• Staying safe this holiday season

    Home » Forums » Newsletter and Homepage topics » Staying safe this holiday season

    • This topic has 13 replies, 8 voices, and was last updated 6 months ago.

    PATCH WATCH By Susan Bradley This is the season of bright lights and holiday scams. Not a day goes by when I don’t receive notice that a credit card h
    [See the full post at: Staying safe this holiday season]

    Susan Bradley Patch Lady

    5 users thanked author for this post.
    Viewing 5 reply threads
    • #2408561

      I have just received a Hotmail message claiming that:

      “Microsoft has noticed that someone has tried to change your password.

      Yes, it was me.

      No, it wasn’t me.”

      Very, very realistic.  Right colours, right fonts.  Good header.

      I recommend that you place the mouse cursor over the links and read very carefully…

      It is NOT a Microsoft address.

    • #2408715

      Susan – One guess as to how the bad guys got your Paypal password is a look-alike website and a look-alike domain name. Perhaps wwwpaypal.com without the period after the three Ws. There are lots of ways to make a look-alike domain name and the so-called security of HTTPS does nothing to protect people from this.

      Another guess is a web browser extension. Many of them have full access to the content of every web page. Needless to say, this is a HUGE risk that does not get the attention it deserves.




      Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

      • #2408772

        I don’t use browser extensions on the browser I use for online payments.

        Susan Bradley Patch Lady

    • #2408723

      I read Susan’s piece and then looked into PP’s 2FA. I don’t have a smart phone (I know you are probably shaking your head, but I’ve managed so far to get by without one — I don’t even like to answer my landline phone, and my iPad and laptop work fine for web access, messaging, etc). 2FA on my other accounts involves sending a code to my e-mail or to my landline phone (or even just pressing any button on my phone). The only option with PP, other than a texted code, is an authentication app. How does an authentication app ensure security? How does PP’s 2FA work with such an app? What authentication app would be a good one?

      • #2408764

        The Best 2FA Apps 2021: Locking Down Your Online Accounts

        Authy — Easy to use, feature-rich and supports multi-device sync

        Google Authenticator — A widely adopted standard across major websites

        andOTP — An open-source alternative that has more features than the competition

        LastPass Authenticator — Similar to Google Authenticator, but works within the LastPass ecosystem

        Microsoft Authenticator — Also similar to Google Authenticator, but works especially well with Microsoft services..

        1 user thanked author for this post.
      • #2408773

        An authentication app still needs a smart phone.  Because I have Microsoft 365 I already use Microsoft authenticator.  As to how they work because only you have the app, the attacker then can’t get into the application.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2408845

      NEVER click a link in an email. Go to your bookmarks that you made earlier. NEVER give info over the phone unless you initiated the call.

      I’ve had 2 client in the last few months that have had over 20K and 50K drained from their accounts. One actually watched a hacker open browser windows and stuff on his machine in real time…. and waited a couple days to call! The other was fairly recently widowed and I think she fell for one of those we’re from the bank phone calls and need your code to verify your account. She also had a $100K loan taken out in her name, besides drawing the money out of one of her accounts. So much going on in her life she didn’t bother checking bank statements!

      The scammers are definitely getting better. Heck, I had a 50-year LEO fall for a spoof from Apple. He asked how do I know you’re from Apple? Look at your caller ID. Yep gave up his info. but realized he screwed up quickly and we were able to get things rectified before they got him good.

      Stay safe out there!

    • #2408918

      There is a problem following advice of The Cybersecurity and Infrastructure Security Agency (CISA). With PayPal and some other sites establishing multi-factor authentication. When signing in the user is offered an opportunity to sign up for MFA. Upon choosing yes, I’m sent to a screen REQUIRING him to enter a mobile phone number on which to receive a texted authentication PIN. I (we) don’t have a mobile phone to receive a text. There is no safety outlet for it! No option to use telephone message or e-mail message! I finally had to do a ctrl-start-del to get out of. Very frustrating. Is it assumed that EVERYBODY has a cell phone? I still have a couple of sites that do not have MFA due to this problem. Very frustrating for someone who desires to be as secure as possible. Thanks for your excellent column and newsletter, Dan

      • #2408923

        It’s pretty much assumed that everyone has a smart phone.  MFA apps in particular assume this.

        Susan Bradley Patch Lady

    • #2409411

      It’s pretty much assumed that everyone has a smart phone.  MFA apps in particular assume this.

      And that’s annoying as all get out.

      Smith’s grocery stores (Kroger offspring, I think) have implemented sales where one has to scan a bar code on the shelf in the store to get the sale price.

      Like it’s not enough you come into their stores to buy stuff; now you have to play electronic games to get the best deals. Reason enough to shop elsewhere.

    Viewing 5 reply threads
    Reply To: Staying safe this holiday season

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: