New Versions of Android-Targeting Banking Malware Likely All Contain Ransomware

Some experts believe that the current online banking Trojans that target Android devices are equipped with ransomware-like capabilities. In fact, researchers are finding that many of them have a primary purpose of acquiring banking credentials and only activate the ransomware features when initial methods such as phishing fail.

Examples of recent Trojans that do this are Tordow, FantaSDK and Svpeng. These last two possessed the ability to lock the user’s screen and poke around in the background for the credentials, hoping the user would be too busy trying to unlock the screen to notice they were being robbed simultaneously.

However, the developers of these Trojans are adding the ability for them to encrypt the data as well and use them as true ransomware, according to analysts at Kaspersky.

Some good news, if there is any to be found is that holding the device or data for ransom is used as a last-ditch effort to snatch your cash if the criminal is not able to drain your account by stealing your login credentials. One way or another, the cyber thieves will try to get your money.

There are many ways you can avoid having to pay ransom to get your devices unlocked.

First, always be aware of phishing attacks and don’t fall for them. Unexpected links and attachments, regardless of how they arrive or from whom, should always be met with suspicion. If you cannot be 100% sure it’s safe, don’t click it.

Create regular backups of your devices so that should you get hit with ransomware, you can quickly restore from a recent copy. This will keep your money in your pocket and not in that of a cyber thief. Make sure those backups are stored in a separate location from the devices you are backing up, preferably on a separate drive, network, or in the cloud. In fact, the appeal of holding mobile devices for ransom is diminished because many backup their data to the cloud, rendering any extortion attempt a futile activity.

Keep anti-malware and anti-virus software and apps installed and updated on all your devices. These act as a second line of defense after your own knowledge of how to avoid becoming a victim of phishing.

There is more good news. The developers still have work to do in order to get mobile ransomware to be as sophisticated as it is for desktops. However, it is coming. In addition, according to analyst Roman Unuchek of Kaspersky, a recent version of the Faketoken Trojan already has such ransomware features, but fortunately rarely deploys them. Faketoken targets more than 2000 financial institution apps all around the world.

The first Trojan to have this ransomware-like technology was the previously mentioned Svpeng. This has been around a while, but was recently found lurking in online advertising. The attackers did this by exploiting a zero-day flaw in the Chrome browser. More recent examples of dangerous Android-targeting Trojans include Android.SmsSpy and FantaSDK.

© Copyright 2017 Stickley on Security

Vishing Scam Seeks to Steal Your Banking Information

Some law enforcement organizations are warning about a vishing scam that way too many people are falling for. Criminals are calling people and attempt to trick them out of their banking information by claiming there are suspected unauthorized transactions being made in international locations with their account.

Vishing is a form of phishing where scammers use the telephone to perform their scams. In this one, the caller asks the victims to confirm the bank details. However, it’s important to remember that financial institutions won’t call you and ask for that information.

If you ever receive such a call, just hang up. Contact your financial institution separately. Either check your account online using a previously bookmarked link or other link you know is safe or look up their phone number separately and call them. Don’t return calls to anyone that asks you for your account details over the phone using a number they provide or an email address they give you. Those numbers and messages go right back to scammers. Call the number on your card to ensure you are calling your financial institution.

The calls may appear to come from local numbers, but caller ID information is easily faked. The real phone number from a scammer will likely be initiated from overseas. So if you have doubts about your payment card charges, go to your statement and check them. If anything looks suspicious, contact your card issuer and get it resolved right away. Liability for fraudulent charges is limited in the United States, but you do need to report the charges within a reasonable amount of time. Losses due to fraud are expected to exceed $35.5 billion in 2020, according to a Nilson Report on global fraud losses. Total global losses have already exceeded $16 billion and those are not likely going to decrease any time soon.

© Copyright 2017 Stickley on Security

Don’t Fall for Valentine’s Day Scams

On Valentine’s Day, people’s emotions run all over the map – some are head-over-heels and want to shower their loved one with gifts, while others are despondent because currently they have no one special in their life.

Whatever your love status, one thing everyone needs to guard against at this time of year is scams.

Valentine’s Day brings out the best – and worst – in human behavior. Our impulse is to be generous and search for the ideal gift. Internet thieves know this and coolly set traps for unsuspecting shoppers. And, not surprisingly, dating websites experience greater activity, along with a corresponding increase in relationship scammers.

Here are some of the more common Valentine’s Day scams to avoid:

Electronic greeting cards are popular year-round, especially near holidays. Scammers count on you not paying attention when you receive an email with an innocuous subject line like, “Someone you know just sent you an e-card.”

Unless you’re certain someone sent you an e-card, never click on links or follow instructions to download software to open the message. Chances are you’ll load a virus or malware onto your computer, dooming you to receive endless spam or even endangering your personal and financial information.

Valentine’s Day is the busiest day of the year for florists. Since many people now order flowers online, these purchases are a common target for fraud. A few tips when choosing a florist:

Make sure the physical location, contact information and fees for the florist who’s actually fulfilling your order are fully disclosed.

Pay by credit card so if there’s a problem you can dispute it with your card issuer.

If you receive an email saying there’s a problem with your order, call the florist to make sure it’s legitimate; don’t click on any links – they could be malware.

Beware of emails and social media ads touting great deals on other Valentine’s themed gifts like chocolates, jewelry or lingerie. Unless you’ve previously done business with a company that legitimately has your email address, be skeptical. Watch out for minor typos in the web address – instead of, for example.

It’s no coincidence that dating websites are busier during the winter holidays and leading up to Valentine’s Day. Lonely people’s defenses are lowered, making them vulnerable to online romance scams. Before they know it, victims are conned into sharing personal or financial information, or lending money – money they’ll never see again.

I’m not saying don’t pursue love online at legitimate dating sites. Just watch out for these warning signs:

They want to move your conversations off the dating site immediately and use personal email or instant messaging – the better to avoid policing by the site’s Webmaster.

Their online profile sounds too good to be true. That’s because they’ve probably shaped it to reflect your stated preferences. Or, conversely, their profile may be suspiciously sketchy on details or their photos don’t seem genuine.

They profess love very quickly, even before you’ve spoken or met.

They claim to be a U.S. citizen working overseas – often in the military.

They make plans to visit, but are suddenly prevented by a traumatic family or business event – one which your money can overcome.

Bottom line: Don’t let your emotions get the better of your common sense when it comes to matters of the heart. For more tips on spotting and reporting online scams, visit the Federal Trade Commission’s website (

By Jason Alderman

Take Control of Your Electronic Entertainment Budget

It seems like every few weeks there’s a new “must-watch” movie or show. Competition between traditional and new production companies is driving the wave of high-quality content. I can’t complain, but it’s also hard to keep up. I have an ever-growing list of binge-able things to watch, read and listen to, and in the meantime, I’m paying bills for multiple bills month.

As long as my family’s necessary expenses are covered, spending money on entertainment can be worth it. However, I’ve also noticed that, left unmonitored, expenses can slowly grow out of control. I’d rather look for ways to save money and make more meaningful purchases.

Periodically reviewing how much you spend on entertainment, especially electronic entertainment, could be a good place to start.

Take stock of where you currently stand. Find your starting point by making a list of expenses that fall into the category of electronic entertainment. If you don’t have a budget where you can easily look up this information, you can review previous bank statements or connect your accounts to a budgeting app that can automatically pull in your spending history. This might also be a good time to try several budgeting apps and begin using the one you enjoy the most.

Give traditional cable or satellite TV expenses a second look. If you haven’t “cut the cord” – canceled your cable or satellite TV service – now might be time to give the idea some thought. Many alternative, and often cheaper, options have become mainstream, including free and a la carte sports programming. Even premium networks are sold on their own or as inexpensive add-ons to other services.

You may not want to cancel your entire service but after reviewing what you pay for and regularly watch, you might discover that you could be just as happy with a less expensive package.

In either case, regularly calling your service provider and negotiating your rate could save you money. This same tactic could also work with internet service providers.

Consider splitting the cost with someone else. Some subscription entertainment services can be shared with friends or family. A few even offer several tiers of service, or family packages, that let you create profiles and stream from multiple devices at once. Although the price might be higher for a multi-user account, you’ll still save on a per-person basis.

Choose the person or people you share your account with carefully. In some cases, sharing an account with a non-family or household member could be a violation of the terms and conditions, and with some types of accounts, you could be giving the other person access to your debit or credit card number.

Make a list of free resources you can use. Knowing where you can turn to (legally) watch shows and movies, including recent releases, could put you at ease if you’re worried about canceling a service.

You could start by using ad-based websites that legally host movies and shows. While there are commercial breaks throughout the videos, the services are completely free, and some have mobile apps that you can use to start or resume a video while you’re away from home.

As I’m sure you’re aware, there are plenty of free books, CDs and magazines at many libraries. But the library systems are also keeping up with the times. Some let you “check out” audiobooks, movies and shows without having to visit a branch.

Bottom line: Having access to a wide variety of shows, movies and other types of electronic entertainment can be well worth the cost, but don’t let your monthly expenses go unchecked. Between monthly subscription services, Internet and cable you could be paying several thousand dollars a year.

Find a happy medium by canceling services you don’t want anymore and finding ways to save on those you do. You could then use the savings for something more meaningful. Perhaps that means going to a sports game with friends or family rather than paying for a television service, or putting the money towards a non-entertainment goal, such as a college or retirement fund.

By Nathaniel Sillin

Homeland Security Secretary Lists Phishing as Top Threat

Experts are often asked what is the biggest threat to cyber security and many answers may be given. If you ask the Secretary of Homeland Security, Jeh Johnson, you will hear something that may surprise you. Sure, if you hook up any device to the Internet, it is likely that someone will start attacking immediately with something for various reasons. But to Johnson, the biggest threat is good old reliable phishing.

Why is this? Because it’s tried and true. It is what catches out many with sometimes very painful results. In fact, it is how hackers were able to leak information from the Hillary Clinton campaign. It’s how Sony Pictures was so famously thrust into the cyber security spotlight, how the Target breach occurred, and how the “bad guys” ended up acquiring very sensitive information on over 21 million people in the Office of Personnel Management (OPM) incident.

It is increasingly critical that everyone knows how to determine if an email message is indeed phishing. It’s not so easy to just look at it and make that call anymore; we will give you that. However, it isn’t impossible either. Most of the time, we can rely on our own intuition. If whatever the message is asking or claiming seems “phishy” or just sounds too good to be true, it is. It really is that simple.

Remember that if you receive an email that you are not expecting, regardless of who sent it, it should always be met with a bit of suspicion. And if it comes from a company like Google or your financial institution claiming something has changed or is amiss with your account, don’t click links or attachments to figure it out. Instead, log in directly to your account using a previously bookmarked link that you know to be safe or by typing the address of the site into the browser. You can see communications or check information that way and feel good about it.

If you are a business, always make sure your employees, staff, and contractors are educated on phishing. Homeland Security tests its people by sending phishing emails promising a big prize. The email asked them to click a link and if they did, there were instructions on where they could go to pick up their prize. When they got there, not only were they disappointed to not get their promised football game tickets, but they also got a lesson on cyber security.

While implementing security tools is also a good idea and well worth the money and effort to protect your home or office network, it should not be the only tool in the toolbox. Always include a cyber security training program for everyone that connects to the Internet. This means spending some time teaching kids and all new Internet users how to browse safely.

Cyber criminals are turning to phishing more often these days not to infiltrate networks, but to capitalize on the gullibility of the human race for a quick buck. Now that means getting ransomware onto those computers. In fact, according to security company PhishMe, more than 97% of the phishing emails they analyzed contain ransomware. So rather than paying up because some nefarious person has encrypted your data, keep current backups of your files. This will allow you to quickly put them back online without sacrificing your hard-earned cash or getting your company into the news for a breach.

© Copyright 2017 Stickley on Security

Planning a Home Remodel that Actually Pays Off

There was a time when contractors building McMansion-style home additions or Michelin-worthy kitchens were a regular sight in many neighborhoods – until around 2006, when the Great Recession began to take hold.

Here’s the good news: home improvements are starting to add value in a rising housing market. Here’s the bad news: you have to be very careful about the renovation or remodeling projects you select to avoid over-stretching your budget.

In general, completing successful home improvements comes down to two critical questions:

Will you get most of your money back when you sell your property? (The days of 100 percent-plus returns on renovations are over, at least for now.)

How will project costs affect your overall financial plan?

Here are questions to fuel your planning:

How long you plan to live in the home after the renovation. The Great Recession proved many homeowners didn’t recoup elaborate – or sometimes modest – improvement costs when selling their homes. Even in a recovering market, it’s good to be wary. For now, renovate for the long haul and your personal enjoyment, not overnight sale.

Neighborhood style and standards. We’ve all seen it – the oversized addition that dwarfs the rest of the houses on the block, the $50,000 kitchen upgrade in a small home where a spruce-up for $10,000 or less would do. It’s important to know how your tastes align with what is salable in your market (see Cost vs. Value, below).

Opportunistic buying and installation times for various projects. Take replacement windows, for example. Collect bids in mid-summer and recheck them in late fall — you’ll likely find significant savings on both windows and installation.

Available renovation tax credits on federal, state and local levels. Are there credits or tax incentives on structural equipment or appliances that can offset the cost of whatever you’re planning?
Potential effect on property taxes. Could an elaborate renovation actually turn off future buyers thanks to higher maintenance costs and property taxes?

Intelligence on recent purchase prices and home features. Smart homeowners keep an eye on recent home sale prices in the neighborhood and the features – or lack of them – that made the transaction.

For more detailed information, seek knowledge on a more local level:

Get to know your neighbors. If your neighbors have done home improvements inside and out, politely ask if they’ll share their story.

Befriend a broker. Real estate brokers and agents are happiest when they’re closing deals, but they like to build long-term relationships, too. The best brokers are happy to share neighborhood renovation value intelligence in exchange for a house tour. They can’t sell a house filled with overpriced improvements.

Before major projects, consider a home inspector. A home inspector’s job is to determine if the structural and mechanical aspects of a property are up to code. If a home hasn’t had a structural or mechanical upgrade for many years, professional inspection may detect trouble spots and intermediate upgrades that could be far more valuable than cosmetic work.

Talk to a tax professional. Federal and state tax credits and deductions may be available as part of any project you do. The IRS has a current summary ( of 2014 energy credits and related resources.

Check your credit reports and scores. If you need to borrow to complete a project, it’s a good idea to check your credit reports and current credit score to determine whether you’ll qualify for a loan. You have the right to get all three of your credit reports – from Experian, TransUnion and Equifax – once a year for free. You can do so by ordering directly from

Talk to a financial planner. Any home improvement project is potentially major when compared to what you earn or have in savings. A certified financial planner can help you evaluate potential projects against the competing financial goals in your life like saving for retirement and your children’s college tuition.

Figure out what you can do yourself. Whether it’s painting, landscaping, carpentry or electrical work, helping with a few DIY finishing touches on a home improvement project can save money. Just make sure you have the time and skill to pitch in.

Bottom line: Approach a home renovation as you would any other major financial decision – do your homework and see how it fits into your overall financial plan.


By Jason Alderman