Posts Tagged: ‘Malware’

Scam of the day – September 13, 2016 – Phony Hillary Clinton video contains malware

September 12, 2016 Posted by Steven Weisman, Esq.

A common way that hackers manage to trick people into downloading malware used to steal the information from your computer or smartphone and enable them to make you a victim of identity theft is to send the malware disguised as an attachment for a video of something of great interest to many people.  It may be something related to a celebrity, such as purported nude videos or it may be of an event in the news, such as a video purporting to show formerly unavailable footage of, for instance, the shootings in the Orlando nightclub.  The presidential election is tremendous fodder for people seeking videos of candidates in compromising situations and scammers are taking advantage of this with malware attached to emails promising to provide newsworthy events. Such is the situation, as reported by computer security company Symantec, with an email presently circulation promising that the attached video shows Hillary Clinton accepting money from an ISIS leader in 2013.  In addition to being a totally outrageous accusation not based in any fact, the email is fraught with poor grammar.  However, that is not stopping some people who are clicking on the link and unwittingly downloading malware that can result in their becoming a victim of identity theft.

TIPS

Regardless of who sends you an email or a text message with a link attached, you should never click on the link until you have confirmed that the communication is legitimate.  Even if the message appears to come in the email or text message from a trusted friend, you can’t be sure that your friend has not had his email or smartphone hacked and used by a scammer to spread malware.  You should have security software on all of your electronic devices including your computer and smartphone and make sure that you keep your security software up to date with the latest security patches, but you cannot totally rely on that software to protect you from all malware dangers because it generally takes the software security companies about a month to catch up with the latest strains of malware.  Finally, in regard to communications promising startling videos or pictures of celebrities or newsworthy events, you should be particularly skeptical as to their authenticity.   Instead, it is better to rely on legitimate news sources that you can trust to be safer and more accurate.

Scam of the day – September 11, 2016 – New malware attacking online banking app

September 11, 2016 Posted by Steven Weisman, Esq.

Many people find that doing their banking through their mobile devices is quick, efficient and convenient.  Unfortunately, it also carries with it risk of cybercriminals hacking the smartphones and other mobile devices used by their victims to gain access to their victims’ bank accounts and steal their money. In my Scam of the day for June 3, 2016 I gave a number of tips about how to do your online and mobile banking more safely.  Cybersecurity, however, is a never ending process and a few days ago, researchers at cybersecurity company Kaspersky Lab announced it had discovered a new form of malware used to steal banking information and credit card information from the smartphones of Android users that can override the new security features Android had installed in the Android OS version 6 specifically to combat this type of threat and other similar threats.

The new malware which is a modification of the Gugi banking malware starts, as with so many attacks by luring the victim into clicking on a link in a legitimate appearing text message that results in the initial downloading of the malware.  Once it is downloaded, however, the malware creates a display on your screen indicating the need for additional rights to work with graphics and windows.  If the victim clicks on the only link provided, another screen asks them to authorize app overlay and then other permissions. If the victim realizes what is going on and does not provide the requested permissions, the malware blocks the entire smartphone.  The only way to fix the problem at this point is to reboot the smartphone in safe mode and attempt to remove the malware, which  is difficult to do.

If the malware does get fully installed with all of the permissions it requires, it enables the cybercriminal to take total control of the victim’s electronic banking and can readily empty his or her accounts.

TIPS

Along with the basic online and mobile banking precautions I urged you to take in my Scam of the day for June 3, 2016, you can protect yourself from the Gugi malware by never just automatically giving rights and permissions when an app requests you to do so.  Always evaluate why the app would need such permissions.

As always, the two most important things to do to protect yourself from any cybersecurity threat to your mobile phone is to follow my advice of “trust me, you can’t trust anyone” and never click on links regardless of who appears to be sending them until you have absolutely confirmed that the links are legitimate.  Also, make sure you that you not only have security software on all of your mobile devices, but that you keep the security software updated with the latest security patches as soon as they are available.

Scam of the day – September 6, 2016 – Phony survey scam

September 6, 2016 Posted by Steven Weisman, Esq.

