Tips on Securing Your Home Network

Securing Home NetworkMost everyone now has some kind of network inside their home or small office. Unfortunately, this means we are leaving a few vulnerabilities inside what we believe is our fortress of internet security. Just because all your “stuff” is behind your locked front door, doesn’t mean it will never get stolen. So, just like you may have a firewall turned on at your router, does not guarantee the bad guys won’t make their way in.

There are many reasons for this, including products being shipped with vulnerabilities and consumers not patching them right away, default passwords on all devices not being changed upon installation, and manufacturers not even bothering to supply fixes to the vulnerabilities shipped with their own products.

In any case, there are a few simple, but general steps to make sure your small network is as safe as it can be:

  • Change the default password on every device. When doing so, make sure it’s a strong passphrase that includes more than 8 characters, has a special character, and includes upper and lower case letters.
  • Update the firmware as soon as it is installed. This is done right after it’s connected to the network and often times, a dialogue will appear asking if you want to check for updates. Yes, you do.
  • Turn off features that you don’t need to use. Many devices come with all kinds of “extras” that are really just noise. You don’t need them, so don’t activate them.
  • Read the manual for the device(s). There is usually important information in them about proper installation.
  • Try to separate the network segments, if possible. If your TV doesn’t need to be on the same segment as your computer, put them on different ones.
  • If you don’t need to connect it to the internet, don’t. You may think this is silly since we’re talking about a home network, but if you have a “kid” computer that doesn’t need Internet access, don’t grant it. Also, many people have smart TVs, but don’t use the functionality they provide. If this is the case, don’t connect it.

Don’t be afraid to call the support group for the vendor if you have questions. Honestly, they will not think less of you and you don’t have to tell your friends you did it.

 

© Copyright 2015 Stickley on Security

 

Facebook Scam Video Steals Info and May Download Malware

Scam AlertFacebook reaches a lot of people. That is why scammers and fraudsters love using it. Recently, users saw a video of a pregnant woman posted with a sensationalized title encouraging users to click to see “What Happens To This Pregnant Lady.”

Any time something that urgent or “exciting” shows up on any social media such as Twitter, Snapchat, or something else, it should be met with much skepticism. These are typically frauds or scams of some type. In this particular case, if it is clicked, it not only takes the user through a series of clicking of other things such as other YouTube videos, it also may download malware.

PregoDon’t click on these links. They are generally not legitimate and while in the best cases they merely advertise some product, at worst they may con you into giving up sensitive information such as banking login credentials. In many cases, they end up installing some type of malware on your system that could include ransomware.

It’s also important to keep all systems updated with anti-malware software. There are many choices if you don’t have something installed, so do some research to find out which one is best for you.

In the case of this particular video, the user is asked to “share” it before it will be shown. Yet, once it’s shared, the page is redirected to another YouTube scam page requesting proof you are human by clicking a bunch of fake images. Then another page appears requesting personal information. That leads to a rash of scam phone calls and spam email messages. Each time the ruse is successful, the scammers get paid and the user never sees the video.

© Copyright 2015 Stickley on Security

New Malware May Destroy Your Records

Spam, Virus, Phishing Email EnvelopeThe phishers are at it again trying to steal your login credentials. They are sending out email messages trying to trick people into installing new and dangerous malware to do the spying.

Cisco researchers have found a new malware that can avoid detection. It’s called Rombertik and if it is discovered or even analyzed, it also has the ability to destroy the master boot record of the system. It is designed to steal sensitive information and login credentials from the browser.

There are several ways to identify phishing attempts. Typically, there is something that isn’t quite correct in the “To” and “From” lines of the message. When it arrives in your Inbox, it might look like it came from someone you know or perhaps a well-known financial institution or retailer. However, when you open it and look at the entire address, it is garbage.

Another indicator is that the message has a lot of grammatical and spelling errors.  The language is often not used correctly in the body of the message and there are a lot of punctuation mistakes as well.

A good rule to keep in mind is to never click on any links or open any attachments from anyone you don’t know or if it’s unexpected. Verify by making a quick phone call, sending a text message, or some way other than replying to the email you received to confirm that it’s OK to open.

Also, if you need to make changes to your online accounts, go into them directly and make the changes rather than clicking links.

It sounds elementary, but if a warning message about a phishing attempt appears on your screen, take a look at it before dismissing it blindly. Don’t let security warning fatigue get to you. The tools are there to help.

Rombertik performs checks on the system once it’s launched and after it confirms it isn’t being analyzed, it decrypts and installs on the computer. If it determines it’s being analyzed, it will try to destroy the Master Boot Record and subsequently reboot the computer so that it becomes unusable.

 

© Copyright 2015 Stickley on Security

Watch For Phony Nepal Earthquake Charity Scams

NepalThere is no question that the recent earthquake in Nepal was a heart-wrenching event. It is likely to bring out the giving side of many. Unfortunately, scammers don’t just try to steal from unsuspecting people during the good times, as they did during the Olympics and World Cup, but they often like to take advantage of tragedy or sad stories. If you are one of those who likes to donate money to charities to support such events, keep a few things in mind before sending cash or giving out payment card information.

• Don’t just click on a link you see online somewhere, even if it is on a friend’s page on a social media site. Unfortunately, scammers like to take advantage of such disasters as this and will put up links that may ultimately install malware on your computer or other device. Links that show up on social media are not necessarily checked out before they are posted. So just because you see one, it doesn’t mean it’s a good one.

• This goes for clicking links or opening attachments in email messages as well. Use caution or go directly to the site rather than clicking anything.

• Do some research to make sure the charity you are giving to is legitimate and that the money will actually go to the cause you wish. There are sites where you can get more information on charities such as the Better Business Bureau’s Wise Giving Alliance, Charity Watch, Charity Navigator, and GuideStar. Check those out when in doubt.

• Texting scams are on the rise. Confirm that you have the correct number and make sure you know the charges for doing so before hand. Keep in mind that when you donate via text, your funds may not get to the charity for a while; up to 90 days.

• Some states require charities and anyone doing a fundraiser for disaster relief to register first. You can check this for your state at the National Association of State Charity Officials. If a charity isn’t registered in your state, it may be a scammer.

• Take an extra few looks when going to charitable giving websites. Often, the scammers will create a fake site that looks so close to the real one that it is really difficult to tell. Sometimes it takes a few visits to the site to be sure. Take the time to do this and it’s more likely your kind giving will get to the correct place.

• Watch out for charities that seem to just pop up overnight. Often times, these are run by people who are up to no good at all.
If you suspect a giving site is a scam, report it to the Federal Trade Commission (FTC).

© Copyright 2015 Stickley on Security

Guidelines For Safer Social Media Sharing

Social media sharing

It’s no secret that the Internet is a way to get a lot of information out to a wide audience. It’s also a great way to share with friends, family, colleagues, acquaintances, and total strangers should you choose, the goings on in your life.

However, the more you share, the higher risk of compromising your privacy and becoming a victim of identity theft. Keep a few tips in mind to lower your risk when engaging in social media sharing:

1. Don’t accept invitations from strangers. It’s always better to find out who the person is that wants to know you before clicking the accept button. If he or she is a friend of a friend, verify their relationship first with your friend. Many people accept all invitations to connect and not everyone is on the up and up.

2. Don’t click on links, even if they appear to be from friends. Social media is the candy store to the preverbal kid. Often those links are placed on a friend’s page or site without the knowledge of your friend and often they end up being scams or malware.

3. Check your privacy settings to make sure you are sharing only what you want others to know. Check them again every time you get a notice that there was an update.

4. Don’t share personal information that you don’t want everyone else to know. Never ever share sensitive information such as your social security number, home address, driver’s license number, etc.

5. Close accounts you are no longer actively using. If you can’t close it completely, delete as many personal details as possible and deactivate it.

6. Change passwords often. Most security professionals recommend doing this at least quarterly. Use strong words and phrases that no one is likely to guess or that do not exist in the dictionary. The longer, the better.

7. Turn off the GPS functionality on your smartphone camera. It will pinpoint precisely where you are and were, which can be fun, but it’s a security risk. Keep your whereabouts private and turn that off.

8. While you are disabling, do just that for the automatic login features of your social media sites, especially on mobile devices. If your device gets stolen or someone gets access to it, your social media sites might be compromised.

9. Reconsider posting your Twitter comment or Instagram pictures to Facebook, or vice versa, through Twitter or Instagram. Sharing that way gets your information out there faster and attaches it to more sites. Most of those sites allow you to choose to shut off the automatic sharing features.

10. And the most important guideline for social media is to consider everything you post to any social media site to be permanent. Just because you disable an account, doesn’t mean your presence there is gone. If others share something you said or did, or you are tagged in a friend’s photo, you cannot delete it.

As always, read the terms of use and privacy policies of any site you join. If you don’t agree with how your information will be used, don’t sign up or delete your account.

© Copyright 2015 Stickley on Security

Make Sure Your Perfect Vacation Rental Isn’t a Steal

Summer cannot come soon enough for some, and it’s really not that far away. So, when looking for a place to stay on your summer vacation, keep in mind that not every “steal-of-a-deal” is the kind of great deal you want to find when you arrive at your destination.

SOS Car

Scammers are now posting ads on vacation rental websites and completely fake sites claiming to have the perfect place at the perfect rate just for you. Unfortunately, that picturesque bungalow on the beach that you reserved may not exist.

These criminals have various ways of stealing your money. They may ask you for a deposit to hold the place using a MoneyGram, Green Dot card, Western Union or the like and if they do, it’s almost certainly a scam. While some places in Europe and elsewhere do ask for deposits via wire transfer, most are now taking credit card numbers for deposits. It’s better to use credit cards because you have more buyer protections.

1. Always research the location to make sure that it does exist and it’s what you really want in a vacation rental. Read reviews. If there is bad news about it, most likely someone will post about it there. There are many legitimate websites that specialize in travel and allow traveler reviews. These can be a wealth of information.

2. Get copies of the rental contract or other documentation about the details of the place and your stay before sending any money.

3. If you have been caught by this scam, or suspect you may have been, file a complaint with the Federal Trade Commission (FTC). There is a complaint form and phone numbers on its website at ftc.gov/complaint. If you did pay by credit card for a property you believe is scam or found out was, contact the card issuer to try to get it resolved. Depending on the circumstances and the timelines, you may be able to get the money back.

4. Report the fake ad to get it removed and help prevent others from getting scammed by the same one.

 

© Copyright 2015 Stickley on Security