Fake updates are bad for you

Fake updates. More and more I am seeing computers infected with software installed by fake updates. You are browsing the Internet and suddenly you are on an official looking page saying you need to update your Flash Player or your Chrome or Firefox browser. If you do the update several really annoying programs are installed that then modify your browser so you get sent to places that install even more of this crap.

The best thing to do is never do an update from something that shows up in your browser. Chrome and Firefox update automatically in the background with little intervention from the user. Flash will notify you with a popup by the clock that you need an update and current versions can be set to also automatically update without user intervention.

Here is an article on the ZD Net site talking about the same thing and showing some images. Go check it out for additional info.


Email scams and the Affordable Care Act.

So yeah, the Affordable Care Act gets implemented and within days emails start getting sent out either being for it or against it and providing links to sites that support these views. Also, emails for surveys are getting sent out, again, both for and against. Unsurprisingly most of these emails are fake and the links go to the usual sites that install malware on your computers.

These emails make use of the passions people are feeling now. It’s basically an email version of “Like this if you hate/love Obama care!” and in the heat of the moment passion people are going to click those links …… and then be infected.

As always, don’t click limks in emails people. 🙂

Another email scam

Yet another email scam. This one claims that you have failed to respond to requests for more information on a credit card dispute. They of course provide a link to all the information about this dispute which actually take you to their own web site so they can infect your computer.

Anyone that did happen to have a dispute going on would probably click the link without hesitation and the odds are they are going to hit thousands of people with disputes with this mass mailing. Even those who don’t have any credit card disputes going on would be curious and probably click the link.

USPS email scam

USPS email scam this time. Talks about trying to deliver an item and failed due to bad zip code and that it will be returned unless I pick it up. There is of course an attachment they want to you run to print a “label” so you can pick up this “package” that contains an executable file that will undoubtedly infect you with something nasty.

Email scams

The rate of fake emails intended to sucker me in to clicking links that would infect my computer or having attachments that do the same has picked up considerably recently. I am now receiving 3-4 emails a day of this nature.

It’s pointless to try to list each individual scam as there are now so many. Bank transfers gone awry. Shipment delivery fails. Fake government notifications.

You should be suspicious of any email that wants you to click a link or open an attachment, no matter who it is from.

It would seem most people are indeed being suspicious as I don’t get many calls for malware/virus infections these days, but I feel I must keep reminding people to remain vigilant. These attack attempts aren’t going away any time soon and tend to get better as time goes on.

Email scam

Today I received an email from “Verizon” about my account. I don’t have an account with Verizon so I knew this was a scam.

All the links point to a web site that is definitely not Verizon and directly opens up some HTML code. I can see someone who DOES have a Verizon account blindly clicking one of the links and getting infected.

It’s getting so you can’t trust any email that looks like it’s from a major corporation.

Another email scam

Another new clever email scam. These guys get smarter all the time.

I received an email purporting to be from Google telling me that they blocked a phising attempt and that I had to paste the provided URL (web address) in to my browser to “validate” my email account. The provided URL goes to a Google Docs spreadsheet to make it look legit and it does actually go to Google Docs spreadsheet. The problem is that spreadsheet has a macro/script that infects your computer.

Mistyped Internet address scam

I typed in an address for a web site I go to from time to time but I mistyped the name. The site with that mistyped name redirected me to a page that told me I needed to upgrade my media player with red letters that said “Required”. As an IT professional I knew it was bogus but I can see how so many of my customers have been fooled in to installing this malware. They made the page look just like a page you would see on adobe.com. Nothing actually said Adobe but most people wouldn’t have noticed that.

Be careful what you believe to be legit or allow to be downloaded to your computer from the Internet. There are indeed times when something needs to updated but that info will come from a legit site, not something you got to by accident. Also look for brand names to identify legitimate downloads. Generic terms like “media player” and “video player” are red flags.

Example, if your Adobe Flash Player needs to be updated then any site claiming to be an update site for Adobe Flash Player would have the word Adobe all over it plus it should be at adobe.com.

How to Spot Email Scams

A good column written by John Dvorak over at the PC Magazine site talking about email scams. He provides a list of things to do to determine if it is bogus or not. They are:

1) Does the information come from a shady source? Is there a reference to someone you do not know? Is the wording about the original source vague and breathless, such as, “This came to my attention after I was told that…”

2) Was the message cut and pasted from someplace else?

3) Did someone tell you to pass the message far and wide to everyone you know?

4) Is screwball stuff misspelled?

5) Within the post, is there a disclaimer? (The best one is: “This is not a hoax!”)

6) Does it seem plausible on the surface but your gut tells you it is bogus? (Your immediate BS meter is always correct! Fine tune it.)

7) Does it somehow encourage you to make a fool of yourself by either posting the hoax or passing it along to others? If you are asked to take action out of the blue by a casual acquaintance, then it’s likely a hoax.

8) At the end of the day, is the hoax idiotic when you really look at it closely?

The full article an be read here: http://www.pcmag.com/article2/0,2817,2412537,00.asp

Email PayPal Scam

A PayPal scam this time. I received an email purporting to be from PayPal. It was sent to the correct address and looked exactly like emails I get from PayPal. It said the transfer of $13,438.62 was being held for security reasons and to click the “Accept” or “Decline” buttons.

Oddly the transfer was listed as being to Young31622@sandscomputers.com. I think I know what email addresses are valid at my own company. Also one sentence had incorrect English.

The buttons both went to the same non-PayPal address where I am sure they would either infect my computer with some sort of malware or would have tried to get my login information for PayPal.