Today’s Scam of the day is one about which I have been writing for more than two years, but keeps turning up in the email of many people.    Using the logos of legitimate companies such as Kohl’s Costco, Walmart and Amazon, just to name a few, you are told that you will receive a $50 gift card from these companies if you merely complete a short survey.  The survey looks official and the page has the official logo of a familiar company, however often what the scammers are seeking is personal information that can be used to make you a victim of identity theft.  Sometimes they use the information to craft spear phishing emails likely to convince you to click on links infected with malware.  In other instances, your phone number is turned over to telemarketers.

TIPS

As I always say, “trust me, you can’t trust anyone.”  Merely because an email appears to be official and carries a company’s logo does not make the communication legitimate.  It is very easy to copy a logo on to an email and make the communication look official and legitimate when, in fact, it is a counterfeit and a scam.  No legitimate survey will ever ask for banking information, passwords, Social Security numbers, credit card information or banking information.  The only reason for asking for that information is to make you a victim of identity theft.  Finally, no company is going to be in a position to give everyone who completes a customer satisfaction survey a $50 gift card.  A legitimate company may enter you into a drawing to win such a card by completing a survey, but no company is giving away $50 gift cards to everyone.

Scam of the day – August 30, 2016 – NASCAR team becomes victim of ransomware

August 29, 2016 Posted by Steven Weisman, Esq.

This past Spring, the computer of the crew chief of the NASCAR Circle Sport-Leavine Family Racing (CSLFR) team was infected with ransomware.  Ransomware, as regular readers of Scamicide know is malware that gets unwittingly downloaded on to a person’s or company’s computer, which when downloaded encrypts the data of the victim.  The victim is then told to either pay a ransom, generally in bitcoins within a short period of time or the hacker will destroy the data.  In this case, the racing team paid the $500 bitcoin ransom and got their  huge amounts of data back.  The particular type of ransomware used in this attack was TeslaCrypt for which there already existed security software that could have prevented the malware from being able to encrypt the files, however,  CSLFR did not have such security software on their computers.

Ransomware has become one of the most common and effective cybercrimes in the last year, successfully targeting individuals and a wide range of companies including law firms, accounting firms and even police departments.  As big data becomes more and more a part of sports teams, particularly in Major League Baseball, the National Basketball Association and the National Football League, you can expect future attacks against professional sports teams to become more common.

TIPS

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.  It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  In the case of CSLFR, they fell victim to a type of ransomware for which there already existed security software to prevent the TeslaCrypt ransomware from operating.  Always keep your security software up to date.  Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Scam of the day – August 4, 2016 – Olympic scams

August 4, 2016 Posted by Steven Weisman, Esq.

Tomorrow brings the much anticipated opening ceremonies of the 2016 Rio Olympic Games and scammers will be taking advantage of the public’s interest in the event to lure them into scams.  As the Games get underway many people will be receiving emails and text messages purporting to contain updates, photos and videos of Olympic events.  Unfortunately, if you click on the links or download the attachments in these emails, you will end up downloading keystroke logging malware that will steal your personal information from your computer, laptop, tablet or smartphone and use that information to make you a victim of identity theft.   You also run the risk this year of downloading ransomware that will encrypt all of the data on your computer and threaten to destroy it if you do not pay a ransom.

Also, If you are shopping for Olympic merchandise, you should be wary of the large amount of counterfeit and poor value fake Olympic merchandise that is being sold on the Internet.

TIPS

As I have warned you many times, never click on a link or download an attachment unless you are absolutely sure that it is legitimate.  In regard to Olympic email or text message updates you are better off not downloading or clicking on links in any emails or text messages you may receive even if they appear to be from a legitimate source because the URL may appear to be legitimate, but it may merely be “spoofed” or copied from a legitimate site so it appears legitimate, but in truth is not.  You are better off going directly on your own to sources such as www.espn.com that you know are legitimate.  Also, make sure that your anti-malware and anti-virus software is installed and up to date on all of your electronic devices.  Also, be wary of links sent to you through social media such as Facebook even if they look legitimate because it is easy to hack someone’s social media accounts to send out malware that unwary victims click on.

In regard to purchasing official Olympic merchandise, go directly to the official Olympic website of https://www.olympic.org/rio-2016.  If you want Team USA merchandise, go the official Team USA website of http://www.teamusa.org/road-to-rio-2016.   Both of these websites are safe and secure places to purchase official Olympic merchandise and apparel.

