Category Archives: security

security, Tech Tips

Adding a Password to your Zoom Meeting

Zoom has quickly become the virtual meeting platform of choice for those who need to attend meetings but are currently self-isolating or working from home.

The default settings for Zoom leaves meetings open for anyone to join. This make it a lot simpler for people to join – but it also leaves the chance someone could stumble across your Zoom meeting accidentally. There have been reports of people abusing this for pranks, as well as more sinister activities.

To keep your meetings safe from pranksters, eavesdroppers, or other malicious actors you can set a password. As long as you choose a secure password, you should be able to avoid anyone Zoombombing your meeting.

Setting a Password

First all open up Zoom.

Zoom Main Screen

At the bottom of the main window click on the Meetings button. This will open up the Meetings page and will list all the meetings you have scheduled. It is possible to set a unique password for each individual meeting.

Zoom Meetings Screen

After you have selected a meeting, click on the Edit button to view the settings for that particular meeting.

Personal Meeting ID Settings

In the Password section tick the box labeled Require a meeting password. A password field will then be showed. Type a password in the password field, and click Save.

You will now need to share the meeting link and the password to anyone whom needs to attend the meeting. For extra security try to send the link and password via separate communications. i.e. emailing the meeting link and sending the password via a secure messenger.

Your meetings should now be more protected from prying eyes; whether accidental, curious, or malicious. Now you just need to concentrate of the other mishaps that may occur when working from home. While you’re here feel free to browse our other Tech Tips articles!

Apple, security

Secure your Apple iPhone or iPad

Your mobile goes with you everywhere. You use it multiple times a day to send email, do your banking, send memes to loved ones via your favourite social media platform, and on occasion you might actually use it to call someone.

Mobile devices have replaced the desktop computer as the main device for much of the population. This is because they are so convenient. You can check the weather before you get out of bed, you can order a pizza without getting off the lounge, and you can laugh at funny videos on YouTube without leaving the comfort of your toilet.

Jokes aside, these devices are popular items sought by criminals who want to steal them or steal data from them.

One thing I have noticed over the years is many people choose to have no passcode. Often their excuse is “they have nothing to hide” or “don’t have anything a hacker would want”.

The downside to this is that if you were to lose your device or have it stolen the criminal have full access to your device. This would allow them to reset online accounts, including your online banking, or paypal. Which brings us to the first step in how to secure your Apple device: Setting a passcode.

Setting a Passcode

Setting a passcode on your device will help to prevent someone gaining access to your device if it was misplaced or stolen. The default option for Apple is a six digit passcode. This should be random, and not something that follows a pattern. i.e. 123456 or 000000. Try to avoid things like digits from your phone number, or important dates such as birthdays or anniversaries.

To set a passcode go to: Settings > Face ID & Passcode (Touch ID & Passcode for older devices) and then Tap Turn Passcode On.

You will then be prompted to enter and confirm your new passcode. This will need to be typed in each time you unlock your device, but it becomes second nature very quickly.

To make things a little easier your can opt to use Touch ID or Face ID on compatible models. This allows your to unlock your device with a finger print or simply by looking at your phone.

If you forget your passcode you will not be able to gain access to your device without performing a factory reset. Ensure you store your passcode somewhere securely away from your device or in a password manager.

Automatic Updates

Apple Devices are reasonably secure out of the box due to Apple taking a “walled garden” approach to security. Apple have strict requirements for app developers to meet before their app can make it onto the AppStore. This means there are fewer malware samples in the wild, compared to Android devices, that can infect Apple devices. This doesn’t make the device 100% secure. Apple devices can still be attacked by exploiting vulnerabilities in software or in apps. To keep your device safe it is recommended to install software and app updates at your earliest convenience.

Updates can be installed automatically, which is highly recommended. This way the updates install without you needing to worry.

To enable automatic updates for Apps go to: Settings > ‘Your Name’ > iTunes & App Store. Tap the toggle switch for App Updates. If the toggle switch is green this indicates your Apps are updating automatically.

To enable automatics updates for iOS go to: Settings > General > Software Updates > Automatic Updates. Tap the toggle switch for Automatic Updates. If the toggle switch is green this indicates iOS is updating automatically.

Enable 2FA for your Apple ID

Two-factor Authentication or 2FA helps to secure your account by requiring a second factor (i.e. a code sent to your mobile) along with your password when signing into a service. I highly recommend enabling this for any account that supports it.

To enable it go to: Settings > ‘Your Name’ > Passwords & Security

Tap Turn on Two-Factor Authentication and then tap continue.

You will be asked to enter your mobile number. Apple will send you a one time code which your Apple device should automatically read. If not, you will need to copy and paste the one time code from the text message. 2FA will now be enabled for your Apple ID.

