Most of us can agree that we don’t want our personal data falling into other people’s hands. This may seem like an obvious concept, but with the amount of data we regularly share online, it’s not such an uncommon occurrence that our information is wrongfully passed onto others. In this clever video published by Facebook Security, we learn how to nip scams in the bud and prevent others from tricking us into sharing personal information.
In order to keep your personal data secure, make sure to practice the following:
- Shred all personal documents before throwing them away. This is especially important when dealing with bank statements and bills.
- Be mindful of what you post on social media and other online forums.
- Choose your passwords carefully. Keep them diverse and don’t use the same password for each of your accounts.
- Use security software on all of your devices and make sure that it’s up to date.
How to spot a hacker before it’s too late? As the video’s narrator warns, “Beware of anyone requesting your personal data or money, whether over the phone, via email or online. They may pretend to be a romantic interest, a family member in trouble, or even a foreign prince – odds are, they’re not.”
This article is a re-print from the April 1, 2015 edition of Silicon India.
Security threats are evolving quickly, making it difficult to pinpoint just one threat that is currently affecting small and mid-size businesses.
From the threats we have observed in the past and the ones we anticipate for the future, we have learned that while malware can be damaging to businesses, so can human decisions. This makes it vital for small and mid-size business owners to discuss possible threats with their employees and share basic IT guidelines with them, but more importantly, to implement a strong security solution that holds up dangers before they become a real threat.
Taking Advantage of Human Nature: Social Engineering
Hackers understand that it is human nature to make mistakes, which is why they often turn to social engineering. Social engineering is a tactic that tricks people into revealing their personal information, like log in details, or into performing actions, like downloading malware disguised as an attachment or link.
Phishing emails are a popular form of social engineering that can easily sneak their way into your employees’ inboxes, disguising themselves as yet another offer, promotion, or even customer, if you do not have anti-phishing protection. Phishing campaigns come in many forms; they can either use scare tactics to make people believe they are in trouble or that they have won a prize.
In the last few months we have seen Trojans like Pony Stealer and Tinba make their rounds. Both Pony Stealer and Tinba attempted to convince people they owed money and to download an invoice, which was of course not an actual invoice, but a Trojan.
Falling for phishing scams can have devastating effects on businesses; they could not only steal personal information, but also attack Point of Sale (PoS) systems to steal customers’ financial information, thus not only affecting the business itself, but its clients as well.
Lack of security awareness: Beneficial for hackers, bad for your business
Not taking proper security precautions, like choosing weak passwords or ignoring security updates, is another human flaw cybercriminals like to abuse to access accounts and networks. To gain control of a system, hackers can enter common or weak passwords or simply look up hardware’s default administrative log in credentials.
Introduction to Android forensics (aka CSI: Android)
Digital forensics is a branch of science which deals with the recovery and investigation of materials found in digital devices. Forensics is usually mentioned in connection with crime, vaguely similar to criminal investigations on TV shows like CSI: Crime Scene Investigation and NCIS. However, several experiments (1, 2), including this one, use methods of digital forensics as proof that people do not pay attention to what happens with their personal data when replacing their digital devices (computers, hard drives, cell phones). In this blog post series we will reveal what we managed to dig out from supposedly erased devices. The sensitive information includes pictures (even very private ones!), videos, contacts, SMS messages, Facebook chat logs, Google searches, GPS location coordinates, and more.
What happens to the file when it is “deleted”
When people want to delete a file, most will use the standard features that come with their operating system. After it’s done, they consider the unwanted data to be gone forever. However, this is not true. When a file is deleted, the operating system merely deletes the corresponding pointers in the file table and marks the space occupied by the file as free. The reality is that the file is not deleted and the data it contained still remains on the drive. With regular usage of the drive, the remaining data will sooner or later be overwritten with different data. The same thing happens on your PC.
The following screenshots show the scenario. We used the program FTK Imager to mount the image of a partition containing user data. The first figure shows a [root] directory followed by [unallocated space]. Although all the sensitive files were deleted in the regular way, something still remained in unallocated space. In this particular example, we managed to dump 251 blocks of unallocated data and to recover interesting messages, for example from a Facebook chat. The seller of this HTC Sensation cell phone thought that his personal was cleared out, but the figures below show that he/she was tragically mistaken.
The Internet has become a virtual flea market, with online consumer-to-consumer sites like Amazon, eBay, and Craigslist selling millions of products every day. Used smartphones are a popular sales item on eBay – more than 80,000 people list their phones for sale each day. It seems like a smart way to make some extra money, but AVAST has found out that many fail to protect their identity in the process.
AVAST recovers an abundance of personal data from used smartphones
Most sellers delete all of their personal data prior to selling their used devices… or so they think. We purchased 20 used Android phones off eBay and used simple and easily available recovery software to restore deleted files. The amount of data we were able to retrieve was astonishing and proves that simply deleting is not enough.
Our analysts found the following:
- More than 40,000 stored photos
- More than 1,500 family photos of children
- More than 750 photos of women in various stages of undress
- More than 250 selfies of what appear to be the previous owner’s manhood
- More than 1,000 Google searches
- More than 750 emails and text messages
- More than 250 contact names and email addresses
- Four previous owners’ identities
- One completed loan application
One phone even had a competitor’s security software installed, but unfortunately it did not help the former owner as it revealed the most personal information out of all the phones we analyzed.
No one cares about my old photos, messages and Google searches, right?
Wrong! As the old saying goes, a picture is worth a thousand words. Now add private Facebook messages that include geo-location, Google searches for open job positions in a specific field, media files, and phone contacts. Put all of these pieces together to complete the puzzle and you have a clear picture of who the former smartphone owner was. Stalkers, enemies, and thieves can abuse personal data to stalk, blackmail and steal people’s identities. They can use this information to watch people’s every move, exploit their strange fetishes, open credit cards in their name, or even continue what they started by further selling their personal information online.
How to permanently delete and overwrite data from your Android phone
Deleting files from your Android phone before selling it or giving it away is not enough. You need to overwrite your files, making them irretrievable. To do so, install avast! Anti-Theft from the Google Play Store for free. Once you have the app installed, turn on the “thorough wipe” feature within the app. You will then need to create a my.avast account to connect to the phone (this allows users to remotely wipe their phones in theft cases as well). The final step is to wipe the phone clean, which will delete and overwrite all of your personal data.
Read about our investigation:
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
PRIVACY. It’s the word of the year from dictionary.com. With reports of the NSA turning the internet into a vast surveillance platform, FBI agents and hackers monitoring citizens through home appliances, web-browser tracking cookies multiplying like rabbits, and information you post to social networking sites yourself, the loss of individual’s online privacy and the extensive access of personal data became a mainstream topic in 2013.
In an interview about security issues with SC Magazine, Vincent Steckler, AVAST’s CEO said that the next aspect of security that needs consideration is privacy. Both consumers and corporates are going to need social media protection capabilities, including checking of links for malware, better control of privacy settings, and control over apps. That goes for tracking in browsers as well.
Abandon all privacy, ye who enter here
Ondřej Vlček, AVAST’s Chief Technology Officer, agrees. “’Do not track in browsers’ doesn’t really work,” he says. “It’s up to the servers whether to adhere to [the HTTP Do Not Tracker header] or not. Most commercial services don’t adhere to it.”
Raise your hand if you use your smartphone to surf the web, compare prices, or buy movie tickets? (That looks like most of us.) Lots of people don’t realize that mobile brands, apps and websites ‘track’ their online movements. Vlček said there are plug-ins that remove things like tracking from ad networks, analytics services or Facebook’s Like buttons without breaking the service. He suggests this approach is an important piece of the puzzle for privacy protection.