mobile apps — Blog — My Internet Safety.Net

Cyber criminals are taking advantage of the coronavirus 2019 (COVID-19) pandemic to trick people into clicking dangerous links and downloading dangerous files.

Beware of suspicious emails and new applications that purport to deliver information about COVID-19.

Phishing Emails about COVID-19

Be suspicious of any email you receive about COVID-19. You might get email pretending to be from a government agency or from your employer. But the email might be a phishing email with a dangerous attachment, such as a file containing ransomware, or a link to a site that will collect your login credentials and use them to break into one of your accounts. (Phishing emails are email messages that pretend to be from a legitimate sender in order to trick the recipient into taking some kind of dangerous action.)

Norton has shared examples of phishing emails they’ve detected that capitalize on the public’s interest in COVID-19. Their examples include:

A phony CDC announcement urging recipients to click on a link for information about the COVID-19 outbreak in their area.
A phony email about health advice, urging recipients to follow all the safety measures in a PDF attachment.
A phony email about company policies for working from home and staying safe.

Be on the lookout for emails like this. You’re bound to get a few.

Keep in mind:

There’s no reason for the CDC to have your email address.
You can get all the updates you need from the CDC and other websites, which you should navigate to in your browser. Don’t click on links in email to navigate to these sites.
You may work for a company that is emailing updates and policies, but scrutinize these email messages carefully to make they’re genuine.

Norton offers some good advice for detecting phishing email:

Look for generic greetings (“Dear Employee” or “Dear U.S. Citizen”).
Look for typos, which continue to be common in phishing emails.
Beware of messages asking for your Social Security number and other personal information. There’s no reason you should be sharing this information through email.
Inspect email addresses and links for anything that looks unusual.

You’ll find Norton’s blog post here.

A new website, Corona Virus Phishing, is compiling an ever-growing list of email and file-sharing scams related to COVID-19. Check out the site if you get an email or Dropbox request that you weren’t expecting about COVID-19.

The scams keep evolving. For example, a new phishing attack is spoofing the domain name splashmath.com to circumvent email security programs, so be on your guard if you see that domain name show up in an email about COVID-19.

My ebook Safety Net offers additional tips for inspecting suspicious email messages.

Reliable Sources of Information about COVID-19

You’ll find reliable information about COVID-19 here:

Dangerous Mobile Apps about COVID-19

Criminals have also created at least one dangerous mobile app that pretends to offer COVID-19 information, but that include malware that steals information from your computer.

MSN has reported on an app that relays information from the virus-tracking dashboard from Johns Hopkins University but that also includes malware that collects user IDs, passwords, browsing histories, and cryptocurrency keys.

My advice: Don’t download any mobile apps about COVID-19. Public health authorities, including state and local health agencies, will make all information available to the public through websites and news bulletins. (If Apple and Google develop new apps for contact tracing, I’ll reconsider this advice.)

Apple is removing any COVID-19 apps from their App Store if they’re not from a verified health organization. Myself, I’m sticking to websites rather than apps for sources of information, all the same.

Be healthy, be safe online, and take care.

By John Bennett and Mark K. Mellis, CISM

The news that Amazon CEO Jeff Bezos’ mobile phone was most likely hacked by the Saudi Arabian government is a sobering reminder of the security vulnerabilities of the mobile devices we depend on every day. If Bezos, who has access to some of the top security experts in the world, could be hacked, is there hope for the rest of us?

Yes, there is hope, if you consider that mobile security best practices can help protect you from the most common types of mobile security threats—the kind that your devices are most likely to be exposed to, assuming that you haven’t personally been deemed a high-value target by a major nation-state.

In the “Protect Your Mobile Phone” section of Safety Net, our ebook on IT security, we present some basic guidelines for keeping your mobile phone safe.

Here’s a more thorough list of tips for anyone interested in applying even more rigorous security to their mobile phone.

Update the apps and operating systems on your mobile devices.
As Safety Net points out, most security attacks take advantage of vulnerabilities that have already been fixed in software updates. But you can’t take advantage of those fixes if you don’t apply the updates.
Encrypt your mobile device.
iPhone and iPads are encrypted automatically, as are Google Pixel phones and some models of Google Nexus devices. If you have some other kind of Android mobile device, check your device’s documentation to learn if it automatically encrypts its data and how to turn on encryption if it doesn’t.
Turn on “Find My iPhone” or an equivalent service.
Millions of smartphones are stolen every year. Services like “Find My iPhone” allow you to track down lost or stolen devices, to remotely wipe all the data off of them, and to prevent thieves from taking them over as their own.
Put a label on the outside of the device with your name and contact information.
This will allow a Good Samaritan to get it back to you even if the battery is dead when they find it. It also helps if you inadvertently leave it at an airport security checkpoint or on the counter at your favorite coffee house. “Will Ms. Smith please return to the Concourse C Security Checkpoint for a lost belonging?"
Never plug your device into a public charger.
Use your own charger or bring an external battery along. The charging cable makes a data connection as well as a power connection and can be used to steal your data or load malware onto your device. Hackers can even create custom charging cables that can be used to load malware onto your device.
Make sure rental cars “forget” your contacts.
If you pair your device with your rental car when traveling so that you can use hands-free calling or blast your music through the vehicle’s speakers, make sure you tell the car to “forget” the phone when you return the car to the rental agency. Otherwise you may unintentionally leave a copy of all your contacts in the car radio.
Make cloud backups.
Back up your mobile device or synchronize it with a cloud service like iCloud, so that if you should lose it or have it stolen, you won’t lose your contacts or photos.
Set your screen to lock automatically after a short period of time.
Thirty seconds, two minutes, whatever – you get to pick based on how you use your device. But do set a timeout for some period of time, or you’ll leave your device vulnerable to whoever finds it. Setting a timeout also helps your battery keep its charge.
Only download apps from trusted sources: the official app store for your device.
This is easier to do on Apple devices, because you have to work hard to load an app from anywhere other than the Apple App Store. On Android devices, it’s easier to download apps from unreliable app stores. Some of the most dangerous mobile apps –apps that pretend to be just a game or a financial services app but that secretly steal your data – are distributed primarily through third-party, “off-brand” apps stores. Stick to official app stores, and you’ll be much safer.
Don’t “jailbreak” your device.
Jailbreaking means breaking the manufacturer’s operating system on a device, so that the operating system (such as iOS or Android) can be replaced or altered. Sometimes smartphone users jailbreak devices to run apps not approved by the manufacturer’s app store. But this is incredibly risky: you’re disabling all the technical expertise that the manufacturer has invested in keeping your device safe. You might be tempted to jailbreak your device to get a particular game or app. Resist the temptation. No app or game is worth losing your personal data and possibly becoming a victim to identity theft.

The recent 10-year anniversary of the iPad reminds us how important mobile devices have become in our lives. Follow the tips listed above to keep your devices safe.

Photo credit: JÉSHOOTS