We get it (and IT!)

Phone: 1300-728-259 or .

Category Archives: Phishing

How to verify Android apps

AndroidTablet_Apr22_AWhen compared to desktop machines or even laptops, tablets like those running Android have the advantage of great mobility and ease of use, which is why they’ve become the ultimate convenience over the last few years. And because more and more people have come to rely on them for work and communications, the security of tablets has become an increasing concern. As Android tablets run with apps that collect its users’ data, this potentially leaves the device open to threats and other damage, and can inadvertently reveal users personal details, especially if the apps are malicious.

So, how can people protect themselves and make sure that their tablet is only running applications that are safe and secure?

Downloading from a trusted source

Downloading an app from well-known and legitimate sources, like Google Play, Samsung or Amazon, used to be good indicators that a site could be trusted. Since these sites are routinely monitored and scanned for fraudulent apps, you can feel assured that any app you buy from these stores are safe to use. But a recently isolated incident involving an app called “Virus Shield”, which sold on Google Play, has lead users to re-evaluate their downloading habits.

“Virus Shield” became a top selling app with several 5-star ratings on Google Play. It was bought and downloaded by over 30,000 Android users, who went on to discover that the app offered no functionality whatsoever. Dubbed as fake and a scam, the app has since been deleted from the store.

Taking more vigilant measures

To avoid becoming a victim in situations like this, there are several effective ways you can make sure your tablet is not vulnerable to fake applications.

  • Be informed when downloading from a trusted source, read about and research the application before making a purchase. Most people tend not to bother reading the small print and reviews that are published online, or on the store’s site itself. These will give you the information you need to protect yourself risk.
  • Change the security settings of your tablet, and enable or disable features as you see fit. The Android operating system is supposed to come with built-in features that will help detect or prevent any threats. If activated or set accordingly, the system will usually alert users when there is abnormal behaviour from the apps installed in the device.
  • Update your software. Some users may find this an inconvenience and forego updates when they come in. But patches from these updates can fix any bug or vulnerabilities of the tablets, which is why it is highly recommended. Sometimes, updates don’t come automatically, so to check online for this, you can simply go to the setting and find the option for system update.

Use third party anti-virus software

Because the market for tablets is growing, companies offering effective anti-virus solutions are increasingly becoming more reliable. If you are not too sure about downloading free anti-virus software from stores like Google Play, for example, then you should purchase separate third-party software for your Android device, from well-established companies that offer good after-purchase customer service.

Third party anti-virus software may come with monthly or yearly subscriptions, as well as different premium rates for different types of security measures. But do consider the benefits versus the cost carefully, before you make any purchase.

If you are looking to learn more about protecting your Android tablet, contact us today to see how we can help.

What is spear phishing?

One of the most common threats to business and individual systems is phishing. This form of hacking is well known and many users have educated themselves on the more traditional methods used by hackers. This has forced hackers to come up with different phishing techniques, and one of the methods that is causing problems is spear phishing.

What is spear phishing?

Spear phishing is a specialized type of phishing that instead of targeting a mass number of users, as normal phishing attempts, targets specific individuals or groups of individuals with a commonality e.g., an office.

Generally a hacker will first pick a target and then try to learn more about the related people. This could include visiting a website to see what a company does, who they work with, and even the staff. Or they could try hacking a server in order to get information.

Once they have some sort of information, usually a name, position, address, and even information on subscriptions, the hacker will develop an email that looks similar to one that another organization might send e.g., a bank. Some hackers have been known to create fake email accounts and pose as a victim’s friend, sending emails from a fake account.

These emails are often similar to official correspondence and will always use personal information such as addressing the email to you directly instead of the usual ‘dear sir or madam’. The majority of these emails will request some sort of information or talk about an urgent problem.

Somewhere in the email will be a link to the sender’s website which will look almost exactly like the real thing. The site will usually ask you to input personal information e.g., an account number, name, address, or even passwords. If you went ahead and followed this request then this information would be captured by the hacker.

What happens if you are speared?

From previous attack cases and reports, the majority of spear phishing attacks are finance related, in that the hacker wants to gain access to a bank account or credit card. Other cases include hackers posing as help desk agents looking to gain access to business systems.

Should someone fall for this tactic, they will often see personal information captured and accounts drained or even their whole identity stolen. Some spear phishing attacks aren’t after your identity or money, instead clicking on the link in the email will install malicious software onto a user’s system.

We are actually seeing spear phishing being used increasingly by hackers as a method to gain access to business systems. In other words, spear phishing has become a great way for people to steal trade secrets or sensitive business data.

How do I avoid phishing?

Like most other types of phishing related emails, spear phishing attempts can be easy to block. Here are five tips on how you can avoid falling victim to them.

  • Know the basic rule of business communication – There are many basic rules of communication, but the most important one you should be aware of is that the majority of large organizations, like banks, social media platforms, etc., will not send you emails requesting personal information. If you receive an email from say PayPal asking you to click a link to verify your personal information and password, it’s fake and you should delete it.
  • Look carefully at all emails – Many spear phishing emails originate in countries where English is not the main language. There will likely be a spelling mistake or odd wording in the emails, or even the sender’s email address. You should look out for this, and if you spot errors then delete the email immediately.
  • Verify before you click – Some emails do have links in them, you can’t avoid this. That being said, it is never a good idea to click on these without being sure. If you are unsure, phone the sender and ask. Should the email have a phone number, don’t call it. Instead look for a number on a website or previous physical correspondence.
  • Never give personal information out over email – To many this is just plain common sense – you wouldn’t give your personal information out to anyone on the street, so why give it out to anyone online? If the sender requires personal information try calling them or even going into their business to provide it.
  • Share only essential information – When signing up for new accounts online, there are fields that are required and others that are optional. Only share required information. This limits how much a hacker can get access to, and could actually tip you off. e.g., they send you an email addressed to Betty D, when your last name is Doe.
  • Keep your eyes out for the latest scams – Pay attention to security websites like those run by the major antivirus providers, or contact us. These sites all have blogs where they post the latest in security threats and more, and keeping up-to-date can go a long way in helping you to spot threats.

If you are looking to learn more about spear phishing or any other type of malware and security threat, get in touch.