Breaking news story – June 27, 2017 – Much of the world hit by another massive ransomware attack.

According to the old saying, “fool me once, shame on you, fool me twice, shame on me.”  Reports are rapidly surfacing of another massive ransomware attack involving, Russia, Ukraine, Spain, France, India and the UK similar to the attack of only a few weeks ago that used the WannaCry malware.  The new malware, which appears to be a variation of the Petya malware is being called GoldenEye and it is demanding bitcoin ransoms from banks, government agencies and companies in the attacked countries.  The malware appears to exploit the same Microsoft Windows Operating System flaw called EternalBlue which was made public by hackers of the National Security Agency.

This is a problem that should not have happened for many reasons.  The particular Microsoft vulnerability that this ransomware exploits has been patched, but some companies, government agencies and individuals had not yet installed the patches when they had become available recently.  In addition, many of the affected computers were using outdated Windows operating systems, such as Windows XP which are no longer regularly updated with new security patches.  These older unsupported systems should not be used by anyone.  Microsoft has taken the unprecedented step of providing security patches for these unsupported systems now in addition to its already issued security updates for presently supported Microsoft programs.  Here is a link to an important memo from Microsoft with links to free security updates if you are still using one of those older operating systems.

Customer Guidance for WannaCrypt attacks

TIPS

This ransomware attack was primarily launched using phishing emails to lure unsuspecting people into clicking on links or downloading attachments tainted with the GoldenEye ransomware.  As I am constantly reminding you, never click on links or download attachments until you have confirmed that they are legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.

As for protecting yourself specifically from ransomware, you should back up all of your data in at least two different platforms, such as in the Cloud and on a portable hard drive. Companies and agencies which can afford to do this, should also use Whitelisting software which prevents the installation of any unauthorized computer software programs.

I will update you as further developments occur.

Scam of the day – May 3, 2014 – Details of the solution for Internet Explorer flaw

Throughout the news and here on Scamicide there have been warnings for the past week about the extreme danger posed by a recently discovered flaw in the popular web browser, Internet Explorer.  This flaw was not discovered before the flaw had already been exploited by hackers who first found and exploited this vulnerability.  It is thought that the hacking involved with this flaw was primarily used for industrial espionage in order to steal corporate information and secrets, but as the vulnerability became exposed, it was also used by other hackers to steal personal information which was then used to make that person a victim of identity theft.  Now, ahead of schedule Microsoft has issued a security patch to resolve this problem and, most interestingly, although Microsoft had indicated that it would not issue further security updates for the Windows XP operating system after April 8th, Microsoft, in issuing the new security patches included security updates for Windows XP.

TIPS

Many people have their Windows software automatically updated which is the best course of action.  If you do not have your Windows software automatically updated, here is a link as provided by the Department of Homeland Security that you should use to install the necessary security patch to eliminate this particular software vulnerability. https://www.us-cert.gov/ncas/current-activity/2014/05/01/Microsoft-Releases-Security-Update-Internet-Explorer-Use-After-Free

As for Windows XP users, although you got a temporary reprieve, it is unlikely that Microsoft will make such a further exception in issuing future security updates.  I urge you to update your operating system to another system right away.

Scam of the day – April 30, 2014 – Internet Explorer flaw update

Yesterday I warned you about a potentially devastating flaw discovered in Internet Explorer that could enable a hacker to not only take control of your computer, but also gain access to all of the information contained in your computer and use it to access your bank accounts, use your credit cards and make you a victim of identity theft.  The malware required to exploit the vulnerability in Internet Explorer must be downloaded by you either by clicking on a link in an otherwise unobtrusive email that contains the malware or even by going to a website that uses a compromised Adobe Flash file.  Microsoft is not expected to have a security patch developed for a couple of weeks and even that is merely an estimate, but there are some steps that everyone should consider doing to protect themselves from this threat.

TIPS

First and most obvious, you should consider using an alternative web browser such as Mozilla Firefox which does not have the same vulnerability.  You also may wish to download a just released security patch for Adobe Flash.  Here is a link to the security update for Adobe Flash: https://www.us-cert.gov/ncas/current-activity/2014/04/28/Adobe-Releases-Security-Updates-Flash-Player

While you are at it,  you should also install the latest security update for Mozilla Firefox which has just been released by the Department of Homeland Security.  Here is a link to that security update: https://www.us-cert.gov/ncas/current-activity/2014/04/29/Mozilla-Releases-Security-Updates-Firefox-Thunderbird-and-Seamonkey

As always, it is also important to protect yourself from malware by not clicking on links or downloading attachments unless you are absolutely sure that they are legitimate because often malware is imbedded in these links and attachments.

Scam of the day – April 21, 2014 – IRS misses Windows XP deadline

It has been six years since Microsoft informed its customers that it would no longer support the Windows XP operating system, thus giving its users plenty of time to install a newer operating system, such as Windows 7.  Without continuing technical support, the Windows XP operating system will be dramatically vulnerable to hackers exposing flaws in the program to the detriment of stubborn people still using this program.  This is not a matter of Microsoft being greedy.  It is merely a reflection of the fact that Windows XP is too old in terms of computer software and just like after a while it becomes advisable to buy a new car instead of pouring money into repairs for an old car, it is prudent to move to another and better operating system.  It is unfortunate that many banks in the world that use Windows XP to operate ATMs and many government agencies that also use Windows XP failed to act before the April 8, 2014 deadline for Microsoft no longer providing updates.  What many of these companies and the IRS (yes, the IRS) are now doing is paying for short term support of Windows XP until they make the change over to a newer operating system.  The failure to act in a timely manner is  needlessly costing these companies and government agencies large amounts of money.  If they had merely acted in a timely manner, they would not have to be paying for these emergency services.  In a Congressional hearing last week numbers between $500,000 and $30 million dollars were tossed about as the additional cost incurred by the IRS due to their lateness in acting.  This is inexcusable.  Hackers have already been taking advantage of vulnerabilities in Windows XP to steal from ATMs and there is concern in some circles that government agencies such as the IRS may find problems due to their delay in updating their operating systems.

