8 Facts You Have to Know for the Safest Pokemon Hunt

It’s capturing the world by storm. People are leaving their homes in droves and abandoning their normal lives in an attempt to catch them all. It is a Pokémon renaissance happening in 2016.  In the early hours of the morning and the wee hours of the night, mass droves of people are heading to parks and lakes. Poke stops, the designated landmarks designed to help Poke Masters refill on poke balls and other essentials, are frequented by the young and the old. With seemingly entire countries obsessed with the game, many security experts are concerned with the permissions and information accessed by the game. In addition, there are real-world dangers in playing the game. Here are the top 8 things you need to know about Pokemon Go in order to stay safe.


 

1)      Accessing your Google Account:

When first signing up for the popular game, a user has the option to sign up using their Google account or through a special Pokémon Trainers club. Simply for convenience’s sake, many people opt out for the Google account registration. This just requires the user to enter their Google account login, such as an email, and a password for their Google accounts. The issue with this is that the app then has unrestricted access to all forms of a user’s Google account. The user is required to give access to the app so that the game may be played, but a user is not alerted to what the app can access, which is why it is aptly named “Full Account Access”. This proves to be problematic as the app could theoretically access photo libraries and billing information.

2)      Camera Usage:

The app’s prized feature is an AR option that brings the Pokémon to life. In order to activate the augmented reality feature, a player must allow the app to access the personal device’s camera. The AR feature on the app is a huge draw for the players in the game, as it feels similar to reality. Using the AR feature, however, requires camera permission, which is another portal for possible data leakage. People take photos with the Pokémon but in turn end up capturing street addresses, car licenses plates, possible credit card information, and many other details.

3)      GPS Tracking: Location Location Location.

Pokémon Go is an app that utilizes a user’s GPS location and camera to support its gameplay. These two permissions, however, prove to be problematic when it comes to mobile security.  The game uses GPS to track where a player is and spawn the rare Pokémon when many players are clustered together. This proves to be a high security threat because a hacker can pinpoint a player’s precise whereabouts.

4)      Not watching where you’re going:

It’s been reported previously that people are having accidents left and right from obsessive game play. From players abandoning their cars in search of the most rare Pokémon to players falling off cliffs looking for an elusive Charmander, people are putting their safety as a secondary priority to the Hitmonchan hunt.

5)      Armed robbery      

Hackers aren’t the only criminals after the players in Pokemon Go. Robberies are happening all over because of the level of game play. These low life criminals drop lures on poke stops around different cities, meant to draw more Pokemon to the poke stop. Since these lures are public and visible within the app, many players will stop by these locations hoping to use these communal lures for their own Jigglypuff hunts. This helps round up potential victims and their valuable possessions into one common area, making for an easy trap.

6)      Downloading a third party app:

Previously, the Pokemon Go app was only available in selected countries and areas. With the craze going so strong in the United States, countries like England and Canada were feeling major FOMO. Many users turned to third party apps to obtain the game to play and join in the worldwide obsession. This is a steep slope to walk down, however. Many third party apps contain malware or phishing software. Added alongside the massive amount of permissions required to play the Pokemon App, this makes it a huge security threat.

7)     Fake Apps:

A new group of dangerous applications targeting Pokémon Go users by promising cheats, tips, and other functionality. Despite their innocuous-sounding titles, the apps actually contained malicious code that either tricked users into paying for expensive bogus services or took over victims’ phones to click porn ads, among other things.

8)      Trustlook:

To ensure your safety and privacy, researchers cannot recommend enough using a security application. Using an antivirus app that deeply scans and alerts you of any data breaches is vital during this kind of social frenzy. Trustlook can protect every player from all the threats of Pokemon Go and any other threat in the market. With ID Check, Boost, SD Card Scan, Backup and Restore, and many other features, Trustlook can make sure you stay safe while in hot pursuit of Pikachu.  Download the Trustlook app here on the Google Play store today.

New Trustlook Insights Report From Trustlook Research

Trustlook has recently conducted a survey report among 500 Android users about different insights for the security industry. “The survey, conducted by Trustlook Research, produced some rather interesting findings about smartphone user behavior,” said Joe Sullivan, head of marketing at Trustlook. “We were surprised to see so many users entering sensitive information into their devices, which could give hackers potential access to social security numbers, bank account information and other personal data.”

 

The Trustlook Insights survey was designed to learn more about mobile device users and to uncover industry trends. Findings include:

  1. Users are more willing than ever to input sensitive information, including their social security number on a mobile device.
  2. Although over two-thirds report using mobile devices for banking, fewer than a quarter use them for managing investments.
  3. BYOD continues to gain momentum in organizations, with eight out of ten respondents using their mobile devices for work.
  4. Eighty-five percent of respondents have more than ten apps on their mobile device, potentially increasing the attack surface.

For the full report, please visit:
http://www.trustlook.com/static/research/Trustlook_Insights_Report_Q3_2016.pdf

Infographic for this report:
http://www.trustlook.com/static/research/Trustlook_Insights_Infographic_Q3_2016.jpg

Even Superman Couldn’t Save This Actress from Identity Theft

   Even the rich and famous aren’t immune to identity theft. The U.S federal government has been cracking down on crime rings of hackers. Many of these crime rings are based in Georgia and Virginia, where there are sophisticated operations involving criminals stealing innocent victims’ identities. Using these stolen identities, the crime rings then create large shell companies. These shell companies are used as entities to funnel and launder money, sometimes out of a country right into a jailbird’s bank account.

   Structured under the umbrella “The Deutche Group”, onering allegedly involved co-conspirers from all over the globe. With home bases in Thailand, Great Britain, and India, the search for victims is extensive. The crime rings will do anything it takes in order to obtain the information they need, even creating entire fake online companies that promote airfare deals or hotel discounts. Victims of these scams are left nearly helpless, often stranded in airports and foreign countries with their credit card information stolen. The nature of fraud can be so sudden, with victims at the airport ready to go, only to learn that their tickets are fake and their credit cards already maxed out. The crime rings will create fake passports and other fake documentation using these identities.

One crime ring even targeted a popular television actress, Laura Vandervoort. The criminals used a television screenshot of the actress while on the popular T.V. show “V” as a passport photo to verify their identification for visa purposes. An FBI agent who was a fan of the show “Smallville” immediately recognized the actress and the FBI was able to pinpoint a timeframe for the creation of all the fake documents.

This illicit crime group has graduated beyond identity theft for fake documents. There have been entire banks created in India so that the hackers are able to fund their own deceitful dealings. One of the co-conspirators attempted to launder his illegal money by buying jewels with stolen credit cards. Another opened an IT learning center that supported IT training and also served as a front for his illicit activities. A former employee of American Express has even moved to India in order to escape prosecution.

   To check if you have been a victim of identity theft or fraudulent crime, use the Trustlook app today. With the ID Check feature, Trustlook can give you real-time identity tracking and alert you if anyone attempts to hack into your payment apps or banking information. Use Trustlook today for a safer tomorrow.    

Mobile App Collusion on the Rise

Every day, more and more low skilled criminals and cyber hackers are aiming for innovative ways to crack into your personal device. Beyond the traditional methods, such as fake emails or deploying viruses in websites, hackers are starting to make more bold moves in the name of illicit cyber-attacks.

The newest trend for malicious attacks, called mobile app collusion, has been hiding in plain sight on personal devices. This method involves a cybercriminal deploying two or more apps to a device. One app serves as the entry point into a person’s private information, using permissions and access granted by a user. The first app is initially trusted by the user and allowed to access different information on the personal device. Vital data such as location, bill information, payment apps, social security numbers, photo albums, and email accounts are most commonly accessible areas for the first app. The second app serves as a getaway car, which funnels the information collected by the first app onto a safe point where the information is then gathered by the criminal group. These criminals use the malicious apps to hide in plain sight of a user and creates a facade of a safety net.

Some of the apps used within this new method of mobile app collusion are being done so without the knowledge of the app developers or the operating systems. Many apps are also victims themselves in the war against malware. Cybercriminals tend to target apps that have not been updated to the latest version and use this as an opportune window into a personal device. Since the app has not been updated with latest security updates, hackers can deduce that users trust the app enough to leave the app on their phone with little attention or notice. Perfect for hiding in plain sight.

Apps that deal directly with sensitive or financial information, such as banking apps, are the most highly prized for these cyber criminals. The most commonly targeted apps for mobile app collusion are usually utility applications that tend to have fewer updates. Health monitoring, bill payment, and video streaming applications are all vulnerable to being hijacked by an outside hacker. With mobile malware on the rise and increases quarter after quarter of new malware in the tech field, being aware of the enemy is the first line of defense.

The New Trustlook Technology Page

2016-06-09_1931

Trustlook is happy to announce our new revamped Technology page! Highlighting the sophisticated automation and technology behind our product, our new page shows how the Trustlook app provides the best security for your personal device.

 

Please let us know how you are liking the new page in the comments and let your friends know how much you enjoy the Trustlook app.

Banking Malware at the Next Level with Fanta SDK

The ultimate deception for the 72% of users who do mobile banking

Hackers for the Android platform have created new and elaborate tricks to gain access into a vulnerable smartphone. By controlling a device remotely and operating as the user, a hacker can change the password to a phone. The hacker then locks the device, keeping the victim frantic and busy while the hacker drains crucial banking and financial information.

This malware began to hit the security radar around Christmas 2015, when many consumers are doing holiday shopping. Online shopping and retail brick and mortars see traffic pick up speed right after the Thanksgiving celebrations, with Black Friday sales and promotional offers all throughout December. The holiday season is the perfect time for a hacker because many patrons are dipping into their bank accounts and wallets for the perfect gift. In fact, in a survey conducted by the Trustlook Research Team, 72% of Trustlook users said that they have done mobile banking. Hackers were able to access a small amount of devices, generally going undetected and without alerting clients to the security breach.

Trustlook recently discovered this dangerous form of malware, named Fanta SDK, while doing precautionary trials on malware. A user will routinely receive an email from a bank indicating that the bank has a new update to their mobile application or that the user needs to sign into their mobile account to verify personal information. Enclosed with the email will be a false link to the mobile app that actually aids the hacker in the malware deception. A consumer will typically click on the link to download or open the application. This fake app then creates a door that the hacker can walk right through into the user’s personal data and information.

If the user notices something fishy or attempts to uninstall the app, the application will reset the device with a random password or pin. This ensures that the hacker will have ample amounts of time to retrieve the information that they want while the user is left out in the cold, powerless to do anything. Often times, this breach goes unnoticed and the hacker drains the victim’s accounts before a formal complaint can even be filed.

What do our Trustlook Researchers have as advice for the best protection? Don’t download third party apps, even when they seem secure from reputable sources. Reset passwords if you become aware of a breach to keep yourself protected. Lastly, run the Trustlook app as often as possible to ensure the highest level of security at all times.