Staying safe this holiday season

Topic

New Reply

PATCH WATCH By Susan Bradley This is the season of bright lights and holiday scams. Not a day goes by when I don’t receive notice that a credit card h
[See the full post at: Staying safe this holiday season]

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

MHCLV941, Lars220, lmacri, bradam, Alex5723

Reply | Quote

Replies

I have just received a Hotmail message claiming that:

“Microsoft has noticed that someone has tried to change your password.

Yes, it was me.

No, it wasn’t me.”

Very, very realistic.  Right colours, right fonts.  Good header.

I recommend that you place the mouse cursor over the links and read very carefully…

It is NOT a Microsoft address.

Reply | Quote

Susan – One guess as to how the bad guys got your Paypal password is a look-alike website and a look-alike domain name. Perhaps wwwpaypal.com without the period after the three Ws. There are lots of ways to make a look-alike domain name and the so-called security of HTTPS does nothing to protect people from this.

Another guess is a web browser extension. Many of them have full access to the content of every web page. Needless to say, this is a HUGE risk that does not get the attention it deserves.

 

 

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

I don’t use browser extensions on the browser I use for online payments.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Hi,
I read Susan’s piece and then looked into PP’s 2FA. I don’t have a smart phone (I know you are probably shaking your head, but I’ve managed so far to get by without one — I don’t even like to answer my landline phone, and my iPad and laptop work fine for web access, messaging, etc). 2FA on my other accounts involves sending a code to my e-mail or to my landline phone (or even just pressing any button on my phone). The only option with PP, other than a texted code, is an authentication app. How does an authentication app ensure security? How does PP’s 2FA work with such an app? What authentication app would be a good one?

Reply | Quote

The Best 2FA Apps 2021: Locking Down Your Online Accounts

Authy — Easy to use, feature-rich and supports multi-device sync

Google Authenticator — A widely adopted standard across major websites

andOTP — An open-source alternative that has more features than the competition

LastPass Authenticator — Similar to Google Authenticator, but works within the LastPass ecosystem

Microsoft Authenticator — Also similar to Google Authenticator, but works especially well with Microsoft services..

1 user thanked author for this post.

DrBonzo

Reply | Quote

An authentication app still needs a smart phone.  Because I have Microsoft 365 I already use Microsoft authenticator.  As to how they work because only you have the app, the attacker then can’t get into the application.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

DrBonzo

Reply | Quote

Does it need to be a smartphone or can it be a cell phone capable of texting, say a flip phone?

Reply | Quote

If you don’t use a smart phone, are there any authentication apps that work with a laptop, e-mail, landline phone in place of a smart phone, and that work with PP?

Reply | Quote

How to Use Multi-Factor Authentication When You Don’t Have Cell Phone Access | LoginRadius

Do you have a tablet?

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

DrBonzo

Reply | Quote

NEVER click a link in an email. Go to your bookmarks that you made earlier. NEVER give info over the phone unless you initiated the call.

I’ve had 2 client in the last few months that have had over 20K and 50K drained from their accounts. One actually watched a hacker open browser windows and stuff on his machine in real time…. and waited a couple days to call! The other was fairly recently widowed and I think she fell for one of those we’re from the bank phone calls and need your code to verify your account. She also had a $100K loan taken out in her name, besides drawing the money out of one of her accounts. So much going on in her life she didn’t bother checking bank statements!

The scammers are definitely getting better. Heck, I had a 50-year LEO fall for a spoof from Apple. He asked how do I know you’re from Apple? Look at your caller ID. Yep gave up his info. but realized he screwed up quickly and we were able to get things rectified before they got him good.

Stay safe out there!

Reply | Quote

There is a problem following advice of The Cybersecurity and Infrastructure Security Agency (CISA). With PayPal and some other sites establishing multi-factor authentication. When signing in the user is offered an opportunity to sign up for MFA. Upon choosing yes, I’m sent to a screen REQUIRING him to enter a mobile phone number on which to receive a texted authentication PIN. I (we) don’t have a mobile phone to receive a text. There is no safety outlet for it! No option to use telephone message or e-mail message! I finally had to do a ctrl-start-del to get out of. Very frustrating. Is it assumed that EVERYBODY has a cell phone? I still have a couple of sites that do not have MFA due to this problem. Very frustrating for someone who desires to be as secure as possible. Thanks for your excellent column and newsletter, Dan

Reply | Quote

It’s pretty much assumed that everyone has a smart phone.  MFA apps in particular assume this.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan Bradley wrote:

It’s pretty much assumed that everyone has a smart phone.  MFA apps in particular assume this.

And that’s annoying as all get out.

Smith’s grocery stores (Kroger offspring, I think) have implemented sales where one has to scan a bar code on the shelf in the store to get the sale price.

Like it’s not enough you come into their stores to buy stuff; now you have to play electronic games to get the best deals. Reason enough to shop elsewhere.

Reply | Quote