The holidays are busy. We’re trying to get work done to have some fun, and we’re hosting family and friends. Plus, parents that have the holiday Elf tradition must remember to move the doll every night. It’s a lot, and it can make us more likely to fall for scams that can lead to data theft.

Hackers like to take the path of least resistance. Why work harder than they have to for their ill-gotten gains? Instead, they’ll use social engineering to get you to give them your data or download their malware. Look out for these top holiday scams.

Parcel delivery scams
More people are expecting packages this time of year. Bad actors take advantage of this with what’s called a smishing scam. It’s a particular type of scam using text/SMS messaging. You get a message from a known service telling you a delivery needs rescheduling, or that there’s an outstanding fee that needs to be paid.

Recipients, who are already expecting a package, are quick to fall for the request. Clicking on the message link, they enter personal information or download malicious software.

Tip: Go to the source of the package you’re expecting and see what they’re saying about your package delivery.

E-card scams
Another common holiday season scam takes advantage of our enthusiasm for money. Scammers send e-cards to your email. When you click on the link, you’ll download a virus or other malware (e.g. ransomware).

Tip: Check the credibility of any e-card sender before downloading the “gift.”

Christmas hamper scams
Everyone wants to be a winner, but don’t fall for the scammer calling or emailing to say you’ve won a Christmas hamper. They’ll claim to be from a legit organization and have some of your personal information already. That helps them make it all seem genuine. Then, they’ll ask for you to provide more personal details to collect your prize or gift.

They may ask only for your full name, address, and phone number (if the request was emailed). They’ll be collecting this information for a more focused attack in the future.

Tip: Use strong passwords and be careful about what personal details you put on social media.

Fake websites
Many people shop sites that are unfamiliar to them at this time of year. Grandparents (even parents) know nothing about that latest trendy shop! Bad actors will set up fake sites offering gifts and services. They're looking to get your personal details and money.

Tip: Prefer secure website addresses starting with “https” and displaying a locked padlock.

Shopping scams
Every season has its in-demand items. Scammers take advantage of this and set up ads for amazing deals on those items. Desperate to get this year’s toy for your toddler, you might be hooked. Or they’ll ensure people click on their ads by offering ridiculous deals. If you do get the item purchased via these ads, it’s likely to be a sub-par counterfeit.

Tip: Shop with retailers you know and trust.

Bank scams
This scam operates year-round, but bad actors have an edge in the holiday season when people spend more. Fraudsters typically call, text, or email as your bank having noticed suspicious activity. They get you feeling anxious and then urge you to take action (e.g. click a link or share personal details) to address the issue.

Tip: Remember that banks never use unsolicited calls to ask for personal details, pressure you to give information, or tell you to move your money to a safe account.

Protecting yourself this season
The tips shared throughout this article will help. At the same time, setting up password managers and antivirus software can also be useful. We can help you secure your online activity year-round. Contact us today at (888) 234-WDIT (9348).

Tablets are convenient, light, and portable. Maybe you got a new one during the holiday, or your old one needs replacing. You can feel better about moving to the new device if you turn the old tablet into a child-friendly device. Here’s how.

Before giving your tablet up, clear your browsing history, emails, and banking details. In Android Settings you can use the Clear Data feature, whereas on iOS, you go to General in Settings to Reset and choose Erase All Content and Settings.

Purchasing a new, sturdier case can help protect the tablet from the wear and tear of being a kid’s go-to device. A waterproof case is a must for the juice-box-aged user. When selecting a protective case, keep in mind that you want sturdy but also lightweight. A screen protector is also a good idea. Little people have lots of sticky things in their hands after all.

You'll also want to set up a child safety lock. This allows you to lock the screen by setting a PIN in the settings. On Apple and Android products, you can choose the app your child can use and lock the screen. If they want to switch apps or access anything else, they'll need you to enter the PIN to do so.

There are many special apps for kids you can download these days. Before gifting the device, download some educational and entertainment apps for them. Common Sense Media can be a useful resource to help you find appropriate apps for the right age. You might also visit Zerotothree.org. Their E-AIMS model helps you choose Engaging, Actively Involved, Meaningful, and Social content.
 
When can kids turn on tablets?There’s a lot of debate around what is an appropriate age for a child to use electronic devices. Typically, the recommendation is to wait until your child is at least preschool age. By age three, many children are “active media users” enjoying educational electronic content.

Between the ages of 4 and 11, the child will be able to engage more with the tablet, but they should be supervised. Adults need to monitor activity, co-view, and ask questions about the games or content to encourage digital literacy.

Regardless of the age of your tablet user, it’s always best to start out by talking through the rules for the device. You'll want to help your little techie learn how to use this tool safely and responsibly.

Need help getting your tablet ready to gift to a young user? We can help. Our tech experts are also here for any tablet repairs you might need. We can offer remote support to get you (or your child) up and running again on that tablet. Contact us today at (888) 234-WDIT(9348).
 

Nine out of ten times today when you visit a website you’re asked to sign in. To add convenience, many sites offer the ability to sign in using a Facebook or Google account. Sure, it’s simpler, but this article will share three key reasons why you might want to avoid this easy route.

It’s estimated that we each have an average of 100 passwords. That’s a lot to remember, especially as we need unique logins for every site to lower our risk of cyberattack.

At the same time, every website wants us to set up an account. It helps them get to know their users. This can help them to target marketing and product development efforts. They might also share the information with third parties as another source of income.

Still, the website wants to keep its users coming back, so they allow you to sign in with Google or Facebook accounts to streamline the process. Weigh the value of that added convenience against these three considerations.

#1 You’re giving away more data
​
By using Google or Facebook to sign in on other websites, you are giving the sites greater access to information about you. Now, they not only know what you do on their sites, but you’re also allowing them to build out their picture of you with data insights from the shared sites.

Google and Facebook have powerful tools to dig deeper into your online activity, and other websites can also extract data from your Facebook and Google accounts. If you don’t read the privacy policies, you may not know what sensitive data the platforms share.

#2 You could lose access

You may join those who are deciding to quit Facebook or leave Google in favor of another platform. If you do so, and you have used that account to access other sites, you’ll have to create new logins.

Even if you’re not ever going to do away with your Facebook or Google account, you could still lose access. If there’s a major outage at one of those two sites, you won’t be able to log in at any of your connected sites either. The other websites won’t be able to authenticate you until Facebook or Google is back up and running.

#3 Your attack surface gets bigger

If you have one, unique login credential for a website, you risk your data there only if that site gets hacked. However, if you use Facebook or Google login, and bad actors compromise that account, they can access any shared sites.

Think of it like dominos. The Facebook or Google account is the first to fall, but all those other accounts you “conveniently” login to using those credentials will come tumbling down soon after. Don’t think the attacker won’t bother looking for other connected accounts. All they have to do, once they breach one account is go into your settings to see what you have connected.

Social media accounts are also a prime target. Don’t believe us? Bet you’ve seen a post from a Facebook friend (or ten) telling you to ignore strange activity due to a hacked account.

Protect your online identity

Account compromise is a top cause of data breaches worldwide. Protect your online identity by following best practices for cyber hygiene.

Need help with password security? Our IT experts can set you up with a password manager or provide other online security help. Contact us today at (888) 234-WDIT(9348)!

The main advantage of a password manager is obvious to anyone with more than one account online (i.e. everyone). Instead of remembering all 100 usernames and passwords, the password manager autofills them. It’s a boon. But it’s not the only reason to use a password manager. This article shares several more unexpected benefits.

Password manager programs generate, manage, and store many different passwords. You may be concerned about whether a password manager is safe to use. But, the cybersecurity industry consensus is “yes, it is.”

A password manager uses top-notch encryption to protect passwords. Plus, they take a zero-knowledge approach. They can’t actually see the passwords they store and prefill on sites. The password is encrypted before it reaches the manager’s server and can’t be deciphered. This is why you need to be so careful not to forget your master password!

That said, the password manager offers more than a vault for encrypted credentials.

More Benefits of Password Managers

For one thing, many password managers have apps for download onto mobile devices. Then, you can use the password manager to prefill forms on those, too. This gives you the advantage of convenience not only on your desktop computer but also on the go.

Some password managers offer added security benefits, as well. They might:

• warn you of weak password and login credentials;
• remind you to change your passwords;
• notify you if your passwords may have been compromised in a breach;
• advise you against repeating access credentials if you’re about to do so.

Another advantage is that you can conveniently share passwords with others. Maybe you want to give family members shared access to streaming accounts or allow a work colleague access to applications you’re using remotely. A managed password sharing feature can allow them to see selected passwords. You aren’t showing everything: you can pick what you make available. Plus, when you change your credentials, the password will change on their end, too. This doesn’t need to be permanent either. You can easily revoke password sharing.

You can also use a password manager to secure other important information. You might store things such as credit card numbers or other personal identifying information. Keeping that kind of data in an unencrypted note on your desktop or mobile device is unsafe, but you can take advantage of password manager encryption to safely store those precious details.

Secure your passwords with a manager
​
You can’t expect to remember all your unique passwords. Yet the days of writing down passwords on Post-it notes are over. Use cloud-based password management to secure your passwords and do more.

Contact our IT experts today to find out more about password management. We’re happy to suggest the best solution for your needs and set it up, too.

Call us now at (888) 234-WDIT(9348)!

Retail research tells us that over 75% of people are shopping online each month, and, with the holiday season upon us, you’re likely to be one of them. But don’t let the appeal of convenience distract you from the need to stay safe when shopping online.

The number of digital buyers is steadily climbing. In 2020, according to Statista, more than two billion people purchased goods or services online. During the same year, e-retail sales surpassed $4.2 trillion U.S. dollars worldwide.

Retailers are embracing the change in consumer behaviour. But, do you know who else is taking advantage? Cybercrooks. Before you buy, consider these strategies to stay safe.

#1 Question that great deal
If a deal looks “too good to be true,” it probably is. You’re not going to get a new Apple laptop for $29.99, or the latest Beats headphones or Xbox gaming console for under $20. Anyone offering you that price is trying to lure you to their site to enter your payment details, so don’t be surprised when your product never arrives!

#2 Review seller feedback
While scrolling social media you see adverts for perfect gifts for someone on your list. And it’s so easy to click the link and buy! Still, before purchasing, take the time to research the seller.

Read the feedback from other buyers on independent sources. It adds only a few moments to check sites such as Trustpilot and Google My Business.

#3 Research the business domain
Think about it: who are you more likely to trust with your sensitive data? Someone who has been in business 10 years or someone who set up shop 10 days ago? Quickly check how long a business website has been around. Enter the URL into the Internet Corporation for Assigned Names and Numbers' lookup tool [https://lookup.icann.org].

#4 Watch out for email scams
Before clicking on any offer links in emails, check the URL. You can hover over the link before actually redirecting there and check the target. Double-check that the address is to the site you’re expecting.
Also, slow down and be sure that the address doesn't have any typos or atypical endings. You don’t want to confuse www.nike.com with www.n1ke.co and end up a victim of identity theft instead of the proud owner of the latest Air Max.

#5 Check payment site security
There are several ways to verify the security of a payment site. These include:

• verifying that the site uses an SSL certificate – it will start with “https” instead of “http”;
• checking for a physical address and phone number – call the contact number to confirm it is not fake;
• reviewing the Terms and Conditions and Return and Privacy policies – any reputable brand has these!

#6 Pay with Online Payments

When you do decide to buy, prefer to pay using PayPal or another online payment tool. You won't be giving the seller your credit card details. If you can’t take this approach, use a credit card from a credit account rather than debit. You will have more protection this way. You can start a chargeback through your credit card company when the item isn't as advertised and the seller’s customer service doesn't help.
Before online shopping, at any time of the year, update your operating system, and keep your anti-virus software current, too.

Our IT experts are here to help you keep your technology safe and secure year-round. Contact us today at (888) 234-WDIT(9348).

Smishing is high up on the list of words that do not sound as intimidating or threatening as they should. Smashing the word fishing together with the “SM” for short messaging service (aka text), smishing is a cyberscam.

Especially with online shopping skyrocketing during the pandemic, delivery smishing has gained traction. Don’t fall victim to this type of cyberattack.

What does smishing look like?
You’ll get a text message that appears to be from a shipping company. You’re told you have a package coming, but that more information is needed to ensure delivery. You’ll squeal, “a package!” OK, maybe you won’t squeal, but you’ll feel anticipation and click on the link to help deliver that package to your door.

You might already be expecting a package. After all, as recently as June 2021, PWC was describing a “dramatic shift” toward online shopping. According to its most recent consumer survey, in the last twelve months:

• 44% of those surveyed bought online using a mobile phone or smartphone;
• 42% used smart home voice assistants to shop online;
• 38% used a tablet for online shopping;
• 34% bought something online via PC.

So, you might not think twice about clicking on a link appearing to be from a major delivery service.

 Don’t do it.
 
What happens next?
You click on the link and are asked for personal information, even a credit card number or password. Otherwise, clicking on the link will download malware onto your phone. The bad guys use their access to snoop and/or send your sensitive data to its servers, without you knowing it.

The smishing scam is a global one:

• March 2021 saw a 645% jump in Royal Mail-related phishing attacks, equating to an average of 150 per week.
• UPS warns about this type of fraud on its website.
• FedEx has tweeted the reminder, "We do not send unsolicited texts or emails requesting money, packages or personal information. Suspicious messages should be deleted without being opened and reported to abuse@fedex.com."

Package delivery isn’t the only common smishing tactic either. You might also see:

• urgent messages saying your bank account is locked;
• a warning from your credit card company about a fraud alert;
• something promising that you’ve won a great prize;
• an unusual activity report from a company where you have an account.

