I have to pack my kids some brag-worthy lunches, conquer the stack of unwashed dishes in the sink from the night before, and make sure that everyone is out the door on time. One day, in  the midst of all the usual mania, I had a horrible realization that I had forgotten to buy my mom’s birthday present.

To save myself some time, I whipped out my phone, scrolled through the net and explored a few last-minute gift options. In the corner of my eye, I saw an ad for some cute shoes she’d like from a retail site I had previously visited. Zoom, tap, bam! Browsing history comes through to help me find a present in the blink of an eye.

Last-minute online shopping isn’t the only thing our connected devices are good for. We rely on our mobile phones for the simplest things to navigate through our daily lives. From mapping directions, to scrolling through nearby restaurant reviews, to quickly scanning newsworthy articles, our devices accumulate a lot of personal data through our browsing history.

Although browsing history has come handy for me in certain situations, it often gets a bad rap on its own. Leaker Locker, the new mobile malware discovered by the McAfee team, has created a browsing history nightmare by leveraging surfing habits against mobile users.

When we’re navigating through the net, we usually (often wrongfully) assume that our information will remain private. Unfortunately, that’s not always the case. Our increased trust of the web and dependence on our connected devices has excited cybercriminals, causing the number of mobile malware threats to grow over 80% in the last year.

Hiding behind apps that can be found in the Google Play store, Leaker Locker harnesses its malicious ransomware by disguising itself as an unauthorized mobile backup. Present on two apps on the Google Play store, this ransomware disguised as an app leaves the everyday consumer, like you and me, vulnerable.

So how does Leaker Locker work? It attacks when the user allows device permissions to the newly downloaded, disguised app. Once the malicious app gains access to the device, the device is locked down, and a message pops up on-screen, announcing  that the owner’s sensitive information has been compromised. This private information is then used as a bargaining chip for a ransom.

Want to make sure you’re not the next victim of this ransomware? Follow these tips:

  • Attention, Please: Scope out the app’s listing on the app store, and read through its reviews carefully. Sure, an app might look like a fun game or seem to make your life convenient, but it pays to be vigilant. Many users leave helpful warnings to others about if a specific app has been disguised as a hub for ransomware. If the reviews or actual app listings seem fishy, steer clear.
  • Don’t Pay to Play: Cybercriminals love to demand money in exchange for the “safety” of your personal data. Although paying the ransom seems like a good idea, don’t fall for this trap! Paying the ransom doesn’t guarantee the return of your information. Be extra cautious and try to keep sensitive data off your mobile device.
  • Back It Up: Back up your personal information and files by taking advantage of both an external hard drive and the cloud. In the event that you get locked out of your mobile device, you’ll still have access to important data. This back up plan will give you a better peace of mind.

Mobile ransomware has been making headlines, and cybercriminals don’t plan on stopping anytime soon. Get educated and be familiar with their actions. To cover all of your bases, consider turning to a mobile security solution like McAfee Mobile Security (MMS) for Android. With newly designed features that allow you to browse more securely on mobile, MMS provides real time malware (ransomware included) detection capabilities. Most importantly, it gives you the power to safeguard against threats like Leaker Locker a single tap.

The post Running from Ransomware: A Mobile User’s Guide appeared first on McAfee Blogs.

]]>
10 Tips To Stay Safe Online https://www.mcafee.com/blogs/consumer/10-tips-stay-safe-online-2/ Fri, 07 Jul 2017 17:13:19 +0000 https://securingtomorrow.mcafee.com/?p=76292 With hacks, scams, malware and more, the Internet can feel like a dangerous place these days. And, the recent proliferation...

The post 10 Tips To Stay Safe Online appeared first on McAfee Blogs.

]]>
With hacks, scams, malware and more, the Internet can feel like a dangerous place these days. And, the recent proliferation of devices, from smartphones and tablets to Internet-connected appliances, has opened us up to even greater risks.

But the good news is that by taking just a small handful of security measures we can greatly reduce our exposure to all these threats.

