6 Tips to Help You Avoid Being Scammed

by Quyen Bui, Square’s Senior Fraud Data Analyst

Have you ever heard of an account takeover? Not the kind where celebrities take over social media accounts to snap photos of their day. I’m talking about the more malicious kind, where fraudsters gain access to your email and password and access your online accounts with bad intent.

Once fraudsters hack into your account, they can get hold of your private information, divert your deposits, or commit credit card fraud. While the Square Secure team performs 24/7 fraud monitoring on your behalf, here are four things you can do to stop fraudsters in their tracks.

4 Ways to Prevent Account Takeovers

1. Take a second look at your passwords.

The most important thing you can do to protect your personal and business accounts from being taken over by fraudsters is to pick unique passwords and then change them regularly.

What makes a strong password?

  • It’s long and complicated. Eight letters? Fine. Sixteen letters? Even better. With vAriEd CaPitaliZAtiOn and $pec!al ch@r&cters? Great! If you’re experiencing writer’s block, try using an online secure password generator.
  • It’s not easily guessable. Don’t use simple dictionary words, personal things (like your name), or strings that a stranger could predict. I’m looking at you, “password12345.”
  • It’s not shared with other platforms. Whatever you do, do not use the same password for your email and your Square account. Many experts hypothesize that password reuse is the main driver of hacker success. If you have difficulty remembering your different login information, consider using a secure password manager.
  • It’s refreshed on a regular basis. Millions of credentials are compromised every year across thousands of websites. To keep your account protected for the long term, you should try to change your password every 30—90 days.

2. Don’t trust strange websites and email.

Scammers send a phishing email to obtain your private information and use it to commit fraud. These emails are designed to look just like another email from your bank or payment processors in order to trick you, but they are run through third-party websites instead of your bank’s or payment processors.

Whenever a website or email asks you for personal information (e.g., password, Social Security number, birth date, etc.), always verify the request is from someone you trust.

What do you do when you think that email or website is sketchy? Do not click any links or download any attachments. You may want to forward it to the company it claims to be from. You should definitely mark the message as spam and delete it from your email account.

3. Two-step your way to safety.

Two-step verification adds another layer of security to your account. In addition to a username and password to log in, you also need to enter a security code that only you can receive (through either text message or an authentication app).

4. Keep the right checks in place for your business.

Fraudsters are not always sophisticated hackers from far, far away. Sometimes, they are the employees whom you’ve hired. While we’d like to think that rogue employees work with other people at other companies, research suggests that as many as 25 to 40 percent of employees steal from their employers in some way.

If your account gets into the wrong hands, you can have your settings changed, deposits taken, and reputation harmed if fraud occurs. (With Square, you can customize employee permissions to secure your business’s most sensitive information.)

It’s important that you take action to protect your account from takeover and fraud. In addition to adhering to the best practices, above, you should also put a lot of thought into the vendors and partners you work with in your business.

Only work with partners like Square that place as much emphasis on protecting your business and customer data as you do. Look for payment providers, for instance, that offer things like fraud detection, dispute support, and PCI compliance, so if something does happen, you won’t be alone.

*Original article

 

 

Lab rats, Windows 10 and the importance of being last

By Senior Reporter, Computerworld 

 

The file-deletion flaw that plagued last week’s rollout of the Windows 10 October 2018 Update shows how Microsoft uses consumers to test out the OS so its important customers – businesses – are protected.

Microsoft has barred access to the latest Windows 10 feature upgrade, told those who did run it to keep their hands off their PCs, and warned people who had manually downloaded the build – but not yet installed it – to discard the disk image.

The primary problem, Microsoft conceded, was that the upgrade – designated 1809 in the firm’s numeric format but also dubbed “October 2018 Update” – tended to erase all the files in the Documents, Pictures, Music and Videos folders.

“We have paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as we investigate isolated reports of users missing some files after updating,” the company said in its usual understated fashion, in a support document. “If you have manually checked for updates and believe you have an issue with missing files after an update, please minimize your use of the affected device and contact us directly at +1-800-MICROSOFT.”

Reaction was swift.

“If you were gullible enough to believe the breathless reviews about a product that’s marginally better than what you have, and you trusted Microsoft enough to install it on your machine as quickly as you could, the joke’s on you,” said Woody Leonard, who runs the AskWoody Windows tip website and writes the “Woody on Windows” column for Computerworld.

“With 700 million installs of Windows 10, Microsoft needs to be more careful with their updates because even a tiny percentage of users being affected can still be millions of people,” argued How-To Geek after asserting, without more evidence than Microsoft’s claims, that the bug, while “very unfortunate” was “unlikely (to have) affected a huge number of users.”

“It’s quite troubling to see Microsoft being so lax about the quality of its generally-available builds,” added Neowin, which had earlier pointed out that 1809 had not been shown to the final “Release Preview” ring of Windows Insider testers before its Oct. 2 release.

But no one described the bigger picture. Because, for Microsoft, a mistake and resulting upgrade retraction like this is a feature, not a bug, of its Windows 10 release strategy.

Key to Windows 10: consumers as lab rats

One of the foundational characteristics of Windows 10 is Microsoft’s two-tier classification of customers. The lower tier includes those who operate Windows 10 Home, the upper tier, all others. (One could argue that there are, in fact, three kinds of Windows 10 users, because those running Windows 10 Pro occupy the middle ground between Home’s folk and the top-of-the-heap Windows 10 Enterprise customers.)

Windows 10 Home users – predominantly consumers – are forced to accept every feature upgrade and are not meant to delay the installation of those upgrades, or the monthly waves of security and non-security updates. (Other customer classes can defer upgrades and updates.) Windows 10 Home receives each feature upgrade first, with an interval of weeks or months between that debut and when Microsoft announces that the refresh is suitable for business deployment.

There’s a reason why Microsoft made Home this way.

“By putting devices on the Current branch for Business, enterprises will be able to receive feature updates after their quality and application compatibility has been assessed in the consumer market,” wrote Jim Alkove in early 2015 (emphasis added). Alkove was then director of program management for Microsoft’s enterprise group. “By the time Current branch for Business machines are updated, the changes will have been validated by millions of Insiders, consumers and customers’ internal test processes for several months, allowing updates to be deployed with this increased assurance of validation.”

Although Alkove used a now-defunct label for a Windows 10 deployment channel (“Current branch for Business” morphed into “Semi-annual Channel”), his message to enterprises was clear: Consumers, the first to be handed a feature upgrade, may suffer, as guinea pigs, from flaws that escaped the notice of developers, but businesses would not. Before enterprises received an upgrade, the bugs would be identified and stamped out, and problems solved, because they would be experienced and reported by consumers, then fixed by Microsoft.

In that way, consumers running Windows 10 became an essential part of Microsoft’s testing regime in a way that people running previous Windows’ editions, which at best offered limited-time betas prior to launch, never were. Along with participants in the Insider program – another Windows 10 innovation that delivered a never-ending series of previews to self-selected participants – consumers largely replaced Microsoft’s own in-house software testing groups, decimated by layoffs in 2014, before Windows 10 debuted.

Less visible, but no less important for Microsoft’s purposes, the diagnostic data collected by Windows 10 Home, then transmitted to Microsoft for analysis, is permanently set at the highest, most intrusive level, meaning the most data is harvested and sent. Other SKUs (stock-keeping units) of Windows 10 are set by default to collect less data or can be modified using Group Policies to nullify most of the operating system’s telemetric appetite.

Microsoft uses this data for a range of purposes, including, it has contended, detecting when an upgrade or update has failed. (But apparently not, as in this instance, being able to see that files have been eradicated.)

“We rely on diagnostic data at each stage of the (Windows-as-a-service) process to inform our decisions and prioritize our efforts,” Microsoft said in the primary online documentation for the diagnostic effort.

The important thing to remember is that, as with forced upgrades, consumers running Windows 10 Home are given no say when it comes to telemetry.

Protecting the real customers

By exposing consumers with Windows 10 Home to bugs, even fatal flaws that make Microsoft halt delivery, the company confirmed the second-class status of those customers and at the same time identified those benefiting from the scheme as the most valuable clientele.

The trade-off is clear-cut: Any pain inflicted upon consumers by bugs, whether major or minor, is pain avoided by commercial customers, particularly enterprises, assuming Microsoft corrects the flaws before giving businesses an upgrade.

That’s acceptable only because consumers are less important to Microsoft than its business customers. No surprise, since the company records the vast bulk of its revenue from commercial software and services. New revenue streams are almost exclusively aimed at enterprise, as subscriptions such as Microsoft 365 illustrate. Meanwhile, efforts to monetize Windows 10 on the consumer front, whether from app sales or search-based advertising, have floundered on the failures of the Universal Windows Platform model and the Edge browser.

Microsoft may still care about consumers-as-customers on Windows, but it clearly cares less about them than it does business users. (If it cared equally for the two categories, it would also let Windows 10 Home users defer or actually skip a feature upgrade. But it doesn’t.) In fact, there are reasons to believe that Microsoft cares about consumers only as much as they contribute to the reliability of Windows for the important enterprise customers.

Because Microsoft requires Windows 10 Home users to install and use each feature upgrade, it ensures that a large group “tests” every build. There’s no straight-forward way to, say, skip a spring upgrade – 1803, perhaps – between two fall upgrades (1709 and 1809), so there will never be a smaller-than-average pool of testers for any one refresh.

And the recent decision to extend support for each fall upgrade to 30 months has only reinforced the consumers-are-good-for-testing motif; the additional support is only for users of Windows 10 Enterprise. Yet Microsoft will continue to roll out two upgrades annually, even though experts expect most enterprises to deploy, at most, only one upgrade a year. Why does Microsoft plan to keep releasing two?

One possible explanation: Since each upgrade is cumulative, continuing the twice-a-year cadence means that the spring upgrade’s contents will be even more thoroughly vetted by consumers before its code is baked into what becomes the fall upgrade. Rather than two months between consumer and commercial availability, for instance, the spring upgrade’s contents would be “tested” for eight months before approved for enterprises.

Because Microsoft has said nothing about whether the spring and fall upgrades will differ significantly, it’s impossible to know whether the company will purposefully favor one over the other with a greater number of new features, the more momentous features or the features most relevant to enterprises. But if it did package such in the spring upgrade, with the expectation that corporations would only deploy the fall’s – again, because of the 30-month support promised for that refresh – testing would have that many more months to root out bugs on the higher-profile enhancements or additions.

Working as Microsoft wants it to

Microsoft will fix the file-deletion issue in Windows 10 1809 and restore the feature upgrade’s distribution to what it calls the “Semi-annual Channel (targeted)” release ring. In plainer terms, that means Microsoft will restart delivery of the upgrade to Windows 10 Home and its – willing or not – consumer testers.

And except for those business machines whose owners decided to jump into 1809 to get an early start on testing, the blunder will not impact Microsoft’s important customers. Some consumers may have permanently lost files – it’s unclear at this point whether there is a reliable way to restore what was deleted by 1809 – but it’s very unlikely the problem will persist long enough to affect enterprises running Windows 10 Enterprise when they begin 1809 deployment in a month or two or three. Or 10.

That’s how Windows 10’s release model is supposed to work.

But Microsoft cannot afford to squander consumer confidence in Windows 10. They play too important a role in 10’s quality assurance (QA).

From the company’s perspective, the worst case would be for the bulk of consumers to take the advice of authorities like Leonard. “Upgrading to a new version of Windows 10 as soon as it’s out leads to madness,” Leonard wrote in an Oct. 3 column where he showed how users could put off 1809’s installation. Fortunately for Microsoft, advice like Leonard’s reaches relatively few consumers.

Enterprises should thank their lucky stars, too, for the assistance given by consumer lab rats. Without them, it could be corporate PCs going belly up, not Grandma’s.

 

What is an API? (Application Programming Interface)

API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. Each time you use an app like Facebook, send an instant message, or check the weather on your phone, you’re using an API.

What Is an Example of an API?

When you use an application on your mobile phone, the application connects to the Internet and sends data to a server. The server then retrieves that data, interprets it, performs the necessary actions and sends it back to your phone. The application then interprets that data and presents you with the information you wanted in a readable way. This is what an API is – all of this happens via API.

To explain this better, let us take a familiar example.

Imagine you’re sitting at a table in a restaurant with a menu of choices to order from. The kitchen is the part of the “system” that will prepare your order. What is missing is the critical link to communicate your order to the kitchen and deliver your food back to your table. That’s where the waiter or API comes in. The waiter is the messenger – or API – that takes your request or order and tells the kitchen – the system – what to do. Then the waiter delivers the response back to you; in this case, it is the food.

