Author: Janet Riley

All you need is love. But a little chocolate now and then doesn’t hurt.
~Charles M. Schulz

On January 14, 2020, Windows 7 was removed from life support. Past experience tells us Windows 7 will continue to live and breathe on it’s own for awhile but it will no longer receive security updates and Microsoft customer service will no longer be available to provide Windows 7 Tech Support.  Which might be a blessing.  Now, when the degenerate calls claiming to be from Microsoft (or Windows) and tells you he can fix your computer, you will most definitely know it is a scam because 1: Microsoft never calls anyone and 2: Windows 7 can’t be fixed.

But really, what are security updates and why should you care? 

Security updates are patches.  Sometimes they include feature enhancements and performance improvements.  More importantly, they include bug fixes.  They are designed to fix any of the issues and vulnerabilities being exploited in the wild.

If you never go on the internet (and yes there are two of you left that never go on the internet) then you don’t care. For the rest of you, continuing to run Windows 7 puts you at risk for being hacked.  Running windows 7 is a huge incentive for malicious users to target viruses, malware and ransomware at you.

A legitimate question I hear is:  What do I do if my specialized software won’t run on windows 10?

I have three answers:

1. contact the company and ask them when you should expect an updated version.

2. Purchase an updated version if it is available.

3. Take the computer off of the internet.

Need a solution?

There are three:

1. You can upgrade if your device is new enough.  We recommend only doing this on computers that are less than 4 years old.  We also recommend a minimum of 8 gig of RAM and at least 30 gigs of available hard drive space. 

· Pros: Inexpensive and your data and programs remain unchanged.

· Cons:  You are putting new software onto hardware that isn’t designed for it.  Pleasant results may vary.

2. You can replace the computer. 

· Pros:  You get a new computer with new hardware.  Hardware, like AA batteries, does wear out.

· Cons: more expensive and programs need to be reinstalled and data needs to be moved.

3. You can purchase extended support from Microsoft.

· Intended for Enterprises while they work toward replacing computer’s. 

· Initial speculation says extended support will be available for $25-$50/per device/per year, with the price doubling in the second year and doubling again in the third year and not available in the fourth year.

Please reach out to us if you need to upgrade, replace, or just need a tissue while you cry over the loss of Windows 7.  Comp-U-Talk is here to help. 

~ Janet

In Honor of Valentines Day

---

“Never underestimate the power you have to take your life in a new direction.” ~ Germany Kent

---

Happy New Year!  It’s time again to make resolutions and then break them.  Ever wonder why the resolutions don’t stick?  The amateur psychologist inside of me suggests it is because: 

•  It takes too long
•  It’s too hard
•  We didn’t make plans to succeed
•  We didn’t realize how painful failure would be

Let’s talk about YOUR computer security. 

Everybody wants to be secure. But who has the time? And how does security happen?  If you are like most, you will think about it later, but later only comes after catastrophe has struck. 

Per Roger Grimes, a Security Awareness Advocate with KnowBe4,  social engineering and unpatched software are,  and have been the top two root causes for successful exploits.  https://blog.knowbe4.com/2020-cybersecurity-predictions-by-knowbe4s-experts

Ever wonder what an exploit would cost? 

In Oregon, effective January 1, 2020, breaches of 250 records have to be reported to the Attorney General and to the entity involved, within 10 days.  That means you get to call or write every victim.  Imagine the embarrassment of explaining what happened! And will the victims continue to use your services?  Is there a better, and more fun, use of your time? 

Getting started with Security doesn’t have to be hard or get in your way. It doesn’t cost a fortune either.  With 24×7 monitoring and regular patching of software,  I can minimize the likelihood of breaches.  If you are worried about your current security, Call me.  

Apathy is not a valid excuse!

~ janet

Because It Made Me Laugh!

“Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective. That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.” ~Adam Kujawa

Welcome to November!  The holidays are officially starting.  I know Christmas decorations have been quietly appearing in the stores for the last four or more weeks, but those were just the trailers / previews for the season.  With the turn to a new calendar page, we are in full holiday season. National Retail Federation says holiday sales represent approximately 20% of annual sales.  Not to miss out on a good thing, cyber criminals also amp up their presence.  Vadesecure.com says we can expect a 43% increase in online fraud attempts. And up to 80% of people will fall for a holiday scam. (https://www.vadesecure.com/en/phishing-attacks-holiday-edition/ )

How do you guard against the onslaught?  Recognize how the evil finds you.  The two main avenues are through Phishing and Malvertising.

Phishing emails trick victims into giving up sensitive information, such as login credentials and credit card info, by way of social engineering and email spoofing. Spoofed emails mimic an email from a legitimate sender. Well executed spoofs will contain familiar branding and content, making them look and feel legitimate, and sound urgent—even threatening. Common phishing ploys include:

• A request for payment of an outstanding invoice.
• A request to reset your password or verify your account.
• Verification of purchases you never made.
• A request for updated billing information.

By tricking you into giving up valuable information, cyber criminals are able to hack the online services you use every day without any real technological savvy. To put it another way, why pick the lock when you can steal the key?

Malvertising, (Malicious Advertising) is the term for criminally controlled advertisements,  typically within web browsers, which intentionally harm via malware, unwanted programs, and assorted scams.  Malvertising can appear on any advertisement on any site, even the ones you visit as part of your everyday Internet browsing. Typically, malvertising installs a tiny piece of code, which sends your computer to criminal command and control servers. The server scans your computer for its location and what software is installed, and then chooses the most effective malware to send you.

To Protect Yourself: Think before you Click. Be skeptical about alarming notices, as well as any too-good-to-be-true pop-up offers you receive.

Enable click-to-play plugins on your web browser. Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). A large percentage of malvertising relies on exploiting these plugins, so enabling this feature in your browser  will offer excellent protection.  Step-by-Step instructions are available at: https://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/.

Use ad blockers. By blocking all advertisements, you remove any chance of viewing and clicking on an ad that is potentially harmful.  I use Ad Block Plus from https://adblockplus.org.

Last, but not least, keep your computer software patched, including all plug-ins like Java and Flash.

And one last thing, November 13th is World Kindness Day. Founded in 1998 by an organization called the World Kindness Movement, this international holiday encourages everyone to look deep into their hearts past religion, race, and other differences to do something nice for their neighbors and/or humankind.   

If you found this information helpful, please practice World Kindness Day and share this newsletter with your loved ones.  If you need computer assistance, please give me a call.

Janet

Security is always excessive until it’s not enough.  ~Robbie Sinclair

October is National Cybersecurity Awareness Month– a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.  With that in mind, I thought I would cover a few of the things you can do to keep your Windows 10 install just a little bit safer.

Turn off Targeted Ads:  I hate ads.  Even worse are ads for items I’ve either shown interest in or I have already purchased.  You can’t turn off all ads, but you can elect to see generic ads in the hopes nothing interesting will pop up and lead you on a rabbit trail.  To turn them off, click on the Start Menu, go to Settings (picture of a cog), click on Privacy, turn “Let apps use advertising ID to make ads more interesting to you…” to OFF.

Limit Diagnostic Feedback: At the risk of sounding paranoid, I’m not a huge fan of being watched by “Big Brother”.  (Sorry, Loren.  Still Love You!)  To reduce the Diagnostic Feedback, head to the Start Button ->Settings Cog -> Privacy. In the left pane choose Diagnostics & Feedback to see what is collected and make your personal decision between Basic or Full.

Turn off Activity History (or not): If you frequently use multiple computers (ie: one at work and a different one at home or a smart phone) then the Activity History can make your life easier as it will remember what sites you visited at work and synchronize them with your home computer/smart phone or vice versa.   Read more about it and make an informed decision by clicking on the Start Menu-> Settings Cog-> Privacy. In the left pane click on Activity history. Read thru the info in the right pane to make informed decisions.

Location, Camera, Microphone Access:  Since you’ve already navigated thru the  Start Menu->Settings Cog-> Privacy, take a look at other options in the left pane.  The location option will let you turn it completely off, or pick and choose which apps can access your location.  If you are equipped with a camera and are worried about outsiders watching you without your consent, then you will want to adjust it’s settings.  Same procedure for Microphones.

