Security Series: Part 3 of 4

Suddenly It's All About Security! Part 3

This is part three of four on security for your computer and mobile devices. I am getting great feedback which I love! Thank you!! 

These next two articles begin to cover items that are a real risk and there is a special Security Audit offer at the end of this email. Just a note about these audits - there is also time for some general questions and training. 

An important piece of security on any device is you the user - you want to always pay attention to messages that pop up or offers you receive. It is always better to err on the side of caution!

PART 3: MODERATE TO HIGH RISK 

Moderate Risk
Malware on the Mac is still more annoying than dangerous BUT this could change at any minute. Malware get installed when you download and install software from a questionable web site OR more frequently, you respond to a prompt or pop up that offers to protect your computer or update a plug-in such as Flash. 

You always want to be sure you are accessing legitimate websites and if the website requires a login or password, be sure you see "https://" at the beginning of the address. 

The 's' at the end of 'http' is the key and signifies a secure site.

If you are presented with a pop-up or web page while you are on the Internet telling you your computer has been compromised or you must update your software just say NO!!!!

Either close the window or if that doesn't work Quit or Force Quit your web browser. You can read more in my article from last February about pop-ups and safe searching below.

SECURITY

(Article released February 2016) 

POP-UP SCAMS

We have seen a huge uptick in the numbers of calls about pop-up scams in Safari or other web browsers. These are always a scam!!!! Here is one example of a pop-up in Safari.

Here is another example that one client saw in a pop up window: "You have an infected malware or hardware due to ineffective virus protection. You need to call (xxx)123-4567. They said there is a possibility of data and identity theft if not fixed immediately. Your computer has been blocked, with system alert; do not try to restart your computer or it will make matters worse." 

These pop-ups are usually the result of visiting a page that is either malicious itself, or that has been hacked, or that contains advertising from an ad feed that has been hacked. In any case, the page contains malicious code that either displays a pop-up, or redirects to a malicious page that then displays the pop-up.

It is important to understand that no website can scan your computer for malware or suspicious activity. 

Further, Mac OS X will never display such a message within your web browser. (If you are unsure as to whether the alert is being shown by your browser or by the system, try hiding the browser by pressing The Command + H Keys. If the message hides as well, it's being displayed by the current page.) At most, web browsers can warn you that a particular site you are trying to visit is bad, but they cannot make any determinations as to the state of your computer.

It is also important to understand that these messages are not caused by a virus, or any other kind of malware. Many people's first reaction to a pop-up like this is to go download anti-virus software. This is the wrong response, as there is no malware involved, and thus the anti-virus software will not solve the problem.

So what should you do?? 

DO NOT CALL THE PHONE NUMBER PROVIDED. IT IS NOT A REAL TECH SUPPORT NUMBER. 

The people at that number are scammers, and they will do their best to take advantage of you in whatever way you will let them. You just need to get rid of the message - please call us and we can often walk you through the process. (Our phone support charges do apply.)

If you did call:

If you called the number, you may need to take some additional steps. For example, if you gave the scammers your credit card number when asked, you should contact your credit card company and report that your card has been compromised. If you gave other personal information that could be used to steal your identity, see: http://www.consumer.ftc.gov/features/feature-0014-identity-theft

If you gave remote access to your computer:

If the scammers requested remote access to your computer, in order to "troubleshoot" the "problem," and if you did whatever they asked to give them that remote access, your Mac should be considered compromised. 

You need to call us immediately to have your computer cleaned and restored.     

BOGUS WEBSITES OFFERING TECH SUPPORT

The second issue we are seeing is bogus websites pretending to be 'authorized support providers" for various hardware/software. In this case you search for help with a printer or software. Then you call or click through any of the search result offerings and are sent to a questionable company that wants to take remote control of your computer and charge you a lot of money!!! Interestingly enough this is more of a problem IF you use Yahoo as a search engine instead of Google (see my tips below to change your default search engine)

Google Search Results - in this case the fifth offering is bogus.

Yahoo Search Results (note that none of these are legitimate!!) in very fine print you might note that is all advertising but most folks don't even see that!

So how do you get help and avoid getting scammed?? 

  1. Go directly to the web site without using a search engine. 
  2. In your browser (i.e. Safari) type the address of the parent company into the address bar - for example:  www.canon.com, www.epson.com, www.intuit.com, www.apple.com and so on. This will take you directly to the legitimate company web site where you will find links to Support.  

HIGH RISK

Open or Unsecured Wireless networks refers to the public networks that have become the norm in coffeeshops, hotels, libraries, and even parks. While there are some folks who feel it is okay to use public wireless as long as the website you are accessing has "https:" in the address I prefer to just say no and only use public wi-fi to look up benign information such as business hours, menus, movie times, etc. I avoid anything that requires a log in and/or password. The FTC has a great detailed article on do's and don'tsfor public wi-fi. 

Don't forget: Your home wireless needs to have a secure password too and any router or device you have needs to have a custom password for administering it.

Phishing is probably among the longest running scares. But lately we are noticing a large uptick in very sophisticated and legitimate looking emails. The best way to protect yourself from these scams are:

  1. Know that a legitimate company will NEVER ask you to send your password to them or give it to them via a phone call. 
  2. IF you do get a notice that says an account has been compromised or must be verified, you want to open your browser and go directly to a website instead of clicking on a link in the email.
  3. If you receive an email asking you to login in and verify, change a password, etc., read it very, very carefully. Usually there will be a least one typo or poor use of English. The exception to this is verifying a new account, password, or email change you initiated - in that case use the next tip. You may also notice the quality of graphics, such as a company logo, will be incorrect or poor quality.
  4. You can also verify any links in emails by hovering your mouse over them for a moment and the address the link points to will show - you can sometimes use this to verify whether an email is legitimate. 

Next week I will send the final installment in this series: I will be covering mobile devices (laptops and iPhones/iPads) plus secure passwords and expanded security options that are available.