protection – PSafe Blog https://www.psafe.com/en/blog Articles and news about Mobile Security, Android, Apps, Social Media and Technology in general. Thu, 19 Jan 2023 14:49:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://www.psafe.com/en/blog/wp-content/uploads/2018/05/cropped-psafe_blog_purple-shield-32x32.png protection – PSafe Blog https://www.psafe.com/en/blog 32 32 <![CDATA[Is Facebook’s New Phishing Tool Effective?]]> https://www.psafe.com/en/blog/is-facebooks-new-phishing-tool-effective/ Mon, 23 Jul 2018 23:00:12 +0000 https://www.psafe.com/en/blog/?p=18789 With phishing scams continuing to rise in volume, Facebook is taking a stand and getting into the hacker fighting game by introducing a new tool that cracks down on malicious look-alike websites. The tool could be useful for stopping you from opening fake websites, but it may not do everything.

Read More: Google Introduces Over 20 New Security Features to Protect Users

You still need a security app on your device to fully protect yourself from phishing scams. Download dfndr security and you can block phishing attempts by activating the anti-hacking feature. With advanced AI built in — this feature can block attacks coming from your web browser, SMS, or chat apps.

Get dfndr security now

The Facebook phishing tool has some advantages, particularly in identifying homograph attacks. Uh, what are those you might ask?  

Homograph Attacks
Some phishing attacks come in the form of a homograph attack. Hackers create websites with domain names that are almost identical to a brand name site, with the sole purpose of fooling someone and getting them to unknowingly input login credentials.

The only way to tell a site is fake is by examining the name of the site. A fake one usually has a letter or a punctuation mark out of place. Unless you’re watching closely, you could easily be fooled. This is where the Facebook tool comes in.

What the Tool Does
Named Certificate Transparency Monitoring, the tool is a Facebook-hosted application that any webpage owner can access for free with a Facebook account. The tool has been around since 2016 but it was recently updated it, allowing webmasters to detect homograph domains that are spoofs of their websites.

Webmasters add their domain to the tool’s dashboard which will scan the public Certificate Transparency (CT) logs. The logs have information about new domains that recently got an SSL certificate. The tool will then warn website owners about fake sites in the CT logs that use a similar name to theirs.

Will the Tool Help You Really?
As someone concerned about your security, the Facebook tool can help you identify phony websites, but in the end, it’s really for domain owners to suss out imposters. While the tool is useful, it will not actively block phishing scams lurking out there.

Once again, it’s wise to take security into your own hands, and have an antivirus app downloaded and ready to be your eyes and ears against hacking attempts.

]]>
<![CDATA[How to Hide Private Files on Your Computer or Smartphone]]> https://www.psafe.com/en/blog/how-to-hide-private-files-on-your-computer-or-smartphone/ Mon, 23 Jul 2018 22:00:15 +0000 https://www.psafe.com/en/blog/?p=18701 Organizing data is sometimes the last thing we want to deal with, but if you have critical financial documents or collections of embarrassing party photos lingering around, these are the types of files you should keep private in case of snoops or hackers (it does happen!). Having a passcode on your device is smart, but it’s not always enough if you share your computer or phone with friends and family. Be even smarter and limit access to your hidden world with the following tips.

Windows
A simple trick for Windows is to merely place your sensitive information within a folder and then mark the folder as ‘hidden,’ which will hide it within the file explorer. To hide a folder, right click on the folder and select the properties option. Once the properties dialogue is open, ensure there is a checkmark next to the hidden label – that’s all there is to this method! When you want to view that hidden folder, simply select the view tab within the file explorer and check the option to display hidden items.

Read More: 3 Private Messenger Apps That’ll Keep It Confidential

MacOS
The process isn’t as easy on Mac and does involve a bit of time in the Terminal application. If you’re unfamiliar with using Terminal, we suggest checking out a quick tutorial first. Start by opening the Terminal app from your Applications folder and navigate to the directory in which your folder is placed. Once you are within the proper directory type the following command, followed by the enter key,’ to hide the folder: “chflags hidden [name of folder].” For example, if we have a folder named ‘photos’ which we want to keep hidden, we would type: “chflags hidden photos.”

Android
Due to the open nature of the Android platform, one of the best options for hiding sensitive data is a third-party solution. One such option is dfndr vault, an app that easily allows you to create a hidden gallery of photos and videos; it even offers a feature known as applock, which can prevent access to certain apps by letting you add a secure passcode. No need to worry anymore about friends snooping around your Tinder profile or co-workers discovering embarrassing snapshots. Android users can also take advantage of dfndr performance, which has a ‘quick cleaner’ feature to remove any private information that might be in your device’s temporary files.

iOS
If you’re an iPhone or iPad user, you can choose to add your private photos or videos to a ‘hidden gallery’ built into the device. Simply visit your Photo app and navigate to the media you wish to hide, once there tap the share button (the square with the upward facing arrow), and select hide from the menu. The photo you just chose to hide will no longer be viewable from the main camera roll or any of the adjacent photo features. To view the private collection, head to your albums and locate the folder named Hidden. Sadly this option won’t keep the most curious of individuals out, but it will prevent any private images from popping up while scrolling through your camera roll.

]]>
<![CDATA[The Equifax Breach Might Have Compromised Your U.S. Passport]]> https://www.psafe.com/en/blog/the-equifax-breach-might-have-compromised-your-u-s-passport/ Thu, 28 Jun 2018 23:00:24 +0000 https://www.psafe.com/en/blog/?p=18794 Back in September 2017, a massive security breach within the credit monitoring service, Equifax, led to over 148 million customer records falling into the hands of hackers. Shortly after, collections of sensitive data including social security numbers, credit cards, and driver’s licenses appeared for sale on the dark web. Now, a new report notes that approximately 3,200 digital passports were also stolen in the attack. But, what can you do if your passport was part of the breach?

How to Check if You’ve Been Compromised
To begin, head over to Equifax’s security website and use your social security number to check if your private information was included in the stolen data. Unfortunately, Equifax does not detail exactly what parts of your private data was compromised. With the scary possibility that your personal information is going to the highest bidder, we recommend obtaining identity theft protection as soon as possible. Luckily, Equifax provides this service at no charge.

Read More: What Should You Do After Losing Your Phone?

If you have reason to believe that your passport may have been included in the Equifax breach, take a few measures to enhance your security. For example, the DMV recommends that you contact them in regards to the stolen document. A passport is an official piece of government identification that could allow malicious individuals to impersonate you.

Replace Your Passport
If you’re a frequent traveler, you can quickly replace your passport through a United States passport agency office in under 2 weeks. Otherwise, you can visit a local post office to have your passport renewed, but the process may take over 2 weeks to complete. Don’t forget to bring a secondary piece of identification such as a driver’s license when applying.

Besides replacing your passport, you should also be aware of any activity on future credit reports. If a cybercriminal decides to use your information, your credit report will log this. To be safe, consider ‘freezing’ your credit report so that none of them can be used without prior authorization.

Look Ahead at Credit Reports
If you discover possible fraudulent activity on your credit report, go to this Equifax page to report any fraudulent activity, The reporting tool will also alert the 2 other major U.S credit bureaus, Experian and TransUnion that fraud may be at play.

Equifax’s critical data breach is a cybersecurity blunder that affected us all, but with careful attention, we can all remain safe by being diligent and aware.

]]>
<![CDATA[A Cyber Drive-By Attack Could Be Lurking in Your Hood]]> https://www.psafe.com/en/blog/a-cyber-drive-by-attack-could-be-lurking-in-your-hood/ Thu, 28 Jun 2018 22:00:47 +0000 https://www.psafe.com/en/blog/?p=18743 Ever heard of a drive-by? A disturbing picture comes to mind, but now apply the same idea to a cyber attack. Huh, sounds confusing right? But this crime has been gaining traction and is called a cyber drive-by attack. What’s disturbing is these hacking attacks target users without the usual method of having to open a malicious file or link. What hackers do at a cyber drive-by is station themselves close to a house or a place of business and attack.

Read More: The Danger of Spoofed Websites: Learn to Tell the Difference

The best way to protect yourself from cyber threats is to ensure you download antivirus software on all your devices, your phone included. For Android users, we recommend dfndr security, which has a security scan feature that combs your entire device, even the SD card, and blocks viruses or malware.

Get dfndr security now

How It All Began
A cyber drive-by attack wasn’t much of a threat in the early days, mainly it was used to gain free access to Wi-Fi. Hackers would drive by the streets of a town, locate a Wi-Fi signal and If the signal was insecure, they would hack through to siphon Internet.

How They Evolved
Now cybercriminals use this same practice but in more sophisticated ways. They often target badly secured routers and first figure out the router manufacturer. Once they’ve gotten that information, they’ll next tap in and listen to the traffic and find ways to compromise the password, which eventually gives them access to a computer or phone.

With all systems weakened, the next stage of an attack is to introduce malware or a keylogger, and once this happens, tapping into someone’s sensitive information is child’s play.

A keylogger can bait a victim by having them visit a legitimate website that’s infected through a popup or ad, or by slyly redirecting the person to an infected site. Information like bank accounts, logins, or social security numbers could be discovered and used in illegal ways.

Criminals are also targeting businesses with this type of attack, which requires no user interaction at all and depends on the vulnerability of a device or modem.

In other cases, cybercriminals use ‘man in the middle’ software, by having attackers spy on victims by setting up conversations between multiple parties.

Last Words and Tips
In addition to downloading a security app, individuals and companies should update devices regularly with the latest security patches and script blocking plugins. Additionally, businesses should ensure employees don’t have local administrative access to their devices. Set them up with a separate account instead.

Other measures to take include segmenting a company’s network so that everyone isn’t running on the same server, which ensures that malware doesn’t spread throughout an entire office.

Finally, all work and personal data should be backed up as frequently as possible on external hard drives or a cloud service, which should not be left connected to the main network.

]]>
<![CDATA[Tips to Secure Your WordPress Site Against Hackers]]> https://www.psafe.com/en/blog/tips-to-secure-your-wordpress-site-against-hackers/ Sun, 24 Jun 2018 12:00:49 +0000 https://www.psafe.com/en/blog/?p=18771 WordPress is an extremely powerful website platform that has been utilized by web developers over the past decade to build anything from blogs to e-commerce sites. In fact, the blog post you’re currently reading is built on WordPress – as many other sites that you probably visit each day. What’s also risen in the past decade are cyber attacks on WordPress sites, which can be alarming if your business depends on having a working site. Here are a few tips to keep your WordPress site secure.

Lock Down Your Admin Account
When you first signup for a WordPress account or you decide to self-host, your website is controlled by an administrator account. By default, the name of a WordPress administrator account is ‘admin.’ While this username is easy to remember when you want to log in, it also gives hackers half the information they need to hack your website. Start by changing the default ‘admin’ login to something different – think of a username that is easy to remember, but also not obvious such as your business name. In addition, be sure that your password is a strong alphanumeric combination and isn’t based on something easily guessable such as your birthday or a pet’s name.

Read More: Here Are the Most Common Passwords, Ranked

Keep Everything Up To Date
No matter what device or service you’re trying to protect, it’s essential that your WordPress site is updated regularly to combat security threats. Unfortunately, in a recent survey, it was found that almost half of all WordPress sites are not updated to the latest version. Don’t concern yourself with the momentary downtime to perform a critical update, many hosting companies now do automatic updates for you. If your hosting company doesn’t provide this service — don’t ignore notifications to update, it really is painless and only takes a few minutes.

Change Your Login Address
You can generally access the login of a WordPress site by typing in the website address and adding ‘/wp-admin/’ to the URL. For example, if Google was hosted on WordPress, you would head to ‘www.google.com/wp-admin/’ to gain access to their login prompt. By leaving this login address at the default value, you’ve basically shown hackers to the front door. Consider changing the default login to something more unique to keep hackers guessing. After all, if you knowingly give them access, can you blame them once they break in?

]]>
<![CDATA[The World’s Most Malicious Ransomware Attacks]]> https://www.psafe.com/en/blog/the-worlds-most-malicious-ransomware-attacks/ Wed, 20 Jun 2018 12:00:25 +0000 https://www.psafe.com/en/blog/?p=18774 As we continue to push forward through the year, ransomware attacks are the most widespread and determinantal form of malware on the internet. Recent events have been so shocking that the entire City of Atlanta remained crippled almost a week after an attack, with residents unable to pay their bills. However, much larger attacks have taken place, affecting even more innocent individuals. Here are some of the world’s most significant ransomware attacks to have hit the web:

GandCrab
Recently, GrandCrab has grabbed everyone’s attention. The ransomware was discovered just this year and continues to hold everyday individuals hostage by encrypting all of the data on a user’s machine. What makes this piece of malware so ingenious is the way it’s been designed to hide the identity of the hackers who created it. To remove the ransomware from your machine, you must pay between $300-500 through a secure TOR network connection using an anonymous cryptocurrency known as Dash.

Read More: How to Protect Your Data from Ransomware Attacks

WannaCry
Accurately described by its name, the WannaCry strain of malware will indeed make you weep if you fall victim to it. The malicious piece of ransomware infected individuals in over 150 countries last year, in addition to targeting Britain’s National Health Service. Initially, the software used a piece of the Microsoft Windows file sharing system to infect other machines, but it eventually evolved. As with other ransomware scams, anyone infected found themselves forced to pay, this time via Bitcoin if they ever wanted to see if their data again.

GoldenEye
Not to be confused with the action-packed James Bond film of the 1990s, GoldenEye is a nasty piece of malware that’s also known as ‘NotPetya.’ Infecting reputable companies such as AP Moller-Maersk, Cadbury, FedEx, and Merck, the ransomware requested $300 for every computer infected. Easy to be tricked by, the malware sneaks onto your machine through an email or infected Word document. To add insult to injury, the malware has been smart enough to clear any actions it takes on a device, making it difficult to track down the criminal creators.

How Do You Stay Safe?
What’s disturbing is each piece of malware noted above have all been released within the last few years. Your data is at significant risk because ransomware attacks grow more aggressive each year.

Your computer isn’t the only device at risk either, collections of malware also target Android users. You can keep yourself protected by downloading dfndr security which has a full virus scan feature to locate any threats on your device, as well an anti-hacking feature that’s powered by AI, which will block malicious links before you click on them.

]]>
<![CDATA[Want Facebook to Stop Tracking Your Browser History? Ask Them]]> https://www.psafe.com/en/blog/want-facebook-to-stop-tracking-your-browser-history-ask-them/ Sun, 17 Jun 2018 12:00:10 +0000 https://www.psafe.com/en/blog/?p=18746 If you have concerns about how Facebook has been tracking your browser history and if the site has been targeting you with ads related to your history, there’s finally something you can do about it. Facebook CEO, Mark Zuckerberg, has announced that you can now prevent the social media site from tracking your browser history by simply asking them.

Read More: Why Bother Protecting Your Social Media Apps

Sounds so simple, but some users would like this option to be more obvious; however, learn more about this new feature and how it works.

What Brought This About?
Facebook faced plenty of backlash over the Cambridge Analytica scandal that revealed the company was harvesting the personal information of users, and selling the information to third-party companies so specific ads could be targeted to users that search for products or services.

Zuckerberg admitted at the company’s recent F8 conference that, by default, Facebook still tracks the activity of users and sends them ads connected to the information they search for. In the immediate future, users will be able to stop this practice with a new feature.

How Can Users Change This?
Supposedly the new feature will be similar to how you clear cookies and history in your web browser. Facebook’s feature will allow you to view your browsing history on the site and clear it, including what you’ve clicked on, app history, websites you’ve visited, and more.

Essentially, you’ll be able to choose to not have this information stored in your account. But, Zuckerberg warns that turning off function will eliminate some of your preferences the same way deleting cookies does, which will require you to sign onto sites again since the information in any auto-fill forms will be gone.

The Effect This Could Have
The move could bring many users back to Facebook because the will have the power to not have their preferences tracked. Zuckerberg added that the new privacy control will be called Clear History. He warned it would take the company about 3 years to become more proactive at policing content, which means you might still see content that doesn’t fit your preferences if you choose to keep your data tracking intact.

However, deleting your browsing history will result in the company removing identifying information so a log of sites and apps you’ve used won’t be connected to your account, which is a step toward more privacy.

]]>
<![CDATA[Google Introduces Anti-Phishing Feature for GSuite Users]]> https://www.psafe.com/en/blog/google-introduces-anti-phishing-feature-for-gsuite-users/ Sat, 16 Jun 2018 12:00:06 +0000 https://www.psafe.com/en/blog/?p=18777 Google has introduced a new tool to keep users of their GSuite services more protected. If your organization pays for Google products, such as Google Drive or Gmail, these new measures might improve overall security for your company. However, if you aren’t a paid user of GSuite, what can you do to keep your personal Google secure?

Google Defense for Businesses
Many phishing attacks will trick you into signing into a false account, giving hackers full access to all your data. The new Google feature will have an additional screen that asks a user to review the login email address and confirm that he or she is the proper owner of the account. This extra verification process is meant to enforce security and can be used with two-factor authentication.

Read More: How Safe is Google Chrome for Your Android?

What About Your Personal Google Life?
As previously noted, this new feature will only be available for Google Chrome users. This sadly leaves other browsers and Mozilla devotees in a vulnerable spot. After all, you still use Google services like Android, YouTube, or Google Photos. Basically, these new changes don’t assist the majority of Google users. Your data will still be exposed to hackers.

Your best bet is to stick with a third-party solution like dfndr security and activate the anti-hacking feature to block potential phishing attempts. The feature uses advanced AI to stop an attack before you even click on a malicious link. Your data is most infiltrated by the deceptive phishing process of placing malware links in emails, chat apps like Facebook Messenger, and SMS.

It’s also important to follow safe web browsing practices when checking email or enjoying the internet. If you’re unsure where a link might take you, avoid it and move on – the risk isn’t worth it.

When dealing with emails, always follow up with the sender of an email by phone to confirm the message details. And finally — be skeptical of any requests for detailed information. With these tips, all of us can have a safe, enjoyable experience online.

]]>
<![CDATA[The SamSam Ransomware is Behind the Atlanta Attacks]]> https://www.psafe.com/en/blog/the-samsam-ransomware-is-behind-the-atlanta-attacks/ Fri, 15 Jun 2018 12:00:38 +0000 https://www.psafe.com/en/blog/?p=18335 A virulent piece of malware called, SamSam ransomware has been spreading widely across the U.S. and is currently crippling the city of Atlanta, the Colorado Department of Transportation, and a number of healthcare organizations. Even though large organizations or municipalities have been victim to the ransomware, it most often starts with one employee unknowingly clicking on an infected link in an email.

Read More: Know Your Enemy – How Ransomware Payments Happen

Be a responsible employee and citizen by protecting all your devices from potential attacks, including your Android phone. The best way to fight hackers is by installing a well-rated app like dfndr security, a full virus scan feature can check for any threats in your device, by scanning your files and even your SD card.  

SamSam ransomware is like any strain of ransomware, mainly designed to encrypt data on a server or device and the only way to recover your data is by paying a “ransom’ to have it returned. However, SamSam has some specific details you should know about.

It Spreads Quickly
Most ransomware is sent by sending one copy of the malware to thousands of possible victims over the course of a day or two. However, the hacking creators of SamSam ransomware did something different – they sent thousands of copies of the malware to computers within a single organization at once.

Once the organization was infected, the hackers offered a “discount” to restore the company data all at once. Many cybercriminals use the “spray and pray” technique – attack an organization and hope for fresh victims. But the perpetrators of the SamSam ransomware attacks specifically targeted organizations with glaring vulnerabilities or weak credentials.

What Did They Exploit?
The SamSam ransomware attacks exploited bugs that organizations are not aware of, or had missed in their IT security plans. They also rolled out brute-force attacks against the Remote Desktop Protocol, a Microsoft software that allows two computers to remotely connect. This allowed them to gain access to unauthorized networks.

The ransomware was then spread to other connected networks through network mapping and credential theft.

What Can You Personally Do?
Always follow your IT department’s recommendations on having strong credentials, by creating passwords that are at least 8 characters long with some combination of lower-case and upper-case letters, as well as numbers and symbols. Ideally, use all randomized characters.

Take the stance of “defensive computing,” which helps protect you from malware, ransomware and phishing attacks. Don’t open links and files from people you don’t know or from “friends” who’ve sent you odd messages (cause the person may have been hacked!). Heed company protocols on backing up corporate files regularly and stored off-site, so if an attack were to happen, the impact could be lessened.

]]>
<![CDATA[Who Should You Hide Apps From and Why]]> https://www.psafe.com/en/blog/who-should-you-hide-apps-from-and-why/ Wed, 13 Jun 2018 12:00:46 +0000 https://www.psafe.com/en/blog/?p=18780 With Google Play Store’s teaming collection of exciting apps, there might be a few sensitive apps, as well as guilty pleasures, that you want to keep hidden. Don’t worry; we aren’t here to judge your secret love of Candy Crush. However, we are here to keep your personal information safe from prying eyes and snoops.

Read More: Which Android Apps Should You Be Locking?

If you want to keep curious individuals out of your Android phone, we recommend dfndr security’s applock feature. By creating a secondary passcode, you can quickly lock down apps that you don’t want anyone to access on your device. Whether your phone is stolen or you’re lending it to a friend, using applock can ensure your most important apps are off limits.

The concept of locking down apps, in general, might seem weird. You might be wondering, why bother doing this and on what occasions would you need to?

 Love Knows No Bounds in Your eBooks
We know, you love Stephenie Meyer’s Twilight books; it’s the way she weaves vampire romance onto a page, but you don’t want your friends to discover her books’ in your Kindle app – not to mention all the detailed notes and highlights you took on Edward and Bella’s relationship. Be smart, lock your secrets away, but don’t delete the ‘undead’ passion.

Absolutely Not, You Can’t Buy That on Amazon
Kids seem to be born with an instant ability to understand technology, but that can sometimes have a downside. Keep those prying little fingers out of shopping and financial apps such as Android Pay or the Amazon Store. Sure, you want to make your kid happy, but how thrilled will you be when a $250 LEGO set shows up at your doorstep?

That Embarrassing Photo, ‘You Know the One’
It was late, you definitely lost count of the beers you were drinking and the number of karaoke songs you sang badly. Sure, you can look at the pics and laugh now, but your mother-in-law might beam a cold stare at you when she accidentally clicks on your photo gallery. Lock it all down, and hopefully, she won’t be curious to see what you were up to last Saturday.

Stop Your Friend From ‘Fixing’ Your Love Life
Anyone single can relate to dealing with ‘that person’ – the one who has made it their mission to put you in a relationship. Keep your privacy under wraps, and keep others from swiping left for you. After all, do you really need a date with another person that your friend finds absolutely ‘perfect?’ Maybe it’s time to “fire” your self-appointed matchmaker, because no, that guy in ripped camo shorts with the python probably isn’t your soulmate, no matter what your friend thinks.

]]>