Scam of the day – October 17, 2017 – New report discloses all wifi networks vulnerable to hacking

Yesterday, a Belgian researcher, Mathy Vanhoef made public his discovery from this past summer that the security protocol used to protect most wifi connections is vulnerable to hacking such that data formerly thought to be encrypted and protected could be hacked and that it was also possible for a cybercriminal to inject ransomware and other malware into websites visited through  compromised wifi connections.  If your device supports wifi, it is most likely affected.

The United States Computer Emergency Readiness team issued a warning yesterday that lists all of the systems affected.  Here is a link to that warning.

http://www.kb.cert.org/vuls/id/228519

As is often the case when discoveries of computer vulnerabilities are made, researchers notify the technology companies first to allow them time to come up with patches.  In this case, the technology companies were notified on August 28th about this problem.  Google has indicated that it expects to have a patch available “in the coming weeks.”  Microsoft has said, “we have released a security update to address this issue.  Customers who apply the update, or have automatic updates enabled, will be protected.”

TIPS

This is one instance where things may not be as bad as they initially appear.  Hackers exploiting the vulnerability would need to be physically close to the attacked device to accomplish an attack and connections to secure websites using HTTPS will still be safe.  Online banking and online shopping websites will generally use https technology which you can confirm by looking at the address line for the letter “s” after the initial http in the website address.  In addition, as I have long advised you, if you are going to use public wifi you should use Virtual Private Network (VPN) which is not affected by this vulnerability.

This discovery also emphasizes the importance of having your security patches and updates installed automatically or as soon as they are available.  I will update you on this situation as new information becomes available.

Scam of the day – October 7, 2017 – Accused Russian hacker to be extradited to the United States

Earlier this week, Spain’s highest court agreed to extradite Peter Levashov who was indicted last April by a federal grand jury on charges of fraud, identity theft and conspiracy.  Levashov who formerly served in the Russian army and also had  worked for Russian President Vladimir Putin’s United Russia Party is accused of operating a massive botnet of thousands of infected computers that he would rent out to other criminals to send computer viruses and malware.

A botnet is a network of computers that have been infected with malware that enables criminals to surreptitiously use these computers to send out all manner of malware including ransomware.  People whose computers become part of a botnet often unwittingly download the malware necessary to make their computer part of the botnet by clicking on a link in an infected phishing email.

TIPS

Many people are a part of botnets without even knowing it.  If you use Windows 10 you can find out if you are a part of a botnet by opening the Task Manager and see what programs are using your network.  If there is something you don’t recognize, you may be a part of a botnet.

Of course, the best course of action is to avoid ever becoming part of a botnet and the best way to do that is to avoid clicking on any links in any emails unless you have absolutely confirmed that the email is legitimate.  In addition, installing security software and keeping it up to date with the latest security patches is also a good practice and if your router is more than ten years old, it may not be providing sufficient protection from botnets.  Updating old routers can help avoid becoming a part of a botnet.

Scam of the day – October 1, 2017 – Secure bank message phishing scam

According to a recent report by the security company, Barracuda, scammers are emailing what appear to be secure messages from your bank that require you to download what appear to be important secure documents, but in truth are malware programs such as ransomware.  The messages appear to come from different banks such as Bank of America or, in the case of the email message copied below, TD Bank.

In many instances, the people being targeted by these emails may be people using the private bank services of many banks reserved for wealthier customers, who may be more susceptible to downloading the attachments under the false impression that they are secure.

TIPS

You can never be sure when you receive an email who is really sending it.  These particular phishing emails are quite sophisticated with real looking logos (which are easy to counterfeit) legitimate appearing email addresses that appear to be sending the emails and the message is well written with proper grammar.  But as I always warn you, “trust me, you can’t trust anyone.”  Along with making sure that you have installed the most updated version of your security software, you should never click on a link or download an attachment until you have independently confirmed that the message sending it is legitimate.  In this case, a simple phone call to your bank would let you know that this is a scam.

Scam of the day – August 25, 2017 – New scam targeting tax professionals

There is a reason scam artists are the only criminals we refer to as artists. They can be incredibly good at what they do.  Unfortunately, what they do is try to con us and steal our money and identities.

This is a time of the year when many tax professionals are receiving updates of their tax preparation software from their software providers. Knowing this,  scammers are targeting CPAs and other tax professionals with phishing emails that appear to come from the tax professional’s software provider with the subject line indicating “Software Support Update.”  In these emails, the scammers tell their intended victims that they need to revalidate their login credentials.  The scammers provide a link to a phony website that looks like the software provider’s webpage, but is a fake.  If the tax professional falls for this scam and provides his or her login information, the scammers will use this information to access the victim’s account and get at their client’s confidential  information which can then be used for purposes of identity theft.

TIPS

While the email address from which the email is sent may in some circumstances look legitimate, upon close observation you will see that it is not really from your software provider and in some instances, the email will be sent from a botnet of hacked computers such that the email address sending the email is that of an individual totally unrelated to the software company.  In addition, no tax preparation software providers insert links in emails for their clients to validate passwords.  In addition, you should never click on any link unless you have absolutely verified that it is legitimate.  The risk of all kinds of malware including ransomware is too great.  If you are a tax professional and you receive such an email and think that it might be legitimate, you should contact your software provider by email or phone to confirm that this was a scam.

Scam of the day – July 17, 2017 – WWE data breach puts millions at risk of identity theft

The World Wrestling Entertainment (WWE) formerly known as the World Wrestling Federation (WWF) until it lost an intellectual property dispute with the World Wide Fund For Nature (WWF), is the popular company that promotes professional wrestling around the globe.  Recently it was disclosed that databases filled with personal information of users of its website were stored in an unprotected server making them accessible to anyone who came upon them.

The good news is that the compromised information did not include credit card information or passwords, which would have posed a tremendous threat of identity theft to the people whose information was stored in the unprotected servers.  However the bad news is that the type of information that was compromised included names, email addresses, ages and other information that could be used to formulate spear phishing emails that could be used to attack the victims of the data breach.

Spear phishing occurs when you receive an email or a text message intended to lure you into clicking on a malware infected link that can be used for purposes of identity theft, ransomware or other sinister purposes. What distinguishes spear phishing from mere phishing is that with spear phishing, the communications to you have been specifically tailored with personal information to trick you into trusting it.

TIPS

One lesson from this data breach is to remember that you are only as secure as the places that have your personal information with the weakest security.  Therefore limit the places to which you provide your personal information as best you can.  In addition, there is no law that requires you to provide accurate and truthful information when going to a website asking for your age or other personal information so you can make up information to provide in order to gain access to a particular website.

Another important lesson is to always be skeptical of any email or text message that you receive that asks you to click on a link.  You can never be sure it is legitimate so never click on a link until you have confirmed that the communication is legitimate.

Finally, remember to keep all of your electronic devices updated with the latest security software recognizing that even the newest updates will not protect you from new zero day defects that have not been seen previously.

Scam of the day – July 14, 2017 – Verizon suffers massive data breach

It was recently disclosed that Verizon had suffered a data breach affecting anywhere from six to fourteen million of its customers.  Included in the compromised information were the names, addresses, email addresses and PINs of Verizon customers who had called Verizon customer support during the past six months.

The data breach occurred when Nice Systems, a third party vendor that handles customer service for Verizon stored the information in a misconfigured cloud storage area that allowed anyone to access it.

The most sensitive of the compromised information are the PINs.  Access to a PIN could allow a hacker to gain access to the Verizon customer’s account.  Additionally, many people use the same PIN for many accounts, which means that their other accounts are also in jeopardy.

TIPS

If you called Verizon customer support during the past six months you should immediately change your PIN and if you use the same PIN for other accounts, you should change those PINs, as well.  Additionally, if you do use the same PIN for multiple accounts, now would be a good time to make all of your PINs unique.

In addition, you should be wary of emails that appear to come from Verizon asking for personal information or requesting that you click on links because the information compromised in the data breach could be used by a hacker to fashion spear phishing emails that attempt to lure you into providing information or clicking on links that can lead to your becoming a victim of identity theft or ransomware extortion.

Scam of the day – June 29, 2017 – Latest security updates from the Department of Homeland Security

As shown by the recent massive WannaCry  and Petya ransomware attacks that took advantage of computer users that had not patched their Windows operating system with available updates, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates for Adobe software including Adobe Flash.

I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-177

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.

Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Breaking news story – June 27, 2017 – Much of the world hit by another massive ransomware attack.

According to the old saying, “fool me once, shame on you, fool me twice, shame on me.”  Reports are rapidly surfacing of another massive ransomware attack involving, Russia, Ukraine, Spain, France, India and the UK similar to the attack of only a few weeks ago that used the WannaCry malware.  The new malware, which appears to be a variation of the Petya malware is being called GoldenEye and it is demanding bitcoin ransoms from banks, government agencies and companies in the attacked countries.  The malware appears to exploit the same Microsoft Windows Operating System flaw called EternalBlue which was made public by hackers of the National Security Agency.

This is a problem that should not have happened for many reasons.  The particular Microsoft vulnerability that this ransomware exploits has been patched, but some companies, government agencies and individuals had not yet installed the patches when they had become available recently.  In addition, many of the affected computers were using outdated Windows operating systems, such as Windows XP which are no longer regularly updated with new security patches.  These older unsupported systems should not be used by anyone.  Microsoft has taken the unprecedented step of providing security patches for these unsupported systems now in addition to its already issued security updates for presently supported Microsoft programs.  Here is a link to an important memo from Microsoft with links to free security updates if you are still using one of those older operating systems.

Customer Guidance for WannaCrypt attacks

TIPS

This ransomware attack was primarily launched using phishing emails to lure unsuspecting people into clicking on links or downloading attachments tainted with the GoldenEye ransomware.  As I am constantly reminding you, never click on links or download attachments until you have confirmed that they are legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.

As for protecting yourself specifically from ransomware, you should back up all of your data in at least two different platforms, such as in the Cloud and on a portable hard drive. Companies and agencies which can afford to do this, should also use Whitelisting software which prevents the installation of any unauthorized computer software programs.

I will update you as further developments occur.

Scam of the day – June 26, 2017 – Despite receiving ransom, hackers leaked “Orange is the New Black”

I first reported to you in May first’s Scam of the day of the hacking of Larson Studios by the hacking group thedarkoverlord, which demanded a ransom or else they threatened to release the latest season of the Netflix series “Orange is the New Black.”  Larson Studios is a post-production company that works on many Hollywood movies and television shows. Now in an interview with Variety Magazine, Larson Studio’s Vice President, Jill Larson is saying that Larson Studios paid the demanded 50 Bitcoin ransom, but that thedarkoverlord released the fifth season of “Orange is the New Black” regardless, indicating that it did so because Larson Studios had violated their agreement by contacting the FBI.

Thedarkoverlord has performed a number of other ransomware attacks including one in which it hacked a small Indiana charity from which it demanded a ransomware of 50 bitcoins that the charity refused to pay and consequently had its data destroyed.

TIPS

This story points out the fact that even if you pay a ransom, there are no guarantee that the cybercriminals will honor their bargain.   A recent study done by Spiceworks found that of small to medium businesses who paid a ransom after being hacked with ransomware, 45% did not get their data restored.

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Ransomware continues to be a growing threat to individuals, large and small companies as well as government agencies, all of which have been targeted by ransomware.  Ransomware malware is readily available for unsophisticated cybercriminals to purchase on the Dark Web. While in the past, the typical manner in which it has been used was to encrypt the data of the target and refuse to release the data back to the victim unless a ransom was paid, the scam has evolved to also include threats of making stolen data public as was done in this instance.

Some older strains of ransomware can be defeated through software that can recover data encrypted by older ransomware programs.  In 2016 through the efforts of international law enforcement organizations and private security companies, the website No More Ransom was launched on which victims of ransomware can go to get decryption tools for many strains of ransomware for free.  Thousands of people have utilized this tool to decrypt their files after a cyber attack  without having to pay a ransom.  Unfortunately, however, there are some newer forms of ransomware for which there are no known decrypting tools developed yet.

Scam of the day – June 15, 2017 – Microsoft issues new security patches for outdated operating systems

The huge ransomware attack using WannaCry malware that exploited vulnerabilities in the outdated Windows XP operating system prompted Microsoft to take the unprecedented step of issuing security patches to address this issue even though one of the primary reason for its movement to newer operating systems was due to the fact that it was no longer manageable to attempt to continually patch these flawed programs. In another unusual move, Microsoft has just issued new security updates for Windows XP, Windows Vista and other no longer supported operating systems on an emergency basis because of new warnings of a risk of another similar attack.  These new security updates can be downloaded for free.

TIPS

According to the old adage (is there any other kind?), fool me once, shame on you.  Fool me twice, shame on me.  No one should still be operating the older, unsupported Windows operating systems, such as Windows XP. Update your operating system as soon as possible to the newer supported versions of the Windows operating system.  Hackers and cybercriminals are constantly exploiting software vulnerabilities.  Failing to update your software when security updates and patches become available is extremely dangerous.

If, however, you are still using one of the older Windows operating systems, you can go to this link to find the latest security updates which you can download for free https://portal.msrc.microsoft.com/en-us/