Secure Passwords

How to create Secure Passwords

Creating secure passwords is something of an art now. The days of easy-to-remember passwords are long gone. You can’t use your birthday, your kid’s names, “password,” or even “passw0rd” (with a zero) anymore. In many cases, you can’t use ANY of the passwords you have used before. As Chris says: “Complexity is your friend.” Here’s how long it takes to hack a password today:

Table showing how long it takes to hack a password depending on complexity and why you should use secure passwords
If the info is too small, open the image in a separate window. Thanks to Hive Systems for this resource (www.hivesystems.com/password)

Creativity is required! Here are some ideas to help you develop your own secure passwords. And, remember to change your passwords frequently, especially on Financial and Social Media sites.

Basic Rules for Secure Passwords:

  • No less than 12 characters
  • A mix of both small and capital letters, plus numbers
  • If the app allows it, add special characters too, like !@#$%^&*()+:’

Password Hack: Substitute Characters

You can use random words and change out some of the letters for numbers or special characters.

  • An “A” can become “@”
  • An “E” can become the number “3”
  • An “L” or “I” can become the number “1” or “!”
  • An “O” becomes the number “0”
  • An “S” becomes “$”

Password Hack: Random Words

Look around your office or whatever room you’re in. Pick a few things you see. Don’t forget items in art on the wall or fridge! Remember to substitute characters as mentioned in the first section.

Do you see a tree outside, a rainbow on a drawing on your fridge, a pelican on the postcard from your brother in Florida? Use it!

“Tree”, “Rainbow”, “Pelican” becomes “Tr3eR@1nb0wPe1ican”

Random Characters create Secure Passwords:

You can also tap random keys on your keyboard. Once you get to 30 characters, you can stop. Make sure it is sufficiently randomized. We don’t want to see “asdfghjkl;”! For example:

  • 3k5c9dl#8sx0e;4*fHeI3)%E c94

Hobby Hack:

Select several words related to your favorite hobby and create a password from that. I like using three words, but you can use more if you like. For example:

  • Sai!bo@tLifejacketTil11er
  • P@intingP1einAirLand$cape
  • W1neVintageC0rk$crew
  • H1kingTr@ilMapBoot$

Entertainment Hack:

Let’s say your favorite TV series is “House”. Now, House is only five letters; the minimum number of characters most apps require is eight. Hackers are more innovative and use better equipment these days. Today, the minimum number of characters we’d recommend is 15, but I think 25 is better. So, how do you stretch out your favorite TV series to at least 15 characters? Here’s how:

  • Name: House
  • Studio: Universal
  • Favorite Actor: Hugh Laurie

This brings us to “HouseHughLaurie” (15 Characters – fair) or “HouseUniversalHughLaurie” (24 Characters – better!) But, without numbers or special characters, it’s still not a good password.

  • You can try: “H0useHughL@urie” or “H0useUn!versalHughL@urie”. With either of these, you’ve got upper and lower-case letters, numbers, and special characters!

Trekkies have it easier. They just need the name of the show:

  • TOS becomes “StarTrekThe0riginal$eries”
  • TNG becomes “St@rTrekTheN3xtGeneration”

Get the idea? You can do this with favorite books, movies, famous people, etc.

Conclusion:

Remember to use Secure Passwords wherever you log in AND to change your passwords frequently. Be incredibly diligent with Social Media and Financial accounts!

Good luck and “Hey, let’s be careful out there.” (Hill Street Blues)

 

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

INFORMATION ABOUT GEEK FOR HIRE, INC.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. You can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

If you’d like to receive our newsletters in your email, please click here.

Data Breach

US Dept of Energy Data Center
Data Center – Rawpixel.com

The news seems flooded with stories of a major data breach of National Public Data. This is significant because NPD is a consumer data broker. According to the Electronic Privacy Information Center data brokers:

“…collect and aggregate many types of personal information: names, addresses, telephone numbers, e-mail addresses, gender, age, marital status, children, education, profession, income, political preferences, and cars and real estate owned. Data brokers also collect information on an individual’s purchases, where they shop, and how they pay for their purchases.

