Cybercriminals Archives - PC Tech Magazine https://pctechmag.com/topics/cybercriminals/ Uganda Technology News, Analysis & Product Reviews Mon, 09 Dec 2024 08:01:55 +0000 en-US hourly 1 https://i0.wp.com/pctechmag.com/wp-content/uploads/2015/08/pctech-subscribe.png?fit=32%2C32&ssl=1 Cybercriminals Archives - PC Tech Magazine https://pctechmag.com/topics/cybercriminals/ 32 32 168022664 In-App Purchases Are Compromising Children’s Online Safety and Privacy https://pctechmag.com/2024/12/cybercriminals-are-using-in-app-purchases-for-identity-theft/ Mon, 09 Dec 2024 08:01:55 +0000 https://pctechmag.com/?p=81259 With more young people gaming during school holidays, parents should be aware that cybercriminals may also use online gaming as a platform to access data, which can compromise both the child’s and parents’ personal information.

The post In-App Purchases Are Compromising Children’s Online Safety and Privacy appeared first on PC Tech Magazine.

]]>
As online gaming grows in popularity, children are increasingly spending time on apps that often encourage in-app purchases, especially during school holidays. While these purchases can enhance the gaming experience, they aren’t without risk says Carey van Vlaanderen, CEO of ESET Southern Africa.

Many online games operate on a ‘free-to-play’ model, promising an engaging experience with no upfront cost. However, as children progress in these games, they are often tempted to make in-app purchases to unlock extra benefits and progress faster. These transactions often involve virtual currencies like gems or stars, which must be purchased with real money. This can lead young players to lose track of the financial implications of their gaming.

Carey van Vlaanderen, CEO of ESET Southern Africa. FILE PHOTO
Carey van Vlaanderen, CEO of ESET Southern Africa.

“In-app purchases are designed to be seamless, making it difficult for children, and sometimes even adults, to resist spending. The excitement of the game, coupled with enticing offers and virtual rewards, can make it easy to overlook the financial consequences,” said van Vlaanderen. “More importantly, these purchases also provide a potential entry point for cybercriminals to exploit personal information.”

Consumer spending on app stores is expected to reach USD$200 billion (approx. UGX735.5 trillion) by 2025 with in-app purchases forming a significant portion of that revenue.

With more young people gaming during school holidays, parents should be aware that cybercriminals may also use online gaming as a platform to access data, which can compromise both the child’s and parents’ personal information. “Whatever screen limits you decide on, kids should not be left unsupervised online, especially during the long year-end holiday period when scammers and criminals are well aware that youngsters are online and prone to boredom,” advises van Vlaanderen.

How cybercriminals use in-app purchases for identity theft

  • Phishing and social engineering

Cybercriminals often create fake in-app offers that appear enticing to users. When clicked, these offers can redirect users to fraudulent websites where personal details, including payment information, are collected. This data is then used for identity theft.

  • Malicious apps and updates

Fraudulent apps masquerading as legitimate games may collect personal information through hidden malware. “These malicious apps often come with fake reviews and ratings to make them appear credible,” notes van Vlaanderen. “Parents should exercise caution when downloading new games, ensuring that apps are from reputable developers.”

  • Exploiting in-app payment systems

During in-app purchases, users are often prompted to enter payment information. If these payment systems are not adequately secured, cybercriminals can intercept the details which are later used for fraudulent purchases elsewhere.

Also read:

Key strategies to creating a safer digital experience

  • Control purchase options

Parents can control in-app purchases by disabling them through device settings. For example:

    • On iOS devices, navigate to Settings > Screen Time > Content & Privacy Restrictions to block in-app purchases.
    • On Android devices, use the “Purchase Approvals” feature in Google Play to manage and approve transactions.
  • Monitor subscriptions regularly

Keeping track of subscriptions helps parents spot any unexpected or unauthorized charges.

  • Utilise comprehensive security solutions

Security tools like the ESET Parental Control App allow parents to manage in-app purchases, block inappropriate content, and protect children from threats on their devices. The ESET Home Security Ultimate solution also helps secure digital activities by removing metadata from shared images, reducing the risk of personal data being exposed.

