If it walks like a duck…and quacks like a duck…

I have reminded many of you over the years to please pay close attention to unusual popups and if something smells fishy and aren’t sure if you should follow up, you probably shouldn’t.

Well let me share an experience (with the person’s permission of course) of this happening in real time.

Someone was busy with work but accidentally hit a site that caused one of those “your computer is infected” popups.  She was busy, and distracted, but this is scareware…and it worked.  She called the number and allowed someone to connect to her computer.  The standard speech started about how the computer is infected and needed immediate cleaning but a “Cisco specialist” needed to help.  She was then transferred to a second person and the fishiness started kicking in.

She put the person on hold and called me and asked if i was Cisco certified.  I was in the middle of something but a quick review said something didn’t sound right and i thought it was scareware.  I suggested she hang up with the other person, shut her computer down, and i would call as soon as i could.  When she went back to the person and asked for a phone number to call back because she wanted to talk to her IT person, the back-pedaling started.  A bunch of “well, since you’re not a member…you have to call this number to get transferred back to me….”

Click.

She did take pictures on her phone of some of the screens she was being shown.  The first screen is one of those normal fake warning screens.

IMG_0828

What i found very amusing was the second screen that this alleged “support specialist” said were the list of infected files.  It turns out it was the errors in her EVENT VIEWER

img_0827.jpg

As soon as i saw this (as i was on my way over to help) i had a feeling things would be ok.  I got there and was able to do my due dilligence in doing a thorough security check.  Also malwarebytes scans came up clean.

#ThinkBeforeYouClick

Are you excited about the new IPhone 7(or in my case iOS10)? me too…but don’t get too excited…

Scammers always try and take advantage of big events…(as we know)

I updated my Iphone to iOS10 on the first day it came out….yesterday I downloaded a new app(a free one though)…

and today I got an email saying my Apple ID has been suspended…wait…what???

Looking at the text of the message…it looks a little fake (a little too formal)…but I have never received an email like this from Apple before…

image

Ok…time to keep digging….the first red flag was that it wasn’t sent to the email address associated with my Apple ID…ok…this email address could be my backup address….but rule #1…start checking hyperlinks.

1) look where the email came from….don’t think this is a legitimate apple Email Smile

image

2) I checked the link to “click here to validate your account information”…yeah, maybe not…

image

But the simplest answer in any situation like this…is if you aren’t sure….CALL THE VENDOR DIRECTLY.  Don’t click on the links.

A Holiday Reminder…

Now that December is here…and Black Friday/Cyber Monday has come and gone…I am sure many of you are going to be doing more online shopping looking for that elusive perfect holiday gift.

This is also going to mean there will be an inevitable rise in malicious emails during the holidays…

So here is my friendly reminder to please be on the lookout for those fraudulent/”scareware” emails and things to look out for so you can catch them!

(and this in fact is an email I got this AM…which was a perfect reminder to send this!)

 

image

 

1) ok…so I do business with Chase Bank…but look at the email address it’s coming from…I don’t think int@cs.vt.edu is a legitimate chase address!!!

2) the email is addressed to “me” – say what?

3) I put my mouse over the link to “log on” – you can ALWAYS do that with ANY email to confirm the website you are being redirected to…I ask you…does that link look AT ALL related to Chase Bank?

My first rule is “if it looks at all suspicious…it probably is” – so please take a moment to read emails like this closely to determine their legitimacy before you act on them!

 

Happy Holidays!!!

this may only apply to people in PG&E Territory…but there could be more…

Find the number of things wrong with this PG&E Scareware email i got last night (one got through, a few of them were caught by my spam filtering program).

Image

1) if you look at the “from” address after “PG&E” – i doubt that’s legit…

2) when have you ever seen a “total amount due” that doesn’t have BOTH digits after the “.”

3) click here??? yeah right…once i put my mouse over the “click here” hyperlink…i could see that URL clearly WON’T take me to my most recent statement.

I have always gotten my statements from PG&E via snail mail….for those of you who read this outside of PG&E territory…i doubt you get your bills via email either…Don’t fall into the “scareware” trap and open this email!!!

 

Watch where you click…the 2013 version (or it is ok to “decline” something and still proceed)

So it’s been a while since I have posted something…I had to move my blog to a new location and need to work on my mailing list.

But today brings you another case study in “please watch what and where you click…”

I have spent the last day or so helping a client clean out a malware/crapware incident…someone needed to play a video with an .MTS extension..this person did her research and downloaded a program she thought would help…turns out there has been a whole lot of extra crap (browser add-ons, etc.) that got loaded so not only do I need to find a better solution, but I’ll have to clean up her computer….

So I set about this AM to find a resolution…turns out for Windows XP you need a codec for the extension to be played in Windows Media Player..Ok, I found what I was looking for and started the install process.

 

I got to step two of the installation process, and the software wanted to install the AVG toolbar…ok, no big deal..I selected custom installation, unchecked the two check boxes, and went to proceed.

image

What I did NOT see the first time around, was the “skip all” option.  even serves ME right for not reading the fine print

So the “crapware install” continues, I’ve never head of “WebCake” before, but if you read the details in here…yeah, right…I really want this…but YES I can decline and move on!

image

but wait there is MORE…once I click NEXT, I got ANOTHER pop-up for “add lyrics” – never heard of this either…but, just decline it and continue!

image

 

and ANOTHER?! what the heck is Wajam??? I soldier on…

image

 

But wait…there are still MORE options…Dealply? I direct you attention to the two highlighted sections…”dealply is a free, safe & friendly app…” and “dealply is a browser add-on…” –um, tell me the last time ANY browser add-on was SAFE AND FRIENDLY?? Smile

image

 

So I am done…right??? NO! the last bit of insult to injury…an attempt to install Norton Security Scan…

image

but I had no problem UN-checking the checkbox and proceeding….

 

So the moral of the story is I was able to get this codec installed after all of that “declining.” Please, please, please read the fine print and watch what you are installing! it doesn’t hurt to try declining something and proceeding if it’s something you really don’t want installed!!!

 

Jeremy