Posts Tagged Cybersecurity

Tips For Business Owners: How To Know If Your Phone Is Hacked?

Smartphones are nowadays an integral part of business operations. They are used to receive & send business mails, messages and getting business updates. Also, mobile banking applications & business specific mobile apps are being extensively used to manage operations of a business. As smartphones may contain important business and financial information, any kind of breach can leave you at a serious risk.

Hackers use numerous ways to get into your phone e.g. using public internet to download a program. They may make use of the applications downloaded on your phone to access files, passwords and other sensitive information. So, it becomes imperative to keep your devices safe from hackers. However, it is equally important to be able to recognize if your smartphone is hacked.

  • Decreased Battery Life: Though mobile applications, software and programs need to use phone’s battery in order to perform to their full capacity; there are chances that a smartphone is compromised by a malware if the phone’s battery decreases at a fast rate. This may be a sign that the malware running in the background is zapping phone’s resources and transmitting important information.
  • Performance Differences: If your device is operating slower, constantly freezing and applications are frequently crashing; there is a possibility that a malware is secretly running in the background. Also, the phone may turn on and off randomly or your applications can keep on running even after multiple efforts to close them.
  • High Data Usage: A smartphone that has been compromised by a malware uses a lot of data. Unusually high data usage may be due to the spy apps running in the background.
  • Unknown Calls Or Texts: Hackers may send links or strange codes to target your phone. Once you click on the link, the hacker will gain remote access to the information on your phone. Thus, it is important to check your phone bills regularly for calls or texts to unknown numbers as this can be a possible malware activity.
  • Unusual Pop-ups: If your phone is regularly disturbed by pop-ups, it’s likely that your phone has been hacked. These pop-ups may have phishing links designed to steal sensitive information or download more malware. Users should be careful when clicking the closing icon as these are designed in a way to trick users into clicking on the area that opens up another malicious site.
  • Unusual Account Activities: If your device has been compromised, hackers may have access to accounts linked to the device like social media apps, emails and other lifestyle apps. Thus, keep an eye on activities like password reset, unauthorized emails, etc.

For more information about safeguarding your computing devices and protecting your computer network, call Centex Technologies at (254) 213 – 4740.

, ,

No Comments

Everything You Need To Know About Card Skimmers

Card skimmers are used to capture details stored in credit or debit card’s magnetic strip. They are generally attached to the card readers at sales terminals or ATM machines. When a customer slips his card into the compromised machine to make any financial transaction, these devices capture and store card’s information.

The threats of card skimming are evolving due to which banks and ATM manufacturers are devising ways to prevent this method of counterfeiting. Here are some points you should consider to secure yourself from card skimmers:

  • Check For Tampering: Before using an ATM, check for some obvious signs of tampering at the card reader spot, keyboard, near the speakers, at the side of the screen and other nearby spots. If anything looks different in terms of alignment or color, avoid using that ATM. Card skimmers may also be installed at ATMs or sales terminals of gas stations and shops. To detect a card skimming device, check if the credit card reader is protruding outside the rest of the machine.
  • Other Ways To Spot The Card Skimmers: If any part of a card reader is loose or moved, it can be a sign of card reader’s tampering. Also, scan the area for hidden cameras that may be recording you while you enter your PIN. So, it is always advised to cover your hand while you type the PIN. The keyboard and the card reader should always be in alignment to the color and style of rest of the machine. If the panels are broken or dented and if the security seal is broken, these are some obvious signs of tampering.
  • Use The Right Type Of Card: Banks are nowadays issuing credit/ debit cards with an indented chip. This is because the chip technology, in contrast to magnetic strip, makes it harder for thieves to skim your data. But the thieves can still steal your credit card information using shimmers. Shimmers are paper thin & undetectable models of card skimmers. These are more complex devices and have their own chips which can intercept card’s information.
  • Think Through Your Steps: The ATMs inside the bank are generally safer because of security cameras installed in the premises. Also, users should prefer alternative payment methods like transactions through Apple Pay, Android Pay, etc. These services tokenize your information and are much safer than using your actual credit card. In any case, if your card data does get stolen; report the theft to the bank as early as possible. Keeping an eye on your debit and credit card transactions is a great way of spotting unauthorized activity at the earliest.

For more information about IT security and methods to safeguard your financial information, call Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

What Is An Evil Twin Attack

With the advancement of technology, there has been a rise in the use of wireless connectivity solutions. It has found applications in restaurants, coffee shops, offices and shopping malls. However, wireless connectivity in the form of Wi-Fi is inherently less secure. It is largely unprotected from threats that can result in theft of credentials and sensitive information. The unprotected access points expose your connection and personal data to cyber-attacks such as ‘Evil Twin Attack’.

