Email Quarantine Scam

Be on the lookout for a new and more sophisticated phishing scam that has some clever hooks to catch your users. Here are the details.

You receive an email nicely formatted and with color and good grammar. It addresses you with a user name – typically the first part of your email address – and tells you that has ‘prevented the delivery of “x” new emails to your inbox…’. Here’s what it looks like:

But if you hover your mouse over the ‘View Emails’ button without clicking, you see that the actual destination is a ‘zombie’ server that’s hosting malicious code to infect your system.

Remind your users to Stop and Think before they click! And consider some formal Security Awareness Training for your end users such as included with all MicroData Managed Service Plans.

Everyone stay safe out there!

‘Bomb Threat’ Scam Update

If you were the recipient of last Thursday/Friday’s ‘bomb scare’ spam campaign, here’s some more info and an update on who was responsible.

This scam blasted out thousands of email messages claiming the recipient’s building would blow up unless they sent $20,000 in Bitcoin.

Work by researchers at Cisco’s Talos report that this latest batch of email messages is very similar in composition, a demand for Bitcoin payoff, and the IP addresses used with a previous scam – the so-called ‘sextortion’ scam. If you don’t recall, that was the one where the bad guys claimed to have installed malware on the victim’s computer  and unless money was sent, compromising videos would be leaked. Of course, those videos didn’t exist and there was no malware.

The good news – it doesn’t appear that the cybercriminals are being very successful with this latest scam. Only two small transactions have been made to the Bitcoin payoff address with both of those on the day the email went out.

The attackers response to their failure? Yet another try, this time with a threat to scare people into paying them money by threatening an acid attack.

What should you do when you get one of these types of threats? Don’t pay any ransom demanded by unsolicited email but promptly report all threats to your IT and business administrators and/or contact your local police department. 

Everyone stay safe out there!

Scam Alert: Hackers Don’t Actually Have Video of You Watching P0rn

A new scam making the rounds has cybercriminals trying to extort money from netizens by threatening to leak a video to friends and family of their marks watching X-rated videos. Here’s how it works.

A user gets an email from a crook who claims to have obtained, through hacking their computer, compromising webcam footage of them watching an adult website.  In reality, the user’s computer wasn’t hacked but rather the cybercriminal has simply purchased some passwords and email addresses on the Dark Web that likely originated on a hacked forum or site that the individual may frequent. Think a hobby or club-type forum.

The attacker’s message includes a reference that they have obtained all the user’s contacts including co-workers, friends, and family. And the clincher is that the extortion message shows the user’s actual password in an attempt to convince the reader that they need to pay up – or else.

The cybercriminal is banking on the target reusing their leaked password for other more important websites and being convinced that those accounts have been compromised as well. In reality, the attacker probably only has the one compromised password and is hoping for a quick payout.

If you receive this email, don’t panic and don’t send them any Bitcoin. There most likely isn’t any video. Change your password, don’t reuse any passwords that you use for important sites, and consider using two-factor authentication and a password manager to keep your accounts secure going forward.

And if you’re a company exec or IT pro, make sure your organization is monitoring the Dark Web for ID account compromises. That’s where cybercriminals are purchasing credentials for scams like this. Check out our Dark Web Guardian service that provides 24×7 monitoring for these types of compromises – 50% off a new 1-year subscription when purchased by August 31.

Everyone stay safe out there!


“Your computer has a virus’ cold call scams on the rise

Microsoft has recently reported that complaints are up 24% for tech support scams. And freshly released stats show 15% of complainants losing cash to the scam.

If you’re not familiar with how it works, a user will get a call from someone usually claiming to be from Microsoft who will talk the victim through a number of steps on their computer that will cause something technical or scary to appear on the user’s screen. At that point the scammer will declare the information showing is ‘evidence of a serious problem’. An offer to fix the problem for somewhere between $200 and $400 is then presented.

This scam is indiscriminate, targeting both businesses and individuals. It’s  particularly frustrating in that individuals over the age of 55 seem to be particularly targeted.

This is one of those IT areas where no software or network gizmo will protect the user. Only training can help and is one of the reasons why MicroData always includes End User Security Awareness Training as part of any IT system design. Contact us if you’d like some help with locating these sorts of resources.

And remind your users and friends that if they get a unsolicited call from anyone about a ‘problem’ with your computer and the individual claims to be with Microsoft (or anyone else), just put the phone down. Microsoft and other reputable vendors never make unsolicited calls to users.



W2 Phishing Season is Here. Alert your Accounting Department

For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe hundreds of payroll and HR departments into providing W-2 data on their employees, which results in the filing of fraudulent tax returns, other identity theft cases, and even class-action lawsuits against the company.

The typical W-2 phishing email is spoofed to look like it is from a  high-level executive and asks the employee to provide W-2 or other tax-related information either by replying to the phishing email, by sending the information to another email address, or to upload it to a server owned by the bad guys.

In many instances, the request for the information appears to be urgent, which forces the employee to act quickly. These spoofed messages can be very convincing. The emails have the email address and often contain the actual signature block of the executive that makes the employee believe that the email is authentic.

So remind your employees to think before they click. And consider some Security Awareness Training for your business. It’s the proven, effective way to significantly reduce employee susceptibility to phishing attacks. Contact us if you’re looking for help in improving IT Security at your business.

Everyone stay safe out there!


Netflix Phishing Scam – Pass the Word!

Heads-up! Bad guys are emailing you that your Netflix account has been suspended, and it looks just like the real thing. They are trying to get your login information and your credit card data.

Don’t fall for this type of scam. If you want to change the settings of subscription services like this, never click on links in any email and just type the name of the site in your browser or use a bookmark that you set.

Everyone stay safe out there!



Las Vegas Shooting Scams


Heads-up! It’s sickening, but cyber criminals are already exploiting the Las Vegas shooting. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails being sent out asking for donations to bogus Vegas Charities.

Don’t fall for any scams. If you want to make a donation, you can go to before you consider giving to any charity. This free website will let you know if the charity is legitimate or a scam. It will also tell you how much of what it collects actually goes toward its charitable work and how much it spends on salaries and administration expenses.

Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Las Vegas disaster relief… THINK BEFORE YOU CLICK.

Everyone stay safe out there!


Beware of Bogus ‘Voicemail’ Email Messages

This is an old scam but has been updated to be more dangerous so remind your users to be on the lookout. The old version ‘just’ installed a keylogger but this new version installs ransomware on your system.

You receive an email message from ‘Voicemail Service’ with subject like ‘New voice message from <some number>. There’s a bit of standardized-looking text in the body of the message which tells you that ‘you might want to check it when you get a chance.’

There’s a compressed attachment which if you click on it will play an audio file with embedded code that will encrypt files to [original file name].crypted.

Send a reminder to all your users: Do not click on links in “voice mail” emails from someone you do not know, and certainly do not open any attachments!

And if you have an IT department, in addition to good firewall and endpoint security management, make sure they are stripping compressed attachments from all incoming email messages from whatever email vendor you use.

Everyone stay safe out there!



Hurricane Harvey Charity Scams

Hurricane Harvey was (and still is) a bad one and people in Southern Texas and Southwest Louisiana are experiencing some severe flooding.  Unfortunately, low-life cyber-criminals are already exploiting this disaster. Here’s what to tell your users to watch for.

Links are already appearing on Facebook and Twitter and phishing email messages are hitting mailboxes trying to solicit donations for the flood victims. Most often these links take you to bogus websites that infect your computer with malware or try and get credit card info.

Be very very cautious of anything online looking for your ‘help’ in the coming weeks. If you’d like to assist, go yourself to a relief agency’s website. A couple of suggestions are or

Everyone stay safe out there!


Chester Bennington & O.J. Email Scams – Heads Up!

Cyber criminals are already exploiting some recent celebrity news. Warn your users to be on the lookout for a couple of ransomware-loaded email messages that are spreading through the Internet.

The first has a subject line claiming Chester Bennington’s Suicide Note Released (or similar). And the other is O.J. Admits Guilt in Murder of Ron and Nicole. Both messages contain a link which if clicked, activates the payload.

Remind your users to stop and think before they act. And if you don’t already have a security training program in place for your users, why not? The investment is trivial compared to what a ransomware attack can cost your organization. Contact us for more information.

Everyone stay safe out there!


“Revoke your license” Email Scam

A new scam has appeared where users receive an email claiming they have unpaid traffic tickets which, if not paid or disputed by clicking a link within 48 hours, will cause the individual’s drivers license to be revoked.

Clicking the links provided does one of two things. Either malware gets installed onto the user’s comptuter to track web pages visited, or more serious, the user is taken to a fake RMV website where they are prompted to reveal personal information including names, Social Security numbers, date of birth, and credit card info.

Remind your users to stop and think before responding to unusual email messages. Or even better, consider training your users to recognize and avoid phishing attacks like this. Our partner, KnowBe4, offers a free phishing test you can safely send to your users to learn how prepared they are for these sorts of attacks. Contact us to learn more.


CEO W2 Request Scam

Cyber criminals want access to sensitive data. But rather than a brute-force attack to get it, they’ve figured out its much easier to simply go after users that already have access to the data. One scheme that’s popping up everywhere in the last few weeks is the CEO W2 Request Scam.

This appears as a phishing attack directed at someone in HR or Finance that has already access to this information. The individual receives an email with a spoofed sender address of the CEO (faked address) asking if they would ‘kindly forward PDF copies of all W2s’. It might even be followed up with a text message or another email and sometimes an additional request to have money wired somewhere.

W2s are selling for between $4 and $20 out on the Dark Web. The information on the W2s is used to file bogus tax returns, open financial accounts, apply for loans and credit cards, etc. And once this information is out, there’s no getting it back. It’s a major, long-term headache for anyone affected. And small and large companies are being hit, so no one is immune.

So tell your users to be careful and remember to not send personal or financial information via email and if they are ever unsure, stop and pick up the phone and verify any requests for information that are unusual or uncharacteristic.



‘Can you hear me?’ Phone Scam – Heads Up!

Another nasty scam making the rounds is the so called ‘can you hear me?’ phone scam. This one is low-tech – no computer required – and has already targeted residents in Virginia, Florida, and Pennsylvania this year according to WNEP. Here’s what you need to know.

You receive a call from a number you don’t recognize although it’s usually a local area code. When you answer the phone you hear a simple question – ‘Can you hear me?’ If you answer ‘yes,’ it gets recorded. From that point there are a couple of ways the scam can go.

In one variant you are later charged for a variety of services or products and if you contest the charges, the scammers will play back your verbal confirmation ‘yes’ and threaten you with legal action if you don’t pay.

Another option is for the cybercriminals to try and use the recording to trick an automated system into authorizing charges on a stolen credit card or to give additional personal information.

So what should you do? While it seems impolite, if you get this call just hang up the phone. And for phone calls in general, follow this advice:

  1. Don’t answer the phone from numbers you don’t recognize
  2. Never give out personal information over the phone unless you initiated the call
  3. Don’t confirm your phone number over the phone unless you initiated the call
  4. Don’t answer questions over the phone unless you initiated the call

Spread the word especially to seniors you know. Everyone stay safe out there!


“Your Office 365 statement is ready” Scam – Heads up!

The popular Microsoft Office 365 online service is now being used in a phishing scam to try and steal your personal data and information. Here’s what to look for.

You receive an email that appears to come from the ‘Microsoft Online Services Team’ with a subject of ‘Office 365 billing statement’. The body of the message looks good – there’s an Office 365 logo, no typos or obvious mistakes, and even the Microsoft logo at the bottom of the message. There’s a hyperlink inviting you to ‘Click here to view your statement’. If you do you actually download malware onto your computer.

Advise your users just to delete the message without clicking anything. And remember, with any message about an account you might have somewhere, never access it from a link in a message. Always go to the actual website by entering the address yourself, login, and then review any messages or account details. And if you’re still in doubt, pick up the phone and call the company’s customer service.

Everyone stay safe out there!


RingCentral Spoof – Heads up!

Cybercriminals are now using references to the popular VoIP/efax service RingCentral in an attempt to trick users into taking actions that will infect their computers with malware.

Users receive an email message displaying the sending address ‘RingCentral’, a subject line that contains their name and the text ‘you have a new fax from 314-521-2722’ (or some other number), and the message body telling the user they can view the new fax message ‘on our website.’ Clicking the hyperlink will take the user to a web page that will infect the computer with a Trojan.

Make sure you just delete the message without clicking on any links.

Remind your users to stop and think before they act.

Everyone stay safe out there!



IRS Form 6642 Email Scam

Tell your users to be on the lookout for a new email scam – the subject line is “RE: IRS Form 6642” and the apparent reply address is from a law firm.

The body simply contains Can you print this? and a link labelled “IRS Portal.” Click the link and you download and install malware on your computer that looks for and steals financial account information and passwords.

What makes this scam somewhat different is that it doesn’t threaten or attempt to scare the user to action but instead asks a simple, innocent sounding question.

Just delete the message without clicking on the link or interacting with it in any way. And remind your users to stop and think before acting.


UPS Phone Scam – Alert Your Users

Not content to rely on just phishing emails, now cyber criminals are using a clever pre-recorded phone call to try and steal your credit card info. Here’s how it works.

You receive a phone call – often on a cell phone – with a very professional sounding recorded message claiming to be from UPS stating that your account (some account number is given but the bad guys are hoping you don’t remember your actual UPS account number and notice it’s different) is seriously past-due. You’re politely asked to call a provided 800-number. If you do you speak to a fake representative who offers to help you by taking your credit card info to ‘take care of’ the past due bill for you. Of course once you give them your credit card info your day is ruined.

Remind your users that cyber criminals are trying to get to them using any technology available – including the telephone.


Beware New Tech Support Scam

Here’s a new one you should alert your users to be on the lookout for. Over the last few years we’ve all become accustomed to receiving legitimate email alerts from providers such as Google, Yahoo, and Facebook when there was the possibility of a security risk such as a logon to your account from an unknown computer.

While cybercriminals have copied these emails in the past hoping to lure users into clicking on links taking them to infected sites, there’s now a new twist. Now the fake security email includes an 800 phone number that you’re told you need to call.

If you do you’ll either get to talk to a real cybercriminal – usually with a foreign accent – or you’ll bounce around voicemail for a while. But with either, you eventually end up being told that there’s something wrong with your computer and that they’ll fix it for you but need a credit card.

Remind your users to stop and think.

Everyone stay safe out there!


Pokemon Go Ransomware

My wife and I were out on the back roads this past weekend and saw a man with what was clearly his 6 year old daughter stopped beside the road. When we saw him holding up his iPad for the little girl we turned to each other and said ‘Pokemon Go!’

It was cute, but like every popular trend cybercriminals have found a way to use it to try and extort money from you. In this scam, you receive an email with a Pokemon Go game icon as an attachment. If you click on the attachment it installs two pieces of malware that encrypt your files and then demands (in an arabic text file it leaves on your desktop) that you respond to an email address to receive instructions for paying a ransom to decrypt your files.

We haven’t seen any confirmation as to whether or not it will encrypt network files across a LAN or VPN connection but you should assume it will. Yet another good reason not to mix personal computing with work resources!

So spread the word that if anyone receives an email messages that’s Pokemon Go related, they should just delete it.

Everyone stay safe out there!


Why Ransomware Pays

I’ve had many frustrated people as me why cybercriminals create and distribute ransomware. The answer is money, of course. But some new data from a report by Check Point software’s researchers is helpful because it shows just how much money we’re talking about.

Check Point focused on just one product: Cerber. The Cerber platform is software created specifically to be resold to create ransomware. Aspiring cybercriminal affiliates create their own ransomware campaign using Cerber and the deal is that Cerber gets to keep 40% of whatever their customers make with their ransomware attack.

Check Point was able to determine that Cerber had more than 160 participants at current count and that the combined direct sales plus affiliate revenue was almost $200,000 just in July – and this despite a victim payment rate of only 0.3%.

Doing the math means that Cerber is on track to net 2.4 million dollars this year.

So what’s the takeaway for businesses? Ransomware is a highly profitable criminal activity and you should expect to see increases in attacks on your business.

And that means that if you haven’t yet, you should get your organization up to speed both in terms of hardware/software preparedness, but also user training.

If you’d like to learn more, download our Executive Report: Ransomware Prevention Checklist for Your Organization or give us a call at 978.921.0990

Everyone stay safe out there!



How the Chinese Stole the Secret F35 Fighter Plans – and Why it Matters to You

U.S. F-35 Fighter
U.S. F-35 Fighter

Starting in 2011, a Chinese citizen named Su Bin who lived in Canada orchestrated an elaborate hacking operation that stole over 50TB of classified data about the F35, B2, and other highly classified U.S. weapon systems. How did he do it?

It wasn’t elaborate technical penetration of firewalls or middle-of-the-night Mission Impossible-style burglary. It was simple email phishing.

With email phishing, a message is sent to employees appearing to be from a colleague or friend. The message contains a link and when the recipient clicks on the link, they are taken to a bogus website which then infected their computers with malware to harvest passwords and data.

While your company may not have top-secret information, you are almost 100% certain to be targeted in this same way by ransomware – software that encrypts your data – both local and Cloud – and you won’t get it back unless you pay a ransom to the cybercriminals.

The takeaway? Of course you need to implement all the best-practice technical safeguards and monitoring for your network, but equally important is that you need to train your employees to recognize phishing email messages so they don’t act on them.

If you’d like to learn more, click here to download our free Executive Report; Ransomware Prevention Checklist for your Business.


eBay Scam: Alert Your Users

With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.

The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.


Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.

Everyone stay safe out there!


Angie’s List Scam – Heads up!

Alert your users to be on the lookout for a phishing email allegedly from Angie’s List. The subject line is ‘Invoice xxxxx from Angie’s List, Inc.’ and the message body looks like a QuickBooks generated invoice for $216.64 or some similar amount. The message body starts with ‘Dear Valued Customer’ which should be your tip-off that it’s a bogus message – legitimate email messages will have your personal info.

There’s a ‘View Invoice’ button which, if clicked, takes you to a website that will infect your computer with malware. Just delete the message without clicking on anything.

Want to train your users to better recognize phishing scams like this? Contact us to learn about online Security Awareness Training. The cost to train and educate your entire company for a whole year is less than $750 for an organization with fewer than 50 employees.

Everyone stay safe out there!


Does Your Endpoint Protection Include this Important Ramsonware Tool?

Unless you’ve been away on a small island for the last couple of years, you know about the problems presented by Ransomware and probably know of an organization that’s been hit. But as a refresher, Ransomware is software that encrypts your computer, network, and Cloud data and your only recourse to get your data back is to pay a ransom, usually in Bitcoin and typically +$1,000.

What’s really tricky about Ransomware is that it isn’t delivered like a typical virus that sneaks onto your computer and runs itself. Ransomware is usually self-inflicted. A user gets an email that looks legit such as an efax or Word document – these are called phishing attacks. The attachment is actually the code and by the user clicking on it, the ransomware application gets started.

While there are many steps your organization can take to protect yourself, at a minimum you want a good quality antivirus/antimalware application on each user’s computer, and you want to make sure this antivirus solution does email content filtering. This is a basic but effective line of defense to stop a large percentage of these phishing messages from getting in to your organization.

Symantec, McAfee, Kaspersky, Sophos, F-Secure, and Vipre do not perform content filtering. Trend Micro’s Worry Free Business Security Advanced does provide content filtering which is why we recommend this solution.

If you haven’t looked at the capabilities of your organization’s Endpoint Protection software lately, with ransomware infections growing each month, now might be a good time.


Bogus “American Express Fraud Protection Alert”: Heads Up!

Cyber criminals are at it again and this time they’ve come up with an interesting twist. The Phishing email is actually disguised as a fraud alert message from American Express! Here’s what to look for.

You receive a message with the subject line of Fraud Protection Alert with a ‘FROM’ address of American Express Customer Service. The message body looks like an Amex message with the logo and some footer information that seems pretty typical. But if you click on the hyperlink to ‘Verify’, you’re actually taken to a bogus Amex website where they tell you to log in. If you do you’ve just given the criminals access to your Amex account.

What are the giveaways this message is bogus? First, it isn’t actually addressed to you – it’s just Dear Customer. Second, there are some spacing problems in the message body that a real company like Amex would never do. Just sloppy. And finally, Amex and other credit card companies won’t ever include links to log in with any alert messages. They’ll instead tell you to call them at the number on the back of your card or to manually go to the credit card company’s website and log in normally. By the way, if there was a number included in the message don’t call it – those are often manned by fake ‘agents’ who will try to verbally get your credit card info.

Are your employees having difficulty with Phishing messages like this? Contact us about a new and very affordable company-wide training program we now have available to help educate your users.

Everyone stay safe out there!


Apple Phishing Scam – heads up!

Tell your users to be on the lookout for a phishing scam that looks like it comes from Apple. An email is received supposedly from Apple Support threatening to suspend your iCloud and Apple ID account because you did not reply to an earlier verification email. The phishing email has a link that allows you to ‘verify now’ but if you click the link you land on a bogus webpage that looks like it’s Apple but is a fake. The page prompts the user to enter their account and password and then boom, you’re done.

Everyone stay safe out there!



“Your PayPal Invoice is Ready” Ransomeware Scam

This scam is sneaky because the cybercriminals are using the exact same phrase that PayPal uses when monthly invoices are sent out.  Users receive an email with the subject line of ‘Your PayPal Invoice is Ready’ and the body of the message asks you to ‘Please open the attached file to view invoice’. The attachment is a .zip archive which, if opened, executes code that will encrypt your hard drive files (and files on any mapped hard drive) requiring you to pay a ransom in Bitcoin to get your files back. Short of a complete restore of the affected system(s), there’s no other way to avoid paying the ransom.

Aside from training your users not to fall for these types of messages, what else can you do to try and protect your company? Here are a few suggestions.

  • Block all .zip type of attachments in your email system
  • Pre-clean your email by running it through a filtering services such as MicroData’s hosted Barracuda service
  • Install better quality antivirus software that specifically looks for these types of threats. We recommend Trend’s Worry Free Business Security Advanced

As always, we’re glad to help organizations with issues like this. You can learn more or contact us anytime.



“Order” or “Case” Email Viruses Surging: Heads up!

There’s a rash of email messages appearing where the cyber criminals are trying the less-is-more approach. The subject line just has the word ‘Order’ or ‘Case’ and a string of letters/numbers. The message body references a ‘Total Amount’ or $30,000+, a ‘Timestamp’, and a ‘State’ reference. The message then asks you ‘Please open the enclosed Doc file’ – referencing an attached Microsoft Word file.

Opening the file will run a macro infecting systems that haven’t been updated and patched.

Remind your users to stop and think before they act on messages they receive, especially if it’s from someone they don’t know, contains an attachment, or uses fear or greed to try and encourage action.

Stay safe out there!



‘Secure’ Email Message Scam

The bad guys are relentless in trying to steal your information. The latest is a email with a subject line of “You have received a new secure message.” The body of the message has some graphics and prompts you to open the attachment which is a Word file named ‘Secure Message.doc’ (or similar).

Opening the file on a system that’s missing Microsoft Office security updates infects your system via a macro that exploits the unpatched vulnerabilities.

What can you do to help keep your organization safe? From a corporate perspective, make sure you have a good firewall installed, properly configured, and regularly updated. Also make sure that all user endpoints – Mac or PC – have installed, configured, and current antivirus software. And consider using an email filtering device or service to ‘pre-clean’ much of the junk like this scam.

Remind all your users to stop and think before they act on an email message they receive. Everyone stay safe out there!



Walmart Labor Day Voucher Scam

Going into the holiday weekend make sure you tell you users and friends to watch out for this one. You receive an email with a subject of “Use your Walmart Labor Day Voucher” with some referenced date. The message body then references a “$50 Walmart Bonus” available “this weekend only”. The message may come from ‘Walmart_Bonus_Points’ or something similar.

The links in the message take you to a fake page which will try to install password and financial account/credit card stealing malware on your computer.

Just delete the message.

Everyone stay safe out there and enjoy your holiday weekend!



Ashley Madison Scams: Warn your Users!

As probably everyone has heard by know, the hackers that stole over 35 millions records from the Ashley Madison site have now posted all the records for everyone to see.

The bad guys will be coming after users in a number of ways; phishing attacks, fake websites where you can ‘check if your spouse has been cheating on you’, or ‘verification’ if your own affair has come to light.

As you would probably expect, any of these 35 million users is a target and will probably be tempted to respond to threats to out them. So what can you do? We along with our friends at CyberHeistNews suggest sending out the following message to your employees and friends:

“Yesterday 35 million names, addresses and phone numbers of registered users at the Ashley Madison site (which makes it easy to cheat on your spouse) were posted on the Internet. All these records are now public, exposing highly sensitive personal information.

Internet criminals are going to aggressively exploit this in many ways, sending spam, phishing and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments. Be on the lookout for threatening email messages which slip through spam filters that have anything to do with Ashley Madison, or that refer to cheating spouses and delete them immediately, in the office or at home.”

Everyone stay safe out there!



iCloud/Apple ID Final Warning Scam

Tell your Mac users to be on the watch for this one. You receive an email purportedly from the ‘Apple & iCloud Support Team’ with a subject of ‘iCloud/Apple ID Final Warning‘ telling your that you haven’t reviewed and confirmed your Apple ID details. There’s a link to do this ‘validation’ which takes you to a bogus site where the bad guys hope you’ll actually enter your ID & password – effectively giving them your account.

Remind your users to stop and think before they click.

And did you know that a firewall with an active subscription can block many of these messages from even getting into your organization? Definitely worth considering if you are just using a plain old firewall. New technology in this area is surprising affordable and you can also get this functionality as a service for only a few dollars a month. Contact us if you’d like to learn more.

Everyone stay safe out there!



