It’s one of the oldest cons in the book: convincing a mark that they’re sick and then selling them a handy cure for the low, low price of “You just got ripped off.” Despite this sort of scam being perpetrated on the internet for years now, it’s still bamboozling lots of people, according to a recent court case brought by the FTC against a US-based company that has tricked computer users into purchasing millions in fake technical support to “fix” their computers. The scammers find their “marks” via fake pop-ups warning users that their computers are infected or performing poorly and provide a prominent phone number to call to receive tech support from a “certified” Microsoft or Apple partner (of which they are most definitely not). Once the victim calls, they are essentially tricked into believing they actually need support through carefully crafted application of legitimate tools and deceitful interpretation of events and warnings that are commonplace and not necessarily indicative of an actual problem. Once the scammers get your credit card or bank account info and get paid, they will deliver the service in the form of tech support “theatrics” which is more than likely just a script that looks impressive, but doesn’t actually do anything or might even damage your computer further. It’s also highly likely your payment info gets sold on the black market for additional profit.
Spread the word:
Clients of C2 Technology are typically savvy enough to spot this con a mile away, or at a minimum, have developed a healthy sense of skepticism to pick up the phone and call for a second opinion from someone they know and trust. It may not occur to you that, as a tech-savvy professional, you might actually be that trusted advisor for your family, friends and colleagues. Even if you don’t feel like a tech expert, you know enough to warn the people around you about these sort of scams, and you definitely know an expert who is always willing to take their call. At minimum, you should foster a healthy skepticism in the more naive or gullible loved ones, especially the ones that always seem to fall for the most obvious scams. This isn’t just for their benefit, it serves you as well. The more people around you who stay safe, the less likely you are to get infected. Thanksgiving dinners are a lot more enjoyable when you don’t have an family-spread malware infection on the table.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
With as many as 70 reports of exploding batteries in the US alone, Samsung has officially announced that it is recalling all Galaxy Note 7 phones sold prior to, well, this week. In case you were considering ignoring the recall to continue using your shiny new phablet, know that even the US Consumer Product Safety Commission is recommending everyone stop using the device immediately. Still not convinced? Just do a search on YouTube for exploding batteries to gain a new understanding of just how Samsung’s “hot” new phone is really not one you want in your pocket or purse. While certain less savory media outlets may be sensationalizing Samsung’s flagship recall with lurid headlines, there are at least several lawsuits pending which allege grave bodily injury and extensive property damage.
What this means for you:
Make sure your important data is backed up somewhere other than the device, stop using your Note 7, and head to your nearest carrier service center/store. Know that in most cases, carrier personnel are being instructed by their leadership to not turn on the phone or assist customers in transferring data off the device (which they normally do). Expect your phone to go straight into a box, and if you’ve not retrieved your data, you will not see it again. Depending on your carrier, you will have options to replace the device with something else, get a loaner while you wait for a “safe” Note 7, or just get a full refund for your purchase. Here is Samsung’s official page on the “exchange” program. You should also know that Samsung plans to “nudge” Note 7 holdouts by sending an over-the-air update to lower the phone’s battery capacity to 60%, hoping to provide further incentive to reluctant Note 7 owners to turn in their phablets.
Even if you don’t own a Note 7, there are several valuable lessons that can be learned from the recall.
- Any mobile device that is too hot to touch, especially while being charged, is potentially very dangerous. Immediately unplug it, power it down (if you can do so safely/quickly), and set it away from any flammable materials until it cools down. Definitely replace the charger with a high quality charger – be careful of “booster” or “fast” chargers, especially cheap ones – even if they don’t explode your battery, you can do serious damage to your phone with repeated use if the amperage/voltage is not aligned with your devices requirements.
- Make sure your important data is backed up and retrievable from another device that isn’t your phone. This includes contacts, emails, photos and text messages, as well as any other content you create exclusively on your phone. Both iOS and Android offer “native” cloud platforms that can help you store your phone data, and most major carriers also have custom apps/plans that will also cover you there, but don’t assume these services are activated and working from the start. Most need to be set up, and depending on the amount of data that needs to be stored, may require additional payment to expand your cloud storage. Also, backing up data takes time, especially if your internet connection isn’t very fast.
