TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Online Security

Yahoo! And The Hack Heard ‘Round The World

Evan Schendel is a help desk specialist for Tech Experts.
In the age of Russian super-hackers and nationwide credit reporting agencies with pitiful security, what could be safe? One thing is for sure – not Yahoo!.

In September of 2016, Yahoo! released the news that 500 million accounts were hacked in the latter half of 2014. That news severely impacted Verizon’s business deal to buy them out, but they only lowered the price by $350 million USD to a total of $4.48 billion USD.

Three months after this business deal was done and the prior hack had been announced, Yahoo! let the nation know that approximately 1 billion accounts had been hacked in 2013. Verizon was not pleased, to say the least.

Just recently, Yahoo! released even more grave information.

In the earlier part of October, Yahoo! bumped the number of affected accounts up to 3 billion. This estimate encompasses every single Yahoo! account, including its subsidiaries like Tumblr and Flickr. That is a lot of data – and if you had any accounts (even unused) linked to these websites dating back to 2014, you could have even had the information sold.

The cybersecurity firm InfoArmor has reported some of this information has been sold on the dark web, a small part of the web not indexed by search engines.

The group selling this information has sold the data to three sources, two of which are known spammers. All paid upwards of $300,000 USD.

With this information, reused passwords from past accounts can be the largest risk, as many people recycle the same password(s) for all of their various online accounts. While no financial information was stolen, security questions, dates of birth, and backup emails were taken.

All of this can be used for not only breaking into the Yahoo! account in question, but also any other accounts with similar information.

A good course of action from here on would be to, as you should, never reuse passwords, and change any existing passwords you feel might be in danger. Ensure that no shady happenings have occurred with any accounts, up to and including bank accounts.

The information sold was reportedly utilized to spy on a range of US White House and military officials, alongside Russian business executives and government officials.

With this information kept in mind, a document was released stating that four men were indicted, two of whom were Russian intelligence officers working for the Russian Federal Security Service. Which is, ironically enough, an agency dedicated to aiding foreign intelligence agencies track cybercriminals.

To finalize, remember to keep safety measures on all your accounts and protect yourself from email fraud or spam to the best of your ability. Only sign up for accounts on legitimate websites and, when you do create an account, use a unique password for that site. For sites with sensitive information, elect to use two-factor authentication when possible.

That way, when a company’s security is pushed back in lieu of other things, you can serve as a second defense for yourself.

Helpful Tech Tips To Prevent Phishing

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

Many of us have clicked on an email that appeared authentic, but was not. Those fortunate enough to identify any suspicious elements before an attachment is opened or a link is clicked are the lucky ones. But, sometimes, we don’t notice those little things and click things we shouldn’t.

These trick emails are one method of an effective scheme called phishing, run by cybercriminals to get information about you or your company. Even worse, this information is then bought and sold to the highest bidder to do with it as they wish.

At best, an ad agency might send some extra spam emails your way. At worst, your identity may be stolen or your company’s network may be left exposed for all sorts of trouble.

Fortunately, there are many things you and your workplace can do to avoid these phishing attempts.

Tips for Employers

Just asking employees to watch out for suspicious-looking emails doesn’t drive home the urgency of phishing.

Find recent news reports to share with your workforce. When an organization makes the front page for a data breach (usually because an employee opened an infected email), you can explain how something like that could happen to your organization. It’s well-timed, newsworthy, and will be on forefront your employee’s mind.

The best thing to do as an employer is to implement a program that encourages security awareness, education, and behavior modification.

Changing up how you deliver that message to employees can be quite helpful. Start with a monthly email, memo, or bulletin. Switch it up with in-person, individualized meetings. Using different approaches will help your message resonate with more employees. It is common to need to communicate a message multiple times for it to stick with everyone.

Tips for Employees

Social media can be your worst enemy. Social networks are abundant with personal information, putting it right at the fingertips of cybercriminals.

Do not post any birthdays, addresses, or any other personal information on these websites. We know many domain and personal accounts use these for passwords despite the easy availability. Even with privacy settings maxed, there is always a way for cyber criminals to obtain the information.

Additionally, cybercriminals are getting more creative, especially with phone numbers. It is becoming very common for criminals to call high-risk employees and ask for information. For example, some of these “phishers” will call and pretend they are from their company’s help desk and need to reset account credentials or “require verification” from the user.

When in doubt, don’t give anything out. If something seems off or you don’t know the person, ask for their contact information and look into it. In these cases, it’s better to be cautious than courteous.

