Cyber Security Tips

[Uncle Al]

Beware of "games" on social media websites

Cyber Security Advice 2020-10-27.jpg

Be warned - Be safe

Uncle Al

[moonshadow]

Good advice.

Though my "hometown" is a made up name. It's childhood city name that I used when I would build pretend towns with my toy cars and Legos.

Nobody... and I mean NOBODY knows that towns name, and it doesn't exist in any Google search.

My "first dogs" name is once again, the name of a dog that nobody knows I ever had.

[crfriend]

One would think that nobody would be so naive as to fall for stuff like that, but people do -- and the crooks know it. There's money to be had, and that's also why it's not prosecuted properly

When confronted with something like that, the first question I always ask myself is, "Why is this being asked of me?" If it makes no sense within a general context I merely ignore the message and the request -- especially if it's in "social media" or e-mail.

[Fred in Skirts]

When I am asked to give an E-Mail address to be able to access a site I make one up that will pass security checks for that website. IE: newspaper sites, information sites etc..

I never give any of my security information. And I do not respond to Emails that want my information either..

[6ft3Aussie]

One of my personal peeves is if you wish to, say, for example gain access to services such as TV on demand, so that you can watch content that you may have missed etc, requiring you to verify your email address before you can view content.. The TV station/government is obviously tracking what you watch..
That and when you go into some shops or use the shopping centre's "free wireless internet" they try to sign you up to their newsletters, offers, and a never ending barrage of spam that you can never seem to be free of.

If there's something I want that asks for your email address, I will make something random up or use something like antispam_emailaddress.com, which case if it's only ever seen by a computer (and not a human) you're unlikely to be bothered too much by that barrage of spam.

There used to be a program called Mailwasher that I used years ago, it would access your email server and allow you to see what emails were there, mark, produce a bounce response (making your email address appear unreachable), and if you want, blacklist specific email addresses or entire domains.
I don't know if there is still such a program out there, but it was very useful.

Nowdays, the connection that I use does not use a conventional modem, rather a Juniper firewall/router, with it's WAN connected to the media converter from coaxial to Ethernet, and a connection with a static IP address, and it's very locked down, with certain ports forwarded to specific internal IP addresses for applications like VoIP phones, IP cameras, RoIP node... I get my service by way of a 9.3 km microwave link to my place.

[Shilo]

I am always suspicious of anyone asking for details of any kind. I regularly get spoof PayPal messages claim my account is compromised and occasionally some from banks I don’t deal with. Interestingly the banks don’t seem concerned when I report them. I have the PayPal email in my saved addresses. Who knows how many are successful. What is of more concern is marketing messages I get from internet searches or my wife has. They are obviously tracking the hope IP address. For this reason don’t do internet banking only telephone. If I ever reply to an email I don’t use any provided link. It’s unwise to say I’ll never be caught out Hopefully they’ll go in search of easier prey

[Sinned]

I once tried to ring HSBC using their published telephone number but never got to finish the call. Once dialled in the system started requesting date of birth, sort code, account number so when it was getting to this level of snoopiness I terminated the call. There didn't seem any real requirement for all that information and no indication of how much more information was wanted before an actual human would be there to talk to me. I'm not sure if I would bother trying to use the phone to contact them again and maybe that is the point - to try and deter telephone contact. Maybe I could try the tactic of giving information that fits the template but is not information that would relate back to me. Then see if any of the data is checked to their database. Hmmmm.

[Big and Bashful]

I have an old yahoo mail address which is used for most of my on line stuff, disposable stuff like website registrations, Google etc. I use that address for any registration where I might end up getting spammed. I have my own domain and email which I keep for interchanges with friends and trusted stuff, there are two or three other email addresses that I have acquired over the years but don't often use.
Passwords? absolute nightmare, I have a document that must be about 8 pages of different sites, my registration details and passwords for each one, that is kept in a secure electric locker that doesn't open without my face being involved.
I really need to sit down and figure out a way to have passwords remembered and synchronised between my pc, laptop, iphone and ipad, that would be really useful. I suppose the Chrome password manager might do this but haven't looked into it yet, it already syncs my shortcuts so it probably does.
If Chrome doesn't or isn't properly secure (Is anything that is tied to Google secure? I don't think so!) then there must be third party managers that can do the job, hopefully!

[greenboots]

I use Roboform Password Manager: https://www.roboform.com/
It's free for personal use and comes with add-ons or extensions for all major browsers and OSs and syncs through a secure cloud server. There is a paid version for business. Reviews are positive, and I seem to remember picking picking up the recommendation from a reputable computer tech newlsetter.

If you don't want to share you passwords with a third party (at least one that could potentially decode them) there is also KeePassX https://www.keepassx.org/news which is open source and simply keeps a file on your local machine. I used this for a while between several Windows and Linux machines by saving the file in my DropBox folder. Unfortunately, it's not been maintained since 2016, and doesn't come with a mobile version, so won't work with smartphones.

[Sinned]

greenboots, remember that for "cloud" read a server somewhere in the virtual internot over which you have no direct access or control. So how do you know that it's totally secure? How do you know if they use any form of encryption on your data? Sorry, not for me - don't trust any third party with my passwords. I don't even allow any browser to save my passwords to allow easy future automatic logins.