Advice for securing Zoom, COVID-19 scam uses Trump’s name and suspicious apps in Apple’s store.
Welcome to Cyber Security Today. It’s Friday April 10th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
In previous podcasts and news stories I’ve talked about privacy concerns with the Zoom videoconferencing service. These have come to light with more people working from home due to the COVID-19 crisis. The company is toughening up procedures. In the meantime security firm Kaspersky issued advice on how to protect yourself when using Zoom. First, only get Zoom from the company web site, zoom.us, or from the Google Play or Apple stores. But be careful. Don’t download a fake app. I’ll have more to say about that in a few minutes.
When registering for Zoom create a strong password for logging in, and enforce it with two-factor authentication. This next bit is tricky: As part of the registration you get a Personal Meeting ID. Keep that to yourself. When you create a meeting invitation for others, don’t include your Personal Meeting ID. Every meeting has a number, but your Personal Meeting ID should never be given out. Don’t send out meeting invites on social media like Twitter and Facebook, where large numbers of people can see. Instead, send invites to only the people you want by email. Finally, there are two versions of Zoom: A desktop client, which requires users to download software, and the web client, which runs in your browser. If possible, use the web version.
As I said earlier, there are lots of fake versions of videoconferencing apps, including Zoom, Skype, Microsoft Teams, Webex, GoToMeeting and Slack. Be careful. Don’t click on a link someone sends you that promises to be an app. If you hunt through the Google Play store you’ll find dozens of questionable apps with names that are slightly altered like Update for Skype or Find Skype Friends or mis-spell Zoom. Some of them will be obvious fakes because the app developer’s name looks odd. Rather than search through the Google Play store for an app, do a Google search to find the real version.
More COVID-19 email scams have been discovered. A security company called Inky found emails pretending to be from the White House or President Donald Trump with attachments on tax advice or steps to deal with the virus. Click on the attachment and your computer gets a virus. And the news site Bleeping Computer has come across a threatening scam sent to company executives that pretends to be from U.S. Vice-President Mike Pence. It says an unnamed security agency has told him the company has been making unacceptable business dealings. Ignore the email and evidence will be provided to “appropriate hands.” This notice is full of spelling and grammatical errors and should be ignored.
My last piece of coronavirus-related advice deals with apps that supposedly help you track your COVID-19 symptoms. Be suspicious of apps that want to access your smartphone’s contact list, location or camera. A security company called ZeroFox says some of these apps have been created by governments around the world. The real purpose may be to track people. They may also have been written quickly and contain security vulnerabilities.
Security vendor Sophos has followed up on an analysis of Android apps in the Google Play store that don’t give you very much for your money with a new report on questionable apps in Apple’s App Store. There are more than 30 apps it calls fleeceware, because they fleece users of their money. Many of these apps have a short free trial period, then charge $30 a month or $9 per week. That adds up to a lot of money. But they offer few features that aren’t available in other apps that either charge less, or are truly free. And they’re from reputable companies. These questionable apps are image editors, horoscope/fortune telling and palm readers, QR code and bar code scanners, and face filter apps for adding silly tweaks to selfies. Mobile device users should carefully look at the terms before downloading apps. Be careful of apps promoted in ads. There’s a link to the report with a list of these less than valuable apps in the text version of this podcast.
Finally, if you use the Firefox browser there have been a couple of important security updates issued in the past few days. You can check by going to the three bars in the top right of the browser, click on Help and then on About Firefox. You should be on version 75.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.