Android: Have Two WhatsApp/Facebook/Twitter Accounts On The Same Device
From Lollipop you can create different user accounts e.g. if you want to keep social and professional separate, or if others use your device. You can, therefore, manage your different identities / accounts with WhatsApp / Facebook / Twitter on the same device.
Here’s how:
- Set up a new user – go to Settings> Users> Add user.
- Access the profile from the shortcuts by tapping on the user icon and choosing the profile you prefer.
- In each of the profiles you will have separate personal files, e.g. photos and accounts of services such as Gmail, WhatsApp, Facebook, or Twitter.
- … and there you go!
Fake WhatsApp – 1 Million Downloads
A fake version of WhatsApp, the free, cross-platform instant messaging service for smartphones, was downloaded from the Google Play store by more than one million unsuspecting people.
Discovered By Reddit Users
Keen-eyed users of Reddit, the US-based social and web discussion forum spotted that the “Update WhatsApp Messenger”, available for download in the Google Play store, wasn’t all that it seemed to be.
Clue in Developer Name
The fake WhatsApp was identified because it was made by using a special unicode character called a “Space” instead of an actual space. Concerned Reddit users were then able to take a screenshot of the subtle difference in the developer name and post it on the Reddit forum to alert others.
Although news of the fake app was then quickly circulated among online tech news channels, one million people had already downloaded the fake app.
What Does It Do?
According to tech commentators who have installed and decompiled the app, it is an ad-loaded wrapper (with minimal Internet access / permissions) which contains some code to download a second apk, also called “whatsapp.apk”. The fake app hides itself by not having a title and having a blank icon.
The result for those who have downloaded and tried to use the app is that they receive spam adverts, and are unable to detect and delete the app.
Google Play Fooled, Again
What has shocked and angered many victims and tech commentators is that Google Play was fooled into offering the fake, spamming app as a download. Unfortunately, it’s not the first time that something like this has happened with Google Play. Back in 2015, Google had to block a malicious app submitted to its Play store that spoofed BatteryBot Pro. The fake app was able to send premium-rate text messages, and block people from deleting it.
What Does This Mean For Your Business?
Most people place trust in well-known brands and perceived reliable ‘expert’ sources so, in this case, quite apart from the upset and trouble that the fake app has caused, there has been a sense of shock and anger that consumers were left exposed to risk by the brand platform that they had placed their trust in. Although the obvious advice would be to always check what you are downloading and the source of the download, the difference in the fake app from the real thing (in this case) was so subtle that users (and perhaps Google) could be forgiven for making a mistake.
The fact that many of us now store most of our personal lives on our smartphones makes incidents such as these all the more alarming. It also undermines our confidence in (and causes potentially costly damage to) the brands that are associated with such incidents.
To minimise the risk of falling victim to damage caused by fake apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone’s service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app.
Supermarket Voucher Scam Via WhatsApp
WhatsApp is being used by ‘phishing’ fraudsters to circulate convincing links for supermarket vouchers in order to obtain your bank details.
How Does The Scam Work?
The WhatsApp messenger app is being used to send messages purporting to be from well-known supermarkets such as Asda, Tesco and Aldi that contain a link to an online survey. The message tempts the receiver into completing the survey with the offer of hundreds of pounds worth of shopping vouchers.
In order to complete the survey, victims must give financial information, and have to send the link to 20 contacts in order to receive the vouchers. This helps to legitimise the scam as the contacts are likely to recognise and trust the sender.
Small Differences In Letters
The bogus supermarket link has been able to fool more than 30 people so far because a very subtle, difficult to spot substitution of certain letters with similar characters. For example, the d in Aldi was swapped with a ḍ (notice the small dot underneath), which is actually a Latin character. Also a đ, known as a ‘crossed D’ (or dyet) has been used instead of a normal lower case d in order to fool potential victims.
Unclear
As yet, it is unclear whether just clicking on the link itself does something malicious like downloads malware, and there have been reports that doing so on social media has meant that the message was shared without the consent of contacts.
Brand Used Twice This Week
This is the second time in a week that the value and trust of the WhatsApp brand has been exploited by fraudsters. Earlier this week there were reports that a fake version of the WhatsApp messaging service for smartphones was distributed to more than one million unsuspecting people after it was put on Google Play store. In that case, the bogus app was used to spread spam adverts.
Bad Timing
The association of the WhatsApp brand with scams is damaging anyway, but the timing is particularly bad with the announcement only last month that WhatsApp is about to launch ‘WhatsApp Business’, with a free version for small businesses, and a paid-for version (a chance for WhatsApp to monetise its services) for enterprises with a global customer base.
WhatsApp has also suffered from bad PR, again by association, after it was announced that WhatsApp had been used by London terror attacker Khalid Masood minutes before he killed and injured multiple people back in March. This, in turn, led to Home Secretary Amber Rudd campaigning to abolish end-to-end encryption in social media platforms and to enable ‘back doors’ to be built into them for use by the authorities.
What Does This Mean For Your Business?
