If it walks like a duck…and quacks like a duck…

I have reminded many of you over the years to please pay close attention to unusual popups and if something smells fishy and aren’t sure if you should follow up, you probably shouldn’t.

Well let me share an experience (with the person’s permission of course) of this happening in real time.

Someone was busy with work but accidentally hit a site that caused one of those “your computer is infected” popups.  She was busy, and distracted, but this is scareware…and it worked.  She called the number and allowed someone to connect to her computer.  The standard speech started about how the computer is infected and needed immediate cleaning but a “Cisco specialist” needed to help.  She was then transferred to a second person and the fishiness started kicking in.

She put the person on hold and called me and asked if i was Cisco certified.  I was in the middle of something but a quick review said something didn’t sound right and i thought it was scareware.  I suggested she hang up with the other person, shut her computer down, and i would call as soon as i could.  When she went back to the person and asked for a phone number to call back because she wanted to talk to her IT person, the back-pedaling started.  A bunch of “well, since you’re not a member…you have to call this number to get transferred back to me….”

Click.

She did take pictures on her phone of some of the screens she was being shown.  The first screen is one of those normal fake warning screens.

IMG_0828

What i found very amusing was the second screen that this alleged “support specialist” said were the list of infected files.  It turns out it was the errors in her EVENT VIEWER

img_0827.jpg

As soon as i saw this (as i was on my way over to help) i had a feeling things would be ok.  I got there and was able to do my due dilligence in doing a thorough security check.  Also malwarebytes scans came up clean.

#ThinkBeforeYouClick

A Holiday Reminder…

Now that December is here…and Black Friday/Cyber Monday has come and gone…I am sure many of you are going to be doing more online shopping looking for that elusive perfect holiday gift.

This is also going to mean there will be an inevitable rise in malicious emails during the holidays…

So here is my friendly reminder to please be on the lookout for those fraudulent/”scareware” emails and things to look out for so you can catch them!

(and this in fact is an email I got this AM…which was a perfect reminder to send this!)

 

image

 

1) ok…so I do business with Chase Bank…but look at the email address it’s coming from…I don’t think int@cs.vt.edu is a legitimate chase address!!!

2) the email is addressed to “me” – say what?

3) I put my mouse over the link to “log on” – you can ALWAYS do that with ANY email to confirm the website you are being redirected to…I ask you…does that link look AT ALL related to Chase Bank?

My first rule is “if it looks at all suspicious…it probably is” – so please take a moment to read emails like this closely to determine their legitimacy before you act on them!

 

Happy Holidays!!!

this may only apply to people in PG&E Territory…but there could be more…

Find the number of things wrong with this PG&E Scareware email i got last night (one got through, a few of them were caught by my spam filtering program).

Image

1) if you look at the “from” address after “PG&E” – i doubt that’s legit…

2) when have you ever seen a “total amount due” that doesn’t have BOTH digits after the “.”

3) click here??? yeah right…once i put my mouse over the “click here” hyperlink…i could see that URL clearly WON’T take me to my most recent statement.

I have always gotten my statements from PG&E via snail mail….for those of you who read this outside of PG&E territory…i doubt you get your bills via email either…Don’t fall into the “scareware” trap and open this email!!!