Archives 2023

Article (PSA‑0025)

Why Phone Scams Are a Big Deal

Scammers use the phone to steal personal information—identity data, bank‑account numbers, credit‑card details—or to extort money directly. Because a voice can sound professional, friendly, and urgent, it’s easy to let your guard down.

Typical Phone‑Scam Tactics

• Impersonating a trusted source – they claim to be from Microsoft, your bank, the IRS, or a government agency.
• Urgent “security” alerts – “Your account has been compromised, call us now!”
• Requests for personal data – passwords, Social‑Security numbers, credit‑card codes.
• Directing you to a fake website – they’ll ask you to type a URL or click a link while on the call.

Red Flags to Spot a Phone Scam

• They ask for any personal or financial information over the phone.
• They claim “we’ll never call you” if they *are* a legitimate company (the opposite is true).
• They create a sense of urgency: “You must act now or you’ll lose money.”
• The caller ID shows a suspicious, foreign, or “spoofed” number.

Simple, Effective Defense: Hang Up

1. When you suspect a scam, end the call immediately. Do not answer follow‑up questions.
2. If the caller claims to be from a company you do business with, look up the official phone number on the company’s website or on your billing statement, then call that number yourself.
3. Never provide passwords, credit‑card numbers, or Social‑Security numbers to unsolicited callers.

Quick Phone‑Scam Checklist

• ✔️ Never give personal data** to an unexpected caller.
• ✔️ Hang up** as soon as something feels off or you feel pressured.
• ✔️ Verify by calling the organization’s official number** (don’t use the number the caller gave you).
• ✔️ Register your mobile number on the National Do‑Not‑Call Registry** (if available in your country).
• ✔️ Report the call** to the FTC (reportfraud.ftc.gov) or your local consumer‑protection agency.

If You Think You’ve Already Given Information

• Contact your bank or credit‑card issuer immediately and explain the situation.
• Change passwords for any accounts that may have been compromised.
• Place a fraud alert on your credit reports (Equifax, Experian, TransUnion).
• Monitor your accounts for unusual activity over the next 30‑60 days.

What’s Next?

The next post will dive into **email scams (phishing)**—another common way attackers try to steal your data. The same principles—skepticism, verification, and not engaging—apply.

Need More Help?

If you have any questions about a recent call or want a quick security review, call PSA Computer Services at (707) 506‑6802.

Article (PSA‑0024)

Why Browser Hijacks Are a Problem

When you browse the web, a malicious link, image, or ad can act as a “trigger.” If you click—or even hover over—it, the page can launch a fake virus‑alert dialog, play alarming sounds, and display a phone number that urges you to call right away. The goal is simple: create panic so you’ll act without thinking.

How the Hijack Works (plain language)

• Click‑bait / pop‑under ads – bright headlines or images that urge you to click.
• The trigger runs a tiny piece of code that opens a fake scanning window (often looks like a legitimate antivirus).
• The dialog tells you “your PC is infected” and shows a phone number or a link to “pay to clean it.”

Two Safe Ways to Stop a Browser Hijack

Method 1 – Use Task Manager (recommended for most users)

1. Press Ctrl + Alt + Delete and choose Task Manager.
2. In the Processes tab, locate the browser you were using (Chrome, Firefox, Edge, etc.).
3. Right‑click the browser name and select End task. This closes the browser **and** the fake alert.
4. Re‑open the same browser. If it asks to “Restore pages,” click No – restoring will bring the fake alert back.

Note: This method does not affect any unsaved documents because only the browser is stopped.

Method 2 – Hard Power‑Off (last resort)

1. If you can’t reach Task Manager, press and hold the computer’s power button for 4‑6 seconds until it powers off.
2. Wait a few seconds, then turn the computer back on.
3. Open your web browser again and decline any “Restore pages” prompt to avoid the fake alert.

Warning: This forces all programs to close abruptly, so any unsaved work in other applications will be lost. Use Method 1 whenever possible.

Quick Checklist to Keep Your Browser Safe

• ✔️ Never click on pop‑ups or ads that look too “urgent.”
• ✔️ Close the browser via Task Manager if a fake alert appears.
• ✔️ Decline “Restore pages” prompts after a crash or forced shutdown.
• ✔️ Keep your browser and OS updated; patches often block known hijack scripts.
• ✔️ Consider installing an ad‑blocking extension (uBlock Origin, AdBlock Plus) to reduce malicious ads.
• ✔️ Run a reputable anti‑malware scan periodically (Microsoft Defender, Malwarebytes, etc.).

What to Do If You Accidentally Call the Scam Number

• Hang up immediately.
• Do NOT provide any personal or payment information.
• If you think you may have given details, contact your bank or credit‑card issuer right away.
• Monitor your accounts for unfamiliar activity over the next 30 days.

What’s Next?

The next article will cover phone scams – how to recognize them and what to do if you receive a suspicious call.

Need a Hand?

If you’re unsure how to stop a hijack or want a quick security review, call PSA Computer Services at (707) 506‑6802.

Article (PSA‑0023)

What Does “Enough” Security Look Like?

Every computer is different, but we can split the discussion into two groups:

• Online computers – connected to a network or the internet.
• Offline computers – never (or almost never) connected.

Online Computers – The Basics

1️⃣ Antivirus / Antimalware

• Use **one** properly‑licensed, **up‑to‑date** product that offers:
  • Real‑time scanning – checks files as they are opened, created, or downloaded.
  • Scheduled scans – runs a full or selective scan at a set time (e.g., weekly).
  • On‑demand (manual) scans – you can scan a file or folder whenever you want.
• Windows 10/11 include **Microsoft Defender Antivirus** at no extra cost. It meets the needs of most home users.
• Third‑party suites (e.g., Norton, Bitdefender, Kaspersky) are fine, but they are often more expensive and can cause performance or compatibility issues if you try to run **more than one** AV product at the same time.

2️⃣ Firewall

• Every Windows PC ships with **Windows Defender Firewall** – a software firewall that monitors inbound and outbound traffic.
• A hardware firewall is typically your **router**; most home routers already provide basic NAT and packet‑filtering protection.
• For the majority of users, the built‑in Windows firewall plus a router’s basic protection is **more than sufficient**. Buying a separate firewall product is rarely needed unless you run a small business with specific compliance requirements.

Offline (Never‑Online) Computers – When You Can Relax … a Bit

• If the machine truly never connects to any network and never receives files from other computers, you can skip antivirus entirely.
• However, if you ever plug in USB drives, external hard disks, or copy files from another (online) computer, you **should still run an antivirus scan** on that media before opening anything.
• Even an offline system benefits from a firewall‑like rule set (e.g., disabling unnecessary services) to keep the attack surface minimal.

Why Adding More Security Tools Can Hurt More Than Help

• RAM depletion – Each extra security program consumes memory. When RAM runs low, Windows uses the hard drive as “virtual memory,” which dramatically slows the entire system.
• Software conflicts – Two real‑time scanners will often see each other as malicious activity, leading to constant alerts, false positives, or system freezes.
• Potential corruption – One AV may quarantine the other’s core files, leaving the second product broken and difficult to uninstall.

Bottom Line for the Average User

For a computer that accesses the internet, a **single, up‑to‑date antivirus** (Microsoft Defender or a reputable third‑party product) plus the **built‑in Windows firewall** provides solid protection. Combine that with common‑sense habits (don’t click unknown links, keep software patched, back up data) and you’re well covered.

Need a Quick Security Check?

If you’re unsure about your current setup or would like a brief review, call PSA Computer Services at (707) 506‑6802.

Dear Reader,

Today’s cyber landscape has provided ample opportunities for criminals and adversaries to target U.S. networks, attack our critical infrastructure, hold our money and data for ransom, facilitate large-scale fraud schemes, and threaten our national security. At the FBI, we know “cyber risk is business risk” and “cyber security is national security.” There is no shortage of recent examples showing the wide-ranging economic and national security effects of cyber crimes. We have seen cyber threats emanate from around the world and witnessed the scope and sophistication of these scams and attacks deepen. As these threats increase, we continue to encourage victims to report cyber incidents and cyber-enabled frauds to the FBI so that we may impose risks and consequences on malicious cyber actors.

Because cyberattacks and cyber-enabled frauds continue to affect our everyday lives, the FBI’s Internet Crime Complaint Center (IC3) is critical to combatting the cyber threat. The IC3 serves as a public resource to submit reports of cyberattacks and incidents, which allows us to collect data, identify trends, and pursue the threat at hand. In 2022, the IC3 received 800,944 complaints, which is a 5 percent decrease from 2021. However, the potential total loss has grown from $6.9 billion in 2021 to more than $10.2 billion in 2022.

While the number of reported ransomware incidents has decreased, we know not everyone who has experienced a ransomware incident has reported to the IC3. As such, we assess ransomware remains a serious threat to the public and to our economy, and the FBI and our partners will remain focused on disrupting ransomware actors and increasing the risks of engaging in this activity. In concert, the public can play a crucial role by taking proactive measures to prevent and prepare for a potential cyber attack and, if there is an incident, by reporting it to the FBI through the IC3. Though cybercriminals are continuously seeking to make their attacks more resilient, more disruptive, and harder to counter, public reporting to the IC3 helps us gain a better understanding of the threats we face daily.

The FBI’s commitment to assisting victims of cyber crimes and cyber-enabled frauds, as well as our dedication to working with partners to combat these crimes, allows for continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2022, RAT initiated the Financial Fraud Kill Chain (FFKC) on 2,838 Business Email Compromise (BEC) complaints involving domestic-to-domestic transactions with potential losses of over $590 million. A monetary hold was placed on approximately $433 million, which represents a 73 percent success rate. In 2022, RAT saw a 64 percent increase in FFKCs initiated compared to 2021.

While the cyber threat is ever-growing, the FBI remains appreciative of those individuals and entities who report cyber incidents to the IC3, as that valuable information helps fill in gaps that are crucial to advancing our investigations. Your efforts are critical to our ability to pursue the perpetrators and share intelligence to protect your fellow citizens. Cyber is the ultimate team sport, and we are in this fight together. The FBI is relentlessly focused on promoting safety, security, and confidence into our digitally connected world, and we are eager to continue working with the American public to bring cybercriminals to justice around the globe.

Timothy Langan
Executive Assistant Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

Article (PSA‑0022)

Why Backups Matter

A reliable backup strategy is the cornerstone of any IT Disaster Recovery or Business Continuity plan. Fires, hardware failures, ransomware attacks, or simple user error can wipe out data in seconds. The quicker you can restore what you’ve lost, the less impact on your business (or personal life).

The 3‑2‑1‑0 Backup Rule

Rule 3 – Three Copies

• Primary data + two separate backups.
• If one backup becomes corrupted or unavailable, you still have a second copy to fall back on.

Rule 2 – Two Different Media Types

• Use at least two distinct storage media (e.g., external HDD/SSD, network‑attached storage, tape, or cloud object storage).
• Each medium has its own failure modes; mixing them reduces the chance that a single incident wipes out all copies.

Rule 1 – One Copy Off‑Site

• Store one backup in a different physical location – a secondary office, a trusted friend’s house, or a reputable cloud service.
• This protects against site‑wide disasters like fire, flood, or a break‑in.

Rule 0 – Zero‑Error Verification

• Regularly test restores (at least quarterly). A backup that can’t be recovered is useless.
• Automate verification where possible (many cloud services provide built‑in integrity checks).

Putting the Rule Into Practice (Simple Checklist)

1. Identify critical data. Documents, photos, databases, configuration files, etc.
2. Create the three copies. Primary + two backups.
3. Choose media. Example combination:
   • External SSD (local, fast recovery)
   • Network‑attached storage (NAS) or a second external HDD
   • Cloud storage (OneDrive, Google Drive, Backblaze B2, Amazon S3 with versioning)
4. Automate backups. Use built‑in tools (Windows Backup, macOS Time Machine) or third‑party software (Macrium Reflect, Veeam Agent, Acronis). Schedule daily or weekly runs.
5. Secure backups. Encrypt at rest, enable MFA on cloud accounts, and keep the off‑site copy in a location you can access quickly when needed.
6. Test restores. Pick a random file or a full system image and restore it to verify the process works.

Common Pitfalls to Avoid

• Keeping only one backup (single point of failure).
• Relying solely on “online sync” services without a true separate copy.
• Neglecting the verification step – many businesses discover a broken backup only after a disaster.
• Storing backups on the same type of media (e.g., two external HDDs that are both vulnerable to power surges).

Additional Resources

• High availability – following the backup rule
• The Importance of Effective Data Backup

Need a Backup Review?

If you’re not sure whether your current backup strategy meets the 3‑2‑1‑0 rule—or you’d like help setting one up—call PSA Computer Services at (707) 506‑6802.