Other issues in this category (75)
The keys to life
Friday, August 6, 2021
Nowadays, the well-known demand robbers make—"Your money or your life"—can safely be replaced by "Your mobile or your life". Indeed, the mobile device has become not just a means of communication, but also the key to its owner’s finances and private life. And the value of this data for its owner and for cybercriminals can significantly exceed the value of the device itself.
Let's try to imagine what a thief can get after taking possession of your smartphone and how they can use the acquired information.
Social networks and messengers
In addition to the fact that a stranger reading your personal messages is in itself unpleasant, the information in them may cause a backlash against you and your friends. For example, an attacker can use your personal information to blackmail you, and they can email all your friends a message asking them to loan you money.
Even if you almost never check your mailbox, it remains an essential element that ensures the security of your accounts for various services. After all, an email address is used to create most accounts, and therefore—to reset their passwords. And it's not just about social networks—cybercriminals can gain access to passwords for payment services or other resources that let you use your credit card as payment.
If the previous two points primarily focused on smartphones, then in the case of SMS, any mobile phone can be involved, not the device itself but its SIM card. When cybercriminals gain access to it, they can transfer money from your credit card, sign in to the remote banking system, change the online banking password and bypass two-factor authentication.
There are many cases when cybercriminals, after gaining access to someone else's smartphone, don’t just transfer all the money from the victim's accounts, but also take out an express bank loan directly in the online banking application.
We have considered only 3 points, but it's already getting creepy, isn't it? Better to lose one’s wallet, for that matter... But that’s far from all the possible scenarios because, after all, your smartphone also contains your photos, location history, personal data and confidential documents.
To some degree, this situation also applies to other devices, such as laptops or tablets. Each gadget contains a lot of information that can cause considerable damage if it gets into someone else's possession.
So what can you do to avoid trouble?
The most banal advice: don’t lose your mobile, don’t give it to strangers and don’t even for a few minutes leave your phone unattended in a public place. Excellent advice, but let's draw an analogy with a car driver. Can the most careful and attentive driver get into a car accident? Without a doubt—yes. Can a seat belt increase a driver's chances of surviving and staying healthy? Sure. Fortunately, such "seat belts" exist for your gadgets. They will help you to keep your data and gain the time needed to prevent possible negative consequences.
A device unlock password
A password is the first cordon of protection for your mobile or laptop. Remember: when you are not using your gadget, it should always be locked. When it comes to a smartphone or a tablet, you can choose the authentication method most convenient for you: password, unlock pattern, or user biometric identification. In this case, the most reliable way to protect it is to use a password or a PIN code: nobody guesses an unlock pattern on the basis of a greasy fingerprint on the screen or puts your finger on the sensor while you are sleeping. Anyway, using any of the proposed methods will create needless problems for hackers and force them to spend time trying to crack the coveted key.
Tip: Do not use the same password or PIN code to access your mobile and the online banking application installed on it.
If a laptop is involved, be sure to use a password to sign in to your account and make it a practice to lock your computer when you leave your workplace. It would also be a good idea to configure your account so that it automatically locks when your device is inactive or your laptop’s lid is closed.
Many modern devices have a default data encryption option on the internal media. But it's still better to be sure that it is enabled. If your smartphone has a slot for memory cards, you can configure data encryption on external media. Thus, even if a hacker retrieves a card, they will not be able to read its contents.
Data encryption has another significant benefit: once you turn off or restart your laptop, smartphone or tablet, a thief will not be able to re-load it without entering the password.
Set a PIN code on your SIM card
About 15 years ago, such advice was common, but now many users have forgotten about this simple but effective means of protection, and this feature is disabled by default in modern SIM cards. That's a pity because it prevents an attacker from gaining access to your mobile number!
Let's say you are using encryption and a strong password, which means that a thief cannot search through the contents of your mobile. But they can remove the SIM card, insert it into another mobile, reset the passwords of the accounts linked to your mobile number, and transfer money from your bank account before you’ve had time to realise what’s happened. Believe us, that takes much less time than getting to the nearest mobile shop and having your SIM card reissued.
Using a PIN code solves this problem perfectly and blocks yet one more channel through which data can leak.
Remote control over a device
Most modern gadgets are linked to a network account and support the possibility of remotely controlling lost or stolen devices. The basic functionality typically includes the ability to determine a device’s geolocation, block the gadget, and remove information on it remotely. If you are not using these features, we strongly advise you to enable them.
But what do you do if your smartphone or laptop gets lost, and you do not see any chance of it being returned?
First, you should attempt to sign in to your account and try to determine the device’s location—perhaps it simply slipped down the back of your sofa. If that does not work, it makes sense to send a command to your gadget to block or delete information. Even if your device is offline, it will execute the command as soon as it is connected to the Internet.
The next step is to visit your cellular operator’s store to replace the SIM card (if your device supports this option) and to call your bank to request that they suspend the possibility of your bank account being controlled remotely.
After that, you should "unlink" the missing gadget from services that incorporate this option—for example, from messengers and social networks, and change your passwords for the most important accounts.
Done. Now you can go to the store to buy a new device, which will serve as storage for your secrets for years to come.
The Anti-virus Times recommends
Be careful with the security of your gadgets: your peace of mind and financial well-being depend on them. It is better to be upset over a stolen mobile than it is to be left without your mobile and the money in your bank account, and with a loan of several thousand dollars to boot.
Use all of these security measures in combination with each other. This is the only way you maximise their effectiveness so that all possible loopholes are blocked to attackers.
There is no such thing as too much security! Dr.Web for Android users can count on the extra protection their devices get thanks to the Anti-theft feature. Even if you cannot use standard search functions and device blocking (for example, attackers crack your phone’s unlock code), Dr.Web Anti-theft will protect your information from getting into someone else's possession. It will block the gadget if it is rebooted, a SIM card is changed, or a wrong unlock password is entered; it will let you know the location of your device and remotely control it via the site or via SMS commands sent from trusted numbers.
Dr.Web Anti-theft can be used in combination with standard Android protective mechanisms, or it can be an independent security solution—it not only matches the functionality of standard tools but also surpasses them for a number of parameters.