It’s Beginning to Look a Lot Like the Holiday Shopping Season

In the U.S. it’s Thanksgiving week and that means after Thursday, the holiday season will be in full force. Not only is it time to bring out the tinsel while jamming out to Michael Bublé’s holiday CD (I can finally listen to all the holiday music I want without judgment), it’s also time to buckle down on your holiday shopping. Have you made your holiday shopping list yet? Luckily, in the U.S., the biggest shopping days of the year are coming up meaning lots of shopping deals at stores on and offline to help you complete your holiday shopping list.

There are people out there who are really gung-ho about Black Friday—camping outside a department store the night before and fighting the masses for the half-price widescreen tv. That’s not really my style; I’m more of a Cyber Monday kind of guy. I just fire up my computer or tablet and start clicking and then boxes magically arrive at my house…well maybe not magically.

Online shopping is convenient for the holiday shopper. No lines, no braving the sometimes nasty winter weather, no crowds—you can buy almost anything and never leave your couch. Although online shopping is a great way to complete your holiday shopping list, you should take a couple precautions while online to keep your personal and financial information safe from hackers.  Along with avoiding the 12 Scams of the Holidays, here are the top 5 tips to help you stay safe while shopping online this holiday season.

  • Be wary of deals. Does that 90% off blowout sale of iPhones sounds too good to be true? It probably is. Any offer you see online that has an unbelievable price shouldn’t be believable. Beware of spam emails with links to awesome deals, as it’s particularly dangerous to buy on a site advertised in a spam email. I recommend using web protection, like McAfee® SiteAdvisor® provides easy to results to protect you from going to a malicious website.
  • Use credit cards rather than debit cards. If the site turns out to be fraudulent, your credit card company will usually reimburse you for the purchase; and in the case of credit card fraud, the law should protect you. With debit cards, it can be more difficult to get your money back and you don’t want your account to be drained while you’re sorting things out with your bank. Another option savvy shoppers sometimes use is a one-time use credit card, which includes a randomly generated number that can be used for one transaction only. If the number is stolen it cannot be used again. Using this type of credit card also ensures that a thief does not have access to your real credit card number.
  • Review the company’s policies. Look to see how the merchant uses your personal information and check to make sure that it will not be shared with third parties. You should only disclose facts necessary to complete your purchase and not any additional information about yourself. Also, check the website’s shipping policy and make sure it seems reasonable to you. You want to make sure that you understand all your shipping options and how they will affect your total cost of your online purchase.
  • Check that the site is secure. Find out if a company’s website is secure by looking for a security seal, like the McAfee SECURE™ trustmark, which indicates that the site will protect you from identity theft, credit card fraud, spam and other malicious threats. Make sure the site uses encryption—or scrambling—when transmitting information over the Internet by looking for a lock symbol on the page and checking to make sure that the web address starts with httpS://.
  • Only use secure devices and connections.  If you are using a public computer, information such as your browsing history and even your login information may be accessible to strangers who use the computer after you. Also, never shop using an unsecured wireless network because hackers can access your payment information if the network is not protected.  To protect yourself, do all of your online shopping from your secure home computer. When shopping at home, make sure all your devices are protected with comprehensive security like McAfee LiveSafe™ service which protects all your PCs, tablets and smartphones.

Think these tips are great? Spread the knowledge with McAfee and Dell’s Season of Sharing sweepstakes*. It’s easy—just head over to 12scams.com and share the #12Scams content on your social profiles. The more you share the more chances you have to win a $1,000 Dell Gift Card** and a 1-year subscription to McAfee LiveSafe.

 

*No purchase necessary. Valid only in the U.S. from Nov 4 – Dec 12.
** Terms and conditions apply. See www.dell.com/giftcard.

 

RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

 

The post It’s Beginning to Look a Lot Like the Holiday Shopping Season appeared first on McAfee Blogs.

Koler Ransomware Extorts Money from Users

Hands up! Law enforcement agencies want you to pay for your crimes—but wait, what crimes did you commit?

While your record may be squeaky clean, this malicious Android app sure isn’t and its makers are doing everything they can to extort money from consumers. I’ve discussed mobile apps that attempt to steal money from users before, however the particular piece of ransomware up for discussion today is a different beast entirely.

Known as Koler, this Trojan takes over a user’s device and prompts him or her with fake notifications from various law enforcement agencies, attempting to trick them into to paying for their “crimes.”

Koler has been on researchers’ radars since May. However, the discovery of new variants in October revealed an added component allowing Koler to spread from phone to phone through text message bringing a new dimension to the ransomware.

Once Koler is installed on a mobile device, it will open a persistent window that covers the entire screen and displays a message from local law enforcement agencies, accusing users of indulging in child pornography—a very heavy allegation. The ransomware requires victims to pay a fine using prepaid MoneyPak cards before they can regain control of their phone and get rid of the notification window.

Koler is able to display localized ransomware messages in more than 30 countries, including the U.S. In order to spread to more mobile devices, Koler will send a text message to every contact in the address book of an infected phone. This message displays a shortened bit.ly URL linking to Android application package file IMG_7821.apk, hosted on DropBox. If the recipient of this text installs the app, he or she will also unknowingly install Koler and become vulnerable to the scam.

This ransomware is extremely difficult to uninstall as the window it opens encompasses the entire screen, making navigation impossible. Therefore, a user must reboot the device in safe mode before Koler can be successfully uninstalled.

With malware such as Koler rapidly spreading across mobile devices, it’s extremely important for users to put an emphasis on the security of their phones. Here are a few quick tips that you can implement to protect against ransomware such as Koler:

  • Be sure the “unknown sources” option on your Android device is turned off. In the Android security settings menu, there is an option for users to install apps from sources outside of Google Play. When this setting is turned off, that device will not allow mobile apps from unofficial stores to be installed. Since the majority of malicious apps come from third party app stores, it’s a good idea to keep this setting off—permanently.
  • Don’t download files or click on unknown links. A good rule of thumb to remember is if something looks out of place or comes from someone unfamiliar, it should not be opened on your phone.
  • Take an active role in securing your mobile device. Although having security software installed on your device is an essential part of protecting your privacy, it is important that users be aware and take proper measures to avoid infection. McAfee® Mobile Security is free for both Android and iOS, and offers a variety of protections, including ones to help avoid ransomware like Koler for Android users.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.

lianne-caetano

The post Koler Ransomware Extorts Money from Users appeared first on McAfee Blogs.

‘Tis the Season for the 12 Scams of the Holidays

Fa la la la la, la la la la. Yes that’s me singing, but thank goodness you can’t really hear me (I save that for the shower). If you can believe it, it’s that time of the year again (even though it seems like we just finished Halloween). Time for holiday parties, family traditions, ugly sweaters, and… scams? Yes, that’s right. Now that the holiday season has begun, many of us are sharing, shopping and booking travel online— even more than we normally do.

And scammers know that with all that money and personal information floating around, they have a big opportunity. Using techniques like phishing, social engineering, fake charities and infected USB drives, cybercriminals can invade your privacy and drain your bank account.

Don’t let these hackers and thieves dampen your holiday cheer. To help you stay safe this season, McAfee has compiled a list of the 12 Scams of the Holidays. Check it out and educate yourself on what scams you need to look out for this holiday season.

12Scams2014_Infographic_22Oct2014_FINAL

Here’s some tips to help you stay safe during the holidays:

  • Be careful when clicking. Don’t click on links in email or social media messages from people you don’t know, and use a URL expander to know what site you are going to before clicking on a shortened URL.
  • Be suspicious. If a deal seems too good to be true, it probably is.
  • Practice safe surfing. Use a Web safety advisor, such as McAfee® SiteAdvisor®, that protects you from going to risky sites.
  • Avoid public Wi-Fi. Public Wi-Fi might be convenient, but it’s also accessible to anyone who wants to see what you are doing online.
  • Shop safely online. Make sure you stick to reputable e-commerce sites that have been verified as safe by a third-party Trustmark, like McAfee SECURE™. Also look for “https” at the beginning of a site’s URL, which indicates that the site is using encryption to protect your information.
  • Use security software on all your devices. Make sure you have comprehensive security protection, like McAfee LiveSafe™ service, for all your devices, including your mobile phone and tablet that also safeguards your data and includes identity protection.

Season of Sharing Sweepstakes

To make sure that we all have a safe and merry holiday, McAfee and Dell have teamed up to bring you the Season of Sharing Sweepstakes—and give you a chance to win prizes. By sharing safe shopping and online safety tips around the 12 scams with your friends and family, you’ll not only be helping others to stay safe online this holiday season, but you’ll also earn a chance to win a $1,000 gift card to Dell.com** along with McAfee LiveSafe service to make sure all your devices are protected!

‘Tis the season to be jolly, so make sure you stay safe online.

 

*Sweepstakes open to US residents only. NO PURCHASE NECESSARY. Sweepstakes is from November 4 – December 12, 2014. See www.12scams.com for full terms and conditions.
**Terms and conditions apply. See www.dell.com/giftcard.

 

RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The post ‘Tis the Season for the 12 Scams of the Holidays appeared first on McAfee Blogs.

Spread the Joy with the Season of Sharing Sweepstakes

Did you have a great Halloween? I loaded up on lots of delicious trick or treat candy to last me at least until all the Christmas treats appear. But Halloween is over and it’s time to switch out the ghouls, pumpkins and tombstones for string lights, Christmas trees, and tinsel.  Yes, I know I skipped over Thanksgiving (for those of us in the US), but my local stores have had holiday decorations up since September. The holiday season is officially here!

The holiday season is a time of family, friends and tradition but it is also a busy time for hackers and scammers. They’ve planned all kinds of tricks to steal your money, information and cheer, knowing that this festive time of year is when we tend to let our guards down. It’s important to stay digitally safe during the holidays.

This year, McAfee and Dell are partnering to bring you the Season of Sharing Sweepstakes! It’s super easy to participate, just share content about how to avoid these holiday digital dangers with your friends and family. And you’ll have the chance to win a $1,000 gift card to Dell.com and 1-year subscription to McAfee LiveSafe™ service.

Here’s how you can help spread the joy so we can all avoid the 12 scams of the holidays.

12ScamsSweeps_440x220

HOW TO ENTER

  1. Go to www.12scams.com.
  2. Sign into the page using your Facebook or Twitter account.
  3. Share the 12 scams content from the social feeds on the page to earn entries into the sweepstakes. The more you share, the more entries you get!
  4. Sit tight for winners to be announced on December 17.

 

WHAT YOU COULD WIN

  • Grand Prize: 1 winner will receive a $1,000 gift card to Dell.com and a 1-year subscription to McAfee LiveSafe™ service
  • 1st Place: 1 winner will receive a Dell Venue™ 8 Tablet and a 1-year subscription to McAfee LiveSafe
  •  2nd Places: Ten (10) winners will receive a 1-year subscription to McAfee LiveSafe service

 

Have fun and stay safe this holiday!

*Sweepstakes open to US residents only. NO PURCHASE NECESSARY. Sweepstakes is from November 4 – December 12, 2014. See www.12scams.com for full terms and conditions.

 

RobertSicilianoRobert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

 

 

 

The post Spread the Joy with the Season of Sharing Sweepstakes appeared first on McAfee Blogs.

App Inventor Enables the Easy Creation of Malicious Apps

In today’s increasingly connected society, heaps of new mobile apps are cropping up every day. It no longer takes a technical degree or programming background to create and deploy a mobile app. Android is well known for being an open and accessible platform that any mobile app developer can use. With this reputation in mind, it’s no wonder that MIT built an App Inventor online tool for Android developers. The tool allows anyone to easily drag-and-drop a variety of widgets in order to create their own, personalized Android app.

Unfortunately, App Inventor has caught the attention of some cyber users with criminal intent, who have since built malware directly into the tool. That means that novice-level malware authors can now create a Trojanized app.

Once attackers have created these Trojanized apps, they spread them around using a combination of phishing links and file sharing services. As soon as users open the phony apps on their phones, the apps start carrying out nefarious activities. Even worse, they are often developed to automatically begin downloading additional malicious apps once they are installed.

While App Inventor doesn’t give malicious apps any special powers, it does make the production of Trojanized apps incredibly easy. Because of it, anyone with a basic understanding of Android programming can quickly churn out tons of malicious apps. As I have covered before, Trojanized apps attempt to scam users by forcing them to pay fines, searching for and stealing their mobile banking information, or sending unwanted and costly premium text messages to their contact lists.

With all of these bad apps running rampant, here are some simple, yet effective, tips you can use to protect your mobile device against app security threats:

  • Use comprehensive security software on your mobile device. The sad truth is that malicious apps are not going away anytime soon. So, having security installed on your mobile device that helps protect your privacy and identity is a must. McAfee® Mobile Security is free for both Android and iOS, and it offers a variety of protections, including ones to help Android users dodge Trojanized apps.
  • Avoid downloading apps from third parties. By taking this one simple step and only downloading apps from trusted online sources like Apple App Store and Google Play, you can significantly lessen your chance of downloading a malicious, Trojanized app.
  • Don’t open a link or file from someone you don’t know. Whether you receive a link or file through email, social media, or text message, it is always best to avoid opening attachments from unfamiliar senders.

To keep up with the latest security threats, make sure to follow @McAfeeConsumer on Twitter and like us on Facebook.

lianne-caetano

The post App Inventor Enables the Easy Creation of Malicious Apps appeared first on McAfee Blogs.