Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of paranoia – day 7

    Posted on October 7th, 2018 at 21:41 Susan Bradley Comment on the AskWoody Lounge

    Patch Lady here with a kind reminder that at this time the release of 1809 has been paused while Microsoft investigates.  If you’ve been hit by the bug, Woody’s got some advice. If you are already on 1809, I would stay on it and not roll back.  The bug occurs during the install, not the running.

    It’s now been seven days of paranoia and today’s topic is about social engineering.  Or as the FBI puts it in their video designed to help train political campaign workers to not be tricked… “targeted lies designed to get you to let your guard down”.  Social engineering is now one of the key ways that attackers use to get into our systems, however, it is not new.  Back in 1995, Kevin Mitnick was arrested for breaking into computer systems, often without cracking passwords, merely tricking the person on the other end of the phone call with key information to get them to trust him to turn over more information.  He now is the “Chief Hacking Officer” of Knowbe4 a security awareness company.  What worked then, still works now, except what often worked then had to do with a human, Kevin, calling the victim over the phone and gathering information to trick the person on the phone to turn over key information.

    Now we use phishing and spear-phishing (targeted attacks) via email to get to the same target.  As is noted in the video by the FBI, be careful what you share online and on social media.  Often you “leak” key personal information in social media posts.  Often password reset questions can be googled.  How many times have we seen reports of key individuals whose email accounts got hacked by being able to google up key questions in the person’s biography like where they went to school and so on.

    90% of breaches start with social engineering/phishing attacks.  Read that stat again…. 90%.  Ransomware containing emails have increased 6000% between 2016 and 2017.

    Bottom line they are out to get you so watch your email carefully.  For all the automatic tools and filters I have on my email, often the only thing between me and an attacker is a bit of skepticism and paranoia and not immediately opening up emails.  Don’t open attachments you weren’t expecting.  Run files through www.virustotal.com just to be safe.  Empower yourself it not immediately take action on email.  Be more suspicious of what comes into your email.  The vast majority of email in your inbox is there to attack you.

    Remember if you do want to buy that heavy duty Reynolds Wrap to get you through the next 24 days, make sure you buy it using the affiliate link so that Woody can get a small bounty.  😉

  • Patch Lady – 31 days of paranoia – day 6

    Posted on October 7th, 2018 at 02:06 Susan Bradley Comment on the AskWoody Lounge

    Patch Lady here with a kind reminder that at this time the release of 1809 has been paused while Microsoft investigates.  If you’ve been hit by the bug, Woody’s got some advice. If you are already on 1809, I would stay on it and not roll back.  The bug occurs during the install, not the running.

    We now turn to today’s (belated, sorry it was the weekend and with the 1809 pause and all..) paranoia post.  And today’s paranoia is a reminder to check out the ways and means you can get your email back should someone hack your password.  Often the way to reset a password is to send a recovery email via email.  But if the very thing you are trying to recover IS email, obviously you need some other means to gain access and reset the password.  If you are unsure if your main email account has such a secondary access, now is the time to check it out.  Gmail will often remind you if you don’t have such a secondary account.  For Outlook you go into the security settings of your account.  I am seeing more and more web sites asking to set up multi factor and or secondary access to ensure you can get back into an account.

    I’ve also seen where when an email account gets hacked, this reset account gets changed to the attacker’s email address so that they can reset it.  For all the talk of passwords are dead, we are still so dependent on them.

    So take some time to determine if you have a secondary means to get back into your account and prove that you are you.  If you can’t prove that you are you, you might not be able to get back into your email account.  I’ve known some folks who have had this happen to them and it’s not a fun thing to deal with.