Parents should first contact Apple or Google to request a refund if a child makes an unauthorized purchase. Both platforms offer dedicated support for reversing such transactions. Sometimes, the app developer may also need to be contacted to assist with the process. “Explaining that the purchase was made by a child without permission can improve the chances of a refund,” van Vlaanderen adds.

While there are risks associated with in-app purchases, many apps offer great benefits for kids. When used responsibly, digital devices and games can be educational, inspiring, fun, and safer for young people.

The post In-App Purchases Are Compromising Children’s Online Safety and Privacy appeared first on PC Tech Magazine.

]]>
81259
How a Secure Web Gateway SWG Can Safeguard Your Business From Cyber Threats https://pctechmag.com/2023/10/how-a-secure-web-gateway-swg-can-safeguard-your-business-from-cyber-threats/ Wed, 11 Oct 2023 16:44:16 +0000 https://pctechmag.com/?p=72618 A secure web gateway SWG is software that monitors internet traffic and inspects data based on a ruleset…

The post How a Secure Web Gateway SWG Can Safeguard Your Business From Cyber Threats appeared first on PC Tech Magazine.

]]>
A secure web gateway SWG is software that monitors internet traffic and inspects data based on a ruleset that adheres to your company’s security policies. It safeguards organizations against malware and suspicious traffic that traditional security endpoint devices may miss. SWG solutions can protect against URL injection attacks, the most common malicious attack. They also protect against unauthorized applications that widen the attack surface in your network.

Malware Prevention

With business operations increasingly taking place over the internet, a secure web gateway (SWG) is essential for businesses to protect themselves against cyber threats. Whether a software solution, cloud-based service, or hardware appliance, SWGs position themselves at the edge of a network and inspect all data passing through it to determine if it should be allowed to enter based on company policy.

SWGs use URL filtering, content filtering, and SSL inspection to manage the incoming traffic to your network. For example, all data accessed from the internet must pass through your SWG. Like security guards check a person’s belongings before allowing them through a physical security checkpoint, SWGs look at all data to ensure it doesn’t violate your cybersecurity policies.

A SWG also scans and analyzes all files for malware, using either blacklists of known malicious code or machine learning algorithms to detect unknown threats. Then, it prevents users from downloading and executing this harmful code on their devices. Furthermore, a SWG can work with your firewall to provide comprehensive internet protection. The two are complementary, as firewalls deny entry into your network by rules, while a SWG looks at all data to spot potential cyber threats that rule-based detection may miss.

Detecting Malware

Real-time traffic monitoring identifies and blocks threats in the early stages of attack. This keeps malware from entering the network and wreaking havoc. It also prevents employees from visiting malicious websites that can slow or disrupt business operations. SWG solutions use various detection methods to scan web content, looking for malware and other security threats. They often use a combination of signature-based and behavior-based detection technologies. Detection methods include:

  • URL and content filtering.
  • Scanning files and scripts for malware signatures.
  • Using machine learning to identify suspicious patterns.

A SWG can be deployed as a hardware appliance or a software-based SaaS solution. The former is typically used in larger, physical locations, while the latter provides businesses more flexibility to protect remote workers.

Regardless of deployment method, SWGs inspect all incoming and outgoing data to ensure it aligns with an organization’s security policies. This includes analyzing the contents of emails, records, and other documents for threats and compliance violations.

A SWG can even analyze encrypted data – such as HTTPS sessions – to detect malicious code and vulnerabilities that attackers often attempt to hide using encryption. This is known as SSL/TLS inspection. It’s a critical feature that helps avert cross-site scripting (XSS) attacks, which account for 40% of all web attacks.

URL Filtering

URL filtering allows an SWG to scan web traffic for malicious code and block access to websites deemed off-limits, such as gambling, pornography, or terrorist sites. This can prevent employees from accidentally clicking on a malware link while researching topics or conducting business online.

SWGs often use a database of whitelists to validate URLs, a blacklist to restrict sites deemed off-limits, content filtering that checks files for recognizable malware signatures, or uses machine learning algorithms to identify suspicious code. In addition, SWGs can perform SSL inspection and decrypt HTTPS traffic to scan for malicious code or content hidden in encrypted traffic.

Employee negligence is the leading cause of data breaches, and employees who accidentally click on a phishing scam or download a malicious file can put your organization at risk. To prevent these risks, an SWG can block access to known bad websites and content and may also include sandboxing technology that can safely detonate and analyze malware payloads in a controlled environment.

Content Filtering

To prevent cyberattacks and protect sensitive data, a SWG solution must be capable of filtering web content. Using a SWG, you can monitor all the data that passes through your network and block anything that doesn’t comply with company policies. This is necessary for businesses that depend more on remote employees and cloud applications.

SWGs use signature-based and behavior-based detection methods to identify threats that could enter or leave your networks, including malicious files, malware-infected websites, phishing attacks, etc. This allows SWGs to protect your business from a wide range of cyberattacks launched by outside hackers or insiders, such as disgruntled employees or vendors.

Depending on your SWG type, it may also decrypt SSL/TLS sessions to scan for malware and other security risks. This feature is useful for protecting your network because most malware today uses SSL/TLS encryption to hide in plain sight.

Additionally, most SWG solutions can track data that is leaving your network. This helps your business keep track of what apps and sites employees access and whether they leak sensitive information, such as credit card numbers or confidential data. By detecting data leaks, SWGs can help you enforce compliance with industry regulations and standards such as HIPAA, PCI, and GDPR.

The post How a Secure Web Gateway SWG Can Safeguard Your Business From Cyber Threats appeared first on PC Tech Magazine.

]]>
72618
5 Most Fearsome Cybersecurity Threats and How to Protect Yourself https://pctechmag.com/2023/06/fearsome-cybersecurity-threats-and-how-to-protect-yourself/ Tue, 13 Jun 2023 21:00:45 +0000 https://pctechmag.com/?p=70897 We regularly hear about cybercrimes that have threatened high-profile companies or even put national security at risk. The…

The post 5 Most Fearsome Cybersecurity Threats and How to Protect Yourself appeared first on PC Tech Magazine.

]]>
We regularly hear about cybercrimes that have threatened high-profile companies or even put national security at risk. The global cost of cybercrime is already close to $10 trillion. This staggering number confirms that cybercriminals could target anyone with an online presence.

Protecting the integrity and security of your data from cybersecurity threats should be a top priority. Using specialist companies such as Impact ICT, for example, can help reduce the prospect of a successful attack and minimize the consequences of discovering that your data has been compromised somehow.

It helps to understand what the most fearsome cybersecurity threats are so that you can be vigilant. Here’s what you should know.

An easy way to exploit human vulnerabilities

One of the most pervasive forms of hacking and one of the most common cybersecurity threats is social engineering.

What this entails is cybercriminals exploiting human errors. These criminals know that fooling a human is far easier than trying to find a way through a technical loophole.

The vast majority of data breaches are a result of human interaction and frailties. Social engineering is used to obtain sensitive personal data. Phishing would be a prime example of social engineering in action.

Software configuration errors

Cybercriminals are constantly looking for configuration mistakes in software setups that they can exploit. It is always a good idea to get the help of cybersecurity professionals who can identify any exploitable weaknesses in the software’s configuration before it can be targeted.

A lack of security awareness or vigilance

Another viable threat comes from so-called poor “cyber hygiene”. This term relates to the habits and practices of users that invite potential attacks.

Anyone who uses a weak or unprotected Wi-Fi password, for instance, could be accused of poor cyber hygiene. Only about a third of people regularly change their passwords and an estimated 40% don’t even change their password after a data breach.

That is inviting trouble.

Implementing security robots to watch over sensitive areas can greatly reduce the risk of unauthorized access and provide real-time surveillance. These automated systems can patrol large areas, detect unusual activity, and alert security personnel immediately, enhancing overall safety and security.

Exploiting vulnerabilities in the cloud

Cloud computing is now a mainstream activity. Although the cloud is generally considered to be a relatively secure environment it is clear that it is not immune to cybersecurity threats.

With so many remote workers accessing their work via a cloud network there is always the potential for a breach. This has prompted the introduction of protocols such as Zero Trust systems that have more robust verification processes to help keep cyber criminals out.

Mobile security flaws

Smartphones are the default device for many of us these days. The continued adoption of mobile wallets and other payment technologies has created a host of opportunities for unscrupulous cybercriminals.

As cybercriminals are now consistently targeting the very mobile device management systems that are supposed to keep us safe it makes sense to review mobile security regularly.

Mobile devices can even be used as an entry point for targeting both corporate as well as personal data and systems.

A smart move would be to review your security protocols consistently and regularly. Also, get professional guidance on how to avert the threat that cybercriminals pose across a range of devices and systems every time you are connected to the internet.

The post 5 Most Fearsome Cybersecurity Threats and How to Protect Yourself appeared first on PC Tech Magazine.

]]>
70897
Our Digital Identities and How to Protect it From Identity Theft https://pctechmag.com/2021/06/how-to-protect-our-digital-identities-from-identity-theft/ Mon, 28 Jun 2021 08:52:03 +0000 https://pctechmag.com/?p=62909 What Is Digital Identity? Your digital identity is a collection of personally identifiable information assigned to you and…

The post Our Digital Identities and How to Protect it From Identity Theft appeared first on PC Tech Magazine.

]]>
What Is Digital Identity?
Your digital identity is a collection of personally identifiable information assigned to you and the digital traces you leave behind as you live your life. It includes your login IDs, your search history, your purchase history, your social media history, and your payment history. If you haven’t aggressively worked to prevent it, it includes your location history as tracked by your cell phone and apps. For example, apps may track your location so they can serve up location-based ads. That’s separate from apps that track your location as a matter of course like apps telling you how many miles you walked today and giving you directions while driving to your destination.

What Can Individuals do to Protect Their Digital Identity?
Safeguard your Social Security Number. Resist requests to give it out unless it is actually necessary such as when you’re applying for government services.

Protect your data on your devices. Encrypt data on your computer and outgoing emails. Keep your antivirus software up to date and scan your devices regularly. Don’t use unprotected Wi-Fi networks.

If in doubt, don’t. Don’t use an iffy website to order a suspiciously cheap version of the product you want. Don’t download the free pirated ebook you were reluctant to spend five dollars on. Know that the jail-break software may include backdoors on your device for hackers.

Save your data locally such as an external drive you control instead of saving it to the cloud. This prevents your data from lost along with fifty million other people’s data when the cloud server is hacked or intercepted on its way to the cloud by hackers.

Know that apps are a weak point when it comes to IT security. Don’t install free and cheap apps that slurp up your data. (Tiktok and WeChat have been described as malware masquerading as social media services.)

Use a variety of email addresses, user IDs, and passwords. If you use the same ones across the board, someone who steals one can access almost all of your accounts.

Only use websites and apps that protect your personal information.

How Can Businesses Protect Their Customer Data?
Business owners, you must protect your customer’s digital identities. But how can you do this?

Use AI-powered tools that verify someone’s identity. For example, require the customer to pass a “liveness” check by sending a two-second video of them looking into the camera. This proves that the person asking for a loan or buying restricted items online is real, and you can compare that short video clip to the scanned ID. While this may not prevent a close relative from stealing someone’s ID, it will stop more than 95% of scammers from simply using someone’s login credentials and a scanned copy of their driver’s license.

Keep your IT security measures up to date. Keep the OS on your web server and anti-virus tools up to date. Monitor for suspicious activity on the server. If you’ve outsourced your web hosting, make sure the web host has up-to-date security measures.

If you hire someone to develop an app, verify that it follows standard IT security practices like encrypting password data.

The post Our Digital Identities and How to Protect it From Identity Theft appeared first on PC Tech Magazine.

]]>
62909
REPORT: Cybercriminals Target Booming Cryptocurrencies https://pctechmag.com/2018/02/report-cybercriminals-target-booming-cryptocurrencies/ Fri, 02 Feb 2018 07:46:13 +0000 http://pctechmag.com/?p=51696 Bitcoin’s popularity and the emergence of about 1,500 other digital coins or tokens have drawn more hackers into…

The post REPORT: Cybercriminals Target Booming Cryptocurrencies appeared first on PC Tech Magazine.

]]>
Bitcoin’s popularity and the emergence of about 1,500 other digital coins or tokens have drawn more hackers into the red-hot cryptocurrency space, expanding opportunities for crime and fraud, cybersecurity firm Digital Shadows warned in a report on Thursday.

“Cybercriminals follow the money and right now they see in the unregulated and largely unsecure world of digital currencies a huge opportunity to target people, businesses and exchanges and make money quickly and easily,” said Rick Holland, vice president of strategy at Digital Shadows.

Digital currencies have quickly grown into a more mainstream asset class over the last two years as corporations and financial institutions have expanded use of the underlying blockchain technology.

With weekly launches of new alternative coins, or “altcoins,” cybercriminals have developed several schemes to defraud cryptocurrency holders. “Crypto jacking”, account takeovers, mining fraud, and scams against initial coin offerings (ICOs) have all grown more common, the report said.

In crypto jacking, cybercriminals secretly take over another computer user’s browser and use it to fraudulently mine or create cryptocurrencies, according to Digital Shadows’ report. Miners use special software to solve math problems and are issued a certain number of bitcoins or cryptocurrenices in exchange.

Crypto Jacker software allows users to clone popular websites and initiate spam campaigns.

The cybersecurity company said criminals also perpetrate mining fraud using botnets, collections of internet-connected devices, which may include PCs, servers, and mobile devices that are infected and controlled by a common type of malware. Users are often unaware a botnet has infected their system.

Botnets were first used to mine bitcoin in 2014. The process was too complex to be financially viable, but botnets have made a comeback because newer cryptocurrencies like Monero are easier to “mine”, Digital Shadows said.

The company said botnets could be rented for USD$40. It said one such offering had “flown off the shelves” with almost 2,000 rentals so far.

Cybercriminals have also been drawn to the surging initial coin offering market, the report said. ICOs have raised roughly $5 billion for various startups and projects in 2017, according to data from Crunchbase. That is up exponentially from just $100 million in 2016.

Rather than selling scam tokens, criminals target legitimate currencies, either by stealing funds from ICOs or by manipulating prices through the type of “pump and dump” schemes often used with penny stocks and other less-liquid assets, the report said.[related-posts]

source: The Thomson Reuters 2018

The post REPORT: Cybercriminals Target Booming Cryptocurrencies appeared first on PC Tech Magazine.

]]>
51696
Only 11% of work files are safe on mobile – Kaspersky report https://pctechmag.com/2015/08/only-11-of-work-files-are-safe-on-mobile-kaspersky-report/ Tue, 04 Aug 2015 09:26:22 +0000 http://pctechmag.com/?p=24520 Only 11% people keep their work files protected in their smartphones, according to a survey conducted by Kaspersky…

The post Only 11% of work files are safe on mobile – Kaspersky report appeared first on PC Tech Magazine.

]]>
Only 11% people keep their work files protected in their smartphones, according to a survey conducted by Kaspersky Lab in conjunction with B2B International.

The survey, which was derived from a total of 12,355 users from 26 countries, including 401 Indians, states that around half of the consumers surveyed also used their devices for work.

However, only one in 10 is seriously concerned about keeping work information safe should cybercriminals gain access to their device.

“One way or another, many employees of large and medium-sized companies use personal mobile devices for work. 36% of respondents store work files on them and 34% keep work-related email messages,” it said.

“Sometimes, more confidential information can also be found on users’ devices, such as passwords to corporate email accounts (18%), networks or VPNs (11%). Such information represents a valuable prize for cybercriminals hunting for corporate secrets,” it added.

The report also highlights the bring-your-own-device (BYOD) business model and its disadvantages in terms of more opportunity for cybersabotage.

The post Only 11% of work files are safe on mobile – Kaspersky report appeared first on PC Tech Magazine.

]]>
24520
Fake Google+ invites cause security anxiety https://pctechmag.com/2011/07/fake-google-invites-cause-security-anxiety/ Mon, 25 Jul 2011 12:09:23 +0000 http://pctechmagazine.com/new/?p=1725 googleKaspersky Lab warns Internet users of targeted attacks on newly launched Google Plus social networking site. Having only launched at the end of June 2011, Google Plus is growing fast, having already reached more than 10 million users in its first week of operation.

The post Fake Google+ invites cause security anxiety appeared first on PC Tech Magazine.

]]>
However, as with any social network, over sharing has become the default option, and as such, is a constant concern. Considering Google Plus is new to this arena, it is interesting to note that it has already attracted the attention of cybercriminals.

In fact, Kaspersky Lab have identified that cybercriminals are already targeting individuals through friend invites to this network, via emails.

“Google Plus is another addition to the social networking world, and while certainly an exciting avenue to explore in this regard, considering the world of Internet cybercrime, Kaspersky Lab have identified that Brazilian cybercriminals have already started sending fake invites with malicious links pointing to malware, specifically Trojan bankers.

We recently found one targeting Portuguese speakers and as such, feel that it is crucial to warn users of the potential security threats targeting this social networking site as it is only set to grow,” says Fabio Assolini, Kaspersky Lab Malware Researcher, Global Research and Analysis Team.

The fake invite contains an infected link that when accessed, redirects the user to a very common Brazilian Trojan banker file – a .cmd file hosted at Dropbox. The most interesting thing to note in this message however is another link pointing to a form hosted at Google Docs. The message shows the link as “send the invitation to your friends” but it is actually a fake form created to collect names and e-mail addresses of new victims. Kaspersky Lab has reported this malicious file and the fake Web form to Google for their interest.

Social Network security

Social networks are seen as one of the greatest security threats among businesses, along with various other forms of file sharing. The introduction of new social networking sites creates a haven for cybercriminals to implement virus and threat activity for their own gain; especially as such sites are without a doubt popular among users. In fact, looking at statistics it is evident as to why these sites attract cybercriminals – lots of user.

According to Strategy Worx CC, worldwide Facebook has 750 million users, of which over four million (approximately 4 095 280) originate from South Africa. The same reports also indicates that Twitter has an estimated figure of 277 million worldwide users of which approximately 900 000 users are in SA. Google Plus is fast gaining the attention of users and the nature progress to cybercriminals is evident.

As such, Kaspersky Lab offers the following tips for securing a Google Plus account:

Profile Management – The profile editing section is the brains of the Google Plus’s privacy, providing a versatile interface that allows you to customise how you share each and every nugget of your information. Be sure to use it and make your privacy levels a high priority.

One circle to rule them all – If you’re going to use Google Plus, you need to learn to master the fine art of Circle Management. Circles are the main privacy control centre of Google Plus. They allow you to create groups of friends and associates using a powerful (and cool) user interface that makes it easy to group friends, family and co-workers, and then limit who can see what.

 Instant upload – If you access Google Plus using your Android phone, photos and videos you take are automatically uploaded to Google’s cloud via a new tool called Instant Upload. Don’t worry – photos aren’t shared by default, but are stored on a private Picasa Web folder for future sharing. Instant Upload is a fine idea – for a minority of users – but it’s enabled by default and may take a lot of new Google Plus users unaware. To disable Instant Upload, click into the app, Menu/ Settings/ and at the top of the screen uncheck “Instant Upload” for increased protection.

“If you are interested in joining Google Plus our advice would be to ensure you explore this medium on a secure computer, whist being cautious at all times of pop up blocks and links that insist you re-direct.

Furthermore, Kaspersky Lab urge users to not believe in supposed invites received via e-mails. Ensuring a safe social networking experience requires you to be aware that such threats exist, thereby being able to take action the necessary action required and socialising in a secure environment,” says Assolini.

Source: itnewsafrica

The post Fake Google+ invites cause security anxiety appeared first on PC Tech Magazine.

]]>
1725