Sharing Your Social Media Identity with the Government

Posted on June 28, 2016September 4, 2016 by Gail Eddy in Facebook, Hackers, Passwords, Social Media

Every once in a while I read a story that makes me say:

WHAT?

Today was one of those days. According to this article in arsTechnica, the US Customs and Border Protection is considering adding a new field to their Visa application process. They will be asking visitors to the US to provide their Social Media Identity. Apparently it won’t be a required field, but if you leave it blank, it will look very suspicious.

“The agency says travelers coming to the US…. won’t be forced to disclose their social media handles, but leaving it blank obviously could raise red flags.”

Additionally, the verbiage associated with the request is very nebulous. According to the article:

‘Here’s what will be asked: “Please enter information associated with your online presence—Provider/Platform—Social media identifier.”‘

So, someone who is not paying attention may provide not just their ID, but might also provide their login and password info!

I have a couple of thoughts about this.

First, of course, is that anyone can find anything online, so adding a box on their form will just make the process a little easier for Customs to get your info.

Second, how will Customs keep this info safe? How will they insure that someone can’t hack into their systems and capture the info – especially if some of those applications may contain ID’s and passwords?

Lastly, how will this help? Call me cynical, but I don’t think someone entering the country with malicious intent is likely to be providing their “real” social media identity.

It is far too easy to set up multiple identities online. Just look at me. I’ve got an email for business, an email for personal stuff, an email for networking, and an email for signing up for stuff online. It was easy to do this. And once you have different emails, you can set up different social media accounts.

No, those folks will be providing their ”professional” social media account; the identity they use for LinkedIn to show that they are an upstanding citizen of their home country. I fail to see how this new field on the visa application will keep out the “bad guys”.

What are your opinions about online privacy and multiple identities? We’d love to hear your thoughts!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

Join Amazon Prime – Watch Thousands of Movies & TV Shows Anytime – Start Free Trial Now

Save

Change Your Password!

Posted on May 24, 2016March 23, 2018 by Gail Eddy in anti-virus, Hackers, Phishing, Social Media

In the last few days, we’ve had a bunch of calls from customers who have had their email hacked. They are hearing from friends and clients that their email is sending out spam. Some of them have been aggravated with us because they feel like their anti-virus should have protected them. (Security software can’t protect you if someone else already has your password information.)

Here’s the deal. Several years ago, LinkedIn was hacked. Login credentials were stolen from approximately 117 million LinkedIn accounts! Although this happened in 2012, one of the “bad guys” has recently decided to sell the credentials.

According to this article from Tech Crunch:

Now, according to a new report from Motherboard, a hacker going by the name of “Peace” is trying to sell the emails and passwords of 117 million LinkedIn members on a dark web illegal marketplace for around $2,200, payable in bitcoin.

117 million LinkedIn emails and passwords from a 2012 hack just got posted online

CNN:Money adds their two cents:

Companies typically protect customer passwords by encrypting them. But at the time of the 2012 data breach, LinkedIn hadn’t added a pivotal layer of security that makes the jumbled text harder to decode.

Put on the defensive, LinkedIn is now scrambling to try to stop people from sharing the stolen goods online — often an impractical task. The company is also invalidating all customer passwords that haven’t been updated since they were stolen.

LinkedIn said it’s reaching out to individual members affected by the breach. This particular hack affects a quarter of the company’s 433 million members.

http://money.cnn.com/2016/05/19/technology/linkedin-hack/

Since many people use the same password on their other online accounts, the hackers can potentially access other accounts as well.

Our advice? Change your passwords for LinkedIn and other social media sites today. If you use the same passwords for other online sites, change the passwords for your email and banking accounts too. (If you didn’t have a LinkedIn account prior to 2013, you should be safe. This time.)

Changing your passwords on a regular basis is always a good idea!

Join Amazon Prime – Watch Thousands of Movies & TV Shows Anytime – Start Free Trial Now

The Scariness Increases

Posted on March 22, 2016March 28, 2016 by Gail Eddy in Data Backup, Data Recovery, Hackers, Malware, Tips

Ransomware

Chris forwarded a link to me the other day about some scary “malvertising”. For those of you who didn’t have Senor Garcia for High School Spanish, “mal” is a Latin prefix meaning “bad”. Other words you might be familiar with include “malware” and “malicious”. And that’s what this is: Malware that looks like advertising, but really contains malicious code.

I can hear you saying: “But I know how to be careful and not click on stuff that looks suspicious!” And that’s the issue right there. These are “advertisements” that appear on highly respected websites. ARS-Technica warns us that:

“Mainstream websites, including those published by The New York Times, the BBC, MSN, and AOL, are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned.

The tainted ads may have exposed tens of thousands of people over the past 24 hours alone, according to a blog post published Monday by Trend Micro. The new campaign started last week when “Angler,” a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network.”

Another technical site, MalwareBytes, mentions some other websites, including Newsweek, Realtor.com, and NFL.com.

And, the malware that is being downloaded isn’t your run-of-the-mill virus. In many cases it is Ransomware, which takes all of your files and encrypts them with a special key. You then need to pay a ransom to get the encryption key to get your data back.

This is not a message you want to see popping up on your screen!

Ransomware Image - source: http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/ — Ransomware Image – source: http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/

What is our advice?

Use an adware blocker like AdBlock Plus
For some websites, they won’t show you ANY content unless you agree to see their ads. In that case, never click on an advertisement.
If you really are interested in a product or service that is being offered, go to the company’s site directly.
Keep your data backed up to an external source. And back it up at least once a month – more often if you are working with ever-changing and precious data.

If you need help getting rid of any malware, or learning how to regularly back up your data, give us a call!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area.

We’ve been using Amazon Prime for the past few years. We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet, but I’m tempted! Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial

Are You Thinking of Using a Password Manager?

Posted on January 26, 2016February 2, 2016 by Gail Eddy in Cloud, Hackers, Passwords, Phishing, Tips

I am of two minds when it comes to an online password manager. On the one hand, I think it would be a great way to keep multiple passwords secure. On the other hand, I worry about hackers gaining control of my data.

That being said, if your keyboard (or monitor) looks like this, it’s time to find another solution!

Luckily, there are several online password managers to choose from:

1Password
Dashlane
LastPass
KeePassX
mSecure
Sticky Password

Most of these have the same or similar features.

Manage passwords over multiple devices
Generates ultra strong passwords
Stores banking and other sensitive information
Most are free but do have an annual or monthly fee for certain upgrades
Some utilize the iPhone fingerprint to confirm your identity

Even with a secure password manager, you still need to be careful of “spoofing”, where a fraudulent web page is displayed to trick you into providing your super-secure password key as described in this article:

Which password manager do you use? What are its best features? What don’t you like? Let us know in the comments below!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

Protect Yourself from Phishing Attacks!

Posted on January 5, 2016October 7, 2020 by Gail Eddy in Hackers, Phishing

How to protect yourself from phishing attacks? Many of you know that I take frequent road trips. That’s why my vehicles have the EZ-Pass device on them. EZ-Pass automatically collects tolls on highways and bridges on the East Coast. (FYI, FasTrak is used on the West Coast. Here in Colorado, we use ExpressToll.) When this article crossed my news feed, I was particularly interested.

“Phishing Scam Alert: There is a phishing email* being sent to drivers across the nation claiming they owe money for unpaid E-ZPass tolls. This is not an email from The Toll Roads, the Transportation Corridor Agencies, E-ZPass or E-ZPass tolling agencies. E-ZPass is used to collect tolls electronically on the East Coast; FasTrak is used to collect tolls electronically on the West Coast.

In fact, during the fourth quarter of 2015, phishing attacks saw a huge increase. As expected, financial institutions took the biggest hit, although any company is vulnerable.

Wikipedia has a good definition:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

How to protect yourself from phishing attacks:

Remember that most phishing attacks come via email, so it is very important to remain vigilant about what links you click in the emails you receive. Even when an email looks legitimate, with accurate looking logos and links, if you have any doubt, don’t click!

Social Media is becoming another prime target and a place to protect yourself from phishing attacks. In fact, according to Ian Trump of LogicNow:

“One in five phishing attempts is made through social media. Some of these will be unsophisticated attempts to snare anyone who might miss-click, but others will be more targeted and try to fool people with specific information, attempting to drive the user to a fake website where they will enter their username and password. A compromised social media account has the potential to wreak further havoc, especially given the habit for people to use the same password over and over again for both work and personal accounts.” More info in this article.

Whenever you receive an email saying you owe an organization money, or they need to confirm your information or anything that makes you wonder if it’s for real, be especially careful. Never click the link on the email. Instead, head to the website you’ve used before to check out the authenticity of the message. If you find that it is a phishing attempt, notify the company too.

Have you been hacked? How do you protect yourself from phishing attacks? How do you handle it? Let us know in the comments below!

I’ve created a Free Report on how to protect yourself from phishing attacks. Click here to receive it!

Watch Out For Phone, Text, Email, and other Scams:

Remember to stay well clear of shortened links unless you know without a doubt where that link will take you. That includes most bit.ly and owl.ly links. Here’s a recent article about short links.
Right now there are a lot of scams out there. Read our article about Covid19 scams.

Information about Geek For Hire, Inc.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years. We like the free and fast shipping. With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

A Look Back at 2015 in Technology

Posted on December 22, 2015December 2, 2019 by Gail Eddy in Computer History, Hackers, Siri, Tips

Every year there are new developments in the Technology world, and 2015 was no exception. Here are just a few:

VR Headset – At the CES 2015 show in January, no one expected Virtual Reality for the masses to be available this year. They were wrong! Announced in time for Black Friday, Oculus as released a headset that works exclusively with the Samsung Galaxy smartphone. More info here:

iWatch – Apple has been developing their watch since 2011 and it was finally available in the spring of this year. Reviews on the different tech sites that review these things have been mixed. Reviews by Amazon consumers are much higher.

Intel Skylake – Chris is pretty excited about the new 6th generation Intel Core Processor. He says it will run better on mobile technology. Do you know what the 1st generation was? Check out this article and astonish your geeky friends!

Tesla – Chris is also excited about the new Ludicrous upgrade to the Tesla Model S P90DL. Well, anything that takes you from zero to sixty in under three seconds has got to be worthy of some salivation! Here’s a link to DragTimes video.

Car Hacking – This was a big story this past spring. Computers in cars are pretty ubiquitous now and are just as susceptible to hacking as other computers are. The difference here is that car manufacturers don’t seem concerned and are not doing what they could to make their systems more secure. A previous blog about a report released by Senator Ed Markey has more information.

DieselGate – Earlier this year we found out that VW and Audi installed software on many of its 2009-2015 diesel models that would essential “cheat” emissions tests. From this NYTimes article “The software sensed when the car was being tested and then activated equipment that reduced emissions, United States officials said. But the software turned the equipment off during regular driving, increasing emissions far above legal limits, possibly to save fuel or to improve the car’s torque and acceleration.” There’s more info here: Late last month, VW announced their fix for the diesel engines. Automotive News describes the modifications that will need to be made here.

What do you were the most significant technology announcements in 2015? Share in the comments below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

How To Keep Your Online Presence Safe During the Holiday Season

Posted on December 15, 2015December 2, 2019 by Gail Eddy in Hackers, Passwords, Tips

With the holidays coming up, people are doing lots of online shopping. It is very important to keep your online presence safe! Last week I heard the Amazon website may have been hacked and user IDs and passwords may have been compromised.

Now is the time to change your password for all of your online accounts. Especially accounts where you have credit card or other financial information stored!

When you change your password, make it a STRONG password!

Use each type of character that the website allows. For example, some websites only allow you to use letters, capital letters, and numbers. Others allow you to use special characters like “@”, or “&”, or “#”. Always use the special characters unless the website doesn’t allow you to. One of the best ways to make a strong password is use a word that is familiar to you and change some of the letters. For example, you can change “a” to “A” or “@”. You can change “o” to “O” or “0”. An “s” can become “5” or “$”. You get the idea. It’s also important to use a long password. Most websites require eight characters, but you should use at least 16 characters wherever the website allows you to. Adding a date to your familiar word will add another eight characters to your password

Here are the steps to follow:

Use letters and capitals
Use numbers
Use special characters
Replace letters with capitals, numbers, and special characters
Make the password at least 16 characters long, or as long as the website will allow you

So a good strong password could be “1_lIk3-$un5ets_1215” instead of “Ilikesunsets”

When you change your password, make it a UNIQUE password!

Use a different password for each site. When you use the same password on multiple sites it makes it that much easier for hackers to get into your accounts on other sites as well. Each site where you have stored credit card information or other financial information should have a different and unique password. So, yes, you’ll need a different one for Amazon and eBay. And, you’ll need a different one for Fidelity and Charles Schwab.

What’s the best way to do this? Add two or more characters to your strong password to indicate which site it is for. For example, you could use “1_lIk3-$un5ets_F1d”, or “1_lIk3-$un5ets_eby”

Phishing is also a holiday issue!

Phishing is where someone tries to trick you into giving them your sensitive and private information. Generally, they’ll send you an email. (They might also call you on your phone.) They tell you that there is an issue with your Amazon or Charles Schwab account and you need to update your password immediately. The email looks legitimate and you are tempted to click on the “Log into your account now!” button. Even if it is a legitimate email, you should always go directly to the official website and log on from there.

Do you already use strong passwords? What tricks do you use? How do you remember them all? Share your tips with your fellow readers in the comments below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Patch Tuesday

Posted on December 7, 2015December 2, 2019 by Chris Eddy in Hackers, Malware, Microsoft, Patch Tuesday, Tips

A couple of years ago, when I started leaving my computer on all the time, I noticed that my computer would be turned off in the morning. Since I knew I hadn’t turned it off, I turned to the most likely culprit. I asked Chris why he had turned off my machine without letting me know so that I could save all of my stuff first!

That’s when he told me about Patch Tuesday. Microsoft has been sending out monthly updates, generally on the second Tuesday of each month, for a long time. They formalized this process in October 2003. According to this article:

“Microsoft has a pattern of releasing a larger number of updates in even-numbered months, and fewer in odd-numbered months.[7][8][9] Minor updates are also released outside Patch Tuesday. Daily updates consist of malware database refreshes for Windows Defender and Microsoft Security Essentials. Sometimes there is an extraordinary Patch Tuesday, two weeks after the regular Patch Tuesday. Some updates could be released at any time.”

Although Microsoft has changed the name to “Update Tuesday”, the new name hasn’t gained wide acceptance in technical communities. The patches generally include code to update your Operating System to fix known bugs and to plug up any vulnerabilities from malware.

Most people notice a “Patch Wednesday” more than Patch Tuesday. Since the updates are generally installed overnight, you might be prompted to turn off your machine on Wednesday morning to finish the installation. And, occasionally you’ll experience glitches with your machine on Wednesday.

Patch Wednesday is also called “Crash Wednesday” since your computer is more likely to crash after the Patch Tuesday updates have been installed. We frequently hear from customers on “Patch Wednesday” who tell us that all of a sudden they can’t print, or their internet isn’t working. Lots of times the fix is as easy as turning off the machine and turning it back on again. But sometimes they need us to reinstall drivers or re-configure their router.

It’s also been called “Exploit Wednesday” since there have been times when the Microsoft patches have left machines more vulnerable to malware. In fact, a recent blog by UK engineer “Zeros & Ones” is a bit of a rant about the whole Patch Tuesday process.

“Security is not ‘my bag’ as such – but the people at Microsoft seem to be in a fantastic situation where security issues only arise on Tuesdays. How do they do they seem to manage to get the ‘bad man’ on side?”

If you’re interested in all the patches over the past ten years, check out this website, or this one for the past five years.

What do you think about Patch Tuesday? Share in the comments below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

The Biggest Lie in the Computer Industry?

Posted on October 27, 2015December 2, 2019 by Chris Eddy in anti-virus, Apple, Hackers, Malware, Phishing, Tips, Virus

What’s the biggest lie in the Computer Industry? It’s the myth that Apple’s don’t get viruses.

Geek For Hire has been out there fixing computers since 2001 and we’ve seen just about everything. When someone tells me they have a Mac, or are switching from a PC to a Mac because Mac’s don’t get viruses, I have to respectfully disagree.

As early as 2012, Apple changed their stance about viruses on their machines. According to the Huffington Post, in June of that year, they changed their verbiage from:

“Safeguard your data. By doing nothing.”

To:

“Safety. Built right in.”

In the last few months, we’ve been seeing more and more viruses on Mac machines. Everything from lots of adware and pop-ups, to “a lady’s voice keeps telling me to run my virus scanner”, to what’s commonly being called “scare-ware”.

What’s out there?

Malware is the general term used for any malevolent or bad software that can get loaded onto your computer.
Spyware is software installed on your tech device without your knowledge or consent. It collects information about you and relays it to an external person or organization.
Adware is frequently called pop-ups. This is where you get lots and lots of pop-ups with advertisements. Lots of people just live with this type of infection not realizing that it’s often accompanied by other more malicious malware.
Virus is the most common term used by “real” people for all of these types of infections.
Scareware is similar to Adware in that it generates a pop-up. In this case though, the pop-up tells you that your machine has an infection and you need to visit a particular website RIGHT NOW to get the virus removed.

How to keep your computer safe? Be careful what you click on! Don’t open attachments in emails. Don’t click on ads on the websites you visit. Above all, make sure you select an anti-virus program that continually upgrades their software and pushes those changes to your computer. We recommend ESET’s NOD32 anti-virus protection for Mac’s and PC’s.

Did you think Apple machines were impervious to viruses and other malware? What steps do you take to keep your machine safe? Let us know in the comments below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

How To Spot An eMail Scam

Posted on August 4, 2015January 5, 2016 by Gail Eddy in Click Bait, Hackers, Malware, Phishing

The scammers are getting better and better. The text of the email looks legit; the email address looks legit; the graphics are professional. How can you tell when your phone company is contacting you vs. when a scammer is impersonating your phone company?

A client received this email last week and gave us a call.

Everything looked good on the email that she forwarded to me. I hovered over all of the links to see what website they actually pointed to. I looked at the logos, and they actually looked like the real ones. A quick search shows that both “Digital Vault” and “@Ease” are real CenturyLink services. Even the deadline, almost three months in the future, seemed like a legitimate phone company corporation deadline.

The only trouble was that our client had no recollection of signing up for a CenturyLink cloud based storage or “Digital Vault”.

She said that she was going to call CenturyLink about this and I urged her to call a number that she already had, rather than any phone numbers included in the email. When she called CenturyLink, they told her it was a scam and asked that she forward the email to them.

So that’s my advice this week – If you receive an email from a company you have a business relationship with, AND, you’re not expecting an email from then, give them a call on a number you already have saved for them.