Shortcut - A blog by

Buyer Beware: Online shopping scams and how to avoid them

Think you’re safe from online scammers? Think again. Last year, identity theft affected more than 13 million U.S. consumers.  According to the Insurance Information Institute, identity thieves have stolen a whopping $112 billion from U.S. consumers in the past six years. These days, online criminals are more likely to target you that criminals on the street. Online hackers and scammers want credit card information and scammer activity will spike during the holiday season. Here are a few easy steps to identify and avoid online scams as you scramble for last-minute deals.

Top 3 Identity Theft Scams

Gift-card Scams: A too-good-to-be-true gift-card offer is tough to pass up, especially with tons of people to buy for and shopping on a budget. An email offer that asks you to enter your banking information to claim it is a sure sign it’s fake. Trusted brands and retailers don’t ask for that kind of information. Coupon Scams: Following in the too-good-to-be-true vein, many online scammers use emails and website pop-ups claiming deals to top gifts and tech gadgets at a discounted price. Clicking on the links to these coupons will typically take you to a site asking for personal information. Thieves take the information entered to make purchases in your name, and steal your identity. Other ways to spot a fake coupon:
  • No expiration date
  • It doesn’t take you directly to the retailers’ site
  • The offer is too good- like over 50% off good
Bad Links: Online scammers who try to steal your information often do so via a method known as phishing. They use emails that mimic legit retailers, or with information that looks like it’s from your bank in the attempt to get you to enter personal information. These links can also often install malware onto your computer. Not sure you can spot a fake? This site gives you a few examples.

Ways to spot a fake:

Look for poor grammar and spelling: Oftentimes you can spot a fake email or coupon just by the amount of misspellings and over-the-top guarantees. Plus, if a link takes you to a site with tons of pop-ups, that’s another dead giveaway it’s not a legit offer. Look for safe payment systems: Apple Pay, Android Pay and Amazon Payments are all great examples of ways to safely pay online. Plus, if you are banking online, or doing anything involving a payment on the web, be sure the site has the lock icon in the link followed by http://. This indicates it is secure and that your data is private. Look for secure Wi-Fi networks: Never purchase something over public Wi-Fi. It doesn’t have the same kind of security measures in place that a home connection would, which means it’s much easier for hackers to access your phone or computer and steal personal information. Buying online can be quick and painless as long as you are taking steps to keep your information safe. Installing Anti-Virus software and Anti-Phishing software on your home computer is another great way to fight hackers and scammers. Plus, you can fight back. If you believe you have been a victim on identity theft, immediately report it here.



What is Mirai botnet and how did it smash the Internet?

On October 21, the U.S. saw a massive outage of Internet sites. Hackers launched three waves of attacks that took out the web operations of Internet powerhouses such as Amazon, Pinterest, Netflix and The New York Times. Many people were left wondering how this could’ve this happened. Let’s take a look at who attacked what, how they did it, and what implications this could have for the future of the Web.  

Who was it?

Two hacking collectives claimed responsibility for the attack: New World Hackers and Anonymous. The groups say they carried out the operation in retaliation for Ecuador cutting off Internet access for Julian Assange of WikiLeaks. However, experts aren't confident it actually was those groups. With Mirai, the open-source tool used to launch the attack, it could have been any other hacker or group.  

What broke?

The attack was on Dyn, a Domain Name Service (DNS) provider. You use a DNS provider whenever you point your browser to a URL like Think of DNS as a switchboard operator. The operator gets your request and finds the IP address of a server that holds the website you want. Then it and connects your computer to that server. DNS is important to the web, and the blackout showed us just how much depends on it.  

How did it break?

The hackers used a technique called DDoS, which stands for “distributed denial of service.”. The "distributed" part means that the attack came from multiple computers in different locations. In any Denial of Service attack, the attacker bombards a website's server with lots of network requests. With too many requests, the server gets overloaded. It can't respond to legitimate requests and the website becomes unreachable. In the attack on Dyn, the botnet (collection of hacked computers used for the DDoS attack) comprised Internet-enabled devices such as remote cameras, baby monitors and printers. Mirai was the malware that infected them. Mirai's creator specifically targeted the security weakness of Internet-of-Things (IoT) devices. A hacker shared the Mirai source code with a community of hackers, giving them a powerful open-source weapon. When Mirai infects a device, the device continues to function normally in the household. But in the background, that device searches for and infects other vulnerable devices. These devices form a virtual army that a hacker can use to barrage online targets with traffic. A Computerworld article said an estimated 100,000 devices were involved in the attack, but the total number of infected devices could be half a million. The attack was likely the largest DDoS attack in history.  

Now what?

The Mirai malware is still out there. But while many devices are now infected, not all of them are controlled by the same hacker. In reality, “Mirai botnet” is many botnets that run on the same malware. Security experts have seen smaller DDoS attempts, but it seems competition among hackers to take over devices has fragmented Mirai’s power. It's unlikely that another big outage will happen from the same source any time soon. But the event should spark caution for device manufacturers and consumers alike. The IoT devices in Mirai botnets were vulnerable because they used weak or default passwords. Manufacturers should require strong, unique passwords during device setup. Users should always change the default password when setting up a new Internet-connected device.


Find the Best Deals on the High-Speed Internet


Hack Attacks: Why Me?

“They hacked me!” It’s not just what Steph Curry or Dwyane Wade might yell out during an NBA game. It’s also what you might see from someone you follow on social media. It happens to actors, the common man, even to college football stars right before the NFL draft. Some celebs take a lighthearted approach after the fact:

What’s the point of hacking a social media account? Aren’t there bitcoin to steal, hacker types? Why bust into someone’s Facebook or Twitter to spread spam or distribute drivel? Hackers might also delete contacts or add them in bulk. If you’re lucky, the unwanted posts and activity isn’t profane in nature. This is especially a relief if your mom is in your contacts list. One study says two in three American adults have had a social media account hacked.

Why they do it

1. To force shares

When social-media users see a contact has tagged them in a photo, curiosity kicks in. Is it from the company happy hour or afternoon at the ballpark? Fight in the all-night diner? It’s possible the share isn’t any of those. Rather, it's a site loaded with malware they’ll activate with a single click. It might end when you change your password. It might not if you activated a virus from a rogue app link. These malicious links install apps on your Facebook account to spam your account with – you guessed it – more malware.

How to prevent it

Don’t click on shares that don’t fit a contact you know. Is that your science professor hocking high-dollar sunglasses on Facebook? That’s not likely her - and not at all link you’ll want to click.

2. To mine data

The attack might not come on the account hacked. LinkedIn and MySpace accounts aren’t usually targets. A hacker can commandeer data, too. A user’s birthdate or mother’s maiden name can aid in compromising another account. Worse, the hacker might use data from these accounts to access bank accounts or cloud storage. They could also buy things on Amazon or bid on items on eBay. Their intent might be to steal, or just to embarrass the person they’ve hacked.

How to prevent it

Don’t use the same password on more than one account. It’s easy to recycle an easy-to-remember password. Remember, though, easy-to-remember also becomes easy-to-hack.

3. To force/delete follows

This might be the most stealth attack listed here. Hackers might sneak in to add follows for fake accounts that look like legit ones you follow. Are you down with clicking links from your favorite clothier? One that looks like it won’t likely raise your suspicion. A less malicious but inconvenient agenda might be to disconnect followers. It could be a personal vendetta, or just for kicks. That stinks, especially if a user’s taken a while to cultivate a following.

How to prevent it

Manage your contacts. There’s not much valor in piling up followers if it leaves you vulnerable to such an attack. Vet your contacts list. If you find some you don’t remember following, delete them, and change your password.



Security Concerns in Facebook – and how to Remedy Them

I don’t even know my Facebook password anymore. I’m one of among 1.51 billion Facebook users active each month on the Facebook app. Why log out and log in on a laptop or desktop computer, when you have the app at a swipe’s notice? Facebook, though, as with other social-media sites, has security concerns that everyday users often ignore. Our open-login nature presents a problem if our mobile device falls into the wrong hands. Not only is your Facebook data at risk, but also your banking, home security or email access, depending on what apps you have open and active on your device. Those concerns can be addressed by simply adding a pass code to a device. Beyond that, there are other security concerns Facebook users face every day. Here are two common issues on Facebook that could also impact other social media outlets. With any platform that reveals personal information, it’s important to take precautions, especially on mobile devices, which could fall into the wrong hands.

Facebook’s telling strangers where you are

Know the People You May Know section on your Facebook page? It suggests, sometimes eerily, connecting with people you might have emailed or interacted with on other social media channels. Internet news and commentary site Fusion says Facebook uses mobile location to suggest friends. In some ways, this could be a plus: If you’ve attended a networking event and can’t remember the name of someone you met, they could wind up in your People You May Know suggestions. However, that creepy guy who semi-stalked you in the frozen food section at the market? Not exactly a contact you want to make. As the debate rages on, here’s what you can do.

How to fix it

Unless you don’t mind suggestions possibly being made based on your location, you can turn off the site’s access to your location data. Through Location Settings on your mobile device, opt out of access to location data. Keep in mind you won’t be able to get coupons and other location-based incentives available on other apps.

Cross-site Scripting is a problem

Facebook’s Facial Recognition Technology suggests that friends tag you in pictures. This is great when you want to be part of the share for a concert last weekend or family reunion. It’s not so great when scammers send you messages that ask Why are you tagged in this video? or offer access to a fake new feature, such as the Dislike Button. Once the bait works and you click on the link, you’re encouraged to paste JavaScript code in your browser to remedy the situation. That code can contain malware that puts your personal data at risk, or sends messages in your name to your contacts, connected to – you guessed it – more malicious code.

How to fix it

Take precautions regarding what photos you allow yourself to be tagged in. Be wary of messages that offer access to new Facebook features, or help in removing yourself from tagging. The best way to remove yourself: Change your Privacy Settings in Facebook. The Settings menu can be found in the top right corner of your Facebook page.  Select Timeline and Tagging in the left column. Turn off tagging suggestions. This will remove your contacts’ ability to tag you in photos of people who look like you. Friends will still be able to tag you in photos, though. The very features that make Facebook such a popular social-media site also present opportunities for scammers to strike. With these and other threats, caution is the best remedy. Don’t add friends you don’t really know. Review all posts you’re tagged in, and keep an eye on your timeline for any posts you don’t want there.


Can your car be hacked? (And other concerns)

Unless you’re still driving that old manual transmission from college, chances are you have a lot of high-tech computerized stuff going on in your car. And most of that high tech computerized stuff is in the form of something called electronic control units or ECUs. ECUs are computers in your car that control things like braking, steering and acceleration- so, some pretty important things. While these computerized systems are incredibly convenient and useful, they also have the potential for serious security risks. In a public service announcement released in March by the FBI, they define vehicle hacking as occurring “when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality.” Which brings us to the question that’s probably on everyone’s mind (except for you manual drive guy): Are our cars safe?!

Security experts say yes and no

Security researchers, Charlie Miller and Chris Valasek, have been exploring that question for a number of years. In 2013, they started working together on the issue of vehicle security. They were able to take over a Ford Explorer and Toyota Prius and control steering, slam on the brakes, and disable the brakes. Since then, they have released car hacking software and a guide to electronically attacking automobiles that they hope will help those in the auto industry test the security of cars and trucks they are manufacturing. They moved on to bigger and better things, such as the great Jeep Cherokee takeover of 2015. A Wired reporter willingly got behind the wheel of a Jeep and let Miller and Valasek demonstrate a hack through the vehicle’s UConnect entertainment system. They took over the car’s speed, air conditioning, radio, brakes and more, with the reporter ending up in a ditch on the side of the road. After the article was released, highlighting potential dangerous security threats, Fiat Chrysler recalled 1.4 million vehicles. It also issued customers with cars susceptible to wireless hacking a USB device to upgrade their vehicle software’s security features.

SPY Car Act

The government is starting to pay attention to car security as well. United States Senators Edward Markey and Richard Blumenthal are pushing for the enactment of the SPY Car Act. The act, which stands for Security and Privacy in Your car, means the National Highway Traffic Safety Administration (NHTSA), along with the Federal Trade Commission (FTC), would have to create standards for car manufacturers, ensuring they prevent vehicle control systems from being hacked.


Not everyone is a believer in car hacking, though. In an article in the Scientific American, one reporter writes; “Here's the simple truth. No hacker has ever taken remote control of a stranger's car. Not once. It's extraordinarily difficult to do. It takes teams working full-time to find a way to do it.” Basically, what he means is, any car hacking that has occurred has been in a controlled environment, led by researchers working on the project for years. So, there’s no need to freak out quite yet. People like Miller and Valasek are fulfilling an important role in giving us to tools to make cars safer as their technology evolves. Being concerned about cybersecurity in vehicles and holding car manufacturers accountable for the safety of their vehicles ensures that in the future we won’t end up in a ditch after our power steering is hacked on the highway.  



Internet Safety Quiz

How’s Your Internet Safety Score? Take Our Quiz

It takes just a click. One click on a link to something unsavory can compromise your computer. It might come as an attachment, or a pop-up, or URL in an instant-message conversation. A malicious link can unleash malware on your computer. It can slow performance to a crawl and put personal data at risk. It’s a pain at home – so you can imagine how much worse it could be at work. A Top10Reviews infographic estimates malware infects 32% of computers worldwide. Hackers early in 2016 infiltrated the Federal Reserve Bank of New York with malware. Before the bank could react, the intruders stole $81 million. Authorities blocked transactions for another $850 million. This brazen bank heist represents the heavy hitters of cybercrime. Plenty happens on a smaller scale, too. Software maker Panda says it detected and neutralized 84 million malware attacks in 2015. That’s a jump of nine million from 2014. That works out to 230,000 malware samples daily. Anyone who taps on a tablet, searches on a smartphone or leaves it all on a laptop for the boss represents the front line of defense against cybercriminals. What you do – and don’t do – when exposed to invasion attempts to your company’s servers. Take this quiz to uncover how you’re doing for your employer in the battle against cybercrime.
  1. 1. When a box pops up for me to update software on my work computer, I:
  1. 1) Close it – ain’t nobody got time for that
  2. 2) Update it – I’m a disciplined soldier
  3. 3) Ask IT – it looks legit, but I should check

  1. 2. When a link comes by email from a co-worker, I:
  1. 1) Click it – hey, I know that guy!
  2. 2) Pause – stand up and ask the sender over a cubicle or two if they just sent you something
  3. 3) Hover over it – holding a mouse over a link without a click will reveal the link destination

  1. 3. It’s time to create a different password for my computer. I:
  1. 1) Simplify it – my address and ‘password’ will suffice
  2. 2) Mix it up – I’ll change skywalker32 to skywalker33
  3. 3) Strengthen it – my password includes at least eight characters. I've used uppercase, lowercase, numbers and symbols

  1. 4. An email comes through with tons of exclamation points and misspellings. I:
  1. 1) Click it – this looks important!
  2. 2) Open it – but use caution before giving my social security number
  3. 3) Trash it – correspondence from my bank wouldn’t look so sloppy and unprofessional

  1. 5. I’m working at a coffee shop on my laptop. When I connect, I:
  1. 1) Surf it – this Internet has to be secure. They sell scones here!
  2. 2) Check it – I’ll be sure it’s the coffee shop’s wireless account
  3. 3) Encrypt it – Data on my laptop or USB drive is too valuable to my company to leave to chance

How did you fare?

1-5 | Malware Rookie Cyber criminals count on rookies. Trust less and check more when it comes to work accounts and devices. Your IT department can provide simple guidelines for safer surfing. 6-10 | Virtual Virus Victim Simple attacks don’t get past you. Attacks, though, become more complex every day. Trust your instincts on questionable links, and raise your diligence up a notch or three. 11-15 | Trojan Tenderfoot It’s an improvement, but still, too much leeway. “It’s probably safe,” doesn’t cut it. Your instinct warns you of danger; trust it. 16-20 | Phishing Phenom (In The Making) Especially 19+ here, you’re doing it right. A perfect 20 means cybercriminals will have a tough time cracking this smart cookie. Spread the word and keep on keeping on.



What Antivirus To Buy In 2014

Antivirus software is important because it protects your computer system from malicious activity and harmful threats. Several companies provide antivirus software and you should base your decision on which characteristics are most important to you.

What to look for when shopping for antivirus software

Antivirus software packages vary in terms of what they are capable of doing to protect your computer. Some of these characteristics include:

  • Protection capabilities: whether or not they protect against phishing, spyware, worms, etc. or if they use firewall technology
  • Update time line: how quickly your software will notify you when your computer is in danger or the software prevented a threat
  • Security coverage: antivirus software can protect your devices in up to three main areas – your home, workplace, or on your mobile devices


Another important element to pay attention to while shopping for your antivirus software is the price. When buying from companies that specialize in antivirus software, most packages range between $20 to $80 depending on their capabilities and available discounts.

Some Internet providers or device manufacturers include antivirus technology in your services. If this is the case, ask what protection is included in your plan. If you are worried about the safety of your computer, you can add on the protection from external antivirus plans.

Specific providers

There are many different antivirus providers to choose from. You can easily do some research to find the best for you. Among the frontrunners are usually McAfee, Norton, BullGuard and Trend Micro.

If you are a Windows or Mac user, look into the services available to you through your provider as well. These options can be cheaper and possibly already included on your devices.

How to shop

Make a list of which antivirus features are most important to you so you know what to look for in a possible provider. Determine the price point you would like to limit your search to. Use your favorite search engine to look up different possibilities.

You can also find some antivirus software in local electronic stores. Most stores that sell computers and tablets will also have a limited selection of antivirus software. Ask store representatives for their advice given your needs.

Most antivirus software comes in a box with all the equipment and instructions you might need for set up. You can set it up yourself or call in a professional to help you with activation.


How to Get the Best Online Security

You keep a lot of information online, and you invest a lot in your Internet-connected devices. That’s why it’s important to stay protected.

There are a lot of options for computer security. Which one is the best? That depends on your needs and your budget. But it’s safe to say that the best computer security isn’t just one product — it’s a combination of software programs, personal precautions and good online habits.

Get the best computer security when you combine anti-virus programs, strong passwords and smart online practices. No matter what you do online, you can do it more safely when you practice these tips:

Install anti-virus software

Installing anti-virus software is one of the easiest and most effective things you can do to get the best computer security. And it’s one of the most important elements of online protection.

Anti-virus software programs do most of the work, so you don’t have to. They scan for vulnerabilities in your system, detect threats from viruses or malware, and prevent those threats from damaging your computer or accessing your information.

The one thing you do have to do? Regularly update your anti-virus software. The best online security options change frequently to stay ahead of online threats. Pay attention to automatic updates, and check your antivirus provider’s website for major changes.

Password-protect your accounts

Another important practice for the best computer security? Passwords. Creating a password only takes a few seconds, and it could save you from tons of potential online threats.

Think of all the information you keep online: Credit and debit card numbers. Addresses. Email contacts. Even your Social Security number. That’s information that could be dangerous in the wrong hands. To keep yourself and your identity safe, protect your accounts and devices with strong passwords.

Passwords should be easy for you to remember, but hard for anyone else to guess. Use a unique password for each account. Combine uppercase and lowercase letters, numbers and symbols. And don’t forget to change your passwords regularly.

Practice safe online habits

To protect yourself, your information and your devices in the long term, adopt safe online habits. Follow these tips for the best online security:

  • Don’t share personal information online
  • Never share your passwords
  • Utilize security and privacy settings on social media and email accounts
  • Never open emails or click on links that seem suspicious
  • Save online shopping, banking and other sensitive activities for secure networks
  • Make sure you only enter personal information on secure sites


The Ultimate Guide To Securing Your Wireless Home Network

You’re hooked up to Wi-Fi. Congratulations! Now, from anywhere in your home, you can access your home Internet network. You can connect web-enabled devices such as laptops, tablets and smartphones. A wireless network can support gaming consoles, too. Is Wi-Fi safe, though? What about personal data shared when you bank, shop and browse online? What if unauthorized users gain access to your network? At least, your network could slow with unknown users on your signal. At most, hackers could steal your credit card information and social security number. Here’s the ultimate guide to securing your home security network. The steps might feel daunting; you’ll deal with them only once, though. The process will leave your Wi-Fi safer.

Is Wi-Fi secure?

Yes, with precautions. First, let’s find your gateway IP address. It’s best to customize configurations on your router. Out of the box, a router uses default gateway IP addresses and passwords. Leaving them this way makes it easier for hackers to access your network.
  • Select start
  • Click Run
  • Type cmd
  • Select enter
This will open a Command Prompt window. In that window … Enter ipconfig/all Write down or copy the eight-digit number on the gateway line
  • Open your browser of choice
  • Enter your gateway in the address bar
Note: These work for Windows.

What Wi-Fi security should I use?

Once you’ve found your gateway IP address, you’ll enable encryption on your access point. Access points refer to hardware, such as a router, that broadcast an Internet signal. Encryption converts electronic data, such as that sent through the Internet, into ciphertext. Hackers will have a tough time breaking encrypted data, especially at 128 bits. Tips for encryption: DON’T rely on WEP encryption. Hackers can compromise it easily. INSTEAD, opt for at least WPA encryption. It beats WEP for encryption, and a strong password can cover for its vulnerabilities. DON’T buy access points or wireless cards that don’t support WPA2. Newly manufactured access points support WPA2, the highest form of encryption. INSTEAD, create a network password of at least 10 alphanumeric characters. Without a difficult password, a WPA2 network becomes vulnerable. DON’T configure your own authentication server. For home computing, a commercial virtual RADIUS server with suffice. INSTEAD, consider a RADIUS server with WPA-Enterprise mode. It creates a unique temporary session encryption key.

Is wireless Internet safe?

If you protect access, you can feel confident your data won’t become compromised. We mentioned a router access password already. Connecting without setting one leaves your network vulnerable. It could be susceptible to unauthorized access or a complete takeover.

Common questions when it comes to a strong network password

Q: Shouldn’t my password be simple to remember? A: No. Opt for the maximum allowed characters, in random sequence. You’ll enter it just once. Q: Aren't WPA and WPA2 the toughest encryption available? Is wireless Internet safe for sensitive data, even without a complex password? A: No. Hackers run precomputed tables and dictionary attacks to decipher simple passwords. It isn’t hard to crack those with common words and names or sequential numbers. Q: How can I come up with my own complex password? A: Try an online random number generator. Or, create a sentence and incorporate the first letters (and a number) to create a password. For example, “Our family has lived in six states!” can translate to Ofhli6s! for a complex yet familiar password. Q: What if I set a password – and forget it? A: Check your user manual. You can execute a hardware reset to factory defaults.

I’ve done it all! Is Wi-Fi secure in my house now?

You’re safer than before. Your wireless network isn’t likely to become compromised. It’s crucial to proceed with caution when dealing with personal data online, though.