All major web browsers have the option to save the login and password for the websites that you visit so it’s easier to login the next time you visit a site. If you don’t already have a password system to create secure and memorable passwords, or a password manager to store your logins and other secure information – your browser’s password manager can securely store logins for you and will suggest a strong and unique password for new websites that don’t have a saved password yet.
If you don’t want your logins visible to anyone looking at your computer, make sure your computer is password protected. Here’s where you’ll find the password manager for the most popular web browsers:
Google Chrome: In Settings > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also an option to use Google’s Password Checkup to “Check Passwords” to keep your passwords safe from data breaches and other security issues.
Microsoft Edge: In Settings > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also an option to “Show alerts when passwords are found in an online leak”.
Mozilla Firefox: In Settings > Logins and Passwords, Firefox Lockwise will display your logins with the ability to view, edit or remove passwords individually. There’s an also a default option to “Show alerts about passwords for breached websites”.
Safari: In Preferences > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also a default option to “Detect passwords compromised by known data leaks.”
iOS/iPadOS: In Settings > Passwords you will find your saved passwords that are used in conjunction with the Safari browser. Also check out the “Security Recommendations” to “Detect Compromised Passwords”.
Android: Open the Chrome App > More > Settings > Passwords.
You can also find out more about information leaked in data breaches and check to see if your email address has been exposed at Have I Been Pwned and Firefox Monitor.
Scammers are becoming increasingly clever. Every month we hear from clients who have been scammed by letting someone take control of their computer and coerce them into paying for support for non-existent computer or account-related problems. With a little bit of knowledge of how these scams work, you won’t become a victim yourself.
Scams typically start with a website pop-up, email, phone call or text message from a well-known company such as Amazon, Windows/Microsoft, Apple, or Netflix. You are notified about a large purchase that has been or will be charged to your account – or there’s a problem with your account or device/computer. You’re told to call, click a link or talk to a fraud/account representative to confirm the purchase or account information. No matter how legitimate it sounds – It’s a scam! Read on about some of the most common scams we’ve encountered recently:
“Someone just charged an item to your Amazon account. I’m calling to confirm the purchase or refund your money.”
“This is the FBI and we’ve detected pornographic images on your computer. You must pay a fine right away!”
“This is your friend Bob. Can you please buy a gift card for me so I can give to my niece – I’ll pay you back.”
“Grandma, this is your grandson – I’m in trouble and you need to bail me out. Please don’t tell mom!”
“Your credit card number has expired. I’m calling to get your new number or your service will be cancelled right away!”
“I’ve hacked into your email account – I can prove it because your password is xxxxxx. I’ve got embarrassing pictures of you that I captured with your webcam. If you don’t pay up, I’ll release the the pictures to all of your contacts.”
“Your computer protection has expired. If you don’t call right away we’re charging $399 to your account to renew the protection.”
WHAT YOU SHOULD DO:Ignore the pop-up, email, call or SMS. If you answer an unexpected phone call, don’t answer or engage with the scammer – hang up. Most likely there is no problem at all. Unfortunately you can’t trust unknown or unsolicited callers to be who they say they are, nor can you trust the name or number on Caller ID – scammers frequently used forged numbers. Never, everallow someone you don’t know coerce you into letting them view your computer screen or allow remote access. You wouldn’t allow someone knocking on your door to come in – the same should be true for an unsolicited phone call or message.
If in doubt, log into your account normally (not via a link in an email or telephone number provided in a recording) to check for any unrecognized activity. Or you can call the company using the phone number listed on their official website, or printed on a card you have from the company.
If you’ve already gone too far and realize that you’ve engaged in a conversation with a scammer – below are some examples of how you can quickly get out of the situation.
“My attorney/caregiver handles all of my affairs. Contact him/her.”
“Send me an official correspondence in the mail – you should already have my mailing address.”
Often times scammers tell you that you must act fast – so that you don’t have time to think about it, contact a trusted tech-savvy friend, family member or computer technician. Stick to your better judgement, remain in control of the conversation – or just hang up.
The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion.
Topping the list of types of reported internet crimes was phishing, which more than doubled last year. People over 60 were the most common victims according to the report. Nevada had the 8th most complaints of the states and territories included in the report – yet it is the 32nd most populous.
