Tag: security

Backups Don’t Have to Be Hard or Confusing

diagram of cloud and mobile devices

Image courtesy of Pixabay

I love articles by How To Geek because they often cover basic information that my clients should know.  The articles are written very clearly but sometimes I make them even simpler by providing a shorter version and definitions of technical terminology.

I’ve talked about backups many times, so I think most of you will be able to understand this article as it is:  What’s the Best Way to Back Up My

If you know me at all, you will know that I recommend Chromebooks and Google Drive as the best solution for most people.  My second choice for simple and secure would be an Apple iPad and iCloud backup.

As they say in the article: “Everyone loses data at some point in their lives. Your computer’s hard drive could fail tomorrow, ransomware could hold your files hostage, or a software bug could delete your important files. If you’re not regularly backing up your computer, you could lose those files forever.  Backups don’t have to be hard or confusing.”

Please just make a decision and do it!  And check monthly to be sure it’s working.

If you need help, you can make an appointment here or call 760-348-8867.

Let us know what you use for backups in the comments below.

Thanks for reading and for sharing with others. 🙂

Enjoy!

Mardi

 

 

Google Password Checkup is Such Great News!

With the frequent news about security breaches, are you concerned that your passwords might be compromised?

Have you registered with https://haveibeenpwned.com/?

Are you feeling overwhelmed?

I’ve got great news for you!
Google Chrome Can Tell You if your passwords have been compromised!

Google has created an extension (software program) for its Chrome web browser that will alert you if a username and password is known to be unsafe.

The extension is called Password Checkup and it checks a database of 4 billion credentials that have been compromised (stolen and exposed) in various data breaches.

When the extension detects an insecure password, it will display a big red dialogue box telling you to immediately change your username or password.

Of course, allowing an extension to read all your usernames and passwords raises concerns about privacy.

Google is well aware of this and has designed an encryption system to keep all your information private and anonymous:

“We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University. For a more technical description of these innovations, check out our security blog post.”

Here’s a short video tutorial on How to Install Password Checkup

Or follow these steps:

Click on the 3 stacked dots (upper right)
Hover over “More Tools”
Click “Extensions”
Click on the menu icon (upper left corner)
Click on “Open Chrome Web Store (lower left corner)
In the “search the store” box, type “password checkup”
Click on Install
Click the X to close the confirmation window

If Password Checkup lets you know that a password you use is unsafe:

Sign in to the account with the unsafe password.
Create a new, strong password for the account and any other accounts that use the same password.
If the site offers another security measure, like Two-Step Verification, consider setting it up.

Let me know how it goes by leaving a comment below

If you need help, you can schedule an appointment on my calendar here

I’m so excited to have a simple solution for keeping your passwords safe!
I hope you will forward share this tip with everyone you know.

Enjoy!
Mardi

P.S. I try to use as little Geek speak as possible, but you do need to understand a few terms.
I highlight them in bold so you can check yourself and look up the ones you don’t know.

Here’s a little self-test for you. How many do you know?
What is a web browser?
What is a browser extension?
Why does it matter if your account is taken over?
What is a dialogue box?
What does “account credentials” mean?
What does “compromised password” mean?

Love Apple’s New macOS Mojave

Image of macOS Mojave Dark Mode Theme

The new macOS Mojave was released on September 24 and “the coast is clear” to install it now, if you haven’t already. It’s a free software update in the App Store.

Before you do that, you need to:

  1. Check that your computer is compatible
  2. Make a backup
  3. Check that you have enough free space

No worries…all the instructions are clearly explained on Apple’s website How to upgrade to Mac OS Mojave   If you need a little hand holding or want me to do it for you, let’s set up a time.

Apple has created a beautiful web page that describes the new features.  It even has animations to show what they do.  See it all here…

The features I think you will really love are:

  1. The Dark Mode Desktop theme and the time-shifting images to match the time of day. It’s really pretty!
  2. The Stacks feature that cleans up messy desktops by automatically organizing files into neat groups.
  3. Quick Look in Finder that lets you work on a file without even opening it!  You can perform actions specific to the file type — without ever launching an app. You can mark up a PDF, rotate and crop an image, trim audio and video and even share files!

