Tag Archives: Social Media

Avast

How to stand up against cyberbullying on Facebook?

Leave a comment

Remember that bullying is never your fault, and it can happen to anyone. Bullying may make you feel embarrassed and like you’re all alone. But you’re not alone and it’s important to find someone who can help you through the situation. Reaching out to someone you trust.  
~reminds Facebook

Cyberbullying on Facebook

Facebook and other social channels are space for communication, sharing, and connecting with others. Unfortunately, it is also a space where cyberbullying takes place. Research provided by different organizations in the USA and UK shows scary numbers, and we are definitely witnesses of a new form of bullying on a massive scale. The psychological consequences can be very dramatic, therefore education is crucial for prevention and fighting this new phenomenon.

Read on to learn what to do if you or a friend is the victime of a cyberbully on Facebook.

Panda Security

We know “who’s viewed your Instagram” and it’s not who you think

Leave a comment

There’s something every Instagrammer wants to know: who is looking at my photos?  We live in a show-and-tell world, with I-see-I-do-I-post-mindsets, comments, and “likes”.  No one wants to disappear at fault of a #boring photo.

Instagram makes it easy to play pretend, but what happens when someone else pretends to be you? In theory, social media sites like Facebook make it so that third parties can’t access your “secret information” but without our knowledge, hackers are taking advantage of us: robbing personal data (even those super-complicated-and-thoroughly-though-out passwords) and gaining full access to our profiles.

For Turker Bayram, hacking into social media profiles is his specialty.  On multiple occasions, this sadly popular yet elusive malware developer has been able to place his malicious “apps” in the top charts on Google Play and the App Store.  Soon after he creates them and uploads them, there are massive numbers of downloads.  By the time someone figures out what’s going on, and after hundreds of thousands (potentially millions) of users are robbed of their personal information, Google and Apple finally delete the apps.  This has happened at least twice.

Just a few weeks ago, an independent developer named David Layer-Reiss warned us on his blog about Bayram’s new malicious “software”.  The iOS version was called “Who Cares With Me – InstaDetector”, and in Android, “InstaCare — Who Cares With Me”.  These “apps” discovered by Layer-Reiss have already been eliminated and, in November 2015, both Apple and Google withdrew Bayram’s original platform, InstaAgent.  It is not the first time malware takes over a popular site (i.e. Instagram, WhatsApp, Facebook) in order to massively rob user profiles… and it won’t be the last.

FOTO 1_instagram

These “apps” always return to the top of the charts and sometimes under the umbrella of the same developer.  In the case of “InstaDetector”, the victim innocently enters their credentials, unaware that the confidential data is sent to the attacker’s server.  Instead of discovering “who has been looking at your Instagram?”, the cyber-attacker seamlessly accesses the account as if it were their own and posts spam photos on the owner’s behalf.FOTO 2_instagram

From telegrams to Instagrams, the more technically sophisticated we become the more important it is to trust the communication source, or in this case, the “app”.  “InstaDetector” is just one of the many scams designed to take advantage of the enormous interest generated by social networks.  The most worrisome thing about them is their popularity, always massive and immediate, that by the time Google or Apple are involved it’s too late for thousands of users.  Combat these threats by staying alert, ignoring false promises, and installing a tough antivirus on all of your devices.

The post We know “who’s viewed your Instagram” and it’s not who you think appeared first on Panda Security Mediacenter.

Avast

10 tips to keep teens' Facebook profiles safe

Leave a comment

 

Protect your privacy on Facebook

“Connect with friends and the world around you on Facebook”

says the slogan of the social giant. Millions of Facebook users of different ages, nationalities, and genders share their daily life with family members and friends, and interact with brands. Among them there is a large group of teenagers who can be especially vulnerable target for cyber criminals. In this article I will help you make sure that Facebook is a safe place.

Panda Security

They’ll hack your Android in T Minus 10 seconds

Leave a comment

FOTO 1

The word that scared all Google users last summer is back and worse than ever. Stagefright, nicknamed by its founder Metaphor, is even more dangerous in its new version.

Much like its name’s meaning, Stagefright, hides deep in the Android library, unnoticeable to Android users as they watch videos of cute puppies and crafty DIY hacks, all the while exposing themselves to its vulnerabilities.

How many devices are affected?

Now in its second swing, these Stagefright vulnerabilities have already affected hundreds of thousands of Android devices through holes in the multimedia library. More specifically, they have even affected those who use versions 5.0-5.1 (23.5% of affected Androids) and some using versions 2.2 and 4.0 (unsafe due to old terminals that had been exposed to previous viruses).

Google fights back

After the bugs’ discovery, Google implemented a series of bug-fixes and other security measures, even creating its own group of vulnerabilities to counter the attacks. Upgrades and patches were set up to make it more difficult for Stagefright to infiltrate an Android in a real attack.

Unfortunately, Metaphor has been able to dodge these protection mechanisms that were added to the more modern versions of the Android. With this new exploit, as their own creators have shown, Stagefright can easily control devices as diverse and modern as the Nexus 5, Samsung Galaxy S5 UN, UN LG G3 or HTC One UN.

So, how exactly does Stagefright break in?

Sneakily. The user does not need to be using their smartphone during an attack, really. In the case of Stagefright, the attacker can gain access through a particular website (e.g. through a malicious video link received by email or MMS). In a proof of concept, an email with a corrupted video link promoting videos of kittens leads to a page actually containing this material. The recipient has no way of knowing, that while the video is rendering, their Android is also being attacked. It can take as little as 10 to 15 seconds for the cyber-criminal to have control of their victim’s terminal.

Spent some time today messing with Lightroom's post-processing tools to teach myself. I don't want to end up relying on them for every shot but it's nice to know what I have to work with.

Metaphor’s strategy is not exactly new. It largely relies on the attacks that were released last summer, when the holes were first discovered. However, today’s danger lies in Stagefright’s ability to bypass ASLR, which is the barrier Google raised in all versions of Android after 4.1. The problem is that this new threat binds itself not only to older devices but also to more modern ones. Those who have Android´s Lollipop 5.1 are not even safe, representing about 19% of all of Android smartphones.

No matter what, the best way to protect your Android and all other risks associated with Stagefright is to keep your operating system as up-to-date as possible and install a good antivirus. If your phone has been left out of the recent updates, take caution: you should not browse pages unless they are fully trusted. Even those who promise photos of adorable and fluffy kittens.

Panda Security

Safer selfies on the way as Instagram plans two-step verification

Leave a comment

instagram

More than 400 million selfie lovers can breathe a sigh of relief – Instagram, the social network phenomenon, has revealed that the two-step verification process is soon to be unveiled on its platform.

This means that Instagram accounts will now be better protected by a log-in procedure which should make things harder for cyber-attackers trying to access accounts without permission. With the new two-step procedure, an email address and password will no longer be enough to enter; the user will also need to have the smartphone that the account is linked to.

Facebook, which owns Instagram, already offers the new log-in option, and now the photo platform will boast it, too. Every person that has an account on Instagram can now link it to a telephone number, ensuring an extra layer of security.

So, every time that someone (even the account owner) tries to access the account from a new device, the social media platform will send a code to this telephone number. Without this code it will be impossible to access the account.

instagram filters

This new feature will be rolled out progressively, so soon all users that are worried about their security will be able to enter their telephone number and avoid cyber-attackers accessing their accounts and eliminating photos or using the account for malicious means.

Caution on Instagram

This new security measures comes not long after the platform put its own users’ privacy at risk. When it introduced a new feature, the ability to manage various accounts from the same device, there were serious security issues unearthed.

A bug meant that some users could see notifications belonging to other accounts that shared the device. This highlighted that having the same Instagram account synchronized on different devices meant that different users could see messages, notifications, and even like other photos.

instagram message

Despite this flaw being fixed, what is certain is that internet users must always take care when sharing information and should be aware of their privacy online.

Thus, the two-step verification process on Instagram is a step forward in terms of security and should protect users the same way as Facebook, Microsoft, and Google already do. Even though new verification techniques are being worked on (such as the ones created by a group of investigators at the ETH Information Security Institute in Zurich), at the moment the best way is to use our personal telephone numbers.

However, it’s just as important to have a two-step verification as it is have secure passwords: they should be long, contain numbers; different cases; symbols, and should be different for each account. To be able to manage the large number of passwords needed today, it’s best to have a password manager just like the one offered by Panda via its different protection packs, which allows you to be in control of different passwords at the click of a button.

The post Safer selfies on the way as Instagram plans two-step verification appeared first on MediaCenter Panda Security.

Avast

Online dating scams target divorced, middle-aged women

Leave a comment
mature woman looking out of the window on a rainy miserable day

Romance, or Sweetheart, scammers troll for lonely, vulnerable people on dating sites

 

Lonely hearts still waiting for their soulmate are easy prey for online dating scams.

Many people search for love through online dating sites, dating apps, or social media. Unfortunately, before you find your prince (or princess), you have to eliminate the frogs.

“Romance” scammers, sometimes referred to as “sweetheart” scammers take advantage of vulnerable people, especially divorced women over 40, by posing as an eligible romantic prospect.

How romance scams work

It all starts with a fake online profile. Scammers may use a fake name or steal the identity of a real person. There is often more than one person perpetuating the scam – there have been reports of a room full of people working from the same script. Often they portray their fictional selves as living overseas or on active duty in the military. This gives them a good reason for why they cannot meet their intended in person.

