Thu, 12 Jan 2017 00:00:00 +0700
(image) The ongoing game by scammers to convince people that their computer is infected has taken some seriously convincing turns in recent months.
One such version of the scam generates what appears to be an official Microsoft message complete with logos and color schemes and a robotic voice saying ‘critical alert’.
Here’s an example pop-up:
** ZEUS VIRUS DETECTED - YOUR COMPUTER HAS BEEN BLOCKED **
Error: Virus - Trojan Backdoor Hijack #365838d7f8a4fa5
IP: 108.XX.XX.XX Browser:Chrome ISP: Mci Communications Services inc. Dba Verizon Business
Please call computer system technician immediately on: 888-XXX-4963
Please do not ignore this safety alert. Your Microsoft System Has Been Compromised. If you close this page before calling us, your computer access will be disabled to prevent further damage and your data from being stolen.
Since this particular scheme attempts to keep you from doing anything else, calling the posted toll-free number to get help seems to be a rational response for those stricken with fear.
We’ve also seen this attempted scam posing as a warning from your Internet service provider (such as Cox or Century Link) because the scammers can easily determine who your ISP is.
Understanding some basic red flags will go a long way in helping you avoid this and all of the subsequent attempts to trick you that are certain to come.
Tip #1 – Be suspicious of toll-free numbers
Large technology companies have spent millions to prevent you from calling them for help.
It’s just not economically feasible for companies that have millions of users or in Microsoft’s case, over a billion, to pick up the phone whenever someone needs help.
With this in mind, any time you see any error message pop-up on your computer urging you to call a toll-free number, assume it’s a scam.
Tip #2 – Get to know your security software
Knowing what you have installed to protect you from Internet threats will go a long way to helping you quickly sniff out scams. Chances are, you have a third-party program installed to protect you, so take some time to understand what it looks like and how it alerts you.
Tip #3 – Real tech companies don’t answer the phone
Anyone that’s ever tried calling to speak to a human at any large organization is always met by an automated attendant system.
Call routing systems are necessary because call volumes are very high, so when you call a toll-free number for tech support and a real-live human answers, you should always be suspicious (especially if they have a foreign accent).
Tip #4 – Killing the fake message
It may appear that your computer has been locked down, but in most cases you can simply shut down the pop-up to regain control. Windows users can use the Task Manager (Ctrl-Alt-Del to access it) to end the fake task and Mac users can use the Force Quit option to kill the fake session (yes, this Microsoft pop-up can appear on Mac screens as well!).
If all else fails, manually shutdown your computer, then restart it and immediately run the security software you know you installed.
Wed, 4 Jan 2017 00:00:00 +0700It’s that time of year when many households are asking this same question as the new gadgets replace the old ones during the holidays.Electronic devices are one of the most common gifts every year, which results in lots of devices that end up in closets, drawers and garage shelves.The Growing E-waste ProblemUnfortunately, electronic waste (e-waste) continues to be one of the fastest growing municipal waste issues according to the EPA, which means most of it ends up in our landfills.Even though e-waste represents 2% of our trash, it accounts for around 70% of the overall toxic waste in our landfills. With our desire for new devices growing every year, the problem of improperly disposing of our old tech is also growing.Keeping the toxic waste in electronics that include lead, arsenic, cadmium, mercury and many other dangerous chemicals out of our landfills should be important to everyone, but at best we’re only recycling between 15% to 25% of our e-waste because too many people still aren’t aware of the dangers.Repurposing vs. RecyclingRecycling your old electronics isn’t your only option as a better use for them would be to re-purpose them. Just because a device isn’t useful to you anymore, doesn’t mean that it won’t be useful to others.Check with your local schools, churches and local charities, especially if you have older devices like smartphones, computers, printers and tablets that may be a little slow, but still usable.Another option is to make it available to others in your area via the Freecycle website (http://freecycle.org), which is essentially an online version of putting it out on the sidewalk with a sign that says ‘FREE for the taking’.If your old tech isn’t a candidate for repurposing, then finding a responsible recycler to ensure it gets properly processed is critical.Recycling OptionsMany municipalities now have a structured e-waste recycling process, drop off locations or annual events, so start by checking your city or county’s website.The National Cristina Foundation (http://cristina.org) is a great resource for individuals and businesses that have technology that they think can still be of use.The foundation focuses on service providing organizations targeting people with disabilities, students at risk and economically disadvantaged populations through their non-profit locator tool.If you have a cellphone or smartphones that still works, you may be able to trade it in or recycle it with your current wireless carrier.There are a number of companies that will offer to buy your old mobile gadgets like uSell (http://usell.com), Glyde (https://glyde.com) and NextWorth (https://nextworth.com) or you can trade them in for gift cards at Amazon (https://goo.gl/i5Hp3J).The EPA has also put together a list of national companies that offer recycling programs for PCs, televisions and mobile devices: http://goo.gl/sDTUV7The listed companies offer drop-off locations, recycling events or mail-in options.Another list of recycling options for things like batteries, printer ink cartridges and computers is http://www.computerhope.com/disposal.htm.Wipe Your Data FirstBefore you donate or recycle your computers, make sure you take steps to securely wipe your personal data from the hard drives: http://goo.gl/MGyE8f.Your cellphones and smartphones are also loaded with lots of personal information, so make sure you perform a factory reset http://goo.gl/0M07Q9 before getting rid of it.[...]
Wed, 28 Dec 2016 00:00:00 +0700
(image) CES 2017, will be the 50th annual largest gathering of consumer electronics companies and is sure to be the usual exciting mix of ‘solutions searching for a problem’ and evolutionary updates but little or no real ‘revolution’.
Virtual and Augmented Reality
There’s no question that one of the hottest categories at this year’s show will be in the virtual/augmented reality world.
Gaming has always been a no-brainer for this type of technology, but I’m expecting to see more practical use cases that might bring it into the mainstream.
I’m a bigger believer in the usefulness of augmented reality since you aren’t in a virtual world by yourself and can still interact with others while using the technology (think Pokémon Go or Hyundai’s virtual owner’s manual app).
IOT/The Connected Home
The ‘Internet Of Things’ has been a growing category at the show for years, but this year titans of the industry such as Amazon, Google and Apple are each making a major push to create ecosystems that they hope will become a standard.
The biggest problem for most consumers when it comes to the connected home is that each device seems to need its own app and doesn’t necessarily talk to other devices. Expect this problem to be addressed by many companies this year so Alexa can talk to your Samsung vacuuming robot next year.
The automotive industry has been on track to turn your car into the largest mobile device you own with new car companies like Faraday Future trying to break into the market.
I expect to see the usual incremental improvements to connected car technology platforms, but the real innovation I expect will be in autonomous car technology.
It’s going to be a while before we can totally leave the driving to our cars, but driver-assist technology is already mainstream and the obvious stepping stone to our driverless future, so it should be in full display this year.
Robotics, AI and Drones
The rise of the robots that go beyond vacuum cleaners and toys should be on display aided by advances in Artificial Intelligence and Intelligent Assistants in just about every device we’ll interact with.
Drones capable of carrying heavy payloads and even people are sure to be shown in prototype form as the push to develop commercially viable vehicles will expand the market beyond the mature hobbyist market.
This category continues to try to get mass appeal products to market in everything from fitness, healthcare, fashion and tracking of your pets and this year should be no different.
While I don’t expect any real major innovations, we should see some interesting adaptations especially when it comes to healthcare and caregiving.
What We Won’t See
Announcements of big new mobile devices generally now get made at the Mobile World Congress in late February, Apple and Google have their own annual launch events so they’ll be no-shows and don’t expect anything truly compelling to be introduced from the TV manufacturers despite all the buzz you’ll likely hear about ‘HDR’ (High Dynamic Range) technology.
Wed, 21 Dec 2016 00:00:00 +0700
(image) As the threat of Ransomware grows, utilities that are specifically designed to protect users from becoming a victim are hitting the market.
Ransomware is malware that attempts to gain access to your computer with the intent of locking you out of your own personal files and demanding a ransom to unlock them.
The level of encryption being used by current versions of ransomware is so sophisticated that your only options are to pay the ransom or lose everything if you don’t have a separate off-site backup.
What RansomFree Does
The company that created this free tool examined the process that most of the known ransomware attacks follow and created special folders and files known as a ‘honeypot’ to detect threats.
The file structure of these dummy files is designed to be one of the first targets of an attack, which the program monitors in order to alert you of a potential attack.
This means that in order for the program to alert you, a small number of files will be sacrificed with the hope that it’s the files that they setup as the honeypot.
The Whack-A-Mole Problem
While RansomFree’s approach is unique and inventive, there’s a problem that the entire security industry has struggled with since the beginning of time; they’re all playing whack-a-mole.
Just as RansomFree was created by examining what ransomware programs typically do, malware authors can conversely see what RansomFree is doing and change up their scripts to avoid or delay detection.
There could eventually even be direct mitigation code that would attempt to disable the program if it becomes widely used, so as always, it’s a moving target.
What this should tell you is that no one layer of protection should ever be relied upon when it comes to the threat of ransomware.
Unlike a lot of other malicious activity floating around the Internet, ransomware has proven to be a solid moneymaker for cyber-crime syndicates, which ensures that they’ll continue to evolve their threats in order to side-step any and all security layers as they’re developed.
Just about every major anti-virus/Internet security program is including some form of ransomware detection and protection these days, so check to see what you might already have installed.
If you don’t have anything, installing RansomFree couldn’t hurt, but since we’ve established that just about any security program can potentially be thwarted, how you backup your critical files becomes your last line of defense.
If you have a backup that is out of reach of the ransomware, you’ll never have to pay the ransom.
Unfortunately, traditional local backups via an attached external hard drive will be of no value if you’re system is attacked because anything accessible to the computer is also encrypted.
The best backup schemes incorporate the 3-2-1 approach: 3 copies of your data on at least 2 different devices with 1 copy off-site.
The best and most cost effective defense against ransomware for most users is an online backup service such as Carbonite (https://goo.gl/XKum9f) because it’s not directly accessible during an attack and it’s automated.
Wed, 14 Dec 2016 00:00:00 +0700
(image) Whether you currently use a Yahoo email account, used to use one or have never used one, the announcement of 1 billion accounts being compromised in 2013 holds many lessons for everyone.
Yahoo says that no financial information was included in the breach, but username, email addresses, telephone numbers, hashed passwords, birth dates and in some cases answers to security questions were all part of the break in.
Why Email Hacks Are So Desirable
Your email account is the digital key to your kingdom for a variety of reasons, which is why they are so valuable to hackers.
Remember, whenever you (or a hacker) need to reset a forgotten password for just about any online account, the reset instructions get sent to your registered email account.
Another treasure trove is the accumulation of messages that you were sent when you initially signed up for any account, which is a quick way to know what other accounts can be compromised.
Lesson #1: Start getting in the habit of deleting sign-up, notification and reset email messages as soon as you are through with them.
Birthdays & Security Questions
Many sites ask for your birthday as a way to ensure you are old enough to meet their age requirements, but nothing says you have to give them your actual birthday.
Although Yahoo is moving away from security questions as a way to allow you to regain access to an account, the information gathered by the hackers can potentially be used elsewhere.
Questions such as ‘what was your high-school mascot’ are pretty easy to figure out depending on your profile on sites like Facebook and LinkedIn.
Lesson #2: Start lying more; don’t give your actual birthday or use actual researchable answers on security questions.
Additional Security Measures
If you haven’t figured it out already, virtually anything on the Internet is ‘hackable’ and it’s generally just a matter of time for any large online entity.
Setting up password fraud alerts through 2-factor authentication (https://goo.gl/0MhNLG) and using password management programs that ensure that no password is ever used on multiple sites are a good start.
Lesson #3: Assume that everyone you do business with online is going to be breached and act accordingly.
Spear-Phishing Made Easy
Spear-phishing refers to scam emails that are targeted at those that are known to use a specific service.
In this case, if you have a Yahoo email address, it’s pretty easy for scammers to send convincing but fake ‘password reset’ messages to you knowing that you actually have an account.
Lesson #4: Never click on any reset links unless you just asked for a reset message to be sent.
With all the large-scale breaches in the last couple of years, the likelihood is that any password that you’ve been using for years has been compromised.
There are lots of ‘known password’ databases that allow cyber-thieves to compare them to stolen hashed passwords, which is why one breach can lead to so many other accounts being compromised.
Lesson #5: If you’re still using a password that’s been in use for more than a couple of years, change it to something you’ve never used before.
Wed, 7 Dec 2016 00:00:00 +0700
(image) The trend toward shopping online has seen a big jump in the last year with spending in 2016 predicted to be up by 45% over 2015.
There’s no question that online shopping is much more convenient than going to brick and mortar stores but during the holiday shopping season, getting your hands on what you want as early as possible is important.
More of the large retailers are adopting the ‘clicks and bricks’ approach which allows you to buy items online and pick them up at a nearby store if you want that peace of mind.
Don’t Use Your Debit Card
The first thing I’d recommend is avoid using your debit card for online purchases. You’ll still have the same fraud protection that covers credit card transactions, but since it’s tied to your checking account, it can tie up your money while you are sorting things out.
Only your credit line gets tied up when a credit card gets hit with a fraudulent transaction while the money to make your mortgage or car payment gets tied up with fraudulent debit card transactions.
Every major browser offers the ability to create private browsing sessions, which keeps things out of the ‘History’ log and removes any cookies that get placed on your computer when you close the browser.
Using the private browsing option helps with two things that are commonly used these days; Dynamic Pricing and Remarketing.
Dynamic pricing which is also called demand pricing or time-based pricing is an automatic algorithm used by some websites that can provide different prices to different people at different times.
One of the many data points used in dynamic pricing is how many times you’ve looked at the item, even if it was on different websites. Private browsing eliminates this data point as a factor.
The biggest reason to use private sessions is when your computer is shared by your whole family. We’ve all experienced the situation where you went looking for a specific product only to have ads featuring the item then follow you around the Internet and on social media.
This process is called remarketing and it too relies on the cookies that get deposited on your computer. It can become a major spoiler when the rest of your family sees the glaring hints whenever they go online using the same computer.
Money Saving Tips
Once it’s installed, a small ‘h’ will appear in the upper right hand corner of your browser that turns yellow when you visit a site that has an available coupon code.
Another website popular with avid online shoppers is called Ebates because you get cash back for purchases, but unlike many others you can also get cash back from some in-store purchases as well.
Price comparison sites like Price Grabber and Froogle (now Google's shopping engine) – can help you find the best deals but don’t forget to calculate in shipping and handling fees and delivery dates before you click on ‘Buy’!
Wed, 30 Nov 2016 00:00:00 +0700
(image) In the tech industry’s ongoing attempts to create better tools to protect consumers, they often come up with software that focuses in specific areas.
Trusteer Endpoint Protection (a.k.a Rapport) is a legitimate program that is specifically designed to help fight financial fraud and is often recommended by various banks for reducing the chances of fraud and identity theft when it comes to online transactions.
Originally developed in Israel in 2006, Trusteer was acquired by IBM in 2013 for an estimated $800 million so any concerns about it being a malware program can be put to rest.
Why Banks Recommend It
The program is specifically designed to prevent many known banking Trojan malware such as ZeuS, Silon, Torpig, SpyEye and others from attacking its users.
Malware designed to attack online banking transactions will attempt to steal login credentials so cyber-thieves can access online accounts or steal the identity of its victims.
They tend to use keyloggers, screen grabbing and phishing as a means of exploiting users, which is what Trusteer is specifically designed to help protect against.
As such, many banks recommend the free program as an extra layer of protection, because the banks have installed the protection on their side and it works best when both sides are using the same security system (thus the name ‘Endpoint’).
Banks are interested in both security and regulatory compliance, which the Trusteer platform provides, which is why so many have partnered with IBM to promote the program.
The Real World
If the only thing your computer needed to do was interact with your bank, Trusteer would be a no-brainer, but for most of us that’s not the real world.
Despite the fact that it’s designed to work as an added layer of protection to your primary security program, many users have reported a multitude of issues over the years.
Online complaints range from the initial installation process to incompatibility with other programs to a noticeable degradation in performance as well as a complicated removal procedure.
As with any security program, it can prevent you from operating your computer in a normal way because it blocks access to anything it perceives as a threat (false positives), which can be very frustrating.
Should You Use It?
As with any protection system, there is no ‘one-size-fits-all’ solution, so determining whether you should use the program or not requires some homework.
If your bank is pushing you to install the program, before doing so, I’d strongly recommend that you research the specific issues with whatever Internet security program you have installed by doing a search for ‘Trusteer issues with XXX” (where XXX is the name of your program).
Not only will you get information specifically from the support resources of the Internet security company, you’ll likely get user feedback on their experiences as well.
As an advanced search tip in Google, if you include –trusteer.com
at the end of your search query, the results will be filtered to exclude anything from Trusteer’s website so you’ll only get feedback from third parties.
Business users should do their experimenting on non-mission critical computers to avoid any compatibility disruptions to workflow.
Wed, 23 Nov 2016 00:00:00 +0700
(image) Google’s newly designed smartphones known as the Pixel (5” display) and Pixel XL (5.5” display) are creating quite a buzz in the tech world.
Most reviewers are hailing it as the most complete Android competitor to the iPhone 7 with some exclusive features that no other smartphone in the Android world currently offers.
Pixel’s Unique Features
The Google Assistant is a more advanced virtual assistant that’s much more conversational than Apple’s Siri.
It allows you to ask a question and then a follow-up question as we do in natural conversations because the app is able to determine context over multiple interactions.
Another great feature is the ability to setup multiple users on one phone, making it easy to create limited use profiles for children that won’t have access to your email, apps and other personal information.
They come with free unlimited cloud storage for photos and 4K videos in their original quality, so there is no reduction in resolution.
They also incorporate ‘Smart Storage’, which automatically clears storage space by deleting items that are already stored in Google Photos and split-screen multitasking for most apps.
24/7 voice and chat support are built into the phones, so any time you have a problem, you can get help including an option to share you screen with the support person and OS updates are now performed seamlessly in the background.
The fingerprint scanner is located on the back of the phone in a natural position when you’re holding the phone.
USB On-The-Go allows you to plug USB storage devices, keyboards and even a mouse into the phone much like you can with your computer.
Based on various tests of the batteries, the Pixel out performs the iPhone 7 in two areas: battery life and recharge times.
Pixel’s higher capacity battery also allows quick charges; a 15-minute rapid charge can provide an additional 7 hours of battery life.
Unlike the iPhone 7, Pixel phones are not water-resistant, so if you want that type of protection, you’ll need to buy a waterproof case.
Image Capture Surprise
Apple’s dominance in smartphone cameras is being challenged with the sophisticated offerings in the Pixel phones.
Many head-to-head tests have shown the Pixel to have better low light image capture as well as truer colors and the wider angle lens on the front facing camera can capture more people for selfie fanatics.
It’s important to understand how what you’re currently using could play the biggest role in deciding which phone is best for you.
If you’ve had an iPhone for a long time and have purchased lots of apps, music, videos and games, porting those over to an Android handset can get complicated.
In some cases, you’ll have to re-purchase items because they are locked in the Apple ecosystem or it may not exist on the Android platform at all.
To a lesser extent, the same holds true if you’re going from an Android device to an iPhone.
Assessing what you have on your current phone that you’ll want on your new phone and doing a little homework to see what it will take to get it to ‘the other side’ should help you determine if you want to switch platforms or not.
Wed, 16 Nov 2016 00:00:00 +0700
(image) This election cycle dramatically elevated the use of fake news sites that in the past were generally used to spread malware by infecting unsuspecting visitors.
There were a variety of reasons for creating these sites that ranged from the obvious political influence to making money from the world-wide interest in our candidates.
Savvy Teens in Macedonia
BuzzFeed News reported that they were able to identify at least 140 fake political news websites being run from a single town in Macedonia.
Despite the sites being overwhelmingly pro-Trump, the young tech-savvy creators of the sites said they didn’t care about Trump’s campaign.
Earlier in the year, they claim to have researched the various candidates to see which ones would generate the most traffic as their incentive was purely economic.
