MTS-2024-09-05 #920

Welcome, everyone. It's the Mike Tech Show, show number 920. Tonight's show, the majority,

the topic is security. I'm going to go over security tips that I put together for cyber

security awareness and training that I will be presenting and scheduled to present for

clients, my biggest client. It's going to be four separate sessions to cover the whole

company. What motivated it for tonight is what happened this past week. I'm going to

talk about Venmo issues. Then I have three really, really good emails. Let's start with

the Venmo. Our client called and talked to my son. He has a small business that he runs.

Out of his house. He uses Comcast email, and he said he was hacked. He was hacked on three levels.

He was hacked. His Comcast email was compromised. This is now the third client within a couple

weeks that their Comcast email has been compromised. We were able to get control of that,

but what we could not get control of was Facebook. Let me mention something about Facebook. He is the

person that we've ran into that has lost their Facebook account. And I'm going to tell you why

when your Facebook account is hacked and you don't have two factor authentication,

which to me right now is the most important lesson. If anything that you take away from this

show, every social media site, every email,

email service that you use, everything that you use, especially it goes without saying any

banking or financial, you have to have to put and turn on multi-factor authentication.

And it's, that means you have to have a smartphone with a cell phone number and you'll get a text

message and a code. And then you, if after you log in with a complex password, they will send

you a code. And then you have to log in with a complex password. And then you have to log in

with a code and you can get in because here's what the bad guys are doing. They get into your

Facebook account and Venmo and cash app. And because you don't have two factor authentication

turned on, they turn it on for you. Only they have it go back to their phone. So you don't

have access to it. Then they, they change the password. They, they verify now with their,

with, with the cell phone and they change the email account that's associated with it.

So the Facebook, my client went through everything, all the processes, and it's a

disgrace what Facebook does. But what I tell you about Venmo is it's way, way worse.

So with Facebook, they have totally lost access to it to the point where Facebook does shut it

down. And then they turn it on for you. And then they turn it on for you. And then they turn it on

for you. And then they turn it on for you. And then they turn it on for you. And then they turn it

on for you. And then they turn it on for you. And then they turn it on for you. But you can never

get that account back. And one of them, well, not, no, all three, they're selling services and

equipment and different things under your name and they're doing it. And you can't do anything

about it. You try to reset the password. You can't because the email's going to the wrong place

or that the code is being sent to the wrong. You fill out all the forms that they tell you to fill

out and it does.

Nothing, nothing. Now, at least they shut it down and they have done that for the three people

that I know they have shut down those Facebooks and then they can create it with a different email

account, a different, you know, use a variation of their name. And this is bad, but the real

horror story here is Venmo and the client, he was locked out of his Venmo and I'm going to have

links to the first one. How do I recover my Venmo account and reset the password? Were you supposed

to say, forget password? Well, guess what? It's going to the wrong email. It's going to the wrong

phone number. So how do you do it? How do you reset it? So the first thing they always tell

you to do is reset the password. Yes, I agree with that. You got to reset your password,

but what if you can't because you are locked out? Then if you didn't receive the code,

they tell you to check.

Junk and spam. And then the code moves to another phone number. If the number associated

with Venmo is someone else's number, we will receive the code, but we'll not be able to access

your account. You can update the number before requesting the code, and then only you can reset

the Venmo password. Well, the bad guy already did that. So the lesson is you need a secondary email,

which is a secondary email.

Which is the recovery email for the account. So if you set it up with abc at gmail.com,

you better get another Gmail account. That's a backup Gmail account that you'll check and that

you have access to and set multi-factor authentication for those email accounts. And then

start hitting all your social media. Make sure the backup email is the recovery email for that

secondary email.

Email that they ask, make sure that you have your cell phone number in there for multi-factor

authentication. And you've just protected yourself from being compromised. Here's where the shame

on Venmo is that even all of the things that you try to do, and you try to email on my son,

work with him for a couple of days, just trying to get into the Venmo account. Oh, by the way,

my client did eventually get into the Venmo.

After four days. And guess what? It was emptied and he had $20,000 in his Venmo account. Now

everybody's thinking, why would you keep that much money in Venmo? I know when I get paid Venmo,

I have it immediately transferred to the bank. That's linked. I don't know. And we didn't go

down there, but here's what happened.

And this happened before he realized he couldn't get in. There were consecutive $200 transfers,

hundreds of them going to different banks and rotating the banks that they, that they're going

to. And now it's all, it was all gone. And of course, Venmo's, you know, not responding to

anything for that.

