ThrottleNet

Managed IT services, support and cybersecurity

TikTok’s Data Harvesting Poses Security Concerns

Technology News

One of the fastest-growing newcomers to the social media game, TikTok, is accused of harvesting its users’ personal data and has been pinpointed as a major security threat by authorities.

TikTok is a Chinese-owned app that has risen to startling heights among the social media community in recent years. Users of the app can make short, entertaining videos, adding filters, music, and other effects. Due to the short and engaging nature of the app, it has become very popular for viral challenges. 

The TikTok content algorithms intend for videos to have high reach potential, regardless of the number of followers that the creator has. Where popular social platforms like Instagram, Facebook, Twitter, and YouTube have become brand and monetary focused, TikTok has maintained a creative identity where like-minded people can connect as a virtual community, increasing its popularity, especially among youth.

TikTok’s Worldwide Success

Here are some statistics to demonstrate TikTok’s popular position in the marketplace:

  • In 2019, TikTok was the second most downloaded free app in the world. The only app with more downloads was WhatsApp. 
  • The app has 800 million active users worldwide and has been installed on over 1.9 billion devices all over the world.
  • It is available in 154 countries and is most popular in Asia.
  • Per post, it has the highest engagement rate of all social media channels. 
  • 20% of TikTok’s revenue comes from the USA and 69% of its revenue comes from China.
  • 90% of active users use the app multiple times every day.

With such a strong popularity worldwide, data harvesting user information would be an egregious breach of privacy. However, issues have been identified recently that position TikTok as a major security threat according to authorities.

TikTok Security Concerns

The security concerns were first brought to light publicly in early 2019. Rival social media companies questioned the data collecting and sharing processes of the app. This prompted a call for action and investigation against the company. Government officials publicly warned people of their suspicions, including that TikTok’s privacy policies and security procedures were ambiguous at best.  

The general feeling of distrust and suspicion was fueled further in early 2020. On April 8th, a Reddit thread exploded when a user claimed to have reverse-engineered the app, subsequently finding suspicious and intrusive user tracking. The thread detailed a host of privacy issues within the app. The user claimed that TikTok was a “data collection service that is thinly-veiled as a social network.” 

The Reddit user suspected that TikTok has been using an API to collect private information on users, users’ contacts, or users’ devices. There have also been claims that TikTok had been harvesting data involving the following:

  • Phone hardware: CPU type, hardware ID, memory usage, disk space, etc.
  • Other apps installed on your device.
  • Network information: IP addresses, routers, Wi-Fi information.
  • Information on whether or not your device has been rooted or jailbroken.
  • GPS data.
  • A proxy server (intended for “transcoding media”) that has zero authentication.

What We Know About TikTok’s Data Harvesting

Since these claims, some security researches have refuted the allegations and claimed that the information that TikTok collects on their users is in line with the regular standards for social media apps. Beyond the speculation and allegations, however, here are some key points that we know for sure about TikTok’s information gathering

  • TikTok records all information involved in creating content or messaging, including drafts, deleted content, and content or messaging that was never posted. 
  • Keystroke dynamics, indicating where you touch or swipe your screen, are recorded. These patterns are significant. No other social media platforms claim to capture this data.
  • TikTok absorbs all information about your device. This is standard practice for the majority of social apps. 
  • Access to your contacts is granted with your permission.
  • TikTok determines what you’re interested in and generates a custom feed to provide content that you will enjoy. The main issue with this is that developers in China can potentially manipulate what content you see. This can lead to subliminal messaging, persuasion, censorship, and other intrusive acts. 

While there is still much speculation regarding whether or not TikTok is harvesting users’ data illegally, national governments and those studying the app have noted significant security concerns tied to the app. 

What Can Users Do?

One thing that is certain is that TikTok does collect a lot of information from its users. Security experts therefore suggest working with a trained managed IT security professional to ensure your devices are properly managed to secure private data and avoid breaches of personal information. 

Working with a security expert is especially critical if as a business owner, your employees use TikTok on the same devices they access company data. This is becoming more common as employees are working from home and often subject to BYOD policies. Downloading and using TikTok on the same device your employees work from could put company data at risk. 

As studies continue on the legality of TikTok’s data harvesting and the security threats it could pose, it’s wisest to be extremely cautious when using the app, if you use it at all. Ensure your privacy settings are set to protect your private information, and make sure you are fully aware of the privacy you may be compromising by agreeing to their usage policies.

We are in unprecedented times as COVID-19 spreads across the globe. Students of all ages are forced to attend classes online from home. Office workers are now forced to work from home. Because people are now forced to stay home in this era of “Social Distancing,” there has been an uptick in finances as less money is being spent by families. People are also streaming their entertainment services more as well. These are prime situations for cybercriminals, in particular, brand phishers.

Homepage yellow horizontal boarder

What is brand phishing?

Brand phishing attacks are when a cybercriminal tries to imitate the official website of a well-known brand using a similar domain name or URL as well as using a site design that looks almost identical to the brand site they’re imitating. Cybercriminals use this technique to steal sensitive information from the people that they are targeting. This information could be credit card information, bank account information, personal details, etc. They will try and get this information through imitation by email, mobile, or fraud websites. Anyone and any business is susceptible to brand phishing, so everyone should be aware of brand phishing; but some people and business are more at risk than others.

Who is susceptible to brand phishing?

The top three types of websites that are susceptible to phishers are technology sites, banking sites, and other media sites. Sites that require you to enter personal information, credit card information, etc. are going to be the ones that are targeted by cyber criminals. Although these are the top three websites being targeted by the cyber criminals, nobody is immune from brand phishing.

What brands are known for being faked by phishers?

In Quarter 1 of 2020, Apple was the number one faked brand for phishing while Netflix was a close second. Both of those companies require credit card information to be put on the accounts of the users, which makes them prime candidates to be imitated by phishers. Other top companies that were faked in Q1 of 2020 were Yahoo, Paypal, Chase, and Amazon. Just like Apple and Netflix, each one of these websites has personal information, including credit card info. Of course not all emails and notifications from these brands are going to be from phishers; just look out for the emails or notifications that look suspicious. Again, it comes down to being aware of brand phishing as no brand or company will be immune to this.

During this unusual time, cyber criminals are licking their lips with the possibility of acquiring so much information from so many people due to the stay at home orders. There’s no way to prevent it from happening, but being cautious and being aware of brand phishing is the best defense against it. Be vigilant and be cautious when you are disclosing any type of personal information online.

Don’t become phish bait!

Looking for a secure work-from-home solution? Try EverFuel secure remote access from ThrottleNet. Just $9.95 per computer per month!

CONTACT THROTTLENET

SIM cards are necessary to operate most modern mobile devices. SIM stands for “subscriber identity module”. As anyone who’s had trouble with their SIM card can tell you, this tiny piece of tech is majorly important. It connects the user to their network, and therefore their data. Among the data linked to your SIM is one of your most valuable pieces of personally identifying information: your phone number.

A new type of social engineering attack called SIM swapping is becoming more commonHacked employees are a danger to your company’s data, so it is important to know what to look out for and keep your team up to date on best practices in mobile cybersecurity. Read on for all the details of how you can protect your network from SIM swapping scams.

SIM Swapping Defined

SIM swapping occurs when a criminal contacts the phone company and convinces the employee that they are the owner of the phone and need a transfer to a new device due to damage or it being lost.

The scammer will ask the cell phone provider to activate a new SIM card connected to your phone number on a new phone that they now own. If the scammer is successful, they will receive all of your texts, phone calls, and data.

In some circumstances, the scam occurs on the inside, where employees of the phone company help make the switch, making them part of the scam.

What Happens When You Are SIM Swapped?

