Have you been Cryptojacked?

Cybercriminals aren’t just looking to steal your company’s data, they are also eager to steal the use of your computers for other nefarious purposes. So today, I want to tell you about Cryptojacking, how it works, and the steps you can take to keep your organization’s devices safe.

Cryptojacking is when malware on a computer steals a device’s memory, processing power, and electricity to make money for someone else – all without your knowing it’s happening.

Cryptojacking is an outgrowth of the rising popularity of cryptocurrencies. Cybercriminals typically stage a cryptojacking attack by infecting websites that generate a lot of online traffic. When an online user accesses an infected website on a desktop or notebook, malicious code embedded in the website then infects the user’s device. This type of attack isn’t designed to steal your private data, but to harness the power of your computer’s CPU. It’s malware that accesses your computer for the sole purpose of mining cryptocurrency.

After the currency is mined, it is then electronically transferred to the cybercriminal and remains untraced. Several difference cryptocurrencies such as Bitcoin, Ethereum, and Litecoin may be mined this way. And while none of these crypocurrencies are illegal, mining them without permission is.

Over 2,500 websites have already been accused of capturing its visitors’ CPU power to harvest cryptocurrency instead of displaying ads.

So how can you prevent cryptojacking?

  1. Always use a good antivirus and antimalware software on every computer in your organization
  2. Make sure that you are updating all your computers, firewalls, and network devices regularly. Most types of malware infect computers by exploiting known vulnerabilities that haven’t been patched.
  3. Never install software of apps that you don’t trust.
  4. Don’t click on links without knowing where they lead
  5. Always be careful when visiting unfamiliar sites
  6. Use a reputable adblocker. Many of these will block mining code and specifically look for cryptojacking malware
  7. Check your CPU usage periodically. A resource monitor will allow you to check and see if CPU usages is abnormally high. In Windows it’s the Task Manager and on a Mac is the Activity Monitor. If you close all your apps but still see CPU usage running very high, you may have a problem.
  8. If you ever notice generally poor performance or after clicking a link you hear your computer’s fans speed up, you may have a cryptojacking infection.

If you need a hand with cybersecurity at your company, contact us and we’ll be glad to assist you.

Everyone stay safe out there!

3 Tips for Fighting Hackers

Rather than just sitting back and waiting for cybercriminals to come after you, there are preemptive steps you can implement right now to strengthen your personal IT security. Here are 3 simple tips.

Address your Mobile Security. This one is easy. You can call your cellular provider and ask them to maximize the security on your account. And add a pin and password to your device if you haven’t done so already.

Passwords. Don’t keep passwords in a spreadsheet or text file on your computer. Use a 3rd party password manager like KeePass – it’s free and easy to use.

Back it up. While not so much preventative in fighting off a breach or a hacked account, having a reliable and secure backup can really save you in the event your data is compromised. With a good backup, a compromise or breach is turned from a major disaster into a minor inconvenience. And it’s inexpensive – a service like our SecureCloud Backup covers up to 250GB of data for just $20/month.

If your organization is looking for assistance with cybersecurity, the experts at MicroData would be glad to talk with you. Contact us today.

Everyone stay safe out there!

Email Quarantine Scam

Be on the lookout for a new and more sophisticated phishing scam that has some clever hooks to catch your users. Here are the details.

You receive an email nicely formatted and with color and good grammar. It addresses you with a user name – typically the first part of your email address – and tells you that yourdomain.com has ‘prevented the delivery of “x” new emails to your inbox…’. Here’s what it looks like:

But if you hover your mouse over the ‘View Emails’ button without clicking, you see that the actual destination is a ‘zombie’ server that’s hosting malicious code to infect your system.

Remind your users to Stop and Think before they click! And consider some formal Security Awareness Training for your end users such as included with all MicroData Managed Service Plans.

Everyone stay safe out there!

New Google Spoof Attack Hitting Hard

We’ve recently seen a large quantity of spoofed messages, supposedly from Google. If an unsuspecting user clicks on any link in the message they are taken to a malware-laced website which will try and install malicious code on the user’s system. Here’s what you should look for.

The fake email messages all involve Google services in one form or another, include a Google logo, and tell the recipient that some sort of action is required or something bad will happen. Here’s an example:

Clicking on any link anywhere in the message will take the user to a fake ‘Google’ page which will try to induce the user to enter credentials and also will attempt to exploit unpatched vulnerabilities on the workstation and install malware.

Remind your users to stop and think before they click.

And remember the best way to equip your users to resist these types of attacks is get Security Awareness Training. All MicroData Managed Service Plans now include SA Training at no additional cost and standalone Security Awareness Training is available, too. Contact us for more information.

Everyone stay safe out there!

Phishing Campaign abuses Google Translate

A circulating email phishing campaign uses the online translation tool Google Translate to obscure a link included in phishing emails. When victims access the link, they are led to a fake domain: a spoofed login page for Google or Facebook whose URL is obscured in their browser’s address bar. Enter your credentials and BOOM – the bad guys own you. This technique appears to bypass in-browser security notifications.

Using Google Translate as means to hide malicious action is a unique tactic, but this campaign doesn’t appear to be a ‘professional’ attack. Rather it appears to be a widespread and untargeted campaign. But still, because it’s new make sure you alert your users to be on the lookout.

And if you’re not sure that your users are prepared to recognize these types of attacks, contact us to learn more about end-user security awareness training. For a very small investment, you can train everyone in your organization to spot these types of threats.

Everyone stay safe out there!

Tech Support Scams: What They Are and How to Stay Safe

The Bad Guys are Looking for You!

Cybercriminals are very determined and with a wide range of tools at their disposal, they are always coming up with new ways to try and rob you and your company’s identities and hard-earned cash. And tech support scams are an increasingly popular way for them to do this. In 2017, Microsoft Customer Support received over 150,000 reports from customers around the world who encountered this type of scam. So if you’re unsure of what these scams are or how they work, this blog entry will give you all the info you need to stay safe.

There are a couple of different types of tech support scams but two common elements. Typically there is an online and/or phone call scam. With either the scammers pretend to be technical support for a major reputable corporation like Microsoft or an ISP. They try to trick you into believing there is something wrong with your computer so that you agree to either give them a credit card to pay and ‘fix it’, or you give them remove access to your computer where they then install malware to steal your data or turn your computer into a zombie.

Here are the two main ways these scams can begin:


An online scam generally starts when you visit a malicious website. Sometimes this happens by mistake or sometimes by clicking a link in a bogus email message.

After reaching the site you might suddenly be confronted with pop-ups saying your computer is infected with malware or malfunctioning. Often your screen will be blocked with warning messages you can’t move and these message will have a ‘tech support’ phone number you are asked to call to take care of the problem. Calling this number puts you in touch with the scammers in scenario #2.


You can get a telephone call at any time from a fake ‘tech support’ worker. They typically try and confuse you with tech jargon and create a sense of urgency that your data is in jepordy unless you ‘act immediately’. Typically you are asked to download a special ‘tool’ to permit them remote access to your machine after which they’ll report your computer is infected with malware and that there will be a fee to remove it. In some variations you’ll be told you need to purchase a security tool to remove the problem and then ‘keep your computer safe.’

If you fall for either one of these tactics you’ll not only lose some initial amount of money, but you’ll be exposed to further fraud with the credit card you used. And if the bad guys steal enough data from your computer, they may get your social security number or bank account numbers and then you’ll likely be dealing with identity fraud.

Staying Safe

So how do you stay safe? Follow these rules:

  • If you receive an unsolicited call from someone claiming to be Microsoft, Apple, Verizon, or someone similar, just hang up. Microsoft makes clear that that they will never call you in an unsolicited manner and most other vendors are the same. If you’re concerned that there might be a legitimate issue, go to the company’s website, locate a general contact phone number and give them a call. Once you’re talking to a human they will be able to quickly tell you if there is an issue they need to talk with you about.
  • Keep your computer, network devices, servers, and software up to date. The majority or attacks exploit known vulnerabilities that the manufacturers have likely taken care of via updates and patches.
  • Be extra cautious in clicking on links in email messages.
  • Only download software from legitimate vendor websites/app stores
  • Make sure you have quality antivirus/antimalware software installed on your computer. We like both WebRoot and Trend.

And if you’ve been scammed…

  • immediately delete any software you might have downloaded
  • if you can, restore to a previous Restore Point
  • Once you’ve removed and software that was installed, change all your passwords – both on the computer and online
  • Call your bank/credit card company and cancel the card involved. Put in a claim for any money already lost. The credit card company can probably freeze the charge and deny the scammers their ill-gotten gains.
  • Monitor your bank and online accounts for unusual activity
  • Report the scam to Microsoft, Apple, or other providers.

If you’re hit by one of these scams as an individual it’s embarrassing and frustrating but not fatal if you act quickly. But if you are a company and having these types or problems, give us a call for assistance. There are tools and training available that greatly minimize the chances of success with these sorts of scams.

Everyone stay safe out there!

California’s New IoT Password Law. A Nice Try but…

California governor Jerry Brown recently signed a bill into law called the ‘Security of Connected Devices,’ or SB-327. Starting in 2020, the new law requires any California manufacturer of Internet-connected devices to equip every new device with a unique password or have a setup procedure that requires users to change the default password as part of the setup procedure.

The law is an effort to address a geometrically growing problem – customers that simply take their latest Internet-of-Things device, plug it in or connect it to their wifi, and then forget about it leaving default and hard-coded service passwords in place. This is how automated malware like NotPetya and WannaCrypt recently wreaked havoc around the world.

Like many government initiatives, there are good intentions but while the new law may provide some help it unfortunately misses the much larger problem; failure to update software. There are many ways to access an IoT device and a username/password is just one of them.

New security holes are discovered all the time and they usually take advantage of elements of the device whose operation is invisible to users.

It’s hard enough for Apple and Microsoft to get users to update their main computer systems, so imagine the difficulty in getting users to update a smart light bulb socket, a security camera, or a smart refrigerator? Or how about hundreds or thousands of devices in a home or business?

So what’s the takeaway? First, don’t rely on manufacturers to supply perfect products or products that update themselves. In fact, many self-updates create more problems than they fix (hey – some of this stuff is complicated!). And don’t look for a government magic wand to solve the problem. The new California law makes nice press and allows legislators to claim that they ‘did something about the problem,’ but understand that you have to take responsibility for what you connect to your network.

Especially at work, be extra careful. In addition to thinking twice about whether you really need that IoT device, we recommend deploying a system like our Ransomware Guardian that can restrict unknown and rogue IoT devices from functioning on your network.

Everyone stay safe out there!


Running Adware Doctor on Your Mac? Remove it Now

Malwarebytes on Friday noted that this app and several others on the macOS App Store have been spotted siphoning off user data including browsing history (Chrome, Safari, and Firefox), a list of running processes, and a list of all software you’ve downloaded and from where, and sending it to a remote server in China.

What’s extra disturbing is that this app is reported as the 4th highest grossing app in the ‘Paid Utilities’ category in the App Store. And it’s been there for a while. This clearly flies in the face of Apple’s own App Store rules and any reasonable user’s privacy expectations. Apple has removed the app. If it’s on your Mac I’d suggest you do the same.

Thomas Reed, the director of Mac and mobile security at Malwarebytes, also mentions similar behavior at other apps doing similar data harvesting including Open Any Files, Dr. Antivirus, and Dr. Cleaner.

I’d agree with Reed that you should treat the Mac App Store with caution. Just because an app is there doesn’t mean it’s safe.

Everyone stay safe out there!




Less Than Half Paying Ransomware Actually Get Their Data Back

As it turns out, paying the ransom on a ransomware attack is a great way to end up losing both your data and your money.

According to a study by Cyberedge, less than 50% of people hit by a ransomware attack who pay the ransom actually are able to recover their files. Of those who caved to the demand and paid the ransom, 49.4 per cent said they could recover their data, while 50.6 ended up losing it anyway. The not-so-shocking conclusion is that criminals don’t always stay true to their word.

So what’s the takeaway? Further reading of the study confirms what we’ve advised our clients for years; make sure you have good backups regardless of whether you use the Cloud or store data locally. And in the event of a ransomware infection, restore to the last backup.

If you’re not 100% sure of your data backups – whether you have Cloud data, premises data, or a combination – contact us and we’ll be glad to assist you. MicroData offers a full Managed Backup service as well as 1-click rollback restore solutions. You can also learn more on our website.

Everyone stay safe out there!


Meltdown & Spectre Vulnerabilities. What You Need to Know

Meltdown and Spectre are recently discovered hardware design flaws in the main processing chip – the CPU – in most modern computers. It turns out this design flaw has actually been present for years but has only recently been identified. These vulnerabilities affect PCs, Macs, desktops, notebooks, tablets, and even smartphones. And if you’re running applications in the Cloud, Cloud Providers that use Intel CPUs are also affected.

This is a big deal because it affects almost every computer and server on your network – Mac or PC. The design flaw, if exploited by specially crafted software, allows stealing of data that is being processed in your computer’s memory. Normally this couldn’t happen as applications and their data are kept isolated from each other, but this hardware bug breaks that isolation.

So if cyber criminals are able to get malicious software running on your computer either via malware or an infected website, they can gain access to your passwords stored in a password manager or browser, your emails, instant messages, and even business-critical documents.

So what to do?

First, if you are a MicroData Complete CareSelect Care, or Private Cloud  customer, we’ve already implemented a remediation plan and there’s nothing you will need to do. Taking care of Meltdown and Spectre involves  patching and updating all machines on your network and in many cases making modifications to the underlying operating system. These fixes will take some time as some patches won’t be released for several days.

If you’re managing your own security you’ll need to obtain the relevant patches for your operating systems, examine your antivirus software to make sure it will work properly with the patches and modify/update if not, and then apply the updates to all systems.

MicroData has tools that permit company-wide implementation of these patches and required changes, so if you need assistance contact us at 800.924.8167 or at microdata.com.

As always, but particularly until you get these updates applied, be extra vigilant of email links you click on and websites you visit.

Everyone stay safe out there!

Bad Rabbit Ransomware Outbreak. Here’s What You Need to Know

A new strain of Ransomware called Bad Rabbit is spreading around the world. Bad Rabbit spreads via Social Engineering so here’s what to warn your users to look for.

Users receive a pop up in their browsers telling them that an update to Adobe’s Flash Player is available. There are two buttons to click; Install and Remind Later. Both do the same thing – install the malware payload on the system. Bad Rabbit then uses a list of known weak passwords and tries to access all found servers and workstations using common accounts such as Administrator, Guest, root, etc. If it gets a match, the ransomware proceeds to encrypt the files on the computer and then replaces the Master Boot Record – effectively bricking the computer. So recovery forces you to purchase two decryption keys. Price is .05 Bitcoin or about $275.

There are two takeaways. First, train and remind your users to use complex passwords and change them often. Second, have your users undergo Social Engineering security training.

Contact us if you’d like more information or assistance in keeping your network and data secure.

Everyone stay safe out there!



Mac Users, Heads up! Elmedia Player & Folx Infection

Late last week Eltima admitted that their servers had been hacked and their Folx and Elmedia Player DMG applications had been distributed with  the nasty OSX.Proton Malware.

Their advice? If you only performed an update you’re likely OK but if you downloaded the entire application Thursday the 19th, you may have a problem. We recommend anyone with these apps do a scan for the following files/directories:


If any of those exist, your system is likely infected.

Unfortunately, since this malware affects the administrator account, a total system OS reinstall is the only guaranteed way to get rid of the malware.

Proton is a remote-control trojan designed specifically for Mac systems. It opens a backdoor granting root-level command line access to commandeer the computer. It can steal passwords, encryption and VPN keys, and crypto-currencies from infected systems. It can gain access to a victim’s iCloud account, even if two-factor authentication is used. Bad stuff.

If you’re concerned about cybersecurity at your business give us a call today at 800-924-8167


Las Vegas Shooting Scams


Heads-up! It’s sickening, but cyber criminals are already exploiting the Las Vegas shooting. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails being sent out asking for donations to bogus Vegas Charities.

Don’t fall for any scams. If you want to make a donation, you can go to http://www.charitynavigator.org before you consider giving to any charity. This free website will let you know if the charity is legitimate or a scam. It will also tell you how much of what it collects actually goes toward its charitable work and how much it spends on salaries and administration expenses.

Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Las Vegas disaster relief… THINK BEFORE YOU CLICK.

Everyone stay safe out there!


Beware of Bogus ‘Voicemail’ Email Messages

This is an old scam but has been updated to be more dangerous so remind your users to be on the lookout. The old version ‘just’ installed a keylogger but this new version installs ransomware on your system.

You receive an email message from ‘Voicemail Service’ with subject like ‘New voice message from <some number>. There’s a bit of standardized-looking text in the body of the message which tells you that ‘you might want to check it when you get a chance.’

There’s a compressed attachment which if you click on it will play an audio file with embedded code that will encrypt files to [original file name].crypted.

Send a reminder to all your users: Do not click on links in “voice mail” emails from someone you do not know, and certainly do not open any attachments!

And if you have an IT department, in addition to good firewall and endpoint security management, make sure they are stripping compressed attachments from all incoming email messages from whatever email vendor you use.

Everyone stay safe out there!



Hurricane Harvey Charity Scams

Hurricane Harvey was (and still is) a bad one and people in Southern Texas and Southwest Louisiana are experiencing some severe flooding.  Unfortunately, low-life cyber-criminals are already exploiting this disaster. Here’s what to tell your users to watch for.

Links are already appearing on Facebook and Twitter and phishing email messages are hitting mailboxes trying to solicit donations for the flood victims. Most often these links take you to bogus websites that infect your computer with malware or try and get credit card info.

Be very very cautious of anything online looking for your ‘help’ in the coming weeks. If you’d like to assist, go yourself to a relief agency’s website. A couple of suggestions are www.redcross.org or www.salvationarmyusa.org/

Everyone stay safe out there!


Chester Bennington & O.J. Email Scams – Heads Up!

Cyber criminals are already exploiting some recent celebrity news. Warn your users to be on the lookout for a couple of ransomware-loaded email messages that are spreading through the Internet.

The first has a subject line claiming Chester Bennington’s Suicide Note Released (or similar). And the other is O.J. Admits Guilt in Murder of Ron and Nicole. Both messages contain a link which if clicked, activates the payload.

Remind your users to stop and think before they act. And if you don’t already have a security training program in place for your users, why not? The investment is trivial compared to what a ransomware attack can cost your organization. Contact us for more information.

Everyone stay safe out there!


Business Process Compromise

All businesses have unique operational processes they rely upon to handle distinct needs. Even common tasks like shipping are handled differently from company to company. But in general, the larger a business is, the more complex its processes.

Business Process Compromise is a new type of cyber attack that recently has come into focus. It specifically targets unique systems and processes and manipulates them for the attacker’s benefit. And rather than a brash warning such as is received with ransomware, BPC attacks are typically silent and have a goal of stealthily appropriating goods and/or funds over extended periods of time.

Many BPC attacks go unnoticed because employees largely ignore the workings of these processes treating them as almost automatic.

Defending against BPC requires a multi-pronged approach.

  • File Integrity Monitoring should be considered for critical systems
  • Regularly check system operations and compare normal activity from abnormal and possibly malicious actions.
  • Regularly audit long-established processes looking for vulnerabilities as well as proper results from test data
  • Ensure that your organization has implemented cybersecurity measures to protect against identified malware exploits

Everyone stay safe out there!


“Revoke your license” Email Scam

A new scam has appeared where users receive an email claiming they have unpaid traffic tickets which, if not paid or disputed by clicking a link within 48 hours, will cause the individual’s drivers license to be revoked.

Clicking the links provided does one of two things. Either malware gets installed onto the user’s comptuter to track web pages visited, or more serious, the user is taken to a fake RMV website where they are prompted to reveal personal information including names, Social Security numbers, date of birth, and credit card info.

Remind your users to stop and think before responding to unusual email messages. Or even better, consider training your users to recognize and avoid phishing attacks like this. Our partner, KnowBe4, offers a free phishing test you can safely send to your users to learn how prepared they are for these sorts of attacks. Contact us to learn more.


60% of SMBs Go Out of Business After This Happens

A survey just published by The Business Journals has some sobering statistics. Only 28 percent of owners of small and mid sized businesses responded that they are very concerned about ‘the safety and security of their firm’s technology, email and documents.’

What makes that particularly concerning is that it runs directly counter to the potential impact for small companies should they suffer a data breach. The Insights report said 60 percent of U.S. businesses with between 1 and 499 employees that suffer a data breach shut down within six months.

As a business owner or manager, if IT security isn’t one of your highest priorities, change your thinking and get some help. Proper IT security usually isn’t hugely expensive but it does require an understanding of the issues, threats and environment, and then implementing a comprehensive plan.

If you’re not sure where to start MicroData is offering a free, no-obligation IT assessment of your business. You’ll get detailed, specific information about the security of your IT environment along with recommendations for corrective actions. And of course we can handle all aspect of implementing and managing IT security for your business. Click here to learn more.


400,000 Cyber Attacks a Day?

Sun Tzu, the famous 5th century BC Chinese general and philosopher has been credited with the statement ‘know yourself, know your enemy and you shall win a hundred battles without loss.’ This applies to cyber-criminals, too. A critical part of your organization’s defense is understanding the extent and nature of the threat. Here’s an example of what I mean.

We recently installed a server for a client which communicates directly to and from the Internet. While it’s a given that adequate security needs to be in place, many business people don’t realize the extent to which the bad guys will go to gain access to a system like this. Cybercriminals deploy automated systems to silently scan for computers, routers, and other IT-related devices which are connected to the Internet and once found, automatically and continuously attempt to exploit configuration mistakes, default or ‘easy’ passwords, and unpatched vulnerabilities.

After only 1 day, here’s a summary of the individual attempts to hack this single system:

USA (106)
Russian Federation (18)
India (17)
China (14)
France (13)

Note that because of the software we installed, after an attack was attempted 3 times that address was blocked from further access. So the above total of 168 individual attempts in 24 hours – if not stopped by the software we had installed – would have likely been continuous attempts every few seconds by each attacker. This would likely have put the daily total at close to 300,000 – 400,000 attempts.

The takeaway? Don’t underestimate the enemy. They have resources to find your systems, exploit vulnerabilities, and make your life miserable.

Invest in good quality security, keep systems and hardware up to date, and monitor everything.

Everyone stay safe out there!


Fake Windows Update is Actually Ransomware

A new strain of ransomware is making its way around the Internet and what’s so nefarious about this version is that it disguises itself as a Windows update.

What happens is that an attachment in a phishing email, when clicked, actually launches a process that brings up a prompt advising the user that an important Windows update is available. People go along with it thinking that they are doing the right thing by keeping their computer up to date.

The ransomware itself is called “Fantom” and the actual executable that starts the process is “CriticalUpdate01.exe.” Once executed it extracts “WindowsUpdate.exe,” and the screen that displays as it begins to encrypt your files looks very much like the modern blue screen that Windows 8, 8.1 and 10 users are familiar with.

But what’s actually happening is that your files are being encrypted. The next thing you’ll see is a screen telling you all your data has been encrypted:

Fantom ransom screen

At this point your only options will be to restore all data from a backup or pay the ransom.

So what can you do to stay safe? Here are 5 basic steps to take.

  • Remind all your users never to open or click on links in messages they are unsure of
  • Don’t run Windows in Administrative mode
  • Make sure you have a good and up-to-date antivirus/anti-malware product installed
  • Be sure your Windows firewall is working and up to date
  • Don’t run old, out-of-date software. It often contains known vulnerabilities that cyber-criminals exploit

Everyone stay safe out there!


“Your Office 365 statement is ready” Scam – Heads up!

The popular Microsoft Office 365 online service is now being used in a phishing scam to try and steal your personal data and information. Here’s what to look for.

You receive an email that appears to come from the ‘Microsoft Online Services Team’ with a subject of ‘Office 365 billing statement’. The body of the message looks good – there’s an Office 365 logo, no typos or obvious mistakes, and even the Microsoft logo at the bottom of the message. There’s a hyperlink inviting you to ‘Click here to view your statement’. If you do you actually download malware onto your computer.

Advise your users just to delete the message without clicking anything. And remember, with any message about an account you might have somewhere, never access it from a link in a message. Always go to the actual website by entering the address yourself, login, and then review any messages or account details. And if you’re still in doubt, pick up the phone and call the company’s customer service.

Everyone stay safe out there!


RingCentral Spoof – Heads up!

Cybercriminals are now using references to the popular VoIP/efax service RingCentral in an attempt to trick users into taking actions that will infect their computers with malware.

Users receive an email message displaying the sending address ‘RingCentral’, a subject line that contains their name and the text ‘you have a new fax from 314-521-2722’ (or some other number), and the message body telling the user they can view the new fax message ‘on our website.’ Clicking the hyperlink will take the user to a web page that will infect the computer with a Trojan.

Make sure you just delete the message without clicking on any links.

Remind your users to stop and think before they act.

Everyone stay safe out there!



IRS Form 6642 Email Scam

Tell your users to be on the lookout for a new email scam – the subject line is “RE: IRS Form 6642” and the apparent reply address is from a law firm.

The body simply contains Can you print this? and a link labelled “IRS Portal.” Click the link and you download and install malware on your computer that looks for and steals financial account information and passwords.

What makes this scam somewhat different is that it doesn’t threaten or attempt to scare the user to action but instead asks a simple, innocent sounding question.

Just delete the message without clicking on the link or interacting with it in any way. And remind your users to stop and think before acting.


Still Using IE 7, 8, 9 or 10? Time to Upgrade

Microsoft released its monthly set of patches and updates this Tuesday and of particular note is the fact that over half of the ‘critical’ fixes (those related to security) are not being released for Internet Explorer 7, 8, 9 or 10.

So what this means is that if you’re an Internet Explorer user this is a really good time to upgrade your browser if you’re still using one of those older versions. How do you check? Open up a browser window and pull down the ‘Help’ menu and choose ‘About Internet Explorer’.

If you find you need to upgrade Internet Explorer visit Microsoft’s Download Center for the free update.


Beware New Tech Support Scam

Here’s a new one you should alert your users to be on the lookout for. Over the last few years we’ve all become accustomed to receiving legitimate email alerts from providers such as Google, Yahoo, and Facebook when there was the possibility of a security risk such as a logon to your account from an unknown computer.

While cybercriminals have copied these emails in the past hoping to lure users into clicking on links taking them to infected sites, there’s now a new twist. Now the fake security email includes an 800 phone number that you’re told you need to call.

If you do you’ll either get to talk to a real cybercriminal – usually with a foreign accent – or you’ll bounce around voicemail for a while. But with either, you eventually end up being told that there’s something wrong with your computer and that they’ll fix it for you but need a credit card.

Remind your users to stop and think.

Everyone stay safe out there!


Pokemon Go Ransomware

My wife and I were out on the back roads this past weekend and saw a man with what was clearly his 6 year old daughter stopped beside the road. When we saw him holding up his iPad for the little girl we turned to each other and said ‘Pokemon Go!’

It was cute, but like every popular trend cybercriminals have found a way to use it to try and extort money from you. In this scam, you receive an email with a Pokemon Go game icon as an attachment. If you click on the attachment it installs two pieces of malware that encrypt your files and then demands (in an arabic text file it leaves on your desktop) that you respond to an email address to receive instructions for paying a ransom to decrypt your files.

We haven’t seen any confirmation as to whether or not it will encrypt network files across a LAN or VPN connection but you should assume it will. Yet another good reason not to mix personal computing with work resources!

So spread the word that if anyone receives an email messages that’s Pokemon Go related, they should just delete it.

Everyone stay safe out there!


Why Ransomware Pays

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

If you’d like to learn more, download our Executive Report: Ransomware Prevention Checklist for Your Organization or give us a call at 978.921.0990

Everyone stay safe out there!



Mac Users Beware ‘Easy Doc Converter’

Cybercriminals are increasingly targeting Mac users and the latest is a backdoor malware app which has been identified as ‘Eleanor’ by Bitdefender. This malware installs a backdoor that gives the bad guys almost complete access to the infected machine including all data and control of the built-in webcam.

Mac’s running OS X 10.6 or later can be affected – that’s would be circa 2007 or later.

This malware installs itself disguised as a fake file converter called ‘Easy Doc Converter’ and available on MacUpdate although not at the Mac App Store according to Apple.

Apple says they’ll be releasing an update to Xprotect to block the app but they haven’t detailed how they will patch the underlying vulnerability that permits Eleanor to do its mischief (execution of a script registered to system startup that allows an anonymous attack of the system). But in the meantime if you’ve already installed this app, the free Malwarebytes scanner has already been updated to remove it.

Everyone stay safe out there!


eBay Scam: Alert Your Users

With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.

The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.


Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.

Everyone stay safe out there!


Android Phishing Trojan Cleans Out Your Bank Account

From our friends at KnowBe4 comes an alert about a really nasty piece of malware which goes after Android phone users and targeted smartphone banking apps.

It works by inserting a fake login screen over the actual login screen in the app. When you log in you’ve actually just given the cyber criminals full access to your account and they promptly transfer all funds to an overseas account.

Android devices get infected by either installing an app outside of the Google Play Store (called a sideload), or by downloading a ‘Required Flash Update’ needed to view video – usually at an adult site.

So for your smartphone – iPhone or Android – follow these tips:

  1. Don’t sideload
  2. Don’t click on text messages you don’t recognize or expect
  3. Keep your device updated – both the OS and apps you use
  4. Don’t surf adult and inappropriate sites. Risk of infection is very high

If you’re concerned about malware and ransomware threats at your business or organization, check out our FREE download: Ransomware Prevention Checklist for Your Business

Everyone stay safe out there!


Why Using that Old Version of Office Puts You at Risk

I was born in Maine and had parents that clearly remembered the effects of the Great Depression. They weren’t yet born during the actual Depression but growing up, their parents who had lived through it, taught them valuable life lessons from those difficult years. And I got many of the same lessons although as the next generation, less poignantly. One central concept was Yankee-thrift, a big part of which means you don’t waste things and you don’t throw stuff away that could be re-purposed or re-used. Good advice – in most cases.

The problem is that this belief can get you into trouble with information technology. For example, we have many organizations we’ve worked with that use older versions of Microsoft Office. I’ve repeatedly heard over the years, “it works just fine and does what I need it to.” The problem is that it does some things you really don’t want it to do.

One of the biggest problems is the file format. Have you noticed how newer versions of Word save files with a .docx extension rather than the older .doc? There are many improvements that Microsoft built into the new file format, but one huge area of improvement was file security. In the new .docx format, Microsoft removed the ability for users to embed macros into the document. A macro is basically a set of self-executing instructions. Today, many variants of ransomware are being spread by macros in infected .doc and .xls files. With the older version of Word, you can just click and boom, you’ll find all your files encrypted and be looking at a ransom message and the prospect of paying hundreds or thousands of dollars to get your data decrypted.

So Yankee-thrift is a great concept, but not in business where you share files all the time. Keep your software versions current and if you’re not sure how old is ‘too old’, ask your IT professional who can guide you.

Everyone keep safe out there!


Angie’s List Scam – Heads up!

Alert your users to be on the lookout for a phishing email allegedly from Angie’s List. The subject line is ‘Invoice xxxxx from Angie’s List, Inc.’ and the message body looks like a QuickBooks generated invoice for $216.64 or some similar amount. The message body starts with ‘Dear Valued Customer’ which should be your tip-off that it’s a bogus message – legitimate email messages will have your personal info.

There’s a ‘View Invoice’ button which, if clicked, takes you to a website that will infect your computer with malware. Just delete the message without clicking on anything.

Want to train your users to better recognize phishing scams like this? Contact us to learn about online Security Awareness Training. The cost to train and educate your entire company for a whole year is less than $750 for an organization with fewer than 50 employees.

Everyone stay safe out there!


Does Your Endpoint Protection Include this Important Ramsonware Tool?

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.


Data Mishandling Could Cost CA Hospital $25,000 per Patient Record

Think that professional IT services are expensive? How about the cost of your current provider making a mistake? Last month a California state court judge finalized the highest ever per-plaintiff cash settlement in a data breach case. St. Joseph Health System, based in Irvine, is set to pay upwards of $28 million to settle a 31,074-member class action. The dispute arose out of a 2012 incident that exposed over 31,000 patient records to the Internet. The cause was not malware in this case but rather simple mis-configuration of the hospital’s intranet.

The takeaway? Security for your network and data needs to be one of your highest priorities. Even a small business can have thousands of customer records with sensitive information that must be secured.

If you’re not sure about your organization’s IT security, I urge you to take advantage of a special, limited-time promotion we’re offering where we’ll review your IT systems and provide you with a detailed 57-Point IT Systems Security and Performance Assessment – all for FREE. Click here to learn more.


Ransomware Comes to the Mac

Ransomware is nasty stuff. Covert software gets onto your computer, encrypts all your files (and network files) with what’s effectively an unbreakable code, then extorts the user into paying a ransom – usually in untraceable bitcoins – to get the data back.

The cybercriminals that develop ransomware have traditionally gone after the Windows market as it’s large and predominately used in business, but now they’ve specifically started targeting Mac users.

This past weekend Palo Alto Networks wrote that they had found the ‘KeRanger’ ransomware app wrapped inside Transmission, which is a free and reputable Mac BitTorrent client. To make it worse, the infected version of the app was signed with a legitimate Apple developer’s certificate.

It’s not know how the hackers were able to upload an infected version of Transmission to the app’s website, but it worked. BTW, if you use Transmission the bad version was 2.90 and you should immediately upgrade to 2.12. This particular variant of malware waits for 3 days after being installed then does its deed.

And to make matters worse, it appears that this ransomware will try to encrypt files on Apple’s consumer cloud backup service, Time Machine. So an infected user could be looking at losing all their local and backed up data.

The ransom? 1 bitcoin or currently about $404.

The lesson? It doesn’t matter what kind of computer or operating system you have. Cybercriminals will target any group that seems profitable to them and they have the expertise and resources to be successful.

Everyone stay safe out there!



Bogus “American Express Fraud Protection Alert”: Heads Up!

Cyber criminals are at it again and this time they’ve come up with an interesting twist. The Phishing email is actually disguised as a fraud alert message from American Express! Here’s what to look for.

You receive a message with the subject line of Fraud Protection Alert with a ‘FROM’ address of American Express Customer Service. The message body looks like an Amex message with the logo and some footer information that seems pretty typical. But if you click on the hyperlink to ‘Verify’, you’re actually taken to a bogus Amex website where they tell you to log in. If you do you’ve just given the criminals access to your Amex account.

What are the giveaways this message is bogus? First, it isn’t actually addressed to you – it’s just Dear Customer. Second, there are some spacing problems in the message body that a real company like Amex would never do. Just sloppy. And finally, Amex and other credit card companies won’t ever include links to log in with any alert messages. They’ll instead tell you to call them at the number on the back of your card or to manually go to the credit card company’s website and log in normally. By the way, if there was a number included in the message don’t call it – those are often manned by fake ‘agents’ who will try to verbally get your credit card info.

Are your employees having difficulty with Phishing messages like this? Contact us about a new and very affordable company-wide training program we now have available to help educate your users.

Everyone stay safe out there!


Beware Tax-Season Scams

It’s tax season and the bad guys will use this opportunity to try and scam you – both by email and telephone. Last year over 360,000 people received harassing phone calls demanding payments and threatening jail. And there were millions of similar bogus emails.

By telephone, the routine is that you get a call supposedly from the IRS demanding payment for an overdue balance. The criminals will often even have the last 4-digits of your Social Security number to try and convince you they are legit. They demand immediate payment of the ‘overdue balance’ or threaten you with arrest. Typically payment is requested via Western Union or MoneyGram – both of which are very hard to trace.

The email messages are similar but will add a link to a site where you can ‘make payment’.

The IRS never initiates official business via telephone or email. They will always send a letter.

So if you get one of these phone calls just hang up. And delete the email messages, too.

Everyone stay safe out there!


Apple Phishing Scam – heads up!

Tell your users to be on the lookout for a phishing scam that looks like it comes from Apple. An email is received supposedly from Apple Support threatening to suspend your iCloud and Apple ID account because you did not reply to an earlier verification email. The phishing email has a link that allows you to ‘verify now’ but if you click the link you land on a bogus webpage that looks like it’s Apple but is a fake. The page prompts the user to enter their account and password and then boom, you’re done.

Everyone stay safe out there!



“Your PayPal Invoice is Ready” Ransomeware Scam

This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out.  Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.

Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.

  • Block all .zip type of attachments in your email system
  • Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service
  • Install better quality antivirus software that specifically looks for these types of threats. We recommend Trend’s Worry Free Business Security Advanced

As always, we’re glad to help organizations with issues like this. You can learn more or contact us anytime.



“Order” or “Case” Email Viruses Surging: Heads up!

There’s a rash of email messages appearing where the cyber criminals are trying the less-is-more approach. The subject line just has the word ‘Order’ or ‘Case’ and a string of letters/numbers. The message body references a ‘Total Amount’ or $30,000+, a ‘Timestamp’, and a ‘State’ reference. The message then asks you ‘Please open the enclosed Doc file’ – referencing an attached Microsoft Word file.

Opening the file will run a macro infecting systems that haven’t been updated and patched.

Remind your users to stop and think before they act on messages they receive, especially if it’s from someone they don’t know, contains an attachment, or uses fear or greed to try and encourage action.

Stay safe out there!



‘Secure’ Email Message Scam

The bad guys are relentless in trying to steal your information. The latest is a email with a subject line of “You have received a new secure message.” The body of the message has some graphics and prompts you to open the attachment which is a Word file named ‘Secure Message.doc’ (or similar).

Opening the file on a system that’s missing Microsoft Office security updates infects your system via a macro that exploits the unpatched vulnerabilities.

What can you do to help keep your organization safe? From a corporate perspective, make sure you have a good firewall installed, properly configured, and regularly updated. Also make sure that all user endpoints – Mac or PC – have installed, configured, and current antivirus software. And consider using an email filtering device or service to ‘pre-clean’ much of the junk like this scam.

Remind all your users to stop and think before they act on an email message they receive. Everyone stay safe out there!



‘Email account quote exceeded’ malware

Alert your users that there is another email phishing attack making the rounds of corporate America. Users receive an email with the subject of “EMAIL ACCOUNT QUOTE EXCEEDED…” with a couple or email addresses listed including their own. The body of the message contains a simple bar graph that seems to indicate that the mailbox is running out of space. The message then urges the user to “Sign back in a continue your usage.”

Clicking on the link redirects you to a malicious webpage that will try to exploit your browser (if not updated) and install malware on your computer and will further try to get you to reveal credentials. Just delete the message without clicking on anything.

Remind your users to stop and think before acting. Everyone stay safe out there!



iCloud/Apple ID Final Warning Scam

Tell your Mac users to be on the watch for this one. You receive an email purportedly from the ‘Apple & iCloud Support Team’ with a subject of ‘iCloud/Apple ID Final Warning‘ telling your that you haven’t reviewed and confirmed your Apple ID details. There’s a link to do this ‘validation’ which takes you to a bogus site where the bad guys hope you’ll actually enter your ID & password – effectively giving them your account.

Remind your users to stop and think before they click.

And did you know that a firewall with an active subscription can block many of these messages from even getting into your organization? Definitely worth considering if you are just using a plain old firewall. New technology in this area is surprising affordable and you can also get this functionality as a service for only a few dollars a month. Contact us if you’d like to learn more.

Everyone stay safe out there!



Walgreen’s Gift Card Scam

Tell all your users to be on the lookout for this phishing scam. You receive an email with the subject “Re: Your Walgreens Gift-Card (Expires 7/20/15)*”. There’s a large red graphic with a big ‘$50’ and even an official looking bar code. Clicking anywhere on the image or on the included link takes you to a foreign site where you’ll get prompted to reveal information to ‘confirm’ your gift card. What you’ll actually be doing is giving your info away to thieves. Just delete the message without clicking on anything.

Remember, stop and think before you click! Everyone stay safe out there!



‘Dunkin Donuts Customer Loyalty’ Email Scam

Even coffee isn’t safe any more! The latest malware phishing scam is sending out email messages with the subject ‘Dunkin Donuts Customer Loyalty’ that promises a $100 gift card by clicking a link in the message. Except instead of a gift card, you infect your computer with spyware/malware.

Remind your users to stop and think before reacting to email messages. And if you haven’t already, subscribe to our blog with the link below so you can be notified of important alerts and info like this.

Everyone stay safe out there!


Sneaky New Malware Attack; ‘Stop spamming me’

Here’s a nasty new approach by bad guys trying to infect your computer and network and steal your data. You receive an email with a subject of ‘stop spamming me’ and a message body that contains the following text:

stop sending me offers from {your domain} i am not interested.
i have attached the email i received from {a legitimate email address at your domain}.
please stop

A Word document is attached which has a macro virus which, if opened in an unprotected mode on an unpatched computer, will infect your system with malware.

If you receive one of these just delete the message without opening it or looking at the attachment.

Everyone stay safe out there!


Watch out for the ‘Copy of your Invoice’ Scam

You receive an email supposedly from some online company with a subject line of ‘Copy of your {company} invoice (xxx-xxxxxxxxx) and there’s a Microsoft Word attachment. You might recognize the company name or are just concerned about something being ordered in your name so you click and open the attachment. Boom – you just infected your computer with a key logging virus.

We’ll give the same advice we always give our customers; make sure your antivirus software is up-to-date and working correctly, make sure you have a good firewall either for your business or installed locally on your computer, and stop and think before you click.

Stay safe out there!



Heads Up! IRS Refund Scam

From our friends at Knowbe4, here’s a nasty ransomeware scam that’s looking for victims. Share this with your friends and colleagues.

Cyber criminals are preying on American tax payers that have made the April 15th deadline and are now waiting to hear about their refund. There is a massive phishing scam going on right now which tries to trick you into opening a Microsoft Word attachment. But if you do, all your files will get hijacked and encrypted. If that happens, you only get your files back after paying around $500 ransom.

Remember, think before you click, and do not open any attachments you did not ask for!



Malvertisement Alert! Firefox and IE Users Affected

Trend Micro yesterday announced that they’ve found a vulnerability in Adobe’s Flash Player that permits systems with Internet Explorer or Firefox to become infected with Malware from Flash-based advertisements. This is a so-called Malvertisement.

These are particular insidious because a system can become infected simply by visiting a page – the user doesn’t need to click on anything.

The site where most of these infected ads are running is the popular dailymotion.com

Adobe is aware of the issue and is working on a fix that they’ve promised to release this week, but as of this morning it isn’t yet available (current build of Flash is

What can you do? If your organization can block access to the payload URL, that’s a good action to take. Detailed info on that URL is available in the Trend blog. If your users are running Trend antivirus products with Browser Exploit Protection they are already protected. If you’re not sure have your users disable autoplay of plugins (see our newsletter that explains how to do this here). If you want to be 100% safe, uninstall Flash from systems until a fix is released.

Heads up! Child Predator Email Scam

Proving that cyber criminals will sink to any level to steal your information, here’s another scam to alert your users about. Thanks to our friends at Knowbe4 for an early warning on this one.

Preying on the fears of any parent, users receive an email ‘warning’ them about a child predator ‘living near you!’ The email is delivered based upon zip codes so it might seem to have some legitimacy to a casual reader. The email contains a link to get more information and if you click on it, you infect your computer with malware that will attempt to steal passwords, account information, credit info, and even your identity.

Tell your users to delete the message without opening or clicking on anything.

Remember, stop and think!


Head up! ‘Fuel E-Bill’ Scam

Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.

Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.

Be careful out there and have a good weekend!


‘Tiket Alert’ Email Scam – Heads Up!

Tell your users to be on the alert for an email message with a subject line containing ‘Tiket alert’. It has a .zip attachment with a filename of tiket_number.zip that, if opened, infects the system with malware. Users should just delete the entire email.

Remember to stop and think.

Everyone stay safe out there!


CryptoWall v2 Virus; Get Infected without Clicking on Anything

In a nasty new twist, CryptoWall v2 now uses infected ads on dozens of popular sites like Yahoo, AOL, and Match.com to infect computers. The worst part is you don’t even need to click on the ads to become infected. Simply visiting the page with outdated software on your computer can infect your system.

For those of you not familiar with CryptoWall and similar ‘ransomware’ viruses, they work by infecting your computer and then encrypting all your data so you can no longer access it. Then it demands a ransom – $500 in Bitcoin in this case – in order to decrypt it. There is no practical way to decrypt it yourself. You either restore everything from a backup or pay the money.

In this particular case, the ads are infecting computers that have an outdated version of Adobe Flash installed that has a known vulnerability. Flash is used to allow many websites to broadcast video content through Web browsers. This vulnerability is exploited by code in the ads which causes your computer to download and install the virus. This is what we in the industry call a ‘drive-by-download’.

What should you do?

If you have Adobe Flash installed and you’re running Google Chrome or Internet Explorer on Windows 8 or newer, you’re probably OK as Flash automatically updates itself so it has already been patched against this exploit. You should still check to make sure you have the latest version as some website restrict software from being automatically installed.

To check if you have the latest version visit Adobe here: https://helpx.adobe.com/flash-player.html

If you don’t have Flash installed you don’t immediately have to worry about this. But you have ever watched a video in your browser, the odds are good you have Flash installed. So check to be sure.

Everyone stay safe out there!


“Final Alert” shipping email scam

Warn your users to be on the lookout for this one. You get an email with a subject line of ‘Final alert for {your email address}’ with a message body that claims to have shipping and tracking info for something that isn’t identified – except that the claimed ‘order total’ is several thousand dollars.

The hope of the scammers is that the large number will frighten someone into clicking on the link to open the email. Doing that will open a browser window taking the user to a website that will then attempt to install malware onto the computer.

Remind your users to stop and think before they click.

Be careful out there!


Heads up for Hacked eBay Accounts

If you use eBay watch out for the following scheme.

The bad guys use a phishing email to infect a user’s computer with a keylogger that records keystrokes. When an eBay login is detected, those credentials are used to access the account, set up a fake listing for a smartphone, TV, or some other popular item, and then the eBay account password is changed thereby locking out the legitimate owner of the account.

Unsuspecting buyers see a cool item at a great price and they check the feedback of the seller and see a 100% rating. So they click to buy but are instead taken to a fake eBay site where the victim is asked to log in and give out their bank details. Once they do this their bank account is cleaned out.

Remember – always keep your antivirus software up to date and current and stop and think before you click!



5 Million Gmail Passwords Exposed

CNN yesterday afternoon reported that approximately 5 million Gmail addresses and passwords showed up on a Russian Bitcoin forum this Wednesday. Google says that it’s servers weren’t breached, but it’s unclear how the data in such large amounts was obtained – and how much of it is actually good.

It’s not uncommon for collections of such info to be summarized from multiple phishing and keylogging malware exploits and then offered for sale.

So if you have Gmail accounts, it’s probably a good idea to update your passwords.


iCloud Nude Photos Hack: Lessons to be Learned

With the news of dozens of female celebrities’ nude photos being stolen off iCloud over this past weekend, there are a couple of lessons to be learned.

  1. Apple devices aren’t somehow ‘safer’ or ‘immune’ to being compromised. Most likely the accounts in question were compromised by phishing attacks – targeted emails or sites designed to trick users into revealing account information.In some ways Apple users are more vulnerable because Internet legend tells them that Apple devices are immune to viruses and malware. Apple themselves does little to dispel this myth – most likely as it works so well for them.

    The reality? Any device including web-only appliances like Chromebooks are susceptible to phishing attacks. The only defense is to educate users.

  2. When you sync data from a local device to a cloud service then later delete it, the cloud data probably still exists. People tend to think about data as residing in the device that generated it but once you link to the cloud that isn’t the case. Just look at the IRS email scandal where it was claimed that Ms. Lerner’s email was ‘lost’ because her computer hard drive crashed. Only a copy of email makes it to the user’s local computer. All the email really exists on email servers which is why this claim is so ridiculous to people in the tech community.Remember that if you have any device linked to the cloud, a copy of everything is probably somewhere else.
  3. When your data is in a shared Cloud, you no longer control it. Apple has robust security on its cloud service. As does, Microsoft, Amazon, Yahoo, etc. But it’s still not in your control.This is one of the reasons we developed our Private Cloud service. With Private Cloud, your data is exclusive to you and isn’t co-mingled with anyone else’s data. Your organization maintains control.
  4. Think before you create data. It’s probably not a good idea to snap those nude photos or write that manifesto if you’d ultimately be uncomfortable about it get out into the public. Once created, data has a way of moving easily and silently around the Internet.


Robin Williams Scam

As if the events surrounding Robin William’s death aren’t sad enough, the bad guys out there are already trying to use it to steal your data. Users get an email or see a social media post with a subject line with something like ‘See Robin William’s Last Words’. Clicking on the link gets the user’s system infected with malware/spyware.

So alert your users to stop and think before clicking!



E-ZPass Email Scam

In a relatively new twist, we’re now seeming a phishing scam by the bad guys centered around the popular E-ZPass toll system. Here’s how it works.

You receive an email with a subject line of ‘Indebted for driving on toll road’ or something similar. The message itself has an official looking E-ZPass logo and a brief message claiming that you have failed to pay tolls and that you need to take care of it right away.

Of course, there’s a link which if clicked takes you to a fake website where you are asked to verify your account by entering your credit card info.

The giveaways that it’s bogus? Poor grammar, non-personally addressed, a direct link to a document rather than a request that you just log in to your account normally, and if you hover your mouse over the included link, you’ll see that the destination has nothing to do with E-ZPass.

Remind your users to stop and think before they respond to email messages.




New Ransomware Targets iPhones & iPads

A new type of ransomware is appearing – mostly in Australia and the UK for now – that targets iPhones and iPads. The attack exploits the ‘Find My Phone’ feature to launch the attack and the bad guys have somehow got access to iCloud account info that’s used to lock the devices.

What happens is that suddenly your iPhone or iPad will lock itself and then you receive a message that you’ve been hacked by Oleg Pliss and you have to pay $100 US/EUR via PayPal to get the device unlocked.

Your best defense? Change your Apple ID credentials now.


KnowBe4 Offers to Pay your Crypto-Ransom if You Get Hit

In an impressively confident offer, the Internet Security training firm KnowBe4 has offered to pay the Crypto-Ransom if an organization that completes its user training subsequently gets hit by ransomware such as CrytoLocker, CryptoDefense, or CryptoBit.

Said Stu Sjouwerman, founder and CEO of KnowBe4, “We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer.”

It’s refreshing to see a training company that’s so confident in its product and methodology that they’re willing to offer such a guarantee.

You can get more information at the KnowBe4 website  




“Incoming Fax Report” Scam

Here’s another scam to alert your users to watch for.

You receive an email with a subject line similar to ‘INCOMING FAX REPORT: Remote ID: xxx-xxx-xxxx’.

The message body includes some fax-like info including data/time, speed, connection time, pages, etc. It then includes the statement “Please use the following link to download your file:“.

The link provided will take you to a page that will infect your computer with spyware/malware.

Spam filters can’t block these types of messages – you have to rely on educating your users to the threat and reminding them to stop and think.

Everyone stay safe out there!


‘This Damaging Report Concerns You’ Scam

We’re all concerned about what info might be online about us, so this latest scam is sure to snag a few unsuspecting victims. Here’s how it works.

The bad guys send you an email with a subject line similar to this: “{username from your email address} this damaging report concerns you“. The message body typically has a reference to ‘damaging information leaked’ and the date and your email name again. There’s also a ‘record’ number and an admonition ‘Don’t let your reputation be ruined because of this published report

There are usually a couple of links – we’ve seen several to the naricbide.com domain which is a hacked system in Connecticut.

Clicking on the links infects your computer with keylogging malware designed to steal your data.

Antivirus and anti-malware software can’t stop these types of attacks so the key again is to educate your users. Always be suspicious of email messages received from a sender you don’t know, and if the message threatens you with something if you don’t act, it’s probably bogus.

Everyone be safe out there!


Use Craigslist to Hire? Read this Alert

You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in  way that greatly increases the chance of it successfully attacking your business.

The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.

What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.

What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”


Internet Explorer Vulnerability and Windows XP

As I wrote a few weeks ago, if you’re still running Windows XP you are officially ‘on your own’ as it relates to updates and patches. Just this week a problem was reported with Internet Explorer and is a perfect example of what I meant.

A so-called ‘Zero Day’ bug was found with most versions of Internet Explorer. If exploited it would allow an attacker to control a computer with the same rights as the person using it.

Microsoft will patch this as it routinely does with other issues – usually on ‘Patch Tuesday’ – Microsoft’s monthly security update release process. If they feel it important enough they’ll release a patch sooner – what they refer to as ‘out-of-cycle’.

But if you’re computer has Windows XP you won’t receive any patches or updates as they won’t be released for that OS. So if you still have Windows XP systems that you’re using, really think about moving them to Windows 7/8 ASAP.




The Bad Guys are Waiting for April 8

Most of you are probably aware that Microsoft is ending support for Windows XP on April 8. That means no more patches, bug fixes, or updates. But what many of you may not know is that cyber-criminals have been hoarding discovered vulnerabilities, patiently waiting for April 9, so that they can then use or sell them. There are some estimates that there are hundreds of potential vulnerabilities out there waiting to be exploited.

What can you do if you still have XP machines in production? There are basically 3 options.

  1. Microsoft has created an incentive program called Get2Modern that offers discounted pricing on Windows 8 software upgrades. Expect around $140. But keep in mind that many older machines running Windows XP and many older applications may not be able to run on Windows 7 or 8, or may require hardware upgrades. And upgrading the operating system on a XP machine to Windows 7 or 8 isn’t trivial as there is no direct upgrade path. Expect to spend many hours for each machine.
  2. You can purchase/lease/rent new desktops or notebooks that come with the latest version of Windows – and a new machine warranty, as well. And prices are pretty attractive right now. For example, we just had a customer pick up some HP All-in-One desktops with Windows 8.1 Professional for less than $500. And monthly rentals with Windows 7 or 8 and the latest version of Microsoft Office are only $49
  3. If you must keep old XP machines around for a while, you can take certain steps to mitigate the exposure you have. See the article from our friends at KnowBe4 for details.



Cell Phone Scam – Alert your Users!

A nasty social engineering scam has surfaced combining a call to your cell phone along with a fake website. This one is pretty sophisticated – here’s how it works.

You get a call on your cell phone and the Caller ID appears to be from ‘Verizon Tech Support’ or ‘AT&T tech Support’ or similar. You hear a recording that your entitled to a voucher for your account for as much as $100. You are directed to a semi-legitimate sounding website that incorporates the voucher amount. Something like ‘ATTvoucher89.com’ for a promised $89 voucher.

When you go to the site it looks pretty good as the scammers have stolen all the legitimate site logos and text. You’re asked to enter your cell number, your account ID and password, and sometimes even the last 4-digits of your social. Give them all that and boom, they have what they need to begin a full identity theft.

Remember, NEVER TRUST CALLER ID – on any call. It’s easy to fake. And never act on calls or email messages offering you free stuff. There is no free lunch.

Thanks to our friends at Cyberheist News for passing this one along to us.

Everyone be careful out there!



New Email Amex Scam – “Important: Personal Security Key”

Everyone be watching for this new scam. Users get an email with a subject line of ‘Important: Personal Security Key’. There’s a graphic with the text ‘Fraud Threats: How American Express Helps Protect You’ and some information and a request that you create a ‘Personal Security Key’. All this so that American Express can supposedly help protect you.

Of course, if you click on any of the links you’ll be taken to a bogus sight where the bad guys will try to trick you into entering your Amex card info and boom, the fraudulent charges will start rolling in.

The tip-off’s this is bogus? They are the same as usual:

  • Not personally addressed to the recipient
  • when you hover your mouse over the link for www.americanexpress.com you can see that the destination if clicked is an entirely different site (bullisfabrication.com on several of the messages we’ve seen)
  • Formatting on parts of the message are amateurish

Remind your users; stop, think!



“Image has been sent” scam: Heads up!

In an interesting variation from the scammers out there, be on the alert for an email message that shows up with a subject line of “Image has been sent <youremail@somewhere.com>”

There are a couple of links which if you click on them take you to the malware payload page.

This is a slightly different ploy trying to entice you to click on the links because of the lack of information – you do want to find out whatever image was sent, don’t you?

So alert all your users and remind them to stop and think before clicking on any links!



Free Credit Monitoring Scam. Heads up!

It’s not bad enough that Target’s systems this holiday season were compromised and as many as 100 million credit card accounts compromised. Now to make it worse, scammers are capitalizing on the fact that Target and many other retailers are offering free credit monitoring services to their customers.

The scam works like this; you get an email telling you that because your credit card account was compromised, you run the risk of unauthorized charges and identity theft. But the ‘merchant’ is offering you a free subscription to a credit monitoring service. Just click on this ‘link’.

So warn everyone to watch out for this scam and that any link or attachment for your so ‘sign up’ is likely a scam.

Be careful out there!



5 Most Dangerous Email Subject Lines to Watch For

The scammers are out in full force in 2014 so warn your users to be on the alert for phishing email messages. Here are the top 5 most dangerous subject lines based upon recent research done by our friends at KnowBe4:

  1. Invitation to connect on LinkedIn
  2. Mail delivery failed: returning message to sender
  3. Dear {insert bank name here} Customer
  4. Important Communication
  5. Undelivered Mail Returned to Sender

Everyone be careful out there!


“Scheduled Home Delivery Problem” E-mail Scam – Here’s what to watch for

Just in time for the holidays is yet another email scam. Here’s what to be on the lookout for:

You get an email purportedly from Walmart, Costco, or some other large retailer. The subject line is something intended to fool you into thinking there is a delivery problem with something you may have ordered or a gift that’s coming to you. The subject line is something like “Scheduled Home Delivery Problem” or “Express Delivery Failure”.

The message may have the company logo and an ‘order’ number and has links to check out the order and also to fill out a form to give updated shipping info. Clicking either link infects your computer with malware designed to steal your accounts, passwords, and other sensitive data.

The giveaways that it’s bogus? The message isn’t personally addressed to you (it’s a ‘Sir/Madam’ or ‘Dear Customer’ format’), the language is poor English, there’s a threat (‘you will get your money back but 17% will be deducted’ for some reason), and if you hover over the links without clicking, you’ll see that they resolve to addresses that have nothing to do with the merchant.

So warn your users and remember to stop and think before clicking!


2 Million Accounts Compromised – ADP, Facebook, Google, others

SpiderLabs, a security team that’s part of the security company Trustwave, reports that they have found over 2 million stolen credentials available for sale on the Internet.

Included in the massive collection are credentials from the payroll provider ADP, Facebook, Google, Yahoo, Twitter, and LinkedIn. Most appear to have been stolen with a piece of malware that searches systems for likely looking stored accounts and passwords as well as watching browser activity and recording logins as they occur. The captured info is then sent off to the bad guys for cleanup and ultimate sale.

The most common password? 123456

The malware causing all this havoc would be stopped by keeping computers and browsers patched and up to date, and of course keeping anti-virus software updated.

If you’re concerned about any of the above accounts you use, this might be a good time to change those passwords.

Keep your organization’s and personal computers updated and please ask you users to come up with passwords that at least make it a bit harder for the thieves. A good guideline is to use at least 8 characters, a mixture of uppercase and lowercase, and some symbols mixed in.


How to Detect Online Holiday Deal Scams

It’s the season for holly and mistletoe, but unfortunately that means that the scammers are working overtime. They know that a record amount of online shopping is being done online this year (and especially this Cyber Week) – and a lot of it is being done at work – so they are trying hard to infect computer systems and steal info.

How is it being done? Mostly by offering incredible sounding deals in an email message that when clicked, take you to a completely fraudulent website whose purpose is to get you to type in that credit card info or to infect your computer with malware.

So tell your users to stop and think. If they see a deal for a 60″ LED flatscreen TV for $299 from a vendor you’ve never heard of, stay away!

And these ‘deals’ are coming via social media and on mobile devices too.

So warn your users. And as the old saying goes, if it sounds too good to be true, it probably is.




Does an OS have a Shelf Life? Windows XP Does – Here’s Why.

By now you’ve probably heard that Windows XP support from Microsoft officially ends this April. Many just brush off the end of support as a cynical marketing ploy by Microsoft to compel users to purchase an upgrade. But here’s why it isn’t.

Windows XP was a remarkable operating system in its day. Consider that it had to run most of the old 16-bit Windows software on the market while at the same time laying out the framework for a real 64-bit OS which we enjoy today (Windows 7/8). But fair is fair. It is fundamentally no where near the OS that Windows 7 or 8 is and no amount of patching and TLC will ever make up the difference. And the needed environment and security threats that exist today weren’t even contemplated when Windows XP was being created.

So what will happen if you don’t upgrade systems using Windows XP by this coming April? Based upon what happened when Windows XP Service Pack 2 went end of life in 2010, malware infections increased a whopping 66%. Check out the data here. I would anticipate similar problems this April.

So plan to make the transition sooner rather than later. For most current versions of applications it’s not a big deal but if you have older vertical apps, it’s time to start working on it.


Ransomware Comes to the Mac

Researchers at Malwarebytes, a leading security firm, recently reported that they have found a strain of ransomware targeting Safari users. When users visit a website that’s been infected with the malicious code, their browsers are hijacked and they receive a message claiming to come from the FBI.

The message tries to scare the user with an official looking format saying that their ‘browser has been blocked’ because their computer was used to violate copyright laws, view porn, or it had tried to hack into some system illegally. In some cases it’s being reported that the system is infected with malware and users are being coerced into paying a fee to remove the threat.

The scam demands $300 from the victim that can be paid through Green Dot MoneyPack by purchasing a pre-paid card and then transferring it to the scammers.

According to Malwarebytes, if you get hit by this threat don’t try to do a ‘force quit’ on the page – Safari will auto-restore the page when it comes back up. Instead, click on the “Safari’ tab on the navigation bar and choose ‘Reset Safari’ ensuring all the boxes are checked. Then hit ‘Reset’.

Everyone be careful out there!