If you can’t live without your mobile device for more than couple hours, why not swap to your older phone for awhile until Samsung can ship you a phone that has less potential to cause 3rd degree burns. At minimum, know how to check your phone voicemail from another number/device. This will allow you to answer all those concerned calls from friends and colleagues who know you are still walking around with Samsung’s “hottest” new phone.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
In a list of things in life (blind dates, new sports cars, Spotify playlists, etc.) that should be “fire” (latest slang for “hot”) your laptop and its battery should not be named. Unfortunately, if you happened to have purchased certain HP laptop models between 2013 to 2015, you might be re-introduced to the literal definition of “fire”. Technology manufacturer HP announced a worldwide, voluntary recall of certain batches of batteries that “pose a fire and burn hazard” that have shipped from the factory in 35 different laptop models, and may have been installed after-market in 38 other HP and Compaq models. HP has a full listing of impacted models on their website, and offers both software and physical means to determine if your battery is affected by this recall.
What this means for you:
If you’ve purchased an HP laptop anytime between now and 2013, I recommend flipping it over and checking the battery’s serial number on HP’s site. While you’ve got it upside down, visually inspect the battery and laptop for warped plastic, bulging or discoloration of any surrounding materials. Carefully check if the battery is hot to the touch. Warm is OK, but if it’s too hot to touch with your finger, you may have a problem. Keep in mind that certain laptops may run quite hot during CPU-intensive activities, including working with very large documents, playing video games or watching streaming video, and more so if the laptop is resting on insulating materials like blankets, cushions or even your pants or dress. It may also get hot if vents on the sides or bottom of the laptop are blocked for even short periods of time. Don’t panic if your laptop doesn’t have vents – the manufacturer only puts them in if the design calls for it. If your battery is not part of this recall, shows no signs of warping or heat damage, but still seems unusually hot to the touch even after working with it on a cool, flat surface, consider replacing it, either under warranty if still applicable, or by purchasing a replacement, preferably from the same manufacturer as your laptop. Cheaper, off-brand batteries might be an option, but check reviews as the knock-offs tend to have more problems with reliability and longevity.
Laptops and cellphones were once the sole domain of high-powered business executives, but thanks to the proliferation of high-speed internet and falling hardware prices, they are pervasive not only in professional environments, but in just about any walk of life. As you can probably guess, this also means an exponentially expanded attack surface for cyber criminals who are no longer focusing on traditional targets. Anyone who has a bank account or credit history is a potential victim, and younger targets can be exposed to potentially dangerous privacy invasions. Rather than enumerate the various ways in which your security and safety could be violated (we all have enough nightmares as it is), I’d like to focus on some positive actions you can take to make your mobile, digital life safer and more secure.
- Password protect your devices.
Even the most careful professional will misplace their mobile device on occassion. While passwords won’t stop determined hackers, it will keep most everyone else out until it can be recovered or remotely wiped. Laptops normally do not have remote wiping capabilities, so don’t stop at just a password for protecting these types of devices.
- Use built-in apps, or purchase location-tracking software.
Late-model Android and iOS devices have location tracking and recovery capabilities built-in, but they must be enabled. You can add location tracking or a “phone-home” program to your laptop, but it requires the device to be connected to the internet in order for it to report its location.
- Don’t store sensitive information on mobile devices.
With any portable device, the chance of it falling into the wrong hands is high. If you don’t have an IT department managing your device and controlling what can be stored on it, you should inventory what is stored on the device (sensitive client info, photos, personal financial data, passwords) and consider whether you need that information to be stored on that device. If you do, make sure you observe #4.
- Encrypt any storage media.
All late-model Android and iOS devices have the capability to encrypt all data stored on the phone. It’s on be default on iPhones, but must be enabled manually on most Android devices. If you have to store sensitive data on your mobile device, make sure encryption is enabled and working. While it’s not completely necessary to encrypt your entire laptop hard drive, it is possible, and many financial service firms require it on their laptops. At minimum, store your sensitive data in an encrypted partition or folder, or on an encrypted thumb-drive.
- Back up your data.
