The cybersecurity company NordVPN has looked into the top 20 websites in 19 countries to check how much it would take to read their privacy policies.

The study showed that it would take a full workweek (41.3 hours) to read the privacy policies of the 96 websites Canadians typically visit monthly.

The average privacy policy in Canada consists of 6,148 words and takes 26 minutes to read.

“Even though we keep reminding users to read the privacy policy, one in three Canadians still doesn’t look at any legal information online. However, this is understandable. We would need to spend a quarter of a month visiting the websites we need. A minimum-wage worker in Canada would earn around $479.46 during that time,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

“On the other hand, reading a privacy policy is as important as having one. That is why companies should work hard to make their privacy policies short and easy to understand. Meanwhile, users should choose trusted websites and know what to look for.”

The reading time of privacy policies was calculated by counting the number of words in the privacy policy and evaluating its readability with the FRES and Coleman-Liau readability tests. More information about how these tests work can be found here: https://nordvpn.com/blog/privacy-policy-study-ca/

What Websites Performed the Best and the Worst?

The study found that reading the privacy policy of the most visited Canadian websites would take almost nine hours. The longest in almost all countries was the privacy policy of Meta’s social media platforms (Facebook or Instagram) – 19,434 words. However, they scored better in terms of readability (“fairly difficult” with a score slightly over 50 on FRES and around the 12th-grade level on Coleman-Liau). The whole policy takes around 82 minutes to read.

Nevertheless, X (previosly known as Twitter) had a much shorter privacy policy (4,175 words) with the same readability score as Facebook or Instagram. It takes around 17 minutes to read. In the past, X was trying to make its privacy policy as accessible as possible by presenting the Twitter Data Dash, a computer game that helps understand the company’s privacy policy better.

In anglophone countries (the US, Canada, Australia, and the UK), Zoom scored the worst on the FRES readability test (only 24.9), which is worrying given the privacy concerns surrounding the platform. It would take 30 minutes to read the privacy policy of Zoom.

Netflix scored the worst on the Coleman-Liau test (14.98) in these countries, which is concerning because of the fact that it can be used even by children. The privacy policy of Netflix would take 36 minutes to read.

Germany Had the Longest Privacy Policies, but that is Common for Most EU Countries

Privacy policies in Germany were found to be the longest, consisting of 10,485 words on average, and take around 44 minutes to read. That is a lot, knowing that the global average is around 6,460 words and 27.14 minutes.

Other EU countries also had quite extensive privacy policies (Italy – 7,068 words, Poland – 7,314, France – 7,318).

“Countries with more detailed rights (such as EU countries with the GDPR) naturally have longer privacy policies to cover everything included in the laws. This trend also shows the ambivalence of the matter — the broader the rights for privacy, the bigger the responsibility for the consumer,” says Warmenhoven.

How Do You Spot Red Flags in the Privacy Policy?

Even though privacy policies take a long time to read, they help to make sure user privacy is secured. In order to save time while reading privacy policy, Adrianus Warmenhoven recommends to look for certain red flags and concerning things.

• See what data is collected. The first part of most privacy policies outlines what data the website collects from its users. If they ask for more data that seems relevant to their services, it could be a sign of potential misuse.
  
  
• Search for “red flag” keywords. You can try searching for words such as “sell” or “sold” to make sure you find places in the privacy policy where it is mentioned that your data may be sold to third parties. Other good keywords could be “partners” or “affiliates.” Lastly, try searching for the words “may” or “for example.” These words are used to hide some malicious actions the company takes against its users, like “may sell data.”
  
• Trust the verified websites. The fewer websites used by a person, the less information is at risk of being misused. Try to avoid new and sketchy-looking websites, especially those that don’t even have a privacy policy.

The post Canadians Would Waste a Whole Workweek Every Month If They Were to Read Privacy Policies appeared first on SiteProNews.

Nearly 32% of Canadians have experienced an online shopping scam in the past, according to a survey by NordVPN, which is 5% more than estimated a year ago.

Furthermore, the survey also showed that every fifth Canadian who has ever been scammed while shopping has experienced it on Black Friday or Cyber Monday. This is the equivalent of almost 2 million Canadians.

With Cyber Monday here, cyber scammers have their sights on almost half of the Canadians who might take part in the event — 46% (4% more than last year) of Canadian shoppers say they’ll head online for Cyber Monday, Black Friday, or the Christmas sales, with a further 40% yet to decide.

“We have seen in the past that cybercriminals become very active during the shopping season, so 18 million Canadians who plan to take advantage of the deals this year should better be on guard,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN. “The main thing we encourage people to remember this shopping season is if the offer looks too good to be true or a lot of personal information is requested for you to get a deal — you are probably being scammed.”

Nine in Ten would Reveal Their Private Information in Exchange for a Bargain

As many as 88% of Canadians are willing to hand over at least some personal data to land a bonus gift, discount, or free service. Compared to last year’s survey, this figure is 1% higher.

The percentage is slightly lower for those who have already experienced an online shopping scam in the past. Nearly 87% of those would share their information to get a deal.

Out of all Canadian online shoppers surveyed, 5% would hand over their credit card details, 1% would give their social insurance number, and one in ten (8%) would reveal where they worked. A further 3% would even reveal their children’s names for the chance to bag an extra bargain.

How to Protect Yourself from this Year’s Online Shopping Scams

• Make sure you only give as much information as needed. A legitimate website will only request the information needed to make a transaction and ship your order.
  
  
• Check that the URL is right. Making sure you’re in the right online store could be the difference between entering your card details at “Nike.com” and “n1ke.com.” This small variance in URLs leaves a huge opportunity for hackers and scammers to land you on a malicious website.
  
  
• Beware of shortened URLs. If you stumble across an ad for a bargain with a shortened URL, try checking out the company’s site by entering their address manually. If you can’t seem to find the deal from the ad manually, you might have saved yourself from a scam.
  
  
• Avoid shopping on public Wi-Fi. It’s generally best to avoid shopping online using public Wi-Fi networks because public Wi-Fi typically exhibits poor security and is often scanned by hackers to breach weak connections. If you lack alternatives, VPNs are a way to encrypt your connection and protect your data.
  
  
• Use tools to protect your online shopping experience. In the same ways hackers use AI to automate their attacks, users can use tools to identify fishy online shopping websites. Tools like NordVPN’s Threat Protection help flag suspicious webpages and protect users from being scammed.
  
  
• Monitor your bank statements. One of the best ways to ensure you aren’t being scammed is by monitoring your bank statements. Doing this allows you to not only keep track of purchases and costs but can also help you be quick to respond in case of a suspicious transaction.

“Additionally, people can also add extra security while using a virtual credit card. It allows people to use the temporary number to shop online without showing the seller your real credit card details,” says Adrianus Warmenhoven, cybersecurity expert at NordVPN.

The post Around Two Million Canadians Have Fallen Victim to a Scam on Black Friday or Cyber Monday appeared first on SiteProNews.

Almost 22% of Canadian internet users avoid going online in public places and 60% of Canadians prefer their mobile internet for online activities in public, according to a survey conducted by NordVPN. Canadians use public Wi-Fi more frequently and less mobile internet than any other country that participated in the survey. Cybersecurity experts say that these measures help to mitigate cyberthreats, but issues raised by using public Wi-Fi can also be managed by other means.

Cyberthreat of Shopping Malls

In the new survey, most Canadian internet users mentioned shopping malls (57%), public event venues (51%), and cafeterias, bars, or restaurants (49%) among the places where devices are exposed to cybersecurity threats the most. Home (18%) and workplace (16%) are mentioned as the safest places from cybersecurity threats.

“Internet users should evaluate cybersecurity risks in every location because the scope of threats varies depending on a place. While universities or offices tend to put more effort into cybersecurity, it might not be the case with cafeterias and shopping malls,” says Marijus Briedis, CTO at NordVPN.

Canadians Trust in Themselves More Than in Technology

The survey reveals that Canadians tend to rely more on their behavior online to protect themselves from cybersecurity threats in public places rather than technology. 46% of respondents claim that they avoid entering or accessing sensitive information when they are connected to public Wi-Fi. At the same time, 40% of respondents go only to safe websites, and 37% verify if the public Wi-Fi is legitimate before joining.

Regarding the usage of cybersecurity and privacy tools, the numbers are more modest. Only 19% of Canadians use a VPN service, and 36% choose antivirus software. While a VPN is a more popular solution among younger generations, older generations tend to trust antivirus software. 

“Cybersecurity literacy is important, and it is great that internet users avoid entering or accessing sensitive information, like banking accounts, clicking on pop-ups, or going to suspicious websites. But a human mistake is an important factor in cybersecurity and even experts do them, so technological solutions should complement human efforts to minimize risks,” says Briedis. 

Americans Are More Eager to Use Internet in Public

In comparison, only around 16% of Americans do not use the internet in public at all. Americans use mobile internet more frequently and less public Wi-Fi than Canadians. Up to 39% of internet users in the United States use public Wi-Fi, and 70% use mobile internet.

In addition, Americans demonstrate slightly better use of cybersecurity and privacy software to protect their devices from cybersecurity threats: 27% of respondents said they use a VPN, and 33% use antivirus software.

How to Stay Secure on Public Wi-Fi?

There are several simple precautions to stay secure on public Wi-Fi. Marijus Briedis, cybersecurity expert and CTO at NordVPN, advises taking these actions:

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Enable a firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Stay secure on public Wi-Fi using a VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Every Fifth Canadian Avoids Using the Internet in Public appeared first on SiteProNews.

A survey by NordVPN showed that every third Canadian is afraid of losing access to the files on their computer due to a cyberattack.

Experts notice that even though the scenario of losing a piece of private information is scary for many people, there are other ways cybercriminals can profit from hacking someone’s device.

“The new type of malware we see spreading is crypto malware. The biggest problem is that it is difficult to detect for an average computer user because no data is lost,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN. “You may think you don’t need to worry because you don’t own or have never used cryptocurrency. But crypto mining malware doesn’t typically include hackers stealing funds from the victim’s cryptocurrency wallet, just using their device to mine. And as a result — making the victim’s device very slow.”

Criminals Mine Crypto Using Their Victims’ Resources

Mining cryptocurrency requires a lot of computer power to solve complex mathematical puzzles, adding new blocks of transactions to the blockchain. Once all the problems in a block are solved, the miners get their rewards in cryptocurrency.

However, the problem is that the process is very slow and requires an incredible amount of processing power. In fact, the electricity a computer generates would probably cost more than the cryptocurrency it could mine. That is why cybercriminals look for ways to mine cryptocurrency using other people’s devices.

By infecting a network of computers with malware , hackers can mine crypto while using their victims’ electricity, devices, and computing power to increase their profits. Victims might not even notice that their device is mining crypto. The only sign may be slower performance and overheated devices.

Some of the Ways to Detect Malware — Check If Your Computer Gets Hot or Slow

“Detecting crypto malware on your device can be very difficult. It’s designed to be as stealthy as possible. However, certain signs can help you determine that your device may have been infected,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

The first sign that your device may be mining some criminal crypto in the background is that the device gets significantly slower. Another sign is an overheated device with the fan always on. Lastly, the CPU (central processing unit) usage will be very high if your device gets infected.

If you want to prevent your device from being infected, here are several actions you can take:

• Keep all devices and applications up to date. Crypto malware often uses unpatched flaws in systems. The faster you update your software and operating system, the harder it is for malware to infect your device.
  
• Use antivirus software. Antivirus software, such as NordVPN’s Threat Protection, will scan files you download for malware, making it difficult for cybercriminals to install it on your device. It will also block your access to malicious websites, minimizing the threat of phishing.
  
• Practice good internet behavior. Don’t click on suspicious links, don’t download suspicious documents, and try not to visit untrusted websites. There are many ways in which cryptojacking malware could be delivered.

The post Is Your Computer Getting Slow? Hackers May Be Using It to Mine Crypto appeared first on SiteProNews.

Cybersecurity and privacy researchers at NordVPN analyzed the most popular mobile apps globally in 18 categories. Up to 14% of apps collect more unnecessary than necessary data for the apps’ performance and only 8% of apps collect no unnecessary data. On average, every fifth requested permission was not needed for the app’s functionality.

“A significant number of mobile apps that we use daily request access to device functions unrelated to their performance. And most users give the app license to spy without even reading the terms and conditions. Users should always consider whether the app needs certain data to do its job before tapping ‘Accept,’ because collected data could be used against our interest. It’s especially important to be more attentive to some categories of apps which are more intrusive, such as social media or messaging apps,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

The research revealed that 42% of all apps ask for permissions related to user activities outside the actual app, which means that they aim to collect data about users across other applications and websites. In addition, 37% of the studied apps request access to the user’s location, 35% to the camera, 22% to the photo gallery, and 16% to the microphone.

Social Media and Messaging Apps Raise the Most Concerns

Social networking, messaging, navigation, and dating apps require the most significant number of permissions compared to other categories. They are also in the lead by their requesting of unnecessary permissions. On average, social networking apps request ten unnecessary permissions, navigation apps ask for nine permissions, dating – six, and messaging – five.

Android users can be the least worried about gaming apps. They only request 10 permissions and ask for less than one unnecessary permission on average. While food and drink apps on iOS ask for less than three permissions on average, in terms of unnecessary permissions, productivity apps are in the lead because they almost do not collect unnecessary data.

The East Asia Region Is a Red Zone on the Privacy Map

While category is a stronger predictor of how many permissions and data apps ask for, there is also a geographical effect. On average, apps from East Asia ask for the biggest amount of permissions overall as well as unnecessary permissions — Hong Kong and Taiwan dominate both the Android and iOS charts. At the same time, Android apps from Japan and Singapore also make a strong showing.

“This likely stems from two aspects. On the one hand, different regions have different regulatory environments. But at the same time, these numbers are influenced by the nature of the popular apps studied. East Asian countries are worse in terms of permissions because of the blend of the wide use of social media tools as well as manga and other media apps,” says Warmenhoven.

On the flip side, apps from Mexico made the lowest number of unnecessary permission requests and even the lowest number of permission requests overall for Android. For iOS, apps from Spain and the US made the least overall requests, while apps from Spain, the US, Italy, and Poland made the least number of unnecessary requests.

How to Protect Your Privacy on Apps

To protect your privacy on apps, Adrianus Warmenhoven offers these preventive measures:

• Download from official stores. Unofficial app stores won’t always have systems to check whether an app is safe before it’s published and available to download. Moreover, getting an app from an unofficial source carries the risk of it being modified by criminals.

• Read the app’s privacy policy before downloading. Check what information the app will track and what it will share with third parties. If you’re not happy with the level of privacy, look for an alternative.

• Get to know your data permissions. When you download an app, you’ll be asked to give various permissions to access your data. Make sure they make sense to you. If you already have an app, review all the permissions and turn off the ones you don’t want or need, and consider deleting the apps that ask for many permissions (especially if they’re not needed for the app’s functionality). You should pay particular attention to permissions like camera, microphone, storage, location, and contact list.

• Limit location permissions. Many apps request access to your phone’s location services, so ensure you know which apps you’ve granted access to. It’s best to allow apps to track your location only when using the app, rather than all the time.

• Don’t automatically sign in with social network accounts. If you’re logging in to an app with your social media account, the app can collect information from the account and vice versa.

• Delete apps you don’t use. If an app is sitting unused on your screen and you’re not getting anything from it, delete it. Chances are it’s still collecting data on you even if you’re not using it.

The post Up to 74% of Apps Collect More Information About You than They Should appeared first on SiteProNews.

“It is fair to say that biometric data is more secure than most types of authentication, such as passwords. But all recorded data is hackable. Moreover, you can change compromised passwords, but losing biometric data is already a serious issue. That makes biometric information a valuable target for cybercriminals, and hacking of this type of data becomes a popular way of identity theft,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

The Internet Might Be Full of Your Biometric Data

There are more than 20 different types of biometric data, such as fingerprints, face, or voice. Every type of biometric information could be compromised in several different ways. One common and long-term serving method to steal fingerprints is placing a skimmer on ATMs or other fingerprint scanner machines. It collects fingerprints and creates fake versions that could be used to access devices or private information.

While still being used, a skimmer is an old-fashioned way to steal biometric data. With the rise of deepfake technology, biometric hacking has become much more sophisticated but, at the same time, more accessible for cybercriminals. By performing a biometric spoofing attack, hackers can compromise a secured system by exploiting users’ selfies, photos, and videos from social media to create fake identifiers like face, voice, or even fingerprints.

“While we are the owners of our own faces and voices, we are not the only ones with access to them. Over the years of being active social media users, people left so much biometric data that with the current capabilities of artificial intelligence to create deepfakes, it becomes a weapon against our privacy. Only this time without our initial consent,” says Warmenhoven.

Biometric data used to unlock a device is not easy to obtain because usually it’s stored in the device as encrypted binary code. But opening apps with biometric data or allowing them to use it is not always a safe solution. Sometimes users hand in their biometrics without knowing who the app’s developers are and how they use collected data.

Nevertheless, even if biometric data is stored on the server or cloud of a reliable app developer, it is much more vulnerable because there is always a risk of a data breach. Moreover, a biometrics hacking attack can be done through interception during data transmission between the user’s device and storage.

How to Protect Your Biometrics from Cybercriminals

To protect yourself from biometric hacking, Adrianus Warmenhoven advises these preventive measures:

• Think carefully before you opt to use biometric data. Even if you have the possibility, it doesn’t mean you always need to use biometric authentication. Before you allow a new app to scan your fingerprint or face, be discerning about when and where you share your biometric data and consider the reputation of the company asking you to use biometrics for authentication.

• Use biometric data for multi-factor authentication, along with strong passwords. Two-factor authentication (2FA) or multi-factor authentication (MFA) would raise your security levels.

• Use a VPN. A VPN can help secure your internet connection and prevent third parties from intercepting any biometric data you transmit.

The post How to Protect Biometric Data from Cybercriminals appeared first on SiteProNews.

NordVPN investigated a webpage called Insecam, which without the permission of their owners, streams almost 100 Canadian security camera feeds. Research revealed that every 10th camera streams to the world from Canadians’ backyards, garages, porches, and even the interior of their houses. Considering the popularity of home security cameras, the Insecam feeds are only a drop in the ocean.

“There are two ways someone could see your security camera’s feed. First, many IP cameras have a built-in functionality that allows the owner to access the feed through the internet from anywhere without certain security and privacy measures. If the camera is not secured with a password, its feed can be found on Shodan or other platforms, including Google in some cases. Another way home security cameras can be compromised is if hackers intercept the home’s internet connection,” says Marijus Briedis, CTO at NordVPN.

The Insecam feeds illustrate that users do not seriously consider protecting their surveillance cameras. But live streaming from a backyard is not a priority for criminals because it does not monetize their efforts.

There are several ways criminals could use a feed from home security cameras. Blackmailing is usually the preferred option for cybercriminals. They hack cameras to demand money for not leaking personal videos to a broader audience.

Another way a hacked camera feed can serve criminals is to better prepare them for burglary. Through hacked cameras, criminals can see when a house’s inhabitants are not home and what valuables they have. Moreover, most cameras disclose their location, meaning burglars can plan a crime without going to the site. 

How Can You Protect Your Security Camera?

There are several simple precautions to protect your security cameras from being hacked. Marijus Briedis, cybersecurity expert and CTO at NordVPN, advises taking these actions:

• Check your camera’s password settings. Set up your camera to require a password. The password should be complex, unique, and consist of no less than 12 characters. According to NordPass research, people often fail to change their admin passwords. In fact, the most popular password in Canada is “123456,” which is also a common admin password.

• Enable your camera’s security features. If you bought a camera that encrypts data transmitted via the internet, turn this feature on. And always update your device with the latest security patches.

• Hide your online traffic with a VPN connection set up on your router. If you set up a VPN, like NordVPN, on your router, you can connect and secure any number of gadgets with a single device slot. Any device that connects to it, including your home security camera, will automatically be private on the internet. 

The post Hacked While Sunbathing in Your Own Yard – How to Protect Privacy from Treacherous Security Cameras appeared first on SiteProNews.

Two out of three people are worried about criminals tracking them online, according to research by NordVPN. This fear is not irrational — in fact, one of the most common cybersecurity crimes is camera hacking. Criminals can secretly spy on users, record videos of them, and then blackmail the victim by threatening to release the footage publicly. Moreover, unwanted fame is not the only negative effect that “camfecting” can have.

“A camfecting attack is not hard to perform. To hijack your device camera, hackers need to slip remote-control malware into your laptop or smartphone. A cybersecurity attack can be performed by sending infected emails, luring in users into malicious sites, or infecting torrent downloads, or downloads from unauthorized sites. Luckily, it’s easy to spot the warning signs or enhance your computer or smartphone camera security,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

What Are the Signs of Camfecting?

Many signs can give away a hacked camera. For example, if your camera’s indicator light is on or blinking even though you haven’t turned the camera on, it might be a sign that it has been camfecting. Nevertheless, it might not always be the case: an abnormally acting camera light could result from an application running in the background.

There are other signs of potential camfecting, such as faster battery draining, random apps installed without user’s knowledge, device freezing and crashing. It is also advisable to install or run a malware-detecting software, such as Threat Protection or antivirus. If a user notices any of these signs, experts advise to speak to IT professionals.

How to Protect the Device from Camfecting?

“Putting a piece of tape or a camcover over your device’s camera is perhaps the easiest and most reliable way to prevent someone from watching you through your computer camera and improve your home security. However, by putting this physical blocker in place you simply restrict the attacker’s view, but don’t solve the actual issue. Keep in mind that the same malware that allows cybercriminals to access your camera, also can provide access to your personal files, messages, and browsing history,” says Warmenhoven.

To protect yourself from malware, Adrianus Warmenhoven recommends to take the following steps:

• Enable firewall. A firewall protects the system by monitoring the network traffic and blocking suspicious connections. Users should have security settings and ensure the computer’s inbuilt firewall is running.

• Use a reliable antivirus. Users should choose an antivirus with advanced protection against malware, spyware, and viruses. An antivirus program will detect and neutralize malicious threats before they do any harm. For example, NordVPN’s Threat Protection feature neutralizes cyber threats, like malware-ridden files or malicious websites, before they can damage your device.

• Don’t fall into a phishing trap. Hackers may disguise themselves as support agents and contact users, saying there’s an issue with the device or software and they have to take care of it. It’s a common phishing technique cybercriminals use to slip remote-access software onto a device. Such software then allows them to access your camera and manage its permissions.Another way to lure victims into downloading malware is through phishing emails that hide spoofed URLs and malicious files.

• Stay secure on public Wi-Fi using VPN. Public Wi-Fi networks are highly vulnerable to hacking. Cybercriminals often target people at free hotspots and try to slip malware into their devices. Users should always use a VPN to secure their Wi-Fi connection and protect themselves from unwanted snoopers.

The post Your Camera Might Be Secretly Filming You – How to Stop That? appeared first on SiteProNews.

A survey by NordVPN showed that 84% of users had experienced social engineering behavior in the past, and more than a third of them have fallen victim to phishing email scams. Experts say that a new type of phishing has started to emerge recently — clone phishing — which can trick even the most cautious users.

Clone phishing is a scam where a cybercriminal replicates a legitimate email or website to trick the victim into giving personal information. The cloned email looks almost the same as the original and contains legitimate details, making clone phishing more difficult to spot than other phishing attacks.

“Even though users learn and become more cautious every time they experience a cybersecurity issue, criminals don’t make it easy by constantly developing new techniques to target people. Clone phishing attacks take phishing to the next level because the emails are usually highly personalized and replicate something that a victim received in the past,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

How Does Clone Phishing Work?

First, the attacker intercepts a message sent to a user from a legitimate source (e.g., a bank, client support service, money transfer site, or employer). Attackers may use various techniques to intercept emails, including DNS hijacking. A hacker won’t always need to intercept emails to carry out clone phishing attacks. However, if they do, these clone emails become much more difficult to spot because they look just like the original.

After that, a scammer creates a replica of the email and sends it to the victim, urging them to take action. Scammers want their victims to act quickly, so phishing emails always sound urgent. You may see common social engineering tactics like asking users to change their passwords or provide other sensitive data because their account has been “compromised.” It’s also common for clone phishing scams to contain a malicious link that a user can click thinking they’ll access a legitimate website.

The victim opens the email, believing it to be from a legitimate source. They may open an attachment (e.g., a PDF document) that instantly installs malware on their machine and provides cybercriminals access to their sensitive information. Or they may click on a link included in the email and are redirected to a malicious site, allowing attackers to steal their information.

How to Prevent Clone Phishing Attacks

“Spotting clone phishing attacks can be tricky, especially if the scammers have a lot of experience in creating cloned emails. However, you can take several steps to reduce the likelihood of falling victim to this social engineering attack,” says Adrianus Warmenhoven and provides a list of tips that can help users avoid being affected by clone phishing emails.

• Check the sender’s email address. Before you click anything or reply to the email, make sure the sender’s email address is legitimate. Clone phishing attempts often come from email addresses that resemble the original. However, they may have additional full stops, dashes, symbols, or other subtle differences. Check the sender’s email address carefully to ensure it’s from a legitimate source.
  
• Don’t click on links. Avoid clicking on links unless you’re absolutely sure the email isn’t a scam. The email may contain links that redirect you to a malicious website where scammers can steal your personal information. Only click on links and buttons after you’ve confirmed that the email is safe.
  
• Use spam filters. Spam filters are helpful if you receive a lot of emails daily. These filters analyze the content of every email and identify unwanted or dangerous messages. While they won’t always spot a cloned email, using them in addition to other measures is a good idea.

“Clone phishing emails are not dangerous until you click the links or files they include. So the general recommendation is not to rush into trusting everything you read in your email inbox. It is always safer to double-check with the company that is emailing you and contact them by phone before you provide any personal information or click on the links in your emails,” says Adrianus Warmenhoven.

The post Clone Phishing — an Attack that Can Trick Even the Most Cautious Users appeared first on SiteProNews.

Half of Americans (53%) say they have seen an ad for a product or service pop up on their phones soon after talking about it or watching it on TV, new research by cybersecurity company NordVPN reveals.

Two in four (50%) consumers admit they have no idea how to prevent this from happening and one in ten (10%) who noticed the adverts said it scared them.

Rather than devices reading your mind, this personalised product placement is due to a type of data monitoring called ultrasonic cross-device tracking. This is where apps on your smartphone listen in to background noise — including conversations — to gather more information about you.

“Later, they share this data across other devices,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Smartphones were by far the most common place to find these tailored ads. Four in five (77%) Americans who recognised the phenomenon first spotted it on their handset, with half (52%) seeing it on their computer and a fourth (39%) on their tablet.

Information showing people’s behaviour across devices is extremely valuable to companies, but this type of tracking is controversial because of its lack of transparency and security concerns around consumers’ data.

A key part of cross-device tracking is the use of audio beacons, which are embedded into ultrasound — frequencies above the level that can be heard by humans — and can connect with the microphone on our devices without us knowing. This is one reason many apps ask for permission to access your smartphone’s microphone, even if they don’t involve using your voice.

“While it’s impossible to stop the ultrasonic beacons working, you can reduce the chance of your smartphone listening for them by simply restricting unnecessary permissions you have granted to the apps on your device,” says Warmenhoven.

Ultrasonic Cross-device Tracking — How Does It Work?

Ultrasonic cross-device tracking is used as a method to link all the devices you own to track your behavior and location. These ultrasonic audio beacons can be embedded in many things we interact with daily: TV shows, online videos or websites, or apps on our phones.

Imagine you are watching TV and you see chocolate being advertised. You pick up your phone, and the same chocolate ad appears on your screen. By using ultrasounds, audio beacons can detect when your phone is nearby, and apps on your phone can listen for approximate audio beacons to track what you are doing.

How Can You Reduce Cross-device Tracking?

NordVPN cybersecurity advisor Adrianus Warmenhoven has some top tips to keep snooping devices at bay:

• Change app permissions. The apps on your smartphone may have some permissions that are not required. For instance, why would a photo-editing app need access to your microphone? If apps on your phone have such non-required permissions, you should revoke these permissions. Apple now requires apps to ask your permission before tracking you or your iPhone across websites or apps owned by other companies, and you can turn this off for all apps. All changes to app permissions can usually be done in the privacy settings on your device.
• Use a private browser. If you want to keep yourself from tracking, it is best to use a private browser like Tor or DuckDuckGo rather than the incognito mode in Google Chrome. These browsers do not profile you or save any of your personal data for sharing with marketers.
• Use a VPN. One of the best ways to protect yourself from being tracked is by using a VPN. A VPN is a tool that encrypts every bit of information about your internet activity. It also stops IP-based tracking because it masks your IP address.

The post Yes, Your Phone is Eavesdropping on You – and Most Americans Don’t Know How to Stop It appeared first on SiteProNews.

“That’s due to ultrasonic cross-device tracking. That’s when smartphones have apps that are continuously listening to inaudible, high-frequency ultrasonic sounds from the surroundings and gather a lot of information about you — all without your knowledge. Later, they share this data across other devices,” says Adrianus Warmenhoven, a digital privacy expert at NordVPN.

While tracking people’s behavior across devices is beneficial to marketers, cross-device tracking is often questioned by privacy experts because of its lack of transparency, security and protection of sensitive consumers’ data.

Ultrasonic Cross-device Tracking — a Trending Risk

Ultrasonic cross-device tracking is used as a method to link all the devices you own to track your behavior and location. These ultrasonic audio beacons can be embedded in many things we interact with daily: TV shows, online videos or websites, or apps on our phones.

Imagine you are watching TV and you see chocolate being advertised. You pick up your phone, and the same chocolate ad appears on your screen. By using ultrasounds, audio beacons can detect when your phone is nearby, and apps on your phone can listen for approximate audio beacons to track what you are doing.

“Many apps currently ask for permission to access the smartphone’s microphone to incorporate a particular type of ultrasonic beacon to track them. Since it requires no mobile data or Wi-Fi connection but only microphone access to listen to beacons, tracking works even when you have disconnected your phone from the Internet.

“It’s not possible to stop ultrasonic beacons from emitting sound frequencies around you. Therefore, the best way to reduce the chance of your smartphone listening for beacons is to simply restrict unnecessary permissions you have granted to the apps installed on your device,” says Adrianus Warmenhoven.

How Can You Reduce Cross-device Tracking?

NordVPN research shows that 65% of Canadians don’t know how to restrict their smartphone’s permissions from listening to them. No one likes to be tracked. Therefore, Adrianus Warmenhoven suggest several ways people can reduce the incidence of this happening:

• Use a VPN. One of the best ways to protect yourself from being tracked is by using a VPN. A VPN is a tool that encrypts every bit of information about your internet activity. It also stops IP-based tracking because it masks your IP address.
• Use a privacy browser. If you want to keep yourself from tracking, it is best to use a private browser like Tor or DuckDuckGo rather than the incognito mode in Google Chrome. These browsers do not profile you or save any of your personal data for sharing with marketers.
• Change app permissions. The apps on your smartphone may have some permissions that are not required. For instance, why would a photo-editing app need access to your microphone? If apps on your phone have such non-required permissions, you should revoke these permissions.

“The consolidation of power among large tech companies allows them to obtain large quantities of data about individuals across multiple platforms and devices. In this way, technology giants have even more opportunities to obtain deeper insights into individuals’ habits and preferences. Data consolidation through cross-device and platform tracking may also increase data security risks,” says Adrianus Warmenhoven.

The post Is Your Phone Reading Your Mind? appeared first on SiteProNews.

A study by NordVPN showed that data of five million people (including 16 thousand Canadians) has been stolen by bot malware since 2018. Cybercriminals were able to obtain extremely sensitive user data including 26.6 million usernames and passwords. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.

The average price for a person’s digital information on the bot markets is $6.

Moreover, because the malware steals logins together with cookies and device configuration information, cybersecurity experts say that the rise of this malware will help hackers to bypass multi-factor authentication (MFA).

“When a criminal hacks a password, they cannot complete the identity authentication if the user has MFA enabled. However, if a criminal obtains their victim’s cookies and device configuration information, they can trick the security systems and avoid MFA activation. Because bot malware provides criminals with the entire digital identity of their victims — it presents a brand new set of risks,” says Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

Stolen Logins Found on Bot Markets

A Perfect Crime Using Bots

The scariest thing about bot markets is that they make it easy for hackers to exploit their victim’s data. Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.

After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Adrianus Warmenhoven.

More sophisticated criminals buy this information and target businesses with phishing attacks, trying to impersonate the company’s employees.

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Adrianus Warmenhoven.

Researchers analyzed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research.

The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.

The full methodology, together with more information about the three analyzed markets, can be found here: https://nordvpn.com/research-lab/bot-markets/

You can learn more about how bot markets work by watching this video: https://youtu.be/dAyl1xBgTUg

The post 26.6 Million Logins Stolen by Bot Malware Since 2018 appeared first on SiteProNews.

“The online world is challenging people in every single move they make. Want to read an article? Dozens of ads and pop-ups are ready to immediately cover your screen. Another privacy threat – malware – is lurking for you on websites and in files you are about to download. Websites you browse are also full of third-party trackers that analyze your browsing history to find out what you do online. It depends on you to stop it,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

Adult Content Sites contain the Biggest Amount of Malware

Malware is malicious software that seeks to damage or compromise a device or data. Malware’s scope varies from relatively harmless to extremely dangerous. Malicious software can track people’s data, steal sensitive information, or even delete it without your consent.

NordVPN research shows that adult content sites (21%), as well as cloud storage providers (14%) and entertainment sites (11%), contain the biggest amount of malware. In December, Threat Protection blocked 60.4K, 40.1K, and 30.9K domains of these categories respectively.

Among the most common types of malware are viruses, spyware, worms, trojans, adware, scareware, ransomware, and fireless malware.

Streaming Media Sites have the Most Intrusive Ads

Intrusive advertising refers to pushing invasive and irrelevant ads in front of consumers. They irritate users by popping up unexpectedly, blocking the host page, opening new pages and windows, or playing video and audio at inopportune times.

As for intrusive ads, the majority of them were found on streaming (23%), adult content (16%), and online shopping (9%) sites. Threat Protection detected and blocked millions of them: 552M, 389M, and 226M respectively.

“Today, ad blockers are essential for both security because they block ads that can infect people’s devices and privacy because annoying ads rely on collecting data from web activity and violating people’s privacy. Also, if a website is loading slower than usual, you can blame intrusive ads. Free apps filled with unwanted ads could also drain your device’s battery faster,” explains Adrianus Warmenhoven.

Video Hosting Sites have the Biggest Number of Trackers

While many trackers are a tool for advertising and improving user experience, they may also become handy for online spies. Internet service providers (ISPs), marketing agencies, social media companies, and governments can access your online actions and breach your privacy.

NordVPN’s Threat Protection showed that video hosting sites (22%), cloud storage providers (16.31%), web email (16.25%), and information technology sites (12%) have the most trackers. Video hosting sites alone had 239 billion trackers blocked by Threat Protection in December 2022.

It’s worth adding that earlier NordVPN research showed that the average number of trackers per website is highest in Hong Kong (45.4 trackers), Singapore (33.5), the United States (23.1), and Australia (18.6).

“You can become less trackable online by declining third party cookies, because the website can sell your browsing data to third parties; using a VPN, which will hide your real IP address and location; installing a tracker blocker, which will stop your browsers from collecting information about you; and using privacy browsers, which can obfuscate your browser fingerprint, or ditching Google, which tracks a lot of data about you,” says Adrianus Warmenhoven.

Threat Protection scans your files before you download them, identifies threats, and blocks them before they can harm your device. The feature is free with every NordVPN subscription – and it allows you to go online without leaving a trace, protecting your privacy and improving your digital security.

The post Adult Content, Streaming, and Video Hosting Sites have the Most Security Threats appeared first on SiteProNews.

Targeted ads put people’s personal data at risk, NordVPN experts warn. Such ads might be a convenient way for marketers to present ads that reflect consumers’ specific traits, interests, and shopping behavior. Many people have shopped online and after checking several websites all they saw throughout their devices were targeted ads of, for example, a new watch.

However, while targeted ads are convenient for marketers and advertising agencies, they also put people’s personal data at risk. Anyone can buy this data and use it for purposes other than targeted ads and advertising campaigns.

“Most people are unaware of how targeted advertising works and how much of their personal information is collected online. Web cookies, location information and mined data collect information about our browsing activities from site to site.

“These ads are not only irritating but also put people’s personal information at risk. One of the key concerns is the fact that targeted ads reveal personal information, such as age, gender, income, relationship status, political views, and sexual orientation. Companies can use such data to predict whether they can charge people more as well as forecast your behavior and incentivize your actions. One example could be the Cambridge Analytica scandal. It targeted voters with ads based on their psychological traits in order to manipulate them better,” adds Daniel Markuson, a digital privacy expert at NordVPN.

How Can You Stop Targeted Ads?

“Targeted advertising might create a feeling that advertisers are stalking your every move. If you’re cautious about your privacy, this can feel unnerving,” says Daniel Markuson.

If you are tired of shopping sites sending you “I see you checked out this item, here’s some similar stuff” messages, Markuson recommends several steps:

• Modify your notifications. Some sites are better about presenting this setting separately from other types of notifications, or you may only be able to stop this by unsubscribing from all advertising emails from the company.
• Opt out of targeted ads. Some social networking and search engine sites, as well as major software vendors and some ISPs, will allow you to opt out of targeted advertising.
• Use an ad-blocker. Ad blocking extensions work on the browser level to prevent advertisements, banners, and pop-ups. However, you can go further with an ad block VPN such as NordVPN and its Threat Protection feature.
• Delete your information from data brokers. If you really want to exclude yourself from shadowy databases, you can contact individual data brokers to clean up or delete your information.
• Use a VPN to hide your identity. A virtual private network won’t hide all ads, but you won’t get any personalized ones. A VPN hides your internet activity from prying eyes, including marketers and your internet service provider (ISP).

The post Targeted Ads are Stalking You. How Can You Avoid Them? appeared first on SiteProNews.

At least five million people have had their online identities stolen and sold on bot markets for 8 CAD on average. Out of all the affected people, 16 thousand are from Canada.

This data comes from research by the cybersecurity company NordVPN, which looked into three major bot markets. The word “bot” in this situation does not mean an autonomous program – in this case, it refers to data-harvesting malware. Bot markets are online marketplaces hackers use to sell data they have stolen l from their victims’ devices with bot malware. The data is sold in packets, which include logins, cookies, digital fingerprints, and other information — the full digital identity of a compromised person.

“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot,” says Marijus Briedis, CTO at NordVPN. “A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just eight Canadian dollars.”

Researchers analyzed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research.

The most popular types of malware that steal data are RedLine, Vidar, Racoon, Taurus, and AZORult.

What Information Do Hackers Sell on Bot Markets?

• Screenshots of a device. During a malicious attack, a virus might take a snapshot of the user’s screen. It can even take a picture with the user’s webcam.
  
  
• Logins and other credentials. When a virus attacks the user’s device, it may grab logins saved to their browser. The research found 26.6 million stolen logins on the analyzed markets. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.
  
  
• Cookies. These are also usually stolen from a user’s browser and help criminals bypass two-factor authentication.The research found 667 million stolen cookies on the analyzed markets.

• Digital fingerprints. A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information that makes the user unique. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. During the research, 81 thousand stolen digital fingerprints were found on the analyzed markets.
  
• Autofill forms. Many people use the autofill function for their names and emails as well as for their payment cards and addresses. All of these details can be stolen by malware. During the research, 538 thousand autofill forms were found on the analyzed market.

You can learn more about how bot markets work by watching this video: https://youtu.be/dAyl1xBgTUg

A Perfect Crime Using Bots

The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data. Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication.

After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed.

Information stolen from autofill forms or just by taking a device screenshot can help these actions look more believable and trustworthy. And you will have no way to detect who used your data.

“Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” says Marijus Briedis.

More sophisticated criminals buy this information and target businesses with phishing attacks, trying to impersonate the company’s employees.

“To protect yourself, use an antivirus at all times. Other measures that could help – a password manager and file encryptions tools to make sure that even if a criminal infects your device, there is very little for them to steal,” adds Marijus Briedis.

The methodology, together with more information about the three analyzed markets, can be found here: https://nordvpn.com/research-lab/bot-markets/

The post Thousands of Canadians Have Their Data Sold on Bot Markets appeared first on SiteProNews.