How to protect yourself against SIM swapping
SIM swap, the latest fraud technique, happens when a hacker is able to transfer your mobile phone number to another SIM card in their possession thereby securing their exclusive use of your number and in doing so, part of your identity. Fraudsters can physically change it if they have access to your phone or do so remotely by calling your mobile phone provider to impersonate you and activate a new SIM card. How do you find out if you've been the victim of a SIM swap? A SIM card is the bridge between your mobile device, your number and your provider. You may have already had to ask to swap your SIM card yourself either because you lost your device or changed to another mobile service provider. Your phone number then was legitimately transferred to a new SIM card. However, if you’re the victim of fraud via a SIM swap, your mobile device could suddenly lose its connection to the cellphone network you’re subscribing to. So you won’t get any more calls, texts or emails because now the hacker is receiving them on their device. The fraudster can also reset your passwords and access your online accounts to use them as they please, especially when your phone number is used as an authentication factor or for recovering your accounts. How can you protect yourself from this type of fraud? To avoid making yourself an easy target for fraudsters, here are a few tips to improve security for your SIM card: Add a complicated PIN to lock your SIM card and keep it secret. Choose complex usernames and passwords that are different across all your accounts (emails, social networks, banks, government, etc.). Use two-factor authentication that is more secure than emails or texts, for example a security key or an app like Google Authenticator or Microsoft Authenticator. Make sure you’re not needlessly sharing personal details. Your birthday, phone number, card numbers, driver’s licence numbers, subscriptions numbers or any other number should remain confidential and should not appear in your emails or on social networks. Be vigilant when it comes to phishing attempts by email, text or phone. Never give out personal information through those means. What do you do if you’re the victim of SIM swapping? To report the fraud, contact the police and the Canadian Anti-Fraud Centre. Warn your financial institution and have them block your credit cards to protect your accounts. You can also apply to credit assessment agencies to make sure this fraud is recorded in your file. Videotron cares about your safety. If you realize that hacker has swapped your SIM card, go to a store with your IDs so our representatives can quickly remedy the situation and replace your SIM card. Find a storeChoosing Password Management Software
If there’s one problem we all experience, it’s having too many online accounts and passwords to remember. To solve this problem, we’ve developed a very bad habit: using the same passwords all the time. But there’s a much better solution: using a kind of software called a password manager. By Marc-André Gagnon, information security specialist. The way a password manager works is that you enter all your passwords into a database that itself is highly secure—a kind of digital vault. There are two kinds of password managers: local and cloud-based. Local password managers Local password managers save your passwords in a local database on your own computer. Your information never leaves your computer, and you are responsible for backing up your database manually at regular intervals. The two big players in this category are KeePass and Password Safe. Both of these software packages are open-source and free. KeePass for Windows was audited by the European Commission's EU Free and Open Source Software Auditing project (EU-FOSSA) in 2016, and no critical vulnerabilities were found in it. This represents a good guarantee that the source code is free of any major flaws or “back doors”. Because both KeePass and Password Safe are open-source, there are dozens of clones and derived versions of them, for all platforms (Windows, Linux, iOS, Android). But you have to be careful, because these clones do not provide any guarantees against vulnerabilities. If you’re concerned about security, use only the official versions. Local Password Manager Price Platforms KeePass free Windows (Linux/OSX: use the KeePassX clone) Password Safe free Windows Cloud-based password managers Cloud-based password managers save your database of passwords in the cloud. They represent an interesting compromise, in terms of ease of use and security. If well implemented, cloud-based password managers are considered secure and offer some additional benefits: they support all browsers; they let you access your passwords on all your devices at any time; they let you share certain passwords with other users, such as your spouse or your children; they let you monitor attempts to access your account, define trusted devices, and so on; some of them let you define an emergency contact who will be able to access your password database if anything happens to you. Like all other cloud-based services, cloud-based password managers charge an annual fee (although LastPass does offer a worthwhile free version). Cloud-based Password Manager Price Allows two-factor authentication? Platforms LastPass free or $US 24 per year Yes Internet Explorer/Edge Mozilla Firefox Google Chrome Apple Safari Opera 1Password $US 35.88 per year No Chrome Firefox Safari Opera Dashlane $US 39.99 per year Yes Internet Explorer Chrome Firefox Safari Can the software provider (or a hacker) access my passwords? The provider cannot read your database, because it is encrypted with your master password. All of the encryption and decryption operations are performed locally on your own computer, and your master password is never transmitted to the provider in any way. If this complex technology is properly implemented in accordance with best practices, it is considered impossible for the provider or potential hackers to decrypt your passwords without your master password. Essential advice Choose a master password that is complex and unique. Try to have 15 characters or more, including letters, numbers, and special characters. This password is going to protect all your others, so you can’t afford to be lazy! One good method is to use the first letter of each word in a sentence that will be easy for you to remember. For example, you could set your master password as “ta12aitb, ok?” and remember it with the sentence “There are 12 apples in this bag, OK?” For more details on this method, I recommend anarticle by Bruce Schneier. You’ll have to remember your master password, because there is no way to recover it. Some cloud-based password managers may offer options to make it easier to recover, but these options are still limited, because the provider can’t decrypt your information and doesn’t know your master password. Activate two-factor authentication For cloud-based password managers, two-factor authentication involves associating your account with your smart phone or other smart device (there are other options as well). Once you activate two-factor authentication, you will be allowed to access your database only if you enter your master password AND you demonstrate that you have physical access to the smart device that you have associated with your account. Thus, even if your password is compromised (by a virus, for example), the attack will be blocked by a second factor. I think this is the best way to make your account secure with the least effort. By the way, that’s true not just for your cloud-based password manager but for all your other cloud-based accounts—Google, Apple, Facebook, Microsoft, Amazon, etc.!Beware of Ransomware
By Marc-André Gagnon, information security specialist. How much would you be willing to pay to recover your term paper? Your family photos and videos? Your business documents? Those are the questions you’ll have to answer if you fall victim to ransomware, a type of computer virus that is striking more than ever before. Ransomware uses industry best practices to block access to your data by encrypting it. That means you can’t access your files without decrypting them—and you’ll need a decryption key to do it. The creator of the virus may (or may not) provide you with the decryption key in exchange for a ransom, which is usually paid using virtual money (i.e., Bitcoin). In dollars, you can expect to pay anywhere from $500 to $1,000 for a typical ransom. Ransoms charged to businesses are much higher, reaching $10,000 or more. You usually have 24 to 72 hours to pay, and the ransom amount may increase as time passes. It’s easy to see how this kind of extortion is very lucrative for fraudsters. Figure 1 - Ransom message used in the WannaCry attack Don’t let your guard down Like with any virus, there are lots of ways your computer can become infected with ransomware, including: Email containing an infected attachment or link Software downloaded from a non-official site (e.g., BitTorrent) Legitimate websites that are temporarily compromised may prompt you to download malware (e.g., a fake Adobe Flash update) Being on the same network as an infected computer, especially if your device doesn’t have the latest updates Malicious apps downloaded from Google Play Store or Apple App Store Windows and Android platforms are targeted most often, though there are some variants for Apple OSX and iOS. What does this mean for you? Remaining vigilant is essential, as is having an enabled, up-to-date virus checker. There are no more excuses, especially since Microsoft offers Windows Defender for free. What to do if you get infected Before you do anything else, disconnect your USB key, hard drive and network cables, and turn off your WiFi. The idea is to prevent the ransomware from encrypting the data on your synched drives (Google Drive, OneDrive, iCloud, Dropbox, etc.), peripheral devices and other devices on your network. If you have a corporate workstation, or if you are simply at the office, let the tech support team know right away. Encrypting information takes time, so if you have just been infected, you may be able to limit the damage by shutting down your computer. Do not pay the ransom. There’s no guarantee that you will get your data back. Don’t forget that you’re dealing with a dishonest fraudster, so don’t expect great after-sales service! In fact, some types of ransomware don’t even allow decryption after payment. They’re bluffing! If you can, bring your computer to a repair centre to see if some files can be recovered. Some ransomware is worse than others. At the end of the day, the only 100% viable strategy is to reinstall and restore your backed-up data. You have backed up your files, haven’t you?
How to setup different password for guest profile?
If you read article in the search result for “how to secure your wifi” it talks about having a separate password for your guest profile. Which can be used for IoT devices or create a separate network for such devices, keeping it separate from your secure devices like phones/computers. So that even if someone uses the IoT device to hack the network, your sensitive devices cannot be accessed. How do I create a separate network on helix fi? I read it gives an option to create diff password for 2.5 & 5GHz bands but that work around can impair device connectivity.Calls from Quebecor?
I received three calls from Quebecor. I thought that it might be someone trying to sell me a newspaper subscription or, to poll me about the upcoming election so, I did not answer the call and they did not leave a message. I have now come to realize that this was Videotron calling. may I suggest that if Videotron wants to call a client that they should ensure that the call display reads " Videotron" and that the person or, machine leaves a message on the voice mail. If I may also suggest - if you are going to email a client, it would be best to use the name of the account holder instead of "Dear Customer". In the past, I have received false emails that looked to be from Videotron. In this age of phone and internet fraud, phishing and scams, many of us are now very suspicious.
Monday, May the 7th 9:55 am, a test of Quebec Alert Ready
This morning, Monday, May the 7th, a test of Quebec Alert Ready will happen. There is no danger to your health or safety. If this had been an actual emergency, you would now hear instructions for protecting yourself. For more information about emergency alerts, you can : 1. Visit our support section : http://support.videotron.com/residential/mobile/understand-alert-ready-service 2. visit the officiel AlertReady Website: www.alerte.gouv.qc.ca Have a nice day ! Vincent Quigley Your Community Manager
Information for the WPA2 KRACK Flaw and Videotron's Zyxel router
According to Zyxel: http://www.zyxel.com/support/announcement_wpa2_key_management.shtml The only routers affected are those with the802.11r Fast-BSS Transition (FT) handshake feature. Those are modelsNWA5301-NJ,NWA5123-AC,WAC6103D-I andWAC6500 series. If you have one of those models, you will have to wait for February 2018 for a fix. You can also turn off that feature (see link above) to prevent been affected by the flaw. Videotron's latest router is actually Zyxel's EMG2926 and is not in the list. http://www.videotron.com/residential/internet/equipment/residential-internet/new-generation-wi-fi-router Zyxel's position on this is that those models not included are not affected: "For products not listed, they are not affected to the attacks either because they are not designed to act as WiFi clients, do not support 802.11r Fast-BSS Transition handshake, or do not support peer-key handshake by default." That should clear it up.
