How Spammers Spoof Your Email Address (and How to Protect Yourself)

Alan Henry

Most of us know spam when we see it, but seeing a strange email from a friend—or worse, from ourselves—in our inbox is pretty disconcerting. If you’ve seen an email that looks like it’s from a friend, it doesn’t mean they’ve been hacked. Spammers spoof those addresses all the time, and it’s not hard to do. Here’s how they do it, and how you can protect yourself.

Spammers have been spoofing email addresses for a long time. Years ago, they used to get contact lists from malware-infected PCs. Today’s data thieves choose their targets carefully, and phish them with messages that look like they came from friends, trustworthy sources, or even their own account.

It turns out that spoofing real email addresses is surprisingly easy, and part of why phishing is such a problem. Systems Engineer, aspiring CISSP, and Lifehacker reader Matthew tipped us off to how it works, but also took us by surprise by emailing a few of us at Lifehacker from other Lifehacker writers’ email addresses. Despite the fact that we knew it was possible—we’ve all gotten spam before—it was more disconcerting to actually be tricked by it. So, we talked to him about how he did it and what people can do to protect themselves.

Note: What follows is a rather technical writeup, designed for more computer-savvy individuals. If you want a more basic rundown on avoiding spam and scams, we’ve got one of those too.

A Little History: Why Email Addresses Are So Easily Spoofed

Today, most email providers have the spam problem resolved—at least to their own satisfaction. Gmail and Outlook have strong, sophisticated spam catching algorithms and powerful filtering tools. Back in the early 2000s, though, that wasn’t the case. Spam was still a huge problem that mail servers had yet to seriously tackle, much less develop advanced tools to manage.

In 2003, Meng Weng Wong proposed a way for mail servers to “verify” that the IP address (the unique number that identifies a computer on the internet) sending a message was authorized to send mail on behalf of a specific domain. It’s called the Sender Permitted Form (renamed to “Sender Policy Framework” in 2004), and Matthew explains how it works:

Each time an email message was sent, the receiving email server would compare the IP of origin for the message with the IP address listed in the SPF record for the email address’s host (the “@example.com” part.)

If the two IP addresses match, then the email could pass through to the intended recipient. If the IP addresses did not match, then the email would be flagged as spam or rejected altogether. The burden of deciding the outcome was completely in the hands of the receiving server.

Over the years, SPF records have evolved (the most recent RFC was published in April 2014), and most domains on the internet have SPF records (you can search for them here).

When you register a domain, you also register a number of DNS records that go along with it. Those records tell the world which computers to talk to depending on what they want to do (email, web, FTP, and so on). The SPF record is an example, and ideally it would make sure all the mail servers on the internet knew that people sending email from, say, @lifehacker.com, were actually authorized users and computers.

However, this method isn’t perfect, which is part of why it didn’t catch on completely. SPF records require administration—someone actually adding new IP addresses and removing old ones, and time for the record to propagate across the internet every time a change is made. (Update: We previously tied SPF checks to user IP addresses, when the technology is actually used by mailhosts to verify that the server through which a message passes is an authorized sender on behalf of a given domain, not that the device used is authorized to send on behalf of a given address. Sorry for the confusion, and thanks to the commenters who pointed this out!) Most companies use a soft version of SPF anyway. Instead of risk false positives by blocking useful mail, they implement “hard” and “soft” fails. Email hosts also loosened their restrictions on what happens to messages that fail that check. As a result, email is easier for corporations to manage, but phishing is easy, and a big problem.

Then, in 2012, a new record type was introduced, designed to work alongside SPF. It’s called DMARC, or Domain-based Message Authentication, Reporting, and Conformance. After a single year, it’s expanded to protect a large number of consumer mailboxes (although the self-proclaimed 60% is probably optimistic.) Matthew explains the details:

The DMARC boils down to two important flags (although there are 10 total) – the “p” flag, which instructs receiving servers on how to deal with potentially phony emails, either by rejecting, quarantining, or passing; and the “rua” flag, which tells receiving servers where they can send a report about failed messages (usually an email address at the domain admin’s security group). The DMARC record solves most of the issues with SPF records by taking the burden of deciding how to respond away from the recipient.

The problem is, not everyone uses DMARC yet.

This handy tool allows for you to query any domain’s DMARC record – try it out on a few of your favorites (gawker.com, whitehouse.gov, redcross.org, reddit.com). Notice anything? None of them have published DMARC records. That means that any email host that tries to conform to the rules of DMARC wouldn’t have any instructions on how to handle SPF failed emails, and would probably let them through. That’s what Google does with Gmail (and Google Apps), and that’s why phony emails can get through to your inbox.

To prove that Google does pay attention to DMARC records, look at the DMARC record for facebook.com – the “p” flag idicates that recipients should reject emails, and send a report about it to the postmaster at Facebook. Now try to fake an email from facebook.com and send it to a Gmail address—it won’t go through. Now look at the DMARC record for fb.com – it indicates that no email should be rejected, but a report should be made anyway. And if you test it, emails from @fb.com will go through.

