69. Don’t be too quick to accept Friend requests

It’s exciting to see a Friend Request at the top of your Facebook page. You’re likely to accept Friend Requests without thinking twice, especially if it’s a friend or a name you recognize. You may even be thinking that there’s no real harm in accepting all Friend Requests that come your way. Having more friends means you’re more popular…right?

What you may not know is that with name, birth date, education, and work history available online, it’s relatively easy for anyone to create a duplicate of any existing user. Watch out, as cybercriminals could potentially be impersonating you or someone you know for the sole purpose of duping you and your friends!

Keep reading to learn what cybercriminals can do with phony accounts. We’ll share things to keep in mind as you decide whether or not to accept a Friend Request.


What Cybercriminals Do with Phony Accounts

Identity theft:
Facebook is a treasure chest of personal information. If you have a private account, when you accept a Friend Request, the information and pictures that were once restricted from public view become visible to your new “friend”. Because cybercriminals understand that a lot of people accept requests without thinking twice, the chances of someone accepting a request from a phony account is very high. Once cybercriminals have this bounty of information and pictures, it makes it all the easier for them to commit identity theft or other forms of crime.


Malicious Links:
Unless a user has set up their privacy setting, whenever they create a post on their own or a friend’s Timeline, it is made public on the News Feed. With a phony account, cybercriminals have the ability to spread malicious links to a substantial number of people. Once the malicious link is published onto a public News Feed, there is a high likelihood that someone will eventually click on the malicious link, where they will be directed to sites compromised by malware or phishing sites designed to trick users into revealing financial credentials.


Stalking:
In case identity theft and distributing malicious links weren’t bad enough, cybercriminals create phony accounts to stalk people. Phony accounts help cybercriminals stay under the radar, as the person they’re stalking are likely to accept the Friend Request without thinking twice.


Keep Your Eyes Open

Check your Friends List:
In the event you receive a Friend Request from someone you’re already friends with, take a few minutes to search for that person in your friends list. Also, sift through the profile to see if there are signs that the account isn’t legitimate. If the Friend Request is from someone you consider an acquaintance, it’s obviously more difficult to determine if the account is legitimate or not. But with a close friend, make sure to get in touch with them if you receive a second Friend request – if it’s a fake, the account needs to be reported to Facebook.


Reproduced from the Zone Alarm blog.

----------------------------------- 

 

68. Don't give your mobile batteries a "Memory"

When a notebook’s battery is in its first flush of youth, it should be good for between two and five hours’ use (depending on the notebook itself and how you’re using it). But the implication in the question above is that the questioner has always run the computer on mains power, and that makes a big difference.

Notebook batteries need exercise – they need to be made do some work. Otherwise they become lazy and dispirited, doing the battery equivalent of slumping in the sofa and watching TV all day. A battery that’s never called upon to do any work quickly forgets how to do it.

If your notebook is always run on mains power, that means its battery is kept fully-charged all the time and is never used. Over time, it gets ever more used to this lazy lifestyle until, when you do need it, it can’t muster the energy to do more than a few minutes’ work before giving up. Windows should give you a warning about low battery power a few minutes before the battery runs out, but if the battery is in such a sorry state that it can never manage more than a few minutes, you won’t get that warning: the PC simply switches off.

With a new notebook PC (or a new battery in your notebook), exercise the battery right at the beginning to maximise its lifespan. Charge it fully, then disconnect it from the mains and use it (or leave it sitting) until its battery runs down, then repeat the procedure, and repeat it again. In ideal circumstances, you’d use it on battery power whenever possible thereafter, but whether you do that or not, try to allow the battery to discharge itself fully every few weeks.

If you never use the notebook on battery power, and you sometimes run into the same problem as the questioner, a simple solution would be to remove its battery. This way, the notebook won’t switch on if you haven’t turned on the mains, so there’s no risk of it switching itself off after a few minutes. (It also makes your notebook a good deal lighter to carry around or to place on your lap!)

If you use your Notebook for long periods and wish to keep it on mains power then again, remove the battery until you have finished the extended use then replace the battery.

With replacement notebook batteries often costing upwards of £50, it’s well worth paying some attention to their well-being and eking out the maximum life from them.

That’s even more important for the batteries in tablet computers. Most tablets are not designed to have their batteries replaced – indeed, you’ll rarely see any sign of a battery compartment – so when a tablet’s battery bites the dust, the dust stays bitten!


With thanks to PC Tips for Seniors  

-------------------------------

67. How secure is your own wifi network?

Reproduced from the Zone Alarm blog

It’s easier than ever to set up a wireless network. Plop in a WiFi router and connect to a DSL or cable modem, or if you are one of the lucky ones, with a FiOS box. But before you start online banking, shopping, and surfing the Web, make sure your network is secure from intruders.

　

You may think that your neighbor hopping onto your wireless network to check email is harmless. Actually, there is more at stake than the fact that this unauthorized person may hog up the bandwidth by streaming HD videos. This person, once on your network, can intercept all the data you are sending, trick you into going to a malicious site, and break into computers and other devices you may have connected over the WiFi. Letting someone you don’t know on to your network is essentially letting that person see all the data flowing in and out.

If you have your own WiFi network, it’s important you secure it from unauthorized users and devices by configuring the wireless router appropriately. While specific steps in the management software vary from vendor to vendor, and from router to router, the options are fairly universal and shouldn’t be too hard to find.

Below are some tips on how to enhance your wireless network security.


1. Encrypt with WPA2
When you set up your wireless network, you had the option to turn on encryption. For home networking users, you should turn on encryption (as opposed to running an open network) and you should select WPA2 as the encryption method. WEP is not secure and some of the other methods are generally out of reach for most home users. Even if you didn’t enable WPA2 when you first set up the network, your management software should let you turn it on after the fact.

When you select WPA2, you will be prompted to create a passkey for users to enter when trying to connect to the network. It is important—no, critical—to make sure the password is unique and complex so that outsiders can’t just brute-force or guess a password and hop on to the network. Make sure to select a string of characters that is fairly long and a mix of both numbers and letters. If your passkey is flimsy, then determined attackers will be able to breach your network anyway.

Don’t turn on WPS (WiFi Protected Setup). It doesn’t always work consistently, and its nine-digit PIN is vulnerable to guessing attempts. Once the attacker figures out the PIN for WPS, there is nothing stopping the adversary from accessing any shared data that resides on your wireless network.


2. Change Default Passwords
Many of the routers ship with a default password for the administrator management software. It could be “admin,” or even a blank password, and is quite often printed somewhere in the documentation and available online. Users should immediately change the password for the management interface while setting up the wireless network so that outsiders can’t reach the management interface. If adversaries get access to the management interface, they have full control over your router and you would be in serious trouble.

While you are changing passwords, check to see if the router shipped with any pre-created SSIDs. SSIDs are the names of the wireless networks configured for the router. You should change the passwords for these SSIDs even if you aren’t using them, just in case.


3. Clean up the list of SSID names
Speaking of SSIDs, vendors tend to use very generic names for the SSIDs, such as ‘linksys’ or ‘netgear-wireless.’ Change them from the default to something unique. Attackers can launch man-in-the-middle attacks by using frequently used SSIDs for their rogue wireless hotspots which could be used to trick devices into connecting to that network. Having a different SSID name and password ensures that it will be harder for a person to guess and break in.

It may be just easier to delete all the SSIDs on the router (usually listed under “wireless” on the management software) other than the one you are using. Why increase the potential attack surface? After you have cleaned up your list of SSIDs, hide the name. Some vendors call this cloaking, but the idea is to prevent the SSID from broadcasting to all devices in the vicinity. You can connect by manually entering the name of your network, but other people won’t know that network is there.


4. Regularly Check Who Is Connected
The management software generally has a section called “Device List”, which shows the computer name of all the devices that are connected to the wireless network. It’s a good idea to periodically go in and check to make sure you recognize the names. To prevent unknown devices from ever being able to connect, you can enable Mac Address Filtering. This will require you to know how to get your device’s hardware address (MAC Address) so that you can enter it in the software. It can be a little manual and time-consuming, but it ensures no one will ever be able to get on the network without your knowing about it.

Your router has other advanced features, such as “guest networking”, which you should turn off, and a firewall, which you should turn on. If you aren’t already running a software firewall, turning on the router’s firewall is critical, but it’s not a bad idea to have both to boost your layers of security.

Regularly update your router firmware when they are available, and you’ll have a pretty secure wireless network. It’s worth the time to set it up properly as a closed network will save you tons of headaches down the road.

-----------------------------------

　 

66. Watch out for that bogus call from "Microsoft"

Two articles related to the same problem:-

From PC Tips for Seniors www.pcforseniors.co.uk.

Microsoft Telephone Scammer Forced to Hang Up

 Its perpetrator has finally been caught and sentenced.

 Unlike most scams, which start with an email message, this one revolved around an unexpected telephone call. The caller would claim to be working for Microsoft and would try to convince you that your PC was infected by countless viruses. Somehow, without alerting you to these problems, your PC had contacted Microsoft, and Microsoft was kindly phoning you at its own expense to sort them out.

 If you hadn’t already hung up by this point, the caller would try to ‘prove’ his case by directing you to an area of Windows containing a long and worryingly-technical list of items. These, he’d claim, were all the viruses that had infected your PC. If you were convinced by this, you’d be encouraged to hand over remote control of your PC to the caller so that he could ‘fix it’ – but only after parting with payment for this service.

 Now, with a bit of luck, this scam has been shut down. You can read the full story on the BBC’s website at www.bbc.co.uk/news/technology-26818745, but the upshot is that the scammer has been caught, sentenced and fined. It’s not much of a sentence (or much of a fine, although the court costs help to inflate it), but it should ensure that he doesn’t do it again.

 Of course, there’s no knowing whether this scam was all the work of one man, or whether there are others still at large and still operating the same racket. In case there are, remember how it works and be sure to hang up if you receive a phone call making similarly outrageous claims.

--------------------

 

 

Telephone messages from “Windows.”

Earlier this year telephone calls were received purporting to be coming from Windows advising that the computer of the person called was putting out messages that were affecting a large number of other computers. It was requested that the person receiving these calls be talked through putting a programme on their computer to remedy the fault. Persons had agreed and an extortionate amount of money was demanded for this service. This was a scam and computers had to be taken to a computer shop to have the computers repaired.

The calls originated from Liverpool and Cairo in Egypt and could be made from all over the world and with today´s technology appear to have come from a telephone number anywhere else in the world. The British Police in the Liverpool area were aware of this but could only advise people to ignore this scam.

I have recently received again one of these calls. It was made by a man with an Asian accent who said that he was calling from Windows and was in America. My phone showed “Number Privado”.

BEWARE. THEY ARE STILL ABOUT

Do not give these any information ...just put the phone down

 

------------------------

Little computer tip in case you did not know The difference between http and https... the little thing that means a lot.

 

The main difference between http:// and  https://


It's all about security - HTTP stands for Hyper Text Transport Protocol.
 The S (big surprise)stands for "Secure". If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://. This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.

This is why you never ever enter your credit card number in a http website!


But if the web address begins with https:// that basically means your computer is talking to the website in a secure code that no one can eavesdrop on. You understand why this is so important, right?

If a website ever asks you to enter your credit card information, you should automatically look to

see if the web address begins with https://

If it doesn't, there's no way you should ever enter sensitive information like a credit card number, PIN, Social Security #, etc.

Be very careful

 

 

-----------------------------------

 



65. Typosquatting: How Spelling Errors Could Lead to Scams

It’s a common enough scenario, and familiar to most: When typing a URL in the Web browser’s address bar, you accidentally mistype the name. You may type ctibank.com instead of citibank.com, gacebook.com instead of facebook.com, or the ever popular gooogle.com instead of google.com.
 The page at the wrong address is an example of typosquatting, where scammers register domains with names that are similar to legitimate sites. The owner of the site benefits from the fact that the user mistyped the name, whether by displaying ads and links, setting up fake storefronts, or tricking users with phishing pages.



At best, it’s just an annoyance. At its worst, it may be malicious. And it’s pretty prevalent. Experts have estimated nearly 80 percent of mistyped URLs wind up on typosquatting sites.


Not Always Bad, But Usually
Of course, some sites may legitimately have addresses that look similar to popular brands. Those are easy to figure out. If you land on goole.com, you will know it’s a site about an English town, and not a typosquatting one. Then there are the pages that seem harmless, such as the ones displaying advertisements or a parked page with a bunch of links. The typosquatting page window.com has links to Windows 7 and Windows 8, but if you don’t click on it and just close the window, no harm done.

While advertisements, offers to sell you the domain, or these parked pages constitute a majority of the typosquatting sites, there is a very real danger associated with these fake pages. Cybercriminals can grab these domains to create fake websites that look similar to the actual site so that users don’t realize right away they’ve landed in the wrong place. This is the perfect setup for a phishing scam, to trick users into entering their login credentials before redirecting them back to the real site. The users don’t realize what happened, and the criminals operating the site now have their information.

Fake sites Wikapedia.com and Twtter.com took the phishing scam another step further, by making the pages look like the real sites and displaying advertisements for contests offering iPads and MacBooks as prizes. Users were prompted to enter their credit card information and other sensitive information as part of the contest to claim their prizes.


Fraudulent Transactions
Scammers may set up an online store to convince visitors to browse and shop for products. If it was a typo domain appl.com, users may not realize they’d just bought junk and not a brand new Mac Book Pro. Or they may see a link for iTunes but wind up signing up for a service that sends prime-rate SMS messages to your cellphone.

Scammers may also be using the sites to drive some clicks to their advertising campaigns. Don’t click.

Criminals may setup sites hosting malware at these sites. This is a bit more unusual, since attackers aren’t going to be able to dispose of the domain and move onto a new one when the address invariably gets blacklisted for hosting malware. There aren’t that many variations of the domain name the attackers can use, so they tend to use other scams instead that will let them use the domain for a longer period of time.


How to Stay Safe
Companies take typosquatting seriously. Apple has in the past gone to the courts regarding appl.com, wwwApple.com, appl-e.com, and apples-stores.com for being too similar to its own domain name. Back in 2012, a United Kingdom watchdog organization fined wikapedia.com and Twtter.com $156,000 each for trying to trick users into thinking they were the real sites. A California judge ruled in favour of Facebook in May last year, awarding the social networking giant close to $2.8 million in damages and control of a little over a hundred domains with misspelled variants of its name.

When typing in the link to a website, pay close attention to what you type. Don’t just hit enter or click on “search” right away—read over what you typed to try to catch that typo at the last minute.

It’s also important to get in the habit of quickly checking the URL to make sure you landed on the page you intended. Sometimes the site may look like the real thing, and that last check can help you from making a big mistake.

Enable safe browsing mode in the Web browser. Internet Explorer, Firefox, and Chrome all have features where they block access to a page suspecting of hosting malware or otherwise malicious. If the site you fat-fingered is malicious, the browser will stop you.

Make sure your security software is up-to-date. If the typosquatting page hosts malware, the antivirus software will most likely detect the danger and block the file from being downloaded onto your computer.

Above all, never, ever, click on links in emails, text, chat messages, or social networking sites. You may not realize the links have a typo when you first look at it. If you type the URL instead of clicking, you will notice the typo, and thus avoid the scam.



(c) Zone Alarm Newsletter
 

---------------------------------

 

64. How to remove a CD from a closed drive.

Have you ever needed to open your optical drive when the power was off? Maybe the drive quit working but your favorite music CD, game DVD, or BD movie was stuck inside? Or you simply powered down your PC and left the CD in the drive.

This easy trick will get the drive bay open fast! It will work every time on a laptop PC but extra care is needed on a desktop or tower PC.

Difficulty: (Very) Easy

What You Need: A single, reasonably-heavy-duty paperclip

Time Required: Using a paperclip to open your stuck disc drive will probably take less than 5 minutes, start to finish

Here's How:

1. Unfold the paperclip until there is at least 1 to 2 inches (2 to 5 cm) that is perfectly straight.

2. Look closely at your disc drive. Directly under or above the drive bay door (the part that "ejects" the disc) there should be a very small pinhole. On a laptop the pinhole will be right on the face of the CD drive.

Tip: If you have one of those desktop optical drives where a large door flips down before the drive bay ejects, pull that down with your finger and then look for the pinhole.
3. Push the paperclip into the pinhole. On a laptop the CD drive will pop open immediately.

