In this newsletter:

Post: Staying Safe Online Through Hacks, Phishing, and Scams
In Case You Missed It: Google Event
Pick of the Week: EchoChess
Featured Product: Bluetooth Headphones

Staying Safe Online Through Hacks, Phishing, and Scams

It seems that every other week, another company reveals that their customer information has been accessed due to a data breach or hack. Most recently, one of the largest data breaches in history exposed hundreds of thousands (if not millions) of people’s information. Many reports state “close to 3 billion,” but note that is referencing the number of records in the data - not individual people. Many of the records may include the same person, but there may be different information for that person. For example, multiple emails, phone numbers, or addresses.

This week, I’d like to share some tips in a few areas on how to stay safe online that will help protect you from any future hacks, phishing attempts, or scams.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) is an extra layer of security users can put into place on digital accounts. It can be completed in multiple ways but requires more than one way to prove you are who you say you are. Common types of authentication include:

• Something you know: password, PIN, or security questions.

• Something you have: your phone (or other smart device), a smart card, or a USB key. More commonly, this would be an MFA app that requires an extra randomly rotating 6-digit number.

• Something you are: a fingerprint or face scan.

Password Management

Easier said than done, but try not to use the same password for everything. I know people say they don’t do this, but I know you do! I’m guilty of it myself sometimes…. But I promise, the first step to take after any hack is to change your password. And if you used the same password anywhere else, you need to change it there, too. Hackers have systems that will try your email and password combination anywhere and everywhere when they have it. Be careful not to use any personal identifiers in your password or anything that would be the answer to a common security question. The longer and more unique the password, the better. I’ve written a bit in-depth about password security and password managers to use, so if you haven’t checked them out, start there.

Why You Need a Password Manager

Navigating the World of Password Security and Management

Watch out for Phishing and Social Engineering

Phishing and social engineering are targeted attacks in hopes of having users provide sensitive information. This can include pretending to be someone else or simply asking questions that cause a user to reveal information they may otherwise not share. Distraction and misdirection are the backbone of these types of scams.

Common ways scammers try to do this are through email, text, social media, and phone calls. Another example can include mobile apps pretending to be something else - or even doing what they say they do and having another ulterior motive that you may not even know about. Lastly, Google results may incidentally provide scam or phishing links in some of the top results. These scammers build fake websites with great Search Engine Optimization (SEO) or can even pay Google to rank higher based on certain search terms.

With email and text messages, be sure to check the sender’s information thoroughly. One can see if it is associated with the organization in question by paying attention to the account's full address or number. Especially the root domain name. For example, if UPS texts about a shipment, the link should state “ups.com” and not something else. Just having UPS somewhere in the link will not suffice, either.

With phone calls, numbers may often be duplicated. Meaning it is very possible to receive a phone call from someone within your area code, but if the number were to be called back, it would be the wrong number. Remember that no bank, IRS, insurance company, or any of the like will ever ask for information over the phone - especially Social Security numbers. No organization will ever use gift cards, either. If ever on the phone with these types of people, you can always say, “I’m sorry, now's not a good time, I’ll call back at the number I have. Who should I ask for?” Worst case, don’t be scared to hang up on them, either.

Lately, we have also had to be careful with famous people, those who have an online presence, and possibly even people you know personally. There is really good software available to ‘clone’ voices - making you think you’re talking to someone when it may be a recording. This is one reason why it can be important to ask very targeted questions that only that person would know. Some examples include:

• Where did we first meet?

• Where did we last go out for guys/girls night?

• What’s our go-to restaurant of choice?

• What’s the last thing we talked about in person?

• What’s the last gift you gave/received from me?

• What’s our favorite hobby to do together?

The goal here is to ask questions that can’t be found out easily by searching online or hacking emails or texts.

Many of these scams are trying to create a sense of fear and urgency to get users to react. Once responding, emotional decisions may outweigh rational decisions causing users to overlook simple problems with emails or links. In many cases, simply asking a friend to view the email, text, or listen to the phone call could help verify its authenticity.

Keeping Software up to Date

This isn’t a common hacking method, but some scammers try to infiltrate through older versions of apps, software, or operating system flaws. Keeping all of this updated as best you can helps mitigate these issues. It’s important to be careful and only update through legitimate sources (Microsoft/Apple’s updates, Apple/Google Play Stores). In many cases, turn on automatic updates if possible. This ensures your system will always be up to date and minimize user interaction. Although I do realize automatic updates can cause breaks in the system (here’s looking at you, Crowdstrike), they are overwhelmingly better for you and the developers. Much safer than not updating or accidently updating in the wrong place.

Social Media

Even if you don’t frequent social media sites, you may still have an account. They can be useful for other apps or sites, or even as a security method for your friends and family. Regardless, a good practice is to verify privacy settings and make sure personal information is not shared. This includes, but is not limited to, birthday, social, phone number, home address, work address, and more.

What about what to post and when to post? I know we all use many of these sites as our own version of a historical picture album to track family history. That’s okay, and I get it, but minimizing personal information as best you can is important. Another good practice is to not post pictures of where you are when you are there! Delay your pictures, especially if you are on vacation. This will minimize any potential physical threat or scam.

A default rule of thumb is to not post anything you wouldn’t want your [grandparents, grandchildren, children’s teachers, boss, etc.] seeing. Regardless of marking something private and/or deleting it, there are still ways of finding posts from years ago. Pictures also include metadata that has personal identifiers: GPS location, time, date, device used, etc.

If you really want to be careful, strip all pictures of their metadata using the Metadata Removal tool. Alternatively, taking a screenshot of a picture will give it different metadata should you not want to share the original metadata.

Many social media sites allow you to use the “Sign in via…” method. I always advise against this. Meaning, never sign in to one social media account through another. The same goes for mobile apps and games. This links those accounts together, making one unable to access them should the other have issues. I suggest always using an email to create a new account. The only exception would be if it’s of the same family (Meta - Facebook, Instagram, etc).

Specifically, regarding Facebook, if you have a Facebook business page, make your spouse or close friend an admin should something happen to your account to allow access should one account become compromised.

On the Go

When traveling, this can be another way scammers can attack random strangers. Anytime you connect to a public WiFi network, anyone else on the same network can see and intercept your traffic. Yes, this includes logins and passwords. Put simply, try not to use public Wi-Fi if you can help it. Or at least use incognito mode and don’t do anything that requires login credentials. Which is almost impossible, I know… If you have no other option, the only way to stay safe is to use a VPN.

In this day and age, pretend you are being tracked anywhere and everywhere, and you’re always caught on camera. One can imagine the technology available in the early 2000’s when The USA Patriot Act was passed. Don’t forget the 1998 action thriller Enemy of the State. If you haven’t seen that movie, please do yourself a favor and check it out! It’s available to stream on FXNow and AMC. Here we are over 20 years later - consumer technology is exponentially superior, so just a forewarning!

Payments

Lastly, let’s talk about online payments. I have written pretty extensively already on How to Protect Your Online Purchases, so be sure to check that out! Essentially, never send money to someone you don’t know as best you can help it. I know purchasing things from Facebook Marketplace is common practice but consider doing these deals in person with cash only. Giving someone money upfront through PayPal or Venmo can be taken advantage of, especially if you choose the friends and family option. Use Privacy.com when buying items online to protect your credit/debit cards and bank accounts. This includes one-off sites for sure, but it can also include Amazon, Temu, Shein, and the like. Remember, it’s not that we don’t trust these sites or companies, we don’t trust anyone’s security with our personal payment methods.

This content was reviewed by the technical team at 180Pros. If your business is looking to minimize security concerns, reach out to our sponsor at https://180pros.com

ICYMI: Google Event

Google announced new hardware devices and software upgrades at their annual MadeByGoogle Event. First up included the Pixel 9 Pro, Pro XL, and the Fold. The Pixel Pros include a new design on a metal frame, upgraded cameras and displays, and they are even more durable and much faster. Take all of these enhancements but allow it to unfold, and you now have the thinnest foldable phone with the largest inner display. Software upgrades include Satellite SOS mode, Call Notes, Add Me Mode (a selfie-type app), Pixel Screenshots, Pixel Studio, and much more.

Pixel Watches get a new design with two sizes, each providing a larger and brighter display, and a bigger battery. They also allow more integration into Google services, allowing live streaming from security cameras and control for your phone and TV. An upgrade to the new Pixel Buds Pro 2 allows much more improved sound for calling, streaming, ANC, transparency mode, and now comes with wireless charging.

Google’s AI Gemini is covered throughout all of the devices mentioned in various ways, but it’s important to note it appears to communicate across apps - including the camera, the web, messages, the calendar, and more.

All of the devices mentioned can be pre-ordered on the Google Store. Check out the full #MadeByGoogle ‘24: Keynote on YouTube, or CNET’s version where they share Everything Revealed in 8 Minutes.

POTW: Echo Chess

Do you enjoy playing Chess? I’ll be honest in saying I like Chess but haven’t really played in a long time and don’t normally think about playing. I really enjoyed The Queen’s Gambit on Netflix if that counts! Recently, I found the site EchoChess that seems to have breathed new life into Chess for friends and myself. It has almost a Wordle feel to it as pieces transform into other pieces when captured with the goal of clearing the board. There is a new classic puzzle everyday with two other longer play styles available - Epic and Blitz. If you want to learn more about how to play chess and what each piece does, check out Lichess.org. They have online play available here, too, but the most popular online site is Chess.com.

Featured Product

In the past, I’ve had a pair of SHOKZ OpenRun Open-Ear Bluetooth Bone Conduction Headphones, however I found them difficult to use with sunglasses. They also hurt my ears sometimes. That said, they did work really well for yard work, biking, and things around the house. I have since replaced them with Apple’s AirPods Pro (which are currently on sale) as they have transparency mode and other features that work well for me. Another less expensive alternative I would consider and suggest is the JLab JBuds Frames Wireless Open-Ear headphones. They mount to glasses/sunglasses and can currently be had for less than $15! From the reviews, the microphone and speaker quality don’t seem amazing, but JLab typically has great products for the price, and as a basic Bluetooth speaker for similar use as mentioned above, I bet they’d be perfect!