The Apps Your Partner Could Be Using to Spy on You

Someone could be spying on you right now and you might not even know about it.

“These apps are brutal,” Ondrej Krehel told me during a conversation about spyware, or “spouseware” as the software is sometimes called.

“It doesn’t matter what ‘intended use’ these app developers claim in their sales pitches. They are increasingly being used by teens to spy on their love interests,” Krehel said. “It’s quite prevalent.”

Krehel is CEO and founder of LIFARS, a digital forensics and cybersecurity intelligence firm. He sees spyware as a concern for consumers.

“The malware that is used to spy on terrorists and other criminals is not too different from the spyware currently marketed to consumers — although it has fewer features,” Krehel said.

What ‘Spouseware’ Can Do

FlexiSpy, mSpy and Mobile Spy are some of the names in the consumer spyware app business. The applications make it possible to monitor virtually every communication made on a targeted smartphone or computer.

The various spyware, or spouseware, apps available on the market can let users see absolutely everything that happens on a device. It’s like a surveillance camera pointed at the user’s screen.

Here’s an at-a-glance list of what kind of information would-be spies can see:

  • All social media
  • Snapchat
  • Encrypted messaging apps like WhatsApp
  • Dating Apps
  • Text messages
  • Calls
  • Real-time GPS location

At $29.99 a month, pretty much anyone can be a spy. MSpy alone has more than a million users.

The stories of stalkers, jilted lovers and overzealous admirers are legion. In 2014, NPR reported that 85% of 72 domestic violence shelters they surveyed said they were working with victims whose abusers tracked them with GPS. Seventy-five percent said they had worked with victims whose abusers used hidden mobile apps to eavesdrop on them remotely.

While there is sadly no shortage of stories out there, most are told under the cloak of aliases. Although largely anecdotal, Krehel told me the misuse of spyware among teens was without doubt a growing problem.

“I would say 30% of the spyware users out there are young guys spying on their girlfriends,” he said.

The end user agreements are clear. These apps are to be used for legal purposes only. The marketing is not pointed at monitoring fidelity, but rather what a child is getting up to or as an enterprise tool for managing employees.

The app developers make it clear that any monitoring made possible with spyware should be done with the consent and knowledge of the party whose device is being tracked.

MSpy’s user agreement says: “User acknowledges that the Software shall be used for the purpose of monitoring, tracking and obtaining access to certain devices as cell phone and computer (including, but not limited to, email and text messages) of children and employees and other device owners with their consent hereto, including through the use of devices, on which the Software is installed.”

It is illegal to spy on someone without their consent. The problem here is that while it’s illegal, the penalties are not very serious. Krehel stated that while a person might get 30-day jail sentence or pay a fine, the damage inflicted is sometimes life-changing with victims and the people in touch with them suddenly finding themselves in divorce proceedings, losing jobs or even committing suicide.

What to Do

As with all things security-related, it is good practice to assume that the unimaginable — or in this case the prevalent — can happen to you, too. It’s also wise to take the necessary measures to prevent it.

  • While it is possible to install spyware remotely on some Apple products, most often physical possession of a device is required. Never surrender your device to anyone, or leave it unattended.
  • Don’t assume your passwords are unknown to those closest to you. (Check out these tips for better internet safety.)
  • Never share your cloud credentials, since this makes it possible to install some types of spyware.
  • Protect your passwords and change them often. Or use biometric authentication.
  • Don’t assume that just because you don’t see a spyware app on your device that it isn’t there. Check for installed apps and software (this may require programs that review apps and software), and become acquainted with the software and apps out there.
  • If you suspect you’ve got spyware on a device, save what needs to be saved on an external drive and wipe the device, restoring the factory default settings. But bear in mind that there are some snooping techniques (the NSA place their exploits directly on a chip in the device hardware) where a factory reset won’t help you.
  • To further guard against fraud and identity theft, monitor your credit for any suspicious changes. You can get a free credit report snapshot on Credit.com.

It’s rough out there for people concerned about their privacy, but being alert goes a long way.

Image: shapecharge

The post The Apps Your Partner Could Be Using to Spy on You appeared first on Credit.com.

Do I Need to Shred My Old Credit Cards?

shred_credit_cards

Chances are you’re probably already shredding documents like your bank and credit card statements before discarding them. You might even be taking the extra step of shredding things like credit card applications and other pieces of mail you receive since they contain personal information, such as your address. But are you shredding old credit cards when you get a replacement card?

If you aren’t, you probably should.

“With the proliferation of data breaches, phishing scams and ID theft, consumers should do everything possible to protect themselves and minimize risk,” said Thomas Nitzsche, media relations manager for ClearPoint Credit Counseling Solutions.

And that includes your old credit cards (it’s even a good idea for card accounts you’ve closed). That’s because the two most important components of preventing identity theft and unauthorized charges on your accounts are one, securing your sensitive information, and two, reviewing your financial statements regularly.

“Not completely destroying a credit card puts you at risk for ‘dumpster divers’ retrieving your card information and using it fraudulently,” Nitzsche said. “The best way to securely dispose of an old credit card is to shred it and place it in a secure locked recycling bin — such as a locked workplace data destruction service bin.”

Of course, your credit card protects you from fraudulent charges, but you still have to report those suspect charges within a reasonable timeframe. Law dictates that you’re only liable for up to $50 of unauthorized activity, no matter when you report it. And if your card wasn’t present in the unauthorized transaction, you have zero liability. Still, even if you’re regularly checking your statements, it can be easy to overlook small amounts charged over a long period of time. This form of unauthorized use is known as “cramming.”

“Most credit card issuers will only go back and remove the charges for a certain number of months, so it is important to be vigilant,” Nitzsche said.

With all the capabilities credit card thieves have, it’s unrealistic to expect you can prevent theft. Beyond shredding your credit cards, you’ll want to take other precautions, like using secure payment websites, never storing payment information in your web browser and only enabling NFC or RFID payment at the moment of a transaction. Beyond that, you’ll have to watch out for signs of credit card fraud.

You can check your account activity routinely — even daily — or set up transactional monitoring with your bank or credit card issuer. You’ll also want to check your credit scores for sudden changes (it could be a sign someone ran up your credit card balance without your permission) and review your free annual credit reports at AnnualCreditReport.com for other kinds of fraud that can be trickier to detect, like identity theft. To get updates on your credit standing, you can see two of your free credit scores, updated monthly, on Credit.com.

Image: mapodile

The post Do I Need to Shred My Old Credit Cards? appeared first on Credit.com.

7 Texts You Should Ignore

Whether you’re trying to win tickets to a sold-out concert, remind your partner to buy milk, vote for your favorite reality TV personality or ask your headphones-encased kid a question, there’s a text for that. While texting is a great convenience and time saver (not to mention an international obsession), if you respond to a wrong text — think: Wyle E. Coyote and the Roadrunner — look out below!

Phishing via text works the same way as email, the only difference is format, tone and, of course, length. The goal remains to commandeer as much information about you as possible (to use for fraud) and/or take control of your device. The pilfered information can be seriously harmful to your sanity, not to mention your finances, since scam artists are always looking to make a quick buck at your expense.

There are many texts you should handle with kid gloves, and still others that you should ignore.

I’m not talking about the obvious “don’ts” here, like looking at texts that were not sent to you. (Oh, and in case you missed that memo, sneaking a peak at your partner’s texts is and always will be a one-way ticket to relational oblivion.) What you need to worry about are texts that could have plausibly been sent to you.

This latter category of text is not always obviously fraudulent. The same thing that makes texting second nature to you is what makes it a potential hazard to your personal information safety.

Regardless of their apparent merit, instead of replying to unsolicited texts directly, you should call the purported sender directly to be sure they aren’t trying to contact you.

With that in mind, here are seven texts you’ll want to be wary of.

1. Texts From Your Bank With Links

Automatic transaction alerts are an excellent security measure. You can set an alert on your checking and savings accounts to cover all kinds of parameters, such as the minimum balance you have to maintain without incurring a fee, a trigger amount on a withdrawal and more. These can be delivered via text, and here’s the thing: the SMS version from your bank will never contain a link. If you get one that does, ignore it. You can also call your bank directly.

2. Texts From the IRS

This is the easiest phishing scam to detect. The IRS never sends texts — ever. It’s also worth noting that the IRS won’t email you about official business either. The only way to do business with the IRS is via the United States Postal Service or by telephone — and if you are contacted by phone, it’s a good rule of thumb to tell the person who called you that you are concerned about security, and you need a reference number or department because you are going to call back on the IRS main phone line about whatever the matter may be. Also keep in mind that just because your caller ID tells you the incoming call is from the IRS does not mean it is the IRS since many phishers are consummate “spoofers.”

3. Texts From Your Credit Card Company With a Call to Action

This is similar to a text from your bank, but with more options for failure. You may have transaction alerts set that get delivered via text. You may have also consented to promotional notices. The bottom line with texts from your credit card company: whatever they are allegedly saying to you via text, they will say to you on the phone. Ignore any texts with a call to action, even if you want to take the action, and call your credit card company directly on the number designated on the back of your credit card. Especially ignore the text if it says that clicking on the link (or calling the number) is the only way to get a particular promotion.

4. Unsolicited Texts From Your Doctor, Lawyer, or Accountant

Businesses that collect a lot of personal information from clients, like medical practices, law firms or accounting firms can be prime targets for hackers. If you get a text from any of these folks, no matter how convincing, and no matter how much about you they seem to know (remember, these same professionals may not have the best defenses against hackers), ignore the text and call them.

5. Random Texts From Your Mortgage Company

I am guessing you’re getting the gist of this game, but any seemingly official notification about one’s mortgage somehow has the ability to completely unhinge people, especially if there is a problem. As data breaches have become the third certainty in life, it is quite likely your mortgage information is out there. If a scammer gets ahold of it, they might try to scare you into taking an action via text, like sending payments to a new address. Ignore them and call your mortgage holder.

6. Scary Texts From Your Auto Lender

Nothing is quite as classic in the storybook of personal finance as the repo man coming to take your car. Because it’s a common nightmare scenario, we are liable to fall for it. Ignore any texts you get from your auto lender. Instead of replying, always call to find out what you already know: someone just tried to scam you.

7. Promotional Texts From Your Favorite Game

Don’t be embarrassed. We all have a game we like to play, and so do our kids. The problem here is that for real devotees, there is very little one won’t do to get an edge. Whether it’s buying points or weapons or secrets, or getting the latest upgrade the second it’s released, true gamers are a juicy target for scammers who send texts hawking special promotions, and they are less likely to be careful about whom they give their contact information to, since getting more game time is more important than anything. Same rule applies here: ignore any text that you get, and make sure your kids do as well. Go online and find the promotion from a reputable site.

If you think you’ve responded to a phishing text, you should monitor your credit for signs of identity theft. (You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing your credit scores for free each month on Credit.com.)

When it comes to staying safe, let restraint be your co-pilot. A little pause goes a long way and you don’t want to end up being the get for scammers.

More Money-Saving Reads:

Image: Todor Tsvetkov

The post 7 Texts You Should Ignore appeared first on Credit.com.