Ransomware Gets Personal

It was an ordinary Tuesday late afternoon for John Doe; catching up with friends and family on Facebook and sifting through his email before dinner. As he was scrolling, he noticed an email from an old acquaintance he hadn’t heard from in a while. Normally, John is hesitant to click on an email that is unfamiliar as he knows it typically is junk, but he hadn’t heard from this person in ages and was curious what the email was about. John clicked on the attachment and that is when the problems began.

When opened, the attachment appeared empty and didn’t include any information. John responded to his friend. While waiting for a reply, he noticed his computer was really slow and then a large pop window appeared on the screen with an ugly picture of a clown and the words, “Your computer files have been encrypted…you must pay the ransom or your files will be deleted.”

What just happened? John was hacked with a malicious file by cybercriminals under the guise that it came from someone he knew. He subsequently paid the ransom to the hackers to get his files back.

Does this happen often? Alarmingly, YES! Cybercriminals are no longer just going after companies, but individuals like you and me, and they are doing it at an alarming rate. These online scams infect your computer in different ways including opening email attachments, clicking on links in emails, or sometimes even visiting a valid website that has been compromised by cybercriminals.

So what can we do to protect ourselves from these attacks?

Backup all of your files religiously. Use an online backup that does it automatically for you like Backblaze, Crashplan, or Carbonite.

Ensure that you are doing updates on your computer for both Mac/Windows operating systems and the various software programs that you have installed including Java, Adobe Reader, Flash, etc. This will ensure that any vulnerabilities that have been discovered and pose a threat are eliminated.

Handle email with caution. Cybercriminals are getting better at disguising their phishing emails.

No matter how authentic the email looks, don’t open attachments or click on links inside unsolicited emails from friends, businesses, the IRS, or your bank. If it seems strange, call that person and verify they really sent you the file or link. Is it inconvenient? Yes, but it’s better than paying money or losing all of your files. It’ll be worth the extra precaution in the long run.

If you have been hit by ransomware, you have some difficult decisions to make. If your files are not backed up, you can either pay the cybercriminals for an encryption key to unlock them, or lose all the files and start over.

If your files are backed up with an online company, you can have someone help you wipe the hard drive and download your backup files. All of this takes time and is extremely inconvenient. It’s better to be cautious and verify the sender before clicking on attachments or links. If you are a victim of an attack, the FBI asks that you file a complaint through their IC3 site at IC3.gov.

Don’t Make Yourself an Easy Target

Identity theft seems to be always in the news and people want to make sure they are mitigating the risk.

Hacker

Just this last week, a student at the University of Utah discovered he was the target of identity theft. The thief applied and was approved for multiple accounts in the victim’s name and was making purchases. The individual even updated bank information using a new email address he created, unbeknownst to the victim.

What can we learn from this?

  1. Shred anything with personal information.
  2. Check your credit report for suspicious activity.
  3. If you feel you have become a victim, place an immediate freeze on your credit. This prohibits someone from applying for a loan or credit card in your name until you remove the freeze.

Another place identity thieves love is the junk yard. They search through the wrecked and totaled vehicles that potentially contain mountains of papers that can be used to steal your identity.

KSL News recently investigated and found a lot of information that had unknowingly been left in vehicles: bank information, medical records, checkbooks, and tax information,1 all of which contained the perfect recipe for identity thieves: names, address, Social Security, and bank account numbers.

What can we do to make sure our vehicle isn’t a potential jackpot for identify thieves?

  1. Clean out your vehicle regularly.
  2. Don’t store sensitive documents in your vehicle.
  3. Double check all locations, i.e. console, glove box, trunk, and underneath seat, before selling or letting your vehicle be towed after an accident.

An additional item that must not be overlooked is your online presence. It seems like every website requires a login. Some ask for a user ID. Others want your email address. The password requirements differ: letters, numbers, special characters, or all three.

The best passwords are longer than 8 characters; include a combination of letters, numbers, and special characters; and are changed every 3 months.

How can you keep track of and secure your passwords?

  1. Memorize them.
  2. Write them down and keep the list secure.
  3. Use a phrase you can remember that is hard to guess. Add variations at the beginning or end.
  4. Have your Internet browser remember them.
  5. Use installed software that remembers them.

Do not make your passwords the same. If one of your logins is compromised, the hacker will try it on your other logins. Another tip: do not write them on a sticky note next to your computer.

We have had many clients ask us about purchasing an identity theft protection product like LifeLock, IDShield, or LegalShield. You can do many things they do for free to protect your identity, such as monitoring your bank accounts, credit card statements, and your credit reports. However, this can be time-consuming.

For a monthly fee, these services monitor your personal information and send you alerts if any suspicious or fraudulent activity ensues. Each of these differs in price and the services they provide.

If this is something you would like, do your homework and research them to find one that offers the right balance of features for the price you are willing to pay.

Identity thieves work around the clock. Unfortunately, they’ve made it their job. Follow these steps to make it harder and don’t make yourself an easy target.

 

1. Mike Headrick and Tania Mashburn, “Piles of Personal Data Discovered in Salvage Yards,” KSL.com, November 9, 2015.

Untimely Disasters – How to Protect Your Home

Disasters are going to happen. There have been a number of them this year. Unfortunately, we don’t know when or what will happen next. It might be a forest fire, electrical fire, hurricane, tornado, flood, or earthquake. You can’t protect yourself from every disaster, but there are steps to help you put the odds in your favor.

