The growing mobile malware scourge makes news every month. Perhaps you’re one of the lucky folks who’s never had an experience with fraud or malware, but fraudsters who make a living with it are reaching new lows these days. If your data’s being siphoned off, your privacy invaded or your money being swallowed up, how would you know? Here are a few things to keep an eye on.
Has your phone’s behavior become slow or erratic? Does it act sluggish when performing the same functions it did rapidly in the past? Is its battery draining at a more rapid pace than usual?
If malware has entered your phone’s system, it could be performing activities in the background, such as placing unauthorized text messages to premium numbers, sending out bots that gather and transmit your contact information, or other mischief.
Do you notice when you’re talking on your phone that your calls get disturbed or even dropped completely, for no apparent reason?
Same answer. Each form of malware has a specific task, whether it’s a bot that collects and sends out your data to a remote location, or a Trojan that opens up and releases viruses, or bots that have specific jobs. Bad code is programmed to go to work once it’s downloaded and receives a pre-determined signal to wake up. What you could be noticing is background activities that are interfering with your phone’s normal functions.
Check your phone bill carefully. Are there charges for SMS messages you know you didn’t send, or are small charges appearing that you can’t explain?
Some malware has the ability to dial out text messages from your phone to “premium” numbers, which automatically charge you for the call. This can be happening repeatedly without your knowledge. This happens in the background – you don’t see or hear it happening, but you’ll see the charges on your bill – they can become very expensive if they aren’t caught early. Small charges on your bill might indicate that your account’s being tested for viability.
As a matter of course, always check your credit card and bank statements. If you’ve downloaded malware that might have stolen your passwords or financial data, you could see your credit being used for things you never dreamed of buying.
Before you download apps, take a moment to look up reviews, and make sure you get all your apps from reliable sources, such as Google Play. Never, ever accept a free app, and try to avoid clicking on spammy ads and offers. Educate yourself about URLs, and how to spot one that doesn’t look right. Finally, don’t respond to any SMS messages, voice messages or emails from a sender with whom you’re not familiar.
Strong mobile security protection can prevent any form of nasty malware affecting your phone. With just a single download you can cross malware concerns off your list. Do it today, and relax about malware.
How smarter criminals are coming after your personal information
By now, most everyone has heard the story: on April 23rd, the AP’s twitter account was “hacked.” The tweet, which was a fairly obviously fake, still managed to send Wall Street into a panic. The Dow Jones Industrial Average dropped 145 points in 2 minutes.
The media flurry following this recent “attack” centered around the effect of social media on world markets. One little piece of misinformation had the power – albeit incredibly temporary – to spur a stock sell-off and make the dollar tumble.
What hasn’t been widely discussed is that this wasn’t the result of hacking like most people think about hacking. It was the result of carefully executed, targeted phishing campaign, or as it’s now called, “spear phishing.” The offending email looked legit. It didn’t come from a Nigerian prince. It wasn’t full of grammatical errors. Instead, it was a sophisticated message that targeted a specific group of people with a link relevant to them and appearing to come from a colleague. And it was a good enough fake that someone fell for it. And the rest is history.
The Reality of the Threat Landscape
So why is this important? It highlights the reality of the threat landscape.
The week prior to the AP spear-fishing attack, my company, NQ Mobile, released our 2012 and Q1 2013 mobile threat reports. The key takeaways of those reports were:
The number of threats is increasing
Threats are getting more and more sophisticated
Social Engineering tactics are increasingly being leveraged by malware developers
One of the main methods of infection is through malicious URLs
The AP Twitter hack gives us a perfect example of where things are headed. And that was executed, we assume, through a PC. Such a threat would be even more difficult to detect from a mobile handset. On a PC, the real URL will generally display when you hover your mouse over it, regardless of the text of the link. On a mobile device, the URL is generally concealed, making this type of scam incredibly easy to fall for.
When mobile security companies such as NQ Mobile release reports of malware discoveries, we often get accused of “fear mongering.” NQ Mobile’s Security Labs includes over 200 security experts. In addition to discovering and breaking apart new forms of mobile malware, our experts investigate key communication and collaboration channels populated by hackers and malware authors. It’s through these inspections that we spot trends or new malware tricks before they can be pushed out to smartphone users around the world.
It’s in these forums, IRCs and newsgroups where NQ Mobile has discovered a troubling trend. While it likely hasn’t affected you, we’re offering the example as proof that these threats are real. Let me introduce you to the “Carder Kids.”
Young hackers, aged 13-20, are using a combination of mobile malware and social engineering to scrape credit card numbers, PayPal logins and other financial data from mobile devices. This information is then sold to “money mules” whose expertise lies in turning “virtual money” into real money.
NQ Mobile’s “Dark Web” experts have been chatting with these carders on underground forums where they buy and re-sell the bricks necessary for their scams. While they are located all over the world, we find a predominance coming from Russia and Eastern Europe domains in particular. Think Anonymous and you get an idea of the structure – there is none. Most don’t have any links to organized crime. Some even have “real” jobs and are just cloning credit cards for extra cash. In fact, most of these young hackers make very little money from carding.
So how does it work? Generally, “getting carded” starts with malware that will pirate a device’s contact book, notes (where people frequently store account data) and SMS data. This data is then used by hackers to socially engineer SMS and email spear phishing scams. When they collect sensitive financial data, it is frequently placed on the open “dark markets” for bidding and/or purchase by the “carders” who then sell the information to the “money mules.”
Money mules are generally older than the “carder kids,” but they have the skills needed to turn virtual money into real cash. They are most interested in account and CVV data along with full card “dump” files. A dump file contains all the data that is stored on your credit card’s magnetic strip. What might surprise you is that the mules actually transfer their financial rewards into legal bank accounts!
Full credit card information, PayPal logins, etc., are bought and sold in underground markets for anything between $2 and $5 each, usually using e-gold for payment. Most of the credit cards are bought by packs.
Then there is what we call “dumping.” This is when a fraudster steals credit or debit card information to commit financial fraud in a person’s name. In most instances this type of data is physically collected rather than through the Internet and or mobile. The card information, for example, can be skimmed almost anywhere and at any time – some of the more popular skimming locations are shops, restaurants, railway stations, gasoline stations and ATM machines. This card information is then sold on the dark market as “dumps.”
The point of the story is that mobile security isn’t just about protecting you from viruses. Threats don’t only come in the form of malicious applications that one inadvertently “sideloads” onto his or her device. Mobile security is also about making sure your data is protected.
It doesn’t matter whether the economic climate is good or bad, there is always a market for fraud. The marketplace for carding is growing and will continue to grow. And as the engineers behind these types of attacks get smarter and smarter, we can only expect to see them more and more often.
We’re not going to bore you with an effusive discussion about selfless Mothers this week. As much as we love them, mothers are women first so, instead, with all due respect to mom, we want to talk about women’s growing fondness of smartphones.
A recent survey showed women inching up past men in the smartphone-owning category. Chances are your own mom has a smartphone. Whether she’s a young stay-at-home mom, a mid-life professional or a retired grandparent, women love the conveniences afforded by smartphones.
In 2010, a UK survey showed that 63% of men owned smartphone, as opposed to women, whose ownership percentage was then 37%. Now, in 2013, that balance has changed. The same survey now shows women claiming 58% of the smartphone pie, while men follow with 42%.
Clearly, women have jumped onto the cell phone bandwagon in greater numbers as the technology became just too good to resist. Larger screens, super cameras and easy interfaces have made the smartphone a factor in women’s lives more than ever. The advances in kid-tracking apps and practical tools for just about every function of daily life have boosted women’s interest in smartphones considerably, not to mention the plethora of business and learning apps. With the huge workload most moms carry, a smartphone is a welcome addition to the family.
Do your mom a favor this Mother’s Day. If you’re far away, give her a call. If she doesn’t have a smartphone, get her one. While she lounges on the beach, arranges those roses or leisurely works on that five-course gourmet meal you’ve cooked for her, offer to do a little maintenance and checkup on her new phone, or the one she already owns.
While you’re making sure all the updates have been downloaded and her settings are all in good order, go ahead and download a strong mobile security product to keep her phone safe from malware, and to protect her privacy. She protected you for years – maybe it’s your turn. Happy Mother’s Day to the wonderful women in your life.
In honor of Password Day, we decided to revisit our popular blog post from last year about passwords. As relevant today as it was then, this list of hackers’ favorite passwords may surprise you.
25 mobile passwords hackers love
We’ve all read hundreds of password-setting tips. Most of us know the rules and we’re pretty savvy about using clever combinations to safeguard our mobile privacy. However, Splash-Data, a password management company, published a list of the worst passwords ever and, astonishingly, some of them look all too familiar!
The list came from files posted online by hackers listing passwords theyd stolen in 2011. These words are considered easy targets and, while some of them might seem obscure enough, they’re well-known to cyber criminals, and are a breeze to hack.
Introducing, the worst passwords ever
If you’re wondering about qwerty and qazwsx, take a good look at your computer’s keyboard.
We can only guess why certain names come up often enough to be on this list, but just in case you have a family member named Ashley, Bailey or Michael, this is fair warning.
In fact, avoiding every word on this list is a good start toward true mobile protection. Make your passwords long, strange, mixed up with symbols, and meaningful to no one but yourself.
Awareness of mobile security practices is evolving in our communities, but each of us can take individual steps toward our own safety and privacy. Information like this list needs to be shared so we can stop cyber-crime in its tracks.
We at NQ Mobile can’t help you choose a password, but we can protect you from hacking, viruses and all forms of malware. One easy download will go a long distance in protecting your family’s mobile devices as well as your peace of mind. Award-winning NQ Mobile Security is still the best on the market – and it’s free. Visit us today.
Since its launch in September of 2012, our award-winning Family Guardian security app has been honored with its fifth distinguished award.
NQ Family Guardian won the National Parenting Publication’s Seal of Approval this week in the“Gadgets ‘n’ Gear”category. NAPPA’s panel of independent, expert judges and parent testers evaluated hundreds of submissions looking for innovation, safety, quality, and the value they offer to parents.
NQ Family Guardian helps parents keep kids safe
Once Family Guardian is downloaded and installed on a child’s smartphone, its web-based control center is accessible by a parent or guardian from any desktop or mobile browser. The app gives parents a wide range of choices about the latitude they want to allow for their mobile kids, and it’s easily adjusted for changing age and maturity. The app allows parents to decide how much time their child spends on a mobile device, what content the child can view online, and allows parents to monitor their kids’ mobile activities. In addition, kids can press a button for immediate contact should an emergency arise. With its user-friendly interface, parents and children can work together to set “blocks” and “allows.” Family Guardian keeps mobile kids safe, and provides parents with peace of mind.
For more than 20 years, the National Parenting Publications Awards (NAPPA) has been the go-to resource for the best products for families. Decisions are made by their team of independent, expert judges, along with family and child testers. Julie Kertes, NAPPA’s General Manager, tells us,
“Parents look to NAPPA for the best products available for their families, and for that reason, we don’t take the task of vetting each submission lightly. NQ Family Guardian provides peace of mind for parents as they teach their children phone responsibility and safety, and through our judging process, we are proud to announce it as a superior, reliable and innovative product worthy of the NAPPA seal of approval.”
We can’t ask for much higher praise than that.
A consistent award-winner
We’re proud that NQ Family Guardian continues to receive awards that acknowledge its unique and outstanding features. In addition to this week’s NAPPA honors, Family Guardian has earned:
Parent Tested Parent Approved (PTPA) seal of approval.
Top 25 app at the CES Mobile Apps Showdown
Semi-finalist in the 2013 Edison Awards
Finalist in the “Mobile Apps- Productivity, Utility & Public Safety” category of CTIA’s annual Emerging
Technology (E-Tech) Awards competition. (Winners to be announced May 22, 2013)
NQ Family Guardian is available for download on Google Play and at select wireless retail dealers nationwide. For a complete list of all 2013 NAPPA Parenting Resources winners and more information about the competition, visit www.NAPPAawards.com.
