Free illustrations of Cyber

Did You Just Receive a Text from Yourself? Learn What Smishing Scams to Expect

/in /by

How many text messages from companies do you receive today as compared to about two years ago? If you’re like many people, it’s quite a few more.

This is because retailers have begun bypassing bloated email inboxes. They are urging consumers to sign up for SMS alerts for shipment tracking and sale notices. The medical industry has also joined the trend. Pharmacies send automated refill notices and doctor’s offices send SMS appointment reminders.

These kinds of texts can be convenient. But retail stores and medical practices aren’t the only ones grabbing your attention by text. Cybercriminal groups are also using text messaging to send out phishing.

Phishing by SMS is “smishing,” and it’s becoming a major problem.

Case in point, in 2020, smishing rose by 328%, and during the first six months of 2021, it skyrocketed nearly 700% more. Phishing via SMS has become a big risk area. Especially as companies adjust data security to a more remote and mobile workforce.

How Can I Text Myself?

If you haven’t yet received a text message only to find your own phone number as the sender, then you likely will soon. This smishing scam is fast making the rounds and results in a lot of confusion. Confusion is good for scammers. It often causes people to click a malicious link in a message to find out more details.

Cybercriminals can make it look like a text message they sent you is coming from your number. They use VoIP connections and clever spoofing software.

If you ever see this, it’s a big giveaway that this is an SMS phishing scam. You should not interact with the message in any way and delete it instead. Some carriers will also offer the option to delete and report a scam SMS.

Popular Smishing Scams to Watch Out For

Smishing is very dangerous right now because many people are not aware of it. There’s a false sense of security. People think only those they have given it to will have their phone number.

But this isn’t the case. Mobile numbers are available through both legitimate and illegitimate methods. Advertisers can buy lists of them online. Data breaches that expose customer information are up for grabs on the Dark Web. This includes mobile numbers.

Less than 35% of the population knows what smishing is.

It’s important to understand that phishing email scams are morphing. They’ve evolved into SMS scams that may look different and be harder to detect.

For example, you can’t check the email address to see if it’s legitimate. Most people won’t know the legitimate number that Amazon shipping updates come from.

Text messages also commonly use those shortened URLs. These mask the true URL, and it’s not as easy to hover over it to see it on a phone as it is on a computer.

You need to be aware of what’s out there. Here are some of the popular phishing scams that you may see in your own text messages soon.

Problem With a Delivery

Who doesn’t love getting packages? This smishing scam leverages that fact and purports to be from a known shipper like USPS or FedEx. It states that there is a package held up for delivery to you because it needs more details.

The link can take users to a form that captures personal information used for identity theft. One tactic using this scam is to ask for a small monetary sum to release a package. Scammers created the site to get your credit card number.

Fake Appointment Scheduling

This scam happened to a community in South Carolina. They had recently had an installation of AT&T fiber internet lines in their neighborhood. Following the installation, AT&T did a customer drive to sign people up for the service.

During this time, one homeowner reported that he received a text message. It pretended to be from AT&T about scheduling his fiber internet installation. He thought it was suspicious because the address they gave was wrong. The scammer had wanted him to text back personal details.

Get Your Free Gift

Another recent smishing scam is a text message that doesn’t say who it’s from. It says, “Thank you for your recent payment. Here is a free gift for you.” It includes a link at the bottom of the message.

This is a widespread scam that many have noted online. And it’s an example of a scammer using a common fact. The fact that most people would’ve paid some type of bill recently and mistake the text to be from a company they know. It also lures people in with the promise of giving them a free gift.

Does Your Mobile Device Have the Security It Needs?

Smishing scams are very clever and can easily infect your device with malware. Do you have the proper security precautions (mobile antivirus, DNS filtering, etc.)?

If not, give us a call. We can help!


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free illustrations of Security

How Often Do You Need to Train Employees on Cybersecurity Awareness?

/in /by

You’ve completed your annual phishing training. This includes teaching employees how to spot phishing emails. You’re feeling good about it. That is until about 5-6 months later. Your company suffers a costly ransomware infection due to a click on a phishing link.

You wonder why you seem to need to train on the same information every year. But you still suffer from security incidents. The problem is that you’re not training your employees often enough.

People can’t change behaviors if training isn’t reinforced. They can also easily forget what they’ve learned after several months go by.

So, how often is often enough to improve your team’s cybersecurity awareness? It turns out that training every four months is the “sweet spot.” This is when you see more consistent results in your IT security.

Why Is Cybersecurity Awareness Training Each 4-Months Recommended?

So, where does this four-month recommendation come from? There was a study presented at the USENIX SOUPS security conference recently. It looked at users’ ability to detect phishing emails versus training frequency. It looked at training on phishing awareness and IT security.

Employees took phishing identification tests at several different time increments:

  • 4-months
  • 6-months
  • 8-months
  • 10-months
  • 12-months

The study found that four months after their training scores were good. Employees were still able to accurately identify and avoid clicking on phishing emails. But after 6-months, their scores started to get worse. Scores continued to decline the more months that passed after their initial training.

To keep employees well prepared, they need training and refreshers on security awareness. This will help them to act as a positive agent in your cybersecurity strategy.

Tips on What & How to Train Employees to Develop a Cybersecure Culture

The gold standard for security awareness training is to develop a cybersecure culture. This is one where everyone is cognizant of the need to protect sensitive data. As well as avoid phishing scams, and keep passwords secured.

This is not the case in most organizations, According to the 2021 Sophos Threat Report. One of the biggest threats to network security is a lack of good security practices.

The report states the following,

“A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Well-trained employees significantly reduce a company’s risk. They reduce the chance of falling victim to any number of different online attacks. To be well-trained doesn’t mean you have to conduct a long day of cybersecurity training. It’s better to mix up the delivery methods.

Here are some examples of engaging ways to train employees on cybersecurity. You can include these in your training plan:

  • Self-service videos that get emailed once per month
  • Team-based roundtable discussions
  • Security “Tip of the Week” in company newsletters or messaging channels
  • Training session given by an IT professional
  • Simulated phishing tests
  • Cybersecurity posters
  • Celebrate Cybersecurity Awareness Month in October

When conducting training, phishing is a big topic to cover, but it’s not the only one. Here are some important topics that you want to include in your mix of awareness training.

Phishing by Email, Text & Social Media

Email phishing is still the most prevalent form. But SMS phishing (“smishing”) and phishing over social media are both growing. Employees must know what these look like, so they can avoid falling for these sinister scams.

Credential & Password Security

Many businesses have moved most of their data and processes to cloud-based platforms. This has led to a steep increase in credential theft because it’s the easiest way to breach SaaS cloud tools.

Credential theft is now the #1 cause of data breaches globally. This makes it a topic that is critical to address with your team. Discuss the need to keep passwords secure and the use of strong passwords. Also, help them learn tools like a business password manager.

Mobile Device Security

Mobile devices are now used for a large part of the workload in a typical office. They’re handy for reading and replying to an email from anywhere. Most companies will not even consider using software these days if it doesn’t have a great mobile app.

Review security needs for employee devices that access business data and apps. Such as securing the phone with a passcode and keeping it properly updated.

Data Security

Data privacy regulations are something else that has been rising over the years. Most companies have more than one data privacy regulation requiring compliance.

Train employees on proper data handling and security procedures. This reduces the risk you’ll fall victim to a data leak or breach that can end up in a costly compliance penalty.

Need Help Keeping Your Team Trained on Cybersecurity?

Take training off your plate and train your team with cybersecurity professionals. We can help you with an engaging training program. One that helps your team change their behaviors to improve cyber hygiene.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Free photos of Computer

Home Security: Why You Should Put IoT Devices on a Guest Wi-Fi Network

/in /by

The number of internet-connected devices in homes has been growing. It’s increased exponentially over the last decade. A typical home now has 10.37 devices connected to the internet. PCs and mobile devices make up a little over half of those and the rest are IoT devices.

IoT stands for Internet of Things. It means any other type of “smart device” that connects online. IoT devices in a home can be everything from your streaming stick to your smart refrigerator. Smart baby monitors and Alexa voice assistants are also IoT.

There’s also been another change that has happened over the last couple of years. It has been the increase in remote and hybrid work. The pandemic caused a major shift in where we work, turning the standard office paradigm on its head.

Now, working remotely has become the norm for many companies around the world. This has put increased scrutiny on the security of all those IoT devices. They are now sharing a Wi-Fi network with business data and devices.

Here are two alarming statistics that illustrate the issue with IoT security:

  • During the first six months of 2021, the number of IoT cyberattacks was up by 135% over the prior year.
  • It’s estimated that over 25% of cyberattacks against businesses involve IoT devices

Hackers Use IoT Devices to Get to Computers & Smartphones

Smart devices are a risk to any other device on a network. They are typically easier to breach. So, hackers will use them as a gateway into more sensitive devices.

A criminal may not care about the shopping list stored in your smart refrigerator. But they’ll breach that IoT device to see what other devices are on the same network.

The hacker can then use sharing and permissions that are often present on home networks. Through these, they gain access to your work computer or mobile device. These devices hold important data, and access to personal details.

Why are IoT devices less secure than computers and smartphones? Here are a few reasons:

  • They usually won’t have antivirus or anti-malware capabilities
  • Users often don’t update IoT devices regularly
  • They have basic interfaces which can hide a breach of the device
  • People often don’t change the default device username and password.
  • Sharing settings on IoT devices makes them easier to hack

Improve Security by Putting IoT on a Separate Wi-Fi Network

Just about all modern routers will have the ability to set up a second Wi-Fi network, called a “guest network.” This shows up when you connect to Wi-Fi as a separate Wi-Fi that a device can use to get online.

Separate Wi-Fi

By putting all your IoT devices on a separate network you improve security. You cut that bridge that hackers use to go from an IoT device to another device on the same network. Such as those that hold sensitive information (computers and mobile devices).

In fact, when you separate those two (IoT devices and sensitive-info devices) a hacker can’t see all. If they breach one of your smart devices, they can’t tell you have a PC or smartphone. This is because they’re on the other network.

This is an important layer of security to use. Whether you’re a remote worker or use your computer for home budgeting and banking, it can help. All PCs and smartphones usually contain access to online banking or personal information.

Here are the steps to take to separate your IoT devices. (Note, you can also have this done by us, we’ll be happy to handle all these steps for you.)

  • Step 1: Log into your router settings.
  • Step 2: Look for an area that allows you to set up a guest network. This will be different for each router, so you may need to access a help guide online.
  • Step 3: Set up the guest network according to the router prompts. Make sure to use a strong password.
  • Step 4: Edit the password for your existing network. This keeps IoT devices from automatically reconnecting to it.
  • Step 5: Connect all IoT devices in your home to the new guest network.
  • Step 6: Reconnect your sensitive devices (computers, smartphones) to the preexisting network. Use the new password.

As you add any new devices to your home network, make sure to connect them to the appropriate network. This keeps the layer of security effective.

One more tip: When naming your Wi-Fi networks, don’t use descriptive names. This includes things like “IoT network” or your name, address, or router model name.

It’s best to use names that won’t give the hackers valuable information they can use in attacks.

Need Help Upgrading Your Home Cybersecurity?

With so many remote workers, hackers have begun targeting home networks. They know they can contain sensitive business as well as personal data. Don’t leave yourself open to a breach. Schedule a home internet security review today!


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

turn-on laptop displaying 97 percent battery

Get More Unplugged Laptop Time with These Battery-Saving Hacks

/in /by

One of the big draws of a laptop computer is that you can use it anywhere. You don’t need to have it plugged in all the time because it has an internal battery.

Your laptop may start out with several hours of battery life when you first buy it. But the lifespan can get shorter as time goes by and battery health takes a hit. Sometimes this can be due to a lack of PC maintenance. Other times, it’s due to the environments the laptop is subject to (such as a hot car).

Seeing your laptop’s battery capacity shrink can be frustrating. But there are several things you can do to increase the time you can go without needing to plug it in.

Lower the Display Brightness

The brighter your display is, the more battery power it’s taking. Have you ever hit the automated low battery mode on a laptop? Then you know you immediately notice a difference in brightness. This is because that setting turns down the brightness. It’s one of the ways to reduce battery consumption.

You can turn down the brightness of your screen in your display settings. You can also use the brightness keys that are usually in the top row of keys on a laptop keyboard.

Reduce PC Battery Use in Power/Sleep Settings

Here’s one way to increase the time you can use your unplugged laptop without a power source. Adjust some of its power and sleep settings.

Power Settings

If you’re using Windows, open the search on the Task Bar. Type in “power settings.” This directs you to the power, sleep, and battery settings in your system settings.

Look for any tips at the top for increasing battery longevity. Such as, making the time your screen goes dark after inactivity and the time it goes to sleep the same.

Then review the settings, such as Screen and sleep, and Power mode. Find the ones that will reduce your PC’s battery consumption. This will extend the time you can go without a new charge.

Power & Battery

Enable Battery-Saver Mode

You don’t have to wait until your PC hits 10% for it to go into battery-saver mode. You can control this and enable it yourself in your system settings.

Do you know you’re going to be without a power source for a while? Put your PC in power-saver or battery-saver mode right away, so you can extend the charge as long as possible.

Use the Manufacturer’s Battery Calibration Tool

Manufacturers will have their own PC maintenance tools installed. You can use for battery calibration. Sometimes calibrating the battery can correct an issue with a battery life. Especially if life has gotten shorter than when you first purchased your laptop.

Look for a manufacturer’s built-in maintenance app. It will usually be on the Task Bar unless you’ve hidden it. When you open that, you may find that you need to do a calibration or other maintenance task.

Battery Calibration Tool

Get a Computer Tune-up

If you have processes running in the background it can sap your battery life. Processes that aren’t needed can often run anyhow. Getting a computer tune-up from your IT provider can solve a lot of different issues. This includes such as computers that get sluggish, and often, the battery life too.

Consider Using Microsoft Edge Browser for Its Efficiency Settings

If like most people, you keep a lot of browser tabs open while you’re working on your PC. They could be sapping your battery power.

Consider trying Microsoft’s Edge browser. It has been gaining in popularity ever since it incorporated the Chromium engine. This is the same one Chrome uses.

The browser has several power-saving features that you can enable in your settings. Search “sleeping tabs” in Edge settings to find these. They include:

  • Enable efficiency mode (choose from the available options)
  • Enable Sleeping Tabs and fade them when asleep
  • Choose when you would like to put inactive browser tabs to sleep to conserve battery power.
Microsoft Edge Browser Features

Turn Off Unnecessary Apps Hogging Battery Power

Check the apps that are running on your PC in the Task Manager. Do you really need them all to run when you’re unplugged and trying to conserve battery power?

Often processes that aren’t 100% necessary all the time will be running. Such as an update service or cloud storage syncing app. Close the apps you don’t need to use at that time to lengthen battery life.

Keep Your PC Out of Too Much Heat or Freezing Temps

Both excess heat and freezing temperatures can be bad for a computer. This includes shortening the battery life.

You should never leave your laptop in a car on a hot day or when it’s freezing outside. Also, it might not seem particularly hot to you, but if it’s sunny, the inside of a vehicle can heat up pretty quickly. Be aware of the temperature extremes that your laptop is subject to.

Looking for a PC Tune-Up or Battery Replacement?

We can help you with a full system tune-up or a laptop battery replacement if needed. Don’t struggle with short battery life when you can have that fixed in no time! Give us a call today and let’s chat.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

gray microsoft surface laptop computer on white table

5 Exciting Ways Microsoft 365 Can Enable the Hybrid Office

/in , /by

“Hybrid office” is the new buzzword you’ll hear used in business discussions. It’s the mix of having employees both working at the office and working from home. This has become more than a buzzword and is now the reality for many companies.

There was a survey of employees with remote-capable jobs. The survey found that as of February of 2022, 42% of them were working a hybrid schedule. And 39% were working from home full time.

The global pandemic brought on this hybrid office transition. It forced companies to operate with teams that could no longer safely come to the office. During this time, employers and employees experienced the benefits of hybrid work firsthand.

These benefits of remote teams included cost savings for both workers and employers. It also allowed the company to operate with more flexibility. Improved worker morale was another advantage.

One fact surprised many employers that feared remote work would tank productivity. It actually increased in many circumstances.

63% of high-growth companies use a “productivity anywhere” hybrid work approach.

In order for hybrid teams to be productive, they need to stay connected. No matter where they work, the right technology tools should enable them.

One of the leaders in this space has been Microsoft. The company plans to add several exciting updates this year. These will provide more tools for companies to enable their hybrid teams.

Here are some of the ways you can use Microsoft 365 to optimize a productive hybrid office. Note, that some of these features are already out, and others should release later this year.

1. Microsoft Teams & Expanded Features

Microsoft Teams is much more than a team messaging app. The application combines the best features of virtual video meetings and messaging channels. It brings them together into a platform designed to be a secure online work hub.

MS Teams has come a long way in the last five years. And the company continues to add more features to enable hybrid offices. Some of the recent feature updates include:

  • The ability to do webinar registration
  • Presenter modes that provide a more professional virtual presence
  • Increased security through features like smart links and smart attachments
  • A full business VoIP phone system add-on
  • The addition of a “metaverse” component called Mesh for Teams
Mesh for MS Teams
Mesh for Microsoft Teams

2. New Meeting Options for RSVP in Outlook

One of the challenges, when everyone isn’t working in the same place, is how to know when to “clock in” and “clock out.” As well as how to let colleagues know whether you are working at home next week or the office.

To help hybrid teams better coordinate, Outlook is getting an update. It will allow users to RSVP to meetings. This can let team members know whether they are attending virtually or in person.

3. Better Framing for More Engaging Meetings

One thing that can distract from the purpose of a meeting is someone’s background at home. Positioning of the camera can also be problematic. One person might have their face taking up 80% of the video screen. Another may only take up 20% because they’re sitting farther away from their PC’s camera.

A new Surface Hub 2S Smart Camera will allow for better face framing. This will affect when people are meeting virtually in Microsoft Teams. Features include adjusting the room view so people’s faces will be clearer. As well as having more consistent sizing.

The video display will also automatically adjust as people join or leave a physical room.

Surface Hub 2S Smart Camera
Images are from Microsoft

4. Get Better Control of Your Video Using PowerPoint to Present

People often share a screen in a video call and present a PowerPoint presentation. It can be difficult to keep everyone as engaged as when you’re presenting in person.

For example, in person, you can maintain eye contact. People can clearly see your facial expressions as you emphasize various things. That’s not always the case when presenting virtually. The app may push your video feed into a tiny box.

There’s a new upcoming feature for Teams called Cameo. It will allow you to seamlessly integrate PowerPoint with MS teams. You can decide exactly how you want your video feed to appear in relation to your presentation.

Another addition is Recording Studio. This new feature for PowerPoint allows you to record professional-looking on-demand videos. You can do it right inside the app.

Cameo
Cameo in PowerPoint & MS Teams

5. Get Help With Your Presentation Skills

Microsoft has poured a lot of AI capabilities into Microsoft 365 over the last several years. One that will soon help you deliver better virtual presentations is Speaker Coach.

This is a private and personalized coach. It can help you hone your presentation skills. This improves your switch to the differences between presenting online versus in person.

Some of the feedback it can provide include:

  • Use of repetitive language
  • Use of filler words (Ummm)
  • Speaking pace
  • Pausing for input
  • Intonation
  • Speaker overlaps
  • And more

Ask Us About Improving Your Hybrid Office Capabilities with Microsoft 365

Microsoft 365 has a ton of helpful features. But it does help to have an expert guide to help you navigate these capabilities. Contact us today to set up a chat about how Microsoft 365 can help your business grow.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Registration, Log In, Keyboard, Hand, Write

Which Form of MFA Is the Most Secure? Which Is the Most Convenient?

/in /by

Credential theft is now at an all-time high and is responsible for more data breaches than any other type of attack.

With data and business processes now largely cloud-based, a user’s password is the quickest and easiest way to conduct many different types of dangerous activities.

Being logged in as a user (especially if they have admin privileges) can allow a criminal to send out phishing emails from your company account to your staff and customers. The hacker can also infect your cloud data with ransomware and demand thousands of dollars to give it back.

How do you protect your online accounts, data, and business operations? One of the best ways is with multi-factor authentication (MFA).

It provides a significant barrier to cybercriminals even if they have a legitimate user credential to log in. This is because they most likely will not have access to the device that receives the MFA code required to complete the authentication process.

What Are the Three Main Methods of MFA?

When you implement multi-factor authentication at your business, it’s important to compare the three main methods of MFA and not just assume all methods are the same. There are key differences that make some more secure than others and some more convenient.

Let’s take a look at what these three methods are:

SMS-based

The form of MFA that people are most familiar with is SMS-based. This one uses text messaging to authenticate the user.

The user will typically enter their mobile number when setting up MFA. Then, whenever they log into their account, they will receive a text message with a time-sensitive code that must be entered. 

On-device Prompt in an App

Another type of multi-factor authentication will use a special app to push through the code. The user still generates the MFA code at login, but rather than receiving the code via SMS, it’s received through the app.

This is usually done via a push notification, and it can be used with a mobile app or desktop app in many cases.

Security Key

The third key method of MFA involves using a separate security key that you can insert into a PC or mobile device to authenticate the login. The key itself is purchased at the time the MFA solution is set up and will be the thing that receives the authentication code and implements it automatically.

The MFA security key is typically smaller than a traditional thumb drive and must be carried by the user to authenticate when they log into a system.

Now, let’s look at the differences between these three methods.

Most Convenient Form of MFA?

Users can often feel that MFA is slowing them down. This can be worse if they need to learn a new app or try to remember a tiny security key (what if they lose that key?).

This user inconvenience can cause companies to leave their cloud accounts less protected by not using multi-factor authentication.

If you face user pushback and are looking for the most convenient form of MFA, it would be the SMS-based MFA.

Most people are already used to getting text messages on their phones so there is no new interface to learn and no app to install.

Most Secure Form of MFA?

If your company handles sensitive data in a cloud platform, such as your online accounting solution, then it may be in your best interest to go for security.

The most secure form of MFA is the security key.

The security key, being a separate device altogether, won’t leave your accounts unprotected in the event of a mobile phone being lost or stolen. Both the SMS-based and app-based versions would leave your accounts at risk in this scenario.

The SMS-based is actually the least secure because there is malware out there now that can clone a SIM card, which would allow a hacker to get those MFA text messages.

A Google study looked at the effectiveness of these three methods of MFA at blocking three different types of attacks. The security key was the most secure overall.

Percentage of attacks blocked:

  • SMS-based: between 76 – 100% 
  • On-device app prompt: between 90 – 100%
  • Security key: 100% for all three attack types

What’s in Between?

So, where does the app with an on-device prompt fit in? Right in between the other two MFA methods.

Using an MFA application that delivers the code via push notification is more secure than the SMS-based MFA. It’s also more convenient than needing to carry around a separate security key that could quickly become lost or misplaced.

Looking for Help Setting Up MFA at Your Company?

Multi-factor authentication is a “must-have” solution in today’s threat climate. Let’s discuss your barrier points and come up with a solution together to keep your cloud environment better secured.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Displaying Top 5 Mobile Device Attacks You Need to Watch Out - raw image.jpg

Top 5 Mobile Device Attacks You Need to Watch Out For

/in /by

Smartphones and tablets are often the preferred device for communications, web searching, and accessing many types of apps. They’re more portable and can be used from anywhere.

We’re seeing the takeover of many activities that used to be performed on traditional computers. Now, people are using mobile devices instead.

For example, Microsoft estimates that up to 80% of the workload in many enterprise organizations is now done via mobile devices. Over half of all web searches are also now conducted from a mobile device rather than a desktop PC.

This has caused mobile devices to become more targeted over the past few years. As hackers realize they’re holding many of the same sensitive information and app access as PCs, they’ve been creating mobile malware and other exploits to breach mobile devices.

In 2020, approximately 36.5% of organizations were impacted by mobile malware and 2.5 million people unknowingly downloaded multiple mobile adware apps.

It’s important to start treating mobile devices in the same way as you do computers when it comes to their security. Smartphones and tablets need the same types of security precautions in place, including:

  • Antivirus/anti-malware
  • DNS filtering
  • Automated OS and app updates
  • Managed backup

You need to be on the lookout for the most prevalent mobile device threats that allow your data to be leaked or breached. Here’s a roundup of what those are.

1. Mobile Malware Hidden in Apps

It’s not easy at first glance to tell the difference between a legitimate free app and one that has malware hidden inside.

Scammers will use the same types of flashy graphics, and the app may even have a high star rating (most likely boosted through suspicious means). The app may even do what it says it will do when downloaded.

But malware can be hidden in the background, infecting a device as soon as the app is installed. And many of these apps will hide once on your phone or tablet by using the icon of a common default system app (like settings or calendar).

Mobile malware can include all the same types of malware that can infect a computer, such as ransomware, adware, spyware, trojans, and more.

2. Unprotected Communications

Have you ever sent someone a password or credit card details over a text message or messaging app? Did you check to see if the communication was encrypted?

Many users will use various methods of communication from their mobile devices without knowing how secure those methods are. If sensitive information is transmitted and it’s not encrypted, then a hacker could easily intercept it.

3. Public Wi-Fi & Man-in-the-Middle Attacks

Public Wi-Fi has long been known to be non-secure, yet people still use it when it’s available. They want to save their mobile minutes or get a faster connection.

75% of people admit to connecting to email when on public Wi-Fi. Other activities people will do is sign into apps (even sensitive ones like online banking), and shop online, entering credit card details.

If you’re on public Wi-Fi, then you’re at high risk of a man-in-the-middle attack. This is when a hacker connects to the same network and looks for victims with unprotected communications. They can then capture any type of data they’re transmitting.

One way to safely connect to public Wi-Fi is to use a VPN app, which will encrypt your communications.

4. Juice Jacking on Public USB Charging Stations

Another public mobile breach danger is public USB charging stations. These are often welcome sights especially if you’re low on battery power. However, hackers can infect public USB charging ports with malware and set up fake charging stations in public areas.

Then, when you insert your USB cord to charge your device, the malware is copying all the data on your phone and/or infecting it with malicious code. See, USB cables aren’t just for charging, they are also used for data transmission.

It’s best to avoid public USB charging ports and charge with your power adapter that plugs into an outlet instead. You can also buy a “charge-only” USB cord to use if USB charging is your only option.

5. Non-Updated Devices

Approximately 40% of Android devices are running outdated operating systems that no longer get vital security updates.

When your mobile device is not kept updated, then it’s easier for a hacker to use an exploit that takes advantage of a code vulnerability in the OS or one of the installed apps.

Many companies aren’t paying attention to how many employees’ work devices are running current operating systems, which puts their networks at higher risk of a breach.

You should ensure that all your apps and your OS are kept updated because many of these updates include critical security patches.

Ask Us About Mobile Device Security Solutions

With mobile devices handling so much of the computing workload these days, it’s vital they’re properly protected. Contact us to discuss mobile security and management solutions.


Featured Image Credit

This Article has been Republished with Permission from The Technology Press.