Your phone or tablet

So, you got a new phone or tablet for Christmas. Now, you want to install some apps. If you have an iPhone, and are going to the Apple store, you are probably in good shape.

But sometimes, people want to install other apps. Or they just feel their phone or tablet doesn’t let them do what they want to do. Maybe the app they want isn’t “authorized” or won’t install. Or maybe they want to “customize” their device, but it won’t let them.

At that point, some people turn to “jailbreaking” (or “rooting”) their phone or tablet. That is a way to disable the restrictions that keep them from installing certain apps or customizing their device.

Image of cellphone locked in jail cell

Before you do that, there are some things you should know.

Having the phone in a “jailed” state means it is locked down for protection. It’s not so much a matter of restricting the phone as it is of protecting it. Think of “protective custody” with a lot of freedom within the bounds of that protection.

The reason the phone or tablet is “locked down” is to protect it from being affected by malicious or poorly-designed applications or activity. Another reason this is done is to prevent consumers from violating copyright laws through playing of movies or other media without proper licensing.

If one removes those restrictions, they open themselves up to a number of undesirable possibilities. That doesn’t mean they WILL be affected, but it does mean they are no longer as well protected against the possibility.

 

Some of the undesirable results of jailbreaking (rooting) your phone or tablet:

   * Security is weakened. Malicious software could affect the phone or could steal or use your information in some other way. Malicious software may be something that gets installed without your knowledge. Or it could be an app you intentionally install that has a hidden agenda (e.g., a new game or other new app you want but that also steals your data or does other things behind your back). You would be upset about it, if you knew what it was doing.

   * An app that you install may not be well-designed and may cause your device to become unstable and/or not work properly.

   * Updates for security and/or improved operation or functionality may no longer be available. That would mean that you will no longer get those updates unless you install them yourself. Normally, these updates would protect you against new and dangerous threats as they become known. They may also fix performance issues and bugs as they are discovered.

   * Your warranty may be voided.

   * In some cases, the phone’s performance may be impacted, including draining your batteries.

   * Some apps that you might install may use your data plan and use up your monthly allotment.

Apple’s app store is far less likely to contain an app that will cause your phone problems or that will be malicious. Although they may approve something they shouldn’t, your chances of getting a bad or malicious app increase considerably if you jailbreak your device and go elsewhere to get apps.

Should you jailbreak your phone or tablet?

I’m not going to say you shouldn’t. There may be a reason that you may choose to.

Just be aware that, if you choose to do so, you are making it more vulnerable. If you do so, you should be more careful about how you use that device in the future. It would be prudent not to use it for sensitive information or transactions. It would be wise to think of it from that point forward as an “insecure” device.

E-mail from my Sister!

Thanksgiving morning. Early. I check my e-mail and see a message from my sister.

3:24 a.m….. She was up early. Or maybe was still up from Wednesday night.

She said “hi phil” and then included a link, closing with her name in the format doejane (although it had her real name instead of doejane).

I looked at the link and it appeared to go to some blog.

Why is she just sending me a link?

image of e-mail described in this post

I am always suspicious when I receive an e-mail with just a link, especially if the link looks to me like it is a blog. And yet, it appears to be from my sister on Thanksgiving day. Could it really be legitimate?

It was sent to my e-mail address that I only give to my family and a couple of other restricted places. So, if it isn’t my sister, how did they know I have this particular e-mail address.

If this were to happen to you, what would you do?

As for me, I wouldn’t follow the link. If it isn’t a safe link, clicking on it is a good way to get your computer compromised . Even if the e-mail is really from someone you know. I looked a little further.

The e-mail address was [mysistersname]@tampabay.rr.com. Well, that’s strange. If it ends in tampabay.rr.com, that means that the person sending it gets their Internet service from Charter Communications, previously Time Warner Cable. More specifically, they get it from the TampaBay location for that provider. That means they are/were located in the Tampa area. (Or they are faking their address as coming from there.)

But my sister lives in the northeast part of the nation.

Strange.

same image as above, but with 'tampabay' circled

So, now I have the following information:

The person sending the e-mail connects from a Tampa area account (or pretends to).
The person’s e-mail sounds like a personal e-mail but only includes “hi phil” plus a link, and then their name (run together with no space, last name first).

This is pretty suspicious. It has to be an attempt to fool me. If I were to click on that link, I would likely have a compromised computer.

But the perpetrator did several things amazingly well.

1) They used my sister’s actual name. It is a bit unusual that it is lower case and signed “last name first,” run together with no space. But some of my friends sign their names all lower case.

2) They sent it to me using my e-mail address that is given out to very few people. I give out my other e-mail addresses to lots of people, but not this one.

3) They sent it on Thanksgiving Day, a time that loved ones are more likely to be in contact with us.

Would you have clicked on the link?

 

So, how should you handle this? The bad guys are smart (at least some of them). You don’t want to ignore e-mail from loved ones.

Let’s examine this situation. There are clues that there might be a problem.

The biggest clue is the address specifies it came from the wrong part of the country. But if the address had been from @gmail.com, we wouldn’t have that clue. And, even for me, I didn’t discover the problem with the address until I started looking, which was after I was already suspicous.

The biggest giveaway for me was that the e-mail contained only a link between the greeting and signature. This is always suspicious to me. Of course, some of my friends regularly send e-mails like that. Maybe some of your friends do as well. With those friends, at least that is their pattern for sending e-mails. But, I often don’t click on their links either.

My response to such cases is the following:

* I pay attention to the link itself. I recognized this as likely being a blog. I know that a lot of attempts by attackers use this technique. (It really helps to become familiar with the techniques attackers use so you can recognize attempts when they occur.)

* As a rule, I don’t click on links just because someone sends them. I evaluate the likelihood that it is safe and also whether I think it might actually be of interest.

* If I thought this really did come from my sister, I still wouldn’t click on the link because it looks too much like the style used by attackers. I would contact her first and make sure it really came from her (even if the e-mail address was her true e-mail address) and try to get some more information about it.

(By the way, I did receive an e-mail from my sister later that day. It didn’t have links to blogs, but had actual sentences with relevant remarks. Also, it came from her REAL e-mail address, which was in the format of janiedoe@…… instead of doejane@.)

Final analysis:
The e-mail likely came from someone who was either trying to compromise computers or someone trying to sell something. (I’m sure you’ve seen spam e-mails for weight loss, body part enhancement, pills, etc.)

Be careful when you go through your e-mail. Even if it comes from someone you know or is about something you are interested in. The bad guys will use holidays, events, or anything else to trick us into opening their e-mails.

 

What else are they likely to do at this time of year? You may have seen e-mails about failed delivery attempts from DHL or UPS. Do you have any packages coming at this time of year? I do.

Image of package on porch, wrapped as gift

In fact, UPS failed to deliver the package I had ordered. The tracking information said it was on the truck for delivery this past Monday, but it didn’t arrive. The next day, it was scheduled again to be delivered. A little after 3:00, I looked online and the tracking info said they had delivered it. Nobody had rung the doorbell but I looked around outside. The package wasn’t here. I had to call the shipper, and they are filling the order again.

But, what if I had gotten an e-mail from UPS? It would be tempting to open it since they had failed their delivery a couple times already. If a bad guy had sent me one of these e-mails in the last couple days, the scenario was ripe for me to open it to find out what was happening with my delivery. Knowing that this is how the bad guys operate, I still wouldn’t have opened the e-mail. I would have gone to the shipping company’s site using the tracking number I already had (which is what I did). Then, I would have called them using the number I already had (which I also did). They said there was nothing they could do since it was marked as delivered.

They didn’t send me an e-mail about this. But what if they had? Do you think I would have opened it, because of being upset about their failures and hoping for some kind of satisfaction? Suppose a bad guy had sent a malicious “failed delivery” e-mail this week. I’ve certainly received a bunch of those in the past. But this time I already knew there were delivery problems. And I wanted it fixed!

What would YOU have done? Would you have clicked to find out what was going on with the failed delivery?

 

The main thing I want you to take away from this is:
Think before you click.

Many of us are overloaded with information. Some of that comes through e-mail, especially if you get lots of e-mail. If we are feeling like there’s too much information coming our way, it is easy to pay less attention to individual e-mails. That could put us at risk for falling prey to at attacker’s tricks, because we fail to think before opening the e-mail or clicking on a link.

I get a couple hundred e-mails daily. Most of them are never opened. I scan through the sender names and subjects fairly quickly. Some are deleted. I place the majority into an “archive” folder without opening them. They are there if I ever need to refer back to or search for something. Only a few get opened. One of those was the e-mail from my sister. Or rather, the one that looked like it was from my sister.

It is important to keep paying attention. As we open the e-mails that we think are of interest or from someone we want to hear from, we need to be aware of the possibility that it could be a trick. It could be someone pretending to be our family or friend. Or it could be an e-mail about something that is very relevant to our life on that particular day, such as a package that we are trying to get delivered. Holidays are a time that some of the bad guys step up their attacks. It is also a time that we may be more susceptible.

Again, the main thing I want you to take away from this is:
Think before you open or click.

The second thing is to become aware of the tricks the bad guys play so you don’t fall victim to them.

3 – Ransomware Prevention

So, now you understand what ransomware is, and how to be prepared so you don’t have to pay the ransom if you get attacked by it.

But, prevention is better than fixing the problem after it has occurred. Unfortunately, as with many things in security, there is no guaranteed way to protect yourself (apart from never turning on your computer or mobile device; and that’s not a helpful solution).

On the other hand, there are some things you can do to make it less likely that you will be affected.

But first, let me list some of the common ways that computers become infected with ransomware:

   * E-mail
         – Opening attachments that have malicious components
         – Clicking on links, that take us to a site that infects us

   * Visiting a web site and taking an action that causes an infection
         – Clicking on something
               (including a box that says “close” or “cancel”)
         – Moving your mouse over something

           One type of web site notice that is known to be likely to infect you if you respond to it is one that says you have engaged in illegal activity and law enforcement is being notified, suggesting you take action now to avoid further activity and to “click here to get details”

   * Phone calls, e.g., a call from someone saying they are from an accounting or billing department and they are sending an invoice and to open it when it arrives or some other phone call that advises you to take some action. If you open the attachment when you receive it, you get infected.

   * Visiting sites that can infect us just by visiting them, with no need to take any action (discussed in the daily tips). This is the most insidious method, as we can become infected despite taking precautions. Use of an ad-blocker and turning off automated functionality may protect you in some cases from some of these, but even then, there is no guarantee you can’t be infected. And turning off functionality may affect other web sites you rely on and render them inoperative.

 

So, what can you do to reduce your chance of becoming a victim?

I provided daily tips during National Cyber Security Awareness Month. Many of those tips included measures that, if taken, can help to protect you.

Perhaps you read those and thought, “that makes sense,” or “I’ve heard that before but….”

It might be a good idea to go back and take another look at those. (You might also wish to purchase the long versions when they become available soon.) But, they will only help you if you apply them.

 

So, some of the measures you can take are:

   * Learn how the bad guys attack us so you can recognize attempts to victimize you

   * Be cautious of e-mail attachments. Don’t open any that are suspicious. Think before opening ANY attachment and consider whether it might be one that could be dangerous.

   * Be cautious about links in e-mail. Links are a useful way to refer someone to good information. But they are also used by bad guys to send you to a page that will infect your computer. Before you click on ANY link, consider whether it might be one that could be dangerous.

   * Don’t respond to pop-ups, web pages, e-mails, or phone calls that try to scare you to take action or some bad result will occur. Although there may be instances where a response would be advised (an alert from the community warning you about evacuation for a coming hurricane, if you have previously signed up to receive such notifications), any unsolicited scare announcements should be regarded as suspicious.

   * Set your e-mail settings to protect you, as discussed in one of the daily tips.

   * Don’t use administrative accounts for normal daily usage. Restrict your account to an account that doesn’t have full control. (Discussed in one of the daily tips.)

   * Use security software but don’t rely on it to keep you safe. It can block a lot of threats but none of it will detect all the threats, including ransomware threats. If security software is your only protection, you are at high risk.

   * If you see a pop-up or web page that says your computer is infected or you’ve engaged in some illegal activity, don’t click the link or take the action it tells you to. If you were to do that, you may infect your computer.

   * Keep your software updated (discussed in daily tips).

   * Keep reading this blog and enroll in my courses when they become available. The basic course will be quite reasonably priced and will give you a lot of detailed information that will significantly help you to keep safe. Alternately, find some other source of reliable information whereby you can keep informed to protect yourself and return to it regularly.

Again, awareness of the threats and of the ways the criminals “get” you, and of measures you can take to protect yourself, is perhaps the most important key to remaining safe. Of course, you need to do more than just become informed, you need to put what you learn into practice.

 

To wrap up these posts on ransomware, at least for now, your best approach is threefold:

1) Take appropriate measures to keep yourself safe (discussed above, although these are only some of the steps needed to keep safe)
(Prevention)

2) Have a backup that you know is reliable (don’t keep it on your computer) and either encrypt any data that is sensitive or remove it from your computer–discussed in last week’s post
(Recovery, after becoming infected)

3) Become informed and continue to keep yourself informed from a reliable source/sources
(Prevention)

2 – How to Avoid Ransomware Payment

Last week I talked about the problem of ransomware and how you can forever lose access to your data, unless you pay the ransom to the criminal who is extorting you.

