In 2016 a company called SilverPush started making headlines for an unusual program it had created. According to tech news website Ars Technica, SilverPush was installing software on the phones of unsuspecting users that would use the phones’ microphones to listen for sound emitted by TV advertisements. The “ultrasonic beacons,” embedded in commercials by advertisers would be too high a frequency for people to hear, but would tell SilverLight exactly what commercials people were listening to and when, no matter where they were in the world.
SilverPush did not create its own programs, but rather had its privacy-invading app installed along with other apps. As of 2017 Ars Technica reported that this malware (harmful software) had been installed in millions of phones and more than 200 Android apps.
SilverPush vowed to kill the software after it was revealed, but that company was just the tip of the malware iceberg. With app stores and the Internet full of predatory, privacy-invading programs and viruses, what is the average consumer supposed to do for self-defense?
Bob Gostischa, a computer security expert, has a whole list of recommendations, and he will give a presentation on “protecting your digital life” to the Princeton PC Users Group on Tuesday, October 22, at 7 p.m. at the Mercer County Library in Lawrenceville. For more information on the free talk, visit ppcug-nj.apcug.org.
Gostischa, who is an “evangelist” for antivirus software maker Avast, says that average people make a whole range of mistakes when using the Internet.
“People tend to be very lax in the way they protect themselves,” he says. “They use common or unsafe passwords, and they don’t want to take the time to use two-factor authentication.” In two-factor authentication, you can only log in to an online service by using a code or by hitting a button on a notification that is sent to your phone. That way it’s impossible for someone to log in to an account unless they also have access to your phone, even if they have stolen your other credentials. “But people say it’s a pain that they have to wait for a little code on their smart device,” Gostischa says. “It’s the age of ‘hurry up and get things done.’”
Aside from online accounts that can be hacked to give thieves access to online shopping, bank accounts, and pretty much anything else, many homes are now littered with Internet-connected “smart devices” that can be taken over and give hackers direct access to your house and your home wireless network. Gostischa’s talk will cover ways to defend against this kind of attack.
But even someone who doesn’t use the Internet at all isn’t safe, as phone scams are increasingly common, usually targeting older people. “You are constantly bombarded with phone calls by people fishing for your information,” Gostischa says. Scammers impersonating the Social Security Administration, the IRS, banks, and utility companies call random people to fish for information that can be used to steal their identities, or simply convince them to send money to the scammers. They often use fake phone numbers to fool caller ID systems into displaying a phone number that is familiar or that looks legitimate to the victim.
The scammers use a variety of pitches and tactics, but there is one foolproof way to avoid it: if an agency calls you, hang up and call them back on their public phone number. If the call was real, the company can direct you to the right person to help, and if it was fake, you have saved yourself from a costly ripoff.
“You have to take the initiative and actually contact the people,” Gostischa says.
Instead of talking with or arguing with unknown phone callers, it’s better to just hang up on them without a word. Gostischa says scammers often record victims’ voices, and can use the voice recordings to impersonate the victim in phone calls to third parties.
Email phishing is just as common as phone calls, so Gostischa recommends a similar tactic: don’t click on links in emails that you’re not expecting, and instead go to the homepage of the company that it supposedly comes from if there is any possibility that it is a real email.
In fact, anywhere that web users go is a possible haven for malicious websites. The paid ads at the top of search engine results can also harbor scams.
Fortunately, Gostischa says, there are a few things that you can do to defend yourself. During the talk, Gostischa will go through about 20 different tools that people can use, including Avast. Most of the security tools have free versions.
“I’ve used Avast’s free product since 2003, and that’s all I recommend,” he says. “Every one of them, I have the free version unless I’m beta testing.”
No product is perfect, no matter how well engineered. Think of a security program like a piece of Swiss cheese: it’s going to have holes in it. The solution is to get at least one more security program to back it up — adding another piece of Swiss cheese because chances are those holes aren’t going to line up. A flaw in one program is unlikely to exist in another.
Gostischa grew up in New York, where his father worked for a corporation and his mother was a homemaker. From a young age, he liked to tinker with electronics, building his own television, record players, and other machines. When personal computers came along, he was quick to get one and learn how it worked, and that’s an obsession he never let go throughout his career, which was spent in banking.
“People my age either got very involved when the computer age started, or we said, ‘this stuff will never fly.’ Those are the people that I spend my time trying to educate because they are now forced into using modern technology, which they figured would never take off when it first got started. You can either be behind the eight-ball, or in front of it.”