Matthew also noted that the “postmaster report” is no joke. When he tried spoofing a domain with a DMARC record, his SMTP server was blocked in less than 24 hours. In our testing, we noticed the same. If a domain is set up properly, they’ll put an end to those spoofed messages quickly—or at least until the spoofer uses a different IP address. However, a domain that doesn’t have DMARC records is fair game. You could spoof them for months and no one on the sending end would notice—it would be up to the receiving mail provider to protect their users (either by flagging the message as spam based on content, or based on the message’s failed SPF check.)

How Spammers Spoof Email Addresses

The tools necessary to spoof email addresses are surprisingly easy to get. All you need is a working SMTP server (aka, a server that can send email), and the right mailing software.

Any good web host will provide you with an SMTP server. (You could also install SMTP on a system you own, port 25—the port used for outgoing email, is usually blocked by ISPs. This is specifically to avoid the kind of mass-emailing malware we saw in the early 2000s.) For his prank on us, Matthew used PHP Mailer. It’s easy to understand, easy to install, and it even has a web interface. Open PHP Mailer, compose your message, put in the “from” and “to” addresses, and click send. On the recipient’s end, they’ll get an email in their inbox that looks like it came from the address you typed in. Matthew explains:

The email should have worked without issue, and appears to be from whomever you said it’s from. There’s very little to indicate this didn’t come from their inbox, until you view the source code of the email (“View original” option in Gmail). [ed note: see image above]

You’ll notice that the email “soft” failed the SPF check, yet it came through to the inbox anyway. It’s also important to note that the source code includes the originating IP address of the email, so it’s possible that the email could be traced, if the recipient wanted to.

It’s important to note at this point that there is still not a standard for how email hosts will treat SPF failures. Gmail, the host I did most of my testing with, allowed emails to come in. Outlook.com, however, did not deliver a single falsified email, whether soft or hard failed. My corporate Exchange server let them in without issue, and my home server (OS X) accepted them, but flagged them as spam.

That’s all there is to it. We’ve skimmed over some details, but not many. The biggest caveat here is if you click reply on the spoofed message, anything sent back goes to the real owner of the address—not the spoofer. That doesn’t matter to thieves though, since spammers and phishers are just hoping you’ll click links or open attachments.

The tradeoff is clear: Since SPF never really caught on in the way it was intended, you don’t need to add your device’s IP address to a list and wait 24 hours every time you travel, or want to send email from your new smartphone. However, it also means that phishing remains a major problem. Worst of all, it’s just so easy that anyone can do it.

What You Can Do to Protect Yourself

This all may seem arcane, or seem like a lot of fuss over a few measly spam emails. After all, most of us know spam when we see it—if we ever see it. But the truth is that for every account where those messages are flagged, there’s another where they aren’t and phishing emails sail into user inboxes.

Matthew explained to us that he used to spoof addresses with friends just to prank friends and give them a little scare—like the boss was angry with them or the receptionist emailed to say their car was towed—but realized that it worked a little too well, even from off the company network. The spoofed messages came through the company mail server, complete with profile pictures, corporate IM status, auto-populated contact information, and more, all helpfully added by the mail server, and all of which make the spoofed email look legit. When I tested the process, it wasn’t much work before I saw my own face looking back at me in my inbox, or Whitson’s, or even Adam Dachis’, who doesn’t even have a Lifehacker email address anymore.

Even worse, the only way to tell that the email isn’t from the person it looks like is to dig into the headers and know what you’re looking for (like we described above.) That’s a pretty tall order for even the tech-savvy among us—who has time for that in the middle of a busy workday? Even a quick reply to the spoofed email would just generate confusion. It’s a perfect way to cause a little chaos or target individuals to get them to compromise their own PCs or give up login information. But if you see something that’s even a little suspicious, you at least have one more tool in your arsenal.

So, if you’re looking to protect your inboxes from messages like this, there are a couple of things you can do:

  • Turn up your spam filters, and use tools like Priority Inbox. Setting your spam filters a little stronger may—depending on your mail provider—make the difference between a message that fails its SPF check landing in spam versus your inbox. Similarly, if you can use services like Gmail’s Priority Inbox or Apple’s VIP, you essentially let the mail server figure out the important people for you. If an important person is spoofed, you’ll still get it, though.
  • Learn to read message headers, and trace IP addresses. We explained how to do this in this post about tracking down the source of spam, and it’s a good skill to have. When a suspicious email comes in, you’ll be able to open the headers, look at the IP address of the sender, and see if it matches up with previous emails from the same person. You can even do a reverse lookup on the sender’s IP to see where it is—which may or may not be informative, but if you get an email from your friend across town that originated in Russia (and they’re not traveling), you know something’s up.
  • Never click unfamiliar links or download unfamiliar attachments. This may seem like a no-brainer, but all it takes is one employee in a company seeing a message from their boss or someone else in the company to open an attachment or click a funny Google Docs link to expose the entire corporate network. Many of us think we’re above being tricked that way, but it happens all the time. Pay attention to the messages you get, don’t click links in email (go to your bank’s, cable company’s, or other website directly and log in to find what they want you to see), and don’t download email attachments you’re not explicitly expecting. Keep your computer’s antimalware up to date.
  • If you manage your own email, audit it to see how it responds to SPF and DMARC records. You may be able to ask your web host about this, but it’s not hard to check on your own using the same spoofing method we described above. Alternatively, check your junk mail folder—you may see messages in there from yourself, or from people you know. Ask your web host if they can change the way your SMTP server is configured, or consider switching mail services over to something like Google Apps for your Domain.
  • If you own your own domain, file DMARC records for it. Matthew explains that you have control over how aggressive you want to be, but read up on how to file DMARC records and update yours with your domain registrar. If you’re not sure how, they should be able to help. If you’re getting spoofed messages on a company account, let your corporate IT know. They may have a reason for not filing DMARC records (Matthew explained his said they couldn’t because they have external services that need to send using the company domain—something easily fixed, but that kind of thinking is part of the problem), but at least you let them know.

As always, the weakest link in security is the end-user. That means that you’ll need to keep your BS sensors turned all the way up every time you get an email you weren’t expecting. Educate yourself. Keep your anti-malware software up to date. Finally, keep an eye on issues like these, since they’ll continue to evolve as we continue to fight spam and phishing.

Photo by Gwyneth Anne Bronwynne Jones.

Source

How Do Advertisers Track You Online? We Found Out

– By Digital Trends Staff

When you search for something online — say, a vacation to Vegas — it’s not unusual to see adverts for cheap flights and hotel deals in Sin City on every site that you visit thereafter for the next few days. Few of us understand what’s actually happening behind the scenes for those ads to be served.

“The modern web is a mash-up, which means the content that you’re looking at on the page, which just looks like one single Web page with text and graphics, is in fact assembled from multiple different sources, sometimes dozens, and these different sources can be a variety of different companies,” explains Arvind Narayanan, Assistant Professor of Computer Science at Princeton, “When you look at a Web page, there’s content visible to you and invisible stuff purely for the purpose of tracking what you’re doing.”

Online advertising has been there since the early days of the Internet, but it has grown far more sophisticated in recent years. The ads we see now are often the product of digital stalking as companies try to track our every browsing move. But how does this happen in the first place?

Eyes in the shadows

“What this technology is really good at doing is following you from site to site, tracking your actions, and compiling them into a database, usually not by real name, but by a pseudonymous numerical identifier,” says Narayanan, “Nevertheless, it knows when you come back, and it knows to look you up, and based on what it has profiled about you in the past, it will treat you accordingly and decide which advertisements to give you, sometimes how to personalize content to you, and so on.”

There are even ways to associate two different devices belonging to the same user.

We know that companies are collecting data about us, but there’s very little transparency in terms of the techniques they use, and there are a lot of misconceptions. We don’t really know exactly what data they are collecting, or what they might use it for.

“The information that’s most useful for them to collect is your browsing history and your search history,” Narayanan explains, “This gets compiled and profiled into behavioral categories.”

Ostensibly, this data is collected, analyzed, and used to target us with relevant ads, but it can also be used in other ways.

“It’s not just tracking, but using that data to do data mining and see what you can infer about that person’s behavior and their preferences,” Narayanan says, “In some cases research has shown, data may even be used to tailor prices. Sometimes prices for the same product being subtly different, sometimes it’s different products with different price ranges being pushed to the consumer.”

Back in 2012, it was discovered that travel website Orbitz was showing Mac users pricier hotel options than PC users. Later the same year, the Wall Street Journal reported that the Staples website was tracking visitor’s locations and only applying price discounts if there was a competitor store within 20 miles of them.

How are they tracking us?

“It turns out that every device behaves in a subtly different way when the code on the web page interacts with it, in a manner that’s completely invisible to the user,” Narayanan explains, “and this can be used to derive a fingerprint of the device, so the third parties can tell when the same user of the same device is visiting again.”

Server Farm

The same servers that feed you websites are quietly tracking your browsing habits.

This technique is known as canvas fingerprinting. When one of these scripts is running on a website you visit, it instructs your browser to draw an invisible image. Because every device does it in a unique way, it can be used to assign a number to your machine and effectively track your browsing.

If that sounds like the kind of shady thing you’d only find in the dark recesses of the Internet, then you’ll be disappointed to hear that all sorts of popular, and even well-respected sites, from Whitehouse.gov to perezhilton.com, are running these scripts. The University of Leuven, in Belgium, hosts a complete searchable list of sites with these tracking mechanisms.

Beyond the cookie jar

There are other techniques being used to collect data that are difficult to understand. Most of us have some awareness of cookies, but advertisers have developed new methods to exploit or circumvent the cookie system.

“One of the areas that concerns me the most is the data sharing that’s going on behind the scenes,” says Narayanan.

Arvind NarayananArvind Narayanan, Assistant Professor of Computer Science at Princeton

A process called cookie syncing, allows the entities that are tracking you online to share the information they’ve discovered about you and link together the IDs they’ve created to identify your device. They can compare notes and build a better profile of you. And this is all done without your knowledge or input.

Bypassing the normal cookie system altogether, there’s also something known as a super cookie.

“These are cookies that are in nooks of your web browser that allow information to be stored, but they’re not in the main cookie database,” says Narayanan, “A particularly devious type of super cookie is one that stores itself in multiple locations and uses each of these locations to respawn the others should they be deleted so, unless you delete all traces and forms of that cookie at once from all of your browsers on your computer, then that cookie is going to come back.”

There are even ways to associate two different devices belonging to the same user. Companies can establish that they’re owned by the same person, even without attaching your name to them.

“Let’s say you have a laptop and a smartphone, and you’re traveling with them, and you’re browsing the web through Wi-Fi,” says Narayanan, “The advertiser, or other company, notices that there are two particular devices that always connect to the website from the same network. The chance of this happening coincidentally is similar to the chance of two people having the same travel itinerary, so, after a period of time, if it keeps happening, they can deduce that its the same person that owns those two different devices. Now they can put your browsing behavior on one device together with your browsing behavior on the other device and use it to build a deeper profile.”

Are we really anonymous?

We’re often sold the line that companies are only collecting anonymized data. This is something that Narayanan takes exception to, for a number of reasons.

“The impact of personalization, in terms of different prices or products, is equally feasible whether or not they have your real name. It’s completely irrelevant to their calculations and the intended use of the data for targeting that is so objectionable to a lot of users,” he explains.

We also have more to worry about than just the advertisers.

“Some of our research has shown how the NSA can actually piggyback on these cookies for their own mass surveillance or targeted surveillance,” says Narayanan, “These third party services are making the NSA’s job easier.”

There’s also a real risk that the anonymized data may be exposed and linked to your actual identity.

“It’s possible to de-anonymize these databases in a variety of ways,” explains Narayanan, “We’ve seen accidental leakages of personal information. What one needs to keep in mind, is that if you have this anonymized dossier, it only takes one rogue employee, one time, somewhere, to associate real identities with these databases for all of those putative benefits of privacy anonymity to be lost.“

Narayanan even objects to the word anonymous. Computer scientists use the term pseudonymous, which emphasizes that you’re not really anonymous, you’ve just been assigned a pseudonym. If your identity becomes known you’ve lost your imagined privacy, and there are many ways that could happen.

These third party services are making the NSA’s job easier.

“Many of these databases in which our information is collected started out with innocuous purposes, or purposes that consumers are comfortable with, but when you combine it with the complete lack or transparency, accountability, and regulation there’s an enormous opportunity for misuse,” explains Narayanan, “What happens when the company goes bankrupt, the database gets hacked, or there’s a rogue employee?”

There’s also evidence of a growing industry that’s aiming to tie together your online tracking with your offline purchasing habits. Onboarding companies, like LiveRamp, offer ways to link this data and give companies more insight. If a store asks you for your email address at the counter when you make a purchase, they may share it with a company like LiveRamp, which can identify when you use it to sign in to certain specific websites that they’re in business with and then link it to your device. Now companies can put a real name to the data.

How do we safeguard our privacy?

“There’s not one magic bullet solution,” says Narayanan, “If someone is selling you one solution or device that claims to take care of your privacy concerns, they’re almost certainly selling you snake oil. But if you’re willing to invest a little time, it’s possible to protect your privacy.”

There are lots of browser extensions, and end-to-end encryption tools out there. Narayanan suggests starting with Tor and Ghostery. He also recommends reading the Electronic Frontier Foundation and Electronic Privacy Information Center, if you want to learn more.

“Research technology a little bit, learn about the privacy implications of the products that you’re using, learn about the privacy tools that are out there, but also the right way to use them,” suggests Narayanan, “If you’re not fully aware, you’re not going to make a fully informed choice, but for each person it’s a trade-off on where they want to be on that spectrum of convenience and privacy.”

Source

Security smarts for smartwatches | Consumer Information

by Lisa Lake

Smartwatches have quickly gone from sci-fi to commonplace, and it’s easy to see why. Users can conveniently manage messages, music, fitness, and more right from their wrists as they go about the day.

Person wearing a smartwatch taps its screen

But enjoying the convenience of a smartwatch means trusting it to keep your data safe. Smartwatches offer a variety of security features, so keep security in mind when you shop for one. Not all security features come set up right out of the box. Be sure to check your settings and turn on the ones you want. For example, many smartwatches offer screen lock features, which you should use to help ensure your data is private. You may be able to:

  • set a PIN: Set up a short PIN that you can type to unlock the watch.
  • create a pattern lock: Create a pattern that you can draw on your screen to unlock it.
  • use your phone: Have your watch lock if it’s too far from your phone to “pair.”
  • detect your wrist: Set your watch to lock when you take it off your wrist.

Experts are looking for ways to make smartwatch security stronger and more convenient—including locking in particular—so keep an eye out for new and easier ways to protect yourself from others getting access to the data on your smartwatch.

Source

What’s affiliate marketing? Should I care?

by Rosario Méndez

Many of the ads you see online are created by marketers who are paid each time you click on their ad. And if that click takes you to a website where you sign up to try a product or you make a purchase, the marketer may get paid even more. These are affiliate marketers. They are hired by the owner of the product to promote it on social media, on websites, and through email. Sometimes networks of affiliate marketers negotiate the rate marketers will get paid per click, per sign-up to try the product, and per purchase. Everyone from the merchant to the affiliate marketers gets a cut. And all these people may be tracking you, too, just from that one first click.

Affiliate marketing is a good way to promote a product or service as long as the ad is truthful. The problem is that some dishonest affiliate marketers put out ads with exaggerated claims or misleading information to get people to click. They may say anything to get you to click on their ad because they have an incentive – getting paid. Check out the infographic we created to explain this.

Sometimes deceptive ads could be bait for a scam. Take, for example, a low-cost trial scam that the FTC stopped recently. People who clicked on ads placed by affiliate marketers for a “free” trial ended up on a website that offered the product trial for $1.03. That amount is not much, but it’s not free. In fact, people who bought the trial for $1.03 ended up being charged almost $200 monthly for a second product they didn’t even want. We explained what happened in this infographic.

So, the next time you see an online ad, pause before clicking. Ask yourself:

  • How do I know who’s truly behind the ad?
  • Do I know if they’re being truthful? Is someone being paid to get me to click?
  • Who is tracking me when I click on the ad? And who is getting that information about me?

And if the ad says one price, but when you click on it you land on a website that says something else, you may have landed on a scam. No matter what, check your bills to be sure you’re not being scammed.

Source

Browser hijacking, a less talked about security issue

Browser hijacking is one of the less talked about security issues out there, but that doesn’t mean its effects can’t be damaging.
The typical browser hijacker malware will usually change your homepage to another homepage or display more advertising and generally slow down your browsing experience considerably.
In more serious cases, the browser hijacker will also install a keylogger or damage your Window’s registry files.

What causes a browser hijack?

The browser hijacker software was probably spyware, either designed to track personal data or adware that regularly pops up dubious advertisements. If you did install something, it might have offered you the option to decline the install, but it could have been displayed in a way that was deliberately confusing (after all, they want you to download the software).

Or you could have unwittingly visited an untrustworthy website. Usually your browser’s address bar will warn you in red if this is the case and your usual search engine (such as Google or Bing) would also probably have warned you too, but it still happens.

So if your browser has been hijacked, what can you do about it? The main thing to do is not panic. Seriously. We know it can seem like all your data is at risk but it probably isn’t. And in any case, if you are panicking about your data, it’s likely you haven’t got it backed up.

If not, you are not helping yourself! It goes without saying (but we’ll say it anyway) – always back up your precious files, music, photos and videos. If you have continuous, cascading pop-up windows, then press [Ctrl]+[Alt]+[Del] on your keyboard.

Keyloggers are hunting your passwords

Keyloggers are stealthy pieces of malware, designed to record any and all keyboard presses and secretly sending them to the cyber criminal.

Keyloggers usually don’t come with visible symptoms, since their main purpose is simply to collect sensitive information such as emails and passwords.

Keylogger Definition
A keylogger is any piece of software or hardware that has the capability to intercept and record input from the keyboard of a compromised machine. The keylogger often has the ability to sit between the keyboard and the operating system and intercept all of the communications without the user’s knowledge. The keylogger can either store the recorded data locally on the compromised machine or, if it’s implemented as part of a larger attack toolkit with external communication capabilities, sent off to a remote PC controlled by the attacker. Although the term keylogger typically is used in relation to malicious tools, there are legitimate surveillance tools used by law enforcement agencies that have keylogging capabilities, as well.

7 Best Antivirus for iPhone in 2017 to keep your phone safe


Best Antivirus For iPhone: The two major giants of smartphones, iOS and android have been fighting since long. And the most powerful argument held by the iOS users deals with security. One has to agree upon the fact that iOS does have an upper hand in terms of security. But, this doesn’t make the iOS users completely safe from the malicious attacks on their iPhones. Thus, the importance of having an antivirus for iPhone in 2017 can not be neglected. And for that matter, you gotta choose the best antivirus for iPhone in 2017 which can protect your iPhone. To make your task easy, we have made a detailed research and shortlisted the most effective and best antivirus for iPhone in 2017.

Best Antivirus for iPhone in 2017:

1.  Avast Secure-Me:

Avast is the big brand name in the arena of antivirus. The Avast Secure-Me application is focused on keeping a track on your online presence. Avast Secure-Me keeps a watch on your activities like online messaging, shopping, banking, etc. During this Avast Secure-Me makes sure that your private information stays secured and prevents any kind of leaks. The main problems are faced when you’re connected to an open WiFi network. In this case, there is a high probability that your private information gets leaked. Avast Secure-Me notifies you against any such threats.

avast antivirus for iphone in 2016

2. McAfee Mobile Security

Sometimes you don’t need the internet to lose. Any of your important file on your iPhone can be easily accessed by anyone in your near proximity. McAfee Mobile Security helps you keep you friends away form snooping your private stuffs. It provides you with a shield to protect your confidential files and even report you if anyone else apart from you tries to access them. Along with this, it also facilitates backing up your iPhone’s data so that you retrieve it according to the need. One amazing feature is Secure Snap, which stores all the images being captured directly into your secured vault.

Mcafee antivirus for iphone

3. Lookout Mobile Security:

Something which might turn out to be a nightmare for every iPhone user is losing your smartphone. Lookout Mobile Security protects your iPhone like no one would ever could. Be it data loss, mobile theft or any other threat, Lookout Mobile Security backs you up in each of this case. It takes a regular backup of your phone automatically. In case you lose your phone, Lookout will locate it within seconds if it is connected to the internet. It also saves the last location of your iPhone before the battery drains out completely. It triggers an alarm to find your device if you feel it’s near by even if it’s in silent mode.

4. Norton Mobile Security:

Norton Mobile Security is known for delivering powerful, effective and a reliable protection for iPhone and iPad. It keeps tracing for any threat in your iPhone continuously and notifies you about the same. On top of it, Norton also makes sure that your data gets backed up regularly. Moreover, Norton Mobile Security can also find your iPhone if it gets lost. It saves the last location of iPhone before it is shut down and triggers an alarm to locate the same quickly. Hence, Norton stays a strong contender in this list of the best antivirus for iPhone in 2017.

5. Avira Mobile Security:

Avira Mobile Security is an ideal tool to have as an antivirus for iPhone in 2017 to ensure complete security. It keeps a track of your emails to make sure that their privacy has not been compromised. You also get a dashboard from where you can take control of your iPhone. With the help of Avira dashboard, you can connect to 5 devices which will be tracked and traced down in case of loss or theft. In-app, community support is also provided where you can post your questions and get answers quickly.

6. F-Secure Safe:

Most of the time that we spend on our iPhones involve the use of the internet. To make sure that your iPhone is all secured during your online activities is important. F-Secure Safe helps you keep your iPhone and your personal information safe while browsing. It notifies you about malicious nature of websites. Hence, maintains a healthy environment for you to explore the internet on. It also has an in built parental control feature which warns you before accessing any content which may be unsuitable for children. This can certainly prove to be the best antivirus for iPhone in 2017.

7. 360 Security

Over a long run use of iPhone, one is bound to collect a lot of pictures and data in the same. 360 degree is equipped with a photo optimizer which scans your album regularly for any duplicate photos. Also, it has the capability to group them according to it’s predetermined algorithms. 360 security also helps you clear out unwanted space from your iPhone. It cleans all the unnecessary files clearing up a lot of space from your iPhone. It also has features to save the battery of you iPhone.

Source

15 best antivirus Android apps and anti-malware Android apps


Antivirus Android apps remain one of the most popular types of applications on Android. Whether or not these apps are needed is a subject that has been debated ad nauseum. Generally, you don’t need one if you play it safe, only download apps from the Play Store, and keep your security settings enabled. However, there are those who like to take a walk on the wild side and not do those things. In any case, here are the best antivirus apps and anti-malware apps for Android.


VPN Express

Before you start thinking about antivirus software, the first line of defence in Android security is a solid VPN. One that users

256-bit encryptiondoesn’t keep logs and offers 24-hour Live Chat support.We recommendExpressVPN for Android. It’s $8.32 per month but you canget your money back within 30 days if you’re not completely satisfied.


360 Security best antivirus apps and anti-malware apps360 Security – Antivirus Boost

[Price: Free]
360 Security is one of the most popular and highly rated antivirus Android apps available right now with over 100 million downloads and 10 million ratings resulting in a 4.6 overall rating. That’s pretty good. This antivirus and anti-malware app comes with a ton of features, including the ability to scan your device files for malware, scan your apps and games, enable real-time protection, and even comes with an anti-theft feature. You can also use the app’s built in cleaner and booster service if you want, but the validity of those types of features aren’t particularly substantiated. Perhaps the most useful feature for this one is an app lock that lets you password protect any app on your device which is great for keeping nosy people away. The best part? It’s completely and totally free.


androhelm best antivirus Android apps and anti-malware Android appsAndroHelm Mobile Security

[Price: Free / $2.59/month / $23.17 per year / $99.65 or $119.85 for lifetime licenses]
AndroHelm’s Mobile Security app is a lesser known option that can still provide a bunch of benefits. The main functionality focuses solely on security with features that include real-time protection from malware and spyware. It also does scanning apps upon installation, frequent updates of the antivirus database, quarantine mode, app backups, virus protection, and a lot more. One of the more useful features include a set of functions that let you remotely block your device and delete stuff. The pricing structure is a bit complicated and the design could use an overhaul, but the functionality is solid and the app should work pretty well.
You can find all of AndroHelm Mobile Security’s pricing options by clicking here.

antivirus Android mobile security


Avira best antivirus apps and anti-malware appsAvira Antivirus Security

[Price: Free / $11.99 per year]
Avira Antivirus Security one of the relatively newer and lesser known antivirus apps but it’s quickly growing into one that people really seem to like. It comes with the basic stuff like device scanning, real-time protection, and even the ability to scan the external SD. It also includes modern features, like a Stagefright Advisor to help you work around that particular vulnerability. There is also some anti-theft feature, privacy features, blacklisting features, and device admin features. It’s a heavier antivirus app, but it doesn’t necessarily feel that way all the time. It’s worth a shot if for no other reason than to check out the Stagefright Adviser!


antivirus Android trustgoAntivirus and Mobile Security by TrustGo

[Price: Free]
Antivirus and Mobile Security by TrustGo is an app with a philosophy. The developers have talked about how they built the app from the ground up for mobile protection against mobile threats and this app does that. It has the basic features such as device scanning to look for existing threats, real-time protection, and a privacy guard that helps show you what apps are using which permissions (which, admittedly, won’t be nearly as awesome after Android 6.0). It does include secondary features such as a system manager, find-my-phone functionality, and data backup if you need it. It’s not quite as heavy as some of these competitors, but it is by no means a lightweight. It’s also 100% free to use. That makes it one of the really good antivirus apps for Android.

trustgo best antivirus and antimalware apps for android



Avast best antivirus apps and anti-malware appsAVAST Mobile Security

[Price: Free / $1.99/month / $14.99/year]
AVAST Mobile Security comes from Avast, a name that many people recognize from the antivirus market on PC. Avast on Android is just as well-known and trusted with over 100 million installs and just shy of four million reviews with a 4.5 overall rating in Google Play. The features include the usual device scanning, app scanning, and real-time protection but also includes consistent antivirus database updates, anti-theft features, and the ability to remote lock your device in case you lose it. AVAST is definitely one of the heavier antivirus Android apps that we’ve found and it comes with a metric ton of features that creates a pretty sturdy experience. If you go pro, you’ll get even more features including remote data recovery, remote SMS, geo-fencing, ad detection, and app locking. It’s one of the heavier antivirus apps. That makes it not a great option for those who need something light.


AVG antivirus androidAVG AntiVirus Security

[Price: Free / $3.99/month / $14.99/year]
AVG Antivirus Security is another antivirus Android app that many people know about from the PC antivirus space. As such, it has over 100 million downloads to date and a respectable 4.4 rating in the Play Store. AVG is a bit lighter of an option compared to other name-brand options and includes real-time protection, device scanning, and consistent antivirus database updates. On top of that, there is a task killer (which, admittedly, is pointless), anti-theft features, remote device data wiping, and you can monitor things like battery, storage, and data usage. The interface on this one is actually pretty good comparatively speaking and the paid subscribers can also get app locking, call and message blocking, and more.

Antivirus android security free by AVG


bitdefender antivirus androidBitdefender Antivirus Free

[Price: Free]
Bitdefender Antivirus Free is perhaps the lightest, most unobtrusive option on this list. It has exactly two features which is to scan and clean your device and then it offers real-time antivirus protection on top of that. The real-time protection scans apps as they are installed. It also keeps an eye on what apps are doing. The scanning is simple and only takes a few moments to get everything done. This is technically an offshoot of Bitdefender’s much larger antivirus suite, but we found that we loved that there is an option that requires zero configuration and runs as light as this one does. We prefer the light version of the heavy version but if you want to check out the heavy version, you can find it by clicking here.


CM security antivirus androidCM Security

[Price: Free]
CM Security had some viral success back when it was one of only a few free antivirus apps and was, at the time, the best free option available. It has some competition now, but CM Security is still pretty decent when it comes to antivirus and anti-malware protection as it has been ranked very high on AV-TEST repeatedly for several years now. On top of its antivirus and anti-malware features, CM Security also includes one of the better app locks that we’ve used (it even has fingerprint scanner support now) that not only locks your apps, but takes selfies of people trying to nose around in your business. It’s a lot more lightweight than some of its name brand competitors which is good and it’s completely free for everyone.


Dr Web best antivirus apps and anti-malware apps for androidDr Web Security Space

[Price: Free / $9.90 per year / $18.80 for 2 years / $75 for a lifetime license]
Dr Web’s Mobile Security suite is one that has come a long way since we first put this list three years ago. What started as a simple antivirus app has ballooned into one of the most comprehensive antivirus apps on mobile. It features two kinds of scans along with real time protection. The app also provides real-time protection for your external SD card. It also has anti-spam features, an ton of anti-theft features (including remote lock, custom remote messages, and remote wiping), a cloud checker, and even firewall support. It’s a highly powerful antivirus Android app that doesn’t come with a lot of clutter or bloat.



Eset best antivirus apps and anti-malware apps for androidEset Mobile Security and Antivirus

[Price: Free / $9.99/year]
Eset Mobile Security and Antivirus is from another popular name in the PC antivirus space (Nod32). It boasted an impressive 100% detection rate in 2015 with frequent updates to the antivirus database to try to maintain that in 2016. You’ll also get scanning and real-time protection as is the norm for these types of apps. It also comes with a tablet-specific interface which is rare. The free version is a little basic which is okay if you just need something simple to scan your device and provide protection. Paid subscribers get anti-theft features and more advanced security features if they choose. It’s one of the more trusted antivirus apps out there.


Kaspersky best antivirus apps and anti-malware appsKaspersky Internet Security

[Price: Free / $9.99 per year / $14.95 per year (license for two devices)]
Kaspersky is another very recognizable name in the antivirus space and their antivirus apps is intensely popular. Like others, it has a free version and a paid version with more features. The list of features includes scanning (free) for malware and viruses while the paid version gets real-time protection, anti-phishing, cloud protection, and anti-theft, as well as smaller features like sounding an alarm to help find your lost device. This one is quite heavy so those with older or lower range devices may feel the heat by using the full version of this one.


Lookout best antivirus apps and anti-malware appsLookout

[Price: Free / $2.99/month / $29.99/year]
Lookout is a natural option for many users because this antivirus app comes installed on many Android devices (particularly those on T-Mobile in the United States). Thankfully, the app isn’t half bad and manages to do its job quite well. The free version is a bit more comprehensive than most and includes antivirus, anti-malware, and anti-theft protection although the paid version gives more of all of those things. Paid subscribers also get anti-theft alerts, real-time web browsing protection, a privacy adviser, and some data backup features. It’s not a bad option and it’s even lighter than many other security suites. It’s not great that it’s pre-installed on devices. However, it works well enough to give it a fair shake.


Malwarebytes best antivirus apps and anti-malware apps for androidMalwarebytes Anti-Malware

[Price: Free]
Malwarebytes has an exceptionally good reputation for PC users thanks to its lightweight, no nonsense approach to finding and removing malware. The Android version isn’t much different. It had a bit of a rough start but has since rebounded with a respectable 4.2 rating and five million downloads to date. As we said, this one focuses primarily on antivirus, anti-malware, and anti-spyware so the main features are the device scanning and real-time protection. Otherwise, this is a simple app that manages to get out of the way and not use a ton of system resources. This is especially good for older devices, lower range devices, and for those who don’t want to see any hiccups while running an antivirus app.


McAfee Android antivirusMcAfee Security and Power Booster

[Price: Free / $2.99/month / $29.99/year]
McAfee is arguably one of the most recognizable antivirus apps out there. Thankfully, their app isn’t that bad. There isn’t much of a different between the free and pro versions. It comes down to just a few features. This is a great way to get a lot of protection for free although the paid version can get some pretty decent features as well. It includes features like phone support and backup services. McAfee added a “power booster” into the app which is unfortunate. Ignore that because it’s useless but the protection it offers is actually very good.


Norton Security best antivirus Android apps and anti-malware Android appsNorton Security and Antivirus

[Price: Free / $29.99/year]
Norton Security and Antivirus is from Norton which is another recognizable name in the antivirus apps space. Over the last year or two, Norton has undergone some positive changes. One of them was a more powerful free version of their antivirus app. Make no mistake, this is a “heavy” antivirus app but it seems to run better than it used to. You’ll get antivirus and anti-malware protection out of the box. Along with that, you get remote locking of your device, alarms to find missing devices, and some privacy features as well. The paid version gets far more features, but it’s nice to see Norton listening to constructive criticism.

Source

Why browser cookies are a security risk

How do various websites remember your password and account registration info?

In a word, cookies. These are small files which contain information sites use for various tasks. Besides remembering your account info, these can be used to track what pages users visit the most or to personalize what ads to display.

While not themselves harmful, cyber criminals may use cookies to either collect the information in them (accounts and passwords) or to keep track of infected computers.

Separate your registration and work email

When your alarm goes off in the morning, what’s the first thing you check?

Most people will tap on one of two apps: their email app or their go-to social media account. You probably can’t even remember what your morning routine looked like before this. I know I can’t.

For most of us (myself included), email is our digital home. That’s where we keep our contacts for the people we love and for the people we work with. It’s where we hoard newsletters subscriptions and wishlists, pictures and documents, love and hate digital letters and SO much more.

So no matter what click-bait titles tell you, email is not dead. Not at all!

In fact, people all over the world rely on email for a big chunk of their communication. In 2015, 205 billion emails travelled from outbox to inbox every single day

Emails used to register accounts for important online projects, such as an Amazon seller shops, web domains, etc; should not also be used as work emails.

When you keep the account information email separate from the work email, you minimize the chance of cybercriminals locking you out of your project in case the work email gets compromised