Blog

9 Simple Ways to Protect Your Privacy

While you may think your personal information is actually personal you’d be surprised how much information about you winds up online. Just do a search for yourself on Pipl, a people search directory, to see the personal details out there. (Go on, we’ll wait.) Chances are the search came up with your name, social media profiles and possibly even your parents’ names, address and telephone number too.

Pipl isn’t some secret hacker database. It’s just a repository of publicly available online data about individuals, all of which businesses and advertisers are eager to get their hands on. That’s right: this sort of data collection is completely legitimate, and a lot of it is pulled from information you put online.

Whether you’re worried about identity theft or you just don’t like the idea of other people tracking your every move, there are steps you can take to keep your private data private.

1. Password-protect everything.

You may not think it’s necessary to password-protect your home computer, but all your digital devices should be password-protected. That includes your computers, tablets, smartphones and anything other gadgets with personal data on them. If it’s unsecured by a password, a lost or stolen gadget is a source of personal information for whoever has it, which can lead to identity theft and worse.

The same advice goes for online accounts. Since most of these need a password to set up, the challenge is making strong passwords. Use our tips for strong passwords to be sure yours is a good one. Don’t use the same password for more than one site, because one hacked account could result in all your accounts being compromised. To help you remember all of these passwords, use a password manager such as LastPass or RoboForm.

Turn on two-factor authentication for any site that supports it, which protects your account even if a hacker does get your password. And those security questions designed to help you recover a lost password or forgotten user name? They aren’t very secure, because some of them are very easy for hackers to find out. We recommend making up answers instead and keeping that information in your password manager.

Change the default passwords for anything connected to your home network. Your router is the most important device to secure, because your router could give a hacker complete access to your home network. Don’t forget other connected devices like baby monitors.

2. Keep your computer virus-free.

Digital security has a lot to do with digital privacy. If your computer is infected by a virus or malware, not only can hackers dig through your data to steal your identity, but they may lock up your files and ask for a ransom to get them back. The solution? Run an antivirus program to watch for viruses, and keep your other software up to date to close security holes. This applies not only to your computer but your mobile devices as well.

Our favorite antivirus is Webroot, which offers protection for Windows, Apple and Android devices. If you’d rather use a free app, try Avast. It doesn’t have as many features as Webroot, but it’s a solid antivirus scanner, and the price is certainly right.

Make sure your operating system is up to date with the latest security patches. To make that process easier, we recommend turning on auto-update features. Here’s how:

  • Turn on automatic updates for Windows.
  • MacOS automatically checks for updates by default, but you can check manually with these instructions.
  • Android typically notifies you of updates, but you’ll need to install them manually. Instructions will vary depending on your device and the version of Android you’re currently running; check with your device manufacturer for details.
  • iOS will nag you incessantly about updates, so there’s no chance you’ll miss them. Here’s a walk-through of how to update.

3. Secure your browser.

Your browser is how you interact with the digital world, and if you aren’t careful, you could be leaving a trail of footprints behind you as you browse. Whether it’s websites and marketers tracking you or a hacker spying on what you’re doing, there are ways to keep your browsing habits private.

The first step for keeping advertisers out of your browser is turning off third-party cookies. Advertisers use cookies to see where you’ve been and tailor the ads they show you appropriately. Here’s how to block cookies in ChromeEdgeInternet ExplorerFirefox and Safari.

To go a step farther, you can disable JavaScript. This cuts off another common way advertisers (or hackers) track you, but it can render some web pages nonfunctional. If you want to turn JavaScript off anyway, here’s how to do it in ChromeEdgeInternet ExplorerFirefox and Safari.

Don’t want to worry about any of this? Try the Privacy Badger browser plug-in for Chrome, Firefox and Opera, which shuts down many potential trackers automatically. HTTPS Everywhere is another good browser plug-in that forces your browser to use secure, encrypted sites when they’re available, which helps keep snoops out of your data.

Private browsing mode deletes your cookies, browsing history and other temporary files whenever you close the window. Here’s how to use private browsing mode on ChromeEdgeInternet ExplorerFirefox and Safari. If you’re serious about discreet browsing, though, read this article on browsing the web anonymously.

4. Switch search engines.

Most search engines keep tabs on what you’re looking for so they can target ads to your tastes. If you don’t like the idea of your search history being used to sell you things, DuckDuckGo is the search engine for you. The site doesn’t track any of your personal data, so you can search without anyone watching over your shoulder.

5. Be careful what you share on social media.

Social media can feel like a conversation with your closest friends — except it may be a conversation the whole world can see. If you post enough on social media, the information can be used to track where you are and what you’re up to.

