Public Wi-Fi

Leave a comment

My local police department issued this warning today:

Today’s technology can be extremely useful in our everyday activities, but also dangerous if not done so with caution. Below are some things to remember before you allow you your smart phone, tablet, lap top, or any other device to connect to a publicly shared Wi-Fi network.

  1. Never utilize your online bank or credit card accounts, or shop online when connected to public Wi-Fi.
  2. Be aware that criminals may set up similar network names to a restaurant, café or coffee shop to get you to us their network. When this is done, they can gain access to your personal information.
  3. Make sure your smart phone is not set up to automatically connect to surrounding Wi-Fi networks.

You might ask the difference between public Wi-Fi and the one in your home.  Well, the simple answer is encryption.  Everything you send via a public Wi-Fi signal can be intercepted by someone else on that same network.  Since the transmission is not encrypted that person can read everything you send.  That includes passwords, bank numbers and private emails.

Encryption acts similarly to the locks on the doors in your home.  The locks keep people out unless they have the right key to translate the tumbler in the door.  Similarly, encryption locks your message so that someone without the proper decryption codes cannot understand what you have sent.  No locks mean that anyone can walk into your home;  no encryption means that everyone can read your post. The better the locks, the less likely that undesirable people will come in your home;  the better the encryption, the less undesirable people can read your email.

Advertisements

Taxpayer Identity Theft

Leave a comment

No one likes tax time;  there are too many forms to complete and often there is money to send.  Well, as with any situation, wait, it will get worse — and it has.  Thieves are filing taxes using your social security number and directing the refunds to themselves.  You may be unaware you are a victim until you try to file your taxes and learn one already has been filed using your social security number.  Or, you may learn from the IRS that you owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.  Another way you can find you have a problem is if IRS records indicate you received wages from an employer unknown to you.  Of course the problem worsens because if they have your social security number, they may also be stealing other aspects of your identity.

This is a major problem and you need to act immediately!

If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends you take these steps:

  • Respond immediately to any IRS notice; call the number provided
  • Complete IRS Form 14039, Identity Theft Affidavit. Use a fillable form at IRS.gov, print, then mail or fax according to instructions.
  • Continue to pay your taxes and file your tax return, even if you must do so by paper.

If you previously contacted the IRS and did not have a resolution, contact the Identity Protection Specialized Unit at 1-800-908-4490.

Then, you need to address the other (non-IRS) dimensions of your identity theft.

  • File a report with your local police department
  • File a complaint with the Federal Trade Commission at www.identitytheft.gov or the FTC Identity Theft Hotline at 1-877-438-4338 or TTY 1-866-653-4261.
  • Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
  • Contact your financial institutions, and close any accounts opened without your permission or tampered with.

IRS and the Internet

Leave a comment

Last night when I came home, there was a message from the IRS indicating that I had to call a special number and give them my personal information immediately or I would be arrested.  A friend of mine received the same message via email.  Another friend, who always pays her bills on time received an email that said the IRS has filed a lawsuit and you must call ….. This email even added, “there will be no further warning.”   These were all intimidating messages, and the IRS has a reputation for being intimidating.  But, they clearly  were all scams because as the IRS Commissioner says, “[their] way of contacting you is by letter.”  They also tend not to threaten you if you don’t pay immediately.  You can view other scams allegedly involving the IRS on their fraud page at http://www.irs.gov/uac/Tax-Fraud-Alerts.

What do you do if you get this call or email?  Hang up the phone and delete the email;  then go on with your life.  Even if these people have personal information or even the last four digits of your social security number, ignore them.  Then report them.

Do you need help using the Internet?

Leave a comment

coverI have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Phishing

Leave a comment

Yep, “phishing” is a real thing, and you pronounce it the same as “fishing”.  Like fishing, phishing uses bait in an effort to hook something.  Unlike fishing, phishing doesn’t look for fish, but rather for sensitive information.  Phishing attempts to use an apparently trustworthy request to gain usernames and passwords to get access to more computers and/or credit card and other financial information to get money.

The key to phishing is that the request appears to be legitimate.  An email might be constructed to have the same look as those from your bank or other financial institution.  Or, the email might appear to be a bill from a company with which you do business.  Today phishing happens withing social networking tools, such as Facebook,  too.  These might be realized as:

A game or lottery.  In this kind of phishing, you may get an email or a Facebook post that claims you have won money.  Unfortunately, to get to the money, you must send them money or access to your bank account.

A request to confirm your account  These emails or social networking program ask you to log into a system that appears to be the legitimate.  Often these are sites that are appropriately branded and look as you expect them to be, but aren’t.  Never click on a link in  the email or social networking message;  the site might not take you where it appears to be.  The better approach is to log in manually.  So, if the message appears to be from Facebook, don’t click on the link, but instead type in http://www.facebook.com and proceed from there.

A violated policy alert.  You may note an email or Facebook post that claims you have broken some policy in your email system, Facebook or some other social networking system.  These always ask you to log in and do something.  Always navigate to the site manually.  Don’t provide information unless you are sure you are on the correct site.

Photos and Videos.  It is quite common for people who have hacked one account to try to get more information by sending information to contacts that appear to be from the original owner of the account.  These messages might claim to have videos or photos of you that are not appropriate.  Or, the message might claim to have photographic proof of some gory or sensational event.  These are almost always an attempt to get access to your account.  You should ignore t hem.

Before logging in to any site, always verify that you are indeed on the main site. Careless and unsuspecting users are often fooled by these tricks.

Cybersecurity, Sony, and You

Leave a comment

By now, I assume you have heard about the hacking of Sony’s computers last month.   Just to remind you, Sony produced a comedy film about two fellows who were supposed to assassinate Kim Jong-un, called The Interview.   There was significant publicity before the movie was released;  personally I did not find the commercials compelling and had not planned to view the movie.  Then, just before it was to be released suddenly Sony’s computers fell victim to a significant hacking attack.  Financial data, including social security numbers and identities, were released.  Equally embarrassing were the masses of personal emails which highlighted the dysfunctional nature of the film business.  In addition, the hackers “wiped” most of the computers “clean,” meaning the data are lost to Sony.  Estimates of the damage are in the millions, far more than the value of the film.

Early reports blamed North Korean hackers for this attack.  Then reports suggested that the hackers were really not from North Korea, simply “sympathizers” with North Korea.  Then the focus turned to North Korea again.  The Federal Government seems fairly sure that fault lies with the North Koreans.  However, whoever was behind the hack announced they would do no further damage if Sony never released the film.  So, Sony halted release of the movie.  It did later get released amid cries of the inappropriateness of the North Koreans censoring our media.

So, what do we know? Clearly Sony was hacked.  Evidence suggests that the intrusion had been occurring for more than a year, prior to the release of data.  Could it have been the North Koreans given their lack of technology?  We have known since 1998 of the formidable capabilities of the DPRK army’s Unit 121;  at that date, its force was 17,000 hackers (there are probably more now).   Further, North Korean officials had previously expressed concerns about the film to the United Nations, stating that “to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war. [emphasis added]”   Could it have been someone else who sympathizes with them?  Yes.  The Guardians of Peace have made threats against the United States, and they have the capability.

The question though is what is the impact on you?  Well, assuming you are not one of the employees or dependents whose private information or communications were released, this is primarily a wake up call is the impact that hacking can have on us as individuals and us as a society.  First, to us as individuals.  Those people whose financial data were exposed may run into a variety of problems from credit card fraud to identity theft.  Someone, whether it is Sony, the individuals themselves, or others, will need to spend much time and money to ensure that the people are made whole again.  You run the same risk every time you use a credit card (whether on or off the net), or connect to the Internet.

The more interesting question, though, is what happens to us as a society.  Sony will spend a small fortune recreating its data bases, correcting information and repairing relationships with its customers.  Of course, they will need to create a better security system to protect the recreated repositories.  That means that the costs of Sony movies will increase and we will all be forced to pay for it.  Perhaps this experience will frighten all of the studios to invest more money and so that the costs of all movies increase.  Well, today it is just a cost of doing business.

Bigger than that, however, is the threat that if another government (or perhaps another company or group of people) doesn’t like what you produce, they can affect it by hacking into your computers or even threatening to hack into your computers.  What will that do to the freedom of speech and expression in this country?  What will it do to entrepreneurship in this country?  For that matter, what will it do to the governing of this country?

In this case, the cost was primarily financial.  What happens when the hack is against our power grid,  water systems, or hospitals?  The implications of that are far worse.

We all need to be careful about computer security, and we need to think about the tradeoffs with ease of use.  And, all of us need to put pressure on corporations to improve their security systems from the bottom up.

 

 

Cyber Monday is coming

Leave a comment

Tomorrow is Cyber Monday, the online equivalent of Black Friday.  Online vendors offer great deals  — without the crowds, lines and hassles. While I never partake in Black Friday shopping (although I do practice Small Business Saturday shopping), I always try to get some time for Cyber Monday shopping!

Ah, but it is not without its problems.  There are great deals, but those that seem too good to be true often are just that, untrue.  People will pretend to give you bargains, and even pretend to be something they are not just so they can steal your money.  So, you need to be ready for them if you are planning to shop on Cyber Monday.  These are some hints that will help you keep safe.

  1. Only shop with companies you know.  Those little boutiques and great offshore stores may look like they offer great deals, but you may never get anything from them.  They should be avoided unless you are sure they exist because someone else has shopped there or you have some physical evidence that they exist.
  2. Don’t click on a link from an email to get to a website.  The link may look safe, but you do not know that link will direct your browser to where it says it is going.  If you must, copy the email address that it is visible and paste it into your browser manually.  Once you arrive at the page, look at it carefully to be sure it is the intended site and not a fake site made to look like a real site.  It is easy to reproduce logos, colors and the like to make a page resemble a legitimate business page even if it is not.
  3. Only provide your financial information  to websites that are secure.   Anything sent over a regular Internet connection can be captured by people with the correct knowledge and tools.  To avoid hackers having access to information such as your credit card number, you want to send the information over a secure internet connection.  Reputable stores will transfer you to a secure connection before asking for financial information.  You can tell two ways.  First, you should be able to see a locked padlock icon somewhere on your screen (it is different with different browsers, different versions and different kinds of machines).  For example, in Firefox on a PC, the padlock is at the top of the page near the “go back” button.  Also, even if you cannot find the padlock, look at the URL, or address in the locator window at the top of the page.  If it is a secure connection, the address will start with https:// (instead of the normal http://).  The “s” stands for secure.
  4. Try to use just one credit card online.  In today’s world there are lots of examples of hacking both online and at the brick and mortar stores.  It is a good practice to use a credit card online that is not your main credit card.  In that way if you are a victim of fraud, you can cancel the one card and still have another for your regular purchases.
  5. Keep passwords secure.  Most of us think passwords are a hassle.  While they are a hassle and it is hard to remember secure passwords or multiple passwords, they often are the only thing keeping your credit card and other personal information safe.  Keep them secure and keep them “strong” (hard to guess).  For more information on this, I recommend you look at the blog entry on passwords.
  6. ALWAYS use anti-virus software, a firewall and anti-spyware software.    It is amazingly easy to pick up malware on the Internet.  (For more information, check out my blog on malware.)  Having those tools available does not guarantee that you will not have problems anymore than putting locks on your doors will prevent you from being burglarized.  But, we all lock our doors at night.

Enjoy your hassle-free shopping, but be careful.  It is easy to forget there are undesirable people in cyberspace just like there are in most communities.  Avoid them if you can!

Older Entries