NEVER respond or react hastily to unexpected messages: If you get a pop-up message, email, phone call, text message, or any other urgent message about a virus/security problem, account problem, or ask you to call about an unexpected charge – DO NOT click on any links or call a phone number provided in the message. Always initially assume it’s a scam until proven otherwise.
Refer to links in the article below about how to close out of fake warning messages that appear to lock your computer or device.
Scammers often PRETEND to be from a business, organization, or financial institution or even a person that you know.
Scammers advertise on search engines (Google, Yahoo, Bing) so that people looking for help with a product or service will call them instead of a real support number listed on an official company website.
Legitimate companies will never ask for remote access/control of your computer or smartphone, unless you initiate the call to a number listed on the official company website. If the person with a legitimate company accessing your computer asks you to log into your account to “fix” or “help” with a problem, asks for money, money transfer, cryptocurrency or gift cards, immediately turn off your computer and end the call. Then call your trusted computer tech, relative or close friend to help validate the communication you just had.
Scammers are becoming increasingly clever. Every month we hear from clients who have been scammed by letting someone take control of their computer and coerce them into paying for support for non-existent computer or account-related problems. With a little bit of knowledge of how these scams work, you won’t become a victim yourself.
Scams typically start with a website pop-up, email, phone call or text message from a well-known company such as Amazon, Windows/Microsoft, Apple, or Netflix. You are notified about a large purchase that has been or will be charged to your account – or there’s a problem with your account or device/computer. You’re told to call, click a link or talk to a fraud/account representative to confirm the purchase or account information. No matter how legitimate it sounds – It’s a scam! Read on about some of the most common scams we’ve encountered recently:
“Someone just charged an item to your Amazon account. I’m calling to confirm the purchase or refund your money.”
“This is the FBI and we’ve detected pornographic images on your computer. You must pay a fine right away!”
“This is your friend Bob. Can you please buy a gift card for me so I can give to my niece – I’ll pay you back.”
“Grandma, this is your grandson – I’m in trouble and you need to bail me out. Please don’t tell mom!”
“Your credit card number has expired. I’m calling to get your new number or your service will be cancelled right away!”
“I’ve hacked into your email account – I can prove it because your password is xxxxxx. I’ve got embarrassing pictures of you that I captured with your webcam. If you don’t pay up, I’ll release the the pictures to all of your contacts.”
“Your computer protection has expired. If you don’t call right away we’re charging $399 to your account to renew the protection.”
“Your Cloud subscription has expired or run out of space. Reply or click to renew or update you payment information.”
“Failure to pay your bridge toll in this message will result in fines or jail time”.
“The 50% discount on your Internet Service is about to expire. Call right away to renew.”
WHAT YOU SHOULD DO:Ignore the pop-up, email, call or SMS. If you answer an unexpected phone call, don’t answer or engage with the scammer – hang up. Most likely there is no problem at all. Unfortunately you can’t trust unknown or unsolicited callers to be who they say they are, nor can you trust the name or number on Caller ID – scammers frequently used forged numbers. NEVERallow someone you don’t know coerce you into letting them view your computer screen or allow remote access. You wouldn’t allow someone knocking on your door to come in – the same should be true for an unsolicited phone call or message.
If in doubt, log into your account normally (not via a link in an email or telephone number provided in a recording) to check for any unrecognized activity. Or you can call the company using the phone number listed on their official website, or printed on a card you have from the company.
If you’ve already gone too far and realize that you’ve engaged in a conversation with a scammer – below are some examples of how you can quickly get out of the situation.
“My attorney/caregiver handles all of my affairs. Contact him/her.”
“Send me an official correspondence in the mail – you should already have my mailing address.”
or simply, JUST HANG UP and don’t answer the phone if they call back. It’s OK to be rude to a scammer.
Often times scammers tell you that you must act fast – so that you don’t have time to think about it, contact a trusted tech-savvy friend, family member or computer technician. Stick to your better judgement, remain in control of the conversation – or just hang up.
