Gift Card Balance Scams (And Other Ways To Ruin A Gift)

Gift Card Balance Scams (And Other Ways To Ruin A Gift)

Gift cards are a popular item any time during the year, but they’re especially so during the holiday season. Gift cards to Starbucks, Walmart, Olive Garden, and a host of other stores and restaurants make great stocking stuffers and help ease the anxiety for shopping for picky people on our shopping lists.

The only downside to gift cards (assuming you’re not one of those folks who think, as a present to someone, they’re too impersonal) is that the cards themselves are vulnerable to hacking or tampering that can result in a gift card with a zero balance. Cue the sad trombone.

  • Peek-A-Boo, I see you!

    The activation code on the back of a gift card can be seen by anyone in-store unless the card creator takes the time to create a concealed portion of the card. Often times this will result in a small area you have to scratch off with a key or a quarter to see the “secret key code”. If you’re buying a card for someone, check out the back of the card and make sure it has a secret code to help make it harder for thieves to steal the gift cards credit balance.

  • Can I get them digits?

    One inventive way crooks grab valid card numbers is when someone attempts to sell their card. If you ever want to sell a card for cash, don’t let the would-be buyer check the numbers to verify the balance unless you like handing the keys to the gift card kingdom over to them. With those numbers on the back of the card, there’s not much stopping them from using the card even without it physically in their hands.

  • Buy, buy, buy.

    When you purchase a gift card for yourself of someone else, ask the cashier to verify the balance on the card, and then call the help line on the back of the card to double-verify everything’s as it should be. Also keep the receipt in case there’s an issue later on so you can prove you legitimately purchased the card in the first place.

  • Use it or lose it.

    If you receive a gift card as a present, and I’m sure you will, don’t let it sit in your sock drawer for years before you finally remember to use it up. Some gift cards are charged a fee, and taken from the card balance, which will then lessen the amount you can use without the benefit of getting anything fun.

  • One in the hand… or in the email?

    There’s some contention over whether or not buying a gift card digitally is a safe idea or not. Personally I’ve never had an issue, but I know there are people who have. The one nice thing about a digital gift card is that there’s no physical card that someone can swipe the number off of, but then again if someone can tap into the recipients WiFi or email client then the card is as good as gone. It’s a tough call as to which is safer.

Remember this: Gift cards are just like cash. If you drop it, lose it, or give it away (whether on purpose or not), there’s nothing on it to let people know it’s yours. Keep them secret; keep them safe.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Cryptolocker and You

Cryptolocker and You - ransom0

In the world of internet security, new versions and variants of malware appear on a daily basis, although relatively few pieces of new malware actually get notable time in the spotlight. Despite all the discussion of worms and backdoors, much of the time, new works of malware these days are designed simply to facilitate browser redirection or the serving of ads to users. Prior to this, false or “rogue” anti-virus programs saw a moment of popularity. If they happened to make their way onto a machine, these rogue anti-virus programs would claim the machine to be infected and offer to kindly cure this non-existent infection for a modest fee. In the end, these programs focused on making a minor nuisance of themselves in the name of ultimately exploiting the user to generate or increase revenue, or direct web traffic to a particular site.

Every now and then, however, something truly worthy of pause surfaces. The big news in the realm of internet security over the past several weeks has been the appearance of Cryptolocker, a new entry into the category of malware frequently referred to as ransomware. Like many other types of malware, ransomware also aims to generate revenue, but its approach takes a critical diversion from nuisance, opting instead to restrict access to the computer in some way and holding the machine hostage under the demands of a ransom. Until recently, the most successful ransomware usually involved hijacking the desktop, generally under the guise of a law enforcement agency such as the FBI, the machine left in a state where the user is presented with a demand. In these cases, the machine and its contents are left intact, although the user is unable to use the machine until the infection is removed or the ransom paid.

Removal of these particular forms of ransomware were occasionally time consuming, but once fully removed, the machine was left in the same state it was prior to being infected, negating the need to pay the ransom.

Enter Cryptolocker

Cryptolocker takes what seems to many to be the next obvious step, leaving the machine largely accessible to the user but encrypting their documents. Cryptolocker is most often seen distributed via email. Upon installing itself onto the machine, Cryptolocker begins searching through the enumerated drives looking for various documents to encrypt. Meanwhile, it also calls a randomly selected server on the Internet to register itself and acquire an encryption key, which it uses to encrypt the documents it finds on the machine. While Cryptolocker does not take the time to look for other machines that may happen to be on the local network and thus generally won’t discover and encrypt files on network shares, it does parse files on logical drive letters. The implication of this is that any network shares a user has mapped and assigned a drive letter to is at very real risk. During this process, the user can expect to see a significant decrease in performance coupled with continuous drive activity.

Only once Cryptolocker has completed its encryption task does it make itself overtly known, displaying a message describing how to pay the ransom to decrypt the now encrypted and unusable documents. Along with this demand comes a deadline, usually somewhere between 48 and 69 hours.

Cryptolocker and You - Cryptolocker0

During this time, if the user chooses to pay the ransom, Cryptolocker then downloads the private key necessary to decrypt the encrypted files and slowly goes through the list of files it encrypted to restore them to their pre-encryption state.

Cryptolocker and You - Cryptolocker1

If the user opts to not pay the ransom, the deadline issued by Cryptolocker is still of particular interest in this situation as Cryptolocker takes the effort to completely uninstall itself upon expiration of that deadline. On the surface, this may sound like an unusual effort as it means the user need only sit and wait several days, at which time their machine will clean itself. Unfortunately, this is part of Cryptolocker’s last revenge upon the user for not paying the ransom. While Cryptolocker does indeed uninstall itself, it does not take the time to decrypt the user’s encrypted documents on its way out the door. Because of the nature of the encryption used by Cryptolocker, brute force decryption of the user’s documents is not particularly feasible as it is very likely the process would take longer than the user’s lifespan. Attempting to reinstall Cryptolocker is also not a feasible option for the user as Cryptolocker generates a new set of encryption keys at that time, invalidating the previous set.

When it comes to ransomware, Cryptolocker is fairly unique in this respect as it means once a machine is infected, cleaning the infection can be disastrous to the user as it eliminates the possibility of paying the ransom for the key necessary to decrypt the documents. Once Cryptolocker has been removed from the machine, the only realistic means of recovering data from the encrypted documents is to restore them from a backup. Unfortunately, recent studies have shown that roughly half of all regular computer users not only don’t routinely back up their data but have, in fact, never created a backup of their data. Those users who do back up their data often do not do so frequently and consistently. To complicate matters even further, a quick and dirty means many people use to create a backup involves simply copying documents to an auxiliary drive. While this is certainly a valid means of backing up data and is far superior to not having a backup, it is important to remember that Cryptolocker won’t hesitate to encrypt those copies as well if the drive containing them is attached to the infected computer at the time.

Although removal of Cryptolocker is included with a StopSign subscription, concern the user may not have a backup of their documents has prompted the StopSign Research and Development Team to decide to not incorporate an automated removal of Cryptolocker into the scanner. While we wholeheartedly feel a user should never have to pay a ransom to regain access to their machine or documents, the decision in this case must ultimately fall upon the user whose data is at risk. This was a hard decision, one rarely taken here, but it is a decision we believe most anti-virus and security companies have also settled upon.

It cannot be stressed enough that removing Cryptolocker effectively eliminates all data recovery options for the user other than restoring data from a backup and should never be done without the user’s consent.

How to Protect Yourself

Cryptolocker and You - onaccess

When it comes to malware, prevention is critical. Users should always be mindful of suspicious or unexpected emails and instant messages. The StopSign Security Suite provides a powerful on-access scanner component designed to monitor the system in real time. Keeping the operating system and associated software properly updated can also be crucial in maintaining a malware-free environment.

Painless Removal

If you should find yourself facing a Cryptolocker infection, we would be happy to provide personalized assistance to quickly remove it from your machine. Our technicians are available at 1-800-786-7744 to discuss the matter with you and assist in removal.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

10 “Back To School” Tips To Protect Your Kids Online

10 “Back To School” Tips To Protect Your Kids Online

The first day of school has come and gone for most of us here in America, and for our kids it’s the final nail in the coffin for Summer. For parents it’s often a time to celebrate a few more hours of quiet in the house after months of neighbor kids coming over, debates over what to eat for lunch (much to my kids dismay, I still contend that a fist full of Jolly Ranchers is not a good meal), and listening to countless hours of video games being played in the living room or rough-housing in the back yard.

By now we’re all pretty much back into the swing of things for the school year and all of the changes associated with it, including PTA meetings, before-and-after-school practices, and trying to figure out what the kids will wear for school pictures. (My mother is probably still cranky I wore a “Boss Hogg For President” t-shirt for my 5th grade school pictures waaay back in the day)

And, of course, we’re all making sure our kids are getting enough time to study, which nowadays more than likely means time on the family computer. We’ve compiled some tips and links to help you keep their study time a safe time.

  1. Teach Your Kids Internet Security Basics:

    Show your kids how to check for secure sites, setting up a good password, and things of that nature. Good habits start now, and teaching your kids how to stay safe now will follow them the rest of their lives.

  2. Keep Your PC In An Open Space:

    Any child under the age of 18 should probably be made to use a computer that’s in an open space. Perhaps at the kitchen table on a laptop, or with a desktop in a living room… something like that. This way you can casually glance over and see if anything inappropriate is being said. (Or shown!)

  3. Limit Socializing On The Computer:

    Computers are great, but I like to use the phrase “Everything in moderation” in our house when I tell them they only have an hour or two for fun on the computer or iPad. The kids get to do their Instagraming, Facebooking and tweeting, but they don’t get so engulfed in social media that they become antisocial in real life.

  4. Scan New Devices For Malware Every Time They’re Used:

    As your kids get older, they’ll start bringing home more data CDs, USB drives, and the like. It’s bad enough when they download stuff, but inserting devices into your computer opens up a whole new dimension to possible malware infection. Be sure that your Internet security software scans any new device or drive automatically.

  5. Only Post Parent-Approved Information:

    Once something goes on the Internet, it’s pretty much there to stay, even if you delete it. Because once those pictures, posts, etc. are made live, people can screenshot them, pass them to others, or re-share them. Make sure your kids know this, and only post things they wouldn’t mind you, their grandma, or grandpa seeing.

  6. Re-check Your Privacy Settings:

    Software and services are always changing things up with their privacy settings. (Looking at you, Facebook) Stay on top of your game and periodically check for any changes that may affect your kids, and in particular their online accounts.

  7. Mind Your Manners:

    It’s nice to be nice, and nowhere is that more true than online. Sometimes it seems like most of the folks commenting on anything out there are trolls who have nothing better to do that try to bring someone else down. Make sure your kids mind their P’s and Q’s and help make the Internet a nicer place to visit.

  8. Sometimes It’s NOT Nice To Share:

    TMI, or “Too Much Information”, is a problem, especially on social media. It’s one thing to share what you had for dinner, or the picture of your cat that makes you laugh. It’s a whole other ballgame to get too detailed or explicit about, well, pretty much anything. Kids should know where the line between appropriate and inappropriate is, and that they shouldn’t cross it.

  9. And Sometimes It’s OK To Tattle:

    Cyberbullying is a big problem, and when it happens, kids should be empowered to tell any and every time it happens.

  10. Avoid The Noid Strangers:

    Last but not least is the parent favorite: Don’t talk to strangers. Even those online. If your kids don’t know someone, they shouldn’t be chatting with them. And if things start to go south during a conversation, they can just shut off the computer and walk away, or even get you or another adult to help intervene.

  11. BONUS: Turn Off Location-Based Information On Devices

    On any smartphone, tablet, or any other device that allows you to display your location, be sure to turn it OFF for kids! Letting your kids post from home while displaying their geo-location lets everyone know where they live as soon as they post. The same goes for Exif data in cameras: Find out how to turn geolocation off before it becomes an issue.

Like anything we do, good online habits are formed over years of doing the same things over and over. Start practicing them now with your kids and soon it’ll become second nature to you all.

Image courtesy of twix

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Smartphone Pictures, Exif, and Personal Privacy

Smartphone Pictures, Exif, and Personal Privacy

They’re everywhere. In our homes. Offices. Schools. They contain sensitive information about us, identify our children, and have enough data about us to let criminals walk right into our homes. I’m talking, of course, about the digital photos on your smart phone.

An over-dramatization? Perhaps, but not by a lot. Recently there’s been a lot of chatter online about digital pictures and privacy. You’ve probably seen the Facebook status updates or buzz on other social media channels about how cell phone pictures can be a danger to your family’s safety. Snopes.com even posted about it recently and gave the topic a green light, which means after reviewing the facts they deem it true. The pictures you take with your smartphone can rat you out to the world.

The truth of the matter is that most devices with cameras these days (most notably smartphones) can add GPS or other location-aware data to your digital images, and can also add dates, times, and other information that could be used to track you down, much like they helped track down a high-profile antivirus software developer who was being sought after by authorities in late last year. This data is called “Exif” (Exchangeable image file format) and can be used to pinpoint your location when a photo was taken. Standalone digital cameras don’t often automatically add this information, but it’s best to check with the manufacturer to be certain.

A sample scenario of a potential privacy breach is as follows: Let’s say you take a picture of your kids at your home with your iPhone. If you don’t have your privacy settings set up in such a way that the Exif data is stripped, the latitude and longitude of where you took the picture is now embedded in the file. Upload that to your blog and now people can grab your image, parse out the Exif data, and find the approximate location of your home. It doesn’t take a tech genius to figure out that within a few hours anyone who saw that picture can be at your doorstep.

Fortunately it’s usually a pretty straightforward task to strip out Exif data (see “verexif.com“, “imageoptim.com” for Macs, or just do a Google search for “remove photo exif data” for more resources). To prevent geo-tagging information to be added to your images in smartphones in the first place, use this guide:

  • iOS 6:
    • Open Settings > Privacy > Location Services
    • Find the entry for Camera and swipe the button to the “OFF” position.
  • Android:
    • Because the User Interfaces for each Android device is different for each manufacturer, it’s not as easy to tell you how to turn off Exif geo-tagging. The settings are likely under the “Settings” icon, but the exact path may be different. You may need to hunt a bit for the option.
    • Note: There are apps that you can download which can help. Find out more details on this blog: “How to Scrub the EXIF Data from Photos on Your Android Phone Before Sharing Them“.

The up side to all of this is that certain social networks such as Facebook and Twitter proactively strip out Exif data, but that can change in the future and I personally wouldn’t trust it if you’re really concerned about data telling the world where your pictures were taken. Your best bet is to prevent the Exif geotagging from happening in the first place by being proactive about it with your devices.

Image courtesy of clanlife

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

On the Importance of Performing Backups

On The Importance of Backups - 04

Having worked intimately with computers from the early 1980s onward, there is one universal truth I’ve learned everybody will eventually face if they use computers long enough: No matter how much technology improves, you will always face the potential loss of data.

The More Technology Changes, the More It Stays the Same

Back in the “good ‘ol days” when programs and data were physically punched into strips of paper, those strips had a tendency to get worn or misaligned, causing them to read improperly, and it wasn’t uncommon for entire stacks of punch cards to be misplaced, particularly if you happened to be sharing computing time in a busy university with other eager (and possibly disorganized) grad students.

In the 80s, when many of us were coveting our friend’s shiny new 50MB MFM hard drive and storing the Lotus 1-2-3 spreadsheets with our family finances on 5-1/4″ floppy disks, the threat of those oh-so-fragile squares with their exposed magnetic surfaces and complete lack of rigidity failing to read or write properly was an ever-looming one. Phrases such as “don’t touch the jellybean” were often thrown around to reinforce handling practices in an effort to avoid a deadly fingerprint in just the wrong spot. Even the most conscientious of us ruined a floppy disk or two. I am personally guilty of leaving a pile of floppy disks sitting in a tightly closed Volvo. Parked under the noon sun. While living in the Caribbean. Those floppy disks never forgave me.

The 90s brought us larger and more affordable hard drives, and too many people learned that the convenient, sturdy, and abundant space came with a new price. Conventional hard drive technology at the time depended upon tiny read and write heads mounted at the very tip of moving arms, which would glide happily over the surface of large spinning platters, and this was a good system that has survived even into many of today’s hard drives. The problem occurs when either the electromagnetic motor responsible for spinning the platters begins to give out, the bearings the platters rode on started to overheat and fail, or worse yet, the read / write heads came into destructive contact with the surface of the platters, a condition that became known as a hard drive “crash,” so named because the read / write head physically “crashes” into the surface of the spinning platter, irrevocably destroying it. An industrious person with the proper tools and training can indeed replace a worn motor or transplant the platters containing critical data to another drive, but for most people facing a drive crash, there is no recovering the lost data.

Buy a new drive today, and chances are good you’re looking at a solid state hard drive (SSD), and rightfully so. Solid state hard drives trade the large, heavy array of spinning platters for semiconductors, which store information with no moving parts to wear out. Modern solid state hard drives have breathtaking read speeds, helping your programs load faster and making your data available to you sooner. Because they don’t expend power to keep moving parts up to speed, solid state hard drives have been known to use a fraction of the power of a traditional hard drive, particularly when nothing is actively being read or written to the drive.

All things considered, solid state hard drives sound like a wonder, but these too come with a new price. The critical component of the solid state hard drive is the semiconductor cell the data is stored in, and as resilient as those cells are, they can only be written to a number of times before they finally fail. As each cell fails, most drives will automatically attempt to relocate the data around the dead cells, but drive failure is still eventually inevitable.

Read through the various drive manufacturer specifications and you’ll see there is wide-ranging debate as to the real-world lifespan of the modern solid state drive, but truth be told, in this age of mobile computing, lost, damage, and theft are very real threats not to be ignored. There is also the possibility of the mis-click that leads to accidentally deleting your own files.

What is Your Time and Data Worth to You?

In the event your drive fails and has to be replaced, you will find yourself facing the time and effort to reinstall your operating system, any additional programs you need on your computer, and restoring your personal files. If you use a computer purely for surfing web sites or reading email, the failure of a hard drive, loss of a laptop, or theft of a tablet may simply be a one-time inconvenience between the cost of new equipment and an hour or two setting your machine back up to where you like it.

On The Importance of Backups - 00

A home office or professional user is likely facing a few extra hours of reinstalling software, although this might still fall under the category of an inconvenience for many people. However, once you start adding family photos, personal finances, personal artwork, the office work you took home for the weekend, that manuscript you never finished, or the doctoral thesis you’ve spent two years working on, inconvenience may no longer be a strong enough word.

The good news is that your backup options have grown along with the technology. You no longer need to rely on sequentially numbered floppy disks. Gone are the days of bulky tape backups that took hours to run.

Head in the Clouds

For those home users who stick with a basic install of Windows and are mostly concerned about photos and other various documents, cloud storage is an excellent option as it not only allows you to back up files you can’t bear to lose but also allows you access to the files from practically any device with a connection to the Internet.

There are many cloud storage options available to you, and without concern for whether you are camping with Apple, Microsoft, Linux, etc., there is a good possibility you already have cloud storage set aside with your name on it, ready and waiting for you.

If you have a Gmail account, Google Drive starts you off with 15 GB of free storage with more being added seemingly every day.

Have a Windows Live account? Microsoft has 7 GB of free storage already attached to your account as well as a convenient desktop app allowing you to integrate your storage into the operating system as if it were a local drive.

Apple has 5 GB of free storage waiting for you to claim it.

If you’re looking for even more storage and automatic backups across all your devices (desktops, laptops, tablets, phones), DropBox and SugarSync offer strong features and stable mobile apps worth looking at.

Still not enough storage? There are plenty of services available to you. Even Amazon has gotten into the game with 5 GB of free storage.

Have Your Backup and Take It with You

On The Importance of Backups - 3

If the thought of an Internet connection being essential to your backup or having your data be in the hands of someone else leaves you feeling a little uneasy, you certainly aren’t alone. Flash drives are a possible alternative for a user who is mostly concerned with backing up documents but also wants their data under their control and available regardless of whether they have an Internet connection.

Flash drives now come with a tremendous amount of storage space for fairly affordable prices, tend to be quite a bit faster than backing up over a network, and allow you to physically control your data at all times. If you have business-related encryption keys the ownership of which must be safeguarded and accounted for at all times, this may be an option second only to biometrics.

In the flash drive arena, as with the cloud storage option, you also have several options available including the no-frills storage device, weather and vibration proof models, flash drives encased in crush-proof tubes, drives with digital locks and biometric fingerprint scanners, and even a flash drive that self-destructs should you enter an incorrect password.

Probably the largest negative argument to be made about flash drives over cloud storage is that it moves the weak point in the system from being the network connection to being the user. The user must remember to plug the flash drive into the machine and back up their data. The user must remember to take the flash drive with them when the backup is done. Finally, the user has to take steps to safeguard the drive, which necessarily involves making sure it does not stay with the backed up computer. Cloud storage has offsite backup built-in by its nature. In the event of fire or burglary, you’ll be glad you did not keep your originals and backups together. I personally keep my trusty flash drive on my key ring, and it rarely leaves my sight.

For many people, a viable alternative to dedicated flash drives is a mobile phone. Most people keep their mobile phones with them nearly at all times, and most modern mobile phones are capable of acting as a removable drive, many by default when connected to a computer via a USB cable. As a bonus, most modern mobile phones also charge via a USB.On The Importance of Backups - 1

The Weakest Link

There are clearly countless options available to suit practically every user’s needs, but whatever backup plan you adopt, it is essential it be one you can maintain. A backup is only as good as how often it’s made. If the backup routine you implement is so cumbersome you find yourself putting it off day-after-day, week-after-week, it won’t matter how securely you’ve safeguarded the actual backup. Any files that don’t make it to your backup is work you have to recreate, memories you may never get back, and time and money lost. How much are your files worth to you?

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

What Is V.me by Visa?

What Is V.me by Visa?

Visa’s V.me aims to simplify online payments using your computer, tablet, or mobile phone. Announced in May of 2011 as a “digital wallet” (Visa press release) and rumored to be a replacement for the oft-misunderstood Verified by Visa (VbV) program. (For more about problems people have experienced with VbV, check out our blog post “Verified by Visa Scam: How to Spot the Fake“)

The Visa V.me service provides you with all the security and protection you’d normally expect from Visa without the need to carry a credit card around. There are multiple layers of security including fraud-monitoring, API’s to secure communication, and encrypted tokens using SHA-256 hash algorithms. The really nice thing about V.me for consumers is that we don’t have to worry about keeping (memorizing) our card data when we make a V.me transaction online.

Key points of V.me:

  • Beyond the Digital Wallet:

    Mobile integration will be a big factor (pay online or in-store), and seamless one-click payments will be a big piece of that puzzle.

  • Fixes the Verified By Visa “feel”:

    One of the complaints about Verified By Visa is that the program itself felt like a scam. The new V.me aims to work more like Amazon’s 1-Click.

  • Multiple Cards, Multiple Banks:

    V.me will allow users to register cards and banks outside of their Visa brethren. (Mastercard, American Express, etc.)

  • Rumor Has it:

    It’s said that Visa will be using V.me to support payments through QR codes, bar codes, and near-field communications (NFC).

Its been pretty quiet on the V.me front since late 2012, but a few press releases have popped up regarding adding new retailers who will accept V.me (currently over 50 financial institutions and 23 merchant partners like PacSun, 1-800-Flowers, and Buy.com), as well as a few promos that offer increased savings to anyone using V.me to make an online purchase. My thinking is that they’re still testing the waters, and soon we’ll see more partnerships, certainly before Black Friday this year. After that my guess is that V.me will make a bigger splash in the mainstream news and in the arsenal of accepted payment types by key eCommerce stakeholders.

Have you used VbV or V.me? What are your thoughts on either program?

Image courtesy of Visa

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.