Consumer Alert / Safety

Samsung accused of misleading customers on Galaxy S ‘water resistance’

The Australian Competition and Consumer Commission claims Samsung’s phones aren’t as waterproof as advertised.

An Australian government watchdog agency is taking Samsung to court over claims that the company’s Galaxy phones are safe to take in the water.

In 2016 Samsung released its first IP68 water-resistant phone, the Galaxy S7. All of the electronics giant’s flagship phones have since carried the IP68 certification for water resistance and have been advertised as water-friendly phones. The Australian Competition and Consumer Commission (ACCC) says this amounts to false advertising.

There are two key components to the ACCC’s issue with Samsung. First, Samsung’s advertising indicated that submerging a Galaxy phone under 1.5 meters (about 5 feet) of water for 30 minutes or less wouldn’t impact the device over the course of its lifetime. Second, Samsung advertised phones being used in beaches and pools, even though the IP68 certification only applies to fresh water.

ACCC reviewed over 300 Samsung ads as the basis for its claims, it said.

IP68 certified phones are technically water-resistant, not waterproof, and specifically for depths up to 1.5 meters and for 30 minutes or under. IP67 phones, like 2014’s Galaxy S5, are resistant for 30 minutes or less for depths of 1 meter or less, but ACCC specifically referred to phones marketed from 2016 on.

The ACCC claims that Samsung has rebuffed warranty claims by customers who say their phones were damaged by water exposure. The watchdog also notes that Samsung’s own website claims the Galaxy S10, its early-2019 flagship phone, is “not advised for beach or pool use.”

“The ACCC alleges Samsung’s advertisements falsely and misleadingly represented Galaxy phones would be suitable for use in, or for exposure to, all types of water, including in ocean water and swimming pools, and would not be affected by such exposure to water for the life of the phone, when this was not the case,” ACCC Chair Rod Sims said.

“Samsung showed the Galaxy phones used in situations they shouldn’t be to attract customers,” Mr Sims said.

For its part, Samsung says it has noted ACCC’s accusations and plans to defend itself in court.

“Samsung stands by its marketing and advertising of the water resistancy of its smartphones,” the company said in a statement. “We are also confident that we provide customers with free-of-charge remedies in a manner consistent with Samsung’s obligations under its manufacturer warranty and the Australian Consumer Law. Customer satisfaction is a top priority for Samsung and we are committed to acting in the best interest of our customers.”

BY      

How to Protect Your Smart Home From Hackers

By Rachel Cericola (Ms. Cericola is a Staff Writer at Wirecutter, the product review site owned by The New York Times Company.) March 27, 2019

By connecting smart devices like lights, cameras, door locks and thermostats to the Internet, you may be making them — and you — visible to digital thieves or hackers.

“Every device connected to the Internet is a target,” said Theresa Payton, a former White House chief information officer and the founder and chief executive of Fortalice Solutions. A few recent news stories also illustrate the power these devices have.

One family’s living room Wi-Fi camera was infiltrated, allowing someone to not only control the camera and spy on them, but to broadcast sound — including a false report of a nuclear missile attack. We’ve also seen domestic abusers tap into smart home technology to intimidate and stalk former partners.

According to statistics website Statista, there will be about 42 million smart homes by the end of 2019, but little more than anecdotal evidence of security compromises. So while stories about hacks and privacy breaches are indeed scary, so far they’re also rare. The vast majority of smart home users aren’t getting hacked.

Still, as with any internet-connected device, taking precautions is essential. At Wirecutter, the New York Times company that reviews products, we’ve consulted with a range of experts who offered some tips that will go a long way toward protecting you and your home — and don’t require a lot of time, money or technical know-how. We’ve also done extensive testing of smart home devices and we consider a product’s security measures as part of our evaluation process.

One of the things that makes smart home devices “smart” is their ability to connect to the internet over your home’s Wi-Fi network. That’s why it’s essential that you properly secure it. If you don’t protect your Wi-Fi network with a password, or you only use the default password that came with your modem or router, all of your devices are exposed — the digital equivalent of leaving your front door wide open with a neon welcome sign overhead.

“People need to realize there’s actually catalogs of all those default passwords on the internet,” Ms. Payton said. Lock your network down with a password, one that is unique and not shared with any other accounts you have. Ms. Payton also suggests completely hiding your home network from view, an option in your router’s settings menu. “So when somebody drives by, they think you don’t have internet. They can’t see it,” she said.

You can add another layer of protection by isolating your smart home devices from your computers and smartphones using a guest network, a common option in many popular routers.

“That way, the devices will be sort of quarantined by themselves,” said David Templeton, an information security analyst at The New York Times. Doing this also makes it easier to take devices offline without having to upset your entire network.

Many people make the mistake of using the same username and password combination on multiple devices or accounts. If any one of those combinations is discovered — as happens a lot, such as when giant companies like Facebook and Yahoo get hacked — an enterprising thief could try them out on popular banking websites, social networks, email providers and websites that allow control of smart devices.

You need to use unique passwords for everything — including shopping sites you visit, services you use, your home network and of course, each of your smart home devices. Remembering such an encyclopedia of passwords is functionally impossible, which is why Mr. Templeton suggests using a password manager, which not only creates unique passwords automatically but also keeps track of them across all your devices. Wirecutter has suggestions for the best ones to use here.

All of our security experts agree that it’s best to pick smart devices from established brands. Those companies have a reputation to protect, along with the infrastructure to back it up.

That also means they likely have the ability to employ better security measures when designing their products, and unlike no-name brands or many start-ups, you can reasonably expect them to release software patches and fixes if vulnerabilities are discovered. And naturally, we recommend reading good, high-quality reviews (and admittedly, we’re biased toward our own) before making a purchase.

There are a few additional ways to further secure your smart devices. A number of companies now offer a verification system to control access to devices, called two-factor authentication. When you attempt to log into an app, a one-time-use code is sent to another of your devices, which then needs to be entered in the original app. It’s not perfect, but makes it virtually impossible for someone unwanted to access your accounts.

Also, many manufacturers allow you to opt into automatic hardware and software updates, something that will ensure the latest fixes get installed to repair new security vulnerabilities. Make sure you check the settings section of your devices’ apps and your smartphone’s app marketplace for updates to devices that don’t automatically do this.

Ms. Payton said she also reboots smart home devices once a week as an added security measure. “That reboot will actually make it grab any new security and privacy settings and downloads when it reconnects to the internet,” she explained. However, this is impractical for some devices, especially ones that are hard-wired into your home like in-wall dimmers and smart thermostats.

Just because you’re ready to ditch a device doesn’t mean it’s ready to forget you. After all, your Wi-Fi password and other personal info is often stored on that camera, smart plug or smart bulb. Before selling or recycling any device, be sure to do a factory reset first. Some devices require a button-press on the actual device, while others allow you to do it from the app. Either way, make sure that your info is no longer available through the app.

If a device is broken and you’re unable to wipe it clean, make sure it’s really broken and smash its components to pieces. According to the United States Computer Emergency Readiness Team, “Physical destruction of a device is the ultimate way to prevent others from retrieving your information.”

I like to think about all those times a device stopped working or disconnected from the network, and the idea of whacking it with a hammer. Just make sure you don’t hurt yourself in the process.

There is mounting pressure on manufacturers to adopt better security practices. “The industry should be using strong encryption wherever possible, verifying firmware updates and inviting security audits,” said Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation.

The E.F.F. and organizations like The Digital Standard and the Mozilla Foundation are pressuring companies and government bodies to put stronger security practices in place. But everyone we spoke to agrees that, for now, consumers need to be proactive about security.

“Honestly, given where we are and how businesses think about security and privacy, the onus is on you. Nobody can look out for your security and privacy like you can for you and your family,” Ms. Payton said.

How to Safely and Securely Dispose of your Old Gadgets

THERE COMES A period of time in every beloved gadget’s life—some more prolonged than others—when you need to think about replacing the electronic device that’s given you so much loyal service, whether it’s a smartphone, a laptop, a digital camera, or anything in between.

Aside from the fun of choosing a replacement piece of hardware, you’ve got two main considerations to think about when it comes to disposing of your outdated gadgets carefully: security, and the impact on the environment. You don’t want your personal and private data accessible after the gadget has left your possession. And you want to get rid of the device in a way that’s as kind to the planet as possible.

Here we’ll show you how to take care of both considerations, no matter what the gadget you need to dispose of.

Wipe Your Data

DAVID NIELD

Whether you’re sending your device to be recycled or sticking it on Ebay, you don’t want your finance spreadsheets, family photos, or Twitter login to stick around on the hardware, even if you don’t think anyone would go to the trouble of trying to extract the data from your old gadgets.

When it comes to gadgets with on-board storage, we’re primarily talking phones, tablets, and computers. The easiest way to wipe these devices—and all the data and applications on them is to do a full reset of the operating system. But first, make sure to back up all your precious documents, pictures, and so on to a hard drive or the cloud.

For Android devices, open up the Settings app then tap System > Advanced > Reset options, and then Erase all data (factory reset). Over on iOS, the equivalent option is in the Settings app under General > Reset > Erase All Content and Settings.

If you’re using a Windows computer, you need to load up the Settings app then click Update & Security, then Recovery, then Get started under the Reset this PC option. Choose to remove all personal files during the process. If you’re using a Chromebook or Chrome OS tablet, open up the Settingspane and pick Advanced, then Powerwash to get your computer into an as-new state.

It’s slightly more involved on a Mac: You need to restart macOS, then as soon as it begins to boot up again, hold Option+Command+R until you see a spinning globe. Release the keys, then choose Reinstall macOS, then choose Continue. Follow the on-screen instructions and select your main hard drive when prompted.

DAVID NIELD

For most devices using flash or SSD storage, that should be enough to stop all but the most determined data recovery experts. If your computer uses an older, mechanical hard drive (i.e. not an SSD), certain bits of data may still be recoverable by tech-savvy users with the right tools.

It’s up to you whether to take the risk and leave it at that. The average Ebay buyer or computer recycling facility employee likely isn’t going to go to the trouble of putting together a complicated hard disk recovery setup, just on the off chance that they might stumble across some of your home movies or budget spreadsheets.

But if you want to be absolutely sure nothing can be recovered from a drive, US-CERT recommends actually physically destroying it—a hammer or drill will do the job well enough, but wear some safety goggles. You can also find specialist facilities that will take care of the destruction for you, but again, this is only really necessarily if have extremely sensitive data on your machine, or a reason to suspect that someone has specifically targeted your old electronics.

Perhaps just as importantly, you need to disconnect the devices you’re about to discard from your various your online accounts. If you’ve followed the steps above, it’s going to be very, very hard for anyone to log into your Facebook, for instance. But to be absolutely sure, you can log in on a different device and log out of other sessions remotely.

Most apps and services—Facebook, Twitter, Google, Apple, Microsoft and more—let you do this. Follow those links, log in, and look for the option to sign out of a session or remove a device to make sure it’s disconnected from your key apps and services.

Safe Disposal

DAVID NIELD

If you’re not selling your device or passing it on to someone else, it’s important to make sure it’s disposed of correctly. Fortunately, you’ve now got a choice of ways to get rid of your laptop, phone, or other gadget in a way that minimizes the impact on the environment.

Your first port of call should be the company that manufactured your device. Apple, for example, has a comprehensive recycling program, and will even give you some cash back for a new purchase if your device is in reasonably good condition. Answer some questions online, then mail off the device or take it into an Apple Store.

Other manufacturers have similar schemes available, including Google and Samsung. Again, you can to ship your device back to the company involved, and you might get access to a trade-in deal depending on the age and condition of your gadget.

If you don’t want to give the device back to the manufacturer for whatever reason, then try the place where you bought it. Best Buy will accept just about any used electronic device, giving you some trade-in value or just taking care of the recycling for you. All the major phone carriers have trade-in and recycle programs as well.

That should give you enough options no matter what type of gadget you’re dealing with, but you can also opt to go for one of the local electronic recycling programs in your area. These vary state by state, but if you head to the E-Cycling Central website you can plug in your address and see what’s available in your region.

New Uses for Old Gadgets

DAVID NIELD

You don’t necessarily have to get rid of your old gadget; in fact, it’s better if you don’t. Most obviously, you can simply pass it on to a friend or family member, who can make good use of it and save another laptop or phone from being built, as well as saving you the hassle of disposing of it. Chances are you don’t need to worry too much about wiping a device you’re giving to a nephew or niece, either (though you never know…).

If there’s no one to take the redundant hardware off your hands, stick it on Ebay, Craigslist, or your selling platform of choice. You might be surprised at the prices you can get even for older or damaged devices; plenty of repair shops and people needing parts happily scavenge broken down gear. If you don’t get any interest, give the kit away for free. Just make sure you do wipe your devices and disconnect your accounts, as detailed above, before you sell.

It’s also worth taking a moment to consider whether you really need to get rid of your old device after all. An old phone or tablet can become a Spotify controller or a security camera; an old laptop can be set up to serve up videos and music to the other devices in your house; you could use an unwanted tablet as a dedicated ereader; and so on.

by David Nield Nov 11, 2018

How to test your tap water for lead

Nearly half of Americans suspect that their water might be unsafe. 

This article helps you understand the cause of lead in water and shares some lead test kits to identify the presence of lead.

By Kendra Pierre-Louis

People don’t trust the water that comes out of their tap, and not just in places without adequate sanitation. A 2016 survey by The Meyocks Group, an Iowa-based marketing firm, found that 43 percent of Americans either believe their tap water is unsafe to drink or are unsure of its safety.

In the wake of the Flint water crisis, that fear isn’t wholly unexpected. The city’s troubles began when the state switched the water supply from Lake Huron to the notoriously polluted Flint River, failing to properly treat it to kill pathogens and prevent lead pipe erosion. But the mistrust came when—as residents complained of foul water, disease, and even death—the Michigan Department of Environmental Quality continued to claim that the water was safe.

Luckily, homeowners who suspect that their drinking water might be contaminated have more options than ever before. In New York, for instance, folks can order a free at-home testing kit. And most hardware stores offer a similar system for purchase. We pitted those up against a new product called Tap Score to see just how accurate—and easy to understand—the results are.

How good is New York City tap water?

Most NYC locals claim to guzzle some of the best water in the country. To hear them talk, you would think the city’s soft water begins in a mythical land known as “upstate,” where it’s filtered through pristine forests and a unicorn’s mane before it descends onto the city, via a canal of pure angelic light, to create the best bagels, pizza, and drinking water known to human kind.

An Environmental Working Group (EWG) analysis of 100 municipal tap water systems found that New York City had six contaminants at levels above the health guidelines established by either a federal or state authority (though lead wasn’t among them). EWG, it should be noted, has been criticized in the past for overstating chemical risks, especially those related to food and drink. That said, EGW’s overall assessment of New York City’s tap water as compared to the rest of the country is… well, it falls short of the fantasy set by locals, but the tap is just fine.

How good is our water, really?

Popular Science’s commerce editor Billy Cadden lives in an older part of the city than I do, where buildings are more likely to use lead somewhere in their plumbing system—it’s been phased out ever since scientists confirmed how dangerous the metal can be.

“Even though the town might say, look, there’s no in the water, they then put it into a distribution system,” says Mark Burns, a professor of chemical engineering at the University of Michigan. “That distribution system goes through many different pipes, across many different joints—that are connected by many different materials—and then it gets to your glass.”

So Billy opened his home (and his taps) to three tests.

two bottles on a table

These are the collection bottles that New York City sends out. We’ve blurred out the potentially identifying information.

Kendra Pierre-Louis

Our results

Testing for lead in New York City

Using the free service from New York City’s Department of Environmental Protection proved pretty straightforward. First, you abstain from water use in your home for 12 hours—there’s generally more lead in the liquid if your pipes have settled a bit. You then fill collection bottle one (the yellow bottle) and let the pipes flush for one to two minutes before filling bottle two (the red one). You bundle the whole thing up in a package and mail it back. We got the results about three weeks later.

The city found that the first draw had 1 microgram of lead per liter, well below the federal action level of 15 micrograms per liter. The second draw, after Billy had let the water flow for a bit, had no detectable lead at all. The test was reassuring, though the results were in a form letter that wasn’t exactly user-friendly.

But in the wake of Flint, many people are understandably distrusting of reassurances from government agencies. How could we know the test was accurate? Then there’s the fact that the test only looks for lead; it may be a hot-button contaminant right now, but there are certainly other things that could make your tap water unsafe.

Home Testing

Our second round used a “First Alert” home test (sold online and in many hardware stores) that promised to detect not only lead, but also bacteria, pesticides, nitrates, chlorine, hardness, and pH. If you have lead pipes, acidic water can cause the lead to leach out. That’s essentially what happened in Flint. Because water managers failed to add an anti-corrosive agent (as a cost-cutting measure), water from the Flint River ate away at the pipes and pulled lead into the drinking supply.

Contaminants are broken down into individual tests, each requiring a separate vial of water or testing strip. Like the test done by the city, we were in the clear for lead. We also came up either negative or within normal range for everything else, which certainly suggests that Billy can continue to happily drink his tap water.

This test certainly gets points for immediate gratification. With the exception of the bacterial test, which took 48 hours, we didn’t have to wait more than 10 minutes for any result. For less than $15 on Amazon, it’s a good option for someone looking for quick reassurance.

Tap Score

Of the three tests that we took, Tap Score was the easiest. It also had the most comprehensive results, including measurements for things like copper (which only makes you sick at very high levels, but can kill your goldfish at a much lower threshold), hexachlorobutadiene (which can affect the kidneys), and isopropylbenzene (which may increase risk of cancer). But Billy did not dig the delayed gratification.

With Tap Score, you have to fill two vials—much smaller than the ones the city had sent—mail them off, and wait for them to get back to you. Still, it was fun getting a cheerful email telling us that our water ranked in the 99th percentile for tap water quality.

“You’re living in the best possible scenario,” says John Pujol, who created Tap Score with his company Simplewater. “You have this fantastic water system in New York City, a big, rich, dense population where people are actively on top of problems. That’s a luxury. But for 20 to 30 percent of Americans that live in communities that are much smaller, either these issues never emerge—so the water system doesn’t feel the heat to solve problems—or it does emerge, and you have a water system that knows it has a problem but doesn’t have the funding to fix it.”

The goal of Tap Score isn’t really to test water like New York’s, but for small municipal systems and the 40 to 50 million people who are on wells, and maybe wouldn’t ordinarily get their water tested—or know what to do with the results.

“It’s really the interpretation of the water that other tests lack that sets Tap Score apart,” says Pujol. “If it’s a municipality, they’re only going to test your water for certain controlled substances that are managed by the EPA, but those are by no means the full set of parameters anymore. It’s been around 10 years since the United States Environmental Protection Agency (EPA) has introduced any new standards.”

In the interim, companies have introduced thousands of new potential contaminants.

“So, what we seek to do is not just test for those regulated contaminants, but go a little bit further and test for pharmaceutical compounds,” says Pujol. “We test for unregulated but potentially dangerous compounds that are on the contaminate candidate list. These are contaminants which the EPA is looking at, but it’s going to take them 10 years to come to any decision.” 

If your test turns up positive, Tap Score offers you potential solutions. But it also costs at least a hundred bucks, and prices are higher for the most comprehensive tests.

Should I test my water for lead?

If you’re at all uncertain of your water’s safety—and you live in New York State—nabbing a free testing kit is a no-brainer. If your state doesn’t offer testing for free, consider investing in a $15 kit to ease your mind. The redundancies between our three results certainly suggest that all of the options we tried are fairly accurate, so if spending 100-200 dollars on a testing kit sounds like overkill, it probably is. But if you live in a town where municipal testing is infrequent—or if you get your water from a well you’ve never tested—it might be worth upgrading to a test that’s as comprehensive and user-friendly as Tap Score.

Don’t keep cell phones next to your body, California Health Department warns

by

The California Department of Public Health (CDPH) issued a warning against the hazards of cellphone radiation this week. Yes, the thing we are all addicted to and can’t seem to put down is leaking electromagnetic radiation and now California has some guidance to safeguard the public.

The CDPH asks people to decrease their use of these devices and suggests keeping your distance when possible.

“Although the science is still evolving, there are concerns among some public health professionals and members of the public regarding long-term, high use exposure to the energy emitted by cell phones,” said CDPH director Dr. Karen Smith.

The warning comes after findings were offered up this week from a 2009 department document, which was published after an order from the Sacramento Superior Court.

A year ago, UC Berkeley professor Joel Moskowitz initiated a lawsuit to get the department to release the findings after he started looking into whether mobile phone use increased the risk of tumors.

A draft of the document was released in March, but the final release is more extensive.

“The cellphone manufacturers want you to keep a minimum distance away from your body and you should find out what that distance is,” Moskowitz told local news station KCRA, shortly after the draft release. “If you keep the device by your body you will exceed the safety limits provided by the FCC.”

According to the Federal Communication Commission’s website, there is no national standard developed for safety limits. However, the agency requires cell phone manufacturers to ensure all phones comply with “objective limits for safe exposure.”

The CDPH recommends not keeping your phone in your pocket, not putting it up to your ear for a prolonged amount of time, keeping use low if there are two bars or less, not sleeping near it at night and to be aware that if you are in a fast-moving car, bus or train, your phone will emit more RF energy to maintain the connection.

Other organizations have warned of the dangers of cell phone radiation exposure as well, including the Connecticut Department of Public Health, which issued similar recommendations in May of 2015.

However, Moskowitz maintains most state and federal health agencies have not kept up with the research. “The preponderance of the research indicates that cell phone radiation poses a major risk to health,” he said in a statement.

How to spot a phishing email

Even if you have security software, phishing is a serious threat, one that can expose you to ransomware. Here’s how to avoid these dangerous emails.


Security threats come in all shapes and sizes. You’ve probably heard of viruses, trojans, keyloggers and, more recently, ransomware. Want to know what they all have in common? They can all be the result of phishing.

The word itself is a homophone; hackers use bait — usually in the form of a seemingly legitimate file or link — to “phish” for victims. And because this bait is usually spread via email, it’s hard for security software to, er, philter out. That’s what makes it so pernicious.

A sad example of a business ‘phished’

True story: A couple years back, my brother-in-law’s business was breached by ransomware. This horrific code encrypted nearly every data file — Word documents, Excel spreadsheets and so on — and literally held them for ransom. If he wanted his data back, the price would be $700.

According to a security pro hired to help, the ransomware got in when one of the owners opened an email attachment marked “My resume” — a seemingly harmless action, especially given that the company was, in fact, actively hiring.

Phishing can also result in identity theft and even lock you out of your phone. But wait, isn’t security software supposed to protect you from such threats? It is, but that’s what makes phishing so devious: It arrives as seemingly harmless-looking email and cajoles or frightens you into action — usually clicking a link or opening a file. And often that’s all it takes.

While many people are well acquainted with this practice and know what to look for, I suspect there are plenty of folks who still fall victim. Heck, I consider myself an expert at phishing avoidance, yet I’ve had occasional momentary lapses that almost got me to click a fraudulent link.

How to spot a fake email

Below I’ve shared an actual email that shows some telltale signs of phishing fakery. Note that because I’m a PayPal user, the email certainly caught my attention — at least initially.

paypal-fake-phishing-2015.jpg
Screenshot by Rick Broida/CNET
  1. Like many people, I have several email addresses. But this message came to an address that isn’t linked to my PayPal account. What’s more, the “To” field is blank, an obvious sign it didn’t actually come from PayPal.
  2. Bad grammar and spelling are telltale signs of phishing. Big companies hire professional copywriters (and editors) for email communication.
  3. My name is missing. The salutation merely reads, “Hello, [blank].” I’m pretty sure PayPal would communicate with me by name.
  4. Another strong clue this is a fake: I didn’t just sign up for PayPal. Now, you might think, “Oh, no, somebody created a PayPal account in my name!” Again, this is a scare tactic (and a weak one at that) designed to get you to click the inviting blue button. Were you to do so, you’d probably be directed to a site that looks fairly PayPal-like, with a form requesting all kinds of personal info — including a credit card number. Alternately, you could land at a site that stealth-installs a bunch of spyware and/or viruses.

This was some sloppy phishing. But there are much craftier ones out there, like “your account has been compromised!” or “FedEx has a delivery waiting for you” emails that look indistinguishable from the real thing.

Fortunately, it’s fairly easy to protect yourself against come-ons like these.

How to avoid getting caught in a phishing net

Always be suspicious. Phishing emails try to freak you out with warnings of stolen information or worse, and then offer an easy fix if you just “click here.” (Or the opposite: “You’ve won a prize! Click here to claim it!”) When in doubt, don’t click. Instead, open your browser, go to the company’s website, then sign in normally to see if there are any signs of strange activity. If you’re concerned, change your password.

Check for bad spelling and grammar. Most of the missives that come from outside the US are riddled with spelling mistakes and bad grammar. As I noted earlier, big companies hire professionals to make sure their emails contain perfect prose. If you’re looking at one that doesn’t, it’s almost certainly a fake.

Beef up your browser. An accidental click of a phishing link doesn’t have to spell disaster. McAfee SiteAdvisor and Web of Trust are free browser add-ons that will warn you if the site you’re about to visit is suspected of malicious activity. They’re like traffic cops that stop you before you turn down a dangerous street.

Use your phone. If you’re checking email on your phone, it might actually be harder to spot a phishing attempt. You can’t “mouse over” a questionable link, and the smaller screen makes you less likely to spot obvious gaffes. Although many phone browsers (and operating systems) are immune from harmful sites and downloads, it’s still good to exercise caution when dealing with suspicious links. (Obviously you still shouldn’t complete a form that asks for your password or other personal info.) Android users in particular should be aware of the potential risks.

Most of all, rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Microsoft did not “remotely detect a virus on your PC.” Know the warning signs, think before you click, and never, ever give out your password or financial info unless you’re properly signed into your account.

Have any other antiphishing tips? Share them in the comments.

Condominiums: Who pays for water damage?

by Joe Adams, an attorney with Becker & Poliakoff, P.A., Fort Myers.  (jadams@bplegal.com)

Q: Our condominium is made up of a number of three-story buildings. Every year we have a number of water leaks from an upstairs unit to one or more downstairs units. While the insurance carrier for the owner of the damaged unit usually pays for most of the repairs, the association is always told it is responsible for the drywall. In most of these situations, the damage to the drywall is less than the association’s deductible. The association then has to pay the entire amount associated with the repair or replacement of the drywall, even though it was not responsible for the damage. I am the treasurer of our board, and I do not understand how or why this is the association’s responsibility, rather than the owner who caused the damage. (T.L by e-mail)

A: This is one of the most common issues I face in representing condominium associations. The law has changed on this topic more times than I can count in the 30 years I have been representing associations. On behalf of the Florida Bar, I have taught lawyers continuing legal education on the subject, and even I get confused sometimes.

At its most basic level, the law distinguishes between repairs following an “insurable event” (sometimes called a “casualty”) and preventative maintenance or work that is necessary due to routine wear and tear.

The current state of the law traces its roots back to amendments to the Florida Condominium Act that were adopted in 2008. I have discussed these changes previously in this column, including my August 31, 2008 column entitled “Condo Owners Should Heed ‘Plaza East’” as well as my September 19, 2010 column entitled “‘Plaza East’ Now Florida Law.” Past columns are available on-line.

Plaza East was a decision (involving a condominium by that name) rendered by the state agency that regulates condominiums in Florida (known as the Division of Condominiums, Timeshares, and Mobile Homes). The Division interpreted the statute to say that the party that is responsible to insure a portion of the condominium property is the party that is responsible to pay for a loss in the event that there are insufficient insurance proceeds to pay for the repair. The decision was contrary to the provisions of many governing documents, and contrary to the interpretation of most attorneys, thus creating great uncertainty.

Drywall is part of the original condominium property as originally installed and is not on the list of items that are excluded from the association’s insurance responsibility. Therefore, if drywall is damaged due to an “insurable event” (such as a bursting pipe), the Association is the party that insures the drywall and is therefore the party that is responsible to repair the drywall and pay if there is insufficient insurance or if the cost of repair or replacement is less than the amount of the deductible. If the damage does not arise from an “insurable event” (such as a slow, continuous leak), then the maintenance provisions of the declaration of condominium control.

To add a bit more spice to the sauce, there is also the ability to seek contribution from the owner who caused the leak if there was negligence or a violation of the condominium documents, and the benefits of the Plaza East rule also do not apply in those circumstances.