Mobile Malware | Mobile Security

Are you a victim of mobile malware?

Your smartphone gives you access to the world right in the palm of your hand, but if you’re not careful it could also give cybercriminals access to your private information.

To avoid becoming a victim of fraud or other online crimes, it’s essential to make sure that no mobile malware is running on your android or iPhone – but how do you know if your device is infected?

Here are some tell-tale signs that your phone may have a malware infection and how to remove this dangerous software from your device.

Is your phone infected or just getting old?

A smartphone that takes longer than usual to load apps or loses battery power in a hurry could just be getting old. Then again, it could be infected with malware.

If your phone is less than two years old and suddenly seems to be running slowly, there’s a good chance that a malicious app is putting a drag on system performance.

Similarly, if you notice that your smartphone battery drains after just a few hours of moderate use and your phone is relatively new it’s likely that you’re dealing with a malware infection.

Installing a reliable antivirus app with malware scanner is the shortest way to find out whether your device has been compromised. The sooner you know, the sooner you can get rid of potentially dangerous software that gives hackers access to your personal information.

You keep seeing ads everywhere

Some apps make their revenue from ads, and if you’ve been seeing them all along there’s probably no cause for concern. However, if an app that doesn’t usually run ads suddenly starts displaying them you may have adware running on your phone without your knowledge.

Are Android or iPhone devices more susceptible to malware?

Traditionally, the iPhone was always a safer choice when it came to viruses and mobile malware due to Apple’s enhanced digital security and the extensive checks the company does before allowing an app to register on the App Store.

However, recently, a number of apps harbouring mobile malware have managed to slip through the cracks.

iPhone users may be more protected in theory but that doesn’t mean they should be complacent when faced with the tell-tale signs of a malware infection.

Keep your data safe on all devices with secure cloud storage

Every time you sync your devices, you are sharing valuable data that needs to be protected.

Soteria’s range of secure cloud storage packages for business and family use are the ideal way to keep sensitive information for your eyes only.

LinkedIn Phishing Scam | Malware

New LinkedIn Phishing scam

Receiving a LinkedIn message from a recruiter offering you the job of a lifetime may sound like a dream, but for victims of the new Ducktail malware, it can quickly turn into a nightmare.

Cybercriminals are ramping up their impersonation game, posing as HR talent scouts on LinkedIn to trick professionals into downloading dangerous software. To avoid losing control of your valuable data, you’ll need to be on the lookout for this new scam.

Are you dealing with a recruiter or a cybercriminal?

LinkedIn has become the go-to social network for professionals around the world, with 9 million registered profiles in South Africa. Naturally, recruiters have been keen to use this platform to reach out to suitable job candidates – and some of their overseas offerings can be very attractive.

Receiving a message asking you to consider a lucrative job offer is always exciting. Unfortunately, online bad actors are jumping on the opportunity to defraud and steal data from prospective jobseekers.

A new scam on LinkedIn has seen professionals in several countries in Africa and the Middle East targeted by fake recruiters, losing control of their Facebook business accounts in the process.

The first step in the scan is always a LinkedIn message from someone posing as an HR specialist. The contents of the email will usually refer to a great job opportunity – most recently with a fashion brand in a desirable international city.
Once a job candidate shows interest by replying to the phishing message, the cybercriminal will usually reply and include a link which looks like it leads to an online application form. In reality, clicking on this link will download the Ducktail malware onto their device.

Victims of Ducktail soon discover that their Facebook business accounts have been hijacked, with customer data including credit card and banking details being prime targets.

Always verify before you share your details

If you receive a recruiting message on a platform like LinkedIn, it’s essential to make sure that the person who sent it is legitimate.

Cross-checking the recruiter’s identity on their company website is one way of verifying their identity.
For local recruiters, calling them on the number provided on the website – and not the number in the email – is a sure way to find out whether you are speaking to the genuine person or an imposter.

Malware, ransomware, and other types of cybercrime are a major risk for every business and professional.

Keeping your data safe with our range of secure cloud storage packages. It’s your virtual insurance policy against cybercriminals.

7 Biggest Cybersecurity Risks

Cybersecurity Risks and Threats

Cybersecurity is in the news lately for all the wrong reasons, and business owners in SA are joining their international counterparts in worrying about the invisible online threat that can cost companies a fortune.

Dealing with an invisible enemy means that you’ll need to be aware of the specific risks on the internet before they appear and take steps to protect your business accordingly.

In this article, we outline the biggest online threats affecting companies across the country and give you some helpful tips in preventing and dealing with them.

1. Ransomware

The first threat on our list is probably the most common type of cybercrime.

Ransomware infects your business IT network or device, takes your data hostage, and demands payment – usually in untraceable cryptocurrency – before the data is released.

60% of South African organisations reported a ransomware attack in the past 12 months, a significant increase from 47% in 2020.

2. Malware

Malware is any form of malicious software specifically designed to cause disruption to a computer or network, interfering with both the user’s computer security and privacy.

One of the most common methods of spreading malware is through phishing emails where employees are tricked into clicking on links or downloading a malicious file.

3. Distributed denial of service attacks (DDoS)

This type of attack essentially locks or slows down your website by flooding it with server requests from multiple computers at once.

Once the website is down, it remains unusable until a “fee” is paid to the perpetrators, costing the business both a ransom and lost sales.

SEACOM released a shocking report in 2021 citing a 300% increase in denial of service attacks in Africa since 2019.

4. Trojan viruses

These invisible bits of virus software often enter your computer via suspicious email attachments or download links.

Once they’re in the system, they can corrupt your entire computer network or transmit sensitive information to cybercriminals using your Internet connection.

5. Insider threat attacks

Disgruntled employees or those who have been dismissed often have access to sensitive information, including passwords and access protocols.

If they decide to team up with hackers to infiltrate your company’s computer system, you may find that many of your usual cyber defences don’t work to repel the attack.

6. Password attacks

Simply having a password attached to your computer, email, or network login isn’t enough.

If hackers are able to guess or decode your password, they could have free reign of your company information – and even your internet banking.
Choosing a strong password and changing it frequently is an excellent strategy to reduce this risk.

7. Social engineering attacks

The people and businesses we interact with online are not always who we think they are.

Social engineering attacks are carried out by cybercriminals posing as clients or members of the public – and this type of attack is responsible for most data leaks in South Africa.
It’s essential to train your team to be highly suspicious of any unsolicited communications and maintain a strict data policy to prevent leaks and breaches triggered by third parties.

Keep your data safe and encrypted for ultimate risk management

No matter what steps you take, statistically, speaking your business may still fall victim to a cybercrime in the near future.

Even if the worst happens, having a complete backup of your important data, safe and encrypted in the cloud, will help your business to survive the attack.

To learn more, browse our range of secure cloud storage packages for businesses today.

The Trends and Risks of QR Code Hackers

It was somewhere in the mid 90’s that QR codes, short for “quick response”, became really popular in the automotive industry in Japan. Mobile phones came with QR code readers and the average citizen soon got used to scanning a printed QR code to get more information on products, scanning electronic tickets, and even tracking flight tickets at airports. While QR codes have been a tech way of life in Japan for a decade or two, one wonders why it is that South Africa has taken so long to latch on to this seemingly easier to use touchless world.

QR code trends

While the history of QR codes is certainly interesting, our focus should be on QR codes right now, in the here and now. Nowadays, there are numerous QR code trends which seem to shift almost daily. For instance, you can use a QR code at a restaurant to scan the menu and another code to pay the bill. You can go pay for your groceries by scanning a QR code, rent a Box Office movie on DSTV and even read an article in a magazine by scanning a QR code to ‘read more’!

QR codes have become such an integral part of our lives that it almost seems as if they have always been there. So, where’s the catch? The catch is that there’s a security risk involved with QR codes.

what’s the security risk/threat to your business?

One of the greatest risks is that the average person cannot tell a malicious QR code apart from a legitimate one. This, when paired with the fact that most mobile users don’t have (or even think about) mobile device security, is a disaster waiting to happen.

You also need to consider the risk to your business if employees are using their mobile devices for work. The digital age that we live in has made many people blase to the things we do on our devices. We wander the aisles of the grocery store scanning and swiping as necessary with little thought to anything beyond the outcome of the scan. As a consequence of our unmindfulness to the security risk, we make a hacker’s job that much easier. Hackers prey on this type of naivety and behaviour in consumers, posing a significant threat to your business.

how do hackers do it?

Opportunistic hackers are able to generate QR codes using free services on the internet. They then embed malicious software into the QR code. Most people will have no idea, and more often than not – not even begin to consider if a QR code is a good one or bad one.

When a malicious code is scanned it can send the mobile user directly to a malicious website, or it can install malicious software on your phone. In the event that a QR does this, you can expect a variety of things to happen. The hacker can action spear phishing, can initiate a call to a scammer in order to get the mobile phone number and even send malicious texts from the device. With malware software installed from a QR code hackers can send out emails from the device with malicious links, they can send payments and capture the mobile phone’s stored payment data, and a whole lot more.

how to protect yourself

Protecting yourself from the damage of scanning a malicious QR code is important:

Educate your employees about the risks and threats of QR codes.
Make a point of only scanning codes from trusted sources. Don’t randomly scan codes you find on the internet or made public. Make sure that the company URL matches the business name and website – there are apps that can do this for you.
Be wary of bit.ly links. Often bit.ly links are used to disguise malicious website URLs.
Ensure that every single business and employee device used to access business data and apps has a top notch security system installed.
Put an end to password access for employees using business and cloud-based apps. Instead, opt for multi-factor authentication.

take action now

While the use of QR codes have become a way of life that will undoubteldy get you a quick response, they might also get you a ‘quick virus’ that you simply don’t want or need! Take the time to understand the risks and put measures in place to protect yourself, your employees, and your business.