News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – 31 days of paranoia – day 7

    Posted on October 7th, 2018 at 21:41 Susan Bradley Comment on the AskWoody Lounge

    Patch Lady here with a kind reminder that at this time the release of 1809 has been paused while Microsoft investigates.  If you’ve been hit by the bug, Woody’s got some advice. If you are already on 1809, I would stay on it and not roll back.  The bug occurs during the install, not the running.

    It’s now been seven days of paranoia and today’s topic is about social engineering.  Or as the FBI puts it in their video designed to help train political campaign workers to not be tricked… “targeted lies designed to get you to let your guard down”.  Social engineering is now one of the key ways that attackers use to get into our systems, however, it is not new.  Back in 1995, Kevin Mitnick was arrested for breaking into computer systems, often without cracking passwords, merely tricking the person on the other end of the phone call with key information to get them to trust him to turn over more information.  He now is the “Chief Hacking Officer” of Knowbe4 a security awareness company.  What worked then, still works now, except what often worked then had to do with a human, Kevin, calling the victim over the phone and gathering information to trick the person on the phone to turn over key information.

    Now we use phishing and spear-phishing (targeted attacks) via email to get to the same target.  As is noted in the video by the FBI, be careful what you share online and on social media.  Often you “leak” key personal information in social media posts.  Often password reset questions can be googled.  How many times have we seen reports of key individuals whose email accounts got hacked by being able to google up key questions in the person’s biography like where they went to school and so on.

    90% of breaches start with social engineering/phishing attacks.  Read that stat again…. 90%.  Ransomware containing emails have increased 6000% between 2016 and 2017.

    Bottom line they are out to get you so watch your email carefully.  For all the automatic tools and filters I have on my email, often the only thing between me and an attacker is a bit of skepticism and paranoia and not immediately opening up emails.  Don’t open attachments you weren’t expecting.  Run files through www.virustotal.com just to be safe.  Empower yourself it not immediately take action on email.  Be more suspicious of what comes into your email.  The vast majority of email in your inbox is there to attack you.

    Remember if you do want to buy that heavy duty Reynolds Wrap to get you through the next 24 days, make sure you buy it using the affiliate link so that Woody can get a small bounty.  😉

    If that helped, take a second to support AskWoody on Patreon