In today’s digital age, our personal information is more valuable than ever. From online banking to social media, we’re constantly sharing sensitive data that could be a target for cybercriminals. That’s why cybersecurity checkups have become increasingly important. These assessments can reveal vulnerabilities in our online presence that we may not even be aware of. Here are some surprising things we’ve discovered through cybersecurity checkups for individuals:
1. Weak or Reused Passwords:
One of the most common vulnerabilities found in cybersecurity checkups is the use of weak or reused passwords. Many people use easy-to-guess passwords like “password123” or the same password for multiple accounts. This makes it incredibly easy for hackers to gain access to your online accounts. See: The dangers of using the same password for different websites.
2. Phishing Scams:
Phishing scams are becoming more sophisticated and harder to detect. Cybersecurity checkups can help identify if you’ve been targeted by a phishing attempt. This could include emails from unknown senders asking for personal information or clicking on suspicious links. See:
3. Outdated Software or Operating Systems:
Many people neglect to update their software regularly, leaving themselves vulnerable to security breaches. Outdated software can contain known vulnerabilities that hackers can exploit. Cybersecurity checkups can identify which software on your devices needs updating.
4. Publicly Available Personal Information:
You may be surprised to learn how much personal information is publicly available online. This information can be exposed from data breaches, data brokers or both – and be used by scammers to gain your trust or for extortion attempts. The data may include your email addresses, phone numbers, home address, and even social security number. Cybersecurity checkups can help you identify and possibly remove any sensitive information that is publicly accessible.
5. Compromised Accounts:
It’s possible for your online accounts to be compromised without your knowledge. Cybersecurity checkups can help detect if any of your accounts have been breached. This could include unusual login activity, unauthorized purchases, or suspicious emails.
6. Lack of Two-Factor Authentication:
Two-factor authentication adds an extra layer of security to your online accounts. However, many people don’t enable it. Cybersecurity checkups can remind you to enable two-factor authentication on your most important accounts.
7. Email/phone forwarders to unknown destinations:
Scammers with access to email or phone accounts may use the forwarding feature to have all emails or calls forwarded to the scammer in attempt to retrieve account 2FA or recovery codes.
8. Email filters & blocked senders lists contain rules that are sending important messages to trash:
If a scammer accesses your email account they will typically set up rules and filters to route important security emails to the trash so that you won’t notice that they are actively accessing your account.
9. No PIN lock on smartphone:
Not using a PIN or biometric lock on your smartphone can allow anyone finding your smartphone access to everything on your device, and potentially allow someone to access your email and text messages obtain 2FA codes for your other accounts.
If you change your email address, phone number, or get rid of your home phone line, don’t forget to set or update your account recovery information for all of your online accounts.
11. Rogue web browser extensions:
Browser extensions can add useful features to your web browser, but if you get them from an unreputable source, or if the extension gets taken over by another publisher, they can potentially steal your personal data.
12. Exposing too much personal information on social media accounts:
By conducting regular cybersecurity checkups, you can identify potential vulnerabilities and take steps to protect your personal information. It’s a small investment of time that can have a big impact on your online security. Contact us for a cybersecurity checkup.
With the rise in cyber threats and data breaches, protecting your online accounts is more crucial than ever. One of the most effective ways to secure them is through Two-Factor Authentication (2FA). This guide explores what 2FA is, how it works, and why it’s essential for safeguarding your digital identity.
What is Two-Factor Authentication (2FA)?
Two-factor authentication is an extra layer of security used to verify that a user attempting to log into an online account is who they claim to be. Instead of relying solely on a password, 2FA requires a second piece of information—a second “factor”—which can only be obtained by the rightful account owner.
2FA factors typically fall into three categories:
Something you know – like a password or PIN.
Something you have – like a mobile device or a security key.
Something you are – biometrics like a fingerprint, facial recognition, or voice.
With 2FA, you’ll need two of these factors to access your account, making it significantly more challenging for cybercriminals to breach it.
How Does 2FA Work?
The 2FA process generally follows these steps:
Enter Your Username/Password: Begin by entering your usual password, which remains the first layer of protection.
