Have you watch the disturbing 10Play program, Mirror Mirror?

It "investigates how the internet is affecting our relationships and what impact this is having on our lives." 

It start straight away by talking about the Omegle website, a site that many parents are totally oblivious to.

This website allows anyone to 'Talk to Strangers' - and those strangers could be disgusting people who are targeting vulnerable children. 

I received a message today from a cybersafety educator and his psychologist sister, Marty and Carly McGuaran. Marty and Carly run a wonderful business called Inform and Empower, and regularly present to school parents on digital wellbeing and safety. We have previously consulted on the topic of parental controls on Apple devices. 

Carly and Marty contacted me today after viewing the Mirror Mirror program, to let me know that they have noticed a major flaw in the Screen Time controls that Apple provides for setting parental controls.

In the last year there have been so many vulnerabilities that have required updates to the operating systems on our mobile devices and computers. One related to a vulnerability that could result in our home routers being hacked.

So, how do you know if your router was impacted?  How would you know if hackers gained access to your own home's device? And what could happen if your router has, in fact, been hacked?

​The theft of mobile numbers - which can happen if someone gathers enough information about you (via 'snail' mail theft, social engineering, or other means) to set up a new SIM in your name and transfer your mobile number to that SIM - has been reported at various times in the press over the last 12 months or so.

It is known as 'mobile number porting', and can happen when some is the victim of identity theft.

• Here is such an article on 'mobile number porting', from June 2017.
• And here is the Money Smart website article about identify theft and fraud, and how to prevent it.

Can I request a 'password reset' text from my bank?

​I must say that I did check my own bank account after receiving Jeff's email, curious to see if my bank (Commbank) would text a password reset link to my mobile number if I chose their 'forgotten password' option.

Fortunately, Commbank requires you to enter 2 pieces of information before it will send you a message with a 'password reset' link.  You must provide a card number and your ATM PIN.  If your PIN is easily guessed (for example, it is your birthday, anniversary, or your postcode), then you could be in trouble.

If you can't provide the required two pieces of information, then you would have to call the Commbank call centre or visit a branch - and presumably convince the person on the other end of your identity.

What does your own bank require?  Can you request that a password reset link be sent to your mobile?

Do any of your online accounts send a 'password reset' link (or a password) to your mobile number?

It is worth definitely worth considering what might happen to all of your online accounts if someone was able to steal your mobile number. 

I know that Telstra will send you a text with your Bigpond account password, as long as you provide a few identity details - identity details that are no so difficult to obtain if you are a scammer!

The person who steals your mobile number could then log in to your Bigpond email account.  Once there, they could do a heap of password resets for your online accounts that use that email address - given that many online accounts will let you choose a 'forgotten password' option, and send an email with a link for resetting the account password.

Personally, I never use my Telstra Bigpond email address to register for any online accounts. That way, if someone was to get access to my Bigpond account, it would not be much use to them.  For all my other online accounts, I have 'two step verification' in place (or two-factor authentication) as an extra 'layer' of protection'.

Here's an article from iTandCoffee about this extra security measure:

• How to stay safer online - adding an extra layer of protection

  
The issue with two-step-verirfication if your mobile number is stolen

If your mobile number is stolen, you should consider which of your accounts has 'two step verification' in place - where a text is sent to your mobile with a code to enter after you have attempted to log in with your username/email address and password.  

While two step verification (or two factor authentication, if offered) is a 'must do' on all online accounts, it is of little value if your mobile number is stolen - especially if you have used the same password on lots of online accounts, and the thief/hacker has discovered that password.  You will no longer receive that 'protective' number code - the thief/hacker will.

Act quickly 

If ever you suspect you are the victim of the theft of your mobile number or any online account has been breached, act as quickly as you can to change passwords and contact your Telco and Bank.

If you need help with password resets (or any other security matters), iTandCoffee in Glen Iris can help.  Just call 1300 885 420 to make an appointment.

How was Jeff's friend hacked? 

For the example described above by Jeff T, I would wonder if the person involved had been caught out (perhaps without even realising it) by a phishing email, and given away her online banking details or other identity details, including her mobile phone number. 

Or she may have had her email and password stolen from some website that had been hacked, and may have used the same password for other online accounts (a big no-no!).  

She may have had an easy-to-guess PIN for her bank account.

Perhaps they had obtained personal information about her from her social media world; perhaps they had stolen statements or other letters from her letterbox.

While phone number porting scams are scary, I am sure that the scammers would not have been able to gain access to the victim's bank account simply by having a SIM with her mobile number. 

This one nearly made me click!  Have a close look at these emails (click to enlarge) and see if you can spot the differences - the things that indicate that one is a fake.

Having only recently received a real email from ASIC about the renewal of the iTandCoffee business name, I really had to look twice (and three times) at the 'same' email that I received this week.

Given that I have registered two business names, my initial reaction was to believe that the email was real.  Can you tell which one is real?

Working out which is legitimate

But, as I always do with any email before clicking on any links or opening/downloading any files, I had a look at who the email was from (by clicking on the email address) - and it was definitely not ASIC.

The address attempted to look like an ASIC address - asic.transaction.no-reply@asicsaustralia.biz - so could easily catch out many people.

Another giveaway was that there was no mention of my name, or business name in the email - it seemed very generic.

I also used the 'Quick Look' feature in my Mac Mail to preview the web page associated with the 'Pay now' link. (Hover to the right of the link and click the 'down-arrow'. You can also just hover the mouse over the link to see what website it links to. On the iPad or iPhone, hold your finger on the link to see a screen that shows the link's website address at the top.)

And boy, did the preview look authentic.  But the giveaway was that the website shown at the top (see the red arrow above) was NOT ASIC.  

What would have happened if I 'clicked'?

In fact, the 'Pay now' link did actually 'redirect' to the real ASIC website (after first taking me to the eoaclk.com website).  Obviously the scammers want you be believe they are ASIC, so that you will click the 'renewal notice' link a bit further down.

Clicking the 'renewal notice' link would have downloaded malware, a virus, or even ransomware - so I dared not click it on my Mac to find out which!  (I could see on my iPhone that this link would have downloaded a ZIP file to the computer - I'm sure containing all sorts of 'nasties'.)

Here is the article on the ASIC website, describing this scam.

Be alert to scam emails like this. Always be sure the sender is legitimate before clicking any link or downloading/opening any file in an email.

Do you need further help?

We have a free video that demonstrates how to detect a fake email - here is the link:

• How to detect a Scam email

If you need further help in assessing whether an email is real or a fake, you can forward the email to iTandCoffee (at scamwatch@itandcoffee.com.au) and we will check it for you to let you know if it is safe.

If you are looking to learn more about your Mac, why not attend our great class series, called 'Getting to know your Mac' - check out the dates below.

In my daily check of my Apple News app, where I have set up a 'topic' that provides me with daily 'computing and information technology news', I saw a concerning article about the release of over 700 million email addresses online.  

For some of these email addresses, passwords were also available - hacked from who knows where!

Here is the article for anyone wanting to read about this:

• 711 million email addresses ensnared in "largest" malware spambot    

Have you been 'pwned'

​As mentioned in the above article, it is possible to visit a website that tells you if your email address is available on any known list of 'hacked' email addresses - including this new massive list.

The website is haveibeenpwned.com.  Just enter your email address to see if it is on any list.  

I was surprised to find my own iTandCoffee email address was on this new list!  It was not on any list last time I checked, so this leaves me wondering which of the many online services I use has been 'hacked'.

So as a precaution, I have changed my password for the impacted email account, and for other key accounts that use the email address.  

​Now I need to see where else I have used this email address, and decide if password resets are needed!  Ow.  

At least I have a different password for every online account, which minimises any 'damage' if anyone does have more than the email address. And I have put all these different passwords into my 'password safe' on my iPhone. This means that I always have easy - and secure - access to my passwords whenever I need them, either from my iPhone or iPad.

(If you are an iTandCoffee Club member, you can watch the members-only video about how to set up a password safe on your iPhone/iPad. Here is the link to this video» 
If you are not yet a member, find out more about The iTandCoffee Club here »)

How to change your online passwords

If you need to change your password for your various online accounts, here are links to the relevant pages on some of the important ones:

• Google:  myaccount.google.com/security
• Hotmail/Live/Outlook.com: account.microsoft.com
• iCloud: appleid.apple.com
• Bigpond: See the details on this Telstra webpage.  Note that, if you change your main account's password, you may need to change some modem settings (if you have an ADSL internet connection).
• Paypal - See details on this Paypal help page
• ​eBay - reg.ebay.com.au/reg/ChangePwd

Need further advice or help?

​If you need advice on how to change any other online passwords, just leave a comment below.  Or if you would like assistance with making changes to your passwords, book a time with iTandCoffee.  Book online here or call 03 9886 0814 or 1300 885 420.

You may have seen reports in the press last week about a lady in Melbourne who was scammed out of $46,000 when she fell for a phone scam.  

Details are reported on the Victoria Police website:  Police warning re iTunes card scam. Here is an extract from the article.