Google Study Finds Phishing a Bigger Threat for Users Than Third-Party Data Breaches

Google Study Finds Phishing a Bigger Threat for Users Than Third-Party Data Breaches

Phishing attacks via fake emails pose the greatest threat to people, followed by keyloggers and third-party breaches as account hacking increases globally, a new Google study has revealed.

Keystroke logging is a type of surveillance software that once installed on a system, has the capability to record every keystroke made on that system. The recording is saved in an encrypted log file.

According to Google, enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets.

A Google team, along with the University of California, Berkeley, tracked several black markets that traded third-party password breaches as well as 25,000 blackhat tools used for phishing and keylogging.

“In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches,” Google said in a blog post late on Friday.

Account takeover, or ‘hijacking’, is a common problem for users across the web. More than 15 per cent of Internet users have reported experiencing the takeover of an email or social networking account.

“From March 2016 to March 2017, we analysed several black markets to see how hijackers steal passwords and other sensitive data,” said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google.

The tech giant then applied the insights to its existing protections and secured 67 million Google accounts before they were abused.

“While our study focused on Google, these password stealing tactics pose a risk to all account-based online services. In the case of third-party data breaches, 12 percent of the exposed records included a Gmail address serving as a username and a password,” the blog post read.

Of those passwords, 7 percent were valid due to reuse. When it comes to phishing and keyloggers, attackers frequently target Google accounts to varying success: 12-25 percent of attacks yield a valid password.

However, because a password alone is rarely sufficient for gaining access to a Google account, increasingly sophisticated attackers also try to collect sensitive data that we may request when verifying an account holder’s identity.

“We found 82 percent of blackhat phishing tools and 74 percent of keyloggers attempted to collect a user’s IP address and location, while another 18 percent of tools collected phone numbers and device make and model,” Google noted.

“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defences in order to stay ahead of these bad actors and keep users safe,” it added.

There are some simple steps people can take that make these defences even stronger.

“Visit Google’s Security Checkup to make sure you have recovery information associated with your account, like a phone number, and allow Chrome to automatically generate passwords for your accounts and save them via Smart Lock,” Google cautioned.

[“Source-ndtv”]

Reliance JioMoney Could Well Be a Disruptor, but Not Just Yet

Reliance JioMoney Could Well Be a Disruptor, but Not Just YetReliance JioMoney Could Well Be a Disruptor, but Not Just Yet

HIGHLIGHTS

  • JioMoney is Reliance Jio’s digital wallet
  • You can use it to recharge your accounts or pay offline
  • Login issues plagued our usage over the whole week

Reliance Jio wants to empower 10 million merchants to make digital transactions. The JioMoney appwas supposed to roll out to merchants last week, while Jio users have of course been using it for recharges and P2P payments for a lot longer, ever since the test rollout started almost a year ago now.

At the announcement for Jio Money earlier this month, Reliance Industries Chairman Mukesh Ambani talked about how every Indian now has a digital money wallet linked to their bank account. He spoke about Aadhaar based micro-ATMs at Jio’s eKYC enabled stores. Ambani laid out a massive vision for JioMoney, one that could well disrupt the rapid development we’re seeing in the fintech world.

The ground reality is a little different though – we’ve been using the JioMoney app for a week now – or trying to anyway – and our finding is that much like JioCinema and JioMusic, the JioMoney experience is very much a work in progress at this point.

Both of those apps have been tweaked since we reviewed them, and some of the early problems have been resolved, while a few others still remain. A re-branding also involved a rethink of the UX, which was very welcome. Conceivably, it’s possible that Reliance Jio will put JioMoney through the same kind of process as well, because as of now on day one, or rather week one, there’s no doubt that this kind of re-imagining is required.

jio in app jio_in_app

First up, let’s talk about something basic – logging in. To log in, enter your Jio number and password, and then verify your date of birth. This worked a couple of times, and did not work on many other occasions. In short, simply logging in to JioMoney to start using the app is a frustrating challenge, as there are frequent “Error processing request” messages, which is not helped by the fact that – as a genuinely welcome security measure – you can only attempt to verify your account a set number of times per hour.

Once you actually get into the app, there are all the usual options – the design looks a little clunky right now, but that’s true for all of Jio’s apps during their early days, and like we mentioned earlier, there’s hope that this will eventually change. The app lets you send or request money, pay bills and recharges, pay at a shop, along with a section for coupons, and for giving to charity. The last of these is unusual but that notwithstanding, the offerings are pretty much in line with the industry. You should be able to use the app to pay your Jio bills as well, whenever that comes into effect.

Recharges are a smooth process, with little or no issue as long as you’re able to get into the app. You can recharge other prepaid phone connections, DTH connections, gas payments, and so on. You can transfer money to a bank account using IMPS by using its IFSC code and account number. You can use this to take your money out of Jio as well.

jio barcode jio_barcode

Pay at shop via the Reliance JioMoney app requires you to enter the seller’s phone number or scan a code, after which you enter your mPIN to authorise the transaction. This seems to be a workable way of doing this, but unlike other wallets, whose stickers now emblazon shop after shop, it’s very hard to know where you actually can use JioMoney. Although we were very hopeful that we’d have stories to share about using it in the real world, the sad fact is that all of our transactions – in between many logouts and request processing errors – took place online.

In contrast, we’ve used several other digital wallets throughout the week, to buy everyday items, pay for conveyance, and to grab a bite. A week is too short a time to expect Jio to be massively visible of course, but given Ambani’s pledge of reaching 10 million merchants very soon, it’s going to have to pick up the pace very quickly.

[“Source-gadgets.ndtv”]

How To Lead Creative People (When You’re Not A Creative Yourself)

Shutterstock

Creative people tend to be sensitive souls – some might even go so far as to say ‘highly strung’. They don’t always take criticism well, no matter how kindly it’s meant, and can perceive even the smallest piece of negative feedback as an unbridled assault on their competence.

In their work, many leaders who do not come from a creative background themselves have to learn how to motivate agency staff and freelancers. So how can they get these volatile ideas folk to produce truly outstanding work? Here are five top tips for encouraging the sparks of genius to fly:

    1. Praise us! If you want to keep getting great work out of creative people, the secret is not just to pay their invoice promptly at the end of the project (although that helps a lot, admittedly) but also to give them positive feedback if you’re happy with a job well done. You’re our client. We want to make you happy. If we were just in it for the money, we would have done something else instead – like law.
    1. Brief us properly. Sadly the place where most creative projects go wrong is right at the start – ie the part where you’re involved. If you don’t take the time to give us a proper, well-considered brief, either in writing or verbally, you’re effectively setting us loose to interpret what we think you want in the way we think is best. Unless you really are very open-minded about what you want, that’s a recipe for disaster. It’s a bit like saying to a builder: “Hey there, please can you build me a house” and just leaving them to get on with it.
    2. Be specific in your feedback. Saying something ‘doesn’t quite work for me but I don’t know why’ isn’t very helpful to a creative. If you want to get a better result, you need to be able to tell us why you don’t like a piece of work and what might make it better. Don’t be afraid to wrestle with a challenge and make your own input. Creative people value collaboration. In fact, the best results often come out of clients and creative teams working together constructively.
  1. Remember that we have feelings. You might not like the work we’ve sent you but unless it’s obviously sloppy – riddled with spelling mistakes, for example – the chances are that we’ve really labored over it and truly believe that we’ve done a good job for you. So before you embark on a long list of what’s wrong with a piece of work, try to highlight any parts of it that you do like or acknowledge where you may not have been clear on an aspect of the brief. Build a relationship with us – along with everyone else, we try harder for people we like.
  2. Be realistic. About everything. Don’t give a writer a strict word count and then ask them to make lots of points that could not conceivably be made effectively in such a small number of words. Don’t give a designer a day to turn around a complex piece of artwork that incorporates lots of charts. Finally, don’t expect to pay pittance and get outstanding work delivered ahead of deadline. You will just end up with a frustrated creative who produces suboptimal results.

[“Source-forbes”]

Two smartphone apps for regulating a child’s smartphone and internet use

Family

The Family Link app for Android is shown. (Google)

If you want to supervise the online activity of your kids or teens who were given a smartphone this Christmas, you can install an app to control internet access, filter inappropriate websites and content, and block specific apps. Here’s a selection of some of the most comprehensive parental control apps on the market.

Qustodio

Qustodio’s parental control operates in a similar way, and provides a daily online activity report for each child. Device screen time limits can also be set for each child. With the free version of the app, you can only supervise one child on one device. Otherwise, the cost of the subscription fee depends on the number of kids and devices covered.

Xooloo Parents

This very comprehensive app also monitors kids’ online activity on different mobile devices. As an example, it can block an app after it has been used for a certain period of time, and the child is warned by a virtual coach when they are approaching the fixed limit. While the app itself is free, the cost of subscribing to the service starts at $2.99 a month and rises depending on the number of devices used by the children.

[“Source-ctvnews”]