Pelland Blog

Do Not Fall Victim to the Tech Support Phone Scam

March 2nd, 2015

One recent instance after another has compelled me to attempt to warn people about some of the scams that are proliferating and making the rounds these days. Although most scams use e-mail to seek new victims, due to the almost nonexistent cost of e-mail compared to the snail mail that was the vehicle of choice in earlier days, telemarketing is still one of the most common points of entry for scammers and cyber-thieves. In this installment I would like to warn readers about the very active Tech Support Phone Scam, offering suggestions on how to avoid becoming the next victim.

Everybody has problems with their computers from time to time. Files may get corrupted, programs crash, and sometimes a software update contains unanticipated bugs. Worse yet, you could inadvertently install malware on your computer, typically when opening an e-mail or an e-mail attachment. One of my clients recently called me, telling me that he was suddenly experiencing a problem synchronizing Microsoft Outlook with his reservation software. Later that day, he called me again with the “good news” that Microsoft was helping him to resolve the problem. Out of total coincidence, he had been the recipient of a telemarketing call from a dubious outfit that calls itself “Tech Zone Windows”. The caller led my client to believe that he was a Microsoft representative, charged his credit card $199.00 (which was a less expensive alternative to his original $599.00 offer), and was using remote access to do who knows what with my client’s computer! Perhaps the company was actually scanning my client’s computer and removing malware, something that anybody could do themselves for free. Far more likely, it was installing spyware and accessing sensitive information.

HackerLaptop_190832117_600x400_90

Fortunately, the client called me while this was happening, and I instructed him to immediately turn off his computer and found him a legitimate computer technician in his local area. Within seconds, the company’s representative called him, concerned that he had not yet finished the task at hand. My client demanded a refund, but as a result of this experience, has had to take the precaution of replacing his credit card. Hopefully, this represents the end, rather than the beginning, of his problems. Time will tell.

Microsoft has actually warned consumers about this and similar scams, where the callers impersonate help desk engineers from legitimate software companies. According to a Microsoft survey of 1,000 English language computer users back in 2011, 15% said that they had received one or more of these calls, and 22% of those who had gotten a call were tricked by the scam and paid an average of $875.00. If you do the math, you will see how somebody sitting at a desk in some remote part of the globe can rake in well over $2,500.00 simply by making 1,000 random phone calls. That dollar amount is only the haul from the bogus fees that they charge, earnings which could pale in comparison to what they can earn from the malicious software that they will install on your computer or the subsequent sale of your credit card number! The malware that they install is designed to harvest anything of value on your computer – including passwords, sensitive information and access credentials to things like your online banking and tax returns.

Continuing with the Microsoft report, 79% of those who were victimized by one of these scams reported some sort of financial loss, with 17% discovering money withdrawn from their bank accounts, 19% reporting passwords stolen, and 17% becoming victims of identity theft. A majority of victims also incurred significant costs in subsequently having their computers repaired or replaced after the experience.

To prevent this from happening to you, keep the following in mind:

  • Microsoft (or Apple or any other tech company) will NEVER call you to offer assistance. If you need assistance from one of these companies, you probably know how impossible it is to obtain. Rest assured that they will NOT be the ones trying to call you!
  • Never allow anybody to run remote access to your computer, unless you totally trust that individual. Remote access allows a total stranger total access to your computer. There is far too much at risk.
  • Never purchase any type of software service from somebody who approaches you on the phone.
  • Do not trust Caller ID. It is very easy to spoof the phone number that appears on Caller ID, and thieves use this trick to make themselves appear to be legitimate. Although Caller ID spoofing is a violation of the Truth in Caller ID Act and subject to a penalty of up to $10,000 per violation, thieves laugh in the face of the law. (Feel free to file a complaint with the Federal Communications Commission, the regulatory agency that is responsible for enforcement, either online or by calling 1 888 CALL-FCC.)

If you are uncertain about a company, I always suggest performing a quick Google search from the company’s name followed by the word “scam” or “complaints”. In the case of Tech Zone Windows, a Google search for “Tech Zone Windows Scam” currently produced 2,970,000 search results.

