The Technology Blog

Protect Yourself From Identity Theft

By | Cyber Security, Identity Theft | No Comments

Protect Yourself from Identity Theft

Common sense used to be the best way to protect yourself from identity theft. Collect mail in a timely manner, store your social security card in a safe place and shred sensitive documents.
Today we live in a digital world. An identity thief can drain our bank account in seconds if our data is not secure. If you don’t catch it quickly, it may be too late to recover the stolen funds.  According to LifeLock, 1 in 4 people has been affected by identity theft online. This year alone, 15 million people lost an estimated $16 billion in identity theft scams.

Five Types of Identity Theft

There are multiple ways our identity can be stolen.  The four common types of identity theft include:

  • Child Identity Theft
  • Tax Identity Theft
  • Medical Identity Theft
  • Senior Identity Theft
  • Social Identity Theft
Protecting Yourself from Identity Theft - Pros 4 Technology Blog

An identify thief can drain your bank account in seconds.

Four Ways to Protect Your Identity Online

Identity thieves are always coming up with new ways to access your personal information. There are four important things you must do to protect your identity. If your account is more secure, a hacker usually moves on to an easier target. Here are the best things you can do to protect your identity:

1. Prioritize Passwords

  • Use a password manager like LastPass to store unique, randomized passwords for all your logins. Learn more about effective passwords in our recent post, How to Create Secure Passwords.
  • Use two factor authentication whenever it’s available. Examples would include a code texted to your smartphone, or the security questions a bank uses for your account, after you input your password. For security questions, use answers only you would know, ones that a hacker could not find online.
  • Use passphrases instead of passwords. Longer passphrases are harder to crack, and hackers will typically move on to an easier target.

2. Go paperless where you can – Anything in your mailbox can be stolen more easily than online. Shred every paper document with your personal information before you discard it.

3. Monitor your credit reports and bank statements. If credit fraud isn’t caught right away, often the account owner is liable for payment. The latest tax scam involved hackers stealing tax information and placing small amounts of money into the bank account, mimicking a refund.  If anything is off, notify the bank or credit monitoring system and they can reverse charges. If you have been compromised, there is assistance. Report fraud immediately. The federal government provides the website Identitytheft.gov to help victims of identity theft.

4. Don’t trust – verify.

  • Before you respond to an email, expand the details of your recipient. If the “from” email address does not have the same domain as the organization, it is likely a scam.
  • Before entering any personal information onto any website, verify that the website is legitimate. Google search the company name. Illegitimate websites may be flagged by users or even mentioned in articles on internet security.
  • Check the website security status to the left of the URL. A secured site has a padlock icon left of the URL, like the one our website.

Identity theft can happen to anyone, online or from your mailbox. It seems counter-intuitive, but properly protected online data is safer than what’s in your mailbox. Awareness and vigilance are the best identity theft protection.

How to Create Secure Passwords

By | Business Network Security, Cyber Security | No Comments

How to Create Secure Passwords

Strong Passwords are Essential to Prevent Identity Theft

We need passwords to protect our personal information online, from email, to Facebook, to our bank and credit accounts and much more. Unfortunately, many people overlook the importance of a strong password, in favor of something easy to remember, using their name, birthday or even the word ‘password.’ All too often, the same weak password is used for every account.

Having your password stolen isn’t just an inconvenience any more. These common password mistakes can cost you your identity.

Stealing Passwords is Automated Now

Hackers can effortlessly perform brute force attacks on your internet connected devices and online accounts to steal passwords. Using automated software, their computer guesses every possible password combination in a matter of seconds or minutes. When your password combination hits, they gain entry.

The initial attack will often attempt passwords generated from names, birthdates and other personal information, which are commonly used because they’re easy to remember. If that’s unsuccessful, many programs can simply attempt every possible key combination. It can take as little as 8 seconds to crack a weak 6-character password.

However, if your password is at least 8 characters with a mix of lower and upper-case letters, it can take up to 10 days to crack. Add numbers and special characters to the mix and your password becomes very difficult to hack. Most hackers will move on to an easier target.

Use secure passwords to help prevent identify theft - Pros 4 Technology Blog

Use and manage secure passwords to protect yourself against hacking and identity theft.

How to Create and Manage Strong Passwords

Password Do’s

  • Use a different password for every online account.
  • Change passwords on a regular basis.
  • Change passwords if you suspect someone has access to your account or you’ve been hacked.
  • Use at least one of each of the following in all passwords:
    • Uppercase Letters
    • Lowercase Letters
    • Numbers
    • Special Characters

Password Don’ts

  • Don’t enter less than 8 characters unless you are limited by the account login.
  • Don’t use any personal information (birthdates are popular targets).
  • Don’t use words found in the dictionary – the more random the character combination, the better.

Use 2-Factor Authentication to Strengthen Login Security

Enable 2-factor authentication wherever it’s available for your sensitive logins. This step requires you to enter a unique code that is texted to your phone when you enter your password, and can prevent most hackers from gaining access, even if they do discover your password.

Use a Password Manager

You no longer need to remember or keep long lists of passwords. Password managers can store all of your passwords, and automatically generate new, much stronger ones than you would create yourselves. You only need to keep track of one strong password, and you can enable two-factor authentication to boost your login security even more. One of our favorite password managers is LastPass.

Protecting Your Android Smartphone or Tablet from Malware

By | Cyber Security, Smartphones & Tablets | No Comments

How to Defend Against Malware on Android Smartphones & Tablets

Google Android is the most commonly used operating system (OS) on smartphones. But it is also the most frequently attacked OS by malicious software, or malware. This can take the form of computer viruses, worms, Trojan horses or spyware. Apps can be created by any user online, including hackers, who can secretly embed malware to infect users’ phones.

Android smartphone apps can be infected with devastating malware and viruses.

Android smartphone apps can be infected with devastating malware and viruses. Investigate before you download!

Here are several things you can do to help protect your Android smartphone or tablet from malware:

  1. Download apps only from the Google Play Store . Google has an entire tech department dedicated to investigating apps and hunting down malware. The occasional bad app will slip through their net but it’s far less risky than downloading smartphone apps anywhere else.
  2. Scrutinize app reviews and ratings. You want an app that has 5-star ratings and positive reviews, but hackers can fake this information too, using a Trojan horse. Check for repeated and/or very short reviews – this can indicate fake content.
  3. Investigate the app’s creators. Businesses evaluate the developers of the apps they use. This is good practice for your personal devices as well. Research them online. Often a bad app will be flagged on a message board before it’s pulled from the app stores.
  4. Examine app permissions. Each app will request to access certain functions of your device. Think twice about downloading the app if permissions are attached to personal information, and make sure the access requested correlates to the app. If you are downloading a calculator app, why do they need to access your camera? Some of the riskier permissions to allow are:
    • Saving your data
    • Taking photos
    • Recording audio

Extra attention to these details will reduce the risk of malware attacks to your Android smartphone or tablet.

Four Ways to Secure Your LinkedIn Profile

By | Cyber Security, Email, Social Media | No Comments

Network Safely Online – Secure Your LinkedIn Profile

LinkedIn is the top name in professional networking and deservedly so.  Users have found jobs by posting their resume, expanding contacts and reaching out to obtain that dream job.  It’s Facebook for business professionals.

Many people forget, however, that it’s still an online network that requires personal identification information (PII) to form a profile.  LinkedIn is just as susceptible to security breaches and identity theft as any other social media platform. As recently as 2016 the site was hacked, affecting users with weak profiles and inadequate privacy settings.

The job search is stressful enough.  Using job search tools shouldn’t be. Four key actions can be taken to help secure your LinkedIn profile.

Secure your LinkedIn profile to network more safely online

Secure your LinkedIn profile and be wary of unusual connection requests and emails.

 1. Beware of Fake LinkedIn Connection Invitations

It’s flattering when a CEO wants to connect with you.  But if you don’t know the person, don’t connect.  Hackers create fake profiles to impress and connect with you so they can steal your PII. These things should make you suspicious of a connection invitation from someone you don’t know:

  • Spelling and/or grammatical errors
  • A name or photo of someone you don’t recognize
  • Job profile that doesn’t fit with the timelines on their job history

Bottom line, read their profile carefully and consider searching for the company’s website before accepting their invitation.

2. Be Wary of Phishing Emails

Those emails LinkedIn sends you notifying of job changes, job recommendations and connection invites? Most are real.  But hackers can fake those too. Never click an email link before verifying the sender. Also, take note of the following red flags:

  • Spelling and/or grammar issues
  • Your familiarity with the sender – is their identity questionable?
  • Links – Hover your cursor without clicking over links in the email. This shows you where the link actually goes. If it’s not what they say it is, its a scam. Don’t click!

