Public Service Announcement - Microsoft Imposter Scam

This is the 8th post in a series called Public Service Annoucement. My goal is to help you be aware of threats in the world of technology.

In the past month I have had two clients affected by the "Microsoft Imposter Scam". One of the clients was using a PC with Windows and another client was using a Mac. The scammers were able to take control of and put malicious software on both the PC and Mac.

The fact that I know two people that have been hoodwinked by the same scam tells me it is time to start making people aware of the scam.

HOW THE SCAM WORKS

Someone calls claiming to work for Windows or Microsoft and they will tell you that they have detected a virus or a problem with your computer.

To confirm the diagnosis, they may ask you to open Windows Event viewer to check if it is infected.

Several error messages are listed, even though errors are common and often harmless.

The caller says the errors are of great concern and offers to refer you to a technician for a fee.

The technician asks you to log on to a third-party website so they can remotely access your computer.

The scammer then might:

  • Install an antivirus program (often one that you can download for free) for up to $250
  • Ask for your credit card details but install nothing
  • Install malware so your computer can be controlled remotely
  • Access and steal personal and financial details from your computer

WHY PEOPLE FALL FOR THIS SCAM

This scam works so well because the person identifies themselves from a business that you have heard of (e.g. Microsoft) and they use scare tactics (e.g. Mentioning that you have a problem with your computer). They gain your trust because they offer to help you fix the problem. Before you know it they are taking control of your computer (e.g. After you followed their instructions to allow them do so) or they are asking for your credit card information to charge you for their "help".

HOW NOT TO GET DUPED

The first thing you need to understand is that neither Microsoft nor their partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

If anyone from any technology company (Amazon, Apple, Dell, HP, Samsung, etc) calls you out of the blue, I would hang up, look up the number for their tech support online, and call their tech support yourself. This will help you verify that the call is legitimate.

The second thing that you should never do is give out any of your financial information to someone over the phone unless you initiated the transaction (e.g. ordering an iPad through Apple's online store).

The third thing you should never do is allow someone on the phone or at a store scare you into purchasing an antivirus program that will cost you hundreds of dollars.

You can always download Microsoft Security Essentials on your PC if you need an antivirus program.

You can learn more about how to Avoid Phone Scams on Microsoft's website.


If you appreciate the free content on NiceGuyTechnology.com please support Mike by shopping on Amazon. If you click on the link and buy something, Mike will receive a small percentage of your purchase and it won't cost you any extra! Thanks for your consideration!

PSA - Java

The Department of Homeland Security is encouraging users to disable Java on their computers (Mac or PC) due to a vulnerability that is being actively exploited.

Note: iPhones & iPads do not allow Java to be installed so you are not at risk on those devices.

  Coffee  designed by  Christopher Smith  from The Noun Project

Coffee designed by Christopher Smith from The Noun Project

According to Oracle a patch is coming in the coming days to fix the vulnerability. Java has had numerous security issues over the years and I would recommend that everyone take Java off of their computer. If at a future date you are trying to do something on your computer that requires Java you can then install the latest version.

You can find instructions for uninstalling Java by clicking the links below:

How do I uninstall Java on my Windows computer?

How do I uninstall Java 7 for my Mac?

Public Service Announcement - DNS Changer Malware

This is the 6th post in a series called Public Service Announcements. My goal is to help you be aware of threats in the world of technology.

There has been a bunch of stuff on the internet the past few days about the DNS Changer Malware preventing your computer from connecting to the internet on Monday, July 9th.

What Is It?

The DNS Changer Malware is a piece of malware that changes the DNS settings on your computer. Once your computer becomes infected by the DNS Changer Malware you wouldn't be able to connect to the internet. The FBI set up a temporary solution for those that were infected so that they wouldn't have their connections disrupted. Those servers are being shut down on Monday, July 9th which explains why those who are infected will lose their ability to connect to the internet.

How To Determine If You Are Affected

It's really easy to determine if your computer is affected. Visit DNS Changer Check-Up

If you are not affected your screen will look like this.

If you are affected your screen will look like this.

What To Do If You Are Affected

If you are affected you can learn how to clean up your computer by visiting this website. If you are not comfortable fixing this yourself please contact me and I can help you out.

To Learn More

You can learn more on the FBI's website.

Public Service Announcement - LinkedIn, Last.fm, and eHarmony Password Breach

This is the 5th post in a series called Public Service Announcements. My goal is to help you be aware of threats in the world of technology.

Padlock symbol shown above is from The Noun Project collection and can be found at http://thenounproject.com/

USA TODAY reports that in the past week three prominent websites have had user's passwords stolen. The sites are LinkedIn, Last.fm, and eHarmony.

If you are a user of one of these websites you need to change your password immediately. Don't stop there though! You need to go change your password on all websites that use the same email and password combination that you used on the site that has had a security breach. This is a major pain in the butt but is highly important! Otherwise the hackers could get access to your email, bank accounts, and other shopping sites that use the same email and password combo.

An article from the NYTimes.com about the LinkedIn password breach gives some solid advice for passwords online.

  • Throw out the dictionary
  • Never use the same password twice
  • Choose your security questions carefully
  • Store your passwords somewhere safe
  • Change your passwords regularly

Most people find it too much work to have secure passwords online so they take the chance that nothing bad will happen to them. I was like that in the past as well and then one day my Gmail account got hacked (I used the same password for my Gmail account as many other sites) and I finally decided to take action.

I downloaded a password manager called 1Password. 1Password can create strong, unique passwords for you, remember them, and restore them, all directly in your web browser. It works on Macs, PCs, Android, iPhones, and iPads.

Here is an example of a very secure password that 1Password will generate for you when you are signing up for an account on a website.

The great thing is that I don't have to remember any of these crazy passwords because when I visit a website that requires an username and password I just click on the little 1Password button in my browser and it logs in for me.

Using something like 1Password won't prevent hackers from stealing your password, it will limit the damage because you will be using secure passwords and different passwords across the internet.

If you have any questions or need help getting your passwords straightened out please contact me.

Public Service Announcement - Public Wifi

nounprojectwifi.png

Wireless symbol shown above is from The Noun Project collection and can be found at http://thenounproject.com/

A couple weeks ago at the iPad Study Hall I taught in Farmington, one of the students asked how safe it was to use his iPad on public wifi. I thought this was one of the best questions asked all night. My answer went something like this:

I would not do anything involving banking or credit card numbers on public wifi. The reason for this is that someone that knows what they are doing could potentially see everything that you are up to online. Basic web surfing should be safe but anything that requires a password might be vulnerable if someone was watching. If you login to your Gmail and happen to use the same username and password combination for other accounts like Paypal, Amazon, or WellsFargo a hacker may gain access to everything you do online.

I didn't think too much of the topic until I stumbled across the following video from CNN Money. Once I saw this video I thought it would be worth writing a blog post on the topic.

Some of the tips in the video were:

  • Find out who the provider of wifi is. If it cost money pay for it.
  • Change your password occasionally.
  • Use different passwords for different accounts.
  • Understand that if you are using a public wifi that someone could be watching.

I am not trying to scare anyone by writing this blog post. Just hoping to make you a more informed user of technology.

If you or someone you know needs help getting the most out of technology please contact me.

Public Service Announcement - Mac Flashback Trojan

This is the 3rd post in a series called Public Service Announcements. My goal is to help you be aware of threats in the world of technology.

In the past week, it has been discovered that 600,000 Macs have been infected with the Flashback Trojan. This Trojan is able to install itself on your Mac through a vulnerability in a technology called Java. If you visited a malicious website and you had Java installed and running (most Mac users do) the Flashback Trojan could download and install itself. The Trojan is then able to log usernames and passwords when you visit websites and send them back to the bad guys. Obviously, having someone else get ahold of the passwords for your bank, Facebook, and email account would be pretty bad.

How To Determine If You Are Affected

Dr. Web has released a simple lookup tool that claims to let folks determine if a particular Mac has been detected as a system infected with the Flashback Trojan. Once you have clicked on the above link, follow the instructions and you will be able to determine if your Mac has been affected.

If you are affected, contact me and I can help you get your Mac cleaned up.

How To Prevent Future Threats

Viruses, malware, and spyware are very uncommon on the Mac. The majority of the attacks on the Mac in the past few years have been through 3rd party technologies like Flash and Java. It is very important to make sure that you keep all your software up to date. Software companies routinely update their software when security issues are identified.

Make sure your Mac has the latest software by running Software Update.


Turn off Java in your web browsers. It's a very old technology that is rarely used anymore on the web. This is fairly easy to do.

Safari > Preferences > Security

Firefox > Tools > Add-ons > Plug-ins

In Chrome type about:plugins in the address bar. Scroll down and disable Java.


Make sure you have the lastest version of Flash installed. You can check by visiting Adobe's website. The webpage will show you the version of Flash that you have installed and the most recent version of Flash that is available.


If you are really concerned about viruses and malware on the Mac (I am not) you can install anti-virus software on the Mac. A good free option would be ClamXav. You can download it from the App Store if you are using Snow Leopard 10.6 or Lion 10.7. If you are using an older version of Mac OSX you can visit ClamXav's website to download the appropriate version for your system.

You can set up ClamXav to scan your Mac once a week or however frequently you want.

If you or someone you know needs help getting the most out of technology please contact me.

PSA: Hackers swipe Zappos data

If you are one of the millions of Zappos customers you need to change your password immediately.

USA Today reports that hackers stole records for some 24 million customers.

"Now what?" you may be asking yourself.

You need to change your Zappos password immediately. Don't stop there though! You need to go change your password on all websites that use the same email and password combination that you used on Zappos. This is a major pain in the butt but is highly important! Otherwise the hackers could get access to your email, bank accounts, and other shopping sites!