To learn more, read the following Microsoft security bulletin:
https://www.microsoft.com/en-us/security/online-privacy/avoid-phone-scams.aspx

This post was written by Peter Pelland

The Future is Always Connected: Netflix Nixes Offline Viewing

January 28th, 2015

As online video- and music-streaming becomes more and more advanced, many service providers and media portals have begun to roll out offline caching for videos and music. From Soundcloud to Spotify to Amazon Prime and Google’s brand-new YouTube Music Key, service after service has started to allow its users to store media locally, allowing for its later consumption. This feature turns out to be especially important for users on slower or bandwidth limited connections, who can locally store media on a WiFi connection to avoid long waits or bandwidth surcharges.

BrB

With just about every service rolling out offline caching in some capacity or another, it seemed only a matter of time before the 800 pound video streaming gorilla in the room jumped on board. We’re talking about Netflix, of course. For a while now, rumors had been swirling that Netflix was planning to launch their own offline caching options.

Now, in the bright light of the New Year, these rumors have been unceremoniously dismissed by Netflix Public Relations Director Cliff Edwards. Techradar reports that Edwards bluntly stated that offline storage was “never going to happen.” Why is this?

Netflix, it turns out, treats the non-ubiquity of bandwidth and connectivity as a short term problem, one for which offline caching is nothing more than a quick band aid. Instead, Edwards predicts that within five years, bandwidth will be so cheap and universal that users won’t even remember that they ever wanted offline caching in the first place, and will regard local storage as an outdated and obsolete concept for technology.

This is a contentious stance for a company to take, since it essentially implies that Netflix is willing to offer an inferior service on the short term to save resources. Netflix seems willing to lose customers to whom offline storage is especially important. Amazon Prime streaming has been quick to affirm its commitment to providing consistent and universal service to its subscribers. Currently, offline viewing is available for Fire tablets, and Amazon has announced plans to extend this functionality to more of its devices in the future.

Trophy

Perhaps the case is that Netflix sees itself more and more as a content creator in addition to simple media provider. Like a more traditional TV station, Netflix is devoting more and more of its resources to the creation and curation of original video content, and perhaps sees its future as focusing more on this division of business. Netflix has already announced aims to debut at least 20 more original series in the next five years and is currently heavily promoting its new period drama called Marco Polo, following the adventures of the medieval Italian explorer.

No matter what you make of it, Netflix’s surprising decision about offline streaming belies a confidence that internet infrastructure will continue to be developed. Based on history, this is a safe bet, though it also shows a surprising self-confidence in their place in the market. Netflix seems to believe their position is unassailable. It will be interesting to see if this is the case.

Nick Rojas is a business consultant and writer who lives in Los Angeles and Chicago. He has consulted small and medium-sized enterprises for over twenty years. He has  contributed articles to Visual.ly, Entrepreneur, and TechCrunch. You can follow him on Twitter @NickARojas, or you can reach him at NickAndrewRojas@gmail.com.

This post was written by Peter Pelland

10 Ways to Avoid Identity Theft

December 19th, 2014

If you follow the news, you are aware of massive security breaches that have taken place at major retailers in recent months. And then there is the Sony Pictures nightmare that has been in the news this week. You are probably also aware that your own personal identity is at risk in so many ways. Short of withdrawing from society and moving into a cave or feasting off coconuts on your own private island, it is probably a good idea to take some reasonable precautions to help to prevent hackers from cloning your personal identity or making you a victim of cyber-crime. Here are a few precautions that will help you to survive in this threatening environment.

CyberCriminal_237431281_600x400_90

  1. Always choose a strong password. It should never be a common word or an easily recognized string of numbers like your phone number or birthday. Use a randomly generated string of at least 8 characters that include a combination of upper and lower case letters, numbers, and special characters such as ^, #, _ and $. Use a unique password for every account, avoiding the tendency to use a common password. My rule is that, if the password involves a secure account that allows online transactions, give it an extremely strong, unique password. If the account involves online banking, stock trading, or tax filing, make your password ridiculously secure.
  2. If an account (such as your online banking) uses security questions, choose the most bulletproof options available, not questions with answers that are commonly known. You want to go with things like your maternal grandmother’s middle name, not the name of the city where you were born.
  3. Steer clear of unsolicited e-mails and unknown websites. Never download a file from an unfamiliar site, and do NOT open attachments, click on links, or unsubscribe from unsolicited e-mails. Any of those actions can lead to the installation of spyware, malware, botnets or viruses on your computer.
  4. Look for secure sites and the https protocol. Be sure that the URL begins with https before EVER entering your credit card number for payment.
  5. Keep your computer and mobile devices clean by promptly installing updates for your hardware, operating system, software and Web browsers. To run old versions of any of these represents a high level of risk. If you are running a Windows computer, there will usually be daily updates, and a major pack of security updates is issued the second Tuesday of every month, commonly known as “Patch Tuesday”. These updates are essential to your online security.
  6. If your business conducts e-commerce or accepts online payments, you have additional responsibilities that could impact your customers. For example, an Internet security issue commonly referred to as POODLE was identified in October. If your Web server was running SSL V3 (an outdated version), visitors using Internet Explorer 6 (an outdated browser) were vulnerable to allowing hackers to gain access to their otherwise presumably secure connection.
  7. Be sure that your office meets PCI (payment card industry) compliance standards. Never keep records of your customers’ credit card numbers. If you ever have to write down a customer’s credit card information – for example, if you are provided with that information over the phone – do not leave your desk before that information has been completely destroyed in a cross-cut paper shredder.
  8. How do you recycle or dispose of old computers? If you simply give them away or pay a disposal or recycling fee at your local landfill, where does your computer go? What kind of data are you leaving behind on its hard drive … for somebody to later recover? Before you ever part with a computer, it is essential that you first totally wipe all content from its hard drive(s). You cannot simply delete files or format the drive and then think that your data is gone. It is essential that you use a disk wiping or data shredding application that supports the latest Department of Defense standards. Even then, you would be amazed at how much data will still remain recoverable, if you were a criminal and your computer was being used by law enforcement to gather evidence. In your case, you want to protect your personal data from a hacker, who could be across town or scavenging a cyber-landfill across the globe. Some of the best software to use includes Disk Wipe, Darik’s Boot and Nuke, and Hard Drive Eraser … all free downloads that can be easily found online.
  9. What did you do with that old broken office copier? Did you realize that nearly every digital copier, fax, or multi-purpose office machine built since 2002 contains a hard drive? Like most people, you have probably made copies of your tax returns, credit applications, and other documents that contain your social security number and other highly personal information. A CBS News investigative report from back in 2010 exposed this vulnerability and how easy it was for anybody to purchase a used copier and then have full access to the contents of its hard drive. In the report, used copiers were purchased at bargain prices from a warehouse in New Jersey (one of 25 throughout the country), some of which contained classified law enforcement and private health records. The lesson learned was that, if your office has an MFP (multi-function peripheral) device that is at its end-of-life, take measures to ensure that its hard drive is destroyed.
  10. Finally, every computer in your office and every mobile device that you own should be running the latest version of a robust anti-virus software package that will be continually updated, typically several times per day. Sadly, the most common anti-virus products that come pre-installed on many computers or sold over the counter at office supply and computer stores are highly ineffective. I use (and highly recommend) Avast, a full-featured security suite for Windows computers, Macs, and the full range of mobile devices. It is available as a free download, with free updates (although, if you are not careful, you might click on a link for a paid upgrade that you do not need.)

If you know anybody who has ever been the victim of cyber-crime or identity theft, you know how important security measures such as these can be. If you were unfamiliar with one or two of these ten security tips – and implement the recommended precautions – you will be on your way to enhancing both your personal security and that of your business.

This post was written by Peter Pelland