Posts Tagged: ‘Malware’

Scam of the day – May 10, 2015 – Hackers with Ransomware targeting Hedge Funds

May 10, 2015 Posted by Steven Weisman, Esq.

In a frightening speech two days ago in Las Vegas to a convention of hedge fund managers that hopefully will serve as a wake-up call to those in the financial industry, John Carlin, the head of the Justice Department’s National Security Division warned his audience that hedge funds have become the target of a wide range of hackers including nationally sponsored hackers from Russia, China, Iran and North Korea as well as criminal groups from around the world and terrorist groups.  One of the primary attack methods is the use of Ransomware, about which I have written numerous times over the last few years.  Ransomware is a type of malware that when downloaded on to the victim’s computers encrypts and seals the victim’s data.  The victim is then informed that either the victim pays a ransom immediately or its data will be destroyed.  Already several hedge funds have fallen victim to this type of attack.


An important thing to remember about Ransomware as with most malware used by hackers and identity thieves is that in almost every case, the malware was downloaded through socially engineered phishing emails that tricked employees into downloading the dangerous malware.  Corporate America has not done a good job of either training employees as to how to avoid phishing emails or segregating and isolating important data from vulnerability to such attacks.

This story is not only important to the national and international economies, but also to all of us personally as Ransomware is being used against individuals as well as companies.  Once again, the best way to avoid downloading Ransomware malware is to follow my motto of “trust me, you can’t trust anyone.”  Never click on a link or download an attachment until you have confirmed that it is legitimate.  In addition, make sure that you keep your anti-virus and anti-malware software up to date although this is no guarantee of protection against Ransomware because the latest malware is always at least a month ahead of the security software companies.  In addition, make sure that all of your data is backed up either in the cloud or by other data backup methods.

Scam of the day – April 19, 2015 – American Express phishing scam

April 19, 2015 Posted by Steven Weisman, Esq.

Many people are reporting receiving the following email which appears to have been sent by American Express.  It reads as follows:

“Dear American Express customer:

We have recently detected that a different computer user has attempted gaining access to your online account and multiple passwords were attempted with your user ID. Hence it is necessary to re-confirm your account information and complete a profile update. You can do this by downloading the attached file and updating the necessary fields. Note: If this process is not completed within 24-48 hours we will be forced to suspend your account online access as it may have been used for fraudulent purposes. Completion of this update will avoid any possible problems with your account. Thank you for being a valued customer.”

American Express is a popular credit card with more than a hundred million cardholders worldwide so when scammers send out a blast of emails such as the one above, they are bound to find a considerable number of American Express cardholders among the people receiving this email.  This type of email scam, which is called “phishing” attempts to scare the person receiving the email into downloading the attachment or, in other instances, clicking on a link, in order to fix the problem described in the email.  Because the problem is both plausible and serious, many people fall for this scam and download the attachment or click on the link.  In this particular scam, the attachment downloaded malware that stole personal information from the computers of the people downloading the attachment and used that information to make them victims of identity theft.  In addition, the attachment also asked for personal information that also could be used for identity theft purposes.


Regardless of how legitimate an email or text message appears and regardless of how much it may appear to require immediate action on your part, you should never click on a link or download an attachment in any email or text message unless you are absolutely sure that it is legitimate.  In this case, the mere fact that the email is addressed to “Dear American Express customer” rather than to the email recipient by name is an indication that this is a scam.  In any event, the best thing to do, if you believe that the email might be legitimate, is to contact American Express directly at the phone number on the back of your American Express credit card to find out whether or not the email or text message was legitimate.

Scam of the day – April 17, 2015 – Mass email service hacked

April 16, 2015 Posted by Steven Weisman, Esq.

Many people may not be aware of SendGrid, but there is a good chance that you have received an email from them.  SendGrid is a mass email service that is used by 180,000 companies worldwide including Uber, Pinterest, Spotify and Foursquare when companies wish to send mass email messages to their customers, such as when a company wants to alert customers to a service update. When you receive an email from SendGrid or other such mass email services, it appears that the message is being sent by the company with which you have an account, but it actually comes from SendGrid or other mass email services.  Last week one of the companies that uses SendGrid had its SendGrid account hacked in an attempt to hack into the company’s account with Coinbase, a Bitcoin exchange.  Although the company, unnamed by SendGrid, had its account with Coinbase hacked,  according to SendGrid no Bitcoins were stolen.  Last year a similar attack aimed at stealing Bitcoins from another SendGrid client, ChunkHost was foiled because, Chunkhost used dual factor authentication, preventing the hacker from accessing the Bitcoins in Chunkhost’s account even after the hackers had managed to steal ChunkHost’s password.  More and more hackers are trying to hack into the accounts of users of mass email services such as SendGrid because it enables the hacker to make his or malware containing message appear to come from a trusted source.


Remember my motto, “trust me, you can’t trust anyone.”  Merely because an email or text message appears legitimate or appears to come from a trusted email address is no reason to trust the message and click on links contained in the email or text message or download attachments to such emails or text messages.  The risk is too great.  Never click on links or download attachments unless you are absolutely sure that they are safe and legitimate.  Even if you are protected by the latest security software, you are still not safe because the most updated anti-malware and anti-virus software is always at least a month behind the latest malware.

Scam of the day – April 8, 2015 – Tewksbury Police Department pays ransom to retrieve files

April 7, 2015 Posted by Steven Weisman, Esq.

The Tewksbury, Massachusetts Police Department became the latest in a long list of police departments that became a victim of ransomware, the malware that, generally through phishing, manages to become downloaded on to the department’s computers that locks and encrypts the victim’s files making them unusable.  In this particular case, the Tewksbury Police Department’s arrest and incident records were locked and a message appeared that read, “Your personal files are encrypted.  File decryption costs – $500.”  The particular type of ransomware used in this case has been called KEYHolder and despite the efforts of federal and state law enforcement agencies as well as two computer security companies, the data could not be retrieved.  Ultimately, the Tewksbury Police Department paid the five hundred dollar ransom electronically in bitcoins as demanded, making it pretty much impossible to trace.

In recent years, particularly since the development of CryptoLocker, one of the early ransomware malware programs, ransoming of computer data has brought criminals as much as 28 million dollars in ransom payments.  Many government agencies and police departments have been targeted along with the computers of ordinary citizens.  No one is safe.  The Colinsville, Alabama Police Department became a victim of ransomware last summer, refused to pay the ransom and lost their infected database of mugshots.  The Durham, New Hampshire Police Department also refused to pay a ransomware, but wisely had backed up its information so it lost nothing of value.  Other police departments, companies, government agencies and individuals have not been so fortunate, however and have either paid the ransom or lost their data in many instances.  Depending on the sophistication of the malware used, sometimes the ransomware can be defeated, but often it cannot.


Certainly you want to always keep your anti-virus and anti-malware software up to date on all of your electronic devices, however, you can never be fully confident that this will keep you safe because the latest viruses and malware are always at least a month ahead of the software security updates created to deal with these issues.  Since generally the ransomware is downloaded on to the victim’s computer by clicking on a link in an email, it is critical that you not click on links in emails unless you are absolutely sure that the link is legitimate.  Finally, it is very important to back up all of your data independently every day so that even in a worst case scenario, you will not need to give into the demands of extortionists.

Scam of the day – March 21, 2015 – College students and identity theft

March 20, 2015 Posted by Steven Weisman, Esq.

Recently, Javelin Strategy & Research issued its annual Identity Fraud Study and it is quite enlightening.   The study found that almost 13 million people were victims of identity theft last year at a cost of 16 billion dollars. One of the more interesting trends noted in the study is that while college age students are highly susceptible to identity theft, more than 64% of them said that they were not very concerned by fraud.  In addition, when college students became victims of identity theft, it took them longer to discover that their identity had been stolen and twice as long to remedy the problem than other victims of identity theft. College students are particularly susceptible to identity theft because of the close quarters in which they live where people may be coming into and out of their dorm rooms without much concern for security.  They are also vulnerable on their smartphones and other electronic devices as well as in their use of social media without often a concern for their privacy.


Identity theft is high tech, low tech and no tech.  It is necessary for college students and everyone else for that matter to protect themselves from all forms of identity theft.  Important papers should be kept locked in a secure container.  Documents with personal information should be shredded when being discarded rather than merely tossing in a wastebasket only to be retrieved by a dumpster diving identity thief.  The rules for intelligent smartphone use are the same for everyone.  They include using a strong password, installing the latest security software, only downloading apps from legitimate app stores and not clicking on links in text messages unless absolutely sure that it is legitimate.  Everyone should understand the privacy policy and privacy settings of the social media they use and limit the amount of personal information made available.  Finally, on social media as in any other form of electronic communications, never  click on links or download attachments regardless of how enticing they may appear unless you have confirmed that the link or attachment is legitimate.  Often the bait of a nude celebrity photo or some other lure is just a ruse to get you to download keystroke logging malware that will steal the information from your phone or  other electronic device and use it to make you a victim of identity theft.

Scam of the day – February 28, 2015 – Carnegie Mellon phishing scam

February 28, 2015 Posted by Steven Weisman, Esq.

Carnegie Mellon University is one of the country’s foremost universities in various areas of technology, but that does not mean that Carnegie Mellon employees are any better than anyone else at recognizing phishing emails.  Phishing remains the primary way that many major data breaches are initiated when employees of a company receive a legitimate appearing email that prompts the person receiving the email to click on a link under various guises.  Unfortunately, what happens in many instances is that by clicking on the link, malware becomes installed that enables the hacker to steal information and data from the computer data banks of the company.  This simple technique was how the Sony hacking and the recent billion dollar hacking of a hundred banks around the world was accomplished.  Another way that phishing works is by luring the victims to enter their usernames and passwords into legitimate appearing communications thus providing that information to hackers and identity thieves.   That is what happened to an undetermined number of Carnegie Mellon employees who  were lured into providing their log-in information when they responded to an email entitled “Your Salary Raise Information.”


This phishing scam is particularly noteworthy because it once again shows that sophisticated, technologically savvy people can fall for the lures of phishing emails, which is why everyone should always be skeptical before responding to any email or text message that requires you to provide personal information or click on a link.  In either situation, you can never be sure when you receive an email or text message that the communication is legitimate.  So along with maintaining the latest security software on your electronic devices, it is important to make it a habit to never to provide personal information or click on links in response to text messages or emails until you have absolutely confirmed that the communication is legitimate.

Scam of the day – February 12, 2015 – Anthem hacking lawsuits filed

February 11, 2015 Posted by Steven Weisman, Esq.

Although the disclosure of the hacking and data breach at Anthem, the country’s second largest health insurance company was only disclosed eight days ago, the first lawsuits alleging negligence on the part of Anthem in failing to take proper steps to protect the personal data on the as many as 80 million Anthem customers were filed in Indiana, California, Alabama and Georgia.  It now appears that the actual hacking was first detected by Anthem on January 27th, but started as early as December 10th.  Once again, as is the pattern with so many major data breaches, it appears that the hackers gained access to Anthem’s, what have been reported to be, unencrypted data bases through phishing emails that tricked five Anthem employees  into either providing their passwords or clicking on malware loaded links that stole the passwords from the Anthem employees’ computers.


Many companies are just not doing enough to protect their sensitive data including personal information of their customers.   There are many steps that companies can and should be taking including greater encryption of data, employee education about phishing and limiting of access to information from off-site computers.  Whether companies need to be prompted by lawsuits or legislation, the problem is so significant that companies must take action now to better protect themselves from hacking.

As for we, the customers, all we can do is try to limit as best we can the personal information provided to the companies with which we do business (your doctor, does not need your Social Security number) and monitor our financial and medical dealings for signs of identity theft.  Putting a credit freeze on your credit reports at each of the three major credit reporting agencies is another good step to take in order to reduce your risk of identity theft.  You can find information about how to put a credit freeze on your credit reports here on Scamicide in the archives.

Scam of the day – February 5, 2015 – Adware found in Google Play apps

February 5, 2015 Posted by Steven Weisman, Esq.

The security firm Avast has discovered malware in three apps including the popular card game Durak.  The malware causes a pop-up message to appear on your smartphone indicating that your smartphone is infected and directs you to security companies to fix the non-existent problem.  Advertisements on Google Play apps are strictly prohibited as are, of course, viruses and other forms of malware.  This particular malware which may have affected as many as ten million people was particular insidious because the message would not appear when you first installed the tainted Durak or other infected apps, but rather would be delayed for a week or more making it unlikely that people would be able to guess that the source of the problem was the infected app.  Google has removed the three infected apps from the Google Play store.  Infected apps are nothing new.  Similar infected apps result in popups that inform you that your smartphone software is out of date, infected or filled with pornography and then direct you to a website to purchase software to cure a non-existent problem.


Although these particular tainted apps came directly from the Google Play store, you are generally much safer obtaining your apps from the Google Play store or other legitimate app vendors.  However, as this case shows, you can never be guaranteed that any app you download will be totally safe.  Just as you cannot trust any email or text message that asks you to click on a link or do a download without verifying that it is legitimate, so you should never automatically click on links in popups that come up on your computer regardless of how legitimate they may appear until you have confirmed that they are legitimate.

Scam of the day – January 19, 2015 – University employee payroll scam

January 19, 2015 Posted by Steven Weisman, Esq.

The Internet Crime Complaint Center, known as IC3 has issued an alert warning about a spear phishing scam aimed at university employees around the country.  It starts with an email addressed specifically with the name of the intended victim.  The email looks official and appears to have been sent by the Human Resources Department of the college or university where the intended victim works.  The email informs the potential victim that there has been a change of the employee’s status and that the employee is required to click on a link contained in the email that takes the employee to a website that appears to be that of the Human Resource Department for the college or university where the victim works where the employee is prompted to input information.  The website is  counterfeit.  The scam is a ruse intended to obtain the login information of the potential victim.  Once this information is provided to the scammer, he or she then logs on to the real Human Resources Department page and changes the bank account information for where the employee’s check is deposited so that the school sends the victim’s check to a bank account controlled by the identity thief.  In addition, since many people use the same user name and password for all of their accounts, the scammers may also attack other accounts of the victim.


Although the IC3 warning deals specifically with university and college employees, this scam works just as well with any company that pays their employees through direct deposit so everyone who is paid through a direct deposit should be aware of this scam.  Remember my mantra, “trust me, you can’t trust anyone.”  Never click on links in emails unless you are sure they are legitimate.  In many instances, by clicking on the link, you are unwittingly downloading malware on to your computer or other electronic device.  You also should never provide personal information in a reply to an email.  Confirm whether or not the request for personal information is legitimate and even then, go directly to a website for the company or other institution that you know is legitimate to provide such information.  Finally, as I have warned you many times, (sorry to be a nag) use a unique password for all of your accounts so that if your password from a particular account is jeopardized, your other accounts are still safe.  This is not as difficult as it might seem.  In my book “Identity Theft Alert,” I provide instructions as to how to pick easy to remember, strong passwords.

Scam of the day – January 12, 2015 – Hackers attack German steel mill

January 12, 2015 Posted by Steven Weisman, Esq.

With all of the attention directed at the hacking of Sony Pictures by hackers associated with North Korea, much less attention was given to perhaps an even more ominous cyberattack done around the same time to a German steel mill.  Unknown hackers gained access to the steel mills computers, as they often do in attacks against major companies, through spear phishing of employees by which they lured unwitting employees to click on links or provide information under the belief that the emails they received were sent by upper management within the company.  Armed with the information gathered through the spear phishing, the hackers gained control of the blast furnaces of the steel mill that contained intensely heated molten metal.  According to BSI the German government’s office of information security, massive damage was done through the hacking although BSI did not specify what physical damage occurred as a result of the hacking.  This is only the second confirmed hacking event where a cyberattack has been used to destroy physical materials and equipment.  You have to go back all the way to 2007, when the Stuxnet malware was used to destroy Iranian centrifuges at a uranium enrichment plant to find a precedent.


Many of us have warned governments and private industry of the extreme danger posed by cyber sabotage of essential infrastructure of countries around the world.  It is hoped that in the light of the this threat and the attention brought to hacking by the Sony hacking, that a more concerted effort will be made by both governments and corporations to make their systems more secure.  President Obama has tried unsuccessfully for years to get Congress to act and will highlight cybersecurity in his upcoming State of the Union address.  It is hoped that his words and the words of security experts around the world will be heeded.