Email in Disguise

The trend of getting voicemail messages through email is opening new doors for hackers to enter computer systems. Scammers are using email with spoofed addresses to hack into business operations, such as wiring money. Today’s office environment provides a perfect setup for a hacker: You hit people when they’re juggling multiple tasks, and you come across as a colleague or customer in an expected environment. We have two examples from our client experiences that show how easy it is for a problem to go undetected. And we have some tips to strengthen your security.

The problem with the voicemails happened while we were on vacation in Hawaii, which has a six-hour time difference with New Jersey. Our client reported getting emails about missed calls – which could have been generated by their voicemail/email system. It’s a growing trend to handle voicemails because phone and email run on the same networks, and sometimes it’s more effective for an employee to click a link and return the call while the message is on the screen.

And that’s how this problem showed up. Every time our client clicked on the link, nothing happened. When we got back from vacation, our first job was to install a new computer for the client. Everything went as planned, but then we got a call that the client only had 11 emails in the system. To make a long story short, it took all day to find all of the emails in a “recovery for deleted emails” folder and restore them – all 75,000 of them. The time was lengthened because we needed to sort them to cull the voice-mail files.

We changed the password immediately to cover the possibility the computer may have been hacked. After that was done, we got a call that our client couldn’t click to return numbers left in voicemails. I left a voicemail, and we were able to get a return call.

The likely issue is that someone from the outside spoofed a known and trusted phone number. The lesson here is that if it happens a second time, don’t click the link. While you may not know if you were hacked or fooled by some malware, you should know that something is wrong and needs attention. The earlier you let us know about it, the sooner we can work with you to mitigate the problem and minimize damage.

A second incident could have been catastrophic. Again, we awoke to find several urgent emails from a client that regularly wires large sums of money to entities worldwide. The incident occurred July 1, when they were preparing to wire nearly $100,000 to an entity. The entity to which they were wiring the money said they hadn’t received their wire in April. That raised alarms. We learned that the amount of money in both transfers was consistent, and the entity to which the money was to be wired could change names from time to time. Everything with the April and July transfers seemed to be within the realm of normal operations.

While we couldn’t get the April money back (the client had insurance to cover it), they were able to halt the July transfer. At the same time, we worked with them to develop new policies to help double-check money-wiring instructions and monitor the process better.

Among the key takeaways from these incidents, you should always be on guard because hackers and cyberthieves are getting much, much better at disguising their identities. When it comes to VOIP and cellular voicemails, it becomes way too easy to click on a number to return a call. That click could direct you to a link that installs some kind of malware. You can write down the phone number and initiate a phone call – much in the same way you can open a browser and go to a website instead of clicking on a suspicious link. In a related matter, the Federal Communications Commission (FCC) is about to force telephone carriers to verify the phone number location of incoming calls. This should reduce – at least for now – phone number spoofing.

Also, be vigilant about looking for anything that looks like a change in your operations or the entities you deal with. Don’t hesitate to pick up the phone and call somebody to verify instructions.

We can help you fight fraud and mitigate security issues in a number of ways, including security assessments and developing and installing rules and policies for critical operations. Call us – 973-433-6676 – or email us for an appointment.

Who’s Your Office 365 Partner?

As an Office 365 administrative partner for almost all of our clients, we have extraordinary access to your systems – and a huge responsibility. You depend on our honesty and competency to keep your systems running and protect you from breaches. Some of our colleagues are not as good about this. Microsoft finally provided some tools to strengthen security.

We’re shocked it took Microsoft so long to do this, but they finally are requiring outside administrators, such as Sterling Rose, to keep two-factor authentication turned on at all times. We instituted this control years ago on all of our administrative accounts.

What brought the issue to a head? When Microsoft Office 365 went mainstream by making the subscription service available to individual users, families and small home-office businesses, it created a lot more accounts for us to service for our clients. It also created a password nightmare.

As administrators, we can go into accounts to see what’s needed to make sure you and anyone included in your subscription can do what’s needed. In most cases, we go in when called on to solve a problem. We are scrupulous about signing out properly, effectively shutting the door to your account on our end, and we have been scrupulous about two-factor authentication to protect access from our end.

In our opinion, the two-factor authentication covers the laziness or carelessness of some IT providers – and it also protects Microsoft from being responsible for any losses of data not connected to a Microsoft meltdown.

That puts the data-protection ball back in our court. We want to make sure you have your side of the court covered, and here are some things you can do. The big thing, of course is to have all of your files backed up. Microsoft OneDrive does this, but we don’t recommend it to be your only storage location. Azure, another Microsoft product, has backup and restoration capabilities, and there are other providers.

On our side of the court, we have two-factor authentication and other tools that fall under the label of cyber resiliency. Through the Information Technology Laboratory of the US Department of Commerce, a three-level approach to cybersecurity is being developed and refined. The first level, of course, is to resist penetration by cybercriminals. It’s an approach that’s been around, but we’ve learned that no defense can be entirely impervious.

Thus, we have two additional layers. One layer seeks to limit lateral movement within a system once it’s been penetrated. The strategies include barriers to gaining permissions to move laterally within a system, a technique that hackers use to get to other systems. Defenses can include time limits to lock out an intruder or limit the amount of data that can be exported from a system under attack. Another defense is to provide misinformation. Another layer of security will allow a system to operate while under attack so that business won’t be disrupted.

This gets us back to why it’s so important that Microsoft hardened its defenses for Office 365. It provides one more defense against penetration. At the same time, it provides another reason for your IT providers to have access to your system.

We have access to some of the tools needed to limit lateral movement within a system, many of them customized to your needs. Call us – 973-433-6676 – or email us to set up an appointment to discuss your needs and implement a plan.

Convenience vs. Competition: What do You Think?

The Department of Justice is beginning an investigation of “big data” companies and their hold on your online activity. This is not intended to be a political rant, but we’d like to know your thoughts on convenience vs. competition.

Here’s the executive summary of the DOJ’s investigation:

  • DOJ is reviewing whether and how market-leading online platforms – Amazon, Apple, Facebook, Google and the rest of the usual suspects – have achieved market power and are engaging in practices that have reduced competition, stifled innovation, or otherwise harmed consumers.
  • The review will consider the widespread concerns about competition that consumers, businesses, and entrepreneurs have expressed about search, social media, and some retail services online.
  • The goal of the review is to assess the competitive conditions in the online marketplace in an objective and fair-minded manner and to ensure Americans have access to free markets in which companies compete on their merits to provide services that users want. 
  • If violations of law are identified, the DOJ will proceed appropriately to seek redress.

The investigation – or review – caught our attention because Amazon’s recent Prime Day blew projected numbers out of the water. Why not? When you want to buy a product, what do you usually do? You use Google to find the best price or fastest delivery, and you generally go to an Amazon website – where Amazon has your address and credit card info on file. Yes, it’s basically one click or just a few, and your shiny new object is on its way – sometimes with same-day delivery.

I admit, that’s how we sometimes shop for products and make our purchase decisions. I don’t know if the size of Google and Amazon limits my choices – or if they limit them significantly. I might never know if a local merchant has a better product, price or customer service because smaller businesses don’t have the numbers to show up in a Google search where I can easily see it. I don’t know if another search engine (not Bing, which is Microsoft) would give me better results because Google is ingrained in my mind. It’s even become a verb.

We recognize that technology and laws are complex fields, and we’ll all have different opinions about what makes a good law. But we’d like your thoughts on competition and convenience. If you would answer a few questions either by return email or by leaving comments for everyone to see, we can share what’s important to us:

  • Do you automatically use Google for product searches?
  • Would you use another search engine if it were readily available and gave the results you needed?
  • Do you go to websites only at the top of a Google search?
  • Do you click on the ads at the top of the search results?
  • Do you go to a product provider’s website directly before or after seeing Amazon results?
  • Do you really care that Google and Amazon are so big that they might be stifling competition and limiting your choices?

Thanks in advance for sharing your thoughts.

Who’s in Your Electronic Wallet?

Complacency is likely to be the greatest threat to your online security. The FBI recently reported that the padlock icon and HTTPS:// in a website cannot be trusted all the time in letting you know a site is safe. With the cost of SSL-TSL certificates falling, it’s cheap for crooks to set up malware sites and lure you in. We’ve discussed on-line shopping security and keeping other transactions secure, but the FBI’s warning compels us to revisit a few ideas.

First, what is an SSL-TSL certificate? The certificate is an acknowledgement that the owner of a website has installed SSL or TSL technology provide secure communications over a computer network. The certificates are granted by third-party providers, such as VeriSign, which is now owned by Symantec. The certificate shows us HTTPS (Hyper Text Transfer Protocol Secure) in a secure website’s URL. You can view the certificate by clicking on the lock symbol on the browser bar.

What do SSL and TSL stand for? In short, SSL stands for Secure Sockets Layer, the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. It’s designed to prevent criminals from reading and modifying any information transferred, including potential personal details. TLS (Transport Layer Security) is just an updated, more secure, version of SSL. Symantec still refers to security certificates as SSL because it is a more commonly used term. SSL certificates can also cover other internet- based communications, and they come in various levels. If you are curious, you can click here to read more from Symantec than you might want to know.

What you should know, the FBI reports, is that cybercriminals are more frequently incorporating website certificates when they send emails that imitate trustworthy companies or email contacts. They’re typically phishing schemes used to acquire sensitive logins or other information by luring potential victims to a malicious website that looks secure.

We’ve published many articles that call for the internet industry to provide more safeguards, but as we’ve always noted, cybercriminals are working just as a hard to defeat current and developing security tools. One industry executive hit the nail on the head by noting that cybercriminals can’t work around an aware user, who has been trained to look for misspellings in the URL of a web page and knows not to trust a padlock icon. Addressing her firm’s corporate business targets, the executive called on organizations to invest in solid, continuing training programs.

We echo the FBI, which says the following (familiar) steps can help reduce the likelihood of falling victim to HTTPS phishing:

  • Do not simply trust the name on an email: question the intent of the email content.
  • If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
  • Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
  • Do not trust a website just because it has a lock icon or “https” in the browser address bar.

The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov. If your complaint pertains to HTTPS/SSL/TSL issues in a phishing expedition, write “HTTPS phishing” in the body of the complaint.

You can protect yourself by being prudent and deliberate when opening emails and clicking on links, and you can support your efforts by installing, updating and using anti-virus and anti-malware protection programs. We work with several trusted providers, including Symantec, and we can help you select and set up the programs that best meet your needs. Call us – 973-433-6676 – or email us if you think your security may have been compromised or if have any questions about online security verification.

New Technology Raises Bottom Line

Presenters at a recent conference we attended hammered home the economic benefits of upgrading your technology. Keeping old equipment running may far exceed the cost of investing in new systems, and here are some of the ways presenters quantified the costs.

In one analysis, the total cost of owning a PC that’s four years or older is $2,397, which is enough money to buy one or more newer PCs. The biggest factors in the cost are repairs and lost productivity, and here’s how they were broken down:

  • Total direct costs for PC repairs and upgrades for computers four years or older are $442. While this doesn’t seem like much at first glance, older computers experience problems nearly twice as frequently as newer ones – and they can drain employee productivity and IT resource efficiency.
  • Lost productivity costs can add up to $1,965 in the example we saw. They used an average of 98 lost hours and an hourly pay rate of $20 to come up with that number.

Your numbers may be higher or lower, but here’s the real question you must ask: What will it cost in lost business when you can’t close a transaction at the time your customer or client is ready to move? If your equipment is balky, your customer or client may balk. Four years seems to be the maximum service life for most technology these days, but your experience might be different.

What does a new computer cost? The range of variables is as wide as the sky, but let’s say $500 to $1,500. The numbers can give you some guidelines for determining how advanced you need your technology to be. In a world where time is money, you should be able to benefit from serving your customers and clients faster – because they benefit from it, too.

Companies that supply computers to businesses find customers want hardware-based features such as electronic pens, which essentially capture hand-written notations without the need for typing or retyping to increase productivity. Other features that increase productivity are faster multi-tasking capabilities – which can include the ability to run certain applications faster as well as switch apps fasters – and faster refresh rates. Businesses consider design (to aid productivity) and security as key factors, too, but performance is top of mind.

This doesn’t necessarily mean everyone in an organization should get a new, feature-filled computer. Today’s range of choices allows you to focus a computer’s capabilities on the needs of each job. A more basic set of tasks can still be accomplished faster with new equipment that doesn’t need all the bells and whistles. The same logic can apply to technology for printers/copiers. Those who need to print or copy more documents than others should have access to faster machines. If you’re the boss and you want to print or copy your own documents, you can tie your computer to a personal printer.

More than just computers and other office technology, your operating system makes a huge difference. And that’s why you should upgrade from Windows 7 to Windows 10 if you haven’t done so already. In a business environment, you can select a level of sophistication to match the needs of groups of multiple users to keep your office workflow up to speed. Windows 10 OS software also keeps you up to date on system security. Microsoft has said many times that Windows 10 will be its last OS. All security and performance advances will come as updates of Windows 10.

Avoid the risk of falling behind because your systems are old, slow and prone to failure. We can help you plan equipment upgrades to maintain or improve your office productivity, especially if you haven’t moved up from Windows 7 – which Microsoft will no longer support after next February. Call us – 973-433-6676 – or email us to set up an appointment to discuss how upgrades can improve your productivity.

More Companies Want Your Collaborative Efforts

Dropbox has entered the collaborative space by adding a host of new tools to help you and teams share files. We see it as a big leap for a company that started as a file-sharing provider, but we don’t see it as the equal to Microsoft OneDrive.

Two areas where we see OneDrive as far superior are cost and feature sets.

The cost of OneDrive is built into the cost of the monthly subscription of Office 365 for all but the most basic plans. For most of our clients, plans range from $5 to $12 per month, and the key benefits are access to the most widely used business and home applications, such as Word, Excel and PowerPoint. The subscription provides updates for security patches and bug fixes and performance and feature updates. OneDrive almost comes across as a throw-in, but Microsoft has recognized the value of keeping its massive user base in the family. What was an extra-cost feature set is now a way to provide tools and features, such as collaboration and file backup tools and useful apps from other providers. We covered some of them last month.

Depending on your plan, the cost of Office 365 with OneDrive includes the ability to store terabytes of files, which can be set up as shared files when needed. Collaborators can make changes, and the files are immediately updated, so everyone knows they are working with the most recent file. This capability has been available through Google Documents and Dropbox, but by keeping it all within Office 365, it’s about as seamless as a process can get.

Dropbox has always made a limited amount of file storage free, now 1 terabyte, but you need to be on a plan if you need more. The cost of the additional storage, for most of our clients, is roughly the same cost as having Office 365 without having the applications and tools included. In effect, you pay twice for the same capabilities.

As for capabilities – and features and tools, Dropbox can argue that by teaming up with Google, Slack and others, you can benefit from a broader range of ideas. Yes, that may be true, but here are two considerations:

  1. In the course of all the things you do, what are the tools and features that matter most to you? If you have Office 365 and it does all that you need it to do, you might be better off keeping it in the family.
  2. For a business or network of volunteers, how much training and retraining do you want to do? Learning a system is a lot like learning a language. The more you use it (or speak it), the better you become. That translates to better productivity.

Yes, Microsoft can be a big, plodding giant, but we believe its standardization works best for consistency, and that’s a huge advantage for businesses and volunteer networks. It’s easier to keep everyone together.

Finally, we like OneDrive’s file transfer capabilities better. Prices for cloud-based services can change at any time, and it can be difficult to move and verify the transfer of large volumes of files. We share a concern that this could make it difficult to migrate from Dropbox because the transfer process is too complex. Part of this may stem from changes made to a computer’s registry, where Microsoft, Dropbox and other applications are waging a war for the limited number of overlay icons to show file status. Each app changes its name to claim a spot in your Registry Editor, which Microsoft allots in alphabetical order. This could potentially create registry problems, which are all difficult to resolve.

We can help you set up OneDrive and transfer files from your computer and Dropbox. Call us – 973-433-6676 – or email us to discuss your options and begin the process.

Trade War’s Perfect Tech Storm

You could see this one coming way off on the horizon. Computer users on Windows 7 are starting to move to Windows 10 as the date approaches in 2020 – it’s eight months off – for the end of Windows 7 tech support. The shortage of chips is starting to abate, but with tariffs looming on chips imported from China (which means just about all chips), prices will rise – possibly affecting supply and demand. We’re finding ways to work around the issues for many of our clients, and we can still keep options open for those who call quickly to get equipment ordered and work scheduled.

For clients still running Windows 7 who have computers with the capability of upgrading to Windows 10, we’ve been able to execute a two-step strategy. Success depends on having a good processor and enough RAM (random access memory). The first step is to install Windows 10, and the second step is to install a new solid-state hard drive (SSD). The combination of the new OS and SSD makes those computers run like new, and that will buy you time to make a bigger investment in a new computer.

The new SSDs we’re using are mostly 256 GB hard drives, and they are providing enough space for users with 500 GB mechanical hard drives – and even some with 1 TB hard drives. For those who need to store a lot of files or may want to store them, we’re installing 500 GB SSDs.

There are two primary reasons why the smaller SSDs work for most of our clients. First, SSDs are a different technology. They don’t require the space to physically access, use and store files. Second, our clients with Office 365 packages, including those with the $5, $8.25 and $12.50 monthly plans, can store files on OneDrive and access them on any device from where they can get to the internet. Personally, I have 32 GB of files on OneDrive and keep only a handful of files on my hard drive.

With OneDrive now making the storage space part of its package and integrating it with Office 365, we believe it is now a better value than Dropbox. While Dropbox has a free plan, it is limited to use on three devices, and it can easily escalate to more than $100 year just by itself. OneDrive also gives you a better feature set, including Mile IQ, which we talked about in our opening letter in the email.

With prices expected to rise because of market conditions and/or tariffs, anyone who can solve their Windows 7 and upgrade issues with a new SSD hard drive can do it at a reasonable cost. A 256 GB drive costs $125, and 512 GB drive is $200. We generally need about 1-1/2 hours of time to set up the drive, including file transfer. While we can’t predict what prices will be in the near or long-term future, we can look at Apple for some guidelines. If a new iPhone costs $1,000, a 25 percent tariff increase will raise the price to $1,250. The supply chain can only absorb so much of the increase for a limited time, and once the prices go up, they won’t come back down.

If you are an Office 365 user, see our article Setting Up and Using Microsoft OneDrive to learn how to get ready for migrating to a new hard drive or computer. We recommend you call us to help you get your OneDrive account set up, and then you can manage the transfer of files on your own.

Again, we urge all who need or want an upgrade to Windows 10 and a better hard drive to call us – 973-433-6676 – or email us to discuss your best migration path, order the required equipment and schedule the work.

Setting Up and Using Microsoft OneDrive

Microsoft OneDrive may be as close as we’ll get to finding a safe harbor in the perfect storm created by the end of Windows 7, chip shortages and trade wars. Even without the storm conditions, it can give you smoother sailing.

We’ve found that OneDrive fits several trends we’ve seen among many clients, including more mobile computing, more collaborative work, and the need to work with larger files across all platforms. For those of you with Microsoft Office 365 plans starting at $5 per month, you get 1 TB of storage as part of your plan. If you need to access a lot of large files, including huge spreadsheets as well as photos, music and movies, this a good place to keep them. You can send collaborators links to any files in your OneDrive folder, and they can make changes, just like people do with Dropbox. This eliminates the need to send emails with attachments back and forth. As an added bonus, files are automatically saved in real time when working with a file in a OneDrive. And, finally, you can get Word, Excel, PowerPoint and other Office 365 apps for mobile devices, enabling you to view, edit and even create documents, spreadsheets and presentations. Granted, it may not be the same as on a computer, but it’s another tool at your disposal.

In addition to being free for Office 365 users, you also get a couple “blow-away” features. One of them is a version history, which is great for tracking financial reports on Excel spreadsheets or changes to Word documents. Instead of saving umpteen million versions, you can go back to a date and see the file as it was. It was meant as an autosave feature for data recovery, but it’s certainly not restricted to that.

We also like Mile IQ, which we discussed in our email for this newsletter. It works on your phone, and it senses motion when your car moves and starts to track miles. At the end of a trip, you swipe right for business use, and left for personal use. You can always go back and add details for each trip you track. It’s not a well-publicized feature, but it’s great. You can sign up through their website.

Installing OneDrive is not a particularly difficult process, but it has a few complexities in the setup. We recommend you have us help you with the setup so that you can work more easily with your file. The first two steps are:

  1. Select the Start button, search for “OneDrive”, and then open it. In Windows 10, select the OneDrive desktop app. In Windows 7, under Programs, select Microsoft OneDrive. 
  2. When OneDrive Setup starts, enter your personal account, or your work or school account, and then select Sign in.

At this point, we’ll help you configure OneDrive to match your needs and get you started on transferring your files. We recommend putting all of your files on OneDrive for two reasons: 1.) You’ll have them there for recovery in case your hard drive crashes, and 2.) you can always select files to put back onto your hard drive.

By having access to all of your files but only having a percentage of them residing on your hard drive, you’ll free up space that will allow a mechanical hard drive to work more efficiently, or you’ll be able to get by with a smaller hard drive.

In operation, you’ll access your files from your OneDrive folder instead of from your File Explorer and work on them through your application program. If you turn on AutoSave, everything you do will be saved in real time, and you’ll never lose data due to a power outage or hard drive crash. Yes, if you lose your internet connection, you’ll lose OneDrive, but you can continue to work on your files and save them. When OneDrive access is restored, the changes will be saved.

If you are getting a new hard drive or computer, we use OneDrive to transfer your files. We believe that if you have an Office 365 plan and if we’re doing the work already, you are better off keeping your OneDrive and using it. You’ll find more benefits as you go along.

Call us – 973-433-6676 – or email us to get your OneDrive set up. If you’re an Office 365 subscriber, it’s there for the taking. If you don’t have Office 365, let’s talk and see if it’s right for you.

Microsoft Goes Passive on Passwords

Microsoft recently announced it will not enforce password policies that require you to change your Windows password periodically. One reason is that most passwords and password changes are pathetic. Microsoft’s Windows Hello can eliminate some password requirements now, and it will eliminate more as website owners and developers catch on. Right now, it’s available for Windows 10 Home and Business users.

Windows Hello logs you into your Windows devices three times faster than a password, using your camera to recognize your face or a fingerprint reader. Just to put you at ease from the start, you can always keep your PIN as a backup.

Windows Hello addresses our biggest concerns with passwords:

  • Because strong passwords can be difficult to remember, many of us reuse passwords on multiple websites. If your password is hacked and works on one site, you can bet that cybercriminals will use it on every site they know you visit.
  • Server breaches can expose symmetric network credentials, which is a technical term for passwords.
  • Passwords are subject to replay attacks, which happen when an attacker copies a stream of messages between two parties and replays the stream to one or more of the parties. Consequences can include redundant orders of an item.
  • Users can inadvertently expose their passwords due to phishing attacks.

We’ve cited all of them in one way or another when discussing the need to be extremely careful about what you click on a website or in an email.

Right now, Windows Hello lets you authenticate access to:

  • A Microsoft account
  • An Active Directory account
  • A Microsoft Azure Active Directory (Azure AD) account
  • Identity Provider Services or Relying Party Services that support Fast ID Online (FIDO) v2.0 authentication, which is now an official web standard for making the web more secure – and usable – for users around the world

The last item in that list will be the key to implementing better security for everyone who has a presence on the internet. Even though we have a way to go before it’s fully implemented, Hello can give you a head start.

After an initial two-step verification during enrollment, Hello is set up on your device. Windows asks you to set a gesture, which can be a biometric, such as a fingerprint, or a PIN, which Windows uses through Hello to authenticate users. It works across all Windows 10 devices. Individuals can create a six-digit PIN or a biometric on their personal devices. Unlike the business application, it is not backed by a public/private key or certificate-based authentication, but it’s still more secure than passwords.

PINs provide better security because you still need the device to access websites – or ATMs. Someone may know your number, but unless they have your device or ATM card, they can’t get access.

For businesses, we’ll help you set up Hello for your organization, including setting policies to help you manage access to computers and mobile devices. This will eliminate the practice of employees in an office putting their passwords on sticky notes that they attach to monitors. (Did you ever stop to think that anyone in your cleaning service can empty your data files as easily as they empty your trash cans?)

In our opinion, Hello is the most compelling reason to update your Windows 10 operating system or upgrade from Windows 7 to Windows 10. Again, we can’t over-emphasize that Microsoft will discontinue its technical support for Windows 7 in February 2020, and that will leave security holes in an already out-of-date, obsolete OS.

Windows 10 will step you up to the next level of security and protection and put you on track to take advantage of advances as they happen. Technology changes fast, and security improvements are always significant. Call us – 973-433-6676 – or email us to talk about upgrading to Windows 10 or adding Hello to your personal or business systems.

DIY and a Scam

When one of our clients decided to add a Wi-Fi extender in a home office, she contacted a phone number that purported to be a helpline from the manufacturer. It wasn’t, and it opened up a door for someone to gain access to sensitive information.

We’re certainly not opposed to any of our clients buying and installing their own technology. It can save you money and give you a better understanding of how your technological systems all fit together to make your life better. But there are a few things everyone should be aware of when they start the process – because you may not discover a problem until some damage has been done.

In this case, our client bought and set up a network extender from Netgear. She needed to strengthen an in-home network to accommodate her mother’s computer, and this was a reasonable step. When she ran into a problem, she called the manufacturer for help – or thought she did, and this is where problems began.

She said she called the phone number on the extender’s box. We won’t quibble. It could have come with a Google search. The lesson is more important than any finger-pointing. One of the problems with a Google search is that companies can place advertisements to show up above the “natural search” results. In times of stress, it’s easy to mistake an ad for a search result, and you click it. Both the advertiser and Google benefit from the ad; you visit a website you wouldn’t have otherwise gone to, and Google gets paid for directing you there. That’s business.

But when the advertiser is, shall we say, shady, it’s an ideal way to lure somebody into a scam. That’s what happened here. Our client clicked on what she thought was Netgear customer service but went to a website called Trucept. They walked her through a setup and told her she had no virus protection. She paid $300 for a package that included five years of security protection. That’s likely how they got into her network and likely were able to hack her mother’s computer.

Unbeknownst at that time, her mother started to receive online banking messages about owing a lot of money. That’s when we got a call. We told our client to shutdown her mother’s computer immediately and to call the bank. Then, we went to the Trucept website together, and to our experienced – and skeptical – eye, it had the look of scam all over it. Some of the telltale signs we saw were:

  • An address for a residence in Queens Village, NY
  • Lots of misspelled words
  • A PC Max Ultra Prime package for $800 with no customer reviews
  • A policy that requires two days before you ask for a refund (which gives them time to access a computer)

We were able to clean up her system and her mother’s. Now let’s look at things going forward.

First, be very careful about what you find on the internet. In the heat of trying to get something done in our overstressed lives, it’s easy to overlook something – especially a Google ad that looks like a search result. Take a deep breath before you click.

Second, get help from someone you know. It doesn’t have to be us. Call a friend. Go on Nextdoor Neighbor or Facebook and ask for a recommendation. Just don’t call a stranger out of the blue.

Third, only pay with a credit card for an online service. Credit cards have a mechanism in place to reverse charges. Processors record an IP address for every transaction, and they can tell where it took place.

We can help you install new systems or devices in your home or office, either in person or – typically – by walking you through the process. Call us – 973-433-6676 – or email us for an appointment or a walkthrough.