Why Privacy Policies Aren’t What They Seem: Leveraging Global Threat Intel to Keep Your Mobile Data Safe

Cyber criminals are more active than ever, which means protecting your data has never been more important. One in three websites related to the outbreak of coronavirus launched this year are scams. Of the 300,000 websites related to the virus launched globally since Jan 9, 2020, almost 100,000 have been declared “malicious” and designed to fool users into handing over personal information or bank details. And as the crisis worsened, so did the number of bad actors: After the World Health Organization (WHO) announced that the virus was a “pandemic,” the number of new malicious websites rose to more than 2,600 a day—and that number increases when new key phrases and search terms are introduced.

Just last week the FBI issued an urgent alert regarding coronavirus scams, as Google reports intercepting 18 million malware and phishing emails regarding COVID-19. And the Federal Trade Commission reported that consumers have lost more than $24 million to these scams so far since the pandemic began.

How Browsing Behavior Compromises Your Data

Perhaps not helping this situation, browsing behavior has been steadily changing among consumers, and as of March 2020, more than 52% of global web traffic comes through mobile phones (oberlo.com).

Most users assume their data is protected under the privacy policies of the sites they visit and the apps they use. But that’s not necessarily the case. By accepting the terms of a site’s privacy policy, consumers are likely agreeing to give up personal data. There are (legally required) ways to opt-out of sharing that data, but they are long and complicated, requiring users to not only opt-out of that company’s terms but also each third party linked or embedded across the site (which each have their own policies and opt-out processes).

So, what’s in these privacy policies? They basically allow companies to send pieces of your personal data to different organizations and countries around the world. And with mobile phones, apps are often sending user data to third-party sites and countries like Russia, Ukraine, Turkey, Columbia, China and more—all without you even touching your phone.

Examples of personal information collected from websites and mobile apps, per the average privacy policy include:

  • General contact information like name, phone, address and email
  • Demographic and socioeconomic information like household income, age, gender, financial data, political views and marital status
  • Identifiers such as IP address, cookie IDs, mobile device IDs or browser history
  • Where users have provided:
    • Transaction data or purchase history
    • Network availability, site or app interactions
    • Geolocation data
    • Call recordings and emails
    • Inferences drawn from any of the personal information given to create profiles or summaries of characteristics

Sure, you can follow the instructions to opt-out of each site’s (and their affiliated sites’) privacy policy, but that can be a tedious and complicated process. A better option is leveraging a cybersecurity solution tailored for mobile browsing. However, not all mobile offerings are created equal. Look for a solution that extends global threat intelligence to your phone and provides automated blocking of requests for your personal data from any websites visited or apps running on your device.

Global Threat Intel, Fed Directly to Your Phone

One effective mobile cyber solution can be found from RiskAnalytics, an Overland Park based cybersecurity solutions provider. They track and flag cyber criminals via ShadowNet, an always-on feed of the latest cyber threat intel from all over the world –and actively block threats from malicious domains across their clients’ networks. The ShadowNet mobile app offers a “set it and forget it” solution to help mobile users keep their data safe.

In the last few months, we’ve seen a paradigm shift with more employees working from home than ever before.  Home networks are less secure as they often sit outside of corporate security oversight, causing gaps and vulnerabilities for businesses.  Being proactive, we ported our enterprise-level threat intelligence to browsers and mobile devices, providing a simple and inexpensive way to extend powerful cyber risk mitigation to our clients’ remote workforces.”                                                                                 

–Jeff Stull, RiskAnalytics Managing Partner

Within the ShadowNet app, settings can be adjusted by domain or by country, and the app keeps a tally of all blocked requests for data. The screenshot here shows the number of blocks to a cell phone only four days after downloading the app.

ShadowNet has identified over 70,000 domains connected to COVID-19-related scams and has blocked billions of malicious communication attempts for our clients since the pandemic began.

Consumers need to be more mindful than ever before. Whether that means installing the ShadowNet app, opting out of privacy policies, watching for phishing emails or checking the credibility of the sites you visit, it seems this threat requires extra diligence.

If you’d like to learn more about how you can keep your data safe, contact the RiskAnalytics team today, or download the ShadowNet mobile app for iPhones via the App Store.

Posted in Blog.