Living and Growing with Technology

We have kids and grandkids who have never known life without wireless technology, and now we’re moving on to AI. Whether you’re a business or a family with an array of technology comfort zones, there’s an array of paths you can follow to help you keep it all together.

I believe one of our biggest dangers with technology is online shopping. Did you see who had the most ads? According to my observations, it was Temu, the Chinese shopping site. What’s the red flag? There are two: 1.) data collection and 2.) legal recourse.

With every purchase you make, Temu collects a tremendous amount of personal data, including, of course, the credit card number you use to buy stuff. AI, which is really the use of superfast computers that can digest and regurgitate massive amounts of data, makes it possible to analyze every aspect of your shopping preferences. Even if you guard the privacy of your data persistently and diligently, some well-programmed AI can find out things you never knew about you. Conceivably, it helps Temu and similar websites present you with product choices and price points that will generate a purchase.

And because Temu is based in China, it operates under Chinese law, not US law. Not only will you not have the same legal recourse in China to protect you from financial loss, you likely won’t have the same regulatory protection about what data is collected and how it’s protected.

Another convenience we like is setting up automatic payments for products or services that are linked to our credit card or bank account. It’s a convenience for consumers and providers, and you can sometimes get a discount for automatic payments.

I dread the day my payment info gets hacked, and there’s no convenience factor that makes it worth the risk of being hacked. If you agree, there are two critical steps you can take to minimize your risk: 1.) Reset your login credentials for your financial accounts and the sites that draw automatic payments. 2.) Set up two-factor authentication (2FA) for every website account that offers it; biometrics and text messages to a device only you can access are best.

Biometrics can include facial recognition, and it offers the best combination of safety and convenience, especially for phones and tablets. Unless somebody has stolen your device and used your digital passcode to get into your settings and take a picture of themselves to reprogram your facial ID, only you can respond. Using a mobile device for a text is good because you should have the device in your possession for the authentication process. The use of authenticator apps such as Microsoft Authenticator or Google Authenticator is a good step.

Younger people typically take more easily to these new authentication methods, but those who are older or not entirely comfortable with technology should find them easy to use once they’re properly installed and configured.

Staying with the theme of age and technology, we have an elderly client who had some issues with a new computer. We tend to think older people are more comfortable with a computer, but we found the client preferred to have a second iPad. We associate iPad and iPhone use with younger people who can easily adapt to a different way of doing things with really quick thumbs. But there are keyboards for any mobile device, and those who use hearing aids can take advantage of Bluetooth with their devices.

The biggest challenge with using a tablet or phone in place of a computer is setting up ways to download, store, and use files with apps mostly associated with a computer. Multitasking is more difficult with a tablet or phone, but we can accommodate most needs for most people.

With tech playing such a large part of everyone’s business and personal lives, it makes sense to tailor the technology to the person rather than the other way around. If you or someone you know has special technology needs, call us – 973-433-6676 – or email to discuss ways to make technology work.

The IT Guy Stumbles, Too

Those of us in the IT field are subject to the same pressures as everyone else, and we can stumble just as easily as anyone when we’re rushing to leave on vacation – or a business trip. Here’s the story of how I almost blew it – and I’m stickin’ to it. Let it serve as a lesson for you.

It was the Friday before we were leaving for our latest (hopefully not last) family vacation (Charlie will be college-age next summer), and I was in a rush to close all our business and personal affairs before leaving the next morning. I got a call on our home landline purporting to be the bank for our main credit card wanting to question charges from Walmart and Malaysian Airlines. With one foot out the door, I wasn’t thinking straight. They said I could have a new card in three or four days, but I said I needed one tomorrow morning because we were leaving for vacation. When the caller said they’d need a supervisor to call me back, I started to think maybe the call wasn’t legit.

This was a prime example of how we get caught. Credit card fraud is a major problem that’s hit just about everyone in the world. A call like that is no surprise. When I took a deep breath, I hung up the phone, went online to my bank, and looked at my account. There were no pending charges from either place. Had I stayed on the phone call, well, I don’t want to think about it.

One problem with phone calls today is that even if you see a symbol, such as a checkmark (√) or a V in parentheses (V), it may be a spoof. It’s easy to spoof any phone number, so don’t believe it is legitimate because you see a symbol. We don’t pay attention to possible pitfalls when we’re rushing to get things done before a vacation or a business trip. We need to take a deep breath and step back before we act. Otherwise, we could come back to empty bank accounts.

One of our clients almost made a similar mistake when they got a text message about an ambulance bill. The client had gone to an urgent care, and doctors there determined they should be taken by ambulance to the emergency room. The text said their insurance carrier had declined the claim, and there was a link they could use to pay the bill. After staring at the text – after almost clicking the link to see what was going on, they looked on their carrier’s website and found no mention of the ambulance ride. The really scary part is how someone knew our client had an ambulance ride from a specific company on a particular date.

If you do make a mistake, you should call your credit company’s or bank’s fraud line and report it immediately. If you can’t get through, go online through your browser and file a report. You can usually block action on your credit card with the click of a button.

If you fear a breach, you can call us – 973-433-6676 – or email us for help. We can start to put the pieces of your puzzle together to see where your system may have been breached through your computer or mobile device and help you rebuild your security system.

The Great Credit Card Conundrum

We rely on credit cards and other cashless forms of payment as business owners and consumers. As a result, we roll points, cash-back schemes and fee schedules into decisions about what we use and what we accept. We have our thoughts, but what are yours?

Here are ours.

We’re seeing more fees as a business and as a consumer. As a business, we can absorb fees on small amounts, but for large amounts, the fees are too large. In one recent month, we collected $4,300 in credit card sales and paid almost $67 in fees. We realize there’s a convenience factor that makes sense for us to pay the fees. We don’t have to spend time (which has a cost) to stamp checks and then use a mobile banking app to deposit each check. We can take the stamped checks to the bank, but that’s travel time. If you have a business, what role do fees play in your decision about whether to take a credit card?

Of course, if you have a business with walk-in traffic, you can get a break on fees. But that only works up to a point. For example, if you buy a car for $35,000, it would be nice to pay with your credit card and earn points or cash back. But if you’re the car dealer, you’ll absorb fees in the neighborhood of $1,000. Neither party in that deal benefits; only the bank benefits. How do you navigate this as a consumer or business?

Many nonprofits ask you to absorb the fee when you make a donation. Do you check the box to pay the fee?

In your business, do you prefer an alternative to credit cards, such as an ACH or a check? One benefit of taking a credit card is that can streamline your accounting system.

As a consumer, do you sometimes balk at putting your credit card number on the internet when you buy online or over the phone? If you’re afraid of having your credit card info exposed to hacking by entering your card on a website or giving it out by phone, you should know that a transaction in a store or office involves using the internet, and someone in that chain can be hacked.

You should also know that anyone who takes your credit card number by phone is NOT allowed to write down the full card number. They should be entering it on another website that will display only your last four numbers once it’s verified.

We are seeing one advance in using credit cards – or their numbers – in restaurants. We’ve never liked the fact that servers take your card to a location you can’t see to enter your card info. That disappearing act is the most serious threat to your card’s security. Having your server process your card at your table is better, but then your server is standing over you while you decide on the tip. That’s uncomfortable.

A better solution involves the use of your phone. When your server presents your bill electronically, there’s also a QR code you can scan. That puts it all on your phone. If you are set up to pay through your phone, you can add the tip and pay the bill without ever pulling out your physical wallet.

As we move farther into a cashless society, we can help you – as a business or consumer – to set up your technology to be more efficient and secure. And we can answer any questions you may have about how to use what you already have. Give us a call – 973-433-6676 – or email us.

Facebook and Apple Fight is About Monetizing You

If you’ve downloaded and installed Apple’s iOS 14.3 update for iPhones and iPads, you’ve put yourself in the sights of Facebook and Apple. Called “App Tracking Transparency” feature, it labels apps in the App Store, telling users what data those apps collect and whether it’s used to track them for advertising. Facebook, which makes its money from advertising, says the feature will harm small businesses that rely on targeted online advertising.

In many cases, you’re worth pennies on the dollar, but there are hundreds of billions of pennies at stake. And while both sides try to cloak their stands in privacy and free enterprise, it’s really about “fee enterprise.”

The gist of Apple’s policy is that when you download an app from the App Store, your activity on the device can’t be tracked unless you give permission. Until now, you had to opt-out to avoid being stalked electronically online. Most people usually ignore the opt-out/opt-in option, and Facebook and other web-based operations have made a lot of money by tracking you and selling the data to companies who want to sell something you want – or have indicated you may want.

According to a recent article in Forbes, Facebook itself estimates a 60-percent swing in advertising effectiveness between targeting and non-targeted advertisements. Facebook’s ad charges the article notes, will presumably match its ad-placement effectiveness. With the company controlling about 25 percent of a $40 billion online U.S. advertising market, up to $6 billion in annual revenue is at stake in the US alone. Google and Amazon also profit immensely from tracking you and selling your data.

The bottom line is that anyone who opts out is 60% less valuable than a regular customer, and that’s part of legal proceedings before the Federal Trade Commission and in 48 states. Apple, of course, has been taken to task for its practices in handling App Store operations, including who gets to put apps there, and other technical issues. They’re not saints, but that’s a separate issue from the Facebook issue.

The Forbes article likens Facebook’s operations to Ladies Night at a nightclub. On Ladies Night, clubs let women in for free expecting that they will attract men who will pay a cover, as well as spend money on the women and themselves. In a similar way, Facebook provides users with free services in the hope that advertisers will spend money on them. Facebook is like the owner-bartender who, for $10, will tell you everything he knows about a particular woman, including her relationship status and favorite drink.

I can’t speak for how a woman might feel after reading this, but anyone can feel some outrage about being put on display and sold. Yet at the same time, we’re looking for new and interesting products or services when we go online, and we may be open to new ideas when they’re presented to us. To me, that’s Facebook’s argument. You might view Apple as the guy who senses harassment and comes over to “protect” you.

To expand the transparency/privacy conversation, you have choices. You are able to use search engines and plug-ins that block unwanted ads while you browse the web and visit sites. Websites are fighting back by not allowing you access unless you unblock the ads on their site. You may not like the choices. You may not like sacrificing privacy for convenience or vice versa. But this is all part of the opt-in/opt-out battleground over who gets to profit from you.

If you have any questions about how to configure apps to meet your privacy or convenience needs, we can help. Call us – 973-433-6676 – or email us for an appointment to walk you through the process.

The Ill Winds of Solar Winds

Look for a continuing fallout from the breach of Solar Winds, the giant technology management company that was responsible for the high-level federal government systems that were hacked last year. The hack is top of mind because some of our most sensitive systems were hacked, but businesses were affected, too. It’s time to look at the world of big data management.

The lesson we all need to learn from the hack of Solar Winds is that nothing is truly, truly safe. We don’t know where government agencies and private industry systems were breached – and how badly they were breached – and when it comes to the government systems, we’ll probably never know. But I don’t think we’re going out on a limb by saying that 1.) Solar Winds will need to work extra hard to regain the confidence of customers (and their customers, too) and that if 2.) they don’t succeed in repairing their systems and reputation, they’ll join a lot of other companies on technology’s garbage heap. From our various industry contacts, we had heard customers wanted to leave Solar Winds for reasons other than security.

The big data management companies should be subject to much more scrutiny by government oversight and by their customers. Strict government oversight similar to what we do to monitor CIA activity is necessary because of the extremely critical and sensitive nature of government work. Industry regulation is required to set standards for performance and accountability.

How much oversight and regulation are needed is a political question. What is not political is the need to keep our systems secure and, where possible, insist on transparency in letting us know when things go wrong. Dependency is critical because every system is so intertwined. It’s easy to see it if you look at it like a wheel. In the case of Soar Winds, look at them as the hub, and then look at every organization in their customer list as spokes connecting the hub to the rim. The rim is everyone who does business with any one of the spokes.

Solar Winds and its customers are not the first victims of sophisticated hacking, and unfortunately, they won’t be the last. Google has experienced problems, including an email issue last month, and Microsoft has had its share of issues. Look at what our nation went through with security for our elections.

As individuals we can demand that big data management companies take greater care, but we also need to own our security and asset protection. A lot of it is technology-based. We’ve implored everyone over the years to keep all operating systems, networks and application software up to date – to make sure you download and install updates, security patches and bug fixes. We’ve implored everyone to have all data securely backed up and to have a plan to get your assets – like money in your bank account – when you need them.

Beyond that, be critical of information requested when you fill out forms. Why does somebody need your social security number? Even for a job application, does your prospective employer need that information before they’re ready to do a background check or pay you? Don’t be afraid to question a request or demand a satisfactory answer. For companies where you have critical relationships, like your bank, maintain personal contacts. Know that you can pick up a phone and actually talk to a real human being when you’re concerned about your asset. We can help you with the technology part of security. Call us – 973-433-6676 – or email us for a security audit or to discuss applications and processes that can keep your computers as safe as possible when a big data manager is breached.

Who’s in Your Electronic Wallet?

Complacency is likely to be the greatest threat to your online security. The FBI recently reported that the padlock icon and HTTPS:// in a website cannot be trusted all the time in letting you know a site is safe. With the cost of SSL-TSL certificates falling, it’s cheap for crooks to set up malware sites and lure you in. We’ve discussed on-line shopping security and keeping other transactions secure, but the FBI’s warning compels us to revisit a few ideas.

First, what is an SSL-TSL certificate? The certificate is an acknowledgement that the owner of a website has installed SSL or TSL technology provide secure communications over a computer network. The certificates are granted by third-party providers, such as VeriSign, which is now owned by Symantec. The certificate shows us HTTPS (Hyper Text Transfer Protocol Secure) in a secure website’s URL. You can view the certificate by clicking on the lock symbol on the browser bar.

What do SSL and TSL stand for? In short, SSL stands for Secure Sockets Layer, the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. It’s designed to prevent criminals from reading and modifying any information transferred, including potential personal details. TLS (Transport Layer Security) is just an updated, more secure, version of SSL. Symantec still refers to security certificates as SSL because it is a more commonly used term. SSL certificates can also cover other internet- based communications, and they come in various levels. If you are curious, you can click here to read more from Symantec than you might want to know.

What you should know, the FBI reports, is that cybercriminals are more frequently incorporating website certificates when they send emails that imitate trustworthy companies or email contacts. They’re typically phishing schemes used to acquire sensitive logins or other information by luring potential victims to a malicious website that looks secure.

We’ve published many articles that call for the internet industry to provide more safeguards, but as we’ve always noted, cybercriminals are working just as a hard to defeat current and developing security tools. One industry executive hit the nail on the head by noting that cybercriminals can’t work around an aware user, who has been trained to look for misspellings in the URL of a web page and knows not to trust a padlock icon. Addressing her firm’s corporate business targets, the executive called on organizations to invest in solid, continuing training programs.

We echo the FBI, which says the following (familiar) steps can help reduce the likelihood of falling victim to HTTPS phishing:

  • Do not simply trust the name on an email: question the intent of the email content.
  • If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
  • Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
  • Do not trust a website just because it has a lock icon or “https” in the browser address bar.

The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov. If your complaint pertains to HTTPS/SSL/TSL issues in a phishing expedition, write “HTTPS phishing” in the body of the complaint.

You can protect yourself by being prudent and deliberate when opening emails and clicking on links, and you can support your efforts by installing, updating and using anti-virus and anti-malware protection programs. We work with several trusted providers, including Symantec, and we can help you select and set up the programs that best meet your needs. Call us – 973-433-6676 – or email us if you think your security may have been compromised or if have any questions about online security verification.

DIY and a Scam

When one of our clients decided to add a Wi-Fi extender in a home office, she contacted a phone number that purported to be a helpline from the manufacturer. It wasn’t, and it opened up a door for someone to gain access to sensitive information.

We’re certainly not opposed to any of our clients buying and installing their own technology. It can save you money and give you a better understanding of how your technological systems all fit together to make your life better. But there are a few things everyone should be aware of when they start the process – because you may not discover a problem until some damage has been done.

In this case, our client bought and set up a network extender from Netgear. She needed to strengthen an in-home network to accommodate her mother’s computer, and this was a reasonable step. When she ran into a problem, she called the manufacturer for help – or thought she did, and this is where problems began.

She said she called the phone number on the extender’s box. We won’t quibble. It could have come with a Google search. The lesson is more important than any finger-pointing. One of the problems with a Google search is that companies can place advertisements to show up above the “natural search” results. In times of stress, it’s easy to mistake an ad for a search result, and you click it. Both the advertiser and Google benefit from the ad; you visit a website you wouldn’t have otherwise gone to, and Google gets paid for directing you there. That’s business.

But when the advertiser is, shall we say, shady, it’s an ideal way to lure somebody into a scam. That’s what happened here. Our client clicked on what she thought was Netgear customer service but went to a website called Trucept. They walked her through a setup and told her she had no virus protection. She paid $300 for a package that included five years of security protection. That’s likely how they got into her network and likely were able to hack her mother’s computer.

Unbeknownst at that time, her mother started to receive online banking messages about owing a lot of money. That’s when we got a call. We told our client to shutdown her mother’s computer immediately and to call the bank. Then, we went to the Trucept website together, and to our experienced – and skeptical – eye, it had the look of scam all over it. Some of the telltale signs we saw were:

  • An address for a residence in Queens Village, NY
  • Lots of misspelled words
  • A PC Max Ultra Prime package for $800 with no customer reviews
  • A policy that requires two days before you ask for a refund (which gives them time to access a computer)

We were able to clean up her system and her mother’s. Now let’s look at things going forward.

First, be very careful about what you find on the internet. In the heat of trying to get something done in our overstressed lives, it’s easy to overlook something – especially a Google ad that looks like a search result. Take a deep breath before you click.

Second, get help from someone you know. It doesn’t have to be us. Call a friend. Go on Nextdoor Neighbor or Facebook and ask for a recommendation. Just don’t call a stranger out of the blue.

Third, only pay with a credit card for an online service. Credit cards have a mechanism in place to reverse charges. Processors record an IP address for every transaction, and they can tell where it took place.

We can help you install new systems or devices in your home or office, either in person or – typically – by walking you through the process. Call us – 973-433-6676 – or email us for an appointment or a walkthrough. 

Rule Your Email

We recently had to help a client resolve a rules-based email hack. It seems that hackers were able to change the rules in the email system to forward email to their own site and respond – and they could activate or deactivate the rule at will.

The problem showed up when our client’s clients were flooded with messages about sharing files. The client normally does share files – and so do we; it was the volume that grabbed their attention. Fortunately for everyone in this email chain, we were one of those who got caught up in the problem, and that helped us understand what was going on.

The hackers changed the rules for handling emails. They were able to intercept emails and then send new messages to the original senders with a request to share files. The requests, of course, looked like they were coming from our client. Sharing those files gave the hackers access to the computer systems of anyone who responded to that request.

We were able to go in and fix the rules that affected our client’s system. It wasn’t particularly difficult to do once we identified the problem. But what can you do solve the problem and/or prevent it? The answers won’t surprise you.

  1. Everyone who uses email should make sure you have strong, secure passwords for your email – and for your network, too. We find that in most cases, our clients who get hacked have simple passwords that are easy for hackers to figure out. So, the best thing you can do before anything else is to change your email password and make sure it’s strong – upper and lower case letters, numbers and special characters.
  2. Make sure your anti-virus and malware software is up to date and running
  3. If you see something that looks just the slightest bit out of order – different writing or phrasing or spelling mistakes – don’t click on a link. Don’t reply to the email, either. If you have a question, pick up the phone. Alexander Graham Bell invented the telephone in 1876, and the cell phone was introduced April 3, 1973. Telephones in any technology are proven to connect – and with rare exceptions, they’re private connections
  4. Forward the suspicious email to your IT provider. Those of us in the business share a lot of knowledge, and we have a good chance of determining if the request to share is legitimate or where there could be problems
  5. Call us to look at your email setup and see what rules might have been placed on your account without you knowing it. Even if you’ve changed your password, hackers still have ways of planting malware. We can see if you have malware or a virus and help you get rid of it.

In the final analysis, it’s up to you to rule your email inbox. We can help. Call us – 973-433-6676 – or mail us if you have any questions or need help.