Securing Your Website With a Free SSL

Are they really worth the hassle?

Greetings from the Help Desk!

You have a website but still haven’t purchased an SSL? That’s the thing that makes your website start with “https“ and encrypts your guests’ data.

No one wants to spend more money on their website, yet still wanting more visitors. So here’s some helpful information about FREE SSL’s for you. Or is it?

As you probably know, there has been a change in how websites are displayed. Anyone without an encrypted https and padlock in their web address gets flagged by most browsers as either “insecure” or with an exclamation mark. Not good for business! Also not good for Google ranking either!

Enter: the FREE SSL.  Is it really worth the hassle?

Free certificates actually aren’t new. Plenty of companies have been offering them for a while. It’s just now that these seem more attractive since the online world is moving to a more secure environment. They are, interestingly, just as safe as paid ones. So why would you pay for one every year when you can get a free one, you ask? Good question! There are a couple of good reasons. 

Paid Certificates:

  • Offer a warranty, or protection, in case data is captured and unencrypted by a middle man during transfer. Some protect your site up to $1.5 Million, such as Symantec’s Netsure Protection Plan. If you’re selling a lot of items or passing a lot of sensitive information through the internet, then this may be important.
  • Offer help to install and troubleshoot issues. With free certificates, you’re pretty much on your own if you “trip over the cord and accidentally unplug the Christmas Tree” you may have to have the certificate re-keyed and your website might go off-line.
  • Another reason is so your website can have that green bar (trust issue) with your company name, like you see in many big reputable companies. Check out Twitter.com as an example.
  • The biggest upside to a paid SSL, however, is the length the key will work for until it needs to be renewed. Most paid certificates offer 1 – 2 year options. But with a free certificate, you’ll only likely get 3 months at a time. After that time, the certificate will become invalid. When this happens, your site will basically shut down. There’s a big page that pops up saying that it’s dangerous to enter your site and warns users before proceeding! Really, it looks bad. So then you have to call your certificate issuer and ask it to be renewed. This process can involve several steps for the issuer that may take up to a few days to get taken care of.

If you can afford your site going offline for a couple of days and you’re willing to call the issuer, then this option might be a good one for you.

Having said that, however, I called my host provider (Blue Host) last week and they told me I would NOT need to call every 3 months to have a free certificate renewed. So, perhaps there’s more hope for using this FREE option in the long haul.

It seems like this type of technology should be automatic these days. But in the meantime, I’ll save the time figuring it out and purchase mine.
See more about free certificates at https://ssl.comodo.com/free-ssl-certificate.php
I get no compensation from Comodo, Blue Host and Twitter by mentioning them here. The Comodo, Blue Host, and Twitter names are copy-written and owned by their respective companies.

Latest Spam Tactics

What the bad guys are doing with your leaked information

This particular e-mail I received invoked anger.

What I got looked like other spam messages, but this one was a little different.  It started with the normal junk about my e-mail address being hacked, blah, blah.  It looked like a mass e-mail.  They alleged that they sent the message FROM my e-mail account (which I noticed they didn’t). But then they revealed one of my personal passwords!  Wait, WHAT!?

They said they know the password to log into my e-mail account and then provided “proof” that they actually did.  I was not happy.  How could this be?  How do they know my password?

So after a little digging, here’s what is happening.

This might be the latest tactic to scare people, similar to other scare-ware pop-ups.  The whole point is to get us scared, and then motivated to taking action.  Usually to the detriment of our bank account (ie. they hope we pay them money).

When they reveal your password, they have likely gotten it from a hacked company that you do business with.  Almost every few months we hear about the latest security breach.  Last month, for instance, Facebook announced they’ve been hit again.  They originally said 50 million users were affected, but last week admitted to “only” 30 million users.  They said last week that we don’t need to change our passwords.  Phew.

What companies have been hacked that you do business with?

So there’s a website that keeps track of hacked accounts.  You can search by your e-mail address and see if you are one of those affected.

In my case, Bitly, a company that provides our shortened web address (type mcs.bz in your browser address bar to see what happens.) was hacked.  They stole email addresses, passwords and more.

Some clarification: Like many of you, I use the same password for multiple accounts.  The password they revealed to me wasn’t exactly the password used to check the e-mail address they claimed.  It was a lowercase “J.”  But, in any sense, the password DID MATCH EXACTLY what I had used for Bitly. Now it made sense.  So it was Bitly’s password that needed to actually be changed and not my e-mail.

This security breach happened back in 2014.  But only now are we seeing what the bad guys are doing with the information.

Check to see what companies have been hacked here: https://haveibeenpwned.com

So I Think I’ve Been Hacked!

10 STEPS TO RECOVER FROM A COMPUTER HACK

So you think you've been hacked?So a friend tells you that you’re sending spammy-looking emails out.  But it can’t be–you had no idea.  You even check your sent email folder to see if you’re crazy, but all the emails look familiar.  You respond bewildered to your friend, not knowing what to do.  Have I been hacked??

The first thing to do is stay calm!  Part of the scam here is to get people worried and scared that everything on their computer has been stolen, which is terribly unlikely.  It’s most likely that this message was spoofed with your name and/or email but that your email wasn’t hacked.

If you think your computer has been hacked, but no-one has contacted you about a strange email, start at step 4.

Let’s do some discovery. Then figure out how to get cleaned up!

1. The first thing to do is to get a copy of the email “headers.”  This is the code sent through the servers that contain an email.  The headers are found by different means in each email client.

In Apple, click View —> Message —> Raw Source
In most Outlook versions, open the email in a new window, click File —> Properties
In Gmail, Click the down arrow, then click Show Original

All headers read from newest to oldest, so the top being the latest messages and the bottom being the originating headers.  So look towards the bottom of the header and search up for the first instance of these:

Look for:
“Received From: example1.com” and this server is who really sent the message
Look for the next “by: example2.com” to see who then received the message
X-Mailer is the device used to send the message.
You can also look for the line “DKIM-Signature” and find the d=somedomain.com.  This is a third party sending an email but is authorized by somedomain.com.

 


Example Header


*A more simple solution is to paste the header into Google’s Header Check at https://toolbox.googleapps.com/apps/messageheader/ and confirm the servers used match the real sender

If example1.com matches the From name domain, then this verifies this email as legitimate.  If you notice that the example1.com is somewhere located in India or Belgium, completely different than the sender, it’s fair to say that this was a spoofed email.

If you’ve been spoofed, then it’s time to tell your friend that he/she should run their virus and malware scanner and add that sender to their blocked list (since it really isn’t you).  In this case, that’s all.  Spoofing happens all the time and there’s little you can do to prevent it.  You haven’t been hacked, nothing has been stolen.  No need to proceed to #2.

But, if your discovery from above shows the email to be legitimate, then someone is likely sending email on your behalf.  This changes things.  If you determine someone is sending emails on your behalf (or you aren’t sure), then you should take some action. Go on to #2.Virus Stamp

2. Change your email password(s) and security questions immediately.  If you have a lot of sensitive information on them, consider enabling 2-factor authentication.  If your email has been blocked or you can’t log in, Use the recovery methods provided by the email company.  Check your contacts list to make sure it’s still there.

3. Notify your friends that you’re account has probably been hacked and to not open any strange emails from you, especially attachments.

4. Virus Scans. Run your Antivirus Scanner in “Full Scan” mode.  This will take a while, but you need to do this.  Consider running a full Virus scan on your other computers to make sure nothing has spread.

What Virus Scan?  Use whatever virus scan you have installed or consider switching to Kaspersky or Avast, which have the top ratings in 2018, if you think it’s not finding the virus.  The best FREE antivirus is Avast, rated by Toms Guide and PC Magazine.

Free vs. Paid?  Well, under normal conditions I recommend using free virus scanners.  They usually take less resources and don’t bog the computer down when running a scan.  However, these are circumstances I’d recommend a paid service:

  • You have kids (or you) like to click on a lot of things, not always knowing if it’s safe.
  • Your computer stores a lot of sensitive information.
  • You want to “set it and forget it” and don’t mind paying for it.
  • You think you may have been hacked big time!  Now’s probably the time to pony-up.

 

Do I have a virus?

5. Run a good malware scanner.  Malwarebytes.com has a free one.  For serious hacks, consider paying for a virus and malware scanner combo.  Avast has a very reputable one this year.

6. Make a backup of your computer.  Everyone should have a backup! Google “creating an ‘Image’ of your hard drive.”  Keep this backup in case things get worse.

7. Contact Credit Agencies.  Depending on how much sensitive information is stored un-encrypted on your computer (ie. bank info, social security numbers), consider contacting the credit agencies to see if anything has been run through your credit.  Change banking and other sensitive website accounts you use online.  If you don’t save a lot of this type of information, you can skip the hassle.

8. Run a scan of your Windows Operating Files to be sure your operating system is running correctly.  To do this, in the search field, type “Command” without the quotes.  Right-click on the Command Program and “Run as Administrator.” On a command line type “sfc /scannow” without the quotes.

9. If you can’t access your computer, follow instructions given by LifeWire.

10. Monitor your computer!  If, after trying all of the above steps, it’s slow, freezes, restarts on its own, the next step is to reinstall Windows.  But that’s for another article!

Feel free to reach out to us if you need any help.  We offer free consultations by phone or through the help desk.  Happy computing!

 

Don’t Fall For This Pop-up Scam

It’s very likely you’ve been jammed up while working on your computer by none other than a stubborn pop-up that just won’t go away.  You close it, ignoring the warnings not to, and it comes back with a vengeance.

The latest of pop-ups most likely to hit you where it counts, is the one claiming to rob your bank account, passwords, and take your computer hostage–unless you call the “Microsoft 800 number” to supposedly clear everything up (and take between $200-$500 from you to do it).  This is one of the latest scare tactics scammers are using to get you to buy their (fake) services.

If you see a pop-up like this, there’s several things you need to do.  First, don’t panic. Nothing is happening to your bank info.  Nothing is likely happening to passwords or anything else.  Nothings is likely happening at all.  It’s a scare pop-up to invoke fear and get you to take action.

Second, don’t call the number.  Microsoft never tells you that you have a virus. Your virus scanner or a Malware scanner would tell you, but not in an internet pop-up.

Here’s what you do instead: Despite the instructions it provides, try to close the window or your web browser.  It may pop back up, which can be the trouble.  If you can’t get it shut, click Control-Alt-Delete and open the Task Manager.  Click on the Applications tab and find the windows that aren’t closing, click on each of them and click End Task.  This should give you control back.

Third, you’ll need to clean things up a bit. Run your Virus scan (full scan).  Run a Malware scanner.  The best program to start with is Malwarebytes Free version.  Open you browser back up and clear all cookies, caches, and history.  You can now resume normal life!

Sometimes, this isn’t enough to clean the Malware.  If you get the pop-up back, check out our Help Desk Solution on downloading AdwCleaner.  Go here for that page.

Best wishes for clean browsing!

Tech Tips

Tech Tips

1.  Be sure you have a Virus Scan program and it’s up-to-date. I never recommend anyone paying for this service. One, FREE versions are good enough. Second, the paid versions are too robust! I’ve seen computers run slower with paid programs. Windows 10 (and 8) come with FREE scanners, called Windows Defender, and it should be running automatically. You can check under SETTINGS to be sure. I think this works fine. For Windows 7 I have used Microsoft Security Essentials most (FREE) (link here) and AVG FREE VERSION (link here).

2. Run a Malware scanner? Anytime someone calls me about a slow computer, this is the first thing I recommend. Every month or 2, I run Malwarebytes (link here). It’s free to download and use, but it will want you to upgrade ($) after 30 days. Just say NO when the time comes.

3. Need Speed? You may know that you can upgrade most computers by adding memory (RAM). You also may know that you get what you pay for in a computer. So when you spent a lot when initially buying the computer, it may have been because of the motherboard or “CPU” being an Intel i5 or i7.

BUT a third way to speed up your computer (mostly Desktops because this is a cheaper trick) is to add a Solid State hard drive to your computer to run it on. Solid State drives are drives that don’t spin and use similar technology that’s in your smartphone.

Get Your Cracked Screen Fixed!

We promise to beat the price of the competition

All Apple devices, including iPads and iPhones

We also replace batteries!

 

 


FOLLOW US on Facebook, Twitter or G+ for daily tips & Tech News!