Fake apps are one of the biggest and most dangerous cybersecurity threats facing mobile users. According to McAfee, nearly 65,000 fake apps were detected in December 2018 alone, and Google has taken down thousands of malware-ridden apps, games, antivirus and financial Trojans posing as apps from the Play store.
Google Play has put in place a variety of safeguards designed to reject potentially malicious applications. But the bad news is, with every new innovation from Google, attackers constantly hit back by coming up with new imaginative techniques designed to con Google into accepting their submissions. Futhermore, the fake apps are getting better, and getting more downloads.
In this article, we look at what fake apps are, how they are distributed and how you can identify them.
Big companies like Facebook are able to chase down bogus apps across the internet and get them removed, but smaller businesses don’t have that luxury. For example Chingari, a short video app, has dozens of fake as on Google Play, some of which have been downloaded up to 50,000 times. Similarly, according to the co-founder of nCore Games, the number of fake apps on the Play Store runs into pages.
What are fake apps?
A fake app is malicious software program that mimics the look and functionality of a legitimate app, but has a dangerous extra payload. To create a fake app, all an attacker has to do is to register themselves as a developer. They can then download a legitimate app and inject it with malicious code. Once that is done, they can upload it to the Play Store.
The goal of fake apps is to deceive unsuspecting users into downloading them. Some fake apps are designed to rake in ad revenue by bombarding users with display advertisements.
For example in 2017, the fake WhatsApp application looked exactly like the legitimate version, and tricked more than 1 million people into downloading it before it was removed from Google Play. A fake Facebook Messenger app was downloaded over 10 million times. Fake apps and games are not to be taken lightly. Once your phone has been compromised by a fake app, attackers can steal your personal data, banking details, credit card information, infect your device with malware or harvest your login credentials.
They can also track your location, subscribe your phone to premium services, take photos using your camera and even send text messages from your phone. Avast has blogged about multiple banking Trojans disguised as apps. The problem of fake apps is compounded by the fact that roughly half of users cannot distinguish between real and counterfeit apps.
Examples of popular apps that have been faked include:
How are fake apps distributed?
Counterfeit apps can get onto your phone in several different ways:
Third party app stores.
Third party app stores are app stores that only distribute third party apps, and there are over 300 3rd party app stores worldwide. Each store has its own security vetting processes towards the apps they allow to be listed in their app stores, some of which may not be up to standard.
This means there’s a higher chance that some of these third party stores might offer pirated and malicious apps that can infect your mobile device with dangerous malware like ransomware and Trojans. For example, you might be able to get a popular app at a cheaper price on some third party stores, which may sound enticing. However, that app may have been injected with malicious code that can put your security and privacy at risk.
Official app stores.
Apple App Store and Google Play are the two biggest official distribution channels where you can download apps for your iPhone or Android device. Each platform contains native apps (apps Apple built for its iOS operating system, and Google built for Android). These platforms also include third-party apps, which are any apps built by independent developers or established organisations and created to work on Apple and Android devices.
The official stores implement strict security vetting measures for apps that are submitted to the stores for approval. Developers must meet rigorous security standards and follow specific quality metrics. In fact, Google has rejected 55% of Android apps submitted to the Play Store. However, some malicious apps are still able to slip through the cracks, and millions of malware-infected fake apps have been downloaded through the official app stores. Hackers infect popular apps with malware and upload the apps to the Play Store.
For example, a variant of an Android banking Trojan was found hidden in Solitaire and Flashlight apps. Once you download it, it will target banking apps on your phone and create fake overlays on genuine banking apps. This helped the app steal banking details. The malware targeted household names like Citibank, HSBC, Chase and many others.
Social engineering campaigns
Cybercriminals also use a range of social engineering tactics to trick unsuspecting users into downloading malicious apps or games that have been infected with malware. For example, they can offer knockoffs of popular apps at extremely low prices to fool users into downloading the fake apps.
How can I identify fake Android apps in the Google Play Store?
Many fake apps are almost flawless and near impossible to distinguish from the original which is why so many users fall victim to this type of cyberattack. For example, the fake version of WhatsApp fooled over 1 million users into downloading it. If you’ve downloaded a fake app in the past and want to ensure you never do so again, you must learn how to identify the characteristics that distinguish a knockoff from the original. Scammers rely on people not being meticulous enough to notice the discrepancies between fake and genuine apps. To avoid falling victim, it is important to sometimes take a few extra minutes before downloading any app.
Read on to learn how to identify bogus Android apps in the Google Play Store:
Cybercriminals will often use app names that are very similar to the original because they cannot use the same name as the legitimate app. So, the app name will always be a variation of the original name. For example, the fake WhatsApp application used the name ‘Update WhatsApp’, which was enough to generate over 1 million downloads.
But the word ‘Update’ in the app name should’ve raised a red flag because legit apps never use such words in the app name. They would just update the app. If the name of the app is misspelt, even slightly, then you can be 100% sure that you’re looking at a knockoff. Another area to look at is the app’s classification. Many fake apps have the wrong classification. For example, if you see a messaging app classified as “Lifestyle”, that should raise a major red flag.
If there are several apps with the same or similar icons of the same app, that is an indication that you will have to take a few minutes to identify the legitimate apps. Research the app’s publisher. For example, a fake app for Overstock.com used the name Overstock Inc. as the publisher. A search of the app name will show that the name is bogus. You can do this by typing the name of each app into Google. This will reveal the fake apps because the legit apps will have several links back to the original manufacturer’s website.
What is the developer’s profile?
The developer’s name is placed right below the app. Before you click the download button, check out the developer by doing a search online. A real developer will have a professional website and other verifiable details. Take a look at their profile. Developers with tags like “Top developer” or “Editor’s choice” are highly likely to be authentic.
You can also do a search for the official website. If there is a discrepancy between the developer’s name and what is on the official website, then you’re looking at a malicious app. Sometimes though, this can be tricky. For example, in the case of the fake WhatsApp app, the developer’s name was identical to the official WhatsApp app except for a whitespace character added to the end of the name, which was enough to make it different.
What are people saying?
You can find out about other people’s experiences with the app by reading the reviews. Bogus apps will always have fake reviews. However, you cannot always rely on an app’s reviews because many users might still be enjoying the app’s features not knowing that the app is actually malicious. In any case, if there are not many reviews but they are all 5-star rated, that should be a huge red flag because it is not normal. You can generally spot a fake review because they generally lack depth and are often very generic with bad grammar.
What is the date of publication?
A recently published app that is in high demand can be warning sign that the app is bogus. Apps that are popular have been on the market for a long time, and would have gone through a few updates. Most fake apps will only be available for a short while in the Play Store and will not have gone through any updates. They will have the published date. Original apps on the other hand will have the words “Updated on” instead of a specific date. For example, the fake Overstock app had a publication date of October 26 2020.
How many downloads has the app had?
Popular apps generally have millions of downloads, but if the app is a knockoff, it will often have a few thousands or hundreds of thousands. For example, the legit Facebook app has over 500 billion downloads, while a fake app can have millions. If you see an app purporting to be a popular app, the number of downloads should tell you whether the app is real or counterfeit.
Be wary of apps with big discounts.
Cybercriminals often use big discounts to lure unsuspecting users to download malicious apps from unofficial and third party app stores. If you find a popular app that is offered at very low price, that is a huge red flag that the app is fake. During the holidays there is always a proliferation of fake, malware-ridden Black Friday and Cyber Monday apps with brand names of top retailers used in these malicious apps. The apps are typically designed to steal login credentials or credit card details.
Check out the screenshots.
Screenshots are another way to look for red flags. Screenshots are generally used to give users an idea of the app’s interface, and genuine developers will use professional graphics copied from the original app. On the other hand, scammers typically use image-editing software like Photoshop to create their screenshots. Now, there’s a chance that the screenshots may be stolen from the original Play Store listing to make them look authentic. But they will often use their own words and taglines that are not typically used by the original developer.
Read the description.
A poorly written description is a dead giveaway. Genuine developers will use good, clear English to describe their app and its features and benefits. Descriptions for fake apps are often riddled with bad grammar and spelling mistakes or look like they were produced by a bot.
Check the permissions.
Whenever you install an app, it will ask for permissions to be able to perform its full functionality on your device. If an app asks for permissions that are way more than it needs to perform its basic functionality, consider this a red flag. For example, photo editing app Meitu came under scrutiny when it started to access personal information such as location services, SIM card number, local IP address, etc. and sending the harvested info off to servers in China. If a camera app requests permission to access your location or contact list, you’re better off deleting the app because it is likely to be bogus.
What to do if you discover a fake app on Google Play
If you discover a fake app in the Play Store, the first thing you should do is to report it to Google and let them know the app is fake. To do this, scroll down to the bottom of the page and tap on “Flag as inappropriate”. Next, select the reason why you’re reporting the app, which would be the Copycat or impersonation option. Tap on submit, and you’re done.
Smartphones have become indispensable. They hold the key to our digital lives, which is why it is vitally important to keep them safe and secure. Android is the largest computing platform in the world, and that makes it a big target for cyberattacks.
If an attacker gets hold of your phone and is able to get unfettered access, they can learn a lot about you. They can steal your personal data, get into your banking app, steal your financial information, access your family photos, impersonate you, use social engineering tactics to scam your friends, etc.
You can prevent all of this from happening by doing everything in your power to secure your device in the same way that you probably guard the information on your laptop or desktop.
