Tonight’s Special Guest: McAfee’s Most Dangerous Celebrity of 2014

After a long day of hard work, there’s nothing like coming home, throwing on some PJs, and watching some good old late night television. I love catching up on all the latest news and watching celebrities like Kaley Cuoco-Sweetin discuss the celebrity photo hack (what can I say? I’m a security junkie).

It seems like we’ve always had a fascination with the lives of the rich and famous. In the 1700s, people gathered to watch the every move of the King of France, from getting out of bed to changing his underwear. Page Six, the gossip column, used to be the must-read page in the New York Post. Now, in the age of social media, following our favorite celebrities’ comings and goings is even easier. All we have to do is go on Twitter to get the latest about Jayoncé.

Unfortunately, our obsession with celebrities can get us into trouble on the Web. Cybercriminals love to take advantage of our interest in celebrities for malicious means. They use hot celebrity news, like updates on Ryan Gosling and Eva Mendes’ baby, along with the offer of free content to lure you to malicious sites that could steal your money or personal information or install malware.

There are some celebrities who are more likely to lead you to bad stuff than others. Today McAfee announced that Jimmy Kimmel, the host of Jimmy Kimmel Live!, is the 2014 Most Dangerous Celebrity™. McAfee found that searching for the latest Jimmy Kimmel videos and downloads yields more than a 19.4% chance of landing on a website that tested positive for online threats.

Here are the rest of the celebrities that round out this year’s Top 10 Most Dangerous Celebrities list.

  1. Jimmy Kimmel
  2.  Armin van Buuren
  3.  Ciara
  4.  Flo Rida
  5. Bruce Springsteen
  6. Blake Shelton
  7. Britney Spears
  8. Jon Bon Jovi
  9. Chelsea Handler
  10. Christina Aguilera

History tells us we probably aren’t going to get over our fascination with celebrities anytime soon. But there are some things you can do now to stay safe online while you’re reading about your favorite personalities.

  • Be suspicious. If a search turns up a link to free content or too-good-to-be-true offers, be wary
  • Check the web address. Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquatting)
  • Search safely.Use a Web safety advisor, such as McAfee® SiteAdvisor® that displays a red, yellow, or green ratings in search results, alerting you to potential risky sites before you click on them
  • Protect yourself. Use comprehensive security software on all your devices, like McAfee LiveSafe™ service, to protect yourself against the latest threats

Help Spread the Word!
In order to continue to promote safe celebrity searching, McAfee will be running a sharing sweepstakes. Help others stay educated about staying safe online by sharing Most Dangerous Celebrities content and you could  win a Red Carpet Swag Bag that includes a Dell Venue™ 7 tablet, Beats Solo 2.0 HD headphones, a subscription to McAfee LiveSafe service along with other goodies. You must be 18 or older and reside in the United States in order to participate. Learn more here.

While it’s fine to get your fix of celebrity gossip , remember to be safe when doing so.

To learn more about Most Dangerous Celebrities, click here or read the press release, use the hashtag #RiskyCeleb on Twitter, follow @McAfeeConsumer or like McAfee on Facebook.


RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The post Tonight’s Special Guest: McAfee’s Most Dangerous Celebrity of 2014 appeared first on McAfee Blogs.

Guardian evening seminar – The Future of Secure Mobility

The Guardian is opening its doors on Monday 29 September from 5:30pm – 9:00pm for a lively debate around the future challenges of securing mobile technologies for business – and you can be there.

The event will be hosted by award winning security journalist Thomas Brewster and will include a panel of leading technology and security experts including Neal Watkins, vice president of product management & development at Symantec, Sanjeev Skukla, director, cyber security consulting at Accenture and Gavin Franks, general manager of enterprise at Telefonica.

The panel will investigate how businesses are using mobile technologies to transform their business processes and make them more efficient whilst also protecting themselves against data leakage and malware attack.

The kind of questions we will be exploring during the session are:

How can you access corporate data securely?

How can you create an enterprise ‘App Store’ without compromising the native experience?

How can you provide secure alternatives to consumer apps that can form a protected workspace on the device?

Where and when is the event?

The event will be held at the Guardian head office at Kings Place, 90 York Way, London N1 9GU on 29 September 2014

A report of the event will be published in the technology section of The Guardian on Monday 13 October 2014, summarising the outcomes of the discussion and profiling the participants. The report will also be published online on the same date on the Secure + Protect Hub.

You can register to attend the event by following this link.

You Could Get Prank Called (and Charged) By Your Own Phone

Most people would never think to prank call themselves. However, they may be allowing their smart phones to do just that, by falling trap to a newly discovered security flaw.

Gone are the days of the traditional prank phone calls, executed by giggling teenagers in a darkened kitchen. Today, mobile phones have not only replaced such relics as the landline, but they have also opened consumers up to a whole new realm of scams. We now use our mobile devices for phone calls and everything else under the sun, so it makes sense then that pranksters and their far less benign counterparts (hackers) have also adopted new ways of duping unsuspecting users out of their personal information and money.

The latest mobile threat to be on the lookout for comes courtesy of a security precaution often overlooked in many popular mobile messaging apps like Facebook messenger, Apple Facetime, and Gmail for mobile. The flaw allows a call to be placed without requiring the user to confirm their action when a link is clicked. This could potentially allow clever criminals to utilize Uniform Resource Identifier (URI) schemes called “tel” to run call fraud. URI schemes tell a computer or mobile device where to go for a certain resource, such as launching an app or dialing a phone number when a link is clicked. Much like when a browser is launched after you click on a web link in an email, native mobile messaging apps can be used as conduits to send malicious links that will trigger a call to be made from your phone.

Typically, an app should prompt you to make sure you would like to go through with the call beforehand, but many big name native messaging apps have this warning feature turned off as a default. The flaw was discovered by Andrei Neculaesei, a developer in Copenhagen, who created a mock website to confirm that most of these messaging apps would just go ahead and make the call.

But really, what is so bad about someone making random calls through your phone?

This security oversight could give hackers an easy way to make premium-rate phone calls for a profit and leave unsuspecting users with the bill. Hackers are buying these premium-rate phone numbers and collecting money each time they trick a user’s phone into calling the high-rate number. Therefore, they will likely place as many calls as possible before someone gets a very surprising (and astronomically high) phone bill.

While this scam is still hypothetical, parts of it are the same as those used by many other forms of malware and phishing attempts. The URI scheme phone scam uses a malicious link to launch the initial round of premium-rate phone calls, and like many others, it relies on consumers to make the first click.

Theoretical or not, smart mobile security habits can keep your device and information safe from similar tricks and many others beyond it.

  • Don’t click on a link from someone you don’t know, whether it’s in an email, social media, or a text message.
  • Keep a close eye on your monthly phone bill for any unusual charges from making calls to premium-rate phone numbers.
  • Make sure to install security software on all mobile devices. The extra layer of protection that security software can provide your device is essential to protecting privacy. McAfee® Mobile Security, is free for both Android and iOS, and offers a variety of protections to help avoid misbehaving apps, including the SMS and call filter that easily siphons out spammers and unwanted numbers for Android users.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post You Could Get Prank Called (and Charged) By Your Own Phone appeared first on McAfee Blogs.

Consumers Eager for Connected Technology

Many of us are familiar with the Jetson’s TV cartoon that showed the life of a family in 2026 and how technology is a part of their everyday life. If you’re like me, some of the gadgets that George and his family had are probably things you thought were cool or would be convenient to have, especially the automatic meals that could be selected and then delivered with the push of a button or the flying cars. While we’re not quite at the level of George Jetson, technology advancements are only going to continue.

With that in mind, McAfee commissioned MSI for a study, “Safeguarding the Future of Digital America in 2025,” that looks at how far technology will be in 10 years. And also looking at how all this technology and interconnectedness affects our privacy and security—something George Jetson never had to worry about with Rosie (his robot maid), or while he video chatted.

What is interesting to see from the study is what people believe will be prevalent in 2025 (some of which are Jetson-esque) such as:

  • 60% believe that sooner or later, robots and artificial intelligence will be assisting with their job duties
  • 30% believe they’ll be using fingerprints or biometrics to make purchases
  • 69% foresee accessing work data via voice or facial recognition
  • 59% of people plan to have been to a house that speaks or reads to them.

There’s no reason to doubt all of these advances won’t soon be reality, but there will also be new considerations for consumers to be aware of. The more “connected” you are, the more you’re at risk. But while consumers seem to be embracing these new conveniences, 68% of them are worried about cybersecurity so it’s imperative that all of us know how to protect ourselves today and into the future.

How can you protect yourself?

  • Do your research before purchasing the latest gizmo. Read the manufacturer’s, app’s or site’s security and privacy policy. Make sure you fully understand how the product accesses, uses and protects your personal information and that you’re comfortable with this.
  • Read customer reviews. There’s hardly a product on the market that doesn’t have some kind of rating or customer feedback online. This unsolicited advice can help you determine if this is a device you want to own.
  • Password protect all of your devices. Stop putting this off. Don’t use the default passwords that come with the device or short, easy ones. Make sure they’re unique, long and use a combination of numbers, letters and symbols. Complex passwords can also be a pain to remember, that’s why using a password manager tool, like the one provided by McAfee LiveSafe™ service is a good idea.
  • Don’t have a clicker finger. Be discriminating before you click any links, including those in emails, texts and social media posts. Consider using web protection like McAfee® SiteAdvisor® that protects your from risky links.
  • Be careful when using free Wi-Fi or public hot spots. This connection isn’t secure so make sure you aren’t sending personal information or doing any banking or shopping online when using this type of connection.
  • Protect all your devices and data. McAfee LiveSafe service you can secure your computers, smartphones and tablets, as well as your data and guard yourself from viruses and other online threats.

Make sure you’re not like George calling out to his wife Jane saying “Jane…stop this crazy thing!” as he’s ready to fall off his electronic dog walker that’s gone out of control! Stay safe online!


To join the conversation use the hashtag #FutureTech or follow McAfee on Twitter or like them on Facebook.

To download the infographic, click here or click to read the press release.



RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.


 MSI conducted a survey among 1,507 U.S. citizens ages 21 to 65. The survey was split evenly among age and gender. The survey was conducted in August 2014.

The post Consumers Eager for Connected Technology appeared first on McAfee Blogs.

From Russia with Malware: Svpeng Mobile Banking Trojan

Like almost everything else, financial transactions have gone from in-person to digital in a matter of years. In 1999, only 11% of Internet users banked online, yet today that number has jumped to 61%, with many of those same users banking via mobile devices as well. But, while the acceptance of mobile and online banking has become more widespread, awareness around mobile-specific security risks has definitely not.

Up until now, most financial organizations operated under the guise of “ignorance is bliss” with regard to educating users and employees about the importance of safe mobile security habits. While users are certainly much more comfortable with checking account balances and depositing checks remotely than they were 10 years ago, oftentimes along with comfort comes complacency—and that can be detrimental to your online safety.

However, a recently discovered banking Trojan named “Svpeng” may be the one to wake companies and users out of their collective security slumbers. Originating in Russia, Svpeng has crossed the ocean and taken on a dangerous pattern beyond other forms of mobile ransomware I have discussed before. What sets this sneaky piece of code apart is the way in which it utilizes several different attack styles to accomplish the endgame.

To start with, the malware worms its way onto a victim’s mobile device through social engineering in the form of text messages. Social engineering tactics typically utilize readily available information about a user to trick them into revealing other, more sensitive information like passwords. Once Svpeng has gotten into a device, it will look for banking apps from specific financial institutions like Citigroup, American Express, Wells Fargo, and others. The final move it makes is to lock the device down and demand $200 in Green Dot MoneyPak cards (reloadable debit cards preferred by hackers) to have the devices unlocked.

According to security experts, Svpeng is one of the most dangerous mobile banking threats to emerge so far, and organizations must use this as a warning to improve security and increase user awareness. This Trojan and its creators are satisfied with locking down mobile devices for ransom for now—but there is nothing keeping them or others from graduating to stealing banking credentials and much more with the same technology.

It is crucial to exercise good technology habits when taking advantage of the conveniences of mobile banking. Below are some quick ways to steer clear of most mobile malware and other threats:

  • Avoid sharing revealing information about yourself online. Clever hackers can potentially use the seemingly innocuous tidbits you share about yourself to get into your accounts through social engineering. People commonly use pet names, birthdates, favorite foods, etc. as passwords for financial and other accounts, which can be easily guessed with the right amount of determination.
  • Beware of responding to anonymous text messages. It is a best practice to avoid opening text messagesor clicking on links from someone you don’t know. Additionally, even if the message appears to come from your bank, never provide personal information.Legitimate institutions will direct you to a website or customer service line instead.
  • Never perform banking activities over public Wi-Fi networks. There is no doubt that mobile banking can make life a lot easier, but the convenience can sometimes come with a price. If checking your account balance on a mobile phone is a necessity, then make sure you only do it on a private wireless network.
  • Avoid downloading apps from third parties. Apps that are on third-party app stores are often there for a reason, and frequently contain malware. By taking this one simple step, you can eradicate the risk of downloading Trojans like Svpeng.
  • Install security software on all mobile devices. Svpeng is just the beginning, so it’s important to stay one step ahead of current and future threats. Having security software installed on your device is an essential part of protecting your privacy. McAfee® Mobile Security, is free for both Android and iOS, and offers a variety of protections, including ones to help avoid Trojans like Svpeng for Android users.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.


The post From Russia with Malware: Svpeng Mobile Banking Trojan appeared first on McAfee Blogs.