Menu

Category Archives for "Cyber Scams"

secure holiday season
Nov 23

Are You Keeping Your Information Secure this Holiday Season?

By Hana LaRock | Cyber Scams , Security Best Practices

With Black Friday and Cyber Monday around the corner, as well as a whole month of holiday shopping, people are using their debit cards, credit cards, and other accounts — like Paypal — to make purchases. But, because of all the transactions being made via the Internet, companies need to work hard to make sure they’re keeping themselves and their customers secure. Hackers will be looking for every opportunity possible to get their hands on some valuable information. Remember, a data breach of any kind can cause you or your company long-term problems.

Do your best to prepare yourself and your company against these threats this holiday season.

Here’s how:

Make Sure Compliance Practices are Up to Date

The best way to make sure you protect yourself this season is by making sure your compliance practices are up to date. If you’re keeping up with compliance laws, then you’re significantly lowering your risk of experiencing a data breach. Speak with your managed service provider to ask them if you’re doing everything you’re supposed to be doing, and if there are any new threats you need to be aware of.

Stay Away from Public WiFi Networks

It’s a no-brainer that shopping online while you’re in a public place, connected to a public Wi-Fi network, can seriously put you at risk. This holiday, whether your company is buying from suppliers online, or you’re shopping online for friends and family, don’t make the mistake of shopping at a new place. Shop from the safety of your secured home or office network, so you don’t risk prying eyes stealing sensitive data.

Add Additional Security

Whenever there is the increased risk of threat, it doesn’t hurt to add additional security to combat that. This might be a good time to change some passwords, avoid logging in from other devices, and checking on who has access to what. Keep a sharp eye and make sure there’s no funny or phishy” business going on.

Don’t Trust Strange Links or URLs

If you’re browsing online and add things to your various online shopping carts, you can anticipate a lot of e-mails reminding you to complete your purchase. Hackers will use this as a way of getting into your network. What might seem like an obvious link leading back to your shopping cart, could be Malware waiting to be easily installed on your device.

Stay Up to Date on Your Bank Statement

Last but not least, this time a year is a good time to constantly check on your banking activity. With all the purchases being made, a hacker can use your credit card information to make small purchases without you even noticing. It goes without saying that you should pay attention to what you buy, and if you work at a company, what purchases are being made. This way, if you notice any inconsistencies, you’ll be able to address them quickly

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

URL
May 09

Phishing Scam: What to Ask Yourself Before Trusting That URL

By Hana LaRock | Cyber Scams , Security

These days, most people would say that they can tell the difference between a good URL and a bad one. In fact, most people may not even consider the fact that a URL could be ‘bad’ in the first place. The only time anyone might second-guess a URL is because it would have a lot of strange numbers or characters. However, hackers know that most people are aware of this, which is precisely why they’ve gotten more sophisticated on creating URLs that will trick people.

Whether you’re a personal user or you’re the CEO of a company, here’s why you should think twice before trusting a URL, and how to recognize the signs of a hack.

It All Starts with Language

The first step in being able to identify a bad URL is by understanding what a URL is. A URL is, of course, letters that are put together to make words (or made up words) to lead you to a place on the Web. Maybe you’ve never realized it before, but, almost all URLs on the web are made of English characters. That’s because the Internet was designed initially for an English-speaking audience.

The problem is (or, rather, the benefit for hackers) is that there are many letters in the English language that look exactly the same as letters in other languages. Although these letters don’t hold any of the same phonemic significance, they can be manipulated to make fake URLS that are a mix of letters in other alphabets and English letters. This is known as an “IDN Homograph Attack.”

How to Prevent a Homograph Attack

The reason these fake URLs are able to be created is because the phisher on the other side of the screen has found a website that has let he or she create a domain in which they can take characters from different languages. While a lot of these sites are cracking down on this behavior, it’s pretty much possible to find anything on the Internet. So, one of the easiest ways to stop an IDN Homograph Attack is by restricting IDNs under your browser settings. If this isn’t an option for your company, (maybe because you work with many international businesses) new technology is coming out in various browsers that when updated, will help protect you against such attacks.

Other Ways to Detect Danger

Homograph attacks aren’t the only ways in which people are tricked into opening bad URLs. As long as you know what to look for, you can detect danger and put a halt to it before being affected.