Read on for 15 easy ways to protect your Android smartphone…
Setting a passcode is the quickest and easiest way to boost the security of your smartphone. This should be fairly obvious, but there are many smartphone owners who just can’t be bothered with the inconvenience of having to type in a passcode every time they want to get into their phones.
There are various types of screen locks that you can use including a password, PIN or pattern. A password can be alphanumeric, while a PIN can only be 6 numeric digits. With a pattern, you connect the four dots on the screen to create the screen lock, and you’ll need to recreate this pattern every time you want to login to your phone.
Using a strong screen lock to secure your device is absolutely mandatory. No matter how cautious and careful you are with your phone, there’s no guarantee that you won’t forget it somewhere, or someone won’t snatch it out of your hand. Putting a passcode ensures that you have at least one layer of protection no matter what happens to it. If you secure your phone with a strong screenlock, you won’t have to worry about unauthorized access and your data will always be protected.
You can configure a screen lock for your screen by going to Settings > Privacy > Lock Screen > Screen Lock Type.
Using a simple 6-digit numeric pin or password offers the best security for your phone. Avoid using a pattern because it only offers a moderate level of seurity, and can be breached quite easily. You can also use a biometric authentication system if your phone offers one. This type of multi-layer security ensures that even if someone manages to get into your phone, they won’t be able to access your data.
Other built-in Android security features include:
Smart Lock: this is a feature that allows you to keep your device unlocked in certain situations when security is not an issue.
Device Protection: also known as factory reset protection, this feature is automatically enabled when a user sets up a Google account to the device. It prevents use of the device after a factory reset until the original Google account credentials are provided.
Find My Device: used to remotely trace, locate and wipe Android devices.
Verify Apps: this tool is designed to prevent you from downloading dangerous apps from Google Play and other 3rd party sources. It also continuously scans your device for harmful apps to catch rogue apps that slip through the cracks. To enable this feature, tap Settings > Google > Security > Verify apps, then switch on the ‘Scan device for security threats’ setting.
Google Play Protect: this is a feature Google rolled out with Android Oreo (v. 8.0). It aims to keep malicious apps at bay by constantly scanning apps in the Play store and on your device. To see Play Protect’s settings, tap on Settings > Google > Security > Play Protect.
2. Be careful how you assign permissions.
Apps have the easiest access to your data, so it is critically important to review the permissions you give them properly. Before you install any app, establish that it’s reputable enough by putting it through a rigorous vetting process. Those apps will ask for permissions to do certain things or to access certain data, and it’s up to you whether to grant those permissions. The permissions are typically needed in order for the app to function properly. For example, a photo editing app will need access to your camera and photos in order to work. If you don’t provide that access, the app won’t be able to function. But if that app is requesting access to your location data and your contacts, you’re going to have to think twice about granting that permission. There’s just no conceivable reason why it should want to access your location. The good thing is that you can grant all or some of the permissions, and you can manage how you grant those permissions in the main settings of your device.
Whenever an app needs access, you’re going to get a permission request pop up with the list of permissions it needs. You just have to establish whether each of the permissions it asks for are necessary for the app’s functionality.
You should be especially cautious about apps that request access to the following permission groups:
With the release of Android 6.0, Android allows you to determine which permissions to grant an app after the app is installed. But before you grant any permissions, read the list so you’re aware of what permissions the app is asking for and why it needs them. Ask yourself the following questions:
How trustworthy is this app?
Is it clear why this app needs these permissions?
Does the developer explain why they are needed?
If the app is from an unknown developer and he isn’t transparent about why the permissions are needed, you’re better off searching for an alternative unless you understand why the permissions are needed for that type of app. The permissions are usually listed at Google Play or on the developer’s website along with the reasons for each permission request. It is important to also read the app reviews to ensure that the app isn’t doing something unexpected behind the scenes.
If you really want to install a specific app but fail to see why it needs the permissions it is asking for, the following apps can help to monitor the app in question. They notify you when an app is trying to access certain data, and provide the option to allow or deny permissions. Note however, that if an app requires a permission and you don’t grant it, it will probably crash.
PDroid Privacy Protection(requires root) monitors the types of info your apps request, and lets you allow or disallow on a per-app basis. It allows you to block access to personal or identifying information for each app.
LBE Privacy Guard(requires root) lets you know when an app is trying to access data and gives you the option to allow or deny it.
PermissionDoglets you know visually how dangerous an installed app is. By scrolling through the list, you can tell which apps are okay and which ones you should monitor closely.
3. Setup a remote device locator.
If you misplace your mobile device or it gets stolen, you’re going to want to get it back pretty quickly, especially if you have a lot of valuable information on it. And probably one of the easiest and most convenient ways to do that is by being prepared for such an eventuality, by setting up a remote device locator such as Find My on iOS or Find My Device on Android. These tools use GPS to identify exactly where your device is at any point in time, so if you simply misplaced your device, you’ll know exactly where to go and pick it up. On the other hand, if it was stolen, you can simply hand over the location to the police so they can recover it for you. But if your smartphone has been stolen and you are worried about someone accessing your private information, Android offers a remote wipe feature that allows you to erase all of the data on your phone.
You can do configure these features in Android Device Manager by going to Settings > Google > Security, and then toggle on these two settings: Remotely locate this device, and Allow remote lock and erase. Note that this will not erase your SD memory card, so any data on there might be vulnerable.
4. Encrypt your data.
Encryption is one of the most powerful tools that you can use to protect your data from falling into the wrong hands, and this capability is built into your phone. Encryption is technical process that uses advanced computer algorithms to transform plain text into something completely unrecognizable. This allows us to completely mask any sensitive piece of information that we want to keep private. So, if even if the information falls into the wrong hands, the encrypted data would be completely useless to an attacker unless they know the encryption key.
Note however, that encryption only protects your data from physical access; it doesn’t protect you from malware or viruses. It only protects the data on your phone if you lose it or someone steals it from you. You don’t have to be a cryptography expert to encrypt the data on your phone. As mentioned earlier, the capability is already built in. On some higher-end Android handsets running Lollipop (5.x) and higher, it’s enabled by default. On older handsets, you have to enable it. Once encryption is enabled, when you enter your passcode on the lock screen, your phone decrypts the data. If someone doesn’t know the encryption PIN or password, they will not be able to access the data.
Things to consider before enabling encryption.
Encrypting your phone can take sometimes take several hours.
Android won’t start the process unless your battery is at least 80% charged.
Your phone must be plugged in throughout the entire process.
Your phone must be unrooted.
Do not interfere with the process or you’ll likely lose your data.
How to encrypt your Android device
Tap on Settings > security. If your device is already encrypted, it will show up here as encrypted. If not, start the process by tapping “Encrypt Phone”. You’ll need to read the warning signs and have to tap “Encrypt phone” a couple of times. The phone will then reboot and start the encryption process. Next, you’ll get a progress bar and estimated time till completion. Once the process is complete, the phone will reboot and you’re done.
5. Add app lock software
Installing app lock software presents another important layer of security that you can add to your smartphone to prevent rogue apps and unauthorised users from gaining access to confidential and sensitive data on your phone. You can use a free app like App Lock for this purpose. The fact of the matter is, apps downloaded via official app stores like Google Play or the Apple App Store are not guaranteed to be safe. Some of the apps you get from these official stores can be infected with malware that can take over your phone’s system by obtaining administrative rights. This can put your most sensitive apps at risk. App lock software allows you to protect the data in individual apps.
Which apps should be locked down?
Email: locking down your email applications ensures that your conversations and personal information are kept secure.
Shopping apps: apps like Amazon, eBay and other shopping apps should be locked down to prevent misuse.
Dropbox: this app is likely to contain sensitive data like your medical history, tax information, legal docs, and you’ll want to lock it down for security and privacy.
Banking apps: the use of mobile banking surged during the lockdown with millions of users downloading mobile banking apps. Locking down your banking app is essential to prevent your confidential data being compromised in the event that you inadvertently download rogue apps to your phone.
Credit card apps: credit card information is sensitive data, and you’ll want to lock down your apps to protect this data.
Social media apps: it is important to lock down your social media apps to prevent fraudsters impersonating you on these platforms.
6. Set your updates to be downloaded and installed automatically.
Outdated software is one of the most common reasons why computing devices get hacked. Attackers are constantly changing their tactics and looking for new ways to crack Android’s powerful security features. As they do, Google keeps up by releasing security updates that address newly discovered vulnerabilities in the operating system. That is why it is so important that you keep your phone updated with the latest security patches. This not only ensures that you’re maintaining your phone’s security, it also means that you’re not missing out on any new features.
Google releases security patches for Android every month, while more comprehensive updates are released annually in August. The current version of Android is 11, which was released to the public in autumn 2020. Google no longer uses he dessert names on its latest software versions, so you can simply expect a numerical format from now on.
Your Android phone should prompt you whenever there’s a new update to install. Alternatively, you can tap Settings > About phone > System updates to find out if there are any newly released updates to download.
Here are previous versions of Android:
Android Donut (v1.6)
Android Eclair (v2.0)
Android Froyo (v2.2)
Android Gingerbread (v2.3)
Android Honeycomb (v3.0)
Android Ice Cream Sandwich (v4.0)
Android Jelly Bean (v4.1)
Android KitKat (v4.4)
Android Lollipop (v5.0)
Android Marshmallow (v6.0)
Android Nougat (v7.0)
Android Oreo (v8.0)
Android Pie (v9.0)
7. Disable automatic connections on your phone.
One of the most important security measures you can make on your phone is to prevent your Wi-Fi from connecting automatically to open networks. This is because hackers can setup a malicious network that is specifically designed to harvest data. If your phone automatically connects to that network, your device and data is going to be vulnerable. You should be fully aware of every network your phone is connected to.
