Trust me!

Trust me, I'm a professional! 

I thought I'd add a little comedy until my next article is ready.

Enjoy everyone!

Sevenowl

Another Ring Camera article

Just an add-on to my previous post regarding re-used passwords and Ring cameras. (previous post here) A US man has sued Ring after his camera was hacked and used to harass his children. Here’s the story: Ring Camera hacked

Once again, be careful when purchasing a lot of these new “WiFi” cameras and doorbells. I’m not saying there aren’t good ones out there, you just need to do some research.

Try not to ‘impulse’ by these. Take a while, google the maker, read the reviews, and even google if it has been hacked before. Most of these cameras (doorbells) have their own little WiFi network, that you connect to, then an app to connect it to your network. Sometimes, those little networks stay wide open and fail to secure, leaving your login information sitting right out in the open.

Most companies have discovered this and have deployed patches and firmware updates, although I would still suggest doing a little research before buying.

Sevenowl

Xmas coming!

With Xmas just around the corner, I'm tied up with a ton of things. But I will get some new posts up here soon!

For those that haven't seen it yet, an example of possible reuse of password and log in.  This may have been how this hacker/scammer gained access to this webcam.

Hacked Ring camera

This is a more common occurrence than people think. Thankfully no serious harm was done. Although it will make a lot of people think twice about these types of cameras. Although the majority of it is not the camera, but the login details. In my previous articles, I explain that using a password manager is becoming a necessity in this day and age. There are many free versions out there, although spending a few bucks on a simple app, that could possibly save you a ton of headaches later on, is definitely worth it!

More to come...



Sevenowl

Passwords & Password reuse

Passwords & Password reuse

This is hot topic everywhere. Everyone has heard the risks of using the same password for multiple accounts. I of course can’t stress it enough either. Never use the same password for multiple accounts. And the age old, “don’t use easy to guess passwords”.

By easy to guess I mean don’t use your phone number, birth date, name, kids’ names or birth dates, this list goes on and on.

Many people will choose easy to remember passwords, just for the sake of it being simple to log into whatever it is you are using. This is the most popular way of getting your accounts stolen. It doesn’t take much for a hacker or scammer to look you up on the Internet and usually find your birthday, address, or phone number. Either from you posting it somewhere you think was safe or from social media sites.

Passwords, you hear about it almost every day, Passwords leaked here, or stolen from there. A lot more websites and online retailers are beginning to ask for stronger passwords, or passwords that require special characters.

Something I suggest is to use a password manager. There are lots out there, I have tried a few and have settled on Dashlane. I find it easy to set up and use, and it even sync’s across all my devices. After using one of these, I don’t know how I didn’t before. It has an autofill, and auto log in features which are great, as they defeat key loggersbecause there is no typing to do.

PC magazine has a good list of free and paid password managers. Check them out here.

Below is also a list of the most commonly used passwords of 2019. Do you see any of yours?

1. 123456                          13. 000000
2. 123456789                    14. Iloveyou
3. qwerty                           15. 1234
4. password                       16. 1q2w3e4r5t
5. 111111                           17. qwertyuiop
6. 12345678                      18. 123
7. abc123                          19. Monkey
8. 1234567                        20. Dragon
9. password1
10. 12345
11. 1234567890
12. 12312

If you have any of those set as your password anywhere, Change it! Passwords you choose should be unique and include special characters like: @,#,$,& and a combination of letters and numbers as well.This makes it much harder to guess. Another good method is making a password at least 8 characters long, if not 12. This makes your password a little tougher to be found by malware or brute force attacks.

You can also consider using an authenticator. These are 2FA (2 factor authentication) apps, that give you a second line of defense. After you enter your password, you are prompted to put in the one time “code” that the authenticator provides you with. Some places even offer key chain style authenticators. I find these are very useful as well, Google has their own authenticator that you can add many different sites to just by scanning a QRcode.

Hopefully this will help some of you out. Don’t forget to check out my earlier articles on some other great topics.

Sevenowl

Christmas & Online shopping scams

Good evening, morning, afternoon, or whatever it may be where you are reading this.

Let's start off with Lookalike websites.

Like everyone else, your email is probably getting flooded with flyers and all sorts of sales.  Most will be legitimate places that you have shopped before, but some may not be.  Some may just be links to fake lookalike websites.

When opening an email, always make sure to check the following:

• The sender’s address

• Look for spelling or grammatical errors, hover over links before clicking on them to see where they lead and don’t enter any personal information into a website that displays “http://” instead of “https://” at the beginning of its URL. (The “s” in “https://”  means that the website is secure and uses some form of encryption.)

•  Beware of "free" gift card scams, a lot of those can be scammers just trying to get your information.

• Another one is the "fake shipping" or "failed delivery" emails. These can appear to come from legitimate sources, but once you click on them, off you go to the scammers' site.  You should never have to input your personal information from a tracking number thats been provided to you. These happen a lot and are easily mistaken for the real thing. Especially this time of year. Once again, if there is a link, hover the mouse over it (without clicking on it) and the address should appear on the bottom left.  If you don't recognize the destination, DO NOT follow it!

• Another one is the 'fake charity' emails.  These are a big NO. If you want to donate to charity, do it in person and locally.  Usually, the only "Charity" asking via email for money, are scammers.

• Unusual payment forms.  All the real sites that you shop from will NEVER ask you to pay via wire transfer or unassociated gift cards.  

• Phone scams. These exist in numbers around the Christmas season as well.  Again, NEVER give out any personal information over the phone! Especially credit card info! Watch out for the 'postage due' trick also. Some of those scammers will call saying that your package is held up because of insufficient postage. Whereas they will then request payment to forward the package. Don't fall for that either.

• Facebook, and other social media scams.  Always watch what you are clicking on when browsing Facebook or other social media marketplaces.  Quite a few ads can sneak in there pretending to be a real product. See Pic below.  Most of the time if you take the time to read the ad, it will say right on it "this ad opens on another website"  Again these can be phishing sites. Always make sure you are browsing locally.  Don't forget the golden rule "if it sounds too good to be true, it usually is"  And again, NEVER pay with any form of pre-paid cards.

There are a whole lot more out there, that the scammers will try.  From the blatantly obvious to some really complicated setups that may look completely real. Don't forget to "trust your gut" also, if you think something is out of the ordinary, don't proceed. Don't let the scammers out there ruin your holiday season!

If you do come across some of these strange sites, emails or phone calls here is a link to report them (Canada)

Report Fraud



Sevenowl

Avast & AVG browser extensions

Some more "data collecting" going on without our knowledge. This one, this time around is from and anti-virus maker to boot!

Avast & AVG - their respective browser extensions, apparently are doing some data mining.  The following 4 extensions:

• Avast Online Security
• AVG Online Security
• Avast SafePrice
• AVG SafePrice 

Have been noted as collecting our personal information without our consent, including a detailed browser history! The data that is being collected is being listed as:

• Full URL of the page you are on, including query part and anchor data,
• A unique user identifier (UID) generated by the extension for tracking,
• Page title,
• Referrer URL,
• How you landed on a page, e.g., by entering the address directly, using a bookmark or clicking a link,
• A value that tells whether you visited a page before,
• Your country code
• Browser name and its exact version number,
• Your operating system and its exact version number

These extensions have apparently been removed from the FireFox extension website, but remain on the Google chrome store.

So, if you have AVG or Avast anti-virus, you more than likely have those extensions added on, as the installer automatically adds the browser extension.  If you need to check, if you are using FireFox open a new tab, click on the little gear in the top right corner, then click on 'extensions and themes' , you will see a list of all the extensions that are active on your browser. From there, it is just a matter of clicking on the 3 ...  and it will give you the option to disable. 

For our Chrome users, click on the 3 vertical ... , and click on 'more tools', then simply 'extensions'. You will see a screen with all your extensions, with a little sliding button to enable/disable them, and also the option to remove.

If you don't disable these extensions, they will continue to collect and send your data to Avast.

I would like to credit The Hacker News for this article. Feel free to head over there for more info!


Once again, Stay safe fellow Internetters!


Sevenowl