Tag Archives: security

You Owe us A Zillion Dollars!

Yet another in the seemingly endless series of phone or email scams has surfaced – That of the “Phantom Debt Collector.” Just like the other scams that ask you to pay a fine or you’ll be arrested for child porn or some such, these play on sometimes legitimate fears that you may have an unpaid debt somewhere in your past, particularly if you’ve ever applied (even if you didn’t actually get it) a payday loan or similar product.

They often reference some small debt of a few hundred dollars, and sometimes threaten legal action if the debt is not immediately paid. The threats may look something like this; Note the bad grammar.

If you fail to respond us the Charges will be pressed against the name are:

1. Violation of federal banking regulation act 1983 (C)

2. Collateral check fraud

3. Theft by deception (ACC ACT 21A)

NOTE: THIS CASE IS UNDER INVESTIGATION UNDER MAJOR CREDIT BUREAUS.

Again, like all suspect emails – and phone calls – Ask for details; in other words, demand proof that you owe the money. Ask for an address and phone number. Try calling the company back. Check your credit report at annualcreditreport.com – Any legitimate outstanding debts should show up.

If you know you don’t owe anyone anything, just mark the email “Junk” and don’t click any links or respond. If you have any doubts, don’t click the links either – call the company and ask for documentation.

Why do people do this? Because it works! It’s not too hard to scare people into paying up when the fear of legal action is dangled over their heads.

When I asked alleged phantom debt collector for comment, I was told I owe $935.76.

Phantom debt collector comes after me, again (here’s what those emails look like)

Visit my Store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Google is STILL (Not?) your friend…

There is a saying in Internet circles abbreviated GIYF (Google Is Your Friend!). When it comes to finding information, Google (And other search engines) is your friend. When it comes to some things, though, using a search engine is one of the most dangerous things you can do on the Internet. Here are some of the Top Ways Google is Not Your Friend:

  1. They know everything about you! Whenever you search for anything, the search engine, and possibly your ISP also, knows exactly what you searched for, and probably also all the sites you visited from those search results. They can keep this data as long as they want. So what, you say? Say that to the person who briefly became a suspect in the Boston Marathon Bombing because she happened to search for the words, “Pressure Cooker.” I’m not sure of the truth of this story, but, true or not, it is certainly possible. If you value your privacy, there are alternative search providers that claim they don’t record your searches. Here’s a list of seven. My favorites are Startpage (Which uses Google’s system, but anonymously), and DuckDuckgo, Which does not use Google. This means the search results might not be as comprehensive as Google’s, but still worth a try.
  2. Related to the above, they also serve you up targeted ads, based on your web habits, unless you deliberately turn them off. This applies whether you have a Google account or not. To change this behavior,visit https://www.google.com/settings/ads and turn off everything you see there. This does not mean you won’t get ads, it just means they won’t be as creepy.
  3. Remember, nothing is truly free. The search provider is always looking to make money off of you, so some of the results you’re going to get are sponsored. Also, aggressive marketers know how to get their site to float to the top of search results.
  4. Using a search engine to find software, especially security and antivirus software, is extremely dangerous, because the bad guys have a lot of fake sites out there, and they know how to get them to the top of search results, too. If you’re looking for security software, and you like “free,” go to Ninite.com for good free antivirus. Ninite also has many other good free programs. Check it out before you spend money on pricey software.
  5. For that matter, if you’re looking for any kind of free software, like games and screensavers, you’re looking for trouble. Be very, very careful with these kinds of searches. The Web of Trust browser add-on can help protect you, but nothing is foolproof.
  6. Ditto for phone support. Search for “Dell Support,” for example, and the top results may not have anything to do with the Dell Computer Company! Which means they will probably cost you a lot of unnecessary money.
  7. This should be obvious, but if you search for things like pipe bombs, nuclear weapons, poison gas, or “How to rob a bank,” you may attract unwanted attention from folks with lights on top of their cars. Now, there are legitimate reasons to search for such things;  Just be aware that Big Brother might be looking over your shoulder! (You could possibly use a public computer for such searches if you’re sufficiently paranoid.)
  8. If you’re searching for “How-To” information, read several results and compare them. Just because it’s on the Internet doesn’t mean it’s true. (Maybe especially because it’s on the Internet!) See if the poster has any credentials. Also understand that what might be an easy task for the poster might get you in way over your head. If there doesn’t seem to be an authoritative answer, proceed with great caution.

