Home + Mobile

Who doesn’t like a good mobile game? Especially a free one! They allow you to blow off steam while fine-tuning your skills, competing with others or maybe even winning bragging rights among friends.

Free games can be fun to play, yet there are some common-sense guidelines to make sure these apps don’t surprise you with unexpected costs or other problems.

Like anything digital, opportunities for malware and other cyber threats do exist. Here are some things to beware of as you protect your privacy, well-being and wallet.

In-app purchases and unauthorized transactions

Free game providers make revenue by selling upgrades to the games’ cosmetic value or the means to advance to another level of play. For example, on a popular kids’ game, players can buy special coins that help boost their overall gaming experience.

But according to a 2017 Tech Crunch article, Amazon recently agreed to refund millions of these types of in-app purchases because they were technically unauthorized – made by children on mobile devices linked to its site. Much to the parents’ regret, these transactions did not require passwords.

Apple and Google have settled similar agreements with the Federal Trade Commission.

So, keep an eye on transactions, banking records and your kids as they play. Most mobile devices even have the option of disabling or PIN-protecting in-app purchases so the little ones aren’t able to make purchasing decisions on their own.

Little extras can add up to a big cost for mom or dad. Or, in a more malicious case, someone with bad intentions could be purposely adding unwanted charges to your credit card.

Malware and privacy threats

Free mobile apps typically feature advertising and, of course, users can pay a premium to turn that off. That’s another transaction-based upgrade that turns free into not-so-free.

However, beyond the clutter and interruptions caused by real ads, malware can deliver a darker spin on free-to-play games through fake ads.

The Economic Times reports that Google has removed nearly 60 games, many of which were aimed at children, from its Play Store. The games were found to be infected with malware and bogus ads.

The malware displayed images that looked like real advertisements, causing concern and prompting users to download fake security software. The users were then encouraged to click on other links that would require payment.

Along with encouraging users to download scareware and pay for premium services, the malware also stole personal information. Those types of sensitive, personal records could include passwords, device ID’s and credit card information.

And that can lead to identity theft and even larger financial threats.

So remember, only use trusted providers, read the reviews before installing the game and there’s never any need to allow extensive access to your device or personal information. You’re just playing free mobile game apps after all.

Free-to-Play mobile gaming security tips

Transaction-based issues and malicious malware are two of the most common concerns associated with free-to-play mobile games. But by no means do they make up a complete list of potential risk factors.

This doesn’t mean you shouldn’t play free games online. But use caution. Scrutinize games labeled as free and realize that paying a reasonable price for software versus getting it for no charge is sometimes worth it.

Here are some more detailed security tips from US-CERT, the United States Government Computer Readiness Team:

• Use antivirus software
• Be cautious about opening web files
• Verify download authenticity
• Configure web browsers securely
• Back up personal data
• Use strong passwords
• Update operating and application software

From Facebook to LinkedIn, social media is flat-out rife with phishing attacks. You’ve probably encountered one before… Do fake Oakley sunglasses sales ring a bell?

Phishing attacks attempt to steal your most private information, posing major risks to your online safety. It’s more pressing than ever to have a trained eye to spot and avoid even the most cunning phishing attacks on social media.

Troubled waters

Spammers on social media are masters of their craft and their tactics are demonstrably more effective than their email-based counterparts. According to a report by ZeroFOX, up to 66 percent of spear phishing attacks on social media sites are opened by their targets. This compares to a roughly 30 percent success rate of spear phishing emails, based on findings by Verizon.

Facebook has warned of cybercriminals targeting personal accounts in order to steal information that can be used to launch more effective spear phishing attacks. The social network is taking steps to protect users’ accounts from hostile data collection, including more customizable security and privacy features such as two-factor authentication. Facebook has also been more active in encouraging users to adopt these enhanced security features, as seen in the in-app message below.

Types of social phishing attacks

Fake customer support accounts

The rise of social media has changed the way customers seek support from brands, with many people turning to Twitter or Facebook over traditional customer support channels. Scammers are taking advantage of this by impersonating the support accounts of major brands such as Amazon, PayPal, and Samsung. This tactic, dubbed ‘angler phishing’ for its deepened deception, is rather prevalent. A 2016 study by Proofpoint found that 19% of social media accounts appearing to represent top brands were fake.

To avoid angler phishing, watch out for slight misspellings or variations in account handles. For example, the Twitter handle @Amazon_Help might be used to impersonate the real support account @AmazonHelp. Also, the blue checkmark badges next to account names on Twitter, Facebook, and Instagram let you know those accounts are verified as being authentic.

Spambot comments

Trending content such as Facebook Live streams are often plagued with spammy comments from accounts that are typically part of an intricate botnet. These spam comments contain URLs that link to phishing sites that try to trick you into entering your personal information, such as a username and password to an online account.

It is best to avoid clicking any links on social media from accounts you are unfamiliar with or otherwise can’t trust. You can also take advantage of security software features such as real-time anti-phishing to automatically block fake sites if you accidently visit them.

Dangerous DMs

Yes, phishing happens within Direct Messages, too. This is often seen from the accounts of friends or family that might be compromised. Hacked social media accounts can be used to send phishing links through direct messages, gaming trust and familiarity to fool you. These phishing attacks trick you into visiting malicious websites or downloading file attachments.

For example, a friend’s Twitter account that has been compromised might send you a direct message with a fake link to connect with them on LinkedIn. This link could direct to a phishing site like the one below in order to trick you into giving up your LinkedIn login.

While this site may appear to look like the real LinkedIn sign-on page, the site URL in the browser address bar reveals it is indeed a fake phishing site. 

Phony promotions & contests 

Fraudsters are also known to impersonate brands on social media in order to advertise nonexistent promotions. Oftentimes, these phishing attacks will coerce victims into giving up their private information in order to redeem some type of discount or enter a contest. Know the common signs of these scams such as low follower counts, poor grammar and spelling, or a form asking you to give up personal information or make a purchase.

The best way to make sure you are interacting with a brand’s official page on social media is to navigate to their social pages directly from the company’s website. This way you can verify the account is legitimate and you can follow the page from there.

Once your home WiFi network is up and running and your family’s devices are connected, it’s normal to turn a blind eye to your router. After all, it’s mostly out of sight and out of mind. Unfortunately, that small, seemingly harmless box isn’t as secure as you may think.

Your router is your gateway to the internet. Once it’s compromised, cybercriminals may be able to view your browser history, gain access to your login information, redirect your searches to malicious pages, and potentially even take over your computer to make it part of a botnet.

Attacks like these are becoming all too common. Last year, we saw a prime example when hackers gained access to routers from various manufacturers and infected consumers’ devices with malicious advertising (also known as malvertising).

In a more recent attack, hackers entered WordPress sites through their owners’ unsecured home routers. After hacking the router, the attackers successfully guessed the password for the WordPress accounts and took complete control of the sites. As security experts noted, this particular hack was made even worse by the fact that most users have little to no understanding of how to secure their home router.

Beef up your home Wifi network security

Here are a few precautionary steps you can take to help deter cybercriminals from infiltrating your home WiFi network:

• Change the default username and password on your route. (Remember to update your WiFi password frequently!)
• Configure your router’s settings to use strong network encryption (WPA2 is preferred).
• Disable your router’s SSID broadcast so it isn’t visible to others.

Additionally, Webroot Chief Information Security Officer (CISO) Gary Hayslip recommends enabling a personal firewall.

“Hackers search the internet by using certain tools to send out pings (calls) to random computers and wait for responses,” he said. “Your firewall, if configured correctly, would prevent your computer from answering these calls. Use your personal firewall. The main point to remember is that firewalls act as protective barriers between computers and the internet, it is recommended you install them on your computers, laptops, tablets, and smart devices if available.”

Learn more about how to keep your WiFi connection secure with our Tips for Improving Router Security.

As the holiday season kicks into high gear, keep in mind that shoppers are at an even higher risk of cyberattacks during this time of year. Salesforce projects that mobile users will account for 60 percent of traffic to retail sites around the globe this year. With the increased popularity of shopping on the go, more and more cybercriminals will move to prey on unsuspecting shoppers. Here are a few tips to minimize your chances of falling victim to cybercriminals this holiday season (and all year long). 

Sophisticated attacks on smartphones

The fact is, mobile threats are on the rise. The Webroot 2017 Threat Report revealed a spike in malicious mobile apps, noting that almost half of new and updated mobile apps analyzed over the previous year were classified as malicious or suspicious. That’s nearly 10 million apps, up from a little more than two million such apps in 2015.  

Given the rising frequency of cyberattacks and data breaches year over year, it’s no surprise that we’ve continued to see more sophisticated smartphone attacks. Some of the most common mobile threats users face are mobile web browser-based hacking, adware, remote device hijacking and eavesdropping, and breaches of mobile payment services.  

Why you need a mobile security app 

To avoid becoming a hacker’s next victim, protect your device with a mobile security app. A trusted security app can block infected or malicious apps and file downloads. It can also help protect your identity and personal information if your mobile device is lost or stolen. 

It’s worth pointing out that all mobile security services are not created equal. In October, independent testing firm AV-TEST found that Google’s Play Protect service, which is designed to safeguard Android apps, was found to be “significantly less reliable” than third-party security apps, according to The Next Web. 

Outside of a solid mobile security app, Webroot Chief Information Security Officer Gary Hayslip recommends making sure mobile devices are up to date:  

“I recommend getting in the habit of periodically checking for updates and, if any are available, installing them. Updates that are waiting to be installed are accidents waiting to happen; they are doorways that can be exploited to access your devices or steal or encrypt your information. Don’t make it easier for your device to be compromised, keep it updated with the latest patches.” 

Safety measures 

In addition to a mobile security app and frequent updates, you should also be protective of your mobile device’s connections. Follow these two tips to double-down on your mobile safety:  

1. Turn off your Bluetooth: Bluetooth is a resurgent way for cyber deviants to gain access to your devices and personal information, so be sure to keep your Bluetooth off while out and about doing holiday shopping. 
2. Data over WiFi: Public WiFi networks are notorious hotbeds for digital attacks. If you have to do your holiday shopping online in public, use your cellular connection instead. If you’d rather not use data, a virtual private network (VPN) is a great way to protect yourself while connected to a public network on your mobile device.  

What if cybercriminals could generate money from victims without ever delivering malware to their systems? That’s exactly what a new phenomenon called “cryptojacking” entails, and it’s been gaining momentum since CoinHive first debuted the mining JavaScript a few months ago.

The intended purpose: whenever a user visits a site that is running this script, the user’s CPU will mine the cryptocurrency Monero for the site owner. This isn’t money out of thin air, though. Users are still on the hook for CPU usage, the cost of which shows up in their electric bill. While it might not be a noticeable amount on your bill (consumer CPU mining is very inefficient), the cryptocurrency adds up fast for site owners who have a lot of visitors. CoinHive’s website claims this is an ad-free way for website owners to generate enough income to pay for the servers. All altruistic excuses aside, it’s clear threat actors are abusing the tactic at the victims’ expense.

In the image above, we can see that visiting this Portuguese clothing website causes my CPU to spike up to 100%, and the browser process will use as much CPU power as it can. If you’re on a brand new computer and not doing anything beyond browsing the web, a spike like this might not even be noticeable. But if you’re using a slower computer, just navigating the site will become very sluggish.

Cybercriminals using vulnerable websites to host malware isn’t new, but injecting sites with JavaScript to mine Monero is. In case you’re wondering why this script uses Monero instead of Bitcoin, it’s because Monero has the best hash rate on consumer CPUs and has a private blockchain ledger that prevents you from tracking transactions. It’s completely anonymous. Criminals will likely trade their Monero for Bitcoin regularly to make the most of this scam.

CoinHive’s JavaScript can be seen in this website’s HTML:

CoinHive maintains that there is no need block their scripts because of “mandatory” opt-ins:

“This miner will only ever run after an explicit opt-in from the user. The miner never starts without this opt-in. We implemented a secure token to enforce this opt-in on our servers. It is not circumventable by any means and we pledge that it will stay this way. The opt-in token is only valid for the current browser session (at max 24 hours) and the current domain. The user will need to opt-in again in the next session or on a different domain. The opt-in notice is hosted on our servers and cannot be changed by website owners. There is no sneaky way to force users into accepting this opt-in.”

For reference, here’s what an opt-in looks like (assuming you ever do see one):

Why Webroot blocks cryptojacking sites

Unfortunately, criminals seem to have found methods to suppress or circumvent the opt-in—the compromised sites we’ve evaluated have never prompted us to accept these terms. Since CoinHive receives a 30% cut of all mining profits, they may not be too concerned with how their scripts are being used (or abused). This is very similar to the pay-per-install wrappers we saw a few years ago that were allegedly intended for legitimate use with user consent, but were easily abused by cybercriminals. Meanwhile, the authors who originated the wrapper code made money according to the number of installs, so the nature of usage—benign or malicious—wasn’t too important to them.

To protect our users from being exploited without their consent, we at Webroot have chosen to block websites that run these scripts. Webroot will also block pages that use scripts from any CoinHive copycats, such as the nearly identical Crypto-Loot service.

There are a few other ways to block these sites. You can use browser extensions like Adblock Plus and add your own filters (see the complete walkthrough here.) If you’re looking for more advanced control, extensions like uMatrix will allow you to pick and choose which scripts, iframes, and ads you want to block.

Update 12/13/17:

CoinHive scripts running rampant

If there was ever any doubt around the severity of this emerging threat and the overall nefarious use of CoinHive’s scripts, it can be put to rest. CoinHive engineers have now essentially admitted that they’ve “invented a whole new breed of malware,” according to a report in the German newspaper Süddeutsche Zeitung.

With the continued price surges in Monero, and the cryptocurrecy market as a whole, it seems cryptojacking becomes a more lucrative opportunity for cybercriminals with each passing day. And recent revelations have shown even more surreptitious methods being used by cryptojacking sites to evade user detection. One website was seen hiding a popup window underneath the Window’s task bar in order to continue mining after users believe they have closed their web browser, according to Bleeping Computer.

CoinHive’s cryptojacking script was even spotted on public WiFi at a Starbucks in Buenos Aires, according to BBC News.

Working remotely? It only takes a moment on a free WiFi connection for a hacker to access your personal accounts. While complimentary WiFi is convenient, protecting your connection with a VPN is the best way to stay safe on public networks, keeping your data and browsing history secure. 

Are you prepared for today’s attacks? Discover the year’s biggest cyber threats with the annual Webroot Threat Report.

What is a VPN?

VPN stands for “virtual private network” and is a technology that can be used to add privacy and security while online. It’s specifically recommended when using public WiFi which is often less secure and is often not password protected.  

VPN’s act as a bulletproof vest for your internet connection. In addition to encrypting the data exchanged through that connection, they help safeguard your data and can enable private and anonymous web browsing. However, even if you’re using a VPN, you must still be careful about clicking on suspicious links and downloading files that may infect your computer with a virus. Protecting yourself with antivirus software is still necessary.

When and why should you use a VPN?

When checking into your hotel, connecting to the WiFi is often one of the first things you do once settling in. While it may sound like a tempting offer, logging in to an unsecured connection without a VPN is a very bad idea. In July, ZDNet reported the return of hacker group DarkHotel which aims to target hotel guest’s computers after they have logged on to the building’s WiFi. Once compromising a guest’s WiFi, the hacker group can then leverage a series of phishing and social engineering techniques to infect targeted computers. 

Traveling and lodging is just one example of when you can use a VPN to help stay secure and avoid potential attacks, however anyone can benefit from using a VPN.  

From checking Facebook on an airport hotspot, accessing your company files while working remotely or using an open network at your local coffee shop, regardless of the scenario, using a public WiFi can potentially put the data you’re sending over the internet at risk. For business looking to secure their guest WiFi, click to learn more about our DNS protection solution.

Ready to take back control of your privacy? Webroot WiFi Security is compatible with devices running iOS^®, Android^™, macOS^® and Windows^® operating systems, and is now available to download on the Apple App Store, Google Play^™ store, and Webroot.com.

Conventional wisdom about passwords is shifting, as they are increasingly seen as a less-than-ideal security measure for securing digital accounts. Even the recommended rules for creating strong passwords were recently thrown out the window. Average users are just too unreliable to regularly create secure passwords that are different across all accounts, so using technology to augment this traditional security is imperative.

From online banking to email to cloud-based file storage, much of our high-value information is in danger if a hacker gains access to our most frequently visited sites and accounts. That’s where two-factor authentication comes in.

Two-factor authentication (2FA) adds an extra layer of security to your basic login procedure. When logging into an account, the password is a single factor of authentication, and requiring a second factor to prove you are who you say you are is an added layer of security. Each layer of security that you add, exponentially increases protection from unauthorized access.

Three categories of two-factor authentication:

1. Something you know, such as a password.
2. Something you have, such as an ID card, or a mobile phone.
3. Something you are, a biometric factor such as a fingerprint.

The two factors required should come from two different categories. Often, the second factor after entering a password is a requirement to enter an auto-generated PIN code that has been texted to your mobile phone. This combines two different types of knowledge: something you know (your password) and something you have (your mobile phone to receive a code in SMS text or code from a 2FA app).

Protect accounts with an extra layer of security

Popular social media sites, including Twitter, Facebook, Instagram and Pinterest, have added 2FA to help protect users. In addition, you may have noticed that services from companies such as Apple, Google and Amazon will notify you via email each time you log in from a different device or location.

While 2FA from an SMS text message is popular and much more secure than a password alone, it is one of the weaker types of 2FA. This is because it’s relatively easy for an attacker to gain access to your SMS texts. When you log in to your account and it prompts for a SMS code, the website then sends the code to a service provider and then that goes to your phone.

This is not as secure as everyone thinks, because the phone number is the weakest link in the process. If a criminal wanted to steal your phone number and transfer it to a different SIM card, they would only need to provide an address, the last four digits of your social security number, and maybe a credit card number.

This is exactly the type of data that is leaked in large database breaches, a tactic to which most Americans have fallen victim at some point or another. Once the attacker has changed your phone number to their SIM card, they essentially have your number and receive all your texts, thus compromising the SMS 2FA.

Ready to protect your home setup? Explore and compare Webroot’s home cybersecurity solutions here.

Many people are guilty of using weak passwords or the same login information across several accounts, and if this sounds like you, we recommend that you use authenticator apps such as Google Authenticator and Authy. These apps are widely supported and easy to setup.

Simply go to the “account settings” section on the site you want to enable. There should be an option for 2FA if it is supported. Use the app on your phone to scan the QR code and, just like that, it’s configured to give you easy six-digit encrypted passwords that expire every 30 seconds.

What happens when you’re not using sites that have 2FA enabled? Quite simply, security is not as tight and there’s a higher risk of a hacker gaining access to your accounts. Depending on what is stored, your credit card information, home address, or other sensitive data could be stolen and used to commit fraud or sold on the DarkWeb.

Learn how to enable 2FA on your Webroot SecureAnywhere in our Community Knowledge Base.

The U.S. electrical grid is in “imminent danger” from cyberattacks according to a report from the U.S. Energy Department released earlier this year. Such an attack would put much of the infrastructure that we rely on for public safety and basic services in jeopardy—electricity, water, healthcare, and communications systems, among others.

Just last week, an email was sent to energy and industrial firms by the DHS and FBI warning of hacking groups targeting critical infrastructure in the “energy, nuclear, water, aviation, and critical manufacturing sectors.”

Great power, great responsibilty

While the networked technology behind this infrastructure empowers our society, it also exposes us to new risks. Most people are aware of the cyber threats facing our personal mobile devices, home computers, and smart appliances. But the risks to public safety on a larger scale are less well known. Commitment to securing this brave new world is critical if we are to avoid serious public safety problems.

Cyberattacks targeting our critical infrastructure reveal our shared responsibility in securing the networks we depend on each and every day in our connected world. 

Ransomware attacks—when cybercriminals hack a computer, encrypt the files and hold them hostage—pose a particularly dangerous threat for public infrastructure.  It is estimated that ransomware has resulted in billions of dollars of losses in the last year alone, according to our June 2017 Quarterly Threat Trend Report.

Already this year, we’ve seen several major ransomware attacks on government entities, including counties, cities and multiple police departments leading to major disruptions in services like emergency response times, video surveillance and emergency radio transmissions.

In June, an infamous cyberattack dubbed NotPetya hit Europe, affecting workplaces and public domains. This attack mirrored its predecessor named Petya (a type of ransomware), except this new incarnation used “EternalBlue to target Windows systems—the same exploit behind the infamous WannaCry attack.” It also differed from other popular ransomware attacks by denying user access and attacking low-level structures on the disk. This Petya-based attack targeted employees at one of the world’s largest advertising agencies, as well as oil companies, shipping companies and banks. A new ransomware attack that emerged this week named Bad Rabbit also appears to be linked to the NotPetya attack.

As advanced threats such as ransomware continue to evolve in sophistication, they present a more imminent threat to the systems and services we rely on for public safety. Cyberattacks targeting our critical infrastructure reveal our shared responsibility in securing the networks we depend on each and every day in our connected world. 

Get tips on becoming a more proactive and prepared citizen with our “One Wrong Click” infographic.

Over the last year, a handful of cyberattacks have made news headlines and affected families. High-tech toy maker Spiral Toys was the victim of a particularly cunning hacking scheme. The maker of CloudPets stuffed animals reportedly exposed more than two million private voice recordings and the login credentials of 800,000 accounts. While these “smart toys” are part of a wave of internet-connected devices providing fun and memorable experiences, they are also exposing millions of users to cyber threats. These toys may appear harmless on the surface, but their vulnerability to attack should be kept top-of-mind by any parent.

Educate your family

One of the best ways to ensure your children maintain a safe online presence is to start the conversation around the potential risks they face in our increasingly connected world early on.

When it comes to online safety, the U.S. Department of Homeland Security recommends looking for “teachable moments” that arise naturally during day-to-day computer use. For example, if you get a phishing message, show it to your kids so they can identify similar messages in the future and recognize they are not always what they seem.

BBC reported that “children aged five to 16 spend an average of six and a half hours a day in front of a screen compared with around three hours in 1995, according to market research firm Childwise.” With the amount of time kids and teens spend in front of a computer screen daily, and with hacking and cybercriminals becoming more advanced and sophisticated, it’s more important than ever to teach kids how to be cyber savvy.

One of the best ways to ensure your children maintain a safe online presence is to start the conversation around the potential risks they face in our increasingly connected world early on.

Tips for your cyber savvy kids

In addition to using tools like Webroot’s Parental Controls, CISO Gary Hayslip summarizes a few safety tips:

• Don’t give out financial account numbers, Social Security numbers, or other personal identity information unless you know exactly who’s receiving it.
• Remember to also protect other people’s information as you would your own.
• Never send personal or confidential information via email or instant messages as these can be easily intercepted.

Find more tips to keep your family safe online, wherever they connect.

“I use a Mac, so I don’t need to worry about malware, phishing, or viruses.” Many Mac users turn a blind eye to cybersecurity threats, often noting that most scams and attacks occur on PCs.

However, within the last few years, there has been a noted uptick in spyware (a type of software that gathers information about a person or organization without their knowledge), adware (software that automatically displays or downloads advertising material), and potentially unwanted applications (PUAs) on Macs and iOS devices.

While Macs are known to have strong security features, they are by no means bullet proof. In a recent interview with CSO Magazine, Webroot Vice President of Engineering David Dufour noted, “Many of these incidents are occurring through exploits in third-party solutions from Adobe, Oracle’s Java and others, providing a mechanism for delivering malicious software and malware.” Even the most internet-savvy users should be sure to install antivirus software on their Mac products.

Security tips for safe browsing on a Mac

Traditionally, because the Windows operating system is more widely used around the world, it is also more highly targeted by cybercriminals. However, Apple devices running macOS are still vulnerable to security threats, and protecting them should be a priority for anyone who owns them. Check out the following security recommendations to help ensure safety wherever you connect with your Mac, in addition to having an up-to-date antivirus installed:

1. Try using a VPN
   VPN stands for “virtual private network” and is a technology that adds an extra level of privacy and security while online, particularly when using public WiFi networks, which are often less secure. This recent Refinery29 article illustrates the benefits of VPNs for your work and personal life.
2. Secure your browser
   You may be tempted to ignore messages about updating your browsers, but the minute an update is available, you should download and install it. This is good advice for all software being run on any devices—desktop, laptop, or mobile.
3. Secure backup
   Be sure to regularly backup your computer and iOS devices so you can easily retrieve your data in case you get locked out of your device.
4. Use a strong login password
   Use a unique combination of numbers and letters to password-protect your Mac. This is good advice in general for all of the passwords you create. For an added security step, check out the Webroot Password Manager tool to make it easier to manage and organize your passwords.

Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

A phishing attack is a tactic cybercriminals use to bait victims with fake emails that appear to come from reputable sources. The attackers’ goal is to lure the user into opening an attachment, clicking on a malicious link, or responding with private information. These phony emails have become alarmingly realistic and sophisticated. A scam may come in the form of a banking inquiry, an email from a seemingly official government agency, or even a well-known brand with whom you’ve done business—maybe you even pay them a monthly subscription fee.

If you do take the bait, you’ll likely be directed to a malicious website, where you’ll be prompted to enter your account login details, a credit card number, or worse yet, your social security number. The end goal of these phishing attacks is solely to steal your private information.

According to the Webroot Quarterly Threat Trends Report, the first half of 2017 saw an average of more  46,000 new phishing sites being launched every single day, making it the number-one cause of cybersecurity breaches. As hackers devise new phishing tactics, traditional methods of detecting them quickly become outdated.

One of the most popular tricks criminals use to avoid detection is the short-lived attack. The Quarterly Threat Trends Report also revealed that these attacks, where a phishing site is live on the internet for as short as 4 to 8 hours, are seeing a continued rise. Short-lived attacks are so hard to catch because traditional anti-phishing techniques like black-lists are often 3-5 days behind, meaning the sites have already been taken down by the time they appear on the list.

You’re probably already aware of the primary phishing-avoidance tip: do not click on suspicious links or unknown emails. But, as the state of phishing becomes even more advanced, how can you best spot and avoid an attack?

Lesser-known phishing giveaways

Webroot recommends keeping an eye out for the following:

1. Requests for confidential information via email or instant message
2. Emails using scare tactics or urgent requests to respond.
3. Lack of a personal message or greeting. Legitimate emails from banks and credit card companies will often include a personalized greeting or even a partial account number or user name.
4. Misspelled words or grammatical mistakes. Call the company if you have suspicions about an email you’ve received.
5. Directions to visit websites with misspelled URLs, or use of , which precede the normal domain (something like phishingsite.webroot.com).

Stay ahead of cybercriminals

If an email in your inbox does seem suspicious, here are a few things you can do:

1. Contact the service or brand directly via another communication channel (i.e., look up their customer support phone number or email address), and ask them to verify whether the content of the email is legitimate.
2. Avoid providing any personally identifiable information (PII) electronically, unless you are extremely confident the email is from the stated source.
3. If you do click a link from an email, verify the site’s security before submitting any information. Make sure the site’s URL begins with “https” and that there’s a closed lock icon near the address bar. Also, be sure to check for the site’s security certificate.

With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.

Webroot: For starters, how do you describe ransomware? What exactly is being ransomed?

Tyler Moffit: To put it simply, your files are stolen. Basically, any files that you would need on the computer, whether those are pictures, office documents, movies, even save files for video games, will be encrypted with a password that you need to get them back. If you pay the ransom, you get the password (at least, in theory. There’s no guarantee.)

How does the average home user get infected with ransomware?

“Malspam” campaigns are definitely the most popular. You get an email that looks like it’s from the local post office, saying you missed a package and need to open the attachment for tracking. This attachment contains malware that delivers the ransomware, infecting your computer. It is also possible to become infected with ransomware without clicking anything when you visit malicious websites. Advertisements on legitimate websites are the biggest target. Remote desktop protocol (RDP) is another huge attack vector that is gaining traction as well. While controlling desktops remotely is very convenient, it’s important to make sure your passwords are secure.

How is the data ? Is the ransomed data actually taken or transmitted?

When you mistakenly download and execute the ransomware, it encrypts your files with a password, then sends that password securely back to the attacker’s server. You will then receive a ransom demand telling you how to pay to get the password to unlock your files. This is a really efficient way to prevent you from accessing your files without having to send gigabytes of information back to their servers. In very simple terms, the files are scrambled using a complex algorithm so that they are unreadable by any human or computer unless the encryption key is provided.

What types of files do ransomware attacks usually target?

Most ransomware is specifically engineered to go after any type of file that is valuable or useful to people. Around 200 file extensions have been known to be targeted. Essentially, any file that you’ve saved or open regularly would be at risk.

How does the attacker release the encrypted files?

The attacker provides a decryption utility via the webpage where you make the payment. Once you receive the decryption key, all you have to do is input that key into the tool and it will decrypt and release the files allowing you to access them again. Keep in mind, however, that the criminal who encrypted your files is under no obligation to give them back to you. Even if you pay up, you may not get your files back.

Tips for protecting your devices:

• Use reliable antivirus software.
• Keep all your computers up-to-date. Having antivirus on your computer is a great step towards staying safe online; however, it doesn’t stop there. Keeping your Windows PCs and/or Mac operating systems up-to-date is equally important.
• Backup your data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.

Remember, being an informed and aware internet user is one of the best defenses against cyberattacks. Stay tuned in to the Webroot blog and follow us on your favorite social media sites to stay in-the-know on all things cybersecurity.