  • Is the Site You’re Going to Secured?: Most browsers will let you know if a website is “unsafe” before continuing. If you see a warning but you’re fairly confident that it is safe, check if the site has security seals. Something as simple as seeing that green address bar can help you be sure.
  • Are the Letter Cases Different?: Typically, letter cases don’t make much of a difference when you’re trying to visit a website. But, checking the letter case on a URL, especially if it was sent to you via email, can help prevent an attack. If something looks out of place, exercise caution, and instead, type in the URL on the address bar as you know it.
  • Is the SSL Certificate Up to Date?: If the website’s SSL Certificate is expired, this could be a red flag. It may not be that the website is being run by a hacker, but it could make the site itself more vulnerable to hackers who want to use it as a bridge to get to you.

Cyber scams can be hard to detect. If you want to protect your company, knowing the signs of such attacks like these are important. Next time you click a new URL, stop and follow these steps.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

May 02

Will You Be Able to Recognize Executive Impersonation Fraud?

By Hana LaRock | Cyber Scams

There are all different kinds of ways for a hacker to breach a system, and it seems like once we figure out how to prevent one of them, another one arises. Whether it’s Malware or Phishing scams, it’s hard to predict what the next one will hit and when it will be.

But, right now, there’s a new scam on the rise, and it’s just as concerning as it is clever. Executive impersonation fraud is becoming more and more prevalent and harder to catch. Will you be prepared if it’s used against you?

What is Executive Impersonation?

An Executive Impersonation is yet another type of Business Email Compromise scam. While it may seem like the type of hack anyone could attempt, it’s in fact, very sophisticated. Hackers who do this go to great lengths to pretend to be an executive of a company and seek the information they are looking for. Therefore, it’s one of the hardest scams to recognize.

In an Executive Impersonation hack, hackers target businesses that frequently do wire transfers. These hackers, or impersonators, “take the place” of a CEO, attorney, or trusted vendor with a leadership position; someone who has the power to initiate a bank transfer. Needless to say, these hackers can get their hands on all kinds of sensitive information and use it to their benefit.

Who are the Scammers?

Though many of us tend to fear the biggest threat actors when it comes to data breaches, an Executive Impersonation attack doesn’t need to be carried out by a whole country. Like many other scammers out there, it could just be a random individual. That being said, it does take a lot of research to impersonate a high-powered executive, and we can assure you that these hackers read up.

Which brings us to our next point…

Why Do People Fall For It So Easily?

These days, when you can hide behind a computer screen, you never really know who you’re dealing with. You may wonder how someone could so easily fall for one of these Executive Impersonation scams, but what you really should be asking is, “How can you not?”

First of all, when a CEO gives any type of order, it’s usually respected. Most people, when given a request by someone in power, will automatically say “yes.” The scammers make sure to use that factor to their advantage while replicating business practices unique to the company they’re hacking. To carry out this type of hack, they will ultimately conduct wire transfers on unauthorized funds by compromising email accounts.

Preventing Attacks

The first step to preventing attacks like these is simply being aware. The more your company is up to date with what’s out there, the higher chance you’ll have for keeping yourself safe.

Who is a Target?

If you think just because you’re a small business you won’t be a target for an Executive Impersonation hack, think again. Smaller businesses tend to be the most vulnerable since often times they’ll put their cyber security on the back burner. Therefore, making sure you take as many precautions as possible, like practicing two-step verification and strong passwords, will help you stay safe.

Know The Different Ways Hackers Carry Out the Attack

In Executive Impersonation attacks, there are three main ways in which the hack is carried out:

  • Executive/Attorney Impersonation: When the hacker pretends to be an attorney asking for money for a time-sensitive transaction for whatever reason. Usually, the “attorney,” or the account that’s hacked, is a person in which the company already knows and trusts, and would have no reason to question the request.
  • Data Theft via Human Resources: This is when the hacker impersonates the CEO by compromising his or her email, then contacting someone in HR, Finance, or any other department that deals with the payroll. That employee will then send the “CEO” the payroll or sensitive information requested without second-guessing it. Then, the hacker will use this info to get what they want.
  • Executive Money Transfer Request: This is when an Executive Money Transfer Request is put through when the hacker compromises the executive’s email. They will contact the person who handles money at the office (again, HR or Finance) to submit a direct transfer to a “vendor” or “customer” account.

No cyber attack can be a 100% prevented. However, if you know the signs of an Executive Impersonation attack while making sure your systems are secure, you should be in good shape.

Smeester & Associates can help CEOs like yourself make the right decisions for your company, whether those involve cyber threats or other concerns in your IT department. To see if you’re at risk of a security breach, take our RiskAware™ Cyber Security Scan & Report today.

social media cyber scams
Mar 07

Watch Out for These Common Social Media Cyber Scams

By Hana LaRock | Cyber Scams , Security

Social media is one of the most important things that companies use to drive their business. It’s an amazing way to get more connected to people, have constant communication with customers, and easily implement your inbound marketing campaigns. However, with every good thing, there’s usually a downside. And, the downside to utilizing social media too much is that you can quickly fall victim to a hack.

If your company uses social media at all with your business, then you must be aware of common social media cyber scams. Here they are:

When a Hacker Uses a Fake Social Media Account

Sometimes a hacker can impersonate a social media account user from a bank you use or a company you do business with. This is known as Angler Phishing.

Let’s say you go on Twitter or Facebook to get in touch with a company, either by making a tweet, a post, or sometimes, even sending a message. Something like, “Hey @appname, I need help with…” This is now public information. A hacker can then pose as the customer agent that wants to reply to your post.

In that message, they may add a link that looks exactly like a link that would come from the app company, bank, or whoever you’ve tweeted at. If you follow that link, it becomes very easy at that point for the hacker to get all your information. The solution? A reputable business probably won’t need to have you solve a problem this way. It’s always best to get in touch with someone directly from the company before making a bad mistake.

Hitting “Like” Buttons That Aren’t Really “Like” Buttons

It seems so simple, liking a post on Facebook. You do it every day, probably multiple times a day. But, when you yourself or an employee of your business goes to like something on Facebook, there’s a chance that that like button has been hacked as a means of tricking you. You thought you were giving an individual or an organization a compliment. But, now, you’ve just downloaded Malware onto your computer.

This is known as “likejacking.” These can spread like wildfire too, because after you’ve clicked that link, it can share it on your feed, putting your friends at risk, too.

Sneaky Subscriptions

Have you ever seen a quiz or game come up on your news feed? It looks like fun and all your friends are doing it. Plus, you’re pretty bored at the moment and any type of entertainment would be good right now. So, you decide to click the “play now” or “take the quiz” button. But, before you can start doing anything, it asks you for your phone number or email address.

Suddenly, you’ve just become a victim of a sneaky subscription social media cyber scam. You’ve been signed up for something without your consent. And, if you signed up with your cell phone number, a hefty amount has just been added to your monthly phone bill. Ouch.

A Believable Facebook Post by Shared By a Friend

When something is coming from a friend you know on Facebook, it has to be trusted, right? After all, your friend would probably know that he or she has been hacked, and would do something about it. But, the fact of the matter is that hacks have gotten a lot more believable over the years. Hackers know that people are able to identify hacks much easier than they’ve been able to in the past, so they’ve adjusted their hack accordingly.

So, when your friend shares something on Facebook that says something like, “Wow, check out this crazy video” with a link attached, DON’T click on it. Most of the time, the wording is made out to sound like your friend, and it sometimes takes a while before they even know this message is going around.

Fake Affiliate Program Promotions

You’re scrolling in a Facebook group you like or see an ad or post for an offer that sounds so intriguing. An airline you like is giving away a free trip if you get 100 likes. A store you shop at is giving out a giftcard if you just share their link. Does it sound too good to be true? Then it probably is. Remember, there’s no such thing as a free lunch. Don’t fall for something like this. It’s a very easy way to become a victim of a cyber scam.

We use social media every day of our lives. Whether you’re using it for business, our own personal use, or both, it’s important to stay aware of potential social media cyber scams.

Here at Smeester & Associates, we can help you find tools and recommendations necessary to keep you or your company safe on social media. And, if you want to know if you’re at risk or not for a cyber scam already, check out our RiskAware™ Cyber Security Scan & Report.

threat actors
Feb 18

These Nation-States Are The Top 3 Threat Actors in the Cyber Security Game

By Hana LaRock | Cyber Scams , Security

Threat actors can be responsible for seriously impacting another organization’s security. Experienced threat actors with the right resources can hack an organization either externally, internally, or as a partner. Theoretically, a threat actor can really come in any kind of form, but in this case, the biggest actors usually act has whole governments or nation-states.

