Read More: The Danger of Spoofed Websites: Learn to Tell the Difference

The best way to protect yourself from cyber threats is to ensure you download antivirus software on all your devices, your phone included. For Android users, we recommend dfndr security, which has a security scan feature that combs your entire device, even the SD card, and blocks viruses or malware.

How It All Began
A cyber drive-by attack wasn’t much of a threat in the early days, mainly it was used to gain free access to Wi-Fi. Hackers would drive by the streets of a town, locate a Wi-Fi signal and If the signal was insecure, they would hack through to siphon Internet.

How They Evolved
Now cybercriminals use this same practice but in more sophisticated ways. They often target badly secured routers and first figure out the router manufacturer. Once they’ve gotten that information, they’ll next tap in and listen to the traffic and find ways to compromise the password, which eventually gives them access to a computer or phone.

With all systems weakened, the next stage of an attack is to introduce malware or a keylogger, and once this happens, tapping into someone’s sensitive information is child’s play.

A keylogger can bait a victim by having them visit a legitimate website that’s infected through a popup or ad, or by slyly redirecting the person to an infected site. Information like bank accounts, logins, or social security numbers could be discovered and used in illegal ways.

Criminals are also targeting businesses with this type of attack, which requires no user interaction at all and depends on the vulnerability of a device or modem.

In other cases, cybercriminals use ‘man in the middle’ software, by having attackers spy on victims by setting up conversations between multiple parties.

Last Words and Tips
In addition to downloading a security app, individuals and companies should update devices regularly with the latest security patches and script blocking plugins. Additionally, businesses should ensure employees don’t have local administrative access to their devices. Set them up with a separate account instead.

Other measures to take include segmenting a company’s network so that everyone isn’t running on the same server, which ensures that malware doesn’t spread throughout an entire office.

Finally, all work and personal data should be backed up as frequently as possible on external hard drives or a cloud service, which should not be left connected to the main network.

O post A Cyber Drive-By Attack Could Be Lurking in Your Hood apareceu primeiro em PSafe Blog.

GandCrab
Recently, GrandCrab has grabbed everyone’s attention. The ransomware was discovered just this year and continues to hold everyday individuals hostage by encrypting all of the data on a user’s machine. What makes this piece of malware so ingenious is the way it’s been designed to hide the identity of the hackers who created it. To remove the ransomware from your machine, you must pay between $300-500 through a secure TOR network connection using an anonymous cryptocurrency known as Dash.

Read More: How to Protect Your Data from Ransomware Attacks

WannaCry
Accurately described by its name, the WannaCry strain of malware will indeed make you weep if you fall victim to it. The malicious piece of ransomware infected individuals in over 150 countries last year, in addition to targeting Britain’s National Health Service. Initially, the software used a piece of the Microsoft Windows file sharing system to infect other machines, but it eventually evolved. As with other ransomware scams, anyone infected found themselves forced to pay, this time via Bitcoin if they ever wanted to see if their data again.

GoldenEye
Not to be confused with the action-packed James Bond film of the 1990s, GoldenEye is a nasty piece of malware that’s also known as ‘NotPetya.’ Infecting reputable companies such as AP Moller-Maersk, Cadbury, FedEx, and Merck, the ransomware requested $300 for every computer infected. Easy to be tricked by, the malware sneaks onto your machine through an email or infected Word document. To add insult to injury, the malware has been smart enough to clear any actions it takes on a device, making it difficult to track down the criminal creators.

How Do You Stay Safe?
What’s disturbing is each piece of malware noted above have all been released within the last few years. Your data is at significant risk because ransomware attacks grow more aggressive each year.

Your computer isn’t the only device at risk either, collections of malware also target Android users. You can keep yourself protected by downloading dfndr security which has a full virus scan feature to locate any threats on your device, as well an anti-hacking feature that’s powered by AI, which will block malicious links before you click on them.

O post The World’s Most Malicious Ransomware Attacks apareceu primeiro em PSafe Blog.

Read More: Know Your Enemy – How Ransomware Payments Happen

Be a responsible employee and citizen by protecting all your devices from potential attacks, including your Android phone. The best way to fight hackers is by installing a well-rated app like dfndr security, a full virus scan feature can check for any threats in your device, by scanning your files and even your SD card.  

SamSam ransomware is like any strain of ransomware, mainly designed to encrypt data on a server or device and the only way to recover your data is by paying a “ransom’ to have it returned. However, SamSam has some specific details you should know about.

It Spreads Quickly
Most ransomware is sent by sending one copy of the malware to thousands of possible victims over the course of a day or two. However, the hacking creators of SamSam ransomware did something different – they sent thousands of copies of the malware to computers within a single organization at once.

Once the organization was infected, the hackers offered a “discount” to restore the company data all at once. Many cybercriminals use the “spray and pray” technique – attack an organization and hope for fresh victims. But the perpetrators of the SamSam ransomware attacks specifically targeted organizations with glaring vulnerabilities or weak credentials.

What Did They Exploit?
The SamSam ransomware attacks exploited bugs that organizations are not aware of, or had missed in their IT security plans. They also rolled out brute-force attacks against the Remote Desktop Protocol, a Microsoft software that allows two computers to remotely connect. This allowed them to gain access to unauthorized networks.

The ransomware was then spread to other connected networks through network mapping and credential theft.

What Can You Personally Do?
Always follow your IT department’s recommendations on having strong credentials, by creating passwords that are at least 8 characters long with some combination of lower-case and upper-case letters, as well as numbers and symbols. Ideally, use all randomized characters.

Take the stance of “defensive computing,” which helps protect you from malware, ransomware and phishing attacks. Don’t open links and files from people you don’t know or from “friends” who’ve sent you odd messages (cause the person may have been hacked!). Heed company protocols on backing up corporate files regularly and stored off-site, so if an attack were to happen, the impact could be lessened.

O post The SamSam Ransomware is Behind the Atlanta Attacks apareceu primeiro em PSafe Blog.

Read More: Get to Know These Cybercrime Trends

There are only a few reports of hotels receiving complaints about a small subset of criminals entering rooms and taking personal items through this technology, but the vulnerabilities in keycard technology suggest it’s only a matter of time before these crimes go mainstream.

How the Master Key Works and is Built
To get a master key to access a room, hackers book a hotel room and copy the data on an electronic keycard, which then gives them access to any room. In some cases, they don’t even need a keycard because the process can be done remotely by standing close to a hotel guest or a hotel employee. The ‘Master Key’ can be unlocked through a design flaw that’s common in most electronic lock systems.

Hackers then buy a portable programmer for a few hundred dollars to overwrite the key and create a master key within minutes. Once this is accomplished, the cybercriminals generally target travelers who store their laptops, passports, and cash in hotel rooms.

How the Key Opens Doors
This device, which is an RFID reader and writer, is simply held close to a door lock. The Master Key will run different key combinations within a hotel’s electronic database in less than a minute, cracking the master key combination to a particular room and unlocking the door. This can be done with a custom-tailored device or by writing the master key back to a hacker’s keycard.

A Temporary Fix
Being alerted to this flaw, Assa Abloy, the company who manufactures the portable programmer issued a software fix to keep hotel guests and their personal items safe. The company recommends that hotels worldwide update their keycard software to ensure these cyber attacks don’t occur in their facilities since new vulnerabilities can show up over time.

O post Hackers Can Now Break Into Your Hotel Room apareceu primeiro em PSafe Blog.

How Tabnapping Attempts to Trick You
This is how tabnabbing works. Say you stumble onto a website – maybe you found an interesting web article, clicked on a link sent by a friend, or are researching a specific topic. Often when we’re busy, opening several tabs to save a page or blog post to read later is normal multitasking, but this is where tabnabbers get you. When you open a new tab to work on something else, the malicious page begins to transform in the background while you’re occupied and not looking.

