Home + Mobile

Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software which will give them access to said passwords and bank information as well as giving them control over your computer.

Cybercriminals use social engineering tactics because it is often easier to exploit your natural inclination to trust than it is to discover ways to hack your software.  For example, it is much easier to fool someone into giving away their password than it is to hack their password (unless the password is really weak).

Security is all about knowing who and what to trust – Knowing when and when not to take a person at their word, when to trust that the person you are communicating with is indeed the person you think you are communicating with, when to trust that a website is or isn’t legitimate or when to trust that the person on the phone is or isn’t legitimate, and knowing when providing your information is or isn’t a good idea.

Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. Hypothetically speaking, it doesn’t matter how many locks and deadbolts are on your doors and windows, or how many alarm systems, floodlights, fences with barbed wire, and armed security personnel you have; if you trust the person at the gate who says he is the pizza delivery guy and you let him in without first checking to see if he is legitimate, you are completely exposed to whatever risk he represents.

Common social engineering attacks

Email from a ‘friend’ – If a cybercriminal manages to hack or socially engineer a person’s email password, they have access to that person’s contact list, too. And because many people use one password everywhere, they probably have access to that person’s social networks, banking accounts, and other personal accounts.

Once the criminal has that email account under their control, they send emails to all the person’s contacts or leave messages on all their friend’s social pages, and possibly on the pages of the person’s friend’s friends as well.

These messages may use your trust and curiosity. For example, they may:

• Contain a link that you just have to check out–and because the link comes from a friend and you’re curious, you’ll trust the link and click–and as a result, be infected with malware so the criminal can take over your machine and collect your contacts’ info and deceive them like they just deceived you.
• Contain a download such as pictures, music, movies, documents, etc., that has malicious software embedded. If you download–which you are likely to do since you think it is from your friend–you become infected. Now, the criminal may have access to your machine, email account, social networks and contacts, and the attack spreads to everyone you know. And on, and on.

These messages may create a compelling story or pretext:

• Urgently ask for your help–your ‘friend’ is stuck in country X, has been robbed, beaten, and is in the hospital. They need you to send money so they can get home, but in reality, they give you instructions on how to send the money to the cybercriminal.
• Ask you to donate to their charitable fundraiser, or some other cause, which is of course a front. Really, they’re again providing you with instructions on how to send the money to the cybercriminal.

Phishing attempts. Typically, a phisher sends an e-mail, instant message, comment, or text message that appears to come from a legitimate (and typically popular) company, bank, school, or institution.

These messages usually have a scenario or tell a story:

• The message may explain there is a problem that requires you to “verify” your information by clicking on the displayed link and provide information in their form. The link location may look very legitimate with all the right logos and content (in fact, the criminals may have copied the exact format and content of the legitimate site). Because everything looks legitimate, you trust the email and the phony site and provide whatever information the crook is asking for. These types of phishing scams often include a warning of what will happen if you fail to act soon, because criminals know that if they can get you to act before you think, you’re more likely to fall for their phishing attempt.
• The message may notify you that you’re a ‘winner’. Perhaps the email claims to be from a lottery, or a dead relative, or a site claiming that you’re the millionth person to click, etc. In order to claim your ‘winnings’, you have to provide information, such as your bank routing number, so they know how to send it to you, or give your address and phone number so they can send the prize, and you may also be asked to prove who you are often being asked to provide your Social Security Number. These are the ‘greed phishes’ where even if the story pretext is thin, people want what is offered and fall for it by giving away their information, then having their bank account emptied and identity stolen.
• The message may ask for help.  Preying on kindness and generosity, these phishing attacks ask for aid or support for whatever disaster, political campaign, or charity is trending at the moment.

Baiting scenarios. These socially engineering schemes know that if you dangle something people want, many people will take the bait. These schemes are often found on Peer-to-Peer sites offering a download of something like a hot new movie or music album. But these schemes can also be found on social networking sites, malicious websites you find through search results, and so on.

Alternatively, the scheme may show up as an amazingly great deal on classified sites, auction sites, etc.. To allay your suspicion, you can see the seller has a good rating (all planned and crafted ahead of time).

People who take the bait may be infected with malicious software that can generate any number of new exploits against them and their contacts, may lose their money without receiving their purchased item, and, if they were foolish enough to pay with a check, may find their bank account empty.

Response to a question you never had. Criminals may pretend to be responding to your ‘request for help’ from a company while also offering additional help. They pick companies that millions of people use like a large software company or bank.  If you don’t use the product or service, you will ignore the email, phone call, or message, but if you do happen to use the service, there is a good chance you will respond because you may actually need help with a problem.

For example, even though you know you didn’t originally ask a question, you may have a problem with your computer’s operating system (such as slow-downs) and you seize on this opportunity to get it fixed, for ‘free’ no less. The moment you respond, however, you have bought the crook’s story, given them your trust and opened yourself up for exploitation.

The representative, who is actually a cybercriminal, will need to ‘authenticate you’, have you log into ‘their system’ or, have you log into your computer and either give them remote access to your computer so they can ‘fix’ it for you, or tell you the commands so you can ‘fix’ it yourself with their ‘help’. In actuality, some of the commands they tell you to enter will open a way for the criminal to get back into your computer later.

Creating distrust. Some social engineering is all about creating distrust, or starting conflicts; these are often carried out by people you know and who are angry with you, but it is also done by nasty people just trying to wreak havoc, people who want to first create distrust in your mind about others so they can then step in as a ‘hero’ and gain your trust, or by extortionists who want to manipulate information and then threaten you with disclosure.

This form of social engineering often begins by gaining access to an email account or other communication account on an IM client, social network, chat, forum, etc. They accomplish this either by hacking, social engineering, or simply guessing really weak passwords.

• The malicious person may then alter sensitive or private communications (including images and audio) by using basic editing techniques and forward these to other people to create drama, distrust, embarrassment, etc.  They may make it look like it was accidentally sent, or appear like they are letting you know what is ‘really’ going on.
• Alternatively, they may use the altered material to extort money either from the person they hacked, or from the supposed recipient.

There are literally thousands of variations to social engineering attacks. The only limit to the number of ways a cybercriminal can socially engineer users through this kind of exploit is the their imagination.  And you may experience multiple forms of exploits in a single attack.  Afterwards, the criminal is likely to sell your information to others so they too can run their exploits against you, your friends, your friends’ friends, and so on, as cybercrooks like to leverage people’s misplaced trust.

Don’t become a victim

• Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics, be skeptical and never let their urgency influence your careful review.
• Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site. You can also find their  real support phone number listed on the site.
• Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
• Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. Furthermore, if you did not specifically request assistance from the sender, consider any offer to ‘help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
• Don’t let an email link control dictate where you land. Stay in control by finding the website yourself by using a search engine to be sure you land where you intended to. Hovering over links in an email will show the actual URL at the bottom, but a good fake can still steer you wrong.

Curiosity leads to careless clicking–if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email as it is easy for a scammer to pretend you’re talking to a bank teller, a support agent, etc.

• Secure your computing devices. Install an effective anti-virus solution that can keep up with ever-evolving threats. Make sure to keep your OS and browsers updated, and if your smartphone doesn’t automatically update, make sure to manually update it whenever you receive a notice to do so.
• Email hijacking is rampant. Hackers, spammers, and social engineers gaining access to people’s emails (and other personal accounts) has become commonplace. Once they control someone’s email account, they prey on the trust of all that person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment, be sure to check with your friend before opening links or downloading. Even then, the legitimacy of the links isn’t guaranteed, which is why it’s critical to be using anti-virus software.
• Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
• Foreign offers are fake. If you receive email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money, it is guaranteed to be a scam.
• Set your spam filters to high. Every email program has spam filters. To find yours, look under your settings options, and set these to the highest setting; just remember to check your spam folder periodically to see if legitimate email has been accidentally trapped there. You can also search for a step-by-step guide to setting your spam filters by searching on the name of your email provider plus the phrase ‘spam filters’.

With the sheer amount of available pornographic images of child abuse – often called child porn – available online, it may seem that there is little you can do to protect your children, or yourself, from this type of content. This isn’t true.

Here are eight key tools and tactics to eliminate – or significantly reduce – the risks of you or your child coming across pornographic material.

Eight tools to help block internet pornography

1. Set your search engine to “safe search” mode: Google users can visit the ‘Google Safety Center‘ to adjust the settings, while Bing users can change preferences in the Bing Account Settings. If you use another search engine, it’s usually straight-forward to access the equivalent settings for that specific search engine.  Also, if you child uses YouTube, be sure you have set the “safe” mode on that platform as well.
2. Use the family safety tools provided by your computer’s/other device’s operating system: Windows and Mac operating systems provide family safety settings. Many mobile device manufacturers also provide a wide variety of safety settings within their mobile devices.
3. Use family safety tool services: Sometimes called parental controls, these tools allow you to set specific filters to block types of content you find inappropriate. This isn’t just something to apply to youth; plenty of adults prefer to filter out pornographic and other types of content like ‘hate’ and ‘violence’.  The appropriateness of some types of content will change as children mature; other types of content may always be unacceptable. To find the tools that best fit your family’s needs, search for parental-control or family-safety-tool reviews. Keep in mind that these tools need to be installed on every device your child uses to go online: game consoles, smartphones, tablets, personal laptops and computers. Some services have coverage for all types of devices, others are limited to just computers or phones. You may find that using a single solution on all devices makes your monitoring much easier.
4. Periodically look at your children’s browser history. There are a number of phrases youth use to get around pornography filters – like “breast feeding” and “childbirth” – and some fast-changing slang terms that filters may not have caught up with like “walking the dog,” which is a slang term for sex. If you see odd search terms, give the sites a quick look.
5. Have your children restrict access to their social networking sites to only known friends, and keep their sites private. A great deal of pornography is shared among private albums on social networking sites.
6. Scan the photos on your child’s smartphone/mobile device time-to-time. While the youngest kids aren’t ‘sexting’, by the time they’ve hit their ‘tweens’, there’s a chance that they have begun participating in this type of behavior. Let your children know that you plan to sit down with them and go through the pictures they have stored on their phone.
7. Review the applications your child has downloaded to their phone or tablet. Mobile content filters may not catch all the potentially inappropriate apps.
8. You are your strongest tool. No technical blocking solution alone is enough to protect a determined child or teen from finding pornography online. Have the “talk” on an ongoing basis with your children about the content your family finds appropriate and inappropriate; this exchange should never be a one-time conversation.

Teens in particular may balk at the conversations, but they do listen far more than you might imagine. To learn more about your influence on your teens’ lives, see Psst! Parents! If you talk to your teen, they will listen to you, as well as this article about how to talk to teens.

It was only a matter of time before phone hacking rose to the top of the media-driven hysteria list

Thanks to the rapid growth of mobile device adoption and the subsequent rapid growth in mobile threats, phone hacking prevention is a hot topic. A headache reserved for celebrities in the past, smartphone-infiltration concerns have crossed the VIP vs. everyone else blood-brain barrier and now potentially impacts anyone who owns a smartphone.

But is this really a serious problem for us regular folks? Are our voicemail messages so interesting that someone would invade our privacy to listen in? Before we go barking up the narcissism tree, it’s best to examine what phone hacking is and whether you really need to worry about it.

With everything I’ve got going on, do I need to worry about my phone’s security?

This security threat can be broken down into two types: hacking into a live conversation or into someone’s voicemail, and hacking into data stored on one’s smartphone. Just as the majority of abductions are carried out by a member of the abductee’s family—unless you go by code name POTUS or are Hugh Grant—the person most likely to hack into your live conversation or voicemail will be someone that you know who has an ax to grind.

And in today’s mobile world, mobile security is a growing issue. As people increasingly store sensitive data on their mobile devices, the opportunity to exploit privacy weaknesses becomes more tempting to unscrupulous ‘frenemies’, exes or the occasional stranger.

It doesn’t help that there is a cottage industry of software ostensibly developed for legal uses but is easily abused (password crackers aptly named ‘John the Ripper’ and ‘Cain and Abel’ are two examples). Opportunistic hackers can wreak havoc with data deletion or install malicious software that gathers bank account logins and confidential business emails.

So what’s a smartphone owner to do?

If you want to be proactive, there are several measures you can take to protect yourself against this threat, most of which involve common sense. For example:

• Don’t leave your phone unattended in a public place.
• Be sure to change the default password that comes with a new phone to something more complex (resist the usual “1234,” “0000” and 2580)
• Avoid using unprotected Bluetooth networks and turn off your Bluetooth when you aren’t using it.
• Use a protected app to store pin numbers and credit cards, or better yet, don’t store them on the phone at all.

Throwing the baby out with the bathwater

If you’re still worried about your smartphone’s security, there are further steps you can take to protect yourself. However, taking things too far will defeat the purpose of having a smartphone at all.

• Avoid accessing important locations such as bank accounts via public Wi-Fi that may not be secure.
• Turn off your auto complete feature so critical personal data isn’t stored on the phone and must be re-entered every time you need it.
• Regularly delete your browsing history, cookies and cache so your virtual footprint is not available for prying eyes.
• If you have an iPhone, you can enable ‘Find My iPhone’ in your settings, and it will locate your phone if you misplace it before the hackers can lay their hands on it.
• Use a security app that increases protection. For Android owners, Webroot offers the all-in-one SecureAnywhere Mobile app that provides antivirus protection and allows you to remotely locate, lock and wipe your phone in the event you lose track of it.

Remember—if the thought of your smartphone getting breached has you tossing and turning at night, you can just turn the phone off, remove the battery and hide it under your pillow for some sweet lithium-ion induced dreams.

If you’re one of the people who is still stubbornly holding onto Windows XP (which stopped receiving support and security updates as of April 8, 2014), it’s time to let go. Likewise, if you’re using an outdated version of your preferred internet browser, it’s time to update. Right now. Why? In both scenarios, you’re putting your personal online security at risk any time you browse the internet. Without current web browser support and critical security updates from Microsoft, your PC may become vulnerable to any number of harmful viruses, spyware, and other malicious software which can steal or damage your identity, personal finances, and information.

Microsoft Pulls the Plug on Windows XP; Users Should Upgrade

(Source: howtogeek)

Nearly two years ago, Microsoft finally made the decision to stop supporting the widely popular OS (operating system) after a 12 year run. Windows XP faithful (and there were many) were encouraged to say their farewells to the beloved OS and move on to newer Microsoft technologies, or continue to use XP at their own risk as the OS was no longer receiving security updates. Unfortunately, many users chose the latter option, leaving their computers susceptible to a myriad of threats. Worse yet, people stubbornly continue to use Microsoft XP, despite the security risks. If you fall into this category, I strongly advise you to upgrade to a version of Windows that Microsoft still supports.

For more information on the end of XP support as well as how to upgrade, you can check out this Microsoft FAQ.

Using an Up-to-Date Internet Browser on a Supported OS is Important As Well

Making sure your operating system is supported is critical, but it’s not the only step users need to take to stay secure. If you’re using a supported OS, but fail to keep your internet browsers updated, you leave yourself vulnerable every time you browse the web. Likewise, if you’re using an updated browser on an OS that’s no longer supported,  same thing. Thus, browser support is also crucial for a safe internet-using experience. Here’s the current support status of each major web browser:

Internet Explorer:

(Source: Microsoft)

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10. In other words, if you’re using any prior version of I.E., you’re at risk and it’s time to update.

Fortunately, Internet Explorer 11 offers improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services, so the transition should prove a comfortable one. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience. You can download the latest version of Internet Explorer here.

Google Chrome:

(Source: Google Images)

Chrome, Google’s wildly-popular take on the internet browser, came onto the browser scene (and subsequently onto users computers) in 2008. Now, it’s estimated that Chrome is the most widely-used browser on desktops, at 58% worldwide usage share.

Unlike Internet Explorer, Chrome automatically updates each time it detects that there’s a newer version available, so users don’t have to worry about being on a potentially-outdated version of the browser. However, last November, Google announced it will end support for Chrome on some older operating systems by April 2016, which means that less than a month from today, Chrome will stop getting updates if your computer is running any of the following operating systems:

Windows Vista, Windows XP, OS X 10.6 Snow Leopard, OS X 10.7 Lion and OS X 10.8 Mountain Lion

The April 2016 deadline is actually an extension to the life cycle of Google Chrome on Windows XP. Google originally announced back in October 2013 that support for Chrome on XP would end by April 2015, before pushing that deadline back to December 2015. For more information on system requirements as well as download links for different operating systems, check out this Google support page.

Mozilla Firefox:

(Source: Mozilla)

Mozilla’s Firefox, created back in 2002, still remains a popular browser choice for users. Largely thanks to the decline in Internet Explorer usage, Firefox reportedly took over the number two slot for desktop browsers in February 2016.

Like Chrome, Firefox is set by default to automatically update to the latest version. You can find a list of all Firefox releases here.

As far as operating systems go, here are the ones currently supported by Mozilla: Windows XP SP2, Windows Server 2003 SP1, Windows Vista, Windows 7-10, Mac OS X 10.6-10.11. You can learn more about getting the latest version of Firefox on an older version of Windows here (although you should really not be using Windows XP at this point, as outlined earlier).

Safari

(Source: Apple)

Sure, some Mac users prefer to use Chrome or Firefox. However, Safari (the default internet browser on Mac OS X that was originally released in 2003) is also used by many Mac users worldwide.

While the browser doesn’t update automatically, users can easily check for updates by opening the App Store and clicking on ‘Updates’ in the toolbar. If there’s a new version of Safari available, users just need to click the ‘Update’ button (and enter their Apple ID), and the latest version will be installed.

To keep Safari up-to-date, Apple encourages users to upgrade to the latest version of OS X. Safari 9, which is currently in version 9.0.3, comes bundled with the latest version of OS X, El Capitan. However, users who are still using OS X Mavericks can also update to the latest version of Safari. You can find out more information on this Apple support page.

With so many options, updates and upgrades available today, it’s easy to find yourself using an outdated operating system or a internet browser that is no longer supported, and putting yourself at a security risk as a result. Hopefully this blog post and the included hyperlinks will help you take the necessary steps in ensuring your operating system and browsers are up-to-date, which in turn, will help safeguard your identity and personal information. As always, it is also important to have an up-to-date antivirus program installed to protect your computer, in addition to an up-to-date browser and OS.

Myth: There is no link between your real-life location and your digital one.

The truth is that the two are very much connected. Perhaps more importantly, then, is what this means when it comes to your personal security. If the state or city in which you live is a hotbed for cybercriminal activity, your chances of being infected online increase significantly. Couple this with the fact that hackers are constantly refining their attack methods and finding new ways to make a profit, and you have yourself a potential recipe for personal information loss disaster.

Fortunately, you can prevent that from happening and stop those cybercrooks right in their tracks. How? By making sure your devices are protected. With cybersecurity that actually works. It also helps knowing which states and cities hackers choose as their favorite targets. The infographic below breaks it down.

In a 2016 survey of 500 PC gamers, Webroot discovered statistically significant differences in the ways that male and female gamers approach internet security, 3^rd party modifications, and the way they choose to portray their gender online. In fact, we found surprisingly large discrepancies between those who identified as male and those who identified as female in terms of online gaming and security.

The following infographic reveals the findings of our survey:

Here at Webroot, we take security seriously. With that being said, there is always more that you can do to improve your security and privacy while browsing online. Below is a list of browser plugins that we recommend you check out.

Webroot Filtering Extension

This one is pretty much a given as we are Webroot. Our filtering extension provides you with the reputation of websites within your browser and helps to protect you from harmful websites. This extension is available to all Webroot users.

