Posted on

31 simple tips to protect you from fraud

If you’ve just been offered a generous amount of money over email by an anonymous person half-way across the world or have been asked to furnish your bank account details and passwords, chances are someone’s trying to take you for a ride. Let’s take a look at some simple ways by which you can protect yourself against online fraud.

Sign your card after receiving

Sign the back of your credit or debit cards after you receive them from your bank. Doing this will help ascertain whether the card any merchants return is the one you gave them since card duplication is a common method of identity theft.

Play online games carefully

Don’t give crucial information related to your identity impulsively when prompted by games and memes.

Update your mailing address

While moving places, contact your financial institutions, tax authorities and credit reporting agencies, and keep them updated with all information about your current location. Scammers use outdated personal information to sneak into your accounts.

Online shopping

Always use a trusted merchant while shopping online and make sure your every purchase is secured with encryption, which protects your account information. To ensure that the transaction is secure, check that the web address starts with https://.

Use the block option

If you suspect someone suspicious is trying to contact you, block them or add them to your spam list.

Don’t share bank details

Never share your bank details with anyone. Your bank will never ask you for your account number, PIN or password over email.

Invest in a good anti-virus

Use trusted anti-virus and anti-malware software to protect your computer, phones and tablets. Make sure you check regularly for software updates.

Avoid public computers for bank logins

Avoid accessing your bank accounts from a public or office computer. If you can’t avoid it, make sure to do it in private and log out from the pages after you’re done.

Spread awareness

If you’ve been tricked online, share your experiences with family members, especially vulnerable ones like young people and the elderly.

Check credit reports annually

Review your credit reports at least once a year to ensure that no one is committing identity fraud under your name, such as applying for a loan, etc. Such activities are not reflected in your monthly card statements

Checkbook

Don’t carry your checkbook everywhere. Keep it with you only when you need it.

Use multiple passwords

Never keep the same passwords for online accounts such as emails, bank logins and social media accounts. Also, don’t use your date of birth or address as passwords. Such obvious details make weaker passwords which could be easily decoded. Use password managers like LastPass that keeps track of your passwords.

ATM PIN

Memorize your ATM PIN and never write it anywhere, especially on your card.

Be careful while storing online

Although storing information online or on a shared drive can free up device memory, never use such methods to store financial details such as bank IDs and passwords or personal photographs.

Manage your credit cards

Call your bank and cancel credit cards you don’t use any longer. Destroy old cards immediately after you get a new card.

Public Wi-Fi hotspots may not be what they seem

Scammers can imitate trusted names of Wi-Fi connections, so keep aside online banking tasks while using public Wi-Fi hotspots.

Download apps from reliable source

Always download a banking app from a reliable source, as it requires you to enter a lot of your confidential information.

Delete after reading

Delete all bank-related messages after reading as these carry significant confidential information about your finances

Social security number

Don’t provide your social security number unless it’s absolutely necessary.

Keep your phones password-protected

Keep a pass-code for your phones or tablets to prevent access without your permission. Also, never store your banking details on your mobile phone.

Don’t trust anyone easily

Never share your bank details or credit card information with any random salesperson over the phone.

Say no to unknown links and attachments

Beware of any suspicious link that promises to make you rich instantly, reveals classified information or is pornographic in nature. Never open attachments you don’t trust as these may infect your computer with malware.

Examine monthly statements closely

Check monthly mails containing bank and card statements for suspicious transactions. Inform your bank immediately if you spot one.

Avoid revealing personal details on social media

Avoid putting unnecessary information on your social media accounts, such as your mother’s maiden name, phone numbers or pet’s name. These help hackers break into your bank accounts.

QR codes can be fraudulent, too

Treat QR Codes as you would suspicious links: all they are is a graphical way of sending you to a website.

Treat receipts with respect

Your transaction receipts may reveal a lot more than you think. Keep them safely stacked or dispose of them securely.

Know your billing cycle

Always keep track of your billing and statement cycles and know when you’re due for a payment. Staying up-to-date with all the information will help you spot suspicious transactions faster.

Keep copies of all your cards and documents

Always keep photocopies of your financial documents and cards in a safe place, in case the originals get lost or stolen. You could use them by the time the replacements arrive.

E-bills make sense

Subscribe for e-bills. It will save you the hassles of storing hard copies which, if handled carelessly, may fall into the wrong hands.

Don’t save card details on shopping websites

It may not be convenient to punch in your card details every time you shop online, but really it’s a small price to pay considering it can save your card from being misused.

Be quick to report

A loss or theft of credit cards and other important documents should be taken very seriously. Don’t wait: inform the required authorities immediately.

Posted on

Some Galaxy Note 8 owners have reported battery charging issues

Some Galaxy Note 8 owners have been reporting that they couldn’t charge or turn on their handsets after the batteries ran dry — a problem that plagues other phones as well. While Samsung reps have been trying to address individual issues, a company spokesperson told Engadget that it has received “a very limited number of reports which could be associated with the power management circuit.”

This issue does appear to be confined to a relatively small number of users, and thankfully doesn’t appear to be safety-related. It seems more likely to do with power management — specifically that a small amount of energy needs to remain in the phone to help kickstart charging control. It’s an issue that plagues some other phones as well.

Samsung reps have been advising affected users to get warranty replacements for their Note 8s, but those who don’t want to hand over their phones or aren’t covered by warranty can try something called stack charging. By plugging your charger in and out of your phone for 10 to 15 seconds at a time about 30 seconds apart, you could generate enough energy after about 20 minutes or 100 attempts to get your phone going again.

Of course, that is quite a tiresome task, and its safety and effectiveness isn’t guaranteed, but it could save you a trip to the store. Meanwhile, if you’re a Galaxy Note 8 (or S8 Plus) owner, it’s probably a good idea not to let your phone run out of juice.

According to the Samsung spokesperson, “we are unable to comment further until we obtain more specific information from the phone. Any consumers with questions about their device should contact us directly at 1-800-SAMSUNG so that we can help them.”

Posted on

Imgur hackers stole 1.7 million email addresses and passwords

Image-hosting website Imgur discovered at the end of last week that hackers broke into its systems in 2014, and stole the account details of some 1.7 million registered users.

Imgur found out about the historic hack when HaveIBeenPwned‘s Troy Hunt contacted the company on Thursday 23 November, which was a national Thanksgiving holiday in the United States.

  • On November 23, Imgur was notified of a potential security breach that occurred in 2014 that affected the email addresses and passwords of 1.7 million user accounts. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.

Despite the festivities, Imgur quickly responded to Hunt’s message, confirmed that the data did indeed include the login credentials of users, and the following day began the process of resetting affected users’ passwords.

In a blog post, Imgur confirmed that it had been breached and that email addresses and passwords had been exposed. The site doesn’t ask its users for any additional personal information, so that fortunately was certain not to have been at risk.

At the time of writing Imgur is still investigating how hackers might have been able to breach is security systems.

Imgur did confirm, however, that (at the apparent time of the breach in 2014) it was scrambling passwords with the SHA-256 algorithm – which in recent years has fallen from favour. Imgur says that in 2016 it switched over to the stronger bcrypt hashing algorithm.

Whether you are a registered user of Imgur or not, it has become all too obvious in recent years that it is essential that no-one should use the same password for multiple online services. Reusing passwords is a recipe for disaster – opening opportunities to exploit shared credentials to break into other parts of your online life with a view to stealing identities, personal information, or simply making mischief.

Although in an ideal world Imgur would never have been hacked in the first place, I believe that the company should be commended on two counts.

Firstly, Imgur didn’t ask users when they created accounts to enter any extraneous unnecessary information – such as real names, dates of birth, addresses, or phone numbers that could have made this breach much more damaging to its victims. There’s a great deal to be said for companies limiting the amount of information that they ask from their users – the less they store about you, the less they can lose.