TIPS

Here is a warning to banks and government agencies including the IRS:  Microsoft has indicated that it will no longer do security updates for Windows 7 in January of 2020.  Don’t make the same mistake twice.

What do you think will happen?

Scam of the day – March 29, 2014 – Microsoft warns of danger in .rtf files

Microsoft has issued a warning to people not to open files with the rtf extension due to a vulnerability that Microsoft has just discovered that could enable a hacker to send you an email with an .rtf file attached that if you download will enable the hacker to take control of your computer.  At the moment, although Microsoft has discovered the problem, they do not have a solution so they are advising people not to open such files and to consider disabling the opening of .rtf files.  RTF is an acronym for rich text format files which is a file format Microsoft developed for use with Word software.

TIPS

Microsoft has released a security advisory with more details about this threat and what you can do to reduce the danger. Here is a link to Microsoft’s security advisory about this problem: http://technet.microsoft.com/en-us/security/advisory/2953095.  For now, the best course of action is to totally avoid rtf files.

Scam of the day – March 27, 2014 – ATM hacking danger exposed

As I first reported to you on March 21st’s Scam of the day, on April 8th Microsoft will stop supporting the Windows XP operating system with security updates and patches.  This is very significant because upwards to 95% of ATMs use the Windows XP operating system as do thousands of government websites with which we all do business.  Hackers and identity thieves are constantly working to locate and exploit vulnerabilities in computer software toward their criminal ends.  Unless the banks using  the Windows XP operating system act quickly to upgrade their operating systems to other programs, they will be increasingly vulnerable to hackers and identity thieves.  In fact, as Microsoft issues, as they do each month, new security alerts describing the patches we need to install in order to maintain the security of our systems, what Microsoft will also be doing is informing hackers and identity thieves about similar vulnerabilities that exist in the Windows XP program for which there will be not patches or updates.

A new way to breach the security of ATMs was also disclosed this week by the computer security company Symantec.  Symantec described a new tactic by which ATMs can be hacked into by a hacker who connects a targeted ATM to his or her smartphone through a USB thereby setting up a connection that can be exploited by sending a command via the phone to the ATM to disperse the cash to the hacker.  This problem will only be made worse as security patches cease to be provided in the future for Windows XP.

TIP

Whenever you use an ATM always carefully observe the machine for any evidence of tampering and do not use a machine that does look like it has been tampered with by a skimmer or any other visible alteration.  Also, regularly check your bank account balances for any evidence of fraud so that you can report the matter as soon as possible to your bank in order to protect yourself from losses.  Finally, in regard to the specific issue as to Windows XP and ATMs, ask your bank what operating system they are using and if it is Windows XP, you may wish to find out what ATMs near you do not use this system.

Scam of the day – March 21, 2014 – New hacking threat to ATMs

In terms of computer software, the Windows XP operating system is old, having been first introduced in 2001.  Approximately 95% of the world’s ATMs use this software as their operating system.  The problem is that Microsoft is phasing out this operating system and will not longer be providing security patches and updates for Windows XP after April 8th.  This means that for those banks who have not switched to a new operating system, they will be left vulnerable to the attacks of hackers who will no longer find themselves remedying newly discovered vulnerabilities.   The results could be devastating.  Banks around the world are already planning to switch to new operating systems, but it has been estimated that only a third of banks will make the necessary switch to a new system before the April 8th deadline.  This would leave those banks still running Windows XP using unsupported software which, according to the Department of Homeland Security will result in an “elevated risk to cybersecurity dangers.”

TIPS

As  prudent bank customer, you should ask your bank manager what operating system they are using for their ATMs and if it is Windows XP, what they intend to do about Microsoft no longer providing security updates.  You may wish to consider limiting your ATM use to banks that you know have updated their operating system software.  As always, you should also monitor your bank account’s activities for any fraudulent charges, which may or may not be tied to your use of an ATM.

Scam of the day – June 2, 2012 – Microsoft Certified scam

Recently many people have started receiving telephone calls from a company that identifies itself as “Microsoft Certified.”  Unfortunately, there is no “Microsoft Certified” and the scammers using this name have nothing to do with the legitimate Microsoft company.   The victims are told that they are being contacted because Microsoft Certified has been notified by the victim’s computer that it is infected with a virus.  They then instruct the victim to open a program called Error Log that lists internal errors on Microsoft software using computers.  Inevitably some error messages will come up although generally they are harmless and of no consequence.  They then become victimized in two ways.  First they sell the victim anti-virus software that can be obtained from the real Microsoft at no cost and then they get the victims to download a file that contains keystroke logging malware that enables the scammer to steal all of the information from the victim’s computer.

TIP

You never know who is on the other end of a telephone call.  Microsoft does not call its users in regard to security matters.  If you have any concerns that there may be a legitimate problem, contact Microsoft by telephone or on line at numbers and addresses that you know are legitimate to confirmt that your previous contact was with a scammer.