And too “technical” to “Love” but hugely helpful…

  1. macOS Mojave requires apps to get your approval before accessing the camera or microphone, your messages data and mail database.
  2. Enhanced Tracking Prevention — When you browse the web, the characteristics of your device can be used by advertisers to create a “fingerprint” to track you. Safari now thwarts this by only sharing a simplified system profile. Intelligent Tracking Prevention keeps embedded content such as social media Like buttons, Share buttons, and comment widgets from tracking you without your permission. 
  3. Safari automatically creates, stores, and autofills strong passwords for you. And it flags existing passwords that have been reused in Safari preferences, so you can easily update them. Security has never been so user friendly!

I’m eager to know how you like it.  Let me know your favorite features in the comments below.

How to Avoid Getting Scammed

This post was updated on October 20, 2018

Star Wars Gif,

Have you been receiving phone calls or been seeing websites that claim your computer is infected with a virus?

They are scams!  Clients call me quite often about these. Just this past week, I was working with a client when she received one and a couple of days later another client left me a message with a recording of it!  It’s actually pretty funny when you understand what’s going on!

So it’s time to for me to reminded you again, that neither Microsoft nor Apple is going to call you!  

Here is a link to an excellent page on Microsoft’s website that has everything you need to know about it.  Avoid Tech Support Phone Scams

Scam artists know how to scare people and get them rattled so they won’t think clearly and will react hastily.  They have been able to trick some pretty tech-savvy people.

These types of scams are not only stressful and expensive, but they cause considerable embarrassment. (Here is a video  from NBC News that explains how they work)

Here’s a recording of the calls being made to people here in the desert now.

The good news is that you can protect yourself with these Techie Tips:

Be aware that there are many variations on this type of scam.  It’s called Social Engineering.  They rely tricking people.  They use emails, fake websites and direct phone calls and they may claim that they are from Apple, Microsoft, the IRS, a Bank, Netflix, the FBI, AT&T etc., etc.. (there will me more…)

Here is the simple, easy way to handle all of these:  

    • Hang up the phone
    • Delete the email
    • Close the window (If the window won’t close, close the web browser if that doesn’t work, shutdown the computer and restart.

Do not call any number suggested

If you feel you must verify that it’s a scam, find the correct customer service number on your monthly billing statement and call the company directly or, If you look up the phone number on the internet, be sure that you are on the company’s website and not a fake look-alike site.)

If you get tricked by one of these scams, and allow access to your computer, don’t panic.  It will cost you $100 or more but it can be fixed.  You can:

  1. Take it to a repair shop for a complete check up and removal of any viruses or spyware.  (Let me know if you would like a referral.)
  2. Or you might just invest the money in a Chromebook instead.  (Call me for a free consultation to determine if a Chromebook is right for you.)

Note:  Running a scan with your antivirus software may not be adequate.  Each antivirus program has its strengths and weaknesses and you can’t depend on just one in a situation like this.  

The scammers may not have installed a virus.  They may have installed spyware, a keylogger (tracks the keys you use for typing passwords), or remote access software (to give them access to your computer any time they want).  Their goal may have been just to get you to pay for phony tech support but you can’t be sure. You should engage the services of a professional.

If you have passwords stored in a document on your computer, you may want to change all your passwords.  (Using a password manager will protect you from this complication.)

An even simpler solution to all of this is to use a Chrome OS computer and Gmail.  Gmail is very, very effective at sending scam emails to the Spam folder and Chrome OS does not allow scammers access to install spyware.

Some Chromebooks cost less than the price of a virus repair for a PC or Mac and you won’t have to pay annual fees for antivirus protection and backups.  Everything is done on “the cloud” so you can’t lose your files. Let me know if you want more information about Chromebooks.

I hope this Techie Tip has increased your confidence and alleviated any fears you may have had.  Now you can confidently and calmly,

  1. Delete scam emails,
  2. Close fake web pages,
  3. Hang up on scam phone calls.  (Feel free to give them a piece of your mind first if it will make you feel better.  Leo Laporte says, “Does your mother know that you’re doing this?”)
  4. Enjoy a peaceful techie life!

Please share this with your friends and encourage them to sign up for Techie Tips, so they can be safe and fully enjoy technology like you.   They can sign up here:

Enjoy!

Mardi

Holiday Shopping Safety Tips

This week I received an email from a client about the “UPS Package Delivery Failure” email scam.  He wanted to know if it was a real threat or just a phony scare.  It’s a real threat, it’s been going around for years, and I want everyone to be aware of it.

These scam emails say that a package delivery company was unable to deliver a package and include instructions for things you need to do, that will steal private information or install a virus on your computer.

The main thing you need to remember is that a delivery company will not ask you to print anything or submit information.  If an email asks you to do that, delete it immediately and call the company directly to see if they are trying to communicate with you.

Here is a link to an excellent article on Snopes that explains all the details.

Package Delivery Failure Virus

And while we’re on the subject, now is a good time to review some other safety tips for internet commerce.

Here is a link to good information from the Google Safety Center.

Online Shopping Safety

My “simple, easy and fun” solution is to
Be conscious that there might be hazards
Take time to look at things carefully
Trust your instincts and
When in doubt, ask me

Wishing you a peaceful and joy-filled holiday shopping season,
Mardi

More on the Equifax Debacle

In response to my last post about the Equifax debacle, one of my students sent me a link to this interesting article by Adam Levin, co-founder of Credit.com

I was curious how my student happened to find this, and I thought it was interesting that he is on the credit.com newsletter list because one of his doctors experienced a data breach and the doctor is provided him with credit monitoring by credit.com.

To keep things simple for you, I will quote the info that I found most useful but I encourage you to read the entire article, especially if you are a victim of the Equifax breach.

  • There are problems with freezing your credit report
  • The potential problems for those compromised go beyond credit cards and taxes
  • You can sue Equifax if your data was compromised
  • Tips for protecting yourself from now on

The Problem with Freezing Your Credit Report

“The New York Times reported still more bad news in the wake of the Equifax announcement.

The credit freeze service the credit bureau offered (originally offered for a fee until it finally decided to provide it for free for 30 days) generated PINs that were based on the time and date the PIN was created. These PINs are required to release the freeze whenever you need to grant access to your credit files in connection with a loan, an apartment rental, or a job application (where permitted by law). Unfortunately, they’re laughably easy for a hacker to guess before then.

The bigger problem is that a freeze needs to be in place at all three reporting agencies in order to be effective. As credit expert John Ulzheimer told the New York Times, putting a freeze on your credit with only one reporting agency is ‘like locking one of three doors in your house and leaving the other two unlocked. You’re hoping the thief stumbles on the locked door.'”

Types of Fraud to Be Aware Of

“…the threat goes way beyond maxed-out credit cards, fraudulent credit applications, and tax-refund fraud. With Department of Motor Vehicle information also in play, the risks are elevated. A fake ID made out in your name could cause you to get arrested for an outstanding warrant. In the realm of identity-related fraud products, a fake driver’s license is a luxury item for sure, but it’s still one that could hurt you if a scammer provides your information on a fake license the next time they’re pulled over for speeding or collared for a crime.

And then there’s the serious risk of medical-identity fraud. Consumers could see delays in prescription fulfillment because of fraudsters using their health care information. Worse, consumers may not be covered for health care expenses until they are able to prove they are who they claim to be using the same information that the crooks used—a frustrating and often complicated process.”

Legal Remedies

“One can only assume there will be lawsuits galore. In fact, one enterprising person has already automated the process. A robot lawyer is on the case, allowing consumers to automatically file a claim against Equifax in small claims court.

According to the Verge, consumers are still able to join class action suits while pursuing a small claims court remedy.

‘Even if you want to be part of the class action lawsuit against Equifax,’ the Verge reported, ‘you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee.'”

Protecting Yourself Now

“While it’s okay to hope that your services and vendors will do things right, you need to stay vigilant. And this should go without saying: if you can change privacy and authentication settings on a product or service, do it. If that’s not possible, perhaps you should consider finding a new vendor or service.

The easiest way to protect yourself, in my opinion, is by using a system called the “Three Ms.” The Three Ms is the centerpiece of my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, and the approach continues to be the best way to keep your personally identifiable information from being used in identity-related crimes.

And they are simple:

1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction, don’t overshare on social media, be a good steward of your passwords, safeguard any documents that can be used to hijack your identity, and freeze your credit.

2. Monitor your accounts. Check your credit report religiously, keep track of your credit score, and review major accounts daily if possible. (You can check your credit report for free at Credit.com.) If you prefer a more laid-back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or purchase a sophisticated credit- and identity-monitoring program,

3. Manage the damage. Make sure you get on top of any incursion into your identity quickly, and enroll in a program where professionals help you navigate and resolve identity compromises—oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions, and HR departments.”

