Category Archives: Articles

My Facebook has been Hacked!

“My Facebook has been Hacked!” is something I hear several times a week.

9 times out of 10 I find that there hasn’t actually been an account compromise, but instead an unknown person has created a duplicate account and has started adding all the original accounts Facebook friends.

Why would someone do this? Well, if they can pretend to be you, they can potentially scam one of your unsuspecting Facebook friends. There is a good chance your Facebook friends trust and respect you, so if they receive a message that appears to come from you, they are probably more likely to take the bait.

Scams vary; the scammer may send through a link to a malicious website designed to collect personal details, the link could contain malware, or they could straight out ask the victim to transfer some money.

Picking the victim

The scammer doesn’t just pick anyone to impersonate online. They will usually opt for accounts that are publicly visible, have a profile picture, and have a publicly visible friends list.

A publicly visible Facebook profile is easier for a scammer to come across. Once they do, the scammer will then download your profile picture. Create a new Facebook account, and then add all your friends from your publicly visible friends list.

If you have never changed any of your Facebook privacy settings, there is a good chance your profile fits into the category of someone they would like to impersonate.

How to avoid this happening to you

Facebook default settings are someone questionable in respect to privacy. I will show you know how to lock down your Facebook account and change it from the very open defaults.

First of all click the menu button and come down to settings.

Click Privacy in the left hand Windows and change the settings to match the settings below.

Click on the image to see full screen

At a bare minimum ensure that Who can see your friends list? is set to Only me and Do you want search engines outside of Facebook to link to your profile? should be set to No.

These are the main two settings that are going to lower the odds of someone trying to impersonate you.

For privacy, I highly recommend changing Who can look you up using the email/phone number you provided to Only me.

More settings can be found on Timeline and Tagging.

Click on Timeline and Tagging and then change the settings to match the settings below.

Click on the image to see full screen

These settings will help to keep your Facebook profile a little more private and hopefully make your account a little less easy to impersonate.

To avoid someone compromising your account ensure you use a strong unique password for every account online and also enable two-factor authentication.

Don’t forget to check out our other Tech-tips articles!

“But I don’t have anything a Hacker would want”

“But I don’t have anything a hacker would want”, is often the reply I hear when I’m explaining the importance of strong passwords, software updates, and other tasks to improve their cyber hygiene.

“I don’t do online banking” or “I don’t have personal information stored on my computer” come in as the follow up statements.

What this tells me is that many of us have a false sense of what a cyber criminal wants.

Sure, financial gain does appear to be the motivation for many cyber criminals. Draining a bank account would be a easy pay day, but it could also be risky.

Many cyber criminals are opportunistic. They may not be targeting you specifically but if you don’t take precautions you’ll end up one of the unlucky targets they happen across.

Think of the internet like a car park, and computers as the cars. If you haven’t patched your systems, or make a habit of using a single password, you’re leaving your car unlocked in a public place.

A criminal can walk around the car park trying to unlock each an every car, once inside he might be able to take the loose change in the centre console, or take a laptop sitting on the backseat.

You would notice your laptop missing. But would you notice if the criminal took a few coins from the centre console?

A cyber criminal can scan the internet looking for computers that haven’t had the latest patches installed. These patches fix vulnerabilities in software that could potentially leave your computer “unlocked”.

Passwords are like keys. How convenient would it be to have one key that opens your house, car, safety deposit box, and mailbox? Say you lose one of these keys. How convenient is it for a criminal to then go around and access all your things with the one key?

Sure, in real life you’re probably going to notice a missing key. But digital things work a little differently. You might lose a file, but have an exact copy stored in a backup. You could have a copy of a file, and someone else could have the exact same copy of the file at the same time.

Would you know if a service you use lost a copy of a password?

In a data breach, cyber criminals are able to steal data (lose a key), and the company still maintains a copy of their own. The cyber criminal who initially stole the data can then sell it to other cyber criminals.

If this data happens to hold copies of passwords, a cyber criminal can then use these password to access the account of those users. If you use the same password everywhere, well, you can see where we are going.

You’ve left the car unlocked, you use the same keys for everything, the dog walker lost a copy of your key and didn’t tell you about it. You might still be thinking “But I don’t have anything a hacker would want”.

I’m sorry, but you do.

A DDoS attack (or Denial of Service Attack) is where a cyber criminal floods a website with traffic in order to slow down a website and try and take it offline. This is often done in protest (perhaps the website has different views to the cyber criminal, and she is angry), for the lulz (or for fun as it is known), or even just to cover up a separate attack that the cyber criminal is undertaking on the same site.

Back to our car – perhaps the criminal is going to use it to damage the property of a big corporation in protest. Perhaps he is going to cruise around town doing burnouts and driving through the garden of a local park ‘for the lulz’, or perhaps he has found one of your lost keys and is going to wander in a steal the jewellery in your home, whilst at the exact same time doing a burnout, out the front of your house to keep you distracted. All because you inadvertently left the car unlocked.

While it seams silly that the the criminal is in two places at once, that’s exactly how things are online. A cyber criminal can be doing multiple nefarious activities simultaneously; she can be attacking a website with a DDoS while also stealing the customer database.

To count as a DDoS (Distributed Denial of Service), the attack has to come from multiple sources. Computers (or other devices) that an attacker has compromised will be added to what is known as a botnet. This network of thousands of computers can have their resources pooled together to undertake malicious activities.

Resources such as storage are also something a cyber criminal requires. Perhaps she has some questionable material and need somewhere to store it. Perhaps she is selling the data stolen from another website. Instead of hosting it on her own servers, she might provide access to your computer and the buyer can download the information from there.

The car analogy still works here. Your car (the vulnerable un-patched computer), that you think is safe and locked, is sitting in a car park (the internet), completely open for anyone to access.

Remember the dog walker that lost a copy of your key (passwords) earlier. We’ll apparently he lost a copy of all his clients keys. The criminal who found them is storing them in your car. He found a buyer who will pop by your car later on to collect them. It doesn’t even matter if your using the car when the buyer comes along, he’s almost invisible.

This is really convenient for the cyber criminal because its your computer and not tied directly to him.

The purchaser of these stolen passwords, can use your email and password combination to then attempt to log into other service you use online.

Remember before I mentioned how convenient it was that you had a single key that opened the car, house, mailbox, and everything else? Yep. Ouch.

You might be thinking again, “But I don’t have anything a hacker would want”.

Facebook is a trove of information and everyone likes to overshare. “Happy Birthday Grandma”. Grandma is pretty tech savvy these days. We only communicate over Facebook.

“Hi Grandma! I’m in a bit of a pickle, I’m overseas at the moment and I have just had my wallet and phone stolen. I’ve been able to setup a temporary bank account and was wondering if you could transfer a couple of hundred dollars to it. The details are xxxxx. Thanks Grandma, I’ll be back home (hopefully) in time to pop by and wish you happy Birthday. Love from your Grandson and definitely not the cyber criminal who just bought access to this account.”

Look at that, you had exactly what a cyber criminal wanted. Access to Grandmas money.

It might not go down exactly like that, but your accounts as well as your computer can be used to attack other unsuspecting people.

I mentioned before whether or not you would notice a few coins missing from your centre console. You probably wouldn’t at first glance, but perhaps down the track.

If this was a cyber criminal taking files (the coins) from your PC, you probably wouldn’t notice at all because you are left with a copy even when she takes a copy.

What files do you store on your PC? Photos? Is there something that could be used for blackmail?

Do you have data that could be used for identity theft?

What about the drivers licence you scanned and emailed to the car dealership that time? What about the bill that Telstra insists on sending digitally? It has your name, address, and phone number listed on it.

You might not be doing online banking, but that’s not the only way you can lose money. A cyber criminal can use these details for identity fraud and have an expenses paid online shopping experience on your dollar.

“But I don’t have anything a hacker would want”, except for everything.

How do you protect yourself?

Passwords are hard. This is why we are all using the same old Petsname1! or Farm2810$ for our passwords. Don’t use the same password for everything. Even a variation of the same password is a bad idea.

Use a unique passwords for every account you have. This can make it difficult to remember, but it is OK to have them written down in a notebook stored securely at home. A password manager would be an even better choice.

To increase your password security, enable 2FA (Two Factor authentication) on all accounts that support it. If you are not sure if a services offers 2FA you can look it up on Two Factor Auth List.

Update software and Operating Systems. Windows can be updated by holding the Windows Key and pressing R. In the run dialog box type in control update and then press enter. Click the button that says Check for Updates.

Running a Windows Operating System that is out of support means it is no longer being maintained and therefore not receiving any security patches. If you are running Windows Vista or XP you really need to upgrade. Vista has been out of support for almost two years. Windows XP a lot longer.

If you are running Windows 7, your should aim to upgrade before January 2020.

Other software can be updated via its own menus within the software. It can be hard to keep track of versions when we have multiple programs installed. PatchMyPC is a free program for home users to easily update all the software on their PC.

While these task aren’t going to make you 100% secure, it is a good start. I have written multiple articles in the past on how to stay secure online. Check out our Tech Tips articles for more information.

Office 2007 End of Support

UPDATE: Office 2007 is now out of support and should be upgraded to Office 2019 or Office 365. LibreOffice is a free opensource alternative.

Office 2007 was released on the 10th of January 2007.  This year sees Office 2007 reaching its 10th anniversary. As with most Microsoft products, 10 years will see the end of extended support.

Office 2007 was the first to take on the modern look. Microsoft replaced the traditional menu with the Office button and replaced the traditional menu drop-downs with the ribbon. The ribbon replaces the text with icons. While the office button didn’t make it to the next version, the ribbon has stayed.

Unsupported software misses important software upgrades. These upgrades patch critical vulnerabilities. These vulnerabilities, if left unpatched, can potentially be exploited by an attacker. Depending on the type of vulnerability, the attacker may be able to access your data remotely.

Extended support for Office 2007 will end on the 10th of October 2017. It is recommended to upgrade to a newer version of Office sooner rather than later.

Extended support for Windows Vista will also end this year. The official date being the 11th April 2017.