To stop your Android device from auto-connecting to open networks, tap Settings > Network & Internet > Wi-Fi > Wi-Fi preferences. Turn off the Connect to public networks toggle switch to disable this feature.
8. Avoid messing with Android’s default security settings.
Each and every Android device comes with “Unknown sources” disabled in the security settings. This message will appear every time you want to download an app from a 3rd party app store other than Google Play or from a Google partner like Samsung. It simply means that the platform you want to download from hasn’t gone through the rigorous Google vetting process.
Downloading apps from “Unknown sources” is not necessarily a bad thing. For example, even when downloading an app from a secure site like Amazon, you’ll get the “Unknown sources” message. The problem is enabling the setting for no credible reason or keeping it on all the time. This will render your phone vulnerable to websites that try to install an app on your phone without your permission. You can always turn on the Unknown sources setting on to install an app from a trusted store like the Amazon app store, but you must always remember to keep the setting disabled again once you’re done.
To turn the Unknown settings feature on or off, tap Settings > Security and then toggle off the Unknown sources setting to switch it off or on as you need it.
9. Delete your cookies, messages, cache and browsing history on a regular basis.
Your browsing history stores a lot of personal information about you, and is a goldmine for hackers. They pose a security threat because hackers can use your cookies to breach your account even without a password. So, to improve your privacy, make sure that you delete your virtual footprint. This will minimize the amount of data that can be harvested.
Here’s how to clear your history:
Open Chrome app
At the top right, tap More > History
Tap clear browsing data
Next to Time Range, select how much history you want to delete. Tap All time if you want to clear everything.
Check browsing history.
Tap clear data.
10. Protect your phone with a VPN
Using a VPN is one of the most powerful ways to secure the data that leaves your internet-connected mobile device. The VPN protects your data by encrypting the data, providing you with the benefits of a private network even while you’re on a public one. VPNs allow you to use free, public Wi-Fi hotspots which are open networks that are frequented by hackers. VPNs also work on phones in the same way that they work on desktops.
Best VPNs for Android
11. Limit the amount of apps you have on your phone.
You can have too many apps on your phone, and the more apps you have, the bigger the chances of a security breach. If you don’t plan to use an app more than once, delete it after you’ve used it. When you have too many apps on your phone, those that haven’t been updated with security patches will leave your phone vulnerable to rogue apps and hackers. Installing less apps and just the ones you plan to use will minimise the dangers of your phone being compromised.
12. Disable Bluetooth when you’re not using it.
As convenient as Bluetooth can be, it is a bad idea to keep it on all the time when you’re not using it. In and of itself, Bluetooth comes with a plethora of security issues and concerns. For example, a vulnerability known as BlueBorne gave a hacker control of Bluetooth-enabled devices, even when the device wasn’t connected to anything when the attack began. BlueBorne attacks also spread from device to device.
While hackers technically need to be within Bluetooth range to attack your phone, if there are infected devices around, they can get some extra distance. By leaving Bluetooth enabled on your phone all the time, you’re exposing yourself to this type of security issue. It can be an incredibly convenient tool when you need to use Bluetooth, but once you’re done using it, you should turn it off. And if you don’t use it at all, then you should make sure that it is off.
To disable Bluetooth, tap Settings > Connections > Bluetooth. Toggle off.
13. Use Chrome’s safe browsing feature.
To activate Chrome’s safe browsing feature, open the browser, tap the three-dot menu button in the top corner of the screen, tap Settings > Privacy, and then make sure the “safe browsing” setting is checked.
If privacy is your biggest concern when browsing, you can use Firefox Focus, which is designed to automatically block a range of online trackers or DuckDuckGo.
14. Encrypt your mobile cloud backups.
Mishandling your mobile data backups can often be the source of a security breach. Whenever you’re syncing or backing up your data to the cloud, make sure that any private data you’re backing up is encrypted. Cloud backups are oftentimes an easy target for hackers. If you use Google Drive, your cloud backups should use the same 2 factor authentication as your Google account. This will ensure that you’re in full control of the security of your data, and that no one but you can access your data in the cloud.
15. Harden your privacy settings.
You can enhance the security of your phone by optimizing your privacy settings in the following ways:
Disable location services. If you are worried about Google tracking your location, you can disable this feature. Note that if you do this, you will also disable Find My Device. To disable location services, tap Settings > Connections > Location. Toggle switch to off.
Opt out of personalized advertising. Tap Settings > Google > Ads > Switch on Opt out of interest-based ads or Opt out of ads personalization.
Mobile malware is malicious software that is designed to wreak havoc on your phone, and it can be very dangerous. Once your phone has been infected with malware, attackers can inundate your phone with annoying pop up ads, steal your personal information, bank details, credit card information or harvest your login credentials to sell on the dark web. They can also track your location, subscribe your phone to expensive premium phone services, and even send spam email from your phone. Mobile malware works silently in the background trying to avoid detection.
What are the different forms of mobile malware?
Malware on your phone can come in several different forms, including the following:
Mobile adware: programmed to inundate you with unwanted pop-up ads. This is the most prevalent form of mobile malware, accounting for 72% of all mobile malware.
Banking Trojan: this type of malware is designed to steal bank details and financial information without the user’s knowledge. This malware targets Android devices, and can spy on over 150 apps, including those of banks and cryptocurrency exchanges as a way to harvest sensitive information.
Mobile ransomware: this is a form of malware that steals sensitive data or locks a mobile device and then demands a ransom to release the data or unlock the device.
Rooting malware: unlocks the operating system of Android devices to take full control by obtaining root privileges.
SMS malware: manipulates your phone by subscribing you to premium services.
Spyware: Keeps tabs on your phone activity, records the information and sends it to a third party without your knowledge.
How does malware on your phone work?
Some mobile malware work by exploiting vulnerabilities in the phone’s operating system to give itself administrator privileges. By doing this, users don’t have to agree to permission requests in order for the malicious app to access sensitive information. This makes it easier to wreak havoc on the phone without being detected.
Read on for warning signs that your Android smartphone has been compromised with malware:
Battery drains abnormally. This is a symptom that many users may overlook because it might seem normal. But if you’ve recently downloaded an app(s) and your phone’s battery begins to drain faster than normal, you may have downloaded a fake app that has infected your phone with malware. The phone’s battery is draining fast because the malware is carrying on its activities in the background, making your device work overtime.
Phone runs slow. Some lagging on your phone is normal. However, if your phone is relatively new and lags frequently, this could be caused by malware that is draining the phone’s resources, causing it to lag. To check out what is draining your phones’ resources, tap on Settings > Apps > Running. This will display all of the running apps along with the amount of RAM they are using. It will also show you how much RAM is available.
Overheating. If you watch videos or movies on your phone, you can expect some overheating. However, if your phone overheats even though you don’t use it vigorously, this could be caused by a malicious app that is working in the background.
Unexplained increment in phone bills. Some types of malware are programmed to send premium text messages from your phone, which will significantly increase your bills. According to Upstream, smartphone users lose millions of pounds every year due to high data charges from malicious ads. Android is the most notorious OS for ad fraud.
Apps are crashing constantly. If many of the apps on your phone are crashing constantly and you have a lot of RAM and extra storage space on your phone, the first thing you should check is for the presence of malware.
Unknown apps. If you notice apps that you don’t remember installing on your phone, it is quite possible that malware is automatically installing malicious apps without your knowledge.
Surge in data usage. Malicious apps need to send and receive information to their creators via the internet.If after checking data usage, you find a sudden surge from unknown apps, this is a good indication that you may have spyware on your phone.
Overbearing pop–up ads. If you’re constantly inundated with display ads in the lock screen or overlaying other apps and sites, consider this a red flag that your phone is infected with adware.
Strange emails sent to your contacts. If you are getting messages from your contacts about email messages that you did not send, this is another warning sign that your phone might have been infected with malware.
Sudden password changes: If you are suddenly not able to get into your online accounts on your phone, this is another warning sign that your phone has been taken over by some form of malware.
User interface changes. If the phone’s user interface suddenly changes without you doing anything to change it, this is a clear sign that you have a rogue app that is controlling your phone without your knowledge.
How can I get rid of mobile malware from my Android device?
Malware apps often mess with the administrative settings of the device to give themselves core admin privileges. This means it cannot simply be uninstalled from your phone in the normal way. If your phone is infected with malware, follow these steps to delete the offending app(s) from your device:
Tap on Settings > Security > Device administrators
Locate the malicious app
Uncheck the box
Uninstall the app from apps or Application Manager
With premium Android models costing close to £1,000, buying a second-hand handset might seem an attractive and cost-efficient solution. But while you can pick up a refurbished Samsung Galaxy smartphone at a great price, you need to do your due diligence to make sure that you’re actually getting a safe and secure phone in the process.
The great thing about buying a second-hand handset from a retailer instead of a private buyer is that you have consumer rights that are protected by law. This means that you have 14 days to check out the phone, and you are entitled to a full refund if you return it for any reason within that timeframe.
With that being said, here are 7 things to check when buying a second-hand handset.
Is the phone still receiving security updates and patches from the manufacturer?
If the phone was released in 2012 or earlier, it is likely to be running an outdated version of Android. This means if you buy the phone, you won’t be receiving critical security updates that can keep you and your data safe from cyberattacks. Having a current OS and updated apps is one of the most important ways to protect your phone and keep it secure.
Software updates can keep malware from working on your phone in the first place. Usually, when phone manufacturers discover phone software vulnerabilities that can be exploited by cybercriminals, they get it fixed and that fix is sent out to the phone in the form of a security patch. For example, Google releases security patches for Android every month. But Google no longer issues security updates for version 6.0 of the Android operating system or below. Using a refurbished Android phone that doesn’t receive critical security updates puts your security and privacy in jeopardy.
To check an Android OS version, tap Settings > About Phone or About Device > Tap Android version.
2. Is the phone stolen?
No matter how good the deal sounds, buying a stolen phone is a strict “hell-no!” Apart from the moral dilemma of using stolen property, there’s every chance the phone won’t be with you for long. The latest Android devices have the ability to erase the phone remotely which will render the phone completely useless. Fortunately, avoiding buying a stolen phone is a quick and easy process. You can use a mobile checking tool such as MobiCheck to check that the phone you’re buying isn’t stolen.
3. Is the phone fake?
The phone you’re interested in buying might look like the real thing from the outside, but that’s no guarantee that it is actually the real thing. The marketplace is full of millions of fake Chinese or Korean phones that are “hard to discern knockoffs”. To avoid getting ripped off, you need to check the IMEI number, serial number and model number. Every phone comes with a unique IMEI number.
Follow these steps to ensure that you’re not buying a counterfeit handset:
You can dial ^#06# on the phone to get the IMEI number. You can also get it by going to Settings > About Device> Status. The model number, serial number and IMEI will be displayed. Compare the model number with that printed on the back of the phone or its battery to see if they match. You can also check by going to imei.info. Put in the number and hit “check”. The system will automatically check the phone’s information. If it shows something different from what is on the phone, the handset is fake.
4. How reputable is the seller?
This is one of the most important things to check when buying a second-hand phone. You can often find fantastic deals from private sellers on sites like Gumtree, Facebook Marketplace or eBay. But buying from a private seller increases the odds that you may end up with a phone that’s more trouble than its worth. For this reason, you might be better off buying a refurbished phone from a retailer rather than buying a used phone from a private seller.
Refurbished phones include handsets returned by customers who changed their mind during the 30-day cooling off period after they signed a contract. Before being put on sale, these phones have been thoroughly checked and tested. Most will also offer a warrantee that allows you to get a replacement if something goes wrong with the phone within the allotted time period.
5. Does it have good battery life?
One of the most important things to check on an Android phone is its battery life. If the phone drains the battery fast even after you have rebooted the phone, consider this a red flag that the phone may be infected with malware. There may also be power-hungry 3rd party apps working in the background that are making the device work twice as hard. The most common code to check battery information across Android devices is *#*#4636#*#* To see your battery status, type the code in your phone’s dialer and select the battery information menu. If there is no issue with the battery, it will show battery health as ‘good’. You can also use AccuBattery to get more insight into the phone’s battery health.
To identify apps that may be consuming too much battery life, tap Settings > Battery usage in the three dot menu at the top right. Here, you’ll see the apps that have consumed the most battery on the phone since the last time it was charged.
6. Has the phone been paid off?
If you’re buying a used phone from a private seller, you need to prioritise checking the history of the phone before purchasing it. If the phone still has finance on it (e.g. if it’s still under contract), buying that phone would be a big risk because the phone’s carrier will block the phone until the outstanding amount is paid off by the contract owner. You can use CheckMend to check the phone’s history. CheckMend is an online searchable database. For £1.99, they will provide you with a full history of the handset.
7. Does the phone have malware preinstalled?
Before you buy your phone, one of the very first things you should always do is to research the brand of phone. This is because hundreds of different Android smartphones have been found to have malware built in. Most of the affected devices are not certified by Google, and come from manufacturers like ZFE, Archos and myPhone. You would think that taking precautions by avoiding dodgy websites and apps would be enough to keep you safe, but there’s nothing you can do when the malware actually comes preinstalled on the phone.
To check if your device is Google certified, tap Settings > Play Protect Certification
Malwarebytes is a powerful security tool that is highly effective against malware and other nasty online threats that traditional antivirus programs don’t deal with. However, you can run it alongside a primary antivirus program such as Microsoft Defender to keep your computer in good security shape. The free version of Malwarebytes is perfect to run alongside Microsoft Defender because it doesn’t actually run in the background. Rather, it only activates when you click the scan button. This means it wouldn’t interfere with Defender.
You don’t have to do any extra configuration to get Malwarebytes to be effective for your computer. Simply install it and now and again, launch it to scan for “potentially unwanted programs (PUP), which it will search for and remove. Note that when you install Malwarebytes for the first time, you’ll actually be installing the 14-day free trial.
How can I run Malwarebytes with Microsoft Defender?
When you download Malwarebytes to your computer, the software automatically registers itself as the system’s security program by default. When this happens, Microsoft Defender switches itself off. However, this doesn’t mean you can’t run the free version of Malwarebytes alongside Microsoft Defender.
Once your free trial is over, if you don’t upgrade, the free version of Malwarebytes will kick in, and you don’t need to do anything else. Defender will carry out automatic scans, whilst the free version of Malwarebytes will remove malware and other advanced threats that it finds on your computer. Note that unlike the free version, you won’t be able to run the premium version of Malwarebytes alongside Microsoft Defender without some configuration in both programs.
You can download Malwarebytes free trial. Once your 14-day free trial is up, simply do nothing and the free version will continue.
Go to www.malwarebytes.com
Malwarebytes for Windows
Click on the orange Free Download button
Click on Free Download
Allow Malwarebytes Setup to make changes
Click on Yes to complete installation of Malwarebytes
Click on Personal Computer
Click on the blue install button
Click Yes to install Malwarebytes Browser Guard to block annoying popups and speed up your browser
In Malwarebytes, open Settings, click the “Security” tab and disable the “Always register Malwarebytes in the Windows Security Center” option by toggling it to off. With this option disabled, Malwarebytes won’t register itself as the system’s security application and both Malwarebytes and Microsoft Defender will run at the same time.
Note that once you toggle off this setting, you may have to re-enable Microsoft Defender because it will have switched itself off. Don’t try to enable Microsoft Defender as long as the premium version of Malwarebytes is running because it won’t work without some extra configuration.
How can I re-enable Microsoft Defender?
In the Windows search bar, type group policy.
Click on ‘Edit group policy’
Select Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
Select “Turn off Windows Defender Antivirus” at the bottom of the list.
Select Disabled or Not configured. Do not select Enabled as this switches off Microsoft Defender.
Select Apply > OK.
How can I check if Microsoft Defender is running?
1. In the Windows search bar, type task manager
2. Click on the Details tab.
3. Scroll down and look for MsMpEng.exe and look at the Status column. It will show if Defender is running. If you cannot find this file, then Microsoft Defender is not running on your machine.
The website haveibeenpwned.com is one of the oldest and most well-known tools that you can use to determine whether your confidential data may be in the hands of hackers. The site has been featured by the BBC and has received great reviews from a number of tech blogs such as Wired.com.
On the site, you are presented with a basic search engine along with a list of the latest data breaches. All you have to do is to type in the email address that you used to register on sites that you know have been hacked. You also have the option of signing up for email alerts, and you’ll get a notification if your email address is discovered in any new breach so that you can take immediate steps to change your password as soon as you receive an alert.
BreachAlarm is a freemium tool that allows you to check if your confidential data has been compromised by a password hack on a site that you are currently registered with.
The site offers a free email-checking service, but also offers paid notification and protective services. You probably don’t need more than the free email services. However, if you are searching for a service that is geared more towards small businesses, you may prefer to use BreachAlarm. You may also want to check your confidential data with more than one hack verification tools.
DeHashed works in the same way as the other solutions on this list in that it is able to find out where your data has been compromised or leaked. The difference is that DeHashed does more than focus on just email addresses. You can use the search engine to find out whether your full name and/or address and phone number appear in hacked lists It presents options to search for a variety of options including your username, IP address, name, address and phone number.
Note however, that this tool is more suited to businesses, and is not as user-friendly as the other tools. In addition, you will have to purchase a subscription to perform some of these searches. Prices range from from $5.49 for a single week to $180 for a 12-month subscription.
Sucuri Security Scanner is a more powerful tool than other options on this list because it offers a more comprehensive suite of security solutions. It allows you to scan an entire website for malware, viruses, errors, blacklist status, security vulnerabilities such as out-of-date software & plugins as well as the presence of hackers. It is typically used alongside other email and username checking tools.
If you’ve used the file explorer app to browse files stored on your Windows computer, you might have noticed that file extensions are hidden by default. It is important to understand what type of file you’re clicking on, and file extensions are very useful for quickly determining a file type. This is important because many of the malicious software that gets onto your computer require you to actually click on the file in order for the malware’s payload to be activated.
What is a file extension?
There are many different file types on a computer, and each file has it’s own extension. A file extension is a three, sometimes four letter abbreviation at the end of a file. It begins with a period, and allows the computer to open the file with the right program whenever you want to use the file.
What is the usefulness of a file extension?
A file extension helps you to identify what type of document it is. For example, a file with an extension of .docx is a Microsoft Word file, and a file extension of .exe tells you that the file is an executable program. By default, Windows hides the file extension so you would have no way of knowing what type of file it is.
Since long file names that were capable of containing multiple full stops are perfectly valid in Windows, hackers soon figured out that they could get users to run malicious programs through the use of hidden file extensions. This means that a suspicious looking executable file that is actually named ‘goodphoto.jpg.exe’ would be perfectly fine, and would appear in file explorer as an innocent looking ‘goodphoto’.
This means you could get an email with an attachment such as funnyphotoofpete.jpg, which looks like an innocent photo. In reality, the actual name of the attachment is a suspicious looking funnyphotoofpete.jpg.exe – not a photo at all, but a malicious program. But since the .exe would be hidden, you wouldn’t notice anything suspicious. And since the attacker is using the name of someone that may be familiar to you, you might be persuaded to double-click on the attachment, thinking it was a photo of Pete. The malicious program would run, compromising the computing device. These types of attacks are very common.
How can I keep prevent these types of malware attacks?
The best way to protect yourself from these types of attacks is to switch on the display of file extensions. By doing that, you’ll be able to see what type of file it really is before deciding whether to open it or not.
Follow the steps below to display file extensions for your version of Windows:
Right-click the start button and select Windows Explorer from the context menu.
In Explorer, click on Organize.
Click Folder and search options
Click the View tab
Scroll down and uncheck the box next to Hide extensions for known file types.
Click OK to finish the process.
Windows 8.1 & 10
Right-click the start button and select Windows Explorer from the context menu.
Select the View tab.
Check the box next to File name extensions.
How can I scan a suspicious looking file in Windows?
If you’ve downloaded a file or received an email with an attachment and are not sure of it’s validity, Windows Defender allows you to scan specific files and folders to make sure they are safe before you open them. As soon as you scan the file, you’ll be notified immediately if it is something to worry about. To scan the file or attachment, simply right-click on it and select ‘Scan with Microsoft Defender.’ When the scan is complete, you’ll see the Scan options page, letting you know the results of the scan.
What are the most common file extensions used in malware-related threats?
Most people are aware that .exe files are often used to distribute viruses and other types of malware, but those are not the only file extensions to be wary of in Windows computers. Malware is very dynamic, and changes every day. There are several different file extensions that can contain code, scripts and other potentially dangerous stuff. Read on to increase your malware awareness so you are better prepared to deal with malicious software if it arrives on your computer.
.EXE executable files:
.EXE files are traditionally associated with malware and often sent as malicious email attachments. The use of .exe files to spread malware is not as widespread today because they are often blocked when detected by email providers.
.DOC, .DOCX, .DOCM and other Microsoft Office files.
These files have become very popular method of spreading malware through the use of malicious macros that are embedded within the files. This makes it a lot easier to get past any antivirus software and email attachment protection software.
.HTA, .HTML and .HTM application files.
These HTML web applications have been linked to different ransomware variants and some have been found to be the most effective malware against the Windows 10 operating system.
.JS and .JAR files.
.VBS and .VB script files.
Visual basic files have been associated with some of the biggest and most notorious malware names over the past few years.
.PDF Adobe Reader files
Cybercriminals conceal malware in .PDF files as spam message attachments and these .PDF files have been very effective against unsuspecting victims because these types of files are not traditionally associated with malware.
.SFX archive files
.SFX (Self-Extracting) archive files have been used to infect computing devices by notorious malware families.
Batch files are one of the most widespread files used to spread malware. They can contain a list of malicious administrative commands that will be executed on your computer if they are opened.
.DLL or Dynamic Link Library files are often Microsoft system files that have been infected with malicious code to perform all types of destructive functions such as deleting essential Windows files, executing dangerous code and modifying registry files.
.TMP temporary files
.TMP files are temporary files that hold important info related to the nefarious activities that will be performed by malicious software on the computer.
.PY python files
These types of files are associated with ransomware, and are used to encrypt the files (pictures, videos, documents, etc.) on your computer so that they cannot be opened again.
Other potentially malicious files you may come across:
The following files may not be often encountered, but they have the potential to infect your computing device with malware. You should scan them before double-clicking them on your computer.
These files are used in the installation, maintenance and removal of software on Windows 10 computers.
These are files that are used to patch any application installed with Windows Installer. Any malware in this type of file may pose as fake updates.
These files are similar to .BAT files, and are also used to insert commands. They were often used to spread viruses and worms in Windows XP, but can still be used to spread malware today.
If you use a Windows type with floating gadgets on the desktop, you should look out for these types of files.
These are old-school Windows Command Prompt files. They are similar to batch files in that they can insert malicious commands that will run on your computer if the files are clicked.
These are encrypted VBS files. You can determine whether a .VBE file is malicious by dragging and dropping the file onto the decode VBS script, and then checking out the code.
.PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2
These are potentially dangerous Windows PowerShell script files as they are ran with administrative privileges.
Using the Internet for business and leisure is essential in today’s digital world. But as the technology that allows us to work more efficiently online increases, it also includes several risks.
Identity theft is a main focus for most cybercriminals. Computers can fall victim to viruses, spyware and other dangerous malware simply by clicking the wrong link or visiting the wrong website.
With a growing amount of malicious and increasingly sophisticated software prowling the Internet, here are 101 cyber security tips to help protect your digital life on your computing devices.
1. Keep software up-to-date.
Installing updates for your browser, applications and operating system is critical. Failing to install these updates could lead to security vulnerabilities in your computing device that an attacker could exploit. Switch on automatic updates for your operating system. Use safe browsers such as Firefox or Google Chrome that receive automatic security updates. Keep your browser plugins up-to-date.
2. Unhide file extensions in Windows.
File extensions are hidden in Windows computers by default, making it more difficult to identify potentially malicious software on your computer. Configuring Windows to show file extensions can help you avoid dangerous files. Hiding file extensions makes it easy for attackers to trick you into running malicious programs because you don’t know what type of file you are opening. That is why it is so important to unhide file extensions so that you can identify potentially dangerous files and attachments on your computing device before you click on them.
3. Be cautious about downloading apps from 3rd party app stores.
The Google Play Store for Android and the Apple App Store for iOS are the two largest distribution platforms for mobile applications. But there are also third party app stores which distribute third party apps, of which there are over 300 worldwide. Each store has its own security vetting processes towards the apps they allow to be listed in their app stores, some of which may not be up to standard. This means there’s a higher chance that some of these third party stores might offer pirated and malicious apps that can infect your mobile device with dangerous malware like ransomware, adware and Trojans.
Keep in mind though, that not all 3rd party stores pose the same level of risk. For example, the app stores created by mobile manufacturers like Samsung, as well as the Amazon App Store for the Kindle Fire are 3rd party app stores.
4. Install anti-spyware programs.
Spyware protection is necessary. Many types of spyware used today can be fairly harmless. But some types are inimical to internet safety and security. These malicious programs secretly record everything you do on your computer and send them to 3rd parties. They can collect all types of information, including passwords, web pages visited, hard drive information, social media and email account logins to sensitive financial and business credentials. This can lead to identity theft, fraud and other types of cybercrimes. Use antimalware programs to scan your computer for spyware, browser hijackers and other malicious applications.
5. Install a premium VPN.
A good VPN is the best way to keep you safe and secure online. It makes you anonymous by spoofing your IP address, making you practically invisible, and your online activities private. The VPN does this by creating a virtual, encrypted tunnel between your device and the VPN server whereby your computing device assumes the IP address of the server. To everyone else, you’ll appear to be browsing from the location of the VPN server rather than your actual location, which should prevent you getting caught out by an opportunist hacker or badly secured network.
6. Use a safe browser.
Surfing the web with a safe browser is absolutely essential to your online safety and security. Safe browsers have a white list of authorized programs, and they prevent certain functions that are not on that list from starting up. Without a safe browser, anything you do on a computing device whilst browsing the internet is at risk of being infiltrated by an unauthorized 3rd party.
Using a browser that isn’t safe puts a lot at risk including your login credentials, banking details, browser history, personal information and other sensitive data. To better protect your identity, use secure browsers such as Google Chrome, Firefox, Brave or Tor along with a VPN.
7. Block Pop-ups with an ad blocker.
An ad blocker is typically a browser extension that blocks block pop-ups from websites and advertisements from showing up as you browse the web. This will reduce the chances of clicking on an ad that could infect your computing device with malware.
8. Find out if your email account has been hacked.
Spammers use various techniques to spam people, but using hacked email accounts to spread spam has been booming for years. Find out if your email address is in the hands of spammers so that you can take the necessary steps to protect your reputation.
9. Use a standard account as your day-to-day account.
There are security risks associated with using your admin account as your main account. If your computing device gets compromised by malware or a hacker, they can do a lot more damage with an admin account than they could with a standard account. This is why you should create a user account that is separate from the default administrator account.
You can protect yourself by only logging in as administrator when you are installing software updates or making other administrator changes to the computer. Click here to learn how to setup user accounts in Windows 10.
10. Always switch off your PC.
Whenever you aren’t actively using your computer, shut it down or disconnect from the Internet. Most Mac computers do this by default. Note that if you are not frequently active on the web, the chance of being infiltrated by a malicious source decreases.
11. Lock your computer whenever you step away.
Taking a break from your computer even for only a few minutes is enough time for your computer to be compromised. When you lock your computer, it password-protects your session until you return and blocks anyone else from physically or remotely getting access to your information. If you’re running Windows 10, you can configure dynamic lock to automatically lock your device when you’re not in the same room as your comuter.
12. Educate your child on cyber security.
Educate your child about how they should behave when using the web. Let them know the dangers and pitfalls of the internet, and explain why it is not a good idea to share private information with people they don’t know.
13. Consider using an Apple computer.
Since Windows personal computers are much more prevalent in the marketplace, they are more susceptible to cyberattacks. Even though Mac computers can get compromised, it is mcuh less likely for a Mac to be infected with malware compared to a Microsoft PC.
14. Download freeware with care.
The ability to download software programs for free is compelling, and there are thousands of freeware including games, software and utility programs on file sharing sites and perfectly reputable sites. Not every free download available on the web is malicious. However, many of these freebies contain malware such as adware and spyware. Download programs only from well-known manufacturers and trusted sites.
15. Consider a security suite.
If your operating system doesn’t contain security features or you want that extra layer of protection online, a security suite will include all the products you require to keep your computer safe. A security suite typically contains antivirus software, antimalware, website authentication, parental controls, password storage and protection against identity theft.
16. Activate your antivirus software.
Simply installing antivirus or antimalware software is not enough to prevent your computer from being attacked. You still need to configure your software to perform automatic scans at a certain time every day. A quick scan will do a pretty good job, but it is recommended to perform a full scan at least once a month.
17. Increase your spyware protection.
Spyware can be hard to detect on your computer, so you may want to install more than one security application to search for spyware. Configure the stronger program to constantly monitor your PC and use the second for occasional scans to verify that nothing was missed by the first program. For example, you can configure Microsoft Defender and Malwarebytes to run simultaneously and without conflict. Both applications are also free.
18. Try disposable email addresses.
A disposable email address involves using a unique email address for a limited number of uses by creating different free e-mail addresses for specific purposes. For example you could use one disposable email address to sign up to services or complete surveys that may lead to more spam to your inbox. If you find that you’re getting too much spam to that address, simply delete the account and setup another. This will ensure that spam is kept away from your standard e-mail account.
You can continue to use your main e-mail address for business or personal communication.
19. Don’t use debit cards when shopping online.
Debit cards are connected directly to your current account. This means that whenever you buy something online, the account is immediately debited. If a cybercriminal gets hold of your card – either the card of just the information from it, and uses your card to buy stuff anywhere, you lose the cash spent. So, when you are shopping on-line, use credit cards rather than debit cards because they offer a level of protection that is not offered by debit cards.
20. Dedicate one credit card to online shopping.
Devoting a single card to online shopping will allow you to quickly detect fraud or identity theft than if you use several cards. Using one card will also reduce the amount of damage you may have to deal with if a fraudster gets hold of your card.
21. Do not save your passwords in your browser.
Saving your passwords in your browser may be convenient, but if your computing device is compromised, any info that you have saved will now become available to the attacker. This is why it is really important for you to totally avoid saving credit card numbers and other sensitive information in your browser.
22. Check for SSL.
You should only enter personal information on websites with the https:// prefix or a padlock icon in your browser window. What this indicates is that the site has been officially secured and any information transmitted between your browser and the site is encrypted and protected from prying eyes.
23. A secure site is not always a reputable one.
The https:// prefix and padlock symbol guarantees that the data that will be transmitted between your computing device and the website is secure, but that does not necessarily mean that you are dealing with a safe or reputable site. Attackers also use SSL and HTTPS to facilitate their attacks. This means you need to be wary about the websites you share your personal details with, and search for reviews to learn about other peoples’ experiences in their dealings with the company.
24. Protect your personal information.
Ignore emails that ask for personal information such as banking details, login credentials, passwords and other confidential information unless you are expecting such an email. Legitimate businesses would never ask for such sensitive information by text or in a cold email.
25. Do not click on deceptive hyperlinks.
Be suspicious of any link in an email shows one address but appears to take you to another. To find out where a link is taking you, hover your cursor over the link. If the address that appears at the bottom of your browser window is different from the one that you intend to visit, then you should definitely avoid clicking on the link as it is likely to be malicious.
26. Be cautious when typing web addresses.
Cybercriminals often setup sites that mimic other sites and use basic misspellings of the legitimate site as the URL. If you’re not careful with your typing, you may find yourself on the fake site which may be designed to download malware to your computing device as soon as you land on the home page.
27. Beware of phishing attacks.
Phishing attacks are one of the oldest scams on the internet, and have become more effective than ever before. With the exponential rise in smartphones over the years, duping users into divulging sensitive information through these devices is still easy low hanging fruit for attackers. If you have any reason to believe that the email you have received is a phishing attempt, forward it to Suspicious Email Reporting Service (SERS) at firstname.lastname@example.org. Forward suspicious text messages to 7726. This allows your provider to look into the origin of the text and take necessary actions.
28. Review your accounts.
Get into the habit of scrutinizing your financial records for unauthorized transactions as they can indicate identity theft. If you spot any irregularities, it is important to make your bank aware as soon as you find out.
29. Use a password manager.
A password manager is an online utility program that stores, generates and manages the passwords for your online accounts in an encrypted database or vault. The best thing about using a password manager is that you can have lots of long and complex passwords but don’t have to remember any of them.
30. Beware of fleeceware.
Fleeceware is a type of mobile app that comes with hidden, exorbitant subscription fees for basic services. The apps often offer users a free trial to “test” the app, prior to starting excessive, automatic payments. Analysis from Avast showed that some of those subscriptions can reach over $3,400 per year. Users are often charged long after they’ve deleted the app.
The apps are not overtly malicious, and include musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, so they often get through the vetting process at the official app stores. Many of these apps are marketed at children. Parents often only figure out the source of the charges weeks or months later.
These apps are able to prolifierate because they are not considered malware and are available on official app stores, with access to official advertisement channels.
31. Create strong, private passwords.
Create a long and complex password that is easy for you to remember but would be really hard for other people to guess. The best type of password to create is a personal passphrase because it would be a lot easier to remember than a random collection of symbols and letters combined together.
32. Use a firewall to protect your computer.
Firewalls are designed to protect your computer and prevent unauthorized access. Windows 10 comes with a rock solid and trustworthy firewall that does a good job of blocking incoming connections as well as other firewalls. Using a firewall can help to prevent theft of any confidential or sensitive information stored on your computing device.
33. Disable file and printer sharing for extra security.
File and printer sharing is a Windows OS feature that allows wireless access to your file and printer over the network you’re connected to. But sharing your resources in this way is a security risk, and leaves your computing device vulnerable to hackers. This is why you ought to disable file sharing on your operating system to mitigate these risks.
If you have installed a file sharing application on your computing device, ensure that it is not configured to run automatically every time you reboot your computer.
Follow these steps to disable File and Printer Sharing in Windows 10:
Type control panel into the Windows search box and select the app.
Select Network and Internet and click on View network status and tasks.
In the left pane, click on Change advanced sharing settings.
Select Turn off file and printer sharing, and save your changes
34. Create a regular backup of your files.
For peace of mind, make it a habit of backing up the contents of your hard drive to an external USB drive. Losing your data can be detrimental to your personal and professional life. Even if the process of backing up your data does not offer protection against online threats, it insures that nothing will be lost should something catastrophic occurs.
35. Protect your computer from power outages.
Surge protectors are designed to safeguard your computing devices against abrupt and sudden power failures. Whenever you’re in a storm and a power surge is a possibility, shut down your computer and unplug it to prevent any loss of information that may occur.
36. Constantly evaluate your computer’s security.
After you may have installed antivirus, antimalware, a VPN and other security applications on your computing devices, review these programs on your computing systems at least twice annually to be certain that everything is working as it is supposed to. Make sure that your operating systems and applications are updated to the most current versions, and be sure to replace any applications as required. Complete this process for all of your computing devices.
37. Delete software programs that you’re not using.
Unused programs run in the background and take up valuable space in your computer’s memory and hard drive. In addition to slowing down your computing system and wasting resources, these rarely-used applications are often not updated to the current versions which means they are not likely to have essential security patches that could protect your computer from compromise by hackers.
38. Be wary of unsolicited emails with attachments.
Email attachments are one of the oldest and most common tactics that attackers use to infect computers with malware. This is why you should avoid downloading email attachments from unfamiliar individuals, even if your computer is fully protected with antivirus and antimalware.
It is particularly important to delete junk mail you receive that includes an attachment. Note that there are certain attachments that you should avoid opening under any circumstances. These includes any file with an extension that is .exe, .pif, .com or .bat unless you’re expecting to receive those files from someone known to you. These are some of the most harmful files used by attackers. Whenever you receive these types of files, always scan them with Microsoft Defender before opening them.
39. Activate your operating system’s protection features.
Most operating systems come standard with a built-in firewall, spam blocker, antivirus software or other security application. On some operating systems like Windows 10, these tools come enabled by default. On others, you may have to activate them. Your ISP may also provide an email spam filtering software that you should also switch on.
40. Avoid clicking on pop-ups.
As you browse the web, you may come across fake pop-up ads that look like they originated from your operating system, telling you that your computer is at risk. Some of these malicious ads that appear in your browser may have been produced by adware or malware that is already on your computer. The objective here is go entice you to click on the ad; and if you do, more malware will be downloaded on your computer.
When you come across these ads, close them by clicking on the X in the top right corner. Sometimes, these ads may be hard to close. If clicking the close button doesn’t work, try closing the window.
41. Beware of fake anti-spyware programs
If you’re in the market for some anti-spyware software, be wary of what you buy. Some products marketed as free anti-spyware software are fake and disguised as helpful anti-malware utilities or ‘PC tune-up software’. These programs will actually download malware to your computer. Only purchase anti-spyware products from legitimate manufacturers. The best way to avoid downloading a fake anti-malware program is to stick with well-known brands such as Malwarebytes, Microsoft, Kaspersky and others.
42. Read the license agreement.
Before you start to download or install any freeware on your computing device, check out its license agreement. Many of these type of programs come with adware, spyware and other programs that you would not want to have on your device. Carefully reviewing the agreement will often reveal exactly what you’re about to install on your computer.
43. Avoid pornographic web sites.
The majority of malicious adware and spyware programs are actually distributed through pornographic and online gambling sites. These types of sites are some of the biggest sources of dangerous malware, and clicking on pop-up ads on these sites is one of the quickest ways to infect your computing device with malware.
44. Do not use unlicensed software.
Apart from the obvious illegality of using pirated software, sites that distribute it are often laden with malware. Unlicensed software is usually incompatible with security patches, and can be more vulnerable to viruses and other forms of malware. It might even come with virus already installed.
45. Take advantage of free online virus scans.
If you have a Windows computer, you can run a free online virus scan to make sure your computer has not been infected with malware or spyware. These online scanners are safe to use, and can work with any other security software that is already installed on your computer.
46. Visit Windows Update.
If you have a Windows computing device, visit Windows Update regularly and consistently to check for Windows updates. The tool will scan your system for any security patches or updates that are not currently installed. It will then build a list of items that are recommended to keep your computer updated. To keep your device safe and secure, install anything that is marked as a critical update.
47. Encrypt and password-protect sensitive files on your computer.
In addition to installing security software on your computer, you can increase the protection of your computer by encrypting or password-protecting files or folders that contain sensitive information.
48. Visit Apple Security Updates.
If you have a Mac computer, check the Apple Security Site on a regular basis to find and install software updates for macOS, built-in apps and apps that you have previously downloaded from the Apple App Store.
49. Use privacy settings to guard your identity.
All that a cybercriminal needs is your personal information to begin impersonating you. This is why you should protect your address, birth date, national insurance number, bank details and credit card information by restricting how you share information on-line. You can take a strong step towards protecting your personal information by switching on privacy settings and using strong passwords.
50. Use parental controls to protect your child online.
The internet exposes children to a broad range of risks. That’s why it is so important to keep an eye on everything your child does online. Use filters and parental controls as a safety net to shield them from content that they are not old enough to see.
51. Avoid websites that use ActiveX.
On your browser, go to Tools > Internet Options > Security > Custom level.
Go to the ‘ActiveX controls and plugins’ section and then select Enable for Automatic prompting for ActiveX controls.
Click OK > OK.
ISO recommends using Click-to-Play or NoScript. These are browser add-on features that prevent the automatic download of plug-in content (e.g., Java, Flash) and scripts that can harbor malicious code.
52. Be careful with USB flash drives.
USB flash drives are a simple and convenient way to store information, but they are easy to misplace thanks to their size. If you will be storing sensitive data in a portable USB drive, consider encrypting the information to protect your data in case of loss. USB flash drives are also a leading form of malware infection. When a USB drive becomes infected with malware, it is likely to infect any device into which it is plugged. This is why you should never plug random flash drives you found into your computer.
53. Keep a record of websites your child has visited.
Make sure that your child keeps a record of any sites that they visit so you can go through such sites for potential security risks. Find out if they have registered as members of any website, and do not allow them to do so without your knowledge or permission.
54. Use a spam filter.
Spam filters prevent your inbox from being overwhelmed by non-essential emails. If you have an email application that separates junk mail, take advantage of these features by preventing malicious messages from reaching your inbox. Spam filters offer an additional layer of protection.
55. Be wary of suspicious messages.
Cyberattacks can arrive in your inbox in the form of spoofed emails from people that you recognize. This is why you should be on your guard if you receive suspicious emails, even when you recognize the name of the sender, because their email might have been hacked.
Be wary of messages you receive that include attachments with odd file extensions or words that seem incoherent in the message body. Treat these strange messages in the same way as you would treat messages from strangers and delete them as soon as you receive them.
56. Change your passwords regularly.
Changing your passwords on a regular basis restricts the effectiveness of keylogging technology, which can be used to steal passwords. If your password is less than 12 characters long, get into the habit of changing your passwords every 90 days. This will help keep your login credentials safe.
Fraudsters use number spoofing to make it appear as if you’ve been contacted by a legitimate organisation via text or a messaging app. They accomplish this by using identity masking technology to alter the name displayed as the sender to try to get you to divulge confidential information.
58. Stay informed.
You can stay informed by subscribing to updates from the National Cyber Security Centre. If you live in Northern America, you can get information about the latest internet security issues, vulnerabilities, and exploits by subscribing to updates from the Cyber Security Alert System. These updates provide timely information about current Internet security issues.
59. Verify an email’s source when you’re not sure.
Sometimes, it can be difficult to determine that a professionally written phishing email is not the official one of the organisation it is meant to come from. It will often have the organisation’s logo and format and look exactly like the organisation’s official email. But always keep in mind that no legitimate organisation would ever ask for personal information, especially in an unsolicited email.
60. Limit the info you provide when registering for a website.
It is really important to be cautious when completing an online registration form. Name and email are often standard requirements, but some sites may ask for more personal details like your date of birth, address and phone number. Be sure to check out the site to which you are providing such details. Generally, you should only fill in the required fields, often denoted with an asterisk.
61. Take care when meeting an online friend.
Take proper precautions when planning to meet someone you just met online. Plan to meet at a public place and be sure to inform your family and friends about your arrangement.
62. Protect the e-mail addresses of your family and friends.
Do not use a website’s ‘recommend to friends’ feature unless you are absolutely sure of the site’s reputation. If you are planning on doing so, perform a background check on the site to ensure that you’re not sharing peoples’ personal details with spyware distributors and spammers.
63. Mark junk email as spam.
Even after using spam filters, some junk mail may still find their way into your inbox. The most effective way to deal with this is to configure your email service to recognize junk email by marking those in your inbox as spam. This will ensure that the email service redirects similar messages to the spam folder in future.
64. Always read the fine print.
It is critically important to always read the terms and conditions for any site you sign up to. Most sites will always give you the option of receiving updates and offers from 3rd parties. Leave this box unchecked to avoid receiving tons of junk mail and spam. Look for the box that promises that the site will not sell or share your e-mail address with other companies.
65. Be cautious about what you share online.
Avoid mentioning anything online that you would not say to someone you never met, especially on social media sites such as Twitter or Facebook. Take care not to divulge your home address or full names of people you know. Sharing too much information online can be particularly dangerous in today’s world.
66. Use caution with Out-Of-Office responses.
It might seem perfectly reasonable to create an automated response explaining that you won’t be able to check your emails whilst on vacation. However, such a message also lets people know that you’re going to be away from your computer and your home. If you’re going away, configure the Out-Of-Office response settings so that your message is only sent to members of your email address book. Be vague about where you are, and leave a simple message that explains why you’re not able to check your email.
67. Be careful where you download from.
If you’re in the market for anti-malware software, be particularly cautious of where you get the program from. Ensure that you download these programs from the manufacturer’s website and not from an unknown source of copies that may very well be fake. Trusted software sites like Cnet’s download.com is a perfectly safe alternative.
68. Be cautious when using public Wi-Fi.
A 2017 Wi-Fi Risk Report by Symantec showed that people are generally addicted to free Wi-Fi. Free, public Wi-Fi hotspots are often unsecure and carry an element of risk. Even though most sites now use encryption to secure the transmission of data, you’re still at risk especially when using apps on a mobile device.
If you’re using the same network as a sophisticated hacker, it won’t be difficult for them to breach your computer’s security and gain access to your personal information. Avoid sending or viewing sensitive information when accessing public wireless connections unless you’re using a premium VPN.
69. Reduce the chances of getting your mobile device stolen.
Don’t show off to the world that you have a laptop by openly using it whilst on the go. Avoid attracting attention by carrying it in a plain and inconspicuous laptop bag. Consider getting a security cable lock for additional security.
70. Always log out of secured sites.
When you have finished using secure websites such as your online banking service, make sure you log out before closing the browser window. This will ensure that the session is completely closed and cannot be viewed or reopened by other users. This is particularly important if the computer you are using is not your own.
71. Clear your cookies often.
Websites store personal information in cookies. Even though not all cookies are malicious, some companies may sell the information in those cookies to 3rd parties for marketing and advertising purposes. That is why it’s a good idea to delete these files now and again. Doing so will also free up hard drive space and speed up your web surfing.
72. Prevent your email account from being hacked.
If you’ve inadvertently downloaded malicious apps on your Windows 10 computer, you can prevent your email account from being hijacked by disabling email access for any apps that are currently installed on your Windows 10 device. This will prevent any fake app from being able to take over your email account.
73. Always use 2-factor authentication.
Always use 2-factor authentication wherever possible for your most important or valuable accounts. When used in combination with a password, 2-factor authentication greatly enhances security.
74. Enhance your security by forwarding your emails
With most email clients, you can forward email from one account to another in the same way as you do for your phone calls. This feature can help to enhance security. If you’re going away for a few days but will not be using your regular computing device, try forwarding your email to a new account that you’ve setup for the trip. This way, you’ll be able to retrieve any email that is sent to your regular account.
75. Beware of keyloggers.
Whenever you are using a public computer, always bear in mind that it can be infected with a specific kind of malicious software called a keylogger, which keeps a log of your every keystroke. This allows a cybercriminal to access whatever you typed in during your session. To be safe, avoid accessing your online banking and credit-card accounts from an insecure computer.
76. Stay away from dodgy sites.
Whenever you’re online, you’re either on safe sites, low risk or dangerous sites. Simply visiting a fake website could result in malware (such as spyware, Cryptoware and banking Trojans) being downloaded to your computer through the use of exploit kits. Using a free program such as Malwarebytes Anti-Exploit will protect your web browser against such threats.
77. Use separate devices for leisure and personal business.
As identity theft becomes more prevalent, it is essential to be super vigilant in keeping confidential information out of the wrong hands. very time you conduct some type of transaction online, be it monetary or an exchange of information, your identity is at risk from cybercriminals. If you can, avoid using the same computer that you use to surf the web to conduct business such as online banking or shopping. This can help to reduce incidents of identity theft.
78. Use native apps whenever possible.
We share a lot of personal information on our phones, including email and social media. Using dedicated apps is an effective way of keeping sensitive information from prying eyes. Instead of logging on to your online accounts via potentially insecure mobile browsers, use apps from your bank, credit card companies, favourite retailers or social media sites for activities like banking, shopping or posting on social media.
79. Take control of your social media privacy settings.
If hackers are able to get hold of your personal information, they can take control of your social media profiles. This is why it is essential to manage your privacy settings on Facebook, Instagram, Twitter, Pinterest and LinkedIn to keep your personal details secure. Make confidential information such as your last name, email address and phone number invisible to anyone except for trusted family and friends. Do not automatically accept friend requests. Configure each site to approve each request personally.
80. Keep sensitive information out of chat rooms.
Even if you are talking with someone in a private chat room, chat services often archive conversations on a server. You have no control over what happens to archived conversations. Even if you feel that everything is secure on your end, remember that you don’t know if the person you are chatting with has someone watching his or her interactions with you.
80. Use a unique password on each website.
Using the same password or close variants for different websites is one of the leading causes of security breaches. Make it very difficult for yourself to get hacked by uncrackable and easy to remember passwords for your email social media and online banking.
81. Keep your IP address hidden.
Most websites are able to harvest information from your computing device, such as IP address and the applications that you use, for marketing and advertising purposes. While this information collection may not necessarily be harmful from trustworthy sites, less legitimate web sites can use this information maliciously.
82. Change the default Wi-Fi administrator password.
Most routers come with a generic password to provide easy access to router settings. This is different from the Wi-Fi password, and should be changed once you get in the first time. If you do not do so, then it will be easy for an attacker that gains access to it to change its settings and possibly lock you out.
83. Erase the data from unwanted computing devices.
When you finally decide to get rid of your old smartphone or other computing device and get a new one, make sure you get rid of all of the data on your hard disk. Many people are under the mistaken impression that just deleting files is enough to remove all of their old files, but it doesn’t quite work that way. Deleted files remain on your hard drive, and have to be erased before the machine is handed over to someone else. You can use utility programs such as wipe applications to overwrite data with random patterns to make them unreadable.
84. Change the default SSID name of your router.
Routers use a network name called the SSID (which stands for Service Set Identifier). You’ll see a list of SSIDs when you open the list of Wi-Fi networks on your laptop or phone. Sticking with the generic SSID won’t make your wireless network more susceptible to threats, however, potential attackers can see it as a sign that the network is poorly configured, which makes it more of a target. You can also hide the SSID so that potential attackers will not be able to see it.
85. Use Ultimate Windows Tweaker to avoid Windows 10 from spying on you.
Windows 10 is constantly harvesting your information and sending it off to Microsoft. Fortunately, there are different options available to stop this from happening. The Ultimate Windows Tweaker is a powerful free tool that you can use to change all of Windows 10’s privacy settings and prevent Windows 10 from spying on you.
86. Disable SSID broadcasts.
You can disable the SSID broadcast to prevent other users from detecting your wireless network name when they attempt to view the available wireless networks in your area. Note, however, that this will only hide your network name, and not the network itself. This means your router can still be attacked by hackers.
87. Sign in to Windows 10 with Windows Hello.
Windows Hello is a more secure way to sign in to your Windows 10 device instead of the standard username or password. This feature gives you the ability to sign in using a PIN or facial recognition, which are stored locally on the device. To manage how you sign in to your device, go to Start > Settings > Update & Security > Windows Security > Account Protection > Windows Hello > Manage sign-in options > Windows Hello Pin > Add
88. Take precautions when using a used computer.
Do not enter your password in a second-hand computer without installing antivirus. The computer may have been infected with malicious software such as keyloggers that are designed to steal your personal information.
89. Beware of generic posts you like and share on social media.
Avoid clicking on cute, seemingly innocuous photos that you might find on Facebook. Some of these photos are posted by cybercriminals knowing that they are going to get tons of likes and shares. Once the posts have garnered enough likes, the attacker will link the post to a webpage that downloads dangerous malware to the computing device of any user who clicks on the photo in future. Only interact with photos or posts that your friends have posted in their timelines.
90. Beware of prize giveaway scams on Twitter.
If you don’t remember entering a particular sweepstakes contest but receive notification via tweet that you’ve won a prize, take a moment to make sure that the tweet is actually legitimate. Be cautious, because it could be a ruse to lure you into giving up sensitive information.
91. Always sign out of your online accounts.
Make sure that you sign out of your favorite apps and services by logging out of all open sessions except for one that you’re currently using. You’ll be leaving the door open for intruders by not signing out. Your Google and Facebook accounts are the most important, mainly because they can also be used to access other platforms.
92. Be cautious about apps that ask for unnecessary permissions.
Most of the time, an app requests permissions because it needs them in order to work. But if you have an app from an unknown developer that requires a ton of permissions but doesn’t explain why each permission is required at Google Play or on the developer’s website, think twice before installing that app on your phone.
93. Don’t call any number for Facebook tech support.
There are currently no tech support numbers for Facebook. If you come across an advertisement on the internet or on Facebook itself asking you to dial a particular number for Facebook tech support, it is fake. These numbers are being spread by cybercriminals who use the information you provide to break into your Facebook and other online accounts.
94. Secure your Android smartphone with a strong PIN or password.
Securing your Android smartphone with a strong PIN (Personal Identification Number) is absolutely essential for the security of the information contained on your phone. Android phones allow you to have a screen lock enabled to secure your phone, and there are various types you can use including a password, PIN or pattern. Once you have activated your PIN, anyone that gains access to your phone will be unable to view the information on the phone because they won’t have your PIN. For the best security, setup a six-digit pin. If the phone cannot be unlocked, it will be worthless.
95. Prevent your Windows 10 email account from being hijacked.
Cybercriminals have the ability to hijack your email account and send out spam through the use of bots, Trojans, viruses and worms. You can prevent your email account from being hijacked by simply disabling email access for any apps that are currently installed on your Windows 10 device. This will prevent any malicious app that you have inadvertently downloaded from being able to take over your email account.
Configure Microsoft OneDrive to protect your Windows 10 computer from ransomware.
Microsoft OneDrive is a powerful tool that allows you to backup personal files on your computing device. The great thing about OneDrive is that if the system becomes compromised in the event of a ransomware attack, you’ll be able to easily restore your information from OneDrive. Note that Microsoft will store all of your backed up data in the Cloud.
97. Avoid using easy to remember English words in your password.
Passwords with English words, non-English words or any words that can be found in any dictionary are extremely easy for hackers to crack. Furthermore, if your password contains one or more recognizable words with a few of the letters changed to numbers and even with some random characters at the beginning and/or end, be aware that it could get cracked in as little as 3 days.
98. Prevent your computing device from auto-connecting to networks.
Don’t allow your computing device to auto-connect to networks, because you might think you are logging on to a legitimate network, but in fact you might be logging on to a malicious hotspot setup by a cybercriminal for the purpose of stealing information from unsuspecting users.
99. Setup a remote device locator.
One of the easiest ways to find your lost smartphone is by setting up a remote device locator such as Find My on iOS or Find My Device on Android. These tools use GPS to identify exactly where your device is at any point in time, so if you simply misplaced your device, you’ll know exactly where to go and pick it up.
100. Disable Bluetooth when you’re not using it.
As convenient as Bluetooth can be, it is a bad idea to keep it on all the time when you’re not using it. In and of itself, Bluetooth comes with a plethora of security issues and concerns. By leaving Bluetooth enabled on your phone all the time, you’re exposing yourself to this type of security issue. It can be an incredibly convenient tool when you need to use Bluetooth, but once you’re done using it, you should turn it off. And if you don’t use it at all, then you should make sure that it is off.
101. Beware of counterfeit phones.
If you’re in the market for a new smartphone, the phone you’re interested in buying might look like the real thing from the outside, but that’s no guarantee that it is actually the real thing. The marketplace is full of millions of fake Chinese or Korean phones that are hard to discern knockoffs. To avoid getting ripped off, check the IMEI number, serial number and model number. Every genuine smartphone comes with a unique IMEI number that can be verified.
So… What do you think?
What do you think of this list?
Let us know by leaving a comment below!