Hold on to Your Credit Cards… Alexa’s On a Shopping Spree!

I love my Alexa. I don’t know what I’d do without it. Last year I decided to set it up for voice shopping. That way, when I come home from work, I can start cooking dinner, get the kids going on their homework, and tell Alexa what I want to buy.

Alexa Shopping Spree

Evidently, other moms and dads are doing this too. Research shows that people are spending about $2 billion a year using voice shopping with their Echos and Alexas.

And, it’s predicted that this amount will increase rapidly over the next few years to a whopping $40 billion by 2022! According to the company that provided these statistics:

“Voice commerce represents the next major disruption in the retail industry, and just as e-commerce and mobile commerce changed the retail landscape, shopping through smart speakers promises to do the same…The speed with which consumers are adopting smart speakers will translate into a number of opportunities and even more challenges for traditional retailers and consumer products companies.”

It seems that Amazon is the preferred vendor with 85% of people choosing the products Amazon suggests. For those like me who purchase groceries online, 45% of online grocery orders are made through Amazon Fresh.

Here are some more interesting statistics:

  • Right now, only 13% of homes have one of these devices, but by 2022 this is supposed to grow to 55%.
  • Amazon Echo is the most used of any U.S. virtual assistant. Google Home is the next at 4%, followed by Microsoft’s Cortana at 2%.
  • Those of us who have an Amazon smart speaker spend 66% more on Amazon than other people do.
  • Amazon Alexa owners spend on average $1,700 a year at Amazon, while members of the Amazon Prime program spend around $1,300 a year at Amazon.

Well, what can I say? It’s so much easier to just speak into my Echo and tell Alexa to reorder what I did last week from Amazon Fresh. When I’m making dinner, I don’t have the time to sit down and type away on a keyboard. The Voice Purchasing function of Amazon’s Alexa and Echo is so convenient. I can order practically anything from Amazon without using my computer. It’s great!

It seems that the smart speaker market is still in its infancy (unlike my precious children), and it’s still not clear if the Google and Microsoft smart speakers will be able to catch up to Amazon in the future.

Speaking of children…

Because Amazon doesn’t ask me to confirm my purchases with a “yes,” I’ve found some items in my orders that I didn’t place – but that my “precious” children did! Sugary cereal, microwave popcorn, chips, cookies, etc. Boy, was I mad when I found out they did this. You can be sure these purchases will come out of their allowance!

When I complained to Amazon, they told me to increase the security on my Alexa. They said there are two ways I can secure the Echo speaker from the kids or others. I can disable the Voice Purchasing feature or simply create a four-digit PIN (a secret one of course!).

Here’s how to disable Voice Purchasing.

By disabling Voice Purchasing, you can still shop with your Alexa and add items to your cart. However, you’ll have complete your checkout from the Amazon website or app.

  • Sign on to amazon.com(or open the Alexa app on your iOS or Android device).
  • Go to Settings.
  • Select Voice Purchasing.
  • Toggle off the Purchase by voice to disable Voice Purchasing.

They also suggest the I use a confirmation code.

Doing this lets me keep Voice Purchasing enabled without allowing others to purchase things with my Amazon account. I have to speak my confirmation code aloud to complete my order. So, I make sure to do this when the kids or others aren’t around! 

  • Sign on to amazon.com(or open the Alexa app on your iOS or Android device).
  • Go to Settings.
  • Scroll down and choose Voice Purchasing.
  • If it isn’t enabled choose “Purchase by Voice” to enable it.
  • In the text field beside Require confirmation code, enter a (secret) four-digit PIN.
  • Save.

Why do I love my Alexa for shopping? Because it’s so convenient! If I’m running out of paper towels or toilet paper, rather than jotting this down on a shopping list, I just ask my Echo to tell Alexa to order what I did last month. They arrive at my house in just two days! No more going to the store, putting them in a cart, jamming them into my car, taking them out of my car, etc. (you get the idea). They magically appear on my doorstep with minimal effort on my part.

And, if I happen to order something that requires a return, I don’t have to pay for shipping. Come to think of it, I should have returned the kids’ chips, cereal, etc.!

If you haven’t shopped with Alexa, you should give it a try. I know, it can be a little scary the first time. But once you see how easy it is, you’ll be “hooked” like me.

Here’s how to set up Alexa for shopping.

