Quick and easy ways to protect yourself from cyber criminals this holiday season
The holidays are coming and everyone’s looking for a way to make a few extra bucks. Unfortunately, this includes the scoundrels behind the fake tech support scams that seem to be so effective. We’ve reported a couple of times in the past the telephone tech support scams but the ArsTechnica article below does a really good job of outlining (via the FTC complaint) how another similar attack works. With folks spending a lot of time shopping online (with or without the holiday eggnog), the unfortunate reality is that many will become victims of these scams. We’ve put together the following short list of some things to keep in mind when it comes to your computer:
- Find a good tech support company that you can trust and that you can contact quickly. If you get an email, phone call, etc. from someone claiming to have your best interest in mind when it comes to your computer or network, a trusted tech support company can be your go-to person to verify that communication. If it’s a scam, a quick email or phone call to this go-to person can save you a lot of time and money.
- Know what you have. Do you have a PC or a Mac? Do have Java or Adobe Flash installed? What kind of firewall do you have? Knowing what you have is critical in knowing how to protect it.
- Know what updates are available. Updates come out *at least* once a month. Once you know what you have, you know what you need to keep up-to-date. Most major manufacturers post their latest updates somewhere on their website. We also post most major updates to our website and our Facebook page for free with summaries of what’s being updated and links to download the updates. Now that you know what you have and what updates are available, stay on top of the updates. These updates patch security holes in your computer that are a favorite tool used by attackers to gain access to your computer.
- Choose a good antivirus and keep it up to date. We use and recommend ESET NOD32 antivirus. It’s important to note that antivirus software is typically licensed / sold on an annual basis and needs to be renewed. If your computer included a free 90 day trial of Norton, McAfee, Kaspersky, etc. and you’ve had it for 6 months, you’ve effectively been unprotected for at least 90 days. Make sure that you have antivirus installed, that it’s still ‘active’ (subscribed, licensed, etc.) and that it’s updating regularly (I would recommend daily at least). Also, while the real-time scans that run all the time in the background are good, it’s not a bad idea to schedule a full scan on a regular basis (at least monthly).
- Beware of anything that you receive via email and think before you click. Your bank, credit union, credit card company, payroll processing company, etc. may occasionally send you legitimate emails but, chances are, if you receive an email from any of these places and they’re soliciting information or asking you to follow a link, it’s a fake. If you receive an email claiming to be from any of these, call the phone number on your last billing statement and verify that they sent the email. If it’s legitimate, they will know. If it’s not, they may have instructions for what to do with it (forward it to their internal security team or the FBI Internet Crimes division).
- Beware of any telephone calls from strangers about your computer. If you get a call from someone claiming to be tech support, assume that it’s a scam. Get their contact information and contact your trusted tech support company. If it’s a scam, they will likely either pressure you to let them onto your computer *now* (if you don’t let me onto your computer something aweful may happen) or just hang up and move to an easier target. If it’s legitimate, they should understand that you want to verify that it’s legitimate call before proceeding further. If they give you a name and contact number, verify it with your trusted tech support company (unless you already know it to be legitimate).
- Never let anyone that you don’t know and trust onto your computer. This includes fake tech support calls requesting remote support or leaving your computer unattended in a public place. Anyone that can get physical access to your computer can quickly, easily and completely covertly assume full control over it.
- If at all possible, avoid sending sensitive and / or private information over free and / or public wifi. It is trivial for an attacker to trick your computer, phone or tablet into connecting to a malicious access point (disguised as safe networks like xfinitywifi, starbucks, mcdonalds, trust_me_i_wont_hack_your_computer, strangers_with_candy, free_public_wifi, etc.) and then collect all of the data that you send and / or receive while connected. A better option would be to connect using the data plan on your smartphone or tablet or connect using a VPN connection.
- Never use a USB device that you didn’t open new. This could be extended by saying to avoid USB devices altogether until the whole BadUSB thing is worked out, but that’s a little unreasonable. An acceptable rule of thumb here is, if someone just gives you a USB device (friend, family, customer, vendor, etc.), assume that it’s going to do bad things and ask them to email to you instead. Better safe than sorry. This one’s going to be a little tough and no one’s really going to do it yet, but I wanted to be on record as being a head of the curve 🙂
Misc / Links / Erratta:
- Ars Technica article – Latest news on the tech support scam (and the $120 million that the FTC seized)
- Cyber Tech Cafe Mailing List – We send a monthly newsletter outlining the state of technology and details about the latest updates from Microsoft, Adobe and Java with links to download them. This is an opt-in list that’s available for free. Just go to our website and click the ‘subscribe’ button at the top left. Enter your email address and our system will send a confirmation email to that email address. Click the link to confirm that you signed up and you’ll begin receiving the monthly emails.
- Cyber Tech Cafe latest news – All of our montly emails are also available for free on our website and are available to review and comment.
- Cyber Tech Cafe Facebook – We post the monthly newsletters and more up-to-the-minute information on our Facebook page including recent technology and security related events.
- US CERT (US Computer Emergency Readiness Team) – An excellent source for up-to-date information for both technical and non-technical readers. This site also includes a number of well-written guides on how to secure your home or small office network and a glossary of technical terms.