Friday, September 12, 2014

It Is Past Time to Lock Up Facebook

A couple of issues here.  One is the security of Facebook as a web site.  I recently saw some fishing messages to someone.  There was more than one.  Each message was from a different person she knew was on Facebook.  In other words, someone was fishing Facebook for situations where the Facebook user did not have their friends list and their personal information locked down.  They would use that information to spam those on the friends list.

The security issue is that the Facebook users allowed access to their friends list by people not on their friends list.

So, I have two programs/applications to recommend to every Facebook user to evaluate the security of their Facebook information.

One is PrivacyFix.  This is a plugin to Chrome or Firefox browsers that evaluates several web application environments for security problems; among these is Facebook.  You can get the plugin for Chrome while inside the browser at https://chrome.google.com/webstore/detail/avg-privacyfix/pmejhjjecaldkllonlokhkglbdbkdcni?hl=en.  Firefox would be similar; click on the AddOns under Settings.

In the picture below, the orange person outline is the PrivacyFix icon.  Click on it and the dropdown in the picture displays.   You can see a general evaluation of your internet privacy within that browser.

For much more information, click on the "Dashboard" link in the upper right corner of the dropdown.  You will get a large web page.  Scroll down to find the Facebook app.  Note that it gives evaluation information and links to "Fix" any issue.  



The second application is actually associated with Facebook.  It is ZoneAlarm SocialGuard Privacy Scan.  You can run it at:  https://apps.facebook.com/sgprivacy/.   The GUI interface Zonealarm's SocialGuardPrivacyScan is a Facebook app.  If you launch it, the following evaluation is displayed.


To fix issues, click on the green background "Score higher and gain more privacy."  The following dialog appears.  Note that there are many links that will send you to places in Facebook to fix security issues.  There is corresponding help on what the various settings do.


I urge everyone who has a Facebook account to secure the account.  Only let friends see anything.

The second issue is that Facebook is trying to persuade/pushing everyone toward a new phone app for its messaging, called Messenger.  There is a lot of concern that Messenger will be used to extract information about everything you do.  See the discussion here:  http://www.kxly.com/news/spokane-news/working-4-you-will-facebooks-messenger-app-invade-my-privacy/27388462.  Follow the links in that article for more information.

Please send a link to this blog entry to everyone on your Facebook friends list.  If you don't use Facebook but you know friends who do, and they have your email address, send the link to this page to them.  The link to this blog page is: http://leetlinktips.blogspot.com/2014/09/it-is-past-time-to-lock-up-facebook.html .  Swipe this with your mouse, Ctrl C the marked area, and paste it into an email to send to folks, or , if you have a facebook account, insert this link into a Facebook message and add it to your Facebook page.




Tuesday, September 2, 2014

Fix-My-Computer Dude and Other Cold Call Scams

I got the following today from an acquaintance:

Today we got a call from "Fixmycomputerdude.com":  They tried to gain our trust on the phone call by saying that they were from microsoft...and monitoring computers generally, and had identified "terrible" issues with here computer.  They instructed us to push the "windows" key with "r" and in the box that appears they gave a cmd address to type in - and then he read back the IP address to us - and explained we should keep it private.  He gave  another instruction to type in the windowsR run box....www.showmycomputer.com .  Options on this screen showed some digits that he asked to read to him. He then apparently gained control of the computer...and began to flash up screens that showed huge lists of errors and invasions.  He then guided us through a check to see if the computer was properly connected to a server so they could "fix" all these problems free of charge.  That (of course) turned out not to be the case, but for only $149.95 RIGHT NOW - so your computer does not crash! - by credit card, we will fix all that.... + you get a contract for "FREE" help for the next 12 months (with only a nominal $12.00 monthly charge).  "We will take care of your computer free for the year - and at the end, your computer will be working perfectly and you can terminate the contract."  Ever heard of anything like this? They then called back... and threatened us with the fact that our computer was not connected to the "microsoft computer", and was not being updated.  Because of all the errors.... our computer may soon crash.  Can this be right??

This is a scam, and an old one.  There is a long forum post on this scam on the Microsoft Forums website:  https://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/fix-my-computer-dude-company-just-called-me-and/c74ae56d-8156-e011-8dfc-68b599b31bf5.  That post is about 3 years old.

I have had perhaps a dozen calls on this from our community.  This is being done by under more than one company name.   Some have paid for the service and for the contract.  This is a kind of scam that is marginally legal.  All the proofs and discussions of Microsoft are lies.  The cleaning may provide some benefit, but, overall, is a fraud.  The support is a fraud.

Worst of all, by gaining access to your computer, you have to assume your computer and all the information on it has been compromised.  They might have uploaded "in the background" personal files, passwords you thought were hidden, and any financial information on your computer, all while you are watching the slight-of-hand in the foreground.


  • Rather than repeating "what to do" here, I direct you to the following: https://blog.malwarebytes.org/tech-support-scams/.  This summarizes the scam, what to do if they get on your computer, etc.  
  • It does not mention another useful program to run besides Malwarebytes.  This program is AdwCleaner. 
  • After cleaning, I also recommend "restoring" your computer to a time before the person first gained access to your computer. (http://windows.microsoft.com/en-us/windows/what-is-system-restore#1TC=windows-7)
  • Apple computers... I haven't heard of Apple scams.  Anyone have this happen?
  • If you have signed up for the year's "Service," do not allow access to your computer again.  The company might not do anything the first time that would raise suspicion, but at some point ... 
  • The article does not cover the issues of identity theft.  Given the exponential growth of this piece of the industry, you have to assume that they have "farmed" your computer.   The US Gov. web page on identity theft covers what your response should be:  http://www.consumer.ftc.gov/features/feature-0014-identity-theft   
  • The phone numbers you might see on caller-id are usually fake:  burner cell phones.  They may even be from the US, but that doesn't mean the person is  in the US, or that someone in the US is more trustworthy.


If you need help, give me a call.

Printfriendly

Print Friendly and PDF