‘Tis The Season… For Scams

2015 Holiday Scams

Thanksgiving, Black Friday, Cyber Monday . . . the time is ripe for scam artists to target the unsuspecting shopper.
Shared from IDShield. Learn more about legal and identity protection here.

“Secret” (Illegal) Gifting Scam

ScamThe “secret sisters” gift exchange is popping up on social media. You’ve probably seen friends looking for others to participate in the Secret Sister Gift Exchange in your news feed. Invitees are told to send a $10 gift to the next person on the list and invite 6 friends to join. This is a scam. Participating violates the Postal Lottery Statute.

According to Snopes.com, the messages first appeared on Facebook, Pinterest and other sites in early October. The posts explained every participant would receive 36 gifts if they sent one gift valued at $10 or more.

Chip Card Scam

Not all debit & credit card issuers have sent new EMV chip cards to their customers yet. Knowing this, scammers are telling people that they must provide personal data or money to obtain a new card. This is not true.

Fake Shipping Notes

Scammers send a fake e-mail that claims a package was sent by you or is to be delivered to you. The purpose: to try to collect personal data or download a virus. Delete it without responding.

Fake E-Commerce Websites

Fraudulent websites are common. So, finding a fabulous offer from a website with which you are not familiar could be a red flag. Remember . . . “If it seems too good to be true, it probably is.”

Shared from IDShield. Learn more about legal and identity protection here.

Advertisements

Windows Power Worm Ransomware Fail

If you are unfortunate enough to get hit by the Windows Power Worm Ransomware, do not pay the ransom. Not because they will decrypt your files if you do pay, but because they can’t decrypt your files!

As it turns out, Power Worm has a software bug! It was badly coded, and do to this bug, it locks your data away forever.

2015-11-12_12-33-58It infects Microsoft Word and Excel files, and the latest version of its update goes after many more files it finds on the machine.

If you get this worm just restore from your backup. You do have a backup, right?

Read more about Windows Power Worm Ransomware

here.

New Windows Security Tool from Safer-Networking Ltd!

2015-11-12_12-12-55From a company that those of use in the IT security industry know well, Spybot Search and Destroy. This is for Windows 10 users concerned about the new monitoring features built into Windows 10, and of course we’ve heard that MS intends to port these features back to Windows 7 and 8.

Anyway, they have developed a new utility, Spybot Anti-Beacon. This is a standalone tool which was designed to block and stop the various tracking (telemetry) features (aka: issues) present in Windows 10. They have since modified it to block similar tracking functionality in the Windows 7Windows 8 and Windows 8.1 operating systems. I interested, you can check it out here…

https://www.safer-networking.org/spybot-anti-beacon/

Security Maintenance Tip of the Week!

Tip:

Log into your Twitter and Facebook accounts on your computer and look through the apps you have granted access to over the years. Do you still use all of them? If not, revoke access! Here’s how to do it…

Twitter
Log into Twitter.com from your computer.

1. Click your profile image in the top right of the page.

2. Choose “Settings” from the list.

GetToSettings

3. Click “Apps” from the list on the left of the page.

Apps

Facebook
Log into Facebook.com from your computer.

1. Click on Privacy lock icon in the top right of the page.

2. Choose the “See More Settings” link from the bottom of the list.
FacebookSettings

3. Click “Apps” from the list on the left of the page.
FacebookApps

These are all of the apps that have access to your Twitter or Facebook account that you have granted access to over the years. Chances are, there will be plenty that no longer need access, likely from old devices you may no longer have or use.

Why bother, you ask? Here is how this works. The more Apps that have access to your Twitter/Facebook accounts provides a bad person with more opportunities to find one that has a vulnerability the will allow them to take over your account. Removing the apps that you don’t need reduces this attack surface. It is the little things that bite us.

In my opinion, Twitter/Facebook should add an expiration date so you have to revisit these settings every once in a while.

Happy Hunting!

CryptoWall 4.0! Watch out folks, she’s back for another round!

CryptoWall 4.0 released with new features such as Encrypted File Names.
See “What is CryptoWall” at the end of this post.

CryptoWall 4.0 has been released that displays a redesigned ransom note, new file names, and now encrypts a file’s name along with its data.

Ransom Note Image

Ransom Note

For those who may have become infected by this variant, you can visit the dedicated CryptoWall 4.0: Help_Your_Files Ransomware Support Topic to discuss the infection or receive support on it.

The most significant change in CryptoWall 4.0 is that it now also encrypts the file names of the encrypted files.  Each file will have its name changed to a unique encrypted name like 27p9k967z.x1nep or 9242on6c.6la9. The file names are probably encrypted to make it more difficult to know what files need to be recovered and to make it more frustrating for the victim.

encrypted-files

Folder containing Encrypted Files

Below are two examples of the emails:

SPAMemail1

SPAMemail2

If you receive one of the emails, the link follows a specific pattern: [unrelated compromised website]/abuse_report.php?[your domain name].  The domain names are not important.  You can always get the malware by substituting any string of characters for the domain name in the URL (assuming no one has fixed the compromised website yet).

URL

Shown above: Substituted a string of “X”s for the domain name in a URL from one of the emails.

Final Words

If you receive one of these emails, and you download the file, you should see plenty of warnings the file is not safe.  In a company environment, properly-administered Windows hosts should prevent people from running the malware.

Warning1

Warning2

Warning3

In my personal opinion, this mal-spam isn’t a serious threat if you are aware that it is out there.  So why do criminals run these campaigns?  Apparently, enough of their emails get through, people still fall for the allure of clicking links and opening random email attachments, and their Windows computers are configured so they can run it.

I recommend that you keep your antivirus solution always on and UP-TO DATE! It can be used as an additional layer of protection for you systems.

If you have a bad habit of clicking/opening random links and attachments, Bitdefender Labs has developed a vaccine that allows users to immunize their computers and block any file encryption attempts, even if they become infected with CryptoWall, one of the most powerful clones of the Cryptolocker malware.

As usual, I have NOT tested this software for effectiveness. So use at YOUR OWN RISK.

Bitdefender advises customers to run a fully dedicated Internet Security solution such as those provided by Bitdefender to protect against all threats. The CryptoWall Immunizer is only effective in protecting systems that may get infected with versions one and two of the Cryptowall ransomware at this point in time.

What is CryptoWall?

Cryptolocker and its public-private key encryption mechanism has become a huge financial success for its creators. Its high turnaround prompted other cyber-criminal entities to write copycats that use much more sophisticated spreading and encryption algorithms. Some of the most notorious families of ransomware now wreaking havoc include CryptoWall, Citroni and TorLocker. Android users were also massively targeted by ransomware throughout 2014.

PayPal Overpayment Scams That Target Craigslist Sellers

“My hope is that when people become familiar with the tactics employed by scammers, they will be less likely to get ripped off. With this in mind, I’d like to describe my recent interactions with miscreants who target sellers on Craigslist. Perhaps the details I’ve gathered about the scammers operation will help curtail such activities. This encounter, which involved SMS messages, emails and a click, is a variation of a PayPal-themed over-payment scam that has been quite prolific in the recent years.”

Find more detail here.

notification-of-instant-payment2

Notification of instant payment

Chrome To Begin Pausing Flash Ads By Default, Starting 10/1

http://techcrunch.com/2015/08/28/chrome-will-begin-pausing-flash-ads-by-default-starting-in-september/

Google: New setting to save power by pausing plugin content

With the Beta release of Chrome 42, we’ve launched a new setting that automatically pauses plugin content that’s peripheral to the main page. This can help you save precious battery power and CPU cycles. But don’t worry, the primary plugin content on pages (games, videos, etc.) should still run just fine.

To adjust these settings, in the Chrome Browser Address bar type,

chrome://settings/content

  • Scroll to Plugins; here is what each option does:
    • Run all plugin content (used to be recommended)
    • Detect and run important plugin content
      • Chrome will automatically run the main plug-in content on websites, but not run peripheral plug-in content.
    • Let me choose when to run plugin content
      • Chrome will prevent any plug-ins from running automatically, but you can run specific plug-ins by right-clicking on them and choosing “Run this plug-in.”
  • Use the “Manage Exceptions” button to for individual options