Category Archives: Cellphones

HOW TO LIVE A DOUBLE LIFE ONLINE WITHOUT GET CAUGHT

Simone Smith,

Contributor Digital Identity Researcher

How to Lead a Double Life Online and Not Get Caught

Simone Smith

Updated Sep 30, 2013 The Internet allows us to form new identities and express controversial ideas without fear of personal reprisal. It allows us to explore interests that would be misunderstood by friends and family and discuss experiences that may damage our career.

There are many reasons to want to create a pseudonymous identity online. You may have undergone a traumatic experience you don’t feel comfortable talking about in public. You may be the head of a stuffy art museum, but love writing Doctor Who fan-fiction. You may want to write a scandalous tell-all blog. Or you may be a rabid democrat living in an extremely-conservative small town. You may just find it liberating to be freed from the biases society holds against your offline life or background.

How to Browse Without Being Tracked
There are many ways your online identity is tracked. For example, websites use cookies to track your activity and record your IP address. To prevent a covert online identity from being associated with your offline identity, you will need to change both your online habits and the tools you use to browse the web.

The first step is to begin using Tor. Tor is a free browser that obscures your IP address by using onion proxy software that provides multi-layer encryption. While not tied to you, personally, your IP address is associated with your individual computer, hence a skilled individual may use your IP address to discover your offline identity. This is why it is important to not rely on services like Chrome’s incognito mode to attempt to live your double life online; while it will prevent websites from storing things on your computer, it will not hide your IP address.

To download the Tor Browser Bundle, which includes everything you need to browse the net anonymously, visit Tor’s website and follow their instructions (also read up on using Tor properly- there are some things you can do using Tor that might still reveal your identity if you are not careful). You should use Tor Browser for all of your secret online activities. It may run a bit slower (as your interactions with other sites are bounced through at least three relays), but it is better to be safe and slow than speedy and sorry.

Use Tor for regular activities as well. This mitigates risk associated with others noticing your browser choice. When questioned about Tor, simply say you use Tor Browser because of concerns about privacy, which have been exacerbated because of this year’s revelations about the NSA.

How to Lay the Foundation of Your Double Life
Most online accounts require an email address. It should go without saying that you should not be using your personal email address when doing anything related to your pseudonymous identity. Instead, you should create a separate email that has no connection to your normal identity and is only used in connection to your covert activities.

I recommend using a free service such as Hushmail, Gmail, or Riseup.net to create this account rather than Yahoo or Hotmail, as the latter options include the IP address of the computer used to send a particular message. While this matters less when you are using Tor, you may still find yourself in a situation in which you need to check that account without the browser’s protection, hence more secretive email providers are better.

Tips on Developing Sound and Secretive Habits
With Tor Browser and a designated email account, you are free to live out your double life- so long as you do so carefully.

Never ever use a work computer for secretive activities. I don’t care how encrypted your work communications are. Company-owned computers are not to be trusted. Keylogging software, which will make all of your careful precautions amount to nothing, is only one of many potential complications.

Avoid using mobile devices. They can be lost. They can be stolen. Strangers (or worse yet, friends, family, and colleagues) can more easily look over your shoulder or snatch your device out of your hands. If you must conduct some of your double life through a mobile device, make sure it is password protected, only use it in private spaces, and bolster it with additional privacy protections, which, for the sake of brevity, I recommend you find independently.

If your double life involves posting content (e.g. blog posts about your secret ventures as an undercover nun), schedule your posts (many blogging platforms offer this functionality) so that they are published at random intervals that cannot be associated with a specific time zone or lifestyle. Do not tag photos, posts, or tweets with your location.

Important Identifying Information to Hide
Obvious information that might be used to determine who you are (eg. your name or the names of people in your life, your personal email address, identifying photos. etc.) is but a small factor to consider. Most secret identities are discovered by those who use more subtle hints to piece together your personal puzzle.

Don’t give away hints by even letting your pseudonym resemble your real name. If your name is John Doe, your online handle should be entirely different, like Shane Kugel (and not J.D. or Shawn Moe). Be extremely careful about mentioning employers in a manner that would enable the casual viewer to narrow your real employer down to a couple of candidates (e.g. “I work for a pet grooming salon in San Francisco, California”). Also be mindful with regard to any habits, sayings, or possessions you might mention (e.g. a storm trooper figurine kept at your desk) that could be identified by those who know you in real life.

If you maintain a website, make your WHOIS information private. If you do not, everything from your name to your email, phone number, and address may show up in WHOIS queries (just search for your friends’ domains to get an idea of the information that might be revealed). Subscribe to The Morning Email. Wake up to the day’s most important news.

Should you be involved in commerce, opt for trades whenever possible. Gift cards might be a convenient form of currency, so long as you keep the value of transactions below $500. Generally speaking, money is difficult to keep anonymous online- even when Bitcoin is used.

The Importance Leaving No Trace
Whenever you finish a session of secretive internet activity, your computer should be devoid of damning information. While it helps that you are using Tor, it is also important that you delete any files from your computer related to your pseudonymous identity (e.g. drafts of blog posts, photos, etc.) before you get up and walk away.

You never know who might poke around your desktop when you aren’t looking, and you would be surprised by how many friends and family members know the passwords to their loved ones’ machines.

Good Luck!
This brief guide is an introduction, not a comprehensive playbook. Its recommended tactics will help you avoid major mistakes and may accommodate “harmless” double lives, but if you are involved in some serious whistle blowing activity, fighting against a totalitarian government, or are threatening to take down a beloved member of 4Chan, you’re playing an entirely different ballgame.

THE VERY BEST ENCRYPTED MESSAGING APPS

If you’d rather not have the government, hackers, your internet service provider, or anyone else potentially intercepting and reading your private communications, you should make sure you’re using a secure messaging app. Specifically, one that uses encrypted messaging.

As you’ve probably noticed (unless you live under a rock, which is slowly sounding more and more like the way to go) internet privacy has become one of the hottest topics of the decade. In 2017, the United States Congress repealed regulations that would help protect your data from being sold by broadband and wireless companies. In 2016, the UK’s Parliament passed the Investigatory Power Act (also known as the Snooper’s Charter), which expands the surveillance power of the UK Intelligence Community and police. And in 2018, Australia forced famous messaging app WhatsApp to include spyware so they could see what you’re typing. Not to mention what’s going on in the news right now concerning privacy. If you aren’t already worried, now is a pretty good time to start wondering just how safe your online communications actually are, and what the most secure messaging app is.

What makes a messaging app secure?

An encrypted messaging app has something more important than cool widgets and a gigantic library of emojis: it has features that work quietly in the background to make sure the app is secure.

End-to-end encryption

The main thing to check for when choosing a messaging app is whether or not it uses end-to-end encryption. End-to-end encryption means your private chat messages are scrambled, and only the sender and the receiver of the messages have the “keys” to read them. This ensures that no one besides you and the person you’re talking to can decipher the messages.

Ironically, encryption used to be thought of as something only used by the paranoid or those with a compelling need for secrecy, such as political dissidents. It was only after whistleblower Edward Snowden leaked classified documents revealing the U.S. NSA’s global surveillance program that the world began to fully understand the importance of encryption and online privacy. Since then, many companies (including Facebook, Apple, and Google) have ramped up encryption on their software.

Default encryption settings

Just because an app offers end-to-end encryption, doesn’t mean that it’s the default setting. Some messaging apps require you to go into the app’s settings and actually turn on the encryption feature, while others only encrypt messages in certain scenarios (for instance, blue iMessages versus green text messages). Because the importance of encryption is still relatively new, many people may just assume the app is safe without knowing if or when their messages are encrypted — so look for one that has encryption on as the default for you and whomever you’re messaging.

Open source code

While fears of reverse-engineering or code backdoors may make it seem counterintuitive for an app maker to reveal an app’s source code, doing so is now widely regarded as an indicator of the app’s integrity. Open source code opens the app up to outside accountability and auditing by experts, which can be a useful way to bring attention to any weaknesses or vulnerabilities in the code.

Data collection

While many messaging apps today have started using end-to-end encryption, some still collect data information about you, called metadata. Metadata is kind of like your electronic fingerprint, and includes data such as who you talk to (via your contacts list), for how long, and at what time, as well as information about the device you use, your IP address, phone number, and more. Setting up a VPN app on your mobile device is an easy way to block the collection of this kind of personal information. Both AVG Secure VPN for Android and AVG Secure VPN for iOS are available to help you seamlessly protect your online privacy.

Try AVG Secure VPN for Android

What are the most secure messaging apps for Android & iPhone?

1. Signal

additional-image-signal-620x300

Originally known as TextSecure Private Messenger, Signal has been touted as the gold standard of messaging security by cryptographer Bruce Schneier, Edward Snowden, US congress, and even the European Commission. Available as a free messaging app on iPhone and Android phones, as well as desktops, Signal sends messages across its own data infrastructure.

Signal security features

  • End-to-end encryption
    Messages sent via the Signal app can only be viewed by the sender and receiver. Not even the company behind the app, Open Whisper Systems, can decrypt the messages. In addition to instant messages, you can also make voice calls, group messages, and encrypted video calls.
  • Open Source
    Signal has open source code that can be viewed by anyone. This kind of transparency allows for routine auditing and helps ensure that the app’s security is always up to date.
  • Disappearing messages
    For extra security, Signal allows you to make both sent and received messages “disappear” after a certain amount of time has elapsed.
  • Minimal data storageUnlike many other messaging apps, Signal only stores the metadata required for the app to work, such as your phone number, random keys, and profile information.
  • Password security The app also allows you to set a password to lock it. So even if your phone falls into the wrong hands, your messages will still be protected.

Signal security risks 

The best thing about Signal is that there are virtually no security risks. As long as the app’s developers continue to be diligent about fixing vulnerabilities, Signal will remain at the top of the messaging app food chain.

2. Wickr Me

additional-image-wickr-620x300

Available on both iPhone and Android, Wickr has distinguished itself from the pack by offering secure messaging options for both personal use (Wickr Me) and for businesses and enterprises (Wickr Pro). While Wickr Me is free, Wickr Pro is a paid service that comes with a 30-day free trial.

Wickr Me security features 

  • End-to-end encryption
    In addition to encrypted messaging, in 2018 Wickr announced that its “Me” service will also offer encrypted calling and voice messaging (which are already offered in the Pro version).
  • Screenshot detection
    Wickr recently announced that they will be offering a new feature that allows users to detect screenshots. This means that you will receive a notification if someone takes a screenshot of a message you send.
  • Screen overlay protection
    On Android devices, Wickr has released a new feature that allows users to disable “Screen Overlays”. This prevents users from being able to interact with the app when an overlay is detected, and helps protect the app from TapJacking.
  • Third party keyboards
    On iOS, Wickr lets you block Third Party Keyboards. This helps protect your information by preventing third party keyboards from recording usernames, passwords, and other information that is typed into the app.
  • Secure Shredder
    This feature adds an extra layer of security by making sure your already deleted files can’t be recovered with special tools or technology. While Wickr does this for you periodically, you also have the option to manually erase information from your phone.

Wickr Me security risks 

Like Signal, Wickr is generally considered almost foolproof from a security standpoint. Though it was previously criticized for keeping its code closed source, in 2017 Wickr finally released its cryptographic protocol on Github. If you feel like getting technical about the app’s security, you can check out Wickr’s Customer Security Promises.

3. Dust

Dust

Formerly known as Cyber Dust, Mark Cuban’s brainchild messaging app Dust is available on both iOS and Android. The main purpose of the app is to send private messages (or photos and videos) called “Dusts” to your contacts that “turn to dust” and disappear within 100 seconds of being read. “Blasts” are another type of message that can be sent to a group of people, but are read privately. Finally, you can start group chats, simply known as “Groups.”

Dust security features

  • End-to-end encryption
    Dust uses “heavy encryption,” although the code is not actually available for viewing. You can send encrypted text, photo, or video messages, but the app does not allow for voice or video calls.
  • No permanent storage
    Not only are your messages not permanently saved on your phone or the company’s servers (instead they’re sent to the app’s RAM memory until they are accessed by the receiver), you can also erase your messages off of other people’s devices.
  • Screenshot alerts
    If a screenshot is attempted on an Android phone, the name of the person who sent the message is removed, effectively eliminating context from the conversation. Apple prevents apps from blocking screenshots, so instead, iPhone users receive a notification if someone takes a screenshot of their sent message.
  • Auto “Dust”
    Messages are automatically erased either within 24 hours, or as soon as they’re read. You can choose.

Dust security risks

There are currently no significant security risks associated with Dust, aside from the potential risks and lack of transparency related to the app’s code not being open source.

4. WhatsApp

additional-image-whatsapp-620x300

With over 300 million daily users, WhatsApp is one of the most popular messaging apps being used today. The app’s popularity is definitely one of its strong points, along with the fact that it’s available for free on both iPhone and Android and doesn’t show any ads. You can easily send text messages, photos, as well as short video and voice messages. But are WhatsApp chats private?

WhatsApp security features

  • End-to-end encryption 
    In April 2016, WhatsApp implemented a super secure encryption protocol developed by Open Whisper Systems (the company behind secure messaging app Signal) across all mobile platforms. Thanks to this protocol, only the sender and receiver have the keys to decrypt messages sent via WhatsApp, meaning they can’t be accessed and read by anyone else. Voice and video calls are also encrypted.
  • Verify encryption 
    WhatsApp also has a “Verify Security Code” screen in the contact info screen that allows you to confirm that your calls and messages are end-to-end encrypted. The code is presented as both a QR code and a 60-digit number.
  • Two-step verification 
    An optional feature, two-step verification allows you to add more security to your account by setting a PIN number that is required to verify your phone number on any device.
  • Messages not stored
    The only time your message is kept on a WhatsApp server is the period after you send it and before it is delivered to the receiver. If it can’t be delivered for some reason, then the message is deleted from the server after 30 days.

WhatsApp Security risks

  • Unencrypted backups
    WhatsApp messages can’t be intercepted during transmission, but what about message backups on iCloud or Google Drive? The good news for iPhone users is that WhatsApp added encryption protection to iCloud backups in late 2016. But Android phone messages backed up on Google Drive are not encrypted, leaving them potentially vulnerable to hackers, governments that could legally force Google to turn over your messages, or even Google itself. So how can you protect your privacy on WhatsApp as an Android user? Fortunately, you can disable WhatsApp message backups on Google Drive.
  • Facebook privacy issues
    WhatsApp was bought by Facebook in 2014, transferring concerns about the social media conglomerate’s reputation for invasive data collection to the messaging app. While Facebook assures users that there is no possible way for them to view encrypted WhatsApp messages, WhatsApp did announce that they would be sharing user metadata with Facebook, for various purposes such as ad-targeting.

5. Telegram

additional-image-telegram-620x300

Claiming over 200 million users on both iPhone and Android, Telegram has been steadily growing in popularity since its debut in 2013 and is known for its unique group chat feature that can support up to 100,000 members. Earlier in 2018, however, a clash with the Russian government over the app makers’ refusal to hand over the encryption keys resulted in it being banned in Russia entirely. Telegram has also been viewed as controversial because of its status as the preferred messaging app of ISIS. This has further driven the conversation about what responsibility messaging apps have to work with law-enforcement versus keeping user data fully protected.

Telegram security features

  • End-to-end encryption 
    Telegram offers a feature called “Secret Chat” that allows you to protect your messages with end-to-end encryption. However, the feature is not default, so you’ll need to know how to turn it on.
  • Passcode Lock
    You can set a 4-digit code to prevent intruders from accessing your messages, which can be useful if your phone gets lost or stolen.
  • Two-step verification 
    Found in Settings, two-step verification requires you to use both an SMS code and a password (be sure you know what not to do when creating a password) to log in to the app. You can also set up a recovery email address in case you forget your password).
  • Open source code
    Anyone can check Telegram’s source code, protocol, and API to make sure it is up to par.
  • Telegram Cracking Contest
    Telegram challenges “hackers” to attempt to break through their encryption and decipher messages, offering a $300,000 reward for anyone who is able to do so. This helps ensure that any potential vulnerabilities will be found and fixed.
  • Self-destructing messages 
    Like many other messaging apps, Telegram also offers a Self-Destruct Timer (for Secret Chats only) that will delete private text messages and media within a preset time limit.
  • Remote logout 
    Because you can log into Telegram from numerous devices at the same time (web, PC, tablet, smartphone, etc.), the app offers the ability to log out of other sessions from the current device you’re using through the Settings menu. This way, if your device is lost or stolen, you can still make sure your messages are secure.
  • Account self-destruct 
    After your account has been inactive for a certain amount of time (six months being the default), your account will automatically self-destruct, completely wiping clean all of your messages and media.

Telegram security risks

  • End-to-end encryption isn’t default 
    You must manually enable Telegram’s “Secret Chat” feature, otherwise chats are only encrypted between your device and Telegram’s server.
  • Logging chat data
    If you don’t enable the Secret Chat feature, then your chat data is saved on Telegram’s servers. The company claims this is in case you lose your device and want to recover your messages, but from a security standpoint, this is a big no-no.
  • Possibly flawed encryption technology 
    Telegram created its own MTProto protocol, instead of using one that is already proven secure, such as the Signal protocol. Many experts have questioned the reasoning behind this, and have expressed skepticism about the lack of transparency surrounding the protocol.

6. Apple iMessage

additional-image-imessage-620x300

The instant messaging service developed by Apple Inc., iMessage is supported by the Messenger application on iOS version 5.0 and later. Allowing users to send text, documents, videos, photos, contact information, and group messages over the internet, iMessage is very popular among iPhone users (and can only be used between them). We’ve already gone over tips on how to keep your iPhone safe, but is iMessage actually secure?

iMessage security features 

  • End-to-end encryption 
    iMessage end-to-end encryption only protects messages between iPhone users (which appear in blue). If you send a message to an Android user for instance, the message is sent as a normal text message (in green) and is not encrypted. Unlike many of the other apps on this list, it seems like Apple won’t be coming out with iMessage for Android. Though iMessage doesn’t directly allow for video or voice calls, its sister app FaceTime does (with encrypted protection).
  • Self-destructing messages
    Many iMessage users are unaware that the app provides a feature that allows you to control how long each photo, video, or message will appear before it’s gone. You can also choose how many times the viewer can see the message. However, the feature is only available with iOS 10 and later.
  • iMessages deleted from servers
    Your encrypted messages only remain on Apple’s servers for 7 days before they are deleted.

iMessage security risks 

  • Encryption weaknesses
    In 2016, researchers at Johns Hopkins University revealed a flaw with Apple’s encryptionimplementation that could leave iMessages vulnerable to decryption. Later, in 2019, researchers from Project Zero presented 6 high-level exploits that allowed them to use iMessages to take over a user’s device. All these issues were quickly patched, but it does imply the risk of other, unknown vulnerabilities lurking in the code.
  • iCloud backups
    If you back up your iMessages to iCloud, these messages are encrypted on iCloud using a key controlled by the company, not you. This means that, if your iCloud is hacked or subpoenaed by a court, they could be revealed. And while Apple has been firm about not creating “back doors” into their system or weakening encryption, they and other tech companies do have a history of cooperating with authorities when it comes to turning over information stored in the Cloud.

7. Facebook Messenger

additional-image-messenger-620x300

Facebook’s messaging app is available for both iPhone and Android phones, and provides a convenient way to keep up with friends and family thanks to its sheer popularity.

Facebook Messenger security features

  • End-to-end encryption 
    In 2016, Facebook added its Secret Conversations feature to secure messages with the Signal end-to-end encryption protocol (also used by WhatsApp). However, Signal and WhatsApp have end-to-end encryption by default, while Secret Conversations must be activated.
  • Self-destructing messages
    You can set Facebook Messenger messages to self-destruct after a certain period of time (between five seconds and 24 hours).

Facebook Messenger security risks 

  • Encryption not by default
    As mentioned above, end-to-end encryption for messages must be activated by the user. This means that messages sent without this feature are only encrypted when sent to Facebook’s server, and then encrypted again when sent to the recipient (whereas end-to-end is directly between sender and recipient). This means a copy of the message remains on Facebook’s servers.

App to avoid: Google Hangouts

additional-image-hangouts-620x300

Despite being available for free on both iOS and Android, Google Hangouts is riddled with privacy and security concerns. Though it does encrypt hangout conversations, it doesn’t use end-to-end encryption — instead, messages are encrypted “in transit”. This means that they are only encrypted between your device and Google’s servers. Once they are on a server, Google has complete access to them. If ordered to do so, Google can tap into private communication sessions and relay that information to government agencies. And with Google’s Transparency Reportrevealing that the company does indeed receive and often fulfill requests for customer information, this is a very real concern.

Additionally, images sent via Hangouts are shared through public URLs, meaning that virtually anyone (who knows a thing or two about URLs) can view your private images. This is definitely not the app you should be using to send…sensitivepics.

How can I stay safe?

We believe everyone has a right to online privacy, and deserves to message their friends and family without worrying about who might be sneaking a peak. In an ideal world, everyone would be using super secure messaging apps like Signal or Wickr to communicate. But with the popularity of less secure or privacy-questionable apps such as Facebook Messenger and WhatsApp, sometimes the middle ground is more convenient. If you do choose to use a less secure messaging app, pair it with VPN protection. A virtual private network encrypts everything you do online, including messaging as well as other tasks that may expose your sensitive personal info like online shopping and banking. We offer AVG Secure VPN for iOS and AVG Secure VPN for Androidto keep your information safe.

RECOVERING FROM IDENTITY THEFT

What is identity theft?

By Alex Santiago

Identity theft is a serious crime. Identity theft happens when someone uses information about you without your permission. They could use your:

  • name and address
  • credit card or bank account numbers
  • Social Security number
  • phone or utility account numbers
  • medical insurance numbers

How will I know if my identity was stolen?

Here are ways you can tell that someone is using your information:

  • You see withdrawals from your bank account that you cannot explain.
  • You find credit card charges that you didn’t make.
  • The Internal Revenue Service (IRS) says someone used your Social Security number to get a tax refund or a job.
  • You do not get your bills or other mail.
  • You get bills for utilities or medical services you did not use.
  • Debt collectors call you about debts that are not yours.
  • You find strange accounts or charges on your credit report.

What is IdentityTheft.gov?

IdentityTheft.gov is a website that helps you recover from identity theft. You:

  • answer questions about what happened to you
  • put in your name, address, and other information
  • get your Identity Theft Report
  • get a recovery plan created just for you

You also can create an account. The account helps you through the recovery steps and tracks your progress.

What is an Identity Theft Report?

An Identity Theft Report helps you fix your bills and your credit report. Your Identity Theft Report tells your creditors that you should not have to pay for what the identity thief spent.

You get an Identity Theft Report when you report a problem to IdentityTheft.gov. This is your statement about what happened. It lists what accounts are not yours and what charges you did not make.

What is a credit report?

Your credit report is a summary of your credit history. It lists:

  • your name, address, and Social Security number
  • your credit cards
  • your loans
  • how much money you owe
  • if you pay your bills on time or late

Who creates my credit report?

A credit bureau creates your credit report. The credit bureau gathers information about you and your credit history.

There are three main credit bureaus:

  • Equifax
  • Experian
  • Transunion

What is a fraud alert?

A fraud alert tells businesses that they must contact you before they give someone credit in your name. You put a fraud alert on your credit report. A fraud alert makes it hard for someone else to open new accounts in your name.

There are a few kinds of fraud alerts. They are all free:

  • Initial fraud alert – lasts for one year. Use this if you thinksomeone stole your identity.
  • Extended fraud alert – lasts for seven years. Use this if you knowsomeone stole your identity.
  • Active duty alert – lasts up to one year. Use this if you are in the military and deployed.

What do I do when someone steals my identity?

It is very important to act fast.

First, call the companies where you know fraud happened.

  • Explain that someone stole your identity.
  • Ask them to close or freeze your accounts.
  • Then change your password or personal identification number (PIN).

Then visit IdentityTheft.gov or call 1-877-438-4338.

  • Report the crime and get a recovery plan that’s just for you.
  • You can create an account. The account helps you with the recovery steps and tracks your progress.

For Example

Why is it important to act so fast?

If you wait, the identity thief has more time to cheat you. That means there are more problems to fix. Acting fast means there should be fewer problems to fix.

Why should I use IdentityTheft.gov?

IdentityTheft.gov helps you fix problems related to identity theft, like these:

  • mistakes on your credit report
  • accounts that are not yours
  • mistakes on your bills
  • getting extended fraud alerts

IdentityTheft.gov also gives you a recovery plan just for you.

What comes first in my recovery plan?

The first step of your recovery plan is to call the credit bureaus. Ask the credit bureau for an initial fraud alert. It is free and lasts for 90 days. The fraud alert makes it harder for thieves to open accounts in your name.

The next step is to ask all three credit bureaus for a credit report. If someone stole your identity, your credit report is free. Look at your credit report for things you do not recognize.

How do I fix mistakes on my credit report?

Send a letter to the credit bureau to fix mistakes on your credit report. IdentityTheft.gov gives you letters that are filled out with your information. You can print the letter, sign it, and send it to the credit bureau.

How do I fix mistakes on my bills?

You might find mistakes when you read your bills. There might be charges you do not recognize. You can send a letter to the company that has the mistakes. Ask the company to fix those mistakes.

IdentityTheft.gov gives you letters filled out with your information. You can print the letter, sign it, and send it to the company. Use the address the company gives for disputes.

Then change your password and PIN with the company that has the mistakes on your bills.

How do I close an account that is not mine?

Your credit report might list accounts that you did not open. You can send a letter to the business that has the account. Ask them to close the account.

IdentityTheft.gov gives you letters that are filled out with your information. You can print the letter, sign it, and send it to the business. Send a copy of your Identity Theft Report with the letter.

A business might ask you to use a form to close an account. If they do, send that form.

What happens when my initial fraud alert expires?

You can put an extended fraud alert on your credit report. An extended fraud alert is good for seven years.

IdentityTheft.gov helps you place the alert. Contact each credit bureau to ask for an extended fraud alert. You might have to give them a copy of your Identity Theft Report.

HOW TO KNOW WHEN YOUR PHONE HAS BEEN HACKED

by Natasha Stokes on May 01, 2019

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

From email to banking, our smartphones are the main hub of our online lives. No wonder that smartphones are starting to stack up to computers as common targets for online hackers.

Security researchers recently revealed one attack campaign that released malicious Android apps that were nearly identical to legitimate secure messaging programs, including WhatsApp and Signal, tricking thousands of people in nearly 20 countries into installing it. These apps were downloaded via a website called Secure Android, and once installed, gave hackers access to photos, location information, audio capture, and message contents. According to EFF Staff Technology Cooper Quentin, of note is that the malware did not involve a sophisticated software exploit, but instead only required “application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware.”

Malware is often downloaded from non-official sources, including phishing links sent via email or message, as well as malicious websites such as the Secure Android site mentioned above. (While security experts recommend always downloading from official app stores – like the Apple App Store or Google Play – some countries are unable to access certain apps from these sources, for example, secure messaging apps that would allow people to communicate secretly.

Across the board, mobile malware has been on the riseup – in part due to an increase in political spies trying to break into the devices of persons of interest. Once this malware is online, other criminals are able to exploit compromised devices too. Malware can include spyware that monitors a device’s content, programs that harness a device’s internet bandwidth for use in a botnet to send spam, or phishing screens that steal a user’s logins when entered into a compromised, legitimate app.

Then there are the commercial spy apps that require physical access to download to a phone – often done by those well-known to the victim such as a partner or parent – and which can monitor everything that occurs on the device.

Not sure if you may have been hacked? We spoke to Josh Galindo, director of training at uBreakiFix, about how to tell a smartphone might have been compromised. And, we explore the seven ways your phone can be hacked and the steps you can take to protect yourself.

6 Signs your phone may have been hacked

1. Noticeable decrease in battery life

While a phone’s battery life inevitably decreases over time, a smartphone that has been compromised by malware may start to display a significantly decreased lifespan. This is because the malware – or spy app – may be using up phone resources to scan the device and transmit the information back to a criminal server.

(That said, simple everyday use can equally deplete a phone’s lifespan. Check if that’s the case by running through these steps for improving your Android or iPhone battery life.

2. Sluggish performance

Do you find your phone frequently freezing, or certain applications crashing? This could be down to malware that is overloading the phone’s resources or clashing with other applications.

You may also experience continued running of applications despite efforts to close them, or even have the phone itself crash and/or restart repeatedly.

(As with reduced battery life, many factors could contribute to a slower phone – essentially, its everyday use, so first try deep cleaning your Android or iPhone.)

3. High data usage

Another sign of a compromised phone is an unusually high data bill at the end of the month, which can come from malware or spy apps running in the background, sending information back to its server.

4. Outgoing calls or texts you didn’t send

If you’re seeing lists of calls or texts to numbers you don’t know, be wary – these could be premium-rate numbers that malware is forcing your phone to contact; the proceeds of which land in the cyber-crim’s wallet. In this case, check your phone bill for any costs you don’t recognise.

5. Mystery pop-ups

While not all pop-ups mean your phone has been hacked, constant pop-up alerts could indicate that your phone has been infected with adware, a form of malware that forces devices to view certain pages that drive revenue through clicks. Even if a pop-up isn’t the result of a compromised phone, many may be phishing links that attempt to get users to type in sensitive info – or download more malware. The vast majority of such pop-ups can be neutralised simply by shutting the window – though be sure you’re clicking the right X, as many are designed to shunt users towards clicking an area that instead opens up the target, sometimes malicious, site.

6. Unusual activity on any accounts linked to the device

If a hacker has access to your phone, they also have access to its accounts – from social media to email to various lifestyle or productivity apps. This could reveal itself in activity on your accounts, such as resetting a password, sending emails, marking unread emails that you don’t remember reading, or signing up for new accounts whose verification emails land in your inbox.

In this case, you could be at risk for identity fraud, where criminals open new accounts or lines of credit in your name, using information taken from your breached accounts. It’s a good idea to change your passwords – without updating them on your phone – before running a security sweep on your phone itself.

SOS steps

If you’ve experienced any of these symptoms of a hacked smartphone, the best first step is to download a mobile security app.

For Android, we like Avast, which not only scans for malware but offers a call blocker, firewall, VPN, and a feature to request a PIN every time certain apps are used – preventing malware from opening sensitive apps such as your online banking.

iPhones may be less prone to hacks, but they aren’t totally immune. Lookout for iOS flags apps that are acting maliciously, potentially dangerous Wi-Fi networks,  and if the iPhone has been jailbroken (which increases its risk for hacking). It’s free, with $9.99/month for identity protection, including alerts of logins being exposed.

Who would hack your phone?

By now, government spying is such a common refrain that we may have become desensitized to the notion that the NSA taps our phone calls or the FBI can hack our computers whenever it wants. Yet there are other technological means – and motives – for hackers, criminals and even the people we know, such as a spouse or employer, to hack into our phones and invade our privacy.

7 ways your phone can be hacked

From targeted breaches and vendetta-fueled snooping to opportunistic land grabs for the data of the unsuspecting, here are seven ways someone could be spying on your cell phone – and what you can do about it.

1. Spy apps

There is a glut of phone monitoring apps designed to covertly track someone’s location and snoop on their communications. Many are advertised to suspicious partners or distrustful employers, but still more are marketed as a legitimate tool for safety-concerned parents to keep tabs on their kids. Such apps can be used to remotely view text messages, emails, internet history, and photos; log phone calls and GPS locations; some may even hijack the phone’s mic to record conversations made in person. Basically, almost anything a hacker could possible want to do with your phone, these apps would allow.

And this isn’t just empty rhetoric. When we studied cell phone spying apps back in 2013, we found they could do everything they promised. Worse, they were easy for anyone to install, and the person who was being spied on would be none the wiser that there every move was being tracked.

“There aren’t too many indicators of a hidden spy app – you might see more internet traffic on your bill, or your battery life may be shorter than usual because the app is reporting back to a third-party,” says Chester Wisniewski, principal research scientist at security firm Sophos.

Likelihood

Spy apps are available on Google Play, as well as non-official stores for iOS and Android apps, making it pretty easy for anyone with access to your phone (and a motive) to download one.

How to protect yourself

  • Since installing spy apps require physical access to your device, putting a passcode on your phone greatly reduces the chances of someone being able to access your phone in the first place. And since spy apps are often installed by someone close to you (think spouse or significant other), pick a code that won’t be guessed by anyone else.
  • Go through your apps list for ones you don’t recognize.
  • Don’t jailbreak your iPhone. “If a device isn’t jailbroken, all apps show up,” says Wisniewski. “If it is jailbroken, spy apps are able to hide deep in the device, and whether security software can find it depends on the sophistication of the spy app [because security software scans for known malware].”
  • For iPhones, ensuring you phone isn’t jailbroken also prevents anyone from downloading a spy app to your phone, since such software – which tampers with system-level functions – doesn’t make it onto the App Store.
  • Download a mobile security app. For Android, we like Avast and for iOS, we recommend Lookout for iOS.

2. Phishing by message

Whether it’s a text claiming to be from your financial institution, or a friend exhorting you to check out this photo of you last night, SMSes containing deceptive links that aim to scrape sensitive information (otherwise known as phishing or “smishing”) continue to make the rounds.

Android phones may also fall prey to messages with links to download malicious apps. (The same scam isn’t prevalent for iPhones, which are commonly non-jailbroken and therefore can’t download apps from anywhere except the App Store.)

Such malicious apps may expose a user’s phone data, or contain a phishing overlay designed to steal login information from targeted apps – for example, a user’s bank or email app.

Likelihood

Quite likely. Though people have learned to be skeptical of emails asking them to “click to see this funny video!”, security lab Kaspersky notes that they tend to be less wary on their phones.

How to protect yourself

  • Keep in mind how you usually verify your identity with various accounts – for example, your bank will never ask you to input your full password or PIN.
  • Avoid clicking links from numbers you don’t know, or in curiously vague messages from friends, especially if you can’t see the full URL.
  • If you do click on the link and end up downloading an app, your Android phone should notify you. Delete the app and/or run a mobile security scan.

3. SS7 global phone network vulnerability

A communication protocol for mobile networks across the world, Signalling System No 7 (SS7), has a vulnerability that lets hackers spy on text messages, phone calls and locations, armed only with someone’s mobile phone number. An added concern is that text message is a common means to receive two-factor authentication codes from, say, email services or financial institutions – if these are intercepted, an enterprising hacker could access protected accounts, wrecking financial and personal havoc.

According to security researcher Karsten Nohl, law enforcement and intelligence agencies use the exploit to intercept cell phone data, and hence don’t necessarily have great incentive to seeing that it gets patched.

Likelihood

Extremely unlikely, unless you’re a political leader, CEO or other person whose communications could hold high worth for criminals. Journalists or dissidents travelling in politically restless countries may be at an elevated risk for phone tapping.

How to protect yourself

  • Use an end-to-end encrypted message service that works over the internet (thus bypassing the SS7 protocol), says Wisniewski. WhatsApp (free, iOS/Android), Signal (free, iOS/Android) and Wickr Me (free, iOS/Android) all encrypt messages and calls, preventing anyone from intercepting or interfering with your communications.
  • Be aware that if you are in a potentially targeted group your phone conversations could be monitored and act accordingly.

4. Snooping via open Wi-Fi networks

Thought that password-free Wi-Fi network with full signal bars was too good to be true? It might just be. Eavesdroppers on an unsecured Wi-Fi network can view all its unencrypted traffic. And nefarious public hotspots can redirect you to lookalike banking or email sites designed to capture your username and password. And it’s not necessarily a shifty manager of the establishment you’re frequenting. For example, someone physically across the road from a popular coffee chain could set up a login-free Wi-Fi network named after the café, in hopes of catching useful login details for sale or identity theft.

Likelihood

Any tech-savvy person could potentially download the necessary software to intercept and analyze Wi-Fi traffic – including your neighbor having a laugh at your expense (you weren’t browsing NSFW websites again, were you?).

How to protect yourself

  • Only use secured networks where all traffic is encrypted by default during transmission to prevent others from snooping on your Wi-Fi signal.
  • Download a VPN app to encrypt your smartphone traffic. ExpressVPN (Android/iOS from $6.67/month) is a great all-round choice that offers multi-device protection, for your tablet and laptop for example.
  • If you must connect to a public network and don’t have a VPN app, avoid entering in login details for banking sites or email. If you can’t avoid it, ensure the URL in your browser address bar is the correct one. And never enter private information unless you have a secure connection to the other site (look for “https” in the URL and a green lock icon in the address bar).

5. Unauthorized access to iCloud or Google account

Hacked iCloud and Google accounts offer access to an astounding amount of information backed up from your smartphone – photos, phonebooks, current location, messages, call logs and in the case of the iCloud Keychain, saved passwords to email accounts, browsers and other apps. And there are spyware sellers out there who specifically market their products against these vulnerabilities.

Online criminals may not find much value in the photos of regular folk – unlike nude pictures of celebrities that are quickly leaked– but they know the owners of the photos do, says Wisniewski, which can lead to accounts and their content being held digitally hostage unless victims pay a ransom.

Additionally, a cracked Google account means a cracked Gmail, the primary email for many users.

Having access to a primary email can lead to domino-effect hacking of all the accounts that email is linked to – from your Facebook account to your mobile carrier account, paving the way for a depth of identity theft that would seriously compromise your credit.

Likelihood

“This is a big risk. All an attacker needs is an email address; not access to the phone, nor the phone number,” Wisniewski says. If you happen to use your name in your email address, your primary email address to sign up for iCloud/Google, and a weak password that incorporates personally identifiable information, it wouldn’t be difficult for a hacker who can easily glean such information from social networks or search engines.

How to protect yourself

  • Create a strong password for these key accounts (and as always, your email).
  • Enable login notifications so you’re aware of sign-ins from new computers or locations.
  • Enable two-factor authentication so that even if someone discovers your password they can’t access your account without access to your phone.
  • To prevent someone resetting your password, lie when setting up password security questions. You would be amazed how many security questions rely on information that is easily available on the Internet or is widely known by your family and friends.

6. Malicious charging stations

Well-chosen for a time when smartphones barely last the day and Google is the main way to not get lost, this hack leverages our ubiquitous need for juicing our phone battery, malware be damned. Malicious charging stations – including malware-loaded computers – take advantage of the fact that standard USB cables transfer data as well as charge battery. Older Android phones may even automatically mount the hard drive upon connection to any computer, exposing its data to an unscrupulous owner.

Security researchers have also shown it’s possible to hijack the video-out feature on most recent phones so that when plugged into a malicious charge hub, a hacker can monitor every keystroke, including passwords and sensitive data.

Likelihood

Low. There are no widely known instances of hackers exploiting the video-out function, while newer Android phones ask for permission to load their hard drive when plugged into a new computer; iPhones request a PIN. However, new vulnerabilities may be discovered.

How to protect yourself

  • Don’t plug into unknown devices; bring a wall charger. You might want to invest in a charge-only USB cable like PortaPow ($6.99 on Amazon)
  • If a public computer is your only option to revive a dead battery, select the “Charge only” option (Android phones) if you get a pop-up when you plug in, or deny access from the other computer (iPhone).

7. FBI’s StingRay (and other fake cellular towers)

An ongoing initiative by the FBI to tap phones in the course of criminal investigations (or indeed, peaceful protests) involves the use of cellular surveillance devices (the eponymous StingRays) that mimic bona fide network towers.

StingRays, and similar pretender wireless carrier towers, force nearby cell phones to drop their existing carrier connection to connect to the StingRay instead, allowing the device’s operators to monitor calls and texts made by these phones, their movements, and the numbers of who they text and call.

As StingRays have a radius of about 1km, an attempt to monitor a suspect’s phone in a crowded city center could amount to tens of thousands of phones being tapped.

Until late 2015, warrants weren’t required for StingRay-enabled cellphone tracking; currently, around a dozen states outlaw the use of eavesdropping tech unless in criminal investigations, yet many agencies don’t obtain warrants for their use.

Likelihood

While the average citizen isn’t the target of a StingRay operation, it’s impossible to know what is done with extraneous data captured from non-targets, thanks to tight-lipped federal agencies.

How to protect yourself

  • Use encrypted messaging and voice call apps, particularly if you enter a situation that could be of government interest, such as a protest. Signal (free, iOS/Android) and Wickr Me (free, iOS/Android) both encrypt messages and calls, preventing anyone from intercepting or interfering with your communications. Most encryption in use today isn’t breakable, says Wisniewski, and a single phone call would take 10-15 years to decrypt.

“The challenging thing is, what the police have legal power to do, hackers can do the same,” Wisniewski says. “We’re no longer in the realm of technology that costs millions and which only the military have access to. Individuals with intent to interfere with communications have the ability to do so.”

From security insiders to less tech-savvy folk, many are already moving away from traditional, unencrypted communications – and perhaps in several years, it’ll be unthinkable that we ever allowed our private conversations and information to fly through the ether unprotected.