Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Much like phishing and spear-phishing, VISHING is the latest online scam designed to steal your logins. Only VISHING uses voicemail to do it, according to the FBI and the Cyber Security Agency (CISA). They are targeted attacks on employees of corporations using voicemail to get users working at home to call back and then use social engineering to steal VPN credentials. Check out Brian Krebs' article here.
Paul wonders if 2-factor authentication with SMS Messaging is all that secure. He uses 2FA using a voice call system. Is that secure? Leo says that 2 Factor is the most secure way to protect your data. But there are various ways to get it. Text message is the easiest, and it's better than nothing, but an authenticator like Authy or a hardware authenticator is far more secure. Ubikey is the most secure. An app authenticator, like Authy or Google Authenticator, would be the next most secure. Text messaging is the least secure because of SIM jacking.
Matt's mom got bit by a remote access scam and he's gotta clean up her computer to make sure it's secure. Leo says it's a common scam designed to get one to launching the "event launcher" which will show "red x's", which Leo says are perfectly normal. But if she doesn't know that, it'll make her think there's something wrong with her computer. But there isn't. Then they'll try and get her to give them a credit card to pay to fix it remotely. That gives them her credit card. Once that's done, they'll tell her they need remote access.
Randy's credit cards and bank cards have been hacked and stolen. He uses different companies. Did they steal his card numbers because of shopping online? Leo says to look at the common thread. Leo says to look at the common thread. Someone clearly got to where Randy keeps all those numbers stored. So they may have hacked into his Amazon account or his Google account. Make sure those numbers are blocked. The good news is, that his credit card companies will be monitoring it and will warn him. They will then lock the card and reissue them.
Bart uses Piriform CCleaner. Leo says that there's a new warning out to avoid CCleaner. Leo says that Microsoft Defender is flagging CCleaner has unwanted software because it includes other apps as part of the download. None of which Leo recommends. It's always best to avoid software that comes with a separate installer that ads other apps you don't want. CCleaner has addressed that issue to make sure it's no longer flagged.
Jim has a solution for remembering passwords. He uses a date mixed with his name and an @ symbol. Leo says that's easy enough for a hacker to remember, and anything that makes a password not random makes it easier to break. And hackers are very adept at breaking personal generated passwords. That's why Leo uses a randomly generated and long password using his password manager. But even your OS will do it. It's much better to let the computer do it, and remember it. If you can remember it, it's easy to break.
Georgia wants to know how safe online banking is. Leo says it's very safe now, and you don't need to worry about having your bank account compromised. Nor do you have to have a separate computer dedicated to banking. All websites now are encrypted by design. Google began requiring that last year. Just be safe with your online behavior. Don't click on links, open attachments, or reply to emails from a bank. They will never contact you.
Norsk-Hydro, a huge international conglomerate was hit with ransomware, costing the company $60 million. The malware came from an innocent email that had been intercepted and altered to include malware that infected the network when opened. Encrypting all data. The malware infected the company in December but wasn't triggered until March. Norsk-Hydro had a cyber insurance policy that consistently tests the network, but they were infected anyway. The company decided not to pay and relied on backups to restore their network. But the damage had been done as the network was down for weeks.
Dan wants to encrypt all his data, so nobody can ever see it once he's gone. He already uses VeriCrypt and BitLocker. But he also has DVDs with image files and he wants to encrypt them. ISOs? Leo says that Dan can create ISOs of his DVD data. You import the data onto your hard drive and then destroy the DVD. Then you can encrypt the files using VeriCrypt or BitLocker the hard drive.
Joe got an email from Facebook saying his password has been changed. He changed it and turned on 2-factor authentication, but the password keeps getting changed back. Leo says that's a scary thought and he probably got bit by a phishing scam and that Facebook didn't send him an email at all. Leo says if it was legit, the first thing the hacker would do is change the email notification.