Phishing Expedition’s – Keeping Safe During the Holidays

Several of our customers received a disturbing email over the past few days.  Once customer received one that said her email was being discontinued.  Another received one that said his bank account was being closed.  I even got one that said my SIM card was being deactivated so I would effectively be without cell service!  These are all “phishing expedition’s”.

Luckily I know the signs to look for to determine if an email is a phishing expedition or for real.Phishing Expedition

  1. Make sure the email is really from a trusted source.  If the email is from a friend, read it through before you click on any links.  Does the email sound like it was written by your friend?  Are you expecting an attachment or other link from them?  Always check when you receive an email with a link or other attachment before clicking.  Did your friend really send it?
  2. Before I click on a link in an email, I hover my mouse over the link to see where the click will take me.  When I hovered over the “Know More” link on the email I received, it goes to the website t.goddypuddy.IN/withLotsMoreTextFollowing. The “in” at the end of the website is a country code.  In the US, we are used to seeing .com, .biz, .net, or .gov.  In this case the .IN refers to  India.  So I know that the email originated in India. (Note that you can only do this on your computer, so don’t click on any links from your phone or tablet unless you know they are 100% safe!)
  3.  Does the body of the website match the Subject line?  In this case, the Subject is that my mobile number is being deactivated.  But the body of the email is completely unrelated talking about banks and the Supreme Court.
  4. If your friend or colleague says they didn’t send the message, tell them to change their password and run their virus scanner ASAP!

What else can you do to stay safe?

  • Put a note on your calendar to change your email passwords at least once a month.  Here are some tips to creating a strong password.
  • Be extra careful when surfing the web or viewing posts on Social Media. Malware is increasingly being spread that way.

Looking for more info on phishing expedition’s?  Here are some past blogs:

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fifteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet.  I’ll try that next!   Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Phishing Expeditions (Stay Safe Online!)

There’s another threat out there. It’s a Phishing Expedition. Several of our clients have already fallen for it.  It comes by way of an email which appears to be from a trusted friend or business associate.  They want you to take a look at a document on DropBox. It looks legit, plus, you’ve gotten documents from this email contact before.

So, you click on the link to look at the DropBox document. Except it’s not from your friend. And in that brief moment, you’ve given access of your entire email contact list to the Phishers.

As soon as you figure out what has happened, it is important to change the passwords for all of your email accounts

"Phishing" by Edwind Richzendy

“Phishing” by Edwind Richzendy

immediately. Here are some ideas for creating a really strong password.  You should also run your virus scanner.

How do you make sure this doesn’t happen to you?

  1. Before opening any attachments, make sure the email is actually from your contact.  Are you expecting a document or other attachment from them? Does the text of the email message and subject “sound” like what your contact would write? If not, give them a call to see if it’s really from them.  (If it’s not, tell them to change their password and run their virus scanner ASAP.)
  2. Put a note on your calendar to change your email passwords at least once a month.
  3. Be extra careful when surfing the web or viewing posts on Social Media. Malware is being spread that way as well.

Looking for more info on phishing?  Here are two past blogs:

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fifteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet.  I’ll try that next!   Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Change Your Password!

In the last few days, we’ve had a bunch of calls from customers who have had their email hacked.  They are hearing from friends and clients that their email is sending out spam.  Some of them have been aggravated with us because they feel like their anti-virus should have protected them.  (Security software can’t protect you if someone else already has your password information.)

Here’s the deal.  Several years ago, LinkedIn was hacked.  Login credentials were stolen from approximately 117 million LinkedIn accounts!  Although this happened in 2012, one of the “bad guys” has recently decided to sell the credentials.

LinkedIn

According to this article from Tech Crunch:

Now, according to a new report from Motherboard, a hacker going by the name of “Peace” is trying to sell the emails and passwords of 117 million LinkedIn members on a dark web illegal marketplace for around $2,200, payable in bitcoin.

http://techcrunch.com/2016/05/18/117-million-linkedin-emails-and-passwords-from-a-2012-hack-just-got-posted-online/

CNN:Money adds their two cents:

Companies typically protect customer passwords by encrypting them. But at the time of the 2012 data breach, LinkedIn hadn’t added a pivotal layer of security that makes the jumbled text harder to decode.

Put on the defensive, LinkedIn is now scrambling to try to stop people from sharing the stolen goods online — often an impractical task. The company is also invalidating all customer passwords that haven’t been updated since they were stolen.

LinkedIn said it’s reaching out to individual members affected by the breach. This particular hack affects a quarter of the company’s 433 million members.

http://money.cnn.com/2016/05/19/technology/linkedin-hack/

Since many people use the same password on their other online accounts, the hackers can potentially access other accounts as well.

Our advice?  Change your passwords for LinkedIn and other social media sites today.  If you use the same passwords for other online sites, change the passwords for your email and banking accounts too.  (If you didn’t have a LinkedIn account prior to 2013, you should be safe.  This time.)

Changing your passwords on a regular basis is always a good idea!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website.  Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

Join Amazon Prime – Watch Thousands of Movies & TV Shows Anytime – Start Free Trial Now

 

 

 

Are You Thinking of Using a Password Manager?

I am of two minds when it comes to an online password manager.  On the one hand, I think it would be a great way to keep multiple passwords secure.  On the other hand, I worry about hackers gaining control of my data.

That being said, if your keyboard (or monitor) looks like this, it’s time to find another solution!

Is this your password manager?!

Luckily, there are several online password managers to choose from:

  • 1Password
  • Dashlane
  • LastPass
  • KeePassX
  • mSecure
  • Sticky Password

Most of these have the same or similar features.

  • Manage passwords over multiple devices
  • Generates ultra strong passwords
  • Stores banking and other sensitive information
  • Most are free but do have an annual or monthly fee for certain upgrades
  • Some utilize the iPhone fingerprint to confirm your identity

Even with a secure password manager, you still need to be careful of “spoofing”, where a fraudulent web page is displayed to trick you into providing your super-secure password key as described in this article:

Which password manager do you use?  What are its best features?  What don’t you like? Let us know in the comments below!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com  Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

 

Protect Yourself from Phishing Attacks!

Many of you know that I take frequent road trips. That’s why my vehicles have the EZ-Pass device on them. EZ-Pass automatically collects tolls on highways and bridges on the East Coast. (FYI, FasTrak is used on the West Coast. Here in Colorado we use ExpressToll.) When this article crossed my news feed, I was particularly interested.

“Phishing Scam Alert: There is a phishing email* being sent to drivers across the nation claiming they owe money for unpaid E-ZPass tolls.  This is not an email from The Toll Roads, the Transportation Corridor Agencies, E-ZPass or E-ZPass tolling agencies. E-ZPass is used to collect tolls electronically on the East Coast; FasTrak is used to collect tolls electronically on the West Coast.

ezpass logoIn fact, during the fourth quarter of 2015, phishing attacks saw a huge increase. As expected, financial institutions took the biggest hit, although any company is vulnerable.

Wikipedia has a good definition:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Remember that most phishing attacks come via email, so it is very important to remain vigilant about what links you click in the emails you receive. Even when an email looks legitimate, with accurate looking logos and links, if you have any doubt, don’t click!

Social Media is becoming another prime target for phishing. In fact, according to Ian Trump of LogicNow:

“One in five phishing attempts is made through social media. Some of these will be unsophisticated attempts to snare anyone who might miss-click, but others will be more targeted and try to fool people with specific information, attempting to drive the user to a fake website where they will enter their username and password. A compromised social media account has the potential to wreak further havoc, especially given the habit for people to use the same password over and over again for both work and personal accounts.” More info in this article.

Whenever you receive an email saying you owe an organization money, or they need to confirm your information, or anything that makes you wonder if it’s for real, be especially careful. Never click the link on the email. Instead, head to the website you’ve used before to check out the authenticity of the message. If you find that it is a phishing attempt, notify the company too.

Have you been exposed to phishing attacks? How did you handle it? Let us know in the comments below!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area

The Biggest Lie in the Computer Industry?

What’s the biggest lie in the Computer Industry?  It’s the myth that Apple’s don’t get viruses.

Geek For Hire has been out there fixing computers since 2001 and we’ve seen just about everything. When someone tells me they have a Mac, or are switching from a PC to a Mac because Mac’s don’t get viruses, I have to respectfully disagree.

As early as 2012, Apple changed their stance about viruses on their machines. According to the Huffington Post, in June of that year, they changed their verbiage from:

“Safeguard your data. By doing nothing.”

To:

“Safety. Built right in.”

In the last few months, we’ve been seeing more and more viruses on Mac machines. Everything from lots of adware and pop-ups, to “a lady’s voice keeps telling me to run my virus scanner”, to what’s commonly being called “scare-ware”.

What’s out there?

  • Malware is the general term used for any malevolent or bad software that can get loaded onto your computer.
  • Spyware is software installed on your tech device without your knowledge or consent. It collects information about you and relays it to an external person or organization.
  • Adware is frequently called pop-ups. This is where you get lots and lots of pop-ups with advertisements. Lots of people just live with this type of infection not realizing that it’s often accompanied by other more malicious malware.
  • Virus is the most common term used by “real” people for all of these types of infections.
  • Scareware is similar to Adware in that it generates a pop-up. In this case though, the pop-up tells you that your machine has an infection and you need to visit a particular website RIGHT NOW to get the virus removed.

How to keep your computer safe? Be careful what you click on! Don’t open attachments in emails. Don’t click on ads on the websites you visit. Above all, make sure you select an anti-virus program that continually upgrades their software and pushes those changes to your computer. We recommend ESET’s NOD32 anti-virus protection for Mac’s and PC’s.

Did you think Apple machines were impervious to viruses and other malware? What steps do you take to keep your machine safe? Let us know in the comments below!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com  Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

How To Spot An eMail Scam

The scammers are getting better and better. The text of the email looks legit; the email address looks legit; the graphics are professional. How can you tell when your phone company is contacting you vs. when a scammer is impersonating your phone company?

A client received this email last week and gave us a call.

 

CenturyLink email scam

Everything looked good on the email that she forwarded to me. I hovered over all of the links to see what website they actually pointed to. I looked at the logos, and they actually looked like the real ones. A quick search shows that both “Digital Vault” and “@Ease” are real CenturyLink services. Even the deadline, almost three months in the future, seemed like a legitimate phone company corporation deadline.

The only trouble was that our client had no recollection of signing up for a CenturyLink cloud based storage or “Digital Vault”.

She said that she was going to call CenturyLink about this and I urged her to call a number that she already had, rather than any phone numbers included in the email.  When she called CenturyLink, they told her it was a scam and asked that she forward the email to them.

So that’s my advice this week – If you receive an email from a company you have a business relationship with, AND, you’re not expecting an email from then, give them a call on a number you already have saved for them.

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website.  Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

Beware of Click Bait!

This morning, I was doing one of my morning rituals which includes reading through the recent posts on Facebook, and found that a friend of mine who lives on the east coast, liked a story. I worked with him many years ago. He was the manager of a major project which I worked on for many years. This was the largest project in my career, and I know that this system is still “alive” today because I have served a local customer twice who is dispatched by this system. Since I respect my friend, and he doesn’t casually like everything, the things that he does like tends to get my attention. The first thing I did was to like the story too.

The story told of a mother beating her son on national television because he was participating in the recent riots in Baltimore. My friend liked it, so it must be legit. I clicked on the link to the story, which went to a blogsite which I had never seen or heard of before. The content of the page had only a brief retelling of the title of the story, plus several advertisements, but there was no link to the salacious original video that grabbed my attention. Since I didn’t see what I expected, I thought this was a problem with the tight security settings of my daily browser (Firefox, with several add-ons), so I copied the URL from my “high security” browser and pasted it into my “low security” browser which works with everything (Internet Explorer), and fetched the page. The same page was displayed, but this time with many popup advertisements (pop-over and pop-under) which were really concerning to me. There was no salacious video or a link to it. I shut this down fast.

Still being interested in the salacious story, I went to YouTube and searched for the general words of the title of the story, and found several direct links to the video – without additional advertisement or commentary.

In this case, I fell prey to “Click Bait”. I saw a story that interested me, thought it was legit, and clicked on it. It wasn’t legit. I will be doing a total system scan of my computer to check for any residual nastiness.

If you think you’ve fallen prey to “Click Bait”, the best thing to do is to scan your machine for anything malicious. If you need help, give us a call!

Chris Eddy of Geek For Hire, Inc. has  been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area. They can provide remote service throughout North America.

Gone Phishing

No matter how tightly your computer is locked down, phishing continues to be an issue. Your anti-virus and/or email program will identify some of the culprits, but, because the phishers are always evolving, they can’t identify all of them. That’s why it’s important for you to be able to identify phishing attacks yourself!

What is “Phishing”?:

Phishing is defined very well by this Wikipedia article:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.”

Phone Calls:

  • Your “bank” calls you to tell you about some unusual activity on your account and asks you to confirm your birthday.
  • “Microsoft” calls you to tell you that your machine is out of date or has a virus and asks if they can access your machine to “fix” it.

Emails:

  • Your bank sends you an email stating that someone has tried to access your online account. They’d like you to click on a link to prove that you’re you.
  • The IRS sends you an email saying you have a refund coming.
  • Yellow Pages needs to update your ad, when you’re not advertising with them.
  • You get an email from yourself. (This is common. I get a lot of emails *from myself* asking if I want to purchase a product!
  • Your insurance company asks you to click on a link for a new free service.
  • Here’s an example of a phishing email I got the other day. It’s from a person I don’t know who wants me to open a Google document. The email program I use, Thunderbird, shows me where the link included in the document will take me. Notice that it is NOT a Google website! (Google docs always start with https://docs.google.com/…and.then.the.document.file.name ) Even if you don’t use Thunderbird, you can still hover your mouse over the link and most email programs will show you the full link.20150206 example of phishing email

Listen to your spider sense!

Even if everything looks okay, but you get a tingling sensation that it might not be, pay close attention. If you get *any* indication that the email is not from who it says it’s from, do some investigation. Is it supposedly from a friend? Call or text them and ask if they sent it? Is it from your bank? Call the number you have for your bank and ask!

Recent Phishing Scams:

IRS Warns of Phishing Tax Scams, Fake Emails

Anthem Warns Customers About “Phishing” Email Scam

Phishing Scam Spoofs BBB questionnaire; Businesses Warned Not to Click

Email Scam Alert from UC-Santa Cruz

What to Look For:

Every email & text that you receive should receive the once-over by you. Are you expecting that text / email / phone call? Are there misspellings? Are the links directed to where they say they are going? Is the grammar correct? Every unexpected phone call from an “authority” should be treated with suspicion, until you’ve determined their authenticity.

Be Safe out there Folks!

Make sure your anti-virus is always up to date and be careful of what information you provide to third parties. (If you do happen to inadvertently download a malware program, run your anti-virus right away.)

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years.  He is highly rated by both the BBB (Better Business Bureau) and by Angie’s List.  Geek For Hire, Inc. provides onsite service to the Denver/ Boulder/ Front Range area.  They can provide remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet, but I’m tempted!   Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Save