Receive a Verification Prompt: After entering your password, you’ll receive a second prompt to authenticate your identity. This prompt can be:
A one-time code sent via text message or email.
A code generated by an authenticator app (like Google Authenticator or Authy) that refreshes every 30 seconds.
A push notification sent to your phone, which you approve or deny.
Biometric verification, such as a fingerprint scan or facial recognition.
Complete the Second Step: After verifying this second factor, you gain access to your account.
Types of Two-Factor Authentication
There are various forms of 2FA, each with its own security strengths. Here are the most common ones:
SMS-Based 2FA:
A unique, time-sensitive code is sent to your mobile phone via text message.
While convenient, it’s less secure due to the risk of SIM swapping, where attackers can hijack your phone number to intercept the code.
Authenticator Apps:
Apps like Google Authenticator, Authy, and Microsoft Authenticator generate time-based codes that expire every 30 seconds.
Authenticator apps are highly secure as they aren’t reliant on SMS, making them resistant to SIM swapping and other phone-based attacks.
Hardware Tokens:
Devices like YubiKey and Google Titan Key act as physical keys that plug into your computer or connect wirelessly. These tokens verify your identity when logging in.
Hardware tokens are very secure, as attackers would need physical possession of the device.
Biometric 2FA:
Biometrics, such as fingerprints, facial recognition, or voice ID, serve as the second factor in 2FA.
Biometrics add strong security but are less widely supported across platforms and may require specific hardware.
Push Notifications:
Many services, like Microsoft and Google, send a push notification to a trusted device. Approving the notification verifies your identity.
Push notifications are generally secure, especially if your device is protected with a password, PIN, or biometric.
Why You Should Use 2FA
Two-factor authentication offers several benefits, making it an essential component of a secure online presence:
Increased Security:
With just a password, anyone who has your login credentials can access your account. Adding a second factor significantly reduces the risk of unauthorized access.
Protection Against Phishing:
Phishing attacks attempt to trick you into revealing your password. 2FA adds a hurdle, as attackers won’t have access to your second factor, like your phone or authenticator app.
Minimal Impact on Usability:
While 2FA adds an extra step, it only takes a few seconds and provides substantial security benefits, often with only a small impact on convenience.
Peace of Mind:
2FA can give you confidence that your accounts are safer, helping protect personal information, financial data, and sensitive communications.
How to Enable 2FA on Popular Platforms
Enabling 2FA is straightforward on most platforms. Here’s how to set it up on a few commonly used services:
Google and Gmail:
Go to Google Account Security Settings.
Select 2-Step Verification and follow the prompts to add an authenticator app or SMS verification.
Facebook:
Open Settings & Privacy > Settings.
Under Security and Login, find Two-Factor Authentication and choose your preferred authentication method.
Apple ID:
Open Settings on your iPhone or Mac, go to Password & Security, and select Two-Factor Authentication.
Microsoft Accounts:
Log in to account.microsoft.com.
Go to Security > Additional Security Options > Two-Step Verification.
Social Media & Financial Accounts:
Most major platforms, including Twitter, Instagram, and online banks, offer 2FA under account security settings.
Tips for Using 2FA Effectively
Using Authenticator Apps is better than SMS: Authenticator apps are generally more secure than SMS codes, which can be vulnerable to interception or SIM swapping or someone taking over your cell number. However, using SMS is better than no 2FA at all.
Keep Backup Codes Safe: Many services provide backup codes for times when you can’t access your primary 2FA method. Store these codes securely, as they can be a lifesaver if you lose your phone.
Conclusion
Two-factor authentication is an essential security measure that everyone should enable on their online accounts. By adding an extra layer of verification, 2FA makes it much harder for cybercriminals to gain access, protecting you from unauthorized access and fraud. Take the time to set up 2FA on your important accounts today—it’s a small step that can provide significant security benefits.
In today’s digital age, one of the simplest yet most effective security measures we can take is to use unique passwords for each of our online accounts. This practice may seem tedious, but it’s not unlike having a separate key for every important lock in our daily lives. Imagine the risks if your house key could also unlock your car, your office, and your safe. If someone got their hands on it, they’d have complete access to everything you own. Just like in the physical world, using unique passwords is like keeping different “keys” for each digital door we want to secure.
