This week I am spending a bit of time discussing Faces that are designed to deceive, Dangerous Printers, Multifactor Authentication, Shopping Securely on and offline. Why you must update ALL your devices and More so listen in.

For more tech tips, news, and updates, visit – CraigPeterson.com.

Tech Articles Craig Thinks You Should Read:

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Hey, what’s up for privacy coming over the next year. We’ll be talking about that design to deceive. How about your printer? When was the last time you actually checked that printer to make sure that well, everything was legit, as it were?

Hey everybody. Craig Peterson here.  We’ve had a problem with fakes.

You’ve heard about fake news. Of course, President Trump’s been talking about it. I think it was actually Hillary Clinton that had coined the phrase fake news, but there is all kinds of fake stuff going on right now, out there.

One of the big things that really concerns me is the fake identities that are right now being used in order to rip people off. That’s a huge problem. When you get right down to it, we have a lot of people who are lonely.

Think about people who might be divorced, particularly elderly people, someone that’s lost a lifetime mate. Nowadays, they don’t see anybody anymore. they might have someone come in with a face mask on and a big shield and gloves and it’s just not human touches, it’s not human interaction. They’re not interacting with their family face to face.

They of course, hopefully, have some way to do it virtually, maybe using Zoom, which, isn’t safe. You should never use that as a business, but it is fine for family connection type of stuff. And I’ve used it before for different types of business conversations. I’ll admit that. And in fact, when I was doing all of the webinars for the FBI’s training program, as part of the whole InfoGard stuff. I was indeed using Zoom because that’s what they told me to use.  I approached them. I said, Hey guys, we should really be using WebEx because they have versions that are safe. That can be used by people like us that are trying to keep our information safe and keep people out we don’t want to have in it.  The response I got back was, no, the FBI has authorized the use of Zoom. We can’t use anything else.

Of course, once again, Craig’s proven, right? About a year, actually about two years later, what happens? We find out that Zoom was routing data through China, that they have developers in China, and that it was anything but safe. A real problem, frankly. okay. That was an, I told you.

But how about when you’re going onto the dating site and you’re not so concerned about people finding out about you. In fact, that’s the reason you are on the dating site. Do you want people to find out about you and you go there and you’re trying to figure out okay? Is this somebody that I can trust? Is this somebody that I should trust?  I know many people who have found some of these dating entries, if you will, the posts we’ll put up to be highly deceptive.

That is the problem that we’re seeing all of the time. Now, when it comes to security. The bad guys are highly deceptive. And that’s a huge problem because when you’re on that dating site, they, might not even meet data insight. It might just be your Facebook page or something. And you find someone with some common interests and you start to talk to them and you build a relationship, all good stuff.

It’s all stuff you and I need to do, we all need to do, isn’t it? How do you verify whether or not that’s a real person? Let me give you a hint. If you go to the Google homepage. I’m going to bring it up right now for me, myself. So we can talk along and you can see it has Google search on it.

I’m feeling lucky if you go to the upper right-hand corner, you’ll see a little thing called images to a little line. You click on images and now up comes Google image search. So this is a bar you can type in just like you would any sort of a regular Google search. But it has a little camera. Did you notice that over on the right-hand side of the bar, you click on search by image.

This is where it gets interesting because if you’re on Facebook or Instagram or one of these dating sites and you want to see, is this a stolen picture? Is this really a picture of John or a picture of Mary, whoever it might be. You just get the URL to that picture in the way to do that is either you can save it to your disk. If you can download it or you can right-click and copy the URL of the image, and then you paste it here into the paste image URL.

That you see right there on Google images and then you click on search by image. So I’m going to do it right now. I’m going to go to Craig, Craig Peterson.com. And I am going to grab my picture.

I’m sure I’m on here somewhere. Okay. We’ve got all my latest podcasts. Got questions? Subscribe for email updates. You know what? I don’t have my picture on there, but I’m going to grab the U R L and you say open image and hub. And this is my logo. Okay. It’s not like a phase. Yeah. Good and find a picture of my face right there on the website. I should probably fix that.

I’m going to copy, I’ve pasted it now into the paste image URL on Google.  I click on search by image. Now, remember I was looking for my watch. It’s looking for my logo and it’s telling me, okay, here we go. Oh my gosh. Oh my gosh. So my logo does come back with my website a whole bunch of times, which is what you’d expect. But it also comes up with this. I’m not seeing here, come up with crude. The real price of oils. It says it’s an epic story of one of the largest and most controversial legal cases on the planet. a $27 billion Amazon Chernobyl lawsuit pitting 30,000 rainforest dwellers. So it must have something to do with crude oil. That’s interesting because their logo is similar to mine, but that’s what we’re looking for here.

Is the person whose pictures on that Facebook page or Instagram or dating site or whatever it might be? Is that person real? So when you look them up, you’re going to see multiple times. results hopefully. and just kinda show them all. Yeah. This is a picture of them at home. This is, Oh, wow.

That’s where they work. It’s got a picture of them at the office. It’s got pictures all over the place. Okay. That’s obviously a legit person. what happens if it comes back with. Only maybe one match and that’s their Facebook page or their dating page, et cetera. that’s what I’m concerned about right now because so many people are being deceived and it’s one of the things that the. FBI has sent us notices about. They are mostly seniors, all the way on, down through generation Z, the youngest adult generation we’re falling for it. So if you go right now, there’s a website called this person does not exist. Okay. So while you’re listening, go there, this person does not exist.com and you will see an amazing picture. So I’m looking at one right now and it varies. Okay.

This was generated by an adversarial network is what it’s called. You can find out how it works and you can do all kinds of stuff. And the picture I’m looking at right now is actually a young lady. I would say she’s probably around 30 years old and that’s based on some wrinkles around her eyes and under her eyes, mine puffy under my eyes and the cheeks. Just little tiny wrinkles. So she’s in her thirties somewhere and a really pretty I would say it’s been a little bit, bleached hair is Brown and they at the roots and then as you get further down, it’s more bleached out as more like mine, a dirty blonde, very interesting stuff.

So you can go and you can go to right there grab a picture of a person that is not real. This person does not exist and you can even manipulate it there on the website. You can go to other places like generated.photos. That’s the whole domain generated.photos. And once you’re there, you can get what they call unique worry-free model photos.

What’s a whole worry-free thing about? The bottom line is if you are a business and you buy a photo of a model and you can get them a lot of places online, I subscribe to some services that provide those for me. So you can get all kinds of different pictures, photos, but you can end up getting sued because maybe the release wasn’t quite right. Or they signed the release, but they never got paid. The check bounced as it were. Or the transfer didn’t happen over on Apple pay. Whatever they were using Samsung paid failed on them. So they have removed their permission and yet that picture is still being sold.

