Security
We post about security topics in our blog, but we feel so strongly about security that we want to put this page right in front where you can easily find it. Even if you don’t become our customer, please read the whole page because everyone should know this.
Computers and the internet connect people from one side of the planet to the other. This is a wonderful thing, but comes with unprecedented dangers. How do you protect yourself?
We have good news. For the most part, you are safe. Computer companies work hard to make your computer and phone protected from criminals. Unfortunately, the number one threat to your digital life is you.
The Number One Threat
Most people will feel an uneasy feeling when they are about to be scammed. Some people don’t listen to these feelings. Don’t be one of them. That’s lesson one.
Now for lesson two. Unfortunately, criminals can manipulate emotions so the uneasy feeling is buried by other feelings. Uneasy feelings are eclipsed by fear and greed. Fear and greed turn off the rational part of the human brain. Criminals use these strong emotions to turn off your rational thinking. It’s surprisingly easy. It’s called social engineering. It’s not a technology threat. It’s a human threat. Have you seen messages like the ones below?
Dear Customer, Thanks you for purchasing NORTON 360 Deluxe through Amazon. This is an Invoice for your recent purchase. Your card linked with your PayPal account has been auto-debited for $549.99 and your annual subscription has been auto renewed successfully.
That’s fear.
CONGRATULATIONS! You are the lucky online winner of a brand new Sweepstakes AirPods entry!
That is greed.
These are actual emails we’ve received. They are called “phishing” emails. They are designed to make you quit thinking and act irrationally. If you are human, the bad news is that you are more vulnerable than your computer.
If you don’t believe us, please watch this Jimmy Kimmel Live video. It’s really funny. Again, this is called social engineering. And in this case, it’s achieved by having a camera and just being nice (and in one case, they apply a little bit of “uncomfortable silence”–these guys are good).
All they had to do was ask for the password. This video is a joke, but criminals do this. Criminals pretend to be “Microsoft support” and ask the victim for their username and password. But first they start by telling you something horrible has happened. You would be surprised how many people believe them.
How to Protect Yourself?
Watch your feelings
If you get in the habit of always listening to that uneasy feeling, then when you can’t hear it anymore, you’ll hear alarms instead. Getting in the habit of listening to this feeling is a lifelong journey for those who try to do it. I’m not going to recommend yoga or meditation, but these are ways to get in touch with these very subtle, quiet feelings. Obviously, it means you have to do things like try to not have a temper. I’ll just leave this up to you. Because even if you start this journey, you can still be socially engineered. So the next section is what I recommend.
If They Contacted You Assume They Are Lying
There honestly isn’t much else to say. Just quit believing people. Our society is based on trust. Nothing works if we don’t trust each other. But here is a good rule. If people contact you don’t trust them at all. Almost all of my phone calls aren’t even people, they’re AI or some other recording. If you get a phone call that you think is legitimate, unless you are 100% positive, insist on looking up their phone number and call them back.
If you are too nice of a person to be rude, find someone who will do it for you.
Just do not believe people who contacts you first. Or, if someone you know contacts you but they’re using an unusual way to contact you, like someone else’s phone, or using social media that they’ve never used before, assume it’s fake. Remember, staring in 2023, anyone can fake any voice. Criminals can sound like anyone they want.
You Got Robbed. Now What?
First of all, don’t blame yourself. If you are human, you are vulnerable. Be glad you’re not a robot. I’m not sure if robot life is good or not, but I kind of like being human. If you’re the type of person who can’t show vulnerability, well, find some way to safely vent the feeling because it happened.
Second, be calm. We aren’t psychologists, but the school of life has taught us that when someone takes advantage of us, any emotional instability you have will bury us like a bursting dam. It takes serious effort to get past this and be calm. The thing is, until you can clam down and start thinking clearly, you can actually make things worse.
Third, once you are thinking calmly, follow these steps.
Find a safe computer or phone. Change your passwords. Important! Write down the new passwords on paper or you may forget the new passwords. In fact, this is usually when people forget their passwords!
Just like if you lose your wallet or purse, if you gave the criminals access to bank or other financial accounts, call all affected financial institutions and tell them what happened. This includes checking accounts, savings accounts, credit cards, debit cards, gift cards, money orders, money/wire transfers, and even cash mailed using the U.S. Postal Service. The faster you act, the higher your chances of recovering the money.
Just remember, you must be able to think rationally or you could make more mistakes. One form of scam is when criminals pretend to be the police, IRS, or a financial institution. Don’t believe people who contact you!
If there are damages like financial or property loss, file a police report. This is especially true if you have insurance that covers theft. If you feel embarrassed or hurt, you may be hesitant to file a report. But a report is important if you want to recover.
Unfortunately, it is unlikely that the police will do anything about it, they don’t have the resources. But the police don’t ignore the reports. The information is used to prioritize prevention efforts. And again, a police report may be required by a financial institution in order to get restitution.
There is more you should do. Please read these articules by Consumer Reports and the FTC for more information.
NOTE: Did you know that you can get your money back from fraudulent debit card transactions? Many believe this protection only comes from credit cards, but it’s not true. The difference is that debit cards take longer to get restitution than credit cards. If you lost cryptocurrency, you are probably out of luck. It wont hurt to try to recover the funds though.
What About Viruses?
The majority of computer crime that affects individuals is social engineering. Individuals usually don’t have enough money to steal to make it worth a criminal’s time to target them individually, so they send “phishing” emails, SMS texts, and robocalls to thousands of people and wait for a future victim to take the bait. That doesn’t mean that other computer attacks don’t happen, they’re just rare by comparison.
The second most common type of computer attack is a different class of phishing attacks. And again, it’s accomplished with social engineering. Criminals send emails, SMS texts, or phone calls and ask the victim to install something and sometimes they ask the victims to give them remote control over their computer. They may install software on your computer.
Hey! That’s one of the things we do here (install remote control software and control your computer)! Are we scammers? If I were strictly a business person, I wouldn’t bring this up to you. But, I’m actually intersted in you being skeptical, and that means pointing out the similarities to what we do here at Macintosh Consulting, and what criminals do.
What’s the obvious different between us and scammers (besides the actual scam)? We wont use emotion to try to motivate you to do anything. And we will do everything we can to inform and teach you what we are doing and what it means. We believe you should be skeptical of us too. Please don’t tell us your passwords. You would be surprised how many times people have tried to tell us their password.
Ironically, when I started writing this, I had no idea it would lead here. But here we are. Contact us and get to know us. Although we prefer to keep our real names off of this webpage, we’re more than happy to let you know who we are.
No Really, I Have Malware
If you suspect you have installed something that might be malicious, or you suspect your computer might be “hacked”, keep reading.
First, check to see if you have any browser extensions enabled. These are really easy to install and there’s a good chance you can install one without even realizing it. Here is a good Wired article that explains how to check your browser extensions. If you are a Mac user, as we suspect you may be, check out how to find your Safari extensions in this Mac Observer article.
Second, to be honest, most times people have thought they were “hacked”, they were really the “victim” of buggy software. Things start acting strangely, and in some cases, people think that a criminal is on their computer. Never attribute to malice that which is adequately explained by stupidity (or in this case, software bugs).
Lastly, if you still think you’ve been hacked, it’s possible! Macintosh Malware lives! Contact us and we can help you sort it out. This includes prevention, detection, and removal. And for the record, we highly recommend some free tools, because it turns out that the free tools are actually really good (the software writer would love donations though).