“…Equifax is not the first, nor will it be the last, breach of note. Being prepared and alert is still the best remedy, because breaches have become the third certainty in life—right behind death and taxes.

A final tip: check with your insurance company, financial services institution, or employer. You may already have access to identity protection and resolution services, which is your best bet when it comes time to navigate the identity theft quagmire.

Many thanks to Adam Levin and credit.com for this helpful information.

I invite you to post comments or questions below and I will respond.

Enjoy your day in any case!

To receive my Techie Tips emails and notifications about online classes and free webinars sign up here

Equifax Data Breach

I hate to trouble you with bad news, but you need to be aware of this.

Equifax, one of the three major credit reporting bureaus, has revealed that an estimated 143 million U.S. customers may be affected by a data breach carried out by criminal hackers. It includes names, Social Security numbers, birth dates, addresses, and driver’s license numbers. Additionally, credit card numbers for approximately 209,000 U.S. consumers and dispute documents with personal information for approximately 182,000 consumers may have been accessed.

Many thanks to Kim Komando who has written an excellent article which you can read here for all the details. My simple and easy version for you is…

Equifax is sending direct mail alerts to customers whose information was included in the data breach. Keep an eye out for the notice in your mailbox.

The company has created a website, www.equifaxsecurity2017.com, to help consumers check if any of their information has been affected. However, the tool requires you to provide your last name and last six digits of your Social Security number to initiate the check. I question if it is a good idea to give information to a company that just experienced the largest credit bureau data breach in history.

You can call Equifax’s dedicated customer care number 866-447-7559 to check but, judging by the magnitude of the breach, there will probably be long wait times. Let me know if you try that and how it goes so I can let others know.

If you use the website tool and are found to have been affected by the breach, you will be offered a chance to use Equifax’s own credit monitoring program, TrustedID Premier, free of charge for one year. However, you will have to agree to its Terms of Service and buried in the fine print is this a specific arbitration clause that waives your ability to participate in a class action lawsuit against Equifax.

Considering the extent of the stolen information, I doubt that one year of free credit monitoring is enough. With Social Security numbers involved, the threat of identity theft for those affected will assuredly be lifelong.

Kim suggests that you put a credit freeze on your accounts and she provides excellent instructions on how to do that here.

Other Important Steps To Take If You Are Affected

Scammers use the information they’ve stolen to target victims with other scams. If your data was compromised, please take extra caution and watch out for the following schemes:

Keep an eye on your bank accounts – You should already be checking your bank accounts online or your paper statements for suspicious activity. It’s even more critical now. If you see anything that seems strange, report it immediately.

Beware of phishing scams – Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. They are tricky so call me if you suspect anything.

I hope you are not affected by this. (If you are, let me know.)

As always, if you have any questions or if you suspect a scam, feel free to call me and leave a message. I will get back to you just as soon as I can.

In any case, I hope you enjoy your day,

Mardi

What to Do With An Old Computer

When I saw this astonishing video I realized that I should address this issue in my Techie Tips.   

Screenshot 2017-09-09 at 11.06.45 AM

When clients ask me what to do with their old computers, I recommend recycling them at Best Buy.  It’s quick and easy.  You just drop them off at the customer service desk.  

Many times, my people like to donate them to a charity or give them to a friend or relative.

In any case, you need to protect the data on your hard drive if you have any sensitive information on it that you would not want criminals to see.

How It Works

You cannot actually erase data on a drive.  When you delete something, the space on the drive gets marked as “vacant” or “writable” so new data can be written over it.  The original information is still there until it’s overwritten and can be found with specialized software.

Some people assume that they can reformat their hard drives, but that just erases the directory that the computer uses to find the files.  It doesn’t delete the files.  The physical bits and bytes still exist.  With regular use, the data  will get overwritten, but it’s a random process and you won’t know which files have been overwritten and which haven’’t.

A “full format” will overwrite the drive with zeros but it’s still possible to recover data with specialized software.

The Solution

DBAN is a free software that overwrites the drive multiple times.  I found a comment online by a Tech who said that after 20 passes, nothing can be recovered.  He swears by it 100%.  I looked up DBAN and it has a disclaimer that it’s not “certified safe.”  I imagine certification would be important in situations where there is legal liability — where you are responsible for someone else’s sensitive data.  If you are willing to install the software and do 20 passes this might be a good solution for your needs.

The most common recommendation is to remove the hard drive from the computer and smash the disks or memory chips with a hammer (wear safety glasses.)  I did that with my old PC laptop and I thought it was fun but you might not share my enthusiasm for taking things apart to see what’s inside.  

I told Angel Sanchez at NYPC Repair (on Hwy 111 in Palm Desert near the Red Barn) that a lot of my clients would probably not want to deal with removing the hard drive and he said you are welcome to bring your computer into the shop and they will take it out and smash it for you with no charge!  Isn’t that great!  Love NYCP Repair!

In Summary

Now you know the whys, the hows and simple solutions.  Your choice will depend on your level of comfort about the security of your files.  For most of us, it isn’t an issue but if it is, you know what to do.

As always, let me know if you have any questions or need help.  

Enjoy!

Mardi  

P.S. If you have found this information helpful, please support my mission to make technology simple, easy and fun for mature adults.  Share this post with others and encourage them to sign up to receive all my Techie Tips via email.   They can sign up here  Thanks!

AOL Phishing Scam

AOL Phishing Scam

One of my clients sent this to me yesterday. It’s a Phishing scam, just as she suspected. Good job Harriett!

AOL HELP.

Your two incoming mails were placed on pending status due to the recent upgrade to our database,In order to receive the messages Click Here

 to Login and wait for response from  AOL Mail

.We apologies for any inconveniences 

Best Regards,

The AOL! Mail Team
I was suspicious because of the reference to holding back only two emails.  A big company like AOL doesn’t have time to notify people of small stuff like this.  (Most of the time, companies don’t even notify us of big changes!  LOL )  Mail held up by a “data base upgrade” would most likely just come through later, after the upgrade was completed.

Of course, being the intrepid, curious researcher that I am, I just had to click on the link to see what would happen.  This is what showed up…

URL Terminated  

The TinyURL (p95eoub) you visited was used by its creator in violation of our terms of use. TinyURL has a strict no abuse policy and we apologize for the intrusion this user has caused you. Such violations of our terms of use include:

  • Spam – Unsolicited Bulk E-mail
  • Fraud or Money Making scams
  • Malware
  • or any other use that is illegal.

If you received spam, please note that TinyURL did not send this spam and we do not operate any email lists. We can not remove you from spammer’s database as we have no association with spammers, but instead we recommend you use spam filtering software.

This confirmed my suspicions.  I let Harriet know and thanked her for letting me know.

You are always welcome to email me when you have a concern like this. My mission is to make your computing experience more enjoyable and to help others as well.

Please forward this to everyone you know so they can be safe and feel relaxed, happy and confident with their computers and techie gadgets.

Thoughts or comments about this topic?
Please comment below.

Thanks!

Looking for Work On Craigslist – Safety Tips

CRAIGSLIST-large570

Hi Mardi,

I am still in Brazil.

I am trying to put an add for a new job on craigslist and I can’t do it.

I open the craigslist page but I can’t find the right place.

Could you help me doing that?

I will try to call you.

I recently received this message from a client and it reminded me to let you know about a couple of hazards to avoid when you, or someone you know, is looking for work online.

When I first moved to the Desert, I was looking for work on Craigslist and encountered two potentially dangerous scams.

The first and most obvious scam, was an email from a company offering me an interview and requiring that I get a credit report to bring to the interview.  They said I needed to get it from the company they recommended and the link to the website was included in the email.

I couldn’t imagine why someone would need a credit report before an interview or expect me to divulge financial information to a company I didn’t know, so I knew it was a scam.

facebook login

The second scam almost got me!  A company said they were interested in me and I could learn more about them at their Facebook page.  At first, I thought it was strange that they didn’t send me to their company website, but then I thought they might be trying to be hip and leading-edge by having a company Facebook page.

I clicked on the link and it took me to a page that looked exactly like the Facebook sign-in page.  I signed in, but had a weird feeling that something was off.  I looked up at the address bar to see exactly where I was and it said “fakebook.com/….”  I thought oh my gosh, they just captured my Facebook login and password!

I immediately opened a new window and went to my Facebook page and changed my password.  Luckily I got there, before they were able to changed my password and lock me out.  Whew!

craigslist banner

There are good jobs available on Craigslist and I actually found one at that time.

You just need to be careful and let me know if you have any questions or concerns.

Please forward this to everyone you know who is looking for work so they can be safe and feel relaxed, happy and confident while using Craigslist.

Thoughts or comments about this topic?  Please share in comments below.

%d bloggers like this: