pixel
New Credit Card Fraud Operating in the Wild

New Credit Card Fraud Operating in the Wild

Just when you thought it was safe to go back into the water.

Oh, wait. Wrong movie!

Do you have a credit card? Do you have a cell phone? Of course you do! And if a bad actor gains access to both of these, they have found an effortless way to gain full control over your credit card account.

The Hack

This hack was discovered when the bad actor was caught in the act at in the locker room of a gym. The process works like this:

  1. The bad actor (BA) opens lockers (at least at the gym) to gain physical access to then victims phone a credit card.
  2. BA uses their phone to attempt log in to your credit card account, tapping the “Forgot my password” or “Reset my password” button.
  3. An authorization code is sent to the victims cell phone.
  4. IF (big if) the victim has configured their phone to display messages while in Lock Screen mode, the authorization code is clearly visible to BA.
  5. BA enters the authorization code on their phone. This gives BA the opportunity to change your password, phone number, email address, and all other vital information.
  6. At this point, BA has full control over victims credit card account.

The Fix

Fortunately, the fix is straightforward and simple. All that need be done is to prevent messages from displaying on your Lock Screen. If you have followed me for any time, you know I’m a fan of not allowing ANYTHING to display on the Lock Screen.

For those of you who have just upgraded to iOS 16, this can be done from Settings > Notifications > Messages > disable the Lock Screen option. It is OK to leave Notification Center and Banner notification enabled.

For Android users, open Settings > Privacy > Notifications on Lock Screen > enable Don’t show notifications at all.

 

50% DISCOUNT ON ALL PRACTICAL PARANOIA BOOKS
IOS 16 AND IPAD 16 ARE NOW AVAILABLE
And so are the vulnerabilities to your device, data, and communications!

iOS 16 is the MUST HAVE upgrade for your iPhone and iPad. In addition to dozens of new features, iOS 16 has dramatically improved the options for your cybersecurity and internet privacy.
But you need to know HOW to properly configure your device to ensure your security.

Practical Paranoia Security Essentials has been doing just that for over 8 years at the best-selling, easiest, most comprehensive guid to securing data and communications on your home and office devices.

And from now until September 30, 2022, ALL Practical Paranoia Live! Edition books are 50% off!
Visit https://thepracticalparanoid.com to order at half price today. Just enter discount code “50” at check-out.

All Practical Paranoia Security Essentials books are available in paperback, kindle, and Live! editions.

Live! editions are exact replicas of the paperback and kindle editions, made available through Google Drive. This is the version used by Universities, trade schools, and high schools, and is now available to everyone. Its advantages include: Always available on any device with a browser and internet connection, and automatically and constantly updated as the OS, applications, and best practices evolve.

Questions, call +1.505.453.0479

Android Phones Constantly Snoop On Their Users

Android Phones Constantly Snoop On Their Users

As reported in a study released 20211006 by University of Edinburgh, UK and Trinity College, Dublin, Ireland, despite the public discontent over data harvesting by big tech, it is (of course) worse than any of us thought.

The researchers found that Android devices, with the notable exception of /e/OS devices, even just out of the box with no other installations and sitting idle, these devices harvest great amounts of user info to the OS developer and third parties such as Facebook, LinkedIn, Microsoft, and Google.

Of greater concern is that this data collection offers no opt-out. Many of the apps cannot be uninstalled. Android users are powerless to stop this harvesting. To make matters worse, it was found that for some system apps such as mini.analytics (Xiaomi), Heytap (Realme), and iCloud (Huawei), the encrypted data stream can be decoded, making your data vulnerable to main-in-the-middle attacks.

Think resetting your  Google advertising identifier will clear up the situation? Nope. The data-collection system easily re-links your old ID with new ID.

Then you just have to love the response Google provided: “While we appreciate the work of the researchers, we disagree that this behavior is unexpected–this is how modern smartphones work. As explained in our Google Play Services Help Center article (and I know every one of you has read this), this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds.”

Grrrrrrr.

What You Can Do About It

The first option is to grin and bear it. This may be a reasonable position to take. After all, it is little ol’ you against a multi-trillion dollar industry. Might as well let the fricken’ blood suckers take all of my personal data and let me get on with my life.

Or, you can make life a little more difficult for them.

I’m fond of the life lessons story about two hikers out in the woods that come across a hungry grizzly bear. Hiker A asks Hiker B “how fast do you have to run to escape a grizzly.”  Hiker B replies “just a little faster than you!”

Going the Android route simply makes it literally effortless for big tech to harvest your data.

Going the Apple route makes it more difficult. Apple has been taking strong steps to block some – not all – of the harvesting of your data. And it looks like with each update they are closing off more avenues to your private life.

Replacing your Android device with an Apple iPhone will go a very long way to helping secure your cybersecurity and internet privacy.

If you are interested in other ways to maintain your freedom, we have the very best, easiest, and most comprehensive DIY books available. Visit https://thepracticalparanoid.com

July 4th – Biggest Announcement EVER from The Practical Paranoid

July 4th – Biggest Announcement EVER from The Practical Paranoid

Click the Play button below for the audio version of this posting.

On the Fourth of July, Americans celebrate independence, declaring we are no longer subject and subordinate to the monarch of Britain.

But today we are subject to greater tyranny through constant internet surveillance and breach of our online privacy. We are at the mercy of our government, Facebook, Google, cyber criminals, and other bad actors intent on knowing, seeing, and recording our every digital nanosecond.

Time for an updated Independence Day.

I’m Marc Mintz, Project Director for The Practical Paranoid (TPP).

TPP and I have worked to enlighten the public that it does not take an Apple Genius, Google Guru, or a Microsoft Engineer to secure your systems, data, and communications. Almost everything the government and big business do to ensure their cybersecurity and internet privacy can be done for you, by YOU, for less than what we spend on coffee. And in just a few hours.

Our Practical Paranoia Security Essentials books have been showing non-technical users how to do this for over eight years.

The number one comment we receive from buyers of Practical Paranoia Security Essentials books is how surprised they are at how fast and easy it was to secure their phone, text, email, browsing, and entire digital life.

Yay!

The second most common comment from buyers is how intimidating Practical Paranoia books appear. Some buyers never jump into using a book after they purchase it.

Ouch!

With release of five new operating systems this year – Android 12, Chrome OS, iOS 15, macOS 12, and Windows 11 – we needed to remove the intimidation factor so that everyone could learn how to protect their data, communications, and privacy. And we did it. 

Announcing five brand-new Practical Paranoia Security Essentials Online Workshops that cover all the new OS products.

Protecting your digital life is as important as locking your home and carrying a driver’s license.

There are three paths to cybersecurity and internet privacy:

  1. You can pay a certified cybersecurity professional to do all the work that you will do in a TPP workshop. But pros cost $1,000-$4,000.
  2. You can buy the Practical Paranoia book and DIY for only $64.95. But you would have done it already if it weren’t for that pesky intimidation factor.
  3. Now you can do the work on your own–but with an industry leader guiding you in a workshop– the only workshop of its kind available anywhere at any price.

Think you don’t have the skills or background knowledge to do your own cybersecurity? We designed each workshop for the non-technical computer, tablet, and smartphone user. If you can tap, double-tap, and save a file, this course was made for you!

Each OS workshop consists of:

  • A series of 7 to 10 one-hour classes on Zoom
  • A copy of the latest best-selling TPP book, a $64.95 value
  • Our August beta workshops will be presented live by an industry expert who has taught technology courses internationally
  • Each class is recorded for students to access if they miss the live session
  • Easy hands-on assignments to harden your security and privacy to industry standards
  • AND Private Instructor Hours via Zoom to help you over any rough patches

The Practical Paranoia Security Essentials Online Workshops are only $275. And, it gets even better!

If you register for any of our first beta workshops in August 2021, your cost is only $125 for any workshop. Registration for beta workshops is limited and will close quickly.

Protecting you, your family, and your business cybersecurity and internet privacy is fast, easy, and inexpensive. You may even have fun doing it!

Visit https://thepracticalparanoid.com
for more information and to register for a one of a kind experience.

online course

Automatically Protect All Devices From Internet Malware and Adult Content

Automatically Protect All Devices From Internet Malware and Adult Content

I just love it when with just a few mouse taps I can add a solid layer of security to all the devices under my roof. It’s just icing on the cake when it’s free!

The Problem

All of the internet-connected devices under your roof need to communicate over the internet in order to function. This includes computers, tablets, smartphones, webcams, smartwatches, smart doorbells, smart thermostats, printers, and more.

With your computers, tablets, and smartphones, you can add a layer of protection against malware by installing quality antimalware software. But what about your printer, smartwatch, doorbell, thermostat… you get the picture. Each of these smart devices are open to a breach, and few offer any option to install or configure security.

The other possible problem is adult content. Should you be a parent that would prefer little Jane and Johnny to not have access to adult content, it can be a full-time job playing content cop.

The Solution

All of your home and business devices must connect to the internet through your router. Inside of each router is a setting specifying which Domain Name Server (DNS) the router will use to learn where to direct this internet traffic. If a DNS server was knowledgeable about which web addresses held malware or adult content, the DNS could pass this info along to the router, blocking access to these sites.

Lucky you! There are DNS servers with this knowledge, and Cloudflare offers them at no charge.

The How To

If you would like to block known malicious and adult content sites from all of your home and business devices, you just have to change your router DNS settings. By default, most routers use your internet provider’s DNS servers. You will change this IP address to those of Cloudflare.

CenturyLink Modem

Every router has a unique interface. In the example below I’m using a CenturyLink Actiontec C3000A.

  1. Log in to the modem. If you aren’t familiar with the process, call your internet provider for instructions.
  2. From the menu bar, select Advanced Setup.
  3. From the sidebar, select DHCP Settings.
  4. In the main area of the page, scroll down to 5. Set the DNS servers allocated with DHCP requests.
  5. From this area, select Custom Servers.
  6. For malware only protection, set the Primary DNS to 1.1.1.2, and Secondary DNS to 1.0.0.2. For malware and adult content protection, set the Primary DNS to 1.1.1.3, and Secondary DNS to 1.0.0.3
  7. Tap the Apply button.
  8. Your modem may reboot. The protection will be in place immediately.

It’s Your Data… Protect It

Most people ignore their cybersecurity and internet privacy because they think it is too difficult or expensive. But what if it was fast, easy, and (almost) free? Our guides have been written by certified experts, with step-by-step illustrated instructions so that even a child can harden your security like a pro.

Visit https://thepracticalparanoid.com for the easiest, most comprehensive cybersecurity and internet privacy guides you can buy. Guaranteed!

Amazon Set to Share Your Internet With Neighbors – How to Opt Out

Amazon Set to Share Your Internet With Neighbors – How to Opt Out

Amazon Set to Share Your Internet With Neighbors – How to Opt-Out

Come this Tuesday, June 8, 2021, Amazon will launch the Amazon Sidewalk service. This service for Echo and Ring devices automatically opts-in to share your internet bandwidth with other Amazon devices in the neighborhood.

At first glance, this service is a great idea. Share a small slice of your internet bandwidth – 80Kb/s and a 500Mb monthly cap – with other Echo and Ring devices that have lost connection with their home wi-fi. For example, if your next door neighbors’ Ring doorbell loses connection with the home wi-fi, the Ring doorbell will automatically connect with the neighbor’s home wi-fi for uninterrupted service. Or if a dog wearing a Tile escapes from their yard, as long as the dog is within range of a network using Amazon Sidewalk, the Tile will accurately report the location of the dog.

Add on to this service that it is free to Echo and Ring customers (well, at least initially), and it is a great deal.

However, there are only a few big-tech companies that have proven to handle internet privacy responsibly, and Amazon is not one of them.

The Amazon Sidewalk white paper states that any sensitive data transmitted through Sidewalk is encrypted and that Amazon does not have a way to decrypt the packets. If that is true, they need to start hiring better engineers. Even if it is true, very serious hacks of secure systems is a daily news item.

Perhaps my biggest gripe is that the system is set to automatically opt-in. I’ll take this as tacit acknowledgement by Amazon the many/most of it’s customers would choose to opt-out instead.

What You Can Do – Opt-Out

If you have an eligible Echo or Ring device and do nothing, you are automatically part of the Amazon Sidewalk system.

If you prefer to not be a part of the Amazon Sidewalk system, follow these steps:

For Amazon Echo Device Owners

  1. Open your Amazon Alexa App.
  2. Select the More option in the bottom right corner of your screen.
  3. Select Settings > Account Settings > Amazon Sidewalk.
  4. Toggle the Amazon Sidewalk to Disabled.
  5. Close the Amazon Alexa app.

For Amazon Ring Device Owners

  1. Open your Ring app.
  2. Select the 3-line icon to open the menu, then go to Control Center > Amazon Sidewalk.
  3. Toggle the Amazon Sidewalk to Disabled.
  4. Close the Ring app.

Hiding in Plain Sight: Office 365 Email Encryption and Prevent Forwarding

Hiding in Plain Sight: Office 365 Email Encryption and Prevent Forwarding

Hiding in Plain Sight: Office 365 Email Encryption and Prevent Forwarding

Although over 1,200,000,000 people use Office 365, very few have discovered the pair of hidden gems. Well, not really hidden, just that very few people ever discover them!

The gems? Built-in email encryption and built-in block of forwarding.

That’s right, instead of spending time researching for an email encryption program, then figuring out how it works, if you have an Office 365 account with Outlook.com, you have both these features available with just a tap or two.

Send an Encrypted Email from Outlook.com

These gems are only available if you have an Office 365 account and use Outlook.com to send your mail with that account. It won’t work with your Outlook application, nor will it work with other email accounts (such as Gmail) that are linked to your Outlook account.

With those prerequisites out of the way, here is the answer you have been waiting for:

  1. Open a browser to https://outlook.com, then log in with your account.
  2. Create an email. Address the recipient to one of your other email addresses, or if performing this in class, to one of your study partners.
  3. From the toolbar, tap the Encrypt button > Encrypt, or Encrypt & Prevent Forwarding.


  4. Send the email.

Encrypt

When creating an outgoing email with Outlook.com, the user has the option to Encrypt the outgoing email.

On the recipient’s end, any attachments may be downloaded if using Outlook.com, Outlook application for Windows 10, the Outlook mobile app, or the Mail app in Windows 10. If using a different email client, a temporary passcode can be used to download the attachments from the 365 Message Encryption portal. The email itself remains encrypted on Microsoft servers and cannot be downloaded.

Encrypt & Prevent Forwarding

As with Encrypt option, when selecting Encrypt & Prevent Forwarding, the email remains encrypted on Microsoft servers and cannot be downloaded, copied, or forwarded. MS Office file attachments (Excel, PowerPoint, Word) remain encrypted after being downloaded. If these Office files are forwarded to someone else, the other person will not be able to open the encrypted files. Non-MS Office files can be downloaded without encryption and therefore forwarded without issue.

Read an Encrypted Email from Outlook.com

If Using Outlook.com to Read the Email

  1. Open a browser to https://outlook.com, then log in with the account set as the recipient in the previous assignment.
  2. Open the encrypted email. Note that you can open, read, and reply to this encrypted email as you can with unencrypted messages.

If Using Something Other than Outlook.com to Read the Email

  1. Open the email software to the account set as the recipient in the previous assignment.
  2. Open the encrypted email.
  3. You will see a message with instructions for how to read the encrypted message.

Google (Finally) Blocking Access to Android Advertising IDs

Google (Finally) Blocking Access to Android Advertising IDs

Google (Finally) Blocking Access to Android Advertising IDs

Well, maybe not Finally, but sometime in late 2021…

As reported in The Verge, Advertising ID’s are associated with every Android and iOS device. They are a unique identifier that links that device to web activity. It is primarily used to track your likes and dislikes and build a trusted profile of who you are.

Not something you or I ever agreed to or want.

Although Android devices have long been able to opt-out of personalized ads, (Settings > Google > Ads >Opt-Out), it doesn’t really stop developers from accessing and using your advertising ID (thank you for the transparency, Google).

Google support now states true opt-out will arrive in late 2021 for new Android 12 devices, and then roll out to all devices with Google Play in early 2022.

Apple iOS and iPadOS have a similar setting, but instead of being an option to opt-out, it is set to automatically opt-out, with the option to opt-in.

What You Can Do

For over eight years Practical Paranoia Security Essentials have been the best-selling, easiest, and most comprehensive DIY guides to ensuring your, your family, and your business cybersecurity and internet privacy. With illustrated step-by-step instructions for every aspect of security.

Paperback available from Amazon and all fine booksellers.

Kindle available from Amazon.

Live! pdf version available from The Practical Paranoid.

100 Million Android Users Hit by Cloud Leaks

100 Million Android Users Hit by Cloud Leaks

100 Million Android Users Hit by Cloud Leaks

As reported by The Threat Post, Check Point Research has found 23 Android mobile apps, with a total of more than 100 million Android users, that are leaking personal data due to cloud server “misconfigurations” (my emphasis. As most of the developers have not fixed their “misconfiguration” after being notified, it is possible the more accurate term is “malicious sloppiness”).

These apps would require the user to provide some information – for example, a taxi app had chats between the driver and client, a horoscope app requested significant personal data from users in order to read their futures).

Due to the server misconfigurations, it was possible for just about anyone to access the personal information provided by the users in real-time. This creates an environment in which the server can be weaponized to inject data from the criminal hacker into the data stream between the user and service. For example, fake chat messages, fake “I’ll pick you up at 4th and Holland in 5 minutes” chats, phishing links, data harvesting, and more – all within a legitimate app.

Imperva Research Labs reports that data-leakage events have increased over 500% in the past year.

What To Do

There is little the end-user can do, as the data is on a server that you and I have no control over. However, there are fast and easy steps we can all do to help prevent our data leaking from cloud servers:

  • Only install those apps that are needed. Review every app on your phone and tablet. If it is not serving a necessary purpose, remove it.
  • If an app requires Security or Challenge Questions from you, provide false answers. For example, if a security question is What city were you born in? Instead of answering with the actual city, answer with something like Stairs. Should criminals access your data, such answers will provide no benefit to them.
  • If an app or cloud service offers Two-Factor Authentication, use it. This provides a belt-and-suspender approach to your data security.
  • If an app or cloud service does not offer Two-Factor Authentication, find an alternative that does, or failing that, contact the developer to make known how important such security is to you.
  • Configure your mobile device and app permissions such that apps can only access your location, microphone, screen, camera, etc. when you approve of the access, not all of the time.
  • Make a note on your calendar to check out https://haveibeenpwned.com on a monthly basis. This site maintains a database of breached internet accounts. If one of your accounts has been breached, this site will let you know, so that you may be able to take action.

Next Steps

Cybersecurity and internet privacy is a constant cat-and-mouse game. But once you know how to play the game, it is far easier than stressing over the possibilities, and can even be fun!

For over eight years Practical Paranoia books and workshops have brought cybersecurity and internet privacy to colleges, high schools, trade schools, government facilities, and most importantly–the home and business user.

Guaranteed to be the fastest, easiest, and most comprehensive guides and workshops of their kind.

Visit https://thepracticalparanoid.com to learn how you can secure your, your family, and your business information and privacy in just a few hours, and for 1/10 the cost of hiring a cybersecurity professional.

Practical Paranoia Security Essentials v5.0.1 Released

Practical Paranoia Security Essentials v5.0.1 Released

Practical Paranoia Security Essentials version 5.0.1 released

WAHOO!!! We have reached a new milestone with Practical Paranoia. All five books (Android 11, Chromebook, iOS 14, macOS 11, and Windows 10) have been updated to version 5.0.1. With this update, all books now have:

  • Synchronized chapters, sections, and assignments. This means if you want to lock down your security and privacy on both your Windows laptop and Android phone, and perhaps your mother’s Chromebook and iPhone, each chapter for each book will be identical with the exception of the specifics of the device being worked on.
  • Chapter timings have been added. For those taking the live or prerecorded Practical Paranoia workshops, you now know going in how long it will take to complete a chapter, and approximately how long the homework will take.

Synchronization is huge. To accomplish it, we started from scratch to rewrite each book. But the results are amazing. For someone wanting to learn about more than one platform, this literally cuts learning time by 50-75%.

This makes Practical Paranoia Security Essentials not only the easiest and most comprehensive cybersecurity and internet privacy guide available for a regular end-user, but it is now the fastest available.

Look Inside Practical Paranoia Security Essentials v5.0.1

Download the Look Inside preview of Practical Paranoia Security Essentials v5.0.1, and discover why this is the easiest, most comprehensive, fun, and fastest way to harden your cybersecurity and internet privacy.