October 06th, 2014

First the good news, and then a warning. iOS 8The new Apple software seems pretty stable now, so it’s probably safe to go ahead and update your existing iPhone or iPad. Don’t forget to update your apps as well.  Expect a major update to mac computer software in the next few weeks, too, and don't rush to install that either.

One change worth noting is that you will have more control of whether apps are allowed to track your location even when you're not using them. Here's a good article on how to mange your privacy settings.
 Now I’m REALLY madA phone ringing at midnight is rarely good news, so when I answered and heard, “This is an urgent call from Windows Technical Department, “ I was both relieved and furious. Similar fake claims that “your computer is full of viruses,” or that “the IRS is sending people to your house,” or otherwise scaring the beejezus out of the unwary, have become more common and more aggressive in the past month.  I was fed up, so I told the caller that he was a criminal, and hung up.

And then he called back.

I won’t repeat the unprintable things he said, but I hope you learn from my mistake: the momentary satisfaction of telling off the caller was not worth angering a tech-savvy criminal who has my home phone number.  If they call you, just hang up. (Sadly, there's no effective way to stop these calls).

(As an aside: one of these scammers accidentally called a security researcher who played along to see what would happen; you can read the whole fascinating story here).
 The Chase HackWhich brings us to the latest hacking scandal: JPMorgan Chase.  The intruders apparently collected personal information like names and email addresses, but not account numbers, passwords or social security numbers.

What’s the point of that? Here’s one possibility. It takes 30 seconds to create this email:
Most people, seeing an urgent fraud alert containing their real name from their own bank, would panic and click on the link, which would take them to a page that LOOKED like the Chase website.  . .where they’d enter their banking password.  You can guess the rest.
Short of hiding under a rock, how can you protect yourself?
  1. Monitor your credit card charges and bank transactions; reconcile accounts monthly. Quicken or Mint.com can be great tools for keeping an eye on your finances.
  2. Set up alerts on all your accounts. Chase, for example, lets you sign up to receive alerts for any transactions over a dollar amount you choose, or overseas, or for gas (apparently a popular fraud target).
  3. Never go to a financial website by clicking a link in an email. Instead, type the address of the site into your browser yourself or (better) use a bookmark.  (In fact, be wary of any link in an email; links claiming to be shipping information or shared Dropbox files are common fakes).
  4. Switch to Gmail. Nobody’s perfect, but they do a better job of spotting fakes than most.
  5. Channel your inner New Yorker. Be deeply suspicious, it’s safer.  And if you are ever in doubt, remember that clients are always welcome to forward questionable emails to us for evaluation.