Thursday, September 21, 2017

Credit Monitoring or Credit Freeze?

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC



In today's volatile world of digital hacks and data breaches,the chances of having your identity stolen is becoming more and more a certainty than just a possibility.  So how do you protect yourself?

A common way in which criminals can ruin your life is by gaining access to enough personal information about you that they can then apply for credit under your identity.  Your name, address, date of birth, and social security number can be enough information to apply for credit, perform tax refund fraud, medical services fraud, etc...   and this information is quickly finding itself available to criminals on the dark web.




There are a host of companies now that promote credit monitoring services, which may sound like an effective and affordable solution, however, they only detect fraudulent use of your credit file after the fact. A better solution would be to implement a credit freeze.  This helps lock down your credit record and prevents anyone from accessing it without you first "thawing" it.

The United States Public Interest Research Group (USPIRG) published a comprehensive document (PDF) discussing the importance of why you should consider placing a freeze on your credit report before your information is stolen. They also have some good advice regarding the recent Equifax breach and how you can protect yourself in that regard.

As I continue to say, the bad guys are using the Internet against us.  The more we learn about their tactics, the less likely we are to become a statistic.







Saturday, March 4, 2017

WWW Now Stands for the Wild Wild West

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC


For more than a dozen years, Fast Rhino has identified and removed thousands of threats from our client's systems.  It has since become a daily routine due to the alarming growth rate of both the volume and type of infections we are encountering.  We cannot express how important it is to incorporate defensive computing skills during your Internet travels. What we once knew as the "World Wide Web" has quickly morphed into the "Wild Wild West".

The bad guys are rapidly learning how to turn the Internet against us and use it as a tool to attack our computers and mobile devices. Those of us who do not adapt and educate ourselves will quickly become targets and eventually statistics of their online crime.

If you were to attend a defensive driving class, you would learn to follow some basic rules when behind the wheel, such as looking both ways before proceeding through an intersection, keeping a good eye on your blind spots and using your turn signals before turning.  These are just a few of the actions that could help you avoid an unwanted accident out on the road.  Defensive computing also requires you to implement some basic rules designed to help prevent your system from getting infected in this new Wild Wild West.

One of the most common ways we see systems getting infected is via the browser. We all use our web browsers to search for various information over the Internet.  Some of us may feel that since we only visit "mainstream" web sites, we are safe from any sort of threat. This is a compete misconception.  If you believe that you are immune from malicious software simply because you only visit a few select web sites and you have a name brand anti-virus program, you are mistaken.  Times have changed and so has the Internet.

Just like in the real world, if you were to go downtown, there may be dark alleys, red light districts or gambling halls that you might avoid to stay out of harm's way.  We've all been programmed to believe the same is true when traveling over the Internet.  This programming is false.  You can now get "mugged" in broad daylight visiting popular destinations that you thought were safe to visit.  Using defensive computing skills can help you protect yourself even if you decide to stroll down a questionable path.

So what are some elements of defensive computing?  The list is ongoing but here are just a few:

Use a Script Blocker:  If you only do one thing on this list, this is probably the most important. Blocking potentially dangerous scripts is one of the most effective ways to defend against common web-based infections.  When used properly, a script blocker protects your web browser from contracting infections from tainted web sites. This type of attack is growing exponentially because so many people don’t yet know about the dangers of scripting language and how it being used against us.  If you are using a web browser without a script blocker, you are simply asking for trouble.  Learn more about script blocking for Firefox here and for Chrome here.

Avoid Links and Attachments in Email: People tell me on a daily basis that they don’t open or click on associated links/attachments of emails sent by strangers.  That's a good start, but they should seriously question the emails from people they do know, as well.  Infectious email links and attachments commonly spread via circles of association such as through address books. This means the odds weigh more on you getting infected by opening an attachment or clicking on a link within an email that is from someone you know.

Question Everything: Just because something you see online seems legitimate, does not make it so. The Internet is full of scams and compelling imitations designed to take you for a ride.  You are playing it safe by not clicking, downloading, installing, etc.. when prompted by something with which you do not  have 100% confidence.

Keep Your Security Products Up To Date: Having a comprehensive anti-virus program and anti-malware program are good preventatives, however, if they are not updated regularly, they can lose their effectiveness against newly distributed threats.

Never Allow a Stranger Remote Access: Regardless of whether they initiate the conversation or you do, it is unwise to allow anyone with whom you do not have a personal relationship to remotely access your computer. This is by far one of the most common tactics used by criminal organizations to extract money from willing participants.

Use Different Email Addresses for Specific Purposes:  A large number of our clients only have one email address.  This is simply inviting spam over to harass you. We all at one time or another are asked for our email address by someone or some entity who we don't necessarily know or trust.  This process puts our email address at risk of being sold to spammers and increases our exposure to receiving infected emails.  Anyone can create free email accounts today (ie.. Outlook.com, Yahoo.com, Gmail.com, etc…) and use these different accounts for specific reasons.  If you have a personal email address you check daily, you probably don’t want it getting inundated with spam.  So the solution is to only give that email address out to people you trust.  For other scenarios, use a different, free email address. This way if you are purchasing something online or filling out some web form that wants your email address, you can give them a different email address, thereby cutting down on your personal email address' exposure.


In summary, these are just a few defensive computing tips that can help keep you safer while navigating the Wild Wild West.  Stay tuned to our blog for more!