TechLinks: Is this email for real?

Technology is great, and we love trying out new things. But that doesn’t mean that someone won’t abuse it. Email scams, often called phishing, commonly play upon your greatest hopes, such as a huge windfall, or your worst fears, such as being accused of missing a payment. So how do you sort through the trash to find the treasure? NCRA’s Realtime and Technology Resources Committee has some advice on how to make sure you don’t get scammed.

Robin Nodland, FAPR, RDR, CRR, of Portland, Ore., offers a three-step process to start:

  1. Read the email closely. Does it ring true? Usually there are spelling, grammar, and punctuation errors that will alert you that a con artist is at work and the email is not authentic. Court reporters and captioners are experts at this! Trust your gut reaction.
  2. If you have access to an IT professional, run it by them.
  3. Google it. Chances are you are not the first person to be hit up.

Nodland references Computer Hope’s article on how to tell if an email is a scam. Red flags can include incomplete and misspelled words, a call for immediate action, a request for personal information, using a username instead of your real name, or a deceptive link or email address (that is, the metadata does not match what you see).

Committee chair Lynette Mueller, FAPR, RDR, CRR, of Germantown, Tenn., pointed to a Wired article entitled “Phishing scams even fool tech nerds – here’s how to avoid them.” The March 13, 2017, article says one of the first things to consider is the sender’s email address for mistakes, such as a number 1 for a letter l and other such substitutions. Also, think about whether this email would be likely to come from such a person.

Don’t overlook the official source for information on your particular email program. Whatever email program you use regularly, consult the help section or visit the online website to find information about how to block specific senders, change your security settings, unsubscribe from mass emails, and otherwise keep up with the latest protections. The Federal Trade Commission also offers information on how to avoid phishing attacks. The website includes information on how to file a complaint and report phishing emails.

To help you get a better handle on what to look for before you are attacked, Mueller recommended three articles on phishing:

Tamara A. Jenkins, RMR, CRR, CRC, of Crystal River, Fla., suggested a few more resources to bring you up to date on the latest in scams:

If you’ve already accidentally clicked on a bad link, Mueller recommends “5 steps to take after clicking on a phishing link,” a July 20 article on This article also notes that spotting phishing messages can become harder and harder to identify as scam artists get sneakier about getting to you.

TechLinks: Staying safe online

Nancy Bistany, RPR, found a list of five steps to take to make sure that you are protecting your privacy online. The how-to piece by VIPRE security reminds that it is always a good idea to review your setup once in a while. [Want to learn more about how the Tech Committee members protect themselves? Read the June 29 TechLinks “Understanding internet safety,” in which several of them shared their typical practices.]

Robin Nodland, FAPR, RDR, CRR, found a good list for security issues for lawyers in the SmallLaw blog, part of Technolawyer, which can easily be adapted for court reporters and court reporting firms. The article shares that security for a law firm should be a layered affair, covering physical, digital, and human factors. “I love the question at the end: What happens if you get hit by a bus?” Nodland says. ”I ask this of every one of our court reporters, whether they’re an employee with us or an independent contractor.” [Note that the article is free but requires a TechnoLawyer profile to access.]

Jonathan Moretti, CLVS, shared the July 2017 issue of Malwarebytes’ newsletter, which included an article on how to stay cyber safe. Tips included how to monitor your children’s internet habits, watching out for public WiFi, and avoiding credit card skimmers at ATMs and gas pumps.


mirrored images of computer code written in green on a black background

Photo by Cheryl Pellerin | Dept. of Defense

By Christine Phipps

Equifax announced in September that they discovered a data breach on July 29, that occurred mid-May through July, which affects 143 million Americans.

The hackers were able to access the Equifax data through a security flaw in the Equifax website. In a Sept. 7 post on, security expert Brian Krebs said, “Equifax may have fallen behind in applying security updates to its internet-facing Web applications. Although the attackers could have exploited an unknown flaw in those applications, I would fully expect Equifax to highlight this fact if it were true – if for no other reason than doing so might make them less culpable and appear as though this was a crime which could have been perpetrated against any company running said Web applications.” The Fort Knox of our identity information was asleep at the wheel.

While this isn’t the largest breach, it’s one of the most serious because the hackers accessed names, social security numbers, birth dates, addresses, and driver’s license numbers. These are the essential elements to take out loans, open credit-card accounts, and more.

Visit to find out if you were affected by clicking on the “Potential Impact” button. Make sure you are on a secure computer (not a hotel or public computer) and are using a secure internet connection (not a public network like a local coffee shop, etc.). Equifax is offering free credit monitoring, identity theft insurance, and other items for those affected. I have always had credit monitoring so that I receive alerts in balance increases and decreases, new accounts, and credit inquiries. If you do not have a system of monitoring in place, I would strongly suggest you do so.

Christine Phipps, RPR, is a freelancer and agency owner in North Palm Beach, Fla., and a member of the NCRA Board of Directors. She can be reached at

TechLinks: The 21st century reporter, part 1

TechLinks_logoOn behalf of the NCRA Technology Committee, Robin Nodland, FAPR, RDR, CRR, recently shared a series of links with information to help the 21st-century reporter or captioner. This first installment covers ethics and cybersecurity, a tech gadget, and a data-storage solution.

In the July 2017 GPSolo eReport for the American Bar Association (ABA), lawyers Al Harrison and Joseph Jacobson talk about what ransomware is, how it can affect your computer, and how to deal with it ethically. “Often portrayed as attacking an operating system such as Windows or Mac OS, ransomware is, unfortunately, more sophisticated and more destructive than you may perceive from a cursory review of reported invasive malware events,” Harrison and Jacobson say. This is the first in a series on cloud computing and ethics. GPSolo is the solo, small firm, and general practice division of the ABA.

In a July 20 post for PCMag, William Harrel reviews the Xerox Duplex Travel Scanner. “There are some other much more sophisticated portable document scanners out there, such as the $300 Epson WorkForce ES-300W Portable Wireless Duplex Document Scanner, but if all you need is to scan relatively short documents to your laptop on the road, the Duplex Travel Scanner is a terrific alternative to the RoadWarrior X3—especially if those documents are two-sided,” says Harrel.

A July 17 post on How-To Geek by Jason Fitzpatrick discusses how to set up a Synology Network Attached Storage (NAS) device. “A NAS, simply put, is a computer optimized for data storage, often with additional functionality layered on top,” explains Fitzpatrick. In the post, Fitzpatrick goes through the physical setup – including hard-drive selection, how to add the drives, and where to put a NAS – how to configure the NAS, and how to use the DiskStation Manager (with screenshots!).

Read “TechLinks: The 21st century reporter, part 2.”

Four tips for creating strong passwords

By Christine Phipps

In April 2014, researchers announced Heartbleed, a serious Internet security vulnerability that went undetected for two years, possibly affecting an estimated 500,000 websites through which hackers could conceivably pilfer login information, credit card numbers, and other data. And, every few months, another news report alerts people to more stolen passwords or hacked sites. As a result, security experts have widely recommended changing all your passwords for sites that have upgraded their security certificates.

But creating strong passwords is trickier than it used to be.

According to security expert Bruce Scheier, hackers are becoming increasingly adept at figuring out login credentials, thanks to fast and powerful computers running software that can crack encrypted passwords by guessing millions of variations per second.

Password crackers try common passwords like “letmein” with prefixes or suffixes such as “1” or “!” and run various dictionaries of English and foreign words and names along with appendages such as dates and replacing letters with symbols (such as “@” for “a”). These tactics are remarkably effective at breaking passwords and crack even those you’d think look pretty unguessable — passwords such as “k1araj0hns0n” and “Sh1a-labe0uf.”

So what’s the best way to create a strong password you can remember? Follow these tips to the best password practices.

1. Use a meaningful sentence

Scheier suggests turning a meaningful sentence into a password. For example, “This little piggy went to market” turns into “tlpWENT2m.” Notice that not only does this password use the letters from the sentence, but it uses both uppercase and lowercase characters and replaces “to” with “2.”

2. Never reuse a password

It’s imperative that you never use the same password on more than one website.

“Even if you choose a secure password, the site it’s for could leak it because of its own incompetence,” Scheier writes. “You don’t want someone who gets your password for one application or site to be able to use it for another.”

3. Use a password vault

My favorite password vault is LastPass because it will generate unique passwords such as “R4fpo9)mswH” and saves them in an online vault. Even better, the LastPass browser extension automatically fills in login credentials on every site for which you’ve saved a username and password, so you don’t have to try to recall difficult-to-remember passwords.

For $12 a year, get LastPass on your mobile device so you can access your passwords when you’re not sitting at your computer. LastPass is available on iTunes, Google Play, and the Windows Phone store..

LastPass’s Security Check feature was recently updated to alert users to which of their accounts may have been compromised by Heartbleed, as well as the last time a site’s password was updated and if the site has updated its certificates to make it safe from Heartbleed. Since LastPass is free to download to your computer, it’s a tool worth using. After downloading and installing LastPass, click the LastPass icon in your browser toolbar, then Tools menu, then Security Check.

4. Use two-factor authentication

Two-factor authentication adds an extra layer of security by asking for something else in addition to a password before allowing you into a website. Google and Facebook, for example, offer to text you a code that you have to enter on a login page. Google has a page explaining how to sign up for their two-factor authentication service. For Facebook, enable ‘Login Approvals’ from the ‘Account Security’ section of your account settings page.


Christine Phipps, RPR, is an agency owner and freelancer in West Palm Beach, Fla., and a member of NCRA’s Technology Committee. She can be reached at


American Bar Association House of Delegates adopts resolutions on cybersecurity

During the 2014 ABA annual meeting in Boston, the American Bar Association House of Delegates adopted a resolution on cybersecurity. The resolution encourages private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations. The organization cited cybercrime and cyberterrorism has increased and become a serious problem to our economy and our country as reasons for adopting the resolution.

Read more.