Security Tip

Before you connect your computer to the internet

Why Should I Care About Computer Security?

Computers help us maintain our financial, social, and professional relationships. We use them for banking and bill paying, online shopping, connecting with our friends and family through email and social networking sites, researching data posted on the internet, and so much more. We rely heavily on our computers to provide these services, yet we sometimes overlook our need to secure them. Because our computers play such critical roles in our lives, and we input and view so much personally identifiable information (PII) on them, it’s imperative to maintain computer security that ensures the safe processing and storage of our information.

How Do I Improve the Security of My Home Computer?

Following are important steps you should consider to make your home computer more secure. While no individual step will eliminate your risk, together these defense-in-depth practices will make your home computer’s defense stronger and minimize the threat of malicious exploit.

Connect to a Secure Network
Once your computer is connected to the Internet, it’s also connected to millions of other computers, which could allow attackers access to your computer. Information flows from the internet to your home network by first coming into your modem, then into your router and finally into your computer. Although cable modem, digital subscriber line (DSL), and internet service providers (ISP) purport some level of security monitoring, it’s crucial to secure your router—the first securable device that receives information from the internet. Be sure to secure it before you connect to the Internet to improve your computer’s security. (See Securing Your Home Network for more information.)

Enable and Configure a Firewall
A firewall is a device that controls the flow of information between your computer and the internet, similar to a router. Most modern operating systems include a software firewall. In addition to the operating system’s firewall, the majority of home routers have a firewall built in. Refer to your user’s guide for instructions on how to enable your firewall. Once your firewall is enabled, consult the user’s guide to learn how to configure the security settings and set a strong password to protect it against unwanted changes. (See Understanding Firewalls for more information.)

Install and Use Antivirus and Antispyware Software
Installing an antivirus and antispyware software program and keeping it up to date is a critical step in protecting your computer. Many types of antivirus and anti-spyware software can detect the possible presence of malware by looking for patterns in the files or memory of your computer. This software uses virus signatures provided by software vendors to look for malware. Antivirus vendors frequently create new signatures to keep their software effective against newly discovered malware. Many antivirus and anti-spyware programs offer automatic updating. Enable that feature so your software always has the most current signatures. If automatic updates aren’t offered, be sure to install the software from a reputable source, like the vendor’s website or a CD from the vendor. (See Understanding Anti-Virus Software.)

Remove Unnecessary Software
Intruders can attack your computer by exploiting software vulnerabilities (that is, flaws or weaknesses), so the less software you have installed, the fewer avenues for potential attack. Check the software installed on your computer. If you don’t know what a software program does and don’t use it, research it to determine whether it’s necessary. Remove any software you feel isn’t necessary after confirming it’s safe to remove the software.

Back up important files and data before removing unnecessary software in case you accidentally remove software essential to the operating system. If possible, locate the installation media for the software in case you need to reinstall it.

Modify Unnecessary Default Features
Like removing unnecessary software and disabling nonessential services, modifying unnecessary default features eliminates opportunities for attack. Review the features that came enabled by default on your computer and disable or customize those you don’t need or plan on using. As with nonessential services, be sure to research these features before disabling or modifying them.

Operate Under the Principle of Least Privilege
In most instances of a malware infection, the malware can operate only under the rights of the logged-in user. To minimize the impact the malware can have if it successfully infects a computer, consider using a standard or restricted user account for day-to-day activities and only  logging in with the administrator account (which has full operating privileges on the system) when you need to install or remove software or change system settings from the computer.

Secure Your Web Browser
Web browsers installed on new computers usually don’t have secure default settings. Securing your browser is another critical step in improving your computer’s security because an increasing number of attacks take advantage of web browsers. (See Securing Your Web Browser.)

Apply Software Updates and Enable Future Automatic Updates
Most software vendors release updates to patch or fix vulnerabilities, flaws, and weaknesses (bugs) in their software. Because intruders can exploit these bugs to attack your computer, keeping your software updated is important to help prevent infection. (See Understanding Patches.)

When you set up a new computer (and after you have completed the previous practices), go to your software vendors’ websites to check for and install all available updates. Enable automatic updates if your vendors offer it; that will ensure your software is always updated, and you won’t have to remember to do it yourself. Many operating systems and software have options for automatic updates. As you’re setting up your new computer, be sure to enable these options if offered. Be cautious, however, because intruders can set up malicious websites that look nearly identical to legitimate sites. Only download software updates directly from a vendor’s website, from a reputable source, or through automatic updating.

Use Good Security Practices
You can do some simple things to improve your computer’s security. Some of the most important are:

  • Use caution with email attachments and untrusted links. Malware is commonly spread by people clicking on an email attachment or a link that launches the malware. Don’t open attachments or click on links unless you’re certain they’re safe, even if they come from a person you know. Some malware sends itself through an infected computer. While the email may appear to come from someone you know, it really came from a compromised computer. Be especially wary of attachments with sensational names, emails that contain misspellings, or emails that try to entice you into clicking on a link or attachment (for example, an email with a subject like that reads, “Hey, you won’t believe this picture of you I saw on the Internet!”). (See Using Caution with Email Attachments.)
  • Use caution when providing sensitive information. Some email or web pages that appear to come from a legitimate source may actually be the work of an attacker. An example is an email claiming to be sent from a system administrator requesting your password or other sensitive information or directing you to a website requesting that information. While internet service providers may request that you change your password, they will never specify what you should change it to or ask you what it is. (See Avoiding Social Engineering and Phishing Attacks.)
  • Create strong passwords. Passwords that have eight or more characters, use a variety of uppercase and lowercase letters, and contain at least one symbol and number are best. Don’t use passwords that people can easily guess like your birthday or your child’s name. Password detection software can conduct dictionary attacks to try common words that may be used as passwords or conduct brute-force attacks where the login screen is pummeled with random attempts until it succeeds. The longer and more complex a password is, the harder these tools have to work to crack it. Also, when setting security verification questions, choose questions for which it is unlikely that an Internet search would yield the correct answer. (See Choosing and Protecting Passwords.)

Tip courtesy of US-CERT Publications.  Read more tips from US-CERT here:

ThinkB4U: Navigating the Internet safely

As more of our life happens online, Internet skills are becoming crucial to living responsibly. What skills do you need to navigate Internet society? How can parents and educators teach themselves, their families, and their communities about important topics like identity protection, fraud detection, and digital citizenship?

ThinkB4U is a collaboration between Google and safety experts Common Sense Media, ConnectSafely and the National Consumers League. Together, we are tackling some of the biggest learning curves thrown at the average user in a fun and interactive way.

There’s still a long way to go to achieve digital literacy for everyone, but we hope that projects like ThinkB4U will boost advocacy for online safety education, the importance of which is invaluable in our deeply connected world.

Content reprinted from Google’s Safety Center.  Visit for more information and resources.


Identity theft tax refund fraud: Everybody is at risk

Criminals who use stolen personally identifiable information can launch a wide variety of fraudulent financial schemes, such as hacking online accounts, submitting phony insurance claims, and applying for loans and credit cards to pad their bank accounts. Increasingly, though, identity theft through tax refund fraud is becoming a favorite money-making scheme for criminals.

There have been a number of stories in recent months of identity theft and how the information can be used against individuals. Because identity theft through tax refund fraud has become the most popular tax scam around, you might even know someone who has been a victim of it. All that is needed is a computer (or even a cell phone with the necessary app) and someone’s Social Security number (SSN) and date of birth.

This fraud is so rampant that the U.S. Internal Revenue Service (IRS) estimates that it mistakenly paid $5.2 billion to identity thieves in 2013, according to a report by the Government Accountability Office (GAO). The fraudsters filed fraudulent tax returns on behalf of millions of unsuspecting taxpayers, and the IRS did not catch the scheme until well after the refund checks had been processed. However, the financial damage could have been far worse: The IRS also estimates that it was able to identify and stop $24.2 billion in attempted identity theft tax refund fraud last year.
Ways to Protect Your Identity

Although identity theft is difficult to completely guard against, there are steps you can take to make it challenging for criminals to steal personally identifiable information, including:

  • Regularly check your credit report.
  • Do not carry a Social Security card or any documentation containing your SSN.
  • Properly dispose of documentation containing sensitive information; shred it instead of leaving it in the trash.
  • Only give personal information when absolutely necessary — especially on websites and via social media — and keep track of those who have access to it (this might be helpful in determining the breach source if victimized).
  • Never use public Wi-Fi or a non-password-protected network to file electronically.
  • Protect personal laptops and devices by installing firewalls and the most recent anti-virus software.
  • File taxes as early as possible during tax season because criminals try to file fraudulent returns before the actual filer (once the IRS receives a return with an SSN, the agency will reject any duplicate filings and immediately notify you).
  • If filing taxes is not required, consider doing so anyway to prevent a criminal from submitting a false return in your name, and to be alerted if someone has already filed in your name.
  • Be leery of phone calls from people who already know your SSN and claim to be IRS agents. Some even manipulate caller ID. (The IRS warned of this sophistication last October.)