The first line of defense is to lock down your social media accounts. Share only with the people you want to see the information you’re sharing, like your friends and family. On Twitter, your account is either completely open or locked down to people you invite to follow you; changing that setting is as easy as clicking a checkbox. Facebook allows more granular control over who sees what you post. Read How to Keep Facebook Privacy Private to configure your profile.

Don’t want to lock down your account? Then be choosy about what you share. Take special care with personal information that could be used to identify you or track your location. Don’t fill out your complete profile in order to prevent being easily identified or to give someone enough personal details to steal your identity. Consider dialing down what you share. Do you really need to check in to every business you visit, making yourself easy to track? Maybe not.

6. Ask why others need your information.

Whenever you’re asked to provide personal information, whether in person, on the phone or online, consider whether you really need to give it out. Sometimes information like your email address and ZIP code is used purely for marketing purposes; in that case, expect your real and virtual mailboxes to be packed with junk mail.

To maintain your privacy, never give away more information than you have to. This is doubly true of sensitive personal information like your social security number — even just the last four digits. Unless it’s your bank, a credit bureau, a company that wants to do a background check on you or some other entity that has to report to the IRS, chances are they don’t really need it.

7. Don’t fall for scams.

Beware of websites, phone calls and emails that try to part you from your personal information. Scammers are getting better at mimicking legitimate businesses, so be on your guard. A common tactic with scammers is to pressure you into giving up your personal information by presenting dire consequences if you don’t. For example, a scammer may tell you that you’re being audited by the IRS or that your computer has a dangerous virus they can fix if you hand over your personal information.

These high-pressure tactics can spook you into giving up plenty of personal details, but don’t be fooled. Legitimate businesses don’t make unsolicited calls to ask for your social security number or computer password. If you’ve received a call or email like this you think may be legitimate, contact the business it claims to be from. Don’t use the link or phone number provided by whoever contacted you; instead, contact the company directly using contact information you personally look up on the company’s website. If the matter is legitimate, the company will confirm so and help you resolve the issue while making sure your personal information stays safe.

8. Only use software you trust.

Whether you’re installing new software on your phone or your computer, make sure you’re getting it from a source you trust. Legitimate-looking software can sometimes turn out to be a complete scam, like the scandal over the Meitu photo app, which collects a mountain of data on its users. Make sure anything you download comes from a trusted developer and a trusted source.

If you don’t know where your software comes from, you don’t know what it’s really doing — and that means there’s no telling where your information is going.

9. Only use secure Wi-Fi connections.

Sure, it’s convenient to use the free Wi-Fi service at your local Starbucks, but there’s no telling who is watching that internet traffic. If you use public Wi-Fi, don’t use it to convey private information. Browsing your favorite website is fine, but take extra security measures if you’re logging into an account. Use a VPN service to encrypt all of the data you send. There are many services that can do this, including NordVPN and Buffered VPN. VPN services charge a fee to use, from day passes to year-round protection.

Harper, Elizabeth. “9 Simple Ways to Protect Your Privacy” Techlicious January 2017

Posted in: Security, Tech Tips for Business Owners

Leave a Comment (0) →

Watch Out for Thieves Posing as Legit Amazon Sellers

Amazon attracts millions of shoppers worldwide because of its wide selection of products and tempting price deals. However, Amazon attracts not only the innocent but also crooks and scammers out to prey on its gullible clientele.

Earlier this month, posts on the Comparitech blog and Naked Security news site revealed that a new phishing scam has been duping Amazon shoppers. Despite having been reported by users many times, the fraudster, known as Sc-Elegance, had managed to evade being caught, usually by disappearing for a while when things seemed to start getting hot, only to reappear later under a different seller account.

Amazon has already removed the Sc-Elegance listings and shut down the account, but the perpetrators will most likely come back under a different guise, since the scheme seems to be lucrative for the criminals, according to Comparitech.

Sc-Elegance reportedly posted listings of high-end electronic products marked as “Used – Like new.” At the sight of irresistible and heavily discounted price offers, gullible shoppers added the items to their carts. But, when checkout time came, the buyers were notified that there were problems with their orders. Nothing unusual about this at all — it does happens from time to time. The catch here is that there never was such merchandise to begin with.

The fraudulent merchant then emailed the buyers, telling them that it was all a boo-boo on the seller’s part and that stocks were still available at a different location. The email provided a link to a payment page that, to an untrained eye, looked like an authentic Amazon page but was actually designed to collect personal and financial information from buyers.

To avoid falling into traps like these, you need to be extra vigilant and pay attention to confirmation emails that you receive after placing orders, especially those messages that ask you to go to a certain site, click a link or download attachments.

For instance, one tell-tale sign of bogus emails is the presence of sloppy writing in the email — especially misspellings and grammar errors. However, not all scammers failed English 101, so some phishing emails actually do sound and look professional. So, looking for language anomalies may not be 100 percent reliable, but they are usually red flags.

Before clicking on links, downloading attachments or installing software, first check that the email does come from Amazon. For instance, if the “From” line of the email doesn’t have “@amazon.com” in the address, then it is surely from someone else.

Or, if the email asks you to update your payment information, first check the Payments section in the Manage Payment Options page in your Amazon account. If it does not ask you for updated info, then the email that you got is certainly not from Amazon. As a general rule, never pay or provide payment info outside Amazon’s official site. This also means never transacting with an Amazon seller through email or some other means outside the Amazon system.

Amazon’s help page gives you more tips on how to spot such emails and what to do when you get them.

Montejo, Elmer. “Watch Out for Thieves Posing as Legit Amazon Sellers”, Techlicious January 2017

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Gmail phishing: Latest Cyber Attack Infects Users By Mimicking Past Emails

The incredibly clever technique involves a fake but convincing and functional Gmail sign-in page.

A sophisticated new phishing technique that composes convincing emails by analyzing and mimicking past messages and attachments has been discovered by security experts.

Discovered by Mark Maunder, the CEO of WordPress security plugin Wordfence, the attack first sees the hacker send an email appearing to contain a PDF with a familiar file name.

That PDF, however, is actually a cleverly disguised image that, when clicked, launches a new tab that looks like this:

It’s the Gmail sign-in page, right? Not quite. A closer look at the address bar will show you that all is not quite as it seems:

Unfortunately, the attack’s imitation of the Gmail sign-in page is so convincing that many users will automatically enter their login details, simultaneously surrendering them to the hackers, who can proceed to steal your data and use one of your past messages to compromise another round of Gmail users.

In an example described by a commenter on Hacker News, the hackers emailed a link disguised as an athletics practice schedule from one member of the team to the others.

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list,” added the commenter.

Impressive as the attack is, there are ways to protect yourself.

The most obvious giveaway is that the legitimate Gmail sign-in page’s URL begins with a lock symbol and ‘https://’ highlighted in green, not ‘data:text/html,https://’. However, if you hit the address bar, you’ll also see that the fake page’s URL is actually incredibly long, with a white space sneakily hiding the majority of the text from view.

Maunder also recommends enabling two-factor authorization on Gmail, which you can do here.

“We’re aware of this issue and continue to strengthen our defenses against it,” Google said in a statement after this article was published.

“We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”

The Independent. Independent Digital News and Media, n.d. Web. 03 Feb. 2017.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Get the Most out of Windows 10 File Explorer

You probably use Windows 10’s File Explorer a hundred times a day.  You already know how to use it to move around your hard drive. Why bother to learn it better?

Because you’ll work more efficiently.  This truly excellent file manager has little-known tricks that makes it even more powerful and convenient.  You can control what folder the program opens to.  You can hide and unhide the ribbon. You can make your favorite File Explorer tools more readily available. And you can use keyboard shortcuts to make everything easier.

I’m not going to tell you how to use File Explorer.  I assume you already know the basics.  But I’ll take you to the next level, and make File Explorer easier and faster for you.

The Many Ways to Open File Explorer

Of course, you know how to open File Explorer.  But do you know the fastest and simplest way to do it? Or how to control what folder it opens to?

The fastest and easiest way to open File Explorer doesn’t involve your mouse or touchscreen.  Simply press Win-E and up comes a File Explorer window.  If you’re already running the program, it opens another File Explorer window.

That window opens to File Explorer’s default location.  You can change that default, but the options are very limited.

To change the default location, select File>Change folder and search options. In the General tab, pull down the “Open File Explorer to” menu and select your choice.

Unfortunately, that menu has only two options: Quick access and This PC. The first displays folders and files you may likely want based on past usage. The second displays library folders and drives.

Fortunately, you can create a shortcut to open File Explorer to any specific folder. All you need do is drag your desired folder into the Navigation pane’s Quick access section. That’s the top section of the Navigation pane, and it’s connected to the File Explorer icon on the taskbar. Don’t worry; dragging the folder will not move it. You can create several of these shortcuts.

Then, when you want to open File Explorer to your desired folder, right-click the File Explorer icon on the taskbar and select the folder.

At some later date, you may want to remove the shortcut to a folder from that pop-up menu. To do that, right-click the File Explorer icon on Windows’ taskbar, point to the folder on the pop-up menu, and click the thumbtack icon next to it.

The ribbon and the toolbar

Somewhere along the line, Microsoft decided that File Explorer should look like a part of Office. Instead of menus, it has ribbons. Ribbons are better than menus on a touchscreen, but they take up a lot of screen real estate.

To hide the ribbon and regain that real estate, click the tiny chevron in the upper-right corner, directly below the X that closes the window.

Or you can use the keyboard. Press Ctrl-F1.


You can still access the ribbon while it’s hiding. Click or tap on any of the ribbon names (File, Home, Share, or View), and that ribbon will temporarily appear.

To bring back the ribbon permanently, click the chevron or press Ctrl-F1 again.

File Explorer also has a configurable Quick Access toolbar, which makes your favorite tools always conveniently available. You’ll find it at the very top-left corner of the File Explorer window. Unlike the ribbon, it doesn’t take up much room. To add something to the Quick Access toolbar, right-click the item on the ribbon and select Add to Quick Access Toolbar. To remove an item, right-click the icon on the Quick Access Toolbar and select Remove from Quick Access Toolbar. But that small size has a price. The toolbar icons are so tiny that they’re difficult to identify, and on a touchscreen, difficult to tap. The Quick Access toolbar doesn’t have to be at the very top of the menu. You can move it to directly below the ribbon. Click the little arrow to the right of the Quick Access icons to pull down a menu. Select Show below the Ribbon.

Search tools

Searching in Windows 10 can seem pretty obvious. You type your criteria in the Search field below the ribbon on the right side of the File Explorer window.

Type in a word, and files containing that word pop up.

However, if you want a more complex search – i.e. you need to narrow it to a certain type of file, or files of a certain date — you have to remember all sorts of criteria.

But just look up from the Search field, to the File Explorer ribbon. As soon as you clicked that field, the Search tab appears on the ribbon. While the ribbon is hidden, the ribbon tabs remain, and in this case, the Search ribbon appears. All the user has to do is click the tab.

Here you can control where you want to search. This PC, Current folder, All subfolders, and Search again in are all pretty clear options. If Search again in is grayed out, do your intended search and that option will become available.

You can also refine your search by Date, Kind, Size, and Other properties, which includes the confusing option Type. To clarify this, Picture is a Kind; Jpeg is a Type. In other words, specific file formats are types.

Additional options let you repeat previous searches, control whether to search in .zip files, and to save searches. By default, searches are saved in the Search folder within your Users folder (probably C:\users\yourname\searches).

The keyboard shortcuts

The great thing about keyboard shortcuts is that you just type them and the action happens. The bad thing is that they’re useless unless you memorize them.

Here are seven File Explorer shortcuts that are worth memorizing. I’ve mentioned a couple of them in the article already, but I’m repeating them here for easy lookup.

Win-E: Opens File Explorer. If it’s already open, this will open a new window. Unlike the other shortcuts below, this one works whether or not you’re in File Explorer.

Ctrl-F1: Hide or unhide the ribbon.

Alt-P: Toggles the preview pane.

Alt-Enter: Opens the selected file’s Properties dialog box.

Alt-Up: Go to the folder containing the current folder. In other words, if you’re in D:\Libraries\Documents, this shortcut will bring you to D:\Libraries.

Ctrl-N: Opens a new window to the current folder.

Ctrl-Shift-N: Create a new folder.

Microsoft has turned File Explorer into a very powerful tool. The more you study it, the more tricks you’ll learn.

Spector, Lincoln. “Get the Most Out of Windows 10’s File Explorer” Windows Secrets January 26, 2017

Posted in: MS Office Tips and Tricks

Leave a Comment (0) →

You’ve Been Charging Your Smartphone Wrong

Yes, we know. Our smartphone batteries are bad because they barely last a day.

But it’s partially our fault because we’ve been charging them wrong this whole time.

Many of us have an ingrained notion that charging our smartphones in small bursts will cause long-term damage to their batteries, and that it’s better to charge them when they’re close to dead.

But we couldn’t be more wrong.

If fact, a site from battery company Cadex, called Battery University, details how the lithium-ion batteries in our smartphones are sensitive to their own versions of “stress.” And, like for humans, extended stress could be damaging your smartphone battery’s long-term lifespan.

If you want to keep your smartphone battery in top condition and go about your day without worrying about battery life, you need to change a few things.

Don’t keep it plugged in when it’s fully charged

According to Battery University, leaving your phone plugged in when it’s fully charged, like you might overnight, is bad for the battery in the long run.

Once your smartphone has reached 100% charge, it gets “trickle charges” to keep it at 100% while plugged in. It keeps the battery in a high-stress, high-tension state, which wears down the chemistry within.

Battery University goes into a bunch of scientific detail explaining why, but it also sums it up nicely: “When fully charged, remove the battery” from its charging device. “This is like relaxing the muscles after strenuous exercise.” You too would be pretty miserable if you worked out nonstop for hours and hours.

In fact, try not to charge it to 100%

At least when you don’t have to.

According to Battery University, “Li-ion does not need to be fully charged, nor is it desirable to do so. In fact, it is better not to fully charge, because a high voltage stresses the battery” and wears it away in the long run.

That might seem counter-intuitive if you’re trying to keep your smartphone charged all day, but just plug it in whenever you can during the day, and you’ll be fine.

Plug in your phone whenever you can

It turns out that the batteries in our smartphones are much happier if you charge them occasionally throughout the day instead of plugging them in for a big charging session when they’re empty.

Charging your phone when it loses 10% of its charge would be the best-case scenario, according to Battery University. Obviously, that’s not practical for most people, so just plug in your smartphone whenever you can. It’s fine to plug and unplug it multiple times a day.

Not only does this keep your smartphone’s battery performing optimally for longer, but it also keeps it topped up throughout the day.

Plus, periodic top-ups also let you use features you might not normally use because they hog your battery life, like location-based features that use your smartphone’s GPS antenna.

Keep it cool

Smartphone batteries are so sensitive to heat that Apple itself suggests you remove certain cases that insulate heat from your iPhone when you charge it. “If you notice that your device gets hot when you charge it, take it out of its case first.” If you’re out in the hot sun, keep your phone covered. It’ll protect your battery’s health.

Villas-Boas,Antonio. “You’ve Been Charging Your Smartphone Wrong”. Business Insider July 2016

Posted in: Mobile Computing, Technology

Leave a Comment (0) →

Ransomware: Legal Breach Notification Cheat Sheet

Incidents of ransomware are on the rise and it’s a growing concern for all of us. We have been well versed on what not to open or click on. But it is equally important to be informed on what actions you need to take if you fall victim to a ransomware attack.

If your business falls under breach notification rules, here is a cheat sheet that presents information without all the legalese.

Breach Notification Rules for Ransomware

The real issue to investigate is whether unauthorized access alone triggers a notification to customers. In effect, that is what ransomware is doing – accessing your PII without your permission.

We present for your ransomware breach response edification the following:

  1. Healthcare– HIPAA’s Breach Notification rules requires covered entities (hospital, insurers) to notify customers and the Department of Health and Human Services (HHS) when there’s been unauthorized access to protected health information (PHI). This is the strictest federal consumer data laws when it comes to a ransomware breach response. HHS has put out a helpful guideline explaining more of the complexities involved in a determination of a PHI breach.
  2. Consumer banks and loan companies– Under GLBA, the Federal Trade Commission (FTC) enforces data protection rules for consumer banking and finance through the Safeguards Rule. According to the FTC, ransomware (or any other malware attack) on your favorite bank or lender would not require a notification. They recommend that these financial companies alert customers, but it’s not an explicit obligation.
  3. Brokers, dealers, investment advisors– The Securities and Exchange Commission (SEC) has regulatory authority for these types of investment firms. Under GBLA, the SEC came up with their own rule, called Regulation S-P, which does call for a breach response program. But there’s no explicit breach notification requirement in the program. In other words, it’s something you should do, but you don’t have to.
  4. Investment banks, national banks, private bankers– With these remaining investment companies, the Federal Reserve and various Treasury Department agencies jointly came up with their own rules. In this case, these companies have “an affirmative duty” to protect against unauthorized use or access, and notification is part of that duty. In the fine print it says, though, that there has to be a determination of “misuse” of data. Whether ransomware’s encryption is misuse of the data is unclear. In any case, the rules spell out what the notification must contain — a description of the incident and the data that was accessed.

Green, Andy. “Ransomware: Legal Cheat Sheet”. Inside Out Security Blog – Data Security, January 2017

Posted in: Disaster Recovery, Security

Leave a Comment (0) →

7 Ways to Take Screenshots in Windows 10

Capture all — or just part — of your screen with a few keystrokes.

windows-screenshots

Screenshots are handy — whether you’re trying to write a how-to article or show your friend something on your screen — but taking screenshots in Windows 10 is not as simple as it could be.

Don’t get me wrong, you have plenty of options. There’s the Snipping Tool, various keyboard and physical button shortcuts, and tons of third-party tools. It’s just not as intuitive as I’d like (I’m a big fan of Apple’s screenshot process in OS X). But if you’re looking for screenshot info, look no further — here are seven different ways to take a screenshot on your Windows 10 device.

Snipping Tool

Windows’ built-in screenshot tool, the Snipping Tool, has been around since Windows Vista. You can find this tool in Start > All Programs > Windows Accessories > Snipping Tool.

snipping-tool.png

 

To use the Snipping tool, open it and click New to begin the screenshot process. The default snip type is a rectangular snip — you’ll use your mouse to crop a rectangular part of your screen for capture. You can also take free-form, window, and full-screen snips with the Snipping Tool.

