Momo challenge: The anatomy of a hoax

Momo image

Following a flurry of newspaper scare stories, some schools have warned parents about the “momo challenge” – but fact-checkers say it is a hoax.

The character, shown with bulging eyes, supposedly appears on WhatsApp and sets children dangerous “challenges” such as harming themselves.

But charities say there have been no reports of anybody receiving messages or harming themselves as a result.

They warn that media coverage has amplified a false scare story.

“News coverage of the momo challenge is prompting schools or the police to warn about the supposed risks posed by the momo challenge, which has in turn produced more news stories warning about the challenge,” said the Guardian media editor Jim Waterson.

What is ‘momo’?

Earlier this week, versions of the momo story went viral on social media. They attracted hundreds of thousands of shares and resulted in newspaper articles reporting the tale.

According to the false story, children are contacted on WhatsApp by an account claiming to be momo. They are supposedly encouraged to save the character as a contact and then asked to carry out challenges as well as being told not to tell other members of their family.

The UK Safer Internet Centre told the Guardian that it was “fake news”.

Several newspaper articles claim the momo challenge had been “linked” to the deaths of 130 teenagers in Russia. The reports have not been corroborated by the relevant authorities.

The image of momo is actually a photo of a sculpture by Japanese special-effects company Link Factory. According to pop-culture website Know Your Meme, it first gained attention in 2016.

‘Urban legend’

Fact-checking website Snopes warned that although the momo challenge was a hoax, the reports and warnings could still cause distress to children.

“The subject has generated rumours that in themselves can be cause for concern among children,” wrote David Mikkelson on the site.

Police in the UK have not reported any instances of children harming themselves due to the momo meme.

The charity Samaritans said it was “not aware of any verified evidence in this country or beyond” linking the momo meme to self-harm.

The NSPCC told the Guardian it had received more calls from newspapers than from concerned parents.

What should parents do?

Police have suggested that rather than focusing on the specific momo meme, parents could use the opportunity to educate children about internet safety, as well as having an open conversation about what children are accessing.

“This is merely a current, attention-grabbing example of the minefield that is online communication for kids,” wrote the Police Service of Northern Ireland, in a Facebook post.

Broadcaster Andy Robertson, who creates videos online as Geek Dad, said in a podcast that parents should not “share warnings that perpetuate and mythologise the story”.

“A better focus is good positive advice for children, setting up technology appropriately and taking an interest in their online interactions,” he said.

To avoid causing unnecessary alarm, parents should also be careful about sharing news articles with other adults that perpetuate the myth.

Is the Momo Challenge real, or an online hoax? Fact Check

BY CRAIG CHARLES ON FEBRUARY 25, 2019
https://www.thatsnonsense.com

A number of messages and warnings across the Internet describe an apparent phenomenon called the “Momo Challenge”. Many such warnings claim it is a game where children are tricked into performing increasingly violent acts including self-harm, sometimes even culminating in suicide.

Many such warnings claim the “game” is spreading on social media apps including Facebook and WhatsApp. The game is usually illustrated by a wide eyed, dark haired woman with creepy facial features.

An example is below.

FUMING IS NOT THE WORD, PASS THIS ON
So apparently there is a new thing called “the Momo challange” where this head thing is telling kids on YouTube to do dangerous stupid stuff. It starts with it coming out of an egg then develops in to hide and seek then moves on to more “fun stuff like” , turn the oven on, take pills, how to stab someone etc 😡
Your children will tell you this isn’t true as it threatens them not to say anything orels bad thing’s will happen to family members.
Apparently its leaked on to kids YouTube and comes on half way through a video to avoid being caught by adults and scares your kids in to saying nothing but doing dangerous stuff.
This has to be one of the most horrendous things iv ever seen. The face of it is a joke but the concept is horrendous.
Would hate for this to happen to any of my friend’s and family.
Until YouTube can 100% guarantee this is not a thing, there will be no more YouTube in this house.

Naturally the question many are asking – especially concerned parents – is whether the Momo Challenge is real, and should parents be alarmed?

The reality is that the Momo Challenge could be considered a number of different things, and whether it is real or something to be worried about largely depends on what you consider it to actually be in the first place.

“Momo” herself (or itself) isn’t real. It’s Internet folklore, rising up from the same murky corners of the Internet as other contemporary and passing crazes such as “Slenderman” and the very similar “Blue Whale”. The grotesque figure illustrating Momo is a sculpture, created by a Japanese special effects outfit called Link Factory. The figure is called “Mother Bird”, not “Momo”, and it’s got nothing to do with any sort of online challenge.

Additionally, there is no evidence that “Momo” can magically “hack” your phone, force her image to appear on your device or do any other sort of digital trickery, as claimed by many reports. There are no reports of “Momo” (or anyone purporting to be “Momo”) creeping into people’s rooms, or committing acts of murder for those that do not obey the “challenge”.

