Warning: COVID-19 Malware Targets People Working Remotely

Due to the corona virus causing companies to ask employees to work remotely from home, there are new attacks designed to infect your computer or phone and to ultimately access your corporate network.  You can protect yourself by doing the following:

1. Don't click on links from unsolicited text messages and email that mention coronavirus or COVID-19.  Those may lead you to infected websites or to malware download pages.  Be careful about downloading apps that are supposed to track COVID-19 because some are actually spyware and malware.

2. Be aware that the bad guys have made websites named "coronavirus-update" and "covid-19-information" and other combinations.  These are red flags, and the websites should be avoided.

3. Make sure your computer/phone and router software are up to date especially if you're connecting to the office network.  Hackers love non-updated systems with known vulnerabilities.

4. Try to avoid using free wifi at the coffee shop, but if you have to use it then use a reputable VPN service to keep your internet connection secure.

------------------------------------

Is the internet slow because the kids are watching movies?  

You may be able to login to your router and give priority to your work computer.

Want to limit what your kids can see online?

Your router may have settings, but software can do this too.

**********************

As always, use best practices:

Use a different password for each of your accounts because a compromised login can lead to problems with all your accounts with the same password. A password manager like LastPass or 1Password will remember your passwords for you.

Use two-factor or multi-factor authentication for your logins using an app like Authy or Google Authenticator or a physical key like Yubikey.  Even if the bad guys get your password, they will have a harder time getting your final verification.

Back up all your files (especially precious photos) to a separate hard drive and online.

@@@@@@@@@@@@@

CONTACT ME if you need any tech support.....free phone support for my neighborhood!

Let me know if you have any tech questions or concerns....I'm happy to help.

Everyone be safe and healthy!

Netgear Routers at Risk of Getting Hacked

Popular Netgear model routers are at risk of getting hacked with the worst problem being that an intruder can install malware that would lead to the entire wifi network being compromised.

The main solution to fix this issue is to update your Netgear router's firmware.  Depending on your router model, you can apply the update through smartphone app or through the router setup page.  You can also go to the Netgear support website to find the latest firmware to install.

https://www.tomsguide.com/news/netgear-security-firmware-patches

Besides updating firmware on your router, be sure your computer and mobile phone operating software are also up to date.  Doing so will keep your devices and data more secure.

Contact me if you need assistance.

Data Breaches - What does it mean?

Recent Data Breaches:
Wawa, Inc. - 30 million records (January 2020)
Microsoft - 250 million customer service records (January 2020)
Facebook - 260 million contact details exposed (December 2019)


Data breaches happen when bad hackers steal information from a company that may have your name, email address, usernames, passwords, phone number, address, and maybe other sensitive data.  This data is sold or shared online, and hackers use it to phish you for other account logins or try to login to your email and other accounts tied to that breached email address.  If your account may have been exposed, change your passwords immediately.

You can protect yourself by using unique and long passwords for ALL of your accounts, so use a different password for your email, bank login, social media accounts, etc. Using a password manager like LastPass, 1Password, or Dashlane can help keep you protected because it can help you remember long, unique passwords for each of your accounts.  Plus it has the added protection of recognizing the actual website to login the correct username and password.  For example, if you get a fake email that looks like it's from your bank Chase.com, but the fake website is chase-bank.com, the password manager will not recognize the fake website and will not enter in the username and password.  You are saved!

Just choose any of the password managers, set it up on your computer, mobile phone, and tablets.  You will be safer as long as your use different passwords for all your accounts, and you only have to remember one master password.  For the master password, a longer password like a phrase with spaces and all will work well.  For example, your master password could be "I love computers, and I need to watch my security!"  This can be easy to remember but hard to crack.

Happy National Cyber Security Awareness Month!

October is National Cyber Security Awareness Month!

There are many things everyone should do to protect themselves online, and here are three easy things anyone can do today:

1. Use a Password Manager

It's best to not reuse password for your different accounts especially for banking and email. Let a password manager configure complex passwords for your accounts and remember them for you. You just need to remember one strong password to your password manager.
Popular password managers are LastPass, DashLane, and 1Password. LastPass has a free version.

2. Two-Factor Authentication (2FA)

Unfortunately, hackers steal and sell username and password databases. Setting up two-factor authentication creates an additional barrier of protection for you.

If your account offers 2FA, set it up as a text message with code, a security app like Google Authenticator, or a physical security key from Yubikey.

2FA text messages are better than nothing, but the physical keys are the safest (and coolest to use).

3. Back up your stuff

Back up your important files like photos, videos, and documents. Ransomware locks your computer and is a growing problem which can result in losing all your files.
Securely backing up your files is the best and easiest way to protect yourself from ransom and device failure.

I recommend to backup to multiple places: portable hard drives, cloud, and (if you're a business) offsite backups. It's free to use Google Drive, Microsoft One Drive, Dropbox, and other cloud services.

If you have any questions or need help with any of these or know someone who could use some help, let me know and I'm happy to do it and can show you what I use.
I am passionate about information security and just want to help and to stop the bad guys.

To learn more about cybersecurity, go here:
https://niccs.us-cert.gov/national-cybersecurity-awareness-…

To participate in a free cybersecurity competition, go to:
https://picoctf.com/

Phishing Attempt to Steal Email Login and Password

Last week my step-mother's email got hacked. She only noticed that she wasn't receiving her email normally and asked me for help a few days later after she changed her password. By then, the hacker had already redirected her email, emailed all her contacts with requests for "help and send gift cards", and told her contacts of a new email using a different email address in the reply-to part.
I noticed a few days after the original hack, she received a phishing email (attached photo). Unfortunately, she didn't realize it was a phishing email, so she clicked on the link and filled out the form basically giving away her username and new password. I removed all traces of the hack, secured her account, taught her about phishing, and notified the proper channels.

If you or someone you know need some help with securing email or other tech, I'm very happy to help my fellow neighbors and friends (of course for free) because it's something I can contribute to the community....and I dislike bad guys getting away with this kind of activity.

With all the hacks and data breaches going on, it's important to be careful and secure, especially with email and financial logins because the bad guys are after access and money. Use strong passwords and 2-factor authentication whenever possible. Recognize phishing attempts, and don't click on random links.

If you're curious to know if your email may have been compromised, check if you're on the "Have I Been Pwned" website. My step-mother's email was listed on there!
https://haveibeenpwned.com/

Let me know if you have any questions, or PM me!