fbeviltwin1

We all love using Facebook to connect with people, read articles, and see pictures of friends and family. What if you are looking for a friend of yours that you have not seen in years, and come across a Facebook page that you believe is your friend’s but in reality has been created by a scammer?

Scammers are using a tactic called ‘Profile cloning’. The tactic has been around for several years but is becoming more prevalent in 2016. It has become a serious security threat. Scammers have recently been targeting people over the age of 50, the majority being women.

Many people whose Facebook page has been cloned are claiming to friends that they have been “hacked” however this term is not completely accurate. The scammer has not logged into Facebook with your user name and password or taken over your account. They have simply taken public information, your profile picture and name, and created a new profile with that same information. The original profile created on Facebook has not been compromised.

When the scammer creates the new profile, they will send friend requests to everyone you are friends with already. Your friends may think nothing of the new profile and accept a friend request without a second thought.

 

When scammers clone a Facebook profile, what are they hoping to accomplish?

They want to use your Friends list to send them private messages in order to try to scam them.

Here are some examples of scams they use:

  • They use Advance Fee Lottery Scams in order to lure victims into believing they have won an international lottery. Because the victim has won a large sum of money, the person sending you the messages requires a driver’s license, passport, and or your banking information in order to send you the money you are owed.
  • They claim that you are stranded out of the country and need a short term loan to help you get back to the United States. The recipients think they are talking to the person they know and may agree to loan the person money so that they can get home.
  • The scammer may pretend to be your friend in order to get a large amount of personal or financial information from you.

What to do if you or someone you know has had their Facebook profile cloned:

If it’s a friend double check to see if they have created a second profile before proceeding. If the person tells you they have not created a second account, report the profile to Facebook as someone who is impersonating you or your friend.

To report a cloned profile to Facebook:

fbfriends1

  1. Go to the cloned profile page.
  2. Click the 3 dots (…) next to the Message button.
  3. Click Report.
  4. Click Report this Profile.
  5. Click They’re pretending to be me or someone I know.
  6. Next click Report to Facebook.
  7. Post on your timeline (or tell your friend to) that you have been cloned and tag the people who have added the scammer as a friend. Include a link to the cloned profile in your post. Once Facebook has deleted the cloned profile, they will also delete your post with the cloned profile link in it so don’t be alarmed when the post disappears.

 

How to help prevent this from happening:

fbfriends

  1. Keep your Friends private. If they can’t spam your friends they have no reason to clone your profile. On your page click on Friends. Click the pen icon (manage). Click Edit Privacy. Under “Who can see your friend’s list”, select Friends.
  2. Don’t Friend anyone who you aren’t already familiar with.

You may want to search for your name on Facebook in the city which you live in. Just to make sure this hasn’t happened to you already. It’s possible you’ll find other people with your name, just make sure they don’t have your picture and other information as well.

Happy Facebooking!

Will Stagefright kill Android?

stagefright
I’ve been a big fan of Android phones since day one. I went from using a Blackberry to an Android and never looked back. Of course with features and versatility comes risk. Over 950 million Android phones are out there being used every day. We store our phone numbers, e-mails, calendars, private notes and all kinds of other important data on our phones.

A security vulnerability that could hack, steal or even erase your data is a serious problem

So when a security vulnerability is found in the Android operating system that could hack, steal or even erase that data…that’s a serious problem. It’s called the Stagefright vulnerability (aka Heartbleed for Android).

It was found by Joshua Drake, a security researcher, back on April 9th. He reported it to Google and they released a fix shortly afterward to our wireless carriers. What can happen is a hacker sends you a multimedia message, or MMS, with a malicious code in it. Your phone automatically receives the message and interprets it without your permission. Bam you’re infected. What happens after that depends on what the hacker tells the code to do.

The question is, why haven’t we gotten this very important security fix yet? We haven’t received it, because our carriers are dragging their feet. The way the updates for Android work is like this; Google releases the update to the carriers, then they put the update into their own code and then release it to the public. Verizon, Sprint, T-mobile and all the other service providers from great to small have gotten this fix from Google, but as of today, not one has released it.

You would think that the security of 950 million customers would be a top priority
to these companies, but apparently not.

Maybe after few thousand angry letters they might listen. In the mean time, there are two options: Root your phone or simply change a setting.

Rooting your phone isn’t exactly easy and it comes with a risk. You are basically replacing the operating system of your phone. If you mess it up, you can ruin your phone. It voids your warranty to even try it. It’s definitely not for the non-tech savvy or the faint of heart, so for now, changing the setting is probably your best answer. Here’s how (UPDATE: If your phone has received the update to fix Stagefright you don’t need this. Check HERE to see if your phone is on the update list or install the Stagefright Detector app mentioned below to make sure):

How to turn off auto-receive for MMS:
1) Open your text messaging app on your Android phone.
2) Go to settings and find auto-receive MMS.
3) Turn it off.
4) Hit back to return to the app.

Here’s a quick tutorial if you need it:
http://www.greenbot.com/article/2954235/android/how-to-protect-yourself-from-the-stagefright-security-flaw.html

You can also try this one:
https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html

There is a minor inconvenience with turning this off. That is you will have to click a button to receive any attachment (pic, etc.) from a text. It will stop auto-receiving these attachments thus foiling any attempt to insert any malicious code to your phone without your knowledge. It is still possible to get infected if you click on an infected attachment, so be careful who you open attachments from. If you don’t know who they are, don’t open it. It’s basically the same rule for unrecognized e-mail attachments. When in doubt, leave it out!

If you have any questions regarding this or any other computer issue feel free to contact me via the Contact Us page or by e-mail. Safe (mobile) computing!

UPDATE: If you want to know if your specific phone is vulnerable there is a Stagefright detection app by Zimperium INC. Just go to the Play Store on your phone and search for “Stagefright detector app” or click the below link for more info.

https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector

Please note that the app DOES NOT fix Stagefright. Its only purpose is to tell you if you are vulnerable. The only way to fix it is by applying the update from your carrier when they release it. You can still greatly reduce your chances of infection by changing the MMS settings mentioned above. Cheers!

UPDATE 2: It looks like a few Android devices have been finally updated! Here’s a short list:

* T-Mobile Galaxy Note 4
* T-Mobile Galaxy S5
* AT&T Galaxy S6 & S6 Edge
* Verizon Note Edge and Note 4

If your device is on the list make sure you go to Settings>About device>Software update to get the update if you haven’t already.

UPDATE 3 : Here is a more up-to-date list of phones that have received the Stagefright fix so far:
http://www.androidcentral.com/list-devices-stagefright-patches

Is your cell phone safe?

7 tips on downloading mobile apps and increasing your phone’s security.cell phone security

It seems that almost everyone owns a smart phone. You can access the internet, e-mail, share files, play games and even print. All that information can be stored on your phone; does this mean we should be concerned about security? You bet.

Here are some ways to keep them out:

  1. You get what you don’t pay for.
    Most free apps you can download in the app store are sponsored in order to help pay for the app and its updates. Some use simple ads, while others gather information from your phone and sell it to marketers to pay the bills. Apps that you pay for are less likely to do this.
  2. Just say no to 3rd party apps.
    Some people have found ways around paying for apps by downloading them from websites. Stay away from this. Google and Apple both have security requirements in order to post an app in their stores. Websites don’t have these restrictions and the apps they offer may have been modified to include malicious code.
  3. Check the rating. Read the reviews.
    See what people are saying about the app. A good rating is not enough. Somebody may have noticed a problem with an app’s behavior and is trying to warn others.
  4. The less permissions, the better.
    You may notice when you are about to install an app that there are certain permissions that appear (iPhone users should check under Details before installing). Some apps need to access your phone’s account information, call history or the internet. Sometimes this is necessary for the app itself to function and other times it is not. Ask yourself if these permissions correspond with what the app is meant to do. The less permissions the app requires, the safer it is.
  5. Be careful when you update.
    Apps don’t always get better as they go. Sometimes the developer will release an update with bugs or the newer version may now have ads. Again, refer to the reviews to see who is unhappy about the newer version and why, before you decide to update.
  6. Install a mobile security app.
    If you are worried about the current state of your mobile device you can try installing a security app. ESET Mobile Security, 360 Mobile Security and BitDefender are among the best apps right now. They will allow you to scan for malicious apps, do a security check and some even help you recover a lost phone.
  7. Backup your data.
    Like the data on your computer, you should never keep it in only one place. Make sure you have a copy of your files, pics and music on your computer or a backup drive. If you’re not sure you can live without those files, back them up. Try Google Drive or Dropbox.

Still have questions or need help? Feel free to let me know at service@gocomputerace.com.

“Russian hackers steal over a billion passwords”

hacker

Recently in the news we heard about a group of Russian hackers who managed to steal 1.2 billion usernames and passwords. While we still don’t know what the hackers were planning to do with these passwords, there is one thing we can safely assume, it won’t be good.

What can we do?
Change your passwords right away. We should not give them time to use any of the information they have taken. Keep in mind there are some important guidelines to maintaining your security. Here are some tips on how to do so:

1)      Do not use old passwords. If you have used the password online in the past, chances are they already have it. Come up with a completely new password.

2)      Do not use common knowledge passwords. Using your son’s name and his birth date may sound like a great idea but it’s not. It’s commonly used and hackers may already have that information. Also avoid passwords that use your address or phone number.

3)      Add special characters to your password. Using an exclamation mark (!) or an asterisk (*) will make your password more difficult to hack or steal. You may also consider changing letters for numbers or special characters. For example; “P4$$w0Rd” would be a lot more secure than just “password”.

4)      Keep your new passwords in a safe place. Everyone’s biggest complaint about passwords is being able to keep track of them. Write your passwords down on a notepad and keep it hidden or locked away. You can also create an unshared (or offline) document on your phone. For example Notes on the iPhone or S Memo on Samsung phones. You can also try a password app on your phone. I recommend sticking with off-line apps that don’t talk to the internet or backup online. Try aWallet Password Manager for Droid phones.

Still have questions or need help? Feel free to let me know at service@gocomputerace.com. I also welcome any feedback about this blog.

Leaving XP

Leaving XPHello XP users,
I’m sure you’ve heard that Windows XP support has come to an end. As a result, your old XP system is more at risk with each passing day. You may still be very happy with XP or may feel like you have no choice but to stick with it due to some old software or a printer you have that only works with DOS or XP, so here are your options.

1)  Stay with XP:
This is definitely the riskiest option.  If you have to stick with your old software or hardware in order to keep working, it may be your only option. If that’s the case you should consider taking the computer off the internet to prevent any outside threats from getting in, or at the very least, limit your internet activity to a few, safe websites. By safe I mean websites you are familiar with and have decent security. No social, file download or email sites. The fewer the websites, the better.
Remember, this is not the best option. You should take immediate steps to transition away from whatever is keeping you on XP. Disaster may not strike right away, but it can and probably will.

2)  Try to upgrade to Windows 7:
This is something I don’t usually recommend for older PCs. It can cost several hundred dollars and in the end, doesn’t usually perform as well as a machine that was designed for newer operating systems. For a little more, you can buy a new Windows 7 or 8 machine that will perform much better.

3)  Buy a new computer:
Buying a new computer is a good option and is not terribly expensive, especially if all your software runs on Windows 7 or 8. If your software doesn’t work with newer versions of Windows you still have options. Something you can try is compatibility mode which allows older software to work on a newer version of Windows.
More work does goes into purchasing a new computer because it takes time to transfer all your files and install your programs on the new machine. However, I think this is still the best option.

About Windows 8:
Don’t let Windows 8 keep you from buying a new machine. Yes, a lot of people don’t like the interface but it can be dealt with, even changed. There are ways to make Windows 8 look and function just like Windows 7 or even XP. You can also special order a computer with Windows 7. Contact me if you have questions about this.

