These days, you’re forced into accepting certain “approval” settings before apps are downloaded to your smartphone. Most of us don’t think twice about it, but have you ever stopped to read what approval the apps are asking for? With the constant threat of malware and viruses, online identity theft, cyberbullying, etc., you must be the master of your destiny by paying attention to small details like app approval settings. If you’re a parent, it’s even more important to understand what your children are signing up for when downloading apps.

According to 2015 data from Pew Research, 73 percent of teens have smartphones, and in 2017 Pew reported that 77 percent of adults have these devices – that makes for a lot of potential cybercrime victims. So what are some quick steps we can take to enhance our own – and our children’s – safety and privacy online?

Don’t Skip the Fine Print

A company’s true intentions are hidden in their fine print. As consumers, we know this, yet it’s something we rarely read; it’s lengthy, dense and confusing. Companies count on this to deter people from taking the time to read it all.

But by taking the time, you’ll probably find that most of your apps have access to your location, age, birthday, phone number and loads of other personal tidbits. In fact, according to CNN, the moment you sign up with a cellphone carrier like Verizon, the carrier is granted access to all of that personal information. It’s not until after you’re set up that you have the option to opt out.

CNN writes, “When you sign up for Verizon service, you agree to let the company use your location, Web searches, app usage and other data…Verizon sends that data to an internal database, matching it up with a deep trove of demographic information about you from companies including data giant Experian.”

Does that sound a little scary? It explains how your recommended internet searches, Amazon purchases, Facebook link clicks and more seem to “know” you so well.

Avoid Third-Party Apps & Unrecognized App Stores

A third-party app is “an application that is provided by a vendor other than the manufacturer of the device,” according to PCMag. Many of these apps are more prone to security vulnerabilities because their developers may not be held to the same security standards as your phone or tablet manufacturer. Particularly if the app is free, the app company makes its “money” by disseminating your information to other parties.

Take control by reading through all of the fine print before downloading apps. Take note of how “spammy” they look as well – if they are free and filled with ads, have broken features and/or load dangerously slowly, be wary. Read reviews left by users and take into account the overall rating of an app before you download it. Try searching for the name of the app’s developer online to glean more insight.

In terms of unrecognized app stores, it’s important to know from where your apps are originating. Ofcom writes, “For example, someone could take a popular paid-for app, add their own illegitimate elements and then offer it for free on ‘bulletin boards’ or ‘peer-to-peer’ networks.” Stick to reputable and well-recognized app stores.

Delete Unused Apps

Even apps that you hardly use can subject you to security vulnerabilities. As long as they’re installed, they don’t need to be running in order to do damage. They can be collecting data in the background. This is why it’s important to delete apps you aren’t using.

Ofcom found that nearly half of apps downloaded are not used on a regular basis. So that chore organizer app or that ab workout app that you haven’t touched in months – delete it!

By deleting unused apps, reading the fine print and avoiding third-party apps and unrecognized app stores, you can dramatically decrease your chances of becoming a victim of cybercrime and manage your online privacy in a relatively easy way.

When people want to know the answer to something they invariably Google it. But what have people been Googling in 2017? Google has published various lists detailing what people have Googled over the past 12 months, including overall search terms, consumer tech, and memes.

The Search Terms That Trended in 2017

The first, and most important, list is the one detailing the searches that trended in 2017. This is a heady mix of catastrophic events (Hurricane Irma), big technology launches (iPhone X), celebrities who made the headlines (Matt Lauer and Meghan Markle), and fads (Fidget Spinner).

1) Hurricane Irma 2) iPhone 8 3) iPhone X 4) Matt Lauer 5) Meghan Markle 6) 13 Reasons Why 7) Tom Petty 8) Fidget Spinner 9) Chester Bennington 10) India National Cricket Team

Google’s takeaway from these statistics is the prevalence of “How”. Apparently, more people than ever are Googling how to do something or other, whether it’s “How to make slime” or “How to buy Bitcoin”. Which is good for us, as we pride ourselves in showing people how to use technology.

Amongst the other lists is one detailing the consumer tech search terms that trended in 2017. Apple will be pleased to see the iPhone 8 and iPhone X at the top, but then smartphones make up the bulk of this list. The Nintendo Switch, Xbox One X, and new Nokia 3310 the exceptions.

1) iPhone 8 2) iPhone X 3) Nintendo Switch 4) Samsung Galaxy S8 5) Xbox One X 6) Nokia 3310 7) Razer Phone 8) Oppo F5 9) OnePlus 5 10) Nokia 6

There are 15 lists to scour, with the one listing the biggest memes of the year being particularly worth a look. However, it should be noted that these may not be the terms people have searched for the most in 2017, but that experienced “a high spike in traffic in 2017 as compared to 2016.”

Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they’re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else. To protect your information when using wireless hotspots, send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information.

How Encryption Works

Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so it’s not accessible to others. When you’re using wireless networks, it’s best to send personal information only if it’s encrypted — either by an encrypted website or a secure Wi-Fi network. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.

How to Tell If a Website is Encrypted

If you send email, share digital photos and videos, use social networks, or bank online, you’re sending personal information over the internet. The information you share is stored on a server — a powerful computer that collects and delivers content. Many websites, like banking sites, use encryption to protect your information as it travels from your computer to their server.

To determine if a website is encrypted, look for https at the start of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable. Look for https on every page you visit, not just when you sign in.

What About Mobile Apps?

Unlike websites, mobile apps don’t have a visible indicator like https. Researchers have found that many mobile apps don’t encrypt information properly, so it’s a bad idea to use certain types of mobile apps on unsecured Wi-Fi. If you plan to use a mobile app to conduct sensitive transactions — like filing your taxes, shopping with a credit card, or accessing your bank account ­— use a secure wireless network or your phone’s data network (often referred to as 3G or 4G).

If you must use an unsecured wireless network for transactions, use the company’s mobile website — where you can check for the https at the start of the web address — rather than the company’s mobile app.

Don’t Assume a Wi-Fi Hotspot is Secure

Most Wi-Fi hotspots don’t encrypt the information you send over the internet and aren’t secure. In fact, if a network doesn’t require a WPA or WPA2 password, it’s probably not secure.

If you use an unsecured network to log in to an unencrypted site — or a site that uses encryption only on the sign-in page — other users on the network can see what you see and what you send. They could hijack your session and log in as you. New hacking tools — available for free online — make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.

An imposter could use your account to impersonate you and scam people in your contact lists. In addition, a hacker could test your username and password to try to gain access to other websites – including sites that store your financial information.

Protect Your Information When Using Public Wi-Fi

Here’s how you can protect your information when using Wi-Fi:

• When using a hotspot, log in or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
• Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
• Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
• Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
• Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
• If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
• Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
• Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites — look for https in the URL to know a site is secure.
• Take steps to secure your wireless network.

When Noah Dinkin, CEO of Stensul, a platform that helps marketers craft emails, visited a Starbucks in Buenos Aires last week, he discovered that the store’s Wi-Fi provider was hijacking his laptop to mine a digital currency. At the time, a Starbucks spokesperson stated that the issue was resolved quickly and wasn’t widespread, but Dinkin disagreed on the latter point. “This was observed by a friend and I in three separate Starbucks stores in Buenos Aires over multiple days following my original tweet, that week,” he wrote on Twitter on Wednesday. “It wasn't just one store.”

The Argentine internet provider responsible for Starbucks’ Wi-Fi in Buenos Aires—Fibertel— blamed hackers for planting the miner code on their network.

“Fibertel detected a security intrusion on one of the equipment that forms part of the Wi-Fi access solution that [we] provide to our client Starbucks Argentina,” Fibertel spokesperson Florencia Marcote said in an email. “The incident was identified and solved immediately by the specialized support.”

“It is not about any Fibertel practice, but an intrusion of security,” Marcote continued.

Cryptocurrency miners hijack your computer’s resources—usually your CPU—to crunch some math problems in order to generate digital coins. These scripts can impact your computer’s performance.

Dinkin noticed a 10-second delay when connecting to the Starbucks location’s Wi-Fi, so he checked the source code of the landing page and found a script for CoinHive, a popular embeddable cryptocurrency miner. Over the next few days, he and a friend checked at two more Starbucks locations in Buenos Aires and found the same code in both.

“Our stores are where a lot of our customers go to do personal things and conduct business, so we want to make sure that they’re safe and secure,” Reggie Borges, a Starbucks spokesperson, said over the phone. “Any time we see something that could happen in other places, we have to check it to make sure there’s no vulnerabilities and take next steps.”

According to Fibertel, the issue was isolated to Buenos Aires and has been resolved.

“This happened only [locally] in Buenos Aires and is completely solved since last week,” spokesperson Marcote wrote in an email.

With the value of cryptocurrencies skyrocketing, the incident in Argentina may be a pale horse as criminals continue to find ways to get other people to generate digital coins for them.

It has happened again, several banking Trojan samples have been found on Google Play, this time the malicious code targeted a number of Polish banks.

The malware was disguised as seemingly legitimate apps “Crypto Monitor”, a cryptocurrency price tracking app, and “StorySaver”, a third-party tool for downloading stories from Instagram.

The malicious code is able to display fake notifications and login forms on the infected device to harvest login credentials used to access legitimate banking applications. The code is also able to intercept SMS messages to bypass two-factor authentication used by the financial institutions.

The same malware was discovered by experts at security firm RiskIQ in November.

According to researchers from ESET, the “Crypto Monitor” app was uploaded to the Play store on November 25 by the developer walltestudio, while the “StorySaver” app was uploaded by the developer kirillsamsonov45 on November 29.

“Together, the apps had reached between 1000 and 5000 downloads at the time we reported them to Google on December 4. Both apps have since been removed from the store.” states the analysis published by ESET.

When the user launches the malicious apps, they compare the apps installed on the infected device against a list of fourteen apps used by Polish banks and once found one of them, the malicious code can display fake login forms imitating those of the targeted legitimate apps.

In some cases the fake login form is displayed to the user only after he clicks on a fake notification presented by the malware imitated the ones used by the targeted bank app.

“ESET telemetry shows that 96% of the detections come from Poland (the remaining 4% from Austria), apparently due to local social engineering campaigns propagating the malicious apps.” 

The experts noticed that it is very easy to remove the malicious apps by going to  Settings > (General) > Application manager/Apps, searching for the malicious apps and uninstalling them.

“To avoid falling prey to mobile malware in the future, make sure to always check app ratings and reviews, pay attention to what permissions you grant to apps, and use a reputable mobile security solution to detect and block latest threats.” concluded ESET.

ESET, who credited Witold Precikowski for the discovery, included the IoCs for this specific threat in its report.