Hello again, everyone.
The news in the last few months has again been filled with numerous computer security disasters with appropriately scary sounding names:
KRACK, Spectre, Meltdown
They affect almost all modern wireless devices and almost all modern computers, respectively. And they’re pretty serious vulnerabilities, to boot!
As you read and hear about these and any other new holes, bugs, vulnerabilities, cracks, etc etc, just remember that what you should do to respond to these rarely changes.
If you keep your software up to date, use unique, good passwords and store them somewhere safe, if you keep up to date on your security software, and generally ‘be safe online’ (such big suitcase words to unpack, true), you don’t have to worry or change what you’re doing whenever you hear about one of these new scare stories.
Tax season – lots of scams this time of year
Regarding IRS Scams – just like how Microsoft will not call you, the IRS will not initiate contact with you except by snail mail.
Here’s a couple new ones I saw:
A tricky attack against a business
One of my clients had a spear phishing attempt made against them. An attacker bought an website address similar to theirs, but replaced an ‘m’ (lowercase M) with ‘rn’ (lowercase RN) and then tried to get bank details from employees.
Fake password manager
Also, a new attack that I witnessed had a fake tech support caller offer to help, then they put a fake password manager on my client’s computer hoping to steal my client’s passwords thereby.
What to look out for
Fear
Urgency
Curiosity
The general rule if you experience something that triggers one of these responses is to slow down and think about it. Scammers often claim urgency. It’s not urgent. You can take time to think about it or ask someone else (oh, for instance, like myself) about the call/email/pop-up that you witnessed.
Something trying to frighten you should be an immediate red flag. It’s trying to scare you into acting rashly.
As for curiosity, if something seems too good to be true, well, you know the rest. This goes for click-bait too – “You Won’t Believe These 10 New Ways To Make A Ham Sandwich (And These Additional 3 Ways To Check If You Did It Right)!” – that link off of Facebook could go anywhere, and the less reputable the site, the higher the chance it’ll try to infect your computer. If there’s a topic or news story that interests you, but you’re concerned where any given click will take you, just go to Google and search for the topic or story. Your results will be better checked by Google to avoid most spammer and riskier websites (more so if you have good security software installed!)
Experts & Non-experts in security
Here’s a summary of a study showing how experts and non-experts look at computer security. Perhaps reading this will move you a little ways closer to the expert category. 🙂
https://security.googleblog.com/2015/07/new-research-comparing-
how-security.html
Here’s my takeaway:
1) Do any updates you’re asked to do by programs you recognize.
2) Keep your passwords in a computer-based password manager or written down all in one place and not carried with your computer if you travel with it. In a text document, spreadsheet, etc, is not a good idea unless it’s encrypted (you need a password to access it).
3) Lastly, bonus points if you set up two-factor authentication for your most important accounts (usually email, Facebook, financial). Two-factor authentication (2FA) is where you have to put in a password sent to your phone or otherwise have some other device vouch for each login attempt. It adds greatly to the security of your most important accounts. Feel free to ask me or your financial institution for help in setting this up.
Checkup
Please call me for a checkup if we haven’t spoken in the last half-year. Even if you think everything’s going well, it’s worth having me check your backup and ensure your security software is working properly, if nothing else.
Chris Petersen
Watchdog Technology
1-(855)-WATCHTECH
1-(855)-928-2483
chris@watchdogtechnology.com