Category Archives: Security

Email, Hotmail, Keep Safe Online, Phishing Scams, Security

Viruses, Malware and Worms, Oh My! – Part 1

November 11, 2013 Computers Made Simple Leave a comment

All this week we’re posting tips on ‘safe computing’; how to keep safe online. While we write about PCs mostly, these tips will apply to Macs too, most of them anyway. If you use an Apple computer (a Mac), don’t assume that you’re safe from these exploits. You’ll need to stay on your toes no what what type of computer you use.

Email – Threats in your Inbox:

We all get large amounts of spam email every week. Normally any junk email easy to spot. Some types of phishing emails are a little bit harder to pick out. Here’s an example of a phishing email in one of our junk folders:

Photo of Phishing Email 1 — **We don’t have a Discover card but if we did, we just might open this.**

Out of the millions of people who receive an email like this, a certain percentage would almost certainly have a Discover card, right? Let’s see what the email is all about:

Photo of Phishing Email 2 — **Oh no! ‘Irregular activity’ on our non-existent Discover card.**

Whether these emails mention Discover cards or bank accounts or airline tickets, there is one simple way to check if they are phishing emails. Aside from the fact that your credit card would call you on the phone to report ‘irregular activity’ on your card or account, don’t you think they would know your name? Any emails from these kinds of institutions, and they don’t send out many at all, would always have your name in the subject line as well as in the body of the email.

We get a notice once a month about our account statement being ready, complete with our name in the subject and our name in the salutation of the email. We also get emails from PayPal about different specials they are running and, again, our name is right up front in the subject line.

Obvious Clues:

Aside from the name issue, this email has a couple of other clues that it’s a fake. At the top, you’ll see that it purports to be from ‘discover@email.discover.com, which is probably a legitimate address. If that’s the case, why would the link in the body of the email lead to ‘cicfif (dot) cn’? That .cn is the top level domain for China, in case you didn’t know. When did Discover start using a domain in China for their security office?

Besides that, as we mentioned before, credit card companies don’t email their customers when there is a problem. Speed is of the essence in these situations. The companies don’t want to interfere with their customers activities but they do want to minimize any fraudulent use of the credit card in question. There’s nothing faster than a phone call to settle these issues. An email would never be used.

Phishing. What the heck is it?

Any unofficial (fake) email or website that asks you to fill in your personal information is said to be phishing for that information. While a virus is bad and malware can really slow down your computer, phishing can hit you right in the purse or wallet. If someone gains access to your bank account or credit card details, they can clean you out in a matter of minutes. Depending on which bank or credit card company you are with, you may or may not be liable for these losses. It’s always a good idea to check out the fine print before something like this happens.

How to Protect Yourself:

1. We strongly suggest that you use an online email account, as opposed to one that is with your ISP (Internet Service Provider). We use outlook.com (formerly hotmail), gmail and yahoo for our various accounts. Why is this important? Primarily because none of the emails from your online accounts are actually stored on your computer. Since you have almost unlimited storage space with these companies, as opposed to the limits set by your ISP, you don’t have to download the emails to read them. As a matter of fact, outlook doesn’t even let you download your inbox. Dangerous or phishing emails never reach your computer, they stay on the online servers.

All of these online email companies have very strong anti-virus/malware filters in place, far stronger than what your ISP probably uses. Before an email gets into your inbox, it must pass through very strict screens. If you have set up your account correctly, most junk emails will end up in your junk folder. You will not be able to click on any links contained in them until you certify that they are safe.

2. Don’t click on any link in email that is not from someone you know or a company that you do business with and has mentioned you by name in the email. Even if the email is from a friend, we’d suggest not clicking on it until you can verify that they actually sent you something. If their email account has been compromised, whatever form of malware that did it will now be accessing your contact list and sending out emails as soon as you click on the link.

3. Since email links can be faked, think about alternative ways to access your credit card or bank account online. Type the address into your browser yourself if you feel the email might be legitimate. Here’s how a link in an email can be faked, in case you didn’t know. Click on this link (it is totally safe, believe us): www.freestuffforyou.com What? No free stuff? Not today, just free information.

4. Here’s a trick for you, one that might keep you safe in the future. Your browser has a cool feature in it that you probably never use. Hover over any link that you see, no matter if it’s in an email or on a website. Don’t click on it, just hover over it with your cursor (mouse). Down on the lower left, right at the bottom of your screen, you’ll see where the link really leads. Try it with our fake link just above this.

That’s it for today, just some simple tips on keeping out of trouble with email scams and phishing. These are things that you actually have to try to get stung with. Your actions in these situations control whether you get into trouble or not. Later on this week, we’ll deal with things that are out of your control. Stick around. Better yet, like us on Facebook and keep up with our tips, tricks and posts: Computers Made Simple on Facebook

Thanks for reading!

Keep Safe Online, Security

Things That You Shouldn’t Click On

October 28, 2013 Computers Made Simple Leave a comment

In actual fact, there are probably thousands of things you shouldn’t click on when you’re on the Internet but we’ll deal with some that might pop up when you’re simply surfing. Here’s what got us started on this path.

We love Formula 1 racing, actually all forms of car racing. Unfortunately, our local networks don’t carry every F1 race. Luckily we’ve found several sites that stream these events live using TV feeds from around the world. While the commentators might not be speaking English, we don’t really care since a car race is pretty self-explanatory. Now, we’ll be the first to admit that this kind of streaming isn’t exactly kosher. It’s on the edge of what some people would consider being legal. Regardless, we’re hooked on F1 so we do it.

The sites that we use, which will remain nameless, are full of pop-ups and adult ads. On top of that, every page has warnings that suggest your browser is out of date, you need a plug-in to watch the video (you don’t) or your computer has a virus and clicking on a link will fix it. In reality, all of these warnings are false. The links look very official, however, and we think that you may find this kind of malware in other places on the Internet. Here are some examples of what we are talking about:

Photo of Ten Things 1 — **This looks official right? It’s not.**

Photo of Ten Things 2 — **Your browser will play any video on the Internet. You do not need any other media player.**

Photo of Ten Things 3 — **If you use Chrome, everything is up to date as soon as you open the browser. It’s done automatically.**

Photo of Ten Things 4 — **Wrong. No plugin needed.**

Photo of Ten Things 5 — **Chrome updates itself. Don’t click on anything like this.**

Photo of Ten Things 6 — **This looks official but it isn’t. Internet Explorer is upgraded with Windows Update, not in the middle of browsing the Internet.**

OK, you get the point. If you only surf well known sites, you’ll be fine. The problem comes when you step off the main road a bit and click on a link in Google that just might lead you to a site that installs malicious software if you click on the wrong button. Chrome will try to protect you from all of this but it’s not perfect. New malware sites pop up every day. You have to learn to protect yourself.

When you come across things like this, simply close the browser completely. When you restart it, don’t restore the last session, otherwise the whole thing will start again. Now, the problem that might come up is that some of these malware popups won’t allow you to close your browser, even if you click the little X on the top right. In fact, if you do click on that X, a whole other window might pop up! What to do? Here’s where we need the old ‘three finger salute’, the magic buttons that bring up the Windows Task Manager. Look for these keys:

Photo of Ten Things 7 — **Control (CTRL) Alt and Delete (Del). Press all three at the same time.**

By pressing these keys, you bring up this screen:

Photo of Ten Things 8 — **Click on Task Manager down at the bottom.**

Once you click on Task Manager, this is what you see:

Photo of Ten Things 9 — **Look for Chrome or whatever browser you are using.**

What you are looking at is essentially the On/Off switch for everything that is running on your computer at this point in time. Once you find the program that won’t shut off, highlight it by clicking on it, then click on End Task down at the bottom. This applies to any program, of course, not just browser windows that won’t close. Say you’re using VLC or Media Player and it won’t close. Use this technique to shut it down.

TIP: Why is all of this important? If you do happen to click on any of these things, malware (bad software, like a virus) will be installed on your computer. Once this stuff is installed, you probably won’t notice much difference but, and this is the bad part, a key logging program will be running in the background, sitting there waiting for you to log in to your bank account. Once you do that, your password and credentials are sent off to a third party who can now steal your identity and, of course, some or all of your money.

We’ve shown you how to spot bad links and how to resolve a window that won’t close. Your job is to make sure that you and everyone who uses a computer in your house is aware of this. Tell your friends, share this post, tweet about it! Be the town crier, if you want everyone to be safe. We’d advise you to use Google Chrome as well as good anti-virus, anti-malware software. We like Windows Defender (Windows 8) or Microsoft Security Essentials (older versions of Windows). Both are free, by the way. You don’t have to pay for protection.

Thanks for reading. If you have questions or comments, use the form below. Better yet, like us on Facebook and you’ll be able to keep up with everything we post there. Here is the link: Computers Made Simple on Facebook

Keep Safe Online, Security, Strong Passwords

The Only Password You’ll Ever Need

September 27, 2013 Computers Made Simple Leave a comment

Security experts tell us that we should have a different password for every account we use. That’s easier said than done, isn’t it? If you’re tired of trying to remember obscure passwords for all of your online accounts, here’s a quick and easy way to streamline the process. There are a few ways that you could integrate this into your daily routine but that’s up to you. We’ll give you the basics, you adjust the parameters. Let’s get going:

First:

Make a reasonably strong initial password. Here’s a link to our post on how to do exactly that: Passwords – How to create a good one. You can actually write the password down, that part won’t matter too much if someone else finds it.

System A:

2. Let’s say that you’re going to sign in to your Outlook or email account. You would use the password you just created then add a letter that corresponds to the account you’re currently using. If your password is AbC54F (bad example, we know) then you would add an ‘o’ if you were using Outlook or a ‘g’ if you were signing in to Gmail. Whether you add the letter at the start or the end or the middle wouldn’t matter, as long as you remember where it goes, as in: oAbC54F or gAbC54F or AbC54Fo or AbC54Fg. Caps are possible too, of course.

You’re using a different password for each different account, that part satisfies the security experts, plus you’ve got only one thing to remember for each account, aside from the password itself. That one thing, the letter, is staring you right in the face so it’s a bit hard to forget. To make things a bit more complicated, you could add the same letter or the first two letters, one at the start and one at the end, to make your gmail password gAbC54Fm or oAbC54Fu for Outlook.

System B:

While system A keeps the experts happy, you still have to remember the password as well as the lettering system you’ve set up. System B eliminates that problem but won’t satisfy the security peeps. For any account you use, add a punctuation mark or letter or number to one end of the password. In other words, you would enter the password, such as AbC54F, then put an ! at the start or a ? at the end, something like that. It doesn’t matter what you use, just remember where you put it. If you use the same punctuation mark, number or letter for every account, there’s virtually nothing to remember, except the initial password.

Photo of Mnemonic — **Create your main password with mnemonics, then add something to it to keep it secure.**

Mnemonics

Use mnemonics to create the main password as described in our post, the link is at the top of the page. If that password is strong enough, and easy to remember, then you can use it for all of your online accounts using our ‘add something to it’ technique. Better yet, make up your own system using our basic instructions. A word, a year, something that is unique to you but, best of all, something that will be totally secure, even if someone gains access to your main password. Now you can forget obscure combinations of numbers and letters, leaving you more memory room for birthdays and anniversaries. How cool is that?

Thanks for reading. Like us on Facebook and you’ll make us very happy. Here’s the link: Computers Made Simple on Facebook Thanks!

Adjust Default Privacy Settings, Facebook, Facebook 101, Facebook Secrets, Facebook Tricks, Hide Facebook Likes, Privacy, Security, Social Networking

Facebook Caveats – A reminder of what you can and can’t hide

September 25, 2013 Computers Made Simple 2 Comments

We’re still getting comments about Facebook and its arcane and obscure privacy settings. Not only are they as described, they are also well hidden. Here’s a short set of tips for you:

Things you can’t hide:

Cover photos are all public, all the time.

Profile thumbnails are all public, all the time.

Mobile albums, the ones you upload from your mobile device, seem to default to ‘public’. You have to change the setting to something else if you don’t want these pics to be wide open to the world.

Mutual friends can’t be hidden. You can hide your complete friend list but NOT mutual friends.

While you can’t hide your ‘About’ section, you can hide virtually all of the details in it.

Summation: Three sections can’t be hidden. These are Mutual Friends, Cover Photos and Profile Photo thumbnails.

Actions you can’t hide:

Photo likes and comments cannot be hidden. If you like Jim or Jane’s photo, everyone that can see the photo will know it. Ditto for comments. There is no way around this. Like something that isn’t under your control and everyone who can see that ‘something’ will see your like or your comment.

The act of liking a page. While you can hide the fact that you like a page, either by hiding the whole section or by quickly removing the action from your activity log, the initial like might show up somewhere. If the act of liking a page can get you into trouble, don’t like it. Read the next tip.

TIP: Facebook now tells you that “If you hide a section, individual stories can still appear on your Timeline, in News Feed and elsewhere on Facebook.” Change the word ‘section’ to just about anything that you do or share on Facebook and you’ll be well on your way to seeing that virtually nothing on Facebook is private. Even if it is private to your friends and the world at large, it is not private to employees of Facebook. OK?

Groups:

If joining or starting a group will cause you problems, don’t do it. Group settings are up to the group admin and can be changed at any time. If being in a group threatens your privacy or home life, don’t join it.

The Answer to Facebook’s (Anti)-Privacy Settings:

Start a fresh, anonymous profile, one that doesn’t reveal anything about the real you, and use it to enjoy everything you can’t hide on your real profile. Keep the new profile open in another browser and you can blithely click like or comment or post anything you want. You can relax and be your real self without harming anyone else. Go for it!

Facebook changes frequently. Keep up with these changes by Liking our Facebook page. Here’s the link: Computers Made Simple on Facebook

Thanks for reading!

Keep Safe Online, Phishing Scams, Scam, Security, Security Questions

Avoid Phishing Website Tricks

August 26, 2013 Computers Made Simple 7 Comments

We had a curious experience this week that made us realize how easy it is to be tricked by an unscrupulous website. Here’s how it happened and here’s what you can do about it:

1. When you are on a Facebook page, you’re usually quite safe, right? It’s when you click on a link in a comment or beside a photo that you might get into trouble. Here’s an example of what we’re talking about:

Photo of Phishing Tricks 1 — The photo itself isn’t the link, the blue line is.

In this case, you can click on the photo to enlarge it or you can click directly on the link. Where does the link lead? We don’t know, do we. The link has been shortened. When a link looks like this, you have to ask yourself, “Is this safe to click on?” In spite of the fact that we know and trust ‘Home Design’, how do we know their account hasn’t been compromised (hacked)? We don’t. Is it worth clicking the link? Better not.

2. Here’s an example of a safer link:

Photo of CBC Url. — **The CBC uses full links, not shortened ones. It’s obvious where this link leads.**

Just for extra security, hover your mouse over any link on a page then look down at the bottom of your browser window. The real url of that link will be shown there. Like this:

Photo of Phishing Tricks 3 — **Here is the real URL of the link, in this case it’s the same as the link in the CBC post.**

3. Next, the phishing attempt. You’re already on Facebook. You know that. When you click on a link and the page that comes up happens to look like a Facebook page and asks for your password, wouldn’t that set off your warning alarms? Facebook knows your password, you are still logged into it. Why would they be asking for that password again? They’re not. The link from Facebook led to a page that only looks like it belongs to Facebook. Look up at the top of your browser window. This is what you should see if you are still on a Facebook page:

Photo of Phishing Tricks 5 — **Make sure the url reads: https://www.facebook.com**

4. The above information is for Facebook but this also applies to your email, Twitter, Instagram and other accounts that you must sign in to use.

TIP: When you find yourself on a page that asks for your password, close your browser, reopen it and type in the URL yourself. If you happen to click on a link in an email and a page opens that asks for a password, close the tap, open another one and type the address that you want at the top.

We hope we’ve given you some useful tips about how to guard your identity online. There are many different ways that unscrupulous people can get access to your different social networking accounts. If you have questions or tips about this yourself, let us know.

Thanks for reading.

a little bit of hi-tech, a little bit of common sense and a lot of fun