In some parts of the world it’s Privacy Awareness Week. Initiated in Australia, it’s a time when people stop to take a more careful look into privacy issues, especially those involving digital communications.
Privacy Awareness Week’s a good reminder for all of us to consider how much of our privacy’s been absconded by the digital age, and decide whether we can live with it or not. An article in the New York Times last week describes a woman who was identified by advertisers as an MS patient, simply because the year before she had done some online research on MS and various other diseases. Now, labeled as an MS patient, the woman wonders whether this could affect her ability to qualify for health insurance at some point in the future, in addition to other unknown scenarios. Is this a valid concern? It certainly is!
Is it too late?
The woman who was targeted as an MS patient is all too familiar. How many times have you looked up something online and been bombarded with advertising about that specific thing, or even related topics? It happens constantly, every single day. Even writing an email to your mom about your dog results in Google showing you ads for flea medicine and doggie jackets. Have you ever done an Internet search on your own name? It may be surprising what the world’s been allowed to know about you.
In the big picture, it’s probably too late to go backward. We can’t return to the good old days when what we viewed or shared online was our own business. But there are a few things we can do to improve our personal privacy status when it comes to our mobile devices. We’ve shared them before, and share them again in honor of Privacy Awareness Week.
Passwords: Passwords should be based on something obscure, like the initials of a favorite quote or personal mantra. Incorporate at least one special character, at least one number, and don’t use the name of your pets, kids, street name, company name or any other easy-to-guess word associated with you. Make sure to change your password frequently.
Updates: Download security updates when you’re prompted. Keep your phone current.
Phone lock: Keep the phone on a short leash with an auto-lock that will kick in after just a few minutes. If you leave your table to get a coffee, it won’t be vulnerable to prying eyes.
Social Networking: Don’t overshare – be careful not to post addresses, phone numbers or information about vacations, family or other tips for potential identity thieves, stalkers or bullies. Checking-in may be fun for your friends, but it also tells stalkers and other predators where you are. Forego it, if you can.
System: Keep your phone clean by deleting any data that doesn’t need to be there.
Notices: If you receive an urgent message from a bank or financial institution, do not click on it or provide any of the requested information. These flash messages often want you to think your account’s in jeopardy and that you need to re-enter your private data. It isn’t, you don’t – and you shouldn’t.
Permissions: Learn to read permission agreements, end-user license agreements and terms of service agreements to make sure you’re not giving away private data when downloading new apps. And while you’re at it, teach your kids what to look for.
Wi-Fi: Public Wi-Fi hotspots are often an easy target for cybercriminals. Make sure you’re working within a secured network. Hotels, coffee shops and malls are often the worst places to go online. Merchants don’t always provide super-tight WiFi security because they don’t want to require passwords, and they want to accommodate every kind of device. Besides, a good cyber-criminal knows how to break most Wi-Fi systems.
Security: Always use a strong mobile security product to keep out the viruses, malware and fraudulent demons that tend to slip into your phone’s system when you do a lot of web surfing.
When you dispose of a phone, be sure it’s wiped clean of all data.
Share your thoughts and ideas about privacy here on our blog, or talk to us on our Facebook page. We’d love to hear from you.
Around the globe, NQ Mobile’s team of security professionals are taking the pulse of the mobile landscape every day. They report back all the good news – like, about how we consumers are doing better at protecting our mobile devices – and sometimes they have some less-than-pleasant news to report. Unfortunately, that’s the kind of news they have for us this week.
Our researchers are noticing an increase in skilled hackers partnering up with criminals by selling them data that they’ve stolen. In turn, cybercriminals are using the info they purchase to get access to the finances of consumers like you and me. They use tricky methods that, in the mobile business, are called “social engineering.” In simple terms, they manipulate unwitting consumers into giving up their valuable confidential information.
This is amazing
Our professionals estimate that more than 10 million devices have already been infected in the first quarter of this year! Here are some of their key findings:
Over 32.8 million Android devices were infected in 2012 vs. 10.8 million in 2011 – a whopping increase of over 200 percent
The top five markets for infected mobile devices were China (25.5%), India (19.4%), Russia (17.9%), United States (9.8%) and Saudi Arabia (9.6%)
65% of malware discovered in 2012 falls into a broader category of Potentially Unwanted Programs (or PUPs). PUPs include root exploits, spyware, pervasive adware and Trojans (surveillance hacks)
28% of mobile malware discovered in 2012 was designed to collect and profit from a user’s personal data
7% of malware was simply designed to make a user’s device stop working (i.e., “bricking” their phones)
Our Co-CEO, Omar Khan, said “The security industry’s ‘discover-first-and-inoculate-second’ strategy is no longer enough,” said Omar Khan , Co-CEO, NQ Mobile. “We need smarter systems that can discover threats before they infect consumers as well as more education so consumers can better spot and avoid these new mobile scams.”
What we can do as consumers
The very first step we can take is to make sure we have the strongest mobile security product available on our mobile devices. When purchasing a new phone or tablet, make this your first priority. If you already own mobile devices, take a moment to get them protected from all the viruses, scams and malware that have the potential to invade your privacy and steal your assets.
Cyber criminals get trickier every day. As consumers, we need to get ahead of them and become a cohesive force to thwart their illegal activities. Cyber crime is no joke. Don’t wait until it happens to you. No one’s exempt. Protect the privacy and well-being of your family and business as a first priority.
This is our second blog post about the recent consumer survey our researchers at NQ Mobile conducted, to find out how people view safety threats associated with their mobile devices.
Not surprisingly, 44% of our survey respondents with kids 17 and under reported that their children own their own smartphones. Among other interesting revelations, we found that the issues most concerning to parents of kids who own mobile devices isn’t as predictable as one might think.
Parents’ primary concerns for their young mobile users? Here they are, in order of stated importance:
Kids using their devices at times when they should be sleeping or paying attention at school.
Inappropriate content viewing
Each of the concerns expressed by these parents are associated with the welfare of children, and should be taken seriously, regardless of their place on the list. What we find fascinating is that parents may not know how simple it is to become involved in their children’s online lives.
Parents might consider letting their kids know, from the day they get their first phone, that they intend to have some influence over the amount of time the child spends on the phone, as well as her mobile activities. It’s easier to enforce this kind of guidance if it’s an agreement, made in advance, as a condition of the privilege of having a phone..
A good mobile family app will allow parents to set up times when the phone is open for use, and when it’s not – such as homework time and bedtime. The phone can be set to turn off and back on at appropriate times.
Effective Blocking and Allowing features let parents limit inappropriate material online at whatever level they see fit. As children grow up, these constraints can be more by setting the Blocking features at a lower level and Allowing more content.
Bullying and sexting are valid and timely concerns. A parent needs the ability to randomly look in on their kids’ mobile activities and, when necessary, step in to prevent any potentially dangerous or harmful contacts or behaviors. Parents can inform their kids that this is a condition of having a mobile device. It’s a reasonable safety measure, given the state of our culture when it comes to suicides, predators and other threats that loom for kids these days.
Finally, it’s important for kids to have a safety feature that lets them contact their parents or other adults immediately in case of an emergency.
How to Choose
There are many software apps coming onto the market that offer parental control for one thing or another, many with cute logos and titles with kid-appeal. We recommend serious software with a full and complete range of features, that can be used among all family members, whether you have one or five kids. At a glance, you should be able to easily see where each child is at any given time, what she’s doing on her phone, and who is contacting her. She should be able to alert you when there’s an emergency, and check in with you. Click here to learn about the most comprehensive mobile family package on the market, designed specifically to keep your children safe and sound.
It’s all about peace of mind. Raising kids can be complicated, especially in today’s culture of information overload, and kids who sometimes seem smarter than their parents. Make it easier on yourself by being involved and pro-active with your kids. When it comes to kids and mobile devices, it’s better to avoid surprises.
The survey was conducted online within the United States on behalf of NQ Mobile from February 22-25, 2013 among 413 adults ages 18 and older. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated.
