Tag Archives: Michael McKinnon

Should Kids Be Using Facebook?

Kids can put a lot of pressure on parents to let them use Facebook. However there are several important things that parents should know before making a decision either way.

Did you know?

  • Facebook has a minimum required age to create an account, and for good reason – children can be exposed to inappropriate content.
    For example: Kids may have older Facebook friends or family (perhaps friends of their friends) that post content to their timeline that isn’t appropriate for them to see.
  • Kids themselves may be unknowingly posting inappropriate content or giving away too much of their families private information.
  • When a Facebook account is created for an underage child using a fake date of birth, this gives Facebook a false impression of the child’s real age. This can result in young children being incorrectly targeted by Facebook advertisers and exposed to inappropriate products and services.
  • Kids could also lose all of their Facebook data at any time. Facebook has a whistleblower policy that allows anyone to nominate an account that they think is being used by someone under the required age. If that happens, the account will be shut down and become inaccessible.

 

So do you still think kids should be using Facebook?

How to protect yourself from phishing attacks

Phishing emails and instant messages attempt to lure you with bait, just like with fishing in the real world, which is where the term phishing originated.

Just like a real fish, as you learn to identify the types of phishing bait being used, you’ll drastically reduce your chances of getting caught.

Successful phishing scams utilise three tricks to catch victims:

Urgency

Threatening you with a consequence if you don’t act.
e.g. “A request to terminate your account, or a claim that it’s about to be suspended.”

Curiosity

Offering you some juicy bait, tempting you to act.
e.g. “Attached is a company report that contains the salary information of your colleagues.”

Familiarity

Tricking you into acting thinking it’s from someone you know.
e.g. “There’s an important message from someone waiting for you online.”
 

Armed with this knowledge you’ll be more alert to suspicious emails and messages when they land in your inbox.

 

#1: Check the facts before acting

Verifying the authenticity of a message can be a challenge- especially if the sender’s email or social media account has been hacked.

Here are two easy ways to check whether or not the message is a scam.

  • If you know the sender, contact them using another service (email, social, phone etc) to check that their message is legitimate.
  • If not, enter the subject line or some other small part of the message into your favourite search engine.

If your search reveals others who have reported this message, or are asking questions about its authenticity then you’ve proven two things – first, you’re not alone and second, it probably is a phishing, scam or hoax email.

 

#2: Make sure it is safe

A phishing email or instant message typically contains a web link (URL) to click on, and in the case of an email possibly even an attachment of some kind.

Check out this video to learn how to tell if it’s a bad link or not:

Video

Video: How To Tell If A Link Is Safe

 

However, it’s worth emphasising that knowing if a link is truly “bad” before you click isn’t a perfect science, and often security professionals can’t even tell until they visit it.

If there’s an attachment on the email you need to be particularly careful NOT to open it.  Believe it or not, even PDF and Word files can be infected!  If you weren’t expecting the file, don’t open it.  No exceptions.

A great way to help with these safety checks is to protect your devices with antivirus software which will scan all files and attachments for malware and even scan links to check they are safe.

 

#3: Report it

Lastly, if you do spot a phishing email, be a good online citizen and consider taking the time to help out by immediately reporting it directly to the legitimate organisation or person that’s being impersonated.

Many large companies, particularly banks, have websites dedicated to providing further resources and information about how to stay safe from phishing, along with ways to report phishing cases to them, and also examples of recent scams that are circulating.

Each and every one of us has the ability to improve the lives each other online, so make sure you share this information on how to stop phishing with those you care about.

 

Until next time, stay safe out there.

 

How to secure your online email accounts

If you use an online email account such as Gmail or Hotmail, there are some simple steps that you can take to ensure that you account is secure and your data is kept private.

AVG’s Michael McKinnon has some security tips to help keep you safe:

 

Video

How to Secure your Online Email

 

Here are Michael’s Tips:

1. Make sure you are using a long, strong and unique password that isn’t used anywhere else.

2. Enable two-step verification.

3. Look at your account history and sent items folder to see if anyone, other than you, has accessed your account recently

4. Backup and delete any old email that you no longer need, especially email that might contain sensitive data like old passwords or financial information.

 

For more online security tips, visit the AVG Academy on YouTube

 

Until next time, stay safe out there.

Is It Safe To Give Out your CVV Code?

If you’re a regular online shopper like me, you’re sure to be familiar with your credit card security code – otherwise known as the card verification value (or CVV).

