How Rob lost control of his bank accounts to a phone scammer

I’ve been following Rob’s blog for several years. I enjoy reading what he writes about. He is also the developer of a couple of Mac apps that I use.

I felt bad for Rob after reading his blog post about how he had recently lost control of his bank accounts to a phone scammer. His story is well worth reading. It may save you from falling for the same or similar phone scams.

How I lost control of our bank accounts to a phone scammer | The Robservatory

Holiday Sale: Save 50% on all Enpass password manager plans

This is directed at those of you who are in the market for a password manager. I’ve been using Enpass for several months and am very happy with it.

I’ll mention that Enpass moved to subscription a few weeks ago but they also have a lifetime license and with the sale you, can get a lifetime license for just $24.99.

A special deal for the Holidays: 50% off on all Enpass plans

Enpass will be on sale with a discount of 50% on all app stores – while you can get a lifetime license for only $24.99, you can also get an Enpass Premium subscription starting for as low as $0.49 per month. And, of course, the full-featured desktop versions of Enpass – macOS, Windows, Linux – are completely free.

Note that this is a limited time offer, starting from December 24, 2019 and valid till January 2, 2020. So, don’t wait and unlock the full version of Enpass at this special discounted price. Spread the word to help your friends and family members get started with safe and secure password management.

My choice for a Safari 13 content blocker on Mac

With Safari 13 my favorite Mac ad and tracker blocker uBlock Origin, along with a few other extensions, no longer work. Because of this, I have switched to Firefox as my main browser. That said there will still be times when I will want to use Safari and will want an ad and tracker blocker.

I tried Ghostery Lite but I had two issues with it. It doesn’t block YouTube ads and I didn’t like the way it handles space left behind by blocked ads.

For now, I’ve settled on Wipr. Wipr blocks all ads, trackers, cryptocurrency miners, EU cookie and GDPR notices, and other annoyances. I also switched to Wipr for Safari on my iPhone and iPad in place of BlockBear. BlockerBear was working fine but for consistency, I switched to Wipr.

Day One encryption

I have been using Day One for going on three years now. One concern I’ve had is that journals by default are encrypted but with Day One holding the encryption key. This means that someone at Day One might be able to access my journals. Journals with Standard encryption are also exposed to a data breach or security glitch. This has caused me to limit what I write in them.

Now, after reading Shawn Blanc’s ”Best Journaling App for iPhone, iPad, and Mac” on The Sweet Setup I’ve taken his advice and enabled End-to-end encryption for all my journals.

Shawn Blanc:

End-to-end encryption is not turned on by default for providing the best type of security for your journal entries, as users must maintain their encryption key at all times to unlock journals if necessary. As Day One’s FAQ puts it:

When using end-to-end encryption, it is essential you save your encryption key in a secure location. If you lose your key, you will not be able to decrypt the journal data stored in the Day One Cloud. You’ll need to restore your data from an unencrypted locally-stored backup.

We recommend turning on end-to-end encryption whenever you create a new journal to ensure your data is always kept safe and secure. Save your encryption key in an app like 1Password or a locked note inside Notes.app and never lose the key.

Now no one has access to my journals without the encryption key. I keep it in 1Password.

Watch out for Apple Phone Phishing Scams

Security researcher Brian Krebs on his Krebs on Security blog recently outlined one of the latest phishing scams he’s seen, where an incoming phone call appears to be from a legitimate Apple support line. I’m writing about this to make you aware so that you don’t fall for the scam. Please take the time to read the blog post so that you know how the scam works.

Brian Krebs, writing for Krebs on Security Apple Phone Phishing Scams Getting Better — Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Westby said earlier today she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.

Apple support also offers a document on how to Avoid phishing emails, fake ‘virus’ alerts, phony support calls, and other scams – Apple Support

Web Finds for October 2, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

Apple, Firefox tools aim to thwart Facebook, Google tracking
New protections in Apple’s Safari and Mozilla’s Firefox browsers aim to prevent companies from turning “cookie” data files used to store sign-in details and preferences into broader trackers that take note of what you read, watch and research on other sites.
Via AP News

National Cybersecurity Awareness Month: Cybersecurity at Home | US-CERT
October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.

NCCIC encourages users and administrators to review NCSA’s guidance for online safety basicsand the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for additional information.
Via US-Cert

How to Delete Your Facebook Account: A Checklist
Here’s a guide on how to delete your Facebook account.
Via lifehacker

Previous Web Finds are here.