“In addition, data brokers collect health information, the sites we visit online, and the advertisements we click on. And thanks to the proliferation of smartphones and wearables, data brokers collect and sell real-time location data.”

If you’ve ever wondered about Identity Theft, this is it. It’s essential to know with all that info, the hackers can sell your data. They may sell your whole file to a woman or man who can open accounts in your name, buy a car in your name, earn income in your name (that you will owe taxes on), or even get medical care, ALL IN YOUR NAME.

Consumer Data Brokers are an unregulated business. They can buy and sell your personal and private information without you even knowing they have it! Because they’re unregulated, there’s not a lot you can do about the data they already have. (Write to your Congressperson and Senator!) But there are things you can do to limit the damage.

Q: What is a data breach?

A data breach happens when hackers virtually “force” their way into corporate or government data centers. As hackers get more innovative, there will be more and more data breaches. Click for Wikipedia’s “List of data breaches“. (It is a little out of date.)

Q: What happened?

National Public Data had a security incident in December 2023. Brian Krebs states, “In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers, and in some cases email addresses for more than 272 million people (including many who are now deceased).”

You can read more on Snopes, Bleeping Computer, and UC Berkeley. There are many articles with sensational headlines and click-bait. Avoid those! In addition, a citizen in Florida filed a class action lawsuit.

Q: Does this data breach include my information?

The first thing you should do is head over to PenTester. Enter your name, state, and birth year to see your status. (The Data Breach includes my data.)

Q: Should I freeze my account? What does that mean, and how will it affect me?

Experian has provided a good explanation about freezing and thawing your account:

“A credit freeze is a free service, guaranteed under federal law, that can protect you from credit fraud by limiting most access to your credit report until you lift it, or “thaw” your report. When your credit report is frozen, any lender who asks to evaluate your report for purposes of issuing a loan or other credit is denied access to the report. A security freeze won’t affect your credit scores, but it will prevent lenders evaluating credit applications from obtaining your credit scores.

“A security freeze prevents criminals from opening new credit accounts in your name, but it also blocks your legitimate credit applications. So, if you have a credit freeze in place, you’ll need to thaw your credit reports before applying for a new loan, credit card or other consumer credit.

“Once your application is processed, you can reinstate the freeze. Alternatively, you can use a temporary thaw to lift the freeze for a set window of time, such as one day or one week, after which the freeze will be reinstated.

“Credit freezes must be activated and lifted separately at each of the national credit bureaus. Procedures differ somewhat with each bureau, but all three enable requesting and lifting of security freezes online, by phone, and via postal mail. There is never a fee for applying or removing a credit freeze.”

Q: What do I do next?

Freeze your account on all three credit reporting sites:
If you haven’t been on these sites, you’ll need to create a new account with a secure password. Remember your login information so you can “thaw” your account if you need to.

Q: What about my email?

Check whether your email has been compromised or “pwned”. Enter your email address into Have I Been Pwned to find out. If it has, the site will tell you where. Go to each site, and change your password to a new one. THEN, enter one of your other emails to find out if that has been compromised, too. For example, I have separate emails for work, personal, and social media. I discovered that my email was breached on Ticketfly, Gravatar, and Factual, among others. (Check out this article I wrote a few years ago.)

Q: Anything else?

You might want to consider a data removal service. The jury is still out on their effectiveness, and we haven’t had a chance to review any of them yet. The primary services available are Incogni, OneRep, or DeleteMe. Here are a few independent reviews:

Conclusion:

Be very cautious about how and where you share your data, and secure your data via account freezing.

 

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

INFORMATION ABOUT GEEK FOR HIRE, INC.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming, too. You can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. If you’re a young adult or a student, you’re eligible for a 6 month free trial!  As an Amazon Associate, we earn from qualifying purchases.

If you’d like to receive our newsletters in your email, please click here.

Tagged

What to do if your Facebook account has been hacked?

Lately, my inbox has been overrun with cries for help. Folks are telling me that their Facebook account has been hacked! The hackers are out there using a little social engineering to figure out your password and get total control of your Facebook.

