MyCRA Specialist Credit Repair Lawyers

Tag: SSO

  • Google Chrome doesn’t secure stored passwords

    protect passwordStay Smart Online (SSO) has issued an urgent warning to Google Chrome users who save their passwords to their browser. Passwords are not secured properly – allowing other users to be able to view all saved passwords! We look at the vulnerabilities for this method on any browser, and look at what other methods of password retrieval computer users can to adopt to protect their important personal information and ultimately – their credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Here is an excerpt from the SSO warning – issued on Friday:

    Chrome will typically prompt you to save your password for a site that you visit, and remember this for future logins. While other browsers offer the option of a “master password” that can be activated to protect your passwords, Chrome does not.

    On any Google Chrome browser, you can type chrome://settings/passwords into the URL bar. This will display a page listing all of the passwords held by that browser—for all users of that computer.

    This is particularly concerning for shared computers. You should never save your passwords when using shared computers, such as public computers at a library or airport.

    Do not rely on your browser to safely store passwords for you if someone else has physical access to that machine.

    Only allow people you trust to access to your computer, especially if that computer contains confidential information.

    Online expert Daniel Smith says saving passwords on your browser is something you should never do.

    “It may be a convenient way to store the many passwords you might have for different accounts, but if it’s convenient for you, it can be convenient for anyone looking to steal them as well,” he says.

    Daniel recommends people wanting to remember difficult passwords should use a secure and trusted third-party tool to protect and manage their passwords rather than save them to their browser.

    “Sites such as Passpack.com or Lastpass could be good secure options for password management. One thing to note is that passpack has never been hacked. Another thing to note is that all browsers not just chrome do this,” Daniel says.

    Daniel’s Key Tips To Protect Your Password

    1. Use secure passwords. Come up with a unique password scheme – for example every 3rd vowel is a number or symbol. Or you could use two unrelated words which are memorable to you, and use tools like the Shift key to create a password that can’t be easily deciphered.

    2. Use a different password for each account. It may be harder to remember, but it may just take a little bit of work to make your passwords unique and also easy to remember.

    3. Use a unique username – not the default setting. Don’t use ‘admin’ as a username. You should use a username with at least 8 characters and include characters you have to press Shift for.

    4. Minimise password login attempts. For sites you have control over access to – restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. These are harder to infiltrate by hackers, but Daniel says many don’t use them because they are inconvenient.

    6. Never store passwords in your browser. Take time to make passwords unique yet easy to remember or use a secure third-party password manager if necessary.

    Personal Information Security and Your Credit File

    Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.

    Information like passwords, dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

    Fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

    For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.

    Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

    Prevention really is key to protecting your credit file from this fraud – so spend some time and make sure your passwords are as secure as possible as a first line of defence against identity theft.

    Image: foto76/ www.FreeDigitalPhotos.net

  • They’re ba-ack again! Fraudsters change tactics on Microsoft virus scam

    If you own a computer – or a telephone for that matter – you may be vulnerable to computer-related scam attempts. The old Microsoft virus scam may have been shut down, but a new one has popped up in its place. We look at the current computer cold call scam warning, what you should do if you are called by these scammers, and what the ramifications of falling for this scam could be for your financial identity and credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Remember the scam going around where fraudsters were claiming to be from Microsoft and were cold calling in Australia to offer “technical support” to remotely assist in clearing viruses off home computers?

    First detected in 2010, the ‘Microsoft Phone Scam’ was clever, and caught out thousands. Callers knew the victim’s name and address. These fake security engineers were claiming to see problems with the victim’s computer and asking whether the victim had noticed their computer becoming slower recently.

    They went on to offer to take over the machine and fix the problems. The scammers were using legitimate remote access software, such as LogMeIn, TeamView and Ammyy.

    Scammers then requested money for this ‘service.’ On top of that, it put the victim’s personal and banking details at risk. It also gave the scammers remote access to their computer, which can potentially lead to infected computers and pilfering of personal information via keyloggers.

    Gizmodo’s recent article ‘Global Operation Sees Infamous ‘Microsoft’ Scammers Finally Taken Down [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Updated]’ explained the extent of the success of the scam prior to its takedown:

    Three years on from the first report into the ACMA about the Microsoft scammers, over 10,000 complaints have been recorded. The ACMA says that the worst point came two years ago, when every second complaint to the agency was about the Microsoft scammers. This was in 2011 — a year when scam activity had doubled on the previous period. 52 per cent of the 83,000 scam complaints the ACMA received in 2011 presented as phone scams. All in all, in that 12 months, Australians lost a total of $85.6 million to various scammers.

    Gizmodo reported international efforts from Australia, Canada and the United States brought down U.S. based scammers only a couple of weeks ago. The scammers became the first individuals to be caught in connection with the scam. They’ve had their assets frozen and they are presumably now awaiting a hearing over fraud charges.

    Not to be dismayed, scammers have obviously thought the gig was too lucrative to dismantle yet – and they have changed tactics – hitting those original victims with yet another scam. As if they hadn’t suffered enough!

    On Friday Stay Smart Online issued a warning that computer-related scams were doing the rounds again. It may be important for those who may have been targeted last time.

    “Following international efforts by agencies to close down the infamous ‘Microsoft imposter scam’, reported earlier this month, examples of scammers responding with new approaches have been noted.

    This includes scammers making follow up calls to previous targets of the original scam, offering apologies and refunds in response to the closing down of (fake) support they provided previously.

    Scammers may also claim to be from a foreign government, foreign law enforcement agency or bank, and offer to recover the money you initially lost, in return for a fee,” SSO notes in its warning.

    Your personal information in the wrong hands can lead to identity theft which threatens the health of your credit rating. Fraudsters can duplicate your identity and take out credit in your name – leaving you with debts you didn’t initiate and bad credit from outstanding accounts in your name.

    Think recovery would be easy? Think again!

    Clearing bad credit history is always difficult for individuals to undertake. Most enquiries will result in Creditors telling you that bad credit is there to stay for the term of the listing (usually 5 years). The only thing you can do to change that is to prove there is an inconsistency by demonstrating that the listing was put there unlawfully. An identity theft victim’s task is then to prove that they did not initiate the credit in the first place, but proof is not always easy to obtain – especially when you have no idea of exactly how the fraud occurred. Many people don’t know they are victims until they go to obtain credit and are refused because their credit file is riddled with defaults.

    So what should you do if you get a phone call from one of these guys? SSO gives this advice:

    Suspect: Don’t accept anything at face value. Don’t make a payment over the phone or online without first checking the details.

    Think: Recognise the signs. If you’re being pressured to act, disclose personal details or send money to a stranger, it’s almost certainly a scam. (Microsoft never makes unsolicited phone calls about its products.)

    Report: Act to report the scam. Tell SCAMwatch and help stop scammers in their tracks.

    Ignore: Never respond. Hang up or delete the SMS or email after reporting.

    If you have had your credit file destroyed by identity theft, and need help recovering your good name – contact a professional Credit Repair Advisor on 1300 667 218 or visit the MyCRA Credit Rating Repairs website www.mycra.com.au. Professional credit repair can offer you the best chance of being able to clear bad history from identity theft for good.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]