We’ve seen more and more, some of these places online that are selling our personal pictures that we’ve posted up on the websites. Obviously, not the best idea in the world is it frankly. So you can just go to generated photos.com, browse photos they’re made by AI, these AI systems. What are you looking for?

You can search for anything I’m seeing right now. It says white woman, young adult, Asian toddler, infant, or so cute, elderly. This guy doesn’t actually look that old. maybe it’s because I’m older. I don’t know, but, you can get them all there. You can buy a whole for three bucks or you can go and buy if you need a lot of them, a thousand for a thousand bucks.

So how do you use that? obviously, there’s this legitimate purpose.

Unfortunately, there’s also illegitimate slash illegal purposes out there. That is to use these pictures to con people to make them think that you have a legitimate presence or they have a legitimate presence online, and then they build a relationship and that turns out they need some money to save their Aunt who needs this surgery.

All of that stuff. So be very careful out there.

There are a lot of cybersecurity threats that we just don’t deal with. It’s gotten too difficult. It’s overwhelming. How can I keep up on all of this stuff? you think it’s bad enough with your windows machine, your main computer. Hey, I got some news for you.

You’re listening to Craig Peterson. We have a lot of devices in our networks and I’ve talked about this quite a bit.

It’s one of my soapbox subjects, right?  What’s called the whole internet of things. We have all kinds of devices hooked up to our networks. I’m sitting in front of well, within my view, probably two dozen different devices right here in my studio. That’s frankly, that’s a lot of devices and many of those devices could be hacked.

Now my network is completely set up so different things are isolated. I have multiple segments, multiple physical segments, as well as virtual segments. And one of the ways to do a virtual segment. Is to have some special stuff on that wire where you have what’s called a VLAN or virtual local area network. That’s getting a down into the mud here. Something I cover in some of my courses.

When we’re talking about networks, segmentation is absolutely critical. You have to make sure that your home computers are on a different network or at least a different network segment than your work computer. Now what I’m talking about in-network segment, I’m not, I don’t mean, Hey, I’ve got a switch, or right at the router that the Comcast or an internet provider gave me. I have maybe two, three, four, Ethernet ports. And so plugging in a switch to one of those ethernet ports and then putting your home computers on that switch and then putting another switch on and plugging it into the second port on that router that you got from your ISP, your internet service provider that is not segmenting your network at all because that’s typically a flat network.

If you have a fancier router firewall at the edge, you may be able to segment it that way. For instance, we sell a lot of the Cisco Go equipment, which is the low end, very good stuff, but it’s very basic. It’s inexpensive. It does let you do real segmentation. So you can have a guest network on the wifi.

You could have a business network and the wifi, you can have multiple what are called SSIDs that’s the name of the network you’re connecting to. You’ve probably seen that if you’ve gone in and configured Joe or router and SSID so you can have multiple of those on some of this hardware, like the Go hardware, for instance.

There are some others out there. I think I might end up in my emails here. In fact, it is planned. To come out with something, talking about these SSIDs and what equipment you can buy. So it should be pretty simple. Keep your eyes out on that in my newsletter that you’re hopefully getting every, Saturday ish.

It depends on where I am, what I’m doing that week as to when I get it out. I just try and get it out on the weekend before my weekend show airs. But, here’s the bottom line. You don’t want your home computers to be able to talk to your business computers. With so many of us working at home, this is a very big deal.

So how do you do that? If they’re both plugged in two separate switches that are then plugged into your router? They can probably still see each other. But if you have a more advanced router that lets you have different network segments and make it, so the one network cannot talk to the other network. Then you’re really cooking with gas because now they’re not going to be able to spread infections.

I’ve talked before about VPNs and the proper way to use them.  I really think I should have a whole course on working from home again for everybody out there to help. Understand some of these basics.

Make sure you’re on my email list.  Craig peterson.com and then subscribe on that little subscription form that comes up. Be glad to send you these things because I will let you know when I’m going to do that because there’s a lot of confusion about all of this sort of thing. One of the devices everybody has in their home and certainly in their businesses, Is a printer, and we buy the printers and we buy ink and then we buy more ink and then we buy more ink. It’s just a constant buy more ink it, sometimes it drives me crazy. You’re buying ink for these printers, but are you connecting them to the network? Now some of the printers, especially the lower end ones are just connected via USB port to our computer. And when they’re connected directly to our computer. It’s really handy but it’s difficult to share that printer. You can share it from Windows. You can share from Mac. So other. devices on your network can see it. That’s probably the safest configuration of all of these devices bar none really. you can get safer, but it gets very expensive, very quickly.

If you have now taken that printer and instead of plugging in the via USB port, and this is typical of shared printers like we have three shared printers here. And they’re all on the network and they are all self-updating. That is the next thing, to be concerned with. In fact, self-updating is probably a very good thing.

So we have some higher-end Xerox printers. These are what we sell to our clients. These are what we use internally and those printers. Call home order supplies. in fact, you can buy these printers if you’re a business and you just pay by the page, you print or photocopy, and everything’s taken care of all of your supplies, the machine itself, absolutely everything and that’s a great way to go for many businesses out there. That way you don’t have to manage it. You don’t have to worry about the expensive repairs that are almost inevitable with some of these printers, but they are hooked up to the network and that means that they could potentially become infected.

I like the idea that these things are self-updating and as self-updating printers that means one, they are going to get the latest security patches, et cetera.

If you have connected a printer to your network and it does not update its firmware automatically, or frankly, even if it’s supposed to be, you got to check it. You’ve got to check which level of firmware that’s the software that’s running on the printer because nowadays everything’s a computer, right? Especially a printer. Find out what version of the software it has. Go to the manufacturer’s site. Make sure you have the most recent release of the software.  If you do life is good. If you don’t, you’re going to have to follow the instructions from the manufacturer on how to load in that new software, because that printer is a computer and because it’s hooked up to your network, any malware that gets on your network, and it could just be the kid’s friend who came over for the evening or the night or whatever, and plug their laptop into your network or connected to your wifi. and that laptop he brought over was infected.

So now it’s going to try and infect everything on the network. It finds a vulnerable printer on your network and it infects it. So now due to almost no fault of your own, your network right now has a device cause he’s going to leave. He’s finally going to go home. Thank goodness. Now you have a printer that is acting as a launching pad for the bad guys to be able to get into the other computers on your network. So keep that in mind.

We know that we’re supposed to do something, but we don’t always do it. And in this case, we’re talking about your printer it’s firmware, but also I mentioned that router that’s sitting at the edge of the network. Do the same thing with that router, make sure it has the latest versions of firmware.

That’s part of what I like about those cisco Go stuff that you can buy through me. You can find it on Amazon. Go equipment, self-updates, which is very nice.

Believe it or not, 2020 will eventually come to an end. And then we’ve got next year, 2021, which shouldn’t be an interesting year as well, but what’s in store for privacy in 2021.

2021 is going to be a turbulent year, according to dark reading, you might want to check them out. They’ve got some great articles, but there are changes coming in the privacy landscape.

We’ve seen a few over the last few years, for instance, in Europe, they come up with the GDPR, which is this data protection law. They have something similar for consumers and their data over in California.

Massachusetts has something similar. New York too. 

We’re expecting certainly under a Biden administration to have many more standards put in place. They’ll end up being federal standards as opposed to the state set standards and whether or not you like that idea. I’ve got to say, I think it’s a very bad idea, but it’s good that we’re talking about it because our privacy has been under assault for a very long time.

I had this conversation with my wife earlier in the week. And she was just fed up with the lack of privacy in the online world. Not that I can blame her for that. that’s not where the issues came up. The issues really were surrounding. What privacy should you have? What privacy do you want now?

Ultimately, we know that when it comes to the government, Privacy on our part needs to be absolute. There are no two ways about it, right? It’s one of the Bills of Rights. We have the right to be secure in our papers. We have the right to be secure in our homes. The government cannot just willy-nilly start monitoring us, recording our conversations, tracking who we call. Actually, they did that. Under the Obama administration, they did it more than ever. They dramatically increased all of that spine on us citizens. huge increases. And under the Trump administration, they drop that back pretty dramatically. under a Biden administration, I’m afraid it will actually increase.

There are two types of people in the world. there’s them and then there’s us, right? There are many more of us than there are of them, the people in power, but the people in power want to force standards on us that say you cannot store certain types of information or track things on people.

However, for them. The double standard just doesn’t really apply, because for them they can do even more monitoring and spying on us. Pulling together the intelligence and buying it from these commercial data brokers who pulled together, all of this information that’s available publicly and all the information that they can buy about us in many States and includes driver’s license information.

It certainly includes everything in the registry of deeds. The secretary of state’s filings like UCC ones, et cetera. So they’ve got a real good picture of you. They can tell from all of this information, Hey, he’s driving an 11-year-old car or, Oh wow.

He’s got a brand new, $150,000 car. You expect different things from those people. It’s one thing for businesses to be collecting that and it’s entirely another thing for governments to be collecting that. So what my wife and I were discussing was, is it a good thing or a bad thing that businesses are collecting?

it really is a double-edged sword. It’s not something that’s obviously bad are obviously good. For instance, if I’m in the market to buy a new truck, I’m all for seeing ads from truck manufacturers. These are cool new electric trucks, Ford of course, GM, Chrysler, whomever, it might be. I want to see it.

If I’m not in the mood for buying a new truck, I don’t want to see the ads. It’s a total waste of my time. So broadcast TV, for instance, doesn’t know much about us. You might’ve noticed if you’re listening via one of these streaming services to me on a podcast or a live stream, the ads that are inserted are specific for you.

I think that’s generally a good thing, frankly. But there is one company out there that has been very good in trying to keep, quite a bit of privacy for you and me, and that’s Apple. And I want to talk about them in just a minute.

I also want to warn you that the Department of Justice has signed a letter along with other businesses out there calling for what we call back doors. So they want some technological solutions to give law enforcement access to specific communications.

I personally call that a threat. Now you might say, Oh, that’s the Trump administration. That’s Bill Barr. terrible man. Terrible man. this has been going on forever. I remember talking about this back in the days of bill Clinton and the clipper chip and how they had come up with this.

Chip, the Doug does encryption and it should be used by everyone and they were going to mandate it and it turned out I had a backdoor in it, just I think it was the Jupiter foams that, Saddam Hussein and his sons were using that were actually made in the UK. And we’re encrypted phones. So that they could carry on their nefarious deeds, no one could track them.

No one knew what they were saying, et cetera. Except it had a back door and the Brit shared it with us and we could listen to all of their communications. We could track where they were with who. As they were going, et cetera. Okay. as of December 8th, this year 2020, Apple’s requiring developers to disclose all of the data it’s apps collect from users, including data that’s collected by third-party advertising frameworks that are included or linked into their code.

Now, this is really a big deal, because remember I was talking about how the government is collecting data on us and it’s restricted in collecting certain types of information.

It can’t do it. However, we have found now that the IRS, the immigration people over at Homeland security, and others have been buying data from these app developers. So they’ve got these frameworks that are for advertising and I’m using air quotes here, and those frameworks are used in those free games you have.

Why is the game free? how can it be free? How could you afford to give away these games? All of the work you put into them? They’re not they’re including these little frameworks and these frameworks now track where you are? Where you’re going? Where you’re playing the game? Some of them like Google maps try to track you all of the time.

Google, of course, makes its money primarily off of selling your information. So Apple doing this I think is a huge win for Apple and for the consumers again, how many times have I said, don’t use Android. Java. One of the biggest security problems that we have in information technology is these Java runtimes.

That’s all Android does. Plus the fact that it can be six months or in most cases, never until you get security patches because your phone’s no longer, the latest, greatest, they just don’t care about you anymore. Use an iPhone, get an iPhone. Even if you get, you do like me right now, I’m using an iPhone eight who cares?

It works. It does the job. Get the older release. It’s going to save you a lot of money. 

We’re going into Alexa. This is interesting. Disarm – the victim’s home security system. If you want to see these articles are more, I don’t know. I have a lot more listening to my podcasts.

As in any of these segments, I do just visit Craig peterson.com and make sure you sign up for my free newsletter.

Many of us have Alexa. Maybe Google home. Maybe some of these other assistants that have either Google Home or Alexa built right into them. I guess it would echo, but did you know that there is a very interesting way to hack them?

Hey, you’re listening to Craig Peterson.

Anyway, if you have one of these wonderful little home assistants, you may not be aware of it, but a light can be used to hack these things. I don’t know if you watch some of these really cool spy movies. I think they did this with one of the Tom Cruise movies, but they might take out a laser and point it at a piece of glass and then use that to listen

to the discussions or whatever’s going on inside the room. Now that does happen. That’s very easy to do. There are devices you can buy out there for very cheap that’ll do that. So it takes the light from the laser it’s modulating by the vibration of the glass and they can listen to what’s being said. So there have been times where I was in meetings that we needed to keep very private and unfortunately, We were well aware that there were people who would do anything to listen in to the meeting, and because of that, we ended up putting some vibration, some speakers with some Brown noise right there at the windows, so that they couldn’t be listened to by laser.

So maybe I’m paranoid. At least when we were, but there was a big lawsuit going on. And there’s, when you’re talking about millions or hundreds of millions, even billions of dollars, some of these people will do almost anything.

And for private investigators, it’s really cheap and really easy to just use that laser too. Listened to the vibration on the window from across the street. And it doesn’t have to be like one of those pointer types, where it’s red and you can see it. You can use all kinds of wavelengths of light, even invisible wavelengths of life, light invisible to us, Our eyes, but not invisible to the equipment that they’re using. So there can be very sneaky about it. there’s a team being reported here in dark reading from researchers over the university of Michigan and the University of electoral communications over in Tokyo that they were able to use modulator.

Laser beams in order to inject command into the microphones on Amazon Alexa and Google homes and other digital voice assistant devices via laser pointers. Yes indeed modified laser pointers. Now, this is very intriguing to me because the physics involved actually are not understood very well. these digital assistants have built-in microphones and in the case of I have an Alexa or an Amazon echo dot.

It has multiple microphones and you can see the light on the top that moves around and tells you which one of the microphones is listening to. Right then it’s really very cool. It’s a very nice way to do things. And the same is true for some of these Google devices and other devices. So they have multiple microphones and usually, these are microphones that are mounted right on the printed circuit boards inside, but they are called memes.

Microphones. And these are often kind of surface mounted and are usable by anybody who wants to buy it. These aren’t like made specifically for Amazon or anybody out, but they’re microelectromechanical systems, MEMS microphones, and you put them right on the printed circuit board. And off you go, it’s really that easy for these guys to put the microphones on.

What was fascinating here is that these researchers used the light beam, some the laser pointers to send invisible to the naked eye and inaudible commands to the digital voice assistance. As well as by the way, voice-controlled smartphones and tablets, even through glass windows as far away as a football field.

In fact, a little bit further. So think about that. Okay. Let’s say that you’ve got your Google assistant or your Amazon Alexa or whatever it might be your Siri set up to control. The devices in your house. So turn on and off the light, maybe turn on and off your security system. Maybe open the garage doors all through these smart devices.

And all they would have to do is send a command disarm. The home security system, open the garage door, unlock the front door, turn off the alarm you getting where I’m going here now. Okay. So now they’ve taken the research to the next phase because there’s still some real mystery. Around what’s actually causing this physically, how is it working?

And that is just phenomenal. So there’s a Ph.D. student by the name of Benjamin Cyr over at Michigan, who, along with another researcher, Sarah Rampazzi is presenting the latest illustration of the research that they are doing at Black Hat Europe coming up on the 10th. So the big question is why are the microphones responding to light as if it’s sound?

They’re trying to nail it down on a physical level so that future hardware designs can protect them from these light injection attacks. Now, apparently our friends over at Amazon. heard must have heard about this. I don’t know if these guys reported it or not, but there are some other people who have found out, there’s a researcher, an assistant professor at the university of Florida.

Another one at the University of Michigan who are planning to show how a security camera could be manipulated by a hijacked voice assistant. So they’re going to show it and they’re using it against the Amazon echo three, which is a newer model of the smart speaker. There was not available last year when they first detected, detected this problem.

Echo’s series Facebook portal, Google home, basically anything that has one of these memes microphones in it. And they are saying that apparently they all care. We go, yeah, they did share their findings with Amazon and Google and other vendors and Amazon at least have put a little block in front of the microphone so that, lasers can get and get inside to the microphone.

But the researchers spent just $2,000 in equipment in order to conduct this attack. And that included the laser pointers, a laser driver sound amplifier, but they said it couldn’t be done for as little as a hundred bucks. Including a low-end laser printer for cats. Pointer, I should say for cats that can be bought on Amazon.

So there you go. Cat toys, a longer range attack, apparently, they purchased a $200 telephoto lens and that let them shoot the light beam down a long hallway and they encode the signal to the microphone. It gets modulated by the light. It’s pretty darn simple. To carry out this attack.

I don’t know. We’ll see what happens. Apparently, the new generation of devices from all of these manufacturers are going to have a cover.

Amazon made some slight updates to the Alexa software so that an attacker would be unable to brute force a device pin. If you have a pin set on your device, which is probably a really good idea, if you’re using it to open doors or turn on or off alarms, I’m not as worried about turning on my lights right in the house.

But this is just absolutely fascinating and once we figured out the physics behind it, maybe there are some good things that could come of this. But, there were thinking about making the mic and susceptible to the light, adding authentication to the software, many other things, but it is absolutely fascinating.

So there you go. Something we never expected. Something no one could have predicted that is frankly an absolute problem.

We’re going to get into some shopping tips here. We’ve got a special emergency, a bit of information here from the cybersecurity and infrastructure security agency.

CISA as it’s known C I S A and we’ll be talking about that as well.

I want to just take a minute here for businesses. If you have security requirements. And there is a lot that, listen, in on my show that has these new DOD requirements called CMMC. There are five levels. I’m going to be doing some special training on this stuff. So we’re going to be going through everything from level one, through level five and explaining each one of the controls. There are over 170 controls now, and we’re going to go through each one of them. So if you’re struggling with this and I don’t know a soul that isn’t struggling with it. Even these huge military contractors whose whole life is doing military contracts. They’re all struggling with it. So how do you deal with it? So we’ll start with, how do you know if you have to comply? If you’re selling something that is sold to a defense department, subcontractor, or contractor, You may have to follow these new guidelines. I know companies that make just passive filters, power supplies, wiring harnesses that do fall under these various categories. Now it could be as easy. If you are the guy mowing the lawn for the facility, it could be as simple as a few thousand dollars to get yourself up to snuff as to where he needed to be.

If you are, however, making something that goes into something that goes, boom, and it is truly not commercial off the shelf and buys that commercial off the shelf. They mean it really is just off the shelf. You have no idea that it’s a military use. You have no idea what contract it might be under. You don’t know that it’s a military subcontractor. then you’re okay.

But if you know that one of these subcontractors or contractors is buying something to go into something that is used by the department of defense, well, now you have to worry about compliance. So yeah. I’m going to be doing a whole series of training on this, and we’re going to have some free stuff. There are going to be some paid ads, but I want to make sure that you subscribe to my newsletter so you can find out about it.

We’ll be starting that up after the first of the year. So make sure you check it out. Go to Craig peterson.com. Slash subscribe. You can subscribe right there. I’m not going to harass you or anything else, or fill out the form on the bottom of my page.

Craig peterson.com.

Hello, everybody. you are probably fairly familiar with all of the normal tips about shopping online. We’re going to get into a little more detail here and what you should do while you’re shopping and after you have been shopping.

Hey, this is Craig Peterson. you can find almost all of this stuff up on my website@craigpeterson.com. And if you are not subscribed to my newsletter or my podcast, please take a minute to do that on your favorite podcasting application.

There are a lot of tricks that are going on right now when it comes to online shopping things that we have to be very aware of.  You’ve probably heard about many of them before. There are, of course, all kinds of nasty people out there that are trying to trick us into maybe given a credit card where we shouldn’t.

I want to play a little bit of audio as well from my daughter. This is really sad, but, she got this phone call and it came through on her phone. Regarding some fallbacks activities in the state of Washington. Do we need to talk to you as soon as possible? This call is from the social security administration. I’m literally trying to the department (509) 524-9631. I think it’s (509) 524-9631. Thank you.

Now I usually don’t play the phone number when someone leaves a message. But in this case, I don’t know. I, if I was you, I probably would not call it. Cause now they know that you are a person who is potentially going to be open for fraud. So don’t call those numbers.

I think that’s an important thing for us all to remember. But in case you couldn’t quite make it, how it was the social security administration calling and they were calling because they saw some fraudulent activity in Washington. And they wanted to follow up with you and you, they wanted you to call back. So obviously don’t do that.

My daughter got this phone call just this Thursday. It was in her voicemail. Don’t call these people back.

I have a friend who will see a phone number coming in, a call comes in. Oh, I don’t recognize that call.  He’ll just let it go to voicemail and he doesn’t listen to the voicemail. He just calls the number back. Hi, you called.

Don’t do that.  There’s a couple of reasons. One is in the, in most of these cases, they are trying to get information about you so they know you’ll call them. So they might be able to trick you. But in most cases, that caller ID is fake. So they’re sending you a caller ID and it says some phone numbers. Sometimes they even use phone numbers of police departments, which is really funny.

There’s a video online of a police captain getting one of these fraud calls and she keeps this fraudster on the phone and who’s telling her that he’s going to report her to the local police. They’re going to come by and arrest her unless she pays him right now. She’s just doing everything she can to not laugh because she’s the chief of police. Are you kidding me? She knew it was a fraudster. We have to be very careful with these people. So many of us, particularly the older generations, are trusting, and that can be a bad thing, but it’s not just them. It’s the young people too.

I am shocked at what they will do, what they’ll get away with, and how they just don’t care about cybersecurity. Really don’t care. I had a discussion with one of my sons and he didn’t care. He was just pushing back as hard as he possibly could. So maybe it’s a Dad thing. Cause I’m his dad and I’m into cybersecurity. It’s what I’ve done for a living for decades and he is just rebelling. He’s how old is he now? He’s probably 24 or something like that.  I know a lot of us rebel and push back against this stuff.

Just like I talked about earlier with the printers, we know we should be keeping our firmware up to date, but we just don’t. So watch out for those scammers.

One time I was on the floor of a trade show.  I was actually exhibiting there at the trade show and talking with people and everything back and forth.  I thought it was going pretty well.  Then I got a phone call and I answered it and it was a lady from the IRS or at least that’s what she said she was and I knew it was just totally fake because the IRS doesn’t just call you out of the blue. The social security administration doesn’t just call you out of the blue. They will send you a letter. It’s really that simple. So I hung up on her and she called back like six times and I told her, listen, this is a scam. I know it’s a scam. She was asking for I think it was Apple gift cards.  Really Apple gift cards. I can see Amazon gift cards, but Apple’s a little more limited, I don’t know. I don’t know. Maybe they’d just buy apple phones with those gift cards and then sell them on the gray market or the black market once they got the hands-on. I just don’t know.

So it is happening and it is going to happen even more this year. And many people ask why would someone do that?  In many cases, they don’t really know what they’re doing. They’re just calling from a call center and they’ve got a script to read and they are told that it’s legitimate, right?

In another case, the people who are running this scam know it’s not legitimate. And then other cases, they’re an active participant, but they’re making money. And it’s the only way they know how to make money is to rip people off, which is just a shame.

Between you and I see this all the time in the IT world, where there are a lot of businesses out there that are scam artists. They put up a shingle saying I’m a managed services provider, or I’m an IT professional because there’s money in it and they’re not.

We have a client. This was absolutely fantastic on Thursday this week. One of our techs. One of our senior techs was out there. He said that we were the best, IT support people he has ever seen.  He’s been in business for about 40 years and he was just ever so grateful for everything that we’re doing for him and his team, his company, helping him to grow and solving all of these it problems. He doesn’t even have to think about them. He doesn’t even hear about them because many times we solve them before they even know about it. But we’re right on top of it. We’re helping them, we get the right equipment. So he doesn’t have to buy it again when it breaks and he doesn’t have to do with the downtime that you always have to deal with when something breaks or something fails. So he is very grateful and so am I frankly, for what he’s done for us, which is pay his bill it’s right. They’re very good people and made me feel very good about that. But anyhow, okay. So I am going on and on here.

Let’s talk about online shopping and the safety of online shopping. There is a great article that I picked up from CISA. Which is a federal government agency called the cybersecurity and infrastructure security agency.

CISA.gov is where you’ll find a lot of this online, but let’s go through some of the tips. The first one is the best defense there is, frankly, which is be aware. Before you do anything, stop and look.

I do that all of the time. I get an email from someone. It might be a legitimate email. It might be legit from Amazon or from Walmart or whatever online store. I always stop and look at it.

The number one thing to look for is grammar. Good English grammar, at least good enough. English grammar that you think that they’re probably a native English speaker.

Now you say, there are all kinds are wonderful people who aren’t here, English speakers in. That’s true. There are multiple things to look at. We’re just talking about one of them here right now, which is are they native English speakers or is this very poor or grammar?

Because most businesses are not going to send out an email just full of grammatical mistakes or spelling mistakes. Does that make sense to you? They’re not going to do that because frankly it just reflects very badly on them. That’s not something that you want to have happened. So that’s the first thing to do.

