Customer support chatbots help users solve their daily problems in many areas, from online shopping to financial services, but they can also become targets for flirtatious customers. A recent survey shows that nearly 20% of Americans have flirted with chatbots. Cybersecurity experts say that significant starvation of human contact and willingness to solve problems as quickly as possible might lead to identity theft and severe privacy issues.

“Many users are still unaware that on most occasions when they ask for customer support, it’s usually a chatbot, not a human being. People claim they flirt with chatbots because of curiosity and confusion, but loneliness and sex are also mentioned among the main reasons. This might sound surreal, but it actually raises both psychological and privacy concerns. This is when people lose their privacy because they dump all their personal data just to get rid of some problem or to get the emotional satisfaction that they are being helped,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

Pushing yourself off a privacy cliff

Engaging in flirtatious conversations with chatbots is dangerous in terms of digital privacy. Customers tend to reveal way more personal information to the chatbot than they should just to impress an imaginary person on the other side of the wire.

Similarly, customers tend to throw bits and pieces of sensitive personal data, like their ID or social security number, when they are eager to solve a problem quickly but they constantly get replies from the chatbot to “rephrase the question” or “tell more about the problem.”

While it does not mean privacy issues as such, all data typed in the chat is collected, stored, and accumulated. Needless to say, any system can have vulnerabilities, representing a flaw, gap, or unintentional “backdoor” into a system that a hacker can exploit, especially if the chatbot does not properly protect customer data using encryption.

“Customer support operators used to be a filter, understanding the domain and privacy risks and asking only for relevant and less sensitive information. Now AI has to grasp nuances in what people say they need and what they need. While turning to AI for support functions is unavoidable, consumers will have more responsibility for what data should be shared with a chatbot. They must be extra cautious about the information they disclose, since they cannot know how this information will manifest as outputs at some point in the future, especially knowing that in some cases this data is used for teaching algorithms,” Warmenhoven says.

How to protect your privacy from customer support chatbots

To protect your privacy while using chatbots, Adrianus Warmenhoven offers these preventive measures:

“The main rule is not to provide more information than is needed to resolve the issue. There is no need to flirt with a chatbot or share really personal information that you don’t want to become public in case of a leak.

“While drafting a request message, do not include any information that would allow identifying you or others. Use the order number if you are in touch with an online shop or the booking number of your flight tickets when dealing with airlines. This information should be enough to identify you. Do not provide a chatbot with an ID, social security, or bank card number. And do not sign your message with your name and last name, as this is not a love letter.

“Prepare your request and information before approaching the customer support chatbot. Drafting a message in advance in your notepad app will allow you to think twice about the clearance of the message and leave more time to check if you provide only the necessary information.

“To protect your identity from cybercriminals, always request a verification email from the chatbot. This is nothing new, but it is an effective tool, and reputable businesses have this function in their privacy protection toolbox.”

The post Flirting with a Customer Support Chatbot? Stop it now appeared first on SiteProNews.

There is a widespread myth that cybercriminals rarely consider an e-book reader to be a desirable catch, with computers, tablets, and smartphones being the primary targets instead. This is not entirely true. Bookworms and their beloved e-book readers are also on the hacker radar because they store more valuable information than a book collection.

“An e-book reader is more like a computer than a traditional paper book, and like any other electronic device connected to the IoT network, they are also vulnerable to cyberattacks. Criminals are least interested in the e-book collection because readers, like Kindle, Nook, or Kobo, actually store much more valuable data,” says Marijus Briedis, CTO at NordVPN.

Confirmed Methods to Get into Your E-library

Creating malicious digital books and tricking readers into downloading and opening them is one of the most common ways to compromise e-book readers. A few years ago, cybercriminals already used this method and Kindle device vulnerabilities to cause privacy issues for users of the most popular e-book reader.

“There are three main categories of readers who usually become victims of this kind of malware attack. One is people who look for a book to download for free instead of buying it from a reputable e-bookstore. Another category is readers who want to read a book in their native language but cannot find it translated to buy and then look for the book on alternative and, usually, piracy websites. The third group of people are literature enthusiasts who are trying to discover new talented writers and download self-published e-books. Cybercriminals often play the curiosity card as well,” Briedis says.

Nevertheless, apart from the Amazon Kindle, dedicated e-book readers are pretty rare. Most people use devices with Android or other operating systems to read e-books. This exposes them to cybersecurity and privacy threats relevant to every tablet or smartphone and require certain security and privacy tools to protect themselves.

Threat to Much More Than Just books

While attackers could simply delete user e-books from compromised readers and cause severe financial loss, usually, pranks are not the main reason why readers become targets for criminals. There are a few reasons why cybercriminals are interested in hacking e-book readers.

First, the most popular book readers are connected to e-bookstores, like Kindle is with Amazon. By hacking into one of these devices, a threat actor could steal any information stored on the device, including Amazon account credentials to billing information. This information can be sold on the dark web and raise severe privacy and even financial issues for the owner of a compromised e-book reader.

Secondly, since most readers are connected to local internet networks, like home networks, cybercriminals can convert the reader into a malicious bot, enabling it to attack other devices in the local network, including computers, smartphones, or even smart home gadgets.

How to Protect an E-book Reader from Being Hacked

Marijus Briedis, CTO at NordVPN, advises to take these preventive measures:

• Download books from official e-bookstores. You should always download e-books from recognized, reputable stores. While Amazon or Kobo are the most obvious choices, there are many smaller but reputable e-bookstores that are often managed by publishers. This will help to significantly reduce the risk of downloading an infected file.

• Update the software of your e-book reader. Software updates fix security flaws and protect your device data. Security updates often come at the wrong time, but you should install them as soon as possible to repair your device’s vulnerabilities.

• Use tools to monitor the dark web and receive warnings about your credential leak. For example, NordVPN’s dark web monitoring feature continuously scans dark web sites for your credentials, alerting you to each discovery so that you can take steps to protect the vulnerable account.

The post Curiosity Killed the Bookworm: Your E-book Reader Is on the Hacker Radar appeared first on SiteProNews.

NordVPN, a leading cybersecurity company, launches its new experimental product from the NordLabs platform. Link Checker is a manual URL-checking tool that enables users to examine a website’s safety before visiting by scanning it for different types of malware and getting a notification about whether it is fake or ridden with phishing scams.

“Malicious websites are becoming harder to spot with the naked eye. Well-known typography tricks, such as replacing ‘Amazon’ with ‘Arnason’ in a URL, which have worked for well-known domains, have now been upgraded to suspicious elements hidden under a URL shortener, often making phishing websites look legit. Link Checker is a response to the growing scale and intricacy of phishing attempts online,” says Vykintas Maknickas, head of product strategy at NordVPN.

While exiting the malicious web page without clicking any links may sometimes be enough to avoid jeopardizing the device and sensitive data, at other times, clicking on a malicious URL will open the device to a drive-by download attack, infecting it with malware or botnets that will, encrypt or steal personal data.

Designed as an everyday tool to help users avoid such scenarios, Link Checker scans the domains of the websites the user wants to visit and compares them against a list of websites known to contain scams or malware.

To collect information about malicious websites, Link Checker employs NordVPN’s own machine learning model, which was created to recognize zero-day phishing patterns planted within websites. In addition, this proprietary model uses Nord’s Intelligence Database to identify bogus websites that intend to lure users into phishing scams.

“Among the biggest advantages of the Link Checker is its two-fold nature. Combining proprietary machine learning techniques with the Nord Security Intelligence Database, Link Checker offers one of the most inclusive data sources to detect harmful URLs. In fact, Link Checker incorporates information on 95% of the most popular domains mimicked by cybercriminals, who often use phony variations to disguise online scams or malware,” says Vykintas Maknickas.

Link Checker is a free tool to use for both businesses and individuals, and it doesn’t require creating a special account or enrolling in a subscription. Link Checker is available on all browsers and devices here.

Link Checker is the second experimental product developed by NordLabs, a platform to explore emerging technologies and create new tools and services to ensure the security and privacy of internet users. The platform allows exclusive access to innovative projects developed by the NordVPN team of developers. In September, NordVPN presented its first experimental project named Sonar, an AI-enabled browser extension to help internet users detect phishing emails and protect themselves from cybercrime.

The post NordVPN Launches Link Checker to Protect Users from Malicious Websites appeared first on SiteProNews.

“Users often forget that mobile phones and computers are not the only gateways to your network for cybercriminals. A smart TV is usually connected to the internet, so it can also be hacked, and cybercriminals can spy on users, steal data, or even try to access other devices on the home network. A dedicated VPN app for Apple TV will allow our users to ensure cybersecurity and protect their privacy. Moreover, a VPN can even improve the streaming experience by increasing users’ privacy,” says Vykintas Maknickas, head of product strategy at NordVPN.

There are a number of benefits to using a VPN on Apple TV. A major one is that the NordVPN app protects online traffic from snoops and criminals with its next-generation encryption. Once connected to a VPN server, third parties such as an ISP can no longer follow the user’s activities online.

In addition, users can use a VPN on Apple TV to access their favorite content from home while traveling because a lot of online content is restricted by users’ current location and IP address. The NordVPN application will allow users to watch legitimate subscriptions by simply connecting to a VPN server in their home country.

Finally, because it is fast and reliable, NordVPN will not interfere with users’ streaming habits, increasing their privacy and security without noticeably slowing down the connection. Moreover, using a VPN may improve internet speed in some instances. For example, if the internet service provider has been throttling the connection when it detects streaming.

Installing a dedicated NordVPN app for Apple TV from the App Store is the easiest way to stream safely without the need for a manual VPN router setup which requires certain knowledge and skills. Nevertheless there are also alternative ways to set up a NordVPN on Apple TV.

The post NordVPN Introduces a VPN App for Apple TV appeared first on SiteProNews.

“AI will not steal jobs from hackers, at least soon. Cybercriminals are keen users of AI-driven tools, but it’s about improvement, not replacement. Hackers learned how to use AI to increase the capacity of their work and make their job easier, quicker, and more effective. The utilization of AI tools has facilitated the automation of a significant portion of phishing attacks, and it is anticipated that the frequency of such attacks will escalate in the future, posing a significant cybersecurity threat,” says Marijus Briedis, CTO at NordVPN.

There are several ways how hackers use AI to increase the success rate of their cybersecurity attacks.

