Loyalty Cards, Frequent Flyer Programs : Hacker’s Treasure

by

Recently the New York Times ran a story about the risks of loyalty programs. Loyalty programs include everything from the virtual punch card at the coffee shop to larger programs like those offered by hotels and airlines.  We tend to hear about the problems with travel-related loyalty programs like the Marriott/Starwood breach and Delta Airlines.

rebecca aldama 692345 unsplash

What’s the Risk?

Your first thought when you hear about these breaches is what about your credit card and personal information like phone number and address?  While that stuff is important, you can always change your credit card numbers.  Most of the time, you aren’t liable for unauthorized purchases from bank accounts or credit cards.

The risk of these loyalty program breaches isn’t just the points, after all, you worked hard to accumulate that free coffee or a free trip around the world.  It’s also about the details these programs can reveal to create more sophisticated hacks.

As an example right here in Lawrence, KS, when we sign up clients for internet service through AT&T, some of the security questions they get asked are:

  1. What is your favorite restaurant?
  2. Where is your favorite place to go on vacation?
  3. What is the name of your youngest sibling?

These are the same type of questions Apple and dozens of other companies ask.  I was asked the same time of questions when signing up for phone service with T-Mobile.  Even if these questions aren’t used directly by hackers, they can be used for targets attacks called spear phishing.  For example, if hackers see that I have a reservation at a hotel, they might call me and say there’s a problem with the card and I need to provide a different credit card.

I’ll admit until I read this article I had “soft” passwords for some of these programs.  I figure Starbucks doesn’t have my credit card, and who would steal a coffee from me?  Cybercrime is cybercrime so they might steal that.  Then I realized my credit card is on file with them and someone could order themselves a gift card.  Ouch.  I’m secure with my Apple iTunes account because it’s a big target for hackers and Apple protects it with things like two-factor authentication.  My Starbucks account is wide open!

What can you do to protect yourself?

First, create unique passwords for absolutely everything.  If it contains personal data, it needs to be protected.  Use a password manager or ask us about the password books we sell (or give away if you ask us nicely and mention this post!)

Second, consider enabling two-factor authentication everywhere you can.  That’s the system where they text you or call you to verify who you are.  If you aren’t sure how to do that, please ask us!

Finally, read your statements and emails.  Sure, you get tons of those, but the only way you can catch a breach is to be vigilant.  Take for example those Starbucks emails.  Those always go into my junk email because I don’t go there that often.  I always shop local for coffee, but sometimes Starbucks is all they have, especially at airports.  After reading this article, I’m now working to unsubscribe from promotional emails from loyalty programs, but make sure emails about account balance and activities don’t go into spam.  Again, if you need help setting this up for yourself, we do email management all the time for clients.

Although it doesn’t make the nightly news, your free pizza, coffee, and airline trips are the latest thing hackers are attacking.  They’re not just stealing your points, but stealing information they can use for more sophisticated attacks.

Windows 7 Computers Are Set to Expire

by

pasted image 0

Everything comes with an expiration date,  even bottled water! If you are running a computer with Windows 7, your computer will have severe problems on January 14th, 2020.  On that date, Microsoft will stop supporting Windows 7.

What Does That Mean?

Microsoft did this with Windows XP back in 2009 and Vista in 2017.  After they discontinue support, they won’t fix any bugs in the operating system.  That puts your security and identity at risk. It also means that systems using it aren’t compliant with various security standards like FINRA for financial advisors, HIPAA for medical professionals and PCI for those people who take credit cards.

Security updates are essential to protect everyone.  When someone at Equifax failed to do a security update, they put everyone at risk.  Banks won’t allow you to connect to their sites without a newer operating system.  Airlines might not allow you to schedule flights.  For your protection, we won’t support systems running Windows 7 after that date.  We can’t knowingly put clients in harm’s way on the internet.

What Can You Do?

Remember when Microsoft put Windows 10 on people’s computer for free, sometimes without consent?  Unfortunately, they aren’t offering that.  There are ways around that “free” offer, but it requires erasing your computer and reinstalling everything.

You can buy a copy of Windows 10 and install it on your computer, but that will cost around $100 or so.

But I Heard Windows 10 Was Bad or I Want to Stay with Windows 7

When Windows 10 came out, just like Vista or Windows 8, it was horrible.  Anytime a new operating system comes out there is an adjustment period.  We saw ever since Windows 3.1.  Windows Vista and Windows 8 were particularly troublesome.  Windows 10 was unique because systems that were “forced” into an upgrade were not always ready for it.

Now, Windows 10 is reliable and stable on new computers.  We see minimal problems in comparison to problems we saw with older operating systems.  It is often “self-healing” and solves its own problems.

If you want to stay with Windows 7, you can, but we’d suggest staying off the internet at all costs.  The internet just isn’t safe unprotected.  If you’ve got a specialty program that only runs on Windows 7, that’s fine as long as it doesn’t use the internet.  We recommend after January 14th, 2020 to turn off the wifi and unplug the internet from these computers.

Another alternative is to create a “virtual machine” for these programs.  We can install Windows 7 inside a Mac or PC and have that virtual machine run just your special program and disable only Windows 7 from the internet.  We’re currently doing that for some clients running Windows XP or Windows Vista

Our Recommendation:  Replace The Computer

Any computer currently running Windows 7 is probably around six years old since Windows 8 was introduced in 2012.  We tend to see problems with computers after about three years since that is the average life of a hard drive.  With a laptop, there are the added problems with power chargers, batteries and keyboard.  Most Windows 7 systems thus are likely to fail soon.  If you spend money upgrading the operating system, you’ll be more likely than not find the computer inoperable relatively sooner.

Since we don’t sell computers, only repair them, we’re primarily talking ourselves out of work.  We’d rather tell you the right thing to do, even if it impacts our bottom line.  Of course, if you need your pictures, documents (stuff in Word, Excel), emails and music copied to a new computer we can help with that.

You don’t have to run out and buy one today;  you have a year after all.  However, I’d suggest budgeting for one in 2019, so you aren’t surprised.

“Danbo (heart) Windows 7” by mendhak is licensed under CC BY-SA 2.0

Ignore That Email: Nobody is Spying On You

by

We posted this on Facebook a few weeks ago, but it’s worth mentioning here again.  An email has been going around the past few months. It takes some different forms but generally follows the same pattern:

  1.  Someone “hacked” you and has your password
  2. They’ve been monitoring you
  3. They’ll send your information to all your contacts
  4. To prevent this send them bitcoin

I even got that email.  I gotta say when you see your password in an email right there it’s scary.

All Mailboxes Found 18 matches for search 2018 11 18 14 46 36

All Mailboxes Found 18 matches for search 2018 11 18 14 47 21

“Subject:  dave@calldrdave.com has password (my password). Password must be changed

Hello!

I’m a programmer who cracked your email account and device about half year ago.

You entered a password on one of the insecure site you visited, and I catched it.

Your password from dave@calldrdave.com on moment of crack: (my password)

Of course you can will change your password, or already made it.”

As well as

“Subject:  dave – (my password)

It seems that, (mypassword), is your password. You may not know me and you are probably wondering why you are getting this e-mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

How Did They Get Your Password?

It seems like every day I listen to the news, I hear about another hack. From Applebee’s to Yahoo, there’s a company for every letter of the alphabet that’s been breached. A hacker stole your password from one of these companies.  If you use your password more than one place, that’s how they got it.

Fortunately, I use a password manager called 1Password.  Although I avoid reusing passwords for important stuff, I’ll be lazy and do it for some websites.  In my case, I could trace it to Angie’s List.  I had to sign up for my business and I didn’t’ think I’d use it much.  That’s why I used a throw-away password.

What Can You Do to Prevent This?

You can’t prevent someone from hacking another system.  I mean when Equifax gets hacked, that just shows you how vulnerable we all are.  The best you can do is mitigate the damage.

Stop Reusing Passwords

I get it. Passwords are hard to keep track off.  As I said, I use 1Password.  We can help you set that up.  We also have a more manual option:  A password book.  We sell these for $7.50, although you can get one free by joining our Wellness Program.  That lets you use a unique password and keep track of them.

Get a Reliable Antivirus

If you’re on a Mac, you probably don’t have an antivirus.  If you’re on a PC you might be using the free one that comes with Windows.

We used to take the approach good enough is, well, good enough. If you haven’t had any problems with your computer, stick with what you got.  With so many threats out there, we’re finding basic protection isn’t enough.  A professional paid antivirus provides not just added security but peace of mind.  We recommend Malwarebytes.  Fortunately, we’re able to sell it at a discount.  Normally it’s $40, but we can sell it for $35 to existing clients.

When you get an email like this, just run a scan to get that peace of mind.

Don’t Pay Scammers/Let Them Keep the Money

We deal with tech support scams all the time.  Some clients are so embarrassed they decide to let the criminals keep the money. These criminals then use the money to attack other victims.  If we cut off the stream of money and don’t make this profitable, they’ll stop doing it.  Okay maybe not stop, but at least make them work harder!

As a reminder, clients who are part of our wellness program get unlimited phone and email support for questions like these.  When they get any suspicious emails, they just call us rather than give money to a scammer.

Full text of the emails:

“It seems that, (my password), is your password. You may not know me and you are probably wondering why you are getting this e-mail, right?

actually, I setup a malware on the adult vids (porno) web-site and guess what, you visited this site to have fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) having a keylogger which gave me accessibility to your screen and web cam. after that, my software program obtained all of your contacts from your Messenger, FB, as well as email.

What did I do?

I backuped phone. All photo, video and contacts.

I created a double-screen video. 1st part shows the video you were watching (you’ve got a good taste haha . . .), and 2nd part shows the recording of your web cam.

Exactly what should you do?

Well, in my opinion, $500 is a fair price for our little secret. You’ll make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address:

(It is cAsE sensitive, so  copy and paste it)

Important:

You have one day in order to make a payment. (I’ve a unique pixel in this e mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including relatives, coworkers, and so on. Having said that, if I receive the payment – I’ll destroy the video immediately. If you need evidence, reply with “Yes!” and I will certainly send out your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message.”

And

“Hello!

I’m a programmer who cracked your email account and device about half year ago.

You entered a password on one of the insecure site you visited, and I catched it.

Your password from dave@calldrdave.com on moment of crack: (mypassword)

Of course you can will change your password, or already made it.

But it doesn’t matter, my rat software update it every time.

Please don’t try to contact me or find me, it is impossible, since I sent you an email from your email account.

Through your e-mail, I uploaded malicious code to your Operation System.

I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.

Also I installed a rat software on your device and long tome spying for you.

You are not my only victim, I usually lock devices and ask for a ransom.

But I was struck by the sites of intimate content that you very often visit.

I am in shock of your reach fantasies! Wow! I’ve never seen anything like this!

I did not even know that SUCH content could be so exciting!

So, when you had fun on intime sites (you know what I mean!)

I made screenshot with using my program from your camera of yours device.

After that, I jointed them to the content of the currently viewed site.

Will be funny when I send these photos to your contacts! And if your relatives see it?

BUT I’m sure you don’t want it. I definitely would not want to …

I will not do this if you pay me a little amount.

I think $855 is a nice price for it!

I accept only Bitcoins.

My BTC wallet:

If you have difficulty with this – Ask Google “how to make a payment on a bitcoin wallet”. It’s easy.

After receiving the above amount, all your data will be immediately removed automatically.

My virus will also will be destroy itself from your operating system.

My Trojan have auto alert, after this email is looked, I will be know it!

You have 2 days (48 hours) for make a payment.

If this does not happen – all your contacts will get crazy shots with your dirty life!

And so that you do not obstruct me, your device will be locked (also after 48 hours)

Do not take this frivolously! This is the last warning!

Various security services or antiviruses won’t help you for sure (I have already collected all your data).

Here are the recommendations of a professional:

Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!

I hope you will be prudent.

Bye.

Has Your Password Been Stolen?

by

Authenticity required passwordWith all the recent and continuing breaches, one thing we learned is you can’t rely on a company to tell you.  Breaches are reported months and sometimes years later.

If you’d like to check if yours was stolen, the website “Have I been pwned” helps.  All you do is put in your username or email address (no passwords!)  It then tells you what hacks you’ve been a victim of.  I was only the victim of seven on one email address.  I consider that lucky.

Fortunately, I use a password manager.  All those passwords on those sites were unique, so I was safe.  We help clients all the time setup password managers.  It’s easy and saves you time and hassle.  All you do is remember the password to your password manager and it takes care of everything else.

Photo by liako

Which is More Secure? Your Phone or Laptop

by

Action Link Wireless

With many people having both a smartphone and laptop synced, you’d think people would secure them equally.  In reality, it seems people are more worried about their phone rather than their laptop (or desktop).  That’s a big mistake.

This article has some interesting facts!  The ones that stood out to me are related to leaving the laptop unattended.  I see this in coffeeshops all the time. Someone will take their phone in the restroom with them or up to the counter, but otherwise just leave their laptop there.  It also makes sense it’s easier to carry a phone in your pocket compared to a laptop.

Nonetheless, both devices should be protected equally.  That includes proper password, encryption, and other security methods.  This is a much bigger deal if you’re bound by professional codes of conduct like HIPAA, FINRA, or PCI.  We’re here to help with that and have lots of clients in these situations.

Photo by Kevin Johnston

Police Using Fitbit Data Against You?

by

Fitbit ForceI’m not talking the fat police either.  I’m talking about someone going to jail based on what a fitness tracker told police.

The details are explained here . It should give everyone pause for concern.  The obvious thing is “don’t do anything wrong,” but the problems go deeper than that.  For example, given that people know how these trackers are used, what could stop someone from switching yours out and framing you.  I know I’ve accidentally picked up my spouse’s tracker before.  The Supreme Court is already grappling with issues of cell phone towers and privacy.  Their decision might impact cases like this as well.

Photo by Bekathwia

Don’t You Wish You Could Block Fake Emails?

by

Youve Got Mail

Ever since I got email back in the early 90s, fake emails were a problem.  Sadly it’s only gotten worse over time.

You’d think as technology got better and Artificial Intelligence improved (I’m looking at you Siri and Alexa), we’d have figured out how to know if an email message is legit.  We’ve had some neat innovations, but the vast majority of us suffer from email overload.

I loved this article in Techcrunch as it summarized my pain.  It had some techie-ideas of how to solve it.  My prediction is they never will.  After all, we’ve had postal mail for hundreds of years, but I still get junk mail!

Photo by card karma

Could Your Business Suffer an Equifax-Type Hack?

by

Equifax Key

It’s been close to a year since the most significant hack in cyber-history that we know of.  The last thing you want for your business is to inform customer their information has been taken.    You can avoid some common mistakes to reduce your chances.

This article on Inc.com goes over some common mistakes businesses make.  The overall theme though is keeping up with technology is required in business.  Just because something is working doesn’t mean it shouldn’t be looked at.  Older software that isn’t getting security updates is the prime target (the Equifax hack as of this writing was determined to be a missed update).

Probably the most common problem we see is malware (viruses, trojan horses, rootkits, etc,).  These are systems that take credit cards, and those internet nasties are stealing your customer information.  You don’t even realize it as a business owner.

Although much less common, a disgruntled employee can cause you a world of hurt.  They know your systems and where vulnerabilities are.  Even if they aren’t technical, they might report your lack of security to others.

If you’re not familiar with updated security software and firmware on things like Point of Sale (POS) systems and routers, it’s time to contact us before you have to contact your customers about a preventable breach.

Photo by Got Credit

Phones are Highly Personal

by

Incase x Supreme iPhone 5 case exclusively available at Supreme stores.

This statement may seem obvious, but still need to be proven by science.

I don’t know about you (well, actually I do according to this study), but when I’m without my phone I panic.  Where is it?  I’d be much more upset about misplacing my phone than my wallet.  That dreaded 1% battery sign means I’m cut off from the rest of the world.

I’ll admit it; it’s an extension of myself!  What about you?  Do you agree with that statement?  Or do you just see it as a method of communication?

Wasn’t life simpler when all phones did is make phone calls?

Photo by Incase

Locked Out of Your Google Account?

by

GoogleThat question should strike fear into your heart.  I know it does mine.  That’s why I freaked when I read this article about one tech writer unable to access his account.

The worst part of his story? He had no idea how he got locked out or how he got back in.  It all started with a forgotten password.  Once he tried to reset it, he was locked out for over a week.

Of course, a password manager would have helped him.  We recommend 1Password. If your Google account is critical, there are some safety measure that can be added so you can get back in once you’re locked out.

We do this all the time for clients, so if you rely on Google and Gmail, give us a call, send us a text, or write us an email.  Most appointments are less than an hour. The safety and security is worth its weight in gold according to our clients.

Photo by Dudley Carr

FOLLOW US

Testimonials

  • Matt was on time, fixed the problem, explained what he had done, asked questions about my use of the computer, and treated me respectfully even though I know so little about computers. Read More
    Janet
    Via Get Five Stars
  • Perfect, could not have been better, will call again. Read More
    Dave Evans
    via Get Five Stars
  • Our computer was getting old and giving us a lot of trouble. Dr.Dave helped us purchase a new computer directly from Dell which saved us quite a bit of money. When the new computer arrived, he installed it and added the necessary security all at a very reasonable price Read More
    Geneva Tucker
    via Google Reviews
  • Dr. Dave is always prompt, knowledgeable, and very helpful. He knows his stuff, and is a very pleasant person to talk to about your computer needs. He's fantastic! I especially recommend him for Apple/Mac owners. Read More
    Karen Roberts
    via Google Reviews
  • Very smart guys; high level of quality; efficient service. Read More
    Ron Guerin
    via Google Reviews
  • Dave and Co. are great. They have rapidly solved every problem we've presented to them, show up right on time, and are pleasant and professional. I trust them completely Read More
    Charles Higginson
    via Google Reviews
  • very dedicated to help you with computer problems, questions, or personal challenges with technology. Efficient, effective, and experienced technician. Read More
    Mary
    Get Five Stars
  • Is always very helpful. Read More
    Dan
    Get Five Stars
  • Was prompt. Listened to my questions. Solved the problems. Thanks Read More
    Sue
    Get Five Stars
  • Absolutely Outstanding. Competent and Caring. Thanks a Million. Read More
    Bernie
    Get Five Stars