Latest Event Updates
Written by guest blogger, V. Jordan Hutchison, aka “The Intern”
It happens to the best of us. You’re going through your day normally, using good internet safety practices and answering emails. All of a sudden, a friend or family member forwards you a strange email you apparently sent them. “You’ve been hacked,” the subject reads. “I’m pretty sure you didn’t mean to send me this link to a time-sensitive Viagra discount.” Unless that’s your thing, in which case, you probably weren’t hacked. Other notable hacking signs include: erased contacts, mysteriously empty inboxes, and weird changes to your account. What are you supposed to do next?
Change Your Password
First things first: try to log into your account. Sometimes this is easier said than done. If the hacker changed your email password, you’ll be locked out of your account. In this case, contact your email provider for help. You may also be able to reset your password by answering security questions or sending a password reset link to an alternate email.
If you’re one of the lucky ones and you can log into your account, change your password immediately. If the hackers actually got into your account (more on that later) they know your old username and password. Therefore, you need to change it FAST. Your new password should be completely different from your old one – consider using a series of random numbers, letters, and punctuation. When creating a password, imagine that your arch-nemesis will be trying night and day to crack the code. Don’t make it easy for them by using your dogs name, or God forbid, your birthday.
Spread the Word
Now you need to contact your email provider. Let them know that you may have been hacked. They might have some good advice for you or tools that will help you resolve the issue. Even if they don’t, it’s good to let them know about a potential security breach. They don’t want your email hacked any more than you do.
Next, send a second email to everyone in your contact list. Let them know that you’ve potentially been hacked and advise them not to open any suspicious looking emails. As a reminder, suspicious looking emails include:
- Emails with nothing but a link
- Emails with long, complicated-looking links
- Emails that ask you to enter any personal information (your birthday, usernames, passwords, etc.)
- Emails from people you don’t know with suspicious-sounding subjects such as “Free Ten-Year Vacation!”
- Anything in your spam box that you’re not absolutely sure you can open
If, unfortunately, your friends may have been hacked as well, do the right thing and send them to this blog. It only gets worse before it gets better.
Scan Your Computer
Now comes the fun part. You’ll need to run a COMPLETE scan on your computer before doing anything else. You need to run a few scans to search for viruses, spyware, malware, and other nasty computer gobbledy-gook. If you have a favorite virus, spyware, and malware protection program, go ahead and use it. Of course, I have a few recommendations.
Antivirus: Windows Defender
I love Windows Defender. It’s a free program that’s built in to the later versions of Windows, which means you probably already have it. It scans programs before you open them, downloads updates automatically, and allows you to choose between quick and in-depth scans. Here’s my favorite part: it doesn’t force you to download “crapware,” or secondary programs that you don’t really want anyway.
However, some testers have claimed that Windows Defender doesn’t provide comprehensive protection for high-risk users. In case you were wondering, high-risk users download things willy nilly and install any plugin that winks at them. Have some modesty. Don’t be a high-risk user.
If you have an old version of Windows that doesn’t already come with Windows Defender, download the older version of this program. Then, run a full scan to search for viruses. While this scan is running, DON’T USE YOUR COMPUTER. You’ll only slow things down.
Close second: Avast Pro, the paid subscription. Download it here.
Malware Protection: Malwarebytes
This virus and malware protection software really does a great job of removing stubborn malware. Once installed, this program will scan your computer and quarantine any suspicious files. You can choose from a variety of protection options with varying price points. However, the free version works just fine in my opinion.
Once you’ve installed Malwarebytes (click here to download the free version) run a scan to check for malware. The program will quarantine any infected material so that you can delete it.
Spyware Protection: Avast (the free version)
Avast is a great program that offers virus and malware protection. However, it really shines when it comes to detecting spyware. You can get a paid version of this program or download it for free to get started.
Next, you need to run a boot scan. To do so, open the Avast user interface and select the “Boot-time Scan” option from the “Scan for Viruses” drop down menu. The program will ask to restart your computer; click yes. (Obviously, make sure all important documents are saved and closed before clicking yes.) Your computer will restart. While it’s restarting, Avast will run a comprehensive scan. Once finished, the computer will finish starting up. If you need to delete any infected files you will be prompted to do so.
- Run a scan of Windows Defender (or comperable Antivirus program.)
- Run a scan of Malwarebytes.
- Run a boot scan of Avast.
- Scream in frustation because your computer has been running scans for three hours.
Remember not to mess with your computer while it’s scanning for infected files. Go play on your phone or something.
Do Damage Control
“What?” you sputter. “There’s more STUFF I have to do? I just spent all morning running virus scans! Surely that’s enough!” And then you continue with your day, pretending that none of this happened. Well, I suppose this step is technically optional, and by optional I mean that if you don’t do it, you could potentially broadcast your credit card numbers, social security number, banking passwords, and auto-saved credentials. So, “optional.”
Unless you’re a hacking pro (you’re not, or you wouldn’t need to read this article) you probably have no idea how the email hackers got your information. That means that they could have access to ANYTHING. You need to do some serious damage control.
1. Change your banking passwords.
Even if you don’t think it’s necessary, do it for the peace of mind. Use a new, exciting, difficult-to-guess password full of random numbers, letters, and punctuation. The last thing you want is for all your money to disappear.
2. Comb through your email for usernames and passwords.
This is perhaps the most tedious step. If you’ve ever sent or received sensitive password information over email, you need to identify those passwords and go change them. Don’t simply delete the emails; the hackers may already have those passwords.
3. Monitor your various financial accounts.
If, heaven forbid, the hacker managed to get hold of your social security number, they may use it to open a credit account or sign you up for all kinds of fun things. For the next year (or always, really, you should always do this) keep an eye on your accounts for suspicious activity. Get a free credit report from Credit.com every year to monitor your credit. If you see anything strange, talk to a financial adviser or the friendly folks at Credit.com. They’ll be able to help you freeze your credit while you sort everything out.
You’re through! Time to open a beer and question your life choices. Happy browsing!
Short answer – yes, and why haven’t you done this already?
There’s a famous story floating around the internet about a man named Mr. Masala who deleted all of his company’s data with one line of bad code.1 It’s since been debunked as a hoax but the message is still powerful. According to slashdot.org, Mr. Masala was debugging his servers by running a line of code and added one space too many, thereby erasing everything2. Most modern companies rely on a network of servers to collect data that is essential to their daily functions. Many of our readers are small business owners; can you imagine something happening, something seemingly small, and suddenly ALL of your information is gone? Just like that?
What do you do after such a catastrophic event? Can that information be recovered? Many comments on Mr. Masala’s ill-fated forum post were fatalistic. “I feel sorry to say that your company is now essentially dead,” wrote a user called Sven.3 Another user, Michael Hampton, was equally pessimistic. “You’re going out of business.” he writes. “You don’t need technical advice, you need to call your lawyer.”4 Even the most optimistic users agreed that Mr. Masala’s business would suffer and that recovering his information would be expensive, time-consuming, and likely to fail.
Now that I have your attention…
Mr. Masala’s predicament turned out to be a hoax based on an elaborate viral marketing scheme. However, stranger things have happened. I had a client whose building was hit by lightning; the resulting power surge fried his computers. Another client was unfortunate enough to live in a flood zone. Yet another client got a nasty computer virus that erased vital information from his servers. I could go on, and on, and on. Fortunately all of these stories have happy endings, because I always insist that my clients run backups on their servers.
Now, the extent to which their information is backed up is dependent on the client. Like most things in life, you get what you pay for. If you have an information-sensitive business such as an accounting firm, it may be worth your money to buy software that runs full backups on a daily basis, both locally and remotely. If this sounds like something you’re interested in, leave a comment and I can recommend several excellent products. However, if your information doesn’t change that often, you’d probably be safe backing up your servers once or twice a year with a cheaper program. Again, comment if you need any recommendations as I’d be happy to give them.
If there’s anything that you take away from this article, I hope it’s this: backups are really, really important. Also, don’t mess around with code scripts when you don’t know what you’re doing. Lesson over.
Finally getting back to the blog thing! It’s been a crazy year, and just like other parts of life and work I let this go as other fires needed tending.
This is just like the Dreaded B-Word, BACKUPS. I know what you saying, “Yeah TG, I KNOW it’s important! I have this Friend who got hit with lightning and……” But then you probably don’t have good backup of your own stuff, or if you do it’s very, very old.
That was my issue recently, I did a full drive encryption on my boot drive (I’m a Tech! What could happen?), and it worked fine for awhile. Until an update happened that broke it! Unfortunately I did not have a full backup of my current laptop, I had a Paranoid Backup (What I call it) of SOME of my more important stuff. I did not have a full, in place, current backup.
Now, being a Tech Guy, that does not bother me quite as much as it probably should most of the time. Let’s just say after about 6 hours working on recovering the drive I was wishing for a full current backup. Cobblers children, etc. etc….
So having said that, I’m going to give you some links to software that I use, have used, or should use. This will apply to Home and Business users. These are solely for local backup, which is sometimes better than cloud when you have to get things back to normal fast.
http://www.drivesnapshot.de/en/index.htm – this is a great tool that you can use to do bare metal restore with. You can use it for 30 days before you should buy it. It is very good and fast. Only downside is that it does not have a scheduler.
http://wwww.macrium.com – Another great full image software that you can do bare metal restore with, and you can purchase the home version and set up a running schedule.
http://www.2brightsparks.com/ – Use this to sync up your info from drive to external, FTP, or even Onedrive/GDrive/etc. There’s a free version!
These are by no means the only software that you can use, these are ones that I have set up for clients for local backup that have worked well for me over the years. Happy Backup!
Never underestimate the abilities of a determined and creative phisher. Making the rounds is a phishing email that spoofs a Facebook notification, the one that says someone has commented on your status.
The first clue in the email that it is a fake is that the person mentioned in the subject line is probably not someone you know. But, if you are one of those folks who has a zillion FB friends, that may not seem unusual to you – and zap! They got you! Or, if you are one of those folks who is curious how that stranger was able to post on your timeline, so you click on the link… Zap! They got you, too! Read the rest of this entry »
New Virus – (actually an old one, repackaged and made even more evil) – CryptoLocker(Ransomware) is out and about. According to just about everyone that you can read or find on the Net, it’s an evil thing.
First, when you get an email from someone that you don’t know – that has an attachment (usually a .PDF which is NOT a .PDF), you open it to see what your new (unknown) friend sent you….
Have you set up a Shared Mailbox in Hosted Exchange? Have you noticed that you can’t see the contacts in your address book?
According to MS, you can’t (and it’s true!). That’s the official word, anyway. However, turns out you can do it a better way!
4 months ago, I was beating my head against the wall trying to get this done. Then I had an epiphany, its Exchange just like local – maybe MS didn’t turn THAT function off. We had a shared Calendar, Contacts, and Tasks set up in our Public Folders that everyone in the organization used daily. I decided that I didn’t have anything to lose so I tried it. It worked.
I just found this walk through, done by Alan Byrne @ Cogmotive – it is very well done, and I don’t need to reinvent the wheel.
There are some gotcha’s –
1. You still can’t get this on your mobile device – YET
2. You won’t see this from the OWA either.
3. Make sure that you have your permissions set correctly or you WILL get frustrated.
I’m re-posting this because it was a pain in my side, and at the time there weren’t very many (or any) answers. Thanks to Alan Byrne for doing a great walk through (so I didn’t have to!), and share the info! (just give him credit!)
In Windows 7, Outlook Express has gone away. MS wants us to use a Live account, or Hotmail, or Exchange, however some folks still like the Outlook Express look and feel and simplicity.
Since OE is not included in Win7 (or 8) you may want to use an alternative like Mozilla Thunderbird, which is a good choice. The issue you will find quickly is that there is no way to easily import your OE address book into Thunderbird without having OE installed.
Here’s how you do it:
Copy your Address Book file (.wab) to the new computer.
Once there click on the Start button (Orb), and in the search line type “wab” and hit enter.
This will start the Windows Contacts.
Once this starts, you can import your .wab file into the windows contacts. – click import, browse to your OE (Wab) file, and let it go.
Now, open Thunderbird and go to the address book, click Tools, import, and choose OE file. It will import the contacts from Windows Contacts. This will also keep whatever groups you have. Enjoy!