With all the other news that has recently grabbed the headlines (UK out of Europe and England knocked out of Europe by Iceland to name but 2), it is easy to miss a number of (other) important news items.
Sad to say that the stories I am referring to are not good news stories. They are potential scare stories.
News Item 1 – Passwords (again)
The first item is about your passwords dear reader: please be vigilant, read and heed warnings and requests from your service providers when they communicate with you about passwords (and security).
And equally, please, please, please ensure that your passwords are strong and that you don’t use the same ones for different email accounts and services. Don’t even use the password with a different suffix – i.e. MyAuntSally159Ebay, MyAuntSally159Amazon etc.
If your email account gets hacked it can lead to hours, days or weeks of hassle or far worse. And that may just be the spam side of things.
I know that I have received spam emails in the past – they’re in my spam or junk box and have titles that are (to me) obviously dodgy. My Uncle Sid isn’t likely to send me an email entitled “look at me!” or “wow! great stuff”. Neither is my Aunt Maude going to send me an email with a generic line of text and a dodgy looking web link.
I’ve raised an eyebrow and thought “hmm, Uncle Sid has managed to get his email account hacked, probably because his password is something insecure…” and not really thought too much about it (after calling him and asking if I can help of course).
Now having spent hours with a customer who has suffered and are still (going to be) suffering the consequences of a hacked email account, it is worth reminding everyone about this important topic.
We don’t use the same keys for our cars, house, office, safety box – and guess what? It’s for a good reason (get in to 1 door, get in to all of our doors). We shouldn’t be using the same passwords for our accounts for the same, good, reason.
What are good passwords? Take a look at this video on how to pick a proper password. There are a number of websites where you can test your proposed password and a strength meter will be shown. Examples are from Kaspersky, GRC and Dashlane. There’s more sage advice from Sophos in their blog about Password Day 2016.
Oh, and those recent news stories I am referring to at the top of this feature – amongst recent announcements are that either there was a security breach or providers had asked customers to change passwords: The online backup provider Carbonite, Twitter, LinkedIn, Facebook and Netflix.
Please spend an hour now rather than perhaps lots of hours while you’re mopping your spilt milk.
News Item 2 – Fake Tech Support
The other news story, and one that we have seen in the wild, well, on a customer’s PC, is a scam to get a customer to call a fake tech support operator.
Our example was reasonably sophisticated in that it shows a realistic techie-looking background error message (although it looks like a Windows XP BSOD message) which is overlaid with an informational instruction box but the corker is the genuine looking Windows status message in the bottom-right of the screen.
Thankfully our customer was alert enough to consider whether the warning was real and called us and we were able to remove the infection pretty swiftly.
There is a variant of this that has been announced – Tech support scams target victims via their ISP – where the scammers are able to pretend that they are your ISP – BT, Virgin etc. and offer bogus tech support. Being able to pretend that they are from your ISP adds to their air of authenticity.
I wrote recently about being safe with your IT – the 5th item in the list is the most salient here (although the others are still relevant).
If it was a real-world case, would a gas man who knocks on your door to say that your cooker wasn’t working correctly, be believable?