Cybersecurity Blog

Fake sites use HTTPS too – 10/04/18

 

As the holiday season approaches, people around the world are getting ready to cruise the internet looking for great gifts at bargain prices.  As you do your online holiday shopping, keep in mind that sites labeled HTTPS guarantee your data is encrypted as it is transmitted between your computer and the web.  It does not guarantee that the site is legitimate.

Criminals have gotten wise. They are now registering their fake web sites so they are tagged as HTTPS.  So now instead of having to worry about your credit card information being intercepted as you purchase the iPhone XS Max for the unbelievable price of $300.00 USD, you can be confident that only the scammer is receiving your data.

So how do you know that a site is legitimate? Stick with retailers that you have used in the past and access their web sites using a bookmark or search result.  If you receive an email with an offer, don’t use the link in the email.  Visit the website directly.

If you are using a new retailer:

  • Check reviews first.  Avoid retailers with large numbers of complaints that haven’t been resolved.
  • Always pay with a credit card or PayPal so you have a method of recourse should things go wrong.
  • Remember to read all the terms & conditions of sale.  Know if they have a return or exchange policy.

Lastly, remember…if it is too good to be true, it probably is a scam.

 

Hurricane Florence Relief Scams – 09/27/18

 

It is a sad reality, but when there is a disaster it doesn’t take long for criminals to find a way to profit.  Hurricane Florence is no exception.  There are numerous websites for hurricane Florence relief that have popped up in the last week.  All have very professional looking graphics and legitimate sounding names.  All of them allow you to donate directly from their web site. However, many of them are simply collecting money and putting it into their own pockets.

In addition to the “charity” websites, the bad guys are sending out phishing emails tugging at your heart strings and asking you to donate to hurricane Florence relief.  Just as you would with any other unsolicited email, don’t click on links or open attachments in these emails.  If you wish to donate, visit a charity’s website directly.

Not sure where to donate? Make sure you do your homework first. Charity Navigator is a terrific organization which investigates and rates charities.  They have hundreds of charities listed on their website.  You can see if the charity is legitimate and how much of their raised funds are given away and how much are used for administrative costs. With a little research you can make sure your good deed doesn’t turn into it’s own disaster.  Happy donating!!

 

Just because a link looks safe, doesn’t mean it is – 09/07/18

 

For many of you, not clicking on email links is an obvious choice.  You wonderful folks are the ones who follow best practices and use a bookmark or browser search to access information given to you in an email.  However, there are braver souls out there who prefer to live on the wild side. They hover over links and then determine whether or not it is safe to click.

The argument I hear is…”I know the URL is correct, I have it memorized”. Here is the problem.  Unicode  is used to determine what character should be displayed in a field. It incorporates tons of different writing systems from various languages by giving each character of each language a different code. This is done even if they look the same to the naked eye. So an English “a” is considered to be a different character than a Cyrillic “a”, even though they look identical.  This allows hackers to create fake websites with domain names that look official right down to the domain name.  There is no way to tell by looking at them, which one is legitimate.

The fun doesn’t stop there.  Even if our hacker isn’t sophisticated enough to use the Unicode trick, there are several letters on a keyboard that are extremely similar and can be confused for one another. For example, the letters “I” and “l” are two different letters on the keyboard but look almost identical on the screen.

As clever as the hover trick is, if your hacker is using any of these techniques, you will end up with a data breach.  To truly make sure you aren’t going somewhere you would rather not, stick with the bookmarks and browser search results. Those will take you to the right website every time.

 

 

Scam pretends to lock your phone – 08/10/18

 

Windows users have heard about the tech support scam that informs them their computer has a virus and they need to call a 1-800 number to unlock it. Creative criminals are now using the same tactic with iphone users. They have seeded several porn sites with malware.  After your visit, a large dialog box appears on your phone informing you that your phone has been locked because you visited an illegal porn site. It all looks very official as it correctly displays the model of your phone and the URL of the porn site. It then gives you a hyperlink to a number to call to get your phone unlocked.

In reality, your phone isn’t locked at all. If you call the number you get connected to a hacker who then attempts to get information and money from you.  Although this scam leverages a visit to a porn site, a similar scam can be set up with any type of website.  It can also target any kind of phone.  It may be iphone users that are currently targeted, but it won’t take long for this scam to show up on Android phones as well.

Never call a number that shows up in an alert or notification on your phone.  Never click on security warning links either. If you do connect to a call center and start to feel uncomfortable, hang up. Apple will never lock your phone and then ask you to call a number to get it unlocked. Come to think of it, neither will Google or Android.

 

New twist added to the tech support scam – 05/09/18

 

The latest round of tech support scams compromise legitimate websites, sending the site’s visitors to a web page that locks their browsers and displays a fake virus warning. However, the cyber criminals have decided fake virus warnings on their own are not threatening enough. They have added an additional warning that your hard drive will be wiped out for security reasons if the 1-800 number isn’t called before the count down timer runs out.

To make things extra fun, some of these fake warnings have a fake close button that either shifts the browser window to full screen when clicked or creates a popunder that constantly refreshes the main open tab.

As with other tech support scams,  use the Task Manager to shut down the locked browser. When you restart your browser, you will be good to go. That is unless you have your browser set at startup to display the pages you last viewed.  Then you will be redirected to the same compromised web page and have your browser locked up all over again.  At that point your only option is to uninstall and then reinstall the browser.

 

Misspelling a URL can load your computer with malware – 04/24/18

 

In today’s world of brand recognition, nothing is more important than your domain name. Whether you are Coca-Cola, ESPN or Freds Furniture, you need a web page that people can find just by typing the name of your business.  What happens though when a consumer gets the name wrong? On-the-ball businesses buy the domain names for common misspellings of their name and redirect consumers with fat fingers to the correct web site. Those that don’t, leave consumers and their business exposed.

Criminals are buying up the misspelled domain names of popular web sites and loading them with malware. This practice is called typosquatting. It costs businesses millions in sales and untold grief for consumers.  In the best case scenario, visiting one of these sites will result in your anti-virus going spastic with pop-ups and alerts. At the worst, malware too new for your anti-virus to recognize will be quietly and efficiently deposited onto your machine. Many of these web sites can only be visited once. A repeat visit results in a 404 web page not found error, making it difficult to shut the site down.

The easiest way to protect yourself from typosquatting is to use bookmarks to visit your favourite sites. When looking for new ones, read and re read the search terms you have entered and then read them again.  Don’t let a slip of a finger deliver you into the hands of a hacker.

Fake software updates installing malware – 04/19/18

 

Legitimate websites are being infiltrated by hackers who inject malware that looks like a software update into the site’s code.  The malware detects which browser you are using and displays an authentic looking update notification that matches.  The malware is very stealthy as it only displays the fake update notification once.  This has allowed it to avoid detection until now even though researchers believe it has been in place since at least December 2017.

How do you know the difference between a legitimate update notification or malware disguised as one? You don’t.  The criminals are getting just that good. If you receive a notification that an application or browser needs updating:

  1. Close your application/browser.
  2. Reopen the application/browser.
  3. Go to your application/browser settings.
  4. Locate and select the Update command.

Note that the Update command is sometimes found with the About this application information instead of with the settings. Updating the application or browser within the application itself  is the only safe way to ensure your application or browser is up to date.

 

Your ad-blocker Chrome extension may be malware – 04/19/18

 

Adguard has found 5 very popular ad-blocker Chrome extensions in the Google Webstore which contain malware that allows a criminal to take control of your browser.

  • AdRemover for Google Chrome
  • uBlock Plus
  • Adblock Pro
  • HD for YouTube
  • Webutation

Google has removed the extensions. However if you have installed one of them:

  1. Uninstall it immediately.
  2. Change the passwords on all your accounts.
  3. Keep an eye on your bank accounts and credit card statements.

The malware these extensions contain work in the background making detection very difficult. As far as the user is concerned the extension is what it appears to be. For this reason millions of unsuspecting users downloaded them onto their machines.

How do you protect yourself from malignant browser extensions? Don’t download them.  If you really, really need the extension make sure you know who the developer is. Stick to well known trusted developers that you recognize.

Why you should worry about cryptocurrency mining – 01/26/18

First things first, what is cryptocurrency? Cryptocurrency is digital currency. The most known is Bitcoin, however others are popping up such as Monero.  How do they work? Well, I found a nifty little video that tells you the basics. It refers to bitcoin but the premise applies to all cryptocurrencies.

Neat huh?  Notice the part where they say it takes lots of computing power and lots of electricity to mine? This is where things get interesting. Criminals have figured out that if they use the computing power of other machines, they can mine more cryptocurrency faster without having to invest in all the computing power or electricity themselves.

Why should you be concerned? More and more malware is mining cryptocurrency. The malware is often hidden on legitimate websites, applications or browser extensions.  Why is this a problem? After all it is just using the processing power of my computer, its not actually doing any real harm is it? Well, no and yes. No it isn’t doing anything malicious like encrypting your hard drive or stealing your data. However, it is wearing out your machine and slowing it down. The more clever mining malware waits until you aren’t actually using your machine to mine. This reduces the chance you will notice that it is actually there, but still wears out the processor, eats up bandwidth and increases your electricity bill. Less clever creations, slow your computer down to a noticeable crawl.

Having millions of other peoples computers mining cryptocurrency for you can be quite lucrative. So much so that some websites have turned from using adware to generate revenue to asking users to lend their computing power. This is just fine if the user knows it happens and consents. It is another thing entirely when its done behind the scenes. Finding out your machine is being used for mining after the fact tends to leave you feeling like you need to take a shower. Its just not nice.

So what can you do about it? First of all, if your workstation seems slow contact the Service Desk. If it is your home machine, check the CPU processes to see if you have any spikes in usage.  How do you prevent the mining in the first place?  The mining software is considered to be malware, so the regular security measures that you take to protect yourself from malware will protect you from crypto mining. Make sure you:

  • Use an Ad blocker
  • Stay away from shady websites
  • Only download software from reputable sites with good reviews
  • Beware of browser extensions

Las Vegas Victims Charity Scam – 10/12/17

 

Just like clockwork, the scammers have surfaced to take advantage of the tragic shooting in Las Vegas. The have created fake gofundme pages, fake facebook pages and fake charity sites all designed to tug on your heart strings and take your money. They are enticing you to visit these fake sites by sending texts and emails encouraging you to donate and help out the unfortunate victims.

At the very best clicking one of these links or visiting one of these websites will result in the donation going to the scammer. At the worst, your financial information can be compromised or malware can be loaded onto your computer.

If you wish to donate, be careful of the sites you visit. Use a google search or bookmark to find your favorite charity.  Ignore facebook posts, texts and emails asking you to donate as they could be set up by scammers.

Want to donate, but you aren’t sure who is legitimate? Visit www.charitynavigator.org. This free website will let you know if a charity is legitimate or a scam.  By being aware, you can make sure your money goes to the victims and not the criminals.