"Helpful Advice"

Here's some great advice from Amazon to help protect you from scammers (Allen Roochove, NCC Techno Buddy, 19.05.22)

Protect yourself from scammers

We want to help protect you from scammers that attempt to impersonate Amazon. Remember these important clues so that you can identify scams and keep your account and information safe:

  1. Never feel pressured to give information (such as your credit card number or account password) over the phone, especially if the call was unexpected. Scammers may try to use calls, texts, and emails to impersonate Amazon customer service. If you're ever unsure, it's safest to end the call/chat and reach out directly to customer support through the Amazon app or website.
  2. Never pay over the phone. Amazon will never ask you to provide payment information, including gift cards (or "verification cards", as some scammers call them) for products or services over the phone.
  3. Trust Amazon-owned channels. Always go through the Amazon mobile app or website when seeking customer support or when looking to make changes to your account.
  4. Be wary of false urgency. Scammers may try to create a sense of urgency to persuade you to do what they're asking. Be wary any time someone tries to convince you that you must act now.

For more information on how to stay safe online, or to report suspicious communications, visit the Amazon Customer Service page, which can be found in the Help section at the bottom of the Amazon home page.

Sincerely,Amazon  


Shutdown vs Restart in Windows 10 - They Do Different Things 

An interesting article from https://www.computroon.co.uk/2020/10/16/restart-vs-shutdown-windows-10/  (Allen Roochove, NCC Techno Buddy - 13.04.22)

There is an old cliché within IT support.... "Have you tried switching it off and back on again"?

However, when it comes to modern day Windows computers, there is a huge difference between simply "switching it off and back on" and "rebooting".

I provide IT support to business and home users. And yes... I have said those words "have you tried switching it off and back on again"?

However, on Windows 10 there is a huge difference between Shutdown & Restart.

In this article, I'll try to explain the difference without going too far into the technicalities.

Let's split them into two categories first.

  1. Shutdown
  2. Restart

Surely the two have the same effect? You are effectively switching it off and on again.... NO.

On modern computers (Windows 10) there is a feature called Fast Boot (aka Quick Boot). This feature is usually integrated in the system BIOS, which means there isn't a way to turn it off within Windows. That said, you wouldn't want to turn it off because it is a clever piece of tech that helps your system boot quicker.

What Shutdown Does

Shutdown takes a quick image snapshot of your preferences and settings (known as hiberfil.sys files). On the next boot it will load them exactly as you were.

Any problems that you were having will still be there when you switch it back on.

What Restart Does

Restart does a whole lot more than Shutdown. Restart will clear the memory, it'll refresh the Kernel, it'll reset the cache, it'll complete pending updates. It will fix 1001 problems, whereas Shutdown simply copies them to a piece of memory so that your problems load quickly the next time you switch on.

Conclusion In Non-Technical Terms

Shutdown = kick your problem down the park and have to deal with them tomorrow.

Restart = Allow Windows to properly fix the fault for you. Windows 10 is incredibly good at fixing itself. It needs Restart to complete most of these processes.

Restart is your friend.



From the 'Malwarebytes Newsletter' (Allen Roochove, NCC Techno Buddy - 11.04.22)      5 ways to Spring-Clean your Security

Posted: April 4, 2022 by Mark Stockley
Last updated: April 5, 2022

It is now officially spring in the Northern Hemisphere, and with spring and the longer days comes the inescapable urge to shake off the lethargy of Winter and embrace the need to go through your stuff, throw a bunch of it out, and give the rest of it a shiny new lustre.

And in our increasingly digital lives, more and more of our stuff exists as bits and bytes on our phones, tablets, laptops and desktop computers. With the trees now full of blossom and the air prickling with pollen, you may feel an urge to straighten out your digital mess too.

If you do, we've got your back, and we humbly suggest that when you're done tagging your dog in every photo and getting your folder names just so, you turn your attention to your device security and give that a little dust off as well. After all, nothing makes a bigger mess of your digital life than malware rummaging through it.

1. Say "yes" to software updates

Patching (downloading software updates) is like fixing the broken locks on the front doors of your digital life-the updates contain code that fixes weaknesses that thieves could otherwise jimmy open with their digital crowbars.

Start your spring-clean by downloading all the software updates you've been putting off. Especially the big ones.