Romance scams are a long form of social engineering. The scammer can take weeks building an interesting backstory that draws their victim in, but they often express strong emotional feelings in a short period of time, which keeps the victim psychologically engaged. They use words filled with love, share personal information, and sometimes even send their victims small gifts.

Once trust is established, the scammer will push to take the communications to email or an instant messenger service. The new online lover will soon have a problem which requires money to fix. It could be a personal emergency like a family member who needs immediate medical attention, or some kind of financial hardship like a failed business or street mugging.

A shot to the heart

While declaring their love and devotion for the victim continually, the scammer may directly ask for money to be wired to them, send a check or money order and ask their sweetheart to cash it for them, or send a package and ask it to be reshipped to a different address. The Federal Trade Commission warns that scammers are now upping the ante and engaging in online bank fraud.

“They ask their love interest to set up a new bank account. The scammers transfer stolen money into the new account, and then tell their victims to wire the money out of the country. Victims think they’re just helping out their soulmate, never realizing they’re aiding and abetting a crime,” writes the FTC in their consumer blog.

The FBI’s Internet Crime Complaint Center (IC3) reports that the average complainant loses over a hundred thousand dollars to internet dating scams. They saw more than $82 million in victim losses in the last six months of 2014. Females suffered 82 percent of the losses; males sustained the remaining 18 percent.

Recognizing an online dating scammer

The online dating scam is a variation on the Nigerian scam, which started before the days of the internet. Here are tips from the FBI on how to identify a dating scammer.

Your online “date” may only be interested in your money if he or she:

  • Presses you to leave the dating website you met through and to communicate using personal e-mail or instant messaging
  • Professes instant feelings of love
  • Sends you a photograph of himself or herself that looks like something from a glamour magazine
  • Claims to be from your home country and is traveling or working overseas
  • Makes plans to visit you but is then unable to do so because of a tragic event
  • Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for child or other relative, visas or other official documents, losses from a financial setback or crime victimization).

If an online dating scam happens to you or someone you care about, please report it at ftc.gov/complaint — click on Scams and Rip-Offs, then select Romance Scams.

Avast

Sharing personal information plays part in Neiman Marcus hack

Leave a comment

Data that you share on social media could end up for sale on the Dark Web.

Adjust your privacy settings on social networks. You never know who may be watching!

Adjust your privacy settings on social networks. You never know who may be watching!

The luxury retailer Neiman Marcus is the latest victim of a data breach. At the end of January, Neiman Marcus notified their online customers that unauthorized individuals attempted to access customer’s online accounts by trying various login and password combinations using automated attacks. The hackers were able to accurately guess the username and password combinations and access some online accounts. Neiman Marcus reported that only a small number of these accounts were used to make unauthorized purchases.

Personal information shared on social sites combined with Personally Identifiable Information (PII) and username and passwords for sale on the Dark Web, are making data breaches of this type more common.  Cybercrooks, terrorists, and nation states buy information from shady sites, then use it to break into banks, launder money, or make trouble for big U.S. companies like Neiman Marcus Group.

“These bad guys are assembling portfolios of individuals,” said Avivah Litan, an analyst at Gartner in an interview with DataBreachToday about the breach. “They’ve got a big database of American citizens and all the data associated with their identity, and lots of different people are buying up this data on the Dark Web. And they’re using this data to get to their targets.”

Unsafe practices make hacker’s jobs easier

Responsibility for customer safety belongs heavily with the organization. They should encrypt any customer contact information and use stronger authentication methods than just a username and password. But, we as consumers make the hacker’s job easier by using the same username and password on multiple accounts. Once one set of credentials is compromised, then hackers will test them to get access to other websites.

We can take steps that make it harder for a cybercrook to gather information on us and break into our accounts.

Clean up those passwords

One of the simplest ways to protect yourself against online threats is to use strong passwords for each of your accounts. Yesterday in the Avast blog, we told you how Avast Passwords can help you manage multiple accounts across the web and create encrypted, strong, unique passwords. Every Avast Antivirus customer can use this feature for free.

Avoid oversharing on social sites

Social media is fertile ground for cybercrooks to gather personal information. Sharing something seemingly innocent like your dog’s name, your birthday,  or your mother’s maiden name can give insightful crooks the answers to security questions of your bank account. Put that together with PII and they’re in.

  • Lock down your social profiles. Each social site has security settings so you can have more control over who sees what you share. Use these direct links to update your privacy settings on popular devices and online services.
  • Limit the number of online quizzes you take. Yes, they are popular and fun but these quizzes can gather information about you, your interest, and your life assisting bad guys in creating an online portfolio of user information.