Spring’s such a beautiful time of year. Kids are playing outside, people are tending their gardens and nature‘s putting on a show. It’s a great time for connecting with family and friends, after a long winter. Send your friends an e-card, or text a sweet message to your significant other this week. Refresh your relationships with old friends, or text a funny joke to your kids.
Never in history has it been so easy to stay in touch with those we love. Let’s make sure our communications aren’t interrupted by that dark threat of malware that seemed to loom in the cyber sphere this winter.
We suggest these springtime smartphone rituals to help you prepare for this busy season.
Do a bit of inspection on your smartphone now, and every couple months or so. Get rid of any apps or files that are just taking up space. Spring’s a good time to get a fresh start, and a “clean” phone is no exception.
Look carefully at your bill. Make sure that you recognize all the charges. If you see something you don’t recognize, call your carrier and get to the bottom of it.
Change your password. If you haven’t done it for a while, it’s a good time to start fresh. Try using the initials of words that you find uplifting or inspiring, such as a title of a song you love. Don’t forget to use upper and lower case, and add a number or special symbol.
Make sure any new updates have been downloaded, and that your phone’s in top shape.
Speaking of cleaning, it’s a good idea to wipe your phone occasionally with a mild disinfectant, especially if someone else uses it. Get rid of any winter germs that might be lingering there from your hands or mouth. Don’t get it wet, and don’t use any strong chemicals.
If you haven’t done so already, download the strongest mobile security software on the market. Protect your phone, with one easy download, from viruses, Trojans and all kinds of malware and privacy invasion.
If you have a new phone and want to dispose of your old one, make sure every bit of data is swept clean from it before you donate it or give it to someone. (If your company’s replacing mobile phones, check out http://techpayout.com/corporate/ for a buyback program.)
Now, your smartphone’s shiny, clean and ready for a beautiful season of unfettered connecting! Like all of the objects that give us pleasure in life, your phone needs occasional maintenance in order to provide you with the best service. Now go outside, call your mom, and enjoy the wonders of springtime.
Losing your mobile device can be a disturbing, and even devastating event. People lose financial data, photos of their kids, important contact information, private info, and even company data. Once you’ve had that experience, you automatically take extra precautions not to lose one again. Right?
Not necessarily. A recent survey conducted by NQ Mobile says that of every three unfortunate consumers who experience a lost mobile phone, whether by accident or theft, at least one of them still won’t bother to lock up the new phone.
Most people perceive a lost or stolen phone or device as a hard lesson – one that changes their conscious behavior when they’re forced to buy a new one. After losing a phone and having to get a new one, 69% of those consumers take steps to protect their new devices. As illogical as it may seem, 31% still choose to leave their new devices open and vulnerable. Where’s the disconnect?
It’s definitely a concern
Our survey reveals that most of us are aware of all the things that could go wrong if we were to lose a mobile device. In fact, in order of concern, these are the things that frighten most users about losing a phone:
Losing saved contacts
An intruder reading their emails or texts
Having an unauthorized person post to their social networking accounts
Having their photos or videos posted publicly
So, the awareness is there, but only 52% of those we surveyed used a passcode or some kind of safety method to prevent stranger-access to their device. Interestingly enough, younger consumers are more likely to take precautions. 64% of respondents aged 18 to 34 use some method of device locking, as opposed to only 30% aged 55 and up.
More than a few of us have lost a phone or device
A significant 25% of our respondents said they’ve either lost a device or had one stolen in the past. Of these devices, 40% were unprotected. After getting a new phone, 69% of those who lost unlocked phones changed their ways and added some kind of protection to their device. But, surprisingly, 31% still gamble with leaving their phone unlocked and unprotected. People are funny.
Parents and kids
Our next blog post will explore what this latest survey reveals about parents and their concerns connected with their kids’ use of smartphones. In the meantime, here’s a short list of tips from our researchers about protecting your interests on your smartphone or other mobile devices:
Lock It Up.
Do Your Research.
Arm Your Device.
For more tools to protect your smartphone from intrusions, attacks and snoops, visit NQ Mobile.