The phishing category also includes vishing, smishing and pharming – all techniques via email, voicemail, text messaging or via fraudulent websites that attempt to trick victims into divulging personal information such as passwords or credit card numbers.
People over 60 were the most common victim – likely due to the age group growing up in a more trusting society and their less understanding of technology.
Perhaps most surprising is that Nevadans reported the most complaints per thousand people than any other state.
In summary, become educated on how to spot internet crimes so that you or someone you know doesn’t become the next victim.
If you’ve been a victim of identity theft, the Federal Trade Commission’s IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process.
If you haven’t been a victim, read these tips to help keep your identity from being stolen or compromised in the first place: Prevent Identity Theft.
Adobe Flash Player – not to be confused with Adobe (PDF) Reader – in the last decade had been the most common method of viewing video and animation files in the web browser. But the latest web coding standards includes the ability to play videos and animations natively – without the need for a browser extension or add-on.
In July 2017 Adobe announced it would no longer support Flash Player at the end of 2020, and recently all major web browsers have blocked or completely removed the ability to play Flash content. Around that time many security vulnerabilities plagued the software and it became a common vector for spreading malware through the computer browser.
What can you do if the web content you are trying to view says it requires Flash Player? Nothing – it’s up to the website developer to reprogram the site with modern standards that doesn’t require Flash Player.
A massive government and business computer hack was discovered early this month (December 2020), but the long term effects likely won’t be known for months or years as more knowledge is obtained about what companies were affected and what data may have been (or will be) breached.
Early details of the hack are explained in these comprehensive articles from CNN and CNET. The hack was spread to thousands of computer systems, altogether likely containing the private data of a majority of US citizens. That data may be compromised and leaked to miscreants if the data on those computer systems was not securely stored or encrypted. Hackers may be holding onto such data for months or years to come.
Make sure all of your devices are up to date: By default Windows and MacOS computers update automatically. But other internet connected software and hardware usually require manual updates – such as iOS, iPadOS, Android, internet routers, video doorbells and cameras, streaming media players, etc. If you need help making sure all of your internet connected devices have the latest security patches, please contact us.
Be suspicious of every email, phone call, SMS or browser pop-up: Initially do not trust any unsolicited email, phone call, SMS or pop-up in your web browser – particularly if it’s asking you to do something. Treat everything as “guilty until proven innocent”. See how to recognize scams and phishing attempts, and for more information review all of our security articles.
Sure it’s easy to just use the same password for everything. But with data breaches seemingly occurring on a daily basis, your email address and password that’s part of any data breach is surely being used to try to log into your email account and other accounts that hold personal, financial and other private information.
It’s been suggested by some clients that nobody would be interested in reading their email, so their email password doesn’t need to be secure or unique. However if a hacker accesses your email consider the following common occurrences:
A hacker can reset/change your email password and lock you out of your account.
A hacker can read all of your emails to figure out all the financial and shopping accounts that you do business with. With that information they can begin attempting to login to those websites, and if unable to do so – they can intercept the password reset emails sent to your email address and reset the passwords for those accounts too.
A hacker can copy your contact list and/or send emails on your behalf asking for money, gift cards or to send spam and phishing emails that appear to come from you.
You likely spend most of the time on your computer using your web browser. Years ago the web browser was primarily used for reading news and email. Now we can do everything from grocery shopping, managing finances, word processing, and even work in browser-based versions of powerful business applications – without leaving a browser window. Part of what has made web browsers so useful – but also potentially hazardous – is the popularity of browser extensions.
Browser extensions are applications, often developed by third party developers, that users can download to expand the functionality of their web browsers. A few different extensions that we recommend can block ads, manage passwords, manage too many open browser tabs, or save web pages to Google Drive or Evernote – just to name a few. However there’s also an abundance of extensions that promise to do great things, yet cause far more trouble than they’re worth.
Some of these “bad” extensions just cause annoyances, displaying ads or automatically redirecting you to websites that you didn’t intend to browse to. Others are more malicious, spying on your browsing, stealing your data, or injecting malware into your system. What’s worse is that some extensions start out life perfectly legitimate, but then get bought by bad actors and become malicious.
Some of our most common calls for service are due to bad browser extensions. So how do you get the most out of browser extensions without falling prey to malicious ones? Here are 5 tips:
1. Be very wary of pop-ups advertising an extension.
Many users install extensions because they are prompted to in pop-up messages on websites. You always have the option to decline the extension, or close your browser to avoid installing a persistent installation prompt. If you didn’t go to a website looking to install an extension, it’s best to decline, since a large majority of the time the website is offering something that’s in their best interest – not yours.
2. Only download extensions from websites that you trust.
Do some research into the company behind the extension you’d like to download. Many extensions are developed by companies you know, such as Google or Microsoft, and these are generally safe. If you don’t recognize the vendor, be sure to read reviews of the extension on the browser’s extension interface – such as Chrome’s Web Store or Firefox’s Add-Ons page. Often malicious extensions will receive enough bad reviews to warn careful users away.
3. Take time to read all the fine print.
Whenever you’re downloading extensions, slow down to read all the messages your browser gives you about the extension. Chrome, for example, will show you exactly what information the extension will have access to, as pictured below.
4. Don’t download extensions bundled with other apps.
We’ve written before about the potential dangers of downloading/installing free software from the web. In many cases, free software applications will include browser extensions, which the user may download without paying attention, simply because they click “Next” on the installer window without reading the fine print. When downloading anything from the internet, always be sure to read every message carefully so that you are downloading only what you want and expect.
5. Block or close prompts to allow websites to send notifications
Though not technically a browser extension – web browsers have enabled a “feature” to allow websites to pop-up notifications from a website, even when you’ve left that site. Though it may be useful to get notification alerts when you’re favorite news website is not open, or notifications about new email or Facebook activity – some untrustworthy websites have abused the feature and are causing excessive pop-ups for unrelated content. We recommend being very judicious if clicking to “allow” notifications, and only do so on websites that you know and trust.
Are you getting excessive pop-ups and getting redirected to websites that you didn’t intend to visit? Please contact us if you need help cleaning up your browser.
Considering all the data breaches lately, you should be monitoring and protecting your accounts and personal information – but what is the best method for you? Should you use a credit monitoring service or subscribe to identity theft protection instead? What’s the difference between the two methods?
Credit monitoring services monitor activity on your accounts with the major credit reporting agencies (TransUnion, Experian, and Equifax). Creditors report all activities related to borrowing money, including your payment history, to credit reporting agencies. Monitoring services may monitor your history with all three agencies or be exclusive to a certain agency.
With credit monitoring, you’re alerted to various changes in your credit report – for example, when a potential creditor asks for your credit history or when new credit card accounts or loans are opened in your name. Any activity that is reported to the credit reporting agency is monitored.
However, identity theft can involve more than fraudulent loans or credit accounts in your name. Thieves can use your Social Security number and other personal information to open bank accounts, get jobs, receive government benefits – even commit crimes in your name. None of these activities will show up on your credit report because borrowing is not involved.
Identity theft protection services typically include credit monitoring and also check for non-credit related abuses of your information – or let you know that your compromised information is out there, available to thieves for future abuse. Monitoring may include dark web scans, arrest records, court filings, changes of address, and social media accounts.
Victims of data breaches are often offered free credit monitoring or identity protection services for a limited period of time – however you need long-term protection, especially once your personal data has been compromised. You can always cancel accounts and change passwords, but once your Social Security number is compromised, you are in for a lifelong battle with identity thieves.
Note that most credit monitoring and identity theft protection services are reactive, not proactive. They let you know when suspicious activity has occurred, but they can’t prevent it from happening. You can supplement either service by using following these proactive tips:
Shred any sensitive information before discarding it.
Be suspicious of all e-mails, text messages, pop-ups and unsolicited phone calls claiming that there’s a problem that requires your immediate reaction – such as calling an unfamiliar phone number or divulging your personal information or login credentials over the phone or via an email link.
Check your credit frequently, and consider a credit freeze on your accounts to prevent thieves from opening fraudulent accounts in your name.
Help either service by making it more difficult for identity thieves to get your information, or to use your information if they do get it. Now is the time to follow through with whatever protection you choose. Identity thieves look for the easiest unprotected targets – don’t be one of them.