Secondly, Imgur’s response to being notified about the breach is excellent. Despite it being the Thanksgiving holiday in America they responded to the report of the data breach and immediately began work protecting accounts, and offered sensible advice on what affected users should do next.

Posted on

Shipping giant refuses to pay hackers ransom after data stolen

Clarksons, the global shipping firm, has turned the tables on criminal hackers who attempted to extort a ransom payment after stealing confidential information from the company’s network.

The business, which is thought to have suffered a breach at the hand of hackers earlier this month, has warned that the hackers may release some of the stolen data – but that it refuses to give in to blackmail.

Details of the quantity and precise nature of the stolen data have not been made public by Clarksons, but in a statement (PDF), the FTSE 250 company apologised to clients, shareholders, and staff for any concern that the breach may cause them – and said that it was in the process of contacting affected individuals and clients directly.

According to the statement, Clarksons at present believes that the hacker gained unauthorised access to its computer network after compromising the account of a “single and isolated user.” That account has now been disabled by the firm, and “additional security measures” have been put in place to prevent similar attacks in future.

The description of the means by which a hacker or group of hackers gained access to Clarksons’ systems makes me think that the attack may not have exploited a software vulnerability, but rather that a legitimate account holder had login credentials compromised.

The all-important username and passwords that protect so many sensitive accounts are no defence at all if a user has made the mistake of reusing passwords in multiple places, choosing an easy-to-crack or easy-to-guess password, or is duped into falling for a phishing attack or installing keylogging malware.

That’s one of the reasons why more and more companies are waking up to the importance of incorporating additional levels of authentication (such as two-step verification) and IP lookups to reduce the likelihood of malicious logins.

Clarksons says it has, quite rightly, informed the police about the attack, and is accelerating the roll-out of additional security measures. Furthermore, Andi Case, CEO of Clarksons, shares some admirable sentiments:

Posted on

Microsoft just made the ultimate mouse

The mouse’s scroll wheel can switch between fast scrolling and moving up or down line by line.

Microsoft has been making mice since 1983.

It’s taken three and a half decades, but Microsoft has finally made the ultimate mouse.

The Bluetooth-enabled Surface Precision Mouse, which Microsoft revealed in October alongside the second generation of its high-end Surface Book convertible laptop, is very comfortable while still looking elegant. It’s got six customizable buttons, a rechargeable battery, a thumb rest, and a scroll wheel that can be switched from smooth and fast vertical scrolling to granular line-by-line scrolling. And you can use it with up to three PCs at the same time.

In other words, it’s just right — even if it does run on the expensive side at $100. Mice from Logitech and Razer have boasted some of its features, but none has felt this natural.

While Amazon, Apple and Google are busy refining smart speakers that house their respective virtual assistants, Microsoft in recent years has focused on getting more traditional hardware right. The Surface Studio all-in-one desktop PC is an engineering marvel. The Surface tablet has spawned countless imitations. And the latest Xbox is the world’s most powerful console. Office and Windows certainly bring Microsoft more revenue than Surface and Xbox products, but at the same time, the company has visibly raised its hardware standards under the leadership of Satya Nadella.

In years past, certain Microsoft mice have had shortcomings. The Intellimouse, which debuted in 1996, was corded or required an unwieldy wireless receiver for the better part of a decade. The Natural Wireless Laser Mouse 6000, which arrived in 2006, was said to have strangely placed buttons. The Explorer Mini Mouse, which showed up in 2008, had no off switch. The Arc Touch Mouse, which debuted in 2010, could lie flat but was an ergonomic mess.

The Surface Precision Mouse has none of these drawbacks.

What it does have is a sliver of a button tucked behind the scroll wheel that makes a pleasant clunking sound when pushed. It immediately becomes obvious what role this button serves when you glide your finger on the scroll wheel. With the push of the little button, you can switch between very speedy scrolling or something a lot more precise, which can come in handy when exploring long files and websites. Scrolling in fast mode is strangely satisfying. It’s like gliding your finger along a stack of fresh printer paper.

If you have a Mac, you won’t be able to customize the buttons, but if you’re running Windows — with the exception of the new Windows 10 S — you’ll be able to tweak their functions with the Microsoft Mouse and Keyboard Center software. The battery inside the mouse can’t be removed, but Microsoft says a single charge will last for up to three months, and you can recharge the battery with an included micro-USB cable. Unlike Apple’s Magic Mouse, the port is at the front end of the mouse, so you’ll still be able to use it while it’s charging.

Do you need a mouse like this if you have one that works perfectly well? Of course not. But this is a mouse I love to use. And if you sit in front of the computer every day like me, then you might just come to love it, too.

Posted on

FBI, DHS Issue Warning On North Korea-Linked Malware

The FBI and the DHS issued a joint warning on the “Volgmer” Trojan malware, which has been infecting multiple organizations across industries over the past few years. The FBI has “high confidence” that the IPs linked to Volgmer belong to North Korea.

Volgmer Trojan

The FBI said that the Volgmer malware has been noticed in the wild since 2013 and has targeted government, financial, automotive, and media industries. The primary delivery mechanism for the malware seems to be spear phishing, a type of phishing attack in which a specific individual or organization is targeted. Through it, the attackers can gain higher privileges inside the network and then further infect the network with their malware.

The Volgmer backdoor is capable of gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. The US-CERT Code Analysis Team also observed in one of the malware samples that Volgmer has botnet controller functionality, too.

According to the government agencies inspecting this malware, Volgmer has been seen in 32-bit executable form, as well as a dynamic-link library (.dll). The malware uses a custom protocol, often with RC4 encryption, to send back data to the command and control (C2) servers. Volgmer maintains persistence by randomly selecting a Windows service in which it can copy itself.

Mitigations

The FBI and the DHS recommend that organizations take a look at the Volgmer-linked IPs and analysis. If they find those IPs connecting to their networks, the companies should take measures to block them and then look for the malware and remove it.

The government agencies have also prepared a list of host-based rules and network signatures that companies can use to detect malware activity related to North Korea. They warned that despite the careful selection of those rules and signatures, some false positives may exist.

The DHS also recommended that organizations implement security best practices, such as:

The agencies would also like to remind companies that a successful network intrusion can lead to loss of sensitive and proprietary information, disruption to regular operations, and financial and reputation losses.

Posted on

US Government Details Procedure In Revealing Security Vulnerabilities

The U.S. government has detailed the guidelines it follows on revealing security flaws to companies.

Unveiled in its Vulnerabilities Equities Policy, the White House delved into the specific set of rules it follows while working alongside various government agencies, such as the National Security Agency (NSA) and the Department of Homeland Security.

The VEP Charter touches on how the federal government handles the process that determines whether they should inform a company about a cyber security flaw found in its service or product. But the document also mentions how they may also withhold showing the vulnerability so it can be used for “operational or intelligence-gathering purposes”.

In a blog post, White House cybersecurity coordinator Rob Joyce stressed the importance of transparency, with the release of the once-private rules being “important to establish confidence” in the government’s decision-making process.

A flow chart in the charter details how the board starts the process with analyzing how dangerous the security flaw is, as well looking at the amount of potential damage that could be caused and how easy it is for the vulnerability to be exploited by hackers.

The agencies will also consider using the vulnerability for their own benefit, as well as assessing the risks involved with how the U.S.’s relationship with other countries and companies will be affected should it be revealed that the government had knowledge of the security defect.

The review occurs in the space of five days but is expedited if attacks because of vulnerability are already being used. The board then must come to a consensus on whether to reveal the security flaw to the company or not. Should the board decide to disclose the vulnerability, it must alert the company in seven business days. However, if the powers that be determine that the discovered flaw should be kept a secret, the board will annually review it until they have a change of heart or it becomes known to the public.

The government has been criticized for keeping security exploits it’s discovered a secret from an affected company. For example, a vulnerability that was being exploited by the NSA led to the WannaCry/WannaCrypt ransomware global outbreak, prompting Microsoft to condemn the government’s insistence in keeping certain security flaws to itself.

Posted on

How To Fix Windows 10 Unsupported Disk Layout UEFI Error

A common problem that Windows users have encountered when trying to update Windows 10 is the “Unsupported Disk Layout for UEFI Firmware” error. This error basically means that the partition structure of your hard drive is not supported by the version of Windows 10 that you want to upgrade to.

This error can be resolved by creating a Microsoft Reserved Partition (MSR), which is used on Unified Extensible Firmware Interface (UEFI)/GUID Partition Table (GPT) disks. Without getting too technical, we will outline the steps to fix this error when attempting to update.

1. Run Command Prompt as Administrator

Go to Start -> Windows System. Expand Windows System and right click on Command Prompt ->More -> Run as administrator. This will open the Command Prompt in administrator mode. You can now begin to type in the commands that follow.

2. Run Diskpart.exe and Create the MSR Partition

a. Open Diskpart.exe by simply typing diskpart and Enter.

b. Type list disk. After doing this you will see all of your disks listed. If there is a * marked under GPT then your system is using the GPT partition structure, and you can proceed to the following steps. If not, then your hard drive will need to be converted to the GPT format, and you’ll need to perform a clean install of Windows 10.

c. Now execute the following commands in sequence:
• select disk # (where # is the actual disk number as displayed in list disk in step b)
• List partition – This will display all partitions on the selected disk
• create partition msr size=128 – This command will create a 128MB partition (a size recommended by Microsoft)
• list partition – Verify that that the partition was created
• exit – Leave diskpart.exe and close command prompt.

3. Try the Windows 10 Upgrade Again

You can now try to upgrade your system again. If for some reason you were not able to successfully complete the steps above, or you are still receiving the same error, then it’s better to back up all your data and do a fresh install and let the Windows installation format your disk to the recommended GPT format.

Posted on

Apple Releases iOS 11.1.2 Update: What Features Are Included?

Today Apple released iOS 11.1.2 for the iPhone, iPad and iPod touch. Apple did not release any iOS 11.1.2 betas to developers or the public before it was rolled out today. As iOS 11.1.2 is a minor point release, Apple did not add any major features in this update.

Apple is currently in the process of testing iOS 11.2 in beta, which is expected to support Apple Pay Cash and SiriKit for the HomePod with limited third-party developer support. iOS 11.1.2 is the sixth update to iOS 11 following iOS 11.0.1, iOS 11.0.2, iOS 11.0.3, iOS 11.1 and iOS 11.1.1. And this version of iOS is specifically a minor point update for the iOS 11.1 iteration with a couple of bug fixes.

iOS 11.1.1 contained a fix for the keyboard auto-correct problem that caused the letter “i” to be converted to an “a” with a question mark symbol next to it and a fix for a problem that caused “Hey Siri” to stop working.

iOS 11.1 included over 70 new emoji and it brought back the 3D multitasking gesture. iOS 11.1 also included bug fixes where Live Photo effects played back slowly and a problem that caused Mail notifications to reappear on the Lock screen.

iOS 11.0.3 fixed a bug that caused the audio and haptic feedback to become dysfunctional on a number of iPhone 7 and iPhone 7 Plus devices. And iOS 11.0.3 also fixed an issue that caused the touch input to become unresponsive on some iPhone 6s displays that were not serviced with genuine Apple parts.

iOS 11.0.2 contained fixes for bugs that caused crackling noises in the iPhone 8 earpiece, a bug that caused attachments in S/MIME encrypted emails to not be able to open and a bug that prevented photos from appearing on certain devices.

iOS 11.0.1 fixed a bug that caused synchronization issues in Outlook.com, Office 365 and Exchange Server 2016 running on Windows Server 2016 in Apple Mail. And it also had performance improvements for iMessage app Drawer, Springboard, and App Explorer.

The big iOS 11 release was on September 19th and it brought many new features. The new features in iOS 11 included Do Not Disturb While Driving, the new Files app, document scanning in the Notes app, the app drawer in the Messages app, a customizable Control Center, indoor airport and mall maps, lane guidance in the Maps app, Live Photos editing and new iPad multitasking tools.

In the release notes, Apple said that iOS 11.1.2 fixes two issues. The first issue that iOS 11.1.2 fixes is a bug that causes the iPhone X screen to become temporarily unresponsive to touch after a rapid decrease in temperature. And the second issue that iOS 11.1.2 fixes is a bug that causes distortion in Live Photos and videos captured with the iPhone X.

Apple confirmed the iPhone X temperature problem about a week ago and said that the issue would be “addressed in an upcoming software update.” I am impressed with that kind of turnaround time.

Posted on

FCC vote could force low-income households offline

Bootstrapping yourself out of poverty via the internet is about to get a lot harder in the US. The FCC, led by industry-friendly chairman Ajit Pai, has voted along party lines to reform the low-income Lifeline broadband subsidy program. Among the most contentious items are a proposal to tighten eligibility requirements and cap spending, and another to halt subsidies through internet resellers like Windstream. If voted through, the latter proposal could force over 70 percent of Lifeline enrollees to seek a new provider, and many would have no option at all.

Lifeline gives low-income households a $9.25 monthly credit towards discounted home internet service from 900 participating companies. Until last year, that could only be applied to landline and mobile voice service, but former FCC Chairman Tom Wheeler expanded the program to broadband early last year. However, Pai scrapped an FCC directive that came at the end of Wheeler’s tenure that allowed nine new companies to participate, and promised more cost-cutting reforms, supposedly to close the digital divide.

Some of the reforms are still in the proposal stages, but the FCC issued an order yesterday that directly affects Tribal land residents. Those folks used to receive a $25 monthly subsidy on top of the $9.25 discount, but in 90 days, they’ll no longer be able to obtain the $25 subsidy through resellers. That will give many Native Americans far fewer options for mobile internet. “This will be a travesty to Indian Country because it will turn back the clock to times when consumers had but one choice,” Joe Redcloud from the South Dakota Sioux Tribe told the Washington Post.

Another proposal suggests that the FCC eliminate Lifeline subsidies across the US through carriers that don’t operate their own networks, but resell services from AT&T, Verizon and other companies. Advocacy group Public Knowledge says that 70 percent of Lifeline subscribers use such resellers, so they would be forced to use AT&T, T-Mobile and other direct providers.

This is not real reform. This is cruelty. It is at odds with our
statutory duty. It will do little more than consign too many
communities to the wrong side of the digital divide.

However, those carriers are often more expensive than resellers, so switching could eliminate much of the $9.25 Lifeline benefit. In some instances, low-income users wouldn’t have any option at all. “In many states, facilities-based providers have opted out of offering Lifeline-supported service altogether and prefer to allow non-facilities-based wireless providers to serve Lifeline subscribers and the low-income segments of the wireless market,” Public Knowledge wrote.

Finally, the FCC is looking at a cap that could drastically reduce the Lifeline budget and institute more rigorous checks. “The reforms that we implement and propose today seek to … curtail the waste, fraud and abuse that continue to plague the Lifeline program,” Pai said ahead of the vote. That includes forcing subscribers — many of whom have their broadband bill entirely paid by Lifeline — into co-paying part of their bill.

That could effectively cut off a lot of the most needy Lifeline recipients from the internet altogether. “The co-pay requirement would create significant attrition in the program since most subscribers are on plans that provide no-cost service, and many Lifeline subscribers lack bank accounts and access to basic financial services,” Public Knowledge said.

The advocacy group notes that there is no support for the FCC’s plan in the 50-plus dockets filed since the proposal was issued. Meanwhile, dozens of others from veterans, seniors, Tribes, and even the wireless industry have urged it not to implement the proposed items. Commissioner Jessica Rosenworcel, who voted against the bill, put it succinctly. “This is not real reform. This is cruelty,” she said. “It is at odds with our statutory duty. It will do little more than consign too many communities to the wrong side of the digital divide.”