Understanding An Evil Twin

An evil twin is a rogue wireless access point that appears as a genuine hotspot offered by a legitimate provider. It typically clones the MAC address, name and service set identifier (SSID) of the network. This makes it hard for the users to differentiate between original and fake access point.

An attacker can conveniently create an “evil twin” within the smart phone or other internet-capable device using some easily available software. He discovers the radio frequency of a legitimate access point and uses the same to send out his own radio signals with the same name as original access point. This enables the attacker to eavesdrop on the network traffic, capture traffic or plant malware on the system.

Implications To Cybersecurity

Once the fake access point is set up, it poses as a local hotspot. The attacker positions himself near the end-user so that his signal is strongest within the range. The strong signals tempt users to connect manually to the evil twin for internet access. Also, it can be a case where the end-user’s computer automatically chooses that connection. This allows the hacker to intercept user’s sensitive data that is being shared between user and the host. Thus, he can obtain sensitive information or login credentials resulting in identity theft or financial loss of the end-user. Attackers are also using social engineering to clone a login page through which credentials can be stolen.

Ways To Prevent Evil Twin Attack

To avoid evil twin network connections, following tips should be considered by end-users:

  • Refrain from using public hot spots for online shopping or banking.
  • Users should disable auto connect feature on all wireless devices.
  • Connect via a virtual private network (VPN) to compress all traffic while using a public access point.
  • Before connecting, ask the owner of the area for official name of the hotspot and security key, if any. Type the incorrect key intentionally; evil twin hotspots will grant access irrespective of the key.

Companies should also incorporate measures to protect corporate data from evil twin attack:

  • Instruct employees to use Wi-Fi Intrusion Prevention Systems (WIPS) to prevent their systems from connecting to unauthorized duplicate access points.
  • Protect company’s wireless connections with Personal Security Key (PSK) and provide its details to employees and customers.

For more information on IT security solutions for your business, call Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments

What Is Doxing?

Doxing is referred to as the dark side of OSINT or Open Source intelligence. OSINT is an overt method of data collection and involves the practice of gathering information from publically available resources such as public media, internet, public government data, professional or academic publications, corporate databases, financial assessments and grey data (unpublished papers, business documents & patent reports).
The term Doxing is an abbreviation for ‘dropping documents’ which means compilation and release of a dossier of personal information on someone. The information included in the dossier is gathered via public resources and thus, the act falls under the category of OSINT.

Sources Of Information
The perpetrator gathers information from public and open sources. Some common sources of information are:

  • Social media
  • Blogs
  • Personal websites
  • Online forums & web discussions
  • Online gaming profiles

Targeted Information
Typically a dossier contains following information about an individual.

  • Contact information
  • Social Security Number
  • Personal photographs
  • Social media profiles
  • Credit card details
  • Credit report
  • Banking information

Why Is Doxing Called Dark Side Of OSINT?
Although the information is gathered using overt methods; the online publication of personal information usually results in illegal implications. The tactic is rarely in public interest and is often targeted at breaching the victim’s personal information and publishing it to attract unwanted harassment. It can pose following threats:

  • Threat To Personal Safety: Public release of contact information, personal photos, address, etc. can be used by cyberbullies for harassing the victim. Also, it may lead to some hacking acts such as fake memberships or serious crimes such as stalking, swatting, etc.
  • Threats To Cybersecurity: The information collected by Doxing may be used by hackers or cyber criminals to pressurize either an individual or an organization for financial gains.

Ways To Protect Yourself
Here are some simple tricks to protect yourself from Doxing attacks:

  • It is important to understand the basics of social engineering. Social engineers scan the online profiles and data for useful information that can be used to victimize the target. Thus, it is important to scrutinize the information you share on your social media profiles and avoid oversharing your personal information.
  • Check the privacy settings of your social media profile and edit them to ensure that your personal information is shared with your friends only. Also, be critical of people you add to your list of social media friends.
  • Hide your IP address by using a trusted proxy or VPN service for anonymity while using internet.
  • When purchasing a domain, invest in WHOIS protection to prevent unwanted access to the information you share on your website.
  • Avoid using a single email address for all online accounts. It is advisable to use different emails, passwords & usernames for different profiles, gaming and bills. Also, deploy multi-factor authentication for your accounts.

For more information on Doxing and its outcomes, call Centex Technologies at (254) 213-4740.

, , , , ,

No Comments

Understanding Software Supply Chain Attacks

PDF Version: Understanding-Software-Supply-Chain-Attacks

, , ,

No Comments