Weak Passwords – not a bad idea

There is a theory that passwords must be ultra complex, and I do not completely disagree with that policy, at least for important stuff. Secure passwords, in the opinion of ‘the experts’ contain UPPER case letters, lower case letters, numbers and symbols. And multiple of each {2 more upper case letters and 2 ore more lower case letters, etc.}. Also, the letters should not spell out any actual words and especially words that are linked to the individual.

It was fine and okay to follow that kind of policy when people had very simple online lives – an email account for work, an email account for home and maybe a bank account or two. Now, however, most people have very complex internet/digital worlds with multiple email accounts, multiple bank or investment accounts, an access account for their employment, Facebook, Twitter, Vine, youtube, google, amazon, ebay, paypal and numerous other accounts. Each requires a password and each should be different from the others.

Personally, I have my main personal email account, several email accounts for my numerous websites, a junk email account on yahoo that I use for anything that may get spammed, accounts at 2 different credit unions, my employer has an employee portal for paychecks, benefits and other personnel business and then I administrate numerous personal and friends’ websites. Plus I have passwords for different revenue marketing programs used on some of the websites. I can guess that I have upwards of 50 or more total different accounts that should all have different secure passwords.

If I was to follow the guidelines of a complex and different password for each service/activity and also follow the convention that passwords should be changed every six (6) months, there is no way I could stay on top of it. Granted, I may have a more complex situation then many people, but I also have a less complex world then many other websiters/blogmasters that I know.

If you are also in the world of having more then 20 password protected accounts, you already know it is impossible to keep them straight and at the same time follow all the rules of ‘the experts’. This leaves you with a couple of options. One is online digital wallet storing of your passwords. There are several programs out there offering this service and there are even commercial software for your computer or smart phone to store passwords. This, in my limited and uneducated opinion, is foolish because now you really do not have 20 different passwords – you have ONE. Anyone that hacks or gains access to the online vault or smart phone app with your passwords, now has all your passwords. Of course the computer programmers and marketers of these programs will tell you that it is impossible for someone to hack these systems, but as long as there are banks with money in them – there are people who will try to find a way to rob the bank. As long as there are computer programs with secrets (your passwords with access to your money), there will be people who will try to find a way to hack the program.

Most browsers allow for password storage and this, while convenient, is also dangerous because these programs are even more subject to hacking. However, for unimportant, or at least, lesser important accounts – this is an acceptable means for storing passwords. I do this for many of my blogs because if a blog gets hacked and becomes a security threat – I will delete the blog. I do not use this storage method for financial or other such critical passwords.

A current theory that is being carried forward by the ‘the experts’ is that you should use simple passwords for lesser important account and more secure passwords for more important accounts. The right balance of complex and easy to remember is a personal decision. For some people, their facebook password is more important to them then their bank account password and as such will be need to be more secure. For others that facebook is a once every few months activity because they are busy managing a large investment portfolio, they should have a very secure and complex password for their brokerage account.

Regardless of your opinion of password security, try to avoid easy things like your kids or pets names, important days like birthdays and avoid using the same password for junk activities (personally: facebook, youtube, twitter) and financial accounts (banks, investment, paypay or ebay – where people could order stuff in your name).

Happy computing.

Posted in Password

Computer Virus Removal

There are two versions (that I know of) of these types of scams.

We will fix you computer scam

A virus gets installed on your computer. You are prompted by a pop up display that you computer may be infected and to ‘click here’ to complete a scan. After a ‘theoretical’ scan, you informed that problems and errors have been found and for a credit card payment of typically $70-$100 dollars, the problems – be it errors in your operating system or viruses – will be taken care of. You are then informed that you will have 1 year of continuing coverage.

You pay the money and the ‘error message’ goes away. You are happy. What you do not realize is that the true virus was the one that put up the message offering to do the scanning and repairing. The scammers then update the code to reactive a year later. Or, they will just auto bill your credit card anyway if it has not expired. Generally, these ‘paid to fix’ scams never fix anything and maybe even make the situation even worse by installing additional stuff on your computer.

One major operation that was doing this was recently identified operating out of one of the former USSR countries, where they had 100s of programmers writing the code and finding ways to install it on computers.

A friend of mine fell for this multiple years in a roll where his computer would lock up and he would be demanded to pay $69.99 to free it up. The first time it happened, he called me and I was able to clear it for him. Then he went back to the sames sites where he got infected the first time and it happened again because he refuses (to this day) to run any kind of virus software. When he called me the next time, I told him I would be there in about 30 minutes. He decided to just pay the ransom and got his computer back. The next year his credit card was billed automatically for the $69.99 fee. When he got the bank to reverse it, about 2 weeks later his computer locked up again and demanded payment. He paid it again with a different credit card. I found out months later.

Never let any one scan your computer unless you are starting the process. Earthlink.net, McAfee, Norton and others offer scanning services where you can go to their website and request the scan.

Tech on the phone

My brother in law actually got one of these calls. A person will call and claim to be with tech support from a major well known company. It could be someone like Microsoft, Dell Computer or Apple or it could be someone who claims to be from your internet access provider.

The caller will tell you that they need access to your computer to either fix some know problems or as a free courtesy check. Either way, once they get into your computer (generally by having you log into a website they control) they will either install virus software to capture passwords, use the computer as part of a bot net or lock you out of the computer and demand payment for access. Either way you are permanently screwed and will need to reformat your computer losing all data and programs – or buy a new and start over. Even if you pay the ransom, it is say to guess that you will never have a completely clean computer again anyway.

This again is best defended by never giving any information over the phone and never allowing anyone to access your computer unless you initiated the transaction.

Posted in Payment Scams, Telephone Scams

Fake CPS agents visit Indiana Woman

A routine morning for an Indiana woman was altered by a phone call from Child Protective Services to inform her they were investigating a report of child abuse. Later in the day, two fake CPS women appeared at her door claiming to be from CPS. The presented what they claimed was a court order granting them access to the house and giving them the authority to remove any child(ren) that were were in need of protective custody.

The problem – they were not actual Child Protective Services agents. Or even any form of official government agency representatives. While in the home, the took pictures of the woman’s infant son and did other inspections of the house.

This was a fraudulent act and the local police are investigating.

The woman could have been attempting to kidnap a child or casing the house for future robbery. The woman herself was also obviously in danger the minute she opened her door.

The are several steps you can undertake to protect yourself, your home and most importantly – your children in a situation like this.

  • One make sure you check for official IDs – these women were not wearing any. This can also be faked with almost any computer and printer, so do not rely on this solely
  • Make sure to carefully read the ‘court’ order. Again this can be faked by someone knowledgeable and make sure you demand a copy for yourself. If they refuse to allow you or someone else to read it or say that they can not give you a copy – that should be a warning sign.
  • If you receive such a phone call before the visit, call the CPS back at their published telephone number and ask for a supervisor. They may not tell you that you are the subject of an investigation, but you are raising the alert to possible fraud if you are not.
  • Have, if at all possible, a friend or relative there with you when you allow people in your home. A extra witness could deter the fraudsters.
  • Make note of the vehicle license, description and other information of anyone representing them self as an official representative. Most such employees drive either clearly marked vehicles or new model ones. If the fraudsters are in a older, beat up and worn car – be very concerned. And if they have ill gotten gains in mind, the last thing they will want is for someone to know what they are driving
  • Call the police. While this is listed last – it is recommended that you do it first. Since this is a first visit by CPS, you will want and deserve to have the police there to supervise the entire situation. Many times, the police will show up with CPS during initial encounters anyway to handle unruly parents. However, they can also deal with inappropriate Child Protective Services agents also. And, of course, if these ‘agents’ are not on the up and up, they are not going to hang around if they see a cop in the area. If you are forced to open the door – call 911 and request immediate assistance.

So far nothing has happened after this visit from these Fake CPS workers to this woman and her children – but that is not to say that they are out of the woods yet.

Every day – crooks, criminals and fraudsters are looking for new ways to take from you what is rightfully yours. Never let down you guard and never assume that just because someone claims to be an official representative that they actually are.

Posted in Fake Agents Tagged with: , , ,

Windows Errors Scam

In the on going twist on telemarketing scams, callers – who speak almost no English – are calling homeowners and businesses with the claim that the user’s windows is reporting errors.

The caller claims to be able to provide technical support to fix the windows errors. They then proceed to start asking personal and financial questions.

This is a newly report scam, so at this point, I have limited details on the how it continues. As soon as I can learn more, I will update this post to include what you need to know to best deal with this Windows Errors Scam.

The best and only way to protect yourself from Windows Errors scams and any other telephone scam – do not respond to any telephone calls unless they are from someone you can trust. And do not trust caller ID, as scammers can now buy cheaply and easily equipment that will produce fake caller IDs. The best defense when receiving any call, is to hang up and call back at a number you can verify with a phone book or your own personal knowledge.

Windows Errors scam is only the latest in telephone scams.

Posted in Telephone Scams

Experian Credit Reporting System Hacked – Legally

The Experian Credit Reporting System Hacked – Legally. Yes you heard that right. Experian is doing it’s best to down play their complacency with the possible theft or illegal access to 100s of millions of Americans’ credit files. Yes, there is fear that over 200 million records may have been compromised. With the USA population just slightly over 300 million, it is possible that 2 our of every 3 Americans have been victimized by this corporate irresponsibility.

It appears that a Vietnamese businessman opened an access account with Experian claiming he was a Private Investigator. After being accepted by Experian and paying the fees requester, the con artist was given access to run queries in the Experian Credit Database.

This is a normal occurrence, however, Experian failed to pay attention to the fact that the businessman was accessing millions of records. Not even the police or FBI could have justified doing this many records.

The matter is currently being investigated by at least two State Attorney Generals, with more likely to follow suite in the near future.

The businessman in question was recently sentenced in Federal courts for being involved in operating websites and other methods to sell personal information including social security numbers that could be used for Identity Theft or other criminal activities. The businessman, it appears, obtained the confidential information via a business established under the guise of providing court/criminal records for others. Such services are routinely marketed online under the purpose of allowing people to research romantic loves or possible employees.

It is ironic that Experian actively markets services for credit monitoring and credit protection services while they could be directly linked a massive data breach. Of course, Experian would most assuredly enjoy it if all the affected people were now required or expected to sign up for Experian’s credit protection services.

Of course, the best that consumers can hope for is the classic 1 year credit monitoring services. The problem with that, as exposed by the Target Data Hacking if that crooks can just sit on the information for 13 months and then move forward.

While the government is now screaming murder over this obvious corporate malfeasance, there are have also been numerous cases of government employees leaving computers or data storage devises unsecured. It is time that the government acknowledge that your Social Security number is no longer a private number but a Federal Public Identity Number.

Posted in Corporate Data Hacked, Credit Bureaus