uc logo white
Text Size

Home

Keyloggers log wirelessly

Gee, it sounds like something out of one of those 1970s TV shows about government spies, but it’s reality: Plug this little thing into a wall socket and it records the keystrokes of a person nearby typing into a Microsoft wireless keyboard. The little gadget sends the information back to the gadget’s owner over the Internet.Gee, it sounds like something out of one of those 1970s TV shows about government spies, but it’s reality: Plug this little thing into a wall socket and it records the keystrokes of a person nearby typing into a Microsoft wireless keyboard. The little gadget sends the information back to the gadget’s owner over the Internet. The device looks like a USB wall charger, and this “KeySweeper” can be created with instructions from Samy Kamkar, a hardware hacker and security researcher who developed the gadget. An article on threatpost.com explains that KeySweeper can alert its operator when keystrokes spell out something that the thief-operator would be interested in, such as a bank’s website address. The device continues working even when removed from the wall socket. As for making a KeySweeper, Kamkar says that it’s not wise for a person without strong knowledge of electrical things to attempt to construct one. To remain as inconspicuous as possible, the KeySweeper relies upon low profile hardware and very low power. It can also be powered by a battery because it’s installed inside a USB wall charger. So if you unplug the device (and thus disconnect it from A/C power), KeySweeper is still going, relying on its battery inside. And if you think that KeySweeper is difficult to detect, you’re correct. It could be sitting in someone’s lap one table over from you at the Internet cafe and recording your keystrokes. Your only protection then would be to use a keyboard that requires an electrical cord, or, a wireless one that’s not from Microsoft. Kamkar’s device works only with Microsoft because of the technological compatibility that Microsoft’s wireless keyboards have with the gadget. It is likely however that devices such as this will become more common and will also work with other keyboards. So how do you protect yourself? Seems difficult if not impossible. One way would be to reduce the amount of data that could be exposed. The most sensitive data is generally passwords and credit card data. A password manager will enter all this data for you and not require keystrokes. This is the most effective and secure “autofill” available that bypasses keystrokes. _________________ Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

4 Tips for Spring Cleaning Your Digital Life

Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started.Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started. First, begin by emptying your trash or recycle bin on your computer and clearing your browser cache of temporary files and cookies, both of which will free up valuable space on your hard drive, then follow these tips for cleaning your digital presence.
  1. Clean up apps and files. Are some of your apps gathering dust? Do you have files from high school (and it’s been years since you graduated)? If you’re not using these items, think about deleting them. Clearing out old, outdated and unused apps, programs and files leaves more space and memory on devices to fill with things you use.
  2. Back up your data. Our devices are a treasure trove of family memories like pictures and videos and they also often include key documents like tax forms and other sensitive information. None of us would want to lose any of these items, which is why it’s important to back up your data, and often. Back it up to both a cloud storage service and an external hard drive—just in case
  3. Review privacy policies. Are your accounts as private as you want them to be? Take the time to review the privacy settings on your accounts and your apps so you understand how they use your data. This is important for your social media accounts so you can choose what you want or don’t want to share online. For a good resource on social media privacy, see this article. This is also critical for your apps as many apps access information they don’t need. In fact, McAfee Labs™ found that 80% of Android apps track you and collect personal info–most of the time without our knowledge.
  4. Change your passwords. It’s always a good to idea to change your passwords on a regular basis and there’s no better time during a digital spring cleaning. To help you deal with the hassle of managing a multitude of usernames and passwords required to manage your digital life, use True Key™ by Intel Security. The True Key app will create and remember complex passwords for each of your sites, make them available to you across all of your devices, ensure that only you can access them simply and securely using factors that are unique to you, and automatically logs you in when you revisit your sites and apps—so you don’t have to.
So before you consider yourself done with your spring cleaning, make sure you finish this last bit of spring cleaning with these tips, and you’ll be well on your way to cleaning up your digital life. __________________ Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Scammers Pose as Credit Card Fraud Department

A fraudulent fraud department? It may sound too wacky to be true, but scammers are now pretending to be from credit card companies' fraud departments. It's a trick to get you to reveal your card's security code. A fraudulent fraud department? It may sound too wacky to be true, but scammers are now pretending to be from credit card companies' fraud departments. It's a trick to get you to reveal your card's security code. How the Scam Works: You answer the phone, and the caller says he/she is from your credit card's security department. This "fraud specialist" tells you that there's suspicious activity on your card. He makes up a bogus transaction and asks if you authorized it. When you reply that you never made the purchase, the "fraud specialist" offers to open an investigation into charge. The scammer may even give you a fake case number for reference. Everything seems normal until the scammer asks one last question. Under the guise of verifying that the credit card is in your procession, he requests the security code on the back of your card. Don't give it to him; it's a scam! In this particular con, identity thieves already have your information. They know your name, credit card number, phone number and address. Now, all they need is the security code on the back of your card. If you share it, you give the con artist the information he needs to wrack up charges in your name. What To Do if a Fraudulent Fraud Department Calls: Don't give the caller any information about your account - even if he already knows some of the details. Pick up the phone. Call the customer service number on the back of your credit card. Talk to the fraud or security department and ask about the unauthorized charges the caller told you about. Phone numbers can deceive. Some con artists use Internet technology to disguise their area code in Caller ID systems. Although it may look like they're calling from your credit card company, they could be calling from anywhere in the world. _________________ The BBB is dedicated to fostering honest and responsive relationships between businesses and consumers in the U.S. and Canada, instilling consumer confidence and contributing to a trustworthy marketplace for all.

Hacking Humans: How Cybercriminals Trick Their Victims

Intel Security has compiled a list of the top ways cybercriminals play with the minds of their targeted victims. And the chief way that the cybercriminals do this is via phishing scams—that are designed to take your money.Intel Security has compiled a list of the top ways cybercriminals play with the minds of their targeted victims. And the chief way that the cybercriminals do this is via phishing scams—that are designed to take your money. The fact that two-thirds of all the emails out there on this planet are phishy tells me that there’s a heck of a lot of people out there who are easily duped into giving over their money. I’m riled because many of these emails (we all get them) scream “SCAM!” because their subject lines are so ridiculous, not to mention the story of some befallen prince that’s in the message. I bet there’s a dozen phishing emails sitting in your junk folder right now. Unfortunately, a lot of these scam emails find their way into your inbox as well. McAfee Labs™ has declared that there’s over 30 million URLS that may be of a malicious nature. Malicious websites are often associated with scammy emails—the email message lures you into clicking on a link to the phony website. Clicking on the link may download a virus, or, it may take you to a phony website that’s made to look legitimate. And then on this phony site, you input sensitive information like your credit card number and password because you think the site really IS your bank’s site, or some other service that you have an account with. 6 ways hackers get inside your head:
  1. Threatening you to comply…or else. The “else” often being deactivation of their account (which the scammer has no idea you have, but he sent out so many emails with this threat that he knows that the law of numbers means he’ll snare some of you in his trap).
  2. Getting you to agree to do something because the hacker knows that in general, most people want to live up to their word. That “something,” of course, is some kind of computer task that will compromise security—totally unknown to you, of course.
  3. Pretending to be someone in authority. This could be the company CEO, the IRS or the manager of your bank.
  4. Providing you with something so that you feel obligated to return the favor.
  5. “If everyone else does it, it’s okay.” Hackers apply this concept by making a phishing email appear that it’s gone out to other people in the your circle of friends or acquaintances.
  6. Playing on your emotions to get you to like the crook. A skilled fraudster will use wit and charm, information from your social profiles, or even a phony picture he took off of a photo gallery of professional models to win your trust.
In order to preventing human hacking via phishing scams, you need to be aware of them. Aware of the scams, ruses, motivations and then simply hit delete. Whenever in doubt, pick up the phone and call the sender to confirm the email is legit. _________________ Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.