Visit my store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

FaceBook is (Not) Your Friend

So… Let me get this straight: You want me to make friends online so that you can collect data about me so you can collect data about my friends so you can sell me stuff and sell my friends stuff so we can all waste more time and money than we can afford and most of those online “friends” are people we don’t even know and haven’t met and it’s really all about Facebook making money?

Yup.Evil facebook

You say your apartment complex has amended your lease agreement to force you to “friend’ them or be in violation? Can they legally do that?

Maybe. But it’s a free country, and the backlash from residents, former residents, and would-be-but-not anymore residents was terrible.

Is your teenager acting like a five-year-old only when on Facebook? What would you expect? The site encourages such infantile behavior with stupid games, “Stalker” apps, people posting naked pictures of themselves, asinine (and horribly misspelled) posts (that people swallow as Gospel), and communicating (even with people next door) in a far more impersonal way than just… Talking. Remember talking? Face-to-face? “Social” media is making us anti-social!

“Social” media exists for only one purpose: To monetize human relationships. To make money from your joys, your sorrows, your triumphs, and yes, even your tragedies. They want to be in control of what’s most important in everyone’s life: Their contact with other people.

Plus, once you sign on, they basically own you. Their terms of service say that they own your data. They don’t believe in privacy; they want you to share everything about yourself. Even your “private” data is shared with all the Facebook apps you have installed!

This is why I don’t have a Facebook account. I prefer to interact with my friends face to face. I prefer to keep my private life private. I prefer to know who my friends are in Real Life, where I can see what they’re really like, instead of what they wish they were like. I prefer Real Life because it’s messy, not the sterilized Half-Life of online relationships. If I’m missing out on something, so be it. Whatever “it” is, it’s not as important as Real Life.

More on Facebook’s sins

http://www.businessinsider.com/10-reasons-to-delete-your-facebook-account-2010-5

http://www.forbes.com/sites/amitchowdhry/2016/06/07/facebook-audio-from-your-smartphone-microphone-is-not-being-used-for-ads/#5167ada5cb4a

 

Visit my store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

 

Pay Up Or Else!

J003-Content-RansomwarePerhaps you’ve heard of “Your money or your life?”

Well, now it’s “Your money or your data!” It’s a new form of online extortion known as Ransomware. When it is installed, it immediately begins to encrypt all personal files; Pictures, documents, videos, and music are all at risk. The encryption is essentially unbreakable, and you get a message on your screen something like these:

Ransom3-November2015 Symantec-ransomware-image cryptolocker-100222101-orig

kovtor-ransomware-100222098-orig 3

This is very bad news.

Despite the fact that some of the examples above are displaying various law enforcement images, they are all the work of criminals that want to extort money from you, hence the name, ransomware. Instead of kidnapping you, they kidnap your data. Even some Police departments and hospitals have been forced to pay up (typically $200-$500, sometimes more) to get their valuable data back. It’s often impossible to retrieve the data any other way, and, of course, sometimes the criminals may not even hold up their end of the “bargain” after being paid. It’s much, much better (Not to mention cheaper), to not get into this situation in the first place.

Yes, your antivirus or anti-spyware program might find and delete the offending program… But by that time, the damage has been done, and deleting the program will not un-encrypt your files!

Your very first line of defense is to be very, very suspicious of anything that wants to install itself unexpectedly. This includes files that purport to be media players, games and  security software. These often use social engineering to con you into installing them; for instance, “See naked pictures of (fill in name of celebrity here), or any other link that can be classified as Clickbait (defined as a link so provocative, scary, prurient, or otherwise so interesting in a juvenile sort of way you almost can’t help clicking it!), When you click on such a link, you might get a message saying, “You need to install (media player or other program) to view this content,” or sometimes “Virus detected! Install (Name of software that looks vaguely security-related).”

All of the above applies to email attachments and links as well.

Never, Never, Never install anything from a pop-up or similar message.

Second, there are browser add-ons that can help warn you about malicious sites. My favorite is Web of Trust, which can be installed on Internet Explorer, Firefox, Opera, and Chrome (but currently not the new Edge browser that comes with Windows 10).

