Tag: phishing

Take Care of Your Tools

Share

“Take care of your tools and they will take care of you.” This comment seems to refer most often to garden tools.

In today’s Advisory from Emergency Plan Guide, though, taking care of tools refers to the computer tools we are using right now – our computers, tablets, phones – all those digital tools that make it possible to share stories, images and, in this case, blog posts!

Now, I want to be able to finish the 31 days of this summer blog challenge without a computer hitch. So when over the past week I received several warnings, one after another, I paid close attention.

And then I thought of you, and knew you would be interested, too!

Take care of your computer tools!

Here are the three warnings I’ve received in the past couple of weeks.

Warning #1 comes from Avast. It’s about a phishing scam that arrives in an official-looking WordPress email. It urgently requests that you update your username, password, etc. Because you’re a good reader (!), you might notice one little strange grammatical quirk in the email, but MOST people won’t notice it.

Anytime you get an email from what you consider a trusted source (most popular phishing emails come from Microsoft, PayPal, Netflix, banks, etc. ) that urgently demands an update or action on a bill or some such, consider it a scam first and then follow up VERY carefully. (Don’t hit that Update Now button!)

Warning #2 comes from Microsoft. It’s about BlueKeep, a 2019 “worm” affecting older versions of Windows, traveling from computer to computer. The windows versions that are vulnerable: Windows 2003, Windows XP, and Windows 7. If you haven’t been taking care of your tools by updating, do it now! (It you are running Windows 8 and Windows 10 it looks as though you aren’t affected by BlueKeep.)

Warning #3 comes from ithemes Security. Actually, it’s two separate warning reports!  The first lists 9 WordPress plug-ins and themes that have vulnerabilities and the second half of the report lists 19 more. A couple of the plugins have been removed by WordPress; the others have a patch that fixes the problem as long as you update. (I found 3 familiar plugins on these lists, and 2 that I currently use, so this isn’t wildly esoteric stuff.) Here are links to the two reports:

How do I get these warnings?

The reason I get these warnings is because I have installed multiple security software packages on my computer network. Some of them are paid, others free.

The software itself doesn’t necessarily catch everything. I certainly have received my share of fake Wells Fargo phishing emails! But I do get a warning bell from time to time, and questionable emails end up in my JUNK file where I can carefully review them. Plus I get regular alerts like the ones described here.

You can also get warnings simply by setting up a Google Alert.

Are you taking good care of your tools? What security software do you use?

Virginia
Your Emergency Plan Guide team


Day 3 of Summer Vacation: A time for some shorter and lighter Advisories as a welcome change-of-pace!


Password Day – A Reminder About Identity Theft

Share
Scam artist

Identity theft – the fastest-growing crime in America.

Here at Emergency Plan Guide we examine a wide variety of threats to our safety and security, and certainly, identify theft belongs on our list.

Over 16 million people became victims of identity theft in 2017 – nineteen every minute!

So, on World Password Day, it’s worth taking another look at some common frauds from both sides – the scams that threaten us, and the actions we can take to avoid falling prey to them.

A scam is designed to trick or cheat you directly to get your money. When identity theft is involved, the criminal takes your identity to sell the information to a third party or to steal money in other ways, often after a delay.

Who gets scammed?

Most of us know that older people are targeted more than other groups. Most of us don’t know, however, that it’s Millennials who have the highest ratio of actually becoming victims!

The June 2018 issue of Consumer Reports takes a look at victims not by demographics (age, income, etc.) but by personality type. Here are some excerpts from their article that I found valuable.

  • Eager for bargains – These victims are people who willingly open and read emails and snail mail that advertises investments, contests and drawings, special time-limited discounts, even a message or an envelope stamped “You’re a winner!”
    Does this sound familiar? The danger is, every time you respond in any way, you will be identified as potential prey and you are likely to get follow-up letters, phone calls, etc.
  • Susceptible to persuasion – You may get a fund-raising phone call from a veteran’s group or a fire fighter or other special group with an emotional appeal. They ask for and get your personal information along with your donation. Phishing emails work this way, too. You are “persuaded” by well-designed emails that the message requesting your response is coming from a legitimate source – your bank or credit card company or even someone in your own company. A study from the internet security firm F-Secure reports that more than one-third of all security incidents start with phishing emails or attachments sent to company employees.
    Again, their goal is identity theft — stealing your personal information which may include passwords and/or login sequences.
  • Make an immediate decision out of fear or greed – Are you a person who can make a spontaneous purchase without doing any real research about where the offer is coming from, without reading “the fine print” of the contract, etc.?
    I’ve never gotten the famous “grandmother” call (“Grandma, I’ve been in an accident and I need your help!”) — UPDATE as of 10.2019. Yes, I have received this call! Moreover, TODAY I have received 2 separate phone calls from the “Criminal Division of the IRS!” (Slightly different messages, one female voice and one male voice.) This IRS scam has been around since 2016 but apparently is still going strong.
    And I have also been shocked a couple of times by a wildly blinking pop-up on my computer with a message that reads something like — WARNING YOUR COMPUTER IS COMPROMISED CALL IMMEDIATELY FOR TECHNICAL HELP!
    I get the same kind of message by phone, too. “This is the technical department. We can see that your computer is having problems.”

