Greetings!
If you have a Windows PC with Teamviewer installed, or An Android smartphone, or a curiosity of how easy it is to create a fake version of a well known website can be created and used for stealing users credentials for fraud, then this edition is for you!
Or should I call this edition the very early Autumn edition?
Autumn usually begins at equinox (September 21st), and this marks the beginning of the times of named storms such as Francis’s that might gallop through our back yards kicking garden furniture about to remind us that wooden & plastic things that aren’t bolted down can actually fly! But Francis arrived at least 3 weeks early to give us a fore taste of climate chaos, just in case our awareness had drifted from other news stand headlines. Ironically many news stands also flew about during Francis’s visit.
In this edition I bring you what I hope is useful information so that you can do prevent the threats, kinda like building good storm fencing! 🙂
Teamviewer – Gathering Clouds!
Storms could begin with Teamviewer (Windows Version Only)
Sadly, the widespread success of Teamviewer means its widespread adoption during the pandemic to remote fix PC’s, has meant that a flaw within its software code could affect the security of millions of users who have it installed.
Luckily some experts who test for exploits in software have got there before the scammers and issued a ‘Severe’ warning to alert people to update their Teamviewer Apps immediately to a patched version. See here for details.
My view is that unless you are using it constantly for say, remote controlling your office or another remote PC so you don’t have to go there in person, than its better to remove Teamviewer or any other software of the type, so that should a new exploit be discovered you are safe from the risk of it not being update patched because you might not have known it needed patching.
If you need help from me to update yours, to remove it from your system and/or do a security review or clean up of your system, then do call me on, 07579001747, (I don’t use Teamviewer!)
Snapdragon’s Fire Storm?
Snapdragon (not the pretty garden version) is a processor chip that’s probably inside your Android smartphone in common with millions of other peoples smartphones. And if so its problem is one that only Qualcomm (the manufacturers of the processor chip) can fix. Hopefully they will do this quickly, so I suggest you keep a keen eye on your smartphone manufacturers security updates for this, especially if you have a Samsung, LG or Xiaomi.
This article details the flaw;
Within it it reads;
“Dubbed “Achilles”, this flaw could be present on millions of Android devices around the world, mentioned specialists in the exploit development training. Check Point researchers, in charge of the find, did not reveal too many details of the flaw, although they claim that the consequences of exploitation are severe, as threat actors could record user calls, install malware remotely, and even completely disable an affected device.”
So patching it as soon as possible could save you a lot of troubles! Do call me if you need 07579001747
Phishing Frights! – The perils of Clicking Hyperlinks in texts & emails.
I’ve read of how easy it is for some common or garden sleaze bag to set up a faked website that looks exactly like Google, Instagram, Netflix, PayPal and many other popular platforms with great ease.
Nasty little tools exist (Zphisher is one) and these can be used to do this and to send its intended victim an email within which is the nasty hyperlink that directs their browser to their own faked website. Consequently a users logon credentials are captured that way with the greatest of ease.
I won’t provide details of web pages that show how to do this for obvious reasons, but be aware that the old style user name and password logon is past its sell by date! The convenience of only using those to log in could be a very expensive luxury!
Some Tips;
a) Avoiding emails and texts with hyperlinks in them unless you are very sure of the authenticity of the sender. Banks & reputable institutions won’t send hyperlinks in their communications with you.
Try to always go to any vitally important website directly yourself by either typing in the web address into your browsers address bar, or by using a Bookmark (Favourite) that you have already saved to go to the web page. I try to encourage people to lose the habit of always using a search engine to find important websites because there are dodgy web search sites out there who might send you anywhere!
b) Always use a 2 Factor Authentication (2FA) method for logging into vital sites so that you have to enter a code that is sent to your phone by text. Better still, use a secure 2FA authenticator App such as Sophos Authenticator or Google Verify (Many others exist and are in your App Store or Google Play store). These generate a code on your smartphone for that purpose and don’t rely on a text to arrive which may not come if you are in a weak signal area or could be intercepted .
If you want to read a long but very well written web page on the pro’s and con’s of using 2FA secure log in so that you can choose the best method for you then this page by Sophos is a very good one.
Sophos also offer this audio podcast you can listen to for free in which 2 people discuss this which might make it easier to understand.
Covid-19 Working
My website gives full details of my working protocols that I use when working for customers.
These are subject to changes as the covid-19 situation evolves so please do check back from time to time.
i.e. I am considering how I might safely return to working at customer sites, in addition to the existing Remote Control & Tuition Services and Offsite Repairs that I already do.
Well that’s it for now, do keep safe both online and offline!
Greg Dance
0757 900 1747
pct@phonecoop.coop