Hacked Email? Check your “Rules”

This past week, we received hacked email messages “from” several different customers indicating that their email account has become compromised. I have “from” in quotes because the emails weren’t actually from those people.

Each email was similar, in that they all started with a benign and short email message saying “Checking in” or “Favor to ask!” or “Hey there?”. The request said something like “I wonder if I could ask your help?”. All the messages were received within the past 7 days. This indicates an active and fruitful attack that is going on right now.

HACKED EMAIL – CHECKING IN:

Here’s a screenshot of one of the first hacked email messages we received:

Hacked email example - need a favor

Chris replied with a quick email that said “Yes, I will call you later today”.  Our “Spider-Sense” was tingling about this message – because this is not something that this customer would do via email.  A few minutes later, we received this message:

email hacking example - Apple card for neice

We noticed that the “reply from” address was slightly different from his actual email address. (An “R” was added to the end of his name.) I called the customer a few minutes later, and he said he had not sent either of the messages. We talked for a while, and I recommended that he turn off his computer, and wait until I could arrive later that day.

Super-Geek To The Rescue:

The first thing was to review his MSN account security information, such as the cell phone and alternate email addresses on file which can be used for account recovery, and to change his password.  I enabled a feature to disconnect all already connected email programs which might still be connected. We wanted to make sure the hacker did not still have access to his account, to possibly seize back control.  I looked through his past login history and found that there were several recent attempts from Nigeria using Exchange.  This was a smart and sneaky attack.

Hacked email - unusual activity from Nigeria

I scanned his machine, and found the machine was not infected – but there was something wrong with his MSN email account. His Inbox showed that it had not received any new email messages for the past several days. (He could send email messages just fine.)

I looked through his account configuration within MSN, and found that a Rule (which did not have a name) had been added. It was applied to every new email message.

Hacked email - account rules changed and archive message

  • Mark the message as Read
  • Move the message to the Archive folder
  • Forward a copy of that email message to a different email account. This looked like the customer’s email address but with very subtle differences.

I found that all of the customer’s recent email was indeed in the Archive folder, and moved them back to the Inbox.  I deleted the Rule added by the Hijacker.

HEY THERE?

Here’s another hacked email we received:

Hacked Email Example - slick get back to me asap

 

This was a sneaky one too with multiple Rules added to their email. In this case, their Comcast email account had been modified to have a similar Rule added, which was forwarding a copy of all email messages to a similarly named email address under the Hotmail.com domain that did not belong to the customer.  The password was changed, the account recovery information was reviewed, and the silent email forwarding Rules (there were two) were found and deleted.

FAVOR TO ASK!

For another customer, we received this “Favor to Ask!” message:

Hacked email example - another Favor to Ask

We contacted them with a different email to let them know. They sent an email blast to their contacts announcing that their email address had been compromised, which is good. But they didn’t BCC everyone so we:

  • saw their complete list of contacts, and
  • so did everyone else.

Remember, if you need to send an email message to many contacts, follow good Netiquette and don’t use CC. Using BCC will hide all contacts that you are sending to. (Who remembers “carbon copies”, “blind carbon copies”, and getting their fingers all inky?!)

FAVOR TO ASK?

We also received this similar message from a hacked email:

example - favor to ask - AmazonAgain, the hacker changed the rules within their email account.

GREETINGS

And, last but not least, we received this convoluted request:

Another example requesting a Home Depot card

WHAT TO LOOK FOR IN YOUR EMAIL INBOX:

If you get an email like this, it’s important to let the person know, WITHOUT using the email address that was used to send the original message! The best option is to call or text them. If you don’t have their phone number, see if you have another email for them. You can also contact a family member and ask them to pass on the message. I’ve even resorted to sending the person a message on Facebook.

WHAT TO DO IF YOU’RE DEALING WITH A HACKED EMAIL ACCOUNT:

If you find out that your email has been compromised there are several things you should do right away:

  • Change your password on your email account.
  • Double-check that your “reply to” address is really your address. Look for an extra letter. Is the domain correct? (Comcast? Gmail? Outlook? etc.)
  • Check your email account “Rules” to see if any new emails are forwarded to a different address?
  • Let people know that your email is compromised. Make sure they know you’re fine and don’t need a gift card for Amazon or Apple. If you send one email to a bunch of people, please use BCC.

As always, if you need help, give us a call. In most cases, we can help you remotely.

CONCLUSION: 

Scammers, hackers, hijackers, and spear-phishers are getting more sophisticated in their attacks. Here’s a recent article about a big-time Nigerian email scam. Today is a great day to run your virus scanner, change passwords, set up two-factor authorization, and back up your data!

 

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Information about Geek For Hire, Inc.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Macs and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

More Tips Here:

Facebook Hacking is on the rise! (It’s not your imagination.)

This is short and sweet – 5 steps to keep you safe from Facebook Hacking. If you want more tips, please sign up for our emails.

(Updated from 31 March 2020.)

Chris has been getting a lot of calls recently about hacked Facebook accounts.  A lot of the Facebook hacking starts when you click on a video that a “friend” sent you via Facebook Messenger. It is most likely that your friend’s account has already been compromised, and it is the Facebook hacker sending you the video.

If someone else has gotten control of your Facebook account, it is really hard to get it back. So follow these steps before that happens!

What to do:facebook hacking

Here are Chris’ suggestions if your Facebook account has been hacked:

  1. Change your password.
  2. Change your security question(s) and answers (in case they were reviewed by someone else).
  3. Log out of all locations where you are logged in.
  4. Confirm that your recovery email address and your mobile phone number is still yours and not set to someone else’s.
  5. Tell your friends not to open any videos or any other links that you have sent.

Doing this will help you keep your account yours after you change your password.

Facebook Hacking via Messenger:

It seems like we are all using social media more now than we did even a month ago. Try not to send any links at all via Facebook Messenger for the time being.  If you do get a video (or other links) on Facebook Messenger, don’t click on it right away. Instead, send an email to your friend confirming that they sent the video.

Facebook Hacking Service:

I also did a quick Google search to see what other advice is out there to make your account more secure. Boy, was I surprised when I saw links to a Facebook Hacking Service and an ad to Hire a Facebook Hacker!

Online Security:

Finally, we recommend ESET to keep ALL of your devices safe online.

Other Hints:

  • Also, please remember to stay well clear of shortened links unless you know without a doubt where that link will take you. That includes most bit.ly and owl.ly links. Here’s a recent article about short links.
  • Likewise, there are a lot of scams out there. Read our article about Covid19 scams.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

INFORMATION ABOUT GEEK FOR HIRE, INC.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

9 Easy Tips for Online Safety

Staying safe online takes constant vigilance!  Clicking on links in your email, an app, or on a random website can lead to lots of problems.  But THINKING about it all the time is exhausting! Thankfully, there are a few shortcuts to ensure your online safety

Don’t give real answers:Internet Safety / Online Safety

Probably the most important thing to remember is that not everyone is entitled to real answers. Closely guard your personal information.  Who needs to know your birthday and why? Do you need to be at least 21 or 55?  Make up a birth date to fit those criteria! Do they want to know what your zip code is to show you the closest store to you?  Type in 80305 instead of 80302! No one except maybe your bank needs to know your mother’s maiden name. Come to think of it, most apps don’t even need to know your real name or email address.  Which brings us to tip #2…

Create a throw-away email address:

It’s easy enough to set up a new email using Gmail. Use a fake name. Forward the emails to your real address so if there is something important you’ll be sure to receive it.

WiFi:

When you’re using WiFi away from your home, office, or other trusted location, be very careful to ensure that it is a legitimate service. Always ask the coffee shop, or wherever you are, what the name of their WiFi is.  Be sure you are clicking on “Starbucks” and not “S1arbucks”.  (Did you see what I did there?) And, you should always connect to WiFi on your phone or tablet via a Virtual Private Network or VPN.

Online Safety with a VPN:

A Virtual Private Network helps ensure your online safety.  A VPN is encrypting software that masks your identity and location by hiding your IP address. Check out this article explaining what a VPN is and why you need one.

Banking:

If your bank gives you the option, you should check your balance online every day to make sure nothing nefarious is going on. (If they don’t offer online banking, I’d suggest switching banks.  After all, this is the 21st Century!) Another thing you should expect from your bank is a robust Fraud Department.  As a business, we’ve occasionally had to make online purchases from other countries.  The Fraud Department at our bank calls us each time to make sure it’s really us doing the transaction. I appreciate their diligence.

Online purchasing:

If you make a lot of purchases online, you should probably open a new debit card at your current bank just for those transactions. When you make a purchase, go to your bank account online and transfer enough funds into the account for that specific purchase. If your information is compromised, you can easily close that account.

Passwords:

Online Safety
Don’t use these passwords!

I know I’ve said this before. You can’t change your passwords often enough! Online safety starts with a secure password. Change your password on all of your apps and online accounts AT LEAST once a month.  Don’t reuse passwords.  Make sure they can’t be cracked. Use at least 12 characters.  So many rules!  Sign up for our free Guide to creating a secure and easy-to-remember password.

Location tracking:

Remember to check occasionally which apps are tracking your location. Yeah, you might have it locked down, but when you update the app, they may turn location tracking on again. Yes, you want the weather app to know where you are when you want to know how much snow you’re going to get.  Once you have your forecast and close the app though, they shouldn’t still be tracking where you are.

Online safety at Libraries, Hotel Business Suites, and Internet cafés:

Most of us can do just about everything we need to online with our phone or tablet. But there are times when we need to visit a library, internet café, or the “Business Suite” at a hotel. Be especially careful in these locations.  If you need to print an email, use your phone to email the document to your throw-away email account.  Then log in to that account instead of your real email.  If you do need to log into your real email, a financial account, or another secure app, change your password on that account as soon as you’ve completed your business. And use your phone or tablet to change your password, not the computer at the library or business suite.

Conclusion:

Online safety is a habit you can grow.  Be aware of what information you’re sharing and where you are sharing it.  What information can stay private?  You can do this!

Do you have additional suggestions?  Do you need more info or clarification?  Write a comment below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

Sim Card Swapping Scam – Three easy steps to protect yourself

I just heard about a new scam that I want to make sure you aware of as well.  It’s called the Sim Card Swapping scam. This is when someone decides to target you (who knows why – your status? your wealth? your position in your community?) and takes over your cell phone number.  From there, they can take over your social media, gain access to your financial accounts accessed via your phone, and any number of any other nefarious acts.

How does this scam work?

The process is relatively simple.  The scammer enters the physical store of your cell phone provider, or they call the toll free number, pretending to be you.  Then they provide a forged license or other personal information. The scammer will say they lost their phone.  They say they already have a new phone; they just need your service provider to transfer all of the information from the “lost” phone onto the SIM card of the new phone.

sim card swapping scam

…. and Boom!  Just like that, they have access to all of your contacts, their phone numbers, affiliations, birthdays, and any personal information you have about each contact.  They also have access to any apps you’ve allowed from your phone. Do you have the Dropbox app installed on your phone?  Now they have access to all of those documents as well.  How about Amazon? Does the Amazon app have your credit card information stored? Sounds like a fun shopping spree…

I called my local AT&T store in Boulder, where I’ve been a customer for years and spoke with one of their floor representatives.  When I asked him about the SIM card swapping scam, he wasn’t aware that it was a problem.  He said that as long as you have a photo ID with the correct address, you should be able to gain access to your account. That didn’t give me a lot of confidence! I then asked him about the PIN that we set up a few years ago.  He indicated that if an account has a PIN set up, they will ask the customer for that number in addition to verifying name, address, and photo. I then asked what the maximum number of digits were for the PIN which he said was six.

How to protect yourself from the SIM card swapping scam:

In all likelihood, the vast majority of the public won’t be targeted. But if you are known in the crypto-currency community, are wealthy, or have a high profile in your town I would recommend that you be extra vigilant.  Regardless, I would recommend doing several things right away:

  • First, enable 2FA or two-factor authentication. In the past, I’ve talked about two-factor authentication and why it is so important. Try not to use “text message” as an option to confirm your identity. Set it up so that they need to call a land-line with the code, or send the code to an email address that is not set up on your cell phone.
  • Next, talk to your cell phone provider and make sure you have a PIN set up.  Make sure it is a long as they will allow.  (Note to self: Change AT&T PIN from four digits to six!)
  • Then, log out of all of your Social Media accounts on your phone.  Set it up so that you need to log in each time.  Remember to log out every time! (This is something that Chris does.  He has never downloaded the Facebook app to his phone.  Instead, he accesses Facebook via Safari and logs in/logs out each and every time.)

Here are some articles to learn more about SIM card swapping:

Please share this on Facebook and Twitter!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

pwned? 1 PAINLESS step To Find Out If Your Email Info Has Been Compromised

Have you heard of the term “pwned”? Last week Chris shared a news item with me about a recently discovered list of email addresses and passwords.  These are for sale on hacker websites.  If you are on this list or any of the other lists of stolen emails, you have been pwned. This list, “Collection 1”, consists of 772.9 million unique emails along with 21.2 million passwords.  You might wonder why there are so many more email addresses than passwords.  That is because so many people with multiple email addresses use the same password for everything.

Don’t do that!

A little history about the word “Pwned”:

The Urban Dictionary postulates that Pwned came into use after one of the designers for the game World of Warcraft typed “has been pwned” instead of “has been owned”. Another Urban Dictionary contributor says it is actually a commonly used chess term, where you use your pawn to check your opponent. Regardless of the various definitions, this term means “you are dominated”.

Have You Been Pwned? 1 Painless Step to Find Out:Wondering if you have been pwned?

Head over to Have I Been Pwned to find out if your email address is compromised.  Many people use different email addresses for work and home.  If you have multiple emails, be sure to check each of them.

This site will also tell you on which websites or apps the data breach has occurred.  (My email is compromised.)  I immediately changed the password for both accounts.  It also told me that the breach came from my Dropbox account.  I then changed my login information on Dropbox as well. Another breach occurred on my LinkedIn account so I changed my info there too.

5 Quick Steps to keep your information safe:

  1. Change your password on each account frequently. I change my passwords every 3-6 weeks.
  2. Change your password on financial accounts even more frequently – at least every two weeks.
  3. Never use the same password again!
  4. MOST IMPORTANT: Use a password that is hard to guess.  Make sure you use at least 10 characters.  You should use at least one of each of the following: an uppercase letter, a lowercase letter, a number, and a special character.  I always end with punctuation too.  Swap out letters for numbers or special characters. Lately, I’ve been using book titles to craft secure passwords.  So “The New Relationship Marketing” would become “th3NewRel@t1onshipMarket1ng;”  (Check it out.  It’s a great book by Mari Smith.)
  5. Next, always keep track of your passwords using a secure system.  I use a password-protected spreadsheet. (Why don’t I recommend a cloud-based password manager?  I’ve recently heard of two people who lost access to their online password tracking system. They had to go to each of their emails and apps to change their passwords. Each One!)

Let me know if you have an effective tip for setting up great, secure passwords.

Please forward this to your colleagues who never change their passwords.

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years.  His company is highly rated by both the BBB and by Angie’s List.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

Been Pwned? How Do I Find Out If This Impacts Me?

2019 January 22 UPDATE: Based on recent news stories, the “been pwned” information has been updated here:

https://geekforhireinc.com/pwned-has-your-email-been-compromised/

 

 

Although this website has been around for a few years, I’ve only just found out about it.  It’s called Have I Been Pwned and it lets you know if your email address has been compromised in any way.

A little history about the word Pwned:

The Urban Dictionary postulates that Pwned came into use after one of the designers for the game Warcraft typo’d “has been pwned” instead of “has been owned”. Another Urban Dictionary contributor says it is actually a commonly used chess term, where you use your pawn to check your opponent. Regardless of the various definitions, the word essentially means that you have been owned or dominated.

Have I Been Pwned?been pwned?

Head over to Have I Been Pwned to find out if your email and other personal information has been hacked by bad operators.  They will also tell you on which websites or apps the data breach has occurred.  For example, I found out that my both my personal and business emails have been pwned.  I immediately changed the password for both accounts.  It also told me that the breach came from my Dropbox account.  I then changed my login information on Dropbox as well. Another breach occurred on my LinkedIn account so I changed my info there too.

What can you do to keep your information safe?

  1. Change your password frequently. I change my passwords every 3-6 weeks.
  2. Never use the same password again!
  3. MOST IMPORTANT: Use a password that is hard to guess.  Make sure you use at least 10 characters.  You should use at least one of each of the following: an uppercase letter, a lowercase letter, a number, and a special character.  I always end with punctuation too. Lately, I’ve been using book titles to craft secure passwords.  So “The New Relationship Marketing” would become “th3NewRel@t1onshipMarket1ng;”  (Check it out.  It’s a great book by Mari Smith.)
  4. Next, always keep track of your passwords using a secure system.  I use a password protected spreadsheet. (I’ve recently heard of two people who lost access to their online password tracking system. They had to go to each of their apps and change their passwords!)

Let me know if you have a great tip for setting up great, secure passwords.

Here’s some more reading on the whole pwned subject:

Please forward this to your colleagues who never change their passwords.

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years.  His company is highly rated by both the BBB and by Angie’s List.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and online streaming. I haven’t tried the Kindle lending library yet.  I’ll try that next!  Prime is normally $119/year, but you can try it for 30 days for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

 

Security Summit Thoughts – Hack-Proof Your Mac or PC

Last week I attended Microsoft’s “Virtual” Security Summit.  I have the word virtual in quotes because I didn’t have to travel anywhere.  My son and I watched the live streaming video in our living room! While I like the buzz of meeting new people, staying at home and learning new things has its advantages as well.  The Summit was primarily targeted towards management of large enterprise firms, I did pick up a few nuggets of information that will help the average person with the security of their machine as well.

First tip for Security:Security

Make sure the user permissions on your account are set to “Standard User” and not “Administrator”. This cuts down on the chance that viruses or other malware can be easily installed on your machine. This also protects a random bad operator from installing a bitcoin mining operation on your machine.  You provide the computer and electricity, they get the benefit.  If anyone has ever installed the SETI program on their machine, it would work similarly to that.  (The “Search for Extra-Terrestrial Intelligence” program gave the opportunity for ordinary computer users like Chris Eddy to allow SETI to use some of their computer operating power.)

Next:

Make your machine harder for the bad guys to get access to. Use a very secure password, set up two-factor authentication wherever you can. Install updates to your Operating System as soon as they are available.

Finally:

Use good security practices. Patti Chrzan, head of Microsoft’s cyber-security fraud division said this:

“90% of all cyber crime starts with a phishing email”

A reminder that the phishing email is an attempt to get access to your personal information, like your birthday or password.  A phishing email might also install a virus, ransomware, or other malware.

Being hyper-alert of every click, and every email you open puts you way ahead of the average person. Even if the email seems legit, never click on a link in an email from a corporation until you have confirmed its legitimacy.  Call the company to confirm that your account has been hacked, or your password was changed, or a large purchase was made.  Never take the word of an email at its face value!

The highlight of my day was when Microsoft retweeted my comment:

security

Just because you have an antivirus installed, does not automatically make you secure. You must have good personal systems in place too.

Past blogs you may find helpful:

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

 

3 Tips to Creating a Secure & Strong Password

Last week, I wrote about the DDoS attack which occurred on October 21st.  That attack shut down many websites and apps, especially for users on the East Coast.  I recommended that you use a very secure and strong password. Please don’t use one of these most common passwords!

Use a Strong Password! Not these Common Passwords Source: http://i.imgur.com/FImcPiG.png
The Most Common Passwords
Source: http://i.imgur.com/FImcPiG.png

How to create a Strong Password:

It occurred to me that you may need some guidance to create a really secure and strong password. Here are some tips:

  1. First, the more characters in your password, the more secure it will be. According to mSecure, a four-character password can be cracked in under a minute, while an eight-character password can be cracked in five months.  A nine-character password can take up to 10 years to crack.  Notice I said “up to”.  Just using lots of characters doesn’t work if the password is easy to guess.  That’s why you also need:
  2. Next, think Complexity. Using a eight-character password like “password”, “Password”, or even “PasswØrd”, is too easy to guess.  Even a nine-character password like “password1” is relatively easy to crack.  The same goes for “Admin”, “administrator”, and “12345678”. These are common passwords that a lot of people use.  In order to make a password more complex, add symbols, capital letters, and numbers.  Using symbols or numbers in exchange for letters makes the password easier to remember.  For example swap out your “o” for an “Ø”, your “a” for “@”, or your “e” for a “3”.  You can even use a password generator like passwordsgenerator.net to generate a truly unique password.  I like this one because I can set the number of characters and whether or not I can use special characters like @#%& for a particular website.  Above all, when you go to enter your log in credentials:
  3. Finally, you must remember that very strong password!  Some ideas include a favorite book, your best friend’s name from second grade, or your grandparent’s street address. Just remember to add some additional complexity to make it even more secure.  For example, “Newport” can become “517Newport”, “NewpØrt”, or “Newport100”.  If you must write down your passwords, keep it in a secure place.  I use a password protected spreadsheet.

