Rogue Access Points


We’ve all been there.  It’s been a long day of shopping at the mall, or waiting in an airport, or driving across the country, and we finally get a chance to pull out our phones or laptops and look for WiFi. Good news: You’ve found one that doesn’t require a password!  Free WiFi saves the day. You click accept and head to your favorite place to watch videos of kittens, or whatever people normally do on the Internet … we mostly watch kittens.

There’s just one problem: what if that free WiFi was a trap?  One of the cleverest phishing scams out there right now is built on the lure of free WiFi using rogue access points, and it has enough variations to stay ahead of the security teams at Apple, Samsung, Microsoft and our own security for one simple reason: The soft spot in your security is you. 

Here’s how phishing on rogue access points works:  The scammer will set up a wireless router offering free Internet, often marked “Free WiFi,” “ATT WiFi,” or “Starbucks.”  Would you be suspicious of those networks?  Many people just look for the strongest “free” network, while most of the rest of us look for a name we trust.  How paranoid do you have to be to not connect to Starbucks WiFi at the mall?  Once you connect, though, they have a variety of ways to get any information they want off your phone or laptop. 

Even scarier, some scammers are using programs that tell your phone that the name of the free wireless available from the scammer’s router is whatever name your phone is looking for, so it can even connect automatically while in your pocket.  You can get phished over your phone just by walking in the wrong area. 

Once you’re on their network, they have a variety of ways to steal your info, from just grabbing your session cookies to using keystroke monitors to get logins and passwords, to the traditional phishing technique of creating dummy sites that look like Facebook or major credit card websites to prompt you for your info. 

Here’s what you can do to stay safe: 

  1. Turn off your WiFi unless you’re at home or work.  I know, I know. The only thing worse than mobile network data speed is mobile data network pricing.  Well, maybe mobile network customer service. Unfortunately, all that WiFi you grab every day can be dangerous.  Even if you’re not running into rogue access points, you’ve still got to hope that the coffee shop or burger joint actually pays attention to the security of their wireless router, which few even think to do.  Even those businesses that do think about security rarely spend money on it – rarely are they bringing in a professional. No, they’re asking a minimum wage employee to “take care of it” because “you’re young and good at computers.”  On a related note, isn’t it odd that coffee shops don’t spend more time thinking about their WiFi?  Isn’t that a core business at this point? 
  2. Even then, make sure your home and work WiFi are safe. Endpoint security, like Norton antivirus, is not as effective as it once was, simply because there are so many more points of vulnerability than there were a few years back.  We’ll have an extended look at securing your WiFi network in a future installment, but for today, set up your password with WPA2 Enterprise encryption.  If your router does not support it, it’s time for a new router. 
  3. Rename your home network something like “This Public WiFi is UNSAFE.”  It might sound weird, but if a scammer tries to use software to tell your phone the name of his network is the same as your home network, your phone will tell you it’s connected to “This Public WiFi is UNSAFE” and you can get off of it. 
  4. Apps are your friend.  Most apps, including ours, use HTTPs security, rather than HTTP. This can actually stop some of the tactics many scammers use.  Remember, they don’t want to beat the best security; they want to do as little work as possible and beat those unwary souls who rely on the worst security.  A simple step up is enough to keep many scammers at bay. 
  5. Get an app that prevents rogue access.  Depending on your operating system (OS), you have different options, but search your app store.  It’s worth the trouble and $4.99. 

Sources:

Rethinking Your Money With Apple Math



When it comes to your finances, it can seem like all the advice you get is deadly boring, unbearably abstract or both.  For example, when it comes to paying off debts, how can you be expected to make a dent without first having a spreadsheet that compares all your credit cards and loans with columns for principal, interest rate, fees and maybe even frequent flyer miles?  It’s intense. At the same time, when it comes to spending, you’re no better off. How do you compare the value of a fancy dinner to buying a new outfit for the kids?

In 1986, The Economist created “The Big Mac Index” as a way to compare currency values across eras and national borders.  The index shows how many hours of labor it takes to earn the cost of a Big Mac. So, if it took you 10 minutes to earn the cost of a Big Mac last year and it takes you nine minutes today, you are – in theory – better off than you were before. That’s true whether those gains come from getting a raise, moving to a town with a lower cost of living or improvements in McDonald’s supply chain to save consumers money. While the value of a dollar changes over time, the value of a Big Mac to a hungry customer remains constant.
We’re going to use the same Big Mac concept here, but we’ll use it to explain personal finance. If you’re a fan of Apple products, fabulous. If not, feel free to substitute other luxury goods of your choosing.  As an added benefit, if you’re looking to talk about money with a young person, you may find the Apple index to be a helpful tool for starting a conversation.  After all, that young person is probably staring at their phone, tablet or laptop right now. 
The price of luxury 
If you’re carrying an iPhone, it’s probably the most expensive thing you carry every day.  You might not think so, because you might be used to those two-year contracts that artificially decrease the price of a phone by several hundred dollars.  In reality, though, a lot of companies, from your service provider to the handset manufacturer, stand to make money by concealing the price from consumers.
Even then, you could be skeptical.  “After all,” you might say, “I’m currently wearing a very expensive watch.  This Omega Speedmaster Moonwatch is the same model as the one that’s been on the moon.” Or maybe you’re glancing at your Hermès Clemence Birkin purse, believing no phone could cost as much as a bag for which a noble alligator gave its life.
Actually, it does.  You see, when a person buys a luxury watch, he or she usually expects to hand it down to their son, daughter or whomever so they may stay in a family for generations.  The same is true for Hermes bags, particularly because they have to last long enough to get back to the top of the waiting list.  A Hermes reservation can last a family for generations, too.  A $10,000 watch or bag that lasts 100 years actually costs $100 per year.  Similarly, a basic two-year phone contract typically came with a $200 credit toward a phone purchase, so even a free phone on that plan costs $100 per year, the same as an Omega watch or Hermes bag.  A $649 iPhone 6s costs more than three times that much. 
The price of five bucks 
Most phones sold this year don’t have 2-year plans.  Instead, AT&T, Verizon and many of their competitors offer plans that can be canceled at any time, with the cost of the phone spread over two years or more, disguising the total price of the product.  After all, the difference between spending $25 per month and $30 per month seems negligible. If you’re already writing a check to your service provider for $200 worth of data, talk, taxes and fees every month, what’s another five bucks, right? Of course, that difference over two years comes out to $120.  If you have three lines on your account, the bill comes to $360.
When are you planning on paying off that smartphone?  When do you expect to not have to pay another phone bill?  The smartphone manufacturers assume a two-year lifecycle, and intentionally do not design their phones to last forever. Five years ago, one of the best selling phones was the original Motorola Droid. Go back another year, and it’s Nokia at the very top of the sales charts, capping over a decade of the company’s dominance.  It’s hard to remember that environment, but it included 3G networks and sliding keyboards.
Phones have short shelf-lives, so you can probably expect to make payments on a phone for most of the rest of your life.  If you made that $5 payment into your savings account instead, that would be around $16,000 in time for your retirement.  That’s an expensive five bucks.
It’s not a Big Mac, but hopefully the iPhone works just as well to explain the value of money when it’s difficult to understand.  Buying a product that lasts a lifetime can actually be quite affordable in the long run.  On the other hand, a mindlessly squandered five dollars can be quite expensive.  We’ve got a lot more lessons from the Apple index coming up, so stay tuned! 
Sources: 

Q&A: Google and Cybersecurity

Google had a good day in mid-July. It’s safe to say it had a better day than you did, even if your day was fantastic. The company set a record for the largest single-day increase in value in the history of American investing at nearly $67 billion, breaking the previous record held by Apple.  Google did well enough that if it wanted to relax with a weekend of video games, movies, and pulp novels, it could simply buy Nintendo, Loews, and Barnes and Noble with the money it made just in that one day.
That day was less enjoyable for Google’s customers, though. As investors were thrilled by YouTube’s growth, Gmail users were beset by faulty spam filters which hid so many legitimate emails that Linux founder Linus Torvald took to an online op-ed calling out the tech giant. The misstep was a rare occurrence from Google, but considering it followed a much-ballyhooed revision to its Gmail platform, it was worrisome for many. When considered in the context of major hacks of the U.S. government and infidelity website Ashley Madison this summer, the Gmail problems had people wondering what security Google has in place for the largest privately-held collection of American’s data.
Don’t leave your cyber security in doubt. We’re here to answer your questions about your online safety. 
Question: Everyone is always going on and on about online security, but nothing has ever happened to me. Should I even care? What’s the worst that could happen? 
Answer: If you’ve never paid attention to your Internet security and never had a security problem, you’re probably fine. You clearly have a rabbit’s foot offering you magical protection from scammers, spammers, spoofers, and identity thieves. Or maybe you have been compromised and just don’t know it yet.
If black hats get their hands on your machine, there’s no telling what they could do. In some cases, you’re looking at spyware and malware that’s merely annoying. In others, your personal and financial information could be compromised. You might even have had your identity stolen. Online security is crucial, and you really can’t be too careful.
Question: I don’t have Gmail. I use Outlook. I don’t use Android. I have an iPhone. I’m good, right?
Answer: Internet security is like a 1980s slasher flick: The instant you let down your guard, something bad is going to happen. No, you’re not safe and Google isn’t bad at security. They’re actually pretty good at it.  Their cyber security task force is responding to the perception of a problem, not an actual problem.
Conversely, consider the products offered by Apple: Apple is slow to offer security updates for OS-X and sometimes bizarrely laconic when it comes to iOS apps.  While Google and Microsoft update their iOS apps every two weeks or so, Apple often waits months. Apple also doesn’t support security updates for older versions of OS-X, so if you’re still running Snow Leopard or anything older, Apple stopped updating security on your machine last year, leaving about 1 in 5 users behind.  When El Capitan comes out this fall, it will likely mean that security updates will end for machines still using Mountain Lion. 
Question: How do I know if my security is up to date? 

Answer:  Every reputable piece of software you use, on your computer or on the Web, should allow you to view your security settings.  If you can’t find your security settings, Google it or look for help on the site.  If you still can’t find your security settings, consider using different software. 
Question: What do I do if I think something fishy is going on with my account information? 
Answer:  For our members, let Destinations Credit Union know right away.  The sooner we know, the sooner we can protect your important financial information.  You may have your credit or debit card information stored at your favorite shops and you don’t want anyone to mess with your cards. After you’ve gotten in touch with us, get in contact with whomever is in charge of the site where you have suspicions.  See what they recommend.  It may be a good idea to notify the police.  Anyone who has access to your online profile is likely to have your home address, too.
Now is a really good time to protect yourself.  Update your password for all of your main accounts and any others you can think of.  Don’t write your password down, try not to make it obvious, and try to keep your passwords separate.  It may be a lot of work, but it will pay off in peace of mind.

Sources:

http://fortune.com/2015/07/21/activist-investors-tech-companies/