Read More: Phishing Attacks Can Be Stealthier Than You Think

The bogus website’s icon, known as a favicon, suddenly changes to something else like the Google logo, with the entire webpage following suit. When you tab back to where you were before, you’re presented with a fake Google account login box. You quickly assume that you were automatically logged out of something and enter your credentials, but what you don’t realize is you just fell for a dubious phishing attack. And now a hacker has your login information.

Tabnabbing are targeted attacks — hackers scour for vulnerabilities in HTML script, image loads, and various web browsers. Methods like this allow hackers to detect which site a user is visiting, or what sites a user visits regularly. For example, if you use Facebook daily, a hacker could simply switch out a tab to the Facebook login screen and ensnare you to enter personal details.

There is Hope for Protection
Keep following necessary security standards such as always checking the website URL, not only once it loads, but whenever you’re being prompted for a password or other personal information. Implementing two-factor authentication can also make it more difficult for hackers to access your account even if they’ve managed to get a hold of your password.

Finally, always have an antivirus software installed on all your devices, both computer, and smartphone. dfndr security is a well-rated app for Android devices and offers advanced technology based on AI machine learning. There is a full virus scan feature that scans your device from top to bottom and detects malware or viruses, and the anti-hacking feature blocks any malicious links before you even click on them.

The big lesson here? Your data is at risk, but the good news is you don’t have to go it alone.

O post Tabnabbing Attacks While Your Back is Turned apareceu primeiro em PSafe Blog.

While you focus on ensuring that a hacker doesn’t manipulate your trust, your mobile device is still vulnerable to cyber attacks. Available for Android devices, dfndr security offers antivirus capabilities that scans and removes malware, and an anti-hacking feature that warns you if a link is dangerous. A quick download will go a long way towards making you feel safer.

Targeting Your Stressors
One psychological technique that’s used to manipulate is to target someone who is under stress and likely feeling vulnerable. When we’re stressed, we tend to make rash decisions to push away the source of stress. This might include a situation like receiving an email asking you to send password information to your ‘IT department’ because it’s ‘urgent.’ No matter what’s going on around you, be sure to take a deep breath and handle tasks with your full attention. Why? That email from IT could be a scam.

Email From the Big Boss
We tend to bow to pressure in the face of authority quite easily; this basic psychological idea has been showcased in psychology tests as far back as the 1960s – and it’s just as relevant today. If you see an email from your boss, you’re more likely to address the request quickly. However, always double check that email to ensure it isn’t fraudulent. Your boss will thank you for preventing a possible phishing attack.

Respond Quickly or Else
Lastly is the psychological manipulation of placing a time limit on your decision-making capabilities. We’ve seen the tactic used in both phishing scams and television commercials – you need to act now before time runs out! Don’t allow anyone to control how fast you move, caving in can tear down your ability to rationalize. The next time you see an email that stresses urgency, slow down, and take the time to consider the proposal – your future self who doesn’t get hacked will be grateful.

O post Learn the Psychology of Digital Fraud apareceu primeiro em PSafe Blog.

Read More: The Facebook Malware Scanner Is Holding Users Hostage

One of the best ways to defend your smartphone from these attacks is with an antivirus software like dfndr security, which has a full virus scan feature that checks all your programs for malware. The app will check everything that’s on your device’s memory, as well as your SD card.

The recent rise of consumer ransomware is rattling for sure, which begs the question – what is the second best defense you can employ besides an antivirus software? Knowledge!

How These Attacks Happen
The main reason why hackers continue to develop sophisticated ransomware techniques is that they have a high success rate. As a consumer, you will never see them coming because they show up in the most unexpected ways, such as a pop-up, in an email or via SMS. If you open the wrong email, malware can lock your device out, forcing you to pay ‘ransom’ to gain the encryption key that reopens your device.

Research on ransomware targeted at consumers found that 38% of targeted individuals pay criminals to have their devices unlocked. 45% of consumers don’t even know what ransomware is, while 23% don’t backup files on their computer or mobile device. 48% are not worried about being hit with a ransomware attack at all, which is disturbing. The worst thing you can do is assume you won’t be a victim.

How to Avoid a Target on Your Back
Besides downloading security software for your device, there are a number of ways to protect yourself from ransomware. Make sure to keep your device up to date with the latest operating system. Without the combination of security software and an updated system, there may be security holes that a malicious email or SMS can exploit.

When surfing with your web browser, make sure Adobe Flash is turned off. Ransomware can sometimes enter your device through a Flash vulnerability. Also, stay away from questionable sites on the web because they may be littered with pop-up ads. These often contain false promises and a whole lot of malware.

Finally, make sure you backup all your files on an external hard drive or a cloud that you can use in case you get hacked. Losing all your data and being locked out of your device will sting less if your data is backed up.

O post Watch Out Consumer: You’re a Major Target for Ransomware apareceu primeiro em PSafe Blog.

How They Are Accessing Your Personal Data
Researchers discovered that the vulnerability takes advantage of an iTunes feature known as ‘iTunes Wi-Fi Sync.’ Normally, this feature allows users to sync their photos, music, and other content wirelessly over a Wi-Fi network, without the need to plug into a Mac or PC. However, in this circumstance, hackers take advantage of the useful ability to access your device’s personal data. Worst of all, you don’t need to enable ‘iTunes Wi-Fi Sync’ because an attacker is able to perform the action themselves.

Read More: Android vs. iPhone: Which One Has Better Security?

The exploit begins when the user of an iOS device, such as an iPhone or iPad, connects to an unidentified machine bobby trapped with the malware and chooses to ‘Trust’ it. This action allows the machine to communicate with your device, as well as set up the remote access it needs to breach your security.

Defending Yourself Against the Exploit
The solution may seem simple, like ensuring you don’t plug your iPhone or iPad into any unfamiliar machines – and you definitely shouldn’t choose the ‘Trust’ function. Luckily, it really is that simple! Certainly, don’t plug devices into machines you’re unfamiliar with, but there could be times when a familiar machine isn’t readily available.

A common occurrence when you might plug your device to an unfamiliar machine is at a local pharmacy’s photo department. Many pharmacies offer printing services directly from your smartphone. However, this service does require you to choose ‘Trust’. For an easy workaround, offload your photos to a flash drive, or utilize a third-party solution from the App Store to wirelessly transmit photos to your pharmacy’s photo department.

Overall, the new exploit may be dangerous, but it’s quite easy to avoid. As with many instances of cybersecurity, remaining cautious and using your best judgment is a strong defense against malicious attacks.

O post iOS Exploit Targets Your iPhone and iPad Devices apareceu primeiro em PSafe Blog.

On February 15th, 1995, the FBI arrested the then infamous computer hacker, Kevin Mitnick. While Mitnick was detained for more advanced hacking schemes, he relied heavily on social engineering to obtain sensitive information from his victims. Flash forward to a fictional movie called Hackers — released in the same year — and the film’s eerie opening scene shows the protagonist posing as an executive to extract information from an unaware security guard. A chilling example of social engineering caught on celluloid.

Read More: 5 Things You Can Do to Prevent Phishing Scams at Work

Social Engineering is a tactic used before the days of computing but has rapidly evolved and become more sophisticated as the digital age emerged. Today, many individuals may be familiar with the term ‘phishing,’ an extremely prevalent form of social engineering in which a hacker impersonates a trusted person or entity, convincing someone to share valuable personal information.

You can avoid social engineering by becoming familiar with the techniques involved and understand how a hacker might attempt to manipulate you for their own purposes. Here are the six fundamental principles of social engineering laid out by Professor Robert Cialdini in his 1984 book, Influence: The Psychology of Persuasion:

