MTS-2024-09-05 #920
Tech Podcast Network
Mike Tech Show Podcast
MTS-2024-09-05 #920
Welcome, everyone. It's the Mike Tech Show, show number 920. Tonight's show, the majority,
the topic is security. I'm going to go over security tips that I put together for cyber
security awareness and training that I will be presenting and scheduled to present for
clients, my biggest client. It's going to be four separate sessions to cover the whole
company. What motivated it for tonight is what happened this past week. I'm going to
talk about Venmo issues. Then I have three really, really good emails. Let's start with
the Venmo. Our client called and talked to my son. He has a small business that he runs.
Out of his house. He uses Comcast email, and he said he was hacked. He was hacked on three levels.
He was hacked. His Comcast email was compromised. This is now the third client within a couple
weeks that their Comcast email has been compromised. We were able to get control of that,
but what we could not get control of was Facebook. Let me mention something about Facebook. He is the
person that we've ran into that has lost their Facebook account. And I'm going to tell you why
when your Facebook account is hacked and you don't have two factor authentication,
which to me right now is the most important lesson. If anything that you take away from this
show, every social media site, every email,
email service that you use, everything that you use, especially it goes without saying any
banking or financial, you have to have to put and turn on multi-factor authentication.
And it's, that means you have to have a smartphone with a cell phone number and you'll get a text
message and a code. And then you, if after you log in with a complex password, they will send
you a code. And then you have to log in with a complex password. And then you have to log in
with a code and you can get in because here's what the bad guys are doing. They get into your
Facebook account and Venmo and cash app. And because you don't have two factor authentication
turned on, they turn it on for you. Only they have it go back to their phone. So you don't
have access to it. Then they, they change the password. They, they verify now with their,
with, with the cell phone and they change the email account that's associated with it.
So the Facebook, my client went through everything, all the processes, and it's a
disgrace what Facebook does. But what I tell you about Venmo is it's way, way worse.
So with Facebook, they have totally lost access to it to the point where Facebook does shut it
down. And then they turn it on for you. And then they turn it on for you. And then they turn it on
for you. And then they turn it on for you. And then they turn it on for you. And then they turn it
on for you. And then they turn it on for you. And then they turn it on for you. But you can never
get that account back. And one of them, well, not, no, all three, they're selling services and
equipment and different things under your name and they're doing it. And you can't do anything
about it. You try to reset the password. You can't because the email's going to the wrong place
or that the code is being sent to the wrong. You fill out all the forms that they tell you to fill
out and it does.
Nothing, nothing. Now, at least they shut it down and they have done that for the three people
that I know they have shut down those Facebooks and then they can create it with a different email
account, a different, you know, use a variation of their name. And this is bad, but the real
horror story here is Venmo and the client, he was locked out of his Venmo and I'm going to have
links to the first one. How do I recover my Venmo account and reset the password? Were you supposed
to say, forget password? Well, guess what? It's going to the wrong email. It's going to the wrong
phone number. So how do you do it? How do you reset it? So the first thing they always tell
you to do is reset the password. Yes, I agree with that. You got to reset your password,
but what if you can't because you are locked out? Then if you didn't receive the code,
they tell you to check.
Junk and spam. And then the code moves to another phone number. If the number associated
with Venmo is someone else's number, we will receive the code, but we'll not be able to access
your account. You can update the number before requesting the code, and then only you can reset
the Venmo password. Well, the bad guy already did that. So the lesson is you need a secondary email,
which is a secondary email.
Which is the recovery email for the account. So if you set it up with abc at gmail.com,
you better get another Gmail account. That's a backup Gmail account that you'll check and that
you have access to and set multi-factor authentication for those email accounts. And then
start hitting all your social media. Make sure the backup email is the recovery email for that
secondary email.
Email that they ask, make sure that you have your cell phone number in there for multi-factor
authentication. And you've just protected yourself from being compromised. Here's where the shame
on Venmo is that even all of the things that you try to do, and you try to email on my son,
work with him for a couple of days, just trying to get into the Venmo account. Oh, by the way,
my client did eventually get into the Venmo.
After four days. And guess what? It was emptied and he had $20,000 in his Venmo account. Now
everybody's thinking, why would you keep that much money in Venmo? I know when I get paid Venmo,
I have it immediately transferred to the bank. That's linked. I don't know. And we didn't go
down there, but here's what happened.
And this happened before he realized he couldn't get in. There were consecutive $200 transfers,
hundreds of them going to different banks and rotating the banks that they, that they're going
to. And now it's all, it was all gone. And of course, Venmo's, you know, not responding to
anything for that.