Here are some tips to help you get started:

1. Create Complex Passwords. We know you’ve heard it before, but creating strong, unique passwords for all your critical accounts really is the best way to keep your personal and financial information safe. This is especially true in the era of widespread corporate hacks, where one database breach can reveal tens of thousands of user passwords. If you reuse your passwords, a hacker can take the leaked data from one attack and use it to login to your other accounts. Our best advice: use a password manager to help you store and create strong passwords for all of your accounts.

Then, check to see if your online accounts offer multi-factor authentication. This is when multiple pieces of information are required to verify your identity. So, to log into an account you may need to enter a code that is sent to your phone, as well as your password and passphrase.

2. Boost Your Network Security. Now that your logins are safer, make sure that your connections are secure. When at home or work, you probably use a password-protected router that encrypts your data. But, when you’re on the road, you might be tempted to use free, public Wi-Fi.The problem with public Wi-Fi is that it is often unsecured. This means it’s relatively easy for a hacker to access your device or information. That’s why you should consider investing in a Virtual Private Network (VPN). A VPN is a piece of software that creates a secure connection over the internet, so you can safely connect from anywhere.

3. Use a Firewall. Even if your network is secure, you should still use a firewall. This an electronic barrier that blocks unauthorized access to your computers and devices, and is often included with comprehensive security software. Using a firewall ensures that all of the devices connected to your network are secured, including Internet of Things (IoT) devices like smart thermostats and webcams. This is important since many IoT devices aren’t equipped with security measures, giving hackers a vulnerable point of entry to your entire network.

4. Click Smart. Now that you’ve put smart tech measures into place, make sure that you don’t invite danger with careless clicking. Many of today’s online threats are based on phishing or social engineering. This is when you are tricked into revealing personal or sensitive information for fraudulent purposes. Spam emails, phony “free” offers, click bait, online quizzes and more all use these tactics to entice you to click on dangerous links or give up your personal information. Always be wary of offers that sound too good to be true, or ask for too much information.

5. Be a Selective Sharer. These days, there are a lot of opportunities to share our personal information online. Just be cautious about what you share, particularly when it comes to your identity information. This can potentially be used to impersonate you, or guess your passwords and logins.

6. Protect Your Mobile Life. Our mobile devices can be just as vulnerable to online threats as our laptops. In fact, mobile devices face new risks, such as risky apps and dangerous links sent by text message. Be careful where you click, don’t respond to messages from strangers, and only download apps from official app stores after reading other users’ reviews first. Make sure that your security software is enabled on your mobile, just like your computers and other devices.

7. Practice Safe Surfing & Shopping. When shopping online, or visiting websites for online banking or other sensitive transactions, always make sure that the site’s address starts with “https”, instead of just “http”, and has a padlock icon in the URL field. This indicates that the website is secure and uses encryption to scramble your data so it can’t be intercepted by others. Also, be on the lookout for websites that have misspellings or bad grammar in their addresses. They could be copycats of legitimate websites. Use a safe search tool such as McAfee SiteAdvisor to steer clear of risky sites.

8. Keep up to date. Keep all your software updated so you have the latest security patches. Turn on automatic updates so you don’t have to think about it, and make sure that your security software is set to run regular scans.

9. Lookout for the latest scams. Online threats are evolving all the time, so make sure you know what to look out for. Currently, ransomwareis on the rise. This is when a hacker threatens to lock you out of all of your files unless you agree to pay a ransom. Stay on top of this and other threats by staying informed.

10. Keep your guard up. Always be cautious about what you do online, which sites you visit, and what you share. Use comprehensive security software, and make sure to backup your data on a regular basis in case something goes wrong. By taking preventative measures, you can save yourself from headaches later on.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.


{
"metadata": {
"id": "7b3a68a8-4795-43f4-aade-c6f54e30e047",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/10-tips-stay-safe-online/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2017/07/img_1573824800303619.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2017/07/img_1573824800303619.jpg",
"pubDate": "Fri, 07 July 2017 12:35:48 +0000"
}
}

The post 10 Tips To Stay Safe Online appeared first on McAfee Blogs.

]]>
Will Your Smart Home Be Your Next House Sitter? https://www.mcafee.com/blogs/mobile-security/smart-home-summer-vacation/ Fri, 23 Jun 2017 13:00:42 +0000 https://securingtomorrow.mcafee.com/?p=75355 As I rush to catch a flight, I’ll often think in a panic, “Do I have my keys? Passport? Plane...

The post Will Your Smart Home Be Your Next House Sitter? appeared first on McAfee Blogs.

]]>
As I rush to catch a flight, I’ll often think in a panic, “Do I have my keys? Passport? Plane ticket?” Once I plop down in my seat, a terrifying visualization of everything else I may have forgotten flashes across my mind: “Did I turn the lights off in the main hallway?” “Did I set the alarms?” “Did I lower the temperature on the thermostat?” With all the moving parts involved in leaving for a vacation, I’ve started to rely on smart home devices to do some of the work for me.

Since we’ve begun to rely on smart devices more, however, the inherent convenience they provide for the home is sometimes met with headaches—including concerns around the risk of malware and phishing scams. These new intuitive devices are designed to help us perform everyday tasks with ease, but when not secured, they can become a hacker’s playground.

A previous blog went into detail about smart home appliance vulnerabilities, and how you can arm yourself with the proper tools to help you combat cybercriminals. To keep you in the know, I’ve compiled a list of smart devices to consider locking down.

  • Smart Home Security Cameras: Smart home security cameras can help monitor your home to make sure it’s safe and sound from unwanted visitors, but hackers have been known to prey on unprotected devices and turn them into spying tools.
  • Smart TVs: Smart TVs can recommend new shows for you to watch, but if not safeguarded, bad actors could utilize the video and audio functions of these devices to track your every move.
  • Smart Thermostats: Smart thermostats allow you to control the temperature of your home from your smartphone, but researchers have recently found that they can be used as bargaining tools when not locked down. “Want to turn the heat back on? Pay up!”
  • Smart Refrigerators: Although smart refrigerators remind you to get eggs and milk when you run out, an unprotected one in your home could expose the email account embedded into its integrated home calendar. Now that’s what I’d call interrupting your dinner plans.

So, what can you do to lock down all your smart home gadgets? To keep hackers away from your devices, install protection to combat the bad guys right from the source—your router.

With security based at the router level, you can have the best of both worlds. Router-based protection, like McAfee Secure Home Platform, provides an always-on solution that alerts you of emerging vulnerabilities, plus protection for connected devices. What’s more? If you’re away from home, you can manage your device connections through the mobile app. Now that’s something convenience-lovers will have a field day for.

Vacation is supposed to be a time for relaxation and quality time with your family. So before jetting off, make sure you know the ropes of securing your nest. Take the quiz below to test your knowledge, and make sure your home and devices are vacation-ready!

Interested in learning more about mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

 

 

 

 

 

 

Note: There is a widget embedded within this post, please visit the site to participate in this post's widget.

The post Will Your Smart Home Be Your Next House Sitter? appeared first on McAfee Blogs.

]]>
Wild West of Cybercrime: New Sheriff in Town https://www.mcafee.com/blogs/enterprise/wild-west-cybercrime-new-sheriff-town/ Mon, 17 Oct 2016 16:01:05 +0000 https://blogs.mcafee.com/?p=53412 Your data is held hostage by criminals.  Do you a) pay them, or b) lose your data forever? Until recently...

The post Wild West of Cybercrime: New Sheriff in Town appeared first on McAfee Blogs.

]]>
Your data is held hostage by criminals.  Do you a) pay them, or b) lose your data forever?

Until recently these were the only options for the many victims of ransomware. That was until July 2016 when law enforcement and private sector got together to launch the NoMoreRansom portal. Not only does it provide advice on how to best prevent such infections, it also provides a set of tools that allow victims to decrypt their data. This provided a third option to victims: c) don’t pay the bad guys and get your data back.

Progress has been impressive, because since July the number of tools have doubled to more than eight ransomware families. These tools have successfully decrypted over 2,500 infections in such a short time. Now to put this into context, this means that there were more than 2,000 instances in which people did not have to pay criminals to get their data back. Subsequently the portal was responsible for preventing in excess of €1 million going into the pockets of criminals.

All of which brings us to today. We have launched the portal with the European Cybercrime Centre, Dutch Police, Kaspersky Lab, and McAfee. Now we are delighted to announce the inclusion of 13 new partners from law enforcement: in Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland and the United Kingdom.

We often hear talk of public-private partnerships and although this rhetoric is often lauded, this initiative demonstrates a true practical example of this approach, and what can be achieved when we work together—not only in creating tools to return data held hostage, but also in raising awareness of ransomware by providing proactive measures to prevent infections.

Ransomware is a growth industry. One can argue it is the poster child of modern cybercrime, with huge revenues for criminals. It impacts consumers, and now specifically targeting sectors such as education, health care, and government. It has a detrimental effect on modern businesses across the globe. Without our taking a stand ransomware will continue to fund criminal activities and motivate cybercriminals to invest more in further nefarious initiatives. We must all take a stand, whether this is industry providing technical support to law enforcement in their efforts to disrupt criminal infrastructure, or an infected victim simply not paying and using the tools provided by NoMoreRansom.

We all have a role in this fight. NoMoreRansom may appear to be only a website fighting ransomware, but in truth it represents so much more.

The post Wild West of Cybercrime: New Sheriff in Town appeared first on McAfee Blogs.

]]>
10 Tips to Stay Safe Online https://www.mcafee.com/blogs/consumer/10-tips-stay-safe-surfing-web/ Mon, 28 Jul 2014 13:00:40 +0000 http://blogs.mcafee.com/?p=36833 Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers...

The post 10 Tips to Stay Safe Online appeared first on McAfee Blogs.

]]>
Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers know that there are dangers out in the water and are trained to look out for them. These dangers include rip currents, shallow water, and of course, sharks.

Just like there are dangers in the ocean, there are many dangers lurking on the Internet. And a savvy web surfer and searcher knows that there’s ways to protect themselves. Here are some tips to keep you safe while you surf the internet.

  1. Know the scams. Read articles and blogs, follow the news, and share this so you can  learn about different kinds of scams and what you can do to avoid them and also help your friends.
  2. Think before you click. Never click on links in messages from people you don’t know or vaguely know. These phishing emails have links that lead to websites that can lure you into giving personal information or download malware to your computer. You should even be wary with emails from people you do know if it looks or sounds suspicious. Hackers can create a malicious email that looks like it came from your best friend’s email account.
  3. Safely peruse. Beware of phony websites. These sites may have an address that’s very similar to a legitimate site, but the page can have misspellings, bad grammar or low resolution images. However, scammers are getting better at replicating sites so make sure. If a site asks for personal information, that you double check the URL and make sure it’s not asking for information it shouldn’t.  McAfee SiteAdvisor is a free download and protects you from going to risky sites
  4. Shop safely. Don’t shop on a site unless it has the “https” and a padlock icon to the left or right of the URL. Also, protect yourself and use a credit card instead of a debit card while shopping online—a credit card company is more likely to reimburse you for fraudulent charges.
  5. Kick-butt passwords. Do away with the “Fitguy1982” password and use an extremely uncrackable one like 9&4yiw2pyqx#. Phrases are good too. Regularly change passwords and don’t use the same passwords for critical accounts. For more tips on how to create strong passwords, go to https://passwordday.org/
  6. Protect your info. Keep your guard up. Back up all of your  data on your computer, smartphone and tablet in the event of loss, theft or a crash. Also, routinely check your various financial statements for questionable activity.
  7. Watch your Wi-Fi connectivity. Protect your network by changing your router’s default settings and making sure you have the connection password-protected.
  8. Install a firewall. A firewall is a great line of defense against cyber-attacks. Although most operating systems come with a firewall, you might want to consider installing McAfee LiveSafe™ service which has a much better firewall than the one that comes built into your operating system.
  9. Keep up to date. The best security software updates automatically to protect your computer. Use the manufacturer’s latest security patches to make regular updates and make sure that you have the software set to do routine scans
  10. Use your noggin. You do not need to be a seasoned computer whiz to know that it’s not smart to open an attachment titled, “Claim Your Inheritance!” Using common sense while surfing the Web can protect you from some hungry cyber-shark.

The post 10 Tips to Stay Safe Online appeared first on McAfee Blogs.

]]>