The Snipping Tool does not automatically save your screenshots — you will need to manually save them in the tool before you exit. It does automatically copy your captures to the clipboard.

Print Screen

To capture your entire screen, tap the PrtScn button. Your screenshot will not be saved, but it will be copied to the clipboard — you’ll need to open an image editing tool (such as Microsoft Paint), paste the screenshot in the editor and save the file from there.

Windows Key + Print Screen

To capture your entire screen and automatically save the screenshot, tap the Windows Key + PrtScn. Your screen will briefly go dim to indicate that you’ve just taken a screenshot, and the screenshot will be automatically saved in the Pictures > Screenshots folder.

Windows Key + H

If you’d like to capture your entire screen for sharing purposes, you can use the Windows Key + H keyboard shortcut. This will capture your entire screen and open the Windows Share toolbar so you can immediately share it with your friends via email, Facebook, Twitter, OneNote, etc.

Alt + Print Screen

To take a quick screenshot of the active window, use the keyboard shortcut Alt + PrtScn. This will snap your currently active window and copy the screenshot to the clipboard. You will need to open the shot in an image editor to save it.

Windows Logo + Volume Down

If you’re rocking a Windows Surface device, you can use the physical (well, sort of physical) buttons to take a screenshot of your entire screen — similar to how you would take a screenshot on any other smartphone or tablet. To do this, hold down the Windows Logo touch button at the bottom of your Surface screen and hit the physical volume-down button on the side of the tablet. The screen will dim briefly and the screenshot will be automatically saved to the Pictures > Screenshots folder.

Posted in: MS Office Tips and Tricks, Tech Tips for Business Owners

Leave a Comment (0) →

What is Spearphishing? How to Stay Safe Online From this Effective Cybercrime Technique

Spearphishing? All it takes is a single click, but it doesn’t have to be this way.spear-phising

Hackers, spammers and cybercriminals have a multitude of methods they can use to infiltrate computer systems, steal data, plant malware or compromise your personal information. One of the most long-standing tactics is targeting ‘phishing’, also known as spearphishing.

It has endured because it works: unwitting web users continue to receive malicious messages and still fall victim to their charms. If you are wondering how dangerous they can be, just ask John Podesta: the US political player who lost tens of thousands of email with a single click.

When a spearphishing email lands in your inbox, it’s rarely a mistake. Using your personal information – either hacked from another source or lifted from public social media profile – spammers are able to produce slick, and highly-convincing, messages.

They will appear legitimate, but spearphishing emails usually contain malware, spyware or another form of virus – often hidden in a link. When clicked, the payload will usually download automatically onto your computer and go to work – stealing files, locking records or logging your keystrokes.

Using your own personal information against you, hackers can craft an extremely personalized email message. It will likely be addressed to you by name and will reference a specific event in your life, something that will make you believe the sender is real and trustworthy.

What information could they possibly know?

Using social media, the spammer will likely already know your age, where you work, what school you attended, personal interests, what you eat for dinner, what concerts you have been to recently, where you shop, what films you like, what music you listen to, your sexual preference, and more.

But this is enough. Using the information, a fictitious hacker could easily pose as your friend and ask for further information about you – your phone number, password, even bank details? Not everyone would fall for the scam, but many still do if the recipient believes the identity of the sender.

A hacker using spearphishing may pose as a retailor, online service or bank to fool you into resetting your credentials via a spoofed landing page. The email may ask you to reset your password or re-verify your credit card number because suspicious activity has been monitored on your account.

If the email tempts you to click an embedded link, it could also download a keylogger or Remote Access Trojan (RAT) onto your computer to steal bank details or social media passwords as you type them. Many people re-use passwords across multiple websites, so the danger of hacking is high.

How to stay protected

Stay protected by being aware of the threats and remaining extremely careful about what personal information you put online. Limit what pictures to post to Facebook or Twitter, check where your email is listed and ensure your computer’s security is kept up to date.

Ensure the passwords you use are original, lengthy and, most importantly, unique to every online website or service. A strong password will contain a mixture of characters, numbers and symbols. If possible, enable two-step authentication on every account that offers it.

Finally, know the signs and stay vigilant. If you receive an email from a close friend that asks for personal information – think twice before replying and send them a reply asking them to verify their identity. Also, know that any real business or bank is unlikely to request sensitive data via email.

Unfortunately, it only takes one click of a mouse for the hacker to access your system and despite advanced spam filters on current email providers spearphishing emails will continue to slip through the cracks.

Murock, Jason. “What is Spearphishing? How to stay safe online from this effective cypbercrime technique”. IBT. December 2016

Posted in: E-mail, Mobile Computing, Security

Leave a Comment (0) →

How to Restore Deleted Files on Any Device

imagesFew tech disasters can send your stomach into free fall quite like realizing you’ve deleted something important from your laptop or phone, with no obvious way to bring it back. Luckily, if you find yourself scrambling to restore your deleted files, there’s still hope. Free tools and apps are widely available to help you recover your deleted data no matter what platform you’re using. Here’s what you need to know.

On most modern forms of storage, deleting a file doesn’t actually delete it—it usually just tells the operating system in charge that the space the file is using is free for other data. If you can get in quickly enough, it’s possible to bring your file back from its digital grave before something else has rushed in to take its place, so speed is of the essence.

Back up, back up, back up

back-up

Being told you should’ve backed up your stuff right after you’ve deleted a folder full of holiday pictures isn’t very helpful, but it’s worth repeating for future reference. The simplest option is to use a cloud service which mostly all have undelete features built into them.

In the case of Dropbox’s apps, for example, load up the web interface, then click Deleted Files to see a list of recently erased files and folders. Click Restore next to any entry to bring it back. Deleted files are kept for 30 days or a whole year if you’ve signed up for Dropbox Pro and the Extended Version History add-on.

Windows and Mac

If your files are gone from the Recycle Bin or the Trash, then you need a dedicated third-party tool to search for and recover your erased files. Recuva is one of the best and most well-respected options for Windows, while DMDE and PhotoRec are both worth considering as alternatives for undeleting your data.

Those of you on a Mac might want to take a look at Disk Drill, Prosoft Data Rescue and MiniTool Mac Data Recovery. All three come recommended from various sources, though (similar to Windows) there are lots of options to choose from. If one program can’t find your files, you should run a scan with a different program.

Recuva gives you a choice of a step-by-step wizard or “advanced” interface with more control. In both cases, you can choose the type of file you’ve lost and where it was (if you know), and Recuva gets to work. If the application doesn’t find anything, you can opt for a deeper scan, which is more thorough, but takes much longer.

In the program’s advanced mode, any fragments of files Recuva finds are ranked using a simple traffic light system. If a file is marked green, then Recuva has a good chance of bringing it back. Select the files you want to restore and click Recover to see if Recuva is able to rebuild them successfully.

Because of the way recovery programs work, you should shut down any other applications during the restore process (to prevent your precious data being overwritten). You should also restore files to a different location than the one they were originally in—again, this helps to protect the original data.

Android

Unless your files were on a memory card—in which case plug it into your computer and use one of the tools mentioned above—getting erased data back on Android is pretty much impossible without root access. This isn’t difficult to do, but it comes with a certain degree of risk (and voids your warranty).

There are dedicated Android apps that will look for deleted files for you, including DiskDigger and Undelete, but you might also be able to recover data by plugging your phone into a computer and using one of the desktop applications mentioned above to look for any traces of your erased files.

There are desktop programs dedicated to the retrieval of deleted phone files, but you’ll have to pay to use them and root your phone first. Check out Fonepaw Android Data Recovery and EaseUS Android Data Recovery. Again there’s no guarantee you’ll get your files back.

Most of the files you have on your phone will have come from somewhere else (and so you should have a backup), with the notable exception of photos and videos. This is an excellent reason to use something like Google Photos to manage your pictures, especially because there’s a recycle bin built right into it.

iOS

If you’re probably trying to get photos back from the digital grave when it comes to an iPhone—all your other files are likely to be copied somewhere else, either in iTunes or on the web. If you’ve recently backed up your phone to iTunes or iCloud, you can retrieve your photos from there.

Your first order of operation should be to visit the Recently Deleted album folder in the Photos app (or in your iCloud Photo Library), where your pictures and videos will stay for up to 40 days before being permanently erased. That’s a pretty big window of time for you to weigh up whether you really did want to delete that image.

As for other types of files, if you’ve deleted something that hasn’t been synced from iTunes and isn’t included in an iOS backup your options are unfortunately pretty limited. While there are desktop programs you can try, like Dr. Fone iPhone Data Recovery, they can only get access to certain types of data.

With access to the iOS file system pretty restricted (remember most Android undelete tools only work if you root your phone), apps can’t perform the same magic tricks as desktop software can to bring your files back. Unless you know a data forensics expert, your files are pretty much gone for good.

If you’ve scoured your backups and iCloud’s undelete options with no success then all you can do is make sure it doesn’t happen again. Make regular backups and sign up for an extra cloud service, whether it’s Google Photos or Dropbox, so you always have at least one additional copy of all your important files.

