When you follow a link in Safari, you generally don’t know where you’re going to end up. That’s fine most of the time, but what if you’re concerned that a site might be trying to trick you into going somewhere malicious? Safari provides an easy way to look at the URL under a link. On the Mac, choose View > Show Status Bar, hover your pointer over the link, and look at the bottom of the window. In iOS, touch and hold a link (don’t press for 3D Touch) until a popover appears, showing the link and giving you options for opening it. The most important thing to look at is the domain—us.norton.com in the screenshots. It should match where you think you’re going, or at least look reasonable. If the URL is dubious, don’t follow the link.
Block Telemarketing Calls Automatically on Your iPhone
Junk calls are one of the great annoyances of the modern world. You’re minding your own business when your iPhone vibrates in your pocket. You pull it out, curious as to who’s calling, but don’t recognize the number. You may notice that it’s in the same exchange as your phone number, suggesting that it’s a neighbor. But no. When you answer, it’s “Heather,” a pre-recorded voice wanting to sign you up for a resort vacation, give your business a loan, or help with your credit card debt. Angered by the intrusion, you tap the red hangup button, wishing you had an old-style telephone receiver to slam down.
There’s no way to retaliate against these scum-sucking bottom feeders, and the best option is to hang up immediately. For quite a few versions of iOS, you’ve been able to block a caller manually—just tap the i button next to the call in the Recents screen in the Phone app, scroll to the bottom, and tap Block This Caller. But that’s seldom worth doing since telemarketers often spoof the numbers they call from, so it’s unlikely you’d get a second call from the same number.
Instead, we recommend taking advantage of a feature Apple introduced in iOS 10 that enables apps to block calls for you. Quite a few of these apps have appeared, with some of the best reviewed being Hiya, Mr. Number, RoboKiller, and Truecaller. Hiya and Mr. Number are both free and from the same company—Mr. Number is a stripped-down version of Hiya—whereas RoboKiller and Truecaller require an in-app purchase for a monthly membership.
In general, these apps work by receiving caller ID information from iOS and comparing it against both your local contacts (to identify good calls) and a constantly updated database of numbers used by telemarketers (bad calls). Calls from your contacts ring through normally, as do calls from phone numbers not in either of those sets. That’s key, since your doctor might call back from a secondary number, or your kid’s new teacher might call to talk about an upcoming snack day. But if you receive a call from a number known to be used by a telemarketer, the app can either identify it on the incoming call screen or block it automatically, sending it to voicemail.
To enable one of these apps, after you download it from the App Store, go to Settings > Phone > Call Blocking & Identification and enable its switch. You’ll probably also have to do some setup in the app itself, providing your phone number, perhaps creating an account, and determining what should happen with different calls (Mr. Number is shown below, right).
With Hiya and Mr. Number, you can copy a number from the Phone app’s Recents screen (tap the i button for a call, and then press the number to access a Copy button) and then look it up to learn more and see comments other users have made. And if you get a telemarketing call from a number that the app doesn’t recognize, you can submit it to protect others.
RoboKiller claims that it wastes the telemarketers’ time by playing pre-recorded “Answer Bots” conversations to keep them on the line, preventing them from calling more people.
Details vary by app, but the only real downside to using one of these apps is that it may ask for information about you or your contacts to improve its services. If that feels intrusive, investigate one of the apps that requires a membership, like RoboKiller, to see if it better answers your concerns.
In the end, it comes down to how many telemarketing calls you receive each day, week, or month. If you’re lucky and get only one or two per month, it’s probably not worth messing with a call blocking app—maybe just send unidentified (and unexpected) calls to voicemail. But if you’re interrupted by multiple junk calls per day or week, give one of these apps a try and let it reduce the onslaught.
Gone Phishing: Five Signs That Identify Scam Email Messages
Ignore Unsolicited Calls and Texts from Apple and Other Tech Companies
We don’t want to belabor the point, but multinational tech companies like Apple, Facebook, and Google will never call or text you personally out of the blue. So if you get a call or text purporting to be from such a company, it’s 99.9% likely to be a scam, and you should ignore it regardless of whether the caller ID seems legitimate. If you’re still worried, look up the company’s tech support phone number separately—never respond directly to such a call or tap a link in a text—and discuss the situation with the support reps. Or contact us, and we’ll talk it through with you.