1. Reciprocity – You’re more likely to perform an action for someone if it’s framed as returning a favor. Social engineers rely heavily on this emotional cue and the best defense is to carefully consider the information you’re giving out – just because you owe someone a favor, don’t give them keys to the castle.
2. Commitment – When an individual commits to an idea they are more likely to sacrifice in order to obtain a goal. For example, if you agree to work on a project with an individual and are asked to share sensitive information, your commitment to the person or project could convince you to hand over data – be aware of what you’re providing and why.
3. Social Proof – This can be summed up by the old phrase “Monkey see – monkey do.” As social creatures, we’re likely to follow what those around us are doing. If your coworkers in the office are unknowingly entering a sweepstakes scam, you’re more likely to jump in and do the same. Don’t forget to think for yourself and avoid the herd mentality – do your research!
4. Authority – Perceived authority is one of the major influences for social engineers to prey upon. The adherence to authority is commonly used in phishing scams. A hacker sends a phony email that appears to come from an authoritative entity like your human resources department, which can cause you to react and provide the requested information right away. However, the fake request can be more direct such as a ‘supervisor’ asking you for a password. When confronted with these types of emails, make sure to understand your company’s security policies. In many cases, passwords shouldn’t be handed to anyone, no matter the person’s level of authority.
5. Scarcity – If the desired object is scarce, you’re more likely to jump for it. These feelings point to historical research when early humans had to forage for supplies and food, often competing for minimal resources. Don’t allow ‘limited time offers’ or ‘act now’ keywords influence you. Think before entering any personal information.

A final tip here is to always take a step back and not allow factors such as authority and commitment warp your judgment. Social engineering is a terrifying practice. Hackers aren’t just attempting to break into our computers, but also manipulate our minds – the most private space of all. Understanding how social engineering techniques work is a head start in keeping yourself protected.

O post Social Engineering Isn’t About Making Friends, But Exploiting Your Trust apareceu primeiro em PSafe Blog.

Double Check That ‘Familiar’ Email Address
Just because you see an email from your friend ‘John Smith’, don’t assume this means it came from him. When a hacker sends fake emails, they opt to obscure the sent address with a name that might be familiar. To see the true address, simply tap the name in the ‘From’ field of your smartphone. On a computer, hover over or click the same information with your mouse. You should now be able to see the originating email address and determine if it’s genuine.

Read More: Why Are People Falling for Phishing Scams?

It’s Unlikely That Your Bank Forgot Your Name
Typically, when receiving an email from a secure source, such as a government entity or your financial institution, they will always address you by first and last name. If you receive a generic, unpersonalized email from your bank, there’s a good chance that something fishy is at play. To orchestrate mass phishing scams, hackers will commonly greet you with a readily applicable ‘Dear Sir or Madam.’

Gift Cards Aren’t Legitimate Payment Methods
A recent scam that’s been exploding across the web is the ‘IRS prepaid cards scam.’ A hacker will pose as an IRS agent demanding that you pay your outstanding taxes by purchasing an iTunes card or other gift cards from major retailers. No legitimate institution will request payment of debt with a gift card. Worse, if you fall for this scam, there is little credit card companies can do to protect because you fully authorized the purchase of such cards. If you spot an email asking for gift cards as payment, be sure to delete it right away.

You Probably Don’t Need to ‘Act Right Away!’
Another common phishing scam is when an email urges you to act immediately, causing you to make fast decisions. Reacting out of panic to these kinds of emails can quickly cloud your judgment. If you receive an email alerting you that your device has malware or you’re running out of storage, be sure to drop that ‘alert’ into the trash folder. If you’re genuinely concerned, utilize an antiphishng solution for your smartphone such as dfndr security, which has an anti-hacking feature that not only keeps your phone free from malware but also monitors possible incoming threats that arrive over SMS, email services, messaging apps, and web browsing.

Think Before Downloading an Email Attachment
Does that email you just received contain an email attachment that you weren’t expecting? Unless you were fully prepared to receive an email containing a file, don’t click it! Including malicious pieces of software with false emails are a standard way for hackers to gain access to your machine or phone. In doubt? Always have a third-party antivirus app installed on your devices remains a sensible way to double check email attachments. Remember the security mantra: Don’t know what it is? Don’t click it!

O post 5 Tips to Determine if an Email is Actually a Phishing Scam apareceu primeiro em PSafe Blog.