Don’t Fall Victim to SMiShing

Phishing

SMiShing is the text version of email phishing.

Research recently carries out by McAfee Labs has identified an active SMiShing campaign targeting iPhone users.

It goes like this:

  • You receive a text message telling you your account has been temporality locked and a ‘helpful’ link to click on to unlock your account
  • Of course, clicking the link takes you to a site full of warnings about the impending closure of your Apple account
  • Another link then takes you to a counterfeit Apple ID login
  • The information you enter here (i.e. your Apple ID and password) is collected by the cybercriminals and used to gain access to your Apple account

Not good.

You’ve got used to being on your guard against bogus emails, now you have to apply the same thinking to text messages.

As a general rule, if it sounds dodgy it probably is. If unsure, open a your browser and make your own way to the Apple account login page and see if you have any messages there.

A guide to spotting SMiShing

It’s highly unlikely this Apple scam will be the only SMiShing attack out there, so here are a couple of things to remember.

1: How they contact you

Since you bought your iPhone you’ve probably had to re-enter your iCloud or Apple ID password for various reasons. When needed, you’ve never been asked to by text message. Pop-up is the standard method Apple use, so be suspicious of any text message that asks for your Apple credentials.

2: What they look like

These forms of attack are sent out in huge quantities so, to save time, the cybercriminals use code from a previous attack. When this happens you see things like standard email fields of “from,” “subject” and “message,” giving a clear indication that you should be suspicious – after all, when was the last time you received an text message with a subject line?

The best advice we can offer (as always) is be on your guard and if something looks odd it probably is.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Are iOS Devices Threatening Your Business?

mobile phone security

 

Did you know that only 20% of Apple iOS devices are running on the latest operating system?

Running outdated iOS systems leaves you open to well-known vulnerabilities such as Ins0mnia and Quicksand. A report by security provider Duo Security estimates that more than 20 million devices connected to enterprise networks are no longer supported by the device manufacturer. And, because they can’t be upgraded, they pose a real problem.

This issue is compounded by the fact that there are numerous devices still on the market that can’t receive updates, so potentially, even new devices could be a security threat.

It’s not just iOS

This isn’t a problem that’s just confined to Apple. It is estimated that there are more than 90% of Android devices running out-dated operating systems too.

With the number of personal mobile devices being used in the workplace, Duo Security warn that IT professionals must be aware of the risks and how to sort them quickly.

Education, education, education

The only way this can be addressed effectively is for the device users to take some responsibility.

Henry Seddon, head of European Operations at Duo Security told Computer Weekly:

“Users need educating, but organisations need to put in place systems that not only educate users, but can also encourage them and make it easy for them to upgrade to the latest versions of software. It’s up to everybody in the company to take responsibility for the company’s security and their own, and organisations need to prove the tools that stop them at key points, and encourage and enable them to follow past practice.”

Failure to do so can potentially open up organisations to malware and other forms of attack.

Security recommendations

Here are some of Duo Securities recommendations:

  1. Establish basic mobile device security policies for the company and get buy-in from business managers
  2. Enable all employees to use passcode and fingerprint screen locks to prevent trivial access to sensitive data on mobile phones
  3. Consider excluding phones that are jail broken
  4. Provide helpful tips and reminders to users to check for updates on personal devices accessing company data
  5. Update or replace outdated hardware in use in the enterprise that may no longer be supported with security updates by the manufacturer
  6. Recommend that employees using Android devices consider Nexus handsets with more frequent and direct platform update support
  7. Address common update issues up front with guidance on problems related to updating mobile devices, such as providing tips on freeing space for updates
  8. Use free tools to detect devices with particularly concerning vulnerabilities (e.g. X-Ray for Android)

This is no longer something that can be ignored by businesses. Management and employees must work together to ensure the security of data and avoid embarrassing breaches.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Computer Weekly

Finding Your iPhone with “Find My iPhone”

find your iPhone

If you’re like me, your entire life revolves around your iPhone.

Gone are the days when a mobile phone was just there to make and receive calls and texts. Now, it is where you house your diary, contact’s names, lists, photos, videos and just about any thing else you hold dear.

So what happens when the unthinkable occurs?

It’s your worst nightmare.

Your iPhone is lost or stolen.

Before you go into melt down, here is a simple list of instructions (courtesy of Apple support) that will help you find your iPhone – that is of course assuming you’ve enabled the aptly named Find My iPhone on your handset.

  1. Sign into icloud.com/find on a Mac or PC, or you can use the Find My iPhone app on another Apple device.
  2. Find your device. Open Find My iPhone and select a device to view its location on a map. If it’s near by you can get it to play a sound to help you or someone nearer find it.
  3. Turn on Lost Mode so you can remotely lock your device with a 4 digit passcode, display a custom message with your phone number on your missing device’s lock screen and keep track of its location. If you have added card details to Apple Pay, the ability to make payments will be suspended when you put your device in Lost Mode.
  4. Report you lost or stolen phone to the local Police department who will need your serial number.
  5. The next step is to erase your iPhone so no one else can access your information. If you decide to go down this route everything will be wiped including  the ability to find your phone using Find My iPhone. If you remove the device from your account after you erase it, the activation lock will be turned off, allowing another person to activate it and use it.

If you use Family Sharing, any family member can help locate another member’s missing device. Just have your family member sign in to iCloud with their Apple ID, and you can find any device associated with that Family Sharing account.

What if your iOS device is off or offline?

If your missing device is off or offline, you can still put it in Lost Mode, lock it, or remotely erase it. The next time your device is online, these actions will take effect. If you remove the device from your account while it’s offline, any pending actions for the device will be cancelled.

How do you turn off or cancel Lost Mode?

You can turn off Lost Mode by entering the passcode on your device. You can also turn off Lost Mode on iCloud.com or from the Find My iPhone app.

If Find My iPhone isn’t enabled on your missing device

If you didn’t turn on Find My iPhone before your device was lost or stolen, you can’t use it to locate your device. However, you can use these steps to help protect your data:

  1. Change your Apple ID password. By changing your Apple ID password you can prevent anyone from accessing your iCloud data or using other services (such as iMessage or iTunes) from your missing device.
  2. Change the passwords for other internet accounts on your device. This could include email accounts, Facebook, or Twitter.
  3. Report your lost or stolen device to local law enforcement. Law enforcement might request the serial number of your device. Find your serial number:
    • On the original box or receipt
    • On My Support Profile (apple.com) if you registered your device with your Apple ID
  4. Report your lost or stolen device to your wireless carrier. Your carrier can disable the account, preventing phone calls, texts, and data use.

The moral is – keep your iPhone safe at all times, and make sure Find My iPhone is enabled.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Apple Support