I want to know how that couldn't be flagged, that there's no process in place for Venmo

to flag suspicious activity. And the extreme opposite. I was trying to use Cash App over the

weekend and I don't use it. I use it once a year to buy a service that I have to use Cash App for.

And I'm trying to renew the service using Cash App. I'm trying to send money to Cash App and

guess what? They won't, it wouldn't go through. It wouldn't accept the money for the bank accounts

that I verified and I have attached to Cash App. And when I contacted support via a chat with the

help, they told me, well, it's because there's been no activity for a while. So we don't trust

any transaction you're trying to do. That doesn't, that doesn't make any sense. So be careful. PayPal,

A,

don't leave big amounts in there or don't, here's the way to look at it. I can afford to lose

everything in that account. And if your answer is no, well, get it out of there. Leave the bare

minimum that you need to have. Activate, make sure you have an alternate email and then make sure

you activate two-factor authentication. So I have that link.

And then another link, Venmo Frozen account. And when you see the minimal information that they

give you, you have no way of contacting anybody. You're on your own. And that's why the bad guys

will win constantly until these services take hacking seriously. They're not. Facebook does

not care about security. Cash App,

why are you in business? That's what I ask. If you're going to, you know, that's, that's where

they went to the extreme. Okay. So how do you use the app then? And Venmo does not care about

security. And I'm sure there are a lot of other services. So what about Instagram? What about

all the Pinterest? I don't know. You know, there's so many social media services. You got to make

sure that you've done your due diligence. And if you don't, then you're not going to be able to

do it. And you've heard this too bad. You can't be lazy on this. This is something you got to get

on the ball, which leads me to the, the, the, the guts of tonight's show, which is 15 tips,

cybersecurity and safety tips. I have the PDF ready to upload. It will be available after the

show.

I will go into my file manager and go daddy, and I will add the PDF and it will be part of the show

notes. So let's begin. And a lot of these are obvious and they're easy, but I'm going to go

through some of them quickly. And then let's see where we're at. The first one, be alert,

use common sense and think twice before clicking links, opening attachments,

visiting websites or responding.

To emails or phone calls. Many cyber attacks can be prevented. If you take a moment to consider

your actions and potential consequences, a lot of people don't think, and they react. And we've run

into a lot of new clients that they're recommended to us to help them because their system's been

compromised. And it's because they've responded to something that they shouldn't have. And you,

you don't trust them. You don't trust them. You don't trust them. You don't trust them. You don't

trust them. You don't trust them. You don't trust them. You don't trust them. You don't trust them.

You, you gotta, you have to mistrust everybody. You can't trust anybody, anything, anything you

hear, anything you read, anything you see, you have to have an eye of distrust that let's,

let's vet it a little bit. Take a look. Don't click on that link. If somebody is sending you

an email that you know, and they're requesting you to connect, to get in touch with them, to get in

to a document or something where you expecting them to send it. If you weren't, don't do it. And

if you know the person, call them, call them on the phone and ask, Hey, did you send this simple

logic? No, how to identify phishing attempts. This is number two, be wary of emails or calls

that require immediate action or ask for personal information. Yes. Don't answer those questionnaires

on Facebook where,

they're asking you all kinds of personal information that you're filling out in the

guise of something else. They could be the security questions. They could be the answers

to security questions. People don't realize it and they'll go through and they'll, they'll answer

them. Use two factor authentication. I think I've said my piece on two factor authentication and why

create strong,

passwords. My minimum is eight characters. And I'll tell you a lot of services. Now

want more proof point for an admin. You got to have 12 characters. So eight characters,

an uppercase, a lowercase, a number, and a symbol. I always add, I want two symbols

and you cannot spell a real word that can be found in a dictionary.

Or a name. Don't use anything of the birth dates of yourself or your children or your grandchildren.

This is the biggest problem that I run into where email has been compromised. And actually there's

a, another thing, which we're querying our client who lost the money on Venmo. He thinks he filled

out information to something that was false.

And that's where it all began. So we get to the root and Tim and the chat just mentioned something,

which I have here as a, um, uh,

to, to look at, which is use a password manager. I suggest robo form. That's what I use. There's a lot of them out

there. Use a password manager and the password and a password manager that works cross platform your phone.

your Windows system, your Mac. I live in all those worlds, so RoboForm works on all of them.

Security question answers, and I've always said this, when you reply to a specific security

question, spell your answer backwards or add a PIN number to the front and the back

of every answer. So this way, nobody can guess your security question answers.

Very simple. And when you're thinking about it, you're like, wow, that's a great idea.

And that's why I have that down here. Lock your devices. Never leave your devices unattended.

And if you do, make sure you have password protected, your phone, your tablet, and log

off your devices. And a great tip, if you're a Windows system and you're in an office or

at home, you don't even want your kids to accidentally work on the most secure thing

we teach everybody in any office that we've run into, you have that Windows key, the one

with the little four windows on it that no one ever knows what to do with it. Well, guess

what? Holding Windows and pressing L, that Windows key L will lock your screen. So now

you've got to enter the password that you've set up for your system. Keep your apps and

software up to date. Very important. Always apply your Windows updates. Apple always

has those emergency updates. I hate them, but you got to do it. You got to update your

apps. All of your, you know, whether it's Microsoft Office, when Firefox or Chrome says

there's, you know, a new one ready to go, do it. Maybe finish up the task that you're

working on, but make sure you apply the update because there's always going to be a new one.

The whole somewheres limit activities on public wifi. I always recommend if you're in a public

place or in a hotel, you're in a Starbucks and you've got to get on the internet, tether

your phone as a hotspot. And if you can't do that, wait until you're on a private secured

network, a network you trust, and even networks you trust, do not do any banking, do not do

anything involving financial information. A VPN like newer VPN and some of the other ones out

there. Yes, that works. Costs money, slows you down a little bit. But if you are constantly put

in a situation where you're on public wifi is a lot because you're doing a lot of traveling,

then look into a software VPN, back up your computer, back up, back up, back up. That's

our mantra.

All the time. Make sure you have an external backup to a drive. If you're really concerned

and you should be for a disaster recovery situation, back up online. There's lots of

services out there. And if you want recommendations and help email me, Mike tech show at gmail.com

and I will help you out. Protect your personal information. This is number 10. Do not store

personal, personal, personal information.

Identifiable information, such as a social security number, credit card numbers on your

computer, unless it's in an encrypted file. Never, never. We don't take, we don't write down

or take a credit cards. We take the credit cards, but I enter them right into the square app over

the phone and that's not saved. I don't have access to that. So just be careful of personal

information.

Don't leave them on your computer screen, all phone calls. This is a conversation we

have with an older, older clients that are constantly scammed over a phone. This is where

it's Mike. They identify themselves as Microsoft or Apple or even the IRS. They will not call

you. They will not call you.

And, and it's really a shame.

Because, and I, I think I've said this before. There is a segment of the population and we

have clients that fall into this category, you know, older, older clients that are residential.

They find it inconceivable that another human being would want to take advantage of them.

Why would another human want to do that? That's tough. It's tough to get through to those

individuals.

That, and it's sad because some of them have been compromised more than once because they

are conned by the social engineering aspects. And this is how you have to deliver this information.

If you're in front of a group of people and you're going over this list, you got to look

at your audience and adjust accordingly. So when I'm giving this at an office, I'm going

to slant it to the office a little bit, but still go over it.

If you're at a meeting, you don't have to, you don't have to, you don't have to go over

everything screen all calls. We actually recommend to people to not answer their phone

at all. If you have a landline, don't answer it, let it go to voicemail and screen the

call and only call back people that you know.

Do this is a big one. And you know, I've done a show on this. A little while ago.

Do not reply to unknown text messages. There's horrible scams that they will text you. The

and lure you into, you, you have sort of a texting relationship with the person where

they gain your trust. And that's when they lower the boom. And that's when the con begins

where they have you download an app. That app looks good. Like, oh my gosh, I put in a hundred

dollars to this investment and it doubled in a day because they're setting you up for the big

payout. And this is happening a lot on text messages. So be, if I see a text message and I

have no idea of the number and, and, and the message doesn't make sense, or they're asking

for something, but I delete it reported as junk block it. So I'll never get that text again.

But of course they're randomly changing, you know, where, where they're sending them from

constantly. So I get, I get spam phone calls a

day, like three or four every single day. It's just horrible, horrible. Do not call if a number

pops up and this happens a bunch where we get the call. My computer's talking to me. It's telling me

I'm infected and I got to dial the 800 number. Don't do it. Very simple. If somebody, something

anybody asks you to do something, don't do it. Just don't do it. Well, we get that. And usually

a simple reboot takes care of that, but we'll also jump in and clean if there's anything,

any remnants is left around, but that's a big scam that still happens where it takes over the browser

and, you know, make sure that you dial in that 800 number. And we've dealt with clients that

called it and clients that, you know, then called us.

We're afraid of it. And I've always recommend when in doubt, call us that, you know, call us,

you know, my son or myself, uh, MHS consulting. I would rather get the phone call or get the

email and reply. I get a lot of emails. Mike, is this legit? I would rather get that than have

them respond or click on the links. And 99% of the time,

I'm telling them to ignore it. And it's funny, the times that they are correct and they question

is when their Microsoft office renewal is being announced. And I know they have Microsoft

office 365, uh, family or personal, and it's letting them know about the renewal.

Those are usually legit. And, uh, when I vet that and see that,

so I let them know.

Yes, this is good, but most of them are Norton security renewal of, uh, the haven't seen McAfee

as much and then geek squad renewals and so forth. There's so many, so many scams. It's,

it's just so bad. So we, we help, uh, type the exact website address, the exact URL,

this is a difficult one because browsers or notoriously set to search and not go to the site.

And this is because when you Google, uh, a company's phone number, like you will Packer,

depending on what's going on with the ad purchases and the search at that moment, those top three

might be bad actors sitting there.

You're going to have to look at that phone number that paid money for the ad and it's not HP or it's not Dell, you got to go to hp.com.

So we have to teach clients, go to the top, actually type the website you're going to, and then navigate that website and get the, and get the phone number from the website.

The final item.

In the 15 tips is freeze your credit.

And I've talked about this in the past, but the best thing that I have is a link that I'm going to put in the show notes on what is a credit freeze and how do you place one?

And it's even got all of the phone numbers for Equifax, Experion and TransUnion.

They're the three main credit.

Uh, companies that you were, uh, if someone's checking your credit, these are the places that they will, uh, try to check your credit.

And this is where identity theft, you've stopped it.

If you freeze all your social security numbers on all of these credit services, you now are safe from someone.

If you're trying to open up any kind of credit in your name, using your social security number, it's frozen, it's blocked.

So now you're, so if you've never heard of this, you're thinking, well, geez, I want to go buy a car.

Well, you can temporarily thaw at those agencies.

What you could do is say, you know, you'll have a pin, you'll have something.

You can call them, you can go online.

And this is this website that I'm going to send you to is, uh, in the show notes is, is pretty good.

And it's by nerd wallet and they do a very good job.

And I am now putting that in the show notes, um, in the, in the chat right now for anybody that's listening live here.

Um, take a look at that.

It's really good.

And maybe if it's, even if it's not you, because you've already done it.

So great.

Website to share with other people.

Now I've taken a pieces of all of this and I'm going to have a separate handout for employees that want to learn how to freeze their credit and freeze the credit, freeze the social security number of your children.

So they can't be taken advantage of.

And you know what?

There's a section in here that explains that.

So that is the fifth.

The 15.

Tips that I will have as a PDF for you to download, share it, take, you know, I think it's, it's, it's well worth it.

So I want to get to some, let's get to some emails here.

Cause, uh, some of them, uh, are part of this.

Uh, let's see.

Uh, here we go.

Uh, this is from Papua and tech.

I.

Hi, Mike.

For the security flyer, you may be able to pull some inspiration from decent security.com.

It's a fantastic resource from swift on security for basic security.

Al bite probably needs a bit of updating.

You know, I'm linking that and it's a little deeper into the website because there are sites here.

Uh, when you look at decent security,

where you can evaluate a phishing check or virus, total checks against multiple blacklists of there's some nice little checks here, and then there's places where you can report the phishing scam.

So I like that.

Thank you.

And he continues.

He set supposedly supports the arm processor and I would take a look at that.

I am going to look at that because that's important.

For the, the snap dragging client that I discussed last week for the printer on arm devices, some of the provided generic drivers may work, check the windows optional update section and see if it covers what you need.

There are mixed reports on Reddit about it.

It is absolutely worth a try.

And thank you very, very much.

Uh, really appreciate it.

This one's from Mark Mike.

I just listened to last week's podcast and want it to tell you how much I enjoy listening to your in the trenches experiences with different jobs that you work on last week.

I also set up my first Microsoft surface pro with the snap dragon processor and experienced many of the challenges that you did.

I was able to get.

My clients old cannon wireless printer working by choosing add a printer or scanner in, in windows settings, windows update, eventually pulled down the drivers and I was able to print and scan using the windows scan app found in the Microsoft store.

However, that app doesn't offer the ability to scan to PDF format.

Hmm.

But.

I will say Adobe Acrobat.

Did work the full version.

Adobe Acrobat DC pro did work for my client.

This next link that he can mark continues.

I love this is great.

My client uses classic outlook and I, I do not recommend the new outlook.

That is off limits.

It doesn't work.

With any hosted exchange.

And I know I vented about that a while ago.

Well, he continues, which was not installed by default.

I had to sign into her Microsoft account and download the office setup file.

Even after setup finish, it took a few minutes for classic outlook to show up on the start menu so that I can open the app.

Here's a reference.

This is where you can download.

The classic outlook, three 65.

Love it.

So a link that will be in the show notes.

We have one more email that could be the most disturbing for us for support.

And we're going to have to wait and see just how bad this is.

And this comes from Kate and it's a link on Google.

On September 30th of this month, they are going to block and stop if you're a Google workforce email account, a Gmail account, they are going to block Apple mail and outlook 2016.

How can that be?

How can they do that?

They're blocking third party apps from being used.

You got to be kidding me.

And I'm copying this link into the chat and it's going to be in the show notes and what they want you to only go to the website.

This is wrong.

This, this has to stop.

And it's just, uh, I, I, I still can't believe it.

Here's the editor's note.

I recommend clicking through this article for more complete descriptions of what.

What are apps they'll block, but the two main ones are apple mail and outlook 2016.

If you're using apple mail to access your Gmail account, you should ensure you are signing in with Google instead of just your username and password outlook.

Users should update to outlook for Mac or PC in office 365.

There are other apps.

There are apps affected too, but these will be the main ones for most people.

We have a lot of people still using office 2010 and if they're using outlook in it and we try to get them, Hey, I'd rather you go to the web for your email, then use outlook 2010 and this'll, this'll probably force that.

Uh, I, it's a great warning.

Be ready.

I already have a list of some people that I know will automatically be impacted, and I'm going to start having conversations with them next week to get ready for this.

And then the options just want to make you aware of this.

I'm shocked.

And Kate, thank you so much for sending that to me.

How is this not getting more news?

Or am I just too busy that I just haven't noticed that this is being talked about?

and written about. I have not seen that anywhere. So weigh in on that. If you've seen this and you've

got different articles than the one I'm linking, hey, hit me up with that and send it to

miketechshow at gmail.com because, man, I live in this world with Outlook and I have many, many

clients. And then I have a lot of clients that like to just go onto the web and then, of course,

Apple Mail and older, older Macs with Apple Mail and your iPhone. This could be an alarming

support nightmare headed our way. No matter what I was doing tonight, no matter what my topic was

tonight, after reading that article that Kate sent me, I was like, I have to wrap up with that.

To make sure everybody understands what's coming here from Google. Thank you, Google, for

calling Apple Mail and Microsoft Outlook an untrusted third-party app. You know, just thank

you. All right. I hope you enjoyed the show. There's lots of, I think lots of great content

here and lots of great downloads.

That you can find at miketechshow.com. Look for show 920. And in there, there will be links to

everything that I talked about. The website, the security tips as a PDF, great stuff. Stuff that I

hope you can make use of for yourself or for your clients or for family. You know, we gotta, this is

how it begins. The grassroots of trying to get to the bottom of things.

The security and getting everybody to think. Multi-factor authentication. And you gotta really

sell it and ram it down everybody. This is how we protect ourselves. I will get on my soapbox as

much as I can to preach this. That is it. Oh, Discord. Thank you. Thank you, Taz. Discord,

we, boy, this is going to be a, I will get in there and mix it up

with, and I keep saying this and I don't do it. That's because I have some system problems here

and I've been incredibly busy. I have a stack of so many stories from the trenches that I can

discuss that I haven't even gotten to yet that are, uh, that I can't wait to talk about. So

materials easy, uh, for, for the show. Uh, but Discord, this is the forums where you can chat

amongst yourselves and, uh, for,

for all kinds of tips and, and, and comments about the show. It's, it's everything Mike Tech

show related and it's free. And I have the Discord invite link in the show notes of every show. So

you can click on that and sign up for free and then introduce yourself because you don't get

access to all of the forums until you, we know you're not a robot, that you're a human being.

You say, Hey, I,

I just found the Mike Tech show. I've been listening or boy, I've been listening for the

last 20 years. Just type a sentence that proves you're a human being. That's all we want. That's

it. Don't forget if you visit the Mike Tech show and you like what you're hearing and you want this

to continue, there's a donation button. Click on that, donate whatever you can. Anything will help

because it adds up. And as you know, I have no sponsors for the show.

So I would greatly appreciate, uh, any help you can in supporting the show. Uh, don't forget

the videos for every show are hosted on YouTube and that's the channel is Michael Smith MTS.

That's because someone hijacked the Mike Tech show years ago on YouTube.

So I had to use Michael Smith MTS when it came time for the unique name.

So that's when, you know, I had no idea and even thinking of using YouTube. So that's it.

Talk to you next week. Same time, same channel. Bye-bye.