Posts Tagged Mobile Security

What Is Vishing & How To Avoid It

Vishing is the term used for voice or VoIP (voice over IP) phishing. It is a social engineering attack that is launched with a primary goal to extract user’s confidential information and is usually done using an automated dialing and voice synthesizing equipment.

Vishing works just like any other phishing scam. The imposter generally pretends as someone from the bank or as a government representative seeking information. Sometimes, the fraudster may even use voice to text synthesizers or recorded messages to masquerade himself. The attack is launched with an intention to gain access to a person’s PIN number, credit card details, passwords, social security number etc. In most cases, the scammer is successful in making the victim part with their credentials.

When a vishing attack is launched, either of these things happen 

  • A person will receive a call. On answering that call, an automated voice system will ask the victim for their personal information.
  • Sometimes, a fraudster will call the victim and inform that they should call their bank to avail some offer or to provide certain information. The victim then hangs up the phone to dial bank’s number but fraudster doesn’t and keeps the lines open. Victim hears a spoofed dialing tone and some other scammer answers the phone call. They impersonate their identity as bank official to steal the required information.

How Do They Obtain Your Number?

There are several possibilities by which the fraudsters obtain your number. Some of which are

  • Using stolen phone information
  • Auto – generated numbers
  • Numbers and details compromised in a previous data breach

Techniques Used By Them

  • Impersonate As Genuine Callers – There is high probability that these scammers already have your personal information and address you as genuine people over the phone.
  • Holding The line – Sometimes, cyber criminals hold your call. They then direct your call to another scammer when you call them back.
  • Sense Of Urgency – The most common approach is to incite fear in the mind of a person. The caller makes the victim believe that their money is in danger. He/she then acts hastily without thinking much and commits the mistake of sharing their confidential information with the fraudster.
  • Phone Spoofing – The number from which the call comes seems to be genuine and so you believe what the caller says, often ending up in sharing your login credentials or passwords.

How To Avoid Them

  • Never Share Your Personal Information Over The Phone – If you pick a call that seems to be from a legitimate caller, never share your personal information over the phone in the first place. No bank or government institution will ask you to provide your credentials over the phone. In case they do, then ask the caller’s name and tell them that you would call them back after some time. Search for the bank’s official number and inquire from them about the call.If you sense something suspicious then there are chances that the call was a vishing attack launched at you.
  • Use A Caller ID App – There are numerous apps such as Truecaller that allow you to know the callers identity. It has billions of spam numbers locked in their database and if you come across such a number then you can also add it to their spam database.

For more information on IT Security, call Centex Technologies at (254) 213-4740.

, ,

No Comments

Most Common Mobile Threats

Mobile phones have become a part and parcel of our lives. As per Statista, by 2020 there would be 9,038 million mobile phone users globally. With their increasing use, another important issue that comes into picture is the mobile security. Here we have listed some common mobile threats you must be aware of –

Data Leakage – Fraudulent apps seeking personal information can lead to data leakage and are a serious threat to mobile security. Mobile users need to be extra careful while granting permissions to various apps to gain access to gallery, notes and other folders. If a certain app requires you to fill in more information than what is generally required then it is best to avoid it.

Spyware – Your private information remains private no more. Spyware is a type of malware that collects information about the websites you visit, whereabouts and sometimes even your personal information. The collected data is then sent it to a third party without your consent or knowledge.

Viruses & Trojans – Viruses often masquerade themselves and come along with a program that seems legitimate. They can then hijack your personal information as well as sensitive login credentials or send unauthorized premium rate texts. Viruses can also enter your mobile when an app containing malware is installed on your phone.

IoT Threats – Almost all the devices are now connected with our smartphones. If a hacker gains access to your mobile phone then chances are that they can hack information available on other connected devices as well.

Network Spoofing – This often happens when you browse the internet using unknown Wi- Fi networks. Cyber criminals spoof the access points and then hack your emails, contact information etc. to use it for their benefit.

Out–Of-Date Software – There are higher chance of falling prey to a malware attack when your mobile phone runs on an outdated software that hasn’t been updated. Out-of-date software don’t have appropriate security patches often resulting in your pivotal information getting hacked.

Tips To Avoid Mobile Threats

  • Update your mobile system regularly.
  • Don’t set up easy passwords if you browse sites that contain sensitive login credentials.
  • Install a good mobile anti-virus software.
  • Download the apps from App store only.
  • Try to avoid using unknown Wi-Fi networks.
  • Read the end user agreement before actually downloading an app.

For more information on IT Security, call Centex Technologies at (254) 213-4740.

, ,

No Comments

How To Improve Your Organization’s Mobile Security

29 August, 2016

Mobile security is becoming an important issue for the organizations to address. There is no denying the fact that mobile devices help to save time and increase employee efficiency to a great extent. However, the potential security risks posed by these devices cannot be overlooked. It is seen that most employees use the same mobile device for personal and official purposes. It means that connecting to an unsecure network or downloading a malicious app puts both type of data at risk.

Listed below are some tips to improve mobile security in an organization:

  • Use Strong Passwords: A lengthy and difficult password is the first line of defense against a potential data breach. Therefore, encourage your employees to keep their devices protected with a strong password. Besides the basic mobile security options like PIN numbers or patterns, they should opt for more sophisticated ones like fingerprint scanner, facial recognition, voice recognition etc.
  • Install Anti-Malware Software: Owing to the ignorance of users, hackers are constantly targeting mobile operating systems to initiate a malware attack. It is important that the devices used by your employees to connect to the corporate network have an anti-malware software installed. They should also regularly update the software to stay protected against the recent forms of malware.
  • Avoid Unsecured Wi-Fi: Many organizations today are allowing employees to work from remote locations, which increases the risk of your company’s important data being accessed and shared over public Wi-Fi connections. Make sure your employees are aware of the potential security risks and access corporate data through secure Wi-Fi networks only.
  • Encrypt Confidential Data: Encryption of sensitive information sent and received on mobile devices can go a long way in improving your company’s cyber security. Organizations can implement encryption policies according to the employee groups or the level of data confidentiality.
  • Choose Mobile Applications Carefully: You should limit or block the use of third party software on mobile devices being used for official communications. This can help to prevent the occurrence of a breach resulting from unintentional drive-by downloads or installation of applications having backdoors to transmit company’s information to the hackers. Employees should be allowed to install only reliable and a limited number of apps from a legitimate source.
  • Create Secured Mobile Gateways: You can consider directing mobile traffic through a special gateway with targeted security controls, such as firewalls, web content filtering and data loss prevention. This will restrict the employees from using the company’s internal network for personal communications, thereby preventing unwanted software downloads.

For more tips on improving your organization’s mobile security, you can contact Centex Technologies at (855) 375 – 9654.

,

No Comments

Common Mobile Security Threats

April 23, 2016

Mobile devices have become an easy target for most cybercriminals due to the improper security mechanisms and lack of awareness on the part of the users. Lost or stolen devices, vulnerable applications and security flaws pose a major risk for a company’s security. Identifying these threats and being proactive in defending against them is the key to safeguard your mobile devices as well as important data.

Here are some of the common mobile security threats that need to be addressed:

  • Malware: Smartphones and tablets may be infected by worms, Trojans, viruses as well as other forms of malware. Users download several apps, games and software, some of which may be injected with a malicious code to steal important information stored in the device. When a device is infected, the hackers can gain access to the usernames and passwords, track online activity, collect online banking information etc. They may also use the malware to initiate hacking attacks against other mobile users.
  • Unauthorized Access: Mobile devices often lack strong password policies to restrict unauthorized user access. Though there is the option to set PIN, password or pattern lock, but all these can be breached easily. Also, certain malicious apps installed can also breach the users’ personal data stored on the device. Thus, all the email accounts, contacts, social media profiles, online banking details and other sensitive information are at a risk of being stolen.
  • Insecure Data Storage: Most of the data in a mobile device is usually stored in an unencrypted format. This poses a serious security threat as a theft, loss or unidentified access of the device by anyone puts all this information at risk. Confidential data can be easily retrieved, shared, deleted or modified.
  • Eavesdropping: Information sent and received through a mobile is not always secure, particularly over a wireless internet network. Thus, it can be easily intercepted by a hacker. Eavesdropping attacks are usually undetectable, making the user to unintentionally leak out sensitive information shared through phone calls and instant messages to the cybercriminals.
  • Unauthorized Modifications: Users often make certain unauthorized modifications, known as jailbreaking or rooting, in their mobile to install third party apps. This exposes them to increased security risks as they are likely to download malicious software in the device. Also, jailbroken devices are less likely to receive automatic application updates and security patches, allowing the hackers to easily exploit the vulnerabilities in the software.

For more mobile security tips and cybersecurity solutions for your business firm, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments

How To Avoid Security Pitfalls While Staying Constantly Connected

February 15, 2016

In this digital age, staying constantly connected to the internet has become quite important. However, every new technology comes with its own set of security risks. If you do not take the requisite precautionary measures, your device may be targeted by cybercriminals to carry out hacking or malware-based attacks.

Here are some of the tips to avoid security pitfalls while browsing internet on a mobile device:

  • Be Cautious While Using Public Wi-Fi: If you are using a public internet connection or Wi-Fi hotspot, never access any website that requires you to enter sensitive information such as your bank account details, credit card number, password etc. Most hotspots do not use WPA or WPA2 protection, hence, the information you share over these connections is not encrypted. This may lead to session hijacking and all your personal data can be accessed by a cybercriminal.
  • Do Not Follow Links: You should never click on any attachment or link embedded in email from an unknown sender. It may be a malicious code that redirects to a spam site in order to infect your system with a malware or steal your personal information. Instead, manually type in the URL to make sure you are visiting a legitimate website. Also, do not click on ads that appear as pop-ups on websites.
  • Look For HTTPS: If the information shared between your device and the website being browsed is in a plain format, it can be accessed by anyone who manages to breach your internet connection. When you access a website, verify that its URL begins with ‘HTTPS’ instead of ‘HTTP’.  A padlock icon will also be displayed in the address bar which indicates a secure connection.
  • Improve Device Security: Keep all the mobile applications software updated with the latest patches. You can enable automatic updates or regularly check if any upgraded versions have been released. Enable your device’s firewall to monitor incoming and outgoing connections as well as detect any unusual activity. You should also install anti-virus software and frequently update it to stay safe against commonly found malware.
  • Get A VPN: Another way to be safe while on a public internet connection is to use a Virtual Private Network (VPN). It acts as a barrier between your device and the web by routing your traffic in an encrypted format through a secure network. VPN helps to protect your identity and privacy online.

For more cyber security tips, feel free to contact Centex Technologies at (855) 375 – 9654.

,

No Comments