It’s very important for people to read the news once in a while and be aware who the biggest threat actors are. Whether you’re just an individual who surfs the web on occasion or you’re a huge company that does business globally, you can still be at an equal risk. These groups only need to possess the ability to potentially cause impact in order for them to be considered a major threat actor.

So, who are the biggest threat actors in the cyber security game that you need to look out for? Read on.

1. China

China is neither an ally or an enemy of the U.S. But, when it comes to cyber security, the United States can’t be too careful. That’s because according to comments made by FBI director James Comey, prior to 2015, the Chinese had been the most industrious nation responsible for cyber attacks. One of the biggest threat actors, China has been reported to conduct complex intrusion campaigns to obtain sensitive information that would have supported their state-owned enterprises.

This type of data theft is one of the driving factors that led to the U.S./China agreement over the theft of intellectual property. It’s believed to this day that China was involved in two major breaches, the Anthem Breach, and the OPM Breach. In addition to that, the FBI released a study of 165 companies that experienced data breaches, and 95% of those breaches had come from China. Though it’s believed that the prevalence of attacks from China have somewhat decreased, U.S. companies still need to be aware of how this threat actor could affect them.

2. Russia

Coming in second place is the sanctuary for asylum-seeker Edward Snowden, Russia. It seems as though the Kremlin is always making headlines for cyber security hacks, most recently for their involvement with the DNC and the White House. But, even before then, it’s no question that Russia has consistently played a huge role as one of the biggest threat actors in the world.

And, when it comes to Russia’s involvement, they’ve proved that there is really nothing too big or too outlandish for them to hack. As if the U.S. government isn’t enough, they’re also known to have hacked the medical records of U.S. athletes- Olympic athletes- who had participated in last year’s games in Rio.

3. ISIS

Number three may be a tie between several countries or groups, but because of its uniqueness, ISIS is at number three on this list. ISIS is named a huge threat actor because of its attacks in 2015 and 2016 on the European Union. They also made news for their attack in 2016 that targeted close to 3,000 New Yorkers. Though these New Yorkers possessed nothing in particular that would have made them targets, it’s yet another reminder that you don’t need to be a large company or organization to have your private information hacked.

What These Threat Actors Mean for You

Of course, no one can forget the hack North Korea pulled last year on SONY, which caused the movie to be pulled out from theaters entirely. That was a sophisticated hack the likes of we’ve never seen before. We’ve also seen hacks from Iran and Syria. And, there’s no telling who we may be able to add to this list in the future.

You might be thinking, “How would these nation-state threat actors even get to me?” Well, the thing with these hacks is that they usually occur on such a large scale and are often very complex. It can be months before a company even knows they’ve been hacked. Most of the time, they won’t even notice the breach themselves. It’s not until the government or a third-party, like a cyber security blogger, reveals the hack occurred, that the company would be able to do anything about it.

An attack from one of these major nation-state threat actors could happen to you. Does your company have the tools to detect one of these attacks if it occurs? The more time goes by without you knowing about the breach, the more damage can be done.

Here at Smeester & Associates, we can answer your questions about threat actors and let you know if you’re at risk. Make sure you take our RiskAware™ Cyber Security Scan & Report to see where your cyber security efforts currently stand.

Nov 25

How to Stay Safe on Cyber Monday (Or Any Other Day)

By Hana LaRock | Cyber Scams , Security

Nowadays, people find it a lot easier to do their shopping, especially their holiday shopping, online. But, when customers from all over the world are using their sensitive information to make purchases, there is always the risk that a security breach could occur. And, that that security breach could put you at a serious risk.

Black Friday is over, and so far, there haven’t been any major incidences. (At least compared to previous years.) While that’s all great to hear, that doesn’t mean it’s time to let our guard down just yet. The cyber threat is still prevalent and we need to be on guard.

If you plan on participating in Cyber Monday or any other kind of online shopping this holiday season, here are a few tips on keeping yourself safe behind the screen.

cyber-monday-theftAvoid Using Your Mobile Devices

Though using your mobile device to make a purchase is definitely time-efficient, it’s not always safe. There are a lot of companies that use mobile apps to cater to their users. While this is a nice thing for both the company and the user, it can also be a nice thing for any hacker who won’t even need to lift a finger to take your information. Stick to a computer that you’re familiar with.

Consider Alternative Payments

If your browser asks you if you want it to remember your card information, don’t check off that box. Even if it’s your own personal computer, this kind of thing makes it easier for anyone to take your information. And, even if you opt out of having your credit card memorized, you should consider leaving the credit card or debit card behind altogether. If you have gift cards, Paypal, or a prepaid card, it’ll keep you a little safer.

Go With Companies You Know

Maybe a lot of those third-party, out-of-country eCommerce sites have some really good-looking deals. And, while some of those sites may be very well legitimate, you should never buy from a company that you haven’t heard of. Stick to the places and the names you know and love. There’s a better chance their online shopping platform is just safer, and if a breach were to happen, that they would at least do their best to make sure you’re protected.

Trust Your Gut

Cyber Monday and the holiday season, in general, are pretty overwhelming days to be on the Internet. There are a lot of good deals out there that are really convincing. But, not all deals are what you think they are. Some are really deceiving. It may not be that there is a hacker running a fake website with fake deals directly behind the screen. But, it may mean that the website you see one of these “deals” on may not be one that’s safe to use, for one reason or another. Therefore, just remember the old advice, “If it looks too good to be true…” Trust your gut before trusting these people with your bank information.

And, if you’re a company…

If you’re a company who is selling products online on Cyber Monday, or any other day for that matter, make sure you’re taking every possible cyber security precaution there is to protect you and your users. You should also consider taking out cyber insurance or consulting with your provider about additional measures. Remember, your customers are trusting of you, and they wouldn’t want a little purchase on your website to lead to a complete loss of their identity.

Cyber Monday is just a few days away. Are you prepared? No worries! Smeester & Associates is here to help. 


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Nov 04

Are Outdated Browsers Leaving Your Business Vulnerable?

By Scott Smeester | Cyber Scams , IT Best Practices , Malware , Security , Security Best Practices

Users must regularly maintain, patch and update software, applications, plug-ins and more, but just how many businesses are overlooking this important security concern? In our latest chart, we reveal the percentage of users running outdated browsers. As you know, cybercriminals continually look for vulnerabilities to exploit in frequently used programs. Proper patch management, however, helps prevent devices from becoming compromised. So how do you have this conversation with potential clients, and which questions should you expect to answer?

outdate-browsers-vulnerable-statistics

WHY ARE EXPLOITS POPULAR AMONG CYBERCRIMINALS?

As software becomes more advanced, it becomes virtually impossible to eliminate all potential vulnerabilities. Consider all the lines of code on a single operating system, and then note every single program and application installed on top of that. You need to protect all of it, but a lot can go wrong. Attackers only have to find one flaw to manipulate in order to gain access – hence why these attacks are so popular. Typically, cybercriminals are looking to pick the lowest-hanging fruit, and software vulnerabilities are easy targets. Hackers also favor attacks that can do the most damage. To exploit a vulnerability, they seek applications with a high volume and frequency of usage. That way, they can maximize their attack surface. This is why Adobe Flash, Microsoft Office and other similar applications are attractive targets for attacks.

WHY DO I NEED PROACTIVE PATCH MANAGEMENT TO PROTECT AGAINST EXPLOITS?

A recent HPE cyber risk report shows that 2015 was a record year for the number of security vulnerabilities reported and patches issued. However, what good are security patches if they’re never installed? Businesses today are faced with an ever-changing security risk landscape, which means that threats are becoming stealthier and more sophisticated. If your applications aren’t updated with the latest security patches, you run the risk of being successfully exploited by attackers – which can lead to unplanned downtime, sensitive data being compromised or even a data breach. Proactive patch management is essential to an effective security and business continuity strategy, because it only takes one device to compromise an entire network.

WHY SHOULD I WORK WITH AN MSP FOR THIS?