Scam of the day – July 18, 2016 – Facebook cloning or spoofing

July 18, 2016 Posted by Steven Weisman, Esq.

Just last weekend, I received three “friend” requests on Facebook from people who were already Facebook friends of mine, which is an indication that someone had set up new Facebook pages in their names and was attempting to lure their friends into becoming friends with the hacker.  This scam is called either Facebook cloning or Facebook spoofing and the goal of the hacker is to get people to respond to the new friend request and then to lure the friends of the person whose Facebook page they commandeered to trust communications and postings from the cloned page in an effort to get them to click on links and download malware or ransomware or respond to emergency requests by sending money.

TIPS

There are many things you can do to protect yourself from this type of scam.  Scammers harvest information from social media to help them in their scams so the first thing you should do is to check to see if the public is able to see your posts.  Click on the padlock at the top right hand side of your Facebook page and click on “Who can see my stuff?”  It should say “friends,” but if it says “public” you should change that setting to “friends” to increase your privacy.

As for accepting friend requests, if you are already a friend of the person, don’t accept a second request.  Also, when accepting friend requests, don’t do it from the friend request email.  Instead go directly to your Facebook page from your browser and not from a link in the email because it could be a phishing scam seeking to steal your password or other information.

Finally, it is worth repeating that you should never trust any communication that contains a link until you have confirmed independently that the communication is legitimate.  The risk of malware in a link found in social media, a text message or email is just too great.

If your Facebook account has been cloned, here is a link that will take you to Facebook with tips as to what to do and how to report the problem.  https://www.facebook.com/help/174210519303259

Scam of the day – July 12, 2016 – Instagram Ugly List scam

July 12, 2016 Posted by Steven Weisman, Esq.

A recent scam that has been victimizing people starts when you get an Instagram notification telling you that you have been tagged in a post called “Ugly List 2016.”  To make things worse, it appears that it is a friend of yours who tagged you.  The notification contains a link to enable you to see the full post.  If you click on it, it takes you to what appears to be the Instagram log in page where you have to type in your username and password in order to see the full Ugly List 2016.  However, the log in page to which you were directed by the link is a phony and if you type in your username and password, you have just turned over that information to a hacker.  The hacker, in turn, may send out Instagrams that appear to come from you including new Ugly List 2016 tags to your friends.

But why, would a hacker do this?

Certainly sometimes it is just done to embarrass people, but other times it is done to get people to turn over their usernames and passwords to the cybercriminals who count on many people using the same usernames and passwords for all of their accounts including online banking and other online accounts that have information that can be used by the cybercriminal for purposes of identity theft.

TIPS

In regard to this particular scam, it is important to remember that there is no Ugly List 2016 so do not respond to it.  It is also important to remember when you are contacted by your friends through social media or even through emails or text messages, you can never be sure that any links contained in these communications that you are urged to click on are legitimate.  They may be tainted with malware.  Remember my motto, trust me, you can’t trust anyone.  These messages that appear to come from your friends may indeed come from their accounts which have been hacked and sent by an identity thief.  Never click on links or download attachments in emails, text messages or on social media until you have absolutely confirmed that the communication is legitimate.

As for your passwords, it is important to have a complex an unique password for every online account you have.

Scam of the day – May 2, 2016 – Another new USAA phishing scam

May 2, 2016 Posted by Steven Weisman, Esq.

Yet another phishing email is turning up purporting  to be from USAA, the insurer of millions of members of the military as well as many veterans, telling you that you need to click on links in the email in order to resolve security issues.  Like many phishing emails,this one tries to convince you into thinking you must click on a link and provide personal information or suffer dire consequences when the truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.  Here is a copy of the newest phishing email that is presently circulating.  DO NOT CLICK ON THE CONTINUE BUTTON.  As phishing emails go, the graphics are pretty impressive, however there are several grammatical errors including the word “temporal” being used instead of “temporary”.  It also  should be noted that the email is directed to “Dear Valued Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – April 15, 2016 – Tax scams multiply as filing deadline approaches

April 15, 2016 Posted by Steven Weisman, Esq.