3. Create Strong Passwords for Your Social Media Accounts

Creating and regularly updating strong passwords is essential for ALL of your online profiles.  LastPass is a password manager app that automatically generates strong passwords, and only requires you to login once. It fills in the specific, unique password for each of your online network profiles so you don’t need to remember them.  Repeatedly using a single password for all networks is a common security mistake that opens you up to hacking across all your online profiles.

4. Use Two-Factor Authentication

LinkedIn offers two-factor authentication for all users – you simply need to set it up. This is the single most important step in securing your account. Use the following steps to add this security feature to your profile:

  • Access your profile and scroll to the bottom.  Click the link that says ‘Manage your account and privacy.’
  • Under the ‘Login and security’ section, click ‘Two-step verification’ and enter a mobile phone number where LinkedIn can send you a security code by text message.  Enter this in at the prompts to turn the Two-step verification on.

These few extra steps can dramatically improve your profile security. You can make professional networking and the job search less stressful knowing that your identity is more secure in your online profiles.

Fake IRS Refunds: The Latest Tax Scam

By | Uncategorized | No Comments

Fake IRS Refunds: The Latest Tax Scam

Each year, the IRS publishes the ‘dirty dozen,’ a list of the top twelve scams hitting taxpayers. Making this year’s list is the false tax refund scam. A growing number of identity thefts are from tax preparers with lax data security. Regardless of how they access your personal information, the scammers file a fake tax return in your name and then put a REAL refund into your bank account.

The False Refund Tax Scam

The scammer contacts you, posing as a law enforcement officer or IRS agent. The person claims the refund was a mistake and must be paid back. Hackers have even developed automated messages threatening their victims with arrest warrants, criminal charges or social security blacklisting if the refunds are not sent back. These calls usually give a case number and phone number where you can return the money. Don’t fall for it.

Keep an eye on your bank account this tax season. If you see a refund amount different than what’s on your filed tax return, take action according to the type of refund:

  • Direct Deposit – Contact the Automated Clearing House of the bank where the direct deposit was sent.
  • Check – Write ‘VOID’ on the endorsement line on the back of the check. Immediately return it to the IRS location listed on the check. The city will be listed on the bottom text line, in front of the words ‘tax refund’. This IRS Scam Alert article lists IRS mailing addresses for returning paper checks. If you’ve cashed the check, you will need to contact the office to repay it and inform the IRS of the scam.

How to avoid the false refund scam?

  1. Ask your tax preparer about their data security. The IRS publication, Safeguarding Taxpayer Data, outlines their legal requirements and data security best practices.
  2. File as early as possible. This has shown to reduce the likelihood of fraud.
  3. Monitor your bank account for a refund deposit amount that doesn’t match the return you filed.
  4. Don’t cash a refund check unless it matches the return you filed. Return it to the IRS and alert them to the discrepancy.
  5. Be suspicious of email from the IRS. This is almost always a scam. The IRS does not contact taxpayers via email.

What is a Social Engineering Attack?

By | Business Network Security, Cyber Security, Email | No Comments

What is Social Engineering?

In a social engineering attack, a cyber-criminal uses human interaction (social skills) in email messages, phone calls, or unannounced personal visits. This cyber attacker may be respectful and seem to be perfectly legitimate but will use psychological manipulation to trick victims into making security mistakes or giving away confidential information. He or she might claim to be an employee, repair person, researcher, or sales representative, and may even offer credentials. Regardless of how they contact you or who they pretend to be, this type of cyber-criminal has one goal: to obtain or compromise sensitive information about your organization or its computer systems.

Social Engineering Attacks Leverage Human Error

Social engineering attacks are especially dangerous because they rely on human error, not vulnerabilities in operating systems or software programs. By asking what may seem to be innocent questions, the cyber-criminal may be able to piece together enough information to infiltrate your organization’s network. The attacker will be persistent! If unable to gather enough information from the first source, he or she may contact another source within your organization, then use information obtained from the first source to bolster his or her credibility and build trust.

Social Engineering Attacks leverage human error to gain access to sensitive company information | Pros 4 Technology Blog

Social engineering attacks leverage human error to gain access to sensitive company information.

Social Engineering Attacks – Do’s and Don’ts

To avoid being the victim of a social engineering attack:

  • DO be suspicious of unsolicited email messages, phone calls, or visits from individuals asking about employees or other internal information.
  • DO try to verify the identity of an unknown individual. Directly contact the company the individual supposedly represents using a phone number or email address you know to be valid.
  • DO install and maintain anti-virus software, firewalls, and email filters to cut down on questionable traffic.
  • DO take advantage of anti-phishing features offered by your email server and web browser.
  • DO pay attention to website URLs. Though a malicious website may look identical to a legitimate site, the URL may use a variation in spelling or a different domain.

If anything at all about individuals or their questions seems suspicious:

  • DON’T respond to requests for personal or financial information.
  • DON’T click on links in email messages.
  • DON’T use contact information that’s provided on a website connected to the request.
  • DON’T send sensitive information over the internet before checking a website’s security.

Find more information on how to avoid being a victim of a social engineering attack on the U.S. Homeland Security Website.

I Think I’m the Victim of a Social Engineering Attack – What Should I do?

If you think you have revealed sensitive information about your organization:

  • Report it to network administrators and other appropriate personnel so they can be alert for suspicious or unusual activity.
  • Contact financial institutions immediately if you think accounts may have been compromised.
  • Promptly change any passwords you may have revealed. If you used the same password for multiple accounts, change it for each account. Don’t use that password in the future.
  • Close any accounts that may have been compromised.
  • Watch for unexplainable charges to accounts.
  • Report the attack to the police or government agency responsible for cyber-crimes, such as:

Advanced Fee Fraud – The Oldest Internet Scam

By | Email | No Comments

What is Advanced Fee Fraud?

Advanced fee fraud is a con. Scammers who employ this tactic (typically from foreign countries) promise you’ll receive a payment, but only after you pay a fee. For instance, you might receive an email saying you’ve won a new house, but before you can claim the prize, you need to pay taxes on it. You’d be wise not to believe this, but unfortunately, many people do. The cost to the many victims of this con is billions of dollars each year.

Advanced Fee Fraud: An Evolving Threat

This variety of scam has gone through many phases. It started with “snail mail,” a letter arrived in your postal box. Next, messages arrived by fax; today they arrive by email, and that includes your smartphone. Other varieties of this type of scam might include:

  • Fake lottery winnings
  • Inheritance notices
  • Job offers
  • Financial legal help
Advanced Fee Fraud is the oldest internet scam.

Advanced Fee Fraud is the oldest internet scam.

What Are Advanced Fee Fraud Victims Asked to Do?

The scammer will ask a potential victim to provide bank letterheads, account numbers, or other confidential identifying information. Initial requests for money will be followed by new requests for money, and it will only stop if the victim refuses. It’s possible for a scammer to acquire enough information to result in bank fraud. Advanced Fee Fraud scammers tend to work tirelessly for hours at a time to rack up payments.

Advanced Fee Fraud: Don’t be a Victim!

Pay a Fee So You Can Receive a Payment? Don’t Do It! Be suspicious of emails that:

  • Tell sob stories
  • Use poor English grammar
  • Contain spelling errors
  • Promise big money payoffs
  • Make appeals for financial help

Protect yourself! Never send money to strangers, provide personal information or account numbers to unknown persons or companies via email, and never try to retrieve lost money independently.

USB Drives & SD Cards Are a Security Threat

By | Business Network Security, Cyber Security | No Comments

Take Precautions With USB Drives and SD Cards

USB Drives and SD Cards: Small, quick, easy to use, AND RISKY!

The convenience of USB drives and SD cards makes them increasingly popular for transferring data from one computer to another. However, they can just as easily be lost, stolen, or infected with viruses or malware. Sadly, anyone can lose personal or otherwise sensitive information if they don’t take precautions when using these convenient devices.

A USB Drive Can Easily Infect Your Computer

USB Drives and SD Cards can infect computers by using malicious code (malware) which detects when a USB drive is being used. Once the infected drive is in use, the malware goes to work, and it’s likely you won’t even realize your computer has been infected. The stealthy malware runs behind the scenes while you use your computer, harvesting sensitive data such as passwords, encryption keys, and other information stored on your computer’s memory.

USB drives and SD cards are a security threat to your computer Pros 4 Technology Blog

USB drives and SD cards can infect your computer with viruses or malware.

How can I protect my data from an infected USB drive?

The good news is, there are many precautions you can take to make your computer less vulnerable to attacks.