Why Unique Passwords Matter
Using the same password for multiple accounts is the digital equivalent of using the same key for every lock. It might be convenient, but it creates a single point of failure: if a hacker gets hold of your password for one account, they suddenly have access to all the others.
Hackers know this, which is why one of their common tactics after breaking into a weakly protected account is to try the same credentials on other popular services. This practice is called credential stuffing, and it’s highly effective against those who reuse passwords.
Comparing Unique Passwords to Separate Keys
Let’s break down some specific comparisons that show why unique passwords are just as essential as separate physical keys.
1. Control Over Access
Physical Keys: Imagine you lend your car key to a friend, but you wouldn’t want that same key to open your home. Separate keys give you control over who accesses different spaces.
Passwords: Unique passwords give you similar control in the digital world. If you use a distinct password for each account, even if you have to share it temporarily, you’re not risking other accounts. For instance, if you share a streaming password, you’re not also granting access to your bank account.
2. Damage Containment
Physical Keys: If you lose a key, the risk is contained. You know that only the specific place that key unlocks is at risk. Replacing one lock is manageable.
Passwords: If one unique password is compromised, only that one account is affected, not your entire digital life. It’s much easier to recover from a single breach than to address the consequences of multiple accounts being hacked.
3. Layered Security
Physical Keys: Having separate keys adds an extra layer of security, as someone would need multiple keys to access every part of your property.
Passwords: Unique passwords create a similar layered defense. If a hacker wants access to all your accounts, they’ll need to go through each password individually, which is time-consuming and often impractical. Even if they break into one account, they’re blocked from the rest.
4. Preventing Social Engineering Attacks
Physical Keys: Imagine a stranger gains access to one of your keys and attempts to access other areas, only to find they’re locked. You can catch this suspicious activity early.
Passwords: In the digital world, using different passwords helps you identify compromised accounts faster. If you see suspicious activity on one account, you can address that specific password without worrying that your other accounts are similarly vulnerable.
How to Manage Unique Passwords
Understandably, managing different passwords for every account can be daunting. But with the right tools and practices, it’s much simpler than it seems. Here are a few strategies:
Password Managers: These tools securely store and manage your passwords, allowing you to create complex, unique passwords without needing to remember each one individually.
Two-Factor Authentication (2FA): Adding a second form of verification, like a text message code or an authentication app, strengthens your security and provides an extra layer if your password is compromised.
The Bottom Line
Using unique passwords is one of the best ways to protect your online presence, just as having separate keys safeguards your physical spaces. It might take a bit of effort to get started, but the security benefits far outweigh the minor inconvenience. In a world where data breaches are increasingly common, having “different keys for every lock” could be what stands between you and a major security issue.
Microsoft will end support for Windows 10 on October 14, 2025. After this date, there will be no more free updates*, security patches, or technical support available from Microsoft.
Most users have 3 options: upgrade to Windows 11, get a new computer with the latest version of Windows, or pay* to extend Windows 10 security updates until October 2026.
Upgrading to Windows 11 is recommended for most users for its advanced security, improved performance, and new features.
Updated 6/30/25:
As Microsoft’s Windows 10 operating system approaches the end of its lifecycle, it’s essential for users to prepare for the changes and take steps to transition smoothly. Microsoft’s official announcement has made it clear: Windows 10 will reach its end of support on October 14, 2025. This means no more free updates, security patches, or technical support for the operating system, which could leave your device vulnerable to security risks and software incompatibilities if no action is taken before October.
The Start button taskbar icon on Windows 10 vs Windows 11.
Why the End of Support Matters
When an operating system (OS) reaches the end of support, it no longer receives updates from its developer – in this case, Microsoft. These updates, which usually occur monthly, include crucial security patches, bug fixes, and improvements that help keep your system running safely and efficiently. After the end of support, any vulnerabilities and bugs will remain unpatched, leaving your computer at risk of viruses, malware, and ransomware.
Additionally, newer software and hardware may eventually become incompatible with the older OS, leading to performance issues or the inability to use modern apps and devices.
What Are Your Options?
As the end of Windows 10 support approaches, users have three primary options:
Upgrade your existing computer to Windows 11
Get a new computer with Windows 11
Continue using Windows 10 until October 2026 with reduced support
Let’s explore these options and why ultimately upgrading to Windows 11 is probably your best choice.
Can you spot an email or text message trying to “phish” your personal information or is otherwise a scam? When viewing a suspicious email, here are some key things to look at to help identify phishing/scam emails. Treat all email as guilty/scam until proven innocent/not-a-scam:
Subject – Look for bad grammar, misspelling, trying to get to act immediately, emojis and excessive punctuations (!!!) to entice you to read the email.
“From” – Does the email addresses match the sender? For example, we’ve seen lots of emails from “McAfee”, but the email address shown is from a random @gmail.com address. However the email address that it’s coming from should not be your only determination whether or not an email is real since an email address is easily spoofed.
“To” and greeting – Is the email addressed to your email address and name, or “undisclosed recipients” and “Dear user”. – A company that you already do business with will send an email addressed to your email address and name.
Grammar – Treat every email that’s trying to get you to react as suspicious. Slowly read the email as if you’re a teacher grading a student’s English paper.
Punctuation – Look for words that should/should not be capitalized, periods and commas in the wrong place, spaces that should/should not exist, and excessive punctuation.
Fonts – Phishing/scam emails often overuse bold and colored fonts, and different typefaces.
Look for clues the the email writer’s native language/country is not English/U.S. – Are dates formatted as the U.S. Month/Day/Year – or it is Day/Month/Year? Do phone numbers begin with “+1”? Country code prefixes are often used outside of North America.
A sense of urgency for immediate action – “Must respond within 24 hours or else…”
A scare tactic – Look for threats such as “… result in loss of important information” or “we’ll be forced to terminate/charge your account.”
Personal/private information – A company that you do business with already knows your email address, name, password, etc. Unless you are logging into your account on their official website, they would not ask you to enter it into an email or web form and send it back to them.
Please review the screenshots below of emails received and forwarded to us by our clients. Can you spot all of the clues that each one is a phishing/scam email? Answers are given below each screenshot.
The digital age, while offering unprecedented convenience, has also brought with it a surge in data breaches. From corporations to government agencies, countless organizations have fallen victim to cyberattacks, exposing sensitive personal information to the dark web. This compromised data is a goldmine for scammers, who are increasingly employing it to perpetrate sophisticated imposter scams.
How Does It Work?
Cybercriminals acquire stolen personal information through data breaches, which can include names, addresses, Social Security numbers, birth dates, financial details, and even email addresses and phone numbers. Armed with this information, scammers can create highly convincing personas, impersonating trusted individuals or organizations.
Common imposter scams include:
Family and Friend Impersonation: Scammers pose as relatives or friends in distress, often claiming to be in a foreign country or facing an emergency requiring immediate financial assistance.
Government Agency Impersonation: Pretending to be from the IRS, FTC, FBI, Social Security Administration, or other government agencies, scammers threaten victims with legal action or promise benefits to coerce them into sharing sensitive information or sending money.
Financial Institution Impersonation: Scammers mimic banks, credit card companies, or investment firms to trick victims into revealing account details or transferring funds.
Protecting Yourself
While it’s impossible to completely prevent data breaches, there are steps you can take to minimize your risk of falling victim to imposter scams:
Be Wary of Unsolicited Contact: Avoid clicking on links or downloading attachments from unknown senders, even if the email appears legitimate.
Verify Information: If you receive a suspicious call or email claiming to be from a trusted source, independently verify the contact information before responding.
Monitor Your Accounts: Regularly review your financial statements and credit reports for unauthorized activity.
Consider a Credit Freeze: Placing a credit freeze on your credit report can prevent new accounts from being opened in your name.
Use Strong Passwords: Create complex, unique passwords for each online account and enable two-factor authentication whenever possible.
Secure Your Online Accounts From Take-Over: Make sure your email accounts, accounts linked to your computer or smartphone, and financial accounts have multiple, current contact and recovery information. Use 2-factor authentication when possible.
The threat of imposter scams is a serious concern, but by understanding how these scams operate and taking proactive measures, you can significantly reduce your risk of becoming a victim. Stay informed, be vigilant, and protect your personal information.
If you need help with steps mentioned in this article, contact us for a security consultation of your online accounts and/or your computing devices.
Your Data, Their Gain: How Hacked Information Fuels Scams
Data breaches seem like a constant threat these days, impacting millions of people every year. Recently, AT&T announced a data breach that impacted 73 million customer records from 2019 and earlier. But beyond the initial inconvenience of replacing credit cards or changing passwords, there’s a hidden danger: stolen information becomes a potent weapon in the hands of scammers.
From Names to Riches: How Scammers Exploit Leaks
Even seemingly insignificant details like your name, email address, and phone number, when combined with data from other breaches, can be a goldmine for scammers. Here’s how they exploit this stolen information:
Phishing Attacks: Scammers use your personal details to craft emails or phone calls that appear legitimate. They might pose as your bank, credit card company, or even a government agency. Trusting these messages can lead you to reveal additional sensitive information like passwords or account details.
Targeted Scams: With knowledge of your purchase history or location, scammers can craft highly believable scenarios. Imagine getting a call about a suspicious charge on your credit card for a store you recently visited, or a voicemail/text claiming to be from your internet service provider about a large discount.
Social Engineering: Armed with details like your birthday or children’s names, scammers can gain your trust by weaving these details into their stories. This emotional manipulation makes you more susceptible to their tricks.
Protecting Yourself from the Fallout
While data breaches are a harsh reality, there are steps you can take to minimize the damage:
Be Wary of Unsolicited Contact: Never give out personal information over email or phone unless you initiated the contact. Legitimate companies won’t pressure you for immediate action.
Strong Passwords & Two-Factor Authentication: Use unique, complex passwords for all your accounts and enable two-factor authentication wherever possible. This adds an extra layer of security.
Regular Monitoring: Keep an eye on your bank statements and credit reports for suspicious activity. Consider credit monitoring services for added protection.
Be Skeptical: If something sounds too good to be true, it probably is. Don’t hesitate to verify information directly with the source, like calling your bank instead of trusting the phone number provided in a suspicious email.
Data breaches are a threat we all face, but by staying vigilant and taking proactive steps, we can make it harder for scammers to exploit our information. Remember, a little caution can save you a lot of heartache.
When I started Computer Techs in 2003, the most common danger on the computer was the virus. The computer virus was often spread through email attachments. Fast forward 20 years, now the most common danger is social engineering scams. And what was once just random guesses of people’s email addresses, now scammers also use phone numbers to call or send messages to contact their potential victims.
These days scammers and hackers have a lot more information about you due to website data breaches and the treasure trove of information that has been exposed about you – such as your name, email/physical address, phone number – and sometimes passwords. They often use that information to send emails, text messages or phone calls to persuade you to that there’s a problem that needs immediate attention. Examples of what they want you to do include:
Click a link or open an email attachment. Links often lead to look-alike websites in which you are asked to provide personal information – such as username and password – or even financial information
Call a number provided in the email or message so that you can dispute a (false) charge or purchase that was made
Request remote access to your computer or smartphone to fix or help with an account problem
When you receive such messages or calls – do not act immediately, it’s likely a scam. Instead read the following information to help you determine the authenticity of what you just received.
Online banking is one of the most convenient services available and offers individuals, businesses, and organizations a way to quickly and easily manage their finances. Unfortunately, online banking is also vulnerable to all of the same security risks that stem from the virtual nature of the internet. It’s important to take steps to ensure that your hard earned money is secure from theft and fraud.
You wouldn’t want to suddenly realize that your bank account has been drained of your hard-earned cash!
Let’s take a look at a dozen ways to keep your money safe while banking online.
Print This Article Published 5/5/21. Updated April 2025