All that would get your attention, right? So, what do you do about smishing? That’s covered next.

Protect against smishing
Avoid getting drawn in by the urgency or emotional appeal of the SMS. Don’t click the link, and don’t call the number in the message either. Instead, look through your bills or go online into your account for information on how to contact that company.

Reputable mail carriers and financial institutions won't send text messages asking for credentials, credit card numbers, ATM PINs, or banking information.

Look at the sender more closely. A message from a number with only a few digits was likely sent from an email address, which can flag that it’s a scam.

Also, don’t store personal banking or credit card information on your mobile phone. That way the criminals can’t access it, even if they do get you to download malware onto your phone.

You can help others to not fall victim to smishing as well. Report any attempts to your telecommunications carrier or your communications regulatory body.
​
For more helpful information on mobile security threats and how to protect your home network from cyberattack, contact us at (888) 234-WDIT(9348)!

Every time you’re online and a site sends a separate code to check your identity, you’re using two-factor authentication. It’s become the norm. So, of course, hackers have figured out how to get around this, too. This article shows you how they do it and how to stay safe.

With billions of usernames and passwords leaked, access credentials everywhere are at risk, especially if you are reusing your log-in information on more than one site (don’t do it!).

Business websites want to offer a secure user experience, so two-factor authentication (2FA) has become the norm. It’s meant to help stop automated attacks in which bad actors use the leaked usernames and passwords.

Still, if the site you’re visiting uses short message service (SMS) to send a one-time code to your phone, you could still be at risk.

Hackers, using information they have from a data leak, can call your telephone company. They use your name, date of birth, and other identifiers available on the Dark Web, to impersonate you. Then, say you’ve lost your phone, they transfer your phone number to a device with a different SIM card.

That means when the one-time SMS code gets sent your phone number, the message will instead go to their device.

Android Users Also Beware
On Android devices, hackers have an easier time getting access to text messages. If they have access to your leaked Google credentials, they can log into your Google Play account. From there, it’s simply a matter of installing a message-mirroring app on your smartphone.

The app synchronizes notifications across your different devices. It’s for when you really need to be connected, and you’ll be able to see your phone’s SMS alerts on your tablet!

The app won’t work unless you give it permission when prompted to do so, but too many people don’t stop to read alerts from their own accounts: they assume it’s another necessary update and go on with their day. Otherwise, the hacker might call you in a social engineering ploy pretending to be a legit service provider. They’ll be familiar to you, so you’re more likely to listen when they ask you to give permission.

Again, when the one-time SMS code gets sent to your phone, because of the message-mirroring app, the hacker's device will also receive the code.

What Can You Do to Protect Yourself?
It starts with using unique passwords for all sites you visit. Worried you’ll forget them? A password manager can keep all your access credentials in one secure place for you.

You should also confirm that your credentials haven’t been compromised. If you use Google’s password service, you can head to the password manager site and tap “check passwords” to see if there are any issues. On Firefox, head to the Firefox Monitor page and “Check for Breaches.” On Safari, click on Preferences, and then on Passwords to see what recommendations they have for your security.
Change any passwords that have been involved in a leak!

To avoid the SMS concern specifically, avoid using one-time SMS codes to verify your identity. Instead, you can use a non-SMS authentication tool such as Google authenticator, which provides two-step verification services within the app itself.
​
Need help learning if your credentials have been leaked? Or want assistance setting up more security for your online activity? We can help. Contact our IT experts today at (888) 234-WDIT(9348).

Huntington Volvo? Rowe Subaru? What will your hilarious quiz results be when you enter your fourth-grade teacher’s name and first model of car? You may think it’s silly entertainment … until it isn’t. Many fun social media questionnaires are set up by hackers to steal your identity.

It seems like a harmless collection of random facts from your past. These quizzes might ask for details such as:

• What was your first job?
• What was the name of your first-grade teacher?
• What car did you learn to drive in?
• What was your first concert?

These popular quizzes promise to tell your “rock star” name or your “silent film villain” name. You know it’s as reliable as the Magic Eight ball, but you play along anyway. We all need a laugh, right?

Except that the people really laughing are hackers. Many of the questions posed are also security prompts used to verify your identity online.

Cybersecurity experts agree: don’t take these quizzes. It’s not as if there is any real value in filling out the social questionnaire. You’re simply taking the bait and risking having your personal data stolen.

Avoiding Social Media Scams

Here are some tips to help keep you safe from social media hackers:

• Don’t get hooked by clicking on that post that seems too good to be true, especially shocking, or scandalous.
• Be wary of any quiz that asks for information that could be relevant to your online password.
• If you must quiz, fill out questionnaires on reputable websites only.
• Avoid quizzes that ask you to provide your email address.
• Contact companies through trusted channels only.
• Make sure that you are dealing with the proper entity’s real website and not a look-alike site created by a scammer.

Also, think twice about apps that change your face into a cartoon character or a painting. Facial recognition is a more common security tool. Be cautious about letting unknown apps collect your photos and facial details.

What to Do If Your Online Accounts Are Hacked

Cry. Curse. Panic. Any of these may seem like a reasonable response in the moment. Still, there are better things to do for long-term recovery.

#1 Have your devices inspected by trusted IT experts. This is one more area to be wary. Scam artists will set up sites that appear to be affiliated to the manufacturer or phone numbers that appear to go to technical support specialists. It’s best to take your devices to a physical repair shop with a real human doing the work.

#2 Change your passwords. When your account is hacked, you’ll want to change that password immediately. Plus, as annoying as it is, change passwords for all accounts accessed on the compromised device. The hackers may have installed a malware that tracked all data transmitted on the device.

#3 Set up credit monitoring. Notify any financial institutions or credit card companies if those accounts are hacked. You’ll likely need to have them issue you new cards with fresh account numbers. You can also ask them to monitor your accounts for fraudulent transactions. You might also set up credit monitoring with your region’s credit reporting agencies.

Keep in mind that criminals can be patient and may not use your information right away. So, don’t think you’re in the clear because nothing happens in the first month.
​
Need help protecting your devices and online accounts? Contact our IT experts today at (888) 234-WDIT(9348). We can also review your security setup at home to help prevent you being victim of a cyberattack.

Unless you’re a reality television star, you probably don't like the idea of being watched at all times. So, why would you want your technology to know all about you? With digital technology today, it’s far too easy for our devices to turn creepy. Here are some suggestions to stop the stalker-like tendencies of the technology you rely upon.

Today’s marketing and online communications are all about customization and personalization. If you like a friend’s picture of an Art Deco door in Belgium, you see many more posts featuring similar designs. Or if you view an area rug on a website, you’re suddenly bombarded with ads for rug stores when you next go online.

This can add convenience, but it is also unsettling. What companies online know about you could be more detailed than what your friends know. Take the following steps to regain control of what your computer, phone, and apps know about you.

Review your privacy settings

Whether going online from a phone, laptop, desktop, or tablet, get to know the device’s privacy settings. Some important settings to review include:

• email tracking – this can let people know if you opened their message or not;
• location tracking – personalizes recommendations but also tells search engines where you are;
• voice recordings – manufacturers use these to train virtual assistants, but pause this to keep your conversations to yourself;
• purchase history – this helps feed the machine so that businesses know how to target you in the future.

Opt out or block ads

Opting out of ads limits the information collected from your browser or device. The site or business still receives basic information about you, but you will no longer receive targeted, interest-based ads any longer. Apple’s iOS 14 allows app blocking, and you can also express your choice on Android devices.

Otherwise, use browser ad blockers, such as AdBlock Plus, or JavaScript blockers, such Ghostery, to limit ad tracking. Also known as content blockers, these software programs prevent ads from showing on websites you visit. You can find ad blockers for Chrome, Firefox, Opera, Safari, and Internet Explorer.

Check your permissions

Watch the permissions you give apps. We have already talked about checking device settings, but you can also limit the permissions you give to apps. For example, social media accounts have privacy settings that allow you to control what's logged about you.

Plus, check permissions for other apps. Clash of Clans doesn’t need location services, for instance. Or you might not want to give Slack access to your microphone and video recordings.

Use webcam covers

Covering your webcam stops someone from potentially seeing and recording you. If you think you’d see the light come on to show the webcam is in use, know that hackers can disable that. A simple sliding webcam cover closes the webcam when you are not using it to avoid a cybercriminal having access.

Covering your webcam can also come in handy in all those online meetings you’re having. A covered camera means you don’t run the risk of your colleagues catching you unprepared.

Limit information you provide

Social media has created a culture of oversharing. There are probably many things you’ve seen about friends online that you would rather not know. You’re also sharing more than you need to with the companies that you interact with online.

If you’re filling out a form for a download, you might fill out only the required fields. When you add an app, be stingy with your personal details. Think about it from a need-to-know perspective. For instance, that home design game you love to play doesn’t need to know where you went to high school or with whom you bank.

Need help keeping the privacy-busting algorithms at bay? We can help. Our IT experts can configure device settings to limit information gathered about you online. Contact us today at (888) 234-WDIT(9348)!