If not, you can find the 3-4 digit code on the back of your VISA/MasterCard (the final 3 digits of the number printed on the signature strip) or on the front of your Amex card (the separate 4 digit code above the card number).

 

The intended purpose of the CVV is to provide added security when making purchases over the internet – it helps to verify that you’re in possession of the card, as the code shouldn’t be known to anyone other than you as the card holder. So it’s essentially a way of counteracting credit card fraud.

 

Is it safe to give out your CVV?

For online shopping, the answer is generally yes – it’s just simply a good idea to stick with well-known, reputable companies that you trust. You’ll find that most online retailers nowadays do require a CVV for purchases, which is encouraging because it means that they’re actively trying to prevent fraudulent transactions occurring on their site.

You may also be asked for your credit card security code when processing a payment over the telephone. As with online transactions, it’s usually safe to do this – you just need to be sure that no one overhears the details you give out (so avoid public places when doing this).

On the other hand, when purchasing an item or service in person, you should never provide the details of your CVV. In fact, there’s no need for the retailer or service provider to request this – it doesn’t show up when the card is scanned normally and they have other ways of verifying that you’re the authorised card holder (signature or another form of identification) should they need to.

Handing over your CVV for purchases completed offline serves no purpose other than providing someone with the opportunity to steal the information. Because if they were to do this, they’d have everything they need to go ahead and make a bunch of fraudulent online transactions – on you!  

Tips for staying safe

To avoid any issues with security or credit card fraud, there are a few things you can do:

  • Only transact with reputable websites that you trust. And when you do, follow our 10 golden rules for safe online shopping.
  • Install internet security software on your PC, tablet and/or smartphone. Doing this will help you steer clear of malware and phishing messages that could lead you to fake websites designed to steal your personal details.
  • Always keep a close eye on your bank statement to identify any charges that haven’t been authorised.   
  • Never read out the full details of your credit card in a public place, or write them down anywhere for someone else to find.
  • Avoid making payments over the phone with a credit card, unless you make the call directly and obtain the number from a trusted source. Scammers have been known to cold call victims and convince them that money is owed immediately for a problem that doesn’t exist!
  • Don’t provide your CVV when processing a payment in person. It should never be required and if someone tells you otherwise, it’s a reason to be highly suspicious!   

Have you had any dramas when using your credit cards online? Share your story with us below.

How to make a strong password in 3 easy steps

The truth is that the most important aspect of a password is actually length: a relatively simple but longer password is harder to crack than a really convoluted short one.

With that in mind, we put together a really simple method for you to create a strong password, and not go insane trying to remember it.

Password Infographic

 

Little systems like these can help you create strong passwords easily. Updating them can be simple if you add a simple letter or number to change over time.

If you still find this too complicated, you can always use a password manager like RoboForm.
With a password manager, you’ll only need to remember a single master password: it will create new random passwords and remember them for you every time you need them.

Scammers trying to steal Netflix passwords, and more

A flurry of news concerning Netflix in recent days has presumably motivated this recent phishing attempt, as scammers continue to pursue current events and breaking news stories to attract victims.

In the email is a red button “CLICK HERE TO VERIFY YOUR ACCOUNT” that leads directly to a replica Netflix login page, as well as pages that ask for personal details including Credit Card information.

 

Unsuspecting Netflix customers who are tricked into this process will not only divulge their account password (which they may have used elsewhere), but may also have their credit card details stolen and used for fraudulent purchases.

 

If you do receive a Netflix phishing email you should report it officially to Netflix by forwarding the message to [email protected]. Further information about keeping your Netflix account secure can be found here.

Until next time, stay safe out there.

 

AVG at Kiwicon 8 in Wellington, New Zealand

But this is no ordinary conference, this is “Kiwicon” the eighth consecutive annual security conference held in Wellington, New Zealand whose theme this year is – “It’s always 1989 in computer security”.

No expense has been spared by the organisers to reinforce the 80’s theme including name badges in the form of real audio cassettes (yes, they still exist) that are labelled with your hacker name.  I’m afraid my hacker name of “Michael” was somewhat plain in hindsight!

The self-deprecating humour scattered throughout the Kiwicon website and program guide is nothing short of amazing; a must-read if you get the chance.  And the permanent stage props of a Llama and Sheep really help paint the picture of a conference that has a wonderful relaxed, if not quirky tone.

With more than 1,100 security geeks attending, including many international guests, this conference is likely the closest thing to DEFCON this side of the Pacific; and from comments I’ve heard from fellow attendees, maybe even better.

The first day has concluded with talks as diverse as real cases of journalists and human rights activists being hacked by suspicious government actors, to researchers who reverse engineered the Bluetooth powered controls of an electric skateboard.

Presentations at Kiwicon tend to be very technical, and give you an insight into the genius minds behind some of the leading edge security research that over time assists in keeping all of us safer online, as vulnerabilities are discovered and disclosed.

Day two of Kiwicon is packed with topics such as a walk through of techniques that can be used to detect hoax images that are all too familiar on the Internet these days, as well as some possible disclosures relating to Minecraft which may well turn into breaking news.

But if attending security talks aren’t your thing, the conference also offers the chance to participate in a hacking challenge, lock-picking competition and other activities to keep the minds of the brightest up and coming security professionals occupied.

Until the next conference, stay safe out there.

Why Android phones and tablets need Anti-Virus

Smartphones and tablets are now as powerful as your three year old desktop or laptop computer, which is why it’s just as important to ensure they are secure. And this is especially true for Android devices. In fact, as much as 97% of all mobile malware (that’s fake apps, viruses and scams) is on Android.

But how does malware get onto your phone in the first place? Here are the three top ways that malware can get onto your Android device and how a simple security app can help to keep you safe.

Video

Android Security Basics

Installing ‘untrusted’ apps

Only using the Google Play Store, or another trusted source for your apps is the default advice for every Android device owner.  And it’s good advice because reputable market places will often scan their apps to ensure they’re safe before you download them.

However, Android also provides the ability to download and install an app directly from a website – as a file with the extension “.APK” – provided, of course, that you first enable the security setting to allow “Untrusted sources”.

Anti-Virus for Android will not only help detect potentially malicious apps, it will also alert you to ensure you keep that “Untrusted sources” security option disabled, except for rare occasions when you might need to temporarily enabled it.

 

Web links and browsing

It’s not just rogue apps that can give you a bad day.  Browsing web sites from your Android phone and tablet can put you at risk.  And there’s also the inconvenience of having your device stolen or lost forever.

Surfing websites from mobile devices is amazingly convenient for you, and the scammers. By exploiting known vulnerabilities, especially in those older Android devices that aren’t up to date, just clicking on a malicious link can be enough to wreak havoc.

Luckily, a good Anti-Virus app which can also scan links and provide protection against phishing attacks will help you surf more safely.

And when it comes to losing your Android phone to tablet, Anti-Theft features allow you to remotely locate, and if stolen, remotely erase your device for peace of mind.

Challenge of Keeping Updated

The ability to keep your Android phone or tablet running the best version of Android with all the latest security fixes depends on a number of factors.

Firstly, the manufacturer may have shipped your device with a modified version of Android to make it behave a little differently.  For example, if you have a Samsung device using the “Touchwiz” interface, or an HTC with the “Sense” look and features.

Second, if you purchased your phone or tablet through a telephone company there’s a good chance it came bundled with some extra apps and features too.

All of these modifications, while arguably adding some value, delay the deployment of security fixes released by Google.

Often you have to wait for  either your telephone company or the device manufacturer (or both) has to refresh their modified versions of Android before you get the benefit.

A good Anti-Virus app can help to keep your device secure until those security updates arrive.

These are just some of the reasons why Android phones and tablets need Anti-Virus.  Do you know of any more?

Reporting from AVAR 2014

Kicking off proceedings was Dr. Andrew Clark from CERT Australia (the Australian Government’s Computer Emergency Response Team) who highlighted the many challenges in cyber crime that the Asia Pacific region faces, and how collaboration with neighbouring countries is helping those efforts.

Industry veteran Graham Cluley reminisced on his more than 20 year career with tales of some of the first viruses and malware, many of which now seem so harmless compared to today’s standards.  He also included an amusing rendition of what he calls the “Anti Virus Industry Song”.

“Why can’t we have a virus called ‘Lumpy Trousers’?”, quipped Graham Cluley at one point in the conference, but there was no shortage of interestingly named threats during the conference – such as Dragonfly, Citadel, and even Chuck Norris.

The topic of the Internet of Things inevitably emerged, including discussion of vulnerabilities affecting hundreds of thousands of Internet router and gateway devices used by homes and businesses globally.  Hardware manufacturers were reminded once again not to build devices with backdoors, and to implement better security by design.

As the two day event concluded, a number of industry veterans took to the stage with their musical instruments to rock into the night, entertaining delegates and proving just how collaborative and supportive the Anti-Virus industry is as we all do our best to protect the world from the scourge of malware and online threats.

Image courtesy @alenkacz

 

Until next time, stay safe out there.