Scam of the day – Mary 25, 2017 – Latest security updates from the Department of Homeland Security

As was made abundantly clear by the recent massive ransomware attack that focused on a vulnerability in the Microsoft Windows operating system for which Microsoft had already issued a security update, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  This has been a particular busy week for security updates.  These new updates from the Department of Homeland Security includes critical updates for Google Android systems and numerous Apple products.

TIPS

Here is a  link to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-142-0

https://www.us-cert.gov/ncas/current-activity/2017/05/15/Apple-Releases-Security-Updates

Scam of the day – May 21, 2017 – HSBC text scam

British based HSBC is the world’s sixth largest bank and has branches around the world.  Recently scammers have been randomly sending out text messages, such as the one reproduced below in order to scare people into clicking on the link in order to verify their account and avoid a threatened suspension of the account.  If you click on the link it will take you to a phony HSBC website that looks legitimate, but is merely a scam to lure you into providing your username and password for your HSBC account (if you have one) which the scammer will use to steal money from your account.  If you receive this text message and don’t have an account with HSBC, you know immediately it is a scam, but it can look frighteningly legitimate if you have an account with HSBC.

HSBC banking scam text (Image: loveMONEY_

TIPS

This message can be particularly problematic if you are an HSBC customer and have signed up to receive text message alerts from the bank. However, whenever you receive a text message you can never be sure who is really sending it to you, so you should never click on links in such text messages which may either download ransomware malware on to your phone or keystroke logging malware that can lead to your becoming a victim of identity theft.  In other instances, such as with this particular text message scam, you are in danger of providing your personal information directly to the scammer that can be used to access your accounts.  The best course of action when you receive such a text message if you have a concern that it may be legitimate is to merely independently contact your bank to determine whether or not the text message was a scam.

May 19, 2017 – Steve Weisman’s latest column for the Saturday Evening Post on ransomware

Ransomware is of increasing concern to everyone in the wake of last week’s massive ransomware attack.  Here is a link to my column from the Saturday Evening Post that tells you exactly what you can do to protect yourself from this threat.

Con Watch: 6 Steps to Protect Yourself from Ransomware

May 18, 2017 – Article from Spiceworks.com regarding the WannaCry ransomware attack

Here is a link to an article from Spiceworks.com in which I am quoted about the recent WannaCry ransomware attack.

https://community.spiceworks.com/topic/1995850-experts-stolen-nsa-exploit-behind-wannacry-is-the-first-of-many?source=navbar-community-notifications

Scam of the day – May 17, 2017 – Pirates held for ransom

Although the headline may seem a little odd, what it is referring to is another data breach at a major Hollywood movie studio, in this case Disney, where the latest sequel in the successful Pirates of the Caribbean movie series has apparently been stolen through a data breach and the hacker is demanding a ransom which Disney is refusing to pay.  If the ransom is not paid, the hacker has indicated he will release the movie online in advance of the Theatrical release date of May 26th.

This latest incident comes on the heels of the hacker known as thedarkoverlord,  posting nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file a few weeks ago as I reported to you on Scamicide at the time.  This type of extortion can only be expected to grow as hackers attack the weakest links in movie and television program development.

TIPS

If the movie is posted online I strongly urge you not to download it.  In addition to the morality and ethics of not participating and encouraging this type of crime, you also run the risk of downloading various types of malware including ransomware and keystroke logging malware that can lead to your becoming a victim of identity theft if you go to these rogue websites.

May 13, 2017 – Urgent update about massive ransomware attack

Yesterday a massive ransomware attack targeted computers in seventy-four countries including the United States, the United Kingdom, Russia, China, Spain, France and India.   The strain of ransomware used is called WannaCrypt and it was developed to take advantage of a Microsoft Windows Operating System flaw called EternalBlue which was made public by hackers of the National Security Agency.   This ransomware is available in 28 languages.

This is a problem that should not have happened for many reasons.  The particular Microsoft vulnerability that this ransomware exploits has been patched, but some companies, government agencies and individuals had not yet installed the patches when they had become available recently.  In addition, many of the affected computers were using outdated Windows operating systems, such as Windows XP which are no longer regularly updated with new security patches.  These older unsupported systems should not be used by anyone.  Microsoft has taken the unprecedented step of providing security patches for these unsupported systems now in addition to its already issued security updates for presently supported Microsoft programs.  Here is a link to an important memo from Microsoft with links to free security updates if you are still using one of those older operating systems.

Customer Guidance for WannaCrypt attacks

TIPS

This ransomware attack was primarily launched using phishing emails to lure unsuspecting people into clicking on links or downloading attachments tainted with the Wannacrypt ransomware.  As I am constantly reminding you, never click on links or download attachments until you have confirmed that they are legitimate.

You also should update all of your electronic devices with the latest security updates and patches as soon as they become available, preferably automatically.

As for protecting yourself specifically from ransomware, you should back up all of your data in at least two different platforms, such as in the Cloud and on a portable hard drive. Companies and agencies which can afford to do this, should also use Whitelisting software which prevents the installation of any unauthorized computer software programs.

Unfortunately, this is not going to be the last time that you learn about this type of story.

Scam of the day – May 6, 2017 – Google Docs phishing scam

A phishing email is presently being sent to unsuspecting victims that urges you to click on a Google Docs link.  A copy of one version of the email is reproduced below. Clicking on the link will turn over your Gmail account to the scammer which not only will give the hacker access to all of your emails, but also your contact list which will enable the hacker to contact your friends with emails that appear to come from you and will be used to lure your trusting friends into clicking on links that can download keystroke logging malware that can lead to identity theft or ransomware.

TIPS

Never click on links or download attachments regardless of from where they may appear to originate unless you have verified that the email is legitimate.  In addition, even people who fell for this scam, would be safe if they used dual factor authentication for their Gmail account which would prevent someone who had your password from accessing your account.  With dual factor authentication, when you go to access your account a special code is sent to your cell phone if the request to access your account comes from a different computer or device that you generally use.  You can sign up for Google’s dual factor authentication by clicking on this link:  https://www.google.com/landing/2step/

Scam of the day – May 5, 2017 – 10 Concerts I’ve been to Facebook scam

Facebook is very popular with the general public and anything popular with the general public becomes a popular platform for scammers.  I have written about many Facebook scams over the years, but the latest one is particularly dangerous because it appears so innocuous.  It comes up on your Facebook page under the headline “10 Concerts, but there is one act that I haven’t seen live.  Which is it?”  While this may appear harmless, the information you provide may tell more about you than the person who appears to be posting it.  It may provide information about your approximate age and preferences in music which can then be used by a scammer to send you a phishing email tailored to appeal to your particular interests that you may trust and click on a link contained in the email that contains either keystroke logging malware that can be used to steal your identity or ransomware.

TIPS

We all tend to put too much personal information on social media that can be exploited by scammers and identity thieves to our detriment.  However, if you, as many people do, find this game and other similar games to be fun to play, you may want to just adjust your privacy setting to “friends only” so that you limit who gets to see your answers.

Scam of the day – May 3, 2017 – New USAA phishing scam

USAA is the insurer of millions of members of the military as well as many veterans so it is no surprise that it is the basis for a new phishing email presently being circulated.  As with so many phishing emails, this one tells you  that you need to click on links in the email in order to resolve security issues.  The truth is that if you click on the link or provide personal information, you will become a victim of identity theft as the criminal will use the information you provide to make you a victim of identity theft.  Alternatively, merely by clicking on the link provided in the email, you may download keystroke logging malware that will enable the identity thief to steal all of the information in your computer, laptop or other device and use that information to make you a victim of identity theft.   In another scenario, clicking on the link will download dangerous ransomware.

Here is a copy of the new phishing email that is presently circulating.  DO NOT CLICK ON THE LINKS.  As phishing emails go, the graphics are pretty impressive, however there are grammatical errors including the word “has” being used instead of “have”.  It also  should be noted that the email is directed to “Dear Customer” rather than your name and no account number is provided.  These are further indications that this is a scam.  Finally, this email was sent by an email address that had nothing to do with USAA, but was undoubtedly part of a botnet of computers using email addresses of hacked email accounts to send out the phishing email.

 

TIPS

Frankly, whenever you get an email, you can never be sure who is really sending it to you.  Obviously if you receive this email and you do not have an account with USAA, you know it is a scam, however, if you receive something like this that appears to come from a company with which you do business, you should still not click on any links contained in the email unless you have independently confirmed with the company that the email is legitimate.  Remember, even paranoids have enemies.

Scam of the day – May 1, 2017 – Hackers leak “Orange is the New Black”episodes and more

After Netflix refused to pay a ransom to a hacker known as thedarkoverlord, the hacker posted nine episodes of the popular Netflix original series, “Orange is the New Black on a publicly available file sharing website on Saturday.  The hacker had already posted the season 5 opening episode on Friday as an indication he was serious in his threat.

The stolen episodes were obtained through hacking of Larson Studios, a post production digital mixing company that worked on “Orange is the New Black.”  This is just the latest example of a trend of hackers going after bigger targets through vulnerable companies working with the bigger company.  The 2013 massive data breach of retailer Target was achieved through accessing Target by initially hacking an HVAC company that worked with Target and had access to Target computers to monitor heating and air conditioning systems at Target stores.

Thedarkoverlord has performed a number of other ransomware attacks including one in which it hacked a small Indiana charity from which it demanded a ransomware of 50 bitcoins that the charity refused to pay and had its data destroyed.

This story is far from over with thedarkoverlord already claiming to have stolen unreleased shows of ABC, Fox, National Geographic and IFC.

TIPS

Ransomware continues to be a growing threat to individuals, large and small companies as well as government agencies, all of which have been targeted by ransomware.  Ransomware malware is readily available for unsophisticated cybercriminals to purchase on the Dark Web.  While in the past, the typical manner in which it has been used was to encrypt the data of the target and refuse to release the data back to the victim unless a ransom was paid, the scam has evolved to also include threats of making stolen data public as was done in this instance.

Some older strains of ransomware can be defeated through software that can recover data encrypted by older ransomware programs.  In 2016 through the efforts of international law enforcement organizations and private security companies, the website No More Ransom was launched on which victims of ransomware can go to get decryption tools for many strains of ransomware for free.  Thousands of people have utilized this tool to decrypt their files after a cyber attack  without having to pay a ransom.  Unfortunately, however, there are some newer forms of ransomware for which there are no known decrypting tools developed yet.

The key to not becoming a victim of a ransomware attack is to prevent it in the first place.  Generally, the malware is installed unwittingly by victims when they are lured through phishing and spear phishing emails to click on links infected with the malware.  Never click on links in emails or text messages regardless of how legitimate they may appear until you have verified that it is legitimate.  You should also install anti-phishing software.

It is also important to not only have anti-malware software installed on all of your electronic devices, but to make sure that you update the security software with the latest security patches and updates.  Many victims of ransomware have fallen victim to strains of ransomware for which there are already security software available to thwart it.   Finally, always back up your computer’s data daily, preferably in two different ways in order to protect your data in the event you do become a victim of ransomware.

Finally, it is important to note that a recent study done by Spiceworks found that of small to medium businesses who paid a ransom after being hacked, 45% did not get their data restored.  Apparently there is no honor among some thieves.