Tips for Staying Safe Online With Your Social Media Accounts

Tips for Staying Safe Online With Your Social Media Accounts

Social media has made the world a more connected place, and in most cases, that’s a good thing. But social media has also created easy access to people’s and business’ information. And that can be a very bad thing when it comes to hackers and scammers getting involved.

Giving up social media is not a realistic option. Social remains the current most effective way to reach certain audiences. But neither is it reasonable to carry on as if social networks are always safe and secure. You need to take steps to protect your personal and the university’s information against some of the most common social media security threats. Here’s where to start.

Third-party Apps

Third-party apps are apps or websites that let you access your social media account’s information to look at statistics or analytics of your site. These apps are not usually approved by the social media companies themselves.Even if you have your own social accounts on lock-down, hackers may be able to gain access through vulnerabilities in third-party apps that integrate with the big social networks.

For example, hackers gained access to the Twitter accounts of Forbes and Amnesty International using a flaw in the Twitter Counter app, used for Twitter analysis.

So be sure to use the official social media websites to view your social media information to decrease the likelihood of personal or private information from being obtained by hackers or scammers.

Phishing Attacks and Scams

Phishing scams use social media to trick people into handing over personal information (like banking details, passwords, or business information).
A recent social media scam involved false reports that the actor Rowan Atkinson had died. (The Mr. Bean and Blackadder actor is still very much alive.)

What looked like a video link actually directed users to a page that said their computer had been locked, with a phone number to call for support. Rather than a support team, the phone line connected to scammers looking for credit card numbers and personal information. Worse, the “support software” offered was actually a virus.

So if you ever run into an issue like this, where you get a big error in your web browser asking you to contact someone for support, please contact your Computer Support Specialist on campus first before doing anything else so that we can help you determine if these errors are legit. (Most of the time they are not!)

Limit Social Media Access

You may have several staff members working on social media messaging, post creation, or other content creation. But that doesn’t mean everyone needs the ability to post. And it doesn’t mean that everyone needs to know the passwords to your social accounts.

The first line of defense is to limit the number of people who can post on your accounts. Think carefully about who needs posting ability and why.
Also, if a staff member leaves the university or moves to a different position, be sure to disable their access to your social accounts to prevent any accidents or malicious posts from being created.

Use Unique Passwords for Each Social Network

It’s a pain, I know. But it is also absolutely recommended that you don’t use the same password for Twitter as you do for Facebook, Instagram, or other social tools. Using a single password makes it easy for hackers and scammers, as gaining access to one means gaining access to all. Just imagine how painful it will be when you find you’re locked out of your entire online life.

When you use one password for multiple services, you’re only as safe as the least secure service you use. For example, if there is a security breach at Facebook and hackers or scammers have obtained your information, they’ve effectively gained your information for Twitter and Instagram as well, if you use the same password for all sites.

Additional Links and Information

15 Social Media Security Tips

https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/social-media/

Changes to the login process for Quicken 2015 Starter Edition

Extension offices in most Oklahoma counties have switched from Quicken 2012 to the newer Quicken 2015 Starter Edition. With this change, you might remember having to create a new Intuit ID to log into the application. There is a change in the authentication system coming that will affect all counties that made the switch. Soon you will have to create an entirely new account using the Quicken ID system to access versions of Quicken starting with Quicken 2015. Below, I’ll summarize what to expect with the change and the timeline for the process.

A little over a year ago, Intuit sold its consumer based money management software, Quicken, to private equity firm H.I.G. Capital. In an effort to move away from Intuit altogether, the company has been working on a new secure authentication system for Quicken users.

Starting now and through August, you will receive an email from Quicken about this change and what to expect. This email might look similar to the picture below. To verify, this email will come from Quicken’s verified email address, quicken@e.quicken.com.

Once the process is live, all you need to do is update your Quicken software. You will need to click the One Step Update Button and install any available update. After your product is updated, when opening Quicken, you’ll be prompted with a screen to create your Quicken ID. You’ll use your new Quicken ID to access all Quicken applications, including Quicken for Windows, Quicken for Mac, Quicken Mobile, and Quicken.com.

Don’t worry, creating this new Quicken ID doesn’t impact or change the data in your Quicken file, and, as always, your data is secure.  If you have any bank account logins or passwords, or a password vault stored in Quicken, those will remain stored locally on your computer.

If you have any questions about this change, please see the links below or contact the Support Specialist for your county.

Sources:

https://getsatisfaction.com/quickencommunity/topics/fyi-upcoming-action-required-critical-updates-for-quicken-windows-canada-and-mac-users

https://www.quicken.com/support/why-am-i-prompted-create-new-quicken-id-and-password

Congress repeals FCC privacy rules, but what does it mean for me?

Last month the US Congress passed legislation, subsequently signed into law by the president, that repeals rules adopted by the Federal Communications Commission (FCC) last October. But what has changed? Why is there outrage about this new privacy bill?! Why should I care?

In October 2016 the FCC adopted rules regarding Internet Service Providers (ISPs) and consumer privacy. Under those rules, ISPs would have been required to get your explicit consent before sharing or selling your information, such as geolocation, browsing history, and financial information to third-parties for advertising and marketing. The rules would have also required ISPs to tell you what information they collect and how it is being used or shared.

Even though these rules were never enacted, this most recent bill (now law) uses the Congressional Review Act (CRA) that allows Congress and the president to overturn recently passed agency regulations. The CRA also prevents the agency from passing the same or similar rules in the future.

Supporters of the bill to repeal the FCC’s rules believe that the power to regulate your data lies with the Federal Trade Commission (FTC), who already oversees websites and online advertising. They also believe that the FCC’s rules would have placed ISPs on unequal footing with web companies like Google or Facebook, who collect data from its users as well and are not bound by the agency’s rules.

Opponents of the bill believe that you, as a consumer, should be allowed to know how your data is being collected and shared, as well as be able to deny ISPs from selling or sharing any of your personal information. They also believe that the current privacy policies and rules under the FTC are unacceptable and outdated.

It is unclear if the FTC will update its rules on internet privacy and the trade of personal information, but several states are already looking to pass laws to protect its resident’s privacy. States like Minnesota, Kansas, and a handful of others are pushing legislation in the future hoping to strengthen internet and data privacy rights for consumers at the state level.

But one thing is for sure: under the current FTC regulations, all broadband companies are required to have a privacy policy that you sign or agree to when paying for internet service. Feel free to contact your ISP if you cannot find a copy of their privacy policy online.

Links to other articles covering this issue:

The Hill

Time

PBS

Avoiding Tech Support Scammers – The Latest in Phishing Scams

Avoiding Tech Support Scammers – The Latest in Phishing Scams

Scammers do not just send fraudulent emails. They might try to call you on the phone and claim to be from Microsoft or any other legitimate business. They might also setup websites with persistent pop-ups to get you to call a number to fix the issue. They might try to sell you software or ask to remote into your system to help solve computer problems. The only problem is, once they have access to your computer, they can access your computer’s data and your personal data. Below are some things to look out for to know if you are being targeted as a potential victim.

Telephone Tech Support Scams

Cyber-criminals often use publicly available phone directories to find victims, so they might know your name and other personal information ahead of time. Since Microsoft Windows is the most widely used operating system, they will usually say they are from Microsoft. Please note that Microsoft will not contact you without you initializing contact first, so treat all unsolicited phone calls with a great deal of skepticism. Do not provide any personal information over the phone.

www.donotcall.gov is a great website where you can add your mobile and home phone numbers to the National Do Not Call Registry to limit your phone information being available. You can report unwanted calls here as well.

Pop-up Tech Support Scams

Another well-known trick is a website pop-up. Scammers will create these sites with persistent error messages with a phone number for you to call to help fix the “issue.” These pop-ups are not easy to close, and some can come with warning sounds that can be annoying to listen to while trying to close the browser. Some pop-ups even warn that your data is infected. Whatever you do, do not call the phone number listed with these pop-ups, as Microsoft warnings and error messages never include a phone number.

Instead, it’s best to just close your browser. If you cannot close the browser with traditional means, you can always end the process via Task Manager. If you need more information on how to use Task Manager, please see this document located on DASNR IT’s support site.

Reporting Tech Support Scams

There are a few ways to report these scams to the right authorities. You can help Microsoft combat cyber-criminals by reporting information about your tech support scam experience. You can also fill out a FTC Complaint Assistant Form located here.

Protect Yourself from Tech Support Scams

Do not purchase any software or services from any unsolicited sources. Never give control of your computer to anyone unless you can confirm they are a legitimate representative of a support team from which you initiated the contact.

As always, when something like this happens, you should take this as a reminder to back up your data and run security scans using Windows Defender/Microsoft Security Essentials and possibly another anti-malware application such as Malwarebytes.

Windows 10 says my password is wrong… But I know I’ve entered it correctly!

Coming into the office one morning and turning on your Windows 10 computer, you might find that the password for your user no longer works. After installing an update, Microsoft may have changed the way you sign into the computer. In this article, I will show you how to find out if that has happened, and what you can do to revert the changes and use your original password again!

How do I know if I have this issue?

If you are asking yourself this question, the easiest way to tell is to see if you get this message after trying your password.

“That password is incorrect. Make sure you’re using the password for your Microsoft account. You can always reset it at account.live.com/password/reset.”

There is an issue with Windows 10 where, after an update, it will change a local user to a user associated with a Microsoft account. This means you will have to enter your Microsoft account password in order to log into the computer. This becomes a problem when someone either doesn’t remember their Microsoft account password, or can’t remember creating one in the first place.

What is a Microsoft account and why would I have one?

A Microsoft account is a combined account that allows you to access all of the Microsoft owned content available on the internet. This account can be used to access Outlook.com or Hotmail, XBOX Live for video games, Windows Store on your PC, and even Skype, as it’s owned by Microsoft. If you have used any of these services, or any of the other many divisions within Microsoft, you would have had to sign up for a Microsoft account at some point. You might have even created an account when logging into a brand-new computer with Windows 10, as it’s the most user intuitive way to create a user on a new PC.

How do I find out what my Microsoft account credentials are?

The easiest thing to do would be to search your personal and work emails for anything from Microsoft about account creation. They always send confirmation emails whenever you sign up for an account, and since you can use your personal email address to create an account it would be the most logical place to check first. If you deleted the initial email or can’t find it, you can move onto the next step and Microsoft’s password recovery tool will tell you if you have an account or not. The initial email should give you a clue as to what email address you used to create the account, finding the correct password is more difficult. Unless you remember what the password is, you will need to reset it.

How to I reset my Microsoft account password so that I can log into my computer?

For this to work, you will need to either log into a different user on your computer, or use a different computer entirely as you won’t be able to log into your computer just yet. You would also be able to complete these steps using a smartphone as well.

The first thing you will need to do is go to the following website: https://account.live.com/password/reset

Choose the option for “I forgot my password” and click Next. This will take you to the account recovery page.

Account Recovery

Enter your email address, phone number, or Skype name, enter the correct captcha characters, and click Next. If you remember which email address you used when you created a Microsoft account, enter it here. However, if you don’t know if you have an account, start with your personal email account and follow the steps, Microsoft will tell you on the next page if there was not a Microsoft account associated with that email address. If there is not an account associated with that email address, back up and try a different email address or perhaps a phone number or Skype name. If there is an account associate with that email address, then continue through the steps of verifying your identity and resetting your password.

Okay, I’ve reset my Microsoft account password or I know my password. How do I change it back to where I can use my original password?

Once you have reset your password, log into your computer with the new credentials you have obtained. Click on the Start Button, and then click on Settings or the Settings icon located here…

Settings Icon

Then you will want to click on “Sign in with a local account instead” located on the Your info tab to the left.

Change Login Type

Enter your Microsoft account password first, then you will want to re-enter the credentials how they were before the update. (Your original password)

Original Password

You will then sign out of the Microsoft account. You should notice when trying to sign back in that it has reverted to the original sign in screen (Picture might be different) and you will be able to sign into the computer with your original password again!