Third, there is User Account Control (UAC), on all current versions of Windows. This is that annoying box that

User Account Control message.

User Account Control message.

spoils your fun when all you want to do is play that latest game or video. It is there for a reason. It’s to inform you that whatever you’re trying to do will make changes to the computer. This is your last chance to change your mind about installing things that might contain malware.

Fourth, there are a few companies building software to “immunize” your machine against ransomware. Malwarebytes, one of my favorite programs, has an anti-ransomware program in beta right now: https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware-beta/

and BitDefender has one also: https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

These programs do not absolve you from due diligence. Just as air bags in your car should not be construed as a license to drive recklessly, do not think you can do anything you want if you have one of these installed.

Finally, a good, frequent, tested, backup plan can help in this and many other disasters. Choose a backup plan that has versioning, so that even if your system backs up the encrypted files, it should also have the last “clean” version available. Read my post on backups here.

More info:

https://en.wikipedia.org/wiki/Ransomware

https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

 

Visit my store for cool gifts and gadgets

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

The Snowden Effect

What is the Snowden Effect? It is the increase in public awareness and concern over the collection and use of electronic data by the US Government – without even getting warrants – since the revelations of Edward Snowden. Even though – obviously – electronic data did not exist when the U.S. Constitution was written, the Fourth Amendment specifically prohibits “Unreasonable search and seizure.”

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

That seems pretty clear, doesn’t it? My electronic data certainly qualifies as an “effect” (as in “Personal effects”), and vacuuming up data en masse certainly qualifies as “unreasonable.” This isn’t even “Rounding up the usual suspects,” which implies known criminals; This is “Round up everybody and let’s see what we can pin on them!”

Now, you might consider Edward Snowden a hero, a traitor, a patriot, or a dissident, but the important fact is that this is a discussion that needs to happen, and Snowden forced the issue. This Country is not a dictatorship, it is (allegedly) a government ofby, and for the People, and as such, the Government is accountable to the people and has no right to spy on them without probable cause.

A lot of the current chatter is about digital encryption. The terrorists that shot up San Bernardino last December had an encrypted iPhone, and Apple, the manufacturer of the iPhone, has made the encryption so good that even they can’t break it. The FBI wants Apple to write an Operating System with a “Back Door,” that would allow anyone with the master password to unlock the system. They say this is a one-time deal… but think about it. If someone developed a Master Key to your front door – allegedly for the Police to use in a life-threatening emergency – how long do you think it would be before that master key leaked out? Let’s get real here! The only true secrets are the ones only you have a key to! Especially considering how many Government secrets have been stolen recently!

If you were a manufacturer of vaults, how would you feel if an agency asked you to provide a master key to your burglar-proof vault? How would you know you could trust them to keep that key safe, not only today, but forever?

Many developers of encryption software are already being leaned on to provide just such back doors. To their credit, some have refused. Some have even gone out of business rather than compromise their customer’s information. Though I’m not an Apple user, kudos to them for holding the line.

We need to pay attention to this stuff; our privacy and security is at risk. If the Government knows everything about you, they can do anything to you.

http://www.apple.com/customer-letter/answers/

What does the FBI think is on terrorist’s iPhone, anyway? A fight, perhaps

http://www.huffingtonpost.com/2014/06/05/edward-snowden-nsa-effect_n_5447431.html

Anti-encryption opportunists seize on Paris attacks; don’t be fooled

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Gone Phishing!

So, you’ve just gotten an email from eFax saying there is an important fax waiting for you? Not so fast, bub. Something from your bank saying you’re overdrawn and your account is frozen? Hold the phone! The IRS says you owe back taxes?? WHOA!! Don’t touch that mouse!

All of the above are collectively known as “Phishing,” i.e. the sending of fraudulent emails intended to trick you into giving your personal information to some lowlife, who will proceed to make your life miserable.

This is usually done by including a link in the email that will take you to an allegedly legit site, but it’s a fake site that just looks legit. Sometimes, it’s a poisoned attachment instead, but (hopefully!) most of us know by now not to open unsolicited attachments.

Phishing comes in a number of different forms.

  • One common approach, although not the most effective, is the “Dear Bank Customer” ( or Amazon, or Paypal, or any other site) that tells you there is a problem with your account and asks for your passwords or other personal information.
  • Spear Phishing targets a particular individual or company. An attacker can gather enough information about the person or company to increase the success rate. This form of attack is more likely to catch someone than the “Dear Customer” type.
  • Clone Phishing takes a legitimate email and “clones” it, changing only the link to that of a nefarious site instead of the real one.

There are many tricks the Phishers use; for instance, for those of us who actually look at the url address in our browsers (always a good idea!), the address may say

thebank.badguy.com.

You’d think that this is a section of the “thebank” website, but it’s actually a section of the “badguy” website, and has no relation to the “thebank” website other than name. Look at your address bar now. It starts with https://thegizmologist.wordpress.com. The website is wordpress.com, and the “thegizmologist” is my blog space on wordpress.com. Now if you look at my website: http://thegizmologist.com/html/blog.html, notice the sections of the site are separated by slashes instead of “dots.” There’s the difference. thebank/badguy.com is “the bank’s” website (maybe with an article on how not to get scammed), while thebank.badguy.com is the “bad guy’s” website. What a difference a dot makes!

There are many ways to defend against phishing.

  • The most important, from the standpoint of the end user, is to pay attention. If the grammar is bad, the email is impersonal (Dear PayPal customer), it promises dire consequences if you don’t act Right Now, the sender’s address is strange looking, or anything else makes you the least bit uncomfortable, it’s probably not the real thing. If you’re worried it just might be legit, close your email, and type the company’s web address in your browser rather than clicking a link.
  • If you hover your mouse pointer over a link, the bar at the bottom of your web browser or email program will tell you where the link actually leads. If it looks like it leads somewhere other than where it says it leads, don’t go there! See Clone Phishing.
  • The best thing you can do is label all such as spam and delete immediately. Some email systems allow you to specifically label an email “Phishing.”
  • Any legitimate banking site will have it’s address start with https://, not http://. The extra “s” stands for “secure,” and there will usually also be a “padlock” symbol next to the address. Some shopping sites will only have their cart and checkout sections secure. Never enter any personal information unless you see “https.”
  • Some internet security suites have “anti-phishing” filters built in, which may help.
  • The Web of Trust, which I’ve talked about before, won’t stop the emails, but can be very helpful in identifying bad sites, including known phishing sites.

Finally, phishing is not limited just to email. Those phone calls from “Microsoft Technical Support” are the same sort of thing. There has also been some phishing via snail mail, although those are rare since postage can run into serious money.

For more information:

https://en.wikipedia.org/wiki/Phishing#List_of_phishing_types

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!

Is It Safe?

It’s definitely Not Safe!

How do you know whether that website you’re visiting, or that email you’re opening, is safe? Well, one way to find out is visit the site or open the email and see if horrible things happen, or take some precautions, if you don’t like living dangerously.

Websites:

There are many web filtering systems out there. The Firefox browser has one, Google has one, most antivirus programs have one, but the one I use every day is Web of Trust. It’s a no-nonsense browser add-on that tells you whether a site is rated safe by users just like you. It requires no complicated settings, it just works. Get it here: mywot.com

Email:

I’ve covered a lot of this ground before, but some things bear repeating:

  • Don’t open any email that you suspect, even a little bit. Even if it’s from someone you know. Their email may have been compromised. An example: I received an email from a friend that purported to say she was traveling in Spain and had lost her wallet, and would I please wire her some money to get home? This lady is not a World traveler, so the alarm bells immediately started ringing. This is a common scam. Turned out someone had hacked her email.
  • Attachments are especially suspect. These often come disguised as billing or shipping info from UPS, FedEx, or a bank or credit card company.
  • Since a lot of scammers know we don’t open attachments much anymore, links in email are equally suspect.

Above all, don’t get impatient and barge in. Think before you click!

For more tips, visit the website below.

http://www.zdnet.com/blog/bott/stay-safe-online-5-secrets-every-pc-and-mac-owner-should-know/3542

 

For even more empowering technology info, read my new book, “Deciphering the 21st Century,” Available now!

Click here to read all about it.

Follow me on Twitter:

I’d love to hear your comments!