How do I know what version of Windows I’m using?
Simply right-click on my computer and select Properties from the menu. Under the General tab you should see info about your computer including what version of Windows you are using.

If you feel like you are stuck with XP, don’t worry. You do have options. Give me a call and we can take a closer look at your options.

Keys to Protecting Your Network From Cyber-Attacks

More than half of businesses across the world lack the ability to detect security breaches to their networks within a short period of time. Just think about how much valuable information can be lost, tampered with or stolen in just a matter of minutes? With current technology, there is no need to take the risk of a cyber attack. Data center monitoring is quickly becoming the top priority for businesses all over the world. But what does it take to achieve 100% visibility for ultimate data center security? APCON explores this topic in the following infographic.

[Click image for full size version]

Keys to Protecting Your Network From Cyber-Attacks

Microsoft Tech Support Scams

Microsoft is not in the business of scamming people, at least not the real Microsoft. There have been in the last year or so, companies that because they are located in other countries, have gotten away with posing as Microsoft and offering tech support help to people in need.

They call you, pretending to be Microsoft tech support and tell you that they have noticed that your computer is having problems. Then they have you go to a fake website and change some settings on your computer so they can “help” and then, at the end of the call, tell you it costs X amount of money. By then your computer is probably worse off than it started.

How do they know you need help when they call? Good question. It’s because they are using their own spyware or malware that has found its way onto your computer to cause you problems in the first place.

Do they really help? No. They may “fix” certain issues that you are having but they are issues that they created in the first place. So when they fix them, they are really just telling their spyware to leave you alone temporarily so they can create more problems for you later.  They also hope you will call them at a later date so that they can take your money.

How do you know if it’s really Microsoft? Microsoft never calls people. The only time they would ever do so is if you purchased something from them recently and there is a problem with your purchase or if you called them recently and left a callback number. Regardless you would have initiated the communication at some point.

If you ever suspect a tech support scam, simply ask if there is any kind of fee for the service. If the answer is “yes” then immediately hang up. You can then report the phone number to the Federal Trade Commission.

http://www.consumer.ftc.gov/articles/0076-telemarketing-scams.

After that I would highly suggest having you computer checked for spyware. You can always contact me if you need further assistance.

AOL=RUN

Ladies and gentlemen another public service announcement. If you are using AOL email, RUN. If you are using the AOL software RUN. If you are using AOL anything. RUUUNNN! Seriously. It’s all packed to the brim with spyware. I am not kidding. Get another email, do not use any of their services.

I had a client who had a completely clean computer use the AOL software and the very next day (no exaggeration) his computer could barely work because it was so infected.
Let me know if you have any comments or questions about this or if you have had problems with AOL yourself.

Java Updates

Today I would like to talk about the importance of Java updates.

What is Java?

Java is a programming language commonly used in webpages and certain applications that add advanced functionality. More on Java here: http://www.java.com/en/download/faq/whatis_java.xml

Why is updating Java important?

In a word; security. Any program that adds online functionality to a website can pose a security threat. Spyware programmers can deploy these functions in malicious ways to gain control over your computer, lock you out or gain access to valuable information.
A recent article released by CNET talks more about it:
http://news.cnet.com/8301-1009_3-57563951-83/homeland-security-still-advises-disabling-java-even-after-update/
I personally don’t advise disabling Java. It can cause problems in applications. I do however support the idea of keeping it up to date.

How do I update Java?

Java should check for updates every so often on it’s own. The key word there is “should”. Sometimes the update feature stops working for some reason or because people don’t know what Java is, they will simply ignore the notices to update.
If you want to update Java manually you can follow the steps in the instructions linked below:
http://www.java.com/en/download/help/java_update.xml
Scroll down to the “Java Update Options” section.

I also update Java whenever I do regular maintenance on a computer, a part of every service. So if you’ve had service recently, you’re good. Just keep updating it whenever it prompts you.

NOTE!! Sometimes Java will offer to install additional software along with the update. This is entirely up to you but it will be selected by default so keep an eye out for the option. You may not want what is being offered.