Act 46 Information

Here are some resources that relate to Act 46 and its potential impact on our town:

DUMMERSTON IN THE NEWS

Taking Care of Your Computer

Here's some great advice from CERT - the Computer Emergency Readiness Team, part of the Department of Homeland Security: :

  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. Security companies are continuously updating their software to counter advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of malware, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
  • Avoid clicking links in email - Attackers have become very skilled at making phishing emails look legitimate. Users should ensure the link is legitimate by typing the link into a new browser (see Avoiding Social Engineering and Phishing Attacks for more information).
  • Change your passwords - Your original passwords can be compromised from an infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
  • Keep your operating system and application software up-to-date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
  • Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool. A non-exhaustive list of examples is provided below. (The U.S. Government does not endorse or support any particular product or vendor.)

ESET Online Scanner - https://www.eset.com/us/online-scanner/

F-Secure - https://www.f-secure.com/en/web/home_global/online-scanner

McAfee Stinger - http://www.mcafee.com/us/downloads/free-tools/index.aspx

Microsoft Safety Scanner - https://www.microsoft.com/security/scanner/en-us/default.aspx

Norton Power Eraser - https://norton.com/npe

Trend Micro HouseCall - http://housecall.trendmicro.com/

Microsoft* Won't Call You.

Be aware, and don't fall for the current scam calls that are, once again, making the rounds in our area! The basic premise is this: Somebody from "Microsoft*" calls to let you know that your computer is causing problems with the Internet, and that they're interested (bless their hearts) in helping you get it fixed. To put it simply, that never, ever, EVER happens! It's just a big fishing expedition that would, at the very least, cause you to part with about $300. At worst, you could lose your identity and your computer data.

The ploy starts unfolding when the caller asks you to press "CTRL-R" on your keyboard. Then, once the target starts complying with instructions, it's off to the races. The caller uses a few devices to gain the victim's trust, and slowly ups the ante. Want to hear an actual call? Click right here or right here (two different recordings!) and read, then listen.

Here's a good description by the Federal Trade Commission, along with suggestions of what to do if you've been victimized by these relentless scammers: Tech Support Scams. Good luck - stay vigilant, be VERY wary when someone calls you, and NEVER be afraid to "accidentaly" hang up the phone, with no discussion, drama, or apology.

*Microsoft, or HP, or even "The Technical Support Department of Your Computer." No, really!

Yahoo! E-mail: Time for a change...?

We've recently received suspicious e-mails from each of three local friends - and all three were dangerous! The names and addresses were all just fine, but each of the e-mails contained a link. That's it; just a link.

Additionally, we received another e-mail, supposedly from Yahoo itself, advising that our Yahoo account had been successfully accessed in another country. Then yet another arrived suggesting we add a cell phone number to our Yahoo account. In those cases there were links to follow to "help" with the issues. We could almost hear Clint Eastwood sneering, "Do you feel lucky, punk?!?"

The security problems with Yahoo e-mail have been going on for a VERY long time. They've yet to fix the exposure. In our humble opinion, NOW is a good time to think about changing your Yahoo e-mail account to something more secure, such as Google or Outlook - both of which are very good, secure, and feature-filled.

If you'd like a longer explanation of some of the Yahoo security issues, you can get a more technical description from this recent article.

A Trillion Dollars



A billion. A hundred billion. A trillion dollars. Big numbers! What does a trillion bucks look like, though? Go to this page to start to get an idea of a number that big.

NOT Stranded in London!

We got an e-mail from one of our Dummerston neighbors this morning and were surprised to hear he's stranded in London. Except that he's not.

It turns out that someone was able to take control of his e-mail (Yahoo) account, send out "please help" letters to everyone in his Yahoo address book, and monitor the incoming mail for offers of help from helpful and concerned friends and family. The e-mail looks like this:

Apologies for having to reach out to you like this, I made a trip early this week to London, UK and had my bags stolen from me with my passport and credit cards in it. The embassy is willing to help by letting me fly without my passport, I just have to pay for a ticket and settle Hotel bills. Unfortunately for me, I can't have access to funds without my credit card, I've made contact with my bank but they need more time to come up with a new one. I was thinking of asking you to lend me some quick funds that I can give back as soon as I get in. I really need to be on the next available flight.I can forward you details on how you can get the funds to me. You can reach me via email or May field hotel's desk phone, the numbers are, +447024030610 or +447024030611.
I await your response...
Best,
Dxxxx

As we were reading the e-mail we were horrified at his predicament, but we then noticed that the e-mail was addressed to "Undisclosed Recipients" - not at all the way our friend would do it. We then Googled one of the phone numbers, and that uncovered the nature of the scam. We resisted the urge to e-mail back to our friend to alert him, as it was clear that the scammers were inviting responses back to his e-mail address. So - we called him and he immediately changed his account password.

Unfortunately, a (truly!) helpful friend or two DID e-mail him a warning, which tipped off the scammers that their victim was becoming aware of the problem. By the time that he got into his account, ALL of his contacts AND e-mail were deleted. The scammers knew that our friend was being warned and, as they apparently do, they "went nuclear" on him.

    Some lessons here?
  1. BACK UP your "online-only" (Yahoo, Gmail, Hotmail, etc.) contacts and mail. Look for an "Export" option and save to your own computer.
  2. Not positive about an unsolicited e-mail? DON'T. CLICK. THAT. LINK. Really...
  3. Trust your instincts - no need to be paranoid, but be vigilant.
  4. Google Search is your friend. Use it to implement your "Trust, but verify" policy.