I was interviewed last week Monday Aug. 28th, 2023 by Green Bay TV station WLUK-TV FOX 11 for a story Hospital Sisters Health System (HSHS) and Prevea Health Systems was calling at the time a system outage. Late Friday afternoon, the CEOs of HSHS and Prevea released a joint video confirming that it was caused by a cyber security incident. In the video, they stated that their priority was patient care, but they did not say whether patient (or employee) data was impacted by the cyber-attack.
I was interviewed again on Tuesday Sept. 5th, 2023 where I recommend that all past and current patients, as well as all past and current employees take proactive action and freeze their credit with the three credit reporting agencies Transunion, Equifax and Experian. They should also consider using a credit monitoring service, and monitor all healthcare invoices and explanation of benefits for fraudulent activity.
Other organizations have offered to pay for one year of credit monitoring services when their customers personally identifiable information (PII) was compromised. This is not an acceptable solution as the criminals have your PII such as your social security number, which does not expire, and they will wait sometimes months before using it for identity theft purposes.
#HSHS #Prevea #CyberSecurity #CyberSecurityIncident #CreditMonitoring #CreditFreeze
https://fox11online.com/news/local/prevea-health-and-hshs-making-progress-after-cybersecurity-incident-operations-gradually-resuming-amid-ongoing-investigation-ashok-rai-damon-boatwright-aimee-brian-stehsel-curt-esser-esser-consulting#
Category: Cyber Security
Protecting Yourself from Tech-Related Email Scams: Common Scams and How to Avoid Them
I asked ChatGPT to write an article on common tech related emails scams and how to not fall victim to them. ChatGPT is a natural language processing tool driven by Artificial Intelligence (AI) technology that allows you to have human-like conversations and much more with the chatbot.
In today’s digital age, email scams have become increasingly common, especially those that are tech-related. These scams often come in the form of emails that appear to be from legitimate tech companies, such as Apple, Microsoft, or Google, and they often ask for personal or financial information. To avoid falling victim to these scams, it’s important to be aware of the most common types of tech-related email scams and to know how to identify and avoid them.
1) Tech Support Scams
Tech support scams are one of the most common types of tech-related email scams. These scams typically involve an email that appears to be from a well-known tech company, such as Microsoft or Apple, claiming that there is an issue with your device or account. The email will often ask you to call a phone number or click on a link to receive tech support.
To avoid falling victim to a tech support scam, it’s important to remember that legitimate tech companies will never contact you out of the blue to provide support. If you receive an email claiming to be from a tech company, don’t click on any links or call any phone numbers provided in the email. Instead, go directly to the company’s official website to find support options.
2) Malware Scams
Malware scams are emails that contain malicious software, such as viruses or spyware, that can infect your device when you click on a link or download an attachment. These emails may appear to be from a legitimate source, such as a friend or a well-known company, but they are actually designed to trick you into downloading and installing malware.
To avoid falling victim to a malware scam, be wary of any email that asks you to download an attachment or click on a link. If you’re unsure whether an email is legitimate, don’t click on anything in the email. Instead, contact the sender directly to verify the legitimacy of the email.
3) Phishing Scams
Phishing scams are emails that appear to be from a well-known company, such as a bank or an online retailer, and they ask you to provide personal or financial information. These emails may look legitimate, but they are actually designed to trick you into providing your information so that scammers can use it for fraudulent purposes.
To avoid falling victim to a phishing scam, be wary of any email that asks you to provide personal or financial information. Legitimate companies will never ask you to provide this information via email. If you receive an email that appears to be from a legitimate company, go directly to the company’s website to verify the request.
4) Online Shopping Scams
Online shopping scams are emails that offer great deals on products or services, often with the promise of free shipping or other incentives. These emails may look legitimate, but they are actually designed to trick you into providing your credit card information so that scammers can use it for fraudulent purposes.
