Beware Of Phishing Emails After Equifax Credit Bureau Hack


Credit Agency Hacked

Cyber bad guys have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:

  • Phishing emails that claim to be from Equifax where you can check if your data was compromised
  • Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
  • Calls from scammers that claim they are from your bank or credit union
  • Fraudulent charges on any credit card because your identity was stolen

Here are 5 things you can do to prevent identity theft:

  • First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)
  • Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis:
  • Check your credit reports via the free
  • Check your bank and credit card statements for any unauthorized activity

If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.
And as always, Think Before You Click!

Texting Scams In Full Force

If you are like me, you probably thought most cyber scams came through email or phone calls. Well, the scammers have been moving to less obvious ways to find their victims. Texting.

The Cyber Bad guys are targeting you through your smartphone more and more. They send texts that trick you into doing something that helps them down the road to scamming you. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are being used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.

Stay alert,


Wabash Valley Cyber Security Report 2015

Mission: To determine the current level of cyber security in the Wabash Valley between Terre Haute and Vincennes Indiana.

So when I began planning to investigate the state of cyber security in the Wabash Valley I thought that a few small businesses may have an insecure wireless router and possibly a small town government office or two. To my astonishment that was not the case. As my investigation continued I found so many insecure wireless routers that I decided to make that my main focus for this report. This wireless survey was done with a simple drive-by wireless security scan using freely available tools on my android smartphone. This was a safe scan that simply listed broadcasting WIFI routers. It does not connect to or hack into them. I drove from Terre Haute to Vincennes Indiana and found multiple businesses in each of the following categories and even some government offices that had old easily hackable wireless encryption settings. Actual locations will not be disclosed for obvious reasons.

Insurance Agencies

Law Offices

Certified Public Accountants (CPA’s)

Medical Clinics

Wealth Management Offices

Dentist Offices

City/County Government Offices

Probation Offices

Tax Advisors


Fire Departments

Ambulance Services


Newspaper Offices

New Car Dealerships

Technology Support Companies

And the list goes on…

So what? What’s the big deal?

Identity theft. That’s the big deal. Personally Identifiable Information exposed. Your customers bank accounts drained and their credit destroyed. And that is only one of the ‘big deals’. Consider company secrets, client lists, manipulated data, deleted data, even YOUR identity.

How are these businesses vulnerable? What is it about their wireless routers that leaves them exposed?

In a nutshell, not keeping pace with current cyber security best practices and ignoring the threats that we don’t see. Technically speaking, those routers are using old forms of encryption. Those old encryption algorithms have been easily hackable for years. Then there is WPS (WIFI Protected Setup). About half of all off the shelf wireless routers that have WPS enabled are also hackable. Some may take longer than others but the end result is the same. All of the business categories I listed above were using old encryption algorithms. Simple to hack. The list would be much longer if I included those using newer much more secure encryption – yet still have WPS enabled. Here is a link to a short article I wrote earlier about dealing with WPS:

The results from approaching several of these businesses to let them know of the dangerous situation is equally stunning. Of the ten businesses and government offices that I spoke with in person, none of them had any idea of the problem. What’s more is few made any changes to secure their wireless routers. Many of them said they would correct it or knew of the issue and were in the process of securing them. I checked a few days later. No change. Maybe the person(s) in charge of those routers simply don’t understand the issue or choose to ignore it. At your peril.

Another disturbing fact to consider: since they are using a form of wireless encryption that has been easily hackable for years, how many have been hacked already and don’t even know it? How long has a black hat hacker been stealing customer information – your personal information and using it for nefarious purposes? Thieves don’t leave their calling card and say “Hey I broke in and stole your data”. They want to keep the dirty deed a secret so they can come back later and do it all over again.

Let’s suppose that the data at risk is nothing of value and no personal information is accessible. As a business owner, what is the value of customer perception? If the public were to become aware of your lax security practices how might that affect your bottom line? Security breaches are detrimental to any business. And not just the immediate financial costs. A tarnished reputation is hard to overcome. Regaining customer trust is certainly tough once personal information has been compromised.

Ok. As a small business owner myself, I know it’s hard to stay on top of all the latest technological changes and cyber security issues. Who has time, right? Most small business owners believe they are not a target because maybe they don’t have many valuable assets, but what that really means is they are easy targets since network security is probably not on the daily priority list.

If I can find out this level of information from simply driving by, then what other more in depth private information could the serious hackers already have?

Quoted from and article on

…Wireless computer hacking of identity theft and payroll thefts totalling more than $3 million dollars in Seattle has landed the last defendant in federal prison.

Joshuah Allen Witt, 35, was found guilty with two other defendants for hacking into 50 businesses software using a wi-fi receiver that detects business wireless networks. They hacked into the security codes and accessed company computers, according to the Seattle Times online edition.

Termed “wardriving”, the defendants used a device that picked up wireless transmissions and were able to crack security codes that they had in a car. The defendant’s also broke into businesses to install malware on company computers.

Witt was sentenced to eight years on charges “that included conspiracy, aggravated identity theft and access-device fraud”, according to the Seattle Times report. Also reported was that the U.S. Secret Service’s Electronic Crimes Task Force broke the case after 2-1/2 years.

Wireless hacking has been going on for years. Not only do criminals use “wardriving” methods while driving around in cars with wi-fi hacking technology, but utilize “warparking”, another term to describe someone with laptop sitting in a car of a parking lot or street curb.” –

How many readers have the same password for almost everything? Exactly. Let’s assume the business is secure, what about the owners wireless router at home? A dedicated hacker could simply hack the home router waiting for a password to be captured. Once done, your world is his.

* Image excerpt from:

What about hospitals, medical clinics and the devices they use? They must be really secure, right?

Quoting a report posted on Kim Komando’s website concerning health care security:

…That sounds like a terrible movie plot. But, sadly, it’s a reality. We’ve been telling you that hospitals and all that lifesaving medical equipment they use, like pacemakers for your heart and blood gas analyzers (BPA), are vulnerable to hacker attacks. But, even we couldn’t guess how bad it really is.

Hospitals and their network-connected devices are so poorly protected that, in July, the Food and Drug Administration issued its first-ever cybersecurity advisory about a medical device.

Specifically, the Hospira Symbiq infusion pump, because it’s vulnerable to unauthorized users controlling the device. In other words, hacking it. It’s “precedent setting,” according to the FDA’s Center for Devices and Radiological Health…” –

This report mostly covers the easy low hanging fruit that any hacker can pick from right outside your business. For example, once the router password is hacked the perpetrator can modify the router settings and redirect your internet browsing to malicious sites that try to install malware of all sorts on the computers including the infamous CryptoLocker Ransomware virus that holds your data hostage until you pay the ransom fee. Many other more complex, in depth wireless hacks exist and defeating them requires vigilance. More on these in the next report.

Malware is actually the most common threat I find on client computers. When I say most common, I mean 90% of every single computer I cleanup! But you have an antivirus like Norton or McAfee, so your safe right? Probably not. Most of those 90% that I check have Norton or McAfee – AND have multiple forms of malware / spyware / trojans / viruses that haven’t been caught. Some of that malware is just advertising junk. But some of it designed to steal your usernames, email addresses and passwords – or secretly give a hacker remote access into your computer. These threats can be even more dangerous than insecure wireless routers since it doesn’t require a hacker to be anywhere near your computer or business. Just clicking on the wrong email attachment or website link can infect your computer. These malware programs lay in wait, then capture your data and send it off to hackers unknown anywhere in the world. If you want to spend some time checking your own computers, I wrote an article outlining many of the in-depth steps used every day to detect and remove the sneakiest malware:

So far we’ve only discussed business and government cyber security. There are far more home wireless routers that are using the same insecure wireless settings and have untold amounts of malware doing dubious things with sensitive personal data.

So what are some solutions?

For wireless, you can make things a little more difficult for the casual hacker by:

  • Enabling Proper Wireless Encryption
  • Disabling WPS
  • Making the SSID’s hidden
  • Changing the SSID’s
  • Using strong complex passwords
  • Changing the default admin password on the router
  • Educating employees about wireless hacker methods
  • Engaging a 24×7 cyber security remote monitoring service to keep an eye on router and computer security logs and alerts, and keep everything updated.

For malware:

  • Keeping Windows, Flash and Java patched and updated. That plugs many security holes.
  • NEVER run your machine as an administrator. Set up a standard user account and make it prompt you when it needs administrator privileges. This will keep you from getting infected by MANY malicious websites.
  • Having your computers put through an in-depth scan every 6 months by experts in malware detection and removal. Today’s malware is very invasive and requires advanced techniques to thoroughly find and remove.
  • Engaging a remote security monitoring company that can keep an eye on new infections in real time, taking action as needed.

For web based email, Facebook, Twitter and other online accounts:

  • Be sure to enable 2 step authentication. This really puts a dent in a hackers ability to take over your online accounts.
  • Use complex passwords.
  • Don’t use an open hotspot to check the accounts. Open hotspots make it much easier for hackers to listen in and capture passwords.
  • Use different passwords for each account.

These are just a few of the things needed to increase your protection level against so many ever present cyber threats. The list is long and ever evolving as the technology changes and hackers develop new ways to steal.

I hope this report sheds some light on many of the current cyber security issues that threaten our livelihood and how to deal with them. Do you have a security incident that has affected you or your company? If you can share it with us we will remove the confidential details and include it in our next article. It might prove very insightful to others. Send me an email at

In the next cyber security article we’ll talk about:

  • The dangerous Evil Twin router
  • The infamous CryptoLocker ransomware
  • Phishing Attacks that con you into divulging private information
  • Keyloggers that steal passwords
  • How your company website may not be secure
  • Smartphones – Protecting them from Malware
  • And a recommended list of security minded, high performance wireless routers

Do you have concerns about your companies state of cyber security? Our security team helps organizations small and large stay safe from today’s nastiest hackers and avoid disaster.

What we do:

  • Make your Wireless Routers more secure
  • Cleanup and Secure Malware Infected Computers
  • Reduce the installation rate of new Malware threats
  • Provide a “2nd Set Of Security Eyes” to compliment your I.T. department
  • Train your employees to spot potential security issues
  • Perform external and internal penetration testing to search for new and unknown ways that Hackers/Data thieves might get into your network – then secure them and lock the door.
  • Work daily on the digital front line protecting clients from new threats, malware and data thieves

Questions or concerns? Contact me anytime:


Connect with me on LinkedIn:

Follow me on Twitter: @daviddubree

NPG Computers – Find us on Facebook and Twitter

How To Keep Your Data Safe From Wireless Hackers

In the world of small business, the thought of Cyber Security, protecting customer data and monitoring log files for hacker activity usually takes a backseat to the daily grind of selling more product, the next advertising piece, making payroll, tax issues, employee problems, etc.  Who has time for it, right?

One group does have time for it – Data Thieves. And a lot of them.

There are many facets to cyber security and protecting your data including operating system updates, spyware detection, good passwords and the human factor.

In this post I will focus on how they steal your data through a very common device – your wireless router.

‘But my WIFI router uses a password so it’s safe, right?’ No…Not Necessarily.

In my former life as an owner/operator of a wireless internet service provider (WISP), I dealt with home, business and carrier grade wireless routers daily. Every router has it’s weakness. Especially the consumer grade routers you can buy off the shelf at any big box store.

One of the most common flawed features found on the majority of consumer grade routers is called WIFI Protected Setup (WPS). There are numerous websites describing in great detail how to hack WPS to gain access to the encryption password used by everyone connecting to the router. Once the hackers have the password they can easily use a wireless data ‘sniffing’ program to steal confidential data, usernames and passwords. The sky is the limit once they have your username and password to things like online banking, business servers, email, Facebook, etc.

So what can you do? Login in to your WIFI router and disable WPS asap! No option to disable WPS? Then it’s time for a new router. Consumer grade routers have no place in business, but if you must use one in your business make sure it has the option to disable WPS.

‘My WIFI router is inside the office. Isn’t that safe?’ Definitely not.

Most routers have a range of about 600 feet depending on how many obstructions there are. The building walls can certainly reduce that range to maybe 100 feet. The problem is that with the right directional antenna a hacker could be 2000 or more feet away and still sniff the wireless data. If your router is close to a window that distance could greatly increase.

There are many more security issues with WIFI routers including cracking the WPA2 encryption keys without using the WPS hack, which again exposes your data to the ‘sniffing’ programs. It seems the hackers are always one step ahead of the wireless designers and manufacturers. I’ll cover many of those issues and practical ways to deal with them in future posts.

I always welcome your comments and suggestions. Need help securing your business from data thieves? Just give me a shout and I’ll be glad to give a hand. Thanks for listening!

Email: D a v i d  a t npgcomputers D o t  C o m.



Quick Bio: My tech life has involved small to large data networks, server installation and administration, virus / spyware removal, data backup and recovery, wired / wireless security, programming and other tech things since 1987.

Malware Removal Secrets Revealed – Page 2

Now that you have went through this initial process, the rest of the tools will be a piece of cake so I won’t bore you with the exact how-to’s. Just keep in mind that for many of the tools listed you may have to manually add a check to some of the ‘issues’ or malware they find, then click Remove (or Delete, etc.).

So here is the list, in order, of the required tools you should download and then Run as Administrator in SafeMode. Most if not all can be found on

RogueKiller (Check all tabs and select everything)
MBAR (MalwareBytes Anti-Rootkit)
ADWCleaner (allow it to reboot normally, then reboot into Safemode)
JRT (always reboot normally, then reboot into safemode after it runs)  No longer applicable
MBAM (MalwareBytes Anti-Malware)
ComboFix (only for XP, Vista and 7)
WISE Registry Cleaner (Choose fix everything that it finds)

Then open a command prompt as administrator and run ‘SFC / Scannow‘.
Then run Windows Update. Install all updates.
Open each internet browser (Internet Explorer, Chrome, Firefox, etc.) and check for any odd add-ons or extensions. Check the default home page. Check for odd search providers.

Now open Control Panel and go to Add/Remove Programs or Programs and Features depending on your version of windows. Scroll through the list of installed programs and check for anything that looks like a coupon/ad/bargain type of program. Most of those are garbage and most will get removed by ADWCleaner or JRT, but not always.

Once that is done, run ADWCleaner again.

Now check your Anti-Virus. Is it expired? If so uninstall it and download MalwareBytes Free Trial Avast Free Antivirus from or AVG Free Antivirus at Now run a complete scan.

Open each web browser again and enable the antivirus extension when it asks you.

You should be good to go unless it’s royally fouled up. There are so many other issues that can come up it would be impractical to try and cover them all here. But the majority of malware/virus issues can be resolved by taking the steps outlined in this article.

Well, there it is. The skinny on a proper cleanup using nothing but freely available tools and your own blood, sweat and tears.

If you have any questions feel free to comment on this post and I will do my best to help you out. You can also reach me by email at: d a v i d  at  npgcomputers  d o t com. Have a great day!