  • “Someone hacked my Facebook and changed my password”
  • “Someone hacked my Facebook and changed my password and email”
  • “I was hacked on Facebook Messenger”
  • “My Facebook keeps getting hacked”
  • “Opened message from hacked Facebook account”

And, my favorite:

  • “My ex hacked my Facebook Can I press charges?”

Here’s just a small sample of some of the messages I’ve received:

Examples of cries for help when someone's Facebook account has been hacked

Unfortunately, once you’ve lost control of your Facebook account, it’s awfully hard to get it back. We’ve tried to get accounts back, but, the hackers know what they’re doing. Once they take control, they lock the account down pretty tightly. They have already proved to Facebook that they are you, and once they’ve changed the email address and phone number, you’re not going to get it back.

What should you do right away if your Facebook account has been hacked, your password and email are changed, and you’ve lost control of it?

There are a number of things you should do right away. Think about your finances, online security for other accounts, your email, and other personal data like photos and notes.

What if my credit card or bank account is connected to my Facebook account?

The first thing you should do is contact your bank. If you have your credit card, debit card, or bank account connected to your Facebook you should cancel them right away. Period. Don’t even think about this. If the hacker has full control of your Facebook, they can go on a spending spree with your money. Until your bank officially cancels the card, keep a very close eye on your online banking activity.

Should I change my password on other accounts?

When your Facebook account has been hacked, you should change the password on these accounts right away:

  • Change the password on your email. If your Facebook uses multiple emails, change it on all of those accounts
  • Any account where you are using the same password as Facebook

Once you’ve changed the password on your email and any account using the same password as Facebook, change the passwords on all of your other accounts. (Yes, I said ALL!)

We recommend that you change your password on social media and your financial accounts at least monthly. Use a password that is at least 12 characters. (Longer is better.) Here’s an old blog on how to create a secure password that you’ll remember.

Use something like: “MyNewF@ceb0okPW!”, or “NewFB@ccount1nfo”. Both are 16 digit passwords. Notice that there is a mix of capital and small letters, numbers, and special characters. (I’ve replaced the “A”s with the @ symbol, one of the “o”s of Facebook is actually a zero, and the “I” of Info is actually the number one.) Change it at least once a month going forward.

Can they hack my email too?

Double-check your email settings. Have they changed? You should look especially at the “Reply-To” address. And change your password too!

I’ve been using Facebook to log into other apps. How do I get into them now?

If you’ve used another way to log into those apps, you can probably still log in with a password reset. If you only used Facebook to log in, you may be out of luck. Contact Customer Service for the app. Let them know what happened and tell them your email. They may let you back in. Since Instagram is owned by Facebook, you’ll probably have difficulties there.

I’m embarrassed. Should I tell my friends?

Absolutely! After you speak to your bank and change your password, call your friends. They should be on the lookout for messages that are not from you, especially if the message is asking for help or money.

How do I get all my photos back?

If you set up your account as “Public”, and the hacker hasn’t changed the settings, you may still be able to get access to your photos, albums, notes, etc. If you can’t, ask someone you trust (who is still a “friend” of the account) to download all of your data.

What about my Facebook business account?

If you’ve lost access to your personal Facebook account, you’ve lost access to your business account too. Make sure your customers know. If you’ve ever purchased advertising on Facebook, contact your bank and cancel that card or account.

Setting up a new Facebook account:

What should I do to securely set up a new personal Facebook account?

  • Set up a new email account to use only for Facebook
  • Set up Two-Factor Authorization with the new account.
  • Make sure your password is at least 12 characters long and contains a good mix of numbers, letters, capitals, and special characters.
  • Go through the Privacy and Security settings on your new Facebook and lock it down as much as you can.
  • Change the password on your new account monthly.
  • Don’t provide any financial information to Facebook. If you want to purchase something on the Marketplace, negotiate a different means of payment with the seller.

How should I set up a new Facebook Business account?

  • Create another new email account to only use with your Facebook business account. (You’ll need to set up a personal account first. And, yes, you’ll end up with two personal accounts.)
  • Follow the same steps outlined above for setting up your new business account.
  • If you advertise on Facebook, ask your bank for a separate credit card with a minimal spending limit. (Don’t use a debit card!)

How do I “Lock Down” my new account(s)?

If figuring out the Privacy settings on your new Facebook page is more than you want to do, let us know. We can set up a remote appointment with Chris to go through all of your settings to make sure another hacking is less likely. (Unfortunately, there are never any guarantees when it comes to protecting yourself from hackers.)

Information About Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

More Tips Here:

  • Are VPNs worth it? More here.
  • Are you interested in learning more about Extreme Privacy?
  • We have seen a lot of Facebook hacking lately. Here’s what you should do ahead of time to keep your account safe.
  • And here are the 10 Password Mistakes you don’t want to make!
Tagged

Hacked Email? Check your “Rules”

This past week, we received hacked email messages “from” several different customers indicating that their email account has become compromised. I have “from” in quotes because the emails weren’t actually from those people.

Each email was similar, in that they all started with a benign and short email message saying “Checking in” or “Favor to ask!” or “Hey there?”. The request said something like “I wonder if I could ask your help?”. All the messages were received within the past 7 days. This indicates an active and fruitful attack that is going on right now.

HACKED EMAIL – CHECKING IN:

Here’s a screenshot of one of the first hacked email messages we received:

Hacked email example - need a favor

Chris replied with a quick email that said “Yes, I will call you later today”.  Our “Spider-Sense” was tingling about this message – because this is not something that this customer would do via email.  A few minutes later, we received this message:

email hacking example - Apple card for neice

We noticed that the “reply from” address was slightly different from his actual email address. (An “R” was added to the end of his name.) I called the customer a few minutes later, and he said he had not sent either of the messages. We talked for a while, and I recommended that he turn off his computer, and wait until I could arrive later that day.

Super-Geek To The Rescue:

The first thing was to review his MSN account security information, such as the cell phone and alternate email addresses on file which can be used for account recovery, and to change his password.  I enabled a feature to disconnect all already connected email programs which might still be connected. We wanted to make sure the hacker did not still have access to his account, to possibly seize back control.  I looked through his past login history and found that there were several recent attempts from Nigeria using Exchange.  This was a smart and sneaky attack.

Hacked email - unusual activity from Nigeria

I scanned his machine, and found the machine was not infected – but there was something wrong with his MSN email account. His Inbox showed that it had not received any new email messages for the past several days. (He could send email messages just fine.)

I looked through his account configuration within MSN, and found that a Rule (which did not have a name) had been added. It was applied to every new email message.

Hacked email - account rules changed and archive message

  • Mark the message as Read
  • Move the message to the Archive folder
  • Forward a copy of that email message to a different email account. This looked like the customer’s email address but with very subtle differences.

I found that all of the customer’s recent email was indeed in the Archive folder, and moved them back to the Inbox.  I deleted the Rule added by the Hijacker.

HEY THERE?

Here’s another hacked email we received:

Hacked Email Example - slick get back to me asap

 

This was a sneaky one too with multiple Rules added to their email. In this case, their Comcast email account had been modified to have a similar Rule added, which was forwarding a copy of all email messages to a similarly named email address under the Hotmail.com domain that did not belong to the customer.  The password was changed, the account recovery information was reviewed, and the silent email forwarding Rules (there were two) were found and deleted.

FAVOR TO ASK!

For another customer, we received this “Favor to Ask!” message:

Hacked email example - another Favor to Ask

We contacted them with a different email to let them know. They sent an email blast to their contacts announcing that their email address had been compromised, which is good. But they didn’t BCC everyone so we:

  • saw their complete list of contacts, and
  • so did everyone else.

Remember, if you need to send an email message to many contacts, follow good Netiquette and don’t use CC. Using BCC will hide all contacts that you are sending to. (Who remembers “carbon copies”, “blind carbon copies”, and getting their fingers all inky?!)

FAVOR TO ASK?

We also received this similar message from a hacked email:

example - favor to ask - AmazonAgain, the hacker changed the rules within their email account.

GREETINGS

And, last but not least, we received this convoluted request:

Another example requesting a Home Depot card

WHAT TO LOOK FOR IN YOUR EMAIL INBOX:

If you get an email like this, it’s important to let the person know, WITHOUT using the email address that was used to send the original message! The best option is to call or text them. If you don’t have their phone number, see if you have another email for them. You can also contact a family member and ask them to pass on the message. I’ve even resorted to sending the person a message on Facebook.

WHAT TO DO IF YOU’RE DEALING WITH A HACKED EMAIL ACCOUNT:

If you find out that your email has been compromised there are several things you should do right away:

  • Change your password on your email account.
  • Double-check that your “reply to” address is really your address. Look for an extra letter. Is the domain correct? (Comcast? Gmail? Outlook? etc.)
  • Check your email account “Rules” to see if any new emails are forwarded to a different address?
  • Let people know that your email is compromised. Make sure they know you’re fine and don’t need a gift card for Amazon or Apple. If you send one email to a bunch of people, please use BCC.

As always, if you need help, give us a call. In most cases, we can help you remotely.

CONCLUSION: 

Scammers, hackers, hijackers, and spear-phishers are getting more sophisticated in their attacks. Here’s a recent article about a big-time Nigerian email scam. Today is a great day to run your virus scanner, change passwords, set up two-factor authorization, and back up your data!

 

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Information about Geek For Hire, Inc.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Macs and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

More Tips Here:

Facebook Hacking is on the rise! (It’s not your imagination.)

This is short and sweet – 5 steps to keep you safe from Facebook Hacking. If you want more tips, please sign up for our emails.

(Updated from 31 March 2020.)

Chris has been getting a lot of calls recently about hacked Facebook accounts.  A lot of the Facebook hacking starts when you click on a video that a “friend” sent you via Facebook Messenger. It is most likely that your friend’s account has already been compromised, and it is the Facebook hacker sending you the video.

If someone else has gotten control of your Facebook account, it is really hard to get it back. So follow these steps before that happens!

What to do:facebook hacking

Here are Chris’ suggestions if your Facebook account has been hacked:

  1. Change your password.
  2. Change your security question(s) and answers (in case they were reviewed by someone else).
  3. Log out of all locations where you are logged in.
  4. Confirm that your recovery email address and your mobile phone number is still yours and not set to someone else’s.
  5. Tell your friends not to open any videos or any other links that you have sent.

Doing this will help you keep your account yours after you change your password.

Facebook Hacking via Messenger:

It seems like we are all using social media more now than we did even a month ago. Try not to send any links at all via Facebook Messenger for the time being.  If you do get a video (or other links) on Facebook Messenger, don’t click on it right away. Instead, send an email to your friend confirming that they sent the video.

Facebook Hacking Service:

I also did a quick Google search to see what other advice is out there to make your account more secure. Boy, was I surprised when I saw links to a Facebook Hacking Service and an ad to Hire a Facebook Hacker!

Online Security:

Finally, we recommend ESET to keep ALL of your devices safe online.

Other Hints:

  • Also, please remember to stay well clear of shortened links unless you know without a doubt where that link will take you. That includes most bit.ly and owl.ly links. Here’s a recent article about short links.
  • Likewise, there are a lot of scams out there. Read our article about Covid19 scams.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

INFORMATION ABOUT GEEK FOR HIRE, INC.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call at 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

9 Easy Tips for Online Safety

Staying safe online takes constant vigilance!  Clicking on links in your email, an app, or on a random website can lead to lots of problems.  But THINKING about it all the time is exhausting! Thankfully, there are a few shortcuts to ensure your online safety

Don’t give real answers:Internet Safety / Online Safety

Probably the most important thing to remember is that not everyone is entitled to real answers. Closely guard your personal information.  Who needs to know your birthday and why? Do you need to be at least 21 or 55?  Make up a birth date to fit those criteria! Do they want to know what your zip code is to show you the closest store to you?  Type in 80305 instead of 80302! No one except maybe your bank needs to know your mother’s maiden name. Come to think of it, most apps don’t even need to know your real name or email address.  Which brings us to tip #2…

Create a throw-away email address:

It’s easy enough to set up a new email using Gmail. Use a fake name. Forward the emails to your real address so if there is something important you’ll be sure to receive it.

WiFi:

When you’re using WiFi away from your home, office, or other trusted location, be very careful to ensure that it is a legitimate service. Always ask the coffee shop, or wherever you are, what the name of their WiFi is.  Be sure you are clicking on “Starbucks” and not “S1arbucks”.  (Did you see what I did there?) And, you should always connect to WiFi on your phone or tablet via a Virtual Private Network or VPN.

Online Safety with a VPN:

A Virtual Private Network helps ensure your online safety.  A VPN is encrypting software that masks your identity and location by hiding your IP address. Check out this article explaining what a VPN is and why you need one.

Banking:

If your bank gives you the option, you should check your balance online every day to make sure nothing nefarious is going on. (If they don’t offer online banking, I’d suggest switching banks.  After all, this is the 21st Century!) Another thing you should expect from your bank is a robust Fraud Department.  As a business, we’ve occasionally had to make online purchases from other countries.  The Fraud Department at our bank calls us each time to make sure it’s really us doing the transaction. I appreciate their diligence.

Online purchasing:

If you make a lot of purchases online, you should probably open a new debit card at your current bank just for those transactions. When you make a purchase, go to your bank account online and transfer enough funds into the account for that specific purchase. If your information is compromised, you can easily close that account.

Passwords:

Online Safety
Don’t use these passwords!

I know I’ve said this before. You can’t change your passwords often enough! Online safety starts with a secure password. Change your password on all of your apps and online accounts AT LEAST once a month.  Don’t reuse passwords.  Make sure they can’t be cracked. Use at least 12 characters.  So many rules!  Sign up for our free Guide to creating a secure and easy-to-remember password.

Location tracking:

Remember to check occasionally which apps are tracking your location. Yeah, you might have it locked down, but when you update the app, they may turn location tracking on again. Yes, you want the weather app to know where you are when you want to know how much snow you’re going to get.  Once you have your forecast and close the app though, they shouldn’t still be tracking where you are.

Online safety at Libraries, Hotel Business Suites, and Internet cafés:

Most of us can do just about everything we need to online with our phone or tablet. But there are times when we need to visit a library, internet café, or the “Business Suite” at a hotel. Be especially careful in these locations.  If you need to print an email, use your phone to email the document to your throw-away email account.  Then log in to that account instead of your real email.  If you do need to log into your real email, a financial account, or another secure app, change your password on that account as soon as you’ve completed your business. And use your phone or tablet to change your password, not the computer at the library or business suite.

Conclusion:

Online safety is a habit you can grow.  Be aware of what information you’re sharing and where you are sharing it.  What information can stay private?  You can do this!

Do you have additional suggestions?  Do you need more info or clarification?  Write a comment below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

Sim Card Swapping Scam – Three easy steps to protect yourself

I just heard about a new scam that I want to make sure you’re aware of as well.  It’s called the Sim Card Swapping scam. This is when someone decides to target you (who knows why – your status? your wealth? your position in your community?) and takes over your cell phone number.  From there, they can take over your social media, gain access to your financial accounts accessed via your phone, and any number of any other nefarious acts.

How does this scam work?

The process is relatively simple.  The scammer enters the physical store of your cell phone provider, or they call the toll-free number, pretending to be you.  Then they provide a forged license or other personal information. The scammer will say they lost their phone.  They say they already have a new phone; they just need your service provider to transfer all of the information from the “lost” phone onto the SIM card of the new phone.

sim card swapping scam

…. and Boom!  Just like that, they have access to all of your contacts, their phone numbers, affiliations, birthdays, and any personal information you have about each contact.  They also have access to any apps you’ve allowed from your phone. Do you have the Dropbox app installed on your phone?  Now they have access to all of those documents as well.  How about Amazon? Does the Amazon app have your credit card information stored? Sounds like a fun shopping spree…

I called my local AT&T store in Boulder, where I’ve been a customer for years, and spoke with one of their floor representatives.  When I asked him about the SIM card swapping scam, he wasn’t aware that it was a problem.  He said that as long as you have a photo ID with the correct address, you should be able to gain access to your account. That didn’t give me a lot of confidence! I then asked him about the PIN that we set up a few years ago.  He indicated that if an account has a PIN set up, they will ask the customer for that number in addition to verifying name, address, and photo. I then asked what the maximum number of digits were for the PIN which he said was six.

How to protect yourself from the SIM card swapping scam:

In all likelihood, the vast majority of the public won’t be targeted. But if you are known in the crypto-currency community, are wealthy, or have a high profile in your town I would recommend that you be extra vigilant.  Regardless, I would recommend doing several things right away:

  • First, enable 2FA or two-factor authentication. In the past, I’ve talked about two-factor authentication and why it is so important. Try not to use “text message” as an option to confirm your identity. Set it up so that they need to call a land-line with the code, or send the code to an email address that is not set up on your cell phone.
  • Next, talk to your cell phone provider and make sure you have a PIN set up.  Make sure it is a long as they will allow.  (Note to self: Change AT&T PIN from four digits to six!)
  • Then, log out of all of your Social Media accounts on your phone.  Set it up so that you need to log in each time.  Remember to log out every time! (This is something that Chris does.  He has never downloaded the Facebook app to his phone.  Instead, he accesses Facebook via Safari and logs in/logs out each and every time.)

Here are some articles to learn more about SIM card swapping:

Please share this on Facebook and Twitter!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

pwned? 1 PAINLESS step To Find Out If Your Email Info Has Been Compromised

Have you heard of the term “pwned”? Last week Chris shared a news item with me about a recently discovered list of email addresses and passwords.  These are for sale on hacker websites.  If you are on this list or any of the other lists of stolen emails, you have been pwned. This list, “Collection 1”, consists of 772.9 million unique emails along with 21.2 million passwords.  You might wonder why there are so many more email addresses than passwords.  That is because so many people with multiple email addresses use the same password for everything.

Don’t do that!

A little history about the word “Pwned”:

The Urban Dictionary postulates that Pwned came into use after one of the designers for the game World of Warcraft typed “has been pwned” instead of “has been owned”. Another Urban Dictionary contributor says it is actually a commonly used chess term, where you use your pawn to check your opponent. Regardless of the various definitions, this term means “you are dominated”.

Have You Been Pwned? 1 Painless Step to Find Out:Wondering if you have been pwned?

Head over to Have I Been Pwned to find out if your email address is compromised.  Many people use different email addresses for work and home.  If you have multiple emails, be sure to check each of them.

This site will also tell you on which websites or apps the data breach has occurred.  (My email is compromised.)  I immediately changed the password for both accounts.  It also told me that the breach came from my Dropbox account.  I then changed my login information on Dropbox as well. Another breach occurred on my LinkedIn account so I changed my info there too.

5 Quick Steps to keep your information safe:

  1. Change your password on each account frequently. I change my passwords every 3-6 weeks.
  2. Change your password on financial accounts even more frequently – at least every two weeks.
  3. Never use the same password again!
  4. MOST IMPORTANT: Use a password that is hard to guess.  Make sure you use at least 10 characters.  You should use at least one of each of the following: an uppercase letter, a lowercase letter, a number, and a special character.  I always end with punctuation too.  Swap out letters for numbers or special characters. Lately, I’ve been using book titles to craft secure passwords.  So “The New Relationship Marketing” would become “th3NewRel@t1onshipMarket1ng;”  (Check it out.  It’s a great book by Mari Smith.)
  5. Next, always keep track of your passwords using a secure system.  I use a password-protected spreadsheet. (Why don’t I recommend a cloud-based password manager?  I’ve recently heard of two people who lost access to their online password tracking system. They had to go to each of their emails and apps to change their passwords. Each One!)

Let me know if you have an effective tip for setting up great, secure passwords.

Please forward this to your colleagues who never change their passwords.

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years.  His company is highly rated by both the BBB and by Angie’s List.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

Been Pwned? How Do I Find Out If This Impacts Me?

2019 January 22 UPDATE: Based on recent news stories, the “been pwned” information has been updated here:

https://geekforhireinc.com/pwned-has-your-email-been-compromised/

 

 

Although this website has been around for a few years, I’ve only just found out about it.  It’s called Have I Been Pwned and it lets you know if your email address has been compromised in any way.

A little history about the word Pwned:

The Urban Dictionary postulates that Pwned came into use after one of the designers for the game Warcraft typo’d “has been pwned” instead of “has been owned”. Another Urban Dictionary contributor says it is actually a commonly used chess term, where you use your pawn to check your opponent. Regardless of the various definitions, the word essentially means that you have been owned or dominated.

Have I Been Pwned?been pwned?

Head over to Have I Been Pwned to find out if your email and other personal information has been hacked by bad operators.  They will also tell you on which websites or apps the data breach has occurred.  For example, I found out that my both my personal and business emails have been pwned.  I immediately changed the password for both accounts.  It also told me that the breach came from my Dropbox account.  I then changed my login information on Dropbox as well. Another breach occurred on my LinkedIn account so I changed my info there too.

What can you do to keep your information safe?

  1. Change your password frequently. I change my passwords every 3-6 weeks.
  2. Never use the same password again!
  3. MOST IMPORTANT: Use a password that is hard to guess.  Make sure you use at least 10 characters.  You should use at least one of each of the following: an uppercase letter, a lowercase letter, a number, and a special character.  I always end with punctuation too. Lately, I’ve been using book titles to craft secure passwords.  So “The New Relationship Marketing” would become “th3NewRel@t1onshipMarket1ng;”  (Check it out.  It’s a great book by Mari Smith.)
  4. Next, always keep track of your passwords using a secure system.  I use a password protected spreadsheet. (I’ve recently heard of two people who lost access to their online password tracking system. They had to go to each of their apps and change their passwords!)

Let me know if you have a great tip for setting up great, secure passwords.

Here’s some more reading on the whole pwned subject:

Please forward this to your colleagues who never change their passwords.

Information about Geek For Hire, Inc.

I’ve created a Free Report to protect you from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years.  His company is highly rated by both the BBB and by Angie’s List.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free 2-3 day shipping and online streaming. I haven’t tried the Kindle lending library yet.  I’ll try that next!  Prime is normally $119/year, but you can try it for 30 days for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

 

Security Summit Thoughts – Hack-Proof Your Mac or PC

Last week I attended Microsoft’s “Virtual” Security Summit.  I have the word virtual in quotes because I didn’t have to travel anywhere.  My son and I watched the live streaming video in our living room! While I like the buzz of meeting new people, staying at home and learning new things has its advantages as well.  The Summit was primarily targeted towards management of large enterprise firms, I did pick up a few nuggets of information that will help the average person with the security of their machine as well.

First tip for Security:Security

Make sure the user permissions on your account are set to “Standard User” and not “Administrator”. This cuts down on the chance that viruses or other malware can be easily installed on your machine. This also protects a random bad operator from installing a bitcoin mining operation on your machine.  You provide the computer and electricity, they get the benefit.  If anyone has ever installed the SETI program on their machine, it would work similarly to that.  (The “Search for Extra-Terrestrial Intelligence” program gave the opportunity for ordinary computer users like Chris Eddy to allow SETI to use some of their computer operating power.)

Next:

Make your machine harder for the bad guys to get access to. Use a very secure password, set up two-factor authentication wherever you can. Install updates to your Operating System as soon as they are available.

Finally:

Use good security practices. Patti Chrzan, head of Microsoft’s cyber-security fraud division said this:

“90% of all cyber crime starts with a phishing email”

A reminder that the phishing email is an attempt to get access to your personal information, like your birthday or password.  A phishing email might also install a virus, ransomware, or other malware.

Being hyper-alert of every click, and every email you open puts you way ahead of the average person. Even if the email seems legit, never click on a link in an email from a corporation until you have confirmed its legitimacy.  Call the company to confirm that your account has been hacked, or your password was changed, or a large purchase was made.  Never take the word of an email at its face value!

The highlight of my day was when Microsoft retweeted my comment:

security

Just because you have an antivirus installed, does not automatically make you secure. You must have good personal systems in place too.

Past blogs you may find helpful:

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly.  You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years.  We like the free and fast shipping.  With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

 

Tagged