Here's some very timely and helpful advice from Barclays Bank (Allen Roochove, NCC Techno Buddy 13.11.23)
Scammers love the holiday shopping season. It's the perfect time for them to lure people in with fake deals and trick their victims into paying for items that are counterfeit or don't exist. Here are some tips to help you protect yourself.
Open websites by typing them into your browser, not by clicking links
Consider whether deals you see on social media are too good to be true
Research sites and sellers – reading reviews can help you understand if they're genuine.
Open links in emails or text messages you weren't expecting•
Buy high value items from sellers on social media that you can't view in person first
Agree to use gift cards as a payment method – criminals might ask you to do this because it's harder to trace.
Remember: if a deal looks too good to be true, it usually is!
Criminals will try to trick and scam you
Here's an interesting article from Santander - well worth reading (Allen Roochove NCC Techno Buddy 20.09.23)
We have so much of our lives and personal information stored on our phones.
Criminals will try to trick us into giving them access to it so they can steal our money and personal details to commit fraud.They make their caller ID, email address, or message look like it's from a person or company you know. This is called 'spoofing'.
How to keep yourself safe: -
Don't allow remote access to anyone, especially during or after a cold call.
Don't rely on the caller ID to confirm a call, email, or message is from who you think it is.
Don't share any personal or financial information until you've confirmed who you're speaking to.
Call the person or company back on a number you know to be genuine, e.g., from their website.
According to the UK Finance Annual Fraud Report, there were 45,367 cases of impersonation fraud in the UK in 2022, with a total of £177.6m stolen by criminals. We proudly support the Take Five to Stop Fraud 'Trick of the Mind' campaign to help you protect yourself from impersonation fraud and becoming one of next years reported cases.
Advice from Take Five
Stop: take a moment to stop and think before parting with your money or information.https://www.takefive-stopfraud.org.uk/Challenge: Could it be fake? It's ok to say no to requests. Only criminals will try to rush or panic you. Protect: Contact your bank immediately if you think you've fallen for a scam. You can also report it to Action Fraud. For more information visit the Take Five webpage for impartial, straightforward advice
Here's some really good advice just received from "Neighbourhood Alerts" - (Allen Roochove, NCC Techno Buddy 26.07.23)
If you are going on holiday then ensure you keep your home safe and protect yourself from becoming a victim of burglary whilst you are away by following the guidance below:
- Cancel regular deliveries – Milk on the doorstep or a newspaper building up can be an indicator for burglars that there is no one home.
- Post – Again, a build-up of post through the letterbox is something a burglar may look for. Consider using Royal Mail 'Keep safe' service or ask a trusted neighbour, friend, or family member to remove post daily.
- Friends and family – Ask trusted neighbours, friends, or family to keep the property looking lived in. Opening and closing curtains, switching lights on and off in different rooms and maybe moving cars on and off a driveway are all ways to make a property look lived in.
- Maintain gardens – Cutting the grass the day before you go on holiday can give the impression that somebody is home. Un-maintained gardens can be a sign that the property is empty.
- Secure garden tools – Garden tools and ladders can be used by burglars to gain access to your property. Make sure they are secured in a shed or garage.
- Secure garages, sheds, and outbuildings – Aswell as the valuables you may have in there that can be stolen, as above, tools from sheds, garages or outbuildings can be used by burglars to gain access to your home.
- Access points secured – Locking access points such as gates will make it more difficult for burglars to enter and leave your property. Also ensure that any security lighting is activated, this can act as a deterrent for burglars.
- Neighbourhood watch – Consider joining your local Neighbourhood watch scheme.
- CCTV – If you have CCTV, make sure it is recording and there are appropriate signs on display to deter burglars.
- Timer switches – Use timer switches for lights, TVs, or radios in different rooms at different times, this will give the impression someone is home.
- Keep valuables out of sight – This includes not only the valuables, but indicators such as chargers, car keys and packaging. If you have a safe to keep valuables in, ensure it is anchored to the ground so it cannot be removed.
- Alarm – Activate any alarms prior to leaving.
- Doors and windows – Double check all doors and windows are locked.
- No home address on luggage – Instead use an e-mail address or telephone number.
- Social media – Burglars will often use social media to select a victim, posting holiday pictures whilst you are away letting them know that your home is empty! Save the snaps for when you return.
Here's some really good advice just received from "Neighbourhood Alerts"
(Allen Roochove, NCC Techno Buddy 27.03.23)
Criminals are targeting WhatsApp users by posing as a friend and asking for a security code. Action Fraud has received over 60 reports relating to this scam.
The scam begins when a criminal gets access to another WhatsApp account which has you listed as a contact.
The criminal, posing as your friend or someone that's a member of a WhatsApp group you're in, will then send you seemingly normal messages to try and start a conversation with you. However, around the same time you will receive a text message from WhatsApp with a six-digit code. This is because the criminal has been trying to login to WhatsApp using your mobile number. The criminal will claim that they sent you their code by accident and ask you to help them by sending it to them. Once the criminal has this code, they can login to your WhatsApp account and lock you out.
The criminal will then use the same tactic with your WhatsApp contacts in an effort to steal more accounts and use them to perpetrate fraud.
What you need to do:
If you have been a victim of fraud or cyber crime, report it to Action Fraud or 0300 123 2040.
(If you found the information in this alert useful, please share it with your friends and family. Social media versions of this alert can be found on Twitter, Facebook and Instagram)
Message Sent By Action Fraud (Action Fraud, National)
Here's some really good advice from the latest 'Malwarebytes Newsletter'
(Allen Roochove, NCC Techno Buddy 06.02.23)
Cybersecurity and privacy tips you can teach your 5+ -year-old
Posted: February 2, 2023 by Jovi Umawing
Everything we teach our kids starts at home-we parents are their first teachers, after all. So, why wait for them to start going to school to start learning about cybersecurity and online privacy?
Though it's hardly news that more and more children are being introduced to mobile computing devices like tablets, smartphones, and laptops at an early age, you may be surprised at what that age is. In 2015, Time featured a study revealing parents handing over such devices to kids as young as six months old. That may be too early an age for teaching a child beyond getting them to sit up, but after nearly a decade, similar trends on age versus technology use have persisted. 
As mobile devices have become an indispensable part of a child's life, a big question stands: What is the "appropriate" age to start teaching your little one about their security and privacy when using those devices?
Well, it depends. If your child can understand (simple?) instructions and do them, you're good to go. Remember, every child is different.
5 cybersecurity and privacy tips you can tell your 5+-year-old
Fostering habits for some simple yet good cybersecurity and privacy best practices early on can go a long way.
1. Lock the device.
When it's time to put away the phone or tablet so your child can do something else like going to the park, remind them to lock it. They can do this by pressing the power button of the device. Of course, this only works if you have Lock Screen enabled on the device.
If your child is 5 years old and up, you can explain to them that locking the phone or tablet stops other people from using it without asking permission.
2. Use passwords.
Of course, in order to lock a device's screen, a password is needed in this case. Not going for a pattern lock is deliberate. At this stage, we're not only seeding the idea of creating strong passwords but also making locking devices the norm (From 2016 to 2018, a reported 28 percent of Americans surveyed failed to use any safeguards to lock their phones).
Don't be too concerned about length yet, but if you can get your little one to spell out and remember a six to eight-character string-ideally, a word-you're both golden. We started our little one with a three-letter password to open her tablet when she was four, and we plan to triple that length now that she's two years older.
3. Keep the device in a safe place.
Instruct your little one to put away the phone or tablet after they lock it. Make sure you already have a designated place in the house that your child knows about. Also, check that this place is accessible, and if it has doors, they can easily open and close them with minimal effort and supervision.
Under a pillow on the master's bed works, too (just don't forget to remove it before bedtime).
4. Ask for permission.
Your five-year-old may have access to either the Google Play or Apple App stores via the device you're letting them use. Whether you have parental controls set up for these stores or not, wouldn't it be great to hear them ask: "Is this okay to download, mum?" This gives you, the parent or guardian, the opportunity to review the app to see if it's any good for them (Remember, dubious apps can still end up in these stores.).
The same principle should apply when they're watching videos on YouTube.
Every now and again, we see or read about cute or cartoony clips that are not actually for kids' consumption. And believe it or not, some of them were purposefully made to appear inviting to young children. To be safe, a critical eye is needed because, sometimes, even YouTube's AI can get it wrong.
5. Share only with relatives and close family friends.
Kiddo loves having her picture taken. Sometimes, she would ask me to take a snap and send it to her Nana, who is part of an Instagram group.
Thankfully, only family members-and those close to us who're treated as family-are members of that group. We would've been reluctant to share otherwise.
Kiddo doesn't have a single social media account, but we're already instilling in her the value of information related to her and, consequently, us. She knows our home address, for example, and she also knows she should only share it with a policeman or policewoman if she's lost.
The computing devices and apps your little one uses are already impacting them in more ways than one. It's essential to steer them in the right direction by getting ourselves involved in their digital lives as early as possible. There is plenty of room for growth.
So, parents and guardians, be patient. Put these points on repeat and expand on them. And, if you're lucky, be thankful that before your child starts school, they already have some of the cybersecurity and privacy basics down.
New figures revealed victims of online shopping scams lost on average £1,000 per person during last year's festive shopping season.
The figures, which come from reports made to Action Fraud and analysed by the National Fraud Intelligence Bureau (NFIB), showed that shoppers across England, Wales and Northern Ireland were scammed out of £15.3m between November 2021 and January 2022, and that the age group most likely to fall victim was 19 to 25-year-olds.
Scams ranged from one shopper losing more than £150 trying to purchase a mobile phone on social media to another being duped out of more than £7,000 during an attempted online camper van purchase. Meanwhile, another victim lost almost £500 when trying to buy shoes on a social media platform, and a fourth lost £145 trying to make a similar purchase.
Top tips to shop online securely this festive season:
Action Fraud and the National Cyber Security Centre (NCSC) are urging online shoppers to protect their accounts, check before they buy, and use secure payment methods in order to stay ahead of the threat from criminals this shopping season:
For more advice on how to shop online securely this festive season, visit: https://www.ncsc.gov.uk/guidance/shopping-online-securely
(If you found this information useful, please forward it to friends, family members and colleagues)
(Allen Roochove, NCC Techno Buddy 24.11.22)
PURCHASE FRAUD - WHAT IS IT?