Next double-check all of the URLs. So that email from the address should be absolutely correct. Is it absolutely amazon.com or is it AMA dash Z O N.com or is it a M Z O N.com?

Any of these misspellings, common misspellings, things that you might just overlook normally, does that email contain any of those types of things? That’s all a part of Awareness.  What we’re trying to prevent here is what is called phishing attacks, or even spear-phishing attacks, where they are sending us something that looks legitimate on its surface, but obviously is not when you get right into it.

So in most cases, when I get an email from somebody, what whoever they might be, I look at it and say, is this a legitimate communication? Am I expecting it?  If it’s from a bank of mine or some other vendor, I rarely ever click on the link in there. I usually go to their website directly.

You don’t call back a phone number. If they say they’re calling from the local police department, you look them up in the book, and yet, and you look them up online, right? Who has books anymore?  You call that number, not the number that they gave him. All right.

We’ve got a lot more about shopping safely online this year.

Visit Craig Peterson.com.

Now that we know the basics, let’s get into the details of what are some of the things you can do. In addition, we’re going to get into multi-factor authentication and much more. So here we go.

So let’s talk about these devices that we’re going to be buying this year and next year.

2020 is going to come to an end. Some of this stuff’s going to spill over into next year. There are a few things you really should be doing, especially with your Bank or Amazon, anywhere where you have financial data.

One of those things is called multifactor authentication.

A lot of these businesses have this called also two-factor authentication. You might see it abbreviated as. 2FA or MFA.

So what is this two-factor authentication? In many cases, businesses are using a text message that they’ll send you when you log in. So you go into your account, normally it’s where you would set your password, and you’ll see something there about multi-factor authentication or two-factor authentication.

You’ll go to that and in most cases, they’ll ask for your phone number and they’ll send you a text message to verify it. And you’re off and running. So now the next time you go to log in to that site, it’s going to want your username or email address, and it’s going to want also your password. And hopefully, you’re using a different password on every website out there.

And then it’s going to send you a text message and that text message will have a number that you can then type in on the website.  Okay, this is really you. Now you gotta be careful with this because there are a number of people who have been bamboozled by this. One of the ways they got bamboozled was where yes, indeed people stole their phone number.

So an attacker knows that you have something valuable, they want to get into your bank account, or maybe it’s getting into your Bitcoin account, whatever it might be. They find out what your cell phone number is and then they call up your cell phone provider and they say, Hey, I’ve got a new phone and then they give all of the information for the new phone and they can bamboozle them to get them to switch.

Before you know it, ’cause you’re not getting to notice, Hey, I just didn’t get any phone calls. Not a big deal. It’s wonderful that people haven’t been bothering me on the phone. But what has actually ended up happening is they now have your email address. I assume that they have your password because most people use the same password on multiple sites, or it’s an easy to guess a password, easy enough to find the breached passwords on the dark web. I do it all of the time when I’m looking for dark web stuff for my clients, but now they have your phone number.

So when they go to log into that bank account, They’ve got the email address. They got your password. Cause you have used that same password elsewhere.  When the bank sends a text message to your phone, it doesn’t go to your phone and you don’t even know it went to your phone.

So here’s an important tip. Contact your cell provider and have them use a pin or a password with you so that when you call up, they’re going to ask you, what’s the password for the account. Now, this is going to be a different password than you’d use on the website. But it’s going to be a password, in some cases, it’s a pin.

So come up with something that you don’t use anywhere else and set it up with your cell phone provider. That way, if they are going to hijack your SMS or text messages, it doesn’t matter because even then they can’t get through, but there’s a better way. Okay. There’s a better way to do all of this. There are some paid and some free two-factor authentication apps. What I use personally, and what we use with our customers is called duo D U O.

We’ve been using them for years. Cisco of course bought them because they were the best in the business. That’s what Cisco does.

So DUO allows you to have a different type of two-factor authentication. You can also use Google authenticator, which is free. You can use Lastpass. In fact, I got an email this week from one of the subscribers to my email list, thanking me for the recommendation for Lastpass. And by the way, if you want a copy. I have my special report. I’d be glad to send it to you. That talks about passwords talks about 1password and Lastpass and what you should do a little bit about two-factor authentication.

So I use DUO. I also have Google authenticator, although I don’t really use that at all. I tend to use Google or  I should say. what happens with that is they’ll display a QR code when you’re setting up the two-factor authentication. That’s one of those square things that has all of the little squares inside of it that you can use to go to a website is typically what you’d use it for in this case, it then syncs up a special Countdown a few seconds, and it’ll give you a six-digit code that you can use. That code is only good for 30 seconds. So now when you go to log in, you’re going to give you a user-name or email. You’re going to give your password. And then it’s going to ask you for that. Code so you can use.

Again with DUO, I have adjusted automatically. It comes up, it’s integrated with my one password as well. So I can now log in and I know it’s extra safe because even if someone steals my phone number, It’s not going to do them any good because I do not use my phone for verification, for two-factor authentication.

Now there’s one more trick that you could play if you wanted to. And I have done this more than once. Some websites do not allow you to use an authenticator app. Yeah, I know behind the times, aren’t they? So you have to use SMS. If you want to use two-factor authentication, in other words, you have to have a text message sent to you. So what I do with those sites is I have a phone number that isn’t a real phone. So I have a phone number that I got years ago from a company that Google bought. Nowadays, Google calls it Google voice. So I have a Google voice number and I will give them that number. Now, why would I give him that number? first of all, I can filter calls that are coming in and text messages and everything out.  Google will forward the text message to my phone.  Remember it’s Google, so it’s not terribly private, but that’s okay because those numbers are usually only good for a number of minutes. Okay. So it’s not a very big deal, but the reason I use something like Google Voice is it’s not a real phone number, so they can’t call up T-Mobile or Verizon or whoever you have your phone through pretending to be you and get them to transfer that phone number because they can’t and they won’t. Okay. It’s very important.

The SIM card that you have on your phone nowadays, some of these devices have virtual SIM cards. that SIM card that’s in your phone can not be stolen or duplicated or anything else either if you’re using one of these Google voice numbers. So some really important tips there.

I hope you took some notes. If you didn’t, you can find this online. I post these as podcasts, you’ll find right on my website@craigpeterson.com. You can listen to them, take notes. And my wife even provides a transcription of these things most of the time. bless her heart.

She spends a lot of time doing that, and she’d appreciate it. Check it out online. Craig peterson.com.

We’re talking about how to keep your devices safe that you’re buying this year things you’re getting for family, for friends, maybe for yourself as well. And we’re going to get into it more. Now we’ve got some really surprising things for you guys.

One of the things that we have to do, and this is again, over and over again but better than 60% of Windows computers are not up to date. Remember we’re buying nine devices that are basically computers.

Do you remember that whole Barbie thing from not too long ago?  I was on TV with this thing and it was sending audio up to the internet and we were able to intercept it. We did a whole thing on television about this. Obviously, it’s a very big problem because it’s your kid’s information, voices being sent up, in the Barbie was interactive. Now Mattel cleaned some of that stuff up and that’s always a good thing. But the point behind this whole computer in a toy or other device thing is that their computers. We’re talking about mobile phones and Android phones, just not getting security updates. If you’re going to insist on using an Android phone, make sure you get the latest model every two years, because even Samsung only supports their phones. They’re top of the line phones for two years. Okay. Versus your iPhone, which is good for five or more years. So keep those phones up to date.

In fact, when you first get the phone, probably the first thing you should do is check for a software update. Computers are the same thing. Whether you’re getting one of these Chromebooks, which are very good, generally speaking, I’ll remember it’s Google okay. But the Chromebooks tend to be kept up-to-date because it’s pretty much automatic. And I know a lot of security researchers use Chromebooks and use them exclusively because they don’t have the same security problems as Windows. What’s one of the reasons Apples don’t get attacked as much as windows computers because the Macs, frankly, are not as common. They’re only about 8% of the market out there, depending on whose numbers you’re listening to. So why would they go after it? Plus it’s a little more hardened than windows is. In fact, it’s a lot more hardened than Windows is.  Microsoft is starting to fall-in behind Apple’s lead, which I think is a good thing.

So those computers, update them immediately. If you’re still running Windows seven, make sure you get 10. Cause seven isn’t getting the updates anymore. If you’re running Windows eight, 8.1, make sure again, you upgrade to windows 10.

But brand new computers shouldn’t come with those. Another quick word of warning about computers that you’re buying. The home edition of Windows does not have the same features as the business additions or enterprise additions of Windows. So you might want to when you’re buying something, look for Windows professional, it has more options. One of the options that could save your bacon is the ability to put off updates.

Now, you’re I hear you saying Craig, you’re always telling us to update early and update often. yeah, that’s very true because many times when you get that patch, it’s because there is something going on in the wild. Bad guys are actively using it to exploit you. To exploit your faults. Okay. So there are some very good reasons to stay up to date.

But, here’s a problem. I had a law office call me up because right in the middle of them putting together some documents for the court that were due in less than two hours. Windows and they were running home edition, decided it was going to force them to do an update. You can imagine the trouble that ensued because they weren’t going to be able to get the paperwork filed with the court in time. Very big problem.

Even if you’re not an attorney, you’re not dealing with the court. Windows professional does give you the option to schedule the dates, you can push them off for a week and then you can get into the more advanced stuff too, with the device management, MDM type stuff where you can now manage that device and make that device, secure, most, if not all of the time.

Okay. So let’s move on next to tablets. Again, look at something like the Amazon Kindle.  Here’s my watch talking, hit the Siri button accidentally. So the Amazon Kindle fire that is an Android tablet. Now, one of the advantages is it is updated by Amazon automatically. It gets all of these security updates and other things. That’s a very good thing, and it gets them for a fair length of time and they are cheap. You can get them for 50 bucks, 70 bucks brand new from Amazon.  I got one a year or two ago, probably a couple of years ago. And it wasn’t well packaged and it’s shipping and the front screen was just cracked all the way down. So I returned it, they shipped me another one, and that one wasn’t cracked. So that’s good, but I’ve kept an eye on it and it has been very good.  I also got with the amazon fire tablet, one of these stands that you can put it in, it’s a charging stand, but when you place it in the charging, stand it then becomes an Amazon Alexa.

Little kids come over, grandkids, and they want me to play baby shark, which is an annoying song that, the grandkids, every generation has this. I remember a slightly older grandchild. A granddaughter who used to love, ah, jeepers. What was a gummy bear? That’s what it was. Gummy bear. Remember, that song was incredibly annoying too. I ended up getting the guy who wrote the song on the radio show with me to talk a little bit about it. It was fun actually.

Those of us who needed to be kept up to date all of those tablets, because they are real computers, but nowadays we’re buying appliances. I remember five years ago, I think it was out of the consumer electronics show. I saw another one that you put into your home and it had an Android operating system in it, it connected to wifi and it allowed you remotely to say, Oh, you know that steak or roast. It told you to cook in the oven at 5:00 PM, I’m going to be late. So you just go online and I type it into my phone and ta-da, I am now all set. There we go. And it’s not going to start cooking it until six 30. that’s all well and good.

That appliance has a computer in it and it’s sent into wifi.  Have you updated it? And does it self update? How long are they going to be providing updates for that oven? I’m sure five years later, there are no more updates for it. Now have an appliance, a device, that is frankly dangerous on your network because if somebody comes over to your house, they’ve got a laptop, they connect to your wifi and it now infects your appliance.

Okay. Whether it’s your washer or your dryer. Those are the two most common, I think right now that are internet-connected or your oven or your microwave or your garage doors or your security system or your lights, those can all get infected. They are used as launching points to infect everything else on your network.

Check the update, make sure everything’s up to date. And in some cases, it’s pretty hard to update, but it’s worth it. You have to do it even with your children’s toys. One of the things I do is I put them on a network segment that has no access to anything else. I have an IoT wifi network, the internet of things.

You’re listening to Craig Peterson. Make sure you visit me online. Craig peterson.com and sign up for my newsletter.

We’ve talked about, multi-factor authentication, we’ve talked about, of course, protecting your devices by keeping your software up to date and that’s everything nowadays, really, and how to do that. What’s up for that. And now we’re going to go into a couple more good points.

Of course, you’re listening to Craig Peterson.

Now, once you’ve purchased an internet-connected device, no matter what it is, if it’s a router or firewall, if it’s a Barbie doll, change the default password. In most cases you can connect to the device, just using a web browser that makes it very simple.

So you use the web browser, you connect to the device. Most of them have web servers on them. If you can imagine that, A little doll with a web server on it, but yeah, that’s what happens. Your refrigerator probably has one of his internet-connected and your washer, dryer,  light bulbs have little web servers built into them and you want to connect to them and change the default password.

Look up the manual. It’s probably not going to tell you how to do it with the information that’s in the packing.  If you go online and search for that device, you can find out how to change it. Use different passwords for every device.

Always use complex passwords. Now complex doesn’t mean that it has to have special symbols in this upper case, that lowercase, et cetera, it can just be three or four words strung together. That’s all it needs to be. You might want to throw a digit or two in there, maybe a special character too, but a phrase is the best.

In order to do that, you’re probably best off using a password manager to help out. So that means using something like one password or LastPass. Once you’ve got that in place, it’ll generate these passwords for you, automatically. It’ll remember them. It keeps them encrypted. So you only have to remember one password and that’s the password you have set for the password manager.

Now, in my case, I’ve got it set up with DUO again. So I’ll go into one password and one password is going to ask me for my password and it’s also going to authenticate me via DUO on my smartphone. So there’s multifactor, three-factor authentication. Okay. So important for all of these devices that connect to the internet.

Also check the devices, privacy, and security settings. A lot of times the manufacturer will let you set up an account on their website. From there, you can tell it what information you want to share and don’t want to share.

Now, remember what I was talking about in the last hour with Apple, they are being very good about this and they are now demanding that all of the app developers disclose to you that you have indeed given consent for this information or that information to be used by that app developer and sold.

You can go to the Mattel website, set up an account for your device, or the Samsung or whatever it might be. And right there, you can examine your privacy settings and what do I want to allow the vendor to gain access to?

Make sure you’re not sharing more information you absolutely need to provide, they’re not going to ask you for social security numbers or other things. There’s no reason to write that stuff that the bank or the IRS is going to want. Not these guys, at least, hopefully. Make sure you’re enabling automatic software updates, wherever you can.

The latest version of the software usually tells you that it has the latest security fixes. Hopefully, it does but it also helps to ensure the manufacturer still supports it. If you’ve got automatic updates and they’re sending updates to you and a hundred thousand of your closest friends who also have the same device, they’re going to continue to support it and that way, the latest patches are going to be out there.  If you’re not getting the updates and nobody else is, the manufacturer is not going to have a lot of incentive to give you security updates. Then there’s the normal stuff about, don’t use public wifi. That’s generally a good idea.

But if you’re using a secure server connection, That’s that little lock up in the URL bar. Then you are effectively creating a VPN between your web browser and that remote server, and that’s going to be quite safe. So personally, I don’t worry so much about that. I do worry about my machine being attacked, but I also have a very good firewall turned on and I have all of the services that I don’t need to have shared turned off.

I am going to do a class on this, a little course on hardening windows. In fact, we’ve got it all written. We’ve got slides together. We’ll probably be doing that after the first of the year. So keep an eye on your email for that. Cause anybody who gets my newsletter, I’ll tell you about that.

How to harden windows, so that even if you are on public wifi somewhere, you’re going to be relatively safe and the same thing’s true. If you’re. Using your phone for instance, and you’re sharing your phone’s network connection with your computer. It could still be used by bad guys to try and get into your phone.

These ISP internet service providers are not completely on top of all the security. Okay. all of the basic stuff don’t provide personal information, financial information. I tend to use. These one-time credit card numbers. So every time, if I go to a site and I want to buy something, let’s say I’m on GoDaddy buying a domain or I’m on Walmart side or Amazon site each one of those, I use a different credit card number. Check out your credit card provider, all of the major ones, Visa and MasterCard have the ability to create virtual credit card numbers.  That way that credit card number can only be used on that website. So you create this credit card number. It’s very easy to do. It’s usually a plugin in your browser. You create a credit card number and it’s for amazon.com.  If somebody were to get that credit card number from Amazon and try and use it somewhere else, it will not work. It will only work on amazon.com. Isn’t that cool. The other advantage is if someone starts misusing it, then you can just turn off that virtual credit card number. It’s really that simple. So have a look at that.  One-time use credit card numbers or these virtual credit card numbers, which is what I like where you can use it multiple times on that site, you don’t have to create a new one every time available from most banks and all major credit card companies.

Also, be careful with the websites. You’re going to make sure you type that URL correctly. As I said before, I always spend a few extra seconds whenever I’m on a website, I’m going to a website. I’m reading the email, just making sure that it is correct. I spelled Amazon or the email address that sent it to me is legitimate.

I can’t believe how many times I get an email. It’s a phishing email and it’s from somebody@gmaildotcom as though a major business is going to use gmail.com. That’s a word of warning too, to the small businesses that are trying to do online stuff. Make sure you have your own domain. That you’re not using Gmail or Hotmail or Yahoo.

I’ve seen so many people doing that got even proton mail. Proton mail is quite secure and, it’s really nice the way they’re doing it. It’s hosted in Switzerland. Check them out by the way. I put something about that in my newsletter a month ago with what that’s all about. If you want it, just let me know, just email me@craigpeterson.com and in the subject line mentioned proton mail or something, and I’ll forward you that newsletter so that you have it. You can always search if you don’t delete my newsletters, you can always search for that information. 

You can have proton mail set you up with your own domain. So it’s from Bob’s country store.com instead of Bob’s country store at gmail.com. Okay. It looks much more legitimate. let’s see offers obviously, be careful with those who don’t click links or download attachments unless you’re really confident.

Again, I tend to go to the website as opposed to click on the email that I got. There always this warning or that other thing, just go to their website, make sure that it’s all being encrypted again. That’s that little padlock if it’s closed or your information’s encrypted, which is really good.

If you can use a credit card. Don’t use a debit card. There are laws to limit your liability for fraudulent credit card charges, but you don’t really have quite the same level of protection when you’re using a debit card and the money will be taken out of your account with a debit card. If a bad guy. Is using your debit card and then you have to file a police report and then you have to file with the company that gave you the debit card and then you have to wait for the money to be credited back to your account.

In the meantime, your checks are bouncing or if you use the debit card for other things, it is being denied. Okay. So be very careful with that. insufficient funds are always going out there.

I would urge you to just be very careful, very cautious, just like Santa Claus, checks his list and checks it twice to the same thing all the time when you’re online.

Hey, if you don’t get my free newsletter right now, make sure you sign up. I have all kinds of tips. That’s what it’s about. You also get all of my podcasts segment that you can just click on right there in the emails makes your life easy and helps to keep you safe online.

Just visit me online. CraigPeterson.com. You can go look at anything you want. If you scroll down on the homepage, there’s a little form you can fill out. If you have an explicit question for me, always glad to answer them. And then at the bottom of the page, a little subscribe box will show up as well.

Take care, have a great weekend. Join me again next week.

More stories and tech updates at:


Don’t miss an episode from Craig. Subscribe and give us a rating:


Follow me on Twitter for the latest in tech at:


For questions, call or text:


Listen to this episode