Here is a real-life API example. You may be familiar with the process of searching flights online. Just like the restaurant, you have a variety of options to choose from, including different cities, departure and return dates, and more. Let us imagine that you’re booking you are flight on an airline website. You choose a departure city and date, a return city and date, cabin class, as well as other variables. In order to book your flight, you interact with the airline’s website to access their database and see if any seats are available on those dates and what the costs might be.

However, what if you are not using the airline’s website––a channel that has direct access to the information? What if you are using an online travel service, such as Kayak or Expedia, which aggregates information from a number of airline databases?

The travel service, in this case, interacts with the airline’s API. The API is the interface that, like your helpful waiter, can be asked by that online travel service to get information from the airline’s database to book seats, baggage options, etc. The API then takes the airline’s response to your request and delivers it right back to the online travel service, which then shows you the most updated, relevant information.

What an API Also Provides Is a Layer of Security

Your phone’s data is never fully exposed to the server, and likewise the server is never fully exposed to your phone. Instead, each communicates with small packets of data, sharing only that which is necessary—like ordering takeout. You tell the restaurant what you would like to eat, they tell you what they need in return and then, in the end, you get your meal.

APIs have become so valuable that they comprise a large part of many business’ revenue. Major companies like Google, eBay, Salesforce.com, Amazon, and Expedia are just a few of the companies that make money from their APIs. What the “API economy” refers to is this marketplace of APIs.

The Modern API

Over the years, what an “API” is has often described any sort of generic connectivity interface to an application. More recently, however, the modern API has taken on some characteristics that make them extraordinarily valuable and useful:

  • Modern APIs adhere to standards (typically HTTP and REST), that are developer-friendly, easily accessible and understood broadly
  • They are treated more like products than code. They are designed for consumption for specific audiences (e.g., mobile developers), they are documented, and they are versioned in a way that users can have certain expectations of its maintenance and lifecycle.
  • Because they are much more standardized, they have a much stronger discipline for security and governance, as well as monitored and managed for performance and scale
  • As any other piece of productized software, the modern API has its own software development lifecycle (SDLC) of designing, testing, building, managing, and versioning.  Also, modern APIs are well documented for consumption and versioning.

What is API? Video

*Original Article

 

Office Lens gets you networking—scan business cards to OneNote, contacts to Outlook

By: Greg Akselrod and the OneNote Team

Did you know that in the U.S. alone, over 10 billion business cards are printed each year and 88 percent of business cards exchanged are thrown out within a week? Here on the OneNote team, we’re always looking for ways to help you be more efficient, and today we’re launching a new feature to help you digitize all those business cards.

Scan business cards with Office Lens

You’ve already been able to scan documents and whiteboards with Office Lens, and now you can scan business cards in its new Business Card mode! Using technology from Microsoft Research, when you take a picture of a business card with Office Lens for Windows Phone and save it to OneNote, it will automatically recognize the card’s contact information and format it nicely into your OneNote notebook. Using OneNote on your phone, tablet, Mac or PC, you can search for text contained in the scanned business card, initiate a call to the number recognized, find their address on a map or open the attached VCF file to save their contact details to Outlook or your phone’s contact list.

Office Lens is available for free in the Windows Phone app storetry it today and let us know what you think!

Help make it better

Business card scanning works best on English-based business cards right now, but we plan to add additional language support in the future. You can help our recognition algorithms get smarter:

  1. Upload your collection of scanned business cards to a folder on OneDrive.com, Dropbox.com, or any other cloud drive.
  2. Create a sharing link. Here are instructions for: OneDrive and Dropbox.
  3. Email the sharing link to OneNoteBizCards@microsoft.com.

We’ll only use the images to improve our algorithms.

Developers—integrate business card scanning into your app for free

Starting today, developers can leverage the OneNote API to scan and recognize business cards from their app too! Head over to our OneNote Developer blog post to get started.

We hope you love these updates as much as we do. As usual, we want to hear your feedback so we can keep making OneNote better. Let us know what you think!

Greg Akselrod and the business card scanning team

*Original article