Posted on

The Credentials Conundrum

Everyone needs a good answer to the question, "How do you manage your passwords?" If you use the Internet you’ll soon build up a long list of notable destinations and passwords, and it’ll only get longer in the future! Since strong credentials help protect us from criminals and creeps, we all need to master the art of managing them. Many try writing them on paper or keeping them in their head or in spreadsheet, but these methods are insecure and…

Read more

Posted on

The Traffers threat

Traffers are criminal teams who typically redirect you to malware that steals your private information. The term “Traffer” comes from the Russian word “Траффер” which translates to “worker.” In 2022 alone, over 120 such teams have been created worldwide! The most effective protection against traffers is the use of multi-factor authentication while never clicking on links inside uninvited emails or sketchy web sites. Link to full article

Read more

Posted on

3-2-1 Backup Strategy

The true value of your computer or device is not your equipment, it’s your data, like photos, documents, and music! You can easily replace stolen or broken equipment, but without a proper backup you can’t replace your important data! Since any computer can crash at any second, or be infected by malware such as ransomware, it is critically-important to have established a quality backup strategy, such as the ever-popular “3-2-1” method. Here’s how the “3-2-1” method works: Check out this…

Read more

Posted on

Tips for Two-factor Authentication

2FA, also known as “Multi-Factor Authentication” or “MFA” is technology that attempts to increase security beyond a simple logon ID and password. It does this using three concepts: knowledge – something only the user knows (like a password/PIN/secret questions) possession – something only the user has (like a one-time or hardware token) inherence – something only the user is (like a biometric scan) Logging In Most sensitive consumer-facing websites today use the following method: user enters their user ID and…

Read more

Posted on

Password Dos and Don’ts

There are best practices and worst practices for handling your passwords. Here are a few examples of both: Dos: always use a quality password manager > easily generate new hard-to-crack passwords > serves as a log of all existing accounts > audit password usage > use to delete unused or forgotten accounts always use longer passwords with at least 8 characters > longer passwords are much harder to crack always change passwords for critical sites at least annually > aka…

Read more

Posted on

Beware “Zero-day” malware

Malware, aka "malicious software", are nefarious programs created by cybercriminals designed to somehow violate your privacy, or cause you damage or other hassle. There are at least nine major categories of malware: Spyware — spies on your to steal your sensitive information Ransomware — blocks access to your files then extorts money from you Viruses — infects your files and/or programs Worms — infects the system files Trojan horses — misrepresents itself to appear useful Adware — forces advertising on…

Read more

Posted on

Beware Banking on a Windows PC

The vast majority of viruses and other malware is written for the most-popular PC operating system: Windows. As of 10/28/19 GlobalStats reports that 72.9% of desktop PCs run Windows, followed by 21.1% that run Apple’s OSX. Best practice is to never log on to your banking website if you run a Windows PC. Instead, build a “Live CD” (or use a USB flash drive for quicker startup) that boots it with a less-popular operating system like Linux. You can then…

Read more

Posted on

Beware tricky new scam: ‘Vishing’

Even security pros are falling for ‘Phishing’s evil twin: Voice-assisted phishing, aka ‘Vishing.’ This scam often involves a human being on the phone with you, typically ‘reporting’ something like fraud to you then asking you to verify personal and account-related details like home address, social security number, PIN number, etc. Bottom-line: always disregard the caller’s caller-ID, even if it matches your bank or creditor’s numbers — since caller-ID is easily faked. Best practice if you’re worried — hang up, then…

Read more

Posted on

Beware SIM-swapping Attacks

Most people consider their Social Security number to be their most valuable personal data. Another threat is brewing that targets your mobile phone number — yes, the phone you use for 2-Factor Authentication and resetting your website passwords! Here’s how it works: Criminal somehow acquires your mobile phone number then gathers some basic information about you Criminal calls your mobile carrier and impersonates you requesting them to reassign your mobile number to a different phone Criminal then uses this phone…

Read more