I want to know how that couldn't be flagged, that there's no process in place for Venmo
to flag suspicious activity. And the extreme opposite. I was trying to use Cash App over the
weekend and I don't use it. I use it once a year to buy a service that I have to use Cash App for.
And I'm trying to renew the service using Cash App. I'm trying to send money to Cash App and
guess what? They won't, it wouldn't go through. It wouldn't accept the money for the bank accounts
that I verified and I have attached to Cash App. And when I contacted support via a chat with the
help, they told me, well, it's because there's been no activity for a while. So we don't trust
any transaction you're trying to do. That doesn't, that doesn't make any sense. So be careful. PayPal,
A,
don't leave big amounts in there or don't, here's the way to look at it. I can afford to lose
everything in that account. And if your answer is no, well, get it out of there. Leave the bare
minimum that you need to have. Activate, make sure you have an alternate email and then make sure
you activate two-factor authentication. So I have that link.
And then another link, Venmo Frozen account. And when you see the minimal information that they
give you, you have no way of contacting anybody. You're on your own. And that's why the bad guys
will win constantly until these services take hacking seriously. They're not. Facebook does
not care about security. Cash App,
why are you in business? That's what I ask. If you're going to, you know, that's, that's where
they went to the extreme. Okay. So how do you use the app then? And Venmo does not care about
security. And I'm sure there are a lot of other services. So what about Instagram? What about
all the Pinterest? I don't know. You know, there's so many social media services. You got to make
sure that you've done your due diligence. And if you don't, then you're not going to be able to
do it. And you've heard this too bad. You can't be lazy on this. This is something you got to get
on the ball, which leads me to the, the, the, the guts of tonight's show, which is 15 tips,
cybersecurity and safety tips. I have the PDF ready to upload. It will be available after the
show.
I will go into my file manager and go daddy, and I will add the PDF and it will be part of the show
notes. So let's begin. And a lot of these are obvious and they're easy, but I'm going to go
through some of them quickly. And then let's see where we're at. The first one, be alert,
use common sense and think twice before clicking links, opening attachments,
visiting websites or responding.
To emails or phone calls. Many cyber attacks can be prevented. If you take a moment to consider
your actions and potential consequences, a lot of people don't think, and they react. And we've run
into a lot of new clients that they're recommended to us to help them because their system's been
compromised. And it's because they've responded to something that they shouldn't have. And you,
you don't trust them. You don't trust them. You don't trust them. You don't trust them. You don't
trust them. You don't trust them. You don't trust them. You don't trust them. You don't trust them.
You, you gotta, you have to mistrust everybody. You can't trust anybody, anything, anything you
hear, anything you read, anything you see, you have to have an eye of distrust that let's,
let's vet it a little bit. Take a look. Don't click on that link. If somebody is sending you
an email that you know, and they're requesting you to connect, to get in touch with them, to get in
to a document or something where you expecting them to send it. If you weren't, don't do it. And
if you know the person, call them, call them on the phone and ask, Hey, did you send this simple
logic? No, how to identify phishing attempts. This is number two, be wary of emails or calls
that require immediate action or ask for personal information. Yes. Don't answer those questionnaires
on Facebook where,
they're asking you all kinds of personal information that you're filling out in the
guise of something else. They could be the security questions. They could be the answers
to security questions. People don't realize it and they'll go through and they'll, they'll answer
them. Use two factor authentication. I think I've said my piece on two factor authentication and why
create strong,
passwords. My minimum is eight characters. And I'll tell you a lot of services. Now
want more proof point for an admin. You got to have 12 characters. So eight characters,
an uppercase, a lowercase, a number, and a symbol. I always add, I want two symbols
and you cannot spell a real word that can be found in a dictionary.
Or a name. Don't use anything of the birth dates of yourself or your children or your grandchildren.
This is the biggest problem that I run into where email has been compromised. And actually there's
a, another thing, which we're querying our client who lost the money on Venmo. He thinks he filled
out information to something that was false.
And that's where it all began. So we get to the root and Tim and the chat just mentioned something,
which I have here as a, um, uh,
to, to look at, which is use a password manager. I suggest robo form. That's what I use. There's a lot of them out
there. Use a password manager and the password and a password manager that works cross platform your phone.
your Windows system, your Mac. I live in all those worlds, so RoboForm works on all of them.
Security question answers, and I've always said this, when you reply to a specific security
question, spell your answer backwards or add a PIN number to the front and the back
of every answer. So this way, nobody can guess your security question answers.
Very simple. And when you're thinking about it, you're like, wow, that's a great idea.
And that's why I have that down here. Lock your devices. Never leave your devices unattended.
And if you do, make sure you have password protected, your phone, your tablet, and log
off your devices. And a great tip, if you're a Windows system and you're in an office or
at home, you don't even want your kids to accidentally work on the most secure thing
we teach everybody in any office that we've run into, you have that Windows key, the one
with the little four windows on it that no one ever knows what to do with it. Well, guess
what? Holding Windows and pressing L, that Windows key L will lock your screen. So now
you've got to enter the password that you've set up for your system. Keep your apps and
software up to date. Very important. Always apply your Windows updates. Apple always
has those emergency updates. I hate them, but you got to do it. You got to update your
apps. All of your, you know, whether it's Microsoft Office, when Firefox or Chrome says
there's, you know, a new one ready to go, do it. Maybe finish up the task that you're
working on, but make sure you apply the update because there's always going to be a new one.
The whole somewheres limit activities on public wifi. I always recommend if you're in a public
place or in a hotel, you're in a Starbucks and you've got to get on the internet, tether
your phone as a hotspot. And if you can't do that, wait until you're on a private secured
network, a network you trust, and even networks you trust, do not do any banking, do not do
anything involving financial information. A VPN like newer VPN and some of the other ones out
there. Yes, that works. Costs money, slows you down a little bit. But if you are constantly put
in a situation where you're on public wifi is a lot because you're doing a lot of traveling,
then look into a software VPN, back up your computer, back up, back up, back up. That's
our mantra.
All the time. Make sure you have an external backup to a drive. If you're really concerned
and you should be for a disaster recovery situation, back up online. There's lots of
services out there. And if you want recommendations and help email me, Mike tech show at gmail.com
and I will help you out. Protect your personal information. This is number 10. Do not store
personal, personal, personal information.
Identifiable information, such as a social security number, credit card numbers on your
computer, unless it's in an encrypted file. Never, never. We don't take, we don't write down
or take a credit cards. We take the credit cards, but I enter them right into the square app over
the phone and that's not saved. I don't have access to that. So just be careful of personal
information.
Don't leave them on your computer screen, all phone calls. This is a conversation we
have with an older, older clients that are constantly scammed over a phone. This is where
it's Mike. They identify themselves as Microsoft or Apple or even the IRS. They will not call
you. They will not call you.
And, and it's really a shame.
Because, and I, I think I've said this before. There is a segment of the population and we
have clients that fall into this category, you know, older, older clients that are residential.
They find it inconceivable that another human being would want to take advantage of them.
Why would another human want to do that? That's tough. It's tough to get through to those
individuals.
That, and it's sad because some of them have been compromised more than once because they
are conned by the social engineering aspects. And this is how you have to deliver this information.
If you're in front of a group of people and you're going over this list, you got to look
at your audience and adjust accordingly. So when I'm giving this at an office, I'm going
to slant it to the office a little bit, but still go over it.
If you're at a meeting, you don't have to, you don't have to, you don't have to go over
everything screen all calls. We actually recommend to people to not answer their phone
at all. If you have a landline, don't answer it, let it go to voicemail and screen the
call and only call back people that you know.
Do this is a big one. And you know, I've done a show on this. A little while ago.
Do not reply to unknown text messages. There's horrible scams that they will text you. The
and lure you into, you, you have sort of a texting relationship with the person where
they gain your trust. And that's when they lower the boom. And that's when the con begins
where they have you download an app. That app looks good. Like, oh my gosh, I put in a hundred
dollars to this investment and it doubled in a day because they're setting you up for the big
payout. And this is happening a lot on text messages. So be, if I see a text message and I
have no idea of the number and, and, and the message doesn't make sense, or they're asking
for something, but I delete it reported as junk block it. So I'll never get that text again.
But of course they're randomly changing, you know, where, where they're sending them from
constantly. So I get, I get spam phone calls a
day, like three or four every single day. It's just horrible, horrible. Do not call if a number
pops up and this happens a bunch where we get the call. My computer's talking to me. It's telling me
I'm infected and I got to dial the 800 number. Don't do it. Very simple. If somebody, something
anybody asks you to do something, don't do it. Just don't do it. Well, we get that. And usually
a simple reboot takes care of that, but we'll also jump in and clean if there's anything,
any remnants is left around, but that's a big scam that still happens where it takes over the browser
and, you know, make sure that you dial in that 800 number. And we've dealt with clients that
called it and clients that, you know, then called us.
We're afraid of it. And I've always recommend when in doubt, call us that, you know, call us,
you know, my son or myself, uh, MHS consulting. I would rather get the phone call or get the
email and reply. I get a lot of emails. Mike, is this legit? I would rather get that than have
them respond or click on the links. And 99% of the time,
I'm telling them to ignore it. And it's funny, the times that they are correct and they question
is when their Microsoft office renewal is being announced. And I know they have Microsoft
office 365, uh, family or personal, and it's letting them know about the renewal.
Those are usually legit. And, uh, when I vet that and see that,
so I let them know.
Yes, this is good, but most of them are Norton security renewal of, uh, the haven't seen McAfee
as much and then geek squad renewals and so forth. There's so many, so many scams. It's,
it's just so bad. So we, we help, uh, type the exact website address, the exact URL,
this is a difficult one because browsers or notoriously set to search and not go to the site.
And this is because when you Google, uh, a company's phone number, like you will Packer,
depending on what's going on with the ad purchases and the search at that moment, those top three
might be bad actors sitting there.
You're going to have to look at that phone number that paid money for the ad and it's not HP or it's not Dell, you got to go to hp.com.
So we have to teach clients, go to the top, actually type the website you're going to, and then navigate that website and get the, and get the phone number from the website.
The final item.
In the 15 tips is freeze your credit.
And I've talked about this in the past, but the best thing that I have is a link that I'm going to put in the show notes on what is a credit freeze and how do you place one?
And it's even got all of the phone numbers for Equifax, Experion and TransUnion.
They're the three main credit.
Uh, companies that you were, uh, if someone's checking your credit, these are the places that they will, uh, try to check your credit.
And this is where identity theft, you've stopped it.
If you freeze all your social security numbers on all of these credit services, you now are safe from someone.
If you're trying to open up any kind of credit in your name, using your social security number, it's frozen, it's blocked.
So now you're, so if you've never heard of this, you're thinking, well, geez, I want to go buy a car.
Well, you can temporarily thaw at those agencies.
What you could do is say, you know, you'll have a pin, you'll have something.
You can call them, you can go online.
And this is this website that I'm going to send you to is, uh, in the show notes is, is pretty good.
And it's by nerd wallet and they do a very good job.
And I am now putting that in the show notes, um, in the, in the chat right now for anybody that's listening live here.
Um, take a look at that.
It's really good.
And maybe if it's, even if it's not you, because you've already done it.
So great.
Website to share with other people.
Now I've taken a pieces of all of this and I'm going to have a separate handout for employees that want to learn how to freeze their credit and freeze the credit, freeze the social security number of your children.
So they can't be taken advantage of.
And you know what?
There's a section in here that explains that.
So that is the fifth.
The 15.
Tips that I will have as a PDF for you to download, share it, take, you know, I think it's, it's, it's well worth it.
So I want to get to some, let's get to some emails here.
Cause, uh, some of them, uh, are part of this.
Uh, let's see.
Uh, here we go.
Uh, this is from Papua and tech.
I.
Hi, Mike.
For the security flyer, you may be able to pull some inspiration from decent security.com.
It's a fantastic resource from swift on security for basic security.
Al bite probably needs a bit of updating.
You know, I'm linking that and it's a little deeper into the website because there are sites here.
Uh, when you look at decent security,
where you can evaluate a phishing check or virus, total checks against multiple blacklists of there's some nice little checks here, and then there's places where you can report the phishing scam.
So I like that.
Thank you.
And he continues.
He set supposedly supports the arm processor and I would take a look at that.
I am going to look at that because that's important.
For the, the snap dragging client that I discussed last week for the printer on arm devices, some of the provided generic drivers may work, check the windows optional update section and see if it covers what you need.
There are mixed reports on Reddit about it.
It is absolutely worth a try.
And thank you very, very much.
Uh, really appreciate it.
This one's from Mark Mike.
I just listened to last week's podcast and want it to tell you how much I enjoy listening to your in the trenches experiences with different jobs that you work on last week.
I also set up my first Microsoft surface pro with the snap dragon processor and experienced many of the challenges that you did.
I was able to get.
My clients old cannon wireless printer working by choosing add a printer or scanner in, in windows settings, windows update, eventually pulled down the drivers and I was able to print and scan using the windows scan app found in the Microsoft store.
However, that app doesn't offer the ability to scan to PDF format.
Hmm.
But.
I will say Adobe Acrobat.
Did work the full version.
Adobe Acrobat DC pro did work for my client.
This next link that he can mark continues.
I love this is great.
My client uses classic outlook and I, I do not recommend the new outlook.
That is off limits.
It doesn't work.
With any hosted exchange.
And I know I vented about that a while ago.
Well, he continues, which was not installed by default.
I had to sign into her Microsoft account and download the office setup file.
Even after setup finish, it took a few minutes for classic outlook to show up on the start menu so that I can open the app.
Here's a reference.
This is where you can download.
The classic outlook, three 65.
Love it.
So a link that will be in the show notes.
We have one more email that could be the most disturbing for us for support.
And we're going to have to wait and see just how bad this is.
And this comes from Kate and it's a link on Google.
On September 30th of this month, they are going to block and stop if you're a Google workforce email account, a Gmail account, they are going to block Apple mail and outlook 2016.
How can that be?
How can they do that?
They're blocking third party apps from being used.
You got to be kidding me.
And I'm copying this link into the chat and it's going to be in the show notes and what they want you to only go to the website.
This is wrong.
This, this has to stop.
And it's just, uh, I, I, I still can't believe it.
Here's the editor's note.
I recommend clicking through this article for more complete descriptions of what.
What are apps they'll block, but the two main ones are apple mail and outlook 2016.
If you're using apple mail to access your Gmail account, you should ensure you are signing in with Google instead of just your username and password outlook.
Users should update to outlook for Mac or PC in office 365.
There are other apps.
There are apps affected too, but these will be the main ones for most people.
We have a lot of people still using office 2010 and if they're using outlook in it and we try to get them, Hey, I'd rather you go to the web for your email, then use outlook 2010 and this'll, this'll probably force that.
Uh, I, it's a great warning.
Be ready.
I already have a list of some people that I know will automatically be impacted, and I'm going to start having conversations with them next week to get ready for this.
And then the options just want to make you aware of this.
I'm shocked.
And Kate, thank you so much for sending that to me.
How is this not getting more news?
Or am I just too busy that I just haven't noticed that this is being talked about?
and written about. I have not seen that anywhere. So weigh in on that. If you've seen this and you've
got different articles than the one I'm linking, hey, hit me up with that and send it to
miketechshow at gmail.com because, man, I live in this world with Outlook and I have many, many
clients. And then I have a lot of clients that like to just go onto the web and then, of course,
Apple Mail and older, older Macs with Apple Mail and your iPhone. This could be an alarming
support nightmare headed our way. No matter what I was doing tonight, no matter what my topic was
tonight, after reading that article that Kate sent me, I was like, I have to wrap up with that.
To make sure everybody understands what's coming here from Google. Thank you, Google, for
calling Apple Mail and Microsoft Outlook an untrusted third-party app. You know, just thank
you. All right. I hope you enjoyed the show. There's lots of, I think lots of great content
here and lots of great downloads.
That you can find at miketechshow.com. Look for show 920. And in there, there will be links to
everything that I talked about. The website, the security tips as a PDF, great stuff. Stuff that I
hope you can make use of for yourself or for your clients or for family. You know, we gotta, this is
how it begins. The grassroots of trying to get to the bottom of things.
The security and getting everybody to think. Multi-factor authentication. And you gotta really
sell it and ram it down everybody. This is how we protect ourselves. I will get on my soapbox as
much as I can to preach this. That is it. Oh, Discord. Thank you. Thank you, Taz. Discord,
we, boy, this is going to be a, I will get in there and mix it up
with, and I keep saying this and I don't do it. That's because I have some system problems here
and I've been incredibly busy. I have a stack of so many stories from the trenches that I can
discuss that I haven't even gotten to yet that are, uh, that I can't wait to talk about. So
materials easy, uh, for, for the show. Uh, but Discord, this is the forums where you can chat
amongst yourselves and, uh, for,
for all kinds of tips and, and, and comments about the show. It's, it's everything Mike Tech
show related and it's free. And I have the Discord invite link in the show notes of every show. So
you can click on that and sign up for free and then introduce yourself because you don't get
access to all of the forums until you, we know you're not a robot, that you're a human being.
You say, Hey, I,
I just found the Mike Tech show. I've been listening or boy, I've been listening for the
last 20 years. Just type a sentence that proves you're a human being. That's all we want. That's
it. Don't forget if you visit the Mike Tech show and you like what you're hearing and you want this
to continue, there's a donation button. Click on that, donate whatever you can. Anything will help
because it adds up. And as you know, I have no sponsors for the show.
So I would greatly appreciate, uh, any help you can in supporting the show. Uh, don't forget
the videos for every show are hosted on YouTube and that's the channel is Michael Smith MTS.
That's because someone hijacked the Mike Tech show years ago on YouTube.
So I had to use Michael Smith MTS when it came time for the unique name.
So that's when, you know, I had no idea and even thinking of using YouTube. So that's it.
Talk to you next week. Same time, same channel. Bye-bye.
Continue listening and achieve fluency faster with podcasts and the latest language learning research.