To avoid falling victim to an online shopping scam, be wary of any email that offers deals that seem too good to be true. Legitimate online retailers will never ask you to provide your credit card information via email. If you’re unsure whether an email is legitimate, go directly to the retailer’s website to verify the offer.
In conclusion, tech-related email scams are becoming increasingly common, and it’s important to be aware of the most common types of scams and to know how to identify and avoid them. Remember to always be cautious when opening emails, especially those that ask for personal or financial information. If you’re ever unsure whether an email is legitimate, it’s always better to err on the side of caution and contact the company or individual directly to verify the request.
Use MFA to frustrate hackers
Multi-factor authentication (MFA) aka two factor authentication (2FA)
Did you know that over 99% of account hacks could have been prevented by using multi-factor authentication (MFA)? Using MFA makes it significantly harder for criminals to access your online accounts. It is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. Unfortunately, many people are not familiar with MFA.
Here’s how it works. When you log into your account, the first step is entering your username or email address, along with your password or passphrase. With MFA activated, the second step is to provide an extra way of proving that you are you, like entering a PIN code or a code that has been texted or emailed to your mobile device or authenticator app. Since hackers almost never have access to your mobile device or authentication method, it can prevent them from gaining access to your account.
Many platforms, such as Meta Facebook, Google, Twitter, and LinkedIn offer MFA to help users protect access to their accounts. It prevents a cybercriminal from signing in to your account with just your password. It is a minor inconvenience when logging into your account, as it requires an extra step, but multi-factor authentication greatly increases the security of your account.
One word of advice. Pay attention to email or text messages asking if you are trying to sign into your account when you are not. Hackers like to target their victims and catch them off guard, often at night. If you receive a series of prompts on your phone asking if it was you signing into a device that is not recognized, and it was not you, do not click on “yes” to stop the prompts. Hackers are hoping to wear you down. Clicking “yes” might stop the prompts but it also gives the hackers the “keys to the kingdom” so to speak, allowing them to lock you out of your own account. You should also change your password for the account ASAP. Also, if you reused that password, make sure to change it for every other account that uses it (this is why every password should be unique).
Contact Esser Consulting, LLC for help with setting up and using multi-factor authentication.
Scammer has my password, now what?
Imagine receiving an email from your own email address, telling you that you have been hacked, and to prove it, the sender includes your password in the email? They also say that they have been watching you through your webcam, and tracking your online web-surfing. Having thoroughly scared you, the scammer then threatens to release evidence of you visiting adult websites unless you pay a ransom, usually in Bitcoin. This happened to a customer of mine recently.
Variations of this scam have been around for several years. Chances are that you were not hacked. Rather, your email address and password information are included in one or more of the thousands of data breaches that have occurred, and your information is being sold on the dark web. Billions of accounts have been compromised in data breaches, so the odds are pretty good that your data is included. To make it more convincing, the scammer then spoofed your email address.
So, what should you do? First, do not pay or contact the scammer. Next, run several virus and malware scans on all of your devices to check for known viruses and malware. Then, and possibly most importantly, change all of your passwords so that you have unique passwords on all of your accounts. But how do you remember all of those different passwords? I recommend using a password manager program.
A password manager can help you create and store more complicated passwords. There are numerous password manager programs available. Most have you remember one password, then keep the others locked away in a password “vault”. Some keep the password “vault” file on your device locally, others are cloud based which allows them to be used on multiple devices.
I also recommend that you visit have i been pwned to see if your email addresses have been involved in any breaches. You can sign up to be notified of any future breaches involving your email address.
#BeCyberSmart #CybersecurityAwarenessMonth #PasswordManager #UseUniquePasswords #EmailScam #haveibeenpwned
Email and Other Tech Support Scams
Beware of fake invoices and other tech support scams
Tech support scams have been growing in popularity over the past few months. Beware of unsolicited phone calls, emails, or pop-up messages. Please note that major tech companies like Microsoft, Apple, Amazon, Google, etc… will not call you. These scams involve more than attempting to steal a couple hundred dollars from you.
Scammers attempt to catch their potential victims off guard. They will trick or “social engineer” them into allowing them to remotely access their computer, log into their bank account, fake that they “accidentally” gave their prey an over refund amount, and guilt them into buying gift cards and reading the numbers to them (or they’ll be fired). Some will encrypt or steal their victim’s files, passwords, etc…, or leave behind remote access trojans (rats). Others will add a Windows password and lock them out of their PCs, and if they are really mean, delete their files, emails, and contacts in their address book.
Is it a legitimate or fake email?
Most of these scams are coming via email. Many will look like a legitimate invoice, with the impersonated company’s actual logo and graphics. Companies commonly impersonated include Norton, McAfee, Adobe, PayPal and Best Buy’s Geek Squad. To spot a scam look for spelling and grammatical errors. Also look closely at the sender’s email address. Many are from a “gmail.com” account. Just because it says the product name, such as “Norton@LifeLockServices”, in the sender’s section of the email does not mean that it is coming from that company. It is a scam. If you think you have been wrongfully charged, contact your bank or credit card company directly, or sign into your account, but do not use the link that they provided.
Always use a credit card online
A simple reminder, if you make any payments online, always use a credit card. It has more recourse than a debit card, meaning the credit card company can refund your money and charge back the scammers. Too many charge backs and complaints will hopefully cause the credit companies to either cancel or raise the fees they charge the fraudsters, thereby reducing the scammer’s profits.
Do not click on attachments or links
Do not open any attachments or click on any links or pop-up messages as they may be malicious software (malware) such as a virus, or it is just more made-up data to support their bogus claims. Also, do not call the phone number. They will lie about who they are. Finally, do not respond or click on the “Unsubscribe” link as that alerts the scammer that you viewed the email. It also could be malicious link.
I am a victim. What do I do?
If you are a victim of a tech support scam, contact Esser Consulting, LLC as soon as possible for remediation and recovery help and advice. Your computer might be infected. You might become a victim of identity theft. Review your online accounts and change your passwords, and contact your financial institutions.
Are you at risk of being hacked?
Today is #WorldPasswordDay. Do you use the same password over and over again? Hopefully not, but if you do, and a hacker gets access to one of the accounts they can get access to all of them. Hackers are buying compromised user data online on hacker websites, and either trying those login credentials at other sites, or they are attempting to blackmail users via a scam email. Therefore, it is strongly recommended that everyone use unique passwords on every website, but remembering all of those passwords is virtually impossible. A very good solution is to use a password manager program.
There are numerous password manager programs available. Most have you remember one password, then keep the others locked away in a password “vault”. Some keep the password “vault” file on your device locally, others are cloud based which allows them to be used on multiple devices. I looked for one that was easy to use, worked on multiple operating systems (Windows, Android, Apple iOS), had positive reviews, and had a good free version as well as a premium version. I have been using LastPass for a over a year now, and have installed it for many customers. I have received positive feedback from those who have been using it.
If you are interested in having me install and demo LastPass Password Manager program, please contact me at (920) 735-1806 to setup an appointment.
Are you protected against these cyber threats?
As the online landscape changes, and new cyber threats emerge, cyber security has to adjust and change. Using just the security software that comes pre-installed with your Windows computer is not enough. I have been looking for solutions to the following items that I have seen customers become victimized by in the past few years.
Patching outdated software
A key component of staying safe online is keeping your computer up-to-date. Hackers and virus writers love targeting outdated software. Outdated software often contains security vulnerabilities, bugs, and performance issues that are often resolved in the latest version. These are some of the reasons why it’s essential to keep the apps updated (or “patched”). Finding an easy way for my customers to update their outdated software, like Java and Adobe Flash which hackers were actively exploiting, lead me to become a contributor for Patch My PC.