First, you need to set up an Amazon Prime account, provide a U.S. shipping address, billing address and a U.S.-based payment method. Set your Amazon Prime account for 1-Click shopping.

Check the settings in your Alexa to make sure Voice Purchasing is enabled. You can go to Settings -> Voice Purchasing in the Alexa app, and enable it. You can also manage your 1-Click settings here and set a 4-digit PIN to make sure the kids don’t order stuff!

Now, you can order anything that’s Amazon Prime-eligible:

Order new products: If it’s something you’ve never ordered before, Alexa will suggest an “Amazon Choice” product that meets your description. If you’re not sure about what you want to buy, you can add it to your cart and cancel it right away if you change your mind.

Reordering: Alexa will look at your past orders, so if you ordered a particular brand of paper towels, you can easily reorder them with a “reorder _____” command. Alexa will ask you to confirm the order, and if you say yes, you’re all done.

Tracking: You can always track what you’ve ordered by asking Alexa. Just say, “Alexa, where’s my stuff?” She’ll let you know when your order will arrive.

So, you can see why I love my Alexa and why I can’t do without “her.” She’s my newest best friend!

Problems with Two-Factor Authentication in Office 365?

We noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).

Office 365 Two Factor Authentication

 

We have a few tips for you here.

First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.)  For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.

Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.

How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.

If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.

Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

This is what Microsoft recommends you do:

  1. Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
  2. In the EAC, go to HybridSetup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  3. In the Application Install window that opens, click Install.

Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.

After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.

If not, and you receive errors, check the following requirements:

  • Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
  • Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
  • The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.

How to Enable 2FA in the Office 365 Admin Portal

Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications).  Here’s what Microsoft says to do to enable 2FA one user at a time:

  • Log in to the Office 365 admin portal using an administrator account.
  • In the menu on the left of the portal, expand Users and Active users.
  • In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
  • In the user’s pane, click Manage multi-factor authentication under More settings.
  • On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
  • In the About enabling multi-factor auth dialog box, click enable multi-factor auth.

The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.  

How to Enroll an Account for 2FA

Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:

  • On the Additional security verification screen, select Mobile app
  • Select Receive notifications for verification
  • Click Set up
  • Open the Microsoft Authenticator app on your phone and click Scan Barcode.
  • Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
  • Click Finished in the browser window.
  • Back on the Additional security verification screen, click Contact me.

The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.

  • Click Verify to complete the sign-in process.
  • Click Close in the Microsoft Authentication app.
  • In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.

Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.

This final step provides the user with an app password for these apps.

  • They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
  • They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.

Important note from Microsoft:  If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.

We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365.  If you have any problems doing this, feel free to contact our Microsoft Experts.

Are You Playing The Internet’s Latest Game Of Cops And Robbers?

Make no mistake – if you show the slightest bit of weakness around a bully, they will pounce. The Internet is no different, with hackers just waiting for a cybersecurity vulnerability to seize their opportunity.

Internet Crime

 The latest form of cyberterrorism to take root and have explosive growth is incredibly dangerous. Forget about Trojan horse viruses and identity theft — well, not really, those are still a threat — but the hot topic today is cryptocurrency mining. This phrase is used in reports and articles all over the Internet, but what it means can vary.

  • Cryptocurrency is an alternative currency in a digital format that is uncontrolled by a financial authority where the authority determines the supply and value. The most widely-known type of cryptocurrency is bitcoin. The decentralized nature of cryptocurrencies is what makes them so appealing to cybercriminals, but also what makes the industry minimally regulated.

Have you ever had a virus on your computer or smartphone? We know that pain. They range from annoying to debilitating and are time-consuming to eradicate. What’s worse is when we connect our smartphones via charging cable to a computer, and we allow access to our smartphone, we run the risk of inadvertently allowing the virus to transfer. Can we ever win?

  • In 2017, a version of malware for cryptocurrency mining targeting Android devices was discovered and proved its effectiveness of physically damage a mobile device.

Why are we talking about cryptocurrencies and viruses at the same time? Because you’d be amazed at what lengths cybercriminals — hackers — will go to accomplish their goal. Have you ever heard of ransomware? It’s a type of malicious software, “malware”, and sometimes more advanced malware is involved where the victim’s files are encrypted using code deployed by the hacker, called cryptoviral extortion. These all function the same as a basic virus, where an executable program is planted on a user’s computer with the intention of restricting user access in some way. With ransomware, to remove this restriction and regain access, the user is prompted to pay whatever fee the hacker demands — their “ransom” — otherwise the user’s data is blocked entirely and permanently. This type of extortion is being used more commonly in cryptocurrency mining.

  • Cryptocurrency mining uses specialized software programs to automate the process of solving complex math problems in exchange for a small amount of cryptocurrency.

How is this possible? We mentioned that the beauty of cryptocurrency mining is in automation. A cybercriminal gains access to a computer — without the knowledge or permission of the computer’s owner — and installs the software that runs the mining file(s). Has this ever happened to you? But…would you even realize it?

How do cybercriminals access a computer to fulfill their devious plan? Through dark and devious means in a dimly-lit basement at a desk filled with candy wrappers and empty cans of energy drinks? This isn’t a Hollywood film – it’s much more likely the cybercriminal is at a coffee shop or somewhere benign. They could be next door, across town, or around the globe from the computer that they’re hacking. While proximity isn’t meaningless, it’s far less necessary than it once was. The Internet has made consumers that much more vulnerable, and that much more valuable to a hacker. The sad reality is that the devices most consumers use to access the Internet — either wireless routers or networks lacking sophisticated means of protection — are the most common culprit. Most consumers don’t realize how important it is to established layered levels of cybersecurity protection at their home, nor do they understand how to go about protecting themselves adequately. This is something best left to the experts – especially if you need to establish this protection in your office, and it’s your business!

Still wondering why a hacker targets a personal computer for cryptocurrency mining? The answer is money. We can look at this from a few different perspectives.

  • Using someone else’s computer, a hacker doesn’t need to worry about overhead, like:
    • Reliable power and resulting power bill.
    • The purchase and maintenance of the expensive hardware needed to process the thousands of complex problems that generate the cryptocurrency, though fractional portions with each solution.
  • Hacking into many computers offers the chance to increase the amount of cryptocurrency generated in the same time frame from multiple sources.
    • When one option is eliminated, another option replaces it quickly, so a hacker avoids “downtime”.
  • The goal of any hacker varies, but when it comes to cryptocurrency mining, the goal is to make money. The next step in a natural progressing — one born of greed — is to hold the hacked device hostage for ransom.

The terms “cyberterrorism” and “cyberespionage” are just fancy ways of redefining a hacking situation that is getting uglier each year. The more sophisticated any cybersecurity network is, personal or professional, the more sophisticated hackers need to become in response. Adversely, the more vulnerable a network is, the more attractive the victim is to a hacker, and the more expensive the situation the victim is likely to find themselves in – repeatedly.

The value of cryptocurrencies keeps increasing, as well. Bitcoin is valued around $9,000, meaning that the cost to buy one Bitcoin is $9,000. A newer cryptocurrency, Monero, has increased exponentially in its first year. The value of Monero is lower than that of Bitcoin, closer to $250, but its newness also makes it more discreet. There is also value in mining early. Consider the price of an ounce of gold; the weight does not change, but the value of an ounce does, so buying one ounce for $500 and keeping that ounce until the value of an ounce reaches $1,000 gives a greater return on investment It’s ironic to be reading about legal investments in the same spot as cryptoviral extortion – but it helps law-abiding citizens understand the mindset of the cybercriminal. More importantly, the process to mine these isn’t the point: where there is money to be made by little effort, those with a serious lack of ethics seize the moment. Cybercriminals are evolving with cryptocurrency paradigm shifts, including fileless miners.

  • Fileless cryptocurrency-mining malware is a newer mining method and involves deploying code into the victim’s system memory. This code is what activates the computer’s mining processes.

Yes, cybercriminals can now use wireless networks to access your computer and use your computer to mine cryptocurrencies without files. If a hacker can take over your computer entirely and require you to pay them real money to get your computer — and everything on that computer — back, how can you protect yourself?

Cybersecurity and protecting yourself isn’t just a case of setting a “really strong” password anymore. Some programs and platforms encourage — or even require — two-step verification processes for each login. The greatest advantage you can give yourself is teaming with the best cybersecurity partner and making all staff members aware of the risks. Let your trusted partner do what they do best — cybersecurity — and you can focus on what you do best: running your day-to-day operations.