Phishing Campaign abuses Google Translate

A circulating email phishing campaign uses the online translation tool Google Translate to obscure a link included in phishing emails. When victims access the link, they are led to a fake domain: a spoofed login page for Google or Facebook whose URL is obscured in their browser’s address bar. Enter your credentials and BOOM – the bad guys own you. This technique appears to bypass in-browser security notifications.

Using Google Translate as means to hide malicious action is a unique tactic, but this campaign doesn’t appear to be a ‘professional’ attack. Rather it appears to be a widespread and untargeted campaign. But still, because it’s new make sure you alert your users to be on the lookout.

And if you’re not sure that your users are prepared to recognize these types of attacks, contact us to learn more about end-user security awareness training. For a very small investment, you can train everyone in your organization to spot these types of threats.

Everyone stay safe out there!

Half of Small Businesses Were Cyber-Attacked in the Last Year

Recent news has been full of high-profile IT security breaches such as the theft of customer data from British Airways, but I have to remind smaller businesses that they are not ‘flying under the radar’ of attackers when it comes to being vulnerable.

According to a recent study from the insurance firm Hiscox, 47% of small businesses surveyed in the US, UK, and Europe, had suffered at least one cyber attack during the past 12 months. Contrast this with the fact that 51% of SMBs don’t see themselves as a target (Switchfast survey). Does anyone else see the problem?

Switchfast’s conclusion is “the actions of small business employees and leaders reveal little is actually being done to address the lax attitude toward security. Negligent employees are the number one cause of data breaches at small businesses.”

What sort of negligence is Switchfast referring to? Firewall vendor Fortinet put their finger on it when they reported their monitoring shows that cybercriminals are only exploiting 5.7% of known vulnerabilities. So the conclusion is that SMBs simply aren’t applying published fixes and updates in a timely fashion. By taking this fundamental step, SMBs could go a long way toward protecting themselves from a cyber attack.

So why don’t SMBs do a better job with updates and patches? Those that manage this themselves tend to forget about it or perhaps only try to ‘do something’ on a 6-month or yearly basis. Or they miss less obvious updates such as those needed for firewalls, routers, switches, and wireless access points.

What’s a good strategy? Find an IT partner with the automation tools to handle this for you. Regardless of whether you have in internal IT resource or you do-it-yourself, modern automation tools such as those provided by MicroData’s Managed Services can eliminate concerns about patching, monitoring, and many cyber security threats – and for pennies a day.


Scam Alert: Hackers Don’t Actually Have Video of You Watching P0rn

A new scam making the rounds has cybercriminals trying to extort money from netizens by threatening to leak a video to friends and family of their marks watching X-rated videos. Here’s how it works.

A user gets an email from a crook who claims to have obtained, through hacking their computer, compromising webcam footage of them watching an adult website.  In reality, the user’s computer wasn’t hacked but rather the cybercriminal has simply purchased some passwords and email addresses on the Dark Web that likely originated on a hacked forum or site that the individual may frequent. Think a hobby or club-type forum.

The attacker’s message includes a reference that they have obtained all the user’s contacts including co-workers, friends, and family. And the clincher is that the extortion message shows the user’s actual password in an attempt to convince the reader that they need to pay up – or else.

The cybercriminal is banking on the target reusing their leaked password for other more important websites and being convinced that those accounts have been compromised as well. In reality, the attacker probably only has the one compromised password and is hoping for a quick payout.

If you receive this email, don’t panic and don’t send them any Bitcoin. There most likely isn’t any video. Change your password, don’t reuse any passwords that you use for important sites, and consider using two-factor authentication and a password manager to keep your accounts secure going forward.

And if you’re a company exec or IT pro, make sure your organization is monitoring the Dark Web for ID account compromises. That’s where cybercriminals are purchasing credentials for scams like this. Check out our Dark Web Guardian service that provides 24×7 monitoring for these types of compromises – 50% off a new 1-year subscription when purchased by August 31.

Everyone stay safe out there!


“My Login Info/PII Isn’t on the Dark Web.” Let’s Find Out…

Unfortunately, most people that say this have little basis for the belief. The reality is that without monitoring it’s almost certain that some of your employees credentials are available for sale – or for free – out on the Dark Web and you’ll not know it. In 2017 we found 92% of organizations tested had compromises.

Here’s an example. I recently ran a quick scan on our local school system. I stopped the report after the first 190 compromises were found. And the report showed concerning details like failure to have implemented a complex password policy, setting a reasonable password depth, exposed Personally Identifiable Information (PII), etc.

Having the best firewalls and monitoring solutions in the world are useless if a cybercriminal has someone’s account info and password and just logs in.

I’m offering to help you find out at no cost or obligation. Visit this link and fill in your information and we’ll run a Dark Web scan for your domain at no cost and with no obligation. We’ll even give you a copy of our MicroData Dark Web Scan Action Guide that provides detailed recommendations on what to do if compromises are found.


“Your computer has a virus’ cold call scams on the rise

Microsoft has recently reported that complaints are up 24% for tech support scams. And freshly released stats show 15% of complainants losing cash to the scam.

If you’re not familiar with how it works, a user will get a call from someone usually claiming to be from Microsoft who will talk the victim through a number of steps on their computer that will cause something technical or scary to appear on the user’s screen. At that point the scammer will declare the information showing is ‘evidence of a serious problem’. An offer to fix the problem for somewhere between $200 and $400 is then presented.

This scam is indiscriminate, targeting both businesses and individuals. It’s  particularly frustrating in that individuals over the age of 55 seem to be particularly targeted.

This is one of those IT areas where no software or network gizmo will protect the user. Only training can help and is one of the reasons why MicroData always includes End User Security Awareness Training as part of any IT system design. Contact us if you’d like some help with locating these sorts of resources.

And remind your users and friends that if they get a unsolicited call from anyone about a ‘problem’ with your computer and the individual claims to be with Microsoft (or anyone else), just put the phone down. Microsoft and other reputable vendors never make unsolicited calls to users.



W2 Phishing Season is Here. Alert your Accounting Department

For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe hundreds of payroll and HR departments into providing W-2 data on their employees, which results in the filing of fraudulent tax returns, other identity theft cases, and even class-action lawsuits against the company.

The typical W-2 phishing email is spoofed to look like it is from a  high-level executive and asks the employee to provide W-2 or other tax-related information either by replying to the phishing email, by sending the information to another email address, or to upload it to a server owned by the bad guys.

In many instances, the request for the information appears to be urgent, which forces the employee to act quickly. These spoofed messages can be very convincing. The emails have the email address and often contain the actual signature block of the executive that makes the employee believe that the email is authentic.

So remind your employees to think before they click. And consider some Security Awareness Training for your business. It’s the proven, effective way to significantly reduce employee susceptibility to phishing attacks. Contact us if you’re looking for help in improving IT Security at your business.

Everyone stay safe out there!


Netflix Phishing Scam – Pass the Word!

Heads-up! Bad guys are emailing you that your Netflix account has been suspended, and it looks just like the real thing. They are trying to get your login information and your credit card data.

Don’t fall for this type of scam. If you want to change the settings of subscription services like this, never click on links in any email and just type the name of the site in your browser or use a bookmark that you set.

Everyone stay safe out there!



Las Vegas Shooting Scams


Heads-up! It’s sickening, but cyber criminals are already exploiting the Las Vegas shooting. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails being sent out asking for donations to bogus Vegas Charities.

Don’t fall for any scams. If you want to make a donation, you can go to before you consider giving to any charity. This free website will let you know if the charity is legitimate or a scam. It will also tell you how much of what it collects actually goes toward its charitable work and how much it spends on salaries and administration expenses.

Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Las Vegas disaster relief… THINK BEFORE YOU CLICK.

Everyone stay safe out there!


Hurricane Harvey Charity Scams

Hurricane Harvey was (and still is) a bad one and people in Southern Texas and Southwest Louisiana are experiencing some severe flooding.  Unfortunately, low-life cyber-criminals are already exploiting this disaster. Here’s what to tell your users to watch for.

Links are already appearing on Facebook and Twitter and phishing email messages are hitting mailboxes trying to solicit donations for the flood victims. Most often these links take you to bogus websites that infect your computer with malware or try and get credit card info.

Be very very cautious of anything online looking for your ‘help’ in the coming weeks. If you’d like to assist, go yourself to a relief agency’s website. A couple of suggestions are or

Everyone stay safe out there!


Chester Bennington & O.J. Email Scams – Heads Up!

Cyber criminals are already exploiting some recent celebrity news. Warn your users to be on the lookout for a couple of ransomware-loaded email messages that are spreading through the Internet.

The first has a subject line claiming Chester Bennington’s Suicide Note Released (or similar). And the other is O.J. Admits Guilt in Murder of Ron and Nicole. Both messages contain a link which if clicked, activates the payload.

Remind your users to stop and think before they act. And if you don’t already have a security training program in place for your users, why not? The investment is trivial compared to what a ransomware attack can cost your organization. Contact us for more information.

Everyone stay safe out there!


“Revoke your license” Email Scam

A new scam has appeared where users receive an email claiming they have unpaid traffic tickets which, if not paid or disputed by clicking a link within 48 hours, will cause the individual’s drivers license to be revoked.

Clicking the links provided does one of two things. Either malware gets installed onto the user’s comptuter to track web pages visited, or more serious, the user is taken to a fake RMV website where they are prompted to reveal personal information including names, Social Security numbers, date of birth, and credit card info.

Remind your users to stop and think before responding to unusual email messages. Or even better, consider training your users to recognize and avoid phishing attacks like this. Our partner, KnowBe4, offers a free phishing test you can safely send to your users to learn how prepared they are for these sorts of attacks. Contact us to learn more.


60% of SMBs Go Out of Business After This Happens

A survey just published by The Business Journals has some sobering statistics. Only 28 percent of owners of small and mid sized businesses responded that they are very concerned about ‘the safety and security of their firm’s technology, email and documents.’

What makes that particularly concerning is that it runs directly counter to the potential impact for small companies should they suffer a data breach. The Insights report said 60 percent of U.S. businesses with between 1 and 499 employees that suffer a data breach shut down within six months.

As a business owner or manager, if IT security isn’t one of your highest priorities, change your thinking and get some help. Proper IT security usually isn’t hugely expensive but it does require an understanding of the issues, threats and environment, and then implementing a comprehensive plan.

If you’re not sure where to start MicroData is offering a free, no-obligation IT assessment of your business. You’ll get detailed, specific information about the security of your IT environment along with recommendations for corrective actions. And of course we can handle all aspect of implementing and managing IT security for your business. Click here to learn more.


CEO W2 Request Scam

Cyber criminals want access to sensitive data. But rather than a brute-force attack to get it, they’ve figured out its much easier to simply go after users that already have access to the data. One scheme that’s popping up everywhere in the last few weeks is the CEO W2 Request Scam.

This appears as a phishing attack directed at someone in HR or Finance that has already access to this information. The individual receives an email with a spoofed sender address of the CEO (faked address) asking if they would ‘kindly forward PDF copies of all W2s’. It might even be followed up with a text message or another email and sometimes an additional request to have money wired somewhere.

W2s are selling for between $4 and $20 out on the Dark Web. The information on the W2s is used to file bogus tax returns, open financial accounts, apply for loans and credit cards, etc. And once this information is out, there’s no getting it back. It’s a major, long-term headache for anyone affected. And small and large companies are being hit, so no one is immune.

So tell your users to be careful and remember to not send personal or financial information via email and if they are ever unsure, stop and pick up the phone and verify any requests for information that are unusual or uncharacteristic.



RingCentral Spoof – Heads up!

Cybercriminals are now using references to the popular VoIP/efax service RingCentral in an attempt to trick users into taking actions that will infect their computers with malware.

Users receive an email message displaying the sending address ‘RingCentral’, a subject line that contains their name and the text ‘you have a new fax from 314-521-2722’ (or some other number), and the message body telling the user they can view the new fax message ‘on our website.’ Clicking the hyperlink will take the user to a web page that will infect the computer with a Trojan.

Make sure you just delete the message without clicking on any links.

Remind your users to stop and think before they act.

Everyone stay safe out there!



IRS Form 6642 Email Scam

Tell your users to be on the lookout for a new email scam – the subject line is “RE: IRS Form 6642” and the apparent reply address is from a law firm.

The body simply contains Can you print this? and a link labelled “IRS Portal.” Click the link and you download and install malware on your computer that looks for and steals financial account information and passwords.

What makes this scam somewhat different is that it doesn’t threaten or attempt to scare the user to action but instead asks a simple, innocent sounding question.

Just delete the message without clicking on the link or interacting with it in any way. And remind your users to stop and think before acting.


UPS Phone Scam – Alert Your Users

Not content to rely on just phishing emails, now cyber criminals are using a clever pre-recorded phone call to try and steal your credit card info. Here’s how it works.

You receive a phone call – often on a cell phone – with a very professional sounding recorded message claiming to be from UPS stating that your account (some account number is given but the bad guys are hoping you don’t remember your actual UPS account number and notice it’s different) is seriously past-due. You’re politely asked to call a provided 800-number. If you do you speak to a fake representative who offers to help you by taking your credit card info to ‘take care of’ the past due bill for you. Of course once you give them your credit card info your day is ruined.

Remind your users that cyber criminals are trying to get to them using any technology available – including the telephone.


Beware New Tech Support Scam

Here’s a new one you should alert your users to be on the lookout for. Over the last few years we’ve all become accustomed to receiving legitimate email alerts from providers such as Google, Yahoo, and Facebook when there was the possibility of a security risk such as a logon to your account from an unknown computer.

While cybercriminals have copied these emails in the past hoping to lure users into clicking on links taking them to infected sites, there’s now a new twist. Now the fake security email includes an 800 phone number that you’re told you need to call.

If you do you’ll either get to talk to a real cybercriminal – usually with a foreign accent – or you’ll bounce around voicemail for a while. But with either, you eventually end up being told that there’s something wrong with your computer and that they’ll fix it for you but need a credit card.

Remind your users to stop and think.

Everyone stay safe out there!


Why Ransomware Pays

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

If you’d like to learn more, download our Executive Report: Ransomware Prevention Checklist for Your Organization or give us a call at 978.921.0990

Everyone stay safe out there!



How the Chinese Stole the Secret F35 Fighter Plans – and Why it Matters to You

U.S. F-35 Fighter
U.S. F-35 Fighter

Starting in 2011, a Chinese citizen named Su Bin who lived in Canada orchestrated an elaborate hacking operation that stole over 50TB of classified data about the F35, B2, and other highly classified U.S. weapon systems. How did he do it?

It wasn’t elaborate technical penetration of firewalls or middle-of-the-night Mission Impossible-style burglary. It was simple email phishing.

With email phishing, a message is sent to employees appearing to be from a colleague or friend. The message contains a link and when the recipient clicks on the link, they are taken to a bogus website which then infected their computers with malware to harvest passwords and data.

While your company may not have top-secret information, you are almost 100% certain to be targeted in this same way by ransomware – software that encrypts your data – both local and Cloud – and you won’t get it back unless you pay a ransom to the cybercriminals.

The takeaway? Of course you need to implement all the best-practice technical safeguards and monitoring for your network, but equally important is that you need to train your employees to recognize phishing email messages so they don’t act on them.

If you’d like to learn more, click here to download our free Executive Report; Ransomware Prevention Checklist for your Business.


eBay Scam: Alert Your Users

With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.

The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.


Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.

Everyone stay safe out there!


Android Phishing Trojan Cleans Out Your Bank Account

From our friends at KnowBe4 comes an alert about a really nasty piece of malware which goes after Android phone users and targeted smartphone banking apps.

It works by inserting a fake login screen over the actual login screen in the app. When you log in you’ve actually just given the cyber criminals full access to your account and they promptly transfer all funds to an overseas account.

Android devices get infected by either installing an app outside of the Google Play Store (called a sideload), or by downloading a ‘Required Flash Update’ needed to view video – usually at an adult site.

So for your smartphone – iPhone or Android – follow these tips:

  1. Don’t sideload
  2. Don’t click on text messages you don’t recognize or expect
  3. Keep your device updated – both the OS and apps you use
  4. Don’t surf adult and inappropriate sites. Risk of infection is very high

If you’re concerned about malware and ransomware threats at your business or organization, check out our FREE download: Ransomware Prevention Checklist for Your Business

Everyone stay safe out there!


Angie’s List Scam – Heads up!

Alert your users to be on the lookout for a phishing email allegedly from Angie’s List. The subject line is ‘Invoice xxxxx from Angie’s List, Inc.’ and the message body looks like a QuickBooks generated invoice for $216.64 or some similar amount. The message body starts with ‘Dear Valued Customer’ which should be your tip-off that it’s a bogus message – legitimate email messages will have your personal info.

