PayPal accounts integrated with Google Pay are hacked

Earlier this year users of PayPal accounts that have been linked to Google Pay have reported unauthorised transactions on their PayPal accounts.

According to a number of victims, the illegal transactions have taken place at shops in the US with purchases particularly prolific at Target stores in New York.

Most of the victims appear to be from Germany and the costs of the transactions run as high as €1,000 in some cases.

PayPal has created a virtual payment card with a number, expiration date, and CVC number. When a Google Pay user makes a payment using PayPal funds, the transaction is done via the virtual card.

Researchers believe hackers could have found a way to discover the details of the virtual cards, though this is by no means certain.

PayPal said it has now resolved the issue without giving further details.

PayPal flaw

Two security researchers said last year they discovered a flaw in PayPal that allowed hackers to read the card details of a virtual credit card from a mobile phone if the mobile device is enabled.

This could likely happen via a near field communications (NFC) reader app. NFC is used when you tap your card on a payment device. For security purposes, the signal range is meant to be no more than about 20 centimetres. However, if a mobile device is being used to make a payment it has been proven that attackers can read the signal from up to 10 meters away with special equipment.

Given that only users from Germany, some of whom have never even visited the US, are affected suggest that their virtual card details are being picked up at contactless payment facilities in Germany and then brute-forced to reveal the full payment numbers.

For instance, in Germany the first eight digits of the virtual card are always the same, leaving 7 digits left to guess. The researchers who first discovered the flaw said attackers would only need 170 guesses to establish a valid credit card number and card expiry date.

With automated software, this could be discovered in seconds and online accounts could be filled up with funds from hacked PayPal accounts within minutes.

What to do?

  • Google has reportedly said that fraudulent payments need to be cancelled through PayPal.
  • PayPal advises reporting fraudulent transactions immediately so they can be cancelled.
  • PayPal users can also avoid using contactless features and remove Google Pay from their PayPal accounts.

Be vigilant everyone.

The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.

Keeping Your Online Gadgets Safe

A wide range of household gadgets are being targeted by hackers, now that a gap in their security has been revealed. It is vital that for your own safety and security that you know how easy it is to keep your gadgets free from hacking by burglars and other criminals, so I shall outline very easy ways to enable this safety.

Gadgets that are being targeted include televisions, kids’ toys, smart thermostats, smart speakers, baby monitors and smart cameras. Most experts within this field have stated that the security of these devices is very good, but devices that use wireless technology is a criminal’s path straight into your own home, as they can easily be hacked. Similarly, Bluetooth connections between gadgets is another method of access into your own private life within your home. These have all come about due to the passwords attached to the gadgets being easily predicted, and not changed by house owners, leaving them vulnerable to hacking by burglars. Below, we look at the gadgets listed above, and advise you with some very easy steps to make them much safer and resilient to hackers.

Televisions:

Televisions come with cameras, microphones and web connection, all of which are accessible for hackers, potentially being able to use these means to broadcast inappropriate videos directly onto your TV. To resist this from happening, put some black tape over the top of the camera on your TV, and tweak your security settings to make it harder for hackers to get through (reset password etc.).

Kids’ Toys

Your children could be contacted by perverts through their gadgets where offensive images, videos or voices could be broadcast to them. Which? Has stated that karaoke machines, robots and walkie talkies all had security flaws, and 3 of the 7 toys tested could allow strangers to be in contact with the user. To improve the security of these gadgets, alter the PIN numbers and passwords, and turn the gadgets off when not in use by the children.

Smart Thermostats

The altering of your heating in your house could leave clues to hackers and burglars as to whether or not you are home, where if the heating is off for a long period, it would suggest to them that you are not in your house, leaving it vulnerable to burglary. To avoid your thermostat being hacked, again alter your password to something strong, and potentially allow two-step authentication, making your gadget more resilient and less likely to be hacked.

Smart Speakers

One of the best speakers in the market is Amazon’s Alexa, a gadget found in within most families now-a-days. However, there are some security fears that hackers are listening or even watching your daily activities through the cameras that some of the products are equipped with. Look for cameras on the product, and cover these up. There is also an option to opt out of being listened to, and manually programme instructions to Alexa through a tablet, being more secure, if strong passwords are set up between the two devices.

Baby Monitors and Smart Cameras

Some video cameras that can be bought cheaply on online shopping markets such as amazon have been tested to have security flaws, making it easier for hackers to access your gadgets. Weak passwords and remote access for strangers were noticed as key factors that meant hackers could easily use the cameras to investigate your homes. Before you buy a product such as this, use products that are well-known such as Arlo and Nest, which all have a high level of security.

If you require any help or advise whilst setting up your gadgets please get in touch with us here https://www.mpmit.co.uk/contact-mpm-it-computer-support-services/

The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.

Why You Should Avoid Using Public WiFi

Using public WiFi is a no-no unless you want to hand your private data over to hackers.

This is another example of how to fight hackers. We’ve already looked at two-factor authentication and encryption.

Public WiFi might seem like the perfect way to make your monthly-allocated data usage go further, but it’s fraught with dangers.

Public WiFi opens the door to hackers

When you’re out and about, your smartphone will detect many WiFi networks. Some will be locked, requiring a password to log on. Others will purport to be public access, free services.

However, the thing you have to remember is that these free, public access networks are also insecure.

What does that mean?

It means that when you use them, everything you type is in clear text and can be read, accessed, recorded or taken over by anyone with the correct equipment.

Can you make public WiFi safe?

If you rely on these public WiFi services, there is a solution to remove, or at least reduce the risk of hacking.

The solution is to use a Virtual Private Network (VPN), which scrambles your communications making them unreadable.

If a VPN isn’t provided by a business firewall, you can buy applications for about £3 a month. These will scramble all communications through insecure connections.  Once a VPN is being used, there’s no way the ISP or anyone else can read or record what you’re browsing.

The moral of this post

If you have to use public WiFi when you’re out and about, make sure you use a virtual private network. If you don’t you run the risk of losing your privacy and, possibly, your data.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.  

 

Keeping Your Children Safe Online

Internet safety is always a big news story. The anonymity of the web has proven to be an issue when it comes to our children safely enjoying the social side of our technological world.

In a recent blog by BullGuard, they look at a specific app called Yolo, which is used as a way for users to anonymously ask questions to Snapchat users.  People who receive the questions can then post them on their Snapchat Stories. This allows followers to see the responses and helps encourage the spread of the app.

They go on to say that: “…the NSPCC warns that such anonymous apps can be easily misused to send abusive messages to others or by those looking to exploit young people.

“It added that these types of apps are becoming increasingly popular among children, yet their very anonymity is a magnet for predators and bullies and those who want to send abusive of upsetting messages.

“The NSPCC is calling on the UK government to establish an independent regulator that will have the powers to make tech companies consider the risks that their services pose for children.

“The Yolo app, which is an acronym for ‘You only live once,’ was developed using Snap Kit, a piece of software provided by Snapchat that enables app developers to integrate their products with the popular social network.”

Children and social media

Last year the NSPCC surveyed 2,059 children and 2,049 parents for a young people’s social media guide.  It asked children and parents about violent, bullying or adult content on social networking sites and games used by children and young people. The research revealed:

  • 1 in 4 young people have been contacted over social media by an adult they didn’t know. A  third of those contacted were children under 13
  • Facebook, YouTube and Grand Theft Auto: San Andrea were the only sites to be ranked high risk for all three of the categories violent, bullying and adult content
  • Twitter and Reddit also ranked highly for inappropriate content
  • The top 15 risky platforms included lesser-known sites, such as Sarahah, Omegle and Yubo
  • Two in three young people know how to perform safety functions, including reporting, blocking users, and changing privacy and location settings.

These alarming stats show that the threats for youngsters on social media are real.

It’s hard for parents to keep up to speed with everything their child does online, the sites they visit and the social platforms they use. Facebook no longer holds an appeal for them. Now they prefer the likes of Instagram and Snapchat.

Internet safety

The use of parental controls is a must to help parents filter what their children are exposed to. If in doubt, get in touch, and we can recommend the right product to keep your family safe online.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.  

Source: BullGuard

Draytek Router Security Alert

Do you run Draytek routers?

If so, you need to know that Draytek became aware of a new attack affecting web-connected devices, including Draytek routers.

It’s paramount you check your router’s DNS settings and update its firmware. This is what Draytek had to say in its advisory statement.

What Draytek says:

In May 2018, we became aware of new attacks against web-enabled devices, which includes DrayTek routers. The recent attacks have attempted to change DNS settings of routers.  We are in the process of releasing updated firmware, and will issue each ASAP to address this issue. You should upgrade as soon as it is available but also immediately follow the advice below:

 

  1. Update your firmware immediately, or as soon as updated software is available. Before doing the upgrade, take a backup of your current config in case you need to restore it later (system maintenance -> Config Backup).   Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware then please check the release notes carefully for any upgrading instructions. Note : If your are an Irish user (or using an ISP who uses non-standard VLAN tags), please see the note further down.
  2. Check your DNS and DHCP settings on your router.   If you have a router supporting multiple LAN subnets, check settings for each subnet.  Your DNS settings should be either blank, set to the correct DNS server addresses from your ISP or DNS server addresses of a server which you have deliberately set (e.g. Google 8.8.8.8). A known rogue DNS server is 38.134.121.95 – if you see that, your router has been changed.

    In the case of DHCP, the DHCP server may be disabled, which will typically cause errors on your LAN as devices fail to be issued with IP addresses so the problem is more obvious.

  3. If your settings appear to have been compromised, restore a config backup or manually check and correct all settings. Change your admin password and check that no other admin users have been added. Follow all of the advice in our previous CSRF article here.
  4. If you have remote access enabled on your router, disable it if you don’t need it, and use an access control list if possible.   If you do not have updated firmware yet, disable remote access (admin) and SSL VPN.  The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.

  5. Always use secured (SSL/TLS1.2) connections to your router, both LAN and WAN side. To do that, just prefix the address with https://.   Disabling non-SSL/TLS connections:

    The ‘enable validation code’ option at the top (above) is recommended. It adds a ‘captcha’ style option to the web admin login page.

  6. If you are in the UK/Ireland, ensure that you’re a member of our mailing list so that you can receive update and security advisories like this otherwise we have no way to notify you of this and any future issues.

 

Keeping you safe online

Draytek went on to say:

The priority for us has been to identify the cause and issue strengthened firmware so this is an initial report/advisory. We continue to monitor and investigate this issue and will update as appropriate.  At this stage, for obvious security reasons,  we will not be providing any further details of the issue. Please share this advisory with other DrayTek users/SysAdmins.

Our wireless access points (VigorAP series), switches (VigorSwitch series) and Vigor 2950, 2955, 2960, 3900 and 3300 series routers are not affected and do not need updating (but you should still always run the latest firmware on those anyway).

If you have a Draytek router, make sure you follow their advice and stay safe online.

Source:https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

Can You Be Anonymous Online?

How to be anonymous online

 

When we talk about being anonymous online, we’re not thinking about it in a creepy stalker kind of way. Instead, we’re thinking about how companies, hackers and the government are keeping an eye on us.

Have you noticed that you can’t browse the internet these days without adverts for the products you’ve been looking at popping up on your social media feeds?

The truth is that internet privacy is very poor. However, there are a few things you can do to enhance your privacy.

This list was created by BullGuard. You don’t have to follow all of them, but by adopting one or two you could enjoy a little more anonymity online.

 

  • Anonymising operating systems

Most of us use standard operating systems such a Windows or MacOS. However, there are other operating systems we can use that anonymise users. For instance Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD. Tails preserves your privacy and anonymity; all connections to the Internet go through Tor network nodes which ensure users are anonymous. There are operating systems which provide anonymity such as Ironkey Workspace, ZeusGuard and Qubes OS.

  • The value of VPNs

A virtual private network (VPN) anonymises your web surfing and keeps your communications private. They are specifically built to make your internet connection more difficult to identify and track as well as encrypting your communications.

  • Tor browser

Tor is often thought of as a browser which it is, but is also much more. It’s a system consisting of tools, browsers, application programming interfaces and a network all dedicated to helping you stay anonymous online. When you use the Tor browser you enter a Tor network path and the traffic to and from your destination is routed through a random set of Tor network nodes. Tor is one of the best ways to stay anonymous when combined with other privacy tools.

  • Privacy Badger

Privacy Badger is a browser plug-in offered by the Electronic Freedom Foundation. Available for Chrome and Firefox, it stops advertisers and third-party trackers from tracking your web browsing, including what pages you visit. It watches third-party domains that place images, scripts and advertising in web pages you visit and stop them from tracking you.

  • Free applications can track you

Free applications come with a price. If an application is free and it isn’t designed to protect your privacy and its popular then it’s very likely that it contacts servers and send back information about how you are using the product.

  • Privacy testing

If you have a few privacy features in place the Electronic Freedom Foundation provides a service to assess how well they are working. Simply click through to this page and click the Test Me button.

  • ‘Private’ search engines

Popular search engines like Google and Bing keep track of your searches so they can target ads at you. The DuckDuckGo browser is designed to protect your privacy so your searches aren’t tracked.

  • Sharing files anonymously

Dropbox is very popular file sharing service. But as Edward Snowden said it is “hostile to privacy.” A free alternative that enables anonymity is OnionShare. It’s available for Windows, Mac OS X, and Ubuntu.

  • Delete cookies and browsing history

It’s a good idea to regularly clean out cookies that websites use to track you and your browsing history. These can be used to identify where you’ve been. CCleaner is a useful free tool that enables you to do this quickly. There are others too.

Privacy is a basic right we all have. Hopefully, these suggestions will help you gain control of your online life.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages

Source: BullGuard

Look Out, There’s SMS Phishing About

SMS Phishing scam

 

SMS Phishing is fast becoming one of the most common forms of threat – even more so than fake apps.

You might think that in the scale of things, SMS scams as a cyber threat is a bit old school, but that’s what makes them so darn clever. You are constantly reminded about looking out for fake apps, dodgy emails and unsecured websites but what happens if you get a text telling you you’ve won a product?

The chances are because it’s not an email, you would be drawn in. The fake URL contained within the message proves too tempting, and you click – after all, what harm could it do? It’s only a text.

The problem is that one click will unleash malware on your smartphone.

Don’t get caught out

It pays to be vigilant whether using your PC, tablet or phone. To help you stay safe here are a few things to watch out for, courtesy of BullGuard:

  • Don’t click on messages from unknown sources that contain links
  • Don’t reply to any messages that ask about your finances
  • If the text demands a quick reply, ignore it, it’s probably a smishing attempt
  • Don’t call back a number associated with a text that has arrived ‘out of the blue’
  • If the message starts: “Dear user, congratulations, you have won” (or something along those lines) it’s a scam
  • If the message purports to be from a long lost friend, it’s a scam

To be on the safe side, here at MPM we recommend you protect your devices with a product like BullGuard (others are available).

Above all, stay vigilant and stay safe.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard

It’s The Season of Giving But That Doesn’t Mean You Should Give a Stranger Access to Your Computer

Scammers and hackers

 

It’s The Season of the Hacker

We first published this blog post back in June of last year to warn you about hackers. However, considering the number of clients we’ve been trying to rescue from scams recently, it’s about time we posted it again.

Regardless of whether you get a phone call purporting to be from your phone company or a software giant, hang up. Just today we were called by ‘BT’ telling us that someone had hacked our router and could see all our internet searches and purchases. All we had to do was go to Google and open a site…we put the phone down at that point. And that’s what you should be doing.

Now and then the scam phone calls start.

They come out of the blue to catch you unawares.

As you go about your business, someone informs you there’s a problem with your computer – what do you do?

Before I answer that take a look at these questions:

  • Would you give a total stranger the keys to your house?
  • Would you give a total stranger the keys to your car?
  • Would you tell a total stranger how to access your financial banking system?

I’m guessing you answered no to all of those. So how come people give a total stranger (i.e. a hacker) access to their computer?

On the strength of one unsolicited call, people allow remote access to their computers – and that means their files, photos and everything else they hold dear.

Yes, the caller is probably very polite, they will even try to make you believe they are doing you a favour and have called just in the nick of time.

But answer me this – how do they know what’s on your computer? There is no way they can tell what software you’re running, programmes or anything else for that matter, so there is no way they’ll know whether you have a virus on your machine or not.

No one from a multinational billion dollar turnover company (i.e. Microsoft) is going to phone a residential customer to resolve an issue on their PC or laptop.

When you get one of these bogus calls – and you will – do yourself a favour and hang up on them. If you want, call a trusted local company, like MPM IT and get them to check over your PC for you for your peace of mind.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Why You Should Think Twice Before Sharing Your Location Online

don't share your location

 

It’s good to share – at least that’s what many of today’s apps would like you to believe.

Foursquare, Facebook, Swarm and Twitter encourage you to check-in everywhere you go. Now, for most of us, that’s not a big deal. However, if you’re one of those people with hundreds and thousands of followers, are you sure sharing is safe?

The potential harm

You might think this is a fuss over nothing and, to be honest, 90% of the time sharing your location is completely harmless. But, the potential for crime is real.

There have been instances where burglars have monitored social media so the can target houses of those posting idyllic photos of their beach holiday.

Sharing your location can lead to unwanted visitors – how about a jealous ex turning up unannounced? OK, this in all likelihood is rare, but it could happen.

Sharing safely

We don’t want to be a party pooper, and you can enjoy these apps safely. The key is to make sure you know who you’re sharing your location information with. Rather than broadcasting your location publicly, think about who you want to see where you are.

Panda Security offers these tips:

Apple

Tools like Apple’s iMessage allow you to send pinpoint locations to specific contacts for instance – perfect when you’re trying to organise a meeting, or when one of your friends gets lost on the way. Find My Friends, another Apple app, allows family members and close friends to keep tabs on each other all the time – so long as they agree to sharing their location first.

Android

For Android users, Panda Mobile Security limits sharing personal information through the Privacy Auditor. It shows the permissions required by the apps installed on your device (access to contacts, bank account data, photos, your location, etc.). With a quick look you’ll decide which apps can have access to your location.

Google Maps offers similar functionality – but to maintain your privacy you must set a time limit for sharing. This means your contacts will only see where you are for a few hours or days, reducing the risk of someone you don’t want following you around.

So there are ways you can share your location safely.

Above all:

  • Don’t share your location blindly to everyone
  • Regularly check your sharing permissions
  • use privacy-based apps like iMessage, Find My Friends and Google Maps

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

Even Old Windows Server Machines Can Fend of Hacks

Windows Server 2003

 

Microsoft wants you to upgrade your business onto the latest Windows OSes that offer security patches because, if you’re running a Windows Server 2003 machine, you’re doomed.

Sound advice, but many large institutions (such as those in healthcare and manufacturing) can’t upgrade because they rely on legacy software that won’t run on modern operating systems.

It costs an enormous amount to upgrade, especially when the machines are fine and it’s just the Server that’s the issue.

However, all is not lost because there are some things you can do to keep your old Windows Server 2003 secure.

Network segmentation and monitoring

Network segmentation goes beyond placing vulnerable servers behind a firewall.

By restricting access to your most critical servers, and making sure only system admins can control them, you’re reducing the network hackers can access should they breach your firewall.

It’s not a costly exercise, and Enterprise internet routers often have access control features that can limit which computers can talk to what. It’s also wise to monitor vulnerable servers (especially if carrying critical information) for any unusual traffic.

Application whitelisting

Whitelisting works by allowing only trusted applications to run on your computer.

It’s the opposite approach to antivirus products that blacklist malicious programs based on known indicators.

Backup sensitive data

Hopefully, you’re already doing this, but backing up important data stored in your machines will help. Particularly with the growing popularity of ransomware that infects your computer and encrypts all the data within it, which will only be freed once a ransom is paid.

The best option

Although these ideas will help, the best solution is still to upgrade.

Yes, it will be costly in the short-term, but that investment will help the long-term security of your data and reputation of your business.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: pcworld