Technology by Design

Technology news, reviews, and how to keep your technology running fast and smooth!

ALERT: HTML Attachments

by Leave a Comment

Credential Phishing

ALERT:  HTML Attachments

In the past, spam filters have been able to catch most of the malicious emails, based on the types of attachments they were sending (and trying to trick people into opening the attachments, which then downloads malicious files onto your device).  Most of the malicious attachments used in the past were “.DOC” or “.JS” files, used mainly for ransomware attacks.

Now, CyberCriminals are trying to trick spam filters into letting their malicious emails through, by sending .HTML attachments, also knows as “attackments”.

CyberCriminals are using these attackments for credentials “phishing” for a few reasons.  Namely:

  1. Reduced chance of anti-virus detection:  Carefully crafted .HTML files can reduce the chances that phishing emails with these attachments will be stopped by email security software or devices.  .HTML files are not commonly associated with email-borne attacks (at least, not until recently).  .HTML files can be used to embed redirects that can evade antivirus scanners that check only URLs that appear in the bodies of emails.  .HTML files can also be used to deliver obscure web pages that might slip past scanners that do check .HTML attachments.
  2. Users are familiar with these attachments, and usually don’t see them as harmful.  Users and employees may be familiar with .HTML attachments, as they are often used by banks and other financial institutions to send secure information and documents.  If your company routinely interacts with financial institutions, your employees may view .HTML attachments as simply routine and non-threatening.

html attachment

Unfortunately, CyberCriminals have recently taken to using .HTML attachments to spoof bank login pages, popular online services, and secure messages from financial institutions (financial institutions often use “.HTML” attachments to send secure messages).

Your spam filters may miss these based on the “.HTML” file.
If you receive an email with an .HTML attachment, be wary!  
Do not open it unless you know 100% that it is legitimate, have requested the link to be sent, or have verified with the sender that the attachment is legitimate.

 

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

You’ve Been Scammed: Now What?

by Leave a Comment

Youve Been ScammedYou’ve Been Scammed:  Now What?

It’s a dreaded “aha” moment…when you realize that you’ve been scammed.  

A flurry of emotions rush up, all at once:  embarrassment, rage, embarrassment again, fear, etc, etc.  Then the thought comes…

“Now what?”

 

What to DoWhat to do if You’ve Been Scammed:
  1. If you used your credit card to pay, call the credit card company.  Tell them that you did not authorize the charges, and that you were scammed.  They will most likely reverse the charges, especially if you do this soon.
  2. Cancel your credit card if you used it to pay.  If the Criminals were shady enough to scam you out of money the first time, there will be no moral dilemma for them to keep the credit card information and charge it up.
  3. If you’re in Canada:  Report the fraud to the Canadian Anti-Fraud Centre.  Phone toll-free 1-888-495-8501 Monday to Friday 830am – 5pm (Eastern).  Or log into their online Canadian Fraud Reporting System (FRS).  However, to do this you will need a “GC Key” (User ID/Password) or “Sign-In Partners” (banking credentials).
  4. If you’re in the United States: a) Email/Internet Scams:  Go to the FBI Internet Crime Complaint Center and file a report.  b)  Phone Scams:  Contact the Federal Trade Commision (FTC) or use the Online Complaint Assistant to report most types of frauds.  For more details on how to report scams and fraud go to:  https://www.usa.gov/stop-scams-frauds.
  5. If you have been tricked into signing a contract or buying a product or service:  Contact your provincial/territorial/state consumer affairs office, and consider getting independent advice to examine your options – there may be a “cooling off” period, or you may be able to negotiate a refund.
  6. If you think someone has gained access to your online account, telephone banking account, or credit card details:  Call your financial institution immediately so they can suspend your account and limit the amount of money you lose.  Credit card companies may also be able to perform a “charge back” (reverse the transaction) if they believe that your credit card was billed fraudulently.
  7. If you sent a cheque, contact your financial institution immediately.  If the criminal hasn’t already cashed your cheque, you may be able to put a “Stop Payment” order on it.
  8. If you sent money through a wire service (eg. Western Union, Money Gram), contact the wire service immediately.  If you are very quick, the may be able to stop the transfer.
  9. If you were scammed using your computer, it is possible that a virus or other malicious software is still on your computer.  Run a full system check using reliable security software.  Or contact reliable computer professionals, such as Technology by Design 1-204-800-3166, to ensure your computer is clean of all malicious software.
  10. If you do not have security software (such as virus scanners and/or firewall) installed on your computer, a computer professional, such as Technology by Design 1-204-800-3166, can help you choose the correct products for you.
  11. CyberCriminals may now have access to your online passwords.  Change all of your passwords using a secure computer.
ScamCommon Scams:
  1. Advance Fee Scams:  Scams that claim you’ve won a lottery, prize, or can invest in a “great” opportunity…IF you pay a small fee in advance.
  2. Chain Letters:  These letters promise to help you get rich quickly if you participate and forward the letter/email on to you friends and family.
  3. Charity Scams:  Criminals exploit current disasters, and take advantage of your willingness to help people in need and charitable causes.  They may collect your donation and keep it for themselves.  If you want to donate, please go directly to the charity’s webpage, or call the charity directly (from a phone number that you look up – Do NOT call any phone numbers you received in emails).
  4. Coupon Scams:  Coupons can be a great way to save money.  But beware of illegitimate offers.  If it sounds too good to be true…it usually is!
  5. Dating Scams:  Criminals often create fake profiles on dating sites and express interest in you, just so he/she can convince you to send them money.
  6. Debt Relief Scams:  Criminals hope that you are as eager to get rid of your debt as they are to scam you out of your money.  Know the warning signs, so you won’t be their next victim.
  7. Free Security Scans:  Don’t be tricked by messages on your computer (usually a pop-up) that claim your machine is already infected with a virus.  The legitimate-looking (but FAKE) security alerts exploit your fear of online viruses and security threats.
  8. Government Grant Scams:  Despite ads that say you qualify for a government grant, these are often scams.  Be wary about responding to offers, emails, or claims that use government agency names.
  9. Health Product Scams:  Be wary of trusting all claims.  Take time to get the facts about a product first.
  10. International Financial Scams:  A variety of scams offer entries into foreign lotteries or international investment opportunities.
  11. IRS-Related/Canada Revenue Agency Scams:  Be careful of trusting emails that are supposedly from the IRS or the CRA.  Criminals try to gain access to your financial information in order to steal your identity and assets.
  12. Jury Duty Scams:  Be wary of phone calls from supposed “court officials” who threaten that a warrant has been issued for your arrest because you failed to show up for jury duty.
  13. Phantom Debt Scams:  Beware of letters and calls, supposedly from “debt collectors” or “court officials”.  These criminals make threatening claims requiring you to pay money that you don’t owe.
  14. Pyramid Schemes:  These investments offer big profits, but really aren’t based on revenue from selling products.  Instead, they depend on the recruitment of more investors.
  15. FBI/CIA Scams:  Avoid falling victim to schemes involving unsolicited emails supposedly sent by the FBI and/or the CIA.  The emails appear to be sent from email addresses such as mail@fbi.gov, post@fbi.gov, admin@fbi.gov, and admin@cia.gov.
  16. Service Member or Veteran Scams:  Criminals target bogus offers of government resources or financial services to trick active duty military personnel and veterans out of their hard-earned money.
  17. Smishing, Vishing, and Phishing:  All 3 of these scams rely on you replying to an email, phone call, or text with personal information, such as your bank account or credit card information.
  18. Subpoena Scams:  Criminals send bogus emails, supposedly from a court, stating that you have to come to court.  These emails are fake and may contain links that are harmful to your computer.
  19. Text Message Scams:  Not only can text message spam be annoying and cost you money on your mobile phone, but the messages are also usually part of scams.
Protect YourselfHow To Protect Yourself:
  1. Protect Your Identity:  Treat your personal details like money – don’t leave it lying around, and don’t give it out to just anyone.
  2. Destroy personal information, don’t just throw it out.  Cut up or shred old bills, statements, or cards (credit cards or ATM cards – anything with a black or grey magnetic stripe on the back contains personal information).
  3. Never send money or cheques to anyone that you don’t know and trust.  
  4. Never send money or pay any fee to claim a prize or lottery winnings.
  5. Never transfer or wire any refunds or overpayments to anyone you do not know.  
  6. If you receive a phone call from someone you do not know, always ask for the name of the person you are speaking to and who they represent.  Then verify this information by calling the company yourself (by looking up the phone number yourself.  NEVER trust a phone number that someone else provides).
  7. Never give our personal, credit card, online banking/account, usernames or password details over the phone or in a response to an email, unless you made the phone call or initiated contact, and the phone call and/or email came from a trusted source.
  8. Do not respond to text messages or missed calls that come from numbers you do not recognize.  Be especially wary of phone numbers beginning with “1-900”.  These may be charged at higher rates than other numbers and can be extremely expensive.  
  9. Never reply to a spam email (unsolicited email), even to unsubscribe.  Often, unsubscribing serves to “verify” your email address to scammers.  The best thing to do it to delete any suspicious emails without even opening them.
  10. Turn off the “viewing pane” as just viewing the email may send a verification notice to the sender that yours is a valid email address.
  11. Legitimate banks and financial institutions will never ask you for account updates or details in an email, or ask you to click on a link in an email to access your account.
  12. Never call a telephone number, or trust any other contact details that you see in a spam email.
  13. Install software that protects your computer from viruses and unwanted programs, and make sure it is kept current.  If you are unsure, seek the assistance of a computer professional, such as Technology by Design 1-204-800-3166.
  14. If you want to access a website, use a bookmarked link to the website or type the address of the website into the browser yourself.  Never follow a link in an email.
  15. Check website addresses carefully.  CyberCriminals often set up fake websites with addresses that are very similar to legitimate websites.
  16. Beware of websites offering “free” downloads (music, adult content, games, movies, etc.).  Downloading these products may install harmful programs onto your computer without your knowledge.
  17. Avoid clicking on pop-up ads – this could lead to harmful programs being installed on your computer.
  18. Never enter your personal, credit card, or online banking  or account information on a website that you are not 100% certain is genuine.
  19. Never send your personal, credit card, or online banking  or account information through an email.
  20. Avoid using public computers (at libraries or Internet cafes, etc.) to do your Internet banking or online shopping.
  21. When using public computers, clear the history and cache of the computer when you finish your session.
  22. Be careful when using software on your computer that auto-completes online forms.  This can give CyberCriminals easy access to your personal and credit card details.
  23. Choose passwords that would difficult for anyone else to guess.  For example, passwords that include letters and numbers.  Change your passwords regularly.
  24. When buying anything online, print out copies of all transactions, and only pay via a secure site.  If using an Internet auction site, note the ID numbers involved and read all the security advice on the site first.
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: New Ransomware Also Steals Your Bitcoins

by Leave a Comment

Bitcoins

ALERT:  New Ransomware Also Steals Your Bitcoins

 

With the rash of new ransomware strains out there, you knew they were going to up the ante somehow…

 

CryptXXX is built by the same CyberCriminals that are behind the Revelton malware.  It is an attempt to one-up the release of the Locky ransomware by their CyberCriminal Competitors.

CryptXXX currently spreads through the Angler Exploit Kit which infects the PC with the Bedep Trojan, which drops information theft software on the PC, then adds professional-grad encryption adding a “.crypt” extension to the filenames.  

This ransomware encrypts files locally, and on all mounted drives, and demands $500 Bitcoin/PC to unlock the encrypted files.  However, they continue to add insult to injury by also stealing Bitcoins, as well as a large range of data.

CryptXXX tried to avoid detection through “random delayed” execution (which attempts to easily connect the infection to the delivery vector), anti-Virtual Machine, and anti-analysis functions (eg. checking CPU names in the registry, monitoring for mouse events).

CryptXXX Ransom Note

The CyberCriminals behind this ransomware is highly skilled and experienced, which means this is professional-grade ransomware.  Proofpoint researchers report “Those [ransomware infections] associated with more experienced [CyberCriminals], (such as Locky) have become widespread quickly…Given Revelton’s long history of successful and large-scale malware distribution, we expect CryptoXXX to become widespread.  Based on the large number of translations available for the [Bitcoin] payment page, it appears that the Revelton team shares those expectations.”

The ransomware will initially be spread through drive-by downloads, but a deluge of phishing emails can be expected to follow shortly.

What Can You Do to Avoid Becoming a Ransomware Victim:
  1. Backups.  Backups.  Backups.  Maintain current, and reliable backups of all pertinent files.  Nothing beats a good, reliable backup!  Backing up your data now can prevent a lot of expensive headaches in the future.
  2. AntiMalware Software.  Regularly run AntiMalware software to block known strains of ransomware.
  3. Update.  Update.  Update.  Keep all hardware, software, and Operating Systems up-to-date.  
  4. Educate.  Educate.  Educate. Make sure employees and coworkers know about current viruses/malware, and what to look for.  Print & post our “Red Flag Emails” for easy reference on what to look for in scam emails.
  5. Install Ad Blockers When Possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
  6. Block Extensions via Email.  A good spam blocker will usually handle this for you.
  7. Limit permissions.  Allow “Read/Write Access Only” when necessary.
  8. Avoid mapping network shares.  If you have to use them, hide them whenever possible.  This is sometimes as simple as appending a “$” to your share name.
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Prince’s Last Words

by Leave a Comment

Prince

ALERT:  Prince’s Last Words

Yesterday, news broke that Prince (aka Prince Rogers Nelson) was found dead in his home in Minneapolis at age 57. 

CyberCriminals eager, as always, to take advantage of any tragedy, are up to their same tricks.  A series of email scams are currently being circulated, one of which is most likely to be a supposed video of Prince’s last words caught on video (this is a frequent scam to use after an especially unexpected celebrity death).

Whatever ploy is being used, you can be sure to end up with either infected computers at home or in the office, giving out personal information, or unleashing ransomware on the network.

Beware of any email, attachments, any social media, texts on your phone…anything.

Another heads-up:

With the recent eqrthquakes in Ecuador and Japan, there are charity scams rearing their ugly heads.  If you want to make donations, please go to your favorite charity website directly by opening your browser and typing in their link in the address bar.  DO NOT click on any links or open any attachments in emails.

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Jigsaw Sinks to New Low…Even for Ransomware

by Leave a Comment

Jigsaw Ransomware
ALERT:  Jigsaw Sinks to New Low…Even for Ransomware

Being infected by ransomware is bad enough.  Add in being taunted by old horror movie pictures while it slowly deletes your encrypted files, all while increasing the ransom demand, until you pay for the decryption key.  And if you reboot your PC, you’re punished with the instant deletion of 1,000 of your files.

Jigsaw, a new strain of ransomware tries to increase the pressure on victims to pay, by referencing the horror movie “Saw”.  In fact, the ransomware is named after the film’s fictional serial killer John Kramer’s nickname the “Jigsaw Killer”.  The ransomware, still drawing motivation from the horror movie, communicates with victims using a puppet called “Billy”, and uses the red clock to count down to deadlines imposed, which are both used by the killer in the movie.  However, in the case of the ransomware, the clock shows victims how much time is left before more files get deleted, and the ransom demand increases.  After 72 hours, the ransomware deletes every encrypted file on the PC.

Jigsaw Note

How the ransomware attack unfolds, as seen on an infected PC. (Source:  Forcepoint.)

This latest version, in a long list of versions, “appears to have been coded on March 23 and to have been used in live attacks by the end of the month” states Andy Settle, head of special investigations at Ryatheon’s cybersecurity business Forcepoint.  “This malicious program starts encrypting your files while adding, with no irony, the ‘.FUN’ file extention.”  

“Using horror movie images and references to cause distress in the victim is a new low.”

Jason Sumalapao, malware analyst at Trend Micro, states in a blog post that the ransom note exists in both English and Portutuese-language versions, and that the lowest possible amount that victims can pay, before the demand starts increasing, ranges from $20 to $150 USD in bitcoins.

Jigsaw appears to be distributed through adware and “grayware” (potentially unwanted applications, such as free toolbars), as well as through ‘adult content’ sites, reports Trend Micro.  

Forcepoint states that the producers of Jigsaw attempted to prevent detection by writing the ransomware in ‘.NET’ code.  However, this attempt failed, and security researchers have been able to recover the encryption key, as well as 100 different bitcoin payment addresses.  This information has since been shared with authorities.  Since the encryption key was discovered, security researchers have been able to publish instructions on how to remove Jigsaw infections.  However, it’s probably not long before Jigsaw producers correct their coding error that lead to the discovery of the decryption key.

How to Avoid Jigsaw and Other Ransomware:
  1. Backups.  Backups.  Backups.  Maintain current, and reliable backups of all pertinent files.  
  2. AntiMalware Software.  Regularly run AntiMalware software to block known strains of ransomware.
  3. Update.  Update.  Update.  Keep all hardware, software, and Operating Systems up-to-date.  
  4. Educate.  Educate.  Educate.  Keep all employees and coworkers informed about current security threats, and what to look for.  Check out our ‘Red Flag Emails‘ for tips on what to look for in scam emails.
  5. Install Ad Blockers When Possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
  6. Block Extensions via Email.  A good spam blocker will usually handle this for you.

 

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Emergency Flash Patch Battles Ransomware

by Leave a Comment

Adobe FlashALERT:  Emergency Flash Patch Battles Ransomware

Active CyberCriminal attacks are occurring that exploit a zero-day flaw in the Windows version of the Adobe Flash to install ransomware.

Security experts are warning all Adobe Flash users to either update Adobe Flash, or uninstall the browser plug-in software if you don’t use it.  Recent versions of Flash for Mac OS X, Linux, and Google ChromeOS are also at risk.

Adobe has released updated versions of Flash that fix the flaw, which has been named “CVE-2016-1019”.

Adobe states:  “Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.”

Adobe’s latest Flash update includes fixes for 24 flaws.  Adobe reports that many of the fixed flaws are considered “critical vulnerabilites” that “could potentially allow an attacker to take control of the affected system”.

The latest (fully-patched) version of the Flash Player Desktop Runtime is 21.0.0.213.  Adobe recommends all users upgrade immediately.

Remember to install updates regularly.  Updates plug known security holes that could be putting your computer system (and your business!) at risk!

 

You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Comcast Triple-Threat

by Leave a Comment

ComcastALERT:  Comcast Triple-Threat

More and more, legitimate-looking advertising served on major websites turn out to be malicious.  CyberCriminals pay for and post ads, which they hope you click on.  BUT if you click on the malicious ads, you are redirected to a compromised website which may infect your computer and/or disply pop-ups that claim your PC has a virus and provide a toll-free number for “Tech Support” who will “fix” your PC, but really just want your credit card information.

Comcast is the largest ISP in the U.S. and have thousands of business users.  This makes them a prime target for a social engineering attack by CyberCriminals.

Comcast Triple Threat

Threat #1:  Malicious Ad

Comcast has a search page called Xfinity that serves tons of searches.  On this page is a malicious ad (served by Google) from “Sat TV Pro” which claims to compare Direct TV to Comcast TV.  If you click on the ad, you are redirected to a compromised site which has an Exploit Kit (EK) running.

Threat #2:  Infection

The EK first infects the workstation with ransomware, then redirects to a fake Xfinity site.

Threat #3:  Extortion

Comcast Tech Support

The fake Xfinity site pops up, with a message allegedly from “Comcast’s security plugin”.  The message states that the workstation is infection (which is correct, because they just did it!), and the user needs to call “tech support”, for which they provide a toll-free number.  If you call the toll-free number provided, you get fake “Tech Support”, which is actually scammers who try to get your credit card information to “fix” the box.  

How to Avoid This Scam
  1. Keep updates up-to-date to avoid security holes.  
  2. Use up-to-date software.  Old software versions may be cheaper and “familiar”, but they may no longer be supported by their manufacturer.  This means that the software manufacturer no longer releases security patches (to “patch” up known security holes).  This leaves your computer, and any computer on your network, vulnerable.  
  3. Do not click on any suspicious ads or links (in ads or in emails).
  4. Do not open emails or click on links from unknown senders.
  5. Do not open emails or click on links from “uncharacteristic” emails from known senders.  Example – it’s unlikely that the CEO of your company, or your Great-Aunt Freda, would send you penis-enlargement information.
  6. Make sure staff and employees know about current security alerts.  Not sure what they are?  Visit our ALERTS page to find out!
  7. Provide Security Awareness Training for your employees.

 

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutionspackage!
You can’t stop CyberCriminals from targeting your company or employees.
But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks