safety – PSafe Blog https://www.psafe.com/en/blog Articles and news about Mobile Security, Android, Apps, Social Media and Technology in general. Thu, 19 Jan 2023 14:49:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://www.psafe.com/en/blog/wp-content/uploads/2018/05/cropped-psafe_blog_purple-shield-32x32.png safety – PSafe Blog https://www.psafe.com/en/blog 32 32 <![CDATA[What is worm?]]> https://www.psafe.com/en/blog/what-is-worm/ Wed, 11 May 2022 20:29:16 +0000 https://www.psafe.com/en/blog/?p=21274 In computer security terms, do you know what a “worm” is? Well, you probably know we’re not talking about larvae — but we are indeed talking about parasites. Digital worms are among the most serious threats in the wild kingdom of the Internet.

According to our virus dictionary, a worm is one of the most common forms of malware. They exploit network flaws to spread larger threats and build on an operating system that spreads malicious code to other computers.

Worms can also damage connections, slowing down the internet and computer. Worse still, they can delete files from your hard drive and be difficult to defeat once they have penetrated your system (as they can usually get through most firewalls).

In this post, you will learn more about worms — and how to protect yourself from this threat.

What makes a worm?

A worm is a type of malware that, unlike common viruses , can self-replicate without the need to infect legitimate files, thus creating working copies of themselves. This capability enables worms to easily spread across computer networks and USB drives.

Some worms also spread through email messages, creating malicious attachments and sending them to the hacked account’s contact lists, often in the form of phishing.

How Worms Work

After spreading and gaining access to systems, some worms look for patches and security updates to close the holes they use. This prevents other malware from infecting the system using the same flaw – ensuring the worm’s exclusive control of its domain within the system.

These worms can also delete and modify files. Sometimes the point is just to make copies of itself over and over again – using up system resources (like hard drive space or bandwidth, hogging a shared network). In addition to wreaking havoc on a computer’s resources, worms can also steal data, install a backdoor, and allow a hacker to gain control over a computer and all of its system settings.

Worms are back to being used in SPAM

Popular around 2003 with the Bagle family, worms sent via SPAM to email accounts are once again being used by cybercriminals. The technique often uses zipped, password-protected files to distribute malware.

Because it is password protected, many antivirus programs are not able to scan files, and many security suites do not scan zip files, so they easily pass through the email security gateway.

A recent reappearance of this method for stealing data took place in Italy and was aimed at customers of Grupo Bancario Iccrea. The e-mail contained a password-protected HTML file, but with the access code included in the body of the e-mail.

When clicking, the user was invited to enter the code in the email to access the page. By informing the e-mail password, the user was directed to another page where he or she would enter credit card information, giving a false sense of security.

The reuse of this malware can represent a major threat world-wide, as more and more people have access to computers and are spending time in the virtual world, but are unaware of past threats and ways to protect themselves.

How to know if your computer has worms

If you suspect that your devices are infected with a worm, run a threat scan using your security solution immediately. Even if the verification is negative, follow the steps below.

1. Keep an eye on your hard drive space. Remember: when worms replicate themselves over and over again, they start taking up free space on your computer.

2. Monitor your machine’s speed and performance. Is your device slower lately? Are some of your programs crashing or not working like they used to? This could be a sign that a worm is consuming your processing power.

3. Be on the lookout for new or missing files. A common function of worms is to delete and replace files on a computer.

Main types of worms

The list below presents some of the most popular types of worms:

  • Sobig: emerged in 2003 and was reactivated in 2013, Microsoft offered a reward to discover its creator.
  • Conficker: It is most common on personal computers, blocking access to information security sites and spreading quickly over the network or USB devices. The pest is still active, but it can now be more easily removed by advanced security solutions.
  • Mydoom: appeared in 2004 with rapid propagation and was generated by infected computers and through e-mail messages.
  • Doomjuice: Uses a loophole created by Mydoom to infect computers.

How to protect yourself from worms

Worms are just one example of malicious software. To help protect your computer from them and other online threats, read and heed below!

  • As software vulnerabilities are the main infection vectors, make sure your computer’s operating system and applications are updated to the latest versions. Install these updates as soon as they become available, as updates often include patches for security flaws.
  • Phishing is another popular way for hackers to spread worms (and other malware). Always be extremely cautious when opening unsolicited emails, especially those from unknown senders that contain attachments or links. Don’t forget to activate your email service’s SPAM filters.
  • Make sure you invest in a strong security solution that can help block these threats. A good product should have anti-phishing technology as well as include defenses against viruses, spyware , ransomware and other online threats. dfndr enterprise is an excellent choice for you or your company, as it uses advances in artificial intelligence to simulate and predict all types of attacks (including all the latest worms).
]]>
<![CDATA[Spoofing: What’s it all about?]]> https://www.psafe.com/en/blog/spoofing-whats-it-all-about/ Fri, 08 Apr 2022 21:34:50 +0000 https://www.psafe.com/en/blog/?p=21236 We can define spoofing as an act of disguising something: usually a communication or request for action — seemingly from some known and trusted party, inducing the user to interact with the (unknown) source. It can occur on a somewhat superficial level, such as emails and messages, or through more technical means: such as DNS and IP spoofing.

In practice, spoofing is used by hackers to achieve numerous goals, such as getting sensitive information from their targets, or gaining access to restricted digital environments from which they can launch additional attacks (such as ransomware) — and much more.

How does spoofing work?

It is possible to commit a wide variety of crimes by using information obtained through spoofing activities. Just imagine what a hacker or cybercriminal might do if they’re able to convincingly impersonate a company or another person.

A well-engineered spoof can take over the domain of an email or website to approach a possible victim, or gain access to internet protocols or IP addresses (which act as an identifier for computers connected to the network). Thus, it’s possible to have access to a person’s applications, get hold of their confidential data (whether personal or banking), and a spoofer can even send messages on their behalf.

This type of scam is not new, but its methods and purposes vary and increase every day.

What are the dangers of a spoofing attack?

With the possession of sensitive data, criminals can carry out a series of financial transactions using the spoofing victim’s name. Sometimes this transaction can be done with the leaked credit card details, and sometimes they can impersonate the victim in order to get credit, money from people they know, or make debts on their behalf.

A spoofer can also monitor your activities, gain access to messages sent from your device, and even sell the data they obtain to other companies.

What are the types of spoofing?

Now that you know what spoofing is, it is important to understand that this type of attack can take many forms, from the simple to the complex. Here are a few of the main forms spoofing can take:

email spoofing

Probably the most typical model occurs when an attacker uses an email to trick the recipient into thinking the message came from a trusted source. Typically, this is done in one of two ways: by removing the sender field (so that it is not possible to know who sent it), or by disguising known addresses from unknown senders.

For example, a lowercase “l” and an uppercase “I” are practically impossible to identify in a sender’s address. This type of message can also be sent via SMS (known as “smishing”), or through social media messages and other channels.

spoofing website

Website spoofing occurs when an attacker uses elements of a known page to create a similar or virtually identical copy, often displayed within a context that makes sense.

The idea is for the victim to put their information into the impostor website so that it is intercepted by the attacker.

IP Spoofing

IP spoofing is one of the more sophisticated attacks, looking to mimic a more technical point. It’s probably a type of attack that the user’s rarely even see, as the goal is to trick the system itself.

For example, a network can be configured to authenticate users according to their IP address. If the attacker manages to disguise the IP and trick you, their access is easily granted.

DNS Spoofing

The idea of ​​DNS spoofing is similar to the previous one. As you may well know, DNS (Domain Name Server) is a system that helps you translate website addresses into IPs. With DNS spoofing, attackers are able to trick the system and redirect traffic to an IP they control.

A simple metaphor can make this example clearer: just imagine that DNS are the signs on the streets, which indicate where a driver needs to go. With spoofing, a criminal “swaps” the street signs, with the aim of taking drivers wherever they want.

Facial Spoofing

This is a different strand of spoofing, with a similar principle. More and more, facial recognition models are becoming popular (to unlock smartphones, for example). For this approach, it’s common for hackers to use photos or videos of the person, with the aim of tricking the system and pretending that they are indeed there.

Good artificial intelligence may offer protection here, because it will be able to identify whether a person is trying to access that system or not.

Spoofing on social networks

Telegram, WhatsApp, Instagram and any other online service of the same category can also be used as a vehicle for spoofing.

In these cases, the victim has their account hacked, and cybercriminals use their profile or account to contact friends or family. Generally, these people simulate some emergency situation to ask for money, or they’ll announce products for sale (at extremely low prices) — but the products don’t even exist.

Telephone spoofing

Telephone spoofing calls can happen when someone impersonates a company or an institution over the phone. This usually happens through a service called Voice over Internet Protocol (VoIP), which is used to transmit online calls and spoof the number or name to be displayed on the caller ID.

So be suspicious when your cell phone shows a call with a certain name, but from some number or locale you don’t recognize

How can you detect spoofing?

Detecting spoofing yourself is possible, but as we’ve noted, it’s not necessarily easy. 

However, there are some signs that can help identify this type of attack.

Look for English and grammar errors in messages. These can be more serious grammatical errors, such as wrong words, or more subtle, such as certain inconsistencies or strange structures. 

Make it a habit to always check the links you are clicking or the email address of senders. Look for any unusual changes, however small. Look closely and compare the domain if you can. 

On smartphones, you can place your finger on links for a few seconds, so that a preview window of the content opens, as well as the link;

Note if your browser does not automatically fill in your information (if it usually does) Especially on a site you visit frequently, this may be an indication that you are on a spoof site instead.

Confidential information such as credit card numbers, passwords should only be shared on secure and encrypted sites using HTTPS at the beginning of the URL.

If an email looks sketchy, do a Google search for the content of the email itself. If it’s a known scam, it will likely turn up. 

Use the dfndr lab link checker. This is a free tool that tells you in a few seconds if a link is trustworthy or not.

How to protect yourself from spoofing?

Even if you follow all the tips above, protecting yourself can be hard to do. The big problem is that most folks won’t be able to closely observe all these details and stay aware on a daily basis.  And this is exactly what hackers count on.

Imagine someone who is going through an extremely busy day, doing a thousand things at once, who receives an email with these subtle changes. The chance of the person stopping to look and detect these errors is small. Hackers know that it is virtually impossible to be alert 100% of the time.

Of course, it’s best not to click on unfamiliar links or attachments coming from emails you’re not sure where they came from. However, as we mentioned throughout the post, the purpose of spoofing is precisely to disguise these attacks as something familiar and reliable.

Another big problem with modern companies is underestimating hackers. Attacks are no longer made by a single person wearing a hood, in a dark basement. There’s a lot of strategy and sometimes large organizations behind these hacks, resulting in attacks that are extremely sophisticated and very difficult to identify, as we have discussed in the examples above.

One option is to avoid clicking on direct links. For example, if you receive an email, an SMS (Short Message Service) or a call from your bank notifying you of a problem, avoid clicking on the link. Access the direct website or the app to confirm the information.

In cases involving social media intrusions or phone line cloning, it is important to be cautious when opting for two-step verification. Several applications already provide this option in their menu to enhance your security.

By creating extra phases for your login in communication apps, a spoofer will not have access to your message history (even if they have access to the confirmation code needed to login) and will certainly find it more difficult to hack your account.

Finally, it’s important to use some security solution (like dfndr enterprise) on your computer to make sure that the pages you access really are trustworthy. A software based on artificial intelligence will have more resources available to assess the security of your network, block potential threats, and protect your device before it becomes the target of an attack.

Did you learn something from this post? Now that you know what spoofing is and how to protect yourself from it, take the opportunity to subscribe to our newsletter. 

Then you’ll have access to more first-hand safety tips, right in your email!

]]>
<![CDATA[Careful With That QR Code! Five Steps For QR Code Safety]]> https://www.psafe.com/en/blog/careful-with-that-qr-code-five-steps-for-qr-code-safety/ Fri, 11 Mar 2022 18:14:35 +0000 https://www.psafe.com/en/blog/?p=21198 For 20 million people, the temptation proved too hard to resist. For a full minute, a simple QR code ping-ponged back and forth on their television screens during a break in the action at the Super Bowl. Cryptocurrency company Coinbase reportedly paid 14 million dollars for that ad – but clearly, they got their money’s worth: 20 million people were redirected via QR code to their landing page, specially designed for the ad. 

Caution Flags 

The radical simplicity and irresistible pull of the Coinbase spot was the talk of the post-game ad reviews. But out of the din of this discussion came another message — this one from the Federal Bureau of Investigation (FBI). Inc Magazine’s Jason Aten pointed to a warning they had issued a month prior to the big game – the first lines lay out the situation quite clearly:

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

QR Codes Are Back, And Bigger Than Ever

Once again, it seems that bad actors have seized on a popular trend to help them do their dirty work. A simple technology dating back to the 90’s, QR Codes are on the rise lately – as they’ve become a very effective digital tool for marketers who want to quickly convert mobile phone readers into shoppers and buyers. The Wikipedia entry on QR codes gives you a quick grasp of just how powerful they can be when scanned on a mobile phone:

QR codes may be used to display text to the user, to open a webpage on the user’s device, to add a Card contact to the user’s device, to open a Uniform Resource Identifier (URI), to connect to a wireless network, or to compose an email or text message.

All you have to do is think about how hackers might use that kind of power, and you can quickly see that indiscriminate scanning of QR codes could lead you into some serious trouble. 

Two Primary Sources of QR Code Danger

The first danger with malicious QR codes is the fact that they can transport you seamlessly to a fake website. As with most hacks, the first layer of the transaction seems to be legitimate: the QR code works! The user arrives at a site that has the offer or information they were seeking. 

And this is when many users will let their guard down, and fail to notice telltale signs that the site isn’t legitimate. Super-sweetened offers can also play a role in softening up otherwise careful users. The bad website can be a collection point for private information and financial data, and the path to financial losses and ID Theft is paved.

The second danger is QR codes that include malware themselves. Once again, let’s turn to the FBI for — “just the facts”:

Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

That’s about as bad as it can get. So, short of forsaking the use of all QR codes — how do you defend yourself?

What Can You Do?

Here are the five steps you can take – we discuss each below in more detail:

  1. Get informed about what QR codes are and what they can do.
  2. Make sure your device has good security software.
  3. Use that security software regularly!
  4. Before scanning any QR code, scan “the situation.” 
  5. Make sure you land where you expected to!

You’ll be glad to know that you’re well on your way to completing the first step. We hope this article has helped in this regard, and if you want to get even more up-to-date on potential threats to you and your mobile device, we highly recommend these two companion articles:

Six Ways That Cybercriminals Try To Take Over Your Device – QR codes are covered here along with several other traps, like WiFi Honeypots, Fake Apps, and even Subtitles in Streaming Apps. Do give it a careful read – lots to learn here.

Can a QR Code Be Used In A Phishing Attack? – If you’ve followed us so far, you know the answer to this question is YES! But hit the link to get more information on how QR codes can bait the hook for hackers’ big Phishing expeditions.

Security Help

If you’re using dfndr security, make sure you activate the anti-hacking feature to protect you from scams and malware. dfndr security PRO plan also has a dedicated Safe App function to help sniff out apps that contain malware, and also provides complete Identity Theft reports should you suspect trouble.

Eyes Up!

But your awareness is always going to be your first line of defense. Remember that QR codes primary benefit is to help you connect to a specific spot on the web without your having to type in a URL. The “fun” of seeing this work is no doubt a major part of the success of that Coinbase ad. 

If you decide you do want to scan a QR code – make sure you can verify it’s from a trusted source, and take a good close look at the surroundings: the copy and design, the context of use. Is the code stuck on a wall outside a club? Or did it come to you via a traceable source like a mass mailing? If you can verify that the code is from a trustworthy source – make sure the landing spot is what you expected it to be.  

Just remember what your friends in the FBI told you: a QR code isn’t a game to be taken lightly — or a Pokemon type game where you have to capture and collect. They serve a very specific function, and they’re more powerful than they look. Treat QR codes with the same caution you’d give to any unknown app or web address.

]]>
<![CDATA[Avoid the Tinder Swindler: how to date online safely]]> https://www.psafe.com/en/blog/avoid-the-tinder-swindler-how-to-date-online-safely/ Tue, 22 Feb 2022 14:18:16 +0000 https://www.psafe.com/en/blog/?p=21174 Good con artists have a strange relationship with emotion: many of them demonstrate an almost uncanny ability to manipulate and elicit emotions in others, yet they’re often detached from their own emotions. This frightening combination is in evidence throughout the recent independent film sensation The Tinder Swindler.

The film tells the story of a conman who uses the Tinder app to insinuate himself into the lives of three female victims. In the film, Simon Leviev sets up elaborate romantic cons to appear as a wealthy diamond heir, then uses the trust he has gained to steal information, then money – only to use that money to fund the con for his next victim.

It’s a taut and dramatically told story, but without a clear moral or ending. (The New York Post has reported that Leviev has signed with a Hollywood agent, and “wants his own dating show.”)   

How To Stay Safe: Five Scammer Prevention Keys

But the moral for users of Tinder — and social media in general — are still the same: proceed with caution!  Below are a Five Keys to help you stay safe as you navigate dating apps like Tinder — they’re also useful guidelines for people you might meet on any other social app like Facebook:

  • Do some research — and take your time. Before meeting in real life with anyone you’ve met online, take the time to do a little background research and find out if the person you’re speaking to is who they say they are. 
  • Consider bringing a friend for the first date(s), and meet in public. Yes, this will keep you safer, and it might also help provide a more casual atmosphere where you can learn a little bit more about your new friend.
  • Be sensitive about peculiar information requests. Spoiler alert: The Tinder Swindler orchestrated reasons to get Passport information, and then quickly put it to nefarious use. Whatever the reason given, a quick pivot to requests for detailed personal data is always a sure warning sign, especially in a new relationship.
  • Keep your purse, phone, and ID’s close. Don’t overlook simple physical sources of data like these. Don’t leave them unattended. 
  • If you have any suspicions, check in to things. If anything seems odd in terms of your interactions, don’t bury your head in the sand. A good security solution like dfndr security can help you track where your data is going and also protect your physical phone from theft. Stay on top of your bank and credit card accounts.

Remember: Most Scammers Don’t Do A Lot of Romancing

The Tinder Swindler is also a healthy reminder that most scams are not quite as elaborate as those cooked up by Simon Leviev.  But most scams operate on the same human emotions of romance and self-interest. 

Set some clear rules for yourself in the dating world – and also for when you’re answering emails and text messages — or when you’re looking for work on a job site.  If it looks too good to be true – it probably is! 

    

]]>
<![CDATA[As Schools Go Online, Cyberattacks Are On The Rise]]> https://www.psafe.com/en/blog/as-schools-go-online-cyberattacks-are-on-the-rise/ Wed, 30 Jun 2021 22:17:32 +0000 https://www.psafe.com/en/blog/?p=20968 The continued fallout from coronavirus in online environments has begun to trend upward in an environment that poses serious risks to both hosts and users: online schooling. Schools, parents, and students need to take care, and take steps to protect themselves.

Source: Checkpoint Research

The figure above, from Checkpoint Research, shows a significant ramp-up (and spike) in Cyberattacks as pupils returned to remote classes, held via online meeting platforms and tools. Worth noting in this figure is the fact that this sector has always been more vulnerable to attack, but is even more so now.

“The urgency of the situation and the speed with which schools needed to make online learning avaccommodations is a kind of perfect storm for hackers and cyber criminals,” explains Emilio Simoni, director at the dfndr lab. “The numbers and the activity convincingly demonstrate that security can’t be taken for granted, or arranged last minute,” Simoni adds.

The range of methods used to attack educational institutions is similar to the kinds of attacks seen in the general population: phishing, ransomware, and malicious apps are all in play — along with the “Zoombombs” receiving more exposure and attention. 

If you haven’t heard: Zoombombs are unwanted take-overs of hosted meeting sessions by hackers. Note that the Zoom app is not especially vulnerable — but its widespread popularity as a meeting-host service has simply caused the name to be associated with the phenomenon. Distributed denial of service attacks (DDOS) are also common. These are purposeful efforts to overwhelm the capacity of a given connection or platform, and frequently they’re the “blunt weapon” of choice for ransom-motivated attacks.

“Of course institutions need to take steps to protect themselves with enterprise grade security solutions,” Simoni notes, “but teachers and student families have to be wary as well.”  Adds Simoni: “If you’re attending classes through a digital connection at home or on-the-go, you will want to have a personal solution you can rely on.”

For these purposes, dfndr security PRO offers a full suite of  capabilities, including:

Anti Hacking Protection: Anti-hacking protects users from malicious URLs and phishing sites. It also blocks scams directly on the SMS app, web browsers and messaging apps (WhatsApp and Facebook Messenger).

Safe App Installer: Lets you know if an app is safe — before you install it.

Wi Fi Theft Protection: Protect you WiFi connection and immediately be notified if anyone is trying to intrude upon or hijack you wifi connection.

App Privacy Scan: Know which installed apps on your device are malicious, or have already been victim of leaks. Also easily see the permissions granted for each app, and where they send data they collect from you.

You can use this link to learn more about dfndr security, and also consider upgrading to our PRO offering. You’ll be glad to know that Anti-Hacking comes with the free version of our solution.

With governmental funding for improved education-institutional security defenses still up in the air, the necessity for students and families to protect themselves is keener than ever.  

We’ll keep you posted on any specific / large-scale attacks, but for now, a good security solution should be considered a requirement for any online student family.

LEARN MORE BY TRYING OUT OUR APP: You’ll get Anti-Hacking protection and be able to see anyone who is priating your WiFi signal with our free dfndr security program. You can download it for free here, and try it out yourself!

Instale o dfndr security.Instale o dfndr security.

]]>
<![CDATA[Is Facebook’s New Phishing Tool Effective?]]> https://www.psafe.com/en/blog/is-facebooks-new-phishing-tool-effective/ Mon, 23 Jul 2018 23:00:12 +0000 https://www.psafe.com/en/blog/?p=18789 With phishing scams continuing to rise in volume, Facebook is taking a stand and getting into the hacker fighting game by introducing a new tool that cracks down on malicious look-alike websites. The tool could be useful for stopping you from opening fake websites, but it may not do everything.

Read More: Google Introduces Over 20 New Security Features to Protect Users

You still need a security app on your device to fully protect yourself from phishing scams. Download dfndr security and you can block phishing attempts by activating the anti-hacking feature. With advanced AI built in — this feature can block attacks coming from your web browser, SMS, or chat apps.

Get dfndr security now

The Facebook phishing tool has some advantages, particularly in identifying homograph attacks. Uh, what are those you might ask?  

Homograph Attacks
Some phishing attacks come in the form of a homograph attack. Hackers create websites with domain names that are almost identical to a brand name site, with the sole purpose of fooling someone and getting them to unknowingly input login credentials.

The only way to tell a site is fake is by examining the name of the site. A fake one usually has a letter or a punctuation mark out of place. Unless you’re watching closely, you could easily be fooled. This is where the Facebook tool comes in.

What the Tool Does
Named Certificate Transparency Monitoring, the tool is a Facebook-hosted application that any webpage owner can access for free with a Facebook account. The tool has been around since 2016 but it was recently updated it, allowing webmasters to detect homograph domains that are spoofs of their websites.

Webmasters add their domain to the tool’s dashboard which will scan the public Certificate Transparency (CT) logs. The logs have information about new domains that recently got an SSL certificate. The tool will then warn website owners about fake sites in the CT logs that use a similar name to theirs.

Will the Tool Help You Really?
As someone concerned about your security, the Facebook tool can help you identify phony websites, but in the end, it’s really for domain owners to suss out imposters. While the tool is useful, it will not actively block phishing scams lurking out there.

Once again, it’s wise to take security into your own hands, and have an antivirus app downloaded and ready to be your eyes and ears against hacking attempts.

]]>
<![CDATA[Going to College Next Year? Beware of Cyber Attacks]]> https://www.psafe.com/en/blog/going-to-college-next-year-beware-of-cyber-attacks/ Fri, 29 Jun 2018 00:00:21 +0000 https://www.psafe.com/en/blog/?p=18788 If you’re going to college next year, make sure you know about cyber attacks that are hitting post-secondary schools. There are more cyber crimes than ever in 2018, but you can avoid these with the right security software.

Read More: My Apps Gave Up Personal Info Again

One wickedly smart way to protect your Android or IOS phone is by using dfndr vpn, a virtual private network that hides your IP address and location, especially on campus Wi-Fi. With a VPN, you can keep your gaming, snapchatting, or Facebook sessions totally anonymous from snoops or hackers.

Here’s what you should know about cyber attacks before you land at college.

The Stats
Last year alone, there was an average of 12 DDoS attacks per week. These types of attacks can infect entire colleges by hitting multiple computers or devices at once, causing them to lose Internet access. Additionally, about a quarter of all colleges or universities were the victim of cyber attacks in 2017.

Devices Get Targeted
Plenty of institutions have a policy that requires you to bring your own device, which can expose any personal info stored on tablets or smartphones to potential hacking attempts. Criminals sometimes take advantage of anyone not using security apps or VPNs and hack into their devices to steal data, oftentimes planting ransomware in order to get a fast payoff.

Your devices should always have security software downloaded, as well as the right authentication methods to make sure cybercriminals have a hard time gaining access.

How Do Hackers Target College Kids
In addition to attacking single devices, hackers also target full-on networks with DDoS attacks and viruses. Phishing scams are also common, so steer clear of any weird emails that could contain malware. Make sure your password is randomized and has a mix of letters, numbers, and symbols. While it feels like a hassle, change your passwords frequently, at least every 6 months during college life.

And while it’s fun to exchange files with your friends, don’t download any files when using a public computer because these are accessed by other people (ahem, potential hackers). Always log out of public computers after you use them, especially if you send a file from your smartphone to your email or vice versa.

Bad News… Colleges are Huge Targets
The main reason why hackers go after higher education institutions is that they can easily access a lot of personally identifiable information (PID) such as social security numbers, payment information, medical records, and more. Also, the average cost of a data record belonging to a university is worth roughly $200 with registration, which can net hackers money if they steal school records and put it for ransom.

]]>
<![CDATA[The Equifax Breach Might Have Compromised Your U.S. Passport]]> https://www.psafe.com/en/blog/the-equifax-breach-might-have-compromised-your-u-s-passport/ Thu, 28 Jun 2018 23:00:24 +0000 https://www.psafe.com/en/blog/?p=18794 Back in September 2017, a massive security breach within the credit monitoring service, Equifax, led to over 148 million customer records falling into the hands of hackers. Shortly after, collections of sensitive data including social security numbers, credit cards, and driver’s licenses appeared for sale on the dark web. Now, a new report notes that approximately 3,200 digital passports were also stolen in the attack. But, what can you do if your passport was part of the breach?

How to Check if You’ve Been Compromised
To begin, head over to Equifax’s security website and use your social security number to check if your private information was included in the stolen data. Unfortunately, Equifax does not detail exactly what parts of your private data was compromised. With the scary possibility that your personal information is going to the highest bidder, we recommend obtaining identity theft protection as soon as possible. Luckily, Equifax provides this service at no charge.

Read More: What Should You Do After Losing Your Phone?

If you have reason to believe that your passport may have been included in the Equifax breach, take a few measures to enhance your security. For example, the DMV recommends that you contact them in regards to the stolen document. A passport is an official piece of government identification that could allow malicious individuals to impersonate you.

Replace Your Passport
If you’re a frequent traveler, you can quickly replace your passport through a United States passport agency office in under 2 weeks. Otherwise, you can visit a local post office to have your passport renewed, but the process may take over 2 weeks to complete. Don’t forget to bring a secondary piece of identification such as a driver’s license when applying.

Besides replacing your passport, you should also be aware of any activity on future credit reports. If a cybercriminal decides to use your information, your credit report will log this. To be safe, consider ‘freezing’ your credit report so that none of them can be used without prior authorization.

Look Ahead at Credit Reports
If you discover possible fraudulent activity on your credit report, go to this Equifax page to report any fraudulent activity, The reporting tool will also alert the 2 other major U.S credit bureaus, Experian and TransUnion that fraud may be at play.

Equifax’s critical data breach is a cybersecurity blunder that affected us all, but with careful attention, we can all remain safe by being diligent and aware.

]]>
<![CDATA[A Cyber Drive-By Attack Could Be Lurking in Your Hood]]> https://www.psafe.com/en/blog/a-cyber-drive-by-attack-could-be-lurking-in-your-hood/ Thu, 28 Jun 2018 22:00:47 +0000 https://www.psafe.com/en/blog/?p=18743 Ever heard of a drive-by? A disturbing picture comes to mind, but now apply the same idea to a cyber attack. Huh, sounds confusing right? But this crime has been gaining traction and is called a cyber drive-by attack. What’s disturbing is these hacking attacks target users without the usual method of having to open a malicious file or link. What hackers do at a cyber drive-by is station themselves close to a house or a place of business and attack.

Read More: The Danger of Spoofed Websites: Learn to Tell the Difference

The best way to protect yourself from cyber threats is to ensure you download antivirus software on all your devices, your phone included. For Android users, we recommend dfndr security, which has a security scan feature that combs your entire device, even the SD card, and blocks viruses or malware.

Get dfndr security now

How It All Began
A cyber drive-by attack wasn’t much of a threat in the early days, mainly it was used to gain free access to Wi-Fi. Hackers would drive by the streets of a town, locate a Wi-Fi signal and If the signal was insecure, they would hack through to siphon Internet.

How They Evolved
Now cybercriminals use this same practice but in more sophisticated ways. They often target badly secured routers and first figure out the router manufacturer. Once they’ve gotten that information, they’ll next tap in and listen to the traffic and find ways to compromise the password, which eventually gives them access to a computer or phone.

With all systems weakened, the next stage of an attack is to introduce malware or a keylogger, and once this happens, tapping into someone’s sensitive information is child’s play.

A keylogger can bait a victim by having them visit a legitimate website that’s infected through a popup or ad, or by slyly redirecting the person to an infected site. Information like bank accounts, logins, or social security numbers could be discovered and used in illegal ways.

Criminals are also targeting businesses with this type of attack, which requires no user interaction at all and depends on the vulnerability of a device or modem.

In other cases, cybercriminals use ‘man in the middle’ software, by having attackers spy on victims by setting up conversations between multiple parties.

Last Words and Tips
In addition to downloading a security app, individuals and companies should update devices regularly with the latest security patches and script blocking plugins. Additionally, businesses should ensure employees don’t have local administrative access to their devices. Set them up with a separate account instead.

Other measures to take include segmenting a company’s network so that everyone isn’t running on the same server, which ensures that malware doesn’t spread throughout an entire office.

Finally, all work and personal data should be backed up as frequently as possible on external hard drives or a cloud service, which should not be left connected to the main network.

]]>
<![CDATA[Tips to Secure Your WordPress Site Against Hackers]]> https://www.psafe.com/en/blog/tips-to-secure-your-wordpress-site-against-hackers/ Sun, 24 Jun 2018 12:00:49 +0000 https://www.psafe.com/en/blog/?p=18771 WordPress is an extremely powerful website platform that has been utilized by web developers over the past decade to build anything from blogs to e-commerce sites. In fact, the blog post you’re currently reading is built on WordPress – as many other sites that you probably visit each day. What’s also risen in the past decade are cyber attacks on WordPress sites, which can be alarming if your business depends on having a working site. Here are a few tips to keep your WordPress site secure.

Lock Down Your Admin Account
When you first signup for a WordPress account or you decide to self-host, your website is controlled by an administrator account. By default, the name of a WordPress administrator account is ‘admin.’ While this username is easy to remember when you want to log in, it also gives hackers half the information they need to hack your website. Start by changing the default ‘admin’ login to something different – think of a username that is easy to remember, but also not obvious such as your business name. In addition, be sure that your password is a strong alphanumeric combination and isn’t based on something easily guessable such as your birthday or a pet’s name.

Read More: Here Are the Most Common Passwords, Ranked

Keep Everything Up To Date
No matter what device or service you’re trying to protect, it’s essential that your WordPress site is updated regularly to combat security threats. Unfortunately, in a recent survey, it was found that almost half of all WordPress sites are not updated to the latest version. Don’t concern yourself with the momentary downtime to perform a critical update, many hosting companies now do automatic updates for you. If your hosting company doesn’t provide this service — don’t ignore notifications to update, it really is painless and only takes a few minutes.

Change Your Login Address
You can generally access the login of a WordPress site by typing in the website address and adding ‘/wp-admin/’ to the URL. For example, if Google was hosted on WordPress, you would head to ‘www.google.com/wp-admin/’ to gain access to their login prompt. By leaving this login address at the default value, you’ve basically shown hackers to the front door. Consider changing the default login to something more unique to keep hackers guessing. After all, if you knowingly give them access, can you blame them once they break in?

]]>