Why You Need To Delete Your Old Accounts

ttt-logoMost people let old accounts languish. But abandoned accounts are filled with information that can be used to send spam, spread malvertising, and commit cybercrimes.

For example, I frequently get email messages from people I know, but haven’t talked to in a while. Invariably the email subject is blank or says nothing but, “Re:”. Sometimes the email includes a suspicious attachment. And I sigh and delete the message, because I know these unused accounts have been hijacked from their unsuspecting owners and are now controlled by hackers.

But hijacked accounts go beyond mere annoyance. They are often used to hack other, juicier targets, making it more difficult for such electronic attacks to be traced back to the perpetrator. They can also be used in online financial scams, such as the “I’m stuck overseas and need you to wire me money” scam. Such scams appear far more realistic when they come from a seemingly-legitimate source like a friend’s email address rather than some random account, and many people fall for the trick.

Hijacked accounts can also be used to hijack other accounts like Facebook, Twitter, or even your bank account, if it’s been linked to them. It’s like a stepping stone to the rest of your stuff.

For these reasons, you should always delete old accounts if you are no longer using them. If you’re concerned that someone will take your old username, I recommend maintaining your old accounts by logging into them every few months and using strong passwords that have not been used on any other site.

You will need your username and password for the account you wish to delete. If you don’t have it, you typically need to follow the site’s procedures to recover a forgotten password before you can continue the deletion or deactivation process. Don’t forget to remove the deleted address from other accounts if it’s been linked to them, such as an old email address linked to your Facebook account.

You should note, however, that just because a site claims your account has been deleted, it may not necessarily have been. Many sites retain old accounts in case you want to reactivate them later. Also, your data may not be deleted even if you request it. Over the years any information you’ve stored online has doubtless been copied to untold backups and mirror servers. In reality, once your data is on the Internet, it’s out there forever. But at least by deactivating or deleting your accounts, you can help keep them (and the data they contain) from being used for nefarious purposes.

Here’s how to delete or deactivate your accounts on a variety of popular sites, old and new.

 

How To Protect Your Privacy On Social Media Sites Like Facebook And Twitter

socialmediaWhen was the last time you checked the privacy settings on your social media accounts? Once? Twice? Never? If you don’t check periodically, you run the risk of having your account hijacked by hackers.

Related article: Strong passwords key to social media privacy by Triona Guidry (The Northwest Herald)

What do you mean by “social media”?

Sites primarily used as a means of mass communication: Facebook, Twitter, LinkedIn, Pinterest, Instagram, Tumblr… You could also think of them as virtual communities, each with different rules and tendencies.

Why should I bother securing my social media accounts?

Because having your account hijacked stinks. At best, it’s inconvenient to reset your passwords and notify your friends. At worst, it results in data loss, identity theft, and financial ruin.

But aren’t these sites private?

Nope. They have privacy settings, most of which aren’t on by default. But anyone can sign up on these sites, and anyone can pretend to be anyone else on them. They’re designed to share information, not keep it private. Which is why the idea of people sharing their entire life stories and that of their kids gives me the screaming heebie-jeebies. Social media sites aren’t private photo albums and diaries. They’re publicly-accessible news sites (and data aggregators for advertisers).

Why do hackers want to hijack me?

In short: money. Cybercrime is a multi-billion dollar global industry. With economies tanking and people out of work, the idea of making tons of cash through Internet scams is hard to resist. Through commandeering your account, cybercriminals sell everything from Internet pharmaceuticals to fake antivirus programs to Twitter followers using your hijacked identity. It’s the go-to crime of the 21st Century.

Should everyone protect their social media accounts?

Yes. Absolutely. There’s no excuse not to.

How can I protect my social media accounts?

Use strong passwords that are unique on every site

Double-check your privacy settings

Report fake followers and inappropriate content

Verify links before sharing

Do you have questions about securing your social media account? Ask in the comments, and don’t forget to subscribe to Tech Tips by email and follow on Facebook. You can also follow @trionaguidry on Twitter.

 

Cyber Attacks Spell Trouble For Consumers

padlock-phoneDo you know what to do if your account is swept up in a cyber attack? In the last year many popular sites, including LinkedIn, Twitter, and Evernote, have been attacked and consumer information stolen. What can you do to protect yourself?

As I said in my tech column in this month’s The Northwest Herald:

Cybercriminals attack big companies for the big prize: user account information. With email addresses and passwords in hand, they go on an account-cracking spree across the Internet, hoping that some of the users in their massive heist are using the same weak passwords on multiple sites. Itʼs likely some of your accounts have already been swept up in data breaches like this.

There are a number of things you can do to reduce the possibility of being hacked. Here are my recommendations plus related Tech Tips articles to help you with each step.

If your account has been hacked, you need to reset it. Here is information on account security and resetting hijacked accounts for some of the major sites:

And here is information on the recent breaches I mentioned:

For the latest news on data breaches (something a little more reliable than mass media articles), try these IT security sites.

Do you have questions about cyber attacks and hijacked accounts? Ask in the comments!

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

Stop Integrating My Computer With Social Media!

Tech companies need to remember that consumers are people with brains and don’t need to be force-fed technology through the virtual equivalent of a baby spoon. Mountain Lion, Apple’s latest operating system for Mac (OS X 10.8), boasts improved Facebook integration. In my mind that’s not a feature, it’s a reason to stay away.

I DON’T want my operating system to be integrated with social media. The operating system is the brains of my computer. It doesn’t need to check into Facebook or Twitter. I may run apps on top of it that do need to check into Facebook or Twitter, but that’s my decision. I don’t want my system software making that decision for me.

I want my system software stupid. I don’t want it to know a damn thing about the Internet except how to connect to it. To put it in IT terms, I don’t want my OS thinking past the lowest layers of the OSI model. I certainly don’t want it making decisions at the presentation and application layers. Let it merrily chat away via TCP/IP without bothering to look inside those data packets, and let the programs I choose do that work.

I could say the same for my iDevices. I don’t want to use iCloud. I don’t want to use FourSquare. I don’t want to check in every five seconds. As I said in a previous rant er… post, I certainly don’t want all my data syncing to some unknown datacenter when all it needs to do is go two inches from device to computer.

There’s such a thing as too much integration. Everything doesn’t need to work seamlessly with everything else. If I wanted an operating system based on Facebook I would do all my work with Facebook apps. If I wanted to use cloud computing I would sign up for cloud computing. But if all I want is to work locally on my own computer, I should be able to do that too.

What I want is an operating system I can secure with third party tools (sayonara, Windows RT!), upon which I can run the programs of my choosing.

Of course, I could always run Mountain Lion and simply not give it my Facebook credentials, but that’s not the point. The point is that the capability of integration is there. The point is that if something happens – if I input my password in the wrong dialog box, if a virus presents me with a malicious login, if one of Apple’s preferences “accidentally” gets switched on – then suddenly I am sharing a whole lot of data with the world that really shouldn’t be shared.

As a computer expert, I know the best ways to avoid that. But most people don’t. The average person, right now, is streaming data to Facebook, Twitter, iCloud, and who knows what else, without even being aware of it. And that’s BEFORE the latest integrations between social media and our system software.

Stop sacrificing security for convenience, because it’s not the tech companies that pay the price, it’s the consumers. We’re the ones who get our bank accounts hacked, our email hijacked, our identities stolen, our lives ruined. That’s not exaggeration, that’s the result of a multi-billion-dollar cybercrime industry.

 Subscribe free to Tech Tips by email for computer news, security tips and more!

Ten Ways To Tell If Your Computer Is Infected With A Virus

Ever get that sinking feeling that something’s wrong with your computer? Here are ten ways to tell if your computer is infected with a virus.

Run a virus scan
A bit obvious, isn’t it? While you’re at it, make sure your antivirus program has been updated recently. If you haven’t bought a new version in a few years, now’s the time.

Run a second virus scan with a different program
Antivirus programs sometimes come up with different results. It’s a good idea to scan with a second program to pick up anything the first one left behind. However, you shouldn’t try to run two antivirus programs concurrently; they’ll conflict with each other. I like free programs Malwarebytes for PC and Sophos Antivirus for Mac.

Watch your computer’s behavior
Is it slower than usual, crashing, having a hard time redrawing the screen? These can all be signs that viruses are running in the background.

Monitor active programs
If a virus is running in the background, it may show up in the list of active programs. You can then click on it and End Task (Windows) or Force Quit (Mac). Bear in mind, though, most viruses will restart on reboot, and some will even regenerate on the spot no matter how many times you quit them.

  • Windows XP
    Ctrl-Alt-Delete, then click Task Manager
  • Windows Vista/7
    Ctrl-Shift-Esc
    or right-click the taskbar and click Start Task Manager
  • Mac OS X
    Option-Cmd-Escape (the Force Quit menu)
    or open a Terminal window and type ps -aef

Check your Web browser extensions
Browser extensions provide additional functionality on the Web. Some are terrific tools while others are sneaky little devils that serve you ads, slurp your data, and otherwise spy on you. Here’s how you can check your browser extensions.

Check your Sent folder
If your email is spewing spam, it may show up in your Sent Items folder. Viruses often commandeer email accounts to send spam.

Check your Facebook and Twitter
If there are all sorts of weird links on your Facebook wall that you didn’t post, your account may have been hijacked. And if that’s the case, it may have happened through a virus infection on your computer.

Start in Safe Mode
If your computer is so confused it won’t work properly, you can boot into Safe Mode which may allow you to diagnose the problem.

  • Windows XP, Vista, 7
    Hold down F8 at reboot (before the Windows logo)
  • Mac OS X
    Hold down Shift at reboot

Ask the Internet
Fortunately we don’t have to compute in a vacuum. If you think you’re infected with a particular virus, do a Web search on it. You’ll often find removal instructions and links to tools (just make sure those tools are legit and not themselves viruses in disguise).

Inspect your other computers
If one is infected, it’s likely the others are, too. You need to keep all your computers secure, even if they’re old or you don’t use them often.

Want more? Sign up for Tech Tips free by email and receive computer news straight to your inbox.

Apple & Amazon Customer Service Hacked: Can The Cloud Be Trusted?

Once your data is in the cloud you lose all control of it. A journalist’s online persona was recently hijacked through hackers’ clever and scary manipulation of Apple and Amazon’s tech support. This could happen to any of us, at any time.

A description of the incident from the journalist, Mat Honan, who works for Wired:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

The Price Of Cloud Computing?
This, folks, is the kind of thing that terrifies me. Years ago I wrote a post called Cloud Computing For Consumers Makes Me Cringe, in which I expressed my concerns over the proliferation of consumer tech based on the cloud. I’m far from the only one; the tech industry has been at each others’ throats for years. Some see the cloud as too vulnerable, while others say it’s a vital (and inevitable) resource.

It seems our fears have been realized. Like everyone else I want the fun new features of today’s devices, but I don’t trust the cloud, especially when I hear about incidents like the Apple+Amazon debacle.

I’ve been in tech support far too long to be fooled. I know other incidents are happening that we aren’t hearing about. I know my data is residing in places I don’t intend. I know that in some ways I’m helpless to stop that, but I can also choose which technology to embrace and which to reject. And I reject the idea that I need a distant datacenter for even the most minute of daily tasks.

Is It Too Late?
Of course that’s a largely symbolic statement. In reality, I’m already using the cloud in ways I don’t like, but was forced to. We all are. What scares me is that most people don’t know how cloud-dependent the world is becoming. They think they’re not using the cloud even when they are.

Apple leads the pack with iCloud. You can’t sneeze on an Apple device without it asking if you want to use iCloud. Soon you’ll have to use Apple’s cloud service even if all you want is to sync the basics like calendar and contacts. But once transferred, our data is not necessarily protected, as our poor Wired journalist learned. From an article about the incident:

On Aug. 3, an “epic hack” compromised technology journalist Mat Honan’s Twitter account. Along the way, the attacker–known as “Phobia”–also managed to remotely erase Honan’s Apple laptop, iPhone, and iPad. Furthermore, Phobia did it by socially engineering–as in, tricking–customer service representatives at Amazon and Apple, allowing him to gain sufficient information to first access Honan’s iCloud and Gmail accounts.

Manufacturers Need To Step Up Security
Granted, Honan did a few things that aided the criminal. He linked accounts together (notably Twitter), he didn’t activate all the security available on his devices, and he didn’t have good backups. But, in my opinion, that’s as much the fault of the manufacturers as it is the consumer.

We’re encouraged to link accounts. We’re encouraged to take advantage of all the shiny new features. There is never any fine print that says, “oh, by the way, if a hacker makes it this far, enabling this feature means you’re screwed.” And it’s not always clear that “turn this feature on” means “your data will be transmitted”.

I also lay blame at the manufacturers’ feet for their EpicFail on internal security practices that would have prevented the criminal from gaming the system to gain the information needed to break in.

The journalist was technically savvy and this still happened. Imagine how much harder for the average person! I know because I’ve spent most of my career helping small businesses and consumers with just this sort of problem, and there are few good solutions.

It’s not just Apple and Amazon. This is an industry-wide problem that the industry hasn’t addressed. Vendors are quick to point out new features: more speed, more memory, bigger, better, faster… but the consequences are not always recognized until after the technology has been embraced by the public.

How You Can Protect Yourself
Which means you, dear consumer, are on your own in deciding which technology is safe or unsafe. This is harder than it sounds. Like everything else in our advertising-driven world, some of the information you’ll read is sponsored by the people who sell the products. You have to sift, filter, and decide for yourself. (This blog, for the record, is sponsored solely by me.)

Personally I think it’s absolutely stupid that my modern iPad can’t do what my creaky old PalmPilot still can: sync data via a physical cable. Tech manufacturers need to GIVE US AN OFFLINE OPTION instead of forcing us to use the cloud because they obviously can’t secure the cloud.

I’m also looking at you, video game manufacturers. I chose not to play Diablo III specifically because it requires an always-on connection to the servers. Gee, now Blizzard is telling the Diablo and World of Warcraft players that those servers were hacked and their personal info was stolen. I like a good fantasy RPG as much as the next geek but not at that cost.

The industry is throwing us at the cloud because cloud computing makes it easier for them to write the programs and provide support for them. If everything’s in the cloud they don’t have to deal with multiple computer configurations, multiple devices, and tons of tech support headaches. “Hi, I’ve got a Palm V connecting via serial to a Pentium II running Windows 98, and somehow it won’t also connect to my new Windows 7 laptop…”

It’s my firm belief that every device should have a setup wizard that walks you through securing that device. This might not stop people gaming the system but it makes it a lot harder for them to get very far with your data, even if they do manage to break into your accounts.

The cloud may be easier for vendors, but not always so for consumers. My advice is to use it at your own risk.

Image: FreeDigitalPhotos.net

How To Delete Your Old Email Accounts

Did you know your old email account may be spewing spam and malware? In today’s The Northwest Herald I talk about the importance of deleting old accounts:

It happens all the time. You move to a new email address but leave the old one intact; you set up a Yahoo! or Gmail account but never get around to using it. We assume these accounts wait patiently for us. On the contrary, they cower, helpless, waiting for the first hacker who can figure out the passwords.

Unfortunately many people use weak passwords, especially for throwaway accounts. We’ve seen examples of this with a rash of recent security breaches at Yahoo!, LinkedIn, and eHarmony, among others.

These breaches reveal that many people use simple, plain-text phrases like “linkedin”, “mypassword”, and “123456”. People also use the same two or three passwords in rotation. What are the chances some old account of yours uses a password you’ve reused elsewhere?

Here are the additional resources I mentioned in the article. You might find these related Tech Tips articles helpful:

Here are links from some of the more common email providers about how to delete accounts. Note that these links may change without notice, and that account deletion policies vary by provider. Consult the individual site for more information. I’m providing the exact URLs so you can see where you’re going.

And, some social media ones:

Image: FreeDigitalPhotos.net

Why Your Blog Needs A Makeover (Plus, A New Look For Tech Tips!)

When was the last time you updated your blog’s design? If your blog or web site is outdated, it’s time to consider a new look.

Many people think designing a web site or a blog is a one-time deal. “Yay, my web site is done!” But your site should be dynamic. While consistency is important in marketing, so is freshness. You need modern features to stay competitive and grow your readership.

As you can see, I recently went through this process with Tech Tips. The new design features improved search features – just click your category in the upper right, or you can search by keyword. It also has improved social media integration and, under the hood, SEO features and security.

But you can’t just stick any old template on your site. A little planning can help you find the right combination of design and content.

Who is my audience?
If you run a blog, presumably you know your target audience through statistics and analysis. The design of your blog should be consistent with the audience you want to attract. A simple, professional look is best for a business blog, but a blog for, say, 18-25 year old wakeboarders should look very different from those geared to 40-something parents or senior citizens who like Star Wars.

I went with a peaceful theme in teal and white. Tech Tips is intended to help small business and home users with their computers, so ease of use is vital.

What is my audience seeking?
Since you know your audience, you should also know what they want. And this may be very different from what you think they want. Otherwise, you might be posting about car transmissions when they want to know about blueberry muffins.

I chose features based on analysis of my audience. People who are having trouble with their computers want quick answers, so I put the solutions – searchable by category or keyword – at the top. I added additional information in the sidebar, and made sure the headlines were easy to read.

One of the important things for my site is my Twitter feed. Tech news happens fast, and Twitter is a great way for me to keep people apprised. So my Twitter feed has a prominent place in the sidebar.

How can I help my audience?
What makes you different from others who do the same thing? How are you uniquely qualified to help?

I specialize in explaining technical concepts – sometimes advanced ones – to people who are not tech-savvy. My blog is not full of arcane jargon or needless information. For example, when talking about the recent LinkedIn breach I could have gone into nauseating detail about encryption and salted hashes, but the important thing was telling my readers to use strong, unique passwords. The same thinking went into my redesign.

The last, but perhaps most important, reason to redesign your blog is the need to modernize. More people are accessing the Internet via mobile devices like tablets and smartphones, but old blog templates aren’t mobile-ready. Social media integration is another vital feature that has been improved.

Have you redesigned your blog lately? What was your process and how did you like the results? What do you think of the Tech Tips redesign? Share in the comments!

 

Image: FreeDigitalPhotos.net

How To Recognize An Email Scam

Email scams are inundating our inboxes. From fake Facebook links to phony software programs, cybercriminals use email as the bait for their hooks. And many people fall for it.

Rule #1: Never click on email links. You should always go to your Web browser and type the site name directly. Links are easily forged, and clicking bad links allows viruses to bypass your security and silently install themselves on your computer. Remember our motto: Think Before You Click.

We’re going to dissect three of the most common email scams: fake social-media messages, phony antivirus warnings, and counterfeit account statements. But first, let’s talk about how these scams work. All of them bear similarities: use of real logos, colors, and addresses; realistic-sounding language; and links that look like they lead one place when they actually go somewhere else.

Don’t rely on poor grammar or punctuation to tell a scam from the real deal. Some scams may be amateur efforts, but others are so convincing that it’s almost impossible to detect them. It’s best to err on the side of caution and never click links in any email messages.

(Click the screenshots below to enlarge them and see how these email scams try to trick you.)

The Facebook Fake-Out
What It Is: False messages from popular social media sites like Facebook, LinkedIn, and Twitter are a popular way to harvest passwords and sneak viruses onto your computer. People are used to getting email from these sites, so they will click without a second thought. As a result, social media has become the top method of computer virus infection.

How To Avoid It: Never click on links in email. Go directly to Facebook, LinkedIn, Twitter, and other social media sites by typing the site addresses into your Web browser. Don’t try to reset your password via instructions or links in email – and shame on LinkedIn for encouraging people to do exactly that in their recent password breach. See, even real companies get security wrong sometimes, so don’t listen to bad advice no matter who it’s from.

The Phony Antivirus Program
What It Is: Rogue antivirus is fake software that tricks you into installing it, usually by displaying phony infection warnings or upgrade notices. I’ve discussed rogue antivirus before; you can read about it here and here. Once a rogue antivirus program commandeers your computer it will disable legitimate antivirus, regenerate itself if deleted, and even hold your data for ransom.

How To Avoid It: Don’t install software on your computer unless you know where it’s from. When in doubt buy a packaged program from a store. Go directly to security software makers’ sites to buy and download software rather than relying on links in email.

The False Billing Statement
What It Is: Counterfeit billing statements attempt to harvest your password and account credentials. This information can be used to gain access to other accounts including your bank accounts and credit cards.

How To Avoid It: If you receive electronic statements, don’t click links in them. Visit the site directly to enter your account information. Never believe a password reset email or instructions to “verify” your account.

These are not the only scams in town. Fake package delivery notices, marketing surveys, and other scams abound on the Internet. It’s up to you to learn how to recognize and avoid them, but hopefully this has given you a head start.

Lessons Learned From The LinkedIn Password Hack

Social media site LinkedIn suffered a major security breach this week as over 6 million passwords were stolen. First, here’s a great quote from eWeek that explains why you need to pay attention to data breaches.

The compromise of a LinkedIn account has three important ramifications, opined Carl Leonard, senior manager of security researcher at Websense. “First, the key concern is the bad actors taking advantage of trust,” he said. “If you are ‘linked’ to a trusted colleague you are more likely to click on a malicious link sent from them, which may open the door to targeted attacks and confidential data theft.”

“Second, because many LinkedIn accounts are tied to other social media services, such as Facebook or Twitter, posts with malicious links can also be propagated to a larger audience,” Leonard said. “And lastly, many of us are creatures of habit and have the same password for multiple accounts. The consequences of a breached password could be extrapolated across email, social media, banking accounts, and mobile phone data.”

There are some valuable lessons to be learned from this catastrophe.

Don’t use dumb passwords.
The vast majority of the passwords revealed in the LinkedIn hack were, quite frankly, stupid. Such as:

linkedin
linkedinpassword
password1
password123
p455w0rd
1234567

plus all sorts of plain-text dictionary words like “administrator” and “computer”.

Do your passwords look like the ones on this list? Then change them! All of us should know better by now than to use easily-cracked passwords, and this is why. Here’s my article on How To Create Secure Passwords which may help.

Don’t share passwords across sites.
During the LinkedIn breach investigators found that many people used passwords containing the words “harmony” or “eharmony”. So it wasn’t a surprise when less than a day later, dating site eHarmony announced they, too, were hacked and 1.5 million passwords stolen.

There is a very easy way to avoid becoming a victim. USE DIFFERENT PASSWORDS FOR EVERY SITE. You think it’s a pain? Try identity theft.

Don’t click links in email.
One of the most braindead stupid moves LinkedIn made in this entire scenario – aside from not using proper security practices to secure our passwords – is that they’re planning to email affected users instructions on how to reset their passwords.

Except the surest way to get hacked is to click on malicious links in email. Email is easily forged and links are easy to redirect. How fast do you think fake password reset emails are going to make the rounds? Oh, wait, it’s already happening. From BBC News: LinkedIn users targeted in phishing scam after hack. Epic fail, LinkedIn. Way to teach people bad security practices and expose them to further risks.

LinkedIn users have been targeted by email scams after hackers leaked more than six million user passwords online. Emails designed to look like they were sent by the social-network website asked users to “confirm” their email address by clicking a link.

Do pay attention to security news.

When a crisis occurs, timing is of the essence. In this case if you didn’t change your passwords immediately, it was probably too late. The hackers were rapidly cracking those passwords and trying to break into other sites like eHarmony.

The best way to stay on top of events like these is to follow IT security news. I regularly post important updates through social media sites like Twitter @trionaguidry as well as through my Tech Tips blog.