This means if anyone was to guess your password they would not be able to access your Apple ID without also having access to your mobile device.

Turn of Notification Previews

Notifications previews are a handy feature but they can pose as a privacy risk as well as a security risk.

When you receive a message via most messaging apps, a notification will display on the screen with a preview of the message, and whom it was from. This can pose as a security risk if you were to lose your phone. A criminal could read a text message containing a one time code without needing to unlock your phone. This may allow the criminal to reset you banking or other online services password.

You privacy can also be at risk. Someone who has access to your phone but doesn’t know your passcode can still read part of the message from the lock screen. This means anytime a message comes through on your phone, anyone that can see the phone screen at that time can read the message.

Turn off or limiting the notification is simple:

Go to: Settings > Notifications.

Under Show Previews choose one of the following options:

  • Always – Always show previews on the lock screen
  • When Unlocked – Only show previews after you have entered your pin, or unlocked with Touch ID or Face ID.
  • Never – Never show a preview of the message.

At a minimum I would recommend selecting When Unlocked.

Find My

Find My is an App that can be downloaded on your Apple Devices and can assist you in finding your misplaced device. The app comes installed on most new devices but if you cannot see it, or you’ve deleted it, you can download it from the App Store. One you open the app you will be required to sign into your Apple ID. You will also need to enable location services.

Once enabled, you can log on to iCloud on your computer or use the Find My app on another device to view where you device is on a map and to use the following features:

Play Sound – If you’ve misplaced your device at home you can make your device play a sound, even if it is muted.

Mark As Lost – If you have lost your device away from your home you can put it in lost mode. This will display a custom message on your devices screen, as well as a phone number to call. It also allows you to receive updates of your phones movements via email.

Erase Device – If all hope is lost of getting back your device you can ensure no-one gets access to your data by erasing the phone. The phone becomes useless to anyone who doesn’t have access to your Apple ID as this is required to get the phone up and going again.

People have a lot more sensitive data on their devices than they think at first. Having the “I’ve got nothing to hide” mentality is all good and reasonable until you actually lose a device. Following these steps should help you to keep your phone and data in safe hands. For more tips visit our Tech Tips page!

Phishing, security

Security Alert – Outlook Phishing Email

Phishing emails come in many variants. Often they are an attempt to phish user credentials, which can be used by the attacker or sold on the darkweb.

Below is an example of an email designed to phish Outlook or Office 365 credentials.

Outlook is an online email service provided by Microsoft. Office 365 is Microsoft’s Office subscription service.

If someone was able to steal your password to either of these services they would then have access to your email, and if you are using it, files stored in OneDrive.

In this case, the spammer isn’t targeting one group, but instead killing two birds with one stone by targeting Outlook.com and Office 365 Users. This gives them a higher number of potential victims.

If someone is able to access your email account, they will be able to access all your online accounts by resetting your passwords.

The spammer has used several techniques to try and get the recipient to lower their guard.

If you’ve noticed; the email says it is from Outlook Office365 and shows that it come from the email address: outlook @ office365.com.

Spammers can make an email appear to come from any email address. This is called spoofing. This gives the impression that the email is legitimate because it appears to come from a legitimate source.

The email arrived with the subject Security Alert. When you’re signing into a service on a new device, you will often receive a “security alert” email. This is a feature offered by many online services so that you are alerted if someone was to access your account.

The spammer is hoping that the subject of Security Alert is enough to tempt you to open the email.

The email goes on to say that there has been a new sign in from a Linux device. The spammer is mentioning an operating system with a low market share to again get you to lower your guard.

If the email mentioned a new sign in from Windows (which has a high market share), the recipient may just think it was themselves signing in to the service. But, by saying there was a new sign in from Linux, the spammer is hoping that the user is not a Linux user and will want to block this “attacker” from accessing their account.

The email has a button to click to “check activity”. This button is directed to a phishing website. The website looks legitimate and uses the Outlook.com logos and layout. If you were to enter your credentials into the website to “sign in”, these credentials would be sent to the spammer, who can now access the you account or resell the credentials on the darkweb.

Always take caution when an email is asking you act urgently. If you are unsure, you can sign into the service via the web browser (as apposed to clicking a link). Most services now have notifications within the service itself, and will alert you to security related items.

With Outlook, you can visit https://accounts.microsoft.com and click the Security link to view more details about the security of your account. From this menu you can see Sign-in Activity, Check Password Security (and turn on 2FA), and update your security information.

If you have fallen for a Outlook.com phishing email, Microsoft have some resources on the steps you can take.

To see learn about other scams and methods scammers are using, check out the ScamWatch website.

You can also check out other Tech Tips articles by Grenfell Internet Centre. Don’t forget to share this blog post with family and friends!