And yes, you've heard this advice before (we hope). Maybe you've heard it a hundred times, and maybe you're heard it so often that you're tired of hearing it and looking for some other advice. Well, fine, there's some other advice below, but this is number one in our list for a reason, so please don't skip it. This is the first and most important thing you can do to give your digital security a spring boost.

2. Say "no" to duplicate passwords

How many online accounts do you have? Twenty, thirty, one hundred? And how many different passwords do you have for all those accounts? If the answer to these two questions isn't exactly the same number-meaning that you have as many different passwords as you have different accounts-then you have some cleaning up to do.

Criminal hackers love it when you use the same password for more than one account. Once they've done the hard work of cracking one of your passwords, they aren't going to waste it, they're going to try it on a laundry list of other websites to see what else it can unlock for them. It's like a twofer at the grocery store for them: Hack one account, get one free!

The way to stop this is to create a unique password for each of your accounts, no exceptions. If you're up for a deep clean, then get yourself a password manager to make the job of creating and storing all those passwords easy. It's a little more effort upfront, but well worth it.

3. Lose what you don't use

We're going to leave you to decide where you want to take this one and how far you want to go with it. We'll just get you started with this simple line of thinking: From a security perspective, "more" is often worse. More apps means more places a hacker might find a broken lock or an open window they can use to break into your device. The same thing goes for your online accounts-each one is a potential way in to your digital life (particularly the accounts you haven't used for a while, aren't paying much attention to, or didn't bother to lock down very well).

It's amazing how many rarely-if-ever-used apps we accumulate on our devices, and how many accounts we open and then abandon online.

So why not lose some things? Ditch some apps you don't need, clear out your unused browser add-ons, and delete some accounts you don't use. The more you lose, the better.

4. Get on top of your email

Criminals use email to spread malware, fakes, and scams, so it is worth paying some attention to. Getting your unread email count to zero is immensely satisfying, and if you do it the right way it can give your security a spring in its step too.

Start by unsubscribing from all the mailing lists and newsletters you never read. You want the email that arrives in your inbox to be full of things that actually interest you, so it's easier for you (and your spam filter) to spot anything that is slightly off. It's just like step #3-lose what you don't use.

Now go through your email and mark the things that look like scams, spams, malware, or junk as "Junk" or "Spam." Every time you do that instead of just deleting shady emails, you are actually training your email's spam filter to work more effectively (if you want to know why, read our article on Bayesian Filtering). To work correctly your spam filter needs a few thousand up-to-date examples of both "good" emails and "bad" emails, so you want your inbox to be full of good things you care about, and your spam folder to be full of bad things that are malicious or spammy.

5. Run a malware scan

Spring cleaning is about the satisfaction of a job well done, and the peace of mind that comes with knowing your environment isn't harbouring any nasties. To get that same sense of inner calm from your computer, put down the bleach and pick up a malware scanner.

A malware scanner is the quintessential deep clean for your device. It will pick over your files and apps, one by one, and run through them with a fine tooth comb, weeding out any malware that's lurking in there undetected.

Now, we're going to toot our own horn a little on this one. We try to give good, sensible, impartial advice on this blog, without somehow making everything about us and the things we make. Well it so happens that our scans are famous for their ability to pick up things that others miss, and it wouldn't make any sense if we didn't mention it when other people will happily tell you the same thing. So, if you want to scrub all the dark and difficult corners of your desktop or laptop computer, we honestly think the best advice we can give you is to run our anti-malware scanner. Sorry, not sorry.


Over 20,000 people fell victim to remote access scams

From 'Cheshire Police Alerts' (Allen Roochove & Nigel Minnis, NCC Techno Buddies - 06.04.22)

More than £50 million was lost last year to scams where victims are tricked into handing over control of their computer or smartphone to criminals.

New data from Action Fraud, the national reporting centre for fraud and cybercrime, reveals that 20,144 people fell victim to scams where they were persuaded to grant criminals remote access to their device.

Victims reported losing a total of £57,790,384 - an average loss of £2,868 per victim.

What are remote access scams

Remote Access scams will often begin with a browser pop-up saying that your computer is infected with a virus, or maybe a call from someone claiming to be from your bank saying that they need to connect to your computer in order to cancel a fraudulent transaction on your account. Regardless of the narrative the fraudster's use, their goal is to steal your money or access your financial information by tricking you into allowing them to remotely connect to your computer.

Detective Chief Inspector Craig Mullish, from the City of London Police, said:

"While remote access tools are safe when used legitimately, we want the public to be aware that they can be misused by criminals to perpetrate fraud. We often see criminals posing as legitimate businesses in order to trick people into handing over control of their computer or smartphone.

"You should only install software or grant remote access to your computer if you're asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop-up or text message."

How to protect yourself

  • Only install software or grant remote access to your computer if you're asked by someone you know and trust, such as a friend or family member, and never as a result of an unsolicited call, browser pop up, or text message.
  • Remember, a bank or service provider will never contact you out of the blue requesting remote access to your device.
  • If you believe your laptop, PC, tablet or phone has been infected with a virus or some other type of malware, follow the NCSC's guidance on recovering an infected device https://www.ncsc.gov.uk/guidance/hacked-device-action-to-take   
  • Protect your money by contacting your bank immediately on a different device from the one the scammer contacted you on.
  • Report it to Action Fraud on 0300 123 2040 or via actionfraud.police.uk. If you are in Scotland, please report to Police Scotland directly by calling 101.   https://www.actionfraud.police.uk/ 


From 'Malwarebytes Newsletter'  (Allen Roochove, NCC Techno Buddy - 25.03.22)

Facebook phish claims "Someone tried to log into your account"

A phishy email that pretends to be from Facebook tells victims that someone's tried to login to their account, and uses a sense of urgency to try to reel them in.

Posted: March 21, 2022 by Christopher Boyd

Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient's sense of panic to respond without thinking about it.

The mail looks professional enough, and seeks to imitate what would be a fairly typical looking message from Facebook. As for the panic aspect, the phishers have pinned the hopes of this attack onto the old faithful "Someone is trying to login as you, so you'd better do something about it ASAP" routine.

The phish

The mail itself combines a fairly clean design with minimal messaging. There's a tendency with some phish attempts to overstuff the mail with all manner of nonsense to look more convincing. When that happens, we often see increasing amounts of typos or broken mail design. This one simply gets to the point. It reads as follows:

Someone tried to Iog into Your Account, User lD

A user just logged into your Facebook account from a new device Samsung S21. We are sending you this email to verify it's really you.

Thanks,

The Facebook Team

So far, so good. However, it goes a bit off the rails with the two clickable buttons presented. The first one says "Report the user" which makes sense. The second one just says "Yes, me" instead of something more plausible such as "Yes, it's me" or even just "It was me". This may set some alarm bells ringing.

The functionality

What happens when you click the button(s)? The expected process is to be whisked away to a phishing page and enter your details. Not here. This one follows the same pattern as a mail we covered a little while ago.

You may remember the phish attempt claiming to have detected unusual sign-in activity from Russia. That mail didn't bother with phishing pages. Instead, it popped open a pre-formatted mail in your client of choice for you to respond to the creators. Anybody replying would likely receive additional requests for login details or much more besides.

This phish follows the same path, opening one of two pre-filled response styles depending on which button you select. "Report the user" is the most interesting one, pre-filling the subject line as "Send statement".

What is sent back may be a booby-trapped document of some kind, or perhaps phishing done through a form. It's also possible the dialogue will simply continue via mail. Whatever they're up to, they should be treated with the cold shoulder they so richly deserve.

Go to the source

Always remember to navigate directly to the sender of supposed security alerts. If it's genuine, you should be able to address whatever issue you've been sent. If there's no sign of it, consider sending it along to them directly. It may be a scam sample they've not seen before, and this can in turn help them to protect a wider userbase. Above all else: don't panic, because this is how attackers can trick you into doing something you'll regret.

"Report, block, and go about your day" 😉



From 'Hastings Direct Car Insurance' (Allen Roochove, NCC Buddy - 25.03.22)

Unfortunately, statistics show that car crime is on the rise. Part of the reason is an increase in vehicle technology, which can make cars more vulnerable to theft and parts more attractive. For example, keyless entry can be open to relay theft (where the key signal is intercepted, then used to access and drive the vehicle away). Valuable parts, such as catalytic convertors, are also being targeted.

We want to help you understand the risks, so you can be aware of what to look out for and what steps to take.
To keep your vehicle a little safer, here are some really simple tips to follow.
1     While it's tempting, don't leave your car with the engine running.
2     If you've got keyless entry keys, try and keep them out of the communication range of your car and store them in a Faraday Bag when not in use - thieves can use your key's signal to gain entry to your car.
3     Always double-check you've locked your car, and your windows and doors are shut correctly.
4     Don't keep your keys close to your front door or somewhere visible, like a hallway table.
5     When you're away from home, park in a security-attended car park if you can.
6     If you don't have a garage, park in a well-lit area that's covered by CCTV.
7     Think about fitting a tracking system to help get your car back if it's stolen.
8     Never leave your sat nav or mobile phone on show when you park your car.
9     Consider fitting a catalytic convertor lock.
10   Try and park close to a wall or another vehicle to reduce access to your exhaust. 



From 'Neighbourhood Alert' (Allen Roochove, NCC Buddy - 28.01.22)

Due to a recent spate in thefts from motor vehicles, please ensure you remember to lock your vehicles & don't leave them open to access

Prevent your home and/or car from being targeted by burglars:

🚗 Lock your vehicle at all times, and don't leave any valuables in your vehicle

🔑 Lock all house doors and windows - even when home

💡 Leave a light on to give the impression someone is home

Keep yourselves and your valuables secure


BEAT THE PENSION SCAMMERS - really helpful article from our Computer 'Techno' Buddy, Nigel Minnis (17.11.21)

In these challenging times, we would like to remind you to be alert to the danger of pension scams.

'Action Fraud' estimates that £2m was lost to pension scammers in the first three months of 2021.

If you are facing financial difficulties, maybe as a result of the pandemic, you may be tempted by offers to transfer your pension into 'guaranteed' or 'high-value' investment opportunities.  

In many cases, the money will be stolen outright. AND, if you try to access your pension before the age of 55 (unless you have a long-term health condition and cannot work or have a protected pension age) you will face a huge tax bill on top of that!

Scam tactics include: - 

Contact out of the blue

Promises of high/guaranteed returns

Access to your pension before age 55

Pressure to act quickly.

Follow these four simple steps to protect yourself from pension scams

1. Check who you are dealing with

Go to https://register.fca.org.uk/s/  to make sure that anyone offering you advice or other financial services is authorised by the Financial Conduct Authority (FCA).

2. Reject unexpected offers

If someone you do not know contacts you to talk about your pension, chances are it is a scam.

3. Do not be rushed or pressured

Take your time to make all the checks you need - even if this means turning down an 'amazing deal'!

4. Get impartial information and advice

You can use the new Government-backed website, https://www.moneyhelper.org.uk   to get help and advice with your pension.    

If you prefer to use an independent financial advisor, be sure to use one that is regulated by the FCA.

Visit   https://www.thepensionsregulator.gov.uk/pension-scams?utm_source=offline&utm_medium=literature&utm_campaign=pension_scams_2018_q2 or https://www.fca.org.uk/smartscam  to find out how to protect yourself.

Buyer Beware!!!

Great advice from our Computer 'Techno' Buddy, Nigel Minnis

Thinking of buying a new laptop or computer?   With Windows 11 due this year and possible Windows 10 support being ended in 2025, check that your new machine will support Windows 11. 

His advice - "Get a signed statement that your new machine will support Windows 11. Later, if your machine fails to support Windows 11, you should apply for a refund as the machine you were sold was 'unfit for purpose'!"

(24th August 2021)




High-Speed Internet, "Be Aware"

New 'fibre optic' broadband cables are now being installed in our area, which will deliver 'high-speed' Internet directly to your home.

Leaflets are being delivered from companies offering to connect you for about the same cost as your current provider.  

But be careful - these cables are 'Data Only' and will not support your landline telephone. 

You need to discuss this with the new company before taking up their offer. 

If you still use a landline then, before you switch, make sure a landline can still be provided

Nigel Minnis, NCC 'Techno' Buddy  (24th September 2021)




"Backups" 
Chris Truss, Systems Manager
4th September 2021

Please note that this is written as a very generic guide and that 'Neston Cyber Centre' takes no responsibility for your data or the services or options you might choose to use.

How many of you have only one copy of your precious photos, videos, and important documents more than likely stored on the very phone, tablet,  Laptop or Desktop PC you are reading this webpage on?

The question is, 

"What if your phone/ tablet/ laptop/ PC gets dropped or stops working or even gets stolen?"  

What are your options?

1.   USB Stick:-   perhaps one of the cheapest methods, simply 'drag and drop' (copy + paste) files from one location to another. These can be picked up for £20, and sometimes much less.

2.   External Hard Drive:-   same as a USB stick, but generally allows more storage for the price.  The downside is you must remember to perform the backup regularly to keep your files up to date.

3.   'The Cloud':-   where your files and photos are copied (synced) onto another 'remote' computer. Some are free up to certain limits, often less than those options listed above

Some of the well-known providers are:

  • Apple iCloud
  • Dropbox
  • Google Drive
  • Microsoft OneDrive

'The Cloud' offers you a 'set and forget' option, but as the Cloud is connected all the time anything that happens to your files gets copied (synced) over almost immediately, so if a virus attacks your files, you will most likely lose that same file in the cloud.

4.   Backup Services:-   true backup services which operate like option '3' above without the drawback of 'automatic sync'.  They do this by keeping multiple copies (or versions) of your files.

The downside is that they incur a monthly cost, and this can vary based on how much data you have to back up

Common Backup Services are:

  • Acronis True Image
  • Backblaze
  • Carbonite
  • IDrive

I hope you found this article helpful and informative - remember you can always chat with one of our computer buddies and get more information and guidance, we're only too pleased to be of service to you

Chris Truss, NCC 'System Manager'





Email, phone call and text message scams

August 2021

You might find this article helpful - it's from the Government's 'National Cyber Security Centre'  

https://www.ncsc.gov.uk/guidance/suspicious-email-actions 

Criminals want to convince you to do something which they can use to their advantage.

In a scam email or text message, their goal is often to convince you to click a link. Once clicked, you may be sent to a dodgy website which could download viruses onto your computer or steal your passwords and personal information.

Over the phone, the approach may be more direct, asking you for sensitive information, such as banking details.

The criminals do this by pretending to be someone you trust, or from some organisation you trust. This could be your Internet Service Provider (ISP), local council, even a friend in need. And they may contact you by phone call, email or text message. The term 'phishing' is often used when talking about emails.

Scams during the COVID-19 pandemic

While everyone is worried about the coronavirus, cyber criminals have seen this as an opportunity. In emails and on the phone, they may claim to have a 'cure' for the virus, offer financial rewards, or encourage you to donate to worthy causes. Like many scams, these criminals are preying on real-world concerns to try and trick you into interacting. They may also mimic real NHS messages.

These scam messages can be very hard to spot. They are designed to get you to react without thinking.

If you think you've already responded to a scam, don't panic. Whether you were contacted by phone, email, or text message, there's lots you can do to limit any harm.

Reporting suspicious messages

The message might be from a company you don't normally receive communications from, or someone you do not know.  You may just have a hunch. If you are suspicious, you should report it.  By doing so, you'll be helping to protect many more people from being affected.

Email

If you have received an email which you're not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk 

Text message

Suspicious text messages should be forwarded to 7726. This free-of-charge short code enables your provider to investigate the origin of the text and take action, if found to be malicious.

Spotting suspicious messages

Spotting scam messages and phone calls is becoming increasingly difficult. Many scams will even fool the experts. However, there are some tricks that criminals will use to try and get you to respond without thinking. Things to look out for are:

  • Authority - Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.
  • Urgency - Are you told you have a limited time to respond (such as 'within 24 hours' or 'immediately')? Criminals often threaten you with fines or other negative consequences.
  • Emotion - Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
  • Scarcity - Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
  • Current events - Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

If it could be genuine

If you think a message or call might really be from an organisation you have an existing relationship with, like your bank, and you want to be sure:

  • Go back to something you can trust. Visit the official website, log in to your account, or phone their advertised phone number. Don't use the links or contact details in the message you have been sent or given over the phone.
  • Check to see if the official source has already told you what they will never ask you. For example, your bank may have told you that they will never ask for your password.

For further information, visit

 https://www.ncsc.gov.uk/guidance/suspicious-email-actions

Allen Roochove, NCC 'Techno' Buddy