Scam of the day – April 16, 2016 – Apple ends support for QuickTime for Windows

I am always advising you to update the software that you use with the latest security patches and updates because cybercriminals exploit newly discovered vulnerabilities in the software programs that we all use to deliver malware such as ransomware and keystroke logging malware that can steal the information from your computer and use it to make you a victim of identity theft.  Too often, criminals are successful in using malware against which there are already issued security patches, but that many people fail to install in a timely fashion.  It is for this reason that I am constantly providing you with the latest security updates as issued by the Department of Homeland Security.

However, sometimes when it becomes just too difficult to plug the holes in particular software, the software maker will abandon the particular software and not issue any further updates.  This was the case with the Windows XP operating system.  Continuing to use that system puts you in significant danger of being hacked.  Now, Apple has announced that it will no longer produce security updates for its QuickTime media player which handles video, audio and interactive content.  This is a major announcement and if Apple is abandoning QuickTime, so should you.

TIPS

The risk of continued use of QuickTime is too great.  Not only should you cease to use it, you should also uninstall it.  Here is a link to Apple’s instructions for uninstalling QuickTime.  https://support.apple.com/en-us/HT205771

Here also is a link to the announcement by the Department of Homeland Security about Apple ending its support for QuickTime for Windows.  https://www.us-cert.gov/ncas/alerts/TA16-105A

Also, in keeping with my advice to update your computer software programs with the latest patches as soon as they become available, here are links from the Department of Homeland Security to important updates for  Microsoft software and Google Chrome.

https://www.us-cert.gov/ncas/current-activity/2016/04/12/Microsoft-Releases-April-2016-Security-Bulletin

https://www.us-cert.gov/ncas/current-activity/2016/04/13/Google-Releases-Security-Update-Chrome

Scam of the day – July 6, 2015 – Windows 10 update scams

The new Windows 10 operating system is coming.  It is scheduled to start being released on July 29th.  However, if you are a user of Windows 7 or Windows 8.1 you are eligible to receive the new Windows 10 operating system for free.  Microsoft is letting these customers reserve the new operating system now.  Microsoft is notifying customers through a new icon on your taskbar or a popup message as indicated in the screen photo below.  Clicking on the message will take you to a page where you can sign up by merely providing your email address.  Once Windows 10 is available Microsoft will then download it to your computer. Over the years Microsoft has issued new operating systems after years of patches and updates of the previous operating systems.  When it became too cumbersome and difficult to patch the old operating systems, new ones were released.  Unfortunately, many individuals and companies still use the old operating systems, such as Windows XP although they were warned for years that new security update would no longer be issued after a specific date.  People and companies continuing to use the old operating systems, particularly Windows XP have become easy targets for hackers exploiting the vulnerabilities of the older operating systems.

W10_Laptop_AUX_Build_16x9_en-US_070115-01

TIPS

The release of Windows 10 will be exploited by scammers and identity thieves.  In particular you may receive emails or text messages with links or downloads that purport to be of Windows 10.  Don’t trust them.  Microsoft is not contacting people by emails or text messages regarding Windows 10.  Any email or text message, regardless of how legitimate it may look, that purports to be from Microsoft asking you to download an attachment or click on a link to install your Windows 10 is a scam.  If you click on those links or download those attachments all you will succeed in doing is downloading keystroke logging malware that will steal the information from your computer and use it to make you a victim of identity theft.  Microsoft will  also not be calling you on the phone to install Windows 10 either, so if you get a telephone call in which the caller represents that he or she is from tech support at Microsoft to help you download Windows 10, just hang up.  The call is from an identity thief only seeking to get access to your computer and its data.

Scam of the day – May 18, 2014 – New ATM threats

As long as there have been banks, there have been bank robbers because, quite simply, as one famous bank robber once said, “because that is where the money is.”  It should therefore come as no surprise that many thieves have focused much of their attention on ATMs where they have physically installed devices called “skimmers” to steal the information contained on the ATM cards when inserted.  Other types of skimmers are often fit over the keypads to steal the PINs.  However, although this manner of theft is still quite effective, the use of higher tech methods for gaining access to ATMs is gaining favor with even more sophisticated thieves who have obtained jobs with companies that do technical support for the ATMs and through this access manage to install malware that will transmit card and PIN data electronically to the thieves.   Other thieves are using standard phishing tactics to trick bank employees into downloading malware on to their computers that in turn provide access to the computer systems that control the ATMs. Recently this has enabled thieves to increase the limit on ATM withdrawals thereby enabling the thieves to get more money from the ATMs.  With many banks still using the flawed Windows XP software this problem will be multiplying.

TIPS

So what can you do to protect yourself?  The first line of defense is to always check the particular ATM you are using for evidence of tampering such as loose fitting pieces in the slot where you insert your card.  This could be evidence of the installation of a skimmer.  However, the best thing you can do is probably to regularly monitor your account balance online so that if you become a victim of identity theft due to an identity thief getting access to your account through an ATM, you can limit the damage and report it to the bank immediately.  It is not very comforting to know that no matter how careful you are, banks with less that appropriate ATM security put you in jeopardy, but that, unfortunately, is a fact of modern life.

Scam of the day – May 3, 2014 – Details of the solution for Internet Explorer flaw

Throughout the news and here on Scamicide there have been warnings for the past week about the extreme danger posed by a recently discovered flaw in the popular web browser, Internet Explorer.  This flaw was not discovered before the flaw had already been exploited by hackers who first found and exploited this vulnerability.  It is thought that the hacking involved with this flaw was primarily used for industrial espionage in order to steal corporate information and secrets, but as the vulnerability became exposed, it was also used by other hackers to steal personal information which was then used to make that person a victim of identity theft.  Now, ahead of schedule Microsoft has issued a security patch to resolve this problem and, most interestingly, although Microsoft had indicated that it would not issue further security updates for the Windows XP operating system after April 8th, Microsoft, in issuing the new security patches included security updates for Windows XP.

TIPS

Many people have their Windows software automatically updated which is the best course of action.  If you do not have your Windows software automatically updated, here is a link as provided by the Department of Homeland Security that you should use to install the necessary security patch to eliminate this particular software vulnerability. https://www.us-cert.gov/ncas/current-activity/2014/05/01/Microsoft-Releases-Security-Update-Internet-Explorer-Use-After-Free

As for Windows XP users, although you got a temporary reprieve, it is unlikely that Microsoft will make such a further exception in issuing future security updates.  I urge you to update your operating system to another system right away.

Scam of the day – April 29, 2014 – Danger in Internet Explorer

Internet Explorer is one of the most popular web browsers.  Yesterday Microsoft, the maker of Internet Explorer announced that they had discovered a major flaw in the security of this program that is already being exploited by hackers.  Hackers are already taking advantage of this flaw to take over computers using Internet Explorer, steal information from their victims and take total control of the infected computer.  The danger of this flaw cannot be overstated.  Microsoft is working on a security patch for this problem, but does not have one presently.  This problem is made worse for those people still using Windows XP because since April 8th, Microsoft is no longer providing updated security patches for that operating system so when a security patch is developed, it will not be effective for computers still using Windows XP.

TIPS

Those of you still using Windows XP should update your operating system as soon as possible.  Everyone else should use other browsers such as Firefox until a security patch is provided by Microsoft.  You also may wish to use the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to take protective steps although this will not protect you fully.  You also should consider disabling your Adobe Flash plugin if you have one because this is used by hackers in their attacks.  You also should remember that for a hacker to install the malware on your computer or other electronic device to exploit this vulnerability, you need to have clicked on a tainted link or downloaded a tainted attachment.  Therefore, as always you should avoid clicking on links or downloading attachments unless you are absolutely sure that they are legitimate.

Here is the link to the announcement of the Department of Homeland Security regarding this matter, which also contains a link to the Microsoft Enhanced Mitigation Experience Toolkit.  https://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

Scam of the day – April 11, 2014 – Windows XP support scams

Scammers and identity thieves are quite adept at taking advantage of whatever concern people may have at any particular time and, as you are aware, the announcement by Microsoft that it would no longer be issuing security updates for the Microsoft XP operating system has left many consumers concerned about what they should be doing if they are still using that system on their computers, laptops or tablets.  Scammers and identity thieves have been taking advantage of this situation by starting to contact people by phone claiming that they are a part of Windows Helpdesk, Windows Service Center, Microsoft Tech Support or any of a number of different entities and that they can help by providing updates remotely or by directing them to websites where they can sign up for help.  All of these offers are phony.  Neither Microsoft nor any other entity connected to Microsoft is making unsolicited calls to consumers.  Allowing the caller to get remote access to your computer will only result in the identity thief getting access to the personal information contained in your computer which will be used to make you a victim of identity theft.  When you are directed to websites, in other variations of the scam you are prompted to provide your credit card which will be used to steal from you or you will be prompted to provide personal information that will be used to make you a victim of identity theft.

TIPS

Remember, anyone who makes an unsolicited call to you offering to help you with your Microsoft XP is not connected with Microsoft or any related company.  As always, you can never be sure of who is calling you whenever you receive a phone call even if your Caller ID indicates it is a legitimate caller.  Caller ID can be manipulated by scammers through a technique called spoofing.  The best thing you can do is to consider upgrading to another operating system.  Windows XP is outdated and continued use of it will make you vulnerable to various hacking scams.  You can go directly to Microsoft at www.microsoft.com to learn what other options may be available to you.

Scam of the day – April 9, 2014 – Follow up on ATM danger

Yesterday Microsoft officially ended technical support for its Windows XP program, which is still used by 95% of the world’s ATMs.  Many people are justifiably concerned about the security of the ATMs that they use and if it is safe to still use them or are they in serious jeopardy of having their accounts hacked.  Although April 8th was the day that Microsoft indicated that it would no longer issue technical updates to the Windows XP operating system, some ATMs work on a variation of the Windows XP operating system called Windows Embedded.  Security updates for Windows Embedded will continue to be issued until January 12, 2016.  In addition, some major banks have made private arrangements for security updates from Microsoft for Windows XP.  JPMorgan, for instance has made private arrangements with Microsoft for updates for another year.  However, the basic fact is that Microsoft is stopping further updates of Microsoft XP because it is an outdated system and the cost of constantly patching it does not make sense.  Anyone using Windows XP whether commercially or privately should update to another operating system as soon as possible.

TIPS

Ask your bank what it is doing about the Windows XP operating system and if they tell you that they are still able to use it in the short run, ask them what their intentions are in the long run because security patches are not a solution to the vulnerabilities that have already been identified in the Windows XP operating system.   If your account is hacked due to a flaw in the Microsoft XP operating system running an ATM that you use, you will not be responsible for any funds lost if you notify the bank right away and it is a good idea to monitor your account online every few days to make sure that it is secure. If you use Windows XP on your home devices, you too are at risk and should update your operating system to another system as soon as possible.

Scam of the day – March 21, 2014 – New hacking threat to ATMs

In terms of computer software, the Windows XP operating system is old, having been first introduced in 2001.  Approximately 95% of the world’s ATMs use this software as their operating system.  The problem is that Microsoft is phasing out this operating system and will not longer be providing security patches and updates for Windows XP after April 8th.  This means that for those banks who have not switched to a new operating system, they will be left vulnerable to the attacks of hackers who will no longer find themselves remedying newly discovered vulnerabilities.   The results could be devastating.  Banks around the world are already planning to switch to new operating systems, but it has been estimated that only a third of banks will make the necessary switch to a new system before the April 8th deadline.  This would leave those banks still running Windows XP using unsupported software which, according to the Department of Homeland Security will result in an “elevated risk to cybersecurity dangers.”

TIPS

As  prudent bank customer, you should ask your bank manager what operating system they are using for their ATMs and if it is Windows XP, what they intend to do about Microsoft no longer providing security updates.  You may wish to consider limiting your ATM use to banks that you know have updated their operating system software.  As always, you should also monitor your bank account’s activities for any fraudulent charges, which may or may not be tied to your use of an ATM.

Scam of the day – December 1, 2013 – Important Microsoft security alert

Identity thieves and scammers constantly are exposing vulnerabilities in the software programs that we use for their criminal purposes, which is why it is critical that you update your software programs as soon as possible when security patches and updates become available.  Recently Microsoft issued a security advisory in which the company indicated that it had discovered a serious vulnerability in the Windows XP and Windows Server 2003, two of the older Windows software programs.  At the moment Microsoft has not developed a sufficient update or patch to remedy this problem, however, Microsoft does recommend a Workaround, which is a setting or configuration change that will not remedy the vulnerability, but will block attacks until a patch can be developed.

TIPS

The full Microsoft Security Advisory including instructions as to how to construct a Workaround that will block attacks attempting to take advantage of the identified vulnerability in the affected software programs can be found by clicking on the following link and going to the Microsoft Security Advisory.  If you use either of these programs, it is critical that you take this preventive action.

https://www.us-cert.gov/ncas/current-activity/2013/11/28/Microsoft-Releases-Security-Advisory-Microsoft-Windows-Kernel