Any website that can generate a lot of traffic, can use global marketing platforms like Google’s AdSense to monetize that traffic.
They also learned that the best way to generate traffic to their sites was to use Facebook to spread stories, especially if they were in some way pro-Trump.
The latest word from both Google and Facebook is that they cracking down on fake news sites that attempt to use their advertising platforms from now on.
Google said sites that “misrepresent, misstate, or conceal information about the publisher, the publisher’s content, or the primary purpose” will be kept out of their ad platform.
Facebook said that it already banned apps and sites with “illegal, misleading, or deceptive” content but they updated their policy to “explicitly clarify that this applies to fake news.”
This by no means will be the end of seeing questionable news sites in your Facebook News Feed or in Google search results, so we all need to sharpen our skills.
Sniffing Out Fake News Stories
The first thing to pay attention to is the web address of the site that is reporting the story, especially if a two-character country code is added to the end (Example: abcnews.com.co)
With the speed at which news travels across the Internet, doing a quick Google search by using the headline as the search parameter should provide plenty of help.
If the story only appears on sites you’ve never heard of, it’s the first sign that you should be suspicious.
Questionable headlines will likely have search results that include sites like Snopes and HoaxBusters that provide some context to the lack of credibility.
Web tools such as Web of Trust can also quickly provide warnings of questionable sites.
What Else Can You Do?
Both Google and Facebook will be using various algorithms and machine learning to help with the task, but Facebook users can help by posting fact-checking links that debunk stories in the comments section, which will help the algorithm.
Facebook users can also click on the v-shaped icon in the upper right corner of any post to hide all posts from that source or unfollow the person that shared the story to prevent future junk posts from appearing in your news feed.
News aggregators like News360 present news stories and includes how many news organizations reported on that specific story with an easy way to read the story from any or all of the sources.
Wed, 9 Nov 2016 00:00:00 +0700
(image) Ransomware is one of the fastest growing cyber-crimes because it’s working so well for organized crime rings around the world.
Victims of ransomware are essentially locked out of their own private files unless they are willing to pay a ransom to get the key that will unlock them.
Alarming Ransomware Statistics
According to one estimate, $209 million was paid in ransomware attacks in the first quarter of 2016 alone.
Another survey found that nearly 50% of professional organizations were victims of a ransomware attack in the past 12 months.
The average ransom demanded is just under $700, but as more businesses are being targeted, the ransom amounts are increasing.
To provide some perspective, the average ransom demand in 2015 was around $294
59% of infections come via email as either a malicious link or an infected email attachment.
Malicious social media links don’t account for a large percentage of the current attacks, but cyber security experts expect this approach to grow.
Protecting Yourself From Ransomware
Since this form of attack larger relies on tricking a human into clicking on a link or opening a malicious attachment, educating everyone in your household or business on ways to spot questionable email messages is a good start.
Since cyber-criminals have the ability to use Internet searches and social media to figure out who’s who in just about any business, it allows them to create very clever spear-phishing email messages that can fool employees that aren’t paying attention.
Bad grammar, missing punctuation and strange salutations are just a few of the things that everyone needs to be looking for in just about any message that prompts you to click on a link or open an attachment.
There is a free phishing security test business can use to test and educate their employees from a company called KnowBe4 (https://goo.gl/PGsyHz)
Parents need to understand that cyber-criminals set their traps where they know teenagers go to download free music, games, movies and programs that usually cost hundreds of dollars.
Make sure you have all your security updates installed and have a good off-site backup like Carbonite so you don’t ever have to pay the ransom to get your files back.
Options For Victims
If you become a victim of a ransomware attack, your options depend on what type of backup you employ.
Traditional backup devices that are attached to your computer when you’re attacked are also attacked, so unless you have a disconnected or off-site backup, you’ll either have to pay the ransom or lose everything and start over.
Fortunately, getting rid of the infection that allowed your files to be held hostage is pretty straight forward, but decrypting your compromised files is nearly impossible for most of today’s attacks.
If you do have a clean backup, you can either disinfect the system by booting to an uninfected device, like a flash drive or CD/DVD to run a scan with anti-virus/security programs or wipe the drive completely and reload everything from scratch.