Walgreen’s Gift Card Scam

Tell all your users to be on the lookout for this phishing scam. You receive an email with the subject “Re: Your Walgreens Gift-Card (Expires 7/20/15)*”. There’s a large red graphic with a big ‘$50’ and even an official looking bar code. Clicking anywhere on the image or on the included link takes you to a foreign site where you’ll get prompted to reveal information to ‘confirm’ your gift card. What you’ll actually be doing is giving your info away to thieves. Just delete the message without clicking on anything.

Remember, stop and think before you click! Everyone stay safe out there!



‘Dunkin Donuts Customer Loyalty’ Email Scam

Even coffee isn’t safe any more! The latest malware phishing scam is sending out email messages with the subject ‘Dunkin Donuts Customer Loyalty’ that promises a $100 gift card by clicking a link in the message. Except instead of a gift card, you infect your computer with spyware/malware.

Remind your users to stop and think before reacting to email messages. And if you haven’t already, subscribe to our blog with the link below so you can be notified of important alerts and info like this.

Everyone stay safe out there!


Sneaky New Malware Attack; ‘Stop spamming me’

Here’s a nasty new approach by bad guys trying to infect your computer and network and steal your data. You receive an email with a subject of ‘stop spamming me’ and a message body that contains the following text:

stop sending me offers from {your domain} i am not interested.
i have attached the email i received from {a legitimate email address at your domain}.
please stop

A Word document is attached which has a macro virus which, if opened in an unprotected mode on an unpatched computer, will infect your system with malware.

If you receive one of these just delete the message without opening it or looking at the attachment.

Everyone stay safe out there!


Federal Government Chinese Hack Fallout. Action Required!

It’s happened again. Federal employee databases have been hacked and now the cyber criminals have millions of employee records. You can expect this info to get sold quickly and then the email messages will start arriving trying to scare recipients into clicking on a link which will then infect their computer with malware or the message will try and manipulate users into giving out more personal information. If you’re concerned that you or someone you know may be affected, send your friends and users the following:

‘If you receive an email that claims your personal information has been hacked and that you need to click on a link, open an attachment, or even call someone to protect yourself, stop! Never click on such links, don’t open any attachments, and never call someone whose information is only provided in an email message. These messages are scams designed to scare you into taking action that would infect your computer with malware/spyware and potentially release even more of your personal info.”

Everyone be careful out there!

Watch out for the ‘Copy of your Invoice’ Scam

You receive an email supposedly from some online company with a subject line of ‘Copy of your {company} invoice (xxx-xxxxxxxxx) and there’s a Microsoft Word attachment. You might recognize the company name or are just concerned about something being ordered in your name so you click and open the attachment. Boom – you just infected your computer with a key logging virus.

We’ll give the same advice we always give our customers; make sure your antivirus software is up-to-date and working correctly, make sure you have a good firewall either for your business or installed locally on your computer, and stop and think before you click.

Stay safe out there!



Heads Up! IRS Refund Scam

From our friends at Knowbe4, here’s a nasty ransomeware scam that’s looking for victims. Share this with your friends and colleagues.

Cyber criminals are preying on American tax payers that have made the April 15th deadline and are now waiting to hear about their refund. There is a massive phishing scam going on right now which tries to trick you into opening a Microsoft Word attachment. But if you do, all your files will get hijacked and encrypted. If that happens, you only get your files back after paying around $500 ransom.

Remember, think before you click, and do not open any attachments you did not ask for!



LogMeIn EMail Phishing Attack

Preying on the popular use of LogMeIn (an online meeting & collaboration service), the cyber criminals are trying a new tactic to infect your computer and steal your information.

You receive an email message from ‘’ with a subject line of ‘Your LogMeIn Pro payment has been processed!’. The content looks like a typical ‘Thank you for your payment’ sort of message and references a payment amount of $999. There’s an Excel spreadsheet attached that’s referred to as a receipt. Opening the attachment on a computer with a version of Excel that hasn’t been patched runs some code that infects your computer and begins stealing data.

Remind your users to stop and think before acting on email. And make sure your systems and all your software applications are updated regularly.


“The IRS is Suing You” Scam

Here’s one of a new breed of scams that’s circulating now – telephone. Based upon info that the cyber criminals have obtained about you, you receive a robo-call that goes something like this: “We have been trying to reach you. This call is officially a final notice from IRS, the internal revenue service. The reason of this call is to inform you that the IRS is filing lawsuit against you. To get more information about this case file, please call immediately on our department number 360-362-4254”

Cleverly, the 360 area code is in Washington outside of Seattle but it looks official when you see “Washington” on your caller ID.

Everyone be careful out there!



Heads up! Child Predator Email Scam

Proving that cyber criminals will sink to any level to steal your information, here’s another scam to alert your users about. Thanks to our friends at Knowbe4 for an early warning on this one.

Preying on the fears of any parent, users receive an email ‘warning’ them about a child predator ‘living near you!’ The email is delivered based upon zip codes so it might seem to have some legitimacy to a casual reader. The email contains a link to get more information and if you click on it, you infect your computer with malware that will attempt to steal passwords, account information, credit info, and even your identity.

Tell your users to delete the message without opening or clicking on anything.

Remember, stop and think!


Head up! ‘Fuel E-Bill’ Scam

Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.

Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.

Be careful out there and have a good weekend!


