Beware mobile VPN services promoted by scam ads

Mobile phone user holding iPhone with VPN application in use

It is becoming more and more popular for a user to be on a mobile device and receive pop-up windows or be otherwise directed to a site to indicate that you’ve been hacked or are being tracked, and the solutions is to install a VPN (Virtual Private Network) application. A VPN allows the user to connect to another public IP in order to mask their current IP, and encrypt data sent.

With these pop-up redirect ads, what is occurring is that various VPN providers provide affiliate programs, where individuals are compensated for driving traffic to the VPN provider. These individuals create scare-tactic ads that promote users install the VPN application, and in return, the affiliate marketer receives compensation in exchange.

As the article states, if you receive one of these warnings, just close the page. If you are having issues closing the page, close your web browser. Upon re-opening the browser, attempt to close the page if it still exists. Also, closing the page that prompted the redirection is also advised, to prevent further issues. Also, NEVER install any applications being promoted on these sites, as they could install any variety of malware onto your device.

Please let us know if you have questions or would like to discuss setting up a more secure VPN into your computing environment!

Microsoft admits hackers had access to online email

Computer with new email notification displayed

For the first three months of 2019, Microsoft has admitted that hackers had access to some details of certain Outlook.com email accounts. As this article states, Outlook.com is the web version of Microsoft’s email service, and this online service was previously known as Hotmail. Per Microsoft, “this unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account …but not the content of any emails or attachments.”

While it appears no actual emails were read or attachments were accessed, this is an important reminder that being online brings its share of risks to user data. It’s a smart idea to use an actual email application to view email, in companion with a web browser, and to store as much email off-line as possible. This will help in prevention of potential data access in the event your email account gets hacked.

In relation to this, and as has been mentioned before, it is important to ensure the safeguarding of passwords, for email and other sites. It is good practice to change passwords periodically throughout the year. By doing so, there’s less of a chance that the current password is in the hands of hackers if it is changed more often, in the event an account is compromised. Also, never send password or login information via email, as this just opens user’s data to easily being compromised.

As always, please contact us if you have questions or would like to discuss further!

Mar-a-Lago intruder sneaks surveillance Hardware into Club

Wood-grain USB thumb drive laying on tree stump

An intruder into Donald Trump’s Mar-a-Lago private club had, amongst several other pieces of technology such as cell phones, a thumb drive that could apparently immediately begin installing files onto a computer when plugged in, per the U.S. Secret Service. They indicated that this is very out of the ordinary, as detailed in this story.

A few interesting aspects of this story, in relation to thumb drives as well as other hardware and security. The first is that thumb drives (aka flash drives) are very popular, primarily because of their ease of use: they are an easy way to get programs and files from one computer to another. Because of this, they’re also easy to use to get malicious software onto a computer. This leads to the second and most important point: it is wise to not plug-in thumb drives without positively knowing their source and potential side effects. On this point, it’s a bit alarming that the Secret Service agent didn’t follow this point when they plugged it into their work computer.

The lesson to be gained from the linked article is that employers should not allow their employees to plug-in items such as thumb drives into their computers, or at the very least have security software which prevents the mounting of this type of hardware when it is plugged in.

In addition to being wary of thumb drives, other insecure types of hardware purchased off of sites such as eBay should give a user pause, whether the hardware has been previously used or not. Used hardware always has the potential of having been tampered with, from both a hardware and installed software perspective. For example, users could be spied on through a laptop’s camera, or their keystrokes captured through a hidden keylogger program.

In the realm of “new” hardware, what one person may think is new may actually not be. New hardware should always come in a factory sealed box with a security sticker. Of course, it is possible that this could be faked, but it is much less likely, especially when purchased direct from the Manufacturer.

Separate recent ransomware attacks affect Spectrum Health, MI doctor’s office

Metal chain link with lock, locking wood gate entrance

A cyber attack that hit a contracted vendor of Spectrum Health, Wolverine Services Group, has impacted approximately 60,000 patients of Spectrum Health Lakeland. Wolverine’s systems were attacked by a ransomware attack. A ransomware attack occurs when hackers gain access to a system and encrypt a portion or all of the files and demand ransom payment in order to release instructions on how to decrypt the files.

The breach in this incident affected only the Lakeland portion of Spectrum Health, not their entire system. As is usual with breaches such as this, it occurred well before it was discovered: the breach occurred in September but wasn’t discovered until December. More can be read about this incident here.

In a more recent ransomware hack in Michigan, which occurred on April 1st at a doctor’s office in Battle Creek, the doctors of this office decided to retire early, after they refused to pay the ransom payment and the hackers erased all their files. The files were already encrypted by the office’s software system, so no personal information was gained. However, with patient files gone forever, much data that was already gained through tests and other means will never be recovered, as the article from WWMT states.

While these two cases show issues at businesses, and we as citizens only have so much control over business records, it is important for every person to keep secure their private information. We will continue to work to update this blog on ways users can prevent becoming the victim of cyber incidents (malware, phishing, etc.). If you have any questions or would like to discuss, we’re here to help.

Reminder to keep passwords secure…

Computer code displayed on Monitor

It is a vitally important practice to keep your passwords safe. As a general rule, never give out passwords to anyone. The article here notes that Facebook asked a user for their email login and password to verify who they were. This can open up a user to phishing attacks.

If you need to use Facebook, it is advised to create a new Gmail account and use that specifically for Facebook, rather than risking the potential of a frequently-used email account being compromised.

In addition to this, it is wise to use different and hard-to-guess passwords for different websites. Using the same password for different sites opens one up again to issues if one site’s password file gets hacked.

Feel free to discuss with us your options with keeping your passwords safe. We’re here to help!

Mail users reporting issues with Gmail after macOS update

Triangular red border Road sign showing caution

As noted on a number of complaints across Apple related sites, the newest update of macOS (10.14.4), which was released a few days ago, causes issues with authentication when attempting to sign into a user’s Gmail account. Users are reporting receiving an endless loop, bouncing between macOS and Google’s sign-in page in Safari.

Because of this, it is recommended not to upgrade to OS 10.14.4 if you use Gmail within your Mail application until Apple releases an update and it’s verified as a fix for the issue.

It appears this is a verified issue per discussions on the Apple Support site. Attempting to use a different browser such as Chrome does not succeed as a work-around, as the Mail application interacts directly with Safari in this process.

Apple Mail can also exhibit other intermittent issues for some users, such as not showing a message as replied-to where a user had just replied. If you are noticing any odd issues such as this, restart your Mail application.

You can read more about the Mail/Gmail 10.14.4 issue here. As always, if you need assistance, we’re here to help!

Facebook stored users’ passwords in unsecure manner

User holding iPhone with Facebook, Snapchat, Instagram, Twitter, Chrome, Gmail, Spotify, Facebook Messenger application icons displayed

Facebook stored passwords for hundreds of millions of users, exposing them for years to any person who had internal access to these password files. Passwords are usually encrypted, but errors led to some 200 million to 600 millions passwords being exposed. Passwords that were affected were for Facebook, Facebook Lite and Instagram. More information can be found here.

This is a good reminder of the importance of:

  • Changing passwords often, while making them not easily guessable
  • Using 2fa (Two Factor Authorization) applications on your mobile phone, such as Authy
  • Configuring Facebook to send you alerts in the event an unauthorized computer or mobile device logs into your account
  • Using Facebook to audit your account to see what devices are currently logged into your account, to determine if there are any that may look suspicious

If you’d like assistance with setting up any of these items, or have questions, let us know!

Web browser Firefox can now block auto-play videos

Apple MacBook Pro displaying browser while sitting on a desk

The latest version of the Mozilla browser Firefox can now block auto-play videos with sound. Chrome has previously introduced this ability, but Firefox’s has the ability to block more videos in a more user-friendly manner of setup. It can also be configured to exclude only certain sites, and include others. More can be read here.

Features such as this are good for those on limited download plans. If you’d like assistance with configuring this feature, just let us know!

Google urges Chrome users to upgrade to latest version

MacBook Pro with Google website displayed

Due to a security vulnerability, Google is urging users of their Chrome web browser to update to the latest version. As the article mentions in the first link below, Chrome updates are usually automatically performed.

To see the current version of Chrome on a Mac, you can access the Chrome menu in the top left while in the browser and choose “About Google Chrome”. The second of two links below explains how to check if on a Windows-based PC.

This is another example of ensuring that your software is kept up to date.

https://www.pcmag.com/news/367015/stop-what-youre-doing-and-update-google-chrome

https://www.pcmag.com/feature/364079/how-to-update-google-chrome/2

Apple Watch provides potentially life-saving benefits

Doctor in lab coat with stethoscope writing on medical chart in clipboard

The Apple Watch can provide monitoring of various health markers, during rest, exercise and even sleep. This can provide various clues to potential health issues.

As the below linked article indicates, this is exactly what the Watch provided. An “Apple Watch user in Washington has credited his Apple Watch with alerting him that his atrial fibrillation had returned.” Because of this history of health markers that the Watch provided, his doctor was then able to put him on blood thinners to prevent a possible stroke.