There’s a ‘View Invoice’ button which, if clicked, takes you to a website that will infect your computer with malware. Just delete the message without clicking on anything.

Want to train your users to better recognize phishing scams like this? Contact us to learn about online Security Awareness Training. The cost to train and educate your entire company for a whole year is less than $750 for an organization with fewer than 50 employees.

Everyone stay safe out there!


Does Your Endpoint Protection Include this Important Ramsonware Tool?

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.


Bogus “American Express Fraud Protection Alert”: Heads Up!

Cyber criminals are at it again and this time they’ve come up with an interesting twist. The Phishing email is actually disguised as a fraud alert message from American Express! Here’s what to look for.

You receive a message with the subject line of Fraud Protection Alert with a ‘FROM’ address of American Express Customer Service. The message body looks like an Amex message with the logo and some footer information that seems pretty typical. But if you click on the hyperlink to ‘Verify’, you’re actually taken to a bogus Amex website where they tell you to log in. If you do you’ve just given the criminals access to your Amex account.

What are the giveaways this message is bogus? First, it isn’t actually addressed to you – it’s just Dear Customer. Second, there are some spacing problems in the message body that a real company like Amex would never do. Just sloppy. And finally, Amex and other credit card companies won’t ever include links to log in with any alert messages. They’ll instead tell you to call them at the number on the back of your card or to manually go to the credit card company’s website and log in normally. By the way, if there was a number included in the message don’t call it – those are often manned by fake ‘agents’ who will try to verbally get your credit card info.

Are your employees having difficulty with Phishing messages like this? Contact us about a new and very affordable company-wide training program we now have available to help educate your users.

Everyone stay safe out there!


Beware Tax-Season Scams

It’s tax season and the bad guys will use this opportunity to try and scam you – both by email and telephone. Last year over 360,000 people received harassing phone calls demanding payments and threatening jail. And there were millions of similar bogus emails.

By telephone, the routine is that you get a call supposedly from the IRS demanding payment for an overdue balance. The criminals will often even have the last 4-digits of your Social Security number to try and convince you they are legit. They demand immediate payment of the ‘overdue balance’ or threaten you with arrest. Typically payment is requested via Western Union or MoneyGram – both of which are very hard to trace.

The email messages are similar but will add a link to a site where you can ‘make payment’.

The IRS never initiates official business via telephone or email. They will always send a letter.

So if you get one of these phone calls just hang up. And delete the email messages, too.

Everyone stay safe out there!


Stolen iPhone Scam

A new sneaky scam is out there targeting iPhone users. Thanks to our friends at KNowBe4 for this tip.

This scam is proving effective because users are generally pretty upset about losing their phone and often not thinking calmly. So here’s how it goes.

You iPhone is lost or stolen so you jump online and turn on the Find My iPhone Activation Lock. In no time you receive an email  message that the phone has been found but you need to go to a website to verify your Apple ID. You do this and boom, you’ve just given the thieves your account info so they can unlock your phone. Your phone is now for sale somewhere.

The bad guys can do this because an iMessage can always be sent to the address that the phone says it has been locked by.

What’s catching people is that they aren’t noticing the ‘From’ on the email message they receive is spoofed (faked). So make sure you tell your users that if they lose their phone and receive an email message, don’t take any action it suggests. Instead get in touch with your company’s IT department to report the loss.

Everyone stay safe out there!


Apple Phishing Scam – heads up!

Tell your users to be on the lookout for a phishing scam that looks like it comes from Apple. An email is received supposedly from Apple Support threatening to suspend your iCloud and Apple ID account because you did not reply to an earlier verification email. The phishing email has a link that allows you to ‘verify now’ but if you click the link you land on a bogus webpage that looks like it’s Apple but is a fake. The page prompts the user to enter their account and password and then boom, you’re done.

Everyone stay safe out there!



“Your PayPal Invoice is Ready” Ransomeware Scam

This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out.  Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.

Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.

  • Block all .zip type of attachments in your email system
  • Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service
  • Install better quality antivirus software that specifically looks for these types of threats. We recommend Trend’s Worry Free Business Security Advanced

As always, we’re glad to help organizations with issues like this. You can learn more or contact us anytime.



“Order” or “Case” Email Viruses Surging: Heads up!

There’s a rash of email messages appearing where the cyber criminals are trying the less-is-more approach. The subject line just has the word ‘Order’ or ‘Case’ and a string of letters/numbers. The message body references a ‘Total Amount’ or $30,000+, a ‘Timestamp’, and a ‘State’ reference. The message then asks you ‘Please open the enclosed Doc file’ – referencing an attached Microsoft Word file.

Opening the file will run a macro infecting systems that haven’t been updated and patched.

Remind your users to stop and think before they act on messages they receive, especially if it’s from someone they don’t know, contains an attachment, or uses fear or greed to try and encourage action.

Stay safe out there!



‘Secure’ Email Message Scam

The bad guys are relentless in trying to steal your information. The latest is a email with a subject line of “You have received a new secure message.” The body of the message has some graphics and prompts you to open the attachment which is a Word file named ‘Secure Message.doc’ (or similar).

Opening the file on a system that’s missing Microsoft Office security updates infects your system via a macro that exploits the unpatched vulnerabilities.

What can you do to help keep your organization safe? From a corporate perspective, make sure you have a good firewall installed, properly configured, and regularly updated. Also make sure that all user endpoints – Mac or PC – have installed, configured, and current antivirus software. And consider using an email filtering device or service to ‘pre-clean’ much of the junk like this scam.

Remind all your users to stop and think before they act on an email message they receive. Everyone stay safe out there!



‘Email account quote exceeded’ malware

Alert your users that there is another email phishing attack making the rounds of corporate America. Users receive an email with the subject of “EMAIL ACCOUNT QUOTE EXCEEDED…” with a couple or email addresses listed including their own. The body of the message contains a simple bar graph that seems to indicate that the mailbox is running out of space. The message then urges the user to “Sign back in a continue your usage.”

Clicking on the link redirects you to a malicious webpage that will try to exploit your browser (if not updated) and install malware on your computer and will further try to get you to reveal credentials. Just delete the message without clicking on anything.

Remind your users to stop and think before acting. Everyone stay safe out there!



Walmart Labor Day Voucher Scam

Going into the holiday weekend make sure you tell you users and friends to watch out for this one. You receive an email with a subject of “Use your Walmart Labor Day Voucher” with some referenced date. The message body then references a “$50 Walmart Bonus” available “this weekend only”. The message may come from ‘Walmart_Bonus_Points’ or something similar.

The links in the message take you to a fake page which will try to install password and financial account/credit card stealing malware on your computer.

Just delete the message.

Everyone stay safe out there and enjoy your holiday weekend!



Tips for Using WiFi Hotspots Safely

Having an available wifi hotspot can be incredibly helpful if you need to do some business on the road. But you should take some precautions to ensure that the person on the other side of that coffee shop isn’t stealing your identity, draining your bank account, or having a shopping spree with your credit card. Here are some of the safety tips we give our own customers.

  1. Make sure your laptop or tablet security is up to date. This would include having a fully supported OS with all patches applied, an updated web browser, a personal firewall turned on, and current anti-spyware/anti-malware.
  2. Be aware of the hotspot you’re using. The hotspot at Starbucks is preferable to one you just happen to come across while you’re sitting around the mall. And a hotspot that requires patrons to use a password is better still.A new trend to watch out for is ‘hotspot fishing’. The bad guys target an area where there are many people looking for wifi access. An airport is a great example. They setup with their own laptop with hacking software and then broadcast an unsecured wifi hotspot – sometimes with the name of a nearby store or the airport’s name to try and fool users into thinking its safe. Then they wait for unsuspecting users to connect. Once they do, everything they transmit can be intercepted.
  3. Protect your passwords. When a website or your browser asks if you’d like it to remember your password, we suggest saying ‘no’. For someone that’s frequently on the road, it’s better not to have your password data stored anywhere on your computer. The exception would be if you are using an encrypted password manager like KeePass.
  4. Change settings. The default behavior on Windows systems when connecting to a new network will be to ask you if the network should be trusted or not – choose ‘Public’ or ‘Public Network’. But if your computer doesn’t ask you for some reason, make sure you turn off file sharing.
  5. Use a VPN. A VPN can encrypt your connection to a home or work network so consider connecting this way if possible.
  6. Avoid financial transactions. If at all possible, just have these wait until you get home or to a secure network. If you do have to do some e-commerce shopping, make sure the sites are encrypted and secured. Secure sites begin with an ‘https’ in the address.
  7. Be aware of your physical surroundings. When you’re engrossed in some online work it’s easy not to pay attention of people coming and going around you especially if you’re in a busy location like an airport or coffee shop. Bad guys are in many of these public areas and are ready to grab a briefcase or purse left on the floor when the owner isn’t looking.

Everyone stay safe out there!



Ashley Madison Scams: Warn your Users!

As probably everyone has heard by know, the hackers that stole over 35 millions records from the Ashley Madison site have now posted all the records for everyone to see.

The bad guys will be coming after users in a number of ways; phishing attacks, fake websites where you can ‘check if your spouse has been cheating on you’, or ‘verification’ if your own affair has come to light.

As you would probably expect, any of these 35 million users is a target and will probably be tempted to respond to threats to out them. So what can you do? We along with our friends at CyberHeistNews suggest sending out the following message to your employees and friends:

“Yesterday 35 million names, addresses and phone numbers of registered users at the Ashley Madison site (which makes it easy to cheat on your spouse) were posted on the Internet. All these records are now public, exposing highly sensitive personal information.

Internet criminals are going to aggressively exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with Ashley Madison, or that refer to cheating spouses and delete them immediately, in the office or at home.”

Everyone stay safe out there!



iCloud/Apple ID Final Warning Scam

Tell your Mac users to be on the watch for this one. You receive an email purportedly from the ‘Apple & iCloud Support Team’ with a subject of ‘iCloud/Apple ID Final Warning‘ telling your that you haven’t reviewed and confirmed your Apple ID details. There’s a link to do this ‘validation’ which takes you to a bogus site where the bad guys hope you’ll actually enter your ID & password – effectively giving them your account.

Remind your users to stop and think before they click.

And did you know that a firewall with an active subscription can block many of these messages from even getting into your organization? Definitely worth considering if you are just using a plain old firewall. New technology in this area is surprising affordable and you can also get this functionality as a service for only a few dollars a month. Contact us if you’d like to learn more.

Everyone stay safe out there!



Walgreen’s Gift Card Scam

Tell all your users to be on the lookout for this phishing scam. You receive an email with the subject “Re: Your Walgreens Gift-Card (Expires 7/20/15)*”. There’s a large red graphic with a big ‘$50’ and even an official looking bar code. Clicking anywhere on the image or on the included link takes you to a foreign site where you’ll get prompted to reveal information to ‘confirm’ your gift card. What you’ll actually be doing is giving your info away to thieves. Just delete the message without clicking on anything.

Remember, stop and think before you click! Everyone stay safe out there!



‘Dunkin Donuts Customer Loyalty’ Email Scam

Even coffee isn’t safe any more! The latest malware phishing scam is sending out email messages with the subject ‘Dunkin Donuts Customer Loyalty’ that promises a $100 gift card by clicking a link in the message. Except instead of a gift card, you infect your computer with spyware/malware.

Remind your users to stop and think before reacting to email messages. And if you haven’t already, subscribe to our blog with the link below so you can be notified of important alerts and info like this.

Everyone stay safe out there!


Sneaky New Malware Attack; ‘Stop spamming me’

Here’s a nasty new approach by bad guys trying to infect your computer and network and steal your data. You receive an email with a subject of ‘stop spamming me’ and a message body that contains the following text:

stop sending me offers from {your domain} i am not interested.
i have attached the email i received from {a legitimate email address at your domain}.
please stop

A Word document is attached which has a macro virus which, if opened in an unprotected mode on an unpatched computer, will infect your system with malware.

If you receive one of these just delete the message without opening it or looking at the attachment.

Everyone stay safe out there!


Federal Government Chinese Hack Fallout. Action Required!

It’s happened again. Federal employee databases have been hacked and now the cyber criminals have millions of employee records. You can expect this info to get sold quickly and then the email messages will start arriving trying to scare recipients into clicking on a link which will then infect their computer with malware or the message will try and manipulate users into giving out more personal information. If you’re concerned that you or someone you know may be affected, send your friends and users the following:

‘If you receive an email that claims your personal information has been hacked and that you need to click on a link, open an attachment, or even call someone to protect yourself, stop! Never click on such links, don’t open any attachments, and never call someone whose information is only provided in an email message. These messages are scams designed to scare you into taking action that would infect your computer with malware/spyware and potentially release even more of your personal info.”

Everyone be careful out there!

Adult Friend Finder Phishing Alert

Adult Friend Finder is one of the most heavily trafficked sites in the U.S. for adults that are looking for casual encounters and has over 40 million registered users. The owners of the site owed a fairly large amount of money to someone and apparently, they didn’t pay. So in revenge, it appears that the site was hacked and 4 million accounts stolen and the info posted online. The problem is that given the highly personal nature of AFF, this opens up a perfect opportunity for scammers to exploit users who are worried about details of their AFF activities coming to light.

So imagine your users receiving an email blackmailing them or threatening to out them unless they click on a link or take some other action. We suggest alerting all your users to be on the lookout for threatening messages like this and delete them immediately.

Everyone stay safe out there!



Watch out for the ‘Copy of your Invoice’ Scam

You receive an email supposedly from some online company with a subject line of ‘Copy of your {company} invoice (xxx-xxxxxxxxx) and there’s a Microsoft Word attachment. You might recognize the company name or are just concerned about something being ordered in your name so you click and open the attachment. Boom – you just infected your computer with a key logging virus.

We’ll give the same advice we always give our customers; make sure your antivirus software is up-to-date and working correctly, make sure you have a good firewall either for your business or installed locally on your computer, and stop and think before you click.

Stay safe out there!



LogMeIn EMail Phishing Attack

Preying on the popular use of LogMeIn (an online meeting & collaboration service), the cyber criminals are trying a new tactic to infect your computer and steal your information.

You receive an email message from ‘’ with a subject line of ‘Your LogMeIn Pro payment has been processed!’. The content looks like a typical ‘Thank you for your payment’ sort of message and references a payment amount of $999. There’s an Excel spreadsheet attached that’s referred to as a receipt. Opening the attachment on a computer with a version of Excel that hasn’t been patched runs some code that infects your computer and begins stealing data.

Remind your users to stop and think before acting on email. And make sure your systems and all your software applications are updated regularly.


“The IRS is Suing You” Scam

Here’s one of a new breed of scams that’s circulating now – telephone. Based upon info that the cyber criminals have obtained about you, you receive a robo-call that goes something like this: “We have been trying to reach you. This call is officially a final notice from IRS, the internal revenue service. The reason of this call is to inform you that the IRS is filing lawsuit against you. To get more information about this case file, please call immediately on our department number 360-362-4254”

Cleverly, the 360 area code is in Washington outside of Seattle but it looks official when you see “Washington” on your caller ID.

Everyone be careful out there!



Heads up! Child Predator Email Scam

Proving that cyber criminals will sink to any level to steal your information, here’s another scam to alert your users about. Thanks to our friends at Knowbe4 for an early warning on this one.

Preying on the fears of any parent, users receive an email ‘warning’ them about a child predator ‘living near you!’ The email is delivered based upon zip codes so it might seem to have some legitimacy to a casual reader. The email contains a link to get more information and if you click on it, you infect your computer with malware that will attempt to steal passwords, account information, credit info, and even your identity.

Tell your users to delete the message without opening or clicking on anything.

Remember, stop and think!


Head up! ‘Fuel E-Bill’ Scam

Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.

Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.

Be careful out there and have a good weekend!


‘Tiket Alert’ Email Scam – Heads Up!

Tell your users to be on the alert for an email message with a subject line containing ‘Tiket alert’. It has a .zip attachment with a filename of that, if opened, infects the system with malware. Users should just delete the entire email.

Remember to stop and think.

Everyone stay safe out there!


5 Million Gmail Passwords Exposed

CNN yesterday afternoon reported that approximately 5 million Gmail addresses and passwords showed up on a Russian Bitcoin forum this Wednesday. Google says that it’s servers weren’t breached, but it’s unclear how the data in such large amounts was obtained – and how much of it is actually good.

It’s not uncommon for collections of such info to be summarized from multiple phishing and keylogging malware exploits and then offered for sale.

So if you have Gmail accounts, it’s probably a good idea to update your passwords.


iCloud Nude Photos Hack: Lessons to be Learned

With the news of dozens of female celebrities’ nude photos being stolen off iCloud over this past weekend, there are a couple of lessons to be learned.

  1. Apple devices aren’t somehow ‘safer’ or ‘immune’ to being compromised. Most likely the accounts in question were compromised by phishing attacks – targeted emails or sites designed to trick users into revealing account information.In some ways Apple users are more vulnerable because Internet legend tells them that Apple devices are immune to viruses and malware. Apple themselves does little to dispel this myth – most likely as it works so well for them.

    The reality? Any device including web-only appliances like Chromebooks are susceptible to phishing attacks. The only defense is to educate users.

  2. When you sync data from a local device to a cloud service then later delete it, the cloud data probably still exists. People tend to think about data as residing in the device that generated it but once you link to the cloud that isn’t the case. Just look at the IRS email scandal where it was claimed that Ms. Lerner’s email was ‘lost’ because her computer hard drive crashed. Only a copy of email makes it to the user’s local computer. All the email really exists on email servers which is why this claim is so ridiculous to people in the tech community.Remember that if you have any device linked to the cloud, a copy of everything is probably somewhere else.
  3. When your data is in a shared Cloud, you no longer control it. Apple has robust security on its cloud service. As does, Microsoft, Amazon, Yahoo, etc. But it’s still not in your control.This is one of the reasons we developed our Private Cloud service. With Private Cloud, your data is exclusive to you and isn’t co-mingled with anyone else’s data. Your organization maintains control.
  4. Think before you create data. It’s probably not a good idea to snap those nude photos or write that manifesto if you’d ultimately be uncomfortable about it get out into the public. Once created, data has a way of moving easily and silently around the Internet.


Robin Williams Scam

As if the events surrounding Robin William’s death aren’t sad enough, the bad guys out there are already trying to use it to steal your data. Users get an email or see a social media post with a subject line with something like ‘See Robin William’s Last Words’. Clicking on the link gets the user’s system infected with malware/spyware.

So alert your users to stop and think before clicking!



E-ZPass Email Scam

In a relatively new twist, we’re now seeming a phishing scam by the bad guys centered around the popular E-ZPass toll system. Here’s how it works.

You receive an email with a subject line of ‘Indebted for driving on toll road’ or something similar. The message itself has an official looking E-ZPass logo and a brief message claiming that you have failed to pay tolls and that you need to take care of it right away.

Of course, there’s a link which if clicked takes you to a fake website where you are asked to verify your account by entering your credit card info.

The giveaways that it’s bogus? Poor grammar, non-personally addressed, a direct link to a document rather than a request that you just log in to your account normally, and if you hover your mouse over the included link, you’ll see that the destination has nothing to do with E-ZPass.

Remind your users to stop and think before they respond to email messages.




New Ransomware Targets iPhones & iPads

A new type of ransomware is appearing – mostly in Australia and the UK for now – that targets iPhones and iPads. The attack exploits the ‘Find My Phone’ feature to launch the attack and the bad guys have somehow got access to iCloud account info that’s used to lock the devices.

What happens is that suddenly your iPhone or iPad will lock itself and then you receive a message that you’ve been hacked by Oleg Pliss and you have to pay $100 US/EUR via PayPal to get the device unlocked.

Your best defense? Change your Apple ID credentials now.


KnowBe4 Offers to Pay your Crypto-Ransom if You Get Hit

In an impressively confident offer, the Internet Security training firm KnowBe4 has offered to pay the Crypto-Ransom if an organization that completes its user training subsequently gets hit by ransomware such as CrytoLocker, CryptoDefense, or CryptoBit.

Said Stu Sjouwerman, founder and CEO of KnowBe4, “We are so confident our training works, we’ll pay your ransom in Bitcoin if you get hit with ransomware while you are a customer.”

It’s refreshing to see a training company that’s so confident in its product and methodology that they’re willing to offer such a guarantee.

You can get more information at the KnowBe4 website  




“Incoming Fax Report” Scam

Here’s another scam to alert your users to watch for.

You receive an email with a subject line similar to ‘INCOMING FAX REPORT: Remote ID: xxx-xxx-xxxx’.

The message body includes some fax-like info including data/time, speed, connection time, pages, etc. It then includes the statement “Please use the following link to download your file:“.

The link provided will take you to a page that will infect your computer with spyware/malware.

Spam filters can’t block these types of messages – you have to rely on educating your users to the threat and reminding them to stop and think.

Everyone stay safe out there!


‘This Damaging Report Concerns You’ Scam

We’re all concerned about what info might be online about us, so this latest scam is sure to snag a few unsuspecting victims. Here’s how it works.

The bad guys send you an email with a subject line similar to this: “{username from your email address} this damaging report concerns you“. The message body typically has a reference to ‘damaging information leaked’ and the date and your email name again. There’s also a ‘record’ number and an admonition ‘Don’t let your reputation be ruined because of this published report

There are usually a couple of links – we’ve seen several to the domain which is a hacked system in Connecticut.

Clicking on the links infects your computer with keylogging malware designed to steal your data.

Antivirus and anti-malware software can’t stop these types of attacks so the key again is to educate your users. Always be suspicious of email messages received from a sender you don’t know, and if the message threatens you with something if you don’t act, it’s probably bogus.

Everyone be safe out there!


Use Craigslist to Hire? Read this Alert

You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in  way that greatly increases the chance of it successfully attacking your business.

The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.

What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.

What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”


Heads up! The Windows XP Scams Have Started

I wrote about a month ago that you should expect to start seeing the bad guys exploiting the end-of-support of Windows XP. They haven’t wasted any time and the latest tactic is particularly aggressive, so alert your users. Thanks to our friends at CyberheistNews for this latest tipoff. Here’s how this scam works.

The criminals either send an email or make unsolicited telephone calls and claim to be from Microsoft or your Help Desk. They then tell you a bit of truth about Windows XP being unsupported (which you already know if you’re running Windows XP and seeing the pop-ups telling you this) and then that there are exploits in Windows XP that can’t be fixed automatically anymore. But they then claim to have a patch they will manually apply if you give them access to your computer.

Once they’ve got onto the computer they ‘own’ it and can subsequently hack into the rest of the network with relative ease.

Remind your users that Microsoft and it’s partners never make unsolicited calls. If you get a call or email that purports to come from ‘Support’ or ‘Microsoft’ telling you that you need to do something, hang up and call your real IT support team.

Everyone be careful out there!


The Bad Guys are Waiting for April 8

Most of you are probably aware that Microsoft is ending support for Windows XP on April 8. That means no more patches, bug fixes, or updates. But what many of you may not know is that cyber-criminals have been hoarding discovered vulnerabilities, patiently waiting for April 9, so that they can then use or sell them. There are some estimates that there are hundreds of potential vulnerabilities out there waiting to be exploited.

What can you do if you still have XP machines in production? There are basically 3 options.

  1. Microsoft has created an incentive program called Get2Modern that offers discounted pricing on Windows 8 software upgrades. Expect around $140. But keep in mind that many older machines running Windows XP and many older applications may not be able to run on Windows 7 or 8, or may require hardware upgrades. And upgrading the operating system on a XP machine to Windows 7 or 8 isn’t trivial as there is no direct upgrade path. Expect to spend many hours for each machine.
  2. You can purchase/lease/rent new desktops or notebooks that come with the latest version of Windows – and a new machine warranty, as well. And prices are pretty attractive right now. For example, we just had a customer pick up some HP All-in-One desktops with Windows 8.1 Professional for less than $500. And monthly rentals with Windows 7 or 8 and the latest version of Microsoft Office are only $49
  3. If you must keep old XP machines around for a while, you can take certain steps to mitigate the exposure you have. See the article from our friends at KnowBe4 for details.



Malaysian Airlines Facebook Scam

Facebook users beware of a scam posting about the missing Malaysian Airlines Flight MH370. A posting by cyber crooks is claiming the missing aircraft has been found in the Bermuda triangle and invites users to see video footage by clicking a link on a malicious website.



Cell Phone Scam – Alert your Users!

A nasty social engineering scam has surfaced combining a call to your cell phone along with a fake website. This one is pretty sophisticated – here’s how it works.

You get a call on your cell phone and the Caller ID appears to be from ‘Verizon Tech Support’ or ‘AT&T tech Support’ or similar. You hear a recording that your entitled to a voucher for your account for as much as $100. You are directed to a semi-legitimate sounding website that incorporates the voucher amount. Something like ‘’ for a promised $89 voucher.

When you go to the site it looks pretty good as the scammers have stolen all the legitimate site logos and text. You’re asked to enter your cell number, your account ID and password, and sometimes even the last 4-digits of your social. Give them all that and boom, they have what they need to begin a full identity theft.

Remember, NEVER TRUST CALLER ID – on any call. It’s easy to fake. And never act on calls or email messages offering you free stuff. There is no free lunch.

Thanks to our friends at Cyberheist News for passing this one along to us.

Everyone be careful out there!



New Email Amex Scam – “Important: Personal Security Key”

Everyone be watching for this new scam. Users get an email with a subject line of ‘Important: Personal Security Key’. There’s a graphic with the text ‘Fraud Threats: How American Express Helps Protect You’ and some information and a request that you create a ‘Personal Security Key’. All this so that American Express can supposedly help protect you.

Of course, if you click on any of the links you’ll be taken to a bogus sight where the bad guys will try to trick you into entering your Amex card info and boom, the fraudulent charges will start rolling in.

The tip-off’s this is bogus? They are the same as usual:

  • Not personally addressed to the recipient
  • when you hover your mouse over the link for you can see that the destination if clicked is an entirely different site ( on several of the messages we’ve seen)
  • Formatting on parts of the message are amateurish

Remind your users; stop, think!



“Image has been sent” scam: Heads up!

In an interesting variation from the scammers out there, be on the alert for an email message that shows up with a subject line of “Image has been sent <>”

There are a couple of links which if you click on them take you to the malware payload page.

This is a slightly different ploy trying to entice you to click on the links because of the lack of information – you do want to find out whatever image was sent, don’t you?

So alert all your users and remind them to stop and think before clicking on any links!



Free Credit Monitoring Scam. Heads up!

It’s not bad enough that Target’s systems this holiday season were compromised and as many as 100 million credit card accounts compromised. Now to make it worse, scammers are capitalizing on the fact that Target and many other retailers are offering free credit monitoring services to their customers.

The scam works like this; you get an email telling you that because your credit card account was compromised, you run the risk of unauthorized charges and identity theft. But the ‘merchant’ is offering you a free subscription to a credit monitoring service. Just click on this ‘link’.

So warn everyone to watch out for this scam and that any link or attachment for your so ‘sign up’ is likely a scam.

Be careful out there!



5 Most Dangerous Email Subject Lines to Watch For

The scammers are out in full force in 2014 so warn your users to be on the alert for phishing email messages. Here are the top 5 most dangerous subject lines based upon recent research done by our friends at KnowBe4:

  1. Invitation to connect on LinkedIn
  2. Mail delivery failed: returning message to sender
  3. Dear {insert bank name here} Customer
  4. Important Communication
  5. Undelivered Mail Returned to Sender

Everyone be careful out there!