Cybersecurity Blog

Some Google Groups are leaking data – 06/05/18

 

Have you checked the settings on your Google Group lately? By default when you create a group, only group members can post and view messages  and people must ask to join the group. However, researchers have discovered that thousands of Google groups have their permissions set to allow the general public to view the group posts.  This would not be an issue if the people posting information to the Google Group understood that their posts could be viewed by the public. However, sensitive and private information has been found within these group posts suggesting that they really have no idea.

If you are the owner of a Google Group, please take a moment to check your permissions. To check permissions:

  1. Open the Google Group.
  2. In the title bar of the Google Group,  click Manage. The left menu changes.
  3. In the left menu, click Permissions. A list of permissions appears.
  4. Click to select each permission type and review its settings.

Please note that if you have selected All organization members, to View topics or Post anyone with an @mtroyal.ca email address may do so. This includes students, staff and faculty. If you have selected All members of the group, users must actually join the group to be able to post or view emails/topics.

If you wish to email/post to a Google Group, check the settings of the group to see who can see the messages you send. To check the settings:

  1. Open the Google Group.
  2. In the title bar of the Google Group, click About.
  3. Scroll down to find the Access section. The posting and viewing permissions of the group are listed here.

If you have questions or concerns about setting permissions, please contact Bernadette Pasteris at bpasteris@mtroyal.ca.

Your router may be infected with malware – 05/30/18

 

A type of malware called VPNFilter could be sitting on your router at home.  It steals data passed through the router, can make it non-functional and is very hard to detect. The threat is so concerning that the FBI has issued an advisory asking everyone to reboot their routers.  Although there is a list of routers that are known to be affected, everyone is being asked to reboot all routers as a precaution. A reboot will not remove the malware from the device, but it will make it ineffective.

To ensure the malware is completely removed from your router:

  1. Reset the router to its factory defaults. Check the owner’s manual for instructions.
  2. Update the router’s firmware (software that runs the router).
  3. Change the default admin password (usually found on the sticker at the bottom of your router).
  4. Create a new wifi password.
  5. Make sure Remote Administration is disabled.

You can find your owner’s manual online by Googling the make and model of the router. To change the router settings on most devices, you enter a URL containing a bunch of numbers and dots into your browser’s address bar. This takes you to a login page.  Your username and password are usually found on a sticker at the bottom of your router along with the URL. Once you have logged in to your router you can change the default admin password, create your wifi password, disable Remote Administration and update the firmware.

The good news is this process will completely remove the VPNFilter malware from your router. The bad news is once you reset it you will have to create a new wifi password and reconnect all your devices.

 

 

 

Hackers using calendar events to deliver malicious links – 05/23/18

 

Hackers have discovered a new way to deliver malicious links, through your Google calendar. How? Simply by creating a calendar event and inviting you.

By default when you are invited to a Google calendar event, the event appears in your calendar whether you have responded to an invite or not. The sneaky hackers know that if you receive an email with an invite from someone you don’t recognize, the odds are great that you will simple delete it or ignore it. So, they create an event with a vague description and include a link to the meeting agenda but choose to not email the guests.

What the hackers hope is days or weeks later when you receive a meeting notification or see the event sitting in your calendar, you will think you have forgotten about a meeting and will open up the event and click on the link to view the agenda.  I know what you are thinking, I wouldn’t fall for that because I would check the meeting owner’s email. Ideally that is exactly what you would do, however when humans think they have messed up they tend to panic and click.

How do you protect yourself from the panic and click? You can change your event settings on your Google calendar. Go to Settings and select Event Settings. In the Automatically add invitations section, select No, only show invitations to which I have responded. This prevents events from being added to your calendar without an email invite so you can’t be ambushed.

Tech support scams are on the rise, here’s how to protect yourself – 05/03/18

 

The scammers are ramping up their tech support scams and raking in the dough.  There are two in high circulation right now.  In the first the scammers masquerade as Microsoft support, calling unsuspecting victims and telling them their computers security has been compromised but can be fixed for a fee.  In the second, a dialog box appears on the victims machine claiming that it is infected with a virus and they must call a 1-800 number to have it removed. In both cases the scammers ask you to download software which allows them to gain control of your machine so they can “fix” your problem.

Of course they are doing no such thing as there is nothing wrong with your machine. In the best case scenario, they are simply faking a fix and then demanding payment for their non-service. In the worst case, they are loading malware onto your machine so they can record every key stroke you make and gain access to your banking information and anything else they fancy.  Once they get a hold of your personal information they can request bank transfers, apply for credit cards and open new bank accounts using your identity.

To add insult to injury, scammers are no longer satisfied with defrauding their victims only once.  While their victims are feeling overwhelmed and violated from the initial scam, the criminals strike again posing as government officials  or law enforcement offering to recover lost funds for a fee.

This is a reminder:

  • There is no way someone can tell that your computer is compromised without actually connecting to it.
  • If they connect to your computer without your permission, they are a hacker not tech support.
  • Microsoft does not make support calls.
  • No legitimate anti-virus software will give you a 1-800 number to call to get rid of a virus.
  • No legitimate company will call you saying your computer is compromised and offer to fix it.
  • Neither government nor law enforcement will accept payment for services. That is called a bribe and it is illegal.

If you are a victim of a tech support scam:

  1. Uninstall any software that the scammers asked you to download and run a virus scan.
  2. Contact the Calgary Police Service to obtain a police case number.
  3. Call the credit card company immediately and have the charges reversed. Give them your police case number.
  4. Contact your financial institutions and inform them of the incident. Give them your police case number.
  5. Contact a credit monitoring company such as TransUnion or Equifax  and have a fraud alert added to your credit file. Give them your police case number.
  6. Contact the Canadian Anti-Fraud Centre and report the incident.
  7. Keep an eye on your bank and credit card statements.

 

 

 

Misspelling a URL can load your computer with malware – 04/24/18

 

In today’s world of brand recognition, nothing is more important than your domain name. Whether you are Coca-Cola, ESPN or Freds Furniture, you need a web page that people can find just by typing the name of your business.  What happens though when a consumer gets the name wrong? On-the-ball businesses buy the domain names for common misspellings of their name and redirect consumers with fat fingers to the correct web site. Those that don’t, leave consumers and their business exposed.

Criminals are buying up the misspelled domain names of popular web sites and loading them with malware. This practice is called typosquatting. It costs businesses millions in sales and untold grief for consumers.  In the best case scenario, visiting one of these sites will result in your anti-virus going spastic with pop-ups and alerts. At the worst, malware too new for your anti-virus to recognize will be quietly and efficiently deposited onto your machine. Many of these web sites can only be visited once. A repeat visit results in a 404 web page not found error, making it difficult to shut the site down.

The easiest way to protect yourself from typosquatting is to use bookmarks to visit your favourite sites. When looking for new ones, read and re read the search terms you have entered and then read them again.  Don’t let a slip of a finger deliver you into the hands of a hacker.

Cyber Safety Summit 2018 – 04/23/18

The Cyber Safety Summit 2018 will be held on October 2, 2018 at the Lincoln Park room in the Main Building of Mount Royal University’s campus.   The summit will include experts speaking on home security, social engineering, fraud protection and how to recover from a cyber attack.  In addition  we are  adding a new topic this year, protecting your privacy.  Registration is free.

Spend the whole day with us or just come by for your favourite session. Either way you have the opportunity to hear from the experts themselves how to keep your family and home cyber safe.  Come with your questions and concerns, leave armed with the knowledge you need to keep hackers at bay.

Can’t attend the summit? We will be live streaming all sessions.  Visit the website to review last year’s program and to sign up for Summit updates.

Mark your calendars now!!  See you on October 2, 2018!!

 

How to spot fake businesses on Google Maps – 04/18/18

 

Cyber security expert Bryan Seely did some digging and discovered that large numbers of service businesses listed on search engines were fake businesses. They have no office location or business license. They simply answer calls and dispatch servicemen. However, when the service is provided customers are often charged much more than the quoted amount.  In addition, if the consumer has a complaint later the business listing has often disappeared.  Because these fake listings are so well marketed, they take customers away from legitimate businesses significantly affecting their viability.

When he brought this information to the search engines attention he was ignored. When he tried to engage media, he was ignored. However, when he wiretapped the Secret Service he finally got someone’s attention and Google Maps responded with a temporary fix. Unfortunately the bad publicity wasn’t enough to get them to do what needs to be done to fix the problem permanently.

So where do you turn if you are looking for a service business? Fortunately, the majority of service businesses in Yelp’s top listings  are legitimate. Yelp works a bit differently than Google Maps and others, they create the listing and the business owner claims it. This model greatly reduces the number of fake businesses on the site.  However, they still have their share. So how do you determine whether the business you are calling is legitimate or a fake?

  1. The business name is the name of the city followed by the name of the service. For example,  New York Locksmith.  Fake businesses select business names that will get the most search engine hits.
  2. Stock photography is used for the business photos or the photos are similar to those found on other sites. There is no real business so they have no photos of it to post.
  3. The have less than double digit reviews. A business that is legitimate will have been online for some time and have double digit reviews.
  4. The reviews are all 4 or 5 star. Most businesses will have a variety of reviews not just top rated ones.
  5. The reviews don’t span the life of the business. If they only have reviews listed for one year and they have been in business for 5, there is something wrong.
  6. If you click on the person who left the review and they have reviewed several businesses of the same type.  Someone who has left 7 reviews for locksmiths is either getting paid to write reviews or locks their keys in their car an awful lot.
  7. They don’t have a business license. Most legitimate businesses will be licensed.
  8. They are hiding their address. Scammers will hide their addresses so it is more difficult to report them to Google and the consumer cannot see that it is just a post office box.
  9. The website looks very similar to other websites. Scammers will often set up several fake businesses with websites that are identical except for the name and a few graphics.
  10. The price advertised is too good to be true. Fake businesses will list ridiculously low prices for a service and when they show up to perform it, suddenly change the price.

Unfortunately, some legitimate businesses will meet some of the criteria. However, only fake businesses will meet most of them. If you aren’t sure if a service business is legit, call them and ask them about their business license, if they are bonded or insured, where they are located, for a written service quote and how to identify their employees. If they balk on any of those questions, hang up and look for another one.

Beware, the locked browser tech support scam is back- 03/13/18

 

Malwarebytes has discovered an old tech scam that has resurfaced.  Hackers are compromising legitimate web sites. When you visit one of these sites, a pop-up appears on your computer telling you that you have a virus and you need to call a 1-800 number. To make it look like there is something wrong with your computer, the browser is locked and doesn’t respond to clicks.

If you call the number, you are asked to download diagnostic software that gives the hackers control of your computer. They then appear to find the virus on your machine and proceed with a hard sell trying to get you to pay to have it removed. In reality there is nothing wrong with your machine.

No software will magically detect issues on your computer without being installed. No browser can detect issues with your computer.  Microsoft does not send out alerts to let you know your computer is not working properly or has been compromised. Anytime you receive an alert of any kind with a support phone number, it is a scam.

The good news is, with this particular scam there is nothing wrong with your computer. All you need to do is shut down your browser through the Task Manager and everything goes back to normal. Just remember not to visit the same website again.

To shut down your browser in the Task Manager:

  1. Press CTRL + ALT + Delete 
  2. Select Start Task Manager
  3. On the Tasks tab, select your browser
  4. Click the End Task button.

Windows 10 Cortana can be used to access your locked computer 03/12/18

 

With the Windows 10 anniversary update Cortana, the voice assistant, is enabled by default.  It can be asked questions and accessed even if  your device is locked leaving it vulnerable to hackers. This was brought to everyone’s attention when researchers were messing around and discovered they could get Cortana to visit a malicious website just by asking regardless of whether the screen was locked or not.  If you don’t use Cortana, this isn’t an issue. However if you do use it, you can change its settings to turn off when the screen is locked.  Check out this How-To_Geek article to find out how.

Mount Royal Community Member gets fake CRA call – 03/09/18

 

One sure sign that spring is on its way…tax scammers pop up along with the tulips.  Although we are a ways away from enjoying the tulips, the scammers are out in full force. One Mount Royal employee came into work to find this on his voicemail.

Click the far left of the bar to listen to the voicemail message.

Pretty nasty huh? So how to do you know this is a scam?  Simple, the CRA will never phone you and threaten legal action or arrest. They will never send someone to your house to collect payment or to arrest you either.  This was a voicemail, so it was easy to calmly listen to the message and analyze it to determine if it was legitimate.

What do you do if they have you on the phone and they are threatening you? The scammers can be very insistent and believable causing considerable stress and confusion. If you experience a call like that from the CRA, tell them you will call them back and hang up. You can then contact the CRA at 1-800-959-8281.  If there are any issues with your taxes, whoever answers the phone will be able to address them.

Watch out for phishing emails from the CRA as well. As I mentioned in a post last year, the CRA will never email you unless you have given them previous permission to do so and they will never send you an email with links unless you have specifically requested a document.

For more information on how to identify CRA fraud and protect yourself, visit the CRA website.