These scams are designed to frighten you into giving out your personal details and your credit card account information.

Ransomware is a variation on the theme of fear. It is malicious software that takes control of your computer, encrypting your files and blocking your access to access them. The thieves tell you to pay a “ransom” in order for the lock on your files to be removed. You can be infected by clicking on links in emails or social media messages or by clicking on links in compromised ads (apparently often those ads that stream video).

With all this danger out there, what can we do?

Recommendations for basic protection against identity theft.

I hope some of this is familiar to you!

On the phone – Don’t answer calls from numbers you don’t recognize. A legitimate caller will leave a message so you can do your research before you call back. If you are called by the IRS or by a computer “technician” or someone announcing you have just won some sort of prize, just hang up.

On the cellphone .–.Same as above, but in addition, if you click on a link in the text of an email or text, the scammer may be able to install malware that can collect personal info from your phone!

On the computer —

(1) Even if a message comes from what looks like a friend, stop before you click on a link or download a document. Check the “from” portion of the email. You may see the name of a friend or colleague, but a closer look at the domain will reveal a completely unknown or a foreign mail service.

(2) Disable pop-up advertising so you don’t accidentally click on a dangerous link.

(3) Keep your operating system and browser software updated.

(4) Back up your files so if you are truly the victim of malware or ransomware attack you will be able to restore your files.

(5) Install good antivirus software and keep it updated.

Which brings us back to celebrating World Password Day!

Take the time TODAY to examine your passwords.

Once again, I  hope this is review for you!  But if not, you can start making some changes today to protect yourself from identity theft.

Use different passwords!

Make sure you aren’t using the same password for more than one account. 60% of people make this foolish mistake – if hackers get ONE of your accounts, they will then have access to others! By the way, here’s a list of the most common passwords, from Keeper Security:

1. 12345610. 98765432119. 555555
2. 12345678911. qwertyuiop20. 3rjs1la7qe
3. qwerty12. mynoob21. google
4. 1234567813. 12332122. 1q2w3e4r5t
5. 11111114. 66666623. 123qwe
6. 123456789015. 18atcskd2w24. zxcvbnm
7. 123456716. 777777725. 1q2w3e
8. password17. 1q2w3e4r 
9. 12312318. 654321 

Note #1. If you’re creating websites, don’t use “admin” as your password!

Note #2. If you are happily installing smart home management devices – voice-activated or smart-phone activated cameras and temperature controls, security systems, etc. – think through the passwords you’re using there, too.

Change out OLD passwords.

Change one today! Many older passwords are probably too simple and easy to guess. Many experts recommend a password made up of at least 16 digits including capital and lower case letters, numbers and symbols.

Read below for a resource to help you come up with longer, stronger passwords.

Add a second layer of security.

Add “multi-factor authentication” to your favorite email, bank or social media apps and websites. This adds a second step to your login – it may be a fingerprint scan on your phone, or a request for a PIN that is sent to your phone for one-time access to your computer account.

Make a plan for tracking your passwords.

One way to keep track of your passwords is simply to write them down. It may be slow, and you’ll have to look them up regularly, but it’s a tried and true and reliable method (as long as you protect your list from fire, flood and theft!)

I own the book shown. I selected it because its pages were large enough actually write in, unlike many of the “notebooks” you’ll find advertised for this same purpose. And it doesn’t advertise “SECRET PASSWORDS” on the cover! Click on the image and you can go to Amazon to check prices and other options.

Find out more about digital security.

There are hundreds of articles and books available on the topic of passwords and identify theft. You can find instructions for creating strong passwords that are easy for you to remember but difficult for anyone else to figure out.

A side note. You may want a way for someone else to get into your accounts if you have been incapacitated. Think about that . . .!

Use a password manager.

Many password products are available, at costs that range from free (simple versions for just one device) to several dollars a month (multiple devices, syncing, etc.) These managers store all your passwords safely, automatically “remember” them so that sign-ins are automated, and some even have a “legacy feature” so someone can inherit your passwords. In any case, you only have to remember the one, master password.

A recent article by PC Magazine compares the top dozen paid password manager products and gives its recommendation for free products, too. https://www.pcmag.com/article2/0,2817,2407168,00.asp

Amazon offers a free download for two of the free popular password managers mentioned in the PC Magazine article: Roboform and LastPass, images shown below. Click and you will go directly there. (Review carefully to be sure you’re getting all you need. You may find that a premium version will suit you better.)

Get and use the best anti-virus programs.

Over the years we have used a number of anti-virus products. For the last 7 years or so we have been using Avast – first the free, and now the Premier version. The company has provided good service in a couple of what I will call “sticky” situations and we feel more secure having them on our side.

I checked costs today and you can save quite a lot of money by buying through Amazon. (We are Associates.) Click on the image for current prices. Be sure to understand exactly which version of the product you are getting, for how many computers and for how long. It’s easy to mis-read the advertising (even though it’s perfectly clearly laid out!).

Disclaimer – This Advisory is not necessarily all you need to improve your security and avoid identity theft. But, it’s a start. If any of the stories or recommendations sound like they might fit you or family members, take the time to find out more about how to protect yourself.

Maintaining password security is an ongoing project. Might as well establish good habits NOW — so you can celebrate next year!

Virginia
Your Emergency Plan Guide Team