ALERT:  

IRS Refund Ransomware Scam

 

 

Wait until the last minute to file for Income Tax?

Waiting with bated breath, knowing deep inside that you’ll have to pay dearly, but secretly hoping for a surprise refund?

CyberCriminals are aware of this, and are taking advantage of people while they’re vulnerable.

(That’s what CyberCriminals do best!)

Knowing that people are waiting for official word from their federal tax agency (IRS, Canadian Tax Services, etc.) pending refunds,

CyberCriminals are working overtime, hoping to receive their own ‘bonus’!

CyberCriminals have a massive email campaign, sending emails that reportedly want to inform you of your tax refund.

 

It will look similar to the email to the left, tailored to your specific location, of course.

 

 

They ask you to click on a link to a Microsoft Word attachment to receive for information.

However, instead of a tax refund, you’ll be opening an infected Word file.

The infected file holds a ransomware payload, and encrypts the files of the PC that opened the attachment.

 

The bonus?

It’ll also encrypt the files on all the connected network drives.

 

 

 

And your screen will look similar to the one on the left.

 

 

Once that happens, you’ll be forced to pay the reported $500 ransom by a deadline.

If you miss the 1st deadline, the ransom will go up.

 

Pass this post on to friends, family, and coworkers.

The more people that are educated about this type of attack, 

the less effective the attack will be!

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

 

 

ALERT:  

How to Help Prevent Cyber-Infection

 Think you’re immune?

So did thousands of banks and other organizations!

 

Last week, IBM Security report an active CyberHeist campaign using a variant of the Dyre Trojan that has successfully stolen more than $1 million each time, from targeted enterprise organizations.    

Since it emerged in June 2014, Dyre has grown even more sophisticated and easy-to-use, spreading the malware through a mall mailing of victims’ contact lists, and targeting organizations instead of individuals, enabling CyberCriminals to go for the bigger payday.

 

The IBM Trusteer team reported in October 2014, an increase of the infection rate of the Dyre malware from 500 to a startling 3,500 in just 5 months.

 

The Dyre campaign targets organizations

that frequently conduct wire transfers with large sums of money. 

 

The campaign includes a successful spear-phishing campaign which results in an infection (via Upatra malware).  Once the infected PC tries to log into one of the hundreds of bank websites that they Dyre Trojan monitors, a new screen appears (instead of the corporate banking site).  The new page explains the website is experiencing issues, and requests the victim to call the number provided to get help logging in.  This all results in successfully duping their victims into providing their organizations’ banking credentials.  As soon as the victim hangs up the phone, the wire transfer is complete.  

The targeted organizations sometimes also experience a Distributed Denial-of-Service (DDos) attack.

 

 

Unfortunately for us, Social Engineering still works extremely well for CyberCriminals.

 

How to Help Prevent Cyber-Infection:

1. Train Your Employees.  Your organization is only as strong as the weakest link.  And your employees have the most exposure, and are usually the most targeted, of your organization.  Train them on security best-practices and how to report suspicious activity.
2. Have I.T. Conduct Periodic Mock-Phishing Exercises.  Have your I.T. department send employees mock-phishing emails, where employees receive emails or attachments that simulate malicious behaviour.  Metrics can be captured on how many potential incidents would have happened had the exercise been a real attack.  Use these findings as a way to discuss the growing security threats with employees.
3. Offer Security Training.  Security Training is essential to help employees understand threats, and measures they can take to prevent infections and protect the organization.
4. Provide Regular Reminders.  Regular reminders for employees about phishing and spam campaigns, and to remind them not to open suspicious attachments or links from both work and personal emails.
5. Train Employees in Charge of Corporate Banking.  Train them to never provide banking credentials to anyone.  The banks will never ask for this information.

Got  Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination

 

ALERT:  Scam 911 Threat

 

Currently, residents of Ohio are being ‘beta tested‘ by CyberCriminals for an email scam.

Once they’re done with Ohio, you know it’s going to quickly spread throughout the U.S. and Canada, so here’s your heads-up.

Alert Your Friends, Family, Neighbors, and Colleagues About This Scam…

People are receiving phone calls and emails from a fake 911 emergency number.  The message states, that unless you call the Attorney General’s Office, at the supplied phone number (which is fake) and pay a fine, or be arrested shortly.

*  DO NOT phone the ‘Attorney General’s Office’ number that they supply.  

 

*  DO NOT click on any supplied links in the emails.

 

*  DO NOT comply with the demands for money through the phone or email messages,

even if it appears legitimate.

 

911 does not send phone or email messages like this.

Now, scams that trick people into paying money isn’t new.  However, the ‘sophistication’ of this scam would be impressive, if it wan’t so evil.

For the phone calls, ‘911’ actually appears in caller ID.  For the emails, ‘911 Emergency’ actually appears as the sending address.

Both are fake.

The Office of the Attorney General in Ohio has received complaints since the beginning of March, regarding these scam phone calls/emails.

How To Protect Yourself From Phone Scams:

This information applies to emails as well.

1. Be skeptical of the phone number that appears on caller ID.  It could be spoofed, or fake.
2. When in doubt, hang up or don’t answer a call.
3. Don’t respond to suspicious calls.  Even if the call prompts you to dial a certain number to avoid arrest, or asks you to press a button to “opt out” – Don’t do it.  This could cause you to receive even more phone calls, because it signals to the sender that yours is a legitimate phone number.
4. Never provide money or personal information to someone who calls you unexpectedly and demands payment, even if it appears to be an emergency call or a call from the government.
5. Don’t trust someone who says you have to pay off a debt or fine by using a prepaid card or wire transfer.  These are preferred methods of payment for Criminals, because once the money is sent, it is difficult to trace or recover.

 

Got Cyber-Bugs?

Call:  1-204-800-3166

For Cyber-Extermination!

ALERT:  

Banking Email Scam

 

The National Credit Union Administration (NCUA) is warning netizens about a recent phishing email scam.

The NCUA reports that emails are being received by consumers in the U.S. and Europe from what appears to be a legitimate website managed by an Australian financial services company called “National Credit Union”.  This company claims to offer financial products and services to consumers in the U.S. and Europe.

The emails are similar to the one below:

 The emails ask consumers to verify their identity in a “routine check for security purposes”.  The emails request personal information, such as Social Security numbers, account numbers, log-in information, and a request to transfer large amounts of money.

The NCUA emphasizes that it has no affiliation with the “National Credit Union”, and that they would never ask consumers for such information.

 

What To Do If You Receive A Suspected Scam Email:

1. Do not reply to the email.  Do not click on any links.  Do not open any attachments.  Do not give any information.  Do not act on financial requests.  Delete the email.
2. Contact the NCUA’s Fraud Hotline, toll-free 1-800-827-9650.  All reports remain confidential.
3. File a complaint with the Internet Crime Complaint Center.  The center is a partnership between the FBI and the non-profit National White Collar Crime Center established as a clearinghouse for Internet-related crimes.
4. Visit the “Frauds and Scams” page on MyCreditUnion.gov.  This page, operated by the NCUA, gives an overview of CyberCrime scams.  

If you think your identity has been stolen, contact your financial institution as soon as possible.  

Dispute any fraudulent transactions and, if needed, close your accounts and open new ones.  Also, to protect your credit, notify the 3 big credit bureaus, Equifax, Experian, and TransUnion, to place a “Fraud Alert” on your credit reports.

If you find any “National Credit Union” phishing emails in your inbox, following these steps can prevent an incredible amount of lost time, hassle, and money.

 

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

ALERT:  Phishing for Apples

 

BEWARE of FREE Apple Watch GiveAways!

Last week Apple had their big Apple Watch release event.  The Press took note, and has been full of news about the models, and pricing ever since.

CyberCriminals are also taking note, and are trying to ride the wave of enthusiasm for the newest smartwatch.

CyberCriminals are using social media (Twitter, Facebook, etc) to try to trick people into clicking on links, entering fake “contests”, or forward messages to their friends.

 

CyberCriminal gangs are setting up Twitter accounts named “Apple Giveaways”, targeting users that mentioned the smartwatch in their Twitter feed.  They tell people they have been “chosen”, and promise them a free Apple Watch.  All they ask them to do, is to click the link in the message.  The link leads them to a series of links and instructions, leading them to other dubious web pages.

 

 CyberCriminals also have set up Facebook event pages asking victims for their 1st and last names, including Facebook handle.  They are asked join the event, and invite a minimum of 100 friends.  They are told that 100 invites earns them an Apple Watch, 250 invites = an Apple Watch Sport, and 500 invites = the Apple Watch edition (sold by Apple for $17,000).

 

 CyberCriminals often release phishing scams, to coincide with highly anticipated product launches and news events, preying on victims’ excitement and vulnerability.

 

Got Computer Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

 

 

ALERT:  

Email Attachment “Fax”

CryptoWall 3.0

This email scam is the latest CryptoWall attack that has affected businesses world-wide.

An email is sent, which has an innocent-looking email attachment that claims to be a fax report from your own business or home.

If you receive an email that claims to be a fax report, that seems to come from your own domain/business/home, but the link ends in “.CHM”,

The email attachment link will look similar to the one below:

 DO NOT OPEN,

and

DO NOT FORWARD.

 

DELETE THE EMAIL IMMEDIATELY!

 

After you delete the email, warn I.T. that the email sits in your “Deleted” items.

If you click on the link to open it, it will download malware, which will lock up all your files,

and potentially all files of everyone else in your business or organization.

The CyberCriminals responsible for this scam, then demand a $500 Bitcoin ransom to get your files back.

This malware is being sent in waves, attacking computers all over the world.

We highly recommend to add “.CHM” files to the list of potentially malicious extensions in your spam filters.

 

Got Computer Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

 

 

ALERT:  Microsoft Volume Licensing

CyberCriminals are going after the businesses with Microsoft Licensing this time.

 

Corporate users are sent a phishing email that appears to be from “Microsoft Volume Licensing Service Center (VLSC)”, according to researchers with Cisco Managed Threat Defense.

The email looks similar to this:

 

 

 

 

 

 

 The email has a very personalized welcome line, and asks recipients to click on a link to login to the VLSC.

The link in the email appears to be for a Microsoft website but Martin Nystrom, senior manager for Cisco, points out that hovering over it with the mouse reveals the true URL.

Clicking on the link will result in the authentic VLSC login page opening, but will also trigger a ZIP file to download that recipients may not notice is being delivered from a different website.

The ZIP file contains a Windows Executable with a SCR extension – a screensaver file – and opening it results in the system being infected with “Chanitor”, which is used to download other malware.

Everyone needs to be aware of the security risks (and responsibilities) that come with using a computer these days, and employees need to be educated about security risks, and what to look for.

For some examples of how to identify a fake email, click:  HERE.

 

Got Computer Problems?

Call 1-204-800-3166

For Cyber-Extermination!

 

ALERT:  

Financial Institutions

Hit By CyberHeist

 

 

A multinational gang of CyberCriminals has stolen as much as $1 billions from as many as 100 financial institutions across the world, including Canada and the US.

This was a highly sophisticated operation that managed to stay inside bank networks for a very long time…

UNDETECTED!

Antivirus developer Kaspersky’s publication on Feb. 16, 2015, revealed details on what is likely the biggest cyberheist ever.

The CyberCriminals used carefully crafted emails

to trick pre-selected employees into opening malicious software files,

a common technique known as spear-phishing.

The opened software files infected their workstations.  Once the CyberCriminal had access, they roamed the internal network freely, until they tracked down administrators’ computers for video surveillance.  They studied how the bank clerks worked, and were then able to mimic their activity and tell ATMs to dispense cash to a gang member at a pre-determined time, or transfer larger amounts to accounts located all over the world.  In some cases, they inflated account balances before pocketing the extra funds through a fraudulent transaction.  Because legitimate funds were still there, the account holder would not suspect a problem.

 Kaspersky reports evidence of theft in the amount of $300 million.  The NY Times reports thefts could add up to 3 times that amount, likely exceeding $1 billion.

Chris Doggett, from Kaspersky North America, told the NY Times, “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”

The CyberGang, dubbed the “Carbanak CyberGang” by Kaspersky because of the malware they used, appears to be the first international CyberMafia: a group of CyberCriminals from Russia, Ukraine and other parts of Europe and China.

Kaspersky could not release the names of the banks because of nondisclosure agreements, but reports they were in Russia, Japan, Europe, The Netherlands, the US, and Canada.  NY Times states that The White House and FBI have been briefed on Kaspersky’s findings.  Interpol and Europol are coordinating the investigation.

Sanjay Virmani, director of Interpol Digital Crime Center said in a statement prepared by Kaspersky,

“These attacks again underline the fact that criminals will exploit any vulnerability in any system.  It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures.”

 

Kevin Mitnick, KnowBe4’s Chief Hacking Officer tweeted,

“Even after 20 years, social engineering is still the easiest way into a target’s network and systems, and it’s still the hardest attack to prevent.”

 

Security Issues?

Call 1-204-800-3166

Get Cyber-Exterminated!

 

 

FREE Security Checkup

February 10 was Safer Internet Day

 

Although you should practice safe internet policies every day, this day is to bring focus to how important online safety is.

Please take 2 minutes out of your day to complete a simple Security Checkup.

 

This checkup makes sure you are making the most of the 24/7 protection you receive from TbyD (if you’re on one of our Monthly Service Plans).

Google is giving you this FREE checkup.

If you complete this checkup by February 17, 2015, they will give you a

permanent 2 GB bump in your Google Drive storage plan.

 

It takes just a couple minutes and, unlike other checkups, it won’t leave you feeling guilty about not flossing.

Here’s what it does:

• Ensures your account recovery information is current.

  If they detect suspicious activity in your account, they use your recovery info to get in touch and make sure no one but you gains access.

• Lets you review recent sign-in activity.

  Reviewing this lets you validate the sign-ins are coming from you and not someone else who shouldn’t be using your credentials.

• Confirms the apps and devices that access some account information.

  This step lets you monitor this list and remove apps and devices that don’t need access to your account any more.

After you’ve gone through the checkup successfully, you’ll see 3 green checkboxes (see left) that confirm you’re eligible for the free storage and, more importantly, that you’ve taken steps to enhance your online safety.

 

Google will be granting the storage automatically to everyone by around February 28, 2015, and they will send you an email when your adjustment is complete.

 

Ideally, you’ll revisit this checkup every so often, or anytime your account changes, like when you get a new phone or replace an old laptop.  

While this is just one way to help you stay safe online, you can find even more tools and tips in the Google Safety Center.

 

**Please note:  Google Apps for Work and Google Apps for Education users are not eligible for the bonus storage, but should still consider taking the Security Checkup.

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!