Malware Threat Targets Android Devices Through Email

September 12th, 2013

Malware on smartphone

A new form of malware attack on Android phones has security experts on the look-out. This form of scareware infects your computer through a phishing email and malicious link.

Chris Brook, of ThreatPost, reports that the emails will appear to be from the United States Postal Service.

The message informs you that the USPS was unable to deliver your package because the postal code contains an error. You’re then prompted to print a label. When you follow the “Print The Label” link included in the email, a malicious Android Package File, or .apk, is downloaded to your device.

This particular scam seems poorly constructed. After all, most of us know when we’ve sent a package recently and understand that printing a label for a package that isn’t in our possession wouldn’t do much good. However, there are plenty of users who will click the link to try to gain more information, even if they haven’t sent a package in months. Hackers play on our curiosity and even thin attacks like this one will claim victims.

This form of malware has been used before. Security experts note that a previous scam using it in a scam that asks users to pay a subscription fee to keep their devices clear of malware. What’s noteworthy is the way the malware is being distributed. Cyber criminals are adjusting to the number of users who access their email on their Android devices and are attempting to exploit that fact.

This malware is reportedly even capable of intercepting both incoming and outgoing calls. It also is capable of changing file names to look more innocent. Instead of a suspicious .apk file, it will appear as a .zip file with a tantalizing name like vacationphotos.zip.

Android users should go into the settings on their device and disable the option to “allow installation of apps from unknown sources”. Users will also be able to enable a “Verify Apps” option, which will warn them before any potentially malicious app is downloaded.

These two options help keep your device safe, but you’ll also want dedicated security apps as well. To upgrade the security on any of your devices, or to rid them of existing infections, come by or contact Geek Rescue at 918-369-4335.

New Threats In Chrome’s Web App Store

September 12th, 2013

Malware

For users of the web browser Google Chrome, a new malware threat has emerged. This threat looks a lot like Candy Crush and Super Mario.

Eric Johnson, of All Things Digital, describes the “wild west” atmosphere of the Chrome Web App store. Unlike Google Play, the app store for Android mobile devices, Chrome’s Web App store is much less regulated.

This lack of regulation has lead to a number of knock-off apps. Mostly, these apps are recreations of famous games like Super Mario, Candy Crush Saga, Fruit Ninja, Doodle Jump and Sonic the Hedgehog. These games aren’t licensed by their original creators and many are suspected to contain malware.

It’s not hard to understand why malware is included in these recognizable games. Users see a game they played in their youth, or a game they’ve heard is popular now, and want to try it out. It’s a naturally attractive app for what seems like no obligation. However, the apps are usually poor quality and infect your computer with malware.

The key to spotting these knock-off, malicious apps is simple. First, understand that Nintendo, Sega and other giant game companies aren’t making officially licensed apps for Chrome. If you have any further questions, look at the website associated with the app. In the case of a Candy Crush Saga knock-off, the website was listed as candycrushsaga.blogspot.com, which is not associated with King, the game’s developer.

If you have added one of these apps or another app you think contained malware, run your fully updated virus scan after you remove the app from Chrome.

For additional security on any of your devices, contact Geek Rescue at 918-369-4335. We offer security solutions to keep you safe from malware, spam email, viruses and more.

Secure Your Business With These Easy Tips

September 11th, 2013

Security

Many small business owners believe that they won’t be the target of a cyber attack simply because there are larger companies that present more value to hackers. However, this belief leads to more relaxed security protocols, which makes small businesses an attractive target because of their ease of access.

Susan Solovic posted on the AT&T Small Business blog how to immediately improve your company’s security without having extensive expertise.

  • Strong Passwords

As with any account, you need to protect your business by having each employee log-in with a secure password. This password should be long, have upper and lower case letters and symbols and numbers and be changed often. 

  • Sign Out

It’s a basic step that pays big dividends. Don’t make it easy for a criminal to steal your information or infiltrate your network. When you’re not sitting at your computer, sign out. This erases the possibility that someone in the area could walk by and immediately access valuable data. This is especially important for mobile devices. 

  • Regular Updates

There’s a reason your antivirus software requires regular updates. Hackers are constantly changing tactics and using new techniques. Each update is an attempt to stay ahead of the curve. So, when any of your regularly used applications prompts you to update, do it. 

  • Create Back-ups

Nothing keeps you 100-percent secure. Even if you are able to avoid a cyber attack, natural disasters could still wipe out data. Regularly backing up vital data is important in order to avoid a catastrophe. Should any of your files be lost or corrupted, you’ll have back-ups to replace them quickly without suffering any down time. 

  • Limit Employees

Each employee and each position at your company is different. Some will require different access to different applications. Think of it like a government security clearance. There are different levels depending on your pay grade. For your business, give employees the access necessary for them to do their job, but no more. This way, if their account is compromised, you won’t be allowing access to your entire network. 

Keeping your business secure is an important and time consuming job. For help, contact Geek Rescue at 918-369-4335. We offer data storage and back-up, security solutions and more.

 

The Problem With Your Password

September 11th, 2013

Password security infographic

Would you call your passwords to the various accounts you have online secure? It depends on how many characters your password is, if you use upper and lower case letters, symbols and numbers, if you use full words, recognizable names or places from your life and whether you reuse passwords on multiple sites.

Ping Identity’s Christine Bevilacqua published a blog along with the included infographic that speaks to the problem with password security.

Many of us have experienced a compromised online account and a broken password is often to blame. There is software readily available that is capable of breaking even incredibly long passwords. Sometimes, the strength of your password isn’t even the issue.

In the case of the latest attack on the New York Times, a spear phishing scam resulted in an employee giving out their password. Cyber criminals have become increasing intelligent about creating ways to hack into your accounts.

If you aren’t scammed into giving out your password outright, you may be guilty of clicking a link or downloading an attachment you shouldn’t have. This could infect your computer with malware capable of monitoring your activity, stealing passwords and infiltrating your accounts.

Some online accounts are moving to require a log-in with social media accounts, but what protects your social media accounts? A password does.

One of the latest innovations on the new iPhone is the use of biometrics. In order to unlock the phone, users will use their fingerprint. This seems like a foolproof plan. Afterall, no one will be able to hack into your phone unless they have your fingerprint. However, the problem becomes the unreliability of biometrics. For example, what happens if an error occurs and your phone won’t recognize your fingerprint? For most similar systems, the fall back is simple password protection, which brings us back to square one in terms of security.

The key to avoiding a hacker cracking your password is to practice safe surfing techniques and to have the latest security software in place.

To make any of your devices more secure, contact Geek Rescue at 918-369-4335.

Text Message Scams Threaten Your Smartphone

September 9th, 2013

Smartphone scam

You’ve probably heard of phishing and even spear phishing. But have you heard of smishing?

Criminals are using text messages, or SMS, to send phishing scams directly to your smartphone. Dubbed smishing by some, it’s another way for hackers to steal your money, information or monitor your activity.

Just like phishing and spear phishing, smishing relies on social engineering to play on your fears. Most smishing messages offer you money or gift cards, or claim to be your bank or credit card company.

About.com’s Andy O’Donnell published some tips to help you avoid becoming a victim of a smishing scam.

  • Know Your Bank’s Texting Policy

If your bank sends you a text regularly, it might be harder to decide when it isn’t legitimate. However, if you’ve never received a text from your bank before, you should be extremely wary when a text from a bank shows up on your phone. This goes for any accounts you have with any company. If a text comes to you, don’t respond to it. Instead, look up the customer service number for that business and contact them directly. 

  • Beware 4-digit Numbers

When an email-to-text service is used, a 4-digit number will usually be shown as the sender. Not all email-to-text users are malicious, but criminals use them to mask their actual location. If you get a text from someone without a typical phone number, be extra cautious.

  • Use The Text Alias Feature

If you seem to be getting a lot of spam texts, or just don’t want to worry about them, your phone provider likely offers a text alias feature. This allows you to use an alias number to send and receive text messages and you can then block texts from coming to your actual number. This alias will only be known to those you give it out to, so scammers won’t have access to it.

  • Block Internet Texts

As mentioned earlier, email-to text and other internet text relay services help scammers mask their identity and allows them to send a high volume of messages. Your cell phone provider will allow you to block all texts coming from these services. This will reduce the number of smishing texts you receive, but you might also miss out on legitimate texts from companies using these services.

 Putting additional security on your mobile device is another great way to ensure your safety. To find out more about mobile security, contact Geek Rescue at 918-369-4335. 

How Secure Is Your Internet Browser?

September 9th, 2013

Web browser

Google Chrome, Microsoft’s Internet Explorer and Mozilla Firefox are the three most popular browsers for PC users. One of the reasons for this is that each offers users security tools to keep them safer while surfing the web.

Kim LaChance Shandrow reports for Entrepreneur that 31-percent of internet attacks target businesses with fewer than 250 employees. This means that regardless of who you are, or how big or small your company is, you have a significant chance of being the victim of a cyber attack. You can’t afford to browse the internet without the proper security in place. With that in mind, here’s a rundown of the security each of the top three browsers offer users.

  • Firefox

This browser’s maker, Mozilla, is a non-profit foundation and is mostly funded by Google, who pays to have their site incorporated into the browser. It is also considered by many to have the best security features of any of the most popular browsers. “Undercover” mode and the “Do Not Track” tool both help keep your activity online invisible to others, including website who would normally track you. Firefox also warns you when you encounter a potentially malicious site. Malware, phishing scams and dummy sites are all recognized and you are given advance warning. 

  • Chrome 

Google’s browser is the most used in the US and boasts the fastest performance. Privacy settings are highly customizable and the “Incognito” mode works just like Firefox’s “Undercover” to keep your activity hidden. There’s also a “Do Not Track” tool but it’s not as user friendly as Firefox’s. While Chrome does a good job protecting users from malware and dummy sites, a big flaw is that information saved, like passwords, contact and credit card information, isn’t encrypted.

  • IE10

Microsoft boosted their security offering in the latest version of their browser. “Enhanced Protected Mode” safeguards against malware, tracking and hacking. Internet Explorer specifically protects against cross-scripting attacks and offers “Do Not Track” and “InPrivate” modes, much like Chrome and Firefox. One security gap exists in ActiveX, which is included to make rich media like video and animations run smoother. Cyber criminals are able to use ActiveX as a hacking tool when it’s allowed to run. IE10 does allow users to disable ActiveX, however, and only use it on trustworthy sites.

Browser security is certainly improving with each new version, but a browser’s protection will likely never be enough to keep you fully secure. Antivirus and anti-malware software should be installed and regularly updated on your machine and firewalls should be in place. The idea is to make it as difficult as possible for hackers to infiltrate your device.

For help improving your security at home or the office, call Geek Rescue at 918-369-4335. We offer a variety of security solutions to keep your data safe.   

Firewalls: Here’s What You Need To Know

September 6th, 2013

Firewall

Most everyone has heard of a firewall, but few really know what it is and what it does. The first thing you need to know is that you need one.

A firewall is a line of defense that monitors and filters data entering and leaving your network or computer. Andy O’Donnell describes a firewall for About.com as a “network traffic cop”.

It’s simple to understand that there are criminals outside of your network that want to get in and steal your data. Keeping them out is important, just as keeping criminals out of your home is important. A firewall is the first line of defense for keeping the criminals out and your data safe.

The other job of a firewall is ensuring that outbound traffic of a malicious nature is also blocked. This is a little harder to understand. Outbound data usually refers to what you are sending out of your own network, so why would you want to limit that direction of traffic? Well, if you do get a malware infection or allow access to your network to a malicious program, data can be sent from your computer to download more malware. A hacker is much more limited if the data sent from the infecting malware is limited by your firewall.

There are hardware-based firewalls that exist outside your computer. It would be a dedicated piece of hardware you add on to boost security. Many people already have a hardware firewall contained in their wireless router. To make sure it’s active, you’ll want to check the router’s settings.

There are also software-based firewalls. Most operating systems, like Windows for example, come with a standard firewall that is active by default. There are also a number of antivirus programs that also include software-based firewalls.

If you don’t have an active firewall, your operating system has probably alerted you to that fact. To improve your system’s security, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to keep all of your devices safe.

Hackers Are Targeting Your Smartphone, But Why?

September 6th, 2013

Smartphone Danger

You’ve likely heard how cyber criminals can hack your smartphone and gain access to your accounts, or even take over functions of your phone. But do you understand why your smartphone is such a coveted target?

Marshall Honorof, of TechNews Daily, writes that “your smartphone contains as much sensitive information as your wallet” and is always on, connected to the internet and vulnerable.

Your smartphone has a number of vulnerabilities, which makes it a challenge to protect. You’re probably always logged into social media and email accounts on your phone. This means that anyone who gains access to your phone also gains access to all of these accounts. With the information gained from social media and email, an intelligent hacker is able to gain access to almost any account you have online.

Smartphones also present the unique problem of text messaging vulnerability. A text message is practically impossible to block since phones open them as soon as they’re connected to a network. This means text messages containing malware are a near-perfect weapon.

There have even been demonstrations of infecting iPhone’s with malware through charging. Once a phone is infected with malware, any number of bad outcomes is possible. Your data could be collected, activity monitored, accounts hacked and phone functions hijacked.

When Bluetooth, Wi-Fi and GPS are activated, phones broadcast a shocking amount of information. Your location and the model number of your phone are available to anyone who cares enough to look for it. Retailers are actually beginning to use this information to tailor ads to you.

Turning off functionality like GPS and Wi-Fi when you’re not using it not only grants you more privacy, it also saves your battery. Experts also suggest uninstalling social media and email apps from phones. These apps are less secure than the websites they represent and keep you logged in at all times.

In addition to better usage habits, you’ll need robust security software to keep your phone safe. Contact Geek Rescue at 918-369-4335 to find out how to improve the security on any of your devices.

How To Protect Your Data When An Employee Leaves

September 5th, 2013

Dismissed Employee

Many companies have adopted an agile, mobile infrastructure to give employees access to vital data from practically anywhere. This is certainly effective for day-to-day business, but what happens when an employee leaves the company? How do you protect your data?

A recent post on IT Manager Daily suggests the key is a balance between your own interactions with the departing employee and security put in place after the individual leaves.

The first step is to develop a plan. In this plan should be a detailed, step-by-step protocol that is followed each time an employee leaves the company. You should also assess the risk an employee poses to the business should they be terminated or resign. Many times a senior member of your organization is more likely to steal data and start a competitor than a low-ranking employee.

Part of that plan should also include a robust contract signed at the time of hiring. This contract, similar to a non-compete, should have a data protection clause that prohibits employees from accessing and misusing company data once they’re no longer a part of the organization. These contracts also typically include a plan of action for lame-duck employees and how they will spend their last work days after putting in notice.

After an employee leaves, it’s vital that you shut off their access to any company data. Passwords should be changed on everything the employee previously had access to. If they used a company email account, you should even change the password to that. All company property should be turned in before the employee leaves. Once out the door for the last time, an employee doesn’t need any access to your data.

Taking these precautions against data theft doesn’t mean you don’t trust employees. They’re just good business tactics to ensure your data stays secure. In fact, developing a trust and allowing employees to leave on good terms is one of the most powerful ways to make sure no data is stolen. If an individual leaves liking you and your business, they’re less likely to do anything to harm it.

If you’d like to increase the security on your company’s data, contact Geek Rescue at 918-369-4335. We have a variety of security solutions to secure your network and keep your data safe.

 

How To Spot and Avoid Phishing Emails

September 5th, 2013
How to Detect a Phishing Email
Explore more infographics like this one on the web’s largest information design community – Visually.

 

Phishing scams are producing some unbelievable statistics. 500-million phishing emails are sent every day. 250 computers are hacked each minute. These statistics are why it’s important to protect yourself not only with the latest security software, but also with an understanding of how to avoid the scams.

Phishing emails are attempts to gain access to your accounts or steal some information a hacker deems valuable. They often appear to be from reputable businesses and will ask you to respond with your account information or personal identifiable information. The best thing to do is not respond. Mark the email as spam and delete it.

Many phishing emails will end up in your spam folder. So, the first step in avoiding these scams is to trust your spam folder. Unless you find an email you were expecting to receive in the spam folder, it’s best to leave them alone. Even emails from your contacts could be malicious. There are numerous cases of an individual’s email being hacked and a malicious email being sent to their entire address book.

If a phishing email does end up in your inbox, be aware of the sender’s usual behavior. For example, your bank probably only sends out emails for specific reasons and never asks for your account information over email. If you receive a message that seems out of the ordinary from a company you do business with, it’s always better to call them to find out what’s going on. Be sure to look up the number for yourself also. Many times, a false number will be included in the phishing email.

Links and attachments are a popular way to attempt to infect your computer with malware, which then allows hackers to gain access to your accounts. Be wary of any links and attachments sent to you from unknown sources. If you’re expecting a file to be sent to you by a friend or coworker, it’s probably safe. But, if someone you don’t know sends you an email with an attachment, or even a friend sends you a link you don’t recognize, it’s better not to open them.

For help keeping phishing scams out of your inbox, call Geek Rescue at 918-369-4335. We offer state of the art spam filters and the latest in security software to keep you safe.