Nield, David. “How to Restore Deleted Files on Any Device“. Gizmodo June 2016


In the event that you are not backing up your systems regularly, this article is a good resource containing many recovery options for you. Although this is good information in case of an emergency, we HIGHLY recommend that you make it your #1 New Year’s resolution to develop and execute a Data Backup Plan.

Give us a call today for a free consultation at 732-780-8615.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

How to Safely Delete Private Data Forever

delete-data-foreverIf you’re erasing sensitive files from a computer, you probably want them gone forever and far beyond the reach of data recovery tools. Unfortunately, that’s not what happens all of the time. Here are some simple steps you can take to make sure your files are deleted permanently.

When you hit delete on a file, in most cases, those 1s and 0s aren’t actually erased. The operating system just marks the space they’re taking up as free for new stuff, so until something new shows up, that data can often be recovered.

What third-party eraser tools do is wipe over your sensitive files with random data, so not even the best recovery utility on the planet can bring them back. It’s a bit like scribbling over a handwritten note with thick black marker pen.

df-1

Or at least that’s true for traditional hard drives. Modern solid-state drives (SSDs), and the flash memory in mobile phones, don’t work in the same way. That’s primarily because applications don’t have the same control over where data is written and overwritten.

If you’ve got an SSD fitted, deleted files are harder to recover once they’ve gone beyond the Recycle Bin or Trash anyway (see the end of this note from Apple). On top of that, the safest option for ensuring they’re gone forever is to keep your drive encrypted. With those caveats in mind, read on.

Permanently deleting files on Windows

If you want a file on Windows to be immediately trashed without a visit to the Recycle Bin first, it’s easily done. Just hold down Shift as you tap Delete in File Explorer.

The file could still be recovered by someone smart enough to install a professional data recovery tool though, so on a traditional, mechanical hard drive you’ll need a more comprehensive tool to make sure the 1s and 0s have been well and truly wiped.

deleting-filles-screenshot

Eraser is a simple but effective tool that’s been around a long time on Windows. Point it towards a file or folder and it overwrites it with random data that should be enough to stop it from ever coming back.

There’s a scheduler tool too that you can use to wipe certain sections of your hard drive regularly. If you want to, you can add the program to the right-click menu in File Explorer, giving you even easier access to it.

df3

Blank and Secure is a very similar, lightweight tool that perhaps has a more friendly user interface and is portable as well, so you can run it from a USB drive if you need to.

Once you’ve launched the executable, just drag and drop the files you want to get rid of into the Blank and Secure window. You can set a few basic options before deleting, and the utility can automatically shut down your PC afterwards if it’s going to be a lengthy job.

df4

CCleaner is a perennial Field Guide favorite and has a disk wiper tool built into it in addition to all the other clean-up jobs it does—though you’ll need to stump up for the premium version (a free trial is available).

It’s more suitable for wiping entire disks or all the free space on a disk at once rather than individual files, but in any case this is often a better way of securely wiping sensitive data, especially on the newer SSD drives as we’ve mentioned. You can find Drive Wiper in the Tools section

If you do have a solid-state drive, then encryption is probably a better option. BitLocker is available in the Pro versions of Windows 10, or you can use a third-party solution like VeraCrypt. You might also find the SSD manufacturer has provided utilities for encrypting and securely erasing the disk as a whole.

Permanently deleting files on macOS

Like Windows, macOS has a keyboard shortcut you can use to tell files to skip the Trash on their way to the digital graveyard: Option+Cmd+Delete. Alternatively hold down Option as you open the File menu and you’ll see a Delete immediately entry.

df5

As you’ve no doubt noticed, Macs have been moving towards SSDs for some years now, and that means conventional secure erase techniques don’t really apply. Instead, you should switch on FileVault, which will make deleted files very difficult to recover once they’ve gone from the Trash.

Head to the Security & Privacy section of System Preferences and open up the FileVault tab to make sure it’s switched on. The flip side is that even you will struggle to get your data back if you forget your system password or recovery key—but you’re not going to do that, are you?

df6

There were secure erase options in Mac OS versions of years gone by, but they’ve all been abandoned in Sierra.

While you will find ‘secure erase’ tools in the Mac App Store, they’re going to be largely ineffective for files stored on SSDs, and may even reduce the life of the drive with their persistent overwriting. Of course a standard mechanical external drive is different—by all means use a tool like FileShredder or Shredo.

Nielddavid, David. “How to Safely Delete Private Data Forever”. Gizmodo, Field Guide. December 2016

Posted in: Security, Tech Tips for Business Owners

Leave a Comment (0) →
Page 5 of 17 «...34567...»