  • Never use a USB drive you did not purchase yourself, especially on a computer containing private or sensitive data, and any machine you use for work.
  • Use a password or encryption on your USB drive as soon as you purchase it.
  • Keep personal and business USB drives separate.
    • Don’t use personal USB drives on computers owned by your organization.
    • Don’t plug USB drives containing corporate information into your personal computer.
  • Use a firewall!
  • Be sure to use and maintain security software and keep it up to date.
  • Use anti-virus and anti-spyware software and keep virus definitions up to date.
  • Disable auto run, which allows removable media (CDs, DVDs and USB drives) to run instantly when inserted into a drive. Disabling this feature can prevent malware on an infected device from opening automatically.

These precautions can go a long way in protecting your sensitive data while allowing you to benefit from the convenience USB drives provide.

Not All Cyber Security Threats Are Online

By | Cyber Security | No Comments

Common Physical Security Threats to Smartphones, Tablets and Laptops

  1. Theft/Loss: Be vigilant! Don’t let professional and personal information on your mobile devices and laptops fall into the wrong hands.
  2. Shoulder Surfers: Be alert to these “social engineers” who will be happy to peek over your shoulder while you access sensitive data in public places.
  3. Eavesdropping: Never discuss sensitive information where you might be overheard. Remember the old wartime mantra “Loose lips sink ships,” and make important phone calls only when you have adequate privacy.
Be alert to physical security threats to smartphones and laptops

Theft, shoulder surfing, and eavesdropping are common physical security threats to smartphones, tablets and laptops.

Protect Yourself by Following These Common Sense Mobile Security Practices

  • Never leave your mobile devices unattended, and don’t trust a stranger to watch them.
  • Use a privacy filter. It’s an effective way to prevent shoulder surfers from seeing what’s on your device. (Dimming your screen also helps.)
  • Use your own data connection or hotspot, not WiFI, when connecting in a public place. Avoid accessing sensitive data in public places.
  • Personalize your devices. Apply unique stickers or decorative cases on your personal devices to deter thieves who hope to steal them. (Verify company policy before you decorate business-owned devices.)
  • Use a sturdy case to protect your phone or laptop from accidents that could render them inoperable.
  • Seek privacy while you’re in airports, cafés, and other public places. Look for a spot where nobody can peer over your shoulder or listen to your private conversations.
  • Password-protect all your devices.
  • Program your devices to automatically lock after short periods of non-use.
  • Use lock screens to provide an extra layer of security.

Remember, both the security of your items and your personal security benefit from situational awareness. Stay alert when using your device in a public place.

Can You Recognize a Scam Email?

By | Cyber Security, Email | No Comments

Scam Email: Can You Recognize One?

You check your email and there’s a message in your inbox from a well-known company, possibly one you’ve done business with in the past, so it doesn’t seem particularly suspicious. You’re told your order is on hold due to an issue with the company’s credit-card processing system, requiring a wire transfer if it’s to arrive on time. Should you be suspicious? Yes! Scam email is one of the the fastest growing methods used by cyber criminals to steal from you.

Don’t Fall for Email Scams

Keep in mind, often emails that appear to be legitimate are used by cyber crooks as tools to trick you into sending them money. Don’t be fooled! It’s best to use caution because chances are, if you wire money to a scammer, you’ll never see that money again. Protect yourself!Scam Email - Can you Recognize One? Cyber Security Blog from Pros 4 Technology serving Sheboygan and surrounding counties

Suspicion: Your Friend, the Email Scammer’s Enemy

Approach any request for a wire transfer, whether by phone or email, with caution. Know that truly reputable companies will not reach out asking for a wire transfer; instead you should expect to pay a reputable company via your credit card (which often provides added consumer protections) or a service like PayPal. Without a doubt, it’s better to be suspicious than to fall prey to an email scam.

I think I’ve received a scam email. What should I do?

If you get an email that makes you even slightly suspicious:

  • Contact the company through a phone number or email address you can verify is real.
  • Don’t use any of the phone numbers or links contained in the email.

It’s best not to open an email attachment, even if it’s sent from someone you know, unless the sender has told you to expect it. Opening email attachments can put malware on your computer.

I Think I’ve Sent Money to an Email Scammer. What Should I do?

Act quickly!

  • If you wired money through your bank, contact the bank immediately and request a wire recall.
  • If you used the services of a money transfer company like Western Union or MoneyGram, call their complaint line immediately.

Report the details to: