Trust me!

Trust me, I'm a professional! 

I thought I'd add a little comedy until my next article is ready.

Enjoy everyone!

Sevenowl

Another Ring Camera article

Just an add-on to my previous post regarding re-used passwords and Ring cameras. (previous post here) A US man has sued Ring after his camera was hacked and used to harass his children. Here’s the story: Ring Camera hacked

Once again, be careful when purchasing a lot of these new “WiFi” cameras and doorbells. I’m not saying there aren’t good ones out there, you just need to do some research.

Try not to ‘impulse’ by these. Take a while, google the maker, read the reviews, and even google if it has been hacked before. Most of these cameras (doorbells) have their own little WiFi network, that you connect to, then an app to connect it to your network. Sometimes, those little networks stay wide open and fail to secure, leaving your login information sitting right out in the open.

Most companies have discovered this and have deployed patches and firmware updates, although I would still suggest doing a little research before buying.

Sevenowl

Xmas coming!

With Xmas just around the corner, I'm tied up with a ton of things. But I will get some new posts up here soon!

For those that haven't seen it yet, an example of possible reuse of password and log in.  This may have been how this hacker/scammer gained access to this webcam.

Hacked Ring camera

This is a more common occurrence than people think. Thankfully no serious harm was done. Although it will make a lot of people think twice about these types of cameras. Although the majority of it is not the camera, but the login details. In my previous articles, I explain that using a password manager is becoming a necessity in this day and age. There are many free versions out there, although spending a few bucks on a simple app, that could possibly save you a ton of headaches later on, is definitely worth it!

More to come...



Sevenowl

Passwords & Password reuse

Passwords & Password reuse

This is hot topic everywhere. Everyone has heard the risks of using the same password for multiple accounts. I of course can’t stress it enough either. Never use the same password for multiple accounts. And the age old, “don’t use easy to guess passwords”.

By easy to guess I mean don’t use your phone number, birth date, name, kids’ names or birth dates, this list goes on and on.

Many people will choose easy to remember passwords, just for the sake of it being simple to log into whatever it is you are using. This is the most popular way of getting your accounts stolen. It doesn’t take much for a hacker or scammer to look you up on the Internet and usually find your birthday, address, or phone number. Either from you posting it somewhere you think was safe or from social media sites.

Passwords, you hear about it almost every day, Passwords leaked here, or stolen from there. A lot more websites and online retailers are beginning to ask for stronger passwords, or passwords that require special characters.

Something I suggest is to use a password manager. There are lots out there, I have tried a few and have settled on Dashlane. I find it easy to set up and use, and it even sync’s across all my devices. After using one of these, I don’t know how I didn’t before. It has an autofill, and auto log in features which are great, as they defeat key loggersbecause there is no typing to do.

PC magazine has a good list of free and paid password managers. Check them out here.

Below is also a list of the most commonly used passwords of 2019. Do you see any of yours?

1. 123456                          13. 000000
2. 123456789                    14. Iloveyou
3. qwerty                           15. 1234
4. password                       16. 1q2w3e4r5t
5. 111111                           17. qwertyuiop
6. 12345678                      18. 123
7. abc123                          19. Monkey
8. 1234567                        20. Dragon
9. password1
10. 12345
11. 1234567890
12. 12312

If you have any of those set as your password anywhere, Change it! Passwords you choose should be unique and include special characters like: @,#,$,& and a combination of letters and numbers as well.This makes it much harder to guess. Another good method is making a password at least 8 characters long, if not 12. This makes your password a little tougher to be found by malware or brute force attacks.

You can also consider using an authenticator. These are 2FA (2 factor authentication) apps, that give you a second line of defense. After you enter your password, you are prompted to put in the one time “code” that the authenticator provides you with. Some places even offer key chain style authenticators. I find these are very useful as well, Google has their own authenticator that you can add many different sites to just by scanning a QRcode.

Hopefully this will help some of you out. Don’t forget to check out my earlier articles on some other great topics.

Sevenowl

Christmas & Online shopping scams

Good evening, morning, afternoon, or whatever it may be where you are reading this.

Let's start off with Lookalike websites.

Like everyone else, your email is probably getting flooded with flyers and all sorts of sales.  Most will be legitimate places that you have shopped before, but some may not be.  Some may just be links to fake lookalike websites.

When opening an email, always make sure to check the following:

• The sender’s address

• Look for spelling or grammatical errors, hover over links before clicking on them to see where they lead and don’t enter any personal information into a website that displays “http://” instead of “https://” at the beginning of its URL. (The “s” in “https://”  means that the website is secure and uses some form of encryption.)

•  Beware of "free" gift card scams, a lot of those can be scammers just trying to get your information.

• Another one is the "fake shipping" or "failed delivery" emails. These can appear to come from legitimate sources, but once you click on them, off you go to the scammers' site.  You should never have to input your personal information from a tracking number thats been provided to you. These happen a lot and are easily mistaken for the real thing. Especially this time of year. Once again, if there is a link, hover the mouse over it (without clicking on it) and the address should appear on the bottom left.  If you don't recognize the destination, DO NOT follow it!

• Another one is the 'fake charity' emails.  These are a big NO. If you want to donate to charity, do it in person and locally.  Usually, the only "Charity" asking via email for money, are scammers.

• Unusual payment forms.  All the real sites that you shop from will NEVER ask you to pay via wire transfer or unassociated gift cards.  

• Phone scams. These exist in numbers around the Christmas season as well.  Again, NEVER give out any personal information over the phone! Especially credit card info! Watch out for the 'postage due' trick also. Some of those scammers will call saying that your package is held up because of insufficient postage. Whereas they will then request payment to forward the package. Don't fall for that either.

• Facebook, and other social media scams.  Always watch what you are clicking on when browsing Facebook or other social media marketplaces.  Quite a few ads can sneak in there pretending to be a real product. See Pic below.  Most of the time if you take the time to read the ad, it will say right on it "this ad opens on another website"  Again these can be phishing sites. Always make sure you are browsing locally.  Don't forget the golden rule "if it sounds too good to be true, it usually is"  And again, NEVER pay with any form of pre-paid cards.

There are a whole lot more out there, that the scammers will try.  From the blatantly obvious to some really complicated setups that may look completely real. Don't forget to "trust your gut" also, if you think something is out of the ordinary, don't proceed. Don't let the scammers out there ruin your holiday season!

If you do come across some of these strange sites, emails or phone calls here is a link to report them (Canada)

Report Fraud



Sevenowl

Avast & AVG browser extensions

Some more "data collecting" going on without our knowledge. This one, this time around is from and anti-virus maker to boot!

Avast & AVG - their respective browser extensions, apparently are doing some data mining.  The following 4 extensions:

• Avast Online Security
• AVG Online Security
• Avast SafePrice
• AVG SafePrice 

Have been noted as collecting our personal information without our consent, including a detailed browser history! The data that is being collected is being listed as:

• Full URL of the page you are on, including query part and anchor data,
• A unique user identifier (UID) generated by the extension for tracking,
• Page title,
• Referrer URL,
• How you landed on a page, e.g., by entering the address directly, using a bookmark or clicking a link,
• A value that tells whether you visited a page before,
• Your country code
• Browser name and its exact version number,
• Your operating system and its exact version number

These extensions have apparently been removed from the FireFox extension website, but remain on the Google chrome store.

So, if you have AVG or Avast anti-virus, you more than likely have those extensions added on, as the installer automatically adds the browser extension.  If you need to check, if you are using FireFox open a new tab, click on the little gear in the top right corner, then click on 'extensions and themes' , you will see a list of all the extensions that are active on your browser. From there, it is just a matter of clicking on the 3 ...  and it will give you the option to disable. 

For our Chrome users, click on the 3 vertical ... , and click on 'more tools', then simply 'extensions'. You will see a screen with all your extensions, with a little sliding button to enable/disable them, and also the option to remove.

If you don't disable these extensions, they will continue to collect and send your data to Avast.

I would like to credit The Hacker News for this article. Feel free to head over there for more info!


Once again, Stay safe fellow Internetters!


Sevenowl

The 'SIN' scam & Windows expiring scam

I came across this news story and figured I would share it as well.  I know of a few people who have received these calls.

SIN scam

 If you receive these types of calls, report it to your local police asap!


Windows 7 Scam

I'm going to add another here as well.  It seems quite a few people are getting robo & live calls regarding Windows 7 ending.  Well for starters, the support for Windows 7 ends, that's about it.  DO NOT takes calls from anyone claiming that your computer will stop after 48 hours or anything of the like.  These are all 100% scams.

Be careful of this phone number: 817-984-4496  ... you will likely hear something like this:

User this call is to inform you that we have Microsoft have officially stopped providing support for Windows versions older than Windows 10 this is the final warning to update your Windows computer to the latest version, if not done within 48 hours of this message or services, will be stopped officially by the Microsoft Corporation feel free to call 131-284-7657 extension 64 installations I repeat 312-847-6576.

DO NOT call that number, DO NOT follow any of their instructions, HANG UP!

Please be careful, once these people get a hold of your phone number and any other information, it can be very hard to get rid of them.


 Remember, if you need some extra information on any of these topics, please leave a comment, and I will elaborate more. I try to keep up with what is current, but so many happen every day, that's nearly impossible.

Stay safe online!


Sevenowl

Social Engineering

Just adding to this topic as this is pretty accurate!

With the Christmas season upon us, this topic is gold. There are tons of scams, emails, fake ads, you name it. Everyone wants your money, especially the scammers.

Social media platforms are a hotbed in this season. Beware and watch closely on what you are clicking on, and/or purchasing if you buy off of social media.

Here’s a nice blurb from KimKomandoabout Facebook and other social media sites.

Thistactic is employed daily, in many different ways. From blatantly obvious, to so subtle that it is very hard to catch. This is a topic that can take pages and pages to explain. But hopefully you can understand the basics of it. There are many different types that are used, below are just a short few:

Phishing

Spear Phishing

Smishing

Impersonation

Social engineering has been around a long time, in many forms. So much that most people don’t even recognize that they’ve been a victim in a social engineering tactic. The most common form is usually when a user clicks on a pop-up ad or another form of a malicious link on a web page. Sometimes, you click, and boom... your computer is locked up and there is only a pop-up window saying to call this phone number to fix it. There are some that will call, and even worse, will give full remote access to their computer in order to “fix” it. This usually leads to a scammer installing malwareof sorts for them to gain back-dooraccess to your computer at any other time. Some even worse will provide credit card information etc. Yikes! Allowing remote access to your system is THE worst thing you could ever do! (especially to someone you do not know)

The Facebook platform becomes an epicenterfor social engineering. You know all those “what kind of cheese are you” posts? Or the ever-popular “can this Pic get 2000 likes? Well, guess what? Someof those posts are a “phishing” technique. Most of those posts, as soon as you click on them, you are allowing the poster access to your profile. Where it can give that person access to your friend's list, which in turn can start a snowball effect of data collection. It can be a little complicated to explain, but that is the gist of it. Also, never respond to any direct message from any facebook retailer, some can be pretty slick when they talk to you directly! Also, NEVER use your real credit card when purchasing off of social media, there are many options out there. PayPalis one of the best. But re-loadable Visa/MasterCard's are good as well.

Snap chat and Instagram is two other social media apps that people give away their information so readily, thinking they are making friends, etc. There are literally tons of people out there collecting all your data, email addresses, usernames, etc. And they, in turn, get bundled up and either sold for advertising purposes or used maliciously to help the party gain access to games, credit cards, or any number of other items out there that one may be fascinated with. Don’t get me wrong, not all social media is bad, it is a great thing to use and have if used properly. Use the security settings that those platforms provide for you. Make sure only friends can see your posts, pictures, and profile. In this day and age, you should NOT have your profile set as full public access for any reason.

The most popular Phishing technique is used via email. Everyone gets them, most are noticeable and people just trash them or report them as spam. But every once in awhile the odd one will get through that looks legitimate. It may contain your information, anywhere from your local grocery store, to your bank info. Most of the time they will say there has been a change in your personal data and you need to click on the link listed to verify or correct such information. Well, once you click that link, the whole process has started again. You have just verified that you are indeed a customer of such content and the link you just clicked will more than likely take you to a fake page (that may look very real) and you input everything you are ask too, thinking you are doing what your bank, store, or whatever has asked. These links will also 75% of the time install Malware {we will discuss in a later post} which provides hackers back doors links to your PC and all it’s data.

There are many aspects and variations of social engineering, that it is getting hard to keep up, and to realize what may or may not be trickery! Don’t forget the golden rule – What sounds too good to be true, probably is.

Feel free to read more:

Social Engineering on Wiki

Here is another good read on some prevention techniques: MUO

Sevenowl