It would be pretty great if antivirus protected us from all the online security threats out there. Unfortunately, though, this isn’t the case.
Often, customers ask us if they should purchase a third-party antivirus software rather than use the basic one that comes with their operating system. Our answer to this question is usually: stick to the antivirus that comes with your computer.
Let’s take a look at why below.
What antivirus can and can’t do
Antivirus software works by scanning your devices, applications and files for traces of viruses or malware. Viruses are a type of malicious computer program designed to alter how your computer operates. It can, for example, steal sensitive data or lock you out of accessing your files.
Viruses are scary stuff – and antivirus is vital for defending against these types of threats. However, antivirus isn’t a holy grail. It only protects against one type of cyber security threat. There are a whole plethora of other threats out there that you need to watch out for.
Human error is the biggest security threat out there today
Recent research found that a massive 85% of data breaches can be traced back to human error. This means that it’s not viruses or malware responsible for most successful cyberattacks; it’s people.
As humans, we all make mistakes – and this is what today’s cybercriminals count on. Many of today’s cyberattacks focus on manipulating victims into clicking suspicious links or sharing financial information with a fraudulent entity. Here are some examples:
Phishing emails: Phishing emails are fraudulent emails criminals send to their victims. Typically, the email will impersonate a trusted brand. It will ask the victim to either call, click a link, download an attachment or share sensitive information. There were 241,342 victims of phishing in the US in 2020 – and those are just the ones that were reported.
Dodgy online advertisements: Malvertising is a type of cyber attack technique where hackers inject malicious code into advertisements. When you visit a website with malvertising the malicious code can launch anything from a harmless yet deceptive warning message, to enabling a hacker to steal your data or even take it for ransom.
Replying to texts from unknown senders: Similar to phishing is what’s known as SMishing. SMishing happens when a cybercriminal sends a fraudulent text to your mobile, pretending to be a trusted entity. The text will usually contain a link, which takes you to a page where you’re asked to share sensitive information – like your bank card information.
The best protection is education
All of the above cybercriminal tactics are not new. Phishing, malvertising and SMishing have been around for years. However, criminals continue to use these tactics because they have a high success rate.
While antivirus and other solutions can protect against basic forms of malware, they can’t stop a phishing/SMishing message from landing in your inbox, nor can they prevent you from calling a scammer’s number in a deceptive pop-up ad or message.
To that end, the best way to protect yourself from today’s cyber threats is through education. Understanding how to spot these threats can ensure you don’t fall victim.
Here are some tips to bear in mind.
How to spot phishing
Watch out for emails where:
The tone of the email sounds unfamiliar or strange
You don’t recognize the sender address
There are spelling mistakes and grammatical errors
The request seems urgent or unusual
How to spot malvertising
Watch out for pop-ups where:
The advert tells you to call a number to fix a problem with your device
There are spelling errors in the copy
The advert promises something too good to be true
The advert doesn’t seem relevant to your recent search history
How to spot SMishing
Watch out for texts where:
The message seems too good to be true
The request appears urgent or unusual
There are spelling and/or grammatical errors in the message
What to do if you’re not sure whether an email or text is genuine
Often, cybercriminals will impersonate trusted brands in their phony emails and texts. They may pretend to be your healthcare provider or bank and request information urgently.
If you’re not sure whether such a request is genuine, we advise that you validate any requests over a separate channel. For example, if you receive an email from your bank that you weren’t expecting, call them to check if they sent that email. Always call and verify before engaging with these requests.
Don’t forget that we are happy to support you with your questions about information security and education. If you have any concerns about phishing and SMishing, we’d be glad to take a look at your device for you.
As well as this, we can help with improving your computer’s security defenses, so you experience less phishing and pop-up ads.
Protect yourself from common security threats
Contact us today if you need help with protecting your computer or have any questions about phishing, SMishing, and malvertising.
We’ve been receiving lots of reports from clients that their Facebook account has been hacked. In reality, usually it’s just been cloned. Here’s what’s happening.
If you have a Facebook account, by default your Friends list is set to “Public” – meaning anybody on the internet can see who your Facebook friends are. But miscreants and scammers can use this information along with other public information to impersonate you by creating a new Facebook profile – even with your public profile picture(s). Then they send friend requests to all of your friends. Once your friends become friends with the new “you”, a scammer can persuade your friends that your original Facebook account was hacked and your friends are lead to believe the new account is really you. Scammers will then use your new Facebook profile controlled by them to have your friends confide in “you” to obtain personal/private information and/or gift cards or other financial scams.
What you need to change right away
We recommend using Facebook’s Privacy Checkup to review your settings, and make sure that scammers can’t use public information from your Facebook account. In Facebook, go to your Account > Settings and Privacy > Privacy Checkup. In “Who can see what you share”, make sure “Who can see your friends list on your profile?” is NOT set to Public. In Privacy Checkup we also recommend going through “How to keep your account secure”, and make sure that you’re using a unique password for Facebook.
An additional step is to make sure that your only “Friends” can see your Followers – it’s set to “Public” by default. Check this setting by click the 3 dots near the top of your Friends list > Edit Privacy > Followers.
Once upon a time, the cloud referred to something you’d look up and see in the sky. In the age of technology, though, the cloud is something wholly different altogether. Essentially, the cloud offers a secure way to store and back up your data – things like your documents, files, photos and contact details.
Before the cloud, you’d store this data on your computer hard drive. While you can still do this, it’s also wise to use the cloud too. This is because if your hard drive fails, then you can still access your data. Also, more of us now use computers and mobile phones. If you use the cloud, then you can access your information from multiple devices.
The average employee uses over 30 cloud-based services each day.
In the same way that different companies sell different brands of phones – like Nokia, Samsung and Apple – there are a number of companies that sell cloud storage. The main ones in the consumer space are Apple, Google and Microsoft.
Below, we’ll dive into each of their cloud offerings, so you can get a better idea of what solution is best for your needs.
iCloud
If you have an iPhone or a Mac, then Apple’s iCloud is the best option for you. iCloud only works natively on Apple devices. It enables you to access your data seamlessly across your devices, including notes, photos, calendars and documents.
Once you have set up iCloud, you can configure it to automatically back up your data, so you don’t need to keep remembering to click ‘backup’. You get 5 GB of free storage with iCloud.
Moreover, if you are in a family of Apple users, then the iCloud has excellent functionality that allows you to easily share photos, files and more with other iPhone or Mac users.
OneDrive
OneDrive is Microsoft’s answer to cloud storage. Anyone who has a Microsoft email account can access OneDrive for free. However, you only get 5GB of free storage before you need to start paying.
Like iCloud, Microsoft enables you to store and share your personal information and files in the cloud. You can access these files by logging into your email account in your web browser.
Google Drive
Google Drive is another cloud-based storage solution, which allows you to store files and photos online and access them from your phone, tablet, or computer with a login. Google Drive also has a wealth of features – such as Google Docs and Google Sheets – that allow you to create word processing documents and spreadsheets in the cloud, without paying for software.
Google Drive offers 15GB of free storage, 3x the free storage space of the others listed above.
Which Service is Best for Me?
No service is better than the other. It depends on your unique preferences. Some people prefer the interface of Microsoft OneDrive, while others prefer Google Drive.
We suggest looking at what applications you use know and taking a decision from there. For example, if you’re already set up with a Microsoft account, then it likely makes sense for you to use OneDrive.
Alternatively, if you’re an avid Apple user or have a Gmail account, then you’ll want to select iCloud and Google Drive, respectively.
Don’t Forget About Security
Your cloud is only as secure as the devices that have access to it. Make sure all your devices are protected with robust PIN and password controls.
Another thing to make sure of as you start using the cloud, is to make sure your files are configured securely and that you practice good password hygiene.
We advise that you set up account recovery options. These will help you to regain access to your cloud accounts in the event of losing your password. You’ll be asked to set up a security question, link your mobile phone to your account, or provide an alternative email address.
We also recommend that you use multi-factor authentication for your cloud accounts. This requires you to verify your identity when you log into your account. You’ll need to provide your password, and another form of authentication – such as a code sent to your phone or a link in your email.
Of course, we understand that navigating cloud accounts can be complex – especially at the beginning. That’s why we are on hand to help you find and configure the best cloud storage for you.
Get Help With Cloud Storage and Backup
We enjoy working with our clients to help them get more from their technology while keeping their personal data secure. We can help you put automated solutions in place that keep you better protected online.
Most of us will have experienced a data breach at one point or another. Maybe you’ve received an email from LifeLock telling you that one of your passwords has been compromised. Or you’ve logged into an app on your iPhone and received a warning that your password has appeared in a data breach.
It can be worrying to receive these notifications. You’ll likely wonder how your password ended up in a breach and why. More importantly, you’ll want to know how you can fix the issue as quickly as possible.
Below, we’ll explore how data breaches happen and how you can best protect yourself in the event of a worst-case scenario.
How Data Breaches Occur
According to research, there are over 15 billion stolen passwords on the Dark Web. The Dark Web is like the criminal underworld of the internet. It’s where criminals go to buy illegal things like drugs and weapons. It’s also where cybercriminals purchase malware and stolen sensitive data – information like passwords, emails and even financial records.
So, how does this information end up on the Dark Web in the first place? Well, in today’s digital world, data breaches have unfortunately become commonplace. Even though many businesses do their best to protect customer data, it takes just one error or mishap to let a cybercriminal into their systems.
When this happens, cybercriminals tend to steal the most lucrative thing they can: sensitive, personal data. Data has its own currency today. Criminals mainly use this data to commit fraud and con people – and companies – out of money.
What Does a Stolen Password Notification Mean?
When you receive a stolen password notification, this means that one of your logins has shown up on the Dark Web. One of the companies you have an account with was likely breached. Sometimes, an organization will alert you to a data breach via email or text. However, occasionally, cybercriminals are able to steal data without an organization being any the wiser – which is why identity theft protection services can give you peace of mind.
Another way to check if your data is for sale on the Dark Web is to use the website Have I Been Pwned. Simply type your email address into the website, and it will let you know if your details have appeared in a data breach.
What Should I Do If My Password Has Appeared on the Dark Web?
Depending on the type of account that has been compromised, there are a few things that you should do. First, change your password for the account as quickly as possible. Second, log in to your financial accounts and check that everything is as it should be.
If anything looks suspicious, then get in touch with your bank immediately. Even if nothing seems out of the ordinary, we recommend keeping an eye on your account for a few days after the breach notification.
These steps will help to reduce the immediate impact of a data breach. There are also other things you can do that will help to prevent disruption from future data breaches:
Use two-factor authentication: One of the easiest ways to improve your personal security is to enable two-factor authentication on your email and bank accounts. This uses a verification step in addition to your username and password – a one-time passcode sent to your email, text message or authentication app – to allow you to access your accounts. Two-factor authentication provides extra protection even if a hacker knows your password, they won’t be able to get into your accounts.
Use a password system and/or password manager: You should have a unique password for every account you use. This way, if one of your accounts is breached, the others aren’t vulnerable. We know that remembering lots of passwords is near impossible. This is why we recommend you use a password system and/or password manager to simplify the process.
Monitor your credit: You should regularly check your credit to ensure that nothing looks out of the ordinary. It’s rare but, sometimes, data breach notifications come too little too late. So, it’s best to be proactive and regularly check your bank statements for evidence of identity theft. Keep an eye out for things like anomalous payments, payments made at odd times and withdrawals that look unfamiliar.
Protect Yourself from Data Breaches
If you are worried about the security of your personal data or want help implementing more robust password controls, we’re here to help. Contact us today.
Your mobile phone number has become increasingly valuable because it’s the way that hackers can gain access to your online financial, email and social media accounts. We now are encouraged to use our smartphone and attached phone number to prove who we are – often via Multi-Factor Authentication (MFA), a method that requires not only entering your username/email address and password into a website, but also entering a code or responding to a prompt sent to your cell phone.
But what if someone gained access to your mobile phone – or increasingly more common – your mobile phone number? Hackers that successfully SIM swap or port-out your phone number would have access to reset/change “forgotten” passwords and gain access to online financial, email and social media accounts.
Fortunately the major wireless carriers have taken steps to let you thwart hackers and prevent your phone number from being taken from you without your prior knowledge. It involves contacting your wireless carrier.
Instructions for the major U.S. carriers are below. If you use an MVNO (Mobile Virtual Network Operator) such as Consumer Cellular or Spectrum Mobile – call 611 from your wireless phone and ask to setup a port-out PIN or other port-out/SIM swap protection to prevent unauthorized porting of your phone number without your prior knowledge.
It’s important to protect your phone number before a hacker poses as you and takes over your phone number before you get a chance to protect it. If you need help with protecting your phone number, contact your tech.
One of the applications that you may hear about to keep your online connection more secure is a virtual private network (VPN). This is a service that basically takes your internet connection and reroutes it through its own servers before connecting you online.
VPNs are sold by lots of companies using FUD (fear, uncertainty, doubt) tactics. These companies make promises of encrypting your online connection and keeping your data safe. However, some of them have been found to be not very private after all.
What Is a VPN?
A VPN is a service that will route your online traffic through one or more of its servers. These servers can be anywhere in the world, and at times, you may be using different ones.
The VPN is designed to encrypt internet traffic and make your online connection secure by being a middle man between you and the internet.
Before you get scared into thinking you need a VPN, you’ll want to check out our list below of the reasons that you may not really need one after all.
When you connect to a VPN, your internet traffic gets routed through a third party. This is like taking the long way to go to the grocery store. Instead of connecting directly from your internet service provider (ISP) to the internet, you’re taking a detour through a VPN service that could be thousands of miles away.
This detour can slow your connection speed, especially if the VPN server is across the ocean in another country. This can lead to buffering frustration when trying to watch streaming services and worse quality video calls due to slower internet.
Can Cause Login Problems Due to Location Differences
Not all applications play well with VPNs and you may start having login problems. This can especially be the case when logging onto sites that look at your location to determine the type of content to serve you.
You may also find that you do a Google search like usual, but all the search results are in another language. This can be because the IP address of the VPN server is coming from a certain country so the site thinks you are located in that country and is providing content based upon that server location.
They’re Complicated to Use
Because a VPN changes how you connect to the internet, it can be complicated to set up and use. It may end up conflicting with other processes you have going, such as file sync with online cloud storage.
This type of app is difficult to adjust so it’s not conflicting with any online or hard-drive-based apps. Uninstalling the VPN may be the only way out of an issue that has occurred after it was installed.
They’re Illegal in Some Countries
Some countries restrict internet content, and the use of a VPN to get around that restriction is prohibited. So, if you travel overseas and use a VPN on any of your devices, you could be breaking the law without realizing it.
May Be Storing Your Online Data Without Your Knowledge
It’s been found that many VPNs store your online session data, despite the promises made on the company’s website. Some may be governed by laws requiring them to store that data, and others may do it out of carelessness or for more nefarious reasons related to selling it.
If you use a free VPN, you need to be very careful about this, because if you’re not paying anything for the service, then it’s most likely you (your data) is the revenue generator for the business.
There are Better Ways to Protect Your Data
A VPN is not necessarily the best way to protect yourself and your data while online. There are other options that don’t require you to route all your internet traffic through a third party.
Some of these options include:
Use of a DNS Filter:A DNS filter blocks malicious websites even after you’ve clicked the link for one. It will redirect you to a warning page instead. Setting up a DNS filter is done on your computer or router.
Multi-factor Authentication (MFA):MFA is one of the best ways to keep your online accounts secure, and it’s free. You should enable this on every account that you have. According to Microsoft, MFA blocks 99.9% of fraudulent sign-in attempts.
Contact us for your online security needs.
Computer Techs can help you reduce risk by employing online security best practices. Contact us today with any questions or computer needs.
Also read: Why you probably don’t need to worry about public WiFi anymore
Google announced in May that it would start automatically requiring users to adopt two-step verification as a security precaution when they sign into services such as Gmail. That plan, which the company said would expand by the end of this year to 150 million users on mobile and desktop, has now started.
What is two-step verification?
Passwords, no matter how strong, may not actually be the best way to keep online accounts secure. Two-step verification, sometimes referred to as two-step authentication, reduces the chances of hackers or other outsiders gaining unauthorized access to your information. This usually means adding an extra security step to log in, like a code sent to your phone via text or a voice call, or a code generated by a Google Authenticator, that users must enter in addition to their usual password.
Why is this happening now?
Google has been encouraging its users to enroll in two-step verification for the past few years. The company has also moved to reduce the need for its users to enter passwords and pushed the use of secure tokens, which instead allow users to sign in to partner websites and apps with a single tap. In addition to the 150 million user accounts Google will automatically enroll in two-step verification this year, creators on sister service YouTube will be required to turn it on by November 1 to access their channels. Google expects that all of its users will eventually be required to login using two-step verification, the company told Fortune.
What’s going to change for me?
You can check whether you’re already enrolled in two-step verification through Google’s Security Checkup. If you’re not, it’s likely you will be eventually. Users who regularly sign in to their account, use Google products on their mobile devices, and who have recovery information on their accounts, like a recovery phone number or email, will be among the first to be automatically enrolled. But if you’re annoyed by the idea of signing in twice, don’t worry. After setting up two-step verification on your computer, you can choose not to use it again on that particular device, and go back to using just your password when you sign in. It’s only when someone else tries to sign in to your account from another computer that users will still have to go through the two-step verification process.
All major web browsers have the option to save the login and password for the websites that you visit so it’s easier to login the next time you visit a site. If you don’t already have a password system to create secure and memorable passwords, or a password manager to store your logins and other secure information – your browser’s password manager can securely store logins for you and will suggest a strong and unique password for new websites that don’t have a saved password yet.
If you don’t want your logins visible to anyone looking at your computer or device, make sure that you use a password or PIN to access it. Below you find instructions for accessing the password manager for the most popular web browsers:
Google Chrome: In Settings > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also an option to use Google’s Password Checkup to “Check Passwords” to keep your passwords safe from data breaches and other security issues.
Microsoft Edge: In Settings > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also an option to “Show alerts when passwords are found in an online leak”.
Mozilla Firefox: In Settings > Logins and Passwords, Firefox Lockwise will display your logins with the ability to view, edit or remove passwords individually. There’s an also a default option to “Show alerts about passwords for breached websites”.
Safari: In Preferences > Passwords, you will find your Saved Passwords, and the ability to view, edit or remove passwords individually. There’s also a default option to “Detect passwords compromised by known data leaks.”
You can also store and access passwords within the operating system of your device. Details for various operating systems are listed below:
You can also find out more about information leaked in data breaches and check to see if your email address has been exposed at Have I Been Pwned and Firefox Monitor.
The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion.
Topping the list of types of reported internet crimes was phishing, which more than doubled last year. People over 60 were the most common victims according to the report. Nevada had the 8th most complaints of the states and territories included in the report – yet it is the 32nd most populous.
The phishing category also includes vishing, smishing and pharming – all techniques via email, voicemail, text messaging or via fraudulent websites that attempt to trick victims into divulging personal information such as passwords or credit card numbers.
People over 60 were the most common victim – likely due to the age group growing up in a more trusting society and their less understanding of technology.
Perhaps most surprising is that Nevadans reported the most complaints per thousand people than any other state.
In summary, become educated on how to spot internet crimes so that you or someone you know doesn’t become the next victim.
If you’ve been a victim of identity theft, the Federal Trade Commission’s IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process.
If you haven’t been a victim, read these tips to help keep your identity from being stolen or compromised in the first place: Prevent Identity Theft.