For more information, please go to; Tax Refund Fraud; Examples of Identity Theft; and Don’t Be a Victim.

What to Do If Your Phone Is Stolen

The not so humble smartphone has become a significant part of our everyday lives. Whether you’re a CEO, a busy parent, a social media addict, or all three, your phone is most likely the control center amongst the chaos, helping you to organize your finances, stay in touch with your family and interact with your friends.

It contains your emails, contacts, photos, financial details and more, so having it stolen can be extremely distressing. These days, it’s not just the hardware itself that’s valuable to criminals, the data on your phone is worth just as much as its resale price on the black market. According to Consumer Reports, 3.1 million smartphones were stolen last year alone in the US, nearly double the number stolen in 2012. So what should you do if your phone is stolen?

If you do have mobile security app

If your phone has been stolen and you have a mobile security app, the first thing you should do is try to locate, lock and possibly wipe your phone. These immediate actions give you a fighting chance of finding your smartphone before you suspend your service. With mobile security, you’ll have the breathing room you need to contact the police and your carriers.

Lock your device

Mobile security features like Lock and Wipe allow you to remotely lock your device to stop thieves from accessing your personal data. You may even be able to post a custom message to the home screen that could help you get it back!

If you are positive that your device is gone for good, then you have the option to remotely wipe your smartphone to ensure that your important information doesn’t fall into the wrong hands.

Locate your device

Mobile security apps like Lookout also allow you to easily locate your phone using GPS. It’s as simple as logging into your account using a web browser and finding its location. Once you’ve located your device (and it’s definitely not hiding under the couch cushions) give this information to the police. For your safety, leave it to the experts to retrieve.

Stay safe as you get your device back

Once you have more information on your device’s whereabouts, rope in law enforcement and don’t try to be a vigilante. The tips below for people who don’t have Lookout installed will still be helpful for you, too.

Whether or not you have a mobile security app

Contact your provider

If your cell phone is lost or stolen and you don’t have a mobile security app, the first thing to do is contact your network provider, who will be able to block your phone in order to stop anyone else from using it.

This is particularly important if you have a pay monthly contract, as you will be liable for any calls made (or expensive apps downloaded) before you report your phone stolen.
Most of the major US network providers allow you to suspend your service and request a new SIM online or by calling their customer service department.

Reporting a lost or stolen phone to Verizon

Verizon Wireless allows you to temporarily suspend your service if your device has been lost or stolen, and your line will automatically reconnect in 30 days giving you the chance to find or replace your smartphone.

Reporting a lost or stolen phone to T-Mobile

T-Mobile allows users to suspend their service online and has a program that allows you to transfer your contacts and personal information to a new device.

Reporting a lost or stolen phone to AT&T

AT&T allows users to not only suspend their service, but to block the device from using voice, text, and data on the AT&T network if another SIM is inserted.

Reporting a lost or stolen phone to Sprint

Sprint asks users to call them immediately on 888-211-4727 to suspend service if you suspect that your phone has been lost or stolen.

Notify police

If your cell phone has been stolen it’s also important to notify the police, as insurance providers will usually need a crime reference number in order to process any claims.

If you use your smartphone to shop or bank, you may also need a police report to dispute any fraudulent charges made on your debit or credit card accounts using the stolen device.

Make a report at your local station, being sure to give them your device’s International Mobile Equipment Identity (IMEI) number, which your network should be able to provide you with. (You can also find this on your account settings page if you do have Lookout installed.) This could help the police get your phone back to you if it were to be recovered.

Change passwords and PINs

According to a nationwide survey by Consumer Reports, 34% of Americans don’t passcode protect their cell phones.

If you’re one of the people that make up this statistic, then it is absolutely essential that you change any passwords or PINs that are stored on your cell phone, as well as passwords to apps that automatically log in when you launch them on your device.

Bank details, user names, passwords and PINs, when used along with the personal data readily available on your phone (your birthday and address, for example) can easily be used by thieves looking to capitalize on your misfortune.

If you use your mobile device to shop or bank (with a banking or store app, for example) then it’s also a good idea to contact your financial institution and credit card company, as it may be necessary to cancel any cards stored on your smartphone.

Prevention is better than cure

In the future, the single most important thing you can do to prevent anyone from getting to your personal data if your phone is lost or stolen is set a passcode. Not only does it make your device a less attractive target for cell phone theft, it means no expensive international calls can be made at your expense; your personal information will stay personal no matter who ends up with your cell.

Set a complex password that you’ll remember but thieves won’t guess (don’t use common passcodes like 1234 or 0000), and set your screen to auto-lock within five minutes.

Backing up your data is also a great way to ensure you don’t lose important contacts, photos, music and more. Many service providers offer this service free of charge.

As well as this simple precautionary measure, downloading a mobile security app such as Lookout is a great way to add an extra layer of protection. From locating your phone to remotely locking and wiping it, Lookout makes defending your personal data simple.

Article courtesy of Lookout (

Top 10 holiday scams

As the new holiday cyber-crime season rolls in, it’s a good idea to look at the scams of last year, which will be recycled with a few small updates. Here are the Top 10 scams to keep an eye out for this holiday season:

Black Friday Deals
Black Friday and Cyber Monday are the busiest online shopping days and the bad guys are out to get rich with your money. Don’t buy anything that seems too good to be true.

Complimentary Apple Watch
Watch out for the too-good-to-be-true coupons that offer complimentary watches, phones, or tablets on sites all over the internet. Don’t fall for it. Make sure the offers are from a legitimate company.

Postal Deliveries
Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think before you click.

Fake Refunds
There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware.

The Grinch E-Card Greetings
Happy Holidays. Your email has an attachment that looks like an e-greeting card, pretty pictures and all. You think that this must be from a friend. Nope. Malicious e-cards are sent by the millions, and especially at the office, never open these things as they might infect your workstation.

The Fake Gift Card Trick
Internet crooks promote a fake gift card through social media but what they really are after is your information, which they then sell to other cyber criminals who use it for identity theft. Here is an example: A Facebook scam offering a complimentary $1,000 Best Buy gift card to the first 20,000 people who sign up for a Best Buy fan page, which is a malicious copy of the original.

The Charity Tricksters
Holidays are traditionally the time for giving. It’s also the time that cyber criminals try to pry money out of people that mean well. But making donations to the wrong site could mean you are funding cyber-crime or even terrorism. So, watch out for any communications from charities that ask for your contribution, (phone, email, text, and tweets) and make sure they are legit. It’s a good idea to contact the charity to make sure the request did in fact come from them. It is safest to only donate to charities you already know, and refuse all the rest.

The DM-Scam
You tweet about a holiday gift you are trying to find, and you get a direct message (DM) from another twitter user offering to sell you one. Stop – Look – Think, because this could very well be a sophisticated scam. If you do not know that person, be very careful before you continue and never pay up front.

The Extra Holiday-Money Fraud
People always need some extra money during this season, so cyber fraudsters are offering work-from-home scams. The most innocent of these make you fill out a form where you give out confidential information like your Social Security number which will get your identity stolen. The worst of them offer you work where you launder money from a cyberheist which can get you into major trouble.

The Evil Wi-Fi Twin
If you bring your laptop/tablet/smartphone to the mall to scout for gifts and check if you get it cheaper somewhere online. But the bad guys are there too, shopping for your credit card number. They put out a Wi-Fi signal that looks just like a complimentary one you always use. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your credit card data while you buy online. When you use a Wi-Fi connection in a public place, it is better not to use your credit card.

Provide courtesy of KnowBe4 CyberheistNews (


Internet safety for seniors

The Internet creates excellent opportunities for seniors to meet people, conduct business, plan travel, access records, stay in touch with friends and family, and support hobbies and entertainment interests.  You can learn how to take advantage of the opportunities without falling prey to predators so you can have peace of mind when you go online.

The Washington State Office of the Attorney General’s Office has put together an online resource aimed at the unique vulnerabilities seniors face when going online.  There are specific scams tailored specifically to exploit older Internet users.

Having less refined computer and Internet skills and being more trusting are major factors that make seniors more vulnerable.  This site addresses: seniors and social networking sites; cyberbullying and seniors; online dating and seniors; information exposure and seniors; and tips for seniors to stay safer online.  Learn more here.

Stop. Think. Connect.

Be a good cyber citizen by own your online presence.

Take security precautions, understand the consequences of your actions and behaviors and enjoy the benefits of the Internet.

STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.

CONNECT: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.

Protect yourself and help keep the web a safer place for everyone.  For more information about owning your online presence and for information about how to protect your digital life, go here. be safe, secure and responsible online

At, you will find information for your computer, your children and yourself.  Information is shared through videos, blogs and online articles.  You can also sign up for email updates to stay on top of the latest threats to your security.

The Federal Trade Commission manages, in partnership with the federal agencies listed below. is a partner in the Stop Think Connect campaign, led by the Department of Homeland Security, and part of the National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology.

Tech support scams continue to cost computer users

Reposted from, a project of the National Consumers League.

Just before midnight George got a call. “I was told it was the Microsoft Corporation,” George said. “They said there was a problem with my computer but they would fix the problem for free and would install an antivirus to protect against future attacks for $99.” George went to bed uneasy, not sure if the supposed Microsoft employee was legitimate or a fraudster.

Unable to sleep, George watched helplessly later that evening as someone remotely entered his credit card number into a Web site without his control. George frantically called Microsoft and learned that he had, as he suspected, fallen victim to a scam. In an attempt to avoid charges, George called Western Union — only to find out that $207 had already been charged to his credit card and was being processed in India.

The National Consumers League’s has seen a recent uptick in this “tech support scam.” These occur when a fraudster, claiming to work for well-known technology companies like Microsoft or Norton, contacts a consumer. The scammers claim that viruses have been detected on the computer and that they can remotely remove it for a fee, typically anywhere from $100 to $400. The victim is then instructed to go to a Web site or open computer program that “proves” that the computer is compromised. Often these programs show computer functions that look scary but are actually normal.

Frightened by the supposed virus — and reassured because of the reputation of the company the fraudster is claiming to represent — many consumers agree to pay the fee and give the criminal remote access to the “corrupted” computer. Sometimes the hacker charges a consumer to download harmless programs that are available for free online to demonstrate the alleged virus. Other times, they install tracking software that gives the fraudster access to personal information on the computer.

Estimates of the scope of this scam vary widely. For example, Microsoft reported that the average victim lost $875 and had to pay $1,700 in repair bills. The Federal Trade Commission (FTC) said it had received more than 40,000 complaints about this scam when it initiated a crackdown in October 2012 and an official with the FTC’s consumer protection bureau said he thought the number of victims was probably “substantially higher.”

Although scams of this sort started in 2008, it has become far more common in the last couple of years, gaining attention from media organizations across the world. The companies that are affected have also noticed, warning their customers and offering tips on how to spot and avoid the scam. PayPal and other payment companies have helped by shutting down the accounts of known fraudsters.

Despite government action to identify and stop scam artists running these schemes, copycats continue to defraud consumers. Consumers should use the following precautions to minimize the risk of falling victim:

  • Know that legitimate companies will not call you without solicitation and tell you that you must pay for tech support;
  • Find a legitimate phone number for the company and ask them whether a representative contacted you;
  • Never allow someone to take remote control of your computer unless you are certain that they are actually representing a legitimate company;
  • Do not disclose sensitive financial information such as passwords, credit card, or bank account routing numbers over the phone; and
  • When buying things over the Internet or phone, use a credit card or a debit card so that you can better dispute fraudulent charges.

If you believe that you are the victim of a tech support scam, please take the following actions:

  • File a complaint with so that we can help others avoid falling victim;
  • Call your credit card company and ask to have the charges reversed;
  • Check your bank and credit card statements for inaccuracies. If you find any, ask that those charges be reversed, too;
  • Contact the major credit-reporting agencies (Equifax, Experian, and TransUnion) and notify them of the potential for fraud on your account; and
  • Delete the tracking software from your computer. For tips on how to do this, click here.

Visit the following sites to learn more about tech support scams and ways to protect yourself:

  • This post on the FTC’s Web site provides consumers with a video on how to protect computers and phone audio of a scammer conducting a tech support scam.
  • This section of the FTC’s Web site gives an overview of how these scams work and ways to protect yourself if contacted by a fraudster.
  • The Better Business Bureau has a scam alert that describes an incident in Montana involving this scam.
  • Finally, Microsoft’s posting on its Web site details common scams that falsely use its name and the common indicators that you are not truly talking to a company official.