‘Tiket Alert’ Email Scam – Heads Up!

Tell your users to be on the alert for an email message with a subject line containing ‘Tiket alert’. It has a .zip attachment with a filename of that, if opened, infects the system with malware. Users should just delete the entire email.

Remember to stop and think.

Everyone stay safe out there!


Black Friday Scam Alert!

It’s the Holiday Season for the bad guys too! But not the way you might think. They go into scam-overdrive mode. Black Friday and Cyber Monday are the busiest on-line shopping days and they are out to get rich with your money. So what to look out for?

  1. At the moment, there are too-good-to-be-true coupons that offer free phones or tablets on sites all over the Internet. Don’t fall for it. Make sure the offers are from a legitimate company.
  2. Watch out for alerts via email or text that you just received a package from FedEx, UPS or the US Mail, and then asks you for some personal information. Don’t enter anything. Think Before You Click!
  3. There is a fake refund scam going on that could come from Amazon, a hotel, or a retail chain. It claims there was a “wrong transaction” and wants you to “click for refund” but instead, your device will be infected with malware.

So, especially now, the price of freedom is constant alertness and willingness to fight back. Remember to only use credit cards online, never debit cards. Be super-wary of bulk email with crazy good BUY NOW offers and anything that looks slightly “off”.

If you think you might have been scammed, stay calm and call your credit card company, nix that card and get a new one. Happy Thanksgiving!

“Final Alert” shipping email scam

Warn your users to be on the lookout for this one. You get an email with a subject line of ‘Final alert for {your email address}’ with a message body that claims to have shipping and tracking info for something that isn’t identified – except that the claimed ‘order total’ is several thousand dollars.

The hope of the scammers is that the large number will frighten someone into clicking on the link to open the email. Doing that will open a browser window taking the user to a website that will then attempt to install malware onto the computer.

Remind your users to stop and think before they click.

Be careful out there!


Heads up for Hacked eBay Accounts

If you use eBay watch out for the following scheme.

The bad guys use a phishing email to infect a user’s computer with a keylogger that records keystrokes. When an eBay login is detected, those credentials are used to access the account, set up a fake listing for a smartphone, TV, or some other popular item, and then the eBay account password is changed thereby locking out the legitimate owner of the account.

Unsuspecting buyers see a cool item at a great price and they check the feedback of the seller and see a 100% rating. So they click to buy but are instead taken to a fake eBay site where the victim is asked to log in and give out their bank details. Once they do this their bank account is cleaned out.

Remember – always keep your antivirus software up to date and current and stop and think before you click!



Robin Williams Scam

As if the events surrounding Robin William’s death aren’t sad enough, the bad guys out there are already trying to use it to steal your data. Users get an email or see a social media post with a subject line with something like ‘See Robin William’s Last Words’. Clicking on the link gets the user’s system infected with malware/spyware.

So alert your users to stop and think before clicking!



E-ZPass Email Scam

In a relatively new twist, we’re now seeming a phishing scam by the bad guys centered around the popular E-ZPass toll system. Here’s how it works.

You receive an email with a subject line of ‘Indebted for driving on toll road’ or something similar. The message itself has an official looking E-ZPass logo and a brief message claiming that you have failed to pay tolls and that you need to take care of it right away.

Of course, there’s a link which if clicked takes you to a fake website where you are asked to verify your account by entering your credit card info.

The giveaways that it’s bogus? Poor grammar, non-personally addressed, a direct link to a document rather than a request that you just log in to your account normally, and if you hover your mouse over the included link, you’ll see that the destination has nothing to do with E-ZPass.

Remind your users to stop and think before they respond to email messages.




“Incoming Fax Report” Scam

Here’s another scam to alert your users to watch for.

You receive an email with a subject line similar to ‘INCOMING FAX REPORT: Remote ID: xxx-xxx-xxxx’.

The message body includes some fax-like info including data/time, speed, connection time, pages, etc. It then includes the statement “Please use the following link to download your file:“.

The link provided will take you to a page that will infect your computer with spyware/malware.

Spam filters can’t block these types of messages – you have to rely on educating your users to the threat and reminding them to stop and think.

Everyone stay safe out there!


‘This Damaging Report Concerns You’ Scam

We’re all concerned about what info might be online about us, so this latest scam is sure to snag a few unsuspecting victims. Here’s how it works.

The bad guys send you an email with a subject line similar to this: “{username from your email address} this damaging report concerns you“. The message body typically has a reference to ‘damaging information leaked’ and the date and your email name again. There’s also a ‘record’ number and an admonition ‘Don’t let your reputation be ruined because of this published report

There are usually a couple of links – we’ve seen several to the domain which is a hacked system in Connecticut.

Clicking on the links infects your computer with keylogging malware designed to steal your data.

Antivirus and anti-malware software can’t stop these types of attacks so the key again is to educate your users. Always be suspicious of email messages received from a sender you don’t know, and if the message threatens you with something if you don’t act, it’s probably bogus.

Everyone be safe out there!


Use Craigslist to Hire? Read this Alert

You probably already know about CryptoLocker – the malware that encrypts everything on your local hard disk and then demands you pay from $500 – $1,000 or you’ll never see it again. Well now there’s a new threat and it comes into your organization in  way that greatly increases the chance of it successfully attacking your business.