What if you didn’t have to pay and you don’t lose access to your files? How would you like to thwart the criminal’s attempts to take advantage of you?

It is possible. But it takes preparation and periodic “maintenance.” And it has to be done properly. That is the catch. Most people fail at one of those.

What is the answer?

Back up your data.

If you have all your data available in another place, the threat of losing that data because of ransomware is no longer much of a threat. Of course, there is the inconvenience of getting your computer into a stable condition and also of replacing all that data. But, if you can do that, the criminal no longer has much leverage, as long as you are willing to take the steps to restore everything to the way it should be.

With this solution, you win in two ways. You can avoid having to pay the ransom. You also know that your computer is in a healthy state (if your backup was done before it became infected).

On the other hand, if you pay the ransom, and the criminal does restore your data to a usable state, there is still a problem. Do you trust the criminal who just took advantage of you to play honestly and fairly with you? Or did they perhaps leave some malicious software on your computer? Are they monitoring your activity? Will they repeat their crime again? There is a very good chance that your computer is no longer in a “safe” condition once it has been compromised, even though the criminal “fixed it” for you.

Let’s put it another way? If someone stole money from you, would you hire them to be your bookkeeper or your accountant?
 

So, you are better off having a backup and restoring your computer and data than if you rely on the criminal to fix things after you pay a ransom.


graphic

graphic


 

There are, however, some problems with this approach.

  *  Most people don’t back up their computers, even if they know it is a good idea to do so.
  *  Any new data added after the last backup would be “lost.” (The answer to this problem is to always back up any new data.)
  *  People who back up their computers and data often don’t do a good job and are unable to use their backups if they need them.
  *  The best way to restore after a compromise is to restore everything. Most people aren’t prepared to do this.

However, if you do have good backups and have all your important data backed up, you have everything you need and don’t have to worry about losing your data. You can refuse to pay the ransom and not worry.
 

Now, I’m sure many of you will see this as a major problem. You aren’t sure how to back up your computer or data. You have questions about what to back up and how to do it. And there are a lot more questions and concerns you may have.

To answer those questions and concerns, I will be creating a course on backing up your data. How soon I do that will depend in part upon the level of interest (how many people put their name on the notification list). If you are interested, you can sign up HERE. (Signing up does NOT obligate you to participate when the time comes, but does assure you will be sent notification.)
 

There is a second concern related to ransomware that is not nearly as common but does apply in some instances. As mentioned last week, in certain cases, the criminal will threaten to release your sensitive data to the public if you don’t pay.

There are two solutions to this problem. First, don’t keep anything sensitive on your computer. (This can be tricky, because there are sometimes traces of activity, even if you take precautions to eliminate it.)

Secondly, use encryption for any sensitive data. Best practices recommend encrypting anything you don’t want someone else to gain access to.

However, you need to use a good encryption solution and you need to do everything properly. There isn’t time to talk about that here. A lot of encryption is done poorly. However, even SOME encryption would probably be better than none. If your data are encrypted with a good solution, the criminal won’t be able to access your sensitive data. If the solution isn’t so good, it is still possible that they won’t find it worthwhile to try to break the encryption so they can blackmail you. They may go on to the next victim that hasn’t taken any precautions. (Just like a lock on the door of your house: A criminal can still break in, but if you take good security precautions on your home safety, there is a good chance they will find another victim, unless there is some reason they are really motivated to break into YOUR house.)

To review:

If you become a victim of ransomware and you can recover your computer and your data from backups, you don’t have to worry about losing access to your data. Although it may be an inconvenience, you can refuse to pay and still access your data.

If you are using a good encryption solution for sensitive data and not making mistakes in proper use of it, you are in good position to ignore any attempts to blackmail you with threats for release of that data.
 

To apply these solutions will require that you take measures BEFORE you become a victim. Your particular situation will determine how much effort that advance preparation will involve. You have a some choices:

  *  You can learn how to take those measures and apply them yourself.

  *  You can hire someone else to implement those measures for you. However, if you do this, I still recommend you learn at least the basics, for two reasons:
        –  You can make sure the person doing it is “covering all the important bases” and not missing something critical
        –   You will be aware of YOUR part in making sure the solution works as desired (if you make mistakes with backups, or especially with encryption, you may find that the backup or encryption fails to protect you)

  *  If you are in need of a solution for a particular situation, you can engage me as a consultant to work with you to discuss and/or address your particular circumstances.

Regardless of which choice makes the most sense to you, I want you to be aware of one thing:

If you are hit by ransomware, there is a way to refuse to pay these criminals and still not lose data. But, you must take proper precautions BEFORE anything happens.