And there is no specific “challenge” either. There is no universal set list of tasks that those who engage in the “challenge” are told to do.

In this sense at least, Momo isn’t real. It isn’t a person, a monster, or any kind of individual hell bent on luring children or teenagers into committing acts of violence. There is no “Momo”, other than what we – and the Internet – make Momo out to be.

Taking a more pragmatic approach, while Momo isn’t real in the above sense, the Momo Challenge is a real phenomenon, perhaps most accurately described as somewhere between a viral prank, a media-fuelled alarmist craze and a potential form of cyber-bullying that should indeed be a genuine concern for parents.

It’s 90% Prank

If you come across Momo’s image, or references to her, on the Internet, it’s likely to be the prank side you’re seeing. Reports are commonplace that Momo has been “spotted” in Facebook groups, YouTube videos, in user-generated games such as Minecraft and Roblox as well as other corners of cyberspace.

But it’s unlikely that some obscure, ethereal being has infiltrated that part of the Internet looking for its next would-be victims. What you’re seeing is what the Internet does best. The proliferation of a prank. Keeping a craze alive. Scaring children, and needlessly alarming parents. For example, one thing we persistently notice after debunking viral “hacker” warnings on social media is that in the direct aftermath of the viral hoax, we see a surge of new social media accounts appear using the same name as the alleged hacker. The new accounts are not hackers, of course. Rather just pranksters cashing in on the popularity of the hoax.

Media fuelled craze

When it comes to clickbait, headlines don’t get better when discussing panic-inducing Internet challenges that have been ambiguously “linked” to teenage suicides. It’s the sort of headline that attracts clicks like a flame attracts moths. Which is why you’ll find no shortage of media outlets breathlessly warning parents to keep their children safe from Momo.

But in 2018, an Indian fact-check website investigated several cases of suicides in India and Argentina where local media had claimed the Momo Challenge was involved. In every case, police had either denied that the Momo Challenge played any part in the deaths and the link was erroneous, or that other more overriding factors (low school grades, depression, sexual abuse) had played a more significant role.

A form of cyber-bullying

While media are often quick to report on vague “links” between suicides and Internet crazes, phenomena like the Momo Challenge can serve a real purpose in that they can demonstrate the inherent dangers of allowing children and young teens to use the Internet unsupervised.

Whether it’s the dangers of being exposed to mature content, the dangers associated with connecting with strangers or the danger of cyber-bullying, the Momo Challenge serves as a timely reminder that the Internet can be a dangerous place for both young and vulnerable minds.

Protecting your children as they use the Internet is paramount. This includes supervising what they see, blocking or preventing access to platforms that contain adult content, educating children on popular Internet threats, teaching them not to give away their personal information and perhaps most importantly encouraging an open dialogue where parents and children can be honest about what they encounter when using the Internet.

It is this approach that will best protect kids when using the Internet, and that encompasses passing crazes like Momo, and whatever her successor will be.

An opportunity for scammers?

Scammers and cyber-crooks will always looking for ways to exploit viral trends, and the Momo Challenge isn’t likely to be any different. Crooks may use search trends (people looking for information concerning Momo) to lure visitors to booby trapped websites, or may use the guise of Momo to trick victims into handing over sensitive information that may result in someone falling for a cyber scam such as identity theft.

Sextortion Scammers Using Email Address Spoofing to Fool Victims


written by Brett M. Christensen February 1, 2019
www.hoax-slayer.net

Fake blackmail sextortion scams are increasingly common. Typically, sextortion scammers send out thousands or even millions of identical emails claiming that they have captured video of the recipient visiting a porn site. The scammers threaten to send the compromising video to all of the recipient’s contacts if they do not receive a “keep quiet” payment via Bitcoin. But, the scammers have not created a compromising video. Nor have they hijacked the recipient’s contact list. The whole thing is a bluff. However, the scammers know that at least a few recipients will be panicked into sending the requested money. To increase their chances of success, the scammers use a variety of dirty tricks to convince potential victims that the claims in their fake blackmail messages are true.

Email Spoofing Trick
One such trick is to make it appear that the email was sent from your OWN account thereby supposedly proving that they have indeed compromised your device as claimed.

Here’s an example from a typical scam email:

Your account has been hacked by me in the summer of this year.I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [email address removed]: [password removed] (on moment of hack).

If you look at the sender address of the email, it will display YOUR email address. So, it may seem that the sender has indeed broken into your account to send the email. But the scammer has simply forged the header of the email so that your email address appears as the sender. This is a technique known as “spoofing’ and is not difficult to do. In other words, the email did not come from your account at all. It just looks that way because of the forged email headers.

Other Dirty Tricks
As I discuss in more detail in another report, the scammers often include user passwords in their scam emails as a way of making their false claim seem more plausible. And, in another variation, the scammers include the recipient’s phone number along with the password. The scammers are extracting passwords and phone numbers from old data breaches and automatically matching them to the corresponding email address. They can then distribute vast numbers of emails that are identical except for the password and phone number that matches each email.

Don’t Respond — Just Hit “Delete”
If you receive one of these scam emails, don’t be fooled. By including real passwords and real phone numbers, and making it appear that the recipient’s account sent the message, the scammers significantly increase the likelihood that their claims will be taken seriously. More people will fall for the ruse and send their money to the criminals. But, despite these clever tricks, the emails are still just empty bluffs. To reiterate, the sender has not hacked your computer and has not created a compromising video of you.

Don’t respond. Just hit the “delete” key.

New Phishing Email – Don’t get caught

There is a new phishing email doing the rounds claiming your incoming emails are on hold and to click one of the actions listed in the email. ( see below )

There are a number of clues to prove its spam.

Firstly the from address on service@vienna.taskwunder.com – not any Office 365 admin email address I’ve ever heard of! 🙂

Secondly – hover (don’t click) the links – they link to www.nlsandton.me – again not any email provider anyone’s ever heard of.

If you get this mail – simply delete it! 🙂

Why you need a professional email address for a business

Imagine you’re looking for a plumber online. You want to find a reputable professional who you can rely on and, after scrolling through numerous websites you finally decide on the one you want to contact. It all looks perfect until you read “Email me at joesplumbing@hotmail.com

Or what if you meet somebody at a business networking meeting. You are looking to hire a PR professional, for example, and the person you are talking to ticks all the right boxes.

Then, he hands you his business card and tells you to get in touch at cassanovajohn1987@yahoo.com.

Next time you’re on the road, keep an eye out for unprofessional email addresses. You’re sure to find one!

Unprofessional email addresses ruin the credibility of a business. You wouldn’t wear a Hawaiian shirt for a meeting with your bank manager or tell the Board of Directors the suggestive nickname you earned in Ibiza.

So, with professionalism in mind, don’t let your brand make a terrible impression with an inappropriate email address.

A custom email address helps your business to be taken seriously. If you create a professional email address, you can use the same name to create a website or simply a Facebook presence.

This will have five key benefits:

Branding

The email address joe.johnson@jjplumbing.co.uk incorporates the business’s brand name; people who see your contact details can even make an educated guess about the URL of your website.

Giving out your email address becomes an indirect way of promoting a company’s web address, whereas using joesplumbers@gmail.com gives potential customers no indication of where they can find you online.

Authenticity

A professional email address creates an air of authenticity. Using plumbingspecialist147@yahoo.co.uk, on the other hand, simply does not convey trustworthiness.

Consumers look for indications that an online business is legitimate before handing over their cash or sharing a web link with their friends so, if you have a well-presented website or Facebook presence with authoritative information and an appropriate domain name, don’t let yourself down with a questionable free email address on your contact page.

Simplicity

So many people use free email services that finding a username can be difficult. This means that people often have to add a string of numbers or an extra word to their name or nickname to find an available option.

So, while clothesshop@gmail.com looks unprofessional, clothesshop1989@gmail.com is even worse!

The lack of new username options means that getting an email address with one of the popular, free email platforms now requires creative thinking and compromises.

In contrast, emails set up with your own domain can be simple and streamlined. Some options include:

  • [firstname]@domain.co.uk
  • [firstname.surname]@domain.co.uk
  • sales@domain.co.uk, support@domain.co.uk, admin@domain.co.uk etc.

Scalability

If you founded your business as a solopreneur and have grown to house a staff of ten, using custom email addresses based on your domain name is the only realistic way to manage this growth.

When you already have saira@greatdogfood.co.uk and yasmin@greatdogfood.co.uk, creating new professional email addresses when Mark and Alex join the company is no big deal.

If you use free email addresses, however, new staff or departments will cause a headache.

Creating a series of addresses like greatdogfood-saira@hotmail.com and greatdogfood-alex@yahoo.com is unwieldy and looks, frankly, ridiculous.

Ownership

If your free email address is suspended, there is very little you can do about it because the email account never truly belonged to you. Could you cope if Gmail or Hotmail cancelled your account and lost all your messages?

If, for whatever reason, your free email account is cancelled, your customers will not be able to get in touch with you and your business cards and other promotional materials will be instantly obsolete.

Avoid this catastrophe by using email addresses owned by your business and take full control of your communications.

Conclusion

Email accounts can then be easily managed on the web, using software like Thunderbird and Outlook, or on gadgets like iPhones, Android devices and Tablets.

Speak to PR PC Support & Cloud Services for the complete package :
– Custom, Personalised domain name
– Facebook Page
– Professional business email accounts

Email addresses are not something any brand should compromise on. Create a great impression and make your contact details memorable and appropriate, not embarrassing and unprofessional.

PR PC Support & Cloud Services packages

Package 1
– Domain Name (3 Years), Facebook Page, Email setup £120 one off fee
– Office 365 Business Essentials Mailboxes ( £5 per month per user)

Package 2
– Domain Name (3 Years), Facebook Page, Email setup £120 one off fee
– Office 365 Business Premium Mailboxes ( £11 per month per user)

Optional website landing page – with logo & contact details – £50

New Email Extortion Scam Bomb Threat Demands Bitcoin

 Stu Sjouwerman (https://blog.knowbe4.com/)

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

The email was reported to KnowBe4 via a number of sources, including the (free) Phish Alert Button. It appears that the Bitcoin address was different in each message, indicating a higher level of automation than normal. This is essentially a variant of the recent sextortion strains that are doing the rounds. Here is a screenshot

This campaign was carried out by the same group of spammers responsible for the recent wave of sextortion scams, two cyber-security firms said on Friday. “Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign,” said Jaeson Schultz of Cisco Talos.

This campaign is likely to be very disruptive, some organizations receiving will have no choice but to treat this as a credible threat and go into lockdown like banks and school districts. This is a developing story, more will undoubtedly follow.  Here is the text of one version of the extortion email:

My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.

My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.

I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.

Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv

You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.

This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.

I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.

If the explosive device explodes and the authorities notice this letter: We are not terrorists and dont assume any responsibility for explosions in other buildings.

I suggest you send the following to your employees. You’re welcome to copy, paste, and/or edit:

The bad guys are getting very threatening with extortion scams. They now send you an email that looks like a bomb threat and they claim there is an explosive device in the building which will detonate unless you pay bitcoin. This threat is being sent to literally millions of people, so the likelihood that it real is very small. However, we cannot take any risks and please treat this threat as follow our organization’s security policy, and do not answer or forward this email. Think Before You Click!  [OPTIONAL]  Click on the Phish Alert Button to delete it from your inbox and at the same time alert IT about this scam.

The spammers behind this campaign stopped sending bomb threats on Friday, most likely realizing that this campaign won’t yield any results, especially after the FBI, the police, and the media told everyone to ignore the threats and not pay the ransom demand.

And according to Cisco Talos, no one did. Schultz said that Talos discovered 17 Bitcoin addresses inside the bomb threat extortion emails, but none held any money. “Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed,” Schultz said. “However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers.”

Now It’s Throwing Acid…

But the spammers have not given up. Talos said that as soon as theirbomb threat campaign appeared to hit a dead end, the group switched to anotherone. “The attackers have returned to their empty threats of harming theindividual recipient,” Schultz said. “This time, they threaten tothrow acid on the victim.” A copy of an email carrying this latest threat is available below.

Cloud backup and cloud storage: what is the difference?

The cloud hype has blurred the lines between cloud storage and cloud backup. Many providers like it that way because it gives them a broader appeal in capturing potential customers. But clouding up cloud definitions confuses the market. In reality they are very different solutions for different business challenges.

What is cloud storage?

Cloud storage, like Dropbox, Google Drive, Apple’s iCloud and Microsoft’s SkyDrive, is a great way to easy share files. The main goal of cloud storage is to store files online to be accessible, and to work with, from any device anywhere. You can compare it with a cloud based USB flash drive.

However, there is no guarantee, no monitoring and reporting, no support and if a server goes down in one of their data centers, you may never see those files again. The majority of the services have a web interface for you to upload files. Therefore files can only be encrypted on the server side; making transportation less secure. They do not offer an automated process for uploading or syncing files between your computer and their service. Files have to be put over manually or placed in a shared folder to be synced. And last but not least, only files and folders can be stored, so no application data.

Cloud Storage is a great way to share documents. However, it isn’t the place to back up your business-critical applications and documents.

What is cloud backup?

Cloud backup is a cloud-based application, which provides you with the ability to automatically backup your files, applications, virtual machines or servers and store them safely for disaster recovery purposes. Cloud Backup is an insurance for your data and business continuity.

Cloud backup is typically built around a local client application that runs on a, ideally multiple times daily, automatic schedule in the background. The application collects, compresses, encrypts and transfers data to the service provider’s servers. To reduce the amount of bandwidth consumed and the time it takes to transfer files, the service provider provides incremental backups after the initial full backup.

The primary data resides in the original location where secondary stored data is safely stored to the cloud, to be used for data recovery. The cloud backup solution stores all data with a custom retention policy, so you can fix corrupted files by restoring earlier versions of a file. Professional cloud backup solutions comprise special plugins to back up data from third party applications (e.g. MS Outlook, Exchange, SQL). Clear reporting on the success of the backups, makes it easy to verify if all files are safe.

Speak to me if you are interested in setting up Cloud backup on your PC , Server or Mac

Lloyds Bank fake email “FW: Incoming BACs Documents”

Just received the email below – proporting to be from Lloyds Bank – looks genuine enough but clearly it is just another phishing email looking to grab some details off you or drop some malware or Virus on your PC. If you receive this email – delete it. Do not click on the PDF link in the email

If you have already done so – contact me and I can clean your PC for you. If you don’t have a decent anti-virus – I can help you there too as I resell BitDefender GravityZone – one of the best on the market.

Ransomware: What Is It And How Can You Prevent It?

Bill Hess at PixelPrivacy wrote this great article and made me aware so I was able to share it with you. The original article is here https://pixelprivacy.com/resources/ransomware/ check out Bills other articles – there is so really informative stuff there

Ransomware: What Is It And How Can You Prevent It?

Ransomware

Ransomware has been around for a while now and grows more prevalent with each passing year. Cases of ransomware were first seen in Russia in 2005.

2006 report from Trend Micro told of an early ransomware strain that affected Windows computers, which would search a hard drive for certain files, zipping them into a password-protected file, deleting the original files. Also created on the drive was a “ransom note” text file, telling how to make a payment to get the files restored.

In 2011, Trend Micro reported about an SMS ransomware strain that repeatedly displayed a ransomware page to users until they paid the ransom by dialing a premium SMS number.

By early 2012, ransomware began to spread outside of Russia, as the bad guys began to realize what a profitable business model it could be if performed properly. The rise of cryptocurrency in recent years has also contributed to the rise of ransomware, due to the ability to receive the demanded ransom via Bitcoin and other anonymous forms of payment.

Late 2013 saw the rise of “crypto-ransomware” that encrypted a user’s files, ensuring the need to pay a ransom even if the ransomware itself was removed from the computer. This type of ransomware demands a ransom be paid, upon which the user would receive a private key to decrypt their files.

Of course, payment of the ransom didn’t always result in the bad guys holding up their end of the deal. (Um, they’re “bad guys,” DUH!) However, most ransom payments have proven to result in the needed key to unlock files, as the scheme depends on victims believing that payment of the demanded sum will result in the freeing of their data.

In this article, we’ll take a look at how ransomware can hold your computing device and its files hostage, how you can prevent ransomware from attacking your computer, and what you can do if you find that your data is being held hostage.

What is Ransomware?

Ransomware is malicious software that encrypts or otherwise blocks access to the data stored on a user’s computer or mobile device. The victim is then told to pay a “ransom” to have the files unlocked so they can be accessed once again.

While some simple forms of ransomware can be easily decrypted by a knowledgeable user, more advanced methods of encryption make it nearly impossible to retrieve the encrypted files without the private key needed to perform the task.

Ransomware attacks are usually launched via a “trojan” application, which enters a system through a downloaded file or a security vulnerability in a network service.

While operating system and networking companies regularly release updates to fix security flaws used by such trojan apps, many users fail to install the updates, leaving their machines and networks open to attack.

Once downloaded to your computer, the program then runs, locking the system, encrypting data or, in some cases, even making threats that appear to come from a law enforcement agency. (One user turned himself in after a malware app threatened to call the authorities about child pornography on his hard drive. He actually had child porn on the drive.)

No matter the type of ransomware, the goal of the evil payload is almost always to extort a payment of some sort from the victim. The amount of money demanded from individuals can be a substantial amount, but not financially crippling for the individual.

Tom’s Guide notes amounts have been reported to be in the range of $300 to $700 for victims in the United States, although amounts can vary according to the victim’s location.

Protecting Your Computer From Ransomware

There are several ways to protect yourself from ransomware, and we’ll take a look at each one in this section.

We’ll look at how “smart computing,” keeping your computer and other connected devices updated, and running anti-virus and anti-malware apps can help you keep your system running clean and green, keeping your personal or business data from possibly being lost forever.

1 Practice Smart Computing

Always practice smart computing.

When I say that, I mean that you should always think twice about opening emails or email attachments from unknown parties. Never click a link found in an email, even if it appears to be from someone you know.

When browsing the web, use common sense and stay out of the darker corners of the web. (Like my doctor, Vinnie Boombotz says, “If you break your arm in three places, stay out of those places!”) Sure, the lure of free movies and music can be enticing, but think before you click.

Never install an application on your computer or mobile device unless you’re absolutely certain of the source of the app. If possible, restrict app downloads to those from known sources, such as the Windows Store, the Mac App Store, the iOS App Store and Google Play.

Mac and Windows owners may find this rule a bit tougher to follow, due to the plethora of app sources available on the web, but at the very least, be sure of the websites you’re downloading from.

Always make sure you show file extensions on your computer. This will help you identify the types of files you’re viewing. Be wary of clicking files you’re not sure of, especially if they show file extensions like “.app,” “.exe,” “.vbs” or “.scr.”

2 Keep Your Computer or Mobile Device Updated

One of the most important things you can do to protect your computer or mobile device from threats like ransomware is to keep it updated, regularly installing the latest updates. The best way to do so is to turn on automatic updates, so your device will keep itself updated and patched against the latest threats.

Luckily, Microsoft, Apple and Google usually react quickly when security flaws are exposed, often releasing a fix for the security holes within days. Android users can still be exposed, however, due to the various devices that run the mobile operating system, and the need for individual device makers to release updates for those many, many devices.

Windows 10

Windows 10 is easy to keep updated. Simply go to “Update & Security” in the “Settings” menu and make sure updates are set to install automatically. You can also manually install any available updates while you’re in this area.

Windows 10 Update Status

macOS

macOS is also easy to keep updated. On your Mac computer running macOS High Sierra or any recent version of the macOS operating system, do the following:

  1. Click the Apple icon you’ll find on the upper left-hand corner of your Mac’s Desktop.
  1. Click “System Preferences.”
  1. Click the “App Store” icon.
  1. On the App Store screen, make sure the “Automatically check for updates” and the “Install system data files and security updates” boxes are checked.
macOS App Store Updates

Your Mac will then notify you when an update is available. You can then load the Mac App Store app, click the “Update” tab and click the “Update” button for the macOS update. The app will download and install. Your Mac may reboot a few times during the installation, and it may take awhile.

You can also manually check for a macOS update by loading the Mac App Store app and clicking the “Update” tab, where your Mac will automatically check for any available updates.

macOS Updates

Android

Before updating your Android device, make sure it is fully charged and connected to a charger. These updates can take a while, so power is important.

You’ll also want to be connected to the internet via a Wi-Fi connection. Otherwise, you’ll be eating up some of the data on your cellular plan, and a Wi-Fi connection is usually faster.

In addition, before updating your device, make sure you have a recent backup. (Backups are also handy to have if you need to restore your device in case of a ransomware attack. I’ll talk more about that in the next section.)

On your Android device, tap the “Settings” icon. In the Settings menu, look for and tap “About phone,” or the equivalent for your device and version of Android. (These can differ, as manufacturers are allowed to customize and modify the menus on the devices they sell.)

Android Settings

In the “About phone” menu, tap on the “Software Updates” or equivalent menu option.

Android Phone Status System Updates

You’ll see the Software Update screen, which will either tell you that your device is up to date, as seen here, or that there is an update available. If an update is available, tap the “Install Now” button to download and install the update.

Android Check for Update

iOS

When an iOS update is ready, your iPhone, iPad or iPod touch will notify you. When you see the prompt, simply tap the “Install Now” button in the notification.

You can also manually check for and install an update by plugging your device into its charger, making sure you’re connected to the internet via Wi-Fi and doing the following:

  1. Tap the “Settings” icon on your device’s Home screen to enter the Settings app.
  1. Tap “General” in the Settings menu.
iOS Settings General

3. Tap “Software Update” in the General menu.

iOS Settings Software Updates

4. Your device will check for an available Software Update.

iOS Software Update Checking for Update

5. If an update is available, tap “Download and Install.”

iOS Software Update Download and Install

6. Depending on how much free space you have remaining on your device, you may be asked if it’s okay to temporarily remove apps to make space for the update files. Tap “Continue.” iOS will reinstall any apps it removed once the update has been completed.

7. To update iOS now, tap the “Install” button. If asked, enter your passcode. The update will begin, your device will reboot and prompt you for your passcode once the update has finished.

3 ​Backup, Backup, Backup!

I can’t stress strongly enough the importance of backing up your computer or mobile device on a regular basis. Always, make use of a backup solution that will back up your data on a scheduled basis to an external drive.

Time Machine, which is built into macOS, is a great solution for Mac users, while Windows 10 users can take advantage of the built-in Backup and Restore app. Carbon Copy Cloner is a popular option for Mac users who want to make an image of their drive.

macOS Time Machine Back Up

Also, while a local backup is a great idea, a cloud backup is also an option you should strongly consider, which, in addition to offering a way to restore data in case of a ransomware infection, also provides a way to recover your data in case of a fire or other disaster that might destroy your local backup.

macOS Back Up

For mobile devices, users can make use of cloud backup services like iCloud for iOS, or Carbonite and Backblaze for both iOS and Android devices.

iOS iCloud Back Up

iOS users can also back their devices up to their Mac or Windows computer by connecting their device to their computer via a Lightning cable and using iTunes. Similar device-to-computer solutions are available for Android users.

​4 Use Antivirus and Anti-Malware Apps

Never, EVER connect to the internet on your computer or mobile device without running some type of antivirus and anti-malware software.

In this section, we’ll take a look at the options available to protect your Windows, Mac, iOS and Android devices from threats.

It should be noted upfront that while there are plenty of antivirus and malware scanning apps available for Windows, macOS and Android, there are much fewer available for the iOS platform.

This is due to how Apple keeps the iOS operating system locked down as a closed system, only allowing installation of apps via the Cupertino firm’s App Store. Many of the malware threats to the iOS platformhave been limited to “jailbroken” devices.

Windows Defender (Windows 10 Only)

When you install and run Windows 10 for the first time, Windows Defender is automatically enabled, offering you basic protection from online threats such as viruses and malware.

The app offers real-time protection against viruses, malware and other threats. It also offers the ability to scan your computer’s hard drive for threats.

Windows Defender Windows 10

Many users are pro-Defender since it’s included as a part of Windows, it automatically protects a new Windows installation and it’s relatively easy to use.

However, other users argue that Defender is not a viable way to protect a computer, as its features are limited compared to other antivirus packages, and it’s an attractive target for hackers due to its wide use (much like Windows itself became an attractive target due to its popularity.)

If you’re looking for simple, easy-to-use protection for your computer, Defender may prove to be enough for your needs. In April 2017, independent IT-security institute AV-Test found that Windows Defender caught 99.9% of “widespread and prevalent” malware, and 98.8% of zero-day attacks.

However, you should be advised that there are better options available. I’ll share some of my favorites below.

For more information, visit the Microsoft website.

BitDefender (Mac, Windows, iOS, Android)

BitDefender for Mac and Windows is a reliable security application, offering protection against malicious websites, a built-in password manager and even a secure browser for use when you want to protect online financial transactions and other security-sensitive online activities.

BitDefender (Mac, Windows, iOS, Android)

In addition to real-time virus and malware protection, as well as scanning capabilities, the app provides an anti-phishing module that will warn you when there are malicious links in your search results and even block access to dangerous websites.

Bitdefender on the iPhone and iPad offers only limited functionality, allowing you to check to see if any of your email accounts have been leaked, and an anti-theft module that allows you to locate, lock or wipe a lost or stolen device, which is already possible via iCloud.

In my humble opinion, the app isn’t worth the download, though you may feel differently.

Bitdefender for Android offers much more protection than the iOS app does. The app offers malware scanning, e-mail account security, the ability to lock your apps with a PIN, real-time protection for Chrome and default Android browsers, the ability to track, lock, and wipe your lost or stolen device, and more.

This version is a pay-for-play app, but it offers a 14-day free trial, so you can try it out without putting any money on the table.

For more information, visit the Bitdefender website.

Avast Antivirus (Windows, macOS, Android)

Avast Antivirus is free antivirus protection for Windows and macOS machines. The free version provides protection against viruses and malware using both real-time and hard drive scanning methods.

It scans your Wi-Fi network for security issues and intruders, and also stores your passwords for use on websites.

Avast Antivirus (Windows, macOS, Android)

Avast offers paid solutions as well, which adds features such as anti-phishing protection, spam email blocking, a firewall, webcam spying blocking, file shredding and more.

Avast Antivirus 2018 is available for Android devices. The ad-supported app (the ads can be removed with an in-app purchase) scans Android devices for malware and protects users from phishing attacks sent through email, phone calls, websites and SMS messages. The app also provides a PIN-protected photo vault, anti-theft features and more.

For more information, visit the Avast website.

Malwarebytes Anti-Malware (Windows, macOS, Android)

No matter which antivirus solution you select for your Windows, Mac or Android device, I strongly suggest you also install the Malwarebytes malware scanner.

Malwarebytes is designed for one thing, and one thing only: detecting malware that might be hiding on your device.

Malwarebytes Anti-Malware (Windows, macOS, Android)

The free version of Malwarebytes for Mac and Windows scans your computer’s hard drive for malware threats (and does it quite quickly). Most of the scans I perform on my Mac run for around 3 minutes or so.

If any malware is detected, the malware files are “quarantined” in a special directory created by Malwarebytes. Users can then view which files were quarantined and even delete the quarantined files with the click of a button.

Malwarebytes Anti-Malware (Windows, macOS, Android) Quarantine

The premium version also offers real-time protection against threats. If you’re budget-challenged, the free version will likely provide sufficient protection – just be sure to run the scan periodically.

A free trial period provides all of the premium features for 14 days.

Malwarebytes for Android checks for ransomware, malware and junk files, and also scans for malicious code. It scans for malicious links in emails, texts, websites, Facebook and WhatsApp. In addition, it detects apps that may be tracking your location, attempting to monitor your calls or charge you hidden fees.

The free version of this app does a great job of scanning your Android smartphone or tablet, and does it quickly, meaning you might be more apt to run the app for a scan from time to time.

For more information, visit the Malwarebytes website.

CRAP! I’ve Been Hit by Ransomware! Now What?

Your computer has been hit with ransomware, and now you’re faced with paying the ransom and hoping like hell that the bad guys will give you the key to unlock your precious data.

Don’t do that – only pay as a last resort. There is a good possibility you can recover your data without paying up.

1 Scareware (Windows and Mac)

Some ransomware is relatively easy to remove. “Scareware” browser screens that claim you have child porn on your hard drive and that your computer is locked are never true. (If you’re actually suspected of being in possession of child porn, the FBI will come knocking on your door, search warrant in hand, bright and early some morning. Just ask Jared from Subway.)

If you’re faced with this type of ransomware, you can usually shut it down by using force-quit on a Mac, or the Windows Task Manager on a Windows machine, to close the browser.

Then you’ll need to run an antivirus and/or malware detection application to remove the files causing the issue. That should clear this pesky critter from your machine.

2 ​Ransomware (Windows)

If your Windows machine is hit by real ransomware and you’re unable to access your data, or even unable to boot your computer to the Windows Desktop, try to do a System Restore to roll your system files to a point before they were infected.

Note: System Restore must have been enabled beforehand, but the good news is that Windows enables it by default, so unless you’ve changed the settings, you’re good to go.

To perform a System Restore in Windows 10, do the following:

  1. If your computer can boot to the Windows login screen, hold down your Shift key on your keyboard, click the power icon and select “Restart.”
  1. Your PC should then reboot to the recovery screen.
  1. Click “Troubleshoot.”
  1. Click “Advanced Options.”
  1. Click “System Restore.”
  1. Wait for the process to complete.

If you can’t access the recovery screens, you can use the USB stick or DVD you installed Windows from to boot the PC to access the recovery tools. You’ll need to click the “Repair Your Computer” option if you have to go this route.

If running System Restore doesn’t do the trick, try running a virus scanner from a bootable disc or USB stick. Bitdefender, Avast and many other antivirus software companies offer scanners that can be used in this manner.

I highly recommend creating a rescue disc or USB stick with apps that can help you in situations like this. Note to self: Write an article telling you how to create a rescue disc/stick.

This is the bad news part of this section: if you have no luck trying any of the above, you will likely need to perform a full restore from a backup or perform a clean reinstallation of Windows.

But, the good news is that you have a good backup of your hard drive, containing all your files, right? Right? Be sure to scan the backup for malware before restoring. No sense in starting this whole thing all over again. (If you need a refresher on backing up your computer, I suggest that back up a bit to the Backup section of this article. BEEP! BEEP! BEEP!)

If you get “lucky” enough to be infected by malware, and it didn’t appear to have encrypted your data, but it still looks like you’re missing some files, the malware may have just hidden them.

Try the following:

  1. Open a File Explorer window.
  1. Click the “View” tab in the top pane.
  1. Click the “Hidden items” checkbox to select it. (A check will appear, showing that it is enabled.)

If your lost data shows up after opting to show your hidden files, you’re golden. Just navigate to “C:\Users\”, open the folder for your username and right-click each hidden folder. Open “Properties” and uncheck the “Hidden” box. Your data should once again be accessible.

3 Ransomware (Mac)

The Mac has had relatively few malware attacks compared to the Windows platform. However, as the platform has become more popular in recent years, it has become more popular with hackers looking for a quick ransomware hit.

In February 2017, the Findzip ransomware was discovered. Only a relatively few Mac systems were hit by the ransomware.

The bad news was, even if you did pay the demanded ransom to the parties behind Findzip, they couldn’t give you the key to decrypting your data. Other than a rather involved method of recovery procedure, the only way to get your data back was to restore from a (hopefully) unaffected backup.

Your best bet for recovery from a ransomware attack on your Mac is to have a recent backup of your hard drive, which can be used to restore your files after the ransomware is cleaned, either using an antivirus and/or anti-malware app, or via a reinstallation of the macOS operating system.

What Have We Learned?

Ransomware can infect your computer, encrypt your files and prevent you from accessing your data, forcing you to either pay the price in hard currency or lose the time you’ll spend restoring your system to its former glory.

1 Practice Safe Computing

Always think twice before downloading files from questionable websites, opening attachments in emails or downloading that pirated movie, album or game. Only install apps from known-safe sources, such as the Windows Store or the Mac App Store.

2 Backup, Backup, Backup

Always have a recent hard drive backup handy, just in case you are hit by ransomware. In addition to a local backup on an external hard drive or USB stick, also back your files up to the cloud. Offsite backups like cloud backups offer another layer of protection.

3 Keep Your Computer or Mobile Device Updated

Always keep your devices’ operating systems updated. Either set your computer to automatically update or periodically check for updates.

Both Microsoft and Apple regularly provide updates for Windows 10 and macOS, respectively. Updates usually only take a few minutes and pay dividends by providing patches for recently discovered security holes used by ransomware developers.

4 Use Antivirus and Anti-Malware Apps

Install antivirus and anti-malware apps on your device. Also be sure to keep the app and its definitions updated to provide the latest in protection for your system.

5 Don’t Panic

If your computer or mobile device is hit with malware, don’t panic. Follow the steps I’ve laid out in the paragraphs above, and you’ll have a good chance of recovering your stricken data.

Now, go forth and sin no more! Or, at least use protection.

 

Look out for Office 365 Phishing email

I received this email this morning (below) which looks genuine enough at the first glance – however – hover over the ‘rectify issue’ button and you get taken off to some bizarre phishing site were you to click the link – be aware and don’t fall for these emails – if in doubt ask somebody in the know or simply hover over the button to display the destination ( this one went to http://fatebegins.com/localization/customize/index.php – clearly not a Microsoft site!