The bad guys now search through Craigslist looking for companies advertising for help. They then send in an email response with an attached ‘resume’. The person in HR opens the attachment and boom, they’ve just infected the network with CryptoLocker.

What makes this doubly concerning is that typically the person in HR – or maybe even the business owner if its a small company – is the one looking at these resumes and they have a high level of access to files and data. This means that the potential damage can be much worse than for a lower level employee.

What can you do to protect your network? Employ some security ‘best practices’ such as removing certain attachments from email messages, restricting users ability to install software, maintaining robust web and email filtering, implementing and testing comprehensive backups and restores, and encrypting your sensitive data. But most important is to educate and train your users. As our friends at Cyberheist News are fond of saying, “Your weakest point in any security model is the person who touches the keyboard.”


Malaysian Airlines Facebook Scam

Facebook users beware of a scam posting about the missing Malaysian Airlines Flight MH370. A posting by cyber crooks is claiming the missing aircraft has been found in the Bermuda triangle and invites users to see video footage by clicking a link on a malicious website.



Cell Phone Scam – Alert your Users!

A nasty social engineering scam has surfaced combining a call to your cell phone along with a fake website. This one is pretty sophisticated – here’s how it works.

You get a call on your cell phone and the Caller ID appears to be from ‘Verizon Tech Support’ or ‘AT&T tech Support’ or similar. You hear a recording that your entitled to a voucher for your account for as much as $100. You are directed to a semi-legitimate sounding website that incorporates the voucher amount. Something like ‘’ for a promised $89 voucher.

When you go to the site it looks pretty good as the scammers have stolen all the legitimate site logos and text. You’re asked to enter your cell number, your account ID and password, and sometimes even the last 4-digits of your social. Give them all that and boom, they have what they need to begin a full identity theft.

Remember, NEVER TRUST CALLER ID – on any call. It’s easy to fake. And never act on calls or email messages offering you free stuff. There is no free lunch.

Thanks to our friends at Cyberheist News for passing this one along to us.

Everyone be careful out there!



New Email Amex Scam – “Important: Personal Security Key”

Everyone be watching for this new scam. Users get an email with a subject line of ‘Important: Personal Security Key’. There’s a graphic with the text ‘Fraud Threats: How American Express Helps Protect You’ and some information and a request that you create a ‘Personal Security Key’. All this so that American Express can supposedly help protect you.

Of course, if you click on any of the links you’ll be taken to a bogus sight where the bad guys will try to trick you into entering your Amex card info and boom, the fraudulent charges will start rolling in.

The tip-off’s this is bogus? They are the same as usual:

  • Not personally addressed to the recipient
  • when you hover your mouse over the link for you can see that the destination if clicked is an entirely different site ( on several of the messages we’ve seen)
  • Formatting on parts of the message are amateurish

Remind your users; stop, think!



“Image has been sent” scam: Heads up!

In an interesting variation from the scammers out there, be on the alert for an email message that shows up with a subject line of “Image has been sent <>”

There are a couple of links which if you click on them take you to the malware payload page.

This is a slightly different ploy trying to entice you to click on the links because of the lack of information – you do want to find out whatever image was sent, don’t you?

So alert all your users and remind them to stop and think before clicking on any links!



Free Credit Monitoring Scam. Heads up!

It’s not bad enough that Target’s systems this holiday season were compromised and as many as 100 million credit card accounts compromised. Now to make it worse, scammers are capitalizing on the fact that Target and many other retailers are offering free credit monitoring services to their customers.

The scam works like this; you get an email telling you that because your credit card account was compromised, you run the risk of unauthorized charges and identity theft. But the ‘merchant’ is offering you a free subscription to a credit monitoring service. Just click on this ‘link’.

So warn everyone to watch out for this scam and that any link or attachment for your so ‘sign up’ is likely a scam.

Be careful out there!



5 Most Dangerous Email Subject Lines to Watch For

The scammers are out in full force in 2014 so warn your users to be on the alert for phishing email messages. Here are the top 5 most dangerous subject lines based upon recent research done by our friends at KnowBe4:

  1. Invitation to connect on LinkedIn
  2. Mail delivery failed: returning message to sender
  3. Dear {insert bank name here} Customer
  4. Important Communication
  5. Undelivered Mail Returned to Sender

Everyone be careful out there!


“Scheduled Home Delivery Problem” E-mail Scam – Here’s what to watch for

Just in time for the holidays is yet another email scam. Here’s what to be on the lookout for:

You get an email purportedly from Walmart, Costco, or some other large retailer. The subject line is something intended to fool you into thinking there is a delivery problem with something you may have ordered or a gift that’s coming to you. The subject line is something like “Scheduled Home Delivery Problem” or “Express Delivery Failure”.

The message may have the company logo and an ‘order’ number and has links to check out the order and also to fill out a form to give updated shipping info. Clicking either link infects your computer with malware designed to steal your accounts, passwords, and other sensitive data.

The giveaways that it’s bogus? The message isn’t personally addressed to you (it’s a ‘Sir/Madam’ or ‘Dear Customer’ format’), the language is poor English, there’s a threat (‘you will get your money back but 17% will be deducted’ for some reason), and if you hover over the links without clicking, you’ll see that they resolve to addresses that have nothing to do with the merchant.

So warn your users and remember to stop and think before clicking!