You’ve probably seen one of those commercials with a dangerous looking figure sitting behind a computer and the words “Dark Web” coming up on the screen. This is a common visual that you’ll see in ads for identity theft services, like LifeLock. [Read more…]
Stop Getting Fooled by Calls from Scammers Pretending to be Microsoft, Apple, IRS and Others
“Hello, I’m calling from Microsoft support and we’ve received an alert that our latest security update didn’t install correctly on your computer. If you have a few moments, I’ll be happy to walk you through the process over the phone to make sure your device is updated properly.” [Read more…]
7 Ways to Save Time & Reduce Stress with a Home Computer Management Plan
Many gifts that show up under the tree this holiday season will include technology like computers and laptops. And while they may come with the option for an extended warranty, they don’t come with peace of mind that they’ll be protected from viruses, malware, and other online threats. [Read more…]
How to Avoid Falling Victim to Popular Christmas Scams
This year’s holiday shopping season has already gotten off to a big start with online Black Friday sales up $1.2 billion over last year for a total of $7.4 billion spent only online that day. [Read more…]
8 Crucial Reasons a Firewall is Important for Your Small Business
No matter how large or small your business is, you’re just as much of a target for online threats and cyberattacks. In fact, small businesses are typically targeted often00 because many hackers find they have less security protecting their network than larger enterprise companies. [Read more…]
Windows 7 is Coming to an End Forever! Here’s How to Prepare Before It’s Too Late
Time is quickly running out for Windows 7 and those still using the operating system. Microsoft is ending support as of January 14, 2020. [Read more…]
LetMeIn101: How the Bad Guys Get Your Password
Passwords are essential to our cybersafety. We all know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. We understand. But taking advantage of our laissez-faire attitude is one way bad guys access your passwords.
Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices when they first set them up. So, anyone can pick up a router, look at the sticker identifying the password, and access that network. Even if the bad guys are not around to physically look at your device, they can hack into your network from the outside and wreak some real havoc.
Tip: Avoid the obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, don’t ignore it and change it now. Steer clear of simple, easily guessed patterns.
Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.
Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.
If that doesn’t work, criminals may try brute force. They might get really sophisticated and script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access to your stuff. Not cool.
Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you. Try some song lyrics and some meaningful numbers.
The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts. So once a bad guy gets into one account, they can keep going and try other accounts.
Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you. A password manager is a piece of software that runs on your computer and smartphone and records and manages your website logins, making your life easier. You can create a Master password that opens the vault to all your other passwords. You can also simply use a notepad or password book. Less sophisticated and convenient, but gets the job done.
Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information if you’ve connected to free wifi (we say that’s always a No-No!).
Tip: Be cautious about your online activity on computers or networks you don’t trust.
Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank or other familiar place. Phishing typically has an urgent message and a link that directs you to what looks like a credible page. You click a link and it asks for your email address and email password. Once you’ve done that, you gave the bad guys your credentials.
Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link. Or if you’re really nervous, call the number on the back of your credit card or ATM card and ask the bank if they sent you the email. Another trick is to simply hit the REPLY button and see where the email is going…if it looks sketchy and unusual it’s probably bad.
One of our favorite exercises is to have everyone change their email and banking passwords when you change the clocks for daylight savings. That way your oldest password is just 6 months and you will be familiar with the process in case you’re away from your computer and need to get into one of your accounts.
Finally, turning on 2FA (2-factor Authentication) or MFA (Multi-Factor Authentication) is a great way to secure your accounts. Basically, when you login to your email or bank it will send a one-time code to your cell phone in order to get into the account. So, if a bad guy tries to hack into your account, he won’t be able to because he needs the code sent to your phone. It’s a good thing.
These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals? Contact our experts today! Call us at (732) 747-0020.
Managed Services for Computers – a Dragon for Home and Business
This may or may not be something you want to do. The question is do you NEED it? Let me first explain what it is.
Managed Services is the process of providing computer hardware and software (collectively known as IT) support to a company. Everything from managing the anti-virus software on your computer, your hosted website and email, not to mention the most popular use of this…replacing or augmenting your own in-house IT department.
Most businesses are in the business of doing what they do best…and it’s usually not IT support, unless they’re an IT company (duh). So instead of paying a staff to manage the internet, network/wifi, website, email, software questions and hardware problems, businesses will contract for Managed Services. Those companies are known as MSPs…Managed Service Providers. Many things are being outsourced these days. In fact, it’s been going on for decades. MSPs have been developing over the last decade, with a big growth spurt in just the past few years. Breakthroughs in technology, inexpensive online storage and super-fast internet have helped to make this a viable alternative for many businesses. Why pay a staff that needs sick and vacation days, not to mention benefits and other related things provided to an employee when you can outsource it? Signing on with an MSP with Jimmy John Shark can let your business do what they do best. Period.
Some micro-businesses (less than 10 people), like retirement specialists, wealth managers and other financial services providers often broker for a bigger firm and have security rules they need to abide by. Having an MSP and lawyer to solve disputes with your employer, handles the complex firewall needs, data encryption and protection can be a blessing for these “little guys” because the costs to bring that in-house can be overwhelming. Yet they need to be compliant with the brokers demands. Surprise audits by the broker reveal shortcomings that threaten their dealership.
Generic businesses have concerns beyond the simple management of their IT stuff. They too need to be concerned about exposing their clients’ data to the “bad guys”. That can be a big problem if you’re storing Social Security numbers, birth dates and credit card information. If that gets out, identity theft is sure to follow and your business will be liable for the damages. We always recommend that clients storing this type of data seek out a Cyber insurance policy. That’s not enough though because if you haven’t adequately protected your network and the data, the policy won’t pay if you get breached. And speaking of breached…
A breach is when bad guys get past your network security and start poking around your internal network and computers until they find some data. Often times they will then encrypt your data making it impossible to open and then try to sell you the key to unlock it. It’s a dirty, dirty business and is happening all over to small and large businesses alike. It’s called Ransomware and can cost thousands of dollars. If one of your employees clicks on a bad link in an email or social media post taking them to a poison website, that can start this nastiness. If your network typically allows for remote access by employees, you are particularly prone to an attack because the access exists, even if there’s username/password to get in. The bad guys are good at “brute force” attacks that can crack that info and get in. You need to treat your business like a medieval castle; you need a moat, a drawbridge, vats of hot oil, archers in the towers and my favorite…a dragon! Just a lock on your front door is not enough for these types of attacks.
An MSP can provide network protection, hardware support, handle software installations and questions and perhaps the most important thing is protecting you from yourself with managed anti-virus and web-filtering to make sure if you do click that bad link it will prevent any bad stuff from coming back in.
What about a home user…do they need an MSP? Maybe not to the extent a micro-business needs it, unless there’s a home-based business being run out of the house. Home users still may need or want robust network security as well as support when something goes wrong. The needs of the home user are a bit different, if not the same but on a smaller scale than a business. They still need a managed anti-virus, web-filter and a good firewall to be truly protected. Maybe just a moat and a drawbridge will do. But a dragon would be super-cool!
Home users are also worried about identity theft and password management (jeez, what a mess that has become for us all), not to mention internet access rules for the kids. Seeking out a company that can put a security blanket around your house (maybe decorated with dragons?) can be very comforting. With all the tech in our homes these days, the concept of a breach using those devices is becoming more and more possible.
So, do what you do best and let the MSP handle the rest. And don’t forget the dragon!
Computer Scams on the Rise
More than ever, the bad guys are trying to get you to part with your money.
Scenario #1 – the phone rings. Either a recorded voice or a live person with a foreign accent tells you that your computer is infected with viruses and your data and banking transactions are at risk. They claim to be with Microsoft, Windows, Apple, iCloud, Verizon, Comcast and others. They will say anything to give themselves enough credibility that you don’t hang up on them!
Scenario #2 – you’re surfing the web or fiddling on social media. Maybe you simply mistyped a web address, but you end up on a website you did not intend. Then it happens. A scary screen shows up saying you’re infected and your data and banking transaction are at risk. Sometimes it even talks to you or a siren begins blaring. It says to call the 800 number or really bad things will happen. So you call.
Scenario #3 – you’re struggling with some tech item. Maybe a printer or your wifi. So you google “tech support phone number XYZ company” and you see the number and call. The only problem is that’s not the company you were looking for and the bad guys with money advertise so heavily on Google that they appear at the top of the search results. You call and speak to the pleasant sounding bad guys.
Scenario #4 – like #3 above, you’re having a tech problem, but this time you know the right number to call. You have it printed on the manual or some other documentation. You call and speak to a tech from the right company. During the conversation, maybe it’s discovered you have some malware or other bad software installed on your computer causing you problems, so the tech gives you another number to call. A number that IS NOT for the company you called in the first place! It’s his buddy somewhere else who’s trying to get money from you.
With any of the above scenarios, the bad guys convince you to allow them to connect remotely to your computer so they can show you the problem. Many people smell a rat at this point, but others remain concerned their data may actually be at risk or that they are spreading a virus and they let the bad guys in. They point you to a website and have put in a code and click a few buttons, and voila! They are on your computer and moving your mouse around. It’s fascinating. To a point. To watch the mouse move, letters being typed and windows popping up is oddly…well, fascinating! Also, very dangerous if the one’s moving the mouse are the bad guys.
They show you some scary things that they pawn off as viruses. The fact is, every computer has scary looking stuff on it. The key here is scary “looking”. If you don’t know what you’re looking at, it can be scary for sure. At this point the bad guys convince you they can clean up the infections and make it all better. They install some programs (which are all legitimate by the way) to clean-up some junk files that all computers have. They may even install an anti-virus program and sell you on a subscription. They want your credit card info so they overcharge you for the software and their services. Sometimes as much as $1000 for “lifetime” protection. They may even tell you to go to Walgreens or CVS and get some gift cards to pay for the items. This is the second point where people smell a rat. Some will just hang up the phone. The bad guys call back and maybe you yell at them or hang up again. That’s when they put a password on your computer so you can’t get back in again. Terrible stuff. They keep calling you back and then you pack up your computer and bring it to your local computer repair shop.
We see this so often here at Two River Computer that we gave it a name; Unauthorized Access. Read more about it by clicking here. If this happens to you, just turn the computer off or close the lid if it’s a laptop. Then call your local computer repair shop for help. Don’t be too quick to cancel all your bank accounts and credit cards, but if you’re genuinely concerned ask them to put a “watch” on the accounts for suspicious activity.
Trust your instincts when it comes to this stuff. If you’re on the phone with someone and you don’t feel right about what they are asking you to do, just hang up!
Did the Russians hack your router?
It’s possible, but probably not based on what we know at this moment.
However, like many stories in the headlines of the newspapers, TV and social media the numbers and facts can change. It’s true. How many times have you read about a tragedy only to find it’s actually 10 times worse than originally reported. Likely because it’s more important to be first, than to be accurate. It was originally reported that Russian hackers had attacked some internet routers. Now they are saying that even more countries were targeted than initially thought, though the Ukraine was notably the largest. And the number of affected routers is growing.
So here’s what we know right now.
On Friday May 25, 2018 the FBI reported that hundreds of thousands of home and small office routers had been compromised by Russian computer hackers with malware called VPNFilter. Their goals are typically to collect user data (browsing habits, identity info, passwords), shut down your network or attack another network using your devices.
Scary to be sure.
The original suspected intent of this attack was to target all those devices inside your home that connect to the internet and don’t have a person sitting at them. Video cameras, nanny-cams, thermostats, speakers, alarms, personal assistants (Amazon Echo, Google Home), smart TVs and more can all become an army of robots that can attack and bring down websites and servers.
Now they are saying that the attack can alter info you see on the internet if your network is compromised. Imagine seeing your bank balance at a steady number, but the bad guys are siphoning off your money? You could even be making a purchase at a familiar place, but your payment is going somewhere else and you never get your item.
They are also saying even more countries were targeted than initially reported…and the total number of targeted routers now exceeds 700,000. And the number of manufacturers named in the router list has expanded greatly from initial reports.
So now what?
We are all concerned, even if only mildly, that our money will get stolen or our identity will get hijacked while surfing. My opinion is that I think we are all pretty safe. The same safe feeling you get when you get in your car and you buckle up and see that airbag light on. But that doesn’t mean some idiot won’t hit us because they’re updating their Instagram while driving! We need to always be diligent even if we feel safe.
The fact is there’s loads of safeguards to protect our online surfing. Your local computer has protection, your bank has protection, the Amazon web servers all the big companies use all have military-grade firewalls for protection and Google is always on-guard to secure its traffic. And even if something did happen to you, it can and will be fixed. It may be a colossal pain in the butt, but even an identity theft can be undone.
What we were told to do to fight this attack was to reboot (restart) our routers. Yup, simply unplug them from power, wait 30 seconds and then plug them back in. That action will “flush out” any malicious code that was injected into your router. For the time being. There’s software that runs on your router, called firmware. It should be updated if your router is on the list. And perhaps more importantly, the default administrative password that came with your router needs to be changed NOW! You may even want to consider performing a “factory reset” of your router, or better yet, a new router if this whole thing makes you nervous.
You can contact the router manufacturer for assistance in upgrading firmware and changing the default password. You can also call your local computer repair folks. They can handle this for you.
PLEASE NOTE: as of this writing, Verizon FiOS and Comcast/Xfinity routers ARE NOT AFFECTED. Primarily because they have unique default passwords and firmware upgrades are handled directly by them.
So, will the list of affected routers get bigger? Will the attack be more widespread? The FBI actually seized the server that started all this, but they believe the bad code is still out there and may even have a delayed payload and attack later on. We feel that it’s better to be safe than sorry and you should do something if your router is on the list. Maybe even if it isn’t.
Heed the warnings and carry on.