4. On a desktop or tower, directly behind the pinhole, is small gear that when rotated will manually open the drive.

Remove and reinsert the paperclip as often as needed to eject the drive bay enough to grab a hold of it.

5. Slowly pull on the drive bay until it's fully retracted. Take care not to continue to pull when you feel resistance.

6. Remove the disc from the drive.

Slowly push the drive bay back into the drive until closed.

---------------------------

 

63. Why You Should Take Your Passwords Seriously

I have touched on this subject in previous articles but make no apologies about repeating it. YOUR PASSWORDS ARE OFTEN YOUR ONLY SECURITY ON SENSITIVE SITES SUCH AS BANKS AND INVESTMENTS. Read the article and take note. Even after banging on about this aspect of security for a long time, my own “very secure” password was compromised on my email account a couple of months ago :-

Unfamiliar messages. Passwords that no longer work. These are just two of the many clues that cybercriminals have gotten a hold of your password and broken into your account.

With the password compromised, the first step is to regain control over the account by changing passwords and checking configuration settings to make sure nothing has changed. However, if the root problem (how the passwords were successfully stolen) is not fixed, then the accounts will just get compromised again and again. That’s why it’s important to take your passwords seriously and to make sure they are strong.

Passwords are immensely valuable, whether they are for email, e-commerce sites, or even “just” a social media platform. Criminals aren’t after your Spotify passwords because they want to see who your favorite artists are. They are banking on the high likelihood that the same password will unlock your email, retail Website, or even your work network. Considering the number of people who re-use their passwords across multiple sites, there is a good chance that someone’s Twitter password is the same as that person’s online banking account.


This is why it’s important to have a unique password for every account and service. If attackers do manage to steal one password, at least the damage is limited to just that site, instead of impacting multiple services. It’s also important to recognize how cybercriminals steal the passwords in the first place and avoid those scams from the start.


How Cybercriminals Steal Passwords
Cybercriminals employ several methods to steal passwords. They can use stealthy malware, tricky social engineering techniques, or just plain brute-force to guess the password. Whichever method they use, the goal is the same: gain access to as many user accounts as possible.


Malware:
All it takes to infect a computer with malware is one person opening a specially crafted attachment, or clicking on a booby-trapped link in a spam message. Cybercriminals send out spam messages promising special deals on luxury goods, offering exclusive details on current events, or the latest gossip on celebrities to trick people into clicking on links. Or they craft emails using basic social engineering tricks to convince users the emails are legitimate, such as pretending to apply for a job, sending delivery notification messages, or even using data mined from social media sites and pretending to be an acquaintance.

The malware likely installs a keylogger component on the computer, which captures every keystroke typed, whether it’s an email message or every single login credential for every single site the user visits. Once the keylogger is installed, the criminals can easily harvest every password ever entered. This is why it is important to keep the security software regularly updated and to scan the computer regularly for malware.


Phishing:
Phishing is a form of social engineering that is very effective. Attackers craft a message that appears to be from a legitimate brand, such as your bank, or well-known sites such as eBay and PayPal, or even a corporate site. When the user clicks on the link, they see a Website which looks like the real thing—maybe the logo on the page is the same. The user thinks it is a real site and enters their login credentials. All the information typed on the bogus site goes directly to the criminals, and the user often has no idea that the password, and now the account, has been compromised.

This is why it is important to be wary of messages in the inbox, to avoid clicking on links in email messages, and to scrutinize all sites to make sure the site is real. Checking the URL carefully is a good way to screen out bad sites, such as www.fcebook.com.


Password Cracking
Cybercriminals may just try to brute-force the password, operating on the assumption that the password is not so complicated. Many users still make the mistake of selecting simple passwords, such as ’123456′ or ‘password.’ If the password is a common word that can be found in the dictionary, or a simple sequence of numbers and letters, there are cracking tools that can figure out the actual password. This is why it is important to select unique passwords that are complex, such as having both lower case and upper case letters, symbols, and numbers. Passwords should also be long, to make it harder to crack.

Attackers will continue to employ various techniques to try to get their hands on user passwords. By employing better password hygiene, users can protect themselves from attack, and to minimize the damage even if the password does get compromised. Passwords aren’t perfect, but unless something better comes along, make sure your passwords are all unique, complex, and long.


Reproduced from the Zone Alarm Blog