Account Info:  A normal Windows 10 install will setup a Microsoft Account and link it to an email account.  If you don’t want to share this information with random apps, then open the Account Info and make your desires be known.  Account Info is found at:

Start Menu->Settings Cog-> Privacy.  In the left Pane, scroll down to Account Info.

Contacts & Calendar: Same thing is true for Contacts and Calendar.  And just in case you can’t remember how to get to Privacy settings:  Start Menu->Settings Cog-> Privacy then scroll the left pane to Contacts or Calendar.

Sign-in: Navigate to the Start Menu->Settings Cog->Accounts (surprised you, huh?) Choose Sign-in options in the left pane.  Near the bottom of the right pane is an option for Privacy.  If you are the only one to  use the computer and you aren’t worried about people casually walking by and seeing sensitive things, then you can leave this alone.  Otherwise, I recommend clicking the Privacy Button to Off. 

There are lots of settings in the privacy category to investigate and possibly turn off.  As you turn items off, jot them down on a note pad, just in case something breaks.  It’s a whole bunch easier to figure out what caused the break, if we know for certain what changes were made.

That’s it for this month.  Take a couple of minutes and lock down your privacy and Stay Safe!

~Janet 

It’s Hunting Season!

Nobody can go back and start a new beginning, but anyone can start today and make a new ending. ~Maria Robinson

---

So… I’m moving.  We finally have the homestead modernized and we are ready to start picking up heavy items, drive them a mile and a half down the road,  so we can pick them up again.  Consequently, my body is tired, my brain is tired, my enthusiasm for writing a newsletter is minimal.  In other news, if anyone wants to buy a house in the Sumner area, I will have one for sale in about a month.

Because I’m tired, I’ve spent a huge chunk of the day reading headlines and looking for something, anything, to spark my creative juices for a newsletter.  As I write, Hurricane Dorian has devastated the Bahama’s and is headed for the east coast.  The losses are substantial.  My heart aches for those who are affected.  I’m so thankful this area hasn’t had to face such devastation.  My mind wanders.  I remember the fires that devastated Paradise, California last year and the fires that destroyed huge areas of Oregon forest the year before that.  I’m too young to remember the Columbus Day Storm of 1962, but  I do remember the safety drills we practiced in grade school in case another storm came.  I remember the 18 inches of snow we had in the late 60’s, and several storms with winds of 80-100+ mph.  And just last week, my friend in Georgia asked if I was okay.  She heard a report of an earth quake off the coast of Coos Bay.  We do live near the Cascadia Fault line.  So I ask:  If disaster came to visit today, am I prepared?

 Personal safety should be first on the list.  Everyone should have a stash of food, water, matches, flash lights, batteries, blankets, first aid kits, utility knives, sleeping bags, tarps and a plan to communicate with loved ones.

I wondered if I was missing anything and did a little digging.  I found an app for my cell phone.  It is produced by Insurance Information Institute.  It is called Know Your Plan Mobile App.  If you have a smart phone, I recommend installing it.  It is free.  It has a variety of check lists to help you along. The personal check list says I will need copies of insurance policies, birth and marriage certificates, passports, drivers licenses, social security cards, recent tax returns, employment info, wills & deeds, stocks, bond and other negotiable certificates, bank, savings and retirement account numbers and a home inventory. 

 Whew!! That’s a lot of stuff. So the question is: What do you do with all that stuff?  I’m going to scan my documents and save them to my computer.  Once on the computer, they will be included in the cloud backup.  I will keep a card in my wallet and on my cell phone with password (and only the password) to the cloud site.  The reasoning behind keeping password only is: I already know who I pay every month for cloud backup services and the login name will either be my email address or the standard phrase I use for logins when the email address won’t work.  The only thing I won’t remember is the password (because all passwords are unique).  You are using unique passwords right?  If my wallet or cell phone is stolen, the only thing at risk is the password.  No identifying information associated with the password is included.  Thieves would have to be incredibly lucky to pick out the one web site out of millions that is associated with this password.

 The list for business is similar.  Insurance Information Institute says access to critical information will be paramount to staying in business.  Statistically, forty percent of businesses do not reopen after a disaster and an additional 25% fail within one year. Critical data should be backed up off site. Insurance policies, banking information as well as phone numbers of employees, key customers, vendors, your insurance professional and an inventory of business equipment, supplies and merchandise should be included in the backup.   https://www.iii.org/article/when-disaster-strikes-preparation-response-and-recovery

 May I propose we set a goal?  Let’s schedule a couple of hours this week and gather this information together.  If you need assistance with setting up scanners or securing data offsite, call me.  I’d love to help.

 That’s it for this month.  Please Keep Your Data Safe, and Keep Your Family Safer!

 ~Janet 

The Affects of Moving

Problems are not stop signs, they are guidelines. ~Robert Schuller

---

I received an email from Trevor.  Trevor didn’t have a last name, and I know several people named Trevor, so I opened it.  This is what I saw:

So, I’m thinking, This isn’t Good! And  I replied:  Comp-U-Talk only processes credit cards in person, never over the phone.  Contact your credit card company to dispute the charges.  This is what came back to me: 

 

See any problems here? 

 This is called a Phishing Scheme.  I’m hyper aware of phishing schemes, but this one almost got me.  Please learn from my experiences, so you don’t have to learn from the bad guys. I didn’t open the link in the second email. I’m fairly certain that had I done so, I would be restoring my computers from backup.  Fortunately, I have backups.  Do you have backups?  Just asking.  I know a really wonderful organization that can assist with backups, just in case you need them.  Call me!!

Here are the warning signs: 

1. I wasn’t expecting an email from Trevor. Trevor didn’t have a last name.  The crook was hoping I knew someone named Trevor.

2. Once I was in the email, the sending email was from an account I did not recognize (helpdesk at angelikasnow.com).

3. The second email was from an address that did not match the first email (trevor.f at retailanbbrandexperience.com).

4. The link was to a zip file. Zip files can contain malicious code.  Not all email filters and virus scanners will scan inside a zip file.  NEVER, NEVER, NEVER open a file you aren’t expecting.  Malicious code can also be hidden in other files.  PDF, Word and Excel files are favorite vehicles for spreading grief.

5. Out of curiosity, I went to godaddy.com, scrolled to the bottom of the page and clicked on the WHOIS link. This link will tell you who owns a domain (if they haven’t purchased privacy) and how long it has been in existence.  The angelikasnow.com was created in 2015, but the retailanbbrandexperieince.com (did you catch the misspelling of that domain?) was created on 7-23-19.  It was just a day old!  And webfax.org?  It was created 7-20-19 and registered in Panama.

6. Webfax.org sounds legit, and closely resembles real services like HelloFax, MyFax and Fax.Plus, but sadly, it is up to no good.

 I’ve got to hand it to the perpetrator.  He/She did good.  The English is good, the WebFax has a little ® sign, and claims to be the worlds #1 Online Service.  It looks good.  What you need to remember is:  Looks can be deceiving!  Please, Think Before You Click!!

 That’s it for this month.  Until Next Month, remember to Keep Your Data Safe!

 ~Janet 

Because It Made Me Laugh!

 

When All Else Fails, Take a Vacation!  ~Betty Williams

---

Ah, Summer….  A time for outdoor fun and picnics. And no picnic is complete without cookies.  Fresh, hot-out-of-the-oven, gooey, chocolate… because chocolate chip is the only real cookie, unless I’m trying to earn Brownie Points with Neal, and then I make Oatmeal Raisin Cookies.  It got me thinking.  Computers like cookies.  Are computer cookies calorie free?  Inquiring minds want to know!  

The picture to the left popped up on www.thenextweb.com.  The definitions that follow are a small part of what you will find if  you click the More Info button.

 What is a cookie? 

 When offering services via our Platform we or a third party can place  cookies. A cookie is a small data file that your browser places on your computer or mobile device. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser. The third party cookies of third parties are installed by third-party websites, such as advertisers. They gather data about your browsing habits, and allow them to track you across multiple websites.

 What cookies do we use?

 We use cookies to help us remember non-personal data such as your user preferences to optimize your user experience on our Platform or to recognize your device the next time you visit our Platform. Certain cookies contain personal data for example, if you click on ‘remember me’ when logging in, a cookie will store your username.

Cookies can be categorized by the role they fulfil on our Platform:

• Functional cookies are essential in order to enable you to use and move around our Platform and to ensure that our Platform functions properly.
• Analytical cookies are used to collect information on visitor behavior (e.g. the pages you view most often) to optimize the usability of the Platform.
• Advertising cookies are used to follow browsing behavior over a longer period of time across various websites. These cookies build individual user profiles according to their interests. Based on these interests, the content of the advertisements on our website will be adapted for different visitor groups.
• Social cookies are used to enable logged on users of selected social media sites to directly share content from the Platform.

 

Those ads that seem to follow you everywhere, it’s no coincidence. It’s cookies.  If you are tired of the added  calories, you can clear the cookies.

 In Internet Explorer

Click on the Tools Menu, Choose Internet Options.  On the General Tab, click  Delete and put a check mark in Cookies and website data.  Add any additional check marks with caution.

For Edge

Click the Star with 3 bars to the right of the address line.  Choose History, then Clear History.  Select Cookies and saved website data (and any other options with caution).  Click Clear.

For Chrome

At the top right, click the triple dots, choose more tools,  then clear browsing history.  Pay attention to the Time Range drop down and the Basic & Advanced tabs.

 That’s it for this month.  Until Next Month, remember to Keep Your Data Safe!

 ~Janet

---

Because It Made Me Laugh

Every child needs a pet, because every family needs an optimist. ~ Paul Batura

---

My favorite Microsoft Application is Outlook. I can get by with a myriad of different Word Processors and Spread Sheet applications, but I can’t imagine life without Outlook. But I’ve got to admit, Outlook has an annoying feature. It’s called cache. I mention it, because last month, I had two people who got bit by the cache.

The definition of cache (pronounced cash) is: a collection of items of the same type stored in a hidden or inaccessible place; store away in hiding or for future use.

When you reply to an email, Outlook automatically stores the email address in cache. Next time you want to email that person, just start typing the address on the To: line and Outlook shows the address from cache, you click on it, and voilà, the address fills in.

So what’s the problem? When you move Outlook to a new computer, the cache doesn’t come with it! So all those email addresses you thought you had saved, they are MIA!

How do you mitigate this? Next time Outlook auto fills an address for you, Right Click on the address and tell it to “Add to Contacts”. If the option “Add to Contacts” isn’t on the menu, then the address is already safely stored in the contacts list.

Other fun features of Outlook:

• If you use the word “attachment” or “attached” in an email, Outlook will check for an attachment. If it doesn’t find one, it will ask if you would like to attach something before sending. Only caveat: You have to spell “attachment” or “attached” correctly!
• Waiting for an important email? Turn on alerts. Open the File Menu, Choose Options, Click on Mail. Scroll down to the section titled Message arrival and put a check mark in the box for Display a Desktop Alert and OK your way back out. Want extra special alerts for a certain someone? Highlight an existing email from the someone, Click on Rules, then Create Rules. Put a check mark in the box labeled From someone@special.com. Put a check mark in the “Display in the New Item Alert Window. Click on OK.
• Want to see the E-mail in one window and the Tasks or Contacts in another? Right click on the second task and choose “Open in New Window”

Our Goal is to help you become more efficient and keep your data safe. If we are doing a good job, please keep us in business and tell your friends. If not, please reach out to us and let us know what we can do to improve.

 That’s it for this month. Until Next Month, remember to Keep Your Data Safe!

 ~Janet

Because it Made me Laugh!

Life is not about how much you can pack into your days, but about the impact you can make with your days. ~Valorie Burton

---

The first Thursday of May has been designated as World Password Day by the Registrar of National Day Calendar.  It’s a day to promote better password habits.  Interestingly, the National Day Calendar has a list of 1500  World Day Celebrations.  You can search for your favorite day here: https://nationaldaycalendar.com.  In case you’re curious, chocolate has two days, January 31st is Hot Chocolate Day and August 4th is Chocolate Chip Cookie Day!  (Because Chocolate addicts want to know!)

Meanwhile, back at https://www.passwordday.org, there is a great information about protecting your password and your identity.  Did you know identity theft is one of the world’s fastest growing crimes?  Adding strong authentication to your password can prevent it.  Passwordday.org has some pretty impressive tools to walk you through the process of adding layers of protection to your password.  For starters, use a strong password. It should be a minimum of 8 characters. Use a combination of UPPER case, lower case, numbers and symbols.  Never use the same password twice.  Need help keeping track of all those unique passwords?  I use dashlane, available at dashlane.com.  Lastpass at lastpass.com is also highly rated.

When possible, use Multifactor Authentication.  This will send a code to your smart phone, or require a code generated by an app on your smart phone.  Supply the correct code and you are allowed onto the site.  I have several accounts that send codes to my phone. It adds 30-60 seconds to the login time, but that is well worth the peace of mind!

Fingerprint ID can be an option.  This is available on most smart phones and many laptops.  

Want to know which sites support Multifactor Authentication and how to turn it on?  https://www.telesign.com/turnon2fa/tutorials is an impressive list of popular sites with step-by-step directions for achieving said goal.

Curious about what cybercriminals know about your organization?  Which of your email addresses and identities are exposed on the internet? Criminals use this information to launch social engineering, spear phishing and ransomware attacks against you.

There is a complimentary Email Exposure Check which will identify at-risk users. It only takes a few minutes and can be an eye-opening discovery. It is available at: https://info.knowbe4.com/email-exposure-check-pro-chn

That’s it for this month.  Until Next Month, remember to Keep Your Data Safe!

 ~Janet 

Because it Made Me Laugh!

Happy Easter Vern… I like to Eat the Eyes First!

Jim Varney   – https://youtu.be/FGZ8nXq0rxA

---

END OF LIFE

Microsoft has set January 14, 2020 as the last day of support for Windows 7 and Server 2008.  If you are still using either product, now is a good time to start planning to replace those machines. 

End of service means the software will continue to operate as expected, but any new security holes will remain unpatched.  If the system is never exposed to the internet, you have no worries. If it does access the internet, then it is at risk for compromise.

For those reluctant to change, I understand.  All new computers purchased at Comp-U-Talk include a free lesson to get you up to speed on the new interface.

NEW BLACKMAIL SCAM

Our friends at KnowBe4 report a blackmail/sextortion scheme.  Emails pretending to originate from the CIA are claiming they have evidence of child porn on your computer.  We’ve seen variations of this email multiple times in the past.  The new twist is, if the embedded link is clicked, they actually plant child porn on your system.  If you don’t pay up, they send your information to the CIA.  See the full story here: https://blog.knowbe4.com/heads-up-this-evil-new-child-porn-phishing-attack-could-absolutely-ruin-your-life

IS IT A PHISH?

And along those lines, the folks at zdnet.com have put together a list of the most common subject lines used in phishing emails.  Think twice before opening emails with these subject lines: 

• Request
• Follow Up
• Urgent/Important
• Are you available? / Are you at your desk?
• Payment Status
• Hello
• Purchase
• Invoice Due
• Re:
• Direct Deposit
• Expenses
• Payroll

The complete story can be found at: https://www.zdnet.com/article/these-are-the-12-most-common-phishing-email-subject-lines-cyber-criminals-use-to-fool-you/

 Don’t forget to check out the 37 second Jim Varney clip listed at the top of this newsletter. My family has been reenacting this scene for years.  Feel free to post your reenactments to our Facebook page.  We would love to share your fun.

That’s it for this month.  Until Next Month, remember to Keep Your Data Safe and Happy Easter!

~Janet 

Because it Made Me Laugh!