Scam of the day – December 31, 2016 – President takes action against Russian hackers

In the last Scam of the day for 2016 it is appropriate that we discuss the issue of Russian hacking of American organizations that occurred in 2015 and 2016 that were intended to influence the Presidential election.  Two days ago, President Obama ordered sanctions against Russia including the ejection of 35 Russians spies that the administration said were posing as diplomats and specific actions against three organizations that it said supported the hacking operations.  The possibility of further covert actions against Russia was also hinted at.

A day prior to the President’s announced sanctions, the Department of Homeland Security and the FBI issued a joint analysis report entitled “Grizzly Steppe – Russian Malicious Cyber Activity” in which it provided details about the hackings.  Here is a link to the report.

https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf

TIPS

Although the report contains important information about Russian hacking of American institutions, the report also provides a long list of specific steps that institutions and individuals can take to avoid being a victim of cybercrime.

Here are just a few of the things that all of us as individuals should consider.

  1. Backup all important information offline.
  2. Be on the alert for spear phishing. The report emphasizes, as I have warned you about for years, that the primary cause of hacking is people clicking on links in spear phishing emails that download malware.  Use both anti-phishing security software as well as your own brain to refrain from clicking on links in emails unless you have absolutely confirmed that they are legitimate.
  3. Use strong firewalls with whitelisting configurations by which only approved applications will be allowed to be downloaded on to your computers.  This is much better than blacklisting because it protects you from threats about which you know nothing.
  4. Limit the personal information you provide on social media.
  5. Use dual factor authentication whenever possible.

Scam of the day – November 4, 2016 – Security flaws exploited by Russian hackers

Earlier this week it was disclosed that an older version of Microsoft’s Windows software along with the much exploited Adobe Flash software had been exploited by Russian hackers to attack computer systems to gain access to information.  The group that had done these recent hacks appears to be the same Russian hackers responsible for hacking the Democratic National Committee earlier this year.  Adobe has already issued a security update to patch the vulnerability.  A link to the security update can be found in yesterday’s Scam of the day.  Microsoft has said that it will have a security patch available on November 8th.  As soon as it is available, I will let you know here at Scamicide.  Users of Windows 10, the latest version of Windows and the Microsoft’s Edge browser are protected from the attack.

Once again, the malware necessary to spread these computer hacks was spread, as so often is the case, by spear phishing emails luring unsuspecting victims into clicking on links that downloaded the malware.

TIPS

The best thing you can do to help protect yourself from being hacked is to never click on links in emails or text messages from anyone until you have absolutely verified that the messages and the links are legitimate.  Trust me, you can’t trust anyone.

It is also important to update your security software on all of your electronic devices as soon as security updates become available.  Hackers constantly exploit vulnerabilities in software for which there already exist security patches, but which have not been installed by consumers.

Scam of the day – October 25, 2016 – Russian hacker indicted

Last week a Russian hacker, Yevegeniy Aleksandrovich Nikulin was arrested in the Czech Republic twelve hours after an International Criminal Police Organization (Interpol)  Red Notice was issued notifying law enforcement officials that Nikulin who operates with impunity inside Russia was vacationing with his girl friend in Prague.  A Red Notice is akin to an international arrest warrant.  Nikulin was under indictment in California for hacking into LinkedIn, Dropbox and another company, Formspring.  Through hacking into these companies, Nikulin was able to steal personal information on more than 167 million people.  Nikulin’s arrest came just two days after the Obama administration stated that it was the Russian government that had stolen emails from the Democratic National Committee and others in the United States.  The Russian government has demanded that Nikulin be returned to Russia.  A Czech judge has ordered Nikulin to remain in custody until an extradition hearing.

TIPS

Nikulin is the second Russian hacker arrested when he has left the safe confines of Russian on vacation.  In 2014, Roman Valerevich Seleznev was arrested in Guam and extradited to the United States where he was convicted of hacking into the cash register systems of American companies.  Zeleznev was convicted on 38 counts last summer and is awaiting sentencing.  In the wake of increased Russian hacking and cybercrimes being perpetrated against the American government, American companies and individuals, the Obama administration has indicated that it will be responding accordingly.  Meanwhile an American vigilante hacker who goes by the name of “The Jester” hacked into the website of the Russian Foreign Affairs ministry and posted a threat that if Russia did  not cease cybercrimes against the United States, he would hack Russian targets.

Scam of the day – July 16, 2016 – Google warning Gmail users about foreign hackers

State sponsored hacking from countries such as China, North Korea and Russia pose a threat to everyone, but Google, which has for years been monitoring hacking attempts by foreign governments, is notifying Gmail customers when Google has reason to believe that their Gmail accounts are being targeted.  If Google finds that you have been targeted you will receive the following message that takes up your entire screen warning you of the danger and urging you to use the more security dual factor authentication.  In its warning, Google indicates that less than 0.1% of all Gmail accounts are targeted, however, it is important to note that this percentage translates into more than a million people who are in jeopardy.

Screen Shot 2016-04-01 at 3.52.40 PM

TIPS

As I have suggested many times, whenever you have the opportunity to use dual factor authentication, it is a wise choice to make because even if someone manages to steal your password or even trick you into providing it, as was the case with Jennifer Lawrence when she was convinced by a phishing email to provide her password to a cybercriminal who used it to access nude photos of her that she stored in the cloud, the hacker will not be able to access your email or other account because a special code provided to you through your cell phone is required whenever you wish to gain access to your account.

Finally, as I so often say, even paranoids have enemies so I urge you to err on the side of caution if you receive this type of notice and not necessarily trust it.  It could be a phishing communication from a cybercriminal luring you into clicking on a link which will either get you to provide personal information that can be used to make you a victim of identity theft or will download keystroke logging malware or ransomware.  The best course of action would be to merely go to Google directly from your browser without clicking on the link contained in the notification.  Here is a link you can trust that will take you to instructions for enabling dual factor authentication for Gmail  https://support.google.com/accounts/answer/185839?hl=en

Scam of the day – July 1, 2015 – Critical Adobe Flash update

Adobe Flash software is a highly used video software program so it should be of little surprise that it is highly scrutinized for vulnerabilities by hackers who exploit these vulnerabilities to gain access to their targets computers.  Unpatched vulnerabilities in Adobe Flash software were exploited by Russian hackers who hacked into the White House and State Department computer systems.  Recently, the security firm FireEye found attempts to attack aerospace, defense, construction, technology and telecom companies by exploiting a flaw in Adobe Flash uncovered by FireEye.  FireEye promptly notified Adobe which promptly created a patch for the problem.  A link to the patch can be found below.

The problem is that hackers are now distributing kits on black market websites that enable other hackers to exploit this vulnerability on computers that have not been updated and all too often individuals and companies fail to update their software in a timely basis.  Already this flaw is being exploited by hackers as a way of getting victims to download Ransomware on to their computers.  As I have written about many times before, Ransomware encrypts and locks your computer data.  The hacker then threatens to destroy the data unless a ransom is paid immediately.

TIPS

Businesses, government agencies and individual computer users must make it a priority to install the latest security patches and updates as soon as they become available.  Time after time, companies, government agencies and individual computer users have become victims of devastating computer hacks that they could have easily avoided had they promptly updated their software with the latest security patches and updates as soon as they became available.  Don’t make this mistake.  Here at Scamicide we regularly provide you the links to the latest security patches.

Here is the link to the latest Adobe Flash security update:  https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

Scam of the day – December 29, 2014 – South Korean nuclear power plant hacked

Recently it was disclosed that a nuclear power plant in South Korea had been hacked.  The hackers were able to obtain blueprints, floor maps and other information about the nuclear power plant.  The hackers then went to Twitter using an account called “president of anti-nuclear reactor group” and did four postings in which they released some of the information stolen.  The hackers threatened to go public with more information unless the power plant was shut down.  Korea Hydro and Nuclear Power Co. (KHNP), the owner of the plant has stated that although they suffered a data breach, the information stolen was not of a critical nature.  KHNP further emphasized that the computers that control the power plant’s nuclear reactors are not linked to any external networks and therefore are not and were not in danger of being hacked.

Although this hacking may well, in fact, be benign, it also is a reminder that the American electrical grid and nuclear power plants as well as those in other countries around the world are quite susceptible to hacking that could have a devastating effect.  Both private industry and the United States government have been slow to take effective steps to make the power grid and nuclear power plants less vulnerable to a cyberattack.  In fact, it recently came to light that much of the American power grid and nuclear power plants have been hacked since 2011 by Russian hackers who implanted malware known as BlackEnergy and Sandworm in the computers of these industries.

TIPS

The hacking into American energy plants including nuclear power plants by Russian hackers has been interpreted by some as a return to the cold war policy of Mutually Assured Destruction (MAD) by which the Russians and Americans would be deterred from attacking each other because of the knowledge that the other major power would be able to respond in an equally devastating manner.  Whether this is an accurate assessment of today’s situation, it is of little solace when considering the ability of terrorist groups or even ransom seeking criminals who might have the means to commit cybercrimes.  Hopefully, the hacking of the South Korean nuclear power plant will serve as a wakeup call to governments and private industry around the world to take the steps necessary to increase the security of their important infrastructure.

Scam of the day – September 17, 2014 – JP Morgan data breach update

In August I first told you about the hacking of banking giant J.P. Morgan and as many as four other banks.   Investigators believe the hacking was the work of sophisticated hackers from Eastern Europe.  Some are theorizing that the hacking was sponsored by the Russian government.  Much sensitive data was compromised and stolen as a result of the hacking although to date none of the million customer accounts compromised have suffered any loss or fraudulent activity.  Investigators are now saying that the breach was limited to names, addresses and phone numbers.  The initial investigation appears to be focusing on the exploitation of computer programs used by a J.P. Morgan employee to work from a remote location.  This type of exploitation of remote desktop software such as Microsoft’s Remote Desktop, Apple’s Remote Desktop, Chrome’s Remote Desktop, Splashtop, Pulseway and LogMein that enable the convenience of logging into a company’s computers from an off site location has proven to be a major security flaw that has been continually exploited in company after company for quite a while going back to Target’s hacking last year to the recent UPS hacking.  I have warned people about this flaw for sometime and the FBI has warned American businesses to watch for this.

TIPS

Banks are a frequent target of cyberattacks and American banks have generally done a good job in recent years in protecting data, however, as this latest hacking shows, more needs to be done, particularly in regard to the particular type of malware used in this attack which may be or be similar to the “Backoff” malware I have been warning about.  As for we as consumers, there is little we can do other than to carefully monitor all of our accounts, only use credit cards rather than debit cards for retail purchases and limit the amount of personal information you provide to any company or governmental agency with which you do business.  This will not be the last major hacking exploiting this flaw to occur.

Scam of the day – September 14, 2014 – Gmail passwords being sold on the blackmarket

Reports have surfaced that hackers have made available approximately five million Gmail passwords along with associated Gmail addresses on black market websites used by identity thieves.  This may be related to the recent disclosure of the greatest data theft in history which I reported to you about on August 7th in which a Russian gang stole 1.2 billion user names and passwords along with 500 million email addresses.  If you are a user of Gmail, this news can appear to be extremely threatening, but the truth is not quite so bad.  In fact, the passwords in many instances have turned out to be passwords for other accounts of the Gmail account holders and that these passwords were obtained, not from hacking Gmail, but by hacking other accounts.  As a result of their investigation, Google has determined that less than 2% were working Gmail passwords.  Google has already acted to secure those affected accounts and contacting those people affected and advised them to change their passwords.  In response to this situation, Google has set up a new service called Account Checkup by which you can check to see if someone has logged on to your account.

TIPS

The good news is that if you have a Gmail account, it is unlikely that your Gmail password has been compromised, however the bad news is that some other password of yours has been compromised and you are in danger of identity theft.  The important thing for everyone is to have separate complex passwords for all of your accounts and to change them on a regular basis, such as every six months.  For more information about how to create complex, but easy to remember passwords, I suggest that you pick up a copy of my new book, “Identity Theft Alert.”  On the right side of this page is a link to the book on Amazon.  Where possible, you should also consider two-factor authentication for additional protection.

Scam of the day – August 29, 2014 – J.P. Morgan and other banks hacked

The FBI is investigating an apparent hacking of banking giant J.P. Morgan and as many as four other banks by what initially appears to be sophisticated hackers from Eastern Europe.  Some are theorizing that the hacking was sponsored by the Russian government in retaliation for sanctions brought against Russia in the wake of its actions in relation to Ukraine.  Much sensitive data was compromised and stolen as a result of the hacking.  The initial investigation appears to be focusing on the exploitation of computer programs used by a J.P. Morgan employee to work from a remote location.  This type of exploitation of remote desktop software such as Microsoft’s Remote Desktop, Apple’s Remote Desktop, Chrome’s Remote Desktop, Splashtop, Pulseway and LogMein that enable the convenience of logging into a company’s computers from an off site location has proven to be a major security flaw that has been continually exploited in company after company for quite a while going back to Target’s hacking last year to the recent UPS hacking.  I have warned people about this flaw for sometime and the FBI has warned American businesses to watch for this.

TIPS

Banks are a frequent target of cyberattacks and American banks have generally done a good job in recent years in protecting data, however, as this latest hacking shows, more needs to be done, particularly in regard to the particular type of malware used in this attack which may be or be similar to the “Backoff” malware I have been warning about.  As for we as consumers, there is little we can do other than to carefully monitor all of our accounts, only use credit cards rather than debit cards for retail purchases and limit the amount of personal information you provide to any company or governmental agency with which you do business.  This will not be the last major hacking exploiting this flaw to occur.

Scam of the day – August 14, 2014 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  That is why we provide links to the necessary patches and updates as provided by the Department of Homeland Security and the companies directly.  Today’s updates provide critical security updates that will help protect against the SQL attack used by the Russian hackers recently to steal data on more than a billion people.

TIPS

Here is the link to the latest security updates as issued by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB14-223