This Is Hands-Down the Easiest Way to Give Someone Your Wi-Fi Network Password
You know the drill—a friend comes to visit and wants to get on your Wi-Fi network. You’ve written the password down somewhere, but where? Even if you have it handy, it’s a pain for your friend to type in. Since macOS 10.13 High Sierra and iOS 11, Apple’s operating systems can make connecting a lot easier. Have your guest choose your network, and then put their device next to one of your devices that’s awake and connected to the Wi-Fi network. As long as you have a card in your Contacts app whose name matches your friend’s My Card in their Contacts, your device should ask if you want to share the Wi-Fi password with them. Just tap Share Password when prompted and you’re done!
Don’t Freak Out If You Get Blackmail Spam Containing an Old Password
Have you gotten an email message whose Subject line says something like “Change your password immediately! Your account has been hacked.”? If not, it may be only a matter of time before you do. It’s a scary message, especially because it contains one of your passwords, some threats, and a demand for money. Worse, the password is likely one you’ve used in the past—how could the hacker have discovered it? Has your Mac really been taken over?
Relax. There’s nothing to worry about.
This “blackmail spam” has been making the rounds on the Internet recently—we’ve heard from several clients who have received it, and we’ve gotten copies too. The message purports to be from a hacker who has taken over your Mac and installed spyware that has recorded you visiting Web sites that aren’t exactly G-rated. The hacker also claims to have used your Mac’s camera to photograph you while you’re browsing said non-G-rated sites and threatens to share those pictures with your contacts and erase your drive unless you pay a ransom using Bitcoin.
This blackmail spam has raised so many pulses because it backs up its claims by showing a password that you’ve used in the past. Hopefully, it’s not one that you’re still using, because it was extracted from one of the hundreds of password breaches that have occurred over the past decade. Impacted Web sites include big names such as Yahoo, LinkedIn, Adobe, Dropbox, Disqus, and Tumblr—thieves have collectively stolen over 5.5 billion accounts. It’s all too likely that some old password of yours was caught up in one of those thefts.
Concerning as the message sounds, all the details other than your email address and password are completely fabricated. Your Mac has not been hacked. There is no malware spying on your every move. No pictures of you have been uploaded to a remote server. Your hard drive will not be erased. In short, you have nothing to worry about, and you should just mark the message as spam.
However, if you’re still using the password that appeared in the message, that is cause for concern. It means that any automated hacking software could break into the associated account, and it must be a weak password if the bad guys were able to decrypt it from the stolen password files. Go to Have I Been Pwned and search for your email address. If it shows up for any breaches, make sure you’ve changed your password for those accounts.
As always, we recommend that you create a strong, unique password for each of your Web accounts. The easiest way to do this is to rely on a password manager like 1Password or LastPass to generate a random password. Then, when you want to go back to that site, the password manager can log you in automatically. It’s easier and more secure.
If you’re still concerned about your passwords, call us and we can help you get started with stronger security practices.
Did You Know iOS 12 Lets You Add a Second Person to Face ID?
Touch ID lets users register up to five fingers that can unlock an iPhone, which has long been a boon for those who share access to their iPhone with trusted family members. However, users of the iPhone X haven’t been able to give a second person Face ID-based access, forcing those people to wait for Face ID to fail and then tap in a passcode manually. iOS 12 lifts that limitation, allowing a second person to register their face with Face ID on the iPhone X and the new iPhone XR, XS, and XS Max. To set this up, go to Settings > Face ID & Passcode. Enter your passcode and tap Set Up an Alternate Appearance. Then give your iPhone to the person who should have access and have them follow the simple setup directions.
Back Up Before Upgrading to Mojave or iOS 12!
Poll a room of Apple experts about the one topic they can’t stop talking about and many will launch into frustrated rants about how too few people back up. Backups are always important, since you can never predict when your Mac or iPhone will be lost or stolen, melt in a fire, or just break. But one time when backups are especially important is before you upgrade to a major new operating system. If you’re thinking “What could go wrong?” the answer is, “Lots, and wouldn’t you like to be able to revert instantly if something does?”
Mac Backups
On the Mac side, there are plenty of ways to back up, and a bootable duplicate made with SuperDuper or Carbon Copy Cloner is the best insurance right before you upgrade to macOS 10.14 Mojave. More generally, backing up with Time Machine ensures that you can not only restore your entire drive if necessary, but also easily recover a previous version of a corrupted file. Finally, since a fire or flood would likely destroy your backup drive along with your Mac, we always recommend an offsite backup made via an Internet backup service like Backblaze.
What happens if you don’t back up and your Mac gets damaged such that you can’t access important data? That’s when things get expensive, and if you have a 2018 MacBook Pro, you have even fewer options.
Historically, it was relatively easy to remove a drive from a broken Mac and recover the data from it. Data recovery got harder with solid-state storage, and even more so with the introduction of the first MacBook Pro with Touch Bar, thanks to Apple’s new T2 encryption chip, which encrypts data on the drive. To simplify last-ditch data recovery, Apple put a special port on the MacBook Pro’s logic board and provided a custom recovery tool for Apple Authorized Service Providers. With the 2018 MacBook Pro, however, Apple removed that port, so only data recovery specialists like DriveSavers can recover data from such damaged machines, and only then if they have the user’s password.
So please, back up your Mac before something goes wrong. It’s fast, easy, and inexpensive to get started, and we’re happy to help.
iOS Backups
We’ve all seen, if not experienced, a broken iPhone or iPad. They’re durable little devices, but they won’t necessarily survive a drop onto a sidewalk or into a toilet (yeah, it happens). And it’s way too easy to forget your iPhone at the gym or in a restaurant. So a backup is necessary if you don’t want to risk losing precious photos or having to set up a new device from scratch. Plus, just as with a Mac, things can go wrong during major iOS upgrades.
With iOS, though, you don’t need extra software or hardware. Apple provides two ways of backing up your iPhone or iPad, iTunes and iCloud. Neither is necessarily better or worse, and you can—and should!—use both for added safety. We’ve seen situations where an iPhone would refuse to restore its files from iTunes but would from iCloud.
To back up to iCloud, go to Settings > Your Name > iCloud > iCloud Backup, turn the switch on, and tap Back Up Now. For backups to happen automatically in the future, you must have sufficient space in your iCloud account (you get 5 GB for free and can buy more), and your device must be on a Wi-Fi network, connected to power, and have its screen locked.
To back up to iTunes, connect your device to your Mac via a Lightning-to-USB cable, launch iTunes, and click the device icon to the right of the media menu.
Then, in the Backups section, click Back Up Now. If you’re prompted to encrypt your backups, we encourage you to agree since otherwise your backup won’t include passwords, Health information, or HomeKit data. For automatic backups via iTunes, select This Computer. After that, every time you plug into your Mac, it will back up.
If you have sufficient iCloud storage, we recommend backing up automatically to iCloud because its automatic backups work well at night when you’re charging your devices. Then, make extra backups to iTunes whenever you think you might need to restore, such as when you’re getting a new iPhone or iPad, or when you’re about to upgrade to a new version of iOS.
Social Media: Apple’s new T2 encryption chip makes data recovery from new MacBook Pros harder, and the release of macOS 10.14 Mojave and iOS 12 make backups all the more essential. Read on to learn how:
Here’s Why You Should Always Keep the Find My iPhone Feature Enabled
On the face of it, Apple’s Find My iPhone feature does what it says. If you lose your iPhone, you can identify its last known location by looking in the Find iPhone app or on the iCloud Web site, and you can make it play a sound. It’s great for tracking down a missing iPhone, whether you misplaced it in the house or left it behind at a restaurant.
But Find My iPhone does much more! For starters, it works with nearly any Apple device. You can use it to locate a missing Mac, iPad, iPod touch, Apple Watch, and even AirPods. Find My iPhone also helps protect your data if a device is stolen. It even works with Family Sharing to locate devices owned by anyone in your family—a boon to any parent with a forgetful teenager.
You must turn on Find My iPhone before your device goes missing!
- In iOS, tap Settings > Your Name > iCloud > Find My iPhone and enable Find My iPhone. (On the iPad, it’s called Find My iPad.) Also on that screen, turn on Send Last Location. Finally, go back to the main level of Settings, tap Privacy > Location Services, and make sure Location Services is turned on.
- On the Mac, open System Preferences > iCloud and select the Find My Mac checkbox—if you see a Details button beside Find My Mac, click it and follow its instructions for setting necessary preferences.
Be sure to practice viewing where your devices are located and playing tones on them so you’ll know what to do if a device goes missing.
Find My iPhone has a few tricks up its sleeve for when you want a device to show a message or if you think it was stolen:
- Lost Mode: When invoking this mode for an iOS device or Apple Watch, you’ll be asked to enter a phone number where you can be reached and a message. After that, Lost Mode will kick in as soon as the device is awake and has an Internet connection. Anyone who tries to use the device will see your message along with a place to enter the device’s passcode. If you get it back, you can enter the passcode to dismiss the message and use it normally.
- Lock: Available only for the Mac, the Lock feature enables you to protect an entire Mac with a 4-digit custom passcode. You can also enter a message that will appear on the Lock screen. This is a good choice if you think you’ll get your Mac back but would prefer that nobody mess with it in the meantime. Note that if you lock a Mac, you can’t erase it, as discussed next, so lock it only if you think it can be recovered.
- Erase: Even if your device has an excellent passcode or password, you might worry that a thief will access your data. Fortunately, you can erase your device. Erasing a device makes it impossible for you to see its location in Find My iPhone, so it’s a last-ditch effort.
- Activation Lock: If the stolen device is an iOS device or an Apple Watch, when you turn on Find My iPhone, you also enable Activation Lock. This feature prevents someone who has your passcode but doesn’t know your Apple ID and password from turning off Find My iPhone, erasing the device, or setting it up for a new user. In other words, Activation Lock makes it so there’s little reason to steal an iOS device or Apple Watch, since the stolen device can’t ever be used by anyone else. If you get the device back, you can restore your backup—you do have a backup, right?
Find My iPhone works only while the device has power, so if you think you’ve mislaid a device, try locating it right away, before the battery runs out. But even if you are unable to retrieve a lost device, you can prevent others from accessing your data or taking over the device.
Have Your Online Passwords Been Stolen? Here’s How to Find Out.
Data breaches have become commonplace, with online thieves constantly breaking into corporate and government servers and making off with millions—or even hundreds of millions!—of email addresses, often along with other personal information like names, physical address, and passwords.
It would be nice to think that all companies properly encrypt their password databases, but the sad reality is that many have poor data security practices. As a result, passwords gathered in a breach are often easily cracked, enabling the bad guys to log in to your accounts. That may not seem like a big deal—who cares if someone reads the local newspaper under your name? But since many people reuse passwords across multiple sites, once one password associated with an email address is known, attackers use automated software to test that combination against many other sites.
This is why we keep beating the drum for password managers like 1Password and LastPass. They make it easy to create and enter a different random password for every Web site, which protects you in two ways.
- Because password managers can create passwords of any length, you don’t have to rely on short passwords that you can remember and type easily. The longer the password, the harder it is to crack. A password of 16–20 characters is generally considered safe; never use anything shorter than 13 characters.
- Even if one of your passwords was compromised, having a different password for every site ensures that the attackers can’t break into any of your other accounts.
But password security hasn’t always been a big deal on the Internet, and many people reused passwords regularly in the past. Wouldn’t it be nice to know if any of your information was included in a data breach, so you’d know which passwords to change?
A free service called Have I Been Pwned does just this (“pwned” is hacker-speak for “owned” or “dominated by”—it rhymes with “owned”). Run by Troy Hunt, Have I Been Pwned gathers the email addresses associated with data breaches and lets you search to see if your address was stolen in any of the archived data breaches. Even better, you can subscribe to have the service notify you if your address shows up in any future breaches.
Needless to say, you’ll want to change your password on any site that has suffered a data breach, and if you reused that password on any other sites, give them new, unique passwords as well. That may seem like a daunting task, and we won’t pretend that it isn’t a fair amount of work, but both 1Password and LastPass offer features to help.
In 1Password, look in the sidebar for Watchtower, which provides several lists, including accounts where the password may have been compromised in a known breach, passwords that are known to have been compromised, passwords that you reused across sites, and weak passwords.
LastPass provide essentially the same information through its Security Challenge and rates your overall security in comparison with other LastPass users. It suggests a series of steps for improving your passwords; the only problem is that you need to restart the Security Challenge if you don’t have time to fix all the passwords at once.
Regardless of which password manager you use, take some time to check for and update compromised, vulnerable, and weak passwords. Start with more important sites, and, as time permits, move on to accounts that don’t contain confidential information.