Security Archives - Computer Doctors

9 Tips to Stay Safe When Shopping Online

November 27, 2016 by admin

Americans plan to do as much as 15% of their holiday shopping online this year. USA TODAY asked computer security experts for their tips on how to stay safe as you buy.

1. Just say no to free Wi-Fi

Resist the temptation to use free public Wi-Fi. It is a trivial matter for hackers to eavesdrop on your connection and steal your information.

Florindo Gallicchio, Optiv

2. Avoid e-mails offering deals

Don’t click on email offers. Instead, go directly to the retailer’s website to find deals. Same thing goes for promo codes — don’t click those links to copy the code, but instead copy it and use it directly on the retailer’s website. Even the most legitimate-looking email could be from hackers phishing for account info.

John Kuhn, IBM Security

3. Don’t be lazy

If you need to create an account with an online retailer, do not use the same email address and password you use anywhere else. This is such old advice it may seem obvious, but many attacks are still successful because people reuse the same combination of email address and password in multiple sites, and attackers know it. It’s not worth the risk.

Geoff Webb, NetIQ

4. Use apps, not your phone’s web browser

Apps for sites like Amazon and Wayfair typically have an extra layer of security and encryption, making them safer to use when you’re out in public.

Morey Haber, BeyondTrust

5. Eschew convenience for security

Never save your credit card information in retail sites and web browsers. If they haven’t stored it, it can’t be stolen from them.

John Kuhn, IBM Security

6. Credit, not debit

When shopping online, use your credit card instead of your debit card. If something goes awry such as making a bad purchase with a malicious online retailer, it is usually easier to resolve any issues with your credit card company than with your bank (or at least the money is not deducted from your checking or savings account).

Lane Thames,Tripwire

7. Open your statements

Pay extra attention to your bank and credit card statements come January and February. Even small charges you don’t remember making can be a sign of fraud. If you see an unknown charge, call your bank immediately and report it.

Tim Erlin, Tripwire

8. Embrace phone-based payments

Retail data breaches have led to the compromise of millions of credit cards. Mobile payment technologies, like Android Pay and Apple Pay, cannot be cloned like traditional magnetic stripe cards. Consider using these technologies in your holiday shopping to keep your cards safe from thieves.

Ryan Olson, Palo Alto Networks

9. Don’t leave your phone unlocked

For God’s sake, set your phone to require PIN or fingerprint to access it!

Jeff Schilling, Armor

Source: USA Today – http://www.usatoday.com/story/tech/2015/11/17/9-tips-staying-safe-you-shop-online/75878958/http://www.usatoday.com/story/tech/2015/11/17/9-tips-staying-safe-you-shop-online/75878958/

Avoid this Apple Invoice Phishing Scheme

October 23, 2015 by admin

Coming soon to a mailbox near you: a blatant attempt to swipe your payment information. Couched in the well-worn guise of a supposed Apple Store refund, the mail wants potential victims to hand over their Apple ID / password and then a chunk of personal / payment details.

The email, currently in circulation, reads as follows:

Your invoice No.69513279

Dear Apple ID

Thank you for buying the following product on 10/22/2015 9:03:55 a.m.

Product Name: CoPilot Premium HD
Order Number: 57620731
Receipt Date: 10/22/2015 9:03:55 a.m.
Order total: 34.99 GBP.

If you did not authorize this purchase, please: Click here for Refund

Of course, you probably did not authorise any sort of purchase for a “CoPilot Premium HD” which is exactly the “Oh no my money, I must retrieve it” reaction they’re banking on (unless you actually did buy one of these, in which case things might get a little confusing). Nothing will have people rushing to click buttons and hand over information faster than the possibility of someone making unauthorised payments – clicking the refund links will take them to a fake login, via a redirect on a potentially compromised t-shirt website.

After handing over Apple ID credentials, the victim is taken to the next step which involves them giving name, address, DOB and full payment information.

Confirm your personal and billing information in order to cancel and refund the transaction above:

For your protection, we verify credit card and debit card billing details. The process normally takes about 30 seconds, but it may take longer during certain times of the day. Please click the Confirm button to confirm your information..

Unfortunately, hitting the “Cancel Transaction” button here would be pretty much the exact opposite of cancelling a transaction and victims could expect to see many more actual payments suddenly leaving their bank account. If you have this sitting in your mailbox, delete it. If you’ve already sent the scammers your details, notify your bank and cancel the card – while keeping an eye out for any dubious payments.

Apple themed phish scams are a popular choice for criminals, and whether faced with iTunes logins, “Find my phone” fakeouts, iCloud shenanigans or payment receipts such as the one above, recipients should be wary and – if in doubt – head to official Apple pages to find out if a payment really is being processed.

Christopher Boyd – Malwarebytes

Credit – https://blog.malwarebytes.org/fraud-scam/2015/10/steer-clear-of-this-apple-invoice-phish/

Criminals Continue to Defraud and Extort Funds from Victims using Cryptowall Ransomware Schemes

June 24, 2015 by admin

Data from the FBI’s Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. Recent IC3 reporting identifies CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses.1 CryptoWall and its variants have been used actively to target U.S. victims since April 2014. The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.

These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims. The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device is infected with the ransomware variant, the victim’s files become encrypted. In most cases, once the victim pays a ransom fee, he or she regains access to the files that were encrypted. Most criminals involved in ransomware schemes demand payment in Bitcoin. Criminals prefer Bitcoin because it’s easy to use, fast, publicly available, decentralized, and provides a sense of heightened security/anonymity.

If you believe you have been a victim of this type of scam, you should reach out to your local FBI field office. You may also file a complaint with the IC3 at www.IC3.gov. Please provide any relevant information in your complaint.

Tips to protect yourself:

Always use antivirus software and a firewall. It’s important to obtain and use antivirus software and firewalls from reputable companies. It’s also important to continually maintain both of these through automatic updates.
Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.
Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.
Be skeptical. Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether.

If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the Internet to avoid any additional infections or data losses. Alert your local law enforcement personnel and file a complaint at www.IC3.gov.

Avoid tech support phone scams

March 13, 2015 by admin

Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
Convince you to visit legitimate websites (like www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
Request credit card information so they can bill you for phony services.
Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Telephone tech support scams: What you need to know

Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you’re using. [Read more…]

A New Twist on Tech Support Scams Pop Ups

February 21, 2015 by admin

Tech support scams are not going anywhere any time soon. The number of fake pop ups and bogus 1-800 numbers keep popping all over the place.

This usually happens while you are browsing the web, or perhaps if you make a typo in a site’s name. This is a classic scare tactic with the goal of tricking you into calling for “tech support”.

Miscreants operating out of boiler rooms will impersonate Microsoft and ask you to pay hundreds of dollars for non-existent. Worse, they may hijack your PC and infect it with malware before running away.

The following screen will probably look familiar:

In an interesting twist first reported by How-To Geek, one such scammer is trying out a different scare tactic. Rather than direct victims to a phone number, it pushes a piece of software, which appears to be AdwCleaner. [Read more…]

Phishing scam that penetrated Wall Street just might work against you, too

December 1, 2014 by admin

Advanced tactics raise the bar on spearphishing attacks, making them harder to spot.

Researchers have uncovered a group of Wall Street-savvy hackers that has penetrated the e-mail accounts of more than 100 companies, a feat that has allowed them to obtain highly valuable plans concerning corporate acquisitions and other insider information.

FIN4, as the group is known, relies on a set of extremely simple tactics that in many cases has allowed them to remain undetected since at least the middle of 2013, according to a report published Monday from security firm FireEye. Members boast a strong command of the English language and knowledge of corporate finance and Fortune 500 culture. They use that savvy to send highly targeted spearphishing e-mails that harvest login credentials for Microsoft Outlook accounts. The group then uses compromised accounts of one employee, customer, or partner to send spearphishing e-mails to other company insiders. At times, the attackers will inject a malicious message into an ongoing e-mail discussion among multiple people, furthering their chances of success. [Read more…]