Online shopping provides criminals with an opportunity to trick people into paying for goods and services that don't exist, often advertised via auction sites or social media with images taken from genuine seller's to convince you they're the real deal. Criminals also use cloned websites with slight changes to the URL to trick you into thinking you're purchasing from the genuine site. They may also ask for payment prior to delivery and send you fake receipts and invoices that appear to be from the payment provider.
Types of fraud include buyers paying deposits for pets that don't exist, DIY equipment purchases and electronic devices such as games consoles, mobile phones and other devices. Another tactic criminals use to trick people into falling for fraud is to ask for payment for courier services or insurance when buying and selling online.
HOW TO SPOT PURCHASE FRAUD
- You're offered a heavily discounted or considerably cheaper product or service compared to the original items genuine worth. The deals often sound too good to be true.
- You're asked to pay by bank transfer instead of using the online platform's secure payment options.
- You receive a fake email receipt/invoice that appears to be from the website you've purchased from or the payment service used to make your purchase. The email address domain doesn't match that of the genuine sender's.
- The website that you're purchasing from was only launched days/weeks ago.
A sense of urgency is placed on ordering the product or service so that you don't miss the price/deal.
EXAMPLES OF PURCHASE FRAUD
Callum* bought a laptop advertised at a heavily discounted price compared to the one he'd seen on an official website. Upon contacting the seller, he was told that the offer was for a limited time only and if Callum wanted the laptop, he needed to pay quickly by bank transfer to secure the item. Proof of payment was sent by the seller but when Callum asked for a tracking number he received no response. After numerous attempts to contact the seller, Callum searched their name using a search engine and came across numerous bad reviews from other people. He never received the laptop.
Mary* saw an advert for a blender that was selling at a third of the price that she'd seen on other sites. The website looked very professional and included lots of pictures and detail, so Mary proceeded with the purchase, believing she was getting a fantastic deal. Once her purchase was complete, she received an email from the 'payment provider' informing her there had been an issue with her payment and that a refund had been processed. Mary tried the purchase again, but little did she know she was paying a criminal - for a second time. She never received the blender.
Desperate to secure tickets to a sold-out concert, Nigel* posted a message on social media asking if anyone had tickets that they wanted to sell. Shortly after he was contacted by someone who had a couple of spare tickets. Nigel was elated. After a number of back-and-forth conversations Nigel was convinced the tickets were genuine, so he proceeded to make payment by bank transfer. The tickets never materialised and there was no further contact from the seller.
Find out more information on ticket fraud here.
After several days of searching, Paula* spotted a listing for a puppy on an online auction site. She contacted the seller and not wanting to miss out, paid a deposit into the account details that the seller provided. Later that day, Paula received a message from the seller requesting additional payment to cover costs for vaccinations and insurance. Desperate for companionship, she proceeded to pay the associated fees. After a few days, Paula got back in touch with the seller but didn't receive a response. She tried again on numerous occasions but never heard from the seller again. Subsequently the link that she used to view the puppy disappeared.
Andrew* was using a holiday booking website he had stumbled across online to book a summer break overseas. He was looking through listings and found one that had everything he wanted and was at a very low price. He didn't want to miss out on the great deal so he quickly contacted the owner, made a payment and provided his personal information.
Days later he realised he had fallen for a fraud when he couldn't get hold of the owner and he found out the property was not on any online maps.
Find more information on holiday fraud here.
*These case studies are based on insights from partners
If you believe you've fallen for a scam, contact your bank immediately on a number you know to be correct, such as the one listed on your statement, their website or on the back of your debit or credit card.
Report it to Action Fraud on 0300 123 2040 or via actionfraud.police.uk. If you are in Scotland, please report to Police Scotland directly by calling 101 or Advice Direct Scotland on 0808 164 6000.
Charity Fundraisers in CH64 and CH65 areas
Here's an interesting article I recently received from 'Neighbourhood Alert' (Allen Roochove, NCC Techno Buddy 06.10.22)
A resident has recently contacted Cheshire Police following a visit from a Charity Fundraiser who was calling at homes in the CH64 postcode area.
They were unsure if the caller was genuine or not, and so they contacted the charity concerned at email@example.com
The reply they received confirmed that the caller was indeed genuine, and the below advice was given: -
- British Red Cross are working with their Agency Partners APPCO, and charity fundraisers are calling at homes in the CH64 and CH65 areas.
- Fundraisers should always carry ID badges and wear British Red Cross branded clothing containing the phrase SUPPORTING BRITISH RED CROSS.
- They will be asking residents to support British Red Cross by signing up for donations by direct debit , they should never ask for cash or credit card details.
- Cheshire Police always advise residents to be cautious when callers are asking you to subscribe to their causes.
- If you are at all unsure, politely refuse the request and never let unknown persons into your home.
- Always insist on seeing their identity badge as a genuine caller will not object to this.
Message Sent By: - Linda Conway (Cheshire Police, Ellesmere Port & Neston LPU. Beat Area IB01, Little Neston & Burton)
Here's an interesting article I spotted by Tim Brookes of 'How-To-Geek.com' (Allen Roochove NCC Techno Buddy)
Keep Your Tech Safe at the Beach With These Tips
Saltwater is highly corrosive, and sand presents a massive problem even for military-grade equipment. A beach day could spell disaster for your electronics, so make sure you take precautions the next time you head out.
Heed the Cheap and Cheerful Ziplock Bag
Using a Ziplock bag to keep your smartphone safe at the beach is one of the cheapest hacks. It's ideal if you don't want to buy a bulky, rugged case and should protect your device from sand even in windy conditions.
You don't need to remove your touchscreen device from the bag to use it unless you're making a phone call. If you just want to check your email or send a text, you can do so since most capacitive displays will continue to work through a thin film of plastic. It's not elegant, and you might need to hold the bag so it's tight when you use it.
It's worth keeping a few of these bags in your car or bag in case you decide on an impromptu beach visit. Sand will scratch your screen and clog up your charging port and speaker grill. Even if your smartphone has a dust or water-resistant rating, it's best to avoid tempting fate by putting a barrier between your device and the elements.
Invest in a Dustproof, Waterproof Case
If you spend a lot of time at the beach, in dusty environments, around the water, or you're especially clumsy, a rugged case might be a wise investment. Not only will these keep your device safe from water and sand, but they also help prevent a broken screen or dented chassis if you drop your device.
Even with a waterproof case, you should be especially careful using your smartphone near salt water. Rinse the case thoroughly after exposure to salt water, before removing your device. Salt is highly corrosive and can damage your smartphone, even if has a good water-resistant rating. In particular, the contacts on the charging pins will corrode when exposed to salt. Over time, this could prevent your device from charging using a cable.
Keep Gadgets in the Shade
Touchscreens and dark smartphone bodies absorb a lot of heat. This can cause your device to warm up rapidly, which is something you want to avoid. Heat is bad for electronics in general, but it's especially bad for your phone's battery. You could shorten your battery's life by allowing it to get too hot, or in rare instances cause it to explode.
Overheating is easy to avoid by keeping your smartphone in the shade. Throw it in a bag and keep that bag zipped up. A black or dark bag might not be the best idea since it too will absorb heat, but anything is better than letting your device go sunbathing for a few hours.
Be Prepared for Accidents
If you haven't adequately protected your smartphone and you've decided to use it anyway, you should always be prepared for accidents to happen. As we've already mentioned, salt water is terrible for electronics on account of it being highly corrosive. If you expose your device to salt water it's a good idea to rinse it off with fresh water.
Assuming your device is water resistant, you should be able to avoid water damage while removing any salt that remains on the device. Unfortunately, water resistant doesn't mean waterproof so you'll still need to be careful. If your device lacks a water-resistant rating then at least make sure you have a backup in case the worst happens.
Sand will scratch your display, so a screen protector may be worth your time. If you're going to go this route, a glass screen protector is your best bet. These maintain the premium feel of a "naked" smartphone display and are designed to be replaced when they scratch or shatter.
Sand in your charging port is something else to watch out for. You can use a soft brush to clean sand from your charging port, but you may need to wait for it to fully dry before you can remove all of it since wet sand tends to stick around. Don't use compressed air on your charging port since this could damage your device, particularly the water-resistant seal (if you have one).
Avoid charging your phone until you're sure the port is free of sand since you could end up scratching or damaging the charging pins. Damaged charging pins may prevent your device from charging and scratching the gold plating may expose the copper underneath. Copper is highly conductive but prone to corrosion, which is why these contacts are plated in the first place.
Don't Leave Things in the Car
If you're driving to the beach, you might be tempted to leave things in the car until you need them. But you really shouldn't leave your smartphone or similar gadgets in a hot car, unless you have a climate-controlled glove compartment.
Even if your car is well equipped to deal with the beating sun, it's still prone to the greenhouse effect. The air temperature inside will heat up and this can be deadly for children, pets, and technology.
This is a tip you can use all year round, especially in the depths of winter. Smartphone batteries hate extreme temperatures, whether that's hot or cold. Leaving your smartphone on display also gives thieves a reason to break into your car. Even if they only take your smartphone, you've still got to replace the window and any other damage caused.
What About Wearables?
Surprisingly, wearables like the Apple Watch don't seem as susceptible to salt water and sand damage as smartphones. We've tested this theory ourselves by swimming in the ocean with an Apple Watch with no ill effects, but you should always consult your manufacturer's recommendations before taking risks.
Heading to the beach? You may also need a portable charger and some reliable sunscreen!
Here's some very helpful advice from 'Action Fraud' to help protect you from scammers (Nigel Minnis, NCC Techno Buddy, 04.06.22)
Beware of fake message that informs victims that they are owed money by HMRC
Users of popular email services such as Gmail, Outlook and Hotmail have been urged to be on alert as another scam does the rounds.
It is one of many that fraudsters are using to try to take advantage of people during the cost of living crisis.
The latest is a fake message that informs victims that they are owed money by HMRC.
The email will claim that it's due to an overpayment during the last financial year.
As with many such scams, recipients are then asked to click on a link to claim the refund. This link should not be clicked, if it is, it will take the user to a fraudulent website that will look to steal personal and financial information.
Action Fraud - the UK's national fraud and cyber reporting centre - said it had received hundreds of reports of the scam.
Here's some great advice from Amazon to help protect you from scammers (Allen Roochove, NCC Techno Buddy, 19.05.22)
Protect yourself from scammers
We want to help protect you from scammers that attempt to impersonate Amazon. Remember these important clues so that you can identify scams and keep your account and information safe:
- Never feel pressured to give information (such as your credit card number or account password) over the phone, especially if the call was unexpected. Scammers may try to use calls, texts, and emails to impersonate Amazon customer service. If you're ever unsure, it's safest to end the call/chat and reach out directly to customer support through the Amazon app or website.
- Never pay over the phone. Amazon will never ask you to provide payment information, including gift cards (or "verification cards", as some scammers call them) for products or services over the phone.
- Trust Amazon-owned channels. Always go through the Amazon mobile app or website when seeking customer support or when looking to make changes to your account.
- Be wary of false urgency. Scammers may try to create a sense of urgency to persuade you to do what they're asking. Be wary any time someone tries to convince you that you must act now.
For more information on how to stay safe online, or to report suspicious communications, visit the Amazon Customer Service page, which can be found in the Help section at the bottom of the Amazon home page.
Shutdown vs Restart in Windows 10 - They Do Different Things
An interesting article from https://www.computroon.co.uk/2020/10/16/restart-vs-shutdown-windows-10/ (Allen Roochove, NCC Techno Buddy - 13.04.22)
There is an old cliché within IT support.... "Have you tried switching it off and back on again"?
However, when it comes to modern day Windows computers, there is a huge difference between simply "switching it off and back on" and "rebooting".
I provide IT support to business and home users. And yes... I have said those words "have you tried switching it off and back on again"?
However, on Windows 10 there is a huge difference between Shutdown & Restart.
In this article, I'll try to explain the difference without going too far into the technicalities.
Let's split them into two categories first.
Surely the two have the same effect? You are effectively switching it off and on again.... NO.
On modern computers (Windows 10) there is a feature called Fast Boot (aka Quick Boot). This feature is usually integrated in the system BIOS, which means there isn't a way to turn it off within Windows. That said, you wouldn't want to turn it off because it is a clever piece of tech that helps your system boot quicker.
What Shutdown Does
Shutdown takes a quick image snapshot of your preferences and settings (known as hiberfil.sys files). On the next boot it will load them exactly as you were.
Any problems that you were having will still be there when you switch it back on.
What Restart Does
Restart does a whole lot more than Shutdown. Restart will clear the memory, it'll refresh the Kernel, it'll reset the cache, it'll complete pending updates. It will fix 1001 problems, whereas Shutdown simply copies them to a piece of memory so that your problems load quickly the next time you switch on.
Conclusion In Non-Technical Terms
Shutdown = kick your problem down the park and have to deal with them tomorrow.
Restart = Allow Windows to properly fix the fault for you. Windows 10 is incredibly good at fixing itself. It needs Restart to complete most of these processes.
Restart is your friend.
From the 'Malwarebytes Newsletter' (Allen Roochove, NCC Techno Buddy - 11.04.22) 5 ways to Spring-Clean your Security
Posted: April 4, 2022 by Mark Stockley
Last updated: April 5, 2022
It is now officially spring in the Northern Hemisphere, and with spring and the longer days comes the inescapable urge to shake off the lethargy of Winter and embrace the need to go through your stuff, throw a bunch of it out, and give the rest of it a shiny new lustre.
And in our increasingly digital lives, more and more of our stuff exists as bits and bytes on our phones, tablets, laptops and desktop computers. With the trees now full of blossom and the air prickling with pollen, you may feel an urge to straighten out your digital mess too.
If you do, we've got your back, and we humbly suggest that when you're done tagging your dog in every photo and getting your folder names just so, you turn your attention to your device security and give that a little dust off as well. After all, nothing makes a bigger mess of your digital life than malware rummaging through it.
1. Say "yes" to software updates
Patching (downloading software updates) is like fixing the broken locks on the front doors of your digital life-the updates contain code that fixes weaknesses that thieves could otherwise jimmy open with their digital crowbars.
Start your spring-clean by downloading all the software updates you've been putting off. Especially the big ones.
And yes, you've heard this advice before (we hope). Maybe you've heard it a hundred times, and maybe you're heard it so often that you're tired of hearing it and looking for some other advice. Well, fine, there's some other advice below, but this is number one in our list for a reason, so please don't skip it. This is the first and most important thing you can do to give your digital security a spring boost.
2. Say "no" to duplicate passwords
How many online accounts do you have? Twenty, thirty, one hundred? And how many different passwords do you have for all those accounts? If the answer to these two questions isn't exactly the same number-meaning that you have as many different passwords as you have different accounts-then you have some cleaning up to do.
Criminal hackers love it when you use the same password for more than one account. Once they've done the hard work of cracking one of your passwords, they aren't going to waste it, they're going to try it on a laundry list of other websites to see what else it can unlock for them. It's like a twofer at the grocery store for them: Hack one account, get one free!
The way to stop this is to create a unique password for each of your accounts, no exceptions. If you're up for a deep clean, then get yourself a password manager to make the job of creating and storing all those passwords easy. It's a little more effort upfront, but well worth it.
3. Lose what you don't use
We're going to leave you to decide where you want to take this one and how far you want to go with it. We'll just get you started with this simple line of thinking: From a security perspective, "more" is often worse. More apps means more places a hacker might find a broken lock or an open window they can use to break into your device. The same thing goes for your online accounts-each one is a potential way in to your digital life (particularly the accounts you haven't used for a while, aren't paying much attention to, or didn't bother to lock down very well).
It's amazing how many rarely-if-ever-used apps we accumulate on our devices, and how many accounts we open and then abandon online.
So why not lose some things? Ditch some apps you don't need, clear out your unused browser add-ons, and delete some accounts you don't use. The more you lose, the better.
4. Get on top of your email
Criminals use email to spread malware, fakes, and scams, so it is worth paying some attention to. Getting your unread email count to zero is immensely satisfying, and if you do it the right way it can give your security a spring in its step too.
Start by unsubscribing from all the mailing lists and newsletters you never read. You want the email that arrives in your inbox to be full of things that actually interest you, so it's easier for you (and your spam filter) to spot anything that is slightly off. It's just like step #3-lose what you don't use.
Now go through your email and mark the things that look like scams, spams, malware, or junk as "Junk" or "Spam." Every time you do that instead of just deleting shady emails, you are actually training your email's spam filter to work more effectively (if you want to know why, read our article on Bayesian Filtering). To work correctly your spam filter needs a few thousand up-to-date examples of both "good" emails and "bad" emails, so you want your inbox to be full of good things you care about, and your spam folder to be full of bad things that are malicious or spammy.
5. Run a malware scan
Spring cleaning is about the satisfaction of a job well done, and the peace of mind that comes with knowing your environment isn't harbouring any nasties. To get that same sense of inner calm from your computer, put down the bleach and pick up a malware scanner.
A malware scanner is the quintessential deep clean for your device. It will pick over your files and apps, one by one, and run through them with a fine tooth comb, weeding out any malware that's lurking in there undetected.
Now, we're going to toot our own horn a little on this one. We try to give good, sensible, impartial advice on this blog, without somehow making everything about us and the things we make. Well it so happens that our scans are famous for their ability to pick up things that others miss, and it wouldn't make any sense if we didn't mention it when other people will happily tell you the same thing. So, if you want to scrub all the dark and difficult corners of your desktop or laptop computer, we honestly think the best advice we can give you is to run our anti-malware scanner. Sorry, not sorry.
Over 20,000 people fell victim to remote access scams
From 'Cheshire Police Alerts' (Allen Roochove & Nigel Minnis, NCC Techno Buddies - 06.04.22)
More than £50 million was lost last year to scams where victims are tricked into handing over control of their computer or smartphone to criminals.
New data from Action Fraud, the national reporting centre for fraud and cybercrime, reveals that 20,144 people fell victim to scams where they were persuaded to grant criminals remote access to their device.
Victims reported losing a total of £57,790,384 - an average loss of £2,868 per victim.
What are remote access scams
Remote Access scams will often begin with a browser pop-up saying that your computer is infected with a virus, or maybe a call from someone claiming to be from your bank saying that they need to connect to your computer in order to cancel a fraudulent transaction on your account. Regardless of the narrative the fraudster's use, their goal is to steal your money or access your financial information by tricking you into allowing them to remotely connect to your computer.
Detective Chief Inspector Craig Mullish, from the City of London Police, said:
"While remote access tools are safe when used legitimately, we want the public to be aware that they can be misused by criminals to perpetrate fraud. We often see criminals posing as legitimate businesses in order to trick people into handing over control of their computer or smartphone.
"You should only install software or grant remote access to your computer if you're asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop-up or text message."
How to protect yourself
- Only install software or grant remote access to your computer if you're asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop up, or text message.
- Remember, a bank or service provider will never contact you out of the blue requesting remote access to your device.
- If you believe your laptop, PC, tablet or phone has been infected with a virus or some other type of malware, follow the NCSC's guidance on recovering an infected device https://www.ncsc.gov.uk/guidance/hacked-device-action-to-take
- Protect your money by contacting your bank immediately on a different device from the one the scammer contacted you on.
- Report it to Action Fraud on 0300 123 2040 or via actionfraud.police.uk. If you are in Scotland, please report to Police Scotland directly by calling 101. https://www.actionfraud.police.uk/
From 'Malwarebytes Newsletter' (Allen Roochove, NCC Techno Buddy - 25.03.22)
Facebook phish claims "Someone tried to log into your account"
A phishy email that pretends to be from Facebook tells victims that someone's tried to login to their account, and uses a sense of urgency to try to reel them in.
Posted: March 21, 2022 by Christopher Boyd
Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient's sense of panic to respond without thinking about it.
The mail looks professional enough, and seeks to imitate what would be a fairly typical looking message from Facebook. As for the panic aspect, the phishers have pinned the hopes of this attack onto the old faithful "Someone is trying to login as you, so you'd better do something about it ASAP" routine.
The mail itself combines a fairly clean design with minimal messaging. There's a tendency with some phish attempts to overstuff the mail with all manner of nonsense to look more convincing. When that happens, we often see increasing amounts of typos or broken mail design. This one simply gets to the point. It reads as follows:
Someone tried to Iog into Your Account, User lD
A user just logged into your Facebook account from a new device Samsung S21. We are sending you this email to verify it's really you.
The Facebook Team
So far, so good. However, it goes a bit off the rails with the two clickable buttons presented. The first one says "Report the user" which makes sense. The second one just says "Yes, me" instead of something more plausible such as "Yes, it's me" or even just "It was me". This may set some alarm bells ringing.
What happens when you click the button(s)? The expected process is to be whisked away to a phishing page and enter your details. Not here. This one follows the same pattern as a mail we covered a little while ago.
You may remember the phish attempt claiming to have detected unusual sign-in activity from Russia. That mail didn't bother with phishing pages. Instead, it popped open a pre-formatted mail in your client of choice for you to respond to the creators. Anybody replying would likely receive additional requests for login details or much more besides.
This phish follows the same path, opening one of two pre-filled response styles depending on which button you select. "Report the user" is the most interesting one, pre-filling the subject line as "Send statement".
What is sent back may be a booby-trapped document of some kind, or perhaps phishing done through a form. It's also possible the dialogue will simply continue via mail. Whatever they're up to, they should be treated with the cold shoulder they so richly deserve.
Go to the source
Always remember to navigate directly to the sender of supposed security alerts. If it's genuine, you should be able to address whatever issue you've been sent. If there's no sign of it, consider sending it along to them directly. It may be a scam sample they've not seen before, and this can in turn help them to protect a wider userbase. Above all else: don't panic, because this is how attackers can trick you into doing something you'll regret.
"Report, block, and go about your day" 😉
Car crime is on the rise!
From 'Hastings Direct Car Insurance' (Allen Roochove, NCC Buddy - 25.03.22)
Unfortunately, statistics show that car crime is on the rise. Part of the reason is an increase in vehicle technology, which can make cars more vulnerable to theft and parts more attractive. For example, keyless entry can be open to relay theft (where the key signal is intercepted, then used to access and drive the vehicle away). Valuable parts, such as catalytic convertors, are also being targeted.
We want to help you understand the risks, so you can be aware of what to look out for and what steps to take.
To keep your vehicle a little safer, here are some really simple tips to follow.
1 While it's tempting, don't leave your car with the engine running.
2 If you've got keyless entry keys, try and keep them out of the communication range of your car and store them in a Faraday Bag when not in use - thieves can use your key's signal to gain entry to your car.
3 Always double-check you've locked your car, and your windows and doors are shut correctly.
4 Don't keep your keys close to your front door or somewhere visible, like a hallway table.
5 When you're away from home, park in a security-attended car park if you can.
6 If you don't have a garage, park in a well-lit area that's covered by CCTV.
7 Think about fitting a tracking system to help get your car back if it's stolen.
8 Never leave your sat nav or mobile phone on show when you park your car.
9 Consider fitting a catalytic convertor lock.
10 Try and park close to a wall or another vehicle to reduce access to your exhaust.
From 'Neighbourhood Alert' (Allen Roochove, NCC Buddy - 28.01.22)
Due to a recent spate in thefts from motor vehicles, please ensure you remember to lock your vehicles & don't leave them open to access
Prevent your home and/or car from being targeted by burglars:
🚗 Lock your vehicle at all times, and don't leave any valuables in your vehicle
🔑 Lock all house doors and windows - even when home
💡 Leave a light on to give the impression someone is home
BEAT THE PENSION SCAMMERS - really helpful article from our Computer 'Techno' Buddy, Nigel Minnis (17.11.21)
In these challenging times, we would like to remind you to be alert to the danger of pension scams.
'Action Fraud' estimates that £2m was lost to pension scammers in the first three months of 2021.
If you are facing financial difficulties, maybe as a result of the pandemic, you may be tempted by offers to transfer your pension into 'guaranteed' or 'high-value' investment opportunities.
In many cases, the money will be stolen outright. AND, if you try to access your pension before the age of 55 (unless you have a long-term health condition and cannot work or have a protected pension age) you will face a huge tax bill on top of that!
Scam tactics include: -
Contact out of the blue
Promises of high/guaranteed returns
Access to your pension before age 55
Pressure to act quickly.
Follow these four simple steps to protect yourself from pension scams
1. Check who you are dealing with
Go to https://register.fca.org.uk/s/ to make sure that anyone offering you advice or other financial services is authorised by the Financial Conduct Authority (FCA).
2. Reject unexpected offers
If someone you do not know contacts you to talk about your pension, chances are it is a scam.
3. Do not be rushed or pressured
Take your time to make all the checks you need - even if this means turning down an 'amazing deal'!
4. Get impartial information and advice
You can use the new Government-backed website, https://www.moneyhelper.org.uk to get help and advice with your pension.
If you prefer to use an independent financial advisor, be sure to use one that is regulated by the FCA.
Visit https://www.thepensionsregulator.gov.uk/pension-scams?utm_source=offline&utm_medium=literature&utm_campaign=pension_scams_2018_q2 or https://www.fca.org.uk/smartscam to find out how to protect yourself.
Great advice from our Computer 'Techno' Buddy, Nigel Minnis
Thinking of buying a new laptop or computer? With Windows 11 due this year and possible Windows 10 support being ended in 2025, check that your new machine will support Windows 11.
His advice - "Get a signed statement that your new machine will support Windows 11. Later, if your machine fails to support Windows 11, you should apply for a refund as the machine you were sold was 'unfit for purpose'!"
(24th August 2021)
High-Speed Internet, "Be Aware"
New 'fibre optic' broadband cables are now being installed in our area, which will deliver 'high-speed' Internet directly to your home.
Leaflets are being delivered from companies offering to connect you for about the same cost as your current provider.
But be careful - these cables are 'Data Only' and will not support your landline telephone.
You need to discuss this with the new company before taking up their offer.
If you still use a landline then, before you switch, make sure a landline can still be provided
Nigel Minnis, NCC 'Techno' Buddy (24th September 2021)
Please note that this is written as a very generic guide and that 'Neston Cyber Centre' takes no responsibility for your data or the services or options you might choose to use.
How many of you have only one copy of your precious photos, videos, and important documents more than likely stored on the very phone, tablet, Laptop or Desktop PC you are reading this webpage on?
The question is,
"What if your phone/ tablet/ laptop/ PC gets dropped or stops working or even gets stolen?"
What are your options?
1. USB Stick:- perhaps one of the cheapest methods, simply 'drag and drop' (copy + paste) files from one location to another. These can be picked up for £20, and sometimes much less.
2. External Hard Drive:- same as a USB stick, but generally allows more storage for the price. The downside is you must remember to perform the backup regularly to keep your files up to date.
3. 'The Cloud':- where your files and photos are copied (synced) onto another 'remote' computer. Some are free up to certain limits, often less than those options listed above
Some of the well-known providers are:
- Apple iCloud
- Google Drive
- Microsoft OneDrive
'The Cloud' offers you a 'set and forget' option, but as the Cloud is connected all the time anything that happens to your files gets copied (synced) over almost immediately, so if a virus attacks your files, you will most likely lose that same file in the cloud.
4. Backup Services:- true backup services which operate like option '3' above without the drawback of 'automatic sync'. They do this by keeping multiple copies (or versions) of your files.
The downside is that they incur a monthly cost, and this can vary based on how much data you have to back up
Common Backup Services are:
- Acronis True Image
I hope you found this article helpful and informative - remember you can always chat with one of our computer buddies and get more information and guidance, we're only too pleased to be of service to you
Chris Truss, NCC 'System Manager'
Email, phone call and text message scams
You might find this article helpful - it's from the Government's 'National Cyber Security Centre'
Criminals want to convince you to do something which they can use to their advantage.
In a scam email or text message, their goal is often to convince you to click a link. Once clicked, you may be sent to a dodgy website which could download viruses onto your computer or steal your passwords and personal information.
Over the phone, the approach may be more direct, asking you for sensitive information, such as banking details.
The criminals do this by pretending to be someone you trust, or from some organisation you trust. This could be your Internet Service Provider (ISP), local council, even a friend in need. And they may contact you by phone call, email or text message. The term 'phishing' is often used when talking about emails.
Scams during the COVID-19 pandemic
While everyone is worried about the coronavirus, cyber criminals have seen this as an opportunity. In emails and on the phone, they may claim to have a 'cure' for the virus, offer financial rewards, or encourage you to donate to worthy causes. Like many scams, these criminals are preying on real-world concerns to try and trick you into interacting. They may also mimic real NHS messages.
These scam messages can be very hard to spot. They are designed to get you to react without thinking.
If you think you've already responded to a scam, don't panic. Whether you were contacted by phone, email, or text message, there's lots you can do to limit any harm.
Reporting suspicious messages
The message might be from a company you don't normally receive communications from, or someone you do not know. You may just have a hunch. If you are suspicious, you should report it. By doing so, you'll be helping to protect many more people from being affected.
If you have received an email which you're not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) at firstname.lastname@example.org
Suspicious text messages should be forwarded to 7726. This free-of-charge short code enables your
provider to investigate the origin of the text and take action, if found to be
Spotting suspicious messages
Spotting scam messages and phone calls is becoming increasingly difficult. Many scams will even fool the experts. However, there are some tricks that criminals will use to try and get you to respond without thinking. Things to look out for are:
- Authority - Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.
- Urgency - Are you told you have a limited time to respond (such as 'within 24 hours' or 'immediately')? Criminals often threaten you with fines or other negative consequences.
- Emotion - Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
- Scarcity - Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
- Current events - Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.
If it could be genuine
If you think a message or call might really be from an organisation you have an existing relationship with, like your bank, and you want to be sure:
- Go back to something you can trust. Visit the official website, log in to your account, or phone their advertised phone number. Don't use the links or contact details in the message you have been sent or given over the phone.
- Check to see if the official source has already told you what they will never ask you. For example, your bank may have told you that they will never ask for your password.
For further information, visit
Allen Roochove, NCC 'Techno' Buddy