Tailoring Spear-phishing Attacks 

The most common way cybercriminals use AI is to create personalized and convincing phishing attacks. Since AI can analyze vast amounts of publicly available data and better understand the target’s behavior and preferences, AI-generated personalized phishing emails can be highly effective at deceiving individuals. Moreover, public information is not the only thing that popular AI tools have at their disposal. 

“As AI systems become more prevalent, there is an increased risk of mishandling or misusing sensitive data. For example, if an employee of a certain company uses an AI tool to write a report from confidential information, the same data later could be used to create so-called spear-phishing attacks that are highly tailored to individual targets, increasing the likelihood of success. Once you get a phishing email with information that is supposed to be confidential, there is a big chance that you will fall into the trap,” explains Briedis.

Modifying Malware in Real-time

AI tools help hackers automate tasks like reconnaissance and crafting custom malware, making their attacks more efficient, difficult to detect, and large-scale. For example, AI-powered bots can conduct automated brute-force attacks, leading to an increased volume of attacks.

“Hackers also use AI to enforce malware attacks to evade traditional cybersecurity defenses. By using AI algorithms, attackers modify malware in real-time to avoid detection by antivirus and other security tools. With this kind of automation, hackers are seriously challenging traditional cybersecurity tools and exploiting their vulnerabilities,” says Briedis. 

How to Mitigate Cybersecurity Risks Posed by AI

While AI proved its effectiveness in improving cyberattacks, it could also be used to protect users, but it’s not a silver bullet. “Cybersecurity requires a multi-layered approach, including user education, regular software updates, strong passwords, and best security practices,” says Briedis.

Cybersecurity expert Marijus Briedis advises how to mitigate cybersecurity risks posed by AI-driven attacks:

• Check the destination URL before clicking. The most common way to lure victims into downloading malware is through phishing emails that hide spoofed URLs and malicious files. AI-generated tailor-made phishing emails might be hard to distinguish. But instead of clicking the link, hover your mouse on the button first to see the destination URL. Check if it looks legitimate and – this is important – if it contains the “https” part.

• Double-check the legitimacy of an email. If you receive an email from somebody you know, think twice before clicking any links. Is it typical of this person to send an email? If not, contact them via phone, social media, or other channels to confirm the legitimacy.

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Enable a firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Stay secure on public Wi-Fi using a VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Hackers Teaming Up with AI: Expert Warns of New Ways You Can Get Hacked appeared first on SiteProNews.

The cybersecurity company NordVPN has looked into the top 20 websites in 19 countries to check how much it would take to read their privacy policies.

The study showed that it would take a full workweek (41.3 hours) to read the privacy policies of the 96 websites Canadians typically visit monthly.

The average privacy policy in Canada consists of 6,148 words and takes 26 minutes to read.

“Even though we keep reminding users to read the privacy policy, one in three Canadians still doesn’t look at any legal information online. However, this is understandable. We would need to spend a quarter of a month visiting the websites we need. A minimum-wage worker in Canada would earn around $479.46 during that time,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

“On the other hand, reading a privacy policy is as important as having one. That is why companies should work hard to make their privacy policies short and easy to understand. Meanwhile, users should choose trusted websites and know what to look for.”

The reading time of privacy policies was calculated by counting the number of words in the privacy policy and evaluating its readability with the FRES and Coleman-Liau readability tests. More information about how these tests work can be found here: https://nordvpn.com/blog/privacy-policy-study-ca/

What Websites Performed the Best and the Worst?

The study found that reading the privacy policy of the most visited Canadian websites would take almost nine hours. The longest in almost all countries was the privacy policy of Meta’s social media platforms (Facebook or Instagram) – 19,434 words. However, they scored better in terms of readability (“fairly difficult” with a score slightly over 50 on FRES and around the 12th-grade level on Coleman-Liau). The whole policy takes around 82 minutes to read.

Nevertheless, X (previosly known as Twitter) had a much shorter privacy policy (4,175 words) with the same readability score as Facebook or Instagram. It takes around 17 minutes to read. In the past, X was trying to make its privacy policy as accessible as possible by presenting the Twitter Data Dash, a computer game that helps understand the company’s privacy policy better.

In anglophone countries (the US, Canada, Australia, and the UK), Zoom scored the worst on the FRES readability test (only 24.9), which is worrying given the privacy concerns surrounding the platform. It would take 30 minutes to read the privacy policy of Zoom.

Netflix scored the worst on the Coleman-Liau test (14.98) in these countries, which is concerning because of the fact that it can be used even by children. The privacy policy of Netflix would take 36 minutes to read.

Germany Had the Longest Privacy Policies, but that is Common for Most EU Countries

Privacy policies in Germany were found to be the longest, consisting of 10,485 words on average, and take around 44 minutes to read. That is a lot, knowing that the global average is around 6,460 words and 27.14 minutes.

Other EU countries also had quite extensive privacy policies (Italy – 7,068 words, Poland – 7,314, France – 7,318).

“Countries with more detailed rights (such as EU countries with the GDPR) naturally have longer privacy policies to cover everything included in the laws. This trend also shows the ambivalence of the matter — the broader the rights for privacy, the bigger the responsibility for the consumer,” says Warmenhoven.

How Do You Spot Red Flags in the Privacy Policy?

Even though privacy policies take a long time to read, they help to make sure user privacy is secured. In order to save time while reading privacy policy, Adrianus Warmenhoven recommends to look for certain red flags and concerning things.

• See what data is collected. The first part of most privacy policies outlines what data the website collects from its users. If they ask for more data that seems relevant to their services, it could be a sign of potential misuse.
  
  
• Search for “red flag” keywords. You can try searching for words such as “sell” or “sold” to make sure you find places in the privacy policy where it is mentioned that your data may be sold to third parties. Other good keywords could be “partners” or “affiliates.” Lastly, try searching for the words “may” or “for example.” These words are used to hide some malicious actions the company takes against its users, like “may sell data.”
  
• Trust the verified websites. The fewer websites used by a person, the less information is at risk of being misused. Try to avoid new and sketchy-looking websites, especially those that don’t even have a privacy policy.

The post Canadians Would Waste a Whole Workweek Every Month If They Were to Read Privacy Policies appeared first on SiteProNews.

Nearly 32% of Canadians have experienced an online shopping scam in the past, according to a survey by NordVPN, which is 5% more than estimated a year ago.

Furthermore, the survey also showed that every fifth Canadian who has ever been scammed while shopping has experienced it on Black Friday or Cyber Monday. This is the equivalent of almost 2 million Canadians.

With Cyber Monday here, cyber scammers have their sights on almost half of the Canadians who might take part in the event — 46% (4% more than last year) of Canadian shoppers say they’ll head online for Cyber Monday, Black Friday, or the Christmas sales, with a further 40% yet to decide.

“We have seen in the past that cybercriminals become very active during the shopping season, so 18 million Canadians who plan to take advantage of the deals this year should better be on guard,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN. “The main thing we encourage people to remember this shopping season is if the offer looks too good to be true or a lot of personal information is requested for you to get a deal — you are probably being scammed.”

Nine in Ten would Reveal Their Private Information in Exchange for a Bargain

As many as 88% of Canadians are willing to hand over at least some personal data to land a bonus gift, discount, or free service. Compared to last year’s survey, this figure is 1% higher.

The percentage is slightly lower for those who have already experienced an online shopping scam in the past. Nearly 87% of those would share their information to get a deal.

Out of all Canadian online shoppers surveyed, 5% would hand over their credit card details, 1% would give their social insurance number, and one in ten (8%) would reveal where they worked. A further 3% would even reveal their children’s names for the chance to bag an extra bargain.

How to Protect Yourself from this Year’s Online Shopping Scams

• Make sure you only give as much information as needed. A legitimate website will only request the information needed to make a transaction and ship your order.
  
  
• Check that the URL is right. Making sure you’re in the right online store could be the difference between entering your card details at “Nike.com” and “n1ke.com.” This small variance in URLs leaves a huge opportunity for hackers and scammers to land you on a malicious website.
  
  
• Beware of shortened URLs. If you stumble across an ad for a bargain with a shortened URL, try checking out the company’s site by entering their address manually. If you can’t seem to find the deal from the ad manually, you might have saved yourself from a scam.
  
  
• Avoid shopping on public Wi-Fi. It’s generally best to avoid shopping online using public Wi-Fi networks because public Wi-Fi typically exhibits poor security and is often scanned by hackers to breach weak connections. If you lack alternatives, VPNs are a way to encrypt your connection and protect your data.
  
  
• Use tools to protect your online shopping experience. In the same ways hackers use AI to automate their attacks, users can use tools to identify fishy online shopping websites. Tools like NordVPN’s Threat Protection help flag suspicious webpages and protect users from being scammed.
  
  
• Monitor your bank statements. One of the best ways to ensure you aren’t being scammed is by monitoring your bank statements. Doing this allows you to not only keep track of purchases and costs but can also help you be quick to respond in case of a suspicious transaction.

“Additionally, people can also add extra security while using a virtual credit card. It allows people to use the temporary number to shop online without showing the seller your real credit card details,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN.

The post Around Two Million Canadians Have Fallen Victim to a Scam on Black Friday or Cyber Monday appeared first on SiteProNews.

Almost 22% of Canadian internet users avoid going online in public places and 60% of Canadians prefer their mobile internet for online activities in public, according to a survey conducted by NordVPN. Canadians use public Wi-Fi more frequently and less mobile internet than any other country that participated in the survey. Cybersecurity experts say that these measures help to mitigate cyberthreats, but issues raised by using public Wi-Fi can also be managed by other means.

Cyberthreat of Shopping Malls

In the new survey, most Canadian internet users mentioned shopping malls (57%), public event venues (51%), and cafeterias, bars, or restaurants (49%) among the places where devices are exposed to cybersecurity threats the most. Home (18%) and workplace (16%) are mentioned as the safest places from cybersecurity threats.

“Internet users should evaluate cybersecurity risks in every location because the scope of threats varies depending on a place. While universities or offices tend to put more effort into cybersecurity, it might not be the case with cafeterias and shopping malls,” says Marijus Briedis, CTO at NordVPN.

Canadians Trust in Themselves More Than in Technology

The survey reveals that Canadians tend to rely more on their behavior online to protect themselves from cybersecurity threats in public places rather than technology. 46% of respondents claim that they avoid entering or accessing sensitive information when they are connected to public Wi-Fi. At the same time, 40% of respondents go only to safe websites, and 37% verify if the public Wi-Fi is legitimate before joining.

Regarding the usage of cybersecurity and privacy tools, the numbers are more modest. Only 19% of Canadians use a VPN service, and 36% choose antivirus software. While a VPN is a more popular solution among younger generations, older generations tend to trust antivirus software. 

“Cybersecurity literacy is important, and it is great that internet users avoid entering or accessing sensitive information, like banking accounts, clicking on pop-ups, or going to suspicious websites. But a human mistake is an important factor in cybersecurity and even experts do them, so technological solutions should complement human efforts to minimize risks,” says Briedis. 

Americans Are More Eager to Use Internet in Public

In comparison, only around 16% of Americans do not use the internet in public at all. Americans use mobile internet more frequently and less public Wi-Fi than Canadians. Up to 39% of internet users in the United States use public Wi-Fi, and 70% use mobile internet.

In addition, Americans demonstrate slightly better use of cybersecurity and privacy software to protect their devices from cybersecurity threats: 27% of respondents said they use a VPN, and 33% use antivirus software.

How to Stay Secure on Public Wi-Fi?

There are several simple precautions to stay secure on public Wi-Fi. Marijus Briedis, cybersecurity expert and CTO at NordVPN, advises taking these actions:

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Enable a firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Stay secure on public Wi-Fi using a VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Every Fifth Canadian Avoids Using the Internet in Public appeared first on SiteProNews.

A survey by NordVPN showed that every third Canadian is afraid of losing access to the files on their computer due to a cyberattack.

Experts notice that even though the scenario of losing a piece of private information is scary for many people, there are other ways cybercriminals can profit from hacking someone’s device.

“The new type of malware we see spreading is crypto malware. The biggest problem is that it is difficult to detect for an average computer user because no data is lost,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN. “You may think you don’t need to worry because you don’t own or have never used cryptocurrency. But crypto mining malware doesn’t typically include hackers stealing funds from the victim’s cryptocurrency wallet, just using their device to mine. And as a result — making the victim’s device very slow.”

Criminals Mine Crypto Using Their Victims’ Resources

Mining cryptocurrency requires a lot of computer power to solve complex mathematical puzzles, adding new blocks of transactions to the blockchain. Once all the problems in a block are solved, the miners get their rewards in cryptocurrency.

However, the problem is that the process is very slow and requires an incredible amount of processing power. In fact, the electricity a computer generates would probably cost more than the cryptocurrency it could mine. That is why cybercriminals look for ways to mine cryptocurrency using other people’s devices.

By infecting a network of computers with malware , hackers can mine crypto while using their victims’ electricity, devices, and computing power to increase their profits. Victims might not even notice that their device is mining crypto. The only sign may be slower performance and overheated devices.

Some of the Ways to Detect Malware — Check If Your Computer Gets Hot or Slow

“Detecting crypto malware on your device can be very difficult. It’s designed to be as stealthy as possible. However, certain signs can help you determine that your device may have been infected,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

The first sign that your device may be mining some criminal crypto in the background is that the device gets significantly slower. Another sign is an overheated device with the fan always on. Lastly, the CPU (central processing unit) usage will be very high if your device gets infected.

If you want to prevent your device from being infected, here are several actions you can take:

• Keep all devices and applications up to date. Crypto malware often uses unpatched flaws in systems. The faster you update your software and operating system, the harder it is for malware to infect your device.
  
• Use antivirus software. Antivirus software, such as NordVPN’s Threat Protection, will scan files you download for malware, making it difficult for cybercriminals to install it on your device. It will also block your access to malicious websites, minimizing the threat of phishing.
  
• Practice good internet behavior. Don’t click on suspicious links, don’t download suspicious documents, and try not to visit untrusted websites. There are many ways in which cryptojacking malware could be delivered.

The post Is Your Computer Getting Slow? Hackers May Be Using It to Mine Crypto appeared first on SiteProNews.

Cybersecurity and privacy researchers at NordVPN analyzed the most popular mobile apps globally in 18 categories. Up to 14% of apps collect more unnecessary than necessary data for the apps’ performance and only 8% of apps collect no unnecessary data. On average, every fifth requested permission was not needed for the app’s functionality.

“A significant number of mobile apps that we use daily request access to device functions unrelated to their performance. And most users give the app license to spy without even reading the terms and conditions. Users should always consider whether the app needs certain data to do its job before tapping ‘Accept,’ because collected data could be used against our interest. It’s especially important to be more attentive to some categories of apps which are more intrusive, such as social media or messaging apps,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

The research revealed that 42% of all apps ask for permissions related to user activities outside the actual app, which means that they aim to collect data about users across other applications and websites. In addition, 37% of the studied apps request access to the user’s location, 35% to the camera, 22% to the photo gallery, and 16% to the microphone.

Social Media and Messaging Apps Raise the Most Concerns

Social networking, messaging, navigation, and dating apps require the most significant number of permissions compared to other categories. They are also in the lead by their requesting of unnecessary permissions. On average, social networking apps request ten unnecessary permissions, navigation apps ask for nine permissions, dating – six, and messaging – five.

Android users can be the least worried about gaming apps. They only request 10 permissions and ask for less than one unnecessary permission on average. While food and drink apps on iOS ask for less than three permissions on average, in terms of unnecessary permissions, productivity apps are in the lead because they almost do not collect unnecessary data.

The East Asia Region Is a Red Zone on the Privacy Map

While category is a stronger predictor of how many permissions and data apps ask for, there is also a geographical effect. On average, apps from East Asia ask for the biggest amount of permissions overall as well as unnecessary permissions — Hong Kong and Taiwan dominate both the Android and iOS charts. At the same time, Android apps from Japan and Singapore also make a strong showing.

“This likely stems from two aspects. On the one hand, different regions have different regulatory environments. But at the same time, these numbers are influenced by the nature of the popular apps studied. East Asian countries are worse in terms of permissions because of the blend of the wide use of social media tools as well as manga and other media apps,” says Warmenhoven.

On the flip side, apps from Mexico made the lowest number of unnecessary permission requests and even the lowest number of permission requests overall for Android. For iOS, apps from Spain and the US made the least overall requests, while apps from Spain, the US, Italy, and Poland made the least number of unnecessary requests.

How to Protect Your Privacy on Apps

To protect your privacy on apps, Adrianus Warmenhoven offers these preventive measures:

• Download from official stores. Unofficial app stores won’t always have systems to check whether an app is safe before it’s published and available to download. Moreover, getting an app from an unofficial source carries the risk of it being modified by criminals.

• Read the app’s privacy policy before downloading. Check what information the app will track and what it will share with third parties. If you’re not happy with the level of privacy, look for an alternative.

• Get to know your data permissions. When you download an app, you’ll be asked to give various permissions to access your data. Make sure they make sense to you. If you already have an app, review all the permissions and turn off the ones you don’t want or need, and consider deleting the apps that ask for many permissions (especially if they’re not needed for the app’s functionality). You should pay particular attention to permissions like camera, microphone, storage, location, and contact list.

• Limit location permissions. Many apps request access to your phone’s location services, so ensure you know which apps you’ve granted access to. It’s best to allow apps to track your location only when using the app, rather than all the time.

• Don’t automatically sign in with social network accounts. If you’re logging in to an app with your social media account, the app can collect information from the account and vice versa.

• Delete apps you don’t use. If an app is sitting unused on your screen and you’re not getting anything from it, delete it. Chances are it’s still collecting data on you even if you’re not using it.

The post Up to 74% of Apps Collect More Information About You than They Should appeared first on SiteProNews.

“It is fair to say that biometric data is more secure than most types of authentication, such as passwords. But all recorded data is hackable. Moreover, you can change compromised passwords, but losing biometric data is already a serious issue. That makes biometric information a valuable target for cybercriminals, and hacking of this type of data becomes a popular way of identity theft,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

The Internet Might Be Full of Your Biometric Data

There are more than 20 different types of biometric data, such as fingerprints, face, or voice. Every type of biometric information could be compromised in several different ways. One common and long-term serving method to steal fingerprints is placing a skimmer on ATMs or other fingerprint scanner machines. It collects fingerprints and creates fake versions that could be used to access devices or private information.

While still being used, a skimmer is an old-fashioned way to steal biometric data. With the rise of deepfake technology, biometric hacking has become much more sophisticated but, at the same time, more accessible for cybercriminals. By performing a biometric spoofing attack, hackers can compromise a secured system by exploiting users’ selfies, photos, and videos from social media to create fake identifiers like face, voice, or even fingerprints.

“While we are the owners of our own faces and voices, we are not the only ones with access to them. Over the years of being active social media users, people left so much biometric data that with the current capabilities of artificial intelligence to create deepfakes, it becomes a weapon against our privacy. Only this time without our initial consent,” says Warmenhoven.

Biometric data used to unlock a device is not easy to obtain because usually it’s stored in the device as encrypted binary code. But opening apps with biometric data or allowing them to use it is not always a safe solution. Sometimes users hand in their biometrics without knowing who the app’s developers are and how they use collected data.

Nevertheless, even if biometric data is stored on the server or cloud of a reliable app developer, it is much more vulnerable because there is always a risk of a data breach. Moreover, a biometrics hacking attack can be done through interception during data transmission between the user’s device and storage.

How to Protect Your Biometrics from Cybercriminals

To protect yourself from biometric hacking, Adrianus Warmenhoven advises these preventive measures:

• Think carefully before you opt to use biometric data. Even if you have the possibility, it doesn’t mean you always need to use biometric authentication. Before you allow a new app to scan your fingerprint or face, be discerning about when and where you share your biometric data and consider the reputation of the company asking you to use biometrics for authentication.

• Use biometric data for multi-factor authentication, along with strong passwords. Two-factor authentication (2FA) or multi-factor authentication (MFA) would raise your security levels.

• Use a VPN. A VPN can help secure your internet connection and prevent third parties from intercepting any biometric data you transmit.

The post How to Protect Biometric Data from Cybercriminals appeared first on SiteProNews.

NordVPN investigated a webpage called Insecam, which without the permission of their owners, streams almost 100 Canadian security camera feeds. Research revealed that every 10th camera streams to the world from Canadians’ backyards, garages, porches, and even the interior of their houses. Considering the popularity of home security cameras, the Insecam feeds are only a drop in the ocean.

“There are two ways someone could see your security camera’s feed. First, many IP cameras have a built-in functionality that allows the owner to access the feed through the internet from anywhere without certain security and privacy measures. If the camera is not secured with a password, its feed can be found on Shodan or other platforms, including Google in some cases. Another way home security cameras can be compromised is if hackers intercept the home’s internet connection,” says Marijus Briedis, CTO at NordVPN.

The Insecam feeds illustrate that users do not seriously consider protecting their surveillance cameras. But live streaming from a backyard is not a priority for criminals because it does not monetize their efforts.

There are several ways criminals could use a feed from home security cameras. Blackmailing is usually the preferred option for cybercriminals. They hack cameras to demand money for not leaking personal videos to a broader audience.

Another way a hacked camera feed can serve criminals is to better prepare them for burglary. Through hacked cameras, criminals can see when a house’s inhabitants are not home and what valuables they have. Moreover, most cameras disclose their location, meaning burglars can plan a crime without going to the site. 

How Can You Protect Your Security Camera?

There are several simple precautions to protect your security cameras from being hacked. Marijus Briedis, cybersecurity expert and CTO at NordVPN, advises taking these actions:

• Check your camera’s password settings. Set up your camera to require a password. The password should be complex, unique, and consist of no less than 12 characters. According to NordPass research, people often fail to change their admin passwords. In fact, the most popular password in Canada is “123456,” which is also a common admin password.

• Enable your camera’s security features. If you bought a camera that encrypts data transmitted via the internet, turn this feature on. And always update your device with the latest security patches.

• Hide your online traffic with a VPN connection set up on your router. If you set up a VPN, like NordVPN, on your router, you can connect and secure any number of gadgets with a single device slot. Any device that connects to it, including your home security camera, will automatically be private on the internet. 

The post Hacked While Sunbathing in Your Own Yard – How to Protect Privacy from Treacherous Security Cameras appeared first on SiteProNews.

Two out of three people are worried about criminals tracking them online, according to research by NordVPN. This fear is not irrational — in fact, one of the most common cybersecurity crimes is camera hacking. Criminals can secretly spy on users, record videos of them, and then blackmail the victim by threatening to release the footage publicly. Moreover, unwanted fame is not the only negative effect that “camfecting” can have.

“A camfecting attack is not hard to perform. To hijack your device camera, hackers need to slip remote-control malware into your laptop or smartphone. A cybersecurity attack can be performed by sending infected emails, luring in users into malicious sites, or infecting torrent downloads, or downloads from unauthorized sites. Luckily, it’s easy to spot the warning signs or enhance your computer or smartphone camera security,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

What Are the Signs of Camfecting?

Many signs can give away a hacked camera. For example, if your camera’s indicator light is on or blinking even though you haven’t turned the camera on, it might be a sign that it has been camfecting. Nevertheless, it might not always be the case: an abnormally acting camera light could result from an application running in the background.

There are other signs of potential camfecting, such as faster battery draining, random apps installed without user’s knowledge, device freezing and crashing. It is also advisable to install or run a malware-detecting software, such as Threat Protection or antivirus. If a user notices any of these signs, experts advise to speak to IT professionals.

How to Protect the Device from Camfecting?

“Putting a piece of tape or a camcover over your device’s camera is perhaps the easiest and most reliable way to prevent someone from watching you through your computer camera and improve your home security. However, by putting this physical blocker in place you simply restrict the attacker’s view, but don’t solve the actual issue. Keep in mind that the same malware that allows cybercriminals to access your camera, also can provide access to your personal files, messages, and browsing history,” says Warmenhoven.

To protect yourself from malware, Adrianus Warmenhoven recommends to take the following steps:

• Enable firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Don’t fall into a phishing trap. Hackers may disguise themselves as support agents and contact users, saying there’s an issue with the device or software and they have to take care of it. It’s a common phishing technique cybercriminals use to slip remote-access software onto a device. Such software then allows them to access your camera and manage its permissions.Another way to lure victims into downloading malware is through phishing emails that hide spoofed URLs and malicious files.

• Stay secure on public Wi-Fi using VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Your Camera Might Be Secretly Filming You – How to Stop That? appeared first on SiteProNews.

A survey by NordVPN showed that 84% of users had experienced social engineering behavior in the past, and more than a third of them have fallen victim to phishing email scams. Experts say that a new type of phishing has started to emerge recently — clone phishing — which can trick even the most cautious users.

Clone phishing is a scam where a cybercriminal replicates a legitimate email or website to trick the victim into giving personal information. The cloned email looks almost the same as the original and contains legitimate details, making clone phishing more difficult to spot than other phishing attacks.

“Even though users learn and become more cautious every time they experience a cybersecurity issue, criminals don’t make it easy by constantly developing new techniques to target people. Clone phishing attacks take phishing to the next level because the emails are usually highly personalized and replicate something that a victim received in the past,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

How Does Clone Phishing Work?

First, the attacker intercepts a message sent to a user from a legitimate source (e.g., a bank, client support service, money transfer site, or employer). Attackers may use various techniques to intercept emails, including DNS hijacking. A hacker won’t always need to intercept emails to carry out clone phishing attacks. However, if they do, these clone emails become much more difficult to spot because they look just like the original.

After that, a scammer creates a replica of the email and sends it to the victim, urging them to take action. Scammers want their victims to act quickly, so phishing emails always sound urgent. You may see common social engineering tactics like asking users to change their passwords or provide other sensitive data because their account has been “compromised.” It’s also common for clone phishing scams to contain a malicious link that a user can click thinking they’ll access a legitimate website.

The victim opens the email, believing it to be from a legitimate source. They may open an attachment (e.g., a PDF document) that instantly installs malware on their machine and provides cybercriminals access to their sensitive information. Or they may click on a link included in the email and are redirected to a malicious site, allowing attackers to steal their information.

How to Prevent Clone Phishing Attacks

“Spotting clone phishing attacks can be tricky, especially if the scammers have a lot of experience in creating cloned emails. However, you can take several steps to reduce the likelihood of falling victim to this social engineering attack,” says Adrianus Warmenhoven and provides a list of tips that can help users avoid being affected by clone phishing emails.

• Check the sender’s email address. Before you click anything or reply to the email, make sure the sender’s email address is legitimate. Clone phishing attempts often come from email addresses that resemble the original. However, they may have additional full stops, dashes, symbols, or other subtle differences. Check the sender’s email address carefully to ensure it’s from a legitimate source.
  
• Don’t click on links. Avoid clicking on links unless you’re absolutely sure the email isn’t a scam. The email may contain links that redirect you to a malicious website where scammers can steal your personal information. Only click on links and buttons after you’ve confirmed that the email is safe.
  
• Use spam filters. Spam filters are helpful if you receive a lot of emails daily. These filters analyze the content of every email and identify unwanted or dangerous messages. While they won’t always spot a cloned email, using them in addition to other measures is a good idea.

“Clone phishing emails are not dangerous until you click the links or files they include. So the general recommendation is not to rush into trusting everything you read in your email inbox. It is always safer to double-check with the company that is emailing you and contact them by phone before you provide any personal information or click on the links in your emails,” says Adrianus Warmenhoven.

The post Clone Phishing — an Attack that Can Trick Even the Most Cautious Users appeared first on SiteProNews.

Half of Americans (53%) say they have seen an ad for a product or service pop up on their phones soon after talking about it or watching it on TV, new research by cybersecurity company NordVPN reveals.

Two in four (50%) consumers admit they have no idea how to prevent this from happening and one in ten (10%) who noticed the adverts said it scared them.

Rather than devices reading your mind, this personalised product placement is due to a type of data monitoring called ultrasonic cross-device tracking. This is where apps on your smartphone listen in to background noise — including conversations — to gather more information about you.

“Later, they share this data across other devices,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Smartphones were by far the most common place to find these tailored ads. Four in five (77%) Americans who recognised the phenomenon first spotted it on their handset, with half (52%) seeing it on their computer and a fourth (39%) on their tablet.

Information showing people’s behaviour across devices is extremely valuable to companies, but this type of tracking is controversial because of its lack of transparency and security concerns around consumers’ data.

A key part of cross-device tracking is the use of audio beacons, which are embedded into ultrasound — frequencies above the level that can be heard by humans — and can connect with the microphone on our devices without us knowing. This is one reason many apps ask for permission to access your smartphone’s microphone, even if they don’t involve using your voice.

“While it’s impossible to stop the ultrasonic beacons working, you can reduce the chance of your smartphone listening for them by simply restricting unnecessary permissions you have granted to the apps on your device,” says Warmenhoven.

Ultrasonic Cross-device Tracking — How Does It Work?

Ultrasonic cross-device tracking is used as a method to link all the devices you own to track your behavior and location. These ultrasonic audio beacons can be embedded in many things we interact with daily: TV shows, online videos or websites, or apps on our phones.

Imagine you are watching TV and you see chocolate being advertised. You pick up your phone, and the same chocolate ad appears on your screen. By using ultrasounds, audio beacons can detect when your phone is nearby, and apps on your phone can listen for approximate audio beacons to track what you are doing.

How Can You Reduce Cross-device Tracking?

NordVPN cybersecurity advisor Adrianus Warmenhoven has some top tips to keep snooping devices at bay:

• Change app permissions. The apps on your smartphone may have some permissions that are not required. For instance, why would a photo-editing app need access to your microphone? If apps on your phone have such non-required permissions, you should revoke these permissions. Apple now requires apps to ask your permission before tracking you or your iPhone across websites or apps owned by other companies, and you can turn this off for all apps. All changes to app permissions can usually be done in the privacy settings on your device.
• Use a private browser. If you want to keep yourself from tracking, it is best to use a private browser like Tor or DuckDuckGo rather than the incognito mode in Google Chrome. These browsers do not profile you or save any of your personal data for sharing with marketers.
• Use a VPN. One of the best ways to protect yourself from being tracked is by using a VPN. A VPN is a tool that encrypts every bit of information about your internet activity. It also stops IP-based tracking because it masks your IP address.

The post Yes, Your Phone is Eavesdropping on You – and Most Americans Don’t Know How to Stop It appeared first on SiteProNews.