Identity Theft
Reusing the same password on different sites was not an issue until hackers started selling compromised data which identity thieves have used to compromise other websites. It is now imperative to use different, unique passwords on every website that you visit. To help with this daunting task I can install and demo a password manager program which stores your passwords and other data in a “vault” and which you need to remember only one password to access the saved password info. It can also give you a “security score” which helps identify reused and weak passwords.
Tech Support Scams
Tech support scammers have victimized unsuspecting users through rogue ads and malicious websites. Installing an ad-blocker and an add-on that blocks malicious websites, clickbait links, unwanted cryptocurrency miners can help reduce the risk of a tech support scam or a browser hijacker taking over their computer.
Ransomware
Ransomware continues to be a major concern. Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Anti-ransomware software should be installed, as well as taking extra precautions and having offsite backups. I have partnered with Malwarebytes and Dr. Backup to provide my customers with affordable solutions to address these issues.
Please contact Esser Consulting, LLC at (920) 735-1806 for help with addressing these cyber threats.
What to do if your hard drive crashes
Your computer’s hard drive is a piece of equipment, and like any other piece of equipment (ie: your car’s water pump, your washer, dryer, or dishwasher) it will eventually break. It is not a matter of if your computer hard drive will crash, but when. I strongly recommend backing up your files on a regular basis, but what if you aren’t doing that, or if your backups for some reason fail?
Sometimes your files can be recovered by a local computer repair company like Esser Consulting, LLC. But what happens if your hard drive is unresponsive, is making a clicking noise, or is damaged and files cannot be recovered locally? If your files are important enough, then it is time to contact a company that specializes in data recovery.
Esser Consulting, LLC is a Gillware Data Recovery Trusted Partner. If your hard drive crashes and you need your data files – pictures, Word documents, Excel Spreadsheets, e-mails, music files or other data – recovered, call Gillware at 877-624-7206 and use referral code 8247. You will receive free inbound shipping, free evaluation, and $25 off when you use this referral code.
I have been referring data recovery customers to Gillware for several years now, and they have been very successful recovering people’s data files. They also recover files from smart phones and tablets, DVRs, USB flash drives, camera SD and micro SD cards, as well as many other storage devices.
The Problem with Re-Using Passwords & a Solution – Password Manager Program
Facebook revealed last week that its platform mistakenly kept a copy of passwords for “hundreds of millions” users in plaintext. If you are one of the affected users, your Facebook and Instagram password was readable to some of the Facebook engineers who have internal access to the servers and the database. As of now, Facebook says that no one outside of their company had access to these passwords, and that there was no abuse internally by Facebook staff members.
This leads to another issue that people need to be aware of – the problem of reusing the same password on multiple sites. For example, is your Facebook password also your email password? If one of the sites is compromised, all of your sites are compromised. Hackers are buying compromised user data online on hacker websites, and either trying those login credentials at other sites, or they are attempting to blackmail users via a scam email. Therefore, it is strongly recommended that everyone use unique passwords on every website, but remembering all of those passwords is virtually impossible. A very good solution is to use a password manager program.
There are numerous password manager programs available. Most have you remember one password, then keep the others locked away in a password “vault”. Some keep the password “vault” file on your device locally, others are cloud based which allows them to be used on multiple devices. I looked for one that was easy to use, worked on multiple operating systems (Windows, Android, Apple iOS), had positive reviews, and had a good free version as well as a premium version. I have been using LastPass for a few weeks now, and have installed it for several people. I have received positive feedback from those who have been using it.
If you are interested in having me install and demo LastPass Password Manager program, please contact me at (920) 735-1806 to setup an appointment.
FBI recommends routers be power cycled to disrupt malware infection
The FBI recommends that small office and home office routers be power cycled – rebooted or unplugged for a few seconds, then plugged back in – to disrupt possible malware infection. The firmware (software that controls hardware) for these devices should also be updated to the latest version. Contact Esser Consulting LLC for help. More info: https://www.ic3.gov/media/2018/180525.asp