Start by making a checklist of all the items you feel cannot be replaced. Save this list where it can be located quickly. This will help avoid an important item being left behind as your mind is racing during an emergency.

Examples of items for your list:

  • Home and auto insurance paperwork
  • Automobile titles
  • Healthcare information
  • Passports, marriage and birth certificates
  • Wills and trusts
  • Memorabilia, keepsakes, heirlooms
  • Photos (not already backed up digitally)
  • Statements: banking, mortgage, credit cards
  • Investments and retirement information
  • A few years of tax returns

Many of these are available online. Of the items that are not available digitally, scan them to your computer and save them on your home computer and in your backup location (preferably off site or in a fireproof safe).

If your home is destroyed, the insurance company will want a list of damaged items. The best way to do this is with pictures or video. Start with the exterior of the home and yard. Then move through each room, closet, and storage area. Label the pictures or videos and save them to your computer (and your backup). Remember to update as necessary.

This might be a good time to check with your insurance to make certain you have proper coverage to rebuild or repair your home in the event of a disaster. Go through scenarios that concern you to confirm you are covered. (Many policies do not cover floods or earthquakes.)

As we have seen, disasters can happen anytime, anywhere, and to anyone. Take time to be prepared should disaster regrettably strike.

“Your Wallet Without the Wallet”

The days of searching for your wallet are getting shorter now that Apple has introduced Apple Pay. There is convenience and security that comes by passing your iPhone over the payment terminal with your finger on the Touch ID sensor.

Apple Pay works with the newest iPhone 6 and 6 Plus, once you’ve stored your credit and debit cards inside of the Passbook app. Apple Pay is supported at over 700,000 locations across the U.S., with more added every day.2 Many iOS apps are also being updated to allow payments right from within an app.

Besides being easy to set up and use, Apple Pay makes payments more secure. This is welcomed news following the Target, Home Depot, and numerous other data breaches where millions of customers’ information was stolen.

Apple Pay is different. Its payments are made with a unique device number and a transaction-specific, dynamic security code.1 In other words, your credit card number is not shared with every merchant.

Of course, you have to be careful who you release your information to, but with Apple Pay that list can be much smaller.

You can secure your phone by using a passcode and the Touch ID fingerprint scanner. What if you lose your phone? You can remotely use Find My iPhone to locate it and put it in Lost Mode which suspends Apple Pay. You can also choose to wipe all data from the device.

If you haven’t used Apple Pay, give it a try. Take advantage of the security features and see if you can avoid continually searching for your wallet.

For those that are non-iPhone users, Google and Samsung have recently upgraded or are introducing new services to encourage mobile payments.3

At this time, your wallet is not completely useless, but it appears the end is in sight.

  1. https://www.apple.com/apple-pay/
  2. http://bgr.com/2015/03/12/apple-pay-coke-etsy-kickstarter-gamestop-marriott-jamba-juice/
  3. http://www.fool.com/investing/general/2015/03/14/samsung-pay-vs-google-wallet-vs-apple-pay-drawing.aspx

Do I Really Need A Backup?

The holiday season is upon us and with that comes gatherings of family and friends. Chances are there will be plenty of opportunities for pictures. Before you head over the hills or through the woods, take a moment and save the pictures you have taken with your camera to your computer.

Saving photos on your computer will free up space on your memory card to capture all the fun memories this time of year brings. For any of you that love to take pictures with your smartphones, remember to save those pictures off to your computer as well. You will be glad you did if your phone doesn’t make it through the season.

There are even options to have the images stored in the cloud as a backup.

It’s also a good time of year to make sure all your other files are being backed up. Can you afford to lose everything on your hard drive?

It’s not a question of if your computer hard drive will crash, but when.

There are many ways to back up your important documents and pictures from your computer. You can purchase an external hard drive and have it automatically backup the requested files or you could use a cloud service like Backblaze or Crashplan.

There are pros and cons to purchasing a hard drive versus using a cloud service; however, the most important thing is to back up your information and have it be automatic. If you have to think about doing it, it won’t happen. Feel free to call us if you have any questions.

Passwords, Hacked!

Nearly every website you visit wants you to create a login and password. Unfortunately, passwords are the only type of security that most sites are using to verify your identity. So if you want to protect your personal information then you need to make a habit of creating extremely strong passwords.

Some sites want the password to include letters and numbers. Others add the option of special characters. A good password is longer than 12 characters, and includes a combination of letters, numbers, and special characters. It should also be updated or changed every 3 months.

An example of a secure password could be: Xvot$Put=qi3. If that sounds complicated, then we’re on the right track. The more complicated, the harder it will be to crack.

password_security

That sounds great, but how do you keep track of all these logins and passwords AND still keep them secure? There are several ways to do this and it all depends on your personal preference. Some of these suggestions are more secure than others. You can:

Memorize them all.

Write them all down in a notepad that you keep somewhere secure.

Use a phrase you can remember, but would be hard for others to guess.

Have your Internet browser remember them all.

Use a third party installed software on your computer that remembers them all for you.

Install an App on your smartphone that generates/remembers passwords for you.

Do NOT use the same password with multiple logins. If one of your logins is compromised, the hacker could try it on any of your other logins with success. Take the time to make good passwords and change them every three months to try to avoid getting hacked. If you have any questions or concerns, please feel free to contact us.