Webroot Password Manager

Password managers are almost a necessity in today’s landscape. You should have multiple passwords that differ across your accounts. The Webroot Password Manager assists with managing and maintaining all of these with the click of the mouse. We also ensure that all of the stored passwords are encrypted and you should always ensure this is the case with any password manager you choose to use. This utility is available to Webroot Internet Security Plus and Webroot Internet Security Complete customers. If you are using a security program (you should be) may as well throw in a password manager.

HTTPS Everywhere

More websites are shifting to HTTPS and should be, but redundancy is never a bad thing when it comes to security. This extension encrypts your communications with major websites to make your browsing even more secure.

Privacy Badger

This one comes as more of a personal preference and an honorable mention to Disconnect here. Privacy Badger blocks ads and trackers that use your browsing information to show you tailored results. Privacy Badger learns from your browsing habits so the more you browse, the better it is going to work for you. While not as strong out of the gate as some of the alternatives, in the long run I feel as if this is more useful.

Adblock Plus

You’ve likely heard of this one before, and for good reason. Adblock Plus helps to block popups, video ads, and malware domains on many different websites. The caveat here is that some websites (we are looking at you, Forbes) will ask that you disable this extension to view the website. This happens because many websites receive revenue from the ads located on their website. Some websites solely rely on this revenue to function and provide content to you.

I hope that these recommendations assist you in securing your browsing experience. With the same layered approach that we recommend for enterprise networks, you can keep enhance the security of your browser, keeping you and any other users safe and secure. Share any additional browser plug-in ideas you have on our Webroot Community.

In support of January being Clean Up Your Computer Month and National Privacy Day on January 28th, here are some great tips to start 2016 off right.

Let’s face it, we are all guilty of letting our computers get out of hand from time to time. I, for one, realized this when cleaning up one of my hard drives and discovered that I had 363 games either installed or ready to install. Typically a person will download something they want or need for a given moment, use it and never get rid of it. This can clutter and bog down your hard drive or even worse, leave personal information openly available. Here are a few tips that will help keep your machine clean.

Keep your desktop tidy! For me this is the pet peeve that my fiancée is guilty of and it drives me crazy. If your desktop looks like someone dumped a bucket of icons all over it then you might want to think of condensing and organizing. This can make for faster boot times, and easier navigation. Don’t let your desktop look like this…

Try to keep everything organized!

The download folder can be your worst nightmare on a device. I find this to be the one area that I am horrible at keeping track of. I need a picture for a blog or a gif to send to a coworker… months later I find myself questioning why I have a random gif of a plane crash on my computer. This folder can build and build until it is out of hand. Minimize the amount of files you have in here, if it is old .dmg files then trash them. This will greatly reduce clutter on most people’s macs. The mail downloads folder is another location that people tend to ignore. You can get to it using spotlight and typing in mail downloads or In the Finder, select Go > Go to Folder. Type ~/Library/Containers/com.apple.mail/Data/Library/Mail Downloads in the text field (This is only for people that use the built-in Email app).

Just as most of us adapted to cleaning the cache on Windows, you should do the same for your Mac. This doesn’t just relate to web browser cache, OS X stores lots of information in cache to allow for a faster loading time. You can go to the caches location and do a clean-up yourself (which I only advise for those who know what they are doing) or you can simply go to utilities in Webroot SecureAnywhere and click “Optimize Now”. This will clean up certain caches and logs for you.

A key to having a clean computer is not just removing known junk but also removing unwanted Apps. Be sure to remove applications that you are no longer in need of. I like keeping a spreadsheet with my license keys, in case I need one of the apps in the future. Unused or unwanted apps can take up massive amounts of hard drive space and can post a threat to your internet security.

My final tip… Most macs come with a microfiber screen cloth… Use it.

A physically dirty computer is something that no one wants to look at. Apple has a page dedicated to recommendations and guidelines for cleaning their products. https://support.apple.com/en-us/HT204172

It’s that magical time of year for all technically minded folks: sysadmins, IT pros, nerds and gamers.  It’s that time where you get to go home to family, gather around the fire, and fix their computers.

That’s right; it’s not about the turkey or the giving of presents, it’s about cleaning toolbars off grandma’s computer.

For those of you who go through this annual ritual, here’s a few things to make the process easier for everyone:

1. Facelift: SSD, memory, larger screen.  One of the cheapest ways to give aging hardware a boost is getting easier every day.  SSD prices are bombing like your boss’s jokes at the holiday party, RAM has been cheap for a while, and bigger screens are always cheap around the holidays.  Replacing an HDD with an SSD will make them think you gave them a whole new computer.  For moving the boot drive, I recommend Paragon Software’s Migrate OS to SSD software: https://www.paragon-software.com/technologies/components/migrate-OS-to-SSD/ That way you don’t have to do a fresh install, and you can just leave the migration running while you eat dessert.  Combine that with a USB to SATA cable: http://www.amazon.com/gp/product/B00HJZJI84 and you only have to open up the case once to swap the drive out after the migration is complete.  While the case is open, slap in some extra RAM so that when Chrome tabs gobble up all the memory their computer doesn’t grind to a halt.  And finally those aging eyes will benefit from the jump to a larger screen.  27 inches seems to be the pricing sweet spot lately.  And you can take home the replaced screens to use as second, third, fourth and fifth monitors for yourself while playing Fallout 4.
2. Auto-reset the internet.  How tired are you of asking people if they’ve tried turning it off and on again?  For one aspect you can now automate the process.  They make plugs that detect when the Internet connection goes down that automatically power cycle the cable modem and/or router: http://www.amazon.com/PI-Manufacturing-Internet-Controllable-Automatic/dp/B006PPISCG That will save you from having to explain to your parents which device they have to try turning off and on again when the Internet goes out.
3. Setup easier remote access – Have you ever had this conversation: “Go to the address bar.  That thing at the top.  Type in: H-T-T-P-colon-slash – the one that leans to the right, not the left, now another slash.  Yes the same direction as the last one.  Now L-O-G.  No, G as in Get a clue…”  You get the picture.  While you’re home, why not setup a shortcut on the desktop that goes directly to your preferred remote support website?  That way grandma knows what to click on when you have to remote in to uninstall the latest toolbar she installed.
4. Install antivirus that allows central management – obviously I’m going to recommend Webroot: https://www.webroot.com/us/en/home But no matter what you choose, it’s nice to have something that has a central online console. This allows you to see whether mom’s computer has run a scan in the last decade and how many viruses your younger brother managed to catch while visiting those sites he likes to go to.  With Webroot you can also kick off scans and reboots from anywhere you can get online.
5. Protect their credit – everyone’s had their information stolen at this point so you might as well put a freeze on your credit.  Mom and dad probably aren’t getting a lot of loans these days therefore this won’t be a big inconvenience for them.   Here’s how to go about it: http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs This just means they’ll need to call in and unfreeze with their password before they get any more lines of credit, and it will stop the bad guys from taking out loans in their name.  Because face it, they already have all of your personal information.  Protect your inheritance.
6. Install an ad blocker and privacy protection – ads are a huge vector for malware these days.  I like uBlock Origin to stop ads and Privacy Badger to stop companies following you around the web with tracking cookies.  Put those browser extensions in place and teach mom and dad how to turn them on or off for individual sites for when they break core functionality.
7. Get them on a better browser – if they’re still using Internet Explorer then you should be ashamed of yourself.  Protip: change the existing IE icon on the desktop to open up Chrome or Firefox instead, so they don’t have to learn to click on anything new.
8. Power protection – get some cheap UPS and surge protection so that any desktop devices & cable modems won’t go haywire if the power blips: http://www.amazon.com/Eaton-Electrical-3S350-External-UPS/dp/B00906CH8S
9. Setup online backup – I like Backblaze: https://www.backblaze.com/ $5 a month for unlimited storage on each computer.  Now your baby pictures aren’t in danger of going up in a puff of magic smoke.  Restores are easy and you get email reports letting you know that the backups are successful.
10. Get better wireless – Ubiquiti has awesome and affordable prosumer APs that will give you a signal from two streets over: http://www.amazon.com/Ubiquiti-Networks-Enterprise-Unifi-UAP/dp/B00HXT8R2O No longer will the neighbor’s Wifi interfere.  I use one to cover an entire three-story house from top to bottom.
11. Connect the house with powerline Ethernet – save the wireless for devices that move.  For anything static, from streaming devices on your TV to media servers, wired is the way to go.  Powerline Ethernet is now rock solid and you can turn your whole house into a hub by plugging these into any outlet: http://www.amazon.com/TP-LINK-TL-PA4010KIT-Powerline-Adapter-Starter/dp/B00AWRUICG No running cables throughout the house required.
12. Stop bundleware – next time dad installs an update, you don’t have to worry about uninstalling a toolbar with this one simple trick: http://unchecky.com/ This software automatically unchecks the bundleware checkboxes so that you don’t have to use a cattle prod to train family to uncheck anything.
13. Install a password manager – anything to get people to use good passwords without having to teach their aging brains to remember anything new.  If you use an online password manager, then you can automatically change their passwords and update the password manager for them whenever there’s a report of a breach on a site your family uses.
14. Follow Swift on Security on Twitter.  A parody account that is both funny and useful.  Taylor Swift’s Infosec alter ego will keep you up-to-date on the latest security news and breaches, all while serenading you with the latest hits: https://twitter.com/swiftonsecurity/

Hopefully this list will help you get through the holidays at home without having to resort to hiding in the basement.  Make a few of these changes and it should make the next year of family tech support that much easier.  May the force help you live long and prosper.

With the two most hectic shopping days of the year rapidly approaching, you may be preparing to nab a deal… but identity thieves are just as busy trying to nab your financial information. While you’re out looking for the best deals
online and in retail shops on Black Friday and Cyber Monday, keep these security tips in mind to protect your identity:

• Try to use a secure payment method whenever possible. This includes Paypal, prepaid limited use debit cards, and credit cards that are separate from your primary bank account. Using a debit card that is tied to your primary bank
  account is the least secure form of payment, as a security breach poses the greatest financial risk.
• When you purchase something from a small independent business online, make sure that the checkout process is a “Secure Site”. Look for a yellow padlock in the browser bar as well as “HTTPS” at the beginning of the website (as compared to “HTTP” with no “S” at the end, which stands for “Secure”).
• Make sure that your operating system and security software are up to date. If you use Webroot SecureAnywhere, your software should automatically update itself whenever new versions are released. If you’re interested in using Webroot SecureAnywhere to protect your devices, CLICK HERE for a 14-Day Free Trial.
• Don’t make online purchases while using public WiFi connections, such as restaurant or mall hotspots, because these networks are prime targets for identity thieves and hackers. Shop only from trusted wireless connections such as home and cellular networks.
• Never send sensitive information such as Social Security Numbers, passwords, bank account numbers, or credit card numbers through e-mail. This is not a secure way to send sensitive information and legitimate companies will ask you to use some form of secure site to transmit the necessary information.
• When using an ATM, inspect the card reader before swiping to ensure that it isn’t fake. Lately, identity thieves have been planting card skimmers over ATM card slots in order to trick people into providing their PIN and magnetic strip information, and this technique is on the rise.
• Watch cashiers for skimming, which is when your card is swiped once at the register and again through a hand-held scanner the size of a cigarette lighter. Most registers allow you to swipe your card yourself; if a cashier asks to swipe your card by hand and turns away or puts both hands out of your sight while holding your card, ask to see a manager.
• Review your credit card and bank statements to ensure that there are no unusual or fraudulent transactions. If you identify any suspicious activity, contact the appropriate financial institution immediately to address anny accounts that may have been compromised.

We hope that keeping these security tips in mind will allow you to shop with confidence and safety during the upcoming sales events.