Category: How To

How to Stay Safe on Public WI-FI

The first piece of advice is to avoid public Wi-Fi completely.

A public Wi-Fi network is inherently less secure than your home or office Wi-Fi because it is publicly available.

If you do need to use public Wi-Fi then pick one which needs a password and do not carry out any financial activity or buy anything or access your email or do anything else needing passwords.

If you want to be secure when using public Wi-Fi you will need a VPN (Virtual Private Network) installed on your devices.  These encrypt all communications between your devices and their target websites etc.

They also let you browse websites without anyone being able to track your location and activities.

Alternatively you can take your own Wi-Fi with you by using your mobile phone to create a Wi-Fi hotspot for your devices.

Points to Remember

  1. Leave Wi-Fi turned off until you need it.

When you’re finished working online, turn it off again.

  1. Turn Off File Sharing

If you have file sharing of any kind enabled then turn it off while on public Wi-Fi as it could be copying your confidential information to the Internet unencrypted.

  1. Keep Your Antivirus and Antimalware Up to Date

You must have anti-virus and ant-malware installed and make sure to keep them up to date or their effectiveness will diminish.

  1. Use https Websites where Possible

Https access is safer than http access so stick to those websites that have https versions where possible.

  1. Don’t Leave Your Devices Unattended in Public

You don’t want some accessing your laptop, smart phone or other device. Even if they don’t steal it, they may access your information or install a malicious APP

Stay Safe.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Check Who’s Using Your Wi-Fi

If your connection to your home Wi-Fi always seems sluggish – maybe someone is accessing it who shouldn’t be.

If you unplug the router for a few minutes, that will remove anyone connected to it, but only until you reconnect the router then your devices and possibly someone else can connect again.

If you think someone has access to your Wi-Fi who shouldn’t have, and knows the passcode then you need to change the passcode.

If there is still reason to suspect someone is accessing your WI-FI without your permission, then there are steps  you can take to identify the culprit.

Check the Router Access List

You will need to login to your router. The instructions when you got the router will tell you how to do this and it may also say on the back of the device. These instructions differ for each router.

You will need to know its IP address (plus login and password) and then you can access from any computer browser.

The router will show you a list of devices currently attached to it and usually enough information for you to recognise who the devices belong to.

You will see something similar to this

Wired Devices      
MAC Address IP Address Device Name Time Connected
54:21:XX:XX:XX:XX 195.179.0.2 Erica’s PC 2 days 4 hours 31 minutes
Wireless Devices      
54:21:XX:XX:XX:XX 190.161.0.9 Chromecast 45 minutes
54:21:XX:XX:XX:XX 190.161.0.8 Android Phone 140927271 1 day 12 minutes
54:21:XX:XX:XX:XX 190.161.0.7 iPAD 35 minutes

The device name will hopefully tell you enough to identify the owner of the device but if you have several Android phones in the house, for example, then it may not be enough.

What to do if you find an unauthorized device

If you have set the router to encrypt the data then make that change and try again.

If you still seem to have an interloper then that person must have hacking skills and you woiuld need to invest time and money in a network monitoring or employ an expert to trace the interloper for you.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Advert Blockers

Adverts are useful in that they fund services that we wouldn’t necessarily want to pay directly for but still benefit from.

e.g. Freeview TV, commercial radio, Channel 4 TV, free newspapers etc.

A typical newspaper, partially funded by advertising, would need to increase its cover price by 100% – 200% if advertising was stopped.

But, there are huge amounts of advertising that most of us wish didn’t exist.

In print, you can ignore the ads, on TV you can go make a cup of tea during the ad breaks or record the programmes and fast forward through the ads etc.

However, in some situations adverts are intrusive and cannot be so easily ignored.

There are many websites with adverts that don’t get in the way – so that’s fine, but there increasing numbers of websites where the ads are flashing, moving, popping up in the middle of the screen and sometimes so bad we can’t see the actual content we went to the page for in the first place.

Advert Blockers can make your life easier by blocking most of these adverts.

The most popular browsers have some features for blocking intrusive ads.

e.g. Google Chrome (settings – content settings) blocks pop-ups and ads from sites classified as intrusive.

Opera has a built-in ad-blocker.

Blocking adverts also blocks many tracking cookies, which protects your privacy as well.

The Most Popular Ad Blockers

Ghostery

Ghostery has been around for years and is available for Chrome, Firefox, Opera, Edge and Internet Explorer plus Android and iOS.

Firefox Focus

You can install any one of the many ad-blocking extensions on the desktop version of Firefox, but Mozilla has created a dedicated mobile browser for Android and iOS called Focus.

This is focused on privacy which means that, by default, it works like the private browsing mode on other browsers.

AdBlock

AdBlock is free, but it does ask for a donation on installation.

It blocks all ads on the web, including on Facebook, YouTube and other social sites.

You can also allow what AdBlock calls Acceptable Ads – similar to those ‘non-intrusive’ ads in AdBlock Plus.

There are lots of Ad Blockers on the market. See which one best suits your needs.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Paypal Two Step Verification

Logins and passwords are normal practice to let a valid user identify themselves.

But there are times where this is not a strong enough security and two-factor security adds another layer, thereby making it much more difficult for anyone else to access your account.

Two factor security means that in addition to the password, another security code of some form is needed. In the case of PayPal, that second code is a pin number sent to your mobile phone.

For anyone to access your PayPal account they would need both your password and your mobile phone.

Two factor security is available on many online services and banks e.g. Facebook. Google, Apple etc. We’re using PayPal as an example.

How to Setup 2 Factor Security in PayPal

PayPal call this Security Key.

  1. Log into your PayPal account.
  2. If your mobile phone number has already been verified by PayPal then that step is complete, otherwise you will need to key in your mobile number and verify it for PayPal. This is done through the Account page off the Profile and Settings menu
  3. To activate PayPal Security Key go to Profile – Profile and Settings – Account Settings – Security and you can start the process.

Once completed, you will always need that phone when you want to access PayPal but you will be more secure.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

What If Your Business Has a Data Breach

If your business suffers a data breach i.e. hackers access your system and steal confidential information then you have a lot to do to deal with the breach, communicate with all affected parties and put in place better security to prevent another breach.

How well you deal with the breach often affects the total cost and the level of damage to your business reputation.

These four steps can help:-

1. Investigate the Breach

  1. How did it happen?
  2. What was stolen?
  3. Can the hackers regain entry to your systems?

You’ll need to know exactly what information was lost in the data breach.

Less sensitive information includes  name, address. phone number etc. This can be used by scammers and cold callers but that information is readily available for most people through the phone directory, social media and  the Electoral register.

More sensitive information includes date of birth, name, financial details, payment card details.  Combined with the less sensitive information this can be used for identity fraud.

If the stolen data includes names with login and passwords then you need to act fast to warn people to change their passwords.

2. Determine the Possible Damage

Once you know what data has been stolen, you need to understand how this can affect people i.e how this data can be used by criminals. Will they likely sell the information to a competitor or to other scammers or ransom it back to you?

3. Communicate with All Interested Parties

You need to inform all affected parties ASAP.  This may be customers, partners, staff, suppliers etc. If the breach is serious then you should inform the Information Commissioners Office.  If relevant inform the Police.

4. Increase Your Security

Unless you have security experts, you may need to hire experts to assess your systems and see how security can be improved. Start enacting those improvements straightaway and of course close off whatever method the hackers used to get into your systems.

A data breach can be very serious and must be dealt with quickly and efficiently to minimise damage to your reputation.

 Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Maintain Online Privacy

One of the wonderful things about the Internet is the capacity to share information quickly and with a lot of people.

Conversely, one of the big problems with the Internet is people with malicious internet obtaining your confidential information.  Everyone from the ‘Big Brother’ of Facebook, Google and others watching everything we do to scammers trying to steal from us.

Here are some actions you can consider to protect your online security

  1. Have up to date anti-virus and anti-malware on all of your computer devices
  2. Don’t give out information that you don’t want scammers to have, unless you are sure of the person or website you are giving it to.
  3. Be careful – if something looks too good to be true then it’s likely to be a scam
  4. Never click on a link or open an attachment unless you are sure it is safe
  5. Avoid public WI-FI if you intend to access online banking or anything else that needs to be secure.

Website Browsing

There are a number of things you can do to make your website browsing more private and safer.

  • Use the privacy/incognito mode
  • Block web activity trackers
  • Block your ads
  • Use encrypted messengers
  • Get a VPN
  • Avoid non-https:// websites for input of confidential information
  • Clear your cookies regularly
  • Use secure/encrypted email providers

The  guide at https://thebestvpn.com/online-privacy-guide/ contains a lot more information on what you can do to maintain your online privacy.

Fightback Ninja Signature

Legal Steps to Recover Your Stolen Money

This is a series of steps for attempting to recover money stolen by fraudsters. It has been created by Barrister  Gideon Roseman following his skirmish with fraudsters. You can read about that at fightback.ninja/amateur-detective-recovers-stolen-money/

  1. Immediately phone your bank and ask to speak with the fraud team

Explain what has happened and demand they immediately contact the fraudster’s bank, i.e.  the bank you transferred your money to.

  1. Immediately contact a solicitor or barrister who can accept instructions directly from members of the public (or alternatively you can attempt to do this yourself). Ask them to immediately make an application to freeze the fraudster’s bank account and any other bank account that the fraudster has with their bank. The application should include a request for an order that the fraudster’s bank provides the following information:
  • all contact details (mobile phone, home phone, email address, residential address etc.) for all signatories to the fraudster’s bank account and any other bank account held in the fraudster’s name or any other signatory to this bank account that is held at the bank
  • all bank statements for the fraudster’s bank account and any other bank account to which the fraudster or any other signatory has with the bank in question for a period of 6 months; and
  • the current balance of all bank accounts with the bank that is in the fraudster’s or any other signatory’s name.
  1. Once you get hold of the court order, this will need to be immediately emailed to the fraudster’s banks’ ‘court orders’ team who can process it. You can ask your bank for this email address.
  2. As soon as you receive the information from the fraudster’s bank, consider the following points:

(i) has your money been transferred or paid to any recognisable company you can contact, such as a known retailer

(ii) if you can identify a company that has received your money, you can then contact this company, explain what has happened and request they either cancel the transaction made by the fraudster or request them to hold onto the money they have received and

(iii) has the money been transferred to other bank accounts.

  1. If your money has been transferred out of the fraudster’s bank account and into another bank account, you have the option of returning to court and making an application for the information set out above and repeating the process set out above.
  2. When you have received the fraudster’s bank account statements, try to work out the dates and times of the transfers out of their accounts. Your bank will be under a duty to contact the fraudster’s bankers, who will then freeze the fraudster’s account.

If your bank has failed to act within a reasonable period of time after you have notified them of the fraud, which has enabled the fraudster to transfer your money without a trace, it is likely that your bank will have breached their duty and will have to compensate you.

Good luck.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

How to Make Your Website Trusted

The first steps in having your website trusted are the obvious ones – make sure there is nothing that would concern people e.g. selling items of dubious or inconsistent quality, excessive advertising, advertising of business such as gambling, over promising on products or services then being unable to meet those promises, poor customer service, excessive profit margins, inaccurate advertising, poor quality website etc.

Once you have eliminated anything that could put people off then you’re left with two basic things – building a good reputation and hoping for great online reviews by your customers.

These both need a lot of time and effort to happen. Good reputations don’t happen overnight and people will only add great reviews when your sales process, quality of products and services, customer service etc. are top notch.

There is another way to increase trust and that is to become accredited by the various relevant bodies for whatever industry you are in and also to be accredited or registered with the various bodies that review websites.

Recent research shows that most customers don’t understand security on the Internet but they do trust various organisations and hence trust their judgements on trustworthy websites.

To the question “Which badge gives you the best sense of trust when paying online” the results show

  • Norton 36%
  • MacAfee 23%
  • Truste
  • BBB

Other badges did also register but these four were the most recognised and trusted by far.

What do you have to do to get Norton accreditation for example?

You buy a Symantec SSL certificate and implement that on your website.

The other companies listed above are Trust based rather than simply SSL recognition.

As well as the trusted badges, in assessing a website, consumers report that they look for qualities including

  • up to date information
  • fresh content
  • easy ways to contact the business
  • honesty about any problems
  • negative comments as well as positive ones
  • where appropriate – pictures of the management.

Make your website trusted for genuine reasons – don’t shortcut.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

How to Report a Bad Website

It can be very simple and quick for people to create websites – good websites and bad websites.

What can you do if you encounter a bad website?

Bad in this case doesn’t mean something you don’t like but a website that is a scam or misleading or steals your personal information or is a copy of someone else’s website etc.

You can report the bad website to the search engines, blacklists, review sites and the Authorities.

Search Engines

Google, Bing and the other search engines want to know about bad websites so they can direct traffic away from them and where relevant will report the sites to the Police or other Authority.

Report to Google https://safebrowsing.google.com/safebrowsing/report_badware/?hl=en

Instructions for Bing  https://support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site

To report a site Internet Explorer: If you are running IE and are still on the site in question, then  click on the Safety icon, which is on the toolbar go to “SmartScreen Filter” and select “Report unsafe website”.

Blacklists

Many organisations maintain lists of ‘bad’ websites called blacklists. This is to enable services such as Web of Trust, Trustwave, Brightcloud, numerous anti virus and anti malware companies such as McAfee, Sophos and many others to block access to those sites.

When you navigate to a blacklisted  listed website, your anti-virus or other software will warn you and stop the browser opening that site.  Which such software protection you choose is up to you but they all try to offer a good service.

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. It maintains a blacklist used by software services. PhishTank allows developers to integrate anti-phishing data into their applications at no charge. https://www.phishtank.com/

Review Sites

There are various review websites that allow you to enter information, reviews, comments on websites and businesses – to help others make informed choices.

Which one you pick to report a bad website to depends on the nature of the website

e.g. for travel reviews – Trip Advisor

Some of the largest of these review sites are Consumer Report, Four Square, Better Business Bureau, Angie’s List and there are lots more.

The Authorities

You can report websites to Action Fraud if there is evidence of criminal activity.

You can report online scams and rip-offs to Trading Standards via the Citizen’s Advice Consumer Helpline on: 03454 04 05 06

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

How to Maintain Privacy on Facebook

Social media is designed for you to share but you should take care to set the privacy levels so you know who can see your information and postings.

Basic Privacy Settings

In Facebook on a PC, click on the top right menu item and select Settings then Privacy and you should see as below.

You choose who can see your postings, profile etc. The choices are Public, Friends, Specific Friends or Only Me.

Set “Who Can Contact Me”. The choices are Everyone or just Friends and Friends of Friends

Set “Who Can Lookup Me Up” and whether you want search engines outside of Facebook to find your profile.

That’s all quite straightforward. Basically you decide if you want the world to see what you put on Facebook or restrict it to friends.

The Audience Selector Tool

When creating a new post on your timeline, there is a drop down box which allows you to determine the audience for the post. You can choose Public , Friends, Friends Except (you pick which friends to exclude), Specific Friends (you pick which Friends to include) or Only Me.

You’ll find an audience selector tool most places you share status updates, photos and other things you post. Click the tool and select who you want to share something with.

The selector tool remembers the audience you shared with the last time you posted something and uses the same audience when you share again unless you change it.

Profile

To set or modify your profile information, click the ‘Update Info button on bottom right of your header photo. You can then set a new header photo, profile photo, location, family and relationships, schools, professional skills etc.

Everyone can see this public information, which includes your name, profile picture, cover photo, gender, username, user ID, and networks.

To see what your profile looks like to other people, use the View As tool.

Timeline

Only you and your friends can post to your Timeline. When you make a post you can set the audience. When other people post on your Timeline, you can control who sees it by choosing the audience of the Who can see what others post on your Timeline setting.

As you edit your info, you can control who sees what by using the audience selector.

Privacy Check

Facebook lets you make a quick health check on privacy settings. Click on the question mark (or maybe a padlock symbol) on top right and select Privacy Check.

1) Posts – As explained below, this will explain how to control your privacy settings for every post.

2) Apps – Who sees your activity within APPS from outside suppliers

3) Profile – How much personal information is to be shown

Use Facebook wisely and don’t give any information to people without considering the possible consequences first.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.