Once the scammer gains control of your phone number, they can receive your text messages. With access to your texts, this can allow criminals to log into your other accounts and receive verification codes needed to log in. This occurs if text messages are used as a form of multi-factor authentication.

With this information, scammers could log into bank accounts to steal money, or take over social media and email accounts. There is also a chance they could lock you out of an account completely by changing the password.

Protecting Yourself from SIM Swapping

Protect your device and data from SIM swapping with these tips from ThrottleNet’s IT security pros.

  1. Do not reply to text messages or phone calls that request personal information.
    These texts or calls could be phishing attempts by scammers looking to get your cellular, bank, or credit card account information. Instead, contact the company directly through a phone number or website you know is legitimate if you receive a suspicious text message or phone call.
  2. Limit the amount of personal information you post on social media platforms.
    Avoid posting your full name, address, or phone number. Posting this information can make it easier for scammers to steal your identity.
  3. Set up a PIN or passcode on your cellular account.
    Creating a PIN or passcode can act as an added layer of protection, which is another piece of information a scammer would need to obtain prior to stealing your identity. PINs or passcodes can also help protect an account from any unauthorized changes.Since setting up a PIN/passcode differs depending on the cell phone company, be sure to contact your provider to see what steps to take to do so.
  4. Use an authentication application or security key.
    A newer way to authenticate your identity online is by using security keys. Security keys are small USB-powered devices that work like an actual key to your accounts by inserting them into your computer when logging in. Some security keys work with both computers and mobile devices.

What To Do If You Become A Victim of SIM Swapping

If you’re the target of a SIM swap scam, there are three important steps you should follow to help mitigate the damage and re-secure your information.

  • Contact your cell phone provider immediately to take back control of your phone number.
  • Once you regain access, change your account passwords to prevent any other issues.
  • Check bank, credit card and other accounts for unauthorized changes and charges, and report them to your company.

For more information on SIM Swapping and other ways to protect your information, contact ThrottleNet today

GET MORE INFO

What is e-Skimming?

e-Skimming, or web skimming, is a method a cybercriminal performs in order to get information from a credit cardholder. It can occur any time a cardholder uses a form of electronic payment to pay for something. Essentially, e-Skimming is a type of internet fraud that occurs when the payment page of a website is compromised. Once it is compromised, malware is added to the site to steal payment information.

These cybercriminals that are watching our online shopping carts are getting our information in real-time, making it more valuable in the black market. When an online shopper enters and submits their credit card information on the e-commerce site, their information is also transmitted to a server that is controlled by the cybercriminal.

The online shopper would not be aware that their personal information was stolen since they will receive the product that they ordered; however, their bank will discover the fraudulent activity later, when the crime has already been committed.

Keeping Your e-Store Safe

Any e-commerce site that accepts online payments is at risk for e-Skimming, which makes it important for you to take preventative measures. Here are some security measures and tips to follow:

  • Keep software current and up to date
  • Enable multi-factor authentication for all connected devices
  • Segregate network functions to limit accessibility
  • Keep all systems up to date with patches
  • Keep anti-virus and malware updated
  • Change default login credentials
  • Continue educating your employees
  • Create unique passwords
  • Report any online fraud to FBI at www.ic3.gov

Other security measures to follow include entering your credit card once for a site rather than repeatedly, using Apple Pay or PayPal, shop on well-known sites that are reputable, and paying close attention to credit card or bank account statements to see any possibility of misuse.

For websites to be compromised, their security must be weak. Make sure your e-Store has the proper security to be protected from e-Skimming by contacting ThrottleNet today. You don’t want to fall victim to e-Skimming, so get the cybersecurity you need from ThrottleNet!

Keeping your mobile devices secure is essential since a huge amount of time each day is spent on them. Opposite of what people might think, mobile security requires a different approach compared to computer security. This requires individuals to continue learning about mobile security.

Tips for Mobile Security

First and foremost, be aware of the permissions allowed for mobile devices on your network. Many times, people are unaware of the terms and conditions for many software downloads, registrations, etc. Skimming over these permissions could lead to security risks and has the possibility to release your personal information.

Other tips for Mobile Security include:

  • Set up a passcode
  • Keep a remote backup for your data
  • Stay logged out of your accounts
  • Keep your operating system up to date

WiFi Phishing

WiFi Phishing continues to be a dangerous social engineering attack because hackers can bypass security altogether. It is important to know how to spot this type of attack because hackers position themselves to look just like the network connection you normally interact and users easily hand over login information exposing their network and information.

Tips to Follow:

  1. Be aware of any unsecured WiFi network
  2. Double-check the name of the network
  3. Don’t enter personal data on a public network

How to Spot Phishing Emails:

  • Spelling errors
  • A sense of urgency
  • Links or attachments
  • Odd “sent from” addresses

What is Smishing?

Smishing is a form of phishing and is essentially the same as phishing, but instead, cybercriminals send fraudulent (SMS) text messages to trick you into clicking a link that can infect your mobile device. Smishing has become a growing threat to online security.

How Would I Know That I’m Being Smished?

The main element to staying safe on your mobile devices is to only reply to text messages from people you know. Basic precautions you can take when keeping your mobile devices secure include not clicking on texts that you received from a phone number that does not look like one, not clicking on links from people you do not know, and never installing applications from an SMS rather than the official app store.

Are you worried your IT systems aren’t protecting you from cybercriminal attacks? Contact ThrottleNet today to learn more about the services we offer and how we can keep you protected. Keep your personal information secure, contact ThrottleNet today for all your mobile security needs!

SIM cards are necessary to operate mobile phones and connects the user to a network of their choosing. SIM, which stands for subscriber identity module, not only allows access to the network, but it also contains your phone number. A new type of social engineering, SIM swapping, has become a problem over recent years.

SIM Swapping Defined

SIM swapping occurs when a criminal contacts the phone company and convinces the employee that they are the owner of the phone and need a transfer to a new device due to damage or it being lost.

The scammer will ask the cell phone provider to activate a new SIM card connected to your phone number on a new phone that they now own. If the scammer is successful, they will receive all of your texts, phone calls, and data.

In some circumstances, the scam occurs on the inside, where employees of the phone company help make the switch, making them part of the scam.

What Happens When You Are SIM Swapped?

Once the scammer gains control of your phone number, they can receive your text messages. With access to your texts, this can allow criminals to log into your other accounts and receive verification codes needed to log in. This occurs if text messages are used as a form of multi-factor authentication.

With this information, scammers could log into bank accounts to steal money, or take over social media and email accounts. There is also a chance they could lock you out of an account completely by changing the password.

Protecting Yourself from SIM Swapping

  1. Do not reply to text messages or phone calls that request personal information.
    These texts or calls could be phishing attempts by scammers looking to get your cellular, bank, or credit card account information. Instead, contact the company directly through a phone number or website you know is legitimate if you receive a suspicious text message or phone call.
  2. Limit the amount of personal information you post on social media platforms.
    Avoid posting your full name, address, or phone number. Posting this information can make it easier for scammers to steal your identity.
  3. Set up a PIN or passcode on your cellular account.
    Creating a PIN or passcode can act as an added layer of protection, which is another piece of information a scammer would need to obtain prior to stealing your identity. PINs or passcodes can also help protect an account from any unauthorized changes.Since setting up a PIN/passcode differs depending on the cell phone company, be sure to contact your provider to see what steps to take to do so.
  4. Use an authentication application or security key.

What To Do If You Become A Victim of SIM Swapping

If you’re the target of a SIM swap scam:

  • Contact your cell phone provider immediately to take back control of your phone number. Once you regain access, change your account passwords to prevent any other issues.
  • Check bank, credit card and other accounts for unauthorized changes and charges, and report them to your company.

For more information on SIM Swapping and other ways to protect your information, contact ThrottleNet today!