Most small- and medium-sized businesses (SMBs) don’t have the time and bandwidth to stay completely up-to-date on the latest security flaws and updates. That’s where Smeester & Associates comes in. We can help mitigate these risks with a proactive monitoring and management platform that deploys patches remotely and at a time most convenient for you. You don’t have to worry about the health of your IT system. It’s our job to manage the patching process and make sure that policies are continually revisited and improved. When you work with us, you can rest easy knowing your data is protected and your network, secure. And rather than burden your staff with this responsibility, our 24x7x365 expert support team is trained to take care of this for you.

Also, it’s important to remember that just because a new patch is released doesn’t mean that it should immediately be deployed. Often, patches will contain unseen vulnerabilities, have installation issues, or even prevent machines from successfully rebooting once the installation is complete. We can provide you with additional security, peace of mind and uptime by testing and researching patches before pushing them to your machines.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Nov 02

Don’t Be the Low Hanging Fruit for Cyber Criminals

By Hana LaRock | CEO Best Practices , Cyber Scams , Infected Computer , Security

While cyber attacks can happen to anyone regardless of the size of your company or what sector you’re in, there are some exceptions. Though hackers are good at what they do, you can make it harder for them to target your company. Even if everyone is a potential victim, you can make sure you’re not at the bottom of the totem pole. Don’t be the low hanging fruit for cyber criminals.

Follow these tips to make you less desirable or less obvious to hackers on the prowl.

Don’t keep your passwords simple

While you might want an easy way to remember all your passwords, keeping them all the same is essentially asking hackers to come knocking at your door. And, they probably won’t be so polite that they’ll knock first. Your passwords should not only be unique and very difficult to figure out, but they should be different for each one of your accounts associated with your website or business.

It’s also a good idea to use fake answers for security questions and two-step verifications, as any cyber criminal with a little but of time can figure out your personal answers. If you’re worried about remembering all these passwords, you can use a password manager to help. Additionally, think twice before saving your password on websites (and credit card information) when your browser asks you.

Use a VPN

Using a VPN is a great way to protect your connection, especially if you’re hooking up to a public WiFi network. That’s because a VPN hides your IP address and encrypts all traffic coming in or out over a certain internet connection. This is one of the easiest ways to avoid being the low hanging fruit for cyber criminals.

Encrypt your hard drive

Don’t make your hard drive an open door. Encrypt it. There are thousands of ways hackers can get into your hard drive, sometimes even physically. Block it off and make sure you’re the only one that can access it.

Spread your data out

In addition to encrypting your hard drive, you also shouldn’t keep everything in one place. Sensitive information should be spread out among different places to make it harder for a cyber criminal to really cause damage.

Don’t open anything “phishy”

We shouldn’t have to say this, but if you need a reminder, please, oh please, don’t open anything in your email that looks suspicious. A lot of the times, hackers use phishing as an easy way to hack your system. Anything that looks out of the norm probably is. DELETE and notify the company that someone is using their name and logo to try infect you.

Take advice from the experts

An easy way to be the low hanging fruit for cyber criminals is by simply ignoring the issue of cyber security. Even if you’re a small business (actually, especially because you’re a small business), you should really take advice from someone who knows best. Using a managed security service is one way to go about it. Another way is to talk to us at Smeester & Associates, because we can steer you in the right direction.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Jul 29

Tech Stuff :: What You Need to Know About Pokemon GO

By Scott Smeester | Bring Your Own Device (BYOD) , CEO Best Practices , Cyber Scams , Infected Computer , IT Best Practices , Malware , Ransomware , Security

Pokemon GO is creating some major mobile security concerns.

Pokemon GO is creating some major mobile security concerns.

If you haven’t already heard, Pokémon GO has quickly become the biggest mobile game in U.S. history. However, the game’s rapid rise in popularity has also raised some major mobile security concerns. Its millions of users may not be aware of the many data vulnerabilities that lay hidden within the game and its privacy policy. Are you one of them? Here are the answers to your most pressing Pokémon GO questions.

  1. What Is Pokémon GO’s Privacy Policy?

Like most apps out there, Pokémon GO does collect data about its users. When first downloading the app, users need to sign in with a Google account and grant access for the app to use your camera, data and contacts. According to the Pokémon GO privacy policy, Niantic may also collect your username, email address, IP address, the web pages you were using before logging into the game and your entire Google account. In addition, the privacy policy gives the company wide latitude for using all of this information. Niantic can hand personally identifiable information (PII) over to law enforcement, sell it off and even share it with third parties.

