Email Trick or Treat

Email Trick or Treat

Halloween is coming soon. I can't wait to see the kids in their costumes and the haunted yard displays in our area.
 
Trick or treat also brings something else to my mind: Every single email that arrives in your inbox.
 
Treat or trick? Yes, that's the issue - every time you check your in-box you have to determine if any particular email is a treat, that is, something you do want, expected, or appreciate. Or if it's a trick - a phishing email trying to con you.

Phishing for suckers (aren't we all)
Phishing, the practice of scammers using email (or text messages) to dupe you into giving them confidential information or infect your computer, has been growing rapidly over the past few years.

When in doubt, throw it out! 
If you suspect a trick email, delete it. Or if you're on the fence because it looks legitimate, like from a friend, colleague or reputable business, call them up. Not from a number provided in the email, but using their actual number of record. 

Scrutinize those weblinks!
The most common way crooks will try to scam you is by sending an enticing email that includes a weblink, which may look legitimate until further inspection.

Many spam filters and security programs will trap such threats. But because big money can be made, the fiends are getting increasingly canny with their lures. So you need to depend on your own wariness, not just your software defenses.
 
Our brain jacked into tech flow
I think it's relevant to consider the psychology of computer use (including phones, tablets, etc.) so we understand how we can be conned. Our tech devices encourage efficient use because they work so fast and reward us so quickly for the many worthwhile things we do on them. 

For example, if you're efficiently working through emails, reading, responding, filing, etc. at a certain pace you may not be in a defensive state of mind. You're in a flow. And a well-crafted phishing email can exploit this guard-down flow state. 

Back out while you still can!
But just clicking the link doesn't mean you're immediately infected or fully exploited. Often the criminals want you to login to a bogus site so they can steal your username and password, or provide a form you can fill in. The good news is you can stop right there.Don't input any info.

If the weblink tries to infect your computer or device and you see something suspicious happening, like an unusual pop up window (which often quickly occurs after an infection), you can shut off the computer, unplug the modem and router, and get local tech support before the exploit worsens. 
  
This scenario is like being exposed to a virus or bacteria: the sooner you take action to treat it, the higher the success rate. 

Spread the word
Below is an informative site about phishing. If you're in a company you might want to print some of the recommendations from this site and share with staff or post on a wall. It's important we all get smart about phishing prevention.

https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Thanks for reading!
-Sam

Beware of Click and Tap Fever

Beware of Click and Tap Fever

Living much of our lives on digital devices has programmed us to be adept clickers of the mouse or tappers of the finger. Kids especially do this at lightning speed!

But we have become so adept that we're clicking and tapping way too fast, too reflexively. It would behoove us to be more deliberate, especially when selecting weblinks.

Weblinks from Hell
Selecting weblinks without thinking can get us into big trouble, as one click or tap can cause a computer infection, or worse yet, a completely hijacked machine. (This is more common on Windows computers than on Macs or mobile devices – at least for now!)

So, best practice is to NOT open emails, links, or attachments from strangers, or even people you know if something seems suspicious about the email. When in doubt, delete.  If the message is important enough, the person will call, or you can call them.

Careful on Facebook
This applies also on social media sites like Facebook, where clicking a link in a poisoned advertisement can lead to infection.

Don't get Phished!
Phishing is big business in the cybercrime world. Phishing (a twist on the word fishing) is all about trying to hook computer users by clicking/tapping links to infect a computer, scam with a product or service, or hack a computer in various other ways.

The US government created a campaign to promote more careful web use. It’s called Stop.Think.Connect. I recommend you check out their site. (Yes, this link is safe)

https://www.dhs.gov/stopthinkconnect

Training is key
If you’re an employer, you can print out material from the site or show a video clip to your staff. Education is key to reduce risk of getting hacked.

I give cybersecurity presentations to businesses and community groups. You can contact me to schedule on Hawaii Island.

Last, I’m recommending Malwarebytes Anti-malware 3.0, the paid version, to my clients these days. Training and knowledge is primary, second is good security software. 

Here's the site: https://www.malwarebytes.com

After you buy and install it, close all programs on your computer and run a full scan, including your external drives. 

Wishing you a safe day in cyberspace!

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

We Have Met the Enemy and He is Us

We have met the enemy and he is us

If you're doing your best to keep your computer protected from cyber attacks - using a router firewall, running security software, keeping software current, etc. - please be aware, the main threat is closer at hand. 

That threat is you. And by you, I mean all of us end users, sitting between the system and the keyboard. In most attacks, we are the primary means of exploit. 

Social engineering
In many cases, cybercriminals prey upon our good nature to gain access to our computers and/or our private information. A term used to describe this is "social engineering." 

Examples of social engineering include: phone calls to our homes or businesses offering bogus computer tech support; calls pretending to be an institution we belong to; or even calls supposedly from charities. These approaches are tried via email too, in which case they're called "phishing" attacks.  

Don't be polite
Suspicion is the name of the defensive game here. Don't feel the need to be polite when you sense you're being probed in this manner. Disengage from the phone call. Delete the email. Close the webpage. 

Take action
If you feel you may have been scammed, contact the actual institution or business immediately to notify them. If you feel an online account has been compromised, change your password at once. If your computer has been hacked turn it off, unplug from the Internet, and call trusted local tech support asap. 

In sum, to quote that famous Pogo cartoon line: "We have met the enemy and he is us." We have to change our behavior to keep ourselves safer from cybercrooks. All the software and hardware filters we use are just aids and deterrents, not final solutions.   

Thanks for reading.

Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Watch Out for Ransomware Attacks - They're Nasty!

I'll start out bluntly with a reminder: Please don’t click on any emails or attachments you don't recognize, and avoid suspicious websites altogether.

This is an especially important practice because there is a type of widespread cyber attack using ransomware schemes to bilk uses out of money once their computers are hijacked and locked by the hacker. 

The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device is infected with the ransomware, the victim’s files become encrypted. In most cases, once the victim pays a ransom fee, he or she regains access to the files that were encrypted. 

The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. 

Again, be very, very careful these days especially about emails, websites, or phone calls offering computer tech support, no matter how official the offer sounds. 

You can read the full article, which I summarized above, here: 

http://www.ic3.gov/media/2015/150623.aspx

If you suspect your computer is infected by ANY malicious sfotware, unplug if from the Internet immediately and request trusted LOCAL tech support.

Thanks for reading. Your feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

The Myth of the Impervious Mac

The Myth of the Impervious Mac

What's the issue?
Conventional thinking in computer user land - and rightly so for awhile now - is that Macs are unlikely to be infected by viruses. 

That thinking must now change. 

I can attest to working on four infected Macs in the last week prior to writing this article (June 2015). Mac users must start being more Internet-security savvy and protect their computers with security software and best practices.  

Why is this happening?
The infections I cleaned up targeted browser weak points and/or enticed the users to download software - social networking type of exploits. 

In one case the client I helped had downloaded software that launched a webpage prompting her to call a number for tech support. When someone with a thick foreign accent at a call center answered, she was immediately suspicious. When that person asked to remotely connect to her computer, she hung up. Then she called for our help to remove the infection. 

Another client was not so fortunate. She fell for the scam and allowed them remote access to her computer. After she realized the danger and disconnected the remote tech, she called us. I removed 51 infections on her Mac, including some Trojan viruses.

How to not fall victim to tech support scams?
In one of my previous blog posts, linked here, I explained how to be careful about requesting computer tech support. Be suspicious of anyone offering tech support online or calling you. And be very careful about downloading software on your computer. When in doubt, don't do it, or at least spend some time researching it. 

I recommend taking these protective measures on your Mac:

• Back up all important data at once and do so frequently.
• Make sure you have all Apple updates installed, and keep up with doing this.
• Try using Firefox instead of Safari and keep it updated.
• Create an admin account on your Mac, password protect it, then demote your usual account to standard user level and password protect it.
• Install an antivirus program like Sophos, Avast, or AVG and scan you entire Mac; do the scan weekly, or at least monthly.
• Make sure you are behind a hardware firewall in your home or business network.
• Keep up with Mac-specific security news.

Here are some additional Mac-specific security tips, which are a little more techie, such as enabling the Firewall and turning on Vault (to encrypt).

In Sum
Sorry to say it, but Mac users can no longer relax in thinking that Windows systems are the focal point for hackers. It's open season on everyone now. Be careful, and protect yourself the best you can. It's all we can really do, except for limiting computer use on the Internet, which of course, is an option given how much we use our smartphones these days for web and email. I wrote on this subject in this blog post.

Update 5/27/16... here's a post that references the hows and whys of Mac infections...


Thanks for reading,
Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Be Careful When Seeking Tech Support Online

Be Careful When Seeking Tech Support Online

What's the issue?
There are many scams these days in the online world. 

Here's one that can happen when you - the computer user - is most vulnerable: When you've got a frustrating computer problem and need help right away. Translation: When you're stressed! 

Say for example you are having trouble with your HP printer and want to look for help online by doing a web search for HP printer support. Most commonly at the top of the page of your search results you'll see sponsored links (ads) for companies offering help for your problem. However, be careful when proceeding.

Why the concern?
These printer support companies may or may not have your best interests in mind. Don't be fooled by their look-alike logos or claims to be certified or expert in a certain brand of hardware or software. Many of them are overseas (outside U.S. legal jurisdiction) and are trying to lure you to call them, so they can remote into your computer and sell you services to fix various issues they claim are wrong with your computer (in addition to what you called about). 

How to protect yourself against such scams?
Always look at the web address (URL) of any link before you click it. It if doesn't belong to the vendor of the product you are researching, such as hp.com, be wary about any offer of support. 

And be very, very particular about who you let access your computer remotely.

Once connected to your computer they can install software to snoop on your system, cause infection, and gain remote access in the future without your permission. Plus, if you give them your credit card for payment without some due diligence, you could be in further jeopardy of identity theft. 

I'm not saying there are no legitimate remote support services or phone tech support to be found online. Just be very cautious. 

When should you be alarmed?
If you take the gamble and hire someone online, and they do solve your problem, just say no the minute they try to sell you extra services. Only pay for what they quoted for the specific issue you contacted them about. Ask them to email you an invoice, so you can see the service and charges before you provide credit card info, and only give the minimal payment info - don't provide your billing address, your phone number, etc. 

Where can you find more info on this topic?
Here is a site with some pointers for avoiding online fraud. 

Who can help?
Here are my rules of thumb for seeking tech support:

First, contact the hardware or software manufacturer, especially if under warranty. Even if you have to pay for the call (for out of warranty items), they are more likely to help because they usually know their product best, including all the failings. 

Second, call the retailer who sold you the product if you can't get adequate tech support from the manufacturer. Ask if the product can be replaced. Even if you have to pay for shipping, it might be cheaper than buying a new one. (And, remember, they want to keep you as a customer.) 

Third, ask a friend or relative for a referral to a local IT professional. Hiring someone local and referred gives you a level of comfort with the provider, and supports the local economy. Get a quote, because the cost of a service call may lead to your biting the bullet and replacing the product instead of attempting a fix. 

In Sum
In general we tend to have faith in people and would prefer a win-win business exchange. The Internet is a wonderful resource. But the opportunity to take advantage of people online is too tempting. The Internet facilitates quick and somewhat anonymous commerce, so it's easy to set up scams. 

As consumers on the Internet we need to double and triple our guard. Hope for the best, expect the worse!

Thanks for reading. You're feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email" in the request form.