Security – PSafe Blog https://www.psafe.com/en/blog Articles and news about Mobile Security, Android, Apps, Social Media and Technology in general. Thu, 19 Jan 2023 14:49:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://www.psafe.com/en/blog/wp-content/uploads/2018/05/cropped-psafe_blog_purple-shield-32x32.png Security – PSafe Blog https://www.psafe.com/en/blog 32 32 <![CDATA[What is worm?]]> https://www.psafe.com/en/blog/what-is-worm/ Wed, 11 May 2022 20:29:16 +0000 https://www.psafe.com/en/blog/?p=21274 In computer security terms, do you know what a “worm” is? Well, you probably know we’re not talking about larvae — but we are indeed talking about parasites. Digital worms are among the most serious threats in the wild kingdom of the Internet.

According to our virus dictionary, a worm is one of the most common forms of malware. They exploit network flaws to spread larger threats and build on an operating system that spreads malicious code to other computers.

Worms can also damage connections, slowing down the internet and computer. Worse still, they can delete files from your hard drive and be difficult to defeat once they have penetrated your system (as they can usually get through most firewalls).

In this post, you will learn more about worms — and how to protect yourself from this threat.

What makes a worm?

A worm is a type of malware that, unlike common viruses , can self-replicate without the need to infect legitimate files, thus creating working copies of themselves. This capability enables worms to easily spread across computer networks and USB drives.

Some worms also spread through email messages, creating malicious attachments and sending them to the hacked account’s contact lists, often in the form of phishing.

How Worms Work

After spreading and gaining access to systems, some worms look for patches and security updates to close the holes they use. This prevents other malware from infecting the system using the same flaw – ensuring the worm’s exclusive control of its domain within the system.

These worms can also delete and modify files. Sometimes the point is just to make copies of itself over and over again – using up system resources (like hard drive space or bandwidth, hogging a shared network). In addition to wreaking havoc on a computer’s resources, worms can also steal data, install a backdoor, and allow a hacker to gain control over a computer and all of its system settings.

Worms are back to being used in SPAM

Popular around 2003 with the Bagle family, worms sent via SPAM to email accounts are once again being used by cybercriminals. The technique often uses zipped, password-protected files to distribute malware.

Because it is password protected, many antivirus programs are not able to scan files, and many security suites do not scan zip files, so they easily pass through the email security gateway.

A recent reappearance of this method for stealing data took place in Italy and was aimed at customers of Grupo Bancario Iccrea. The e-mail contained a password-protected HTML file, but with the access code included in the body of the e-mail.

When clicking, the user was invited to enter the code in the email to access the page. By informing the e-mail password, the user was directed to another page where he or she would enter credit card information, giving a false sense of security.

The reuse of this malware can represent a major threat world-wide, as more and more people have access to computers and are spending time in the virtual world, but are unaware of past threats and ways to protect themselves.

How to know if your computer has worms

If you suspect that your devices are infected with a worm, run a threat scan using your security solution immediately. Even if the verification is negative, follow the steps below.

1. Keep an eye on your hard drive space. Remember: when worms replicate themselves over and over again, they start taking up free space on your computer.

2. Monitor your machine’s speed and performance. Is your device slower lately? Are some of your programs crashing or not working like they used to? This could be a sign that a worm is consuming your processing power.

3. Be on the lookout for new or missing files. A common function of worms is to delete and replace files on a computer.

Main types of worms

The list below presents some of the most popular types of worms:

  • Sobig: emerged in 2003 and was reactivated in 2013, Microsoft offered a reward to discover its creator.
  • Conficker: It is most common on personal computers, blocking access to information security sites and spreading quickly over the network or USB devices. The pest is still active, but it can now be more easily removed by advanced security solutions.
  • Mydoom: appeared in 2004 with rapid propagation and was generated by infected computers and through e-mail messages.
  • Doomjuice: Uses a loophole created by Mydoom to infect computers.

How to protect yourself from worms

Worms are just one example of malicious software. To help protect your computer from them and other online threats, read and heed below!

  • As software vulnerabilities are the main infection vectors, make sure your computer’s operating system and applications are updated to the latest versions. Install these updates as soon as they become available, as updates often include patches for security flaws.
  • Phishing is another popular way for hackers to spread worms (and other malware). Always be extremely cautious when opening unsolicited emails, especially those from unknown senders that contain attachments or links. Don’t forget to activate your email service’s SPAM filters.
  • Make sure you invest in a strong security solution that can help block these threats. A good product should have anti-phishing technology as well as include defenses against viruses, spyware , ransomware and other online threats. dfndr enterprise is an excellent choice for you or your company, as it uses advances in artificial intelligence to simulate and predict all types of attacks (including all the latest worms).
]]>
<![CDATA[Spoofing: What’s it all about?]]> https://www.psafe.com/en/blog/spoofing-whats-it-all-about/ Fri, 08 Apr 2022 21:34:50 +0000 https://www.psafe.com/en/blog/?p=21236 We can define spoofing as an act of disguising something: usually a communication or request for action — seemingly from some known and trusted party, inducing the user to interact with the (unknown) source. It can occur on a somewhat superficial level, such as emails and messages, or through more technical means: such as DNS and IP spoofing.

In practice, spoofing is used by hackers to achieve numerous goals, such as getting sensitive information from their targets, or gaining access to restricted digital environments from which they can launch additional attacks (such as ransomware) — and much more.

How does spoofing work?

It is possible to commit a wide variety of crimes by using information obtained through spoofing activities. Just imagine what a hacker or cybercriminal might do if they’re able to convincingly impersonate a company or another person.

A well-engineered spoof can take over the domain of an email or website to approach a possible victim, or gain access to internet protocols or IP addresses (which act as an identifier for computers connected to the network). Thus, it’s possible to have access to a person’s applications, get hold of their confidential data (whether personal or banking), and a spoofer can even send messages on their behalf.

This type of scam is not new, but its methods and purposes vary and increase every day.

What are the dangers of a spoofing attack?

With the possession of sensitive data, criminals can carry out a series of financial transactions using the spoofing victim’s name. Sometimes this transaction can be done with the leaked credit card details, and sometimes they can impersonate the victim in order to get credit, money from people they know, or make debts on their behalf.

A spoofer can also monitor your activities, gain access to messages sent from your device, and even sell the data they obtain to other companies.

What are the types of spoofing?

Now that you know what spoofing is, it is important to understand that this type of attack can take many forms, from the simple to the complex. Here are a few of the main forms spoofing can take:

email spoofing

Probably the most typical model occurs when an attacker uses an email to trick the recipient into thinking the message came from a trusted source. Typically, this is done in one of two ways: by removing the sender field (so that it is not possible to know who sent it), or by disguising known addresses from unknown senders.

For example, a lowercase “l” and an uppercase “I” are practically impossible to identify in a sender’s address. This type of message can also be sent via SMS (known as “smishing”), or through social media messages and other channels.

spoofing website

Website spoofing occurs when an attacker uses elements of a known page to create a similar or virtually identical copy, often displayed within a context that makes sense.

The idea is for the victim to put their information into the impostor website so that it is intercepted by the attacker.

IP Spoofing

IP spoofing is one of the more sophisticated attacks, looking to mimic a more technical point. It’s probably a type of attack that the user’s rarely even see, as the goal is to trick the system itself.

For example, a network can be configured to authenticate users according to their IP address. If the attacker manages to disguise the IP and trick you, their access is easily granted.

DNS Spoofing

The idea of ​​DNS spoofing is similar to the previous one. As you may well know, DNS (Domain Name Server) is a system that helps you translate website addresses into IPs. With DNS spoofing, attackers are able to trick the system and redirect traffic to an IP they control.

A simple metaphor can make this example clearer: just imagine that DNS are the signs on the streets, which indicate where a driver needs to go. With spoofing, a criminal “swaps” the street signs, with the aim of taking drivers wherever they want.

Facial Spoofing

This is a different strand of spoofing, with a similar principle. More and more, facial recognition models are becoming popular (to unlock smartphones, for example). For this approach, it’s common for hackers to use photos or videos of the person, with the aim of tricking the system and pretending that they are indeed there.

Good artificial intelligence may offer protection here, because it will be able to identify whether a person is trying to access that system or not.

Spoofing on social networks

Telegram, WhatsApp, Instagram and any other online service of the same category can also be used as a vehicle for spoofing.

In these cases, the victim has their account hacked, and cybercriminals use their profile or account to contact friends or family. Generally, these people simulate some emergency situation to ask for money, or they’ll announce products for sale (at extremely low prices) — but the products don’t even exist.

Telephone spoofing

Telephone spoofing calls can happen when someone impersonates a company or an institution over the phone. This usually happens through a service called Voice over Internet Protocol (VoIP), which is used to transmit online calls and spoof the number or name to be displayed on the caller ID.

So be suspicious when your cell phone shows a call with a certain name, but from some number or locale you don’t recognize

How can you detect spoofing?

Detecting spoofing yourself is possible, but as we’ve noted, it’s not necessarily easy. 

However, there are some signs that can help identify this type of attack.

Look for English and grammar errors in messages. These can be more serious grammatical errors, such as wrong words, or more subtle, such as certain inconsistencies or strange structures. 

Make it a habit to always check the links you are clicking or the email address of senders. Look for any unusual changes, however small. Look closely and compare the domain if you can. 

On smartphones, you can place your finger on links for a few seconds, so that a preview window of the content opens, as well as the link;

Note if your browser does not automatically fill in your information (if it usually does) Especially on a site you visit frequently, this may be an indication that you are on a spoof site instead.

Confidential information such as credit card numbers, passwords should only be shared on secure and encrypted sites using HTTPS at the beginning of the URL.

If an email looks sketchy, do a Google search for the content of the email itself. If it’s a known scam, it will likely turn up. 

Use the dfndr lab link checker. This is a free tool that tells you in a few seconds if a link is trustworthy or not.

How to protect yourself from spoofing?

Even if you follow all the tips above, protecting yourself can be hard to do. The big problem is that most folks won’t be able to closely observe all these details and stay aware on a daily basis.  And this is exactly what hackers count on.

Imagine someone who is going through an extremely busy day, doing a thousand things at once, who receives an email with these subtle changes. The chance of the person stopping to look and detect these errors is small. Hackers know that it is virtually impossible to be alert 100% of the time.

Of course, it’s best not to click on unfamiliar links or attachments coming from emails you’re not sure where they came from. However, as we mentioned throughout the post, the purpose of spoofing is precisely to disguise these attacks as something familiar and reliable.

Another big problem with modern companies is underestimating hackers. Attacks are no longer made by a single person wearing a hood, in a dark basement. There’s a lot of strategy and sometimes large organizations behind these hacks, resulting in attacks that are extremely sophisticated and very difficult to identify, as we have discussed in the examples above.

One option is to avoid clicking on direct links. For example, if you receive an email, an SMS (Short Message Service) or a call from your bank notifying you of a problem, avoid clicking on the link. Access the direct website or the app to confirm the information.

In cases involving social media intrusions or phone line cloning, it is important to be cautious when opting for two-step verification. Several applications already provide this option in their menu to enhance your security.

By creating extra phases for your login in communication apps, a spoofer will not have access to your message history (even if they have access to the confirmation code needed to login) and will certainly find it more difficult to hack your account.

Finally, it’s important to use some security solution (like dfndr enterprise) on your computer to make sure that the pages you access really are trustworthy. A software based on artificial intelligence will have more resources available to assess the security of your network, block potential threats, and protect your device before it becomes the target of an attack.

Did you learn something from this post? Now that you know what spoofing is and how to protect yourself from it, take the opportunity to subscribe to our newsletter. 

Then you’ll have access to more first-hand safety tips, right in your email!

]]>
<![CDATA[Pharming: Phishing’s Nasty Big Brother]]> https://www.psafe.com/en/blog/pharming-phishings-nasty-big-brother/ Tue, 08 Mar 2022 17:31:21 +0000 https://www.psafe.com/en/blog/?p=21190 Pharming is somewhat less familiar than the term “phishing,” but both are methods employed by hackers to perpetrate fraud and gain illegal access to your private information. 

The ph prefix means that both are…well…phake.

But despite the cute names, the damage that can be wrought with either method is considerable. Identity Theft is the end game for many of these swindles, and as you may know, the long tail effects of ID theft can be personally devastating (and if you’ve never really experienced or read-about just how hard ID Theft can be for individuals, we highly recommend reading through that linked article. Not fun, but essential information).

While phishing attacks are made through phishy emails, pharming is the term applied when the hacker sets a trap in the form of a malevolent website: frequently, an impostor-site posing as a well-known and trusted company site. 

Pharming: Individual User Attacks

Phishing and pharming often go together – and the phishy email lures a single user to a malicious website, where the user enters their private information and the pharmer makes off with it, using it later to sow havoc by deploying it on the real site.  

Sometimes these sites are simply set up like traps on the web – you may have encountered one or more of these by simply misspelling the name of a popular site. The result may be a jarringly different site than what you expected. 

In truth these situations are relatively easy to avoid.  But sometimes the site you’re delivered to can be very close to what you expected, and that’s where real pharming trouble can begin.

Malware can drive pharming too – redirecting you to the substitute site without your awareness or permission. It’s important to remember that hackers are increasingly fond of using techniques of misdirection. You may inherit malware through a new app you download, but the consequences arrive later, when you first log on to your bank-site or try to pay your credit card bill, and the malware takes you to an impostor site to steal that information from you.

DNS Switching  

DNS switching takes the whole pharming idea to a more dangerous height. Whereas the malware or phishing-driven pharming operates at an individual user level, DNS Switching redirects all traffic to a given website to a pharmed-out impostor. 

The malware works within the DNS server and redirects requests to reach the authentic site to the pharming site. These more sophisticated attacks often involve more sophisticated fakery, and the pharming sites can be very convincing.

How To Protect Yourself, Down on The Pharm

As always, there are a few different layers of protection you can enlist to keep yourself from pharming — and the more of them you employ, the safer you’ll be:

Mindset: Your mindset as a user is one of the best defenses you have against hackers. Remember that hackers are fond of using social engineering – which some might refer to as “good old psychology” — to lure users into interactions with iffy emails, sketchy sites, and strange-people on well-known platforms. Keep your guard up, and if somebody, something, or some site asks you for information that your bank or health club or grocery-delivery (etc.) already should have, let that alarm bell go off loudly in your head. Then take three giant steps away from your keyboard. 

If your spider-sense has even an inkling that an email from a friend or a site isn’t the real deal: slow down and check it out. In general: try not to confer the trust you have in a person or company onto any representation made for them on the web. The web is…the web. And it should always be treated with caution.

Unprotected?: Public, unsecured wifi networks really are the devil’s playground.

The upshot is that public networks have chinks in their armour, and hackers use those chinks to “eavesdrop” on your conversations. Information they steal through this technical kind of listening can lead to direct attacks, or…down the road, a phishing or pharming attack tailored just for you. 

S matters: There’s a big difference between http:// and https:// — the difference is that “s,” which stands for secure. When you see the full https://, it means that information on both ends of the website transaction is encrypted and secure. When you don’t – that may not be the case. This is such a widely accepted standard now that the absence of that s should put you on high alert.  

Phishy?: If it looks or sounds phishy, it probably is. It might also be pharmy. Here’s an example of what we mean: in one of the biggest pharming attacks ever launched, a DNS Switching attack on more than 50 financial institutions, the affected users were presented with an error screen that asked them to switch off their anti-malware and any firewall protection they might be running. Many users simply complied, and provided access to the pharming malware to do the rest of the work. 

This obviously relates to our mindset discussion as well, but we wanted to emphasize that even very sophisticated pharming attacks will sometimes rely on users turning off systems of defense: whether it be their own mindset, or settings in place on their computer designed to protect them!

Speaking of Defense…  

Of course one of the essential bits of protective equipment is a good security software solution. dfndr Pro provides several excellent tools to help you protect not only your private information but your physical phone as well. Having that combination of protections is important. 

Pro also offers a Safe App function that enables you to screen any app you might want to try before downloading it, and that can be an excellent first line of protection from malware of all types – including those that are designed expressly to uh, ”take you down on the pharm.” 

With your mindset on high-alert, and your phone protected with a well-designed, and multi-layered security capability, you can move about confidently. Just be careful out there, and try not to get any mud on your shoes!

 

]]>
<![CDATA[Are Your Apps Leaking Data? How To Know and What To Do]]> https://www.psafe.com/en/blog/are-your-apps-leaking-data-how-to-know-and-what-to-do/ Mon, 17 Jan 2022 19:06:47 +0000 https://www.psafe.com/en/blog/?p=21151 One of the ways we make our world more convenient these days is by loading apps from platforms, services, and companies we buy from or consult frequently. Most companies have invested in their apps to make them more useful, and also invested in promoting those apps to us, with special deals or promotions. 

But the sense of ease and security we have when dealing with the teller at our local bank, or flying on our favorite airline, may not serve us well when we use an app provided by a company we know well “IRL” (in real life). 

“The widespread development of apps by businesses is not only good for marketing and sales,” remarks Emilio Simoni, Director of Research at PSafe’s dfndr lab, “but it also feeds a billion dollar business in re-use of your data.”

Data Means Dollars

Modern day operating systems for both iOs and Android provide some mechanisms for you to limit the way apps can track your behavior across the web, but these only offer limited protection. “The data you use in everyday interactions with these apps is of tremendous interest to hackers,” Simoni observes,  “and data breaches for some of the world’s biggest and most respected companies have become almost commonplace.” 

Leaked data is commonly resold or accessed on the dark web, and once procured, it can be used in a variety of ways. It’s fairly common for leaked data to be used to fuel scams that entice users to expose even more information, or, to provide direct access to financial levers.

“What users need,” Simoni explains, “is the means to see the whole picture for their apps and the data they use.  This is what we provide with dfndr security Pro: a Privacy Scan, which gives users the ability to see, in one place, a complete picture of how apps are using and sharing your data – whether voluntarily, or through leaks.”  

Here’s what that complete picture shows:

  • The data and access permissions you have granted for each app
  • Where each app sends the data it collects
  • A data breach history for each app (more than one breach is not unusual).
  • Apps you have installed that may be malicious or known to pose risks 

Obviously the first thing you can do with this information is to make judgments about which apps you want to keep – but it may also help guide you to further steps, like changing passwords, or changing settings on the app. It can also give you important information for staying aware of likely hacks or doing further research to determine precisely what sort of personal data may have been compromised.

“Getting this comprehensive picture is really the best way to see context and to stay alert and ahead of the game,” Simoni says.

Before You Load Apps

PSafe’s dfndr security Pro also includes a feature called Safe App, which enables you to evaluate apps before you load them on your phone. Safe App tells you if an app is known to be malicious, or if it has previously been breached. 

Try PSafe dfndr security for Free

The easiest way to see how both Safe App and Privacy Scans work is to try dfndr security for yourself. You can start with the Free Version of the app, which will help you manage your phone’s memory, storage, and battery power – and also give you some good basic security capabilities like a URL checker and an Antivirus App scan.

Add dfndr security Pro. and you’ll be able to do a quick Privacy Scan and see where you stand, and you can check any new apps you want to install with Safe App. You’ll also get Anti Theft functionality to locate your phone (and protect your data) if it’s stolen. 

Use this link to learn more and try out the free version of PSafe’s dfndr security.

Stay Alert

“The capabilities a good security app can provide offers essential protection,” Emilio Simoni emphasizes, “but staying alert ourselves is another key element of our overall defense.”

In addition to procuring and using a proven security solution like dfndr security Pro, Simoni suggests the following “data hygiene” habits for users:

Strong Passwords: Use a password manager and make sure you never use the same password for more than one account. 

Take Care With Social Media: Many social media accounts these days, asking questions and offering quizzes, are simply storing and selling clues to hackers. 

Beware of Phishing: Hackers are certainly not above using news about data leaks as an occasion for reaching out to defraud users. For any communications you receive about data, passwords, accounts, or any transactions you’ve made (or pines you haven’t!) — always double check the source.  

“With a good security app and the conscientious use of privacy ‘best practices,’ your use of apps can provide the convenience and ease you’ve come to expect from them,’ Simoni concludes. “We’ll continue to research viruses and hackers methods to make sure we’re doing our part to maintain our interesting-leading solutions.”

]]>
<![CDATA[Joker Malware is Back (And It’s No Joke)]]> https://www.psafe.com/en/blog/joker-malware-is-back-and-its-no-joke/ Mon, 20 Sep 2021 22:17:38 +0000 https://www.psafe.com/en/blog/?p=20978 Old malware never dies — it just morphs into something more devious and dangerous — and this pattern is playing out with “Joker” malware, which was first identified in 2016. In 2021, it’s back and more diverse and devious than ever.

During the past few months, Joker has become one of the most active Android malware infections. Joker rides on the coat-tails of seemingly legitimate apps, then covertly signs up users for pricey subscription services. It can also steal SMS messages, contact lists, and device information. 

Joker variations seem to arrive in batches, with a fresh batch leeching onto dozens of apps as recently as September. 

Joker Infiltrates The App Store

“One of the best ways to avoid malware and trojan apps is to use Google’s sanctioned app store,” says Emilio Simoni, PSafe’s dfndr lab Research Director, “but unfortunately, Joker has managed to disguise itself and mutate so profusely, that it has found its way on to several apps within the official Google Play marketplace. Of course third party app stores are also offering Joker-tainted apps — so the best protection is going to be a strong security app that sniffs out malware-tainted apps immediately, like our dfndr security Pro.”

Google removes the offending apps as soon as they’re reported — but the high rate of variation and concealment with this particular trojan keeps bringing new specimens on board.

Delay Tactics

“Part of what makes Joker so effective is that it waits to take effect,” Simoni remarks. “After the trojan-app is downloaded (many of these are knockoffs of better-known apps) it waits to drop a very small packet of code, it then reaches out to the server that loads the malware that does all the dirty work.” 

What Can You Do To Stay Safe?

Good hygiene with your digital devices includes:

  • Installing only the apps that you need and use. Loading up your device with as many apps as you can imagine using is a hazardous path. 
  • Being wary. Look for apps from developers you know and trust.  Do a little background checking and make sure that cool new app is coming from a known and trusted provider.
  • Cleaning house periodically. To keep the number of apps you use to a minimum, do a periodic review of the apps on your phone and delete the ones you’re not using. 

“Good security habits are always the first step,” Simoni observes, “but we can see that with truly devious malware like Joker, personal vigilance may not be enough.  When a piece of malware is mutating on a monthly basis, you need a dedicated security solution to help keep you safe.” 

The Best Defense Begins BEFORE Dangerous Apps Are Downloaded

An excellent way to protect yourself is to use a security application like dfndr security Pro, which has a dedicated Safe App Installer that can tell you if the app you’re about to install has been identified as malware.  This is exactly what the Safe App Installer does: it AUTOMATICALLY protects you from malware and apps known to compromise your data — before you even install them.

More Protection for Your Digital Life

Safe App Installer is only one of the key features dfndr security Pro offers.  It also comes with a full suite of security capabilities that can protect you not only from digital threats, but from thieves “IRL” as well.

Beyond Safe App, there are four additional features dfndr security Pro offers to protect you and make your digital life easier:

Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Privacy Protection: You can locate on a map where your app data is going and how it might be used by third-parties.

Unlimited Identity Theft Reports: These reports provide “perimeter defense,”looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 10 billion compromised credentials. 

Ad-Free: As an extra bonus, Pro is totally ad-free.

Get The Protection You Need Today

Click here to download dfndr security and free trial dfndr security Pro to put all of these features to work securing your phone, your data, and your digital life. dfndr security Pro offers a full suite of protection, constantly updated, to make sure “you’re safe out there.”

]]>
<![CDATA[Have you already been the victim of a data leak?]]> https://www.psafe.com/en/blog/have-you-already-been-the-victim-of-a-data-leak/ Thu, 09 Sep 2021 18:41:43 +0000 https://www.psafe.com/en/blog/?p=21122 Here’s what you need to know…and do.

Data breaches — even among major platforms and providers — are becoming an almost daily occurrence. With so much of our life and business being carried out online, and the multitude of devices and platforms we use to work, shop, and play, the “attack surface” for hackers grows (much) larger every minute. Even the biggest and best-run companies and platforms have become favorite targets for hackers. So much so, that attacks on well-known companies and platforms have become almost commonplace. 

“There’s a double danger in data leaks becoming so common,” says Emilio Simonis, Research Director at PSafe’s dfndr lab. “First, of course, are the attacks themselves — but as they become more ubiquitous, many people start to take them for granted, and assume they pose only modest personal danger.” Significant lag time between the breach-event itself, and subsequent criminal action on the part of hackers, also contributes to the lack of decisive response. “Hackers are very patient — they know many victims won’t take immediate action to protect themselves,” Simoni remarks, “and they use that aspect of human nature to their advantage.”

Try dfndr security today, it will help you secure your phone and protect your data from hackers and malware of all kinds.

How do breaches happen?

Just as hackers use their knowledge of human nature to design their scams, they also rely on human error to create openings they need to get at private data. Poor passwords and weak credentialing processes are probably the most common source of breaches, and lost or stolen (and unprotected) laptops and drives also contribute. 

Phishing scams, enticing recipients to give up data voluntarily, have never flagged in popularity. Malware is also a common method, and is often combined with phishing techniques to get at personal and financial data stores. “Increasingly, these attacks are targeted at corporate assets, so employees must remain vigilant,” Simoni warns, “especially now, as so many people are using devices from their home to connect to work.” 

Malware and ransomware have become a more favored method as many users have become used to “shopping by downloading” — trying out free versions of new software solutions before deciding if they want to keep a new app or game. Malware often asks for extensive permissions, then quietly works behind the scenes with the permissions it has accrued, logging data and  building up significant data-leverage, before shipping that information payload off, or using it to launch further attacks on the user.

External, code-driven attacks are also growing more common than ever. Often called “brute force attacks,” these are now guided by increasingly sophisticated artificial intelligence, and very powerful computers, to crack weaker protections.

What information do they target?

Hackers have a wide-open market for the information they steal, and generally they’re after Personal Identification Information that most individuals and companies (and laws) seek to protect. Of course they also seek information like bank and credit card account information that gives them immediate financial leverage. The worst nightmare for individuals is when a hacker is able to transact business as their victim through identity theft. Identity theft can be very complicated to undo, and the process of undoing the damage wrought by an identity theft can be protracted and painful. “Hackers are keenly aware of the leverage that personal identifying information gives them,” Simoni cautions, “they know how to make the most of it, and rarely show any restraint once they have the upper hand.” 

What can you do?

Major breaches are on the rise and show no signs of tailing off. That’s the bad news.  “The good news,” Simoni observes, “is that protecting yourself is still something that you have a lot of control over individually.. It’s something you can do well with some simple habits and tools.“

“We recommend taking three fundamental precautions to all of our customers,” says Simoni. “Make sure you adopt best-practices for your passwords, use two-factor-authentication whenever you can, and use a solution like dfndr security Pro for immediate notice if your personal data has been accessed outside of your control. Our Pro solution also scans new apps to prevent malware attacks.”

“Your phone itself can also be a target,” Simoni advises, “which is why dfndr security Pro has the capability to shut your phone down for use, and show you its location, in case of theft. ”

Best practices for passwords include the following: 

  • Never use the same password for more than one site. 
  • Make sure that your passwords are kept up to date on every site, and change them immediately whenever you’ve been notified of a breach. 


The Big Benefits of Two-Factor Authentication 

Most financial and major social sites now offer two-factor authentication (usually with an option to send a code via-text to your phone).  Use these protocols whenever they’re available, as they greatly reduce the capability of hackers to break through.

Breaches are occurring with disturbing frequency, so the best way to stay ahead of the hackers is to have immediate notification of leaks with your personal data at any time. dfndr security Pro offers free unlimited ID theft checks, which can give you the flexibility and insight you need.

As noted, dfndr security Pro also has other important safety features, like a Safe App Scanner to protect you from malicious (data stealing) apps, and Anti-Theft features that help you locate and control your mobile device if it gets lost or stolen. 

With dfndr security installed on your phone, you will have more protection, so you can test it now if you like. Click here if you want dfndr security for free.

]]>
<![CDATA[More fake apps are causing real losses]]> https://www.psafe.com/en/blog/more-fake-apps-are-causing-real-losses/ Thu, 01 Jul 2021 02:23:13 +0000 https://www.psafe.com/en/blog/?p=21079 Rogue apps remain the biggest security threat for mobile phone users, with hundreds of thousands of new malware apps being generated on a daily basis. Malicious apps are not only abundant, but also especially devious and greedy when it comes to stealing and using your personal data.

Phones are a prime target

“Hackers target smartphones because they are so rich with data,” advises Emilio Simoni, Research Director at the dfndr lab, “our lives are tied to our phones in so many ways: our work, our families, our buying habits, our financial tools, and of course we’re physically tied to them as well.” Simoni continues: “With accelerometer and GPS functions becoming standard “always on” functions, our phones literally follow our every move.”

What are the risks?

The variety of uses made of personal data are almost as numerous as the types of malicious apps generated. Many apps simply steal personal information and resell it to companies who are eager to gobble up masses of personal data. Browser histories, GPS information, accelerometer data, and network information can be gathered and exported without your permission when an app has been given (or taken) the right permissions. Of course, logins, personal security and financial information can also be more directly leveraged. Ransomware is another common technique, where an app locks up a phone and demands payment to release it back to the user. 

“We see increasingly sophisticated scams taking place,” Simoni warns, “where gathering data is simply the first step in the process. This information then used to leverage the subject or to perpetrate fraud or crimes involving phishing or identity theft.”

Simoni concludes: “The costs can be significant,” which is why you have to protect yourself — both with knowledge, and with a good software solution.”

How to identify malicious apps?

This is getting harder to do all the time, as hackers have become more sophisticated — which is why we suggest employing a software solution like dfndr security pro. (dfndr security, in premium version, features a SafeApp checking function designed expressly for this purpose). But your own wary eye can also provide a first-line of defense. 

Here are a few key guidelines:

  • Get your apps from a reputable source. Google’s Play Store isn’t able to immediately catch every malicious app that comes down the pike: but they are on the lookout, and apps that are offered to you through alternative channels are much more likely to be malicious.
  • Check permissions. If a simple app is asking for a lengthy list of permissions, you may be signing up for more than you bargained for.
  • Find out who made the app. Check to see the developer’s name and click on the link to their page and all their other apps. Does everything look legitimate? Or are the apps sketchy and the presentation of their features incomplete?
  • Google it. Find out what you can find out about the developer. You may find a conversation already underway that can save you a heap of trouble!
  • Examine their language. Does the developer sound like they wrote their description while thinking about something else — like maybe the next malicious app they’re going to create? Not a good sign. In fact, a common sign that you’re dealing with malicious software.

Use a reputable security app, like dfndr security 

“We would recommend that everyone employ a good security app on their devices these days, especially their mobile phones,” Emilio Simoni urges, “the risks are just too numerous and the potential losses can be steep.” 

However, the good news is that a focused security capability can spot malicious apps with great accuracy and reliability. dfndr security Pro offers a Safe App feature, which checks-for, and warns you about malicious code, before you download any application. It also provides historical insight — warning you if the app has had its data breached and leaked to unauthorized users. “Our team is on the case around the clock, making sure our security solutions are the most complete on the market,” Simoni concludes: “it’s the kind of job you definitely want to entrust to experts!”

What to do if you have downloaded a mailicious app?

The free version of dfndr security offers a full antivirus capability that can remove viruses from your phone. This version also enables you to schedule an auto virus-scan to run periodically, which will search-for and identify any new digital threats.

Prevention is the best way to go, and that’s why we encourage you to get a good security solution for your devices as soon as possible.

More about dfndr security

dfndr security is a free app that can help you manage the storage, battery life, and wifi security of your digital device, while also offering protection via a url checker, and anti hacker and phishing protections. You can try dfndr security PRO for 3-days free, and upgrade if you like the protection it provides. dfndr security Pro offers:

Safe App installer — checks for malicious apps before you install them

Identity Theft Reports — So you know if your online credentials have leaked

App Privacy Protection — Offers notifications about issues with apps you’re using; app data breaches, permissions you’ve granted to various apps, and info about where your data may be used.

Anti-Theft Protection — Protects your phone from thieves with an alarm, remote lock-out, and a picture of the thief.

dfndr security Pro is a full suite of protection for users who recognize that they must take an active role in their own digital security.

You can download dfndr security Pro and start your free trial right away.

]]>
<![CDATA[As Schools Go Online, Cyberattacks Are On The Rise]]> https://www.psafe.com/en/blog/as-schools-go-online-cyberattacks-are-on-the-rise/ Wed, 30 Jun 2021 22:17:32 +0000 https://www.psafe.com/en/blog/?p=20968 The continued fallout from coronavirus in online environments has begun to trend upward in an environment that poses serious risks to both hosts and users: online schooling. Schools, parents, and students need to take care, and take steps to protect themselves.

Source: Checkpoint Research

The figure above, from Checkpoint Research, shows a significant ramp-up (and spike) in Cyberattacks as pupils returned to remote classes, held via online meeting platforms and tools. Worth noting in this figure is the fact that this sector has always been more vulnerable to attack, but is even more so now.

“The urgency of the situation and the speed with which schools needed to make online learning avaccommodations is a kind of perfect storm for hackers and cyber criminals,” explains Emilio Simoni, director at the dfndr lab. “The numbers and the activity convincingly demonstrate that security can’t be taken for granted, or arranged last minute,” Simoni adds.

The range of methods used to attack educational institutions is similar to the kinds of attacks seen in the general population: phishing, ransomware, and malicious apps are all in play — along with the “Zoombombs” receiving more exposure and attention. 

If you haven’t heard: Zoombombs are unwanted take-overs of hosted meeting sessions by hackers. Note that the Zoom app is not especially vulnerable — but its widespread popularity as a meeting-host service has simply caused the name to be associated with the phenomenon. Distributed denial of service attacks (DDOS) are also common. These are purposeful efforts to overwhelm the capacity of a given connection or platform, and frequently they’re the “blunt weapon” of choice for ransom-motivated attacks.

“Of course institutions need to take steps to protect themselves with enterprise grade security solutions,” Simoni notes, “but teachers and student families have to be wary as well.”  Adds Simoni: “If you’re attending classes through a digital connection at home or on-the-go, you will want to have a personal solution you can rely on.”

For these purposes, dfndr security PRO offers a full suite of  capabilities, including:

Anti Hacking Protection: Anti-hacking protects users from malicious URLs and phishing sites. It also blocks scams directly on the SMS app, web browsers and messaging apps (WhatsApp and Facebook Messenger).

Safe App Installer: Lets you know if an app is safe — before you install it.

Wi Fi Theft Protection: Protect you WiFi connection and immediately be notified if anyone is trying to intrude upon or hijack you wifi connection.

App Privacy Scan: Know which installed apps on your device are malicious, or have already been victim of leaks. Also easily see the permissions granted for each app, and where they send data they collect from you.

You can use this link to learn more about dfndr security, and also consider upgrading to our PRO offering. You’ll be glad to know that Anti-Hacking comes with the free version of our solution.

With governmental funding for improved education-institutional security defenses still up in the air, the necessity for students and families to protect themselves is keener than ever.  

We’ll keep you posted on any specific / large-scale attacks, but for now, a good security solution should be considered a requirement for any online student family.

LEARN MORE BY TRYING OUT OUR APP: You’ll get Anti-Hacking protection and be able to see anyone who is priating your WiFi signal with our free dfndr security program. You can download it for free here, and try it out yourself!

Instale o dfndr security.Instale o dfndr security.

]]>
<![CDATA[Leaks and Breaches: The What, How… and Why You Must Protect Yourself!]]> https://www.psafe.com/en/blog/leaks-and-breaches-the-what-how-and-why-you-must-protect-yourself/ Wed, 30 Jun 2021 17:57:32 +0000 https://www.psafe.com/en/blog/?p=20992 You read about them in the news, or — you receive notices about them in the mail or on your everyday personal social feed. And no, it’s not just you: they’re happening more often, and getting more brazen and serious all the time. Large scale data breaches, leaks, and hacking attacks occur multiple times each day. Estimates for major (large-scale, corporate) data leaks ran upwards of 2000 in 2021 — and of course smaller-scale hacks aimed at private users are happening far more often — think more along the lines of 2000 attacks per day.

Leaks can be caused in a wide variety of ways.” Emilio Simoni, Director of Cybersecurity at PSafe’s dfndr lab, notes: “However, the usual result of a breach is that the stolen data is put to use for financial gain or leverage.” 

Common methods of using data for financial gain:

  • Stolen financial-information (like credit card or bank numbers) can immediately yield goods or dollars, and they’re often used quickly to do just that — but, Simoni notes: “Not always immediately, and not always in noticeably large amounts.”
  • Stolen passwords and personal data are used as keys or leverage to gain financial information, or to apply ransoms; 
  • Hijacked / Frozen technology offers another means for criminals to get leverage and ransoms: hackers “lock-out” hard drives or create denials of service for networks from which users must “buy” their way out
  • Stolen email, phone numbers, and social ids are regularly used for scams that prey on the unsuspecting, and often, on the good-natured and helpful — targeting the person and known vulnerabilities of human nature.
  • Identity theft — the use of detailed personal information to open new credit accounts and / or steal from established accounts. 

 

Practically speaking, leaks occur in a variety of ways — some quite technical, and some not very technical at all:

  • Credentials that are stolen or insecure: As noted above, credentials can sometimes be the treasure that gets robbed, and leveraged later. Of course, they can also provide the path in for the thieves. The number of data breaches caused by weak passwords, like passwords or last names or birth dates is…way too many!
  • Unhappy (or careless) employees: Both can be devastating, and as you might guess, in corporate settings there are usually plenty of both. This is why companies have to plan for the possibility that their personnel can go rogue..or just inattentive. No good security policy relies entirely on the integrity and personal conduct of human resources — but unfortunately, far too many do.
  • Vulnerable softwares: Commercial and enterprise software is designed to be safe — but hackers are ever watchful, and tirelessly work to find and exploit software vulnerabilities. 
  • Real world vulnerabilities: Hard drives and devices of every kind are smaller than ever, hold more information than ever, and they’re more portable than ever: that means physical compromises and seizures are an increasing threat.