Today, April 15th is the usual deadline for filing your federal income tax return, however, as many people know, if the 15th falls on a weekend, the filing deadline is pushed back to the next Monday.  If April 15th is a holiday, the filing date is also pushed back.  This year, April 16th is Emancipation Day, which is a legal holiday in Washington D.C. and because it falls on a Saturday, federal employees have the preceding Friday, April 15th, off from work which pushes the filing deadline to the next business day, which is Monday, April 18th.  If that isn’t complicated enough, if you live in Massachusetts or Maine, you have until April 19th to file your tax returns because April 18th is Patriot’s Day, a state holiday in those two states.

In any event, scammers and identity thieves don’t take off holidays and the IRS is warning people again about an increase in income tax scams that are occurring in the final days before the income tax filing deadline.  There are a number of various scams tied to income tax filings, but they generally fall into four categories.  The first is when you get a telephone call purporting to be from the IRS informing you that if you don’t send them money right away, you will be arrested or suffer some other serious penalty.  The second is when you receive an email or text message apparently from the IRS requiring you to verify information in order to receive your refund.  You supply this information by clicking on a link.  The third is when you receive a telephone call apparently from the IRS asking you to confirm personal information over the phone in order to receive your refund.  The fourth is when you receive a call, text message or email from your online tax preparation company requiring you to confirm personal information.

All of these are scams that will either directly steal your money or provide the identity thieves with personal information they can use to make you a victim of identity theft.

TIPS

The IRS will not call you and threaten you in order to collect outstanding taxes and they will not require you to wire money to them.  Even if your Caller ID indicates it is the IRS calling, scammers using a technique called “spoofing” can make it appear on your Caller ID that it is the IRS calling when it is not.  If you get a call from someone purporting to be from the IRS initiating contact about collecting overdue taxes, it is a scam.  It is that simple.  Just hang up.

The IRS will not be contacting you by phone, email or text messages to confirm information regarding your tax return, so never provide personal information in response to being contacted in these ways by someone pretending to be with the IRS.  In addition, merely by clicking on a link contained in such electronic messages could download malware that could steal your personal information from your computer and use it to make you a victim of identity theft.

Phony emails or text messages from your online tax preparation company requesting personal information is a very prevalent scam this year.  Whenever you get an email or text message from anyone asking for personal information, do not provide it unless you have independently confirmed that it was legitimate.  Trust me, you can’t trust anyone.

Here is a link to the IRS’ recent warning.  https://www.irs.gov/uac/Newsroom/IRS-Warns-of-Continued-Scams-and-Varied-Tactics-as-the-Tax-Deadline-Nears

Scam of the day – March 18, 2016 – Guilty plea in celebrity nude photo hacking

March 17, 2016 Posted by Steven Weisman, Esq.

I first reported to you about a major hacking of nude photos of celebrities on September 2, 2014.   At that time, news of stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Cat Deeley, Kayley Cuoco, Kim Kardashian, Scarlet Johansson and others was sweeping across the Internet. The photos were taken from  the Apple’s iCloud accounts of the hacked celebrities as well as their email accounts.  Now the U.S. Attorney for the Central District of California has issued a press release indicating that Ryan Collins has agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act admitting responsibility for the hackings.

The manner by which Collins accomplished the hacking was simple, but effective.  He sent spear phishing emails to his intended victims that appeared to come from Apple or Google in which under various pretenses he requested the victims usernames and passwords, which he then used to access their email accounts and iCloud accounts from which he stole the photos and videos.

TIPS

There are a number of lessons to be learned from this crime about how to protect our own security.  You should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.   Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions that can permit a hacker to gain access to your email account.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the two-factor identification protocols offered by Apple and many others.  With two-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Jennifer Lawrence and the other hacked celebrities used the two-factor identification protocol, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.

It is also important to resist providing your username and passwords in response to emails and text messages unless you have absolutely independently confirmed that the request is legitimate, which such requests seldom are.

Finally, for people considering looking up these nude celebrity photos on line, my advice is simple.  Don’t do it.   Ethically, it is the wrong thing to do.  However practically speaking, it also is too risky an activity.  You cannot trust any email, text message or social media posting that promises access to these photos and videos.  Many of these will be laced with malware and you cannot know which one’s to trust.  Trust me, you can’t trust anyone.  In addition, identity thieves set up phony websites that promise to provide these photos and videos, but instead install malware on your computer when you click on links in these websites.  Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser.