Protecting yourself from spying, stalking and surveillance from your spouse or a former partner.
Would your spouse spy on you?
Many of our clients suspect that they may be subject to stalking, surveillance and spying by a spouse or partner. We have experienced cases where our client’s email and social media accounts have been accessed, stalkerware has been installed on their phones, tracking devices placed on their vehicles, and their homes have been bugged with audio and video surveillance devices.
This article explores some of the easily obtainable software, programs, devices and equipment that can be used to invade your privacy and the basic ways in which you can prevent yourself from becoming a victim of stalking, surveillance and spying by your spouse or partner.
Stalkerware, Spouseware, Spyware
There are lots of tracking apps for mobile devices available, many are marketed as apps for tracking children but when used maliciously are known as known as stalkerware, spyware or spouseware. Their capability includes monitoring emails, messages, locations, accessing photographs, contact details, obtaining social media passwords, even remotely turning on the devices camera and gaining a view of the surroundings of the device, all whilst running undetected.
On an Android some of the current tracking programs can be seen in the form of an obvious app, they may appear as a technical settings that you are unlikely to explore such as; wifi settings, access tool or system update service, on an iPhone you may find an app called Cydia or iKeyMonitor. You may also notice that your battery life drains quicker than normal or your location arrow may be constantly visible.
One of the extra problems with stalkerware is that when data is stolen it is not necessarily secured and is then open to compromise by third party’s. It may also leave your phone open to further attack.
How stalkerware is placed on a device
There are a range of ways to do this, but these are the most common:
1 – You could receive a Link via text or email such as something that looks like it goes to an interesting article, photograph or website, this is called a phishing attack and when clicked on will start installing the spyware onto your device. This could also be in the form of a pop-up requesting access and location permission which in a rush you may accidently accept.
2 – Access to your pin and apple ID, this could be easily obtained by your partner or former partner shoulder surfing and over time seeing what details you enter to access your device and accounts or from a note you may have written down when first setting up your phone.
3 – A gift, be wary of anything technical being given to you as a gift or anything you might conveniently find dropped outside your front door.
What to do if you think stalkerware has been installed onto your device
There are many variants of stalkerware and things evolve quickly, the recommended actions vary depending on the type of phone and the install but advice includes; (if using iOS) to log in to your ICloud account and sign out of all active sessions. It is also advised to perform a full reset on your device, this however is not a failsafe and does not work against all attacks, if you can then consider a professional forensic examination or a new phone. There are tools to search for this type of malware however these are more available for Android than I phone and not all are simple to use. Stay up to date with software updates as they are constantly fighting threats such as this.
If you are however stuck in a situation of domestic abuse then it is advised to retain your phone and carry on as normal so as not to endanger yourself, instead try to discretely obtain a second phone for any sensitive conversations and messages.
Next change all of your passwords including your apple ID and follow the below steps to limit your personal identifiers and secure your accounts.
How to protect yourself online and prevent becoming a victim of account exploitation
Reduce your online visibility, if you would not tell everyone that you meet your full name, email address, phone number, home address and details of your partner and children, friends and family don’t do it online.
Step 1 – Use a VPN (Virtual Private Network)
Every computer has an individual IP address which can be used to trace your location. A VPN such as PIA or Proton VPN disguises your IP address. There are a range of both free and paid for services although paid for versions generally receive better press. Your account will enable you to use a VPN on multiple devices and you should remember to install it on your smartphone. https://www.privateinternetaccess.com/pages/buy-vpn/ https://protonvpn.com/getvpn?utm_campaign=ww-all-vpn-gro_aff-getvpnp_main_offer&utm_medium=link&utm_content=6&utm_source=aid-1519&bestdeal
Step 2 – Create new passwords and usernames
You should not recycle usernames and certainly not passwords. Even if you are not a specific target it is very common for websites to be hacked and data stolen, this data is then dumped in pastebins, these are repository’s which can be accessed by anyone, and your passwords and usernames exploited. If you use the same password on multiple sites it is then very easy for you to be hacked. There are several services that allow you to check if your email password has been compromised such as https://haveibeenpwned.com/ or https://leakpeek.com/
Step 3 – Use a password manager
A password should be a mixture of numbers, letters and symbols. Instead of trying to remember complex passwords sign up for a password manager. This is a program that can run on your computer and mobile device which stores and autofill’s all of your passwords, you only have to remember one password to access it. There are many different types of password manager such as Last Pass or Bitwarden https://www.lastpass.com/ https://bitwarden.com/
Step 4 – 2FA, (Two Factor Authentication)
The next step is to secure accounts and your password manager with 2FA, this is often a text message that you will enter when accessing the account, but a more secure way is to use a physical token such as a yubi key. You place this like a USB into your computer or phone and simply touch it to confirm that it is you accessing the account. https://www.yubico.com/products/?utm_source=google&utm_medium=pd%3Asearch&utm_campaign=&utm_content=&gclid=cjwkcajw57b3brbleiwa1imytre_yw3758gscyh4zc27war9qsyyanismkjmazydvue0dxy8yfngxxocptmqavd_bwe
Step 5 – Consider avoiding profile pictures
We all like to have a profile picture on our social media and linked-in accounts, in most cases this is totally fine, however if you are at risk from malicious activity consider not using them, this also applies to little used accounts where you might add a picture once and then forget that it is there, if someone obtains a reused user name it will be easy to view the pictures that you have used and perhaps forgotten about.
Step 6 – Privacy Settings
Set your social media account settings to maximum privacy, make sure that people you do not know cannot access your personal information. Also check your security settings, when you forget a password but someone has accessed your username or email they can use the “forgot your password” option to obtain some of the characters of your phone number or email, this can be slowly pieced together to gain your contact details.
Step 7 – Don’t use your real name
This is for people who have a genuine fear of being stalked, don’t let vanity take over, your friends know who you are and can find you if needed.
Step 8 – Be aware of what you post
It is possible for investigators to search for text in images, an innocent picture with your vehicle registration in the background could later reveal what you, your house or your children look like. Likewise, with check-in’s and geotagging, consider if you really need to publish where you are and what you are doing. Even if you show this information retrospectively you still create a dossier on the places that you visit, the things that you like and potentially annual events that you go to.
Step 9 – Change your phone access password regularly
Avoid being a victim of revenge Porn
In hindsight this is an obvious suggestion but in the moment it is not uncommon for people to engage in exchanging sexual imagery. Our advice to all parents is please have this conversation with your teenagers, blackmail regarding compromising images is very common. If you have any compromising images on your devices, erase them and don’t forget to empty the wastebin, you may also want to consider clean up software often known as file shredding.
Bugging your house or vehicle
In more extreme cases consider a bug sweep, there are many quick plant devices that are easily obtained, they might not have a long battery life but the quality is good and they can be accessed remotely. Focus on the areas of your home where you are likely to have sensitive conversations and spend a lot of time. If your spouse is likely to have placed the item themselves then conduct a logical search starting from left to right, high to low. Check everything, books, objects, behind sofa cushions. If you believe that they may have contacted someone to install a more professional device with some longevity, consider contracting a professional TSCM (technical Surveillance Counter Measures) expert.
Are you likely to be under physical Surveillance?
See our other blogs describing surveillance techniques, if you feel that you are being followed you first need to establish if that is the case, depending on your situation you may want to do this overtly or covertly. Overt methods include manoeuvres such as driving twice around a roundabout, turning on quiet stretches of road or randomly when walking to establish if you see the same person, people or vehicles more than once. Covert methods involve finding a reason to look behind you without appearing to look or to notice anything for example pausing to stroke a dog, looking back as you cross the road. To detect a professional surveillance team, we suggest employing experienced counter surveillance. If you are under surveillance your options very much depend on your situation and the level of threat against you and we advise our clients accordingly.
We hope that this blog will enable you to protect yourself from stalking, surveillance and spying by your spouse or partner.
For more information regarding our range of security risk mitigation and protective services including surveillance, close protection, TSCM bug sweeping and counter surveillance please visit our website www.sloaneriskgroup.co.uk or contact us by email firstname.lastname@example.org
We have offices in Brighton and London and operate worldwide