Page 2 of 38

Do You Need a VPN?

A VPN (Virtual Private Network) is a tool for creating a secure connection between your computer and the websites you visit with it. It sounds like a sensible piece of protection for your computer. But do you need a VPN?

do you need a vpn?

Most security companies would respond with an empathic Yes!, but keep in mind that they’re selling product. I should mention that I don’t use a VPN. I don’t foresee ever needing one, and I don’t recommend them for most people. Sure, there are legitimate reasons to use a VPN. But let me give you a lot of food for thought on this topic, and you may figure out that your VPN isn’t as necessary or helpful as the industry claims it is.

I Need Protection When I Travel

A common desire for using a VPN comes when people travel and go to use public Wi-Fi. There is a fear that jumping on a public internet connection will expose their data to nearby criminals, and that a VPN will shield them from harm.

This used to be true, many years ago. When surfing to insecure websites, all data passing from your computer to them would’ve been visible to others on the same network. But times have changed, (largely instigated by Edward Snowden).

In 2024, almost all websites are now Secure by default. When you click the icon to the left of the URL in your browser, it will tell you so. And that security means that your connection to that site is encrypted, and any nearby eavesdroppers will not be able to see what you are transmitting. All of this is to say: a VPN would not offer you any extra protection to you, as you surf the web from a Starbucks. Your browser already has you covered, and will warn you if you ever happen to visit an insecure website.

I Don’t Want Big Tech Snooping on Me!

I’m sorry. I don’t want them to snoop on me, either. Whether it’s Microsoft, Amazon, Facebook, Google, Salesforce, NVidia, Oracle… they’re all hoovering up our personal data and using it to make money. And ISPs also do this. I don’t condone this practice, and I think it stinks.

But a VPN doesn’t help much to stop this. Data collection on the internet has become very sophisticated and efficient and accurate. Who cares about cookies, when tracking can be done far better using Digital Fingerprinting?

Fingerprinting is essentially a fancy name for the way companies track you, using triangulation and unique information from your computers. As you visit a website, your advertising ID and other hardware tags may be collected from your PC. And one tech company, as they build a dossier on you, may share it and combine it with info from other companies. There are ways to interfere with digital fingerprinting, but a VPN is not effective at this.

It Will Protect My Computer from Hackers

This is simply not true. A VPN connection may change your internet connection, but it doesn’t make the computer impenetrable, from a remote-control standpoint. When clients have me service their computers remotely, my software allows me to “step into” their computers, wherever they are in the world. I can service a computer that is truly in Germany. I can also service a computer that appears to be in Ghana, due to a VPN program.

And if I can remotely-connect to a computer, that means all of the scammers can do the same. The good guys and the bad guys all use the same tools! They won’t care (or even notice) if you are running a VPN.

VPNs also have no effect on phishing attempts. A computer user can still be tricked by a deceptive email, which can take them to a website that steals their password. You’ll have to look elsewhere to safeguard against that kind of threat.

Other Detriments to Running a VPN

  • It has a recurring cost.
  • It may slow down your internet connection.
  • The VPN company may collect data on your activity, and profit from that data.
  • The VPN company may hand over your information and history, if they receive a subpoena, warrant or government request.
  • The VPN company may overstate how much they protect you, and may not support you if you suffer a security incident.

When Should You Use a VPN?

There are appropriate times to use a VPN. The biggest and best reason is: Your employer is telling you to. Of course, you want to listen to your boss! If they mandate the use of a VPN, they are going to tell you exactly which one to use, and how to use it. That VPN may be necessary for you to do your job and access parts of their network that aren’t available to the rest of the world.

Another semi-legitimate reason for VPN usage is to access something that isn’t normally available in your country. For example, if you want to watch an Italian news channel from your location in the USA, it might not be allowed for your American IP address. But a VPN can make it look like your computer is in Venice, and that might allow you to view that restricted content. However, be careful if you attempt this. If you are caught bypassing such barriers, you could be banned from using that service or worse!

Finally, I do see streamers and other internet personalities using VPN software. This is for their protection, because they might be specifically targeted by cybercriminals and people with high-level hacking skills. But this is for celebrities and famous people with a significant internet footprint. If you’re a regular person like me, you won’t have to worry in this direction.

Facebook Guest Chat

Update as of 2/13/2024:

Readers recently brought to my attention that they couldn’t follow the steps below. After I looked into it, I can see that Meta has changed their Settings Pages, and you may not be able to disable this feature.

But as it turns out, that’s OK. Because they’ve disabled the entire Chat Plug-in feature, for the entire site:

I have to guess that Meta could not fix this problem with the scammers, so they had to abandon this odd feature. If you continue to get other scammy Facebook messages, make sure to report them.

Original Post:

Facebook Guest Chat is a new and problematic feature that affects (so far) only Facebook Business Pages. This feature allows people to message a business over Facebook, without signing in to a Facebook account. Guest chat allows for anonymous messaging, and the chat only lasts for a short time. After a day or so, the messages self-destruct, like in a spy movie.

Problematic

I can’t say why Facebook decided to implement this feature, but it is a problem. Cybercriminals are already looking to use this tool to phish and scam people:

facebook guest chat

If your Facebook Business Page receives this sort of message, please do not believe it! It did not come from Meta, there is no crime or danger afoot for your Page, and you should not do what this says. It is simply a phishing attempt, and the bad guys are trying to trick you into giving them your Facebook logon credentials!

You are welcome to report suspicious Guest messages to Facebook, if you like, but I doubt it will do much good.

Disabling Guest Chat

If you have a Facebook Business Page, you may choose to allow or refuse Guest Chat messages. The steps for doing this, though, are hard to find, and even Facebook can’t tell you accurately how to do this. Here’s what worked for me:

  • Go to your FB Business Page at https://business.facebook.com/
  • On the left, click Inbox
  • To the upper-right, click the cogwheel (Settings) button
  • Under Inbox Settings, click Chat Plugin
  • Click where it says Customize Chat Plugin
  • Next to Guest Chat, click the Toggle to turn it off
  • To the lower-right, click the Publish button.

After you take these steps, you will still get regular FB messages, from people who are properly signed-in to Facebook. But no more Guest messages can get through to your Business Page.

Scam Electricity-Saving Devices

Scam Electricity-Saving Devices

This post is not really a computer tip, per se, but I’ll cover it anyway. Scam electricity-saving devices are rather tangential to what I write about here, and quite a few people are asking me about them. So heads up! Here’s what I can find and say about these things:

Power Saving Devices

These things go by a variety of names: Watt-Saver, StopWatt Energy Saving Device, Power-Save Box and more. If you notice these for sale on Amazon/TikTok/eBay/Facebook/etc., they will promise to greatly decrease your electricity bill! All you have to do is buy a bunch of them, plug them into your household outlets and wait.

But everything about these boxes is made up and the facts don’t matter.

  • Elon Musk and/or Tesla have had no hand in creating or selling these devices.
  • They do not reduce your electricity consumption in any meaningful way.
  • Fox News and other news media have not endorsed or covered this product.

Their marketing also states that it may take a few months for you to notice the reduction on your bills. This is just a tactic to convince purchasers to keep these devices longer than the purchase-return-window.

The Truth

If you really want to cut electricity costs in your home, don’t believe these con artists. Conserving electricity is a little more involved than buying some junk from Amazon and plugging it in. There are plenty of reputable resources out there with ideas for you, and your electric company probably is probably one of them.

But Jesse, I see these things on Amazon and they get great reviews!” Sorry, you can’t count on Amazon reviews these days. There are countless ways to game that system, so that a bogus product shows many 4- and 5-star reviews.

These devices contain almost nothing of value. YouTube has plenty of videos, where people take apart “power-saving boxes” and discuss their innards. Enjoy!

Avoid Using Registry Cleaners

avoid using registry cleaners

The Windows operating system has this central database that it uses constantly, while your computer is running. Better know as the Windows registry, it is essential for your PC’s operation. It’s hidden away where you won’t see it, and only advanced users ever meddle with it. And yet, some helpful apps offer to clean and maintain it. I need to warn you off of that sort of thing, right now. Please: Avoid using registry cleaners!

The Windows registry can take care of itself. Some cleaning software may purport to be able to improve your system performance, by tweaking your registry, but please be wary. Microsoft has long held the stance that you don’t need to “maintain” their registry. Running a registry cleaner can put your system at risk! Malwarebytes echoes this view, and also suggests that registry cleaners only appear to help, due to the placebo effect.

There are plenty of other warnings out there about the uselessness and dangers of registry cleaners, but let me be the latest: You can seriously harm your PC by using a registry cleaner. An explicit example: Joe Customer just called me about his computer that suddenly will not boot up. He presses the power button, the Windows Logo briefly appears, and then he gets a BlueScreen error. His system then restarts and loops back to the same message. As of now, he’s “dead in the water.” And the last thing he did, before this problem, was he ran his Registry Cleaner and then rebooted.

I can get him back on dry ground, with a System Restore, or a Windows Reset. With some luck, we won’t need a complete system wipe. But Joe is currently anguished and panicked, and very worried about his files. I don’t wish these kinds of feelings on anyone. Save yourself some stress and avoid using registry cleaners.

Flea Power

Computers and other tech devices retain small amounts of electricity even when turned off and unplugged. Some of it is deliberately stored in capacitors on circuit boards. Other energy is incidentally caught up as a static charge. In any case, this minute amount of electricity is called Flea Power.

flea power

It’s a Bug, Not a Feature

Sometimes you need to drain this residual power, to revive a device. Here are some scenarios where you should try a hard reset (or power drain) to deplete that stored power:

  • A laptop begins to boot, but shows nothing on the screen.
  • A desktop tower flashes its power button as if it were asleep, but it won’t easily wake up or turn all the way off.
  • A printer turns on, but the Wi-Fi just won’t work or connect.
  • Some component, like your audio port or all USB ports, aren’t working.

Draining the flea power is not a cure-all, but it is a crucial troubleshooting step, that should be used early on, before you invest time and patience into a hardware problem.

Getting Rid of Flea Power

For computers that are stuck or troublesome, you would:

  1. Disconnect the power cord from the back or side of the system.
    • Remove the battery, if possible.
  2. Disconnect other cables and devices attached to the computer.
  3. Press and hold the computer’s main power button for 15-30 seconds, and then release it.
  4. Reconnect only the power cable, and press the power button briefly, as you would to turn it on.
  5. If the system turns on, reconnect your other cables and devices. If the system does not turn on, try steps 1-4 again.

Some printers will benefit from this troubleshooting tactic, too. If you are trying to solve a problem with your ink cartridges or printer’s network connection, make sure to follow these steps at least once. Also keep this tactic in mind for any TVs and soundbars that give you difficulty.

Draining a device’s Flea Power is generally harmless, so feel free to do it at anytime. However, you should not have to do this often. If you find your device requires this procedure again and again, you may have a deeper problem worth discovering.

Email Your Future Self

email your future self

If you’ve ever wanted to send an email to your future self, there’s a great website for that!

FutureMe

You’re welcome to use this website for free, and it does exactly what it says on the tin: You write an email to your future self, and FutureMe promises to send it to you at the date of your choice.

I can imagine a lot of positive uses for this, but if you need examples, check out their FAQ page and their Public Letters page for more info.

Xfinity’s 2023 Data Breach

xfinity's 2023 data breach

Has Xfinity contacted you recently to change your password? This was probably a legitimate request, and prompted by Xfinity’s 2023 data breach.

(I’ll call it the 2023 data breach, because they also had one in 2022!)

It looks like cybercriminals exploited and intruded upon Xfinity’s systems in October of this year, and we’re just now hearing about it. Xfinity has put out a generic statement about the matter. But government websites provide more important details, such as: 35 million customer records are involved. What kind of data was stolen? It could include usernames, passwords, last-four digits of SSNs, DOBs and security questions/answers.

If you are an Xfinity customer, it’s not important whether or not they notified you. Change your Xfinity password now. And if you are willing, consider using additional 2FA protection on your Xfinity account. Update your account security questions. And anything else that Xfinity reps suggest to you (if you call them).

If you want to call in about Xfinity’s 2023 data breach, start with this dedicated number: 888-799-2560. But that number may be swamped, and sometimes rings busy. If you cannot get that phoneline to work, try any other support number you may find on your Xfinity billing.

Addendum

Even though Xfinity customers are quickly securing their accounts, this data breach will likely result in other hazards, down the road. Cybercriminals will study the stolen customer records to see how to use them creatively.

If I had to guess, I’d say we’ll see an uptick in bogus Xfinity phone calls, where scammers promise big discounts or collect money for receiver updates. They can repurpose the data from this breach, to make them sound more legitimate to their victims!

Thank Your Amazon Driver

thank your amazon driver

Would you like to thank your Amazon driver for what they do? Amazon has started up their driver tipping program, much like last year. Everytime someone sends a thank you to their last delivery person, Amazon will pay them an extra $5.

They make it easy to do. You can:

  • Visit this website
  • Type “thank my driver” into the search field of Amazon’s website or app
  • Speak to your Alexa device, “Alexa, thank my driver!”

It looks like these gratuities will be doled out for the next 2,000,000 thank yous.

How to Recognize Spam

how to recognize spam

For some, it’s easy to spot spam in your inbox. But for others, it can be a real challenge. Spammers use a variety of tactics to make their email look tempting, believable and worthy of attention. But much like a spoiled brat or a passive-aggressive boss, we don’t want to encourage a spammer any more than we have to. The following common characteristics will help you recognize spam, so that you can react correctly when it arrives:

Mismatched Sender Email Addresses

When you get an email that you’re not sure about, consider the sender’s address. Many spammers use Gmail/Outlook/Yahoo addresses, because they are quick & easy to create. Other spammers use whatever email address they please, because they’ve spoofed it to look like a trusted domain name. In any case, looking at the email address from which the message came is your first clue to spam.

For example, if you have a curious email about your Norton subscription, but it came from GregoireBandersnatch@harvard.edu, that should immediately tell you that you have spam. A legit email from Norton would likely have Norton.com in the address.

Also imagine: You’re looking at a message from HelloFresh, and it seems to have been sent by Hell0Fr3shMark3t1ng@gmail.com. Wouldn’t the real HelloFresh send their marketing messages from an address ending in “HelloFresh.com”?

Gobbledygook Email Address

While you’re checking the sender email address, any kind of gobbledygook you see there is another tip-off. If the message came from d4H3f9a2fb1@serenitynow.com, you can probably consider that as spam.

Homoglyphs

Even though this may be new vocabulary to you, you probably already know what this is from past spam. A homoglyph is a character or symbol that is very similar in appearance to another. Homoglyphs can be used in humorous or creative ways, such as in l33tspeak or slangy texting, but spammers use it a lot in their subject lines and message bodies. Homoglyphic substitution helps their email get past some spam filters, while preserving the overall meaning for their recipients.

Șó aṇỿtɨmе yóu sее an еmaɨ| mеssagе that |óóks |ɨke thɨs sеṇtеṇçе, knów that ɨt ɨs spam and trеat ɨt as suçh.

Spelling and Grammar

Some spam employs flawless English, while other spam does not. If that message from WholeFoods is horribly written, or that offer from Wal*Mart misspelled the word “coupon”, beware! A big company surely has an editor on staff to review any mass communications, and would almost never broadcast anything so unprofessional.

Incidentally, I should remind you that spammers intentionally send spam with misspellings and poor grammar. They’re not ignorant. They do this as a tactic to target their audience and get responses from the people who are more likely to fall for their scams.

Outlandish Claims

Extraordinary claims require extraordinary evidence.” Please do not believe or react too quickly in response to any email making outlandish claims or promises. I assure you that:

  • The Grand Vizier of Mazumba Province is not going to bequeath $10M to you
  • You are not going to get rich quick by investing in a secret Bitcoin opportunity
  • Secret Shoppers are not being hired in your zip code and you will not make $100k in your first year
  • That payout from a casino or lottery (that you’ve never heard of) is not going to make you rich

These emails persist, because they can sweep people up in their hopeful emotions and take advantage of our trusting nature. Don’t fall for it. Practice critical thinking skills and research things without haste, without responding to such spam.

Urgency

Is an email urging you to Act Now Before Time Runs Out? Is their special offer only good for another 15 minutes, and the message even shows an animated clock, counting down? Or is there a veiled threat of bad things coming, if you don’t act in a timely manner?

In any case, if an unexpected message is conveying a sense of urgency, that’s a big red flag. Legitimate offers won’t push or rush you into any decision. Hurrying you to decide something is a tactic meant to compromise your judgment.

Nearly Empty Messages

Some spam plays their game in the other direction: Their message shows up blank or mostly vacant of any real text. What little there is in the message is a lure.

Sometimes, the spam contains only a single sentence or phrase. It’s usually vague but just interesting enough to entice you. And it will be a weblink; you will instinctively know that you could click it to learn more. Don’t click it! It’s a trap!

Other times, the spam will have absolutely no text in the body. there will be only a single large image, and your email program may ask you if you want to Display Images? This, also, is a trap. Never ask your email app to display images from any unknown sender.

Anyone tricked by these messages will confirm to the sender that they’ve read the email and interacted with it. That leads to more spam and scams in their inboxes. Also, clicking links could expose them to malware downloads, phishing websites and worse.


This post should end with a recap on what you should do, and not do, with spam.

  • Just delete it, OR
  • Mark it as Spam/Junk mail (if your email offers you such an option)
  • Feel free to open and read any potential spam message, BUT
  • Do NOT reply to spam, do NOT call any phone numbers shown in spam
  • Do NOT click any links inside of spam, do NOT open any attachments
  • Do NOT unsubscribe from spam. Any unsubscribe options, even when offered by Google, can result in your receiving MORE spam.

Some good news on the horizon: Google is adding AI to their spam filtering software. They claim this will make them more successful at blocking homoglyph abuse and other sneaky spam. And if Google is deploying this new technology, I bet Microsoft and other big tech firms will follow suit.

Vishing

I didn’t think we needed a specific term for scam phone calls, but here we are. Following in the footsteps of smishing and quishing, we also have the term vishing. Vishing is another portmanteau, created from voice + phishing. When you see or hear about vishing, they’re referring to any phishing/cybercrime carried out over the phone or through other verbal means.

Vishing Examples

You may know of some of these vishing scenarios already, but they’re worth rehashing. Some of these employ live human voices, while others might use recorded messages or even AI-generated speech.

  • Big Tech Impostor: An important technology company calls to urge you into action. The call may claim to be from Apple, Microsoft, Yahoo, Google, etc., and they may claim your account has been compromised or your data has been stolen. Others calls seem to come from Norton, McAfee and the like, where they state your PC is infected, or you are due some special refund. These calls often become a remote control scam.
  • Big Merchandise Impostor: Most of us place orders with Amazon or Wal*Mart, but that doesn’t mean they’ll call you out of the blue. Calls announcing that your shipment has been lost or damaged, will probably morph into a refund-based scam.
  • Pretending to Be Your Bank: Is that call really coming from your bank, or is it an impostor. Be suspicious if the person on the phone wants your PIN, or a texted code or anything else sensitive from you.
  • Television/Broadcast/Satellite Impostors: Xfinity, Dish, DirecTV and more are commonly impersonated on calls offering discounts and refunds.
  • The Grandparent Scam: Vishers call their victims, trying to pass themselves off as young relatives in trouble. Even worse, this scam is changing to employ AI-generated voices that sound very convincing. Family members report receiving calls that claim someone dear to them has been kidnapped.
  • Police Department/Court Systems/IRS Threats: If you need to pay your taxes, settle a court order or be arrested, a government employee will not call you to take payment over the phone. But these vishing efforts succeed everyday, because people are often afraid of these entities coming to their doors.

Advice & Notes about Vishing

vishing
  • Most vishing calls use Caller ID spoofing, to make them more convincing. Please remember that Caller ID is not always truthful.
  • Do not harass or aggress a caller, if you figure out they are a scammer. In rare instances, the cybercrook will respond by swatting their victim. Just hang up on them.
  • Some vishing calls originate from your trash. A crook may harvest an account number or some other PII after doing a little dumpster diving. I recommend you shred all sensitive paperwork before you dispose of it.
  • If you haven’t put your number on the National Do Not Call Registry, now’s the time. It won’t solve your telemarketing call problems, but it might decrease the unwanted calls coming in.
  • Let all unknown callers roll to voicemail. Do not answer mystery callers.
  • Some vishers look to leave a voicemail message about an urgent situation. They may use tools that send their call directly to your voicemail inbox! The recording will state a phone number to call, but that will typically just connect you to the scammers. Do not call these crooks back!
  • Don’t speak to a robocall or any suspicious caller. Some experts worry that talking on a recorded line may make it easier for a crook to steal your spoken words to create voice-mimickry used in their next vishing calls.
  • Vishing calls are getting better everyday, and you may find yourself on a call that you can’t figure out. If you’re feeling torn, hang up the phone! Call the company back, using a number you can trust, either from a printed invoice in your possession, or from their website.
« Older posts Newer posts »

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