This is another example of how fraudsters are using the powerful combination of the trust placed in brands, very convincing messages, and apparent referrals from friends to commit socially engineered fraud. Cyber-criminals are becoming ever-more sophisticated and devious in their methods, and our use of social media platforms and mobile devices, and the lack of time and attention that we can give to individual messages, are helping criminals to carry out fast and successful scams.
It should be remembered, however, that a social media / messaging platform is simply the medium, and not all messages posted therein can be trusted. As advised by Action Fraud, people should avoid unsolicited links in messages, even if they appear to come from a trusted contact.
Quarter of UK Workers Deliberately Breach Confidentiality
Research by commissioned by data privacy and risk management firm Egress Software Technologies has revealed that a quarter of UK workers have purposefully shared confidential business information outside their organisation.
Sharing Confidential Business Information
The findings of the OnePoll on behalf of Egress research, which involved 2,000 UK workers who regularly use email as part of their jobs, make worrying reading for UK businesses and highlight the common, but often overlooked security vulnerabilities of ‘insider threat’ and human error.
The research showed that not only have 24% of workers purposely shared info with other companies, but nearly 50% have received an email by mistake. This has meant that almost half (46%) of respondents in the research admitted to having received a panicked email recall request.
Malicious
In the case of ‘malicious’ insider threat, it is worrying that the research indicates that 24% of workers have purposely shared information with competitors or new and previous employers and other entities. This amounts to a data breach that it is difficult for companies to protect themselves against. These kinds of leaks and breaches can undermine company efforts to comply with data protection laws and protect competitive advantage, and can leave companies open to huge financial risks, loss of customers, and damage to their brands.
An example of insider threat that has been in the news (again) recently is the case of the disgruntled former Morrisons employee who stole and leaked the personal details of almost 100,000 staff to national newspapers, and on data-sharing websites. This resulted in a £2 million clean-up bill at the time, and now 5,518 former and current Morrisons employees are suing the company in the High Court.
Accidental
The Egress research appears to show, however, that a more likely risk that most companies face is accidental email misuse. The research revealed that the biggest human factor in sending emails in error is listed as ‘rushing’ (68%), and auto-fill technology, meanwhile, caused almost half (42%) to select the wrong recipient in the list.
8% of those workers involved in the research even admitted to alcohol being involved with wrongly sent emails.
Sensitive Attachments
The research showed that almost one in ten (9%) of staff had accidentally leaked sensitive attachments e.g. bank details or customer information, thereby putting customers and their own company at risk.
What Does This Mean For Your Business?
Accidental misuse of email clearly represents a real and prevalent risk to businesses that could leave them open to a variety of potentially serious financial, legal, and market risks. High pressure, busy business environments can make it more difficult for employees to always make the correct checks on emails before they press the send button, but highlighting the issue and reminding people to be extra-careful with email checks can be a good starting point.
The research also shines an important light on insider threat. Crowd Research Partners, for example, have found that 74% of organizations are vulnerable to insider threats, and 75% of survey respondents estimated insider threats cost their companies at least $500,000 in 2016.
There are many well-documented (see online) behavioural indicators of insider threat, the most common one being a lack of awareness e.g. employees with savvy IT skills creating workarounds to technology challenges, or employees using personal devices to access work emails.
Companies can help protect themselves by adopting a holistic and layered approach to user behaviour analytics to help spot potential risks. Companies need to pay attention to security infrastructures, and to adopt a comprehensive, risk-based security strategy that includes:
- Awareness, education and training – compliance with security best practices, employee training and security monitoring.
- Behaviour monitoring for detecting and mitigating insider threats.
- Implementing appropriate procedures when employees terminate their employment e.g. denying them further access to IT system.
- Information governance to provide the intelligence that drives security policies and controls.
- User-based analytics to provide detection and predictive measures.
- Development of an incident response program to consider internal and external breaches.
- Being clear on legal and regulatory considerations.
- A cross-organisational effort (people, processes and technology) to gain a detailed understanding of the organization’s assets and security posture.
Art Galleries And Dealers Defrauded Through Email Hack
Art galleries and dealers in the UK have lost hundreds of thousands of pounds after being targeted by email hackers.
Monitor, Intercept and Replace
The social engineering scam, known as a ‘man-in-the-email’ (man in the middle / MITM) attack, which has also worked on US art dealers, involves hacking into the email account of targets – in this case, London art dealers. The hackers have then monitored the email correspondence with the gallery’s clients, and intercepted and diverted payments from clients. This involved intercepting real PDF invoices sent to customers, and swapping them with fraudulent invoices with instructions to send payments to a different account.
It has also been reported that the hack has been used to steal payments made by galleries to their artists. After the money was received by the hackers, it is believed that that it was moved to untraceable locations.
At Least Nine Victims
Reports indicate that at least art galleries and art dealers in the US and now in London have fallen victim to the hackers, and although no exact figure has been put on the losses, the nature of the products that the victims deal in indicates that they could run from tens of thousands to millions of pounds to date.
Warned
The Society of London Art Dealers is reported to have previously warned its members about email fraud, and has released further cyber-security materials following this latest scam.
Initial Steps To Prevent More Fraud
The London Evening Standard reported that one way that the Mayfair gallery (Simon Lee), and Thomas Dane Gallery in St James’s have responded to this latest attack is by overhauling their invoicing procedures e.g. Simon Lee’s gallery now issues a standard warning about cyber fraud with every invoice, and the dealer’s accountant confirms banking details with clients over the phone.
What Does This Mean For Your Business?
Online fraud has been on the increase for some time now. Netcraft figures (2016) show that 95% of servers are lacking HSTS security features and are prone to MITM attacks. MITM is also spreading from desktop connections to mobiles, and even to IOT space.
Spyware and malware programs (often arriving by email) are two of the prime causes of MITM attacks and companies can, therefore, seek to insulate themselves against these types of attacks with initial measures such as being proactive in renewing antivirus programs and patches, and conducting regular scans for malware. It is also important to raise awareness among staff and to educate them about the dangers of opening unknown emails. Other measures that companies can take to help themselves include:
- Introduce multi-stage authentication processes.
- Have a (verification / authentication / authority) procedure in place for any requests for bank details, payments, money transfers etc.
- Empower and encourage staff to ask questions and conduct checks wherever suspicions are aroused.
- Avoid visiting or exchanging information across any websites that do not have the security of HTTPS.
- Make sure you have the latest version of your server and disable old security protocols versions.
- Avoid using Free Public Hotspots, and if there is no option but to use them, use a Virtual Private Network or a SSL plugin.
Implement Certificate-Based Authentication for all employee machines and devices.
Cuts Mean Fewer ATMs But More Cashless Payments
| Banking industry group LINK has warned that a plan to cut the fees that fund their cash machines could mean that more ATMs will be axed.
What Fees? The 38 Card issuers (banks and building societies) have proposed a cut in funding (the interchange fee) that they pay to ATM operators over the next 4 years, from around 25p to 20p per cash withdrawal. ATM operators such as LINK rely upon these fees to help them fund their network of free-to-use cash machines. Less funding could, therefore, mean that a reduction in the number of ATMs will be necessary. Cuts – Where Multiple Machines Close Together It has been reported that LINK will seek to minimise the impact upon users of their ATMs by only axing ATMs in areas where there are multiple cash machines close together. One In Five Lost Says Lobby Group The industry lobby group, the ATM Industry Association has, however, warned that as many as one in five of the 55,000 ATMs from which we withdraw cash could disappear, thus creating “ATM deserts” across the UK, with providers shutting unprofitable machines in deprived areas first. LINK Deny Massive Cut In ATM Numbers LINK reportedly disagree with the ATM Industry Association’s predictions and have pointed out that, despite a decline in the use of cash, and the inevitable closure of some cash machines with the fee cut, there are still 5,000 more free-to-use ATMs than three years ago. Bigger Picture – Decline of Cash and Rise of Contactless Many tech commentators see this development as simply another step in an ongoing and unstoppable, global move away from the use of cash (in developed economies) in favour of contactless payments. Back in May, for example, projected figures from payments industry trade body ‘Payments UK’ showed that by as soon 2018, more payments could be made using debit cards than using cash. Payment commentators have also predicted that contactless debit card payments could account for more than 25% of payments by 2026. A decline in the use of cash has been a clear pattern for some time now. A British Retail Consortium’s (BRC) Payments Survey found for example that cash was used for fewer than half of all retail transactions across the UK in 2015, and this amounted to 20% fewer transactions made with cash than in 2011. Debit cards now make up around 40% of transactions in the UK, and 54% in terms of overall value of retail sales. Contactless Cash Machine The signs are that the remaining ATMs will be updated and developed to provide other types of services. For example, back in November 2016, Barclays conducted a trial of a new system which allowed customers to use their normal PIN in combination with leaving their smart-phone handset near to the bank machine, thereby enabling “contactless” near-field communication (NFC) transmission for cash withdrawal. Also, in Portugal for example, ATMs are now part of a fully integrated cross-bank network and offer customers a range of other bank-related functions and services e.g. cash and cheque deposits, purchasing cinema and concert ticket purchases, tax payments, bill payments, and mobile phone top-ups. It has also been predicted that ATMs could be made self-service and more like tablet computers e.g. with swipe, pinch and zoom functions, and that drive-through ATMs could be developed to allow people to complete withdrawals or transactions that they started on their phones. What Does This Mean For Your Business? Many retail businesses will already know that consumers use less cash and prefer the convenience and speed of contactless. This is why businesses have had to invest heavily in new payments technology in order to make it easier and quicker for customers to securely complete transactions in-store. Retailers have, however, benefited from cost and time savings (and having to deal with less cash). Contactless payments can mean increased average transaction values (ATV), more footfall, a reduction in the costs and hassle of handling cash, and reduced business risks due to having a clear audit trail and assured payment. For all of us, however, a sudden loss of one in five ATMs could prove to be very inconvenient in the meantime, and there is a view that the money saved by a tiny number of banks, could actually be at the expense of already hard-pressed consumers. |