There are few things more annoying and destructive than robocalls.

In today’s connected world, we research, bank and shop online.

It is important to be able to recognize encrypted websites that protect your communication and information. Watch this instructional YouTube video to learn more about how to recognize which sites are safe and those that are not. Click the arrow below to see the video.

If someone hacked into your Facebook, email or online banking account,  would you know it?

When Two Factor Authentication (2FA) is enabled it adds a second barrier for hackers who might be trying to access your accounts. This means that even if someone discovers your password, they can’t get into your account unless they have physical possession of your cell phone. This is the two-factor part: something you know (your password) and something you have in your possession (your cell phone). 

It is vitally important to choose strong passwords. Adding 2FA provides more peace of mind because it uses two factors to complete a password change. 2FA works by sending you a text message confirming that you have indeed requested to change your password.

Here is an example: Each morning you check Gmail, Facebook and your bank account balance on your computer before you leave home to meet up with friends, volunteer and then pick up some groceries to return home for dinner. While you are out, you get a text message on your cell phone from Google providing a code necessary to complete a change to your account.

Since you have not requested to change your password on your Google/Gmail account, this text message is an alert that someone is attempting to change your Google password and that someone isn’t you. Disregard the code in this message and change your Google password as soon as you are able to.

Once you are back at home and ready to change the Google password, you will need your cell phone with you. Change the password as you normally would. Once you set up 2FA, your device will receive a new unique code that is generated when you really did change your password.

2FA is essential to protect your email account. If someone gains access to your email, it can be used to reset other passwords and access your other accounts.

2FA is just one helpful strategy to keep you a step ahead of cybercriminals. Check out the Oasis Connections YouTube Channel to learn how to set up 2FA, avoid phishing, use secure https sites and create strong passwords.

Last week, the so-called WannaCry ransomware virus began infecting computers. It quickly spread to 150 countries, infected over 230,000 computers and disrupted critical networks like hospitals and transportation systems.  WannaCry may be the biggest, and most expensive, worldwide ransomware attack to date.

WannaCry is just one variation of ransomware. There was an increase of 752% in the number of ransomware types, or families, in 2016. Millions of users, big institutions and individuals, have been and will be, victims.

You are at risk, but far from helpless to defend yourself against becoming a victim. Read on to learn what to look for, and what steps you can take to make yourself a very hard target.

What is ransomware?

Ransomware is a type of malware (malicious software) that, once on your computer, encrypts your data and makes your computer useless. If your computer becomes infected, you will have to pay the hacker a “ransom” to unlock your data—or lose your data forever.

How does ransomware get onto a computer?

The most common way ransomware is introduced to a computer (the “top infection vector” in techie terms) is via spam email. A victim opens a seemingly innocent email that contains a link that, when clicked, activates a virus (malicious software.) The virus self-installs on the new host computer and takes over, encrypting data, files, pictures—everything. The infected computer is rendered useless.

Not all viruses require user interaction, however. It appears that WannaCry may have exploited a vulnerability in Windows—for users who failed to install updates or were running old Windows versions, like Windows XP. This is an important message: always update your system, apps, and anti-virus software to block new and emerging threats!

A computer infected with ransomware will display a message with instructions on how to pay the ransom. The ransom is usually demanded in Bitcoin, an untraceable Internet currency.

The process to create a Bitcoin account is a complicated and time-consuming process. There are so many ransomware infections that some hackers actually have links to tutorials and staff live chat rooms to help their victims comply with payment demands.

How do cybercriminals trick victims into installing a virus?

Hackers use social engineering to urge victims into taking an action, like clicking a link or visiting a website. Social engineering is the use of psychological techniques to instill a sense of urgency, appear as a normal request or mimic an important or urgent official notice.

Hackers pose as acquaintances and coworkers. They send emails, even text messages, that appear to be from banks, businesses and even the government. Hackers use urgency and fear to get victims to take actions they might otherwise not.

Phishing for information using fraudulent text messages is called SMiShing. SMiShing is a growing threat.

Who spreads ransomware?

Hackers seeking to profit from ransomware range from teens in Malaysia to corrupt nation-states like North Korea. Hacking kits are sold on the Internet, enabling anyone, even without coding knowledge, to set up a ransomware site.

Once released and “in the wild”, ransomware is often spread by people who unknowingly forward infected email. We trust email we get from friends, coworkers and family, making this an effective way to spread malware. Some email viruses are just cute pictures that we share with others, completely unaware that the pictures, or sales coupons or a million other variations, are actually links to viruses, infected websites and malware.

Am I powerless to protect myself?

Absolutely not. You have the power to protect yourself from almost all attacks.

Hackers rely on several layers of vulnerability. Some attacks scan the Internet looking for computers with unpatched vulnerabilities and out-of-date software. The vast majority of attacks, however, require user interaction. Hackers need you to click on a link or open an attachment to begin the process of infection. Here are the most important steps you can, and should, take to avoid viruses:

• Update your devices with the latest software and patches. All devices, from computers to smartphones, need to have the latest security patches installed to be safe.
• Email can be “spoofed” to hide the actual sender and appear as someone else. Carefully check the sender’s email. You may need to hover over the sender’s address and wait for the popup box with the actual address. (Some email readers won’t display the actual sender).
• Don’t click on links or open attachments to email you aren’t expecting or if you don’t know the sender.
• Never run programs or executable files (files with a “.exe” suffix) from sources you do not know are legitimate.
• Verify email requests for information, even from sources that seem legitimate.
• Install a powerful anti-virus program, like Norton Anti-virus. You can buy multiple licenses on Amazon for your entire household.
• Update old unsupported operating systems like Windows XP.
• Be suspicious of all urgent messages that require you to take some immediate action. Hackers pose as banks, the IRS, the postal service, the FBI…

Backup your data

Backup your files and pictures up to a separate computer, the cloud or a dedicated backup device. If you are hacked, you can start over with a clean installation of Windows (or whatever operating system) without losing anything of value—besides time and aggravation. You can back up unlimited photos to Google. Microsoft’s OneDrive, Google Docs, Dropbox, and a host of other services offer a limited amount of free storage and options to purchase more. Here’s a bonus: most of these integrate so well with your computer (as well as smartphones and tablets) that the backup is completely automatic and invisible to you.

Cybercrime, including exploits of ransomware viruses, will continue to grow. But you can truly minimize your chances of becoming a victim by being aware, updating your computer and apps, and running an effective anti-virus program.

Save

It all starts with an email, often from someone you know

The phishing attack starts with an email, often someone you know who has been hacked. The attacker is using the victim’s contact list to find more people to prey upon. Once you click on an included link or image, instead of a preview of the image, your browser opens with a Google sign in page. It looks like a real Google sign in page, only it isn’t.

This is what the URL box looks like. It has official looking text, and the “google.com” portion. But it isn’t a web address, it is malicious code that submits your email and password to the hackers behind the scam.

It may be time to download the information on your Yahoo account and delete the account once and for all. Yahoo has made it clear that they either won’t or can’t protect your personal information.

In 2014, Yahoo dutifully announced that 500 million accounts had been hacked. Sounds bad, right? Well, it turns out that wasn’t the biggest hack to date, as many were led to believe. Just a year before, in 2013, one billion Yahoo accounts were hacked, twice the size of the more recent security breach. That means one billion accounts whose emails, passwords, birthdates, and other personal information were compromised. It’s just one more hack in a long list.

Well, as the adage goes: Fool me once, shame on you, but fool me twice…you get the idea. Even tech giant Verizon, who recently pledged to buy Yahoo for 4.85 billion dollars, is having second thoughts about the commitment. According to Fortune Magazine, Verizon wants Yahoo’s assets reassessed after the recent reveal, demanding that they pay less for the liability. Unfortunately, it’s not good enough to just wag our fingers and hope that Yahoo has finally learned its lesson. It’s time to take matters into our own hands and protect what they can’t. The following sets of steps will guide you in backing up your Yahoo data, deleting your Yahoo account, and protecting it against future hacks in the event you just can’t part with it.

Backup Email

Let’s start with backing up your data. Obviously, if you’ve been a long-time Yahoo user, you don’t want to kiss years of emails and photos goodbye. Thankfully, you don’t have to. Backup your email data by downloading it to your PC using the following steps:

Set up an email client

This is a locally installed program that allows you to access email from another source, downloading the mail to your computer and viewing offline. Mail clients include Outlook, Windows Live Mail, OX X Mail, and Thunderbird.

Configure Email client

Use the following settings for sending and receiving mail from Yahoo. If you are launching the email client for the first time, it will prompt you for this information. Otherwise, look in settings.

Settings for receiving mail (POP):

• Server: pop.mail.yahoo.com
• Port: 995
• Requires SSL: Yes

Settings for sending mail (SMTP):

• Server: smtp.mail.yahoo.com
• Port: 465 or 587
• Requires SSL: Yes
• Requires TSL: Yes
• Requires authentication: Yes

Login:

• Username: your yahoo email address
• Password: your yahoo account password
• Requires authentication: Yes

Backup Contacts

Let’s not forget that your account also has contacts, photos and more that need saving. Complete the following steps to export your contacts to an email client (like those listed above):

1. Go to Yahoo Mail.
2. Click the Contacts icon.
3. Click Actions.
4. Select Export.
5. Choose how you want to export the data (based on the email client you are using).
6. Click Export Now.

Backup Calendar

Don’t miss out on any important dates by deleting your Yahoo account before you’ve had a chance to protect your calendar data. The following steps will allow you to download your calendar data in the form of an ICS file with the following steps:

1. Go to Yahoo Mail.
2. Click on the Calendar icon.
3. Hover your mouse over the calendar you want to export. This will reveal the More Options icon.
4. Click Export.
5. Save the file to your computer.

ICS is a widely-used file type for calendars. It can be opened with most calendar programs, including iCal, Outlook, and Google Calendar.

Backup Photos

Yahoo bought Flickr back in 2005, thus linking your Yahoo and Flickr accounts. That means the later has been subject to the same hacks. It also means that if you delete your Yahoo account, your Flickr account goes too. Backup your Flickr photos with the following steps:

1. Click Camera Roll.
2. Click Select All.
3. Click Download among the actions that appear.
4. Click Download zip.

Delete Account

Finally, you’ve saved everything important and it’s time to delete your Yahoo account. Complete the following steps to be rid of this massive security threat:

1. Go to Terminating Your Account. This can be accessed under Help > Create or Delete Account > Close your Yahoo account.
2. Read the information presented. It contains important information about account termination.
3. Confirm your password and complete the captcha.
4. Click Terminate this Account.

If there is a child account attached to your family account, Yahoo suggests deleting that first. Note that your account will stick around for about 90 days before all the information is deleted.

Protect Your Account

If deleting your Yahoo account just feels too permanent, or you’re waiting around for three months for the deletion to go through, consider taking the following steps to protect your account from future hacks.

• Change your password. Change it to something strong. Make it at least eight characters long, and combine upper and lower letters and numbers. Yahoo passwords do not allow special characters so it is especially important to not use words found in the dictionary.
• Turn on two-step verification. With this on, you’ll need more than just your password to get through. You’ll receive a security code via a phone call or text message to your mobile phone. Yahoo will remember the device you used to access the site using this method and will ask only once per device.
• Consider yahoo account key. This is probably the most secure method, but may be too time consuming for your taste. Instead of using a password at all, you can receive a message on your smartphone asking for verification before getting logged in.
• Disable or change your security questions. Whichever you do, don’t leave them the same. Hackers have security question and answer information for hundreds of thousands of accounts. Don’t let them keep yours.

Congratulations. Your beloved emails and photos are safe, and your private information is more secure. The next time Yahoo gets hacked, you won’t be on the long list of victims.

When it comes to passwords, we are often our own worst enemy. It shouldn’t be a surprise. Remembering a different cryptic password for every site is difficult and confusing. Using a password manager can help, but too many times we opt for the easy to remember, and easy to hack, password. In effect, we are making it easier for criminals to access or hijack our information. Microsoft is trying a new approach to help alleviate this problem, by banning many passwords that are frequently used and easily hacked.

The massive data loss at LinkedIn is a case in point. Over 100 million email and decrypted password combinations have been offered up for sale on the Internet. The most-used password was “123456”. Other top offenders included “linkedin”, “password”, and “querty”. So if we as users won’t stop using passwords like these, what is to stop hackers from easily gaining access to our accounts?

Microsoft reports over 10 million hacking attempts every single day on their networks. So they have begun banning simple and ineffective passwords that hackers try as a matter of course. Users who try to create accounts using a banned password are told to “choose a password that’s harder for people to guess”.

Microsoft is also monitoring attacks in real time and “dynamically” adding to their banned list when they see hackers trying a particular password on a large scale. They are also monitoring countries and locations known for hacking attempts, and imposing lockouts after a series of failed password guesses. If this approach is effective for Microsoft, it will no doubt be imposed by other online providers as well. Best practice? Just don’t use these kinds of passwords, and don’t use passwords over and over on different accounts. You’ll spend far more time trying to fix the damage and recover your online identity than simply using good passwords from the start.

Strong passwords are essential for online security. If you choose to write them down, keep them in a secure place. Alternatively you can use an online password manager.

Tips for creating strong passwords
1.    Make sure they are least 8 characters long.
2.   Never use personal data in your passwords. Family names, dates of importance, numbers from addresses or phones, even if scrambled, are first lines of attack for hackers.
3.  Do not use phrases that can be found in a dictionary, Wikipedia, songs, or other literature. Much of the content from these sources have already been decrypted and are in downloadable hacker databases.
4.  Mix in capital letters in unexpected places and add special characters like *,&,$.
5.  Use a memorable passphrase to create a password using the first letters of the phrase. For instance, the phrase “My friends Tom and Jasmine send me a funny email once a day” creates a good password “MfT&Jsmafe1ad” by using the first letters and a symbol.
6. Do not reuse passwords

You should have unique passwords for all of your online accounts, especially accounts that access financial or sensitive personal data. Of special importance is your email account, which, if hacked, can be used to reset your other online accounts. Make sure to secure your email account with a strong and unique password.

October is National Cyber Security Awareness Month and a great time to take a look at how we can keep ourselves safe online.

In our work training elders and eldercare professionals to prevent scams, the single biggest request we get is for more information about computer security. Many older adults simply have no idea of the risks, while others say they just won’t go near a computer out of fear that something bad will happen.

Neither option is a good answer. Instead, we want to help all of our seniors take a different approach to computers and the internet– one that acknowledges the risks, does something about them, and opens the amazing online world for their enjoyment. Whether it’s taking a course online to pursue lifelong learning, or just keeping up with the grandkids, older adults deserve the information and guidance they need to feel confident and secure in their online forays.

Recently we were very fortunate to interview on our podcast, The Scammercast, Marc Goodman, FBI futurist and author of the important book, Future Crimes: Everything’s Connected, Everyone’s Vulnerable, and What We Can Do About It. He described what’s known as The UPDATE Protocol, in which he uses each letter in the word “update” to guide your actions to keep yourself safe from 85% of the known cyber-threats. Here’s a brief summary:

• Update frequently: Automatically update your operating system, computer programs, and apps.
• Passwords: Use long passwords with a mix of characters and change them frequently.
• Download: Download programs only from official sites and watch out for dubious apps that ask for questionable permissions.
• Administrator: Create a separate standard user account for day-to-day tasks and surfing (especially on social media) and only use the administrator account for things like updates.
• Turn off: Turning off your computer when you aren’t using it will automatically reduce your risk by a third because crooks can’t touch your machine when it’s not turned on and connected to the Internet.
• Encrypt: Both Apple and PC computers have free programs for encrypting your computer’s hard drive, which means that someone else can’t read your stuff if your computer is lost or stolen.

If you’re not sure about how to take these steps, be sure to find a reputable tech person to provide assistance. Oasis Connections offers some fantastic training programs to help seniors navigate the online world.   Other suggestions include Apple or Microsoft Stores, office retailers such as Office Max or Staples, and computer specialty stores such as Micro Center.

You can learn many more steps to take to increase cyber security by listening to our podcast featuring Marc Goodman. Please subscribe to the podcast, as we have many more episodes in the pipeline dealing with cyber security and identity theft. We’re also proud to be a partner with the National Cyber Security Alliance and their Stop.Think.Connect program for online safety.

Be sure to like our page on Facebook and leave us a comment or question.

Curtis Bailey has practiced law in the metropolitan St. Louis area since 1991. He helps individuals and families preserve their wealth by designing comprehensive estate plans so they can live prosperously knowing that the legacy they leave will benefit and enhance the lives of their loved ones. He is co-director of Senior Scam Action Associates and is devoted to educating seniors, their caregivers and professionals that work with seniors about how to protect themselves from scams and fraud. He is co-host of the Scammercast podcast .

Art Maines, LCSW, has been in active clinical practice for 15 years. He is the author of Scammed: 3 Steps to Help Your Elder Parents and Yourself and also speaks and provides training on elderly fraud prevention and recovery at the state, national, and international levels. Art is co-director of Senior Scam Action Associates, co-host of the popular podcast Scammercast and has made numerous media appearances on television, radio, and podcasts.