Each time the phone now rings it feels like a thief is breaking into your home. Sure enough, you check the call display and recognize the number as a telemarketer who keeps pestering you – despite your best efforts to get them to stop. When it gets to this point and nothing works, it’s time to file an official complaint. But how? [Image credit: iStock.com/elenaleonova]
How’d they get your number anyway?
If you don’t recall giving out your phone number to a telemarketing company, chances are you probably didn’t. According to the Canadian Radio-television and Telecommunications Commission (CRTC) website, telemarketers can get it without your consent or knowledge in a few ways:

• From companies that are in the business of generating lists of numbers
• From contest forms or applications that you fill out
• By selecting random numbers to call
• From companies that you deal with

Does having caller ID help screen calls?
The point of caller ID is to allow us to identify who is calling and if we wish to speak to that person. However, some sly telemarketers will mask or falsify the caller ID by using a practice called “spoofing”, a strong indication the call may not be legitimate.

• A spoofed number can appear as a string of digits (e.g., 000-000-0000 or 123-456-7890), a random number, another company or someone’s actual number
• Telephone fraud, called vishing, is very much like computer fraud, referred to as "phishing" or "brand spoofing" according to the RCMP, in that callers deliberately misrepresent who they are to trick people into keying in information such their account numbers, personal identification numbers (PINs), or passwords using the telephone keypad. The fraudster can also ask the victims to confirm some personal information like home address and place of work.

If you receive a telemarketing call you believe has a spoofed caller ID, or keep getting unwanted calls, by law you're entitled to file a complaint. Where should you begin?
How to kick-start the complaint process
There are four key steps involved should you wish to file a formal complaint to the CRTC against an aggressive  telemarketer who won't take “no” for an answer.
1. Register your number with the DNCL
Before filing a complaint, you must first register your number with the National Do Not Call List (DNCL). Although this will reduce the number of telemarketing calls you receive on your residential, wireless, cell, fax or VoIP telephone, it will not eliminate them completely. Why? Some are exempt from the DNCL rules including telemarketing calls made by, or on behalf of:

• Canadian registered charities
• Political parties, riding associations and candidates
• Newspapers of general circulation for the purpose of soliciting subscriptions

2. Answer your phone
If your number is registered with the National DNCL and telemarketers continue to harass you, you should still pick up even if you know the caller is a telemarketer. The reason? To gather information that the CRTC could potentially use against people or companies that don't comply with the DNCL guidelines.

3. Collect details of your conversation with the telemarketer
Before filing a complaint with the CRTC, you’ll need the following information:

• The telephone number that received the telemarketing call
• The telephone number and name of the telemarketer that appeared on the caller ID screen or that the person on the phone gave you
• The date of the call
• The exact time of the call as it appeared on the caller ID screen
• Whether your complaint relates to a fax, residential, or business number
• Any other information you have that relates to the call

4. Report the incident as soon as possible
After you have this information, you can file a complaint in one of several ways:

• Online through the National DNCL website.
• By phone (toll-free) at 1-866-580-DNCL (1-866-580-3625).
• If you are calling from a TTY device at 1-888-DNCL-TTY (1-888-362-5889).

The sooner you report the incident, the better. Generally, the details will be fresher in your mind and the trail for investigators will still be warm.

• To formally file a complaint about fraudulent calls or a spoofing incident, you can contact the Canadian Anti-Fraud Centre at 1-888-495-8501.

What happens next?
The National DNCL operator collects all consumer complaints, conducts an initial assessment of each one, then hands them over to the CRTC. The CRTC then determines whether a complaint warrants further investigation and may:

• Ask for additional details from the consumer
• Require more information, on-site visits and/or interviews with the telemarketer
• Request information from third parties, e.g., telecommunications service providers

The potential outcome
If the CRTC determines a telemarketer has violated a DNCL rule, it can take measures to bring telemarketers into compliance, including issuing a citation requiring the telemarketer to take immediate corrective action.

•  In some cases, if they do not comply, they may be fined $1,500 for an individual and $15,000 for a corporation.

Although many companies use telemarketing as an honest means to market their products or services, most people find the practice to be intrusive and annoying. So the next time the phone rings and it’s a telemarketer, it’s good to know you can do something to put an end to the calls.
Since unscrupulous telemarketers are everywhere, why not share this article with friends and family so they’ll also know how to stop unwanted calls.


Originally posted on:
canada411.yellowpages.ca/tips/how-to-file-a-complaint-against-annoying-telemarketers/

by Marlene Eisner
Have you or someone you know ever been a victim of vishing? The term, which blends the word ‘voice’ with ‘phishing,’ refers to a telephone scam to trick people into revealing critical financial or personal information that can be used for identity theft. Read on to find out what you can do to avoid this happening to you, and what to do if you are a victim of vishing.
Vishing: what does that even mean?
We’ve all heard of phishing: those emails that pop up in your inbox, usually from a financial institution, urging you to click on a link and enter some personal information to fix your account. In reality, the link leads to a convincing, but fake, website, and your personal information is used to access your accounts or for identity fraud. The goal of vishing is similar, but the scam takes place over the phone using voice technology and reaches people through:

• Voice email
• Voice over IP (VolP)
• Landlines
• Cell phones

How it works
A potential victim receives a phone call from a computer-generated voice. The message of the call is that there has been suspicious activity in a credit card account, bank account, mortgage account or other financial service in the victim’s name.
The victim is then told to call a specific toll-free telephone number and provide personal information, like a bank account number, to “verify your identity” or to “ensure that fraud does not occur.” Sometimes the victim is asked to transfer money into a new, ‘safe’ account.
If the attack is carried out by telephone, do not rely on caller ID: the person doing the vishing can use a caller ID spoofing software that will show a legitimate source on the victim’s phone. (Spoofing is a practice that allows a caller to hide their identity. It shows a caller ID other than their actual number on the receiving phone’s caller ID display. This is often done by callers with malicious intent.)
What to do if you suspect vishing?
To avoid becoming a victim of vishing, always be suspicious of any unsolicited telephone message that sounds like you may be a target of illegal activity. Then follow these steps:

• Don’t give out any personal information until you have verified whether the company is legitimate.
• Instead of calling the number given in the unsolicited message, call the financial institution or company in question using a phone number you have looked up yourself, to verify all recent activity and to ensure that the account information has not been tampered with.
• Contact the Better Business Bureau in your province or territory and ask questions about the company.

What if vishing happens to you?
If you are a victim of vishing and have provided personal information, write down what has happened and when the fraud began. Follow the steps below, taking notes on the people you spoke with and exactly what they said.

1. Contact your local police and file a police report.
2. Contact all companies with accounts you feel may have been compromised.
3. Contact the two credit bureaus in Canada, Equifax and TransUnion. Ask that a “Fraud Alert” be placed in your credit file. At the same time, order copies of your credit report and review them. Make sure all the accounts and debts that show up on your report are yours. Report any incorrect information to the credit bureaus.
4. Report the incident to the Canadian Anti-Fraud Centre (CAFC) toll free at 1-888-495-8501 to report the fraud and get advice.

No one wants to be scammed and by arming yourself with some basic information – and protecting your personal information – you can avoid becoming a victim of vishing. We encourage you to share this article with the people you care about to help protect them against vishing and other scams.

Originally posted on:

canada411.yellowpages.ca/tips/vishing-how-to-identify-it-and-what-to-do-about-it/

On your smartphone, be careful not to open a link that is included in a message, when receiving an sms text message from an unknown or  suspicious sender.  It could be a potential phishing attack. 

The story below is a little over a year old, however it shows how important password management is, and how no one is immune from being hacked, even Facebook's co-founder and CEO, Mark Zuckenberg!

Mark Zuckerberg hack a cautionary tale about password security
Facebook founder's privacy breach demonstrates how bad many of us are at keeping data protected
By Dan Misener, for CBC News Posted: Jun 07, 2016 3:32 PM ET Last Updated: Jun 07, 2016 3:35 PM ET

Facebook founder Mark Zuckerberg recently had his Twitter and Pinterest accounts hacked. The incident highlights the need for secure passwords, says CBC technology columnist Dan Misener. (Eric Risberg/Associated Press)
 (Note: CBC does not endorse and is not responsible for the content of external links.)
Even tech billionaires get hacked sometimes.
Case in point — Facebook founder Mark Zuckerberg's Twitter and Pinterest accounts were recently compromised.
How did Mark Zuckerberg get hacked?
You might remember that back in May, LinkedIn confirmed that more than 100 million passwords had been leaked.
If you have an account on LinkedIn, you might have received an email about this. And it seems Mark Zuckerberg's LinkedIn password was part of the breach.
According to the group claiming responsibility for the hack, his password was pretty weak — "dadada." It was known that he'd recently become a father, so that's not a hard password to guess.
So it seems hackers were able to gain control of his Twitter and Pinterest accounts, by using that same password. 
The implication is that Mark Zuckerberg, like many of us, used the same password for a number of different sites and services.
Are there other password leaks we should be worried about?
During the same weekend news broke about the Zuckerberg hack, news emerged that the social network VK was also hacked, and 100 million passwords were leaked. VK isn't big in here in Canada, but it is the largest social network in Europe, and it's especially popular in Russia. 
These VK passwords were reportedly stored in plain text, with no encryption. And that leak gives us some interesting insight into the kinds of passwords people choose.
Spoiler alert: most people's passwords are not very strong.
The most popular leaked password was "123456." The second most popular password was "123456789." And in the third spot: "qwerty."

A few of the most commonly used leaked passwords for MySpace accounts, according to LeakedSource. (LeakedSource.com)
Another major breach came to light in May, when the website LeakedSource — which maintains a searchable database of leaked records — said more than 360 million MySpace accounts were being shopped around on dark web marketplaces.
Once again, the Myspace breach gives us a peek into our collective bad password hygiene. Among the most popular passwords were "password1," "abc123," and the ubiquitous "123456."
I'm not Mark Zuckerberg and I don't use LinkedIn. Do I need to worry about these breaches?
Yes. Even if you're not a high-profile target like Mark Zuckerberg, and even if your own personal password never gets leaked, these types of data breaches affect us all.
When millions of passwords get leaked — as we've seen with LinkedIn and MySpace and VK — that information helps hackers get better at their jobs, according to Carleton University computer science professor Anil Somayaji.
Carleton University's Anil Somayaji says data breaches affect us all, since they help hackers get better at cracking passwords. (YouTube/Carleton University)
"In order to crack passwords, they have to guess passwords," he said.
"What's the best way of guessing a password, other than having examples of passwords? It's no question that these big data dumps teach the password crackers what kind of passwords people pick."
So even if your personal details aren't leaked, these massive data breaches have negative security consequences for everyone, because it's one more tool in the hackers' toolkit.
How do I know if my password has been part of a leak?
There are tools out there that can help with this. My favourite is a site called HaveIBeenPwned.com. 
It's a searchable database of accounts that have been compromised in data breaches. You go to the website, enter your email address or username, and it searches through almost a billion records of accounts that have been leaked.

The website Have I Been Pwned? provides a searchable database of accounts compromised in data breaches. (HaveIBeenPwned.com)
What I like most about the site is that it has an option to notify you about future breaches. So if, for instance, next month there's a major data breach of a social network, and your account is part of it, they'll email to let you know. And that, of course, is a good indication you should change your password immediately.
What can I do to keep my accounts safe?
It seems that Mark Zuckerberg's Pinterest and Twitter accounts got hacked because he used the same weak password across more than one site. So rule number one: don't re-use passwords. You want a unique password for every site and service you use.
Second, Anil Somayaji suggests that you turn on two-factor authentication for your most important accounts.
That may involve, for example, entering a code that's sent to you by text message along with your usual username and password combination.
"Do it for the ones that you really care about — your email accounts, which are generally the foundation of your online identity, and your financial institutions," he recommends.
Finally, you want a good strong password. That means easy for you to remember, difficult for someone else to guess.
And obviously, something better than "dadada."


CBC  2017  http://www.cbc.ca/news/technology/zuckerberg-hack-1.3619265

Historical hacks come back to haunt, and fresh breaches bite our behinds

If you thought last year's breach of over three billion records (and then some) was bad, this year has seen its fair share of headaches.
From hacks, attacks, ransoms, and even extortion attempts, we're only part way through the year and already we've collectively seen millions of records stolen and a wealth of classified hacking tools leaked (that led to its own set of issues).
There's a lot to take in. Let's take a look back at some of the biggest -- and most dangerous -- hacks and leaks of the year so far.
Bell Canada ignores hacker's threat to release 1.9 million customer records Bell Canada, Canada's largest teleco, was hacked in May. The company declined to pay the hacker to stop the release of the 1.9 million customer records stolen. A portion of the data was subsequently leaked online.

Education platform Edmodo breach exposes 77 million accounts The education platform was attacked in May by a hacker who put the database for sale on the dark web. According to Vice's Motherboard, which verified the breach, the data includes usernames, email addresses, and hashed passwords.

Mac video encoder HandBrake was infected with malware Thousands had a 50-50 chance of being infected with a remote access trojan in early May after HandBrake, the video encoder for Macs, was infected with malware. Those infected were at risk from thieves stealing login credentials from OS X Keychain.

A fraction of users hit by HipChat breach HipChat, the workplace chat platform, was breached by hackers in April, following an attack on one of its cloud apps. HipChat wouldn't say how many users were directly affected, only that there was evidence that messages and content in rooms may have been accessed for less than 0.05 percent of all users.

Payday lender Wonga breached, affecting 270,000 accounts Wonga, the payday loans company, confirmed a breach in April, affecting more than one-quarter of a million lenders. The breach came just a couple of months after a hacker stole stole £2.5 million from 9,000 online customers at Tesco Bank.

WannaCry ransomware plagues thousands in massive global cyberattack Thought to the be the biggest ransomware attack of its kind, the WannaCry ransomware was only successful thanks to the NSA losing control of its key hacking tools. That led the hackers to install backdoors that channeled the ransomware on millions of computers. Within days, Congress introduced a bill that would prevent the government from stockpiling cyberweapons.

ZDNET  Published: June 7, 2017

 ZDNET  2017  http://www.zdnet.com/pictures/biggest-hacks-leaks-and-data-breaches-2017/

Check out the link below on a story that affected mining and casino operations in Canada. http://www.cbc.ca/news/technology/canada-mines-casinos-hacked-ransom-extortion-fireeye-fin10-1.4162940

Have you ever wondered if a particular website that you're going to is safe?  Could it be a phishing site, or could the site download a script to your computer?  Before you hit that "enter key" and connect to the site, there's a tool that you can use to check out the safety of the site.  I don't recommend using this tool for every site that you go to, just the odd one that you might be suspicious about.  Open this website https://www.virustotal.com/  and copy the URL of the suspicious site that you want to check.

 That's all there is to it.  If you get a favorable detection ratio result, then you shouldn't be worried about going to that site.  You can also scan a suspicious file on your computer in a similar way.  (There's an add-on that can be installed to your web browser called WOT (web of trust) that automatically notifies you of a dangerous website. I don't recommend this, as there has been some questionable things that the website owners have been doing with data extracted from the computers using this add-on.)

For those using computers with older operation systems (Windows XP), On June 13th, Microsoft released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month.
https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms