Checklist 325: Alerts on Alerts!
On this week’s Checklist:
- How to handle extortion fraud
- HomePod’s new safety feature
- Worse than juice jacking?
What is extortion fraud—and how can you avoid it?
Extortion fraud is when an attacker threatens to release compromising material if their target does not comply with their demands.
Extortion fraud usually comes in the form of an email filled with threats and vague technical language. The sender says they’ve hacked your system (somehow), that they have your web history and all of your private messages and photos, that they’ve recorded you with your own webcam. They say they’ll release all of it to your contacts unless you pay them—or send them even more compromising material!
The thing is…it’s all a big scam. They pick people at random and send out these emails, hoping that someone panics and caves in. McAfee offers some good tips on how to stay safe from extortion fraud:
- Stay calm and take a breath. Remember that scammers always want you to act without thinking.
- Be skeptical. Consider that if someone actually had incriminating files, they’d probably send you some of it as proof. Is there any actual evidence that they have your files?
- Remember that bad guys sometimes obtain passwords in data breaches—without being able to access the account. So just because someone says “I know your password is ‘password123’” doesn’t mean that they actually have access to your account. (Also, if your password is password123, please change it immediately.)
- Do a search for keywords or passages from the email to put your mind at ease. You may find some of these online if other people have reported receiving the same scam email.
- Don’t interact with the sender or click on any links.
- If you don’t know what to do, get help. Extortion is a crime, and law enforcement takes it seriously. You can also contact a trusted cybersecurity provider for help.
A HomePod security feature
AppleInsider says a new HomePod Sound Recognition feature can recognize household alarms: smoke detectors, carbon monoxide detectors, etc. The feature can be set up to send you an alert about an alarm when you’re not at home. According to AppleInsider:
This critical alert will appear on your iPhone, iPad, or Apple Watch and will trigger if you are in or out of your home.
Insider says that if you receive one of these alerts, you can tap it to launch Home and access a livestream of the audio or video from the HomePod that sent the alert.
If you haven’t seen this feature yet, you may need to upgrade your Home architecture. To do this, go to the Home app > Home Settings > Safety & Security.
To turn on the safety feature, says AppleInsider, first go to Home. There you will see “an alert at the top of the whole-home view about the new security feature.” Tap Continue to begin the setup process. After reviewing the feature in Home, tap Turn on to enable it.
Dangers in public Wi-Fi
What’s a bigger threat than juice jacking? One expert says it’s the malicious version of something we use every day: public Wi-Fi.
A piece in 9to5Mac quotes Candid Wuest, VP of Global Research at Acronis:
Juice jacking attacks against smartphones can lead to more severe compromises, but the likelihood of them happening is much smaller compared to coming across rogue WiFi access points. Yes, attacks are possible, but they are not easy to conduct. Fake WiFis are quite popular, which might reveal credentials on unencrypted services or websites…
All the more reason to be careful when connecting to unknown public Wi-Fi networks—and to use a mobile VPN if you absolutely have to go online using public Wi-Fi.