Apple iDevices Held for Ransom Down Under: Don’t Reuse Those Passwords, Mate

May 29, 2014 at 2:13 pm (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch) (, , , )

Something interesting happened in Australia recently when Mac, iPhone, and iPad users were hacked using Apple’s Find My iPhone feature to lock devices and send ransom messages to the owners. They demanded a $50 “unlock fee” to be paid via PayPal payment from the owners. 

 

While it wasn’t immediately evident how these hackers gained access to the devices, it was soon ascertained that they obtained the information from a data breach. Because many people reuse passwords, it is likely that the hackers found people who used the same passwords for the accounts from the data breach and their Apple ID, which then allowed them control of  the iDevices. 

 

Apple made a brief statement to let people know that iCloud was not compromised.  They also advised those affected to change their passwords. They can also go to their local Apple store or call Apple Care if they need additional assistance. 

 

This reinforces the sensibility of utilizing two-step authentication whenever possible, and reminds users to never reuse the same password across accounts. It also reiterates the need to use a good password manager such as 1Password to create strong passwords for all your accounts. Until next time, be safe with those passwords folks. Friends don’t let friends reuse passwords.  


Permalink Leave a Comment

The Heartbleed Bug, 1Password, Watchtower, and You

April 18, 2014 at 6:58 pm (1Password, Apple, Current Events, iDevices) (, , , , , )

Anyone who has spent any time with me knows that 1Password is one of my favorite applications.  It ranks right up there with Evernote, TextExpander, and Dropbox for must-have, can’t live without applications for Mac and iDevices alike (and even Android and Windows folks are covered).  1Password has long been my go-to app for password management, secure note storage, software license info, and general account and login information. It even helps me complete online orders quickly, easily, and securely. 

 

Heartbleed logo

 There was a new bug discovered recently called Heartbleed.  This bug is of the electronic variety, not the pesky outdoor variety…although both have the potential to be particularly troublesome.  The Heartbleed bug affects most all of us in one way or another.  It has been shown to be a serious vulnerability with SSL encryption, which is used to provide security over the internet for many applications such as instant messaging, web applications, email, and some virtual private networks (VPNs). SSL is the ’s’ in https, or to break it down a little more, it is what usually keeps your information secure and is shown by the little padlock icon in your browser’s address bar.  Without getting too technical, the Heartbleed bug essentially allows the bad guys to access what the user thought was their secure data, such as account user names, passwords, and possibly even the actual content. 

 

In order to fix it and recover, the owners of the services and the service providers must patch the vulnerabilities and distribute new versions that clients will implement generally by upgrading their software. Additionally, users should change their passwords, 

 

Most everyone is affected in some way, largely because of the widespread popularity of OpenSSL. In addition to being used by many social networking sites, blogging sites, ecommerce sites, and even some government sites, OpenSSL is also used for mail and chat servers, and VPNs (virtual private networks). It is very difficult to detect because the bug leaves no trace of abnormalities in the user logs. 


Dave Teare, co-founder of AgileBits, and developer of the aforementioned awesome password management software, 1Password, released a newsletter to users to inform them of the Heartbleed bug, and to let them know how 1Password can help them defend themselves. 

 

1Password was not affected by Heartbleed because it uses a different type of encryption. The data within 1Password is completely safe.  However, you will need to change your password for any websites that were affected.   

 

1P logo

 1Password makes it incredibly easy to change your passwords. They have a terrific feature that enables you to do something called a security audit. With a click of a button, it tells you which of your passwords are weak, which are duplicates (bad!), and which are older (6-12 months, 1-3 years, 3+ years) which is especially good if you use time sensitive passwords or work somewhere that requires they be changed monthly or quarterly.  I could never keep up with the timing on those when I worked at Apple, and it never failed that I would have to change my password at the most inconvenient time.   

 

One of the most common questions after Heartbleed was publicized was, “Which passwords do I need to change?” but part of the problem was that folks didn’t know whether a particular site had patched (or fixed) their vulnerability without going to every single website for which they had an account.  Talk about a huge time suck.  I could have spent a few days just checking websites.  Then, I would have had to note which sites were fixed, and which sites I needed to follow up with if they had not been patched.  Surely there was an easier way, right?  Yep, and the wonderful folks at 1Password helped us with that. 

 

Watchtower

 Enter 1Password Watchtower. Talk about slick!  I am so loving this new feature.  It will let you know the status of the websites affected by Heartbleed.   For example, it will let you know if you need to avoid the site until it is fixed, if it has been fixed and you need to change your password (see example screen grab), or if it was never vulnerable and therefore not affected, so you don’t have to change your password for that particular site.   The danger of reusing passwords (using the same password for multiple sites) is because if you use a password on a site that was vulnerable, the bad guys could have accessed your user name and password.  Then they could go to a site that wasn’t vulnerable on its own, but they didn’t need it to be vulnerable, because you had already handed them your user name and password on one of the other sites. Does that help to better explain why it’s such a bad idea to use the same user name and password for everything?  Here is more information on the new Watchtower service.  


Cult of Mac published a very helpful article  that walks one through the process of resetting affected passwords quickly and easily.  They have also listed links to the password reset page of popular websites such as Facebook, Google, Amazon, Instagram, IFTTT, and many others. Using the Security Audit feature, you simply start at the top of the list and follow the step-by-step instructions to change your password.  Once you’ve finished with that website, just go to the next one on the list until you’ve finished all of them.  How much time it takes will obviously vary depending on how many passwords you need to change, but it really is a fairly quick and painless process.  Plus, it should go without saying that now you will have peace of mind that your login information is safe again. 

If you don’t already have it, pick up 1Password today and get started on your path to a safer online experience.  Then, next time your friends are freaking out because “ACME Data” got breached, you can say, “Meh, I have 1Password. Not worried.” and keep on watching your videos.


For more information about Heartbleed, 1Password, and Watchtower, head over to 1Password’s website.  Their terrific blog has all the latest information about things that would be rocking your world in a bad way, were it not for 1Password keeping things in balance.  Cheers!


Permalink Leave a Comment

Geocaching: Creative Caching Redux

March 18, 2014 at 5:39 am (Geocaching) (, )

With the exception of “Can you help me fix my (insert Apple product here)?”, I probably get asked about geocaching more than anything else, by friends and strangers alike.  I have written a couple of posts about geocaching, and folks frequently ask me about new caches that I’ve made.  Since it’s been awhile since I’ve mentioned any here, I decided an update was in order. Following are a few of my recent “creative caches”.

 

SmileyCache

  The first is a small finger puppet that fit perfectly over a pill container sold at the drug store for a few dollars.  It has an 0-ring, making it waterproof.  I just glued that puppet onto the top of the container, so it will still unscrew without any difficulty.  Just add log and hide.

 

 

 

BirdCache

  Next, is one of my favorites.  It is a bird decoy that I picked up at the hardware store for a few dollars.  It has a small plastic tab at the feet, which is where I chose to place a plastic screw top container that came inside a nano bison container.  The size was perfect. Now, I can just add a clamp onto his other foot, and perch him on a branch in a tree.  

 

 

NestEggsCache

  To go along with the bird, I have a nest with a couple of eggs.  I used one of those “everything tools’ to hollow out the inside of one of the eggs, and glued a plastic screw-top container inside (again, one of those little tubes that was inside the nano bison tubes). I lightly glued the eggs into the nest, to make it easier all around.  The nest will be attached to a tree branch with some brown wire to enhance the camouflage. 

 

 

Lantern cache

  Next is a little lantern that I picked up in the miniature section of the hobby store.  The lantern is a couple of inches tall, and it was the perfect size for the top of a nano cache to be attached to the bottom of it.  I did a test run and hid it hanging on a gazebo that gets a lot of foot traffic to see if it would get “muggled” (that’s when a non-geocacher either destroys or steals the cache); it has been there for about 3 months without incident. I even received an email recently from someone who “discovered” it whilst scoping out hiding places of his own, and he signed it as the “First to Find Before Publishing”.  That isn’t an actual designation, but it happens occasionally, and I’ll definitely give him credit for it.  

MushroomCache I think I’m finally ready to publish the coordinates and let folks find these caches for real.  🙂   Last, but not least, is a little mushroom that I picked up at Walgreens in their seasonal section along with other gardening-type decorations.  It had a little spike attached for sticking it in a plant.  I glued a plastic screw-top container to the underside of it, and stuck it in the ground near a tree stump.  It is just the right color that it looks like it belongs where I placed it.  I’ll be excited to see that comments that come back on that one. 

 

 

 

I hope you enjoyed getting a sneak-peek into a few of my recent “creative caches”.  Let me know what kind of caches you’re making these days, and if there’s something in particular you’ve run across that’s particularly creative or devious, let us know about it.  I’m going to go double-check my coordinates and publish some new caches for folks to find!  Until next time, cache on!

Permalink Leave a Comment

End the Backlog of Unprocessed Rape Kits

January 18, 2014 at 4:31 am (Current Events, inspiration, Personal) (, , , , , , , , )

NewImage

An episode of Law & Order: SVU a couple years ago highlighted the backlog of unprocessed rape kits across the country.  Mariska Hargitay has portrayed Detective Olivia Benson since the show’s spin-off from Law & Order 13 years ago.  Jennifer Love Hewitt guest-starred on this particular show, giving an incredibly emotional performance as a repeat rape survivor.  Women are traumatized along the way after they survive the actual rape.  They must endure the agonizingly slow and invasive process of evidence collection, which can take 4-6 hours, to obtain the hair and body fluids for DNA collection.  The victims are tended by health care workers (hopefully, but not always, by a trained Sexual Assault Nurse Examiner). They must tell and re-tell their experience to police officers, legal representatives, mental health professionals, and more. Much of the time, the victim has no idea if her assailant has been arrested, if he is incarcerated, or if he is still out there, free to terrorize others. It is actually up to the victim to follow up and see if their kit has been tested. 

The DNA evidence is often instrumental in the identification and conviction of the rapist.  That is why it is essential that the victims go thru each step of the difficult process.  It is ridiculous that the victim has to follow up on whether or not her rape kit has been tested, but for many tens of thousands of women across the country, that’s just what they must do.  

NewImageDriven to become an advocate for sexual assault survivors after receiving so many moving letters from women telling her what they had endured, Mariska Hargitay founded the Joyful Heart Foundation in 2004 to help the survivors of sexual assault and domestic violence “heal and reclaim their lives”.  The Joyful Heart Foundation is committed to helping end the rape kit backlog. To this end, they have launched endthebacklog.org, with the goal of ending the backlog of untested rape kits, and identifying best practices for eliminating this backlog by increasing public awareness at every level: local, state, and federal.

Every two minutes, someone is raped in America. One staggering statistic from the FBI notes that only 24% of reported rape cases result in an arrest. The enormous backlog in untested rape kits has a lot to do with it.  At an average cost of $1200 for each kit tested, many crime labs and police departments simply do not have the necessary resources to process the kits. The backlog not only allows the rapist to get away with his crime, it also prevents the victim from getting justice.  In many cases, the rapist will rape again and again.  Survivors deserve justice.  

In New York City, the arrest rate for rape went from 40% to 70% after the city eliminated its rape kit backlog in 2003.  In Detroit, after testing began on more than 11,000 kits, over 100 potential serial rapists were identified from just the first 1600 kits tested.  In August, a $500,000 grant was awarded to the Memphis Police Department to screen untested rape kits.  They would be able to send 2226 kits for preliminary testing, which would still leave over 10,000 kits untested, some of those dating from the 1980’s.  It makes me sick to my stomach to think about over 10,000 untested kits sitting on a shelf somewhere in my hometown, kits that could put criminals behind bars for the rest of their lives, and kits that could bring closure and peace to some of my friends. 

What can you do?  Help spread the word about the rape kit backlog.  Use social media to tell others.  They have an excellent and informative website, and the pages can be quickly and easily shared, just by clicking the Twitter or Facebook icons.  You can help end the backlog.  
 

Permalink Leave a Comment

Start Your New Year with Day One

January 1, 2014 at 6:43 pm (Applications, iDevices, iPhone/iPod Touch, Personal, Productivity, shareware, writing) (, , , , , )

Happy New Year!  Another year beginning, another year ending, resolutions to make, resolutions to break.  I’m not being pessimistic, just realistic.  In the past couple of weeks with the old winding down and getting ready to give way to the new, I’ve had several friends ask me if I still journal, and if so, what app I use.  

I have always jotted down thoughts here and there, since I was a kid and got my “First Diary”.  You remember those, right?  They were little books with a cardboard flap and a couple of flimsy keys that anyone with a pair of scissors or a paperclip could get into; but we were young, so we thought it was locked up tight.  But, how things have changed.  Well, sort of.  They still make those for the kiddies, but our adult selections are so much better.  Most of the ones you actually write in no longer have locks, and are made of leather, pleather, vinyl, card stock, etc. and can be found ruled, as a grid, or blank.   

Day One Icon

But, for those who have transitioned to the digital world, (wait for it…), there’s an app for that. (You had to know it was coming). Actually, there are a lot of apps for that now, and quite a few good choices. But the one that has won my heart is the award-winning Day One.  It is a truly wonderful app for Mac, and there is a universal companion app, which is an excellent standalone app in its own right, for the iPhone and iPad. 

It is incredibly easy to get started, and you won’t even have to read any how-to guides to get up and running.  Their tag line is “Record life as you live it”, and the app’s design makes it easy to do just that. The interface is simple, clean, and minimalistic. Data that is automatically entered includes date and time, location, weather, photo EXIF, activity (walking, biking, running), and music playing. There is tagging and Markdown support, as well as customized reminders that you can set to be sent daily or weekly at certain times. The app really shines with its organizational abilities, as you can view past entries using the calendar, maps, photos, timeline, and more. Day One’s Mac version has a nifty little Menu Bar quick entry feature where you can (just like it sounds) make an entry right from the Menu Bar without opening the application. That’s great for a quick notation, or even a longer one when you’re not attaching a photo. Automatic backups keep your data safe as well.

Your entries can be synced from your Mac to and across your iDevices using iCloud or Dropbox.  I will say that I tried to use iCloud, and I really wanted to use it to save my rapidly filling Dropbox space.  But, I kept having issues with it, and in the end, it was just easier to disable iCloud syncing and go with Dropbox.  I haven’t had the first issue since the switch.  

Entries can be shared by emailing to friends and family or posting to social media sites such as Twitter and Facebook. Day One also creates individual webpages at dayone.me for any entires you want to publish. I’ve seen examples of it used for almost anything you can imagine, for typical writing and journaling, for research, for reviewing books, movies, and other media, as a work journal and timekeeper, as a travel and mileage log, as a prayer book and inspirational guide, and much more. 

I must say that it is a joy to use Day One.  I use it for jotting quick notes about events or captioning a photo, as well as making more personal longer entries or capturing special events. I’ve also been using it to log geocaching adventures, as well as ideas for my own devious geocaches to hide.  Give it a try and let me know what you think.  

You can get more information about Day One at its website here.  The Desktop version for Mac is available thru the Mac App Store for $9.99 and the Universal version for iPhone, iPad, and iPod Touch is $4.99. Now go jot down all your resolutions, then use Day One to write about them. Once you start using it, you’ll be likely to continue.  Enjoy!

Permalink Leave a Comment

Start a Christmas Tradition with Elf on the Shelf

December 8, 2013 at 8:41 pm (Humor, inspiration, Personal) (, , , , )

I’m always a little envious when I hear people talking about family traditions.  We never had any traditions.  So, when I heard about the Elf on the Shelf, my ears perked, and I started thinking that it could be a nifty little tradition, not only for Malissa and me, but for us to have with Stephanie, my 7-year old cousin, who is more like my niece, but you get the idea.

NewImage

 So, here’s the premise, as told in the book that includes the elf:   the elf has been sent by Santa to keep an eye on their assigned child and report back to Santa; the elf, who is named by your child, appears around Thanksgiving, and relocates within their assigned home each evening…some creative parents leave treats and little “happies” as a gift from the elf for the child;  the elf is not to be touched by the child(ren) in the home, or else he loses his magic; consequences for touching the elf is that he loses his magic and must return to Santa for a period of time; the elf returns to Santa on Christmas Eve each year.  

It’s already a bit too late this year, but you can bet I’ll be ordering my very own elf (likely from Amazon) during the after-holiday sales.  They are a rather hefty $30-40 right now, but a friend told me she got hers last year after the first of the year for about $15.  That’s much more doable.  This will be a great little tradition for us, and I can use my extra time planning all sorts of little treats and crafts.  If I start now, I just might be ready by next Christmas 🙂  
Happy Holidays!

Permalink Leave a Comment

Be Part of The Sketchbook Project

November 18, 2013 at 8:12 pm (Uncategorized) (, , , , , )

Do you sit around and doodle on paper as you chat on the phone?  Do you doodle on a napkin whilst waiting for your food to arrive?  Do you carry a Moleskine or Field Notes book everywhere you go?  Do you eschew ruled paper for the grid, because it’s so much better for sketching?  Whether you are a real artist, or just a closet sketcher, consider joining The Sketchbook Project.  Started in 2006 in Atlanta but moved to New York City in 2009, it is best known for an evolving library featuring more than 30,800 artists’ books that have been contributed by creative souls from over 135 countries.  Their small organization now comprises a community of over 60,000 artists worldwide. 

NewImage

  What is included?  When you send your contribution to The Sketchbook Project, they will send you a blank sketchbook containing 32 pages of 70lb.paper.  You can then fill it to your heart’s content as you are inspired It doesn’t have to be just artwork. Fill it with drawings, poems, photographs, lists, stories, or anything else you feel led to include.  Send your filled sketchbook back by the stated deadline (detailed instructions are included). Books are catalogued, tagged, and searchable in the library system, particularly those that are digitized – they can be digitized for an additional fee, in which case they are professionally photographed and uploaded online, just like any other digital works in the library. The mobile library will travel next summer to cities across North America. Details can be found on the website, and folks can follow on Instagram. It is so much fun to look thru the online digital library and see what others have done.  There are some seriously creative folks out there…and maybe a few seriously disturbed ones as well.  😉  

You can also support the project by purchasing project journals, t-shirts, blank journals, and even a “sleeping bag” for your sketchbook. To participate, go to The Sketchbook Project to sign up. The “analog” version is $25, and includes a blank sketchbook, archiving at the Brooklyn Art Library, and will be included in the traveling exhibits all across North America.  For an additional $35 (total $60), your sketchbook will be professionally digitized, and will be added to the online library where you will be able to share it with people all over the world.  You will be able to catalogue your sketchbook by using tags, themes, and other descriptors, making it searchable in the exhibition kiosks. Sharpen your colored pencils and get your creative juices flowing. I’m going to order mine right now.  This might be your only chance to be published…go for it!

Permalink Leave a Comment

End the Backlog of Unprocessed Rape Kits

October 15, 2013 at 6:18 am (inspiration, Personal) (, , , , , , , , )

NewImage

An episode of Law & Order: SVU a couple years ago highlighted the backlog of unprocessed rape kits across the country.  Mariska Hargitay has portrayed Detective Olivia Benson since the show’s spin-off from Law & Order 13 years ago.  Jennifer Love Hewitt guest-starred on this particular show, giving an incredibly emotional performance as a repeat rape survivor.  Women are traumatized along the way after they survive the actual rape.  They must endure the agonizingly slow and invasive process of evidence collection, which can take 4-6 hours to obtain the hair and body fluids for DNA collection.  The victims are tended by health care workers, hopefully, but not always, by a trained Sexual Assault Nurse Examiner. They must tell and re-tell their experience to police officers, legal representatives, mental health professionals and more. Much of the time, the victim has no idea if her assailant has been arrested, if he is incarcerated, or if he is still out there, free to terrorize others. It is actually up to the victim to follow up and see if their kit has been tested. 

The DNA evidence is often instrumental in the identification and conviction of the rapist.  That is why it is essential that the victims go thru each step of the difficult process.  It is ridiculous that the victim has to follow up on whether or not her rape kit has been tested, but for many tens of thousands of women across the country, that’s just what they must do.  

NewImageDriven to become an advocate for sexual assault survivors after receiving so many moving letters from women telling her what they had endured, Mariska Hargitay founded the Joyful Heart Foundation in 2004 to help the survivors of sexual assault and domestic violence “heal and reclaim their lives”.  The Joyful Heart Foundation is committed to helping end the rape kit backlog. To this end, they have launched endthebacklog.org, with the goal of ending the backlog of untested rape kits, and identifying best practices for eliminating this backlog by increasing public awareness at every level: local, state, and federal.

Every two minutes, someone is raped in America. One staggering statistic from the FBI notes that only 24% of reported rape cases result in an arrest. The enormous backlog in untested rape kits has a lot to do with it.  At an average cost of $1200 for each kit tested, many crime labs and police departments simply do not have the necessary resources to process the kits. The backlog not only allows the rapist to get away with his crime, it also prevents the victim from getting justice.  In many cases, the rapist will rape again and again.  Survivors deserve justice.  

In New York City, the arrest rate for rape went from 40% to 70% after the city eliminated its rape kit backlog in 2003.  In Detroit, after testing began on more than 11,000 kits, over 100 potential serial rapists were identified from just the first 1600 kits tested.  In August, a $500,000 grant was awarded to the Memphis Police Department to screen untested rape kits.  They would be able to send 2226 kits for preliminary testing, which would still leave over 10,000 kits untested, some of those dating from the 1980’s.  It makes me sick to my stomach to think about over 10,000 untested kits sitting on a shelf somewhere in my hometown, kits that could put criminals behind bars for the rest of their lives, and kits that could bring closure and peace to some of my friends. 

What can you do?  Help spread the word about the rape kit backlog.  Use social media to tell others.  They have an excellent and informative website, and the pages can be quickly and easily shared, just by clicking the Twitter or Facebook icons.  You can help end the backlog.  
 

Permalink Leave a Comment

Beware of Friendly Emails from Social Media Contacts

September 5, 2013 at 4:43 am (Uncategorized) (, , , , , )

1Password Logo

I’m beginning to really hate Facebook these days.  Their lack of privacy protection coupled with scum of the earth who prey on others is almost enough to make me delete all social media forever. Almost. 

After getting a message telling me my account had been hacked (and knowing it hadn’t), I started investigating.  It seems a lot of people have been getting messages purporting to be from myself and others in my contacts list, but the email address is different.  You can quickly check to see if your account has truly been compromised by checking the “Sent” mail to see if mail has actually been sent out to others. If it has, you’re dealing with something different entirely.  Most likely, though, it is just the contacts list that was compromised by someone you know on a social media site. 

So, what usually happens is something like this:

Someone has their account compromised. Their friends list is obtained. Now, phishers send email to those contacts from a person’s name on their friends list, and often the email address is hidden (or folks just don’t notice it is a totally different email address because they see a person’s name with whom they are familiar, and they just skip over the email address).  Then, the recipient clicks on the link from the brief message (which ALWAYS includes a link of some sort, be it a photo, video, or weblink). Now, the unsuspecting person has likely just come in contact with some spyware, malware, etc.  If they have a Mac, they are probably ok.  If they have a PC, it depends on their protection package. 

The scammers generally have not accessed the account details of the folks on their list, it’s just a list of contact names, kind of like someone writing any name in the return address field of a letter to be mailed. I can choose any name from my address book to place in that field, then I can add any address to it as well. 

Note that it often happens to those of us with friends in common.  I suspect the spambots gather webs of common friends, then use them to send email phishing scams to targets. 

This is typically what you’ll see in the resulting email:

1.Friend’s name (John Smith) in the “From” field, but with a different email address.  These are frequently from a Yahoo or Hotmail address (gencobet@yahoo.co.id)

2.Subject is usually something like “Check this out” or “For ‘your name’”

3.Generally, the messages are very brief and always include links, saying something like “You’ve gotta see this” or “Look what I found” or (lately) “Saw this picture of you on (insert your social media site here)”


