Ruggiero AV Services

Avoiding Common Pitfalls

Beware of Phishing Scams

There is a growing scam which is taking place known as phishing (pronounced ‘fishing’).  It initially became prevalent with the introduction of AOL in the 1990’s and basically refers to any way in which an unscrupulous individual tricks someone into giving them their password or other personal information.

The most common form used today is an e-mail which appears to come from a bank or financial institution.  This e-mail looks EXACTLY like the communications which you may receive from your bank, but actually redirects you to an EXACT replica of your bank’s site which is run by hackers.  To aid in the scams, some of the messages even say things like “You need to verify your account information to protect against identity theft”.  If you were to follow the instructions and input your account information, there would be a very good chance of having your identity stolen.

Here are some tips to prevent this type of fraud.

• Do not click on links in e-mails which appear to come from financial institutions or which request personal information.  If you use Internet banking sites, manually type in the address given to you by the print literature you received from the institution.  You can then make a bookmark or favorite for future use.  Only use this method for accessing the site and make sure that the address is entered correctly with no mispellings.
   
• It does not hurt to enter your correct username and an incorrect password once.  If you are truly connected to your financial institution’s site, it will recognize the fact that you provided an incorrect password and reject your connection.  If the site is operated by hackers, it will accept the incorrect password and allow you to continue.
   
• Make sure that you have up-to-date virus protection software (i.e. Symantec or MacAfee ) and it is also good to run a spyware removal tool such as spybot (available free at http://www.safer-networking.org) on a regular basis.

For more information on phishing, please refer to the Federal Trade Commission:  http://www.ftc.gov/bcp/edu/multimedia/ecards/phishing/

2011 UPDATE - Some companies have been taking advantage of "phone tech support" to scam users into giving out their personal information or remotely controlling their PC.  For example, you might get a call from a person claiming to be support for the Windows Operating System.  He then proceeds to take you through the process of looking through your computer's error logs, and relating them to virus-like activity, when in fact such errors or warnings don't always relate to a virus.

While we also use Romote Access software, we will always confer with a client via other means before deciding to set up a session.  And, the user has the ability to cancel the session at any time.

Watch a typical "scam" unfold in the videos below.  Note that the guy in the video KNEW it was a scam, and was playing along, so his seeming lack of interest was par for the course.

http://www.homehelptech.ie/blog/phone-pc-repair-scam/

Remember that Ruggiero AV Services will never cold-call a consumer for a support issue; our corporate customers are the exception since we do monitor key systems as part of our service with them and will issue alerts when required.

AND THE PASSWORD IS . . . ? 
Long, complex, yet easy to remember passwords are the key to a personal "security system" both online and offline.  The general rule of thumb is that passwords should not contain dictionary words, but they SHOULD contain a mix of letters, numbers, and symbols, and be at least 6 to 8 characters in length.  Here are two websites that allow you to check your password; the first is a general "strength meter", while the other focuses more on the obscurity of the password, and lets you know how long it would take to "crack" it under different scenarios.  How secure is your password?

MICROSOFT SECURITY - PASSWORD CHECKER
https://www.microsoft.com/security/pc-security/password-checker.aspx

GIBSON RESEARCH CORPORATION - PASSWORD HAYSTACKS
https://www.grc.com/haystack.htm

Easier Than You Think?

The majority of information on this page deals with methods of preventing or removing malicious computer programs or websites that are designed primarily to harvest your personal information -- from finding out where you like to surf on the Internet and your personal online shopping habits, to the actual account information linked to your bank and credit cards.  Most of the time, these websites work because they rely on "social engineering" - the fact that you trust a name like E-bay or the company associated with your credit card makes the websites associated with those organizations easy targets for spoofing.  Besides the "new rules" for keeping your information safe online, there have always been traditional rules that come into play when dealing with personal, private information, and performing tasks associated with that information.  An example of what NOT to do follows...

One afternoon in February, 2006, I was riding a public bus, and a lady was sitting behind me on her cellular phone.   She was speaking quite loudly, and although there was a general din of conversation among the other passengers, her voice was easily heard and understood, at least to a person sitting directly in front of, behind, or even next to her.  Apparently, this woman's regular land-line phone had been turned off, and she was speaking with the phone company in an attempt to get it re-activated.  I was actually only half-paying attention to her conversation, BUT my ears perked up even more when she asked if she could make a payment right then and there.  You can probably guess what came next.  All at once, this lady (whose name was Daphne) proceeded to give her debit card number, personal PIN number or password, and a home address to the person on the other end of the line, seemingly unaware that she was also vocally broadcasting that information to anyone in earshot!  I am sure she could have waited until she was in a more private location before she rattled off her private account details to the customer service representative and thus the majority of the passengers on the bus. 

Believe me, I am NOT the kind of person who would use that kind of information, and frankly my brain has more important things to remember - by now I have pretty much forgotten whatever details were exchanged.  But the fact remains, another more unscrupulous person COULD have taken note of everything she said verbatim, and used that information to do some serious damage.  So again, along with the rules of cyberspace, we have the rules of public space... DON'T REVEAL PERSONAL INFORMATION IN PUBLIC.  Keep personal account numbers, PINs, and passwords completely private.  And If you MUST speak on a cellular phone with someone who requires personal information, make certain you are in an area where you will not be overheard.

Daphne, I hope you are safe on Salem Road!

ADDENDUM: THE FUNNY SIDE TO IDENTITY THEFT?

In 2006, CitiBank promoted its identity-theft solutions on television.  It is fantastic that a company is taking such an active role in monitoring customers' accounts, and providing real-time assistance in the case of problems.   I have made use of their services and have been notified by their automated early-warning systems when I charged a large purchase or several small ones in succession.  Also, although most may disagree, and the sheer act of identity theft remains a big problem, I think it is great that Citi has chosen to approach their ads with a bit of humor.  Check out a sample of their 2006 ad campaign.