This full access can be a huge security risk, and Niantic recently addressed this concern with a statement saying they are fixing the bug that allowed the app to gain full access to users’ accounts.

  1. Why Is Pokémon GO a Target for Cybercriminals?

Niantic’s gigantic database of data is full of information provided by its users, which makes it the perfect target for hackers and criminals. If the Niantic servers are hacked, the hijackers could potentially have access to all of your personally identifiable information (PII). The company has offered minimal details on how it plans to store all that data, but promises that it is taking the appropriate measures to protect the large database of PII – the type of information that hackers have been increasingly targeting.

  1. What Are Other Major Security Concerns with Pokémon GO?

The public nature of Pokémon GO has caused some unforeseen side effects and attracted other cybersecurity concerns. Many fake versions of the app have been uncovered, which contain malware that can lock your smartphone and cause more harm. Also, criminals have reportedly been able to use the geolocation feature to lure players to remote areas and rob them at gunpoint. This shows that although the new game has received an abundance of positive feedback, there are some major dangers that players aren’t aware of.

  1. What Problems Can Pokémon GO Present with the Rise of Bring Your Own Device (BYOD) in the Workplace?

The vulnerability of mobile data within Pokémon GO means that there’s a greater need for managed IT security. Especially with the ongoing trend of BYOD, the likelihood of introducing unwanted cyber activity and harmful attacks via these connections is at an all-time high. If your employees are using unprotected devices when using the game, it could lead to exposing sensitive business data in the event of a hack.

  1. How Can I Stay Protected When Using Apps Like Pokémon GO?

Pokémon GO is a prime example of the various security risks that are presented with unprotected mobile devices and the growing need for managing these endpoints. By leveraging a solution like mobile device management (MDM), you can greatly reduce these risks. MDM gives you the ability to remotely wipe an individual’s data if a device is compromised. An MDM solution will also allow you to implement app management policies and put restrictions on app purchases from non-validated markets.

Nov 27

5 Ways to Stay Secure Online

By Scott Smeester | CEO Best Practices , Cyber Scams , IT Best Practices , Ransomware , Security , Wireless Security

stay-safe-onineUsing the internet to do business brings huge opportunities and benefits, however just like a shop on the street, you need to take a few security measures to protect your business. It’s just as important as locking your doors or putting your cash in a safe, and most security issues can be addressed with simple security practices.

  1. Hook up to a network that you know.

Free Wi-Fi is tempting, but be sure that you consider who is providing the connection. Public connections at the local coffee shop are usually unsecured and leave your machine open to outsiders. While these networks provide a convenience, there are risks to be aware of.

  1. Bank and shop with caution.

Shopping from familiar websites is a good place to start. Stick with the reputable sites that are tried and true – like Amazon or eBay. Also, when checking out and finalizing the purchase, look for the ‘padlock’ symbol or the abbreviation ‘https’ in the address bar at the top of your browser. This will ensure that you are on a secure, encrypted part of this webpage. Keeping an eye on your bank statements for suspicious activity is always a good idea, among these other best practices for shopping online.

  1. Use secure passwords.

Passwords for logging into any website should contain a mix of letters, numbers, and special characters – as well as be different for each website that you log into. It can definitely be a pain to remember all of these passwords, but ask yourself which is more of a pain – remembering these, or recovering stolen personal information.

  1. Lock Your Computer.

When you walk away from your machine, lock it. In Windows, it is as easy as pressing the Windows key + L. On an Apple Mac, pressing “Control+Shift+Eject” will do the trick (unless you do not have an optical drive, then you can hit the “Power” key instead of “Eject”). This practice would be the equivalent to deadbolting the front door of your home. It acts as a deterrent to the bad guys as well as a line of defense. It may even be worth setting up a password lock on your Apple or Windows machine as well.

  1. Do not click on anything unfamiliar.

If an offer is too good to be true, it probably is. If you get an email from an unknown source, do not click any of the links within it – and immediately report it to your IT department. If a window pops up while browsing a website, immediately close it. Familiarity is always your friend. Using your judgment and trusting your gut is the ultimate defense when online. Always play it safe!

Photo: geralt


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!