There are a few things you can do to protect yourself.  If you don’t use a really good Password manager like 1Password (https://agilebits.com/onepassword) please start now.  I can almost guarantee the safety of my accounts because I use 1Password with its random password generator.  I don’t reuse passwords, I don’t use my spouse’s name or pet’s name or birthdays or words that are in the dictionary for passwords…all of those things that make some folks perfect targets to have their accounts compromised.  You only have to remember your main (master) password, and the rest is automatic. It takes care of logging in to sites for you and does so much more, including protecting you from phishers by making sure the website you think you are viewing is the actual site, and not just pretending to be that site (a popular way many folks give up their passwords is to think they are on sites such as banks, PayPal, etc. but they really are not). Therefore, not only does 1Password securely store your passwords, logins, and other information, it also acts as your first line of defense against scammers, phishers, and other unscrupulous scum of the earth.  It used to be Mac-only, but now there are versions for Windows, iOS, and Android, so virtually everyone is covered.  The versions all sync, so you always have all your information where you need it. This is the one of the top three apps that I absolutely, positively could not be without. 

Enable 2-factor authentication, also known as two-step verification, when possible.  This means that in addition to logging in to a site with your user name and password (first step), you will be sent a code, often by SMS on your cell phone, to verify the account (second step).  Several sites offer 2-step verification now, including Google, Facebook, Twitter, and others.  Here is a link to a Gizmodo article telling you how to enable it on your other services: http://gizmodo.com/how-to-enable-two-factor-authentication-on-all-your-acc-510245714  I’ve been using 2-factor authentication with Facebook for awhile now, and, while it can occasionally be a pain, I have gotten used to it and feel much safer using it knowing that it would be very difficult for someone to access my account. 

If you aren’t sure about a message you receive from someone, look at the return email address.  Make sure it is actually the sender’s email address. 

This should go without saying, but don’t EVER click on the links. Doing so will almost always invite trouble. It might look harmless, but a link can be named almost anything. I can send you a link to a site that will install really bad juju on your PC, yet I can title it, “Beautiful Sunset”. 

Above all, be vigilant and use common sense. It’s always ok to send someone a message to ask them if they sent you something. Replying to the message will not send it back to your ‘friend’ in most cases, because it wasn’t from them anyway. It’s best to just ignore it. Still, one of the best things one can do to protect themselves online is to make good use of 1Password. Be safe out there. 

Permalink Leave a Comment

New Scam on the Block: Scamming via Text Messaging

August 5, 2013 at 8:46 pm (Uncategorized) (, , )

The conversation started innocently enough.  My partner asked if something was wrong with the debit card.  I said, “No, why?”.  The response was that she’d received a text from Regions saying the Visa debit card had been temporarily deactivated, and it gave a number to call for reactivation.  Alarm bells started ringing in my head.  First of all, we don’t have a Regions debit card.  Second, a text message?  Third, it gave a local phone number for assistance.  

Text Scam

This works for a few reasons.  They pick a large bank knowing that a large percentage of the population will have an account.  There is some convincing information there, because they have the first few digits of the card, right?  Nope.  All Visa cards begin with 4, Mastercards begin with 5.  By including a little information that sounds plausible, some folks might automatically think it is legitimate.  They only need a few people to respond to make it worthwhile. Congratulations.  You’ve just given your card information over to someone planning a small shopping spree. A few keystrokes later,  I was reading about one of the newer scams on the block:  SMS phishing, or “smishing”.  Scammers send out a burst of text messages to local numbers with a message that starts something like this:  “(name_of_bank) NOTICE: Your VISA #4355-47xx has been temporarily deactivated. To reactivate, please call (local number)”.  When you call the number, you get a message telling you that you have reached the automated service center. They tell you to leave your card number, expiration date, and 3-digit code on the back (not all include the code part), and your card will be promptly reactivated.  

If you think your debit or credit cards have been compromised in any way, call ONLY the toll-free number on the back of the card.   Do not be embarrassed and hope that nothing will happen if you did slip up and give someone some information about your account.  In many cases, the thieves will rack up charges halfway around the world within half an hour. They do it quickly before folks have time to think about it. By the time it gets reported, the damage is done.  So, report it quickly so your card can be blocked, and a new one can be issued.

Be vigilant folks.  It’s a whole new world. Stay safe out there. 

Permalink Leave a Comment

« Previous page · Next page »