The SOHOMike Blog

February 1, 2012

Of Pinterest to All

Filed under: Nonprofit Notes,SoMe — Michael Cabral @ 12:00 AM

Some of my clients love shoes. Some of my clients sell shoes. Both have an interest in shoes, albeit for different reasons, but that commonality may help a customer and a vendor become sole-mates. But how do you find those commonalities? That has become the bastion of Social Media. Through Walls and Tweets, people follow like-minded people and topics to become aware of things that are of interest to them.

Enter Pinterest, the latest, and by some accounts, fastest growing SoMe (that’s Social Media, if you still don’t know) port-of-call. The name is a portmanteau (I did well in the Using Big Words quiz) of Pin Interest. The idea is a virtual… Excuse me, it is a cloud-based interpretation of the idea of a corkboard and pins. You take things that interest you, and pin them up on your board. Other people can look at your pinnings and share them by re-pinning. From what I can see, you pin up pictures basically and add text to the images to make them meaningful. Others may look at your pinnings and then re-pin them.

So, if you sell shoes, you might pin up your latest shoe images. Someone may like them, and re-pin them. Eventually, a retailer or customer may come across the images and decide to contact you about the shoes. This seems great for industries where you might sell into a specific demographic like seniors or up-scale retail.

Pinners don’t have to be individuals. Your “brand” or an entity, can create a Pinterest account. This could be a great way to promote your SOHO business’ products and services. Nonprofits should also consider investigating Pinterest to promote their agency’s mission. According to an article I read, National Wildlife Federation, Amnesty International, SFMOMA, Water.org, and the AARP are already participating in Pinterest. A great getting started tutorial specifically geared to nonprofits can be found at Nonprofit Tech 2.0. However, the tips and tricks of getting going on Pinterest are just as applicable to anyone interested in this new SoMe service.

Phew! A Quiz from Pew!

Filed under: SOHOMike — Michael Cabral @ 12:00 AM

You know the Pew Research Center. They do all those big, important surveys and studies about society and issues that effect the very course of world events. Well, apparently, they also do fun stuff, too. So, a tip of the hat (Does anyone tip their hat? Really, why do we still use this term?) to Jean for sharing this survey with me. Go ahead and answer the burning question: How Millennial Are You?

Millenials, according to Dictionary.com, is the collective name given to persons who were born in the 1980s and 1990s. They are the young people entering the workforce, driving cars, and making advertisers and marketers nervous. They’re the people who will Google Map directions when you ask them where something is, and offer to bump them to you. They are ones who will laugh out loud when you say that you can’t get to your computer to check your e-mail, and then ask you what’s wrong with your phone. To them there are two kinds of phones: phones and landlines like grandma has; there’s no such thing as a cellphone or smartphone—that’s a phone. Oh, OK, there are softphones, too, but let’s not go there, shall we…?

The quiz is relatively short, offering the quiz taker 14 multiple choice questions. Some of the questions are easy to answers, while other might take a few seconds of thought. At the end, the quiz taker is instantly given their results, which you could probably print out and proudly put in a frame to hang on the wall. However, others of you will upload the results to your phone, and share them via Social Media.

SOHOMike's Millennial Quiz result

The above graphic is my score. Full disclosure: I scored much lower on the How Gangsta Are You quiz.

January 1, 2012

Sorry, Right Number!

Filed under: Threats and Scams — Michael Cabral @ 12:00 AM

A colleague (thanks, Lionel!) has alerted me to a new scam that has already targeted his clients. This scam involves a telephone call to the victim. So, this is a bit different in that the scammer is not using an e-mail blast to initiate the scam. The telephone call supposedly comes from Microsoft, although in doing some research on this there have been reports of the caller identifying themselves as working with Windows. In any case, the caller goes on to explain that the victim’s computer has been identified as being infected with something, which is causing the computer to do something bad on the Internet. Since the scam seems to have morphed a bit since it first appeared, the “something bad” might include sending out error messages to sending out SPAM.

In earlier iterations of the scam, the victims is then instructed to look in the computer’s log, which we tech-types know as the Event Viewer, to see if there are any errors. And, as we tech-types know, there always are. Some of the errors listed are negligible or transient, and do not effect the working of the computer. But the person on the phone will indicate that these are grave errors, and they are being detected by the caller’s company. Later postings show that the caller will direct the victim to a website, which will then run a diagnostic on the system. As you may guess, the “diagnostic” reveals a host of serious errors. But not to worry, the caller assures the victim, these things can be taken care of—for a price.

Some of my SOHOBE clients are very familiar with this type of scam. It resembles the fake virus and malware detectors that have breached more than one of my clients’ systems. What’s notable here is that the telephone is being used to perpetuate the scam. Even in this day and age, there is a sort of trust placed in getting a telephone call and that the call will be legitimate. If the person on the other end of the phone line says they’re from, say, Microsoft then that must be true, right? Well, maybe. But how would you know? How could you check that? You can’t. You would need to take the person’s word for it.

But aware that it’s fairly easy nowadays to get a VoIP phone number. The person who is getting the phone number does not have to be in the state that the phone number is requested. For example, SOHOBE in Rhode Island could obtain a phone number with an area code and exchange that would make it seem like it’s calling from Redmond, Washington. Redmond, by the way, is where Microsoft is based. More capable VoIP systems knows as Virtual PBX would even allow SOHOBE to control or customize the Caller ID data sent to the other person’s telephone. So, just as e-mails can be “forged” to make them seem like they’re coming from someone you know, or a company that you deal with, when in fact they’re not, telephone data can be misrepresented, too. Gone… Let me emphasize that a bit more strongly: long gone are the days when the telephone and its system were rigidly monitored by one company, or policed by one country’s rules. In my example above, SOHOBE could theoretically get a phone number in England, which would make it seem like it placed calls from there.

In past editions of the SOHOBE Newsletter, I’ve often cautioned against being too willing to believe what you read or hear. So, here’s a quick and by no means exhaustive list of things to consider when you encounter something suspicious or unexpected.

  • Microsoft does not contact people about potential security breaches on the user’s computer.
  • Microsoft will not send you an e-mail advising you to click on a link to download a computer update or what is known as a Service Pack.
  • Adobe will not contact you by e-mail about updating any of its products, such as Adobe (Acrobat) Reader, or Flash.
  • Adobe will not charge you for a PDF Reader update or upgrade. Adobe Reader, as it is currently known, is free.
  • People cannot identify your credit card by the first 4 digits. The first 4 digits only tells the system what kind of credit card is being used. Bogus customer service schemes use this ploy.
  • Sudden “newsletters” that show up in your In Box probably contain scam information. Microsoft and Adobe, like so many companies, do send out newsletters. But, in general, they only send out newsletters to customers that they have a working relationship with.

Microsoft probably won’t call you if there’s a problem with your computer, but your ISP (Internet Service Provider) might. It’s the people who provide you with Internet access that can associate a customer with a particular computer’s use of the Internet. Still, be highly skeptical of any telephone message instructing you to return your ISP’s call, or to go to a certain website. Instead, call your ISP (i.e., Cox Cable, Comcast, Verizon FiOS, etc.) directly using the phone number for Tech Support and ask them to help you. Do not trust the telephone number given in the message, since it may be bogus! If the call was legitimate, they’ll have a record of it listed.

What happens if you are talking to the person, and it’s not a VM (Voice Mail) or recorded message that you’re responding to? Be skeptical! Do not give out information. The caller should have all the information about your account in front of them. They should not be leading you on to fill-in-the-gaps. Remember, they called you. Watch out for the First Four Numbers credit card trap. Watch out for the representative getting information wrong, and then telling you that are multiple answers they could provide you. For example, they may tell you that you have multiple credit card numbers or contact addresses on file. Get a name, a company name, and a telephone number from the caller. Then hang up and call the company they represent using a phone number that you were given when you took out the service. Don’t trust the telephone number you are given during the telephone call to be real.

My feeling is that when any company contacts you in whatever fashion, the burden of proof of authenticity is on them. If the Electric Company called you and threatened to shut off your power unless you gave them credit card information, you’d be highly suspicious At least you should be, especially if you had not gotten any information before hand that there was any sort of problem. So, too, be very suspicious of any seemingly random caller. Demand to know exactly who you’re talking to, and the company they represent. Get a telephone number from them. Write down the Caller ID number. For example, the bogus phone number that is currently being used is (510) 374-4990. Then hang up. Don’t feel pressured to continue the conversation. Call the company in question using their main customer service number. Do not use the number your were given by the caller. Don’t feel obligated to call a company that you have no relationship with.

Remember, as high-tech as schemers become or as the methods they use become more sophisticated, they still have to trick you into going along with the scam. It just might be low-tech gut feeling that will help prevent such a breach.

December 1, 2011

12 (Cyber) Scams of Christmas

Filed under: Threats and Scams — Tags: , , — Michael Cabral @ 12:00 AM

The McAfee company has tailored the popular 12 Scams of Christmas list for the Internet crowd. For those of you not familiar with the 12 Scams of Christmas, it is a listing of ways in which bogus merchandise, charities and payment methods are used to fleece holiday shoppers during the season. It attempts to provide a guide of common sense observations to help prevent theft during a time when the frantic shopper may toss caution to the wind, and unwittingly cash as well. One of the more famous of these is Jason Steele’s list from Money Talks News.

The McAfee company has come up with their own list of the 12 Cyber Scams of Christmas for those of us squarely facing the holidays with a 21st century attitude. Much of the list seems pretty standard fare as being everyday Cyber Scams. But it goes to the heart of the matter that even with all the information out there about protecting your privacy and detecting bogus offers, people are still falling for these ploys. It seems that there is something about the holidays that causes people to put their skepticism”on hold,” even in Rhode Island. There are two good Cyber Scam lists that contain a great wealth of information, and I’d say that they’re recommended holiday reading for my SOHOBE Newsletter readers. The first is by MSNBC’s Suzanne Choney. Her article claims that scams involving incredible pricing on iPads make up a good part of the scammers ploys. The second is from the McAfee consumer blog (see last month’s SOHOBE Newsletter about what is a blog) authored by Robert Siciliano. The McAfee article is good reading for anytime of the year, really, as it contains a lot of common sense information about the kinds of scams which we receive in our Inbox all year long.

One additional resource isn’t really an article, it’s an infographic. An infographic attempts to provide information to its audience in a more pictorial format. However, infographics are as varied as the subjects they represent, so pinning down an infographic definition is difficult. See for yourself by clicking here for a veritable cornucopia of Cyber Scam data!

And so it made me realize that much of the skullduggery (a word I’ve always wanted to use—besides cornucopia) should be pretty commonplace. E-mails from questionable sources with equally questionable claims seem to be a leading contender for top scamming tactic. It’s doubtful, for example, that Amazon would be sending me an e-mail about a wonderful offer, especially since the offer is being e-mailed to an account that I never use for shopping at Amazon. I also doubt that Amazon would dilute their brand by using a near-named website. I expect to see the URL or e-mail address contain amazon.com in it, but would be totally suspicious if I saw amazonbargains.com, or amazonsale@gmail.com. For such instances that I even considered checking out the offer, I would more than likely go directly to the vendor’s website to see what it says there.

Be very careful about e-mails that direct you to get additional information about a transaction issue or bargain by referring to an attachment. Attachments are easy ways to trap the unwary into going to bogus websites, or running a computer program that could infect your system with something unwanted. Be careful of links in e-mail, instant messages, tweets, and Facebook postings. And be careful of people selling 42-inch Plasma TVs out of the trucks of their cars, too. In other words, just remember that extra caution, especially when dealing with a completely unknown situation, is certainly warranted during this time of the year.

The Worst Password List

Filed under: Threats and Scams — Tags: , , — Michael Cabral @ 12:00 AM

Since I’ve seemed to have become list-crazy, I thought that I would mention the 25 Worst Passwords for 2011 list. The list was compiled by SplashData, a company that provides security applications and services to web clients. Surprisingly, the password “password” topped the list. There are many systems that will not allow a user to even choose the word “password” as a password, so I thought it could not be used. Many systems try to prevent obvious combinations of passwords by checking for patterns that are known security blunders. For example, most systems will not allow the user name and password to match, since this is a known, and easy to guess, strategy of numerous technology users.

Not to give bad passwords all the glory, I think that bad PINs (Personal Identification Numbers) need to share some of the spotlight. Many SOHOBE Newsletter readers will recall the so-called Rupert Murdoch phone-hacking scandal. The name the media attributed to the incident and the way it was portrayed invoked images of electronic-eavesdropping and intercepting wireless communications. But this wasn’t the case. By right, this thing should have been called the Voicemail Hacking Scandal. Without any need for sophisticated equipment, reporters simply dialed into the voicemail systems of their targets and guessed their PIN numbers to gain access. Since many PINs are only 4 digits in length, it might not be too difficult to guess what a person would use. Common PINs include birthdays (month and day), birth years, 1234, 0987, 2580 (the column of numbers in the middle of a phone keypad), 0143 (I Love You), and famous dates (1225 or 1776).

One good tip for both passwords and PINs is not to continually reuse them. In other words, once someone establishes a password or PIN, that seems to be the only one they use—for everything. It would be like using the same key for everything: the car, the house, the gym locker, the strongbox, the tool shed. It certainly is convenient, but the problem is that once that “key” is known, everything it has been used for is compromised. There are just some instances where a password or PIN should only be used once. Financial data is the first type of data that should have a unique and totally unrelated protection scheme. Each bank account should have a dedicated password and PIN used for only that account.

And don’t forget the usual commonly accepted precautions for passwords and PINs. Never leave your password and PINs written on paper near your computer, in your wallet or in your purse. Change the passwords and PINs to the accounts you will access while you travel, and then change them again when you return. If you feel your security data has been compromised, immediately change your passwords and PINs—do not hesitate. Change your passwords and PINs often, like every 3 to 6 months. Still unsure about the whole password and PIN thing? The National Cyber Alert System has a good, albeit dated, article that tries to explain this in simple terms.

Older Posts »

Powered by WordPress