Overall, phishing isn’t going anywhere and it should be incorporated into all online security training for workplaces. As long as people use social networks and email continues to be a primary workplace communication channel, phishing will be a top choice for cybercriminal’s data theft. Protect your business and your employees. You can always contact Tech Experts at (734) 457-5000 if you’d like an in-depth review of any suspicious email you may have received.

Gone Phishing! How To Spot A Phishing Scam

If you are a user that has been around for a while, there is a pretty good chance you’ve been targeted with a phishing scam. You may have a long lost relative in another country who left you millions – and all the executor of the estate needs is your banking information to send you your inheritance! Or a prince of a small country is trying to move some of his fortune and escape to America – and if you can help, you will be rewarded!

These are some oldies-but-goodies, however phishing scams have and will continue to get better and smarter.

There was a time when phishing scams almost always came filled with poor grammar, spelling errors, and writing that just seemed a little off. While these still exist, things have become harder to detect.

These scammers are always looking for your personal information. There are a few ways they can do this, but most of them begin with email spoofing, where a sender will mask their actual email address with a familiar one.

If it isn’t a spoofed email, it may come from an address that is very close to that of a known and trusted sender. This could have an extra letter or even just a period to try to trick you into completing whatever task they are using in an attempt to get your information. This could be something as simple as a link to “family photo” or video and it could very well open your system to different vulnerabilities.

Something like a keylogger, a program that tracks your keystrokes, can be almost undetected while also gathering your online banking or credit card information.

Lately, phishers and scammers have pulled out all the stops. There have been cases where phishers will not only spoof an email, but also documents. These can look pretty real, so take a close look.

A new long-shot, big-payoff scam is to spoof an email address of a financial institution to try to intercept money from home purchases. This is done with forged documents and a fake email. While it’s a long shot for something that big to happen, do big business in-person or through trusted secure communications.

What to watch for:

When you have email communication from a known sender that doesn’t quite add up (or doesn’t sound like them), don’t assume they’re just having an off day. One example: if you know your family member shares all of their photos on Facebook, would they really email you a link with little to no writing in the email?

Any “company” asking for any personal information or passwords through email should also raise red flags. While this might seem obvious if the email address doesn’t match, a spoofed email address can make this trick easier to fall victim to.

Also, be wary of anyone asking for your bank account number via email. Even if it is legitimate, there are other ways to send this information. Protect yourself by choosing a more secure method of communication.

What to do:

If something seems off, research it. If you get a weird email requesting something or asking you to click on a link, don’t assume it’s safe. If it’s from someone you know, ask them if they did send it.

If you are the one “sending,” check your Outbox or Sent folder. This is a good indication if the email came from you or someone you know.

Rules Of Thumb To Avoid An Infection

Anthony Glover is Tech Expert’s senior network engineer and service manager.

A virus can be an upsetting, expensive endeavor to deal with. A virus can wreak havoc on your personal files (like important spreadsheets or family photos) or the system files that keep your computer functioning.

These files can become corrupted, encrypted, or deleted, which makes recovery difficult or sometimes impossible.

Some less obvious viruses — the ones that might slow down your system instead of destroying it — can still affect you by stealing data and what you type on your keyboard, gaining access to your stored credit card information or important sites you use, like your bank. [Read more…] about Rules Of Thumb To Avoid An Infection

Anti-Virus: It’s Worth Protecting Yourself

Ron Cochran is a senior help desk technician for Tech Experts.

You can have any machine — from the latest and greatest, to the old dinosaur in the corner — but if you don’t have virus protection, your latest and greatest machine might soon run like that dinosaur in the corner.

All of your sensitive images, documents, billing information, and passwords are subject to infection. No matter how careful you are, there is always something that slips through the cracks.

Often, users say, “I have such and such subscription,” or “I don’t click on anything I don’t know,” but the people spending countless hours causing havoc on computer users will always find new and sneaky ways to infect computers.

Viruses can be attached to images or links on websites. They can also be renamed to look like something that you should install. Once inside your computer, they are hard to track down even by a seasoned computer technician.

Viruses very rarely remove anything from your computer. Instead, they have a tendency to add things that can record your activities on your computer. A person could install a silent program that will start recording your keystrokes triggered by keywords; it can also take a screenshot or record email addresses and passwords. Most of the time, they don’t need to even gain access back to your computer to report the data.

They can have an email sent from your computer and Internet connection without you knowing it. That email, secretly sent from you to them, would contain your information (keystrokes, clicks, etc.).

By now, you have heard of the “crypto virus” and all of its variants. There are many solutions out there, but select few offer “zero-hour” infection reversal, however it’s something that businesses can especially benefit from. Let’s say you accidentally encrypt your machine; it would then be inaccessible until you pay the ransom to unlock your files.

Protection that offers infection reversal can revert your system back to its state right before you were infected and it would be like you never infected by the virus at all. This feature is part of Webroot Secure Anywhere, which is something we can provide.

Viruses not only help people steal your data, but they can also delete or corrupt files, degrade system performance, and make your computer run slower.

Viruses can also prevent programs from working and they can use your email to send out copies of itself to your contacts and other users. Sometimes, they can disable your computer from starting up by corrupting your BIOS firmware.

A couple of the main things that you’ll notice once you’re infected is that your system could run slower and you’ll receive all kinds of fake pop-ups, ads, warnings from “Microsoft,” etc. These type of files are referred to as “scareware” and the makers feed on the fear that you might lose your data, so you’ll pay them to “unlock” your system or “remove” the virus.

Again, we go back to protection. If you had virus protection, then it’s likely that would stop it before it even established itself inside your computer.

There are a few things you should do, if you haven’t already: get some sort of whole computer protection (such as Webroot), have restore points saved on your operating system, have a backup of your operating system install saved on some sort of external media, and save your documents, pictures, and videos to an external source.

When you find yourself in a predicament where you have to wipe an entire computer to remove an infection, you’ll be glad you took the time to prepare for the worst.

The Importance Of Having Ad-Blockers

Luke Gruden is a help desk technician for Tech Experts.

Every day, millions of people go online and go to a familiar website, just to get an advertisement pop-up that disrupts their online experience.

Ads are a way of life for many websites to generate profit from viewers visiting their website and, when clicked, these ads can take a person to another website, usually for their product.

While annoying and harmless when used as intended, issues in this system start to happen when the intentions of an “advertiser” go beyond just advertisement.

There are malicious people on the Internet utilizing advertisements to leave our computers and information vulnerable for theft and abuse.

Some advertisements will come in as scareware trying to pressure people into calling their number or download a harmful program.

Scareware is a common pop-up that thousands have fallen victim to – giving up Social Security numbers or access to bank accounts, allowing malicious connections to their computers, leaving networks vulnerable and infected, and more.

Some advertisements, if not filtered by a website correctly, can actually contain viruses and infections that don’t allow a person an opportunity to protect their own browser and computer.

These infections usually leave spyware and trojans that try to steal your information from your computer.

Surprisingly, the websites with these sorts of advertisements may have never intended for you to fall victim to scareware or other infections.

Usually, websites with these ads tend to be smaller websites using an advertisement agency that does not fully screen all the advertisements they are receiving, allowing malicious people to send their harmful information out onto the Internet.

There is a very simple solution to these real threats: ad-blocking software. If you use Firefox or Google Chrome, there are two good options that you can attach to your browser.

The first option is Adblock Plus, which is a common choice that works well. There is also uBlock Origin that uses less processing power than Adblock Plus that also blocks most advertisements. Both of these options will go a very long way in protecting your computer.

If you are using Internet Explorer or Microsoft Edge, these web browsers do not support add-ons and have weak advertisement blocking capabilities.

Firefox and Chrome on their own, even without add-ons, are more secure than Internet Explorer. If you have not switched to Chrome or Firefox, I highly recommend you make the change soon.

The installation processes for Adblock Plus and uBlock Origins are very straightforward and easy on Chrome and Firefox. You can Google the ad-blocker you want to use and go to either the Chrome web store or Add-ons For Firefox, based on which browser you are using.

Keep in mind that this isn’t a substitute for anti-virus. Ad-blocking extensions for your browser simply help to block the things that could become nasty infections.

For a more protected computer, you should absolutely use both anti-virus and ad-blockers.

If you need help setting up ad-block software or have questions, you can always contact Tech Experts.

Stay safe and remember to use ad-blocking software to keep your Internet experience safe.

Virtual Private Networks: What, Who And Why

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.
In our modern world, it is tough to come by anyone born within the last two generations who doesn’t use a smart phone, tablet, or other personal computing device daily.

With the ongoing tech revolution comes continuous news of hacked users, mass data collection, and online tracking reported by mainstream news outlets.

This is the reason Virtual Private Networks (VPNs) are becoming a necessity as computer users conduct more and more of their day-to-day lives online.

What Is A Virtual Private Network?
A VPN is a group of computers or networks linked together over an Internet connection. All the information sent or received over the Internet is automatically encrypted when connected to a VPN.

Typically, VPN services offer the highest forms of encryption to protect said data, providing peace of mind for anyone conducting personal or business-related tasks where sensitive information may be present.

As the technology has evolved, VPN applications have become very easy to install and operate. Many of the popular personal-use VPN software developers have made it as simple as installing the app and turning the VPN service on.

Premium VPN services even allow users to choose to mask their IP address, making it appear as though you are accessing the Internet from an entirely different country, which can be quite useful if you do not like your web activity tracked by ad-targeting websites like Facebook or YouTube or your Internet Service Provider.

Who Most Commonly Uses VPNs?
Many different individuals and organizations use VPNs for varying reasons, but the need for a strong layer of security is the fundamental purpose for everyone.

From a business standpoint, VPNs can be easily set up and maintained so that employees can securely access company resources and tools from anywhere on any network or Internet connection without the fear of having sensitive information intercepted.

Further, this encompasses all aspects of a business’ need for security of payroll information, employee and customer information, scheduling, and any other confidential company documentation.

The population of personal VPN users has expanded dramatically in the past year. VPNs are the perfect solution for frequent travelers and those who value their privacy, which has become increasingly difficult to maintain.

Why Should You Use a VPN?
Most of us consider ourselves law-abiding “digizens,” using networks for entertainment, communication and knowledge – but other net users may not be so nice or trustworthy.

A VPN can protect you by concealing your web activities from those with prying eyes under layers of encryption that makes all of your web traffic nearly impossible to intercept or track.

This is especially relevant if you are a frequent user of public Wi-Fi networks, such as your favorite lunch spot or coffee shop. The act of accessing vital information on your devices through a public network is easier than most realize.

Given this, I highly recommend the use of a VPN for your daily Internet use, whether it is personal or professional.

Joining the privatized world of VPNs is an easy and extremely beneficial process.

VPN providers are generally friendly and typically on hand to help should a problem arise.

If you are just getting started with VPNs, consider acquainting yourself more in-depth through a Google search of the top VPN applications and their different features.

How To Avoid Infections On Your Company’s Network

Luke Gruden is a help desk technician for Tech Experts.

Computers are just like people – they too can catch a virus and become infected. Your computer can potentially be infected from anything it connects or interacts with, so it’s important to watch what disk or USB device you insert into your computer or websites you go to.

What is a computer infection?
A computer infection is referring to malicious software that can harm your computer or even steal your information. There’s more than one variation of it. There is spyware that watches what you type and do on your computer to gather and steal information.

There is adware which will change your settings and hijack certain parts of your computer to promote its own products.

There is cryptoware which will lock your whole computer and make it unusable.
There are also many other types of infections or malware that your computer can come across.

Is my computer infected?
If your computer has been running slower recently and you are seeing strange pop-ups or odd programs, you are very possibly infected. At Tech Experts, we monitor many different computers, keeping track of any odd processes and programs that are installed. We also have managed anti-virus that further helps us identify when our client’s computers could be infected.

How can I clean an infected computer?
There are many tools and resources that can be used to clean an infected computer and no single tool is absolutely perfect. Usually when cleaning an infection, we run at least three to four different (reputable) programs, depending on what type of infection it is.

If it is a very deep infection, we could end up running seven or more different programs to clean out the infection. It is important to know which tools to use and how to use them, however.

Certain programs can cause damage to the computers’ registry if you don’t know exactly what you’re looking for.

How do you prevent an infection?
Understanding your computer habits are one of the biggest ways to prevent infections. If you find yourself web surfing to questionable sites or to sites you’ve never been to before, this is one of the biggest ways to catch an infection.

Downloaded programs you don’t remember installing are one of the biggest red flags of an infection. Opening up emails and attachments that you don’t know where they came from is a good way to become infected. Know the sites you visit are safe and be attentive to what emails and downloads you view.

Having a good anti-virus is very important for a clean computer protected from those threats that you cannot see normally. At Tech Experts, we provide AV for ourselves and clients that prevent most infections. No AV is 100% able to stop all infections. With hackers making new threats every day, there is no method to make sure all possible vulnerabilities are blocked.

However, having good software and good habits will prevent the great majority of infections of hopping onto your computer.

How To Identify And Handle Scareware Pop-ups

jared-stemeye
Jared Stemeye is a Help Desk Technician at Tech Experts.

Let’s say you’re reading the latest news articles on a webpage you visit regularly. In an instant, a new browser window flashes onto your screen, blinking with some sort of notice, a warning of virus infections, a legitimate looking logo, and a phone number to call.

Some of these even employ audio statements such as, “Your PC is infected. If you close this window you will lose all information stored on your hard drive.”

These tactics combined do a very good job of eliciting emotions of fear and anxiousness from their victims.

However, with the proper knowledge to identify the fraudulent practices of these groups, along with the proper steps to handle such occurrences, you will be able to avoid the hardship many others have encountered.

The first thing you should know is that it is quite simple for anyone to attach the Microsoft, or any name brand anti-virus’ insignia onto the page to make it appear convincingly genuine. The ‘official’ logos you see on these pop-ups are not legitimate, though it is very easy to think that they are.

The second, and probably the most important, thing to know is to never – under any circumstances – call the phone number provided by the pop-up.

The disreputable individuals on the other end of the phone are not meant to help you. Like the pop-ups, they too are proficient at inducing anxiety among their victims, urging those who call to allow permission for remote access to the targeted computer.

Once someone has access to your desktop, they have access to all your locally stored files and can make changes to them as well as plant malware or spyware.

Never allow remote access to your computer unless you, without any doubt, know who it is you’re allowing access.

Now, what you should do next? First, attempt to close the window as you would with any other window by clicking the X in the top right corner.

In many cases, a dialogue box will appear at the top of the screen, providing more anxiety-inducing phrases to make you think your actions are incorrect. Rest assured you are on your way to ridding yourself of the pop-up.

Browsers such as Internet Explorer, Google Chrome, and Mozilla Firefox have an opportunity to prevent these boxes from reappearing after you exit out of them. In the pop-up box, click the check field next to the “prevent additional dialogues” option and click OK.

If the pop-up window has yet to close, retry exiting out of the window. No additional dialogue boxes should appear at this point, allowing you to regain control of your computer.

If the pop-up window does not close after these steps or if the issue persists after a short period, contact your trusted IT team to remove the issue.

Under any circumstance, remember, these pop-ups are not viruses themselves and, if you follow the advice given in this article, they will cause no harm to your computer.

However, it is still best practice to run a full virus scan if this does occur to ensure you are unaffected.

What Makes For A Good Password?

Luke Gruden is a help desk technician for Tech Experts.

It seems like every week we need to make a new password for a new account. When making a password, there is usually some colored bar letting you know if your password is strong or weak.

It is very important that we maintain strong passwords for our accounts, so no one uses a password generator to guess the password and gain access to our private information.

What actually makes a good password? Length is one of the best methods to making a stronger password as it’s harder for a computer to hack a longer password. For the length, it’s recommended to have at least 12 characters.

If your password consists of basic words, it’s recommend the password be even longer as a lot of password crackers out there auto-search dictionary words.

You can even make a sentence or sentences. There is no rule against something like this: “Hello! I am Luke with Tech Experts and I work on computers!” That was about 60 characters and would take significantly longer to crack than a simple 12 character password.

The next best factor to making a good password is complexity. Complexity is when a password uses special characters, numbers, random capitals, and contains few or no dictionary words. The more complex a password is, the far harder it is for a computer to crack the password. “s5df1K51lj!@# ^k5$#1#!!2 @” would be a really good password, but good luck remembering it. Too complex and it’s hard to remember, too short and it’s easy to crack.

However, using length and complexity, we can make a strong password that we can remember.

Adding a number and special character to each word you use will drastically increase the strength of the password without making it too complex “Hello$1 my$2 name$3 is$4 Luke!$5” is most likely a stronger password than the one I used earlier that contained 60 characters simply because the special characters aren’t in the dictionary.

Another important note about passwords is that you should keep every password different for each profile. It can be tempting to use the same password for every account online, but at least try to make variations of your passwords.

The main reason why is that if a website is leaked or hacked, your password can be out there in the public and can be attempted on your other accounts, so even if you have the best password in the world, using the same password for every account can make your accounts vulnerable.

The last good practice for passwords is to change your password every 6 months or so, so even if your password was leaked without your knowledge, changing the password would end the issue. Also, some computers will try to crack a password 24/7 and, with enough time, it will eventually guess the right password. Changing your password every so often will thwart those computers that endlessly guess at your password.

Another way to ensure you have different strong passwords is to use a password manager. A password manager is a type of program that stores your different passwords for different accounts, but that itself still needs a good password to protect your collection. With a password manager, you can use a generator to create very long complex passwords and not have to worry about remembering them as long as you have accesses to your manager.

If you need any help with passwords or with setting up a password manager, you can count on your Tech Experts to help you on your way. Contact us with any questions at (734) 457-5000.