Protect yourtech
WATCHOUTFOR...
New tools
ScamWatch
Readerswarnreaders11Warn your fellow readersabout scams
at [email protected]Scamsandthreatstoavoid,plusnewsecuritytools
Dysonoffera‘load of
hot air’
Howaboutthisfortheultimate
too-good-to-be-trueoffer-aDyson
Supersonic hairdryerreduced from
£299.99to£ 1.78.Thescamdealwas
advertisedonF aceb ook, along with a
photoap parently showing the‘amazi ng’
priceinf ront of thehairdr yers in an
Argosstore (see it atwww.snipca.
com/40541). SeveralpeopleIknow
received theofferfromfriends.One of
them said itsoundedcrediblebecause
theadc laimed Argos“has broken its
contractwithDyson”,andcouldtherefore
slash prices. Thatsoundedabsurd, so I
check ed online andreadthat it wasa
hoax.Quite literally,aloadofh ot air.
Paul HughesOver 225 million
leakedpasswordshave
beenaddedtothe
database at Have I
Been Pwned (HIBP),
incr easing thenumber
youcan search to
checkwhetheryours
is in criminal hands.
Theywereagiftfromthe UK’s
NationalCrime Agency,whichhad
collect ed 585million passwordsfrom
cyber-criminals. Troy Hunt,who runs
HIBP, then removedthe pa sswordsthat
were alreadypartoft he site’s database,
leaving225 mi llion (225,665,425 to be
exact).Itb rings thetotal number of
passwordsont he site to 847million,
as Hunt explains atwww.snipca.
com/40550.
To checkwhetherany of yourpasswordshavebeenleaked–whether
part of this newcollectionor not–
visithttps://haveibeenpwned.com/
Passwords,typeyourpassword, then
clickthe ‘Pwned’buttononthe right.
You’ll seeeithe ragreen ‘Good news
–nopwnagefound ’message,orared
‘Ohno–pwned!’ abovethe number of
times it hasappearedindata breaches
(see screensh ot). If yousee thelatter,
change thepasswordonevery account
youuse it.HaveIBeen Pwned’s
newpasswordsWhat’sthe threat?
Securityresearchershavefounddodgy
appsonSamsung’sGalaxyStorethatcan
beusedtoinfectthecompany’s phones
andtabletswithmalware.
TheGalaxyStoreisavailableonlyon
Samsungdevicesandishometothe
company’sbuilt-inapps.Italsocontains
appsfromothercompaniesthathave
beenmadeavailableexclusivelyto
Samsung,meaningthey’renotlisted
onGoogle’sPlayStore.
LikeGoogle,Samsungusessecurity
filterstopreventmaliciousappsfrom
sneakingontoitsstore–but,alsolike
Google,itdoesn’talwayssucceed.In
December,researchersatthewebsite
AndroidPolicespottedseveralappsthat
claimtoletyouwatchpaid-forTVand
filmsforfree. Theymimictheillegal
video-streamingserviceShowbox,which
closedin2 01 8followinglegalactionfrom
filmstudios.
Theappsthemselvesdon’tcontainHowcan you staysafe?
It’s unlikelyyou’veinstalledanyof
theappsbecauseattemptingtodo
sotriggersGoogle’s‘PlayProtect’
warningsystem(seescreenshot).
Thankfully,Googlewarnsabout
suspiciousappsevenwhenthey’re
downloadedfromanon-Google
store,suchasSamsung’s.
Butit’scertainlypossiblethat
you’vecomeacrosssimilarvideo
appsthatpromisefreeaccessto
paid-forcontent.Suchappsare
alwaysillegal,andareoftenthe
workofscammersandhackers.
IfyouhaveaGalaxydevice,you
shoulduseSamsung’sstoreonlyfor
updatingthecompany’s default
apps.Forinstallingnewthird-party
apps,it’s muchsafertosticktoGoogle’s
PlayStore,whichhasstrongersecurity,
thoughcanstillgettricked–suchas
whenJokermalwarewasdetected(see
Issue6 21 ,page 1 1).malware,buttheyaskforpermissionto
accessinformation–suchasyourcontact
listandcallsyou’vemade–whichwould
makeiteasyforhackerstoinfiltrateyour
device.Malwarevia Samsung’sGalaxyStore
Issue623 January–1February 2022