Yes, you’re at risk. But here’s how you can protect yourself.

Good “hygiene” with your digital devices means committing to the following:

First, make sure you use strong passwords — and use only one password for each app or site that requires one.  Stay vigilant, and if a site or app is compromised, change your password immediately!

Next, try to install only the apps that you really need and use. Loading up your device with three or four apps for every purpose is a dodgy game. Whenever in doubt, go with a leader in the space, or look for apps from developers you already know and trust.  Do a little background checking and make sure that cool new app is coming from a known and trusted provider.

Finally, make sure you have a full-spectrum security solution on your devices:

An excellent way to protect yourself is to use a security application like dfndr security Pro, which covers your data and your device. 

For app security, dfndr security Pro features a dedicated Safe App Installer that can tell you if the app you’re about to install has been identified as malware.  This is exactly what the Safe App Installer does: it AUTOMATICALLY protects you from malware and apps known to compromise your data — before you even install them.

There are four additional features dfndr security Pro offers to protect you:

Anti-theft protection: This feature protects against physical loss that (frequently) also leads to data loss: in case of theft or loss of your device, you can lock it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Unlimited Identity Theft Reports: These reports provide “perimeter defense,” looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials. 

Ad-Free: As an extra bonus, dfndr security Pro is totally ad-free.

Data breaches will continue to occur on both the large and small scale. As Emilio Simoni remarks: “Unfortunately, hackers never take the day off. That’s why our software doesn’t either.” We hope you’ll consider dfndr Pro as your best line of defense to protect your devices and personal data. 

Get The Protection You Need Today

Click here to try dfndr security and put all of these features to work securing your phone, your data, and your digital life. dfndr security offers a full suite of protection, constantly updated, to make sure “you’re safe out there.”

]]>
<![CDATA[What is Your Personal Data? And How To Know Where It Goes]]> https://www.psafe.com/en/blog/what-is-your-personal-data-and-how-to-know-where-it-goes/ Mon, 28 Jun 2021 13:43:53 +0000 https://www.psafe.com/en/blog/?p=21033 Headlines about data leaks and unauthorized sharing of personal data continue to  proliferate, with the Cambridge Analytics case making waves that are still spreading throughout the world. Yet as of now, there is no Federal law in the US with a similar scope and sweep to the EU’s GDPR (General Data Protection Regulation). California’s Consumer Privacy Act comes closest at the state level, but that doesn’t provide a lot of reassurance to those of us who don’t live in the Golden State.

However, given that there are data breach laws in all 50 states, and good data protection products like dfndr security Pro available, there are a few important ways to get a better grip on your personal data, and keep yours protected. At PSafe, we believe in, and advocate for your rights regarding control of your private, personal data, and our products are designed to help you know who might be using your data, and where that data goes, as the world moves toward a better overall framework of personal data rights. Our Research Director at PSafe’s dfndr lab, Emilio Simoni offers perspective: “At PSafe, we strongly advocate for comprehensive data rights legislation, but in the meantime, we urge our customers to be vigilant, and use the tools we make available to make good decisions about their online interactions – and be aware of the ways these interactions shape the distribution, exposure, and use of their personal data.” 

Before we talk about those capabilities, we want to take a moment to more fully understand what is meant by the term personal data.

Foundations: What Is Personal Data?

“At the most fundamental level,” Simoni explains, “your personal data is any data that can be attached directly and uniquely to you. However, there are some subtleties involved that are worth discussing, to get a more nuanced understanding.”

A simple example of personal data would be your Social Security number, birthdate, or full name. Your credit card and bank account numbers are also clearly personal and private. But there are also pieces of data that have a “double” character: when you shop online, the items you buy are personal information, but they also have a public aspect: the retailer who sells them to you must replenish their stock after all, so they of course track the items and maintain their inventory.

Your Consumer Data

What has expanded greatly in the age of internet commerce however, is information that connects you to your buying (and browsing) habits. What do you buy when shopping online? What do you watch on streaming TV? What websites do you browse? What games do you play? Sellers of services and products, and advertisers, are highly interested in all of those things about you, and this is the area being navigated now by privacy laws and existing or developing data rights legislation. At pSafe, our position is simple: you should have control of where data of this kind is collected, who sees it, and how they use it.

dfndr security Pro offers Privacy Protection 

dfndr security Pro plan enables users with knowledge. Our App Privacy Scan provides four key pieces of information that we see as essential for today’s digital environment.” Check these capabilities as follows:

  1. Knowing if apps you are using are known to be malicious.
  2. Seeing if any of your apps have suffered data breaches.
  3. Being able to easily see the information permissions you have granted for any app.
  4. Seeing (on a global map) where app information is being sent or used.

“These fundamentals are each interesting in and of themselves, but they combine to help users truly get a grasp of how their interactions with various applications affect their personal data,” Simoni concludes.

How Can You Get This Protection ?

 

dfndr security is a free app that can help you manage the storage, battery life, and wifi security of your digital device, while also offering protection via a url checker, and anti hacker and phishing protections. You can try dfndr security PRO for 3-day free, and upgrade if you like the protection it provides.

dfndr security Pro offers:

Identity Theft Reports — So you know if your online credentials have leaked

Safe App installer — checks for malicious apps before you install them

App Privacy Protection — Offers the four protections mentioned above: notifications about issues with apps you’re using; app data breaches, permissions you’ve granted to various apps, and info about where your data may be used.

Anti-Theft Protection — Protects your phone from thieves with an alarm, remote lock-out, and a picture of the thief.

It’s a full suite of protection for users who recognize that they must take an active role in their own digital security.

 You can download dfndr security and start your free trial right away.

 

]]>