Please make it a point to use a secure and strong password on all of your internet connected devices.  Change it today!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website.  Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet, but I’m tempted!   Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

DDoS? And Why YOU May be to Blame

Last week, many websites and apps were severely compromised, especially on the East Coast. Apps like Twitter, Reddit, Spotify, AirBnB, and Netflix slowed to a crawl or were shut down altogether.  A DDoS attack was launched against Dyn, a New Hampshire company that provides DNS routing.

Level3 Outage map on 24Oct16 Screen Shot by Geek For Hire, Inc.
Level3 Outage map on 24Oct16
Screen Shot by Geek For Hire, Inc.

What did you just say?

  • DDoS = A “Distributed Denial of Service” occurs when hundreds of thousands of messages are sent to specific internet addresses with the intent to overload that service and shut it down. (In this case, the intent was to take down Dyn in order to affect many websites and not just one.)
  • DNS = The Internet’s Domain Name System translates the URL’s we enter, like www.google.com, into “the numerical IP addresses needed for the purpose of locating and identifying computer services and devices.” (From wikipedia)

In the past, most DDoS attacks were focused on a particular website.  Last Friday, the attack was focused on a company which the NY Times calls “one of the Internet’s giant switchboards”, which had a devastating impact.

So, how is this MY fault?

Do you have a surveillance camera on your front door? A wireless printer? A “smart” refrigerator”? All of these are connected to the internet with their own numerical IP address.  The “bad guys” can run through a list of IP address to see which addresses can easily be compromised.  Once they’ve identified these devices, they can use them to add to their arsenal to send the messages that create the attack.

I still don’t get it.  How is this MY fault?

Do you use a password on all of your internet connected devices? Is it secure? A password of “admin”, “123456”, or “password” is NOT secure!  Have you ever been out looking for free WiFi, and something like “HP-M475-5E3F78” was presented as an available WiFi that you could connect to?  That is what happens when someone does not put a password on their printer.  There are literally millions of WiFi connected devices in the US.  How many of those are vulnerable to participating in these types of attacks?

Please make it a point to use a secure password on all of your internet connected devices.  Change it today!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website.  Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet, but I’m tempted!   Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Save

Sharing Your Social Media Identity with the Government

Every once in a while I read a story that makes me say:

WHAT?

Today was one of those days.  According to this article in arsTechnica, the US Customs and Border Protection is considering adding a new field to their Visa application process.  They will be asking visitors to the US to provide their Social Media Identity.  Apparently it won’t be a required field, but if you leave it blank, it will look very suspicious.

“The agency says travelers coming to the US…. won’t be forced to disclose their social media handles, but leaving it blank obviously could raise red flags.”

Additionally, the verbiage associated with the request is very nebulous.  According to the article:

‘Here’s what will be asked: “Please enter information associated with your online presence—Provider/Platform—Social media identifier.”‘

So, someone who is not paying attention may provide not just their ID, but might also provide their login and password info!

I have a couple of thoughts about this.

First, of course, is that anyone can find anything online, so adding a box on their form will just make the process a little easier for Customs to get your info.

Second, how will Customs keep this info safe?  How will they insure that someone can’t hack into their systems and capture the info – especially if some of those applications may contain ID’s and passwords?

why

Lastly, how will this help?  Call me cynical, but I don’t think someone entering the country with malicious intent is likely to be providing their “real” social media identity.

It is far too easy to set up multiple identities online.  Just look at me.  I’ve got an email for business, an email for personal stuff, an email for networking, and an email for signing up for stuff online.  It was easy to do this.  And once you have different emails, you can set up different social media accounts.

No, those folks will be providing their ”professional” social media account; the identity they use for LinkedIn to show that they are an upstanding citizen of their home country.  I fail to see how this new field on the visa application will keep out the “bad guys”.

What are your opinions about online privacy and multiple identities?  We’d love to hear your thoughts!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website.  Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

Join Amazon Prime – Watch Thousands of Movies & TV Shows Anytime – Start Free Trial Now

Save

Save

Save

Save

Save

Save

Save

Save

Tagged