Archive for the ‘app security’ Category

80% of IoT Apps Not Tested for Security Vulnerabilities, Study Says

May 3rd, 2017

We use mobile applications every day, and typically, multiple times throughout the day. They’ve become part of the way we live our lives and how we stay connected to the digital world. But, have you wondered how much these apps are tested for security, and more importantly, if we need to be taking more precautionary measures when it comes to how we interact with them? Ponemon Institute did, and conducted a study to explore exactly that – what precautionary measures are or are not being taken involving mobile (specifically IoT) app security.

For their “2017 Study on Mobile and IoT Application Security,” Ponemon Institute found that 80% of Internet of Things apps aren’t tested for vulnerabilities and there is still a lack of urgency to address the risk. In fact, an average company tests less than half of the mobile apps they build, and 33% never test their apps for security before they go on the market.

Needless to say, this disparity is concerning, as it opens up mobile users to an IoT-based cyberattack, which, as recent events have shown, can be both powerful and difficult to stop. Not to mention, could expose any personal data the user has shared with that mobile app.

So, how do the respondents feel about the potential security ramifications that come with IoT apps? The survey found despite the lack of urgency, 84% of respondents are very concerned about the threat of malware to mobile apps and 66% of respondents say they are very concerned about this threat to IoT apps.

So, given this concern, and the fact that the majority of IoT apps are still untested for vulnerabilities before they hit stores, it’s crucial that you take the right security measures when using an IoT app. To do just that, follow these tips:

-Keep all apps up-to-date. Even though initial testing is lacking, developers will patch the security holes they discover over time, and include each fix in app updates. So, make sure to keep all of your applications up-to-date to ensure your personal data is secure.

-Study up. Before you even download an app, make sure you head to the review section of an app store first. Take the time to read the reviews, and keep an eye out for ones that mention that the app has had issues with security. When in doubt, avoid any app that seems to place security as a low priority.

-Fight IoT attacks with streamlined security. Instead of managing the security of each individual IoT app, use a more streamlined security technique, like protecting the network that all of these apps connect to with the McAfee Secure Home Platform.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post 80% of IoT Apps Not Tested for Security Vulnerabilities, Study Says appeared first on McAfee Blogs.

Posted in app security, Consumer Threat Notices, Internet of things, Mobile Security | Comments (0)

Report Finds Some Health Apps Aren’t Healthy for Your Privacy

April 20th, 2017

One of the big features in today’s Internet-of-Things-centric world is the ability to effortlessly track and record health-related data. In fact, some companies make a lot of money providing users with tools, gadgets and social interfaces to more accurately track fitness and overall health. The abundance of these sensors has created a small cottage industry around health and health tracking apps, but not all apps are created equally — and not all are created with the user’s health in mind.

A recent report from the AV-TEST Institute found that Android users may be unintentionally leaking personal data about their health and fitness, even as they go out of their way to track their well being. The Institute surveyed a number of random health-related applications, all free on the Google Play Store, Android’s Official App Store, and found that 80 percent of health-related applications lack a privacy policy suitable for today’s regulations, despite handling sensitive data. The survey also found a good number of applications request or require access to data or sensors not core to the purposes of health-tracking, transmit data in an insecure fashion, and uses ad tracking to, well, sell ads.

As it turns out, some health-centric applications aren’t healthy for your privacy. That can pose a few problems for users, like potential identity theft and targeted advertisements designed for people suffering from unique ailments. This data could also be collected and sold to insurance companies, who could, theoretically, raise or lower rates based on a user’s monitored activity.

Just as troubling is the number of applications requesting access to device or user data not relevant to their apparent purpose. For example, AV-TEST reports that 12 of their tested applications requested direct access to the device camera, seven requested access to the microphone and three, surprisingly, required “full telephony functions of the smartphone.”

These aren’t innocent requests, either, like requesting access to a photo library for sharing photos over social media. For example, one application used to track menstruation cycles, “wanted to be informed of the whereabouts of its female users,” according to AV-TEST.

This problem, however, isn’t unique to health applications. A lot of programs often request access to data or functions they simply have no need for. It’s an issue all of us need to be aware of when first using a service.

So, what should you look for when considering a health-related application? Well, here are a few tips to keep in mind:

  • Research the developer. Every application has a developer listed next to its name. Take the time to do a few minutes of research to evaluate the developer’s trustworthiness. Things to look out for are the developer’s library of applications and how many people use their products. If the application isn’t from a known or respected developer, consider giving it a pass.
  • Check the reviews. Almost all app stores today have a review section. Take the time to read the reviews, but keep an eye out for reviews that are almost one-to-one replicas of each other. If you find them, it may mean the developer is paying for positive reviews. If you suspect that’s the case, then avoid the application or look for a neutral third-party review on a separate website to evaluate the app’s trustworthiness.
  • Evaluate what it wants access to. Almost all health applications will request access to additional sensors and features on your phone, but not all of them are necessary and some may even indicate maleficence. Be wary of applications requesting access to the full suite of features found on your device, especially if they’re not relevant to the application’s purpose.
  • Keep software up-to-date. The newest version of an application is always the safest, as developers patch issues with every update. So make sure to keep all of your apps and software up-to-date to ensure your personal data is secure. Also, to add an additional layer of protection across all of your devices, use a comprehensive security solution like McAfee LiveSafe so that you feel in control of all your personal data at all times. You can try it for free here.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Report Finds Some Health Apps Aren’t Healthy for Your Privacy appeared first on McAfee Blogs.

Posted in app security, Consumer Threat Notices, data protection | Comments (0)

How To Bank Smart On Your Smartphone

March 30th, 2017

Life before mobile banking just seems so rudimentary now. Trying to find your cheque book, those silly bank statements (which you know you put in a safe place), or even a carpark near the bank feels old school now.

When banking became available online, the people cheered. What a huge time saver. But when banking apps became available on mobile phones, the people roared. Life would never be the same again.

Whether it’s paying your electricity bill or even the flute teacher on the go, transferring money at the supermarket register, or locating an ATM when you need cash ASAP, mobile banking has been transformational.

But while there are massive upsides to mobile banking apps, it is essential that we understand the best way of managing the risks to avoid the potential downsides. Here are my top tips to ensure you stay safe while banking on your smartphone:

1. Never Ever Store Your Banking Passwords On Your Smartphone

I know it sounds super obvious but a clever crim knows exactly how to locate your banking logins and passwords on lost or stolen phones. Please commit them to memory and don’t even think about trying to hide them in your phone contacts.

2. Avoid Using Public Wi-Fi For Mobile Banking

A shared, unsecured Wi-Fi hotspot could actually be a trap set up by a lurking hacker intent on stealing any data you share while connected. Please try very hard to avoid using public Wi-Fi’s but, if you are absolutely desperate, ensure your chosen Wi-Fi hotspot is reputable and password protected.

3. Be Aware Of Shoulder Surfers

Most of us bank on the go, so being aware of others snooping over your shoulder while conducting financial transactions is essential. Take the time and sign up for multi-factor authentication which will reduce the threat of a shoulder surfer stealing your banking logins.

4. Protect Your Phone And Install Security Software

Many of us have protected our laptops with security software but don’t remember our phones. Top notch security software will not only protect you from downloading viruses and malware, it can also remotely wipe your data if you lose your phone. Intel Security offers free McAfee Mobile Security to secure both Android™ and iOS® devices.

5. Ensure You Are Using Your Bank’s Official App and NOT A Fake One

Fake apps are one of the latest ways hackers are worming their way into our private lives and getting their hands on our private information. One way to ensure you reach your bank’s ‘real’ app on either the App Store or Google Play is to click the link from your bank’s own website. And just to be doubly sure, before you tap download, check out the reviews to ensure no one has had any issue with it. Unfortunately, not everything is legitimate.

6. NEVER Click On A Link Sent To You By ‘Your Bank’

Cybercriminals spend a lot of time and resources trying to direct consumers to fake websites they have created that look almost exactly like the real thing. So if your bank has sent you an email and you’re just not sure, please navigate yourself to the site. Do NOT click on that link. Remember, a secure website URL should start with ‘https’.

7. Say ‘YES’ To Your Bank’s Security Offerings

Many online banking platforms have a number of additional security offerings to protect their customers and minimize the impact of stolen logins. Multi-factor authentication, daily transfer limits and transfer notifications are just a sample. So please, say YES to all of them and give yourself another layer of protection.

 

And if you have teens in the house who are on the cusp of managing their own finances, please make sure they know how to avoid the pitfalls of mobile banking. While they may think they have mobile banking ‘all sorted’, they may need a few reminders about how to make good decisions… Ah, the joys of parenting!!

Till next time…

Take care!

Alex x

The post How To Bank Smart On Your Smartphone appeared first on McAfee Blogs.

Posted in app security, cyber safety, Cyber Smart Family, Family Safety, smart devices | Comments (0)

App Store Flooded with Phony Retail Apps to Kick Off Holiday Season

November 8th, 2016

The holiday season has officially kicked off, which means a number of things for many of us: seasonal cheer, quality time with loved ones, and admittedly for many, lots and lots of shopping. And these days, many of holiday retail sales are happening online. Unfortunately, that also means now more than ever, there’s more holiday-related cybercrime about. In the latest news, ‘tis the season for fake retail mobile apps, designed by cybercrooks to prey on seasonal gift-buyers.

Hundreds of devious apps have appeared in Apple’s App Store, masquerading as the official versions by retailers people know and trust. Imagine an unsuspecting user, trying to score a jacket they’ve had their eye on for months, downloading an app from a retailer likely to sell it. They’re then hit with a special offer of a malicious kind — and they won’t be giving thanks.

Next, any number of consequences can occur. A plethora of fake apps, made by different cybercriminals, is circulating—so there’s a range of profiteering tactics out there. Some merely serve annoying pop-up ads. But other situations can be more severe. For example, credit card information could accidentally be sent to a cyber crook posing as a retailer. And what if you mistakenly authorize a phony app with your Facebook account? Hopefully you haven’t given away permissions to your account, but at the least, your Facebook is likely on some rogue’s list of accounts to run tricks on later. Worst case scenario, these fake apps could actually operate in the background of your device, actively stealing data wherever you may enter it.

That’s already a bad situation, but then consider how easily people can fall victim. The stores being imitated are recognized and popular — Dollar Tree, Foot Locker, Dillard’s, Nordstrom, Zappos.com, Christian Dior, and many others. So the chances are high that cyber crooks will get their sought-after downloads. There’s also the fact that, for someone caught up in the drama of holiday shopping, consumers won’t necessarily be inspecting every store’s mobile interface and ratings for legitimacy.

Now to be fair, Apple has already eliminated many malicious apps from the App Store since major news outlets began reporting on this issue. However, it’s worth noting that ill-intentioned developers behind these fake apps are capable of putting new ones up in the App Store. Chris Mason of Branding Brand, an app building and analytics company, even described the whole process as “a game of whack-a-mole.” It’s quite possible the threats will continue to surface, and users will need to be vigilant to avoid them.

At the end of the day, the holidays are precious — they’re a time for celebration. The good news is that we can certainly still enjoy them, even when shopping on mobile. By making sure to use the right safety precautions, everyone can keep the coming months positive and festive. After all, this time of year is all about appreciation, quality time, and admittedly for a lot of us, the best seasonal sales!

So remember these tips for shopping safely on your mobile device:

  • Review before you download. How much time do you spend researching an app before you tap ‘download’? Just take a moment, and see if an app is the official version. Scan the official app store for potential alternatives, read the reviews, and don’t download until you’re absolutely sure it’s legitimate. Having your own, strict vetting process will keep you from downloading malicious apps to begin with.
  • Be careful what information you give. When installing an app, your mobile device may need to grant it certain permissions. And as you use the app, further steps may prompt additional permissions requests, or even Facebook account authorization. Don’t grant any permissions that seem unnecessary, and think twice before opening the gates to your personal data through other apps and services on your device. Remember: you can also check existing apps’ permissions in your phone’s settings, to monitor the level of information you’re providing to different services.
  • See something suspicious? Act on it. If you spot a peculiar detail or flaw, that should raise some red flags. For example, the Boston Globe reported that a New Balance imitator had a page saying “our angents are available over the hone Monday-Firday.” Hardly any legitimate company would make such flagrant spelling mistakes. Take these seriously, and report suspicious apps when you see them.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and ‘Like’ us on Facebook.

gary

The post App Store Flooded with Phony Retail Apps to Kick Off Holiday Season appeared first on McAfee Blogs.

Posted in app security, consumer, Consumer Threat Notices, Mobile Security | Comments (0)

Boo! The Spookiest Mobile Hacks of 2016

October 28th, 2016

Endless candy, an excuse to dress up as a character from your favorite comic book, and carving pumpkins with family… What’s not to love about Halloween? But witches, ghosts, and goblins aren’t the only things to fear this time of year. This Halloween, there’s a different kind of spooky story—mobile hacks. Mobile security threats are only growing, and new hacks are popping up faster than you can say “trick or treat.” Gather ‘round as we share four mobile hacks of 2016 that left us afraid to sleep with the lights off.

What’s Scarier Than Malware? Ghost Malware: Two years ago we uncovered a Trojan infecting Android devices running v. 5, and two years later it’s still on the loose, as many users haven’t transferred to updated systems that cleared the infection. We deemed the Trojan “Ghost Push,” as it dons several costumes in order to gain access to devices and their data. The malware starts its attack by posing as an application or plug-in, and finally disguises itself as Google Play, asking the user to disclose credit card information. Once Ghost Push makes its way into the mobile device, a second phishing overlay requests the victim’s phone number and date of birth. Ghost Push is one shady character that you don’t want to run into, so keep your device updated and avoid third-party app stores.

Hackers Are Total Brand Snobs: Brands used to pop up on soda cans and billboards, but today they’re everywhere you look, both offline and on. We ‘like’ their pages, ‘follow’ them, and download their apps, and cyber attackers are catching on. Brand-associated apps lined with malicious files are popping up left and right, with 248,701 malicious apps discovered in 2016. A big name is sometimes all of the validation we need to trust an app. Downloading a brand’s app can come in handy for special deals, new content, and customer service, but malicious apps are like the neighbors who hand out toothpaste on Halloween. Malware? No thanks! Skip this one and be extra cautious when you download a brand’s mobile app. Your phone will thank you.

Cat Videos and Malware: YouTube is everyone’s favorite distraction. What starts with Beyoncé’s latest music video quickly spirals into an endless black hole of entertainment. Cyber criminals love to take the fun out of everything, and YouTube was the latest victim when hidden voice commands were uncovered. That’s right, just having your phone nearby while you scroll through videos could be enough to infect your device. By embedding a manipulated voice saying “Ok Google,” criminals can alert your device and control it, all without your knowledge. Luckily, this hack hasn’t taken off just yet, but the possibility is present. To avoid this hack, consider turning off the always-on mode for your microphone.

Spooky Spyware Malware Hits Android: Earlier this year, SpyLocker, an Android banking malware, targeted customers of large banks in Australia, Turkey, and New Zealand. The mobile malware dressed up in one of the year’s trendiest costumes, a Flash Player, and stole login credentials from 20 different banking apps. Android devices both old and new were targeted, leaving call logs, incoming SMS messages, and other personal information in hackers’ hands. Does the thought of a criminal reading your text messages give you the heebie-jeebies? Us, too.

Did we leave you scared? Being cautious is the key to mobile security, and comprehensive software is the garlic that keeps hackers at bay. Try McAfee® Mobile Security, free for both Android and iOS, and lock down your device, your data, and your privacy.

Have a spooktacular Halloween!

Hungry for more mobile security tips? Be sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano

The post Boo! The Spookiest Mobile Hacks of 2016 appeared first on McAfee Blogs.

Posted in app security, McAfee Mobile Security, mobile app, Mobile Security | Comments (0)

Boo! The Spookiest Mobile Hacks of 2016

October 25th, 2016

Endless candy, an excuse to dress up as a character from your favorite comic book, and carving pumpkins with family… What’s not to love about Halloween? But witches, ghosts, and goblins aren’t the only things to fear this time of year. This Halloween, there’s a different kind of spooky story—mobile hacks. Mobile security threats are only growing, and new hacks are popping up faster than you can say “trick or treat.” Gather ‘round as we share four mobile hacks of 2016 that left us afraid to sleep with the lights off.

What’s Scarier Than Malware? Ghost Malware: Two years ago we uncovered a Trojan infecting Android devices running v. 5, and two years later it’s still on the loose, as many users haven’t transferred to updated systems that cleared the infection. We deemed the Trojan “Ghost Push,” as it dons several costumes in order to gain access to devices and their data. The malware starts its attack by posing as an application or plug-in, and finally disguises itself as Google Play, asking the user to disclose credit card information. Once Ghost Push makes its way into the mobile device, a second phishing overlay requests the victim’s phone number and date of birth. Ghost Push is one shady character that you don’t want to run into, so keep your device updated and avoid third-party app stores.

Hackers Are Total Brand Snobs: Brands used to pop up on soda cans and billboards, but today they’re everywhere you look, both offline and on. We ‘like’ their pages, ‘follow’ them, and download their apps, and cyber attackers are catching on. Brand-associated apps lined with malicious files are popping up left and right, with 248,701 malicious apps discovered in 2016. A big name is sometimes all of the validation we need to trust an app. Downloading a brand’s app can come in handy for special deals, new content, and customer service, but malicious apps are like the neighbors who hand out toothpaste on Halloween. Malware? No thanks! Skip this one and be extra cautious when you download a brand’s mobile app. Your phone will thank you.

Cat Videos and Malware: YouTube is everyone’s favorite distraction. What starts with Beyoncé’s latest music video quickly spirals into an endless black hole of entertainment. Cyber criminals love to take the fun out of everything, and YouTube was the latest victim when hidden voice commands were uncovered. That’s right, just having your phone nearby while you scroll through videos could be enough to infect your device. By embedding a manipulated voice saying “Ok Google,” criminals can alert your device and control it, all without your knowledge. Luckily, this hack hasn’t taken off just yet, but the possibility is present. To avoid this hack, consider turning off the always-on mode for your microphone.

Spooky Spyware Malware Hits Android: Earlier this year, SpyLocker, an Android banking malware, targeted customers of large banks in Australia, Turkey, and New Zealand. The mobile malware dressed up in one of the year’s trendiest costumes, a Flash Player, and stole login credentials from 20 different banking apps. Android devices both old and new were targeted, leaving call logs, incoming SMS messages, and other personal information in hackers’ hands. Does the thought of a criminal reading your text messages give you the heebie-jeebies? Us, too.

Did we leave you scared? Being cautious is the key to mobile security, and comprehensive software is the garlic that keeps hackers at bay. Try McAfee® Mobile Security, free for both Android and iOS, and lock down your device, your data, and your privacy.

Have a spooktacular Halloween!

Hungry for more mobile security tips? Be sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano

The post Boo! The Spookiest Mobile Hacks of 2016 appeared first on McAfee.

Posted in app security, consumer, McAfee Mobile Security, mobile app, Mobile Security | Comments (0)

Autorooting Malware Gives Hackers the Green Light into Your Device

August 2nd, 2016

It wasn’t that long ago when discovering new products, restaurants and everything in between came down to asking our circle of friends. Reviews and ratings were the stamp of approval to which our friends held the key. In 2016, we ask the internet, and now strangers tell us what they like (or don’t), and why we should too. Before downloading an app or finding a new hairdresser, we ask people we may know nothing about other than their username what they think.

Where am I going with this? Malware. Autorooting malware is a growing threat that cybercriminals launch on mobile devices in order to install unwanted apps. This exploit is used to drive revenue and boost ratings. If ratings are high for an app, other users are more likely to trust and download it. Rooting a device allows cybercriminals to perform operations that would otherwise require your permission. Autorooting can be a major threat — once a criminal has taken over your mobile device, they can open the door to all of their dangerous friends. It’s a shady app party, and your device is getting destroyed.

The latest bad guy to get caught is LevelDropper, a malicious app available in the Google Play Store that appeared to transform your phone into a level, in order to replace the physical one in your toolbox. Handy! Everyone who has ever struggled to hang up a picture — rejoice! Sadly, LevelDropper is just the next offender in the mobile threat world. Once downloaded, the app autoroots the device and quickly installs new apps, without user permission. As we’ve told you before, it’s important to always be picky when downloading apps. If you notice new apps that pop up right after downloading one from an app store, your device could have fallen victim to an autorooting malware attack.

LevelDropper isn’t the only app using autorooting to their benefit and your detriment — the trend is exploding. Malicious programs are offered in even the most trusted app stores, and the only way to stay clear is to use extreme caution.

Cybercriminals are always looking for new ways to trick you into downloading their apps, but there are ways to keep them at bay:

  • Always be cautious when downloading apps on your mobile device. Read the privacy policy, check out user reviews, and be sure you’re OK with providing access to everything it’s requesting.
  • Install comprehensive security. McAfee® Mobile Security is free for Android and iOS, and can help to protect your Android mobile device from not only autorooting malware (like LevelDropper), but all malware. We don’t discriminate, and will alert you if we sense an app to be malicious, all before you download.
  • So many new apps, so little time. A key to keeping your device healthy is only downloading apps that have a good reputation. The internet isn’t just a handy place to find your new favorite restaurant, it’s also a great place to do some digging. Search the app’s name and see the buzz.

If you do fall victim to autorooting malware, we recommend performing a factory reset of your mobile device. Cybercrimes are always evolving, and we will never stop having your back. Check back here to always stay in the know.

To keep up with the latest security threats, be sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano

The post Autorooting Malware Gives Hackers the Green Light into Your Device appeared first on McAfee.

Posted in app security, Autorooting device, consumer, LevelDropper, McAfee Mobile Security, Mobile Security | Comments (0)

WhatsApp Gold: Why Upgrading Isn’t Always a Golden Idea

June 14th, 2016

Whether it was the cool sneakers everyone had in grade school, or the latest cell phone release, we always want what’s new and hip. The desire to stay on top of trends and ahead of our friends carries over to our tech, too. We know to be careful when downloading on our mobile devices, but it’s easy to get caught up in a shady upgrade! Software updates are seen as fixes for bugs and improvements in design, but without judging speculatively, that upgrade could very well lead to cyber nightmares like malware.

That’s what happened when users of the popular messaging app, WhatsApp, fell victim to a lookalike sneakily disguised as the real deal. Thousands of users were given the option to download ‘WhatsApp Gold,’ via links spread over texts and social networks. This fake version of the app claimed to offer premium features that were only previously available to celebrities and users of status – ooh, aah! But, instead of premium features, the download actually led to the last feature a user would ever want: malware.

Don’t fall victim to the same cybercrime trickery! Follow these tips to stay golden:

  • Toss It in the Trash: If you receive a message that looks like a scam, delete it, and do not click to investigate. One click can trigger the malware and infect a device within seconds. Mobile users are prompted with so many updates, it can be easy to download without thinking. Move with caution when it comes to clicking shady links.
  • Something Smells Fishy: Don’t just assume that any message you see from a technology provider is legitimate. Cybercrime is thriving like never before, and sadly no one is immune. Rather than clicking the link to see where you end up, do a search on the web. In the WhatsApp Gold case, users could have avoided trouble by heading to the main WhatsApp website to do some investigating. If an app just released an update, the news will be front and center. Forums and blogs (like us!) are also full of the latest hacks; follow the breadcrumbs and see if the update is the real deal.
  • Stick with the App Store You Know and Love: We all love to get a deal, but shopping in third party app stores is a big no-no. These apps aren’t held to the same standards as reputable app stores, and downloading from one is practically asking to have your mobile device hacked.
  • We Have Your Back: Comprehensive security software is the defense you need to protect against hackers. McAfee® Mobile Security, for both Android and iOS offers plenty of protections to keep your mobile device in the clear. Next time you go to download a suspicious app, we’ll stop you in your tracks.

Don’t get caught up in the new and cool; losing your data to a scam is definitely not what the cool kids do!

Looking for more security tips? Make sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano

The post WhatsApp Gold: Why Upgrading Isn’t Always a Golden Idea appeared first on McAfee.

Posted in app security, consumer, Intel Security, Mobile Security | Comments (0)

World Password Day Came and Went – Did You Add MFA?

May 10th, 2016

Your family photos, your savings account, and maybe even your dating life are all hidden behind one thing: a password. A combination of letters and numbers protects your personal information from the hands of hackers.

Last Thursday, we filled your social media feeds with articles, videos and Tweets, hoping to raise password awareness on World #PasswordDay. This year, we focused on the importance of multi-factor authentication (MFA). Why stop with simply updating your password, when you can protect your data with another layer of security?

To make our point, we brought out the big dogs and teamed up with a hard hitter. If anyone can convince you to take some time to rethink your password strategy, it’s none other than the actress known for taking no punches, Betty White.

Did you catch her Password Pep Talk videos? Watch below to learn some valuable lessons, and have a nice chuckle too:

 

Our mobile phones are at the center of our lives (and usually in the palm of our hands). They may just seem like means for checking email on the go or to text a friend, but do us a favor and think of all the information stored on your phone. That’s a scary thought, when you consider hacking and even theft of mobile devices.

Stop worrying, and start preventing. Here are our top three password tips:

  • Lock it down twice. Multi-factor authentication requires more than username and password for entry. To gain access, MFA demands something you know, like a password, and something only you can provide, like a fingerprint or face scan. This information is specific to you, so only you can access the things meant for your eyes only.
  • Strong and long. Passwords should be at least 8 characters long. Longer passwords take longer to crack, it’s that simple. A strong password uses a combination of numbers, upper and lowercase letters, and symbols. Avoid birthdays, family names, and repeated characters. More tips.
  • Change of the seasons, change of the password. Passwords should be changed every three to six months. Using the same password for a long period of time gives hackers a better chance to crack the code. Set a reminder on your calendar to get creative and update all of your accounts with a new, secure password.

We can’t prevent data invasions from happening, but we can take steps to make gaining access to private information more difficult. Adding in additional security layers, especially on your mobile device, could be the key to keeping your private life private. So with all of the information thrown your way this World #PasswordDay, did you add a second layer of protection? Now is the time!

Think you’re a password pro? Take our Security IQ Quiz and find out just how savvy you are!

To stay up-to-date with the latest security threats year-round, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano

The post World Password Day Came and Went – Did You Add MFA? appeared first on McAfee.

Posted in app security, consumer, McAfee Mobile Security, Mobile Security, password, password security | Comments (0)

Mobile Shopping on Social Media: The New Frontier

March 29th, 2016

Let’s go back in time. Here’s the scenario: You’re hosting a party and the party prep includes a trip to the grocery store, the craft store, and the mall for the perfect dress. That’s three separate stops and several hours logged for party prep, before it even begins. Fast forward to 2016. What used to take hours to complete can now take minutes – that’s the beauty of shopping on social media via your mobile device. Now, you can browse for the perfect dress on Pinterest while waiting in line for coffee, or order decorations through your favorite retailer while scrolling through Facebook in bed. And like that, you’re the host with the most… Ta-da!

With so much of our time being spent on social media, it’s only logical we spend some money there, too. Mobile shopping on social media is the new frontier for e-commerce, and companies are quickly evolving their offerings to give us more of what we want and need.

With the newly added “buy buttons” on social posts, the ability to get what you want when you want it is easier than ever before – and cybercriminals will be quick to take note. In a recent blog we discussed hackers taking advantage of shopping apps, and social media shopping is poised for similar attacks. While you’re trying to score a deal on social media, hackers could be trying to steal your information. Any time you enter financial info, your guard should be up. Your data, and personal info, are on the line.

So before buying those cute shoes, follow these tips for smart social media shopping:

Think before you throw it in the bag: When purchasing items through social media sites, always do your research. Lookup well respected retailers, read reviews, and if it seems too good to be true, it probably is. A smart TV, less than half the price of name-brand competitors, is a tell-tale sign of a shady vendor. Stick to stores you trust, and look for verified social accounts.

Don’t shop on public Wi-Fi: If you feel the urge to make a purchase while you’re out, turn off Wi-Fi and Bluetooth. Connecting to unprotected networks can expose your personal information and data to cybercriminals – whether shopping through social networks, or not.

Don’t give it all up: A secure, trustable social media site will never ask for your social security number or other private personal information. The more information you share, the easier it is for cybercriminals to steal your data or identity.

Check the paper trail: I know, checking payment history can be scary, especially after a shopping-spree. But it’s a security measure that you just can’t skip. Always look for fraudulent charges and names that you don’t recognize.

Update, update, update: Your mobile device cares about you. That’s why developers create updates to protect you from malware and infections. They have your back, so take some time and update your device.

Social media is fun, and add in shopping – double fun! But don’t lose focus of your security. Don’t share too much, think before you buy, and use your best judgment. Want an extra layer of protection? Download comprehensive software for your mobile device, such as McAfee® Mobile Security. It’s free for both Android and iOS, and offers a variety of protections to keep your mobile device safe for when you clear the (virtual) racks! Happy shopping!

To keep up with the latest security threats, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.

lianne-caetano

The post Mobile Shopping on Social Media: The New Frontier appeared first on McAfee.

Posted in app security, consumer, McAfee Mobile Security, Mobile Security, Social Media Shopping | Comments (0)