Do I even need to qualify this particular practice? Backups should be stored separately from the hardware being backed up. It should be transmitted and stored encrypted if it’s internet/cloud based. It should be as frequent as the minimum period of data loss you are willing to lose, e.g. if you can’t stand to lose an hours worth of work, your backups should run on an hourly basis. Be aware of the performance hits this may have on your hardware and network bandwidth.
- Hide devices in parked cars or take them with you.
Mobile device thefts from parked cars is consistently at the top of all loss categories. Thieves know to target cars coming and going from office parks, universities, airports, and the retail/service businesses near these locations. Before you drive away from your work location to a Happy Hour or a quick bite or some grocery shopping, stow your laptop bag in the trunk or hide it in a hard to access part of the car. Don’t do this when you reach your destination, as the thief may already be there, watching for someone to do just that. If you can’t secure it or hide it properly, take it with you.
- Add a leash.
If you are highly mobile and work from many locations, it’s easy to misplace your smaller electronics, and sometimes even laptops. Add a colorful leash to your thumb drives so you don’t forget them, and maybe even consider the same for your phone if you are prone to misplacing it. If you have to take your laptop bag with you to a place where you don’t plan to use it (because of #6), attach the strap to something you will be using at that location, whether it be to your jacket or purse, or even to your leg if you are sitting in a location with lots of noise or distraction. It’s easy to forget work-related tools when you are focused on non-work activities.
- Be less conspicuous.
In open public places with crowds, conspicuous use of expensive mobile devices will flag you as a target for bold thieves. I’ve talked with victims whose laptops were pulled right out from under typing hands in a sidewalk cafe or picnic table, and have read numerous reports of smartphones and tablets being grabbed in broad daylight. If you want to work on your device in a busy environment, keep one eye on your surroundings, and place yourself and your device in a position where it will be less easy to snatch by a fleet-footed thief.
- Educate your friends and family.
Even though you may be cautious and secure, the people around you can undo your careful preparations with carelessness or even well-meaning intent. Be mindful of everyone around you who might not be as savvy as you in technology, and choose carefully how you interact with them via email, social media, and even device sharing. Work laptops are notorious for being infected by family members who don’t have the same security concerns as you do. Quieting a young child with your smartphone may seem like a good idea at the time, but maybe there is some other way you can entertain them that doesn’t involve your work phone.
- Report thefts/losses immediately.
Eventually, it will happen. Whether the device is stolen, damaged or infected and compromised, you should work immediately with the appropriate authorities and professionals to make sure you limit the damage, both to you and your organization, as well as any customers or clients who might be affected. Don’t wait.
America’s biggest bank JP Morgan Chase announced last week that it was the latest victim of a major security breach. According to their regulatory filing, data from nearly 80 million customers was exposed in a successful hacking attempt earlier this year. Though the bank was quick to emphasize that our money and most sensitive bits of info such as dates of birth, social security, passwords and IDs weren’t stolen, names, addresses, emails and phone numbers were – all which could be used to facilitate an identity theft, but which aren’t considered protected or sensitive in most cases. While it’s troubling that the country’s number one bank got hacked, what’s even more worrying is that the media, the public, and even Wall Street seemed to shrug it off and carry on.
What this means for you:
Americans seem to be developing what some analysts are dubbing data breach fatigue: everytime we look up, yet another high-profile company or livelihood staple has been hacked. The list reads like a modern family’s honey-do list: Target, Home Depot, Neiman Marcus, EBay, UPS, Apple, Nintendo, Sony, Albertsons, SuperValu, CHS, etc. There have been nearly 600 data breaches reported this year, up 27% over last year, and we aren’t even done with 2014. Fortunately, only a small percentage of the total population have been negatively impacted in a signficant way, though most of us have probably had one or more credit cards get canceled and replaced for fraudulent activity. What this is leading to is the general perception that these data breaches are “bad” only in a vaguely annoying way, and there is not much that an average person can do to protect themselves, “Heck, if JP Morgan can’t figure out how to keep the hackers at bay, how can I ever stand a chance?”
While it’s true you can’t stop JP Morgan from getting hacked, you can make it harder for cybercriminals to hack you: don’t give in to the fatigue – make them fight for every bit they try to steal from you. Change your passwords regularly, and use unique passwords for your important accounts. Keep a close eye on your credit card statements and your credit history. Make sure your all computers you use have up-to-date and functioning antivirus software. Avoid email attachments and unfamiliar websites. What was once considered “paranoia-level” precautions are the new standard of online safety. Considering that nearly half of Americans adults have had some form of their personal data stolen through an online breach, it’s safe to say that “they” are out to get you – paranoia or not.
Though it sounds crazy to hear it, I’m pretty sure I’m not the only technology professional who wishes computer security was as easy as flipping a switch. Fixing broken technology is a major part of how I make a living, and nothing breaks technology like security breaches. In fact, I don’t want anyone to get infected, hacked or for their data to get corrupted, just like doctors don’t want to see their patients get sick. In keeping with the medical metaphor, there are technology guidelines and practices that can act as preventative medicine for your technology lifestyle. Here are ten suggestions that I hope you will resolve to follow to keep your technology streamlining and not derailing your path to success.
- Put a password or pin on your smartphone. This bears repeating over and over. I know it’s inconvenient, but think of how inconvenient it will be if someone got ahold of your unsecured smartphone and used it to access your private information, or worse, your clients’ information.
- Encrypt your mobile devices and thumb drives. If your device happens to fall into unknown hands, encryption provides a layer of protection that will discourage casual data thieves. In the case of certain smart devices, it may even give you time to remotely wipe and deactivate the device. Certain types of data (especially confidential client or customer information) should always be stored with strong encryption.
- Open attachments and links from emails with extreme caution. The most common vector of infection is via email, either by opening attachments or clicking links to compromised websites. Even if the email comes from someone you know, pay close attention to every aspect of the email for hints that it may be a fake, and if you are at all uncertain, pick up the phone or delete it and ask the sender to resend the email.
- Check your anti-malware software regularly. I know plenty of people who know they have anti-virus installed, but don’t know the name of the product, whether or not it’s up to date, or even if it’s working. Check your antimalware at least once a week to make sure it’s updating and if it’s caught anything recently.
- Don’t allow unsupervised, non-professional use of your computer. Originally, this rule was about keeping work and personal use completely separate, but I realize that is near impossible these days, so I amended it to focus on a potentially dangerous aspect of computing, which is allowing less security-conscious individuals access to the devices you use for business. If you wouldn’t trust this person with your business, don’t grant them unfettered access to your business devices.
- Back up your data. Viruses, thefts and hard drive crashes happen. Like death and taxes, hard drive crashes are inevitable, and it will fail when you can least afford it to fail. Unlike the first two, countering the negative consequences are handled by a simple process.
- Ensure confidential customer/client data is stored securely. If you are in a regulated industry, you are more likely to understand why this is important. But if your business services clients who are part of a regulated industry, you might be held to the same standards of security as your clients. Know what data you are storing, know where you are storing it, and how you are storing it.
- Make sure you have a proper firewall anywhere you use the internet. For the moment, you should consider the internet a wonderful AND dangerous place. Your office probably has a firewall in place (check anyways if you are the least bit unsure), but make sure you have a proper firewall working at home, AND on your desktop or laptop (where practical/allowed by corporate policy). Yes, they can be a bother sometimes, but weigh the inconvenience against a data breach, virus infection and uncomfortable client conversations about losing their data.
- Practice constant vigilance, and encourage it in everyone around you. You may be always on your toes, but you are more likely to let down your guard when interacting with co-workers, friends and family. The more you educate them about the above practices, the safer they will be, and you will improve your odds of keeping your own technology safe.
As in just about every facet of normal life, there are no guarantees, and no magical security switches to flip on and forget, but taking the above ten practices to heart can better prepare you for rougher aspects of technology and the internet. It also helps to have a guide while you are navigating the twisting paths of technology, and you should always consider C2 Technology ready to help you find your way to success with technology.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
In the US, Thanksgiving traditionally marks the start of the holiday season, and most of us will open our hearts and minds (and wallets) just a bit more than we do during the rest of the year, and we let down our guard to enjoy the holiday spirit. Sadly, criminals and other malicious agents are also in the holiday mood, and count on the distractions of the season to really suck the joy out of the holidays. Here are some things you can do to make sure your holidays aren’t marred by the cyber Grinches:
- Stop opening email attachments
This is how the dreaded Cryptolocker virus gets onto your computer. If you receive an email from someone with an attachment that you weren’t expecting, pick up the phone and call that person to confirm that the attachment is legitimate. Hey, it’s holidays. Shouldn’t you be reaching out and touching someone anyways?
- Stop clicking links in emails
Just because you received an email from someone you know that has a link to the world’s funniest/scariest/cutest video does not mean you should click that link. At minimum, hover over the link to read where it’s really going to take you. Or pick up the phone and call that person to verify they sent the email in the first place, especially if the email seems to be out of character for the sender. Sensing a trend here? Wouldn’t you rather be on the phone catching up with an old friend rather than explaining to a bunch of angry relatives why you sent them a virus via email?
- Beware of fake Holiday Greeting cards, donation solicitations and other holiday-related spam
Hackers will be taking advantage of the increased volume of these types of emails. Observe rules #1 and #2, and watch out for poor grammar and out-of-character emails. Just received an X-mas ecard from someone you haven’t talked to recently? You guessed it…pick up the phone!
- Be careful with your personal data
Let’s say you knuckled under the pressure and clicked a link. The website you landed on is asking you for some personal information that seems relatively harmless: Birthdate, ZIP Code, last four of your Social Security number. Unless you are at the website with which you already do business (and have verified its that company’s actual website and not a fake one!), stop what you are doing and back away from the computer. Even these bits of data can be used as a digital wedge to get at other data from your personal life, which can lead to theft of both your money and identity.
- Put a password or pin on your phone
See last week’s article on why this is important, and how to do it. Don’t ask why, just do it. Trust me.
- Be less conspicuous about using your smartphone
Thieves are targeting smartphone users, especially iPhone users, because the devices are in high demand on the blackmarket, especially overseas where the phones can be reactivated without fear of being tracked. A protective case can help disguise your phone, but if you really want to blend in better, choose one that isn’t blinged out and brightly colored. That case that really helps you stand out in a crowd also paints a big target on you for thieves. Keep it in a deep pocket or a bag/purse that zips or latches shut so it will be less likely to accidentally fall out and picked up by someone looks for a free smartphone.
- Keep an eye on your laptop and/or tablet
A lot of us will be traveling during this time of year, and it’s becoming increasingly common to drag along our work laptop so we don’t get too far behind while visiting with family. You’d be surprised at the number of laptops lost/stolen in airports and rental car terminals, primarily because the owners are distracted and overburdened. Having to call your boss to tell them you lost your work laptop and all the data on it will make for a very stressful holiday. It’ll be even worse if you have to call clients to tell them you have lost their sensitive data or may have exposed them to a security risk.
- Where possible, don’t let online vendors store your credit card information
Up until very recently, most online stores assumed you wanted to keep your credit card “on file” with them for convenience on future purchases. While this is still the case, many now offer the option to remove that information, or to not store it in the first place. Given how many websites are being hacked these days, you may be better off not keeping that number on file, especially if it’s with a store you don’t frequent. Having to enter your credit card information once or twice is a trivial inconvenience as compared to having to replace all your credit cards because a website you bought something from years ago got hacked.
- Beware deals on technology “too low to be believed”
With technology, you get what you pay for 99% of the time, which is to say that if you got it cheap, it’s likely that it is cheap. That knock-off iPhone charger might have been a steal, but if it burns up your battery due to an electrical short, your $5 charger just cost you $500.
- Give yourself a gift this year: Back up your data
All hard drives fail eventually. Phones break, get lost or stolen. Viruses happen. If your data is important enough to save to a disk, it’s important enough to back up. There are online subscriptions that can take care of your most precious digital assets for pennies a day and are so simple to use that anyone who knows how to click a link can set up an account. You might not be able to keep the cyber Grinches at bay forever, but a good backup can take most of the sting out of worst virus infections or hardware failures.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net.
Classic car enthusiasts have bemoaned the industry’s shift towards computerizing every aspect of automotive operations, especially things that in the past could be tuned and maintained with a set of tools and a little elbow grease. The rise of technologies like fuel-injection, ABS and automatic transmissions have made our cars some of the most sophisticated electronics we use on a regular basis, aside from our smart phones and computers, and like them, sometimes we know very little about how to keep them operating at top efficiency. A new company, Automatic, aims to change that with a small device called the “Automatic Link” which plugs into your car’s ODB-II port – the same one auto shops use to run diagnostics on any car made after 1996.
The device connects to your iPhone via Bluetooth, and using telemetric data gathered by your car’s own onboard computers, GPS data tracked on your phone, and (presumably) some powerful cloud-based data analysis, will analyze your driving habits and start to put together recommendations on how to drive more safely and efficiently, as well as providing historical analysis of all previous travels in your vehicle including time spent on the road, distance traveled, and average fuel-efficiency. If it spots trouble with one of your car’s systems, instead of flashing a cryptic message code that you have to dig out of your car’s instruction manual, it will again leverage the internet to provide more meaningful clues as to what might be wrong, and then show you nearby highly-rated auto mechanics that can help.
What this means for you:
The Automatic Link isn’t shipping until May of this year, so aside from media hype, all we have to go on are the promises of Automatic’s website. At the moment, it’s only being launched for iPhones, so if you aren’t among the Apple faithful, you are out of luck at the moment. This device is following a growing trend where we are tying larger portions of our lives to our smartphones, which, as I’m hoping you realize, is a double-edged sword. There are a great many benefits to be gained from devices such as this – but at what cost to your personal privacy. No doubt, Automatic has plans for the massive amount of data these devices can gather, and I imagine the demographic information contained within has any location-based business salivating at the prospects.
Yesterday I posted about the real possibility of cybercriminals and spammers using Facebook’s upcoming “Graph Search” as a means to easily sort out and research potential targets. The Electronic Frontier Foundation, ever on the lookout for our privacy (even when we won’t do it ourselves), has put together an excellent guide on all the settings you should review in Facebook to make sure the data you want to be hidden from the general public stays that way.
What this means for you:
If you’ve ever taken a stroll (or even a dedicated walkthrough) of Facebook’s privacy settings, you probably gave it up for being unnecessary and complicated. Hopefully my previous article made you reconsider the “unnecessary” stance, and now EFF gives you a step-by-step guide to setting the privacy settings to what you want them to be. The only thing better would be having me sitting with you personally to go through each step and doing it for you. I could totally do that if you like, but while I was doing it, I’d be giving you a (possibly boring) lecture on why you should be learning how to do this for yourself, etc. Your privacy and security is important enough that you should understand exactly how Facebook shares your personal information. We are entering a period of time where getting duped by hackers is moving from nuisance to an actual threat on your livelihood and possibly even your personal safety, and the best defense is knowledge and preparedness.
Holidays usually bring out the best in people, especially those who truly are kind-hearted and enthusiastic about the season, but it’s also an opportunity for the Grinches among us to take advantage of everyone around them. E-cards aren’t new to the internet, and may have actually waned in overall popularity since their inception many years ago, but the winter holidays usually see a spike in their usage. Internet blackhats know this trend, and ironically, it’s like Christmas for them, because they know they can trick more than the usual number of people into opening fake greeting cards that instead of delivering cheer and love, drop a big helping of malware coal in your digital stocking.
What this means for you:
Frankly, I verge on the side of paranoia, and and don’t open any digital greeting card these days unless I recognize the URL (and confirm it’s not a counterfeit). This makes me feel vaguely Scroogish, but I’d rather not spend the holidays disinfecting my computer. If you get a E-card from someone that you weren’t expecting, especially if it’s from someone you know wouldn’t send one (or they already sent you an actual physical greeting card), take a moment to contact that person to verify they actually sent it, especially if you don’t recognize the URL. Heck, it could be your opportunity to reach out to someone you haven’t spoken to in awhile, and there’s no better time like the holidays to reconnect with acquaintances, right?
If you do decide to open that virtual card, make sure your antimalware is up to date, your operating system fully patched, and you have C2 Technology on speed dial!
Image courtesy of “mrpuen” / FreeDigitalPhotos.net