Learn this little-known mobile message security process to safeguard confidential information: Internet Scambusters #794
Most of us don't give a second thought to message security when we use our cell phones.
But if you send confidential information by text, how can you be sure it's being received by the right person and not a snooper?
It's easier than you may realize for snoopers to intercept your information, but you can do something to safeguard your info, as we explain in this week's issue.
Let's get started...
Is Your Cell Phone Message Security at Risk?
Who's breaching your confidential cell phone message security? Nobody?
Don't be so sure.
Without being aware of and using a little-known message security process, known as an authentication ceremony, your message could be intercepted and read by a crook.
According to a study by researchers at Brigham Young University, most users don't know, or simply can't be bothered, the right authentication settings on their messaging apps, leaving them open to prying.
Don't be one of them!
The researchers studied users of three popular messaging applications -- WhatsApp, Viber and Facebook Messenger.
They warned their subjects about the risks of not using the right authentication process, a sort of double-check procedure, and then provided instructions on how to do so.
Authentication is a method of checking that data exchanged on messaging apps is encrypted -- that is, scrambled so it can't be read by snoopers.
Oftentimes, this may not seem important, but if confidential information is being passed on the messaging service -- a credit card number for instance -- it could fall into the wrong hands if it hasn't been correctly encrypted.
The researchers found that just issuing a safety warning to users was not enough. As few as 14 percent of them followed the correct authentication process after being alerted, while most of them went ahead and did the check only when they were told how to do it.
Although it sounds a bit technical, authentication basically involves checking that the person you think you're communicating with is actually the one receiving the message.
This requires a secret code, issued through the app, to be available to both the sender and the recipient, who have to confirm they each received the same code. That signifies the communication is secure and can't even be seen by the messaging app company.
Did you know you could (and sometimes should) do this?
It sounds simple enough, but it turns out to take too long for most people to mess with, even if they know what to do.
For some reason, the app providers have chosen not to automate the authentication ceremony, so you have to do it manually.
The process usually involves making a phone call to the contact from within the app during which you confirm that you each have the same code number on your screens.
The detail of the process is beyond the scope of this report, but each app maker provides instructions online.
But whatever messaging service you use, if you have to send confidential information, make sure you know how to use the authentication process to be sure you're safe.
Just do a search on the name of the app followed by the words "encryption key."
Choosing the Best Messaging App
If you're likely to be sending confidential messages and you're not already committed to one particular app or another, it's worth investing the time to investigate and compare.
As Consumer Reports magazine explained last year in the article How to Pick a Secure Messaging App:
"Some messaging apps may have almost unbreakable encryption, but they also have potential blind spots that can compromise your security and privacy. That doesn't mean they are useless, any more than door locks are irrelevant just because they don't prevent all break-ins."
But, as author Andrew Chaikivsky points out, good messaging security starts with a well-protected phone or computer operating system (OS) -- which means using the most up-to-date version of the OS, setting a lock screen to prevent others from accessing your device, and avoiding outside USB charging stations, which might have been compromised.
The Consumer Reports article also reviews several of the most popular messaging apps, explaining their strengths and weaknesses and how to get started with each one.
Since most of us are likely to be using these apps even more in the future, it's worth spending the time to learn about and apply message security. One day, it could make a big difference to your personal safety.
Alert of the Week
Did you get a census form in the mail, asking you to supply a whole lot of information about yourself online? Or maybe you received a phone call or a doorstep visitor asking the same type of questions.
Your first instinct may be that it's a scam. But most probably it's not.
The US Census Bureau doesn't just do a 10-year headcount of the population. It's continually polling the American public to find out more about what makes us and the nation tick.
But you're wise to check out these requests. And it's easy to do so with a quick phone call to the relevant Census Bureau section.
That's it for today -- we hope you enjoy your week!