We recently identified a credit card skimmer injected into hundreds of fraudulent sites selling brand name shoes. Unfortunate shoppers may not only be disappointed with the faux merchandise, but they will also relinquish their personal and financial data to Magecart fraudsters.
First time ever for me to have one of these scams popup on my computer. This one here is the “Google Chrome Critical ERROR” phlishing scam that comes in a variety of forms. In this case the “Security System” (whatever that is) has detected the threatening attempt to gain access to my bank logins. The crooks, in this case, are recommending that I perform a temporary block on all my accounts; THEN, the crooks want me to contact their customer support team at Microsoft. If you really take a look at the screenshot below, you can tell that the designer of this scary scam graphic does not use very good grammar.
Folks, for God’s sake, please do not fall for this scam or any of the hundreds like it. They are scams. These crooks want you to call the number, as reflected in the screenshot; THEN, the real fun will begin where they will bilk you out of as much money as they can and will even want to help solve your problem by remotely taking over the operation of your computer. They are such nice criminals…
This error can be removed simply by closing the web browser, however, some websites run scripts that prevent users from closing browsing tabs/windows. In these cases, terminate the browser via Task Manager or simply reboot the system. Note that after re-running the browser, you should not restore the previous session, otherwise you will return to the malicious site. Also, I typically will run CCleaner and AdwCleaner. If you end up going to far with this scam and allow the criminals to take over your computer, you will need to be more aggressive in the removal process.
Thank you for visiting
‘What’s On My PC‘
Don’t do this… They are collecting your personal information for political purposes and maybe for other purposes… This is on the same lines as a scam!
The Trump administration launched a new site that lets users report when they think a social media platform has censored, suspended, or banned their activities due to their political opinions. But the White House wants a lot of personal information.
The scam works like this: A scammer places a robocall to a number and hangs up after one or two rings. They may call back several times. The idea is to get the caller to call the number back. When they do, the caller is prompted to pay long distance fees to connect the call, fees that are usually paid in part to the scammer.
To my reader’s at “What’s On My PC”… If you use Facebook, take a moment to read this. I have seen some of my Facebook friends being hooked into this. It is a “scam”. PLEASE, take my advice “Believe Nothing and Verify Everything”; especially, on social media.
Scammers are pushing multiple fake Facebook profiles of Ellen DeGeneres, popular US TV show host and producer, with the goal of tricking people into jumping through a few money-making hoops. This isn’t a sophisticated scam. It isn’t hacking the Gibson. It won’t be the focus of a cutting edge infosec talk. However, it’s certainly doing some damage—up to a point. This scam is a victim of its own ambition.
This is an excellent posting at “Addictive Tips” that looks at the various common identity theft scams. I especially encourage the readers at home to take a moment and take a look at this (see source link below). There is a lot of criminality out there and the more knowledgeable you are, the safer you (and others) will be.
While there are many things that can expose your personal information (like data breaches), there are precautions you can take to prevent others that are more in your control. But how do you avoid the common identity theft scams that are out there? Today, we’ll be showing you what to look out for, and how to protect yourself.
The best way to protect yourself online and at home from fraud and scams is through knowledge. Posted below are links to the latest “Fraud, Scams and Alerts” at the Federal Communications Commission. Take a moment to read down this list; even if you do not open any of the links. Being knowledgeable is the best protection that you will ever have when it comes to the evil intent of others.
Fraud, Scams, and Alerts:
- After Storms, Watch Out for Scams
- Avoiding Bill Shock on your Mobile Phone
- Call Splashing: Long-Distance Calling from a Public Phone
- Caller ID Spoofing
- Careless Dialing Could Cost You Money
- Cell Phone Fraud
- Cramming – Unauthorized Charges on Your Phone Bill
- Don’t Fall for the 90# Telephone Scam
- International Modem Dialing Scams
- IP Relay Fraud
- FAQs about Junk Faxes
- Low Power FM Radio Scams
- Mexico Collect Call Scam
- ‘One Ring’ Wireless Phone Scam
- Slamming: Switching Your Authorized Telephone Company Without Permission
- Spam: Unwanted Text Messages and Email
- Unwanted Telephone Marketing Calls and the National Do-Not-Call List
- Voicemail System Hacking
- Watch Out for Auto Warranty Scams
Anything to do with helping people identify scams, I try to post on here. This one has to do with someone claiming to be associated with your internet service provider…
Received a call about an “expiring” modem or “illegal activities” on your ISP account? It’s most likely a scam. Here’s what you need to know about it.
Saw the graphic below on the website, NakedSecurity, and felt compelled to remind the readers here on the blog that the scammers will not let up and will take advantage of any opportunity (such as Christmas) to trick and rob people. One very common scam is the phone call you answer from a person who claims they are tech support from Microsoft and want to fix a problem they detected with your computer. Please do not fall for this… Hang up on them and do not proceed with any conversation. Most of the time if they know they have a live number and person, they will relentlessly call back (often with a different scam).
To protect yourself, do the following: Most of us have voicemail or an answering machine. Let all your calls ring through. If you have caller ID, only answer the calls from numbers you are absolutely sure about. Even the phone numbers that may appear to be legit (i.e. from your area code) can be masked to look like a local number. I know this may sound extreme; but, this is how bad this problem is.
Also, there are poisoned websites out there that will prompt you to call a number to fix your computer. It is the same deal, they will scam you for money to fix a problem that does not exist. Bottomline is to avoid all solicitations by phone, computer, email, etc…
“Boiler rooms full scammers would make cold call after cold call, ploughing day and night through lists of phone numbers to scare victims into paying up for technical support they didn’t need for malware infections they didn’t have.”.
The holiday season makes for a busy time for us all; including, the hackers and scammers. I came across an article from CBS Pittsburgh (NewsRadio 1020 KDKA) where they interviewed a person by the name of Jason Glassberg who is the Co-Founder of Casaba Security. What caught my interest was that Mr. Glassberg provided a listing of 12 scams that you need to be on the lookout for this holiday season that I thought was worth a repost here on the blog.
1. Fake Retailers Online
“A website that’s put together in a way that makes you think you are going to an Amazon.com, but in reality they’ve gone and changed the O in Amazon to a zero,” said Glassberg.
Once on the site, hackers can install malware on your computer or steal your credit card information.
2. Phony Online Deals
Glassberg says if you see a deal that seems too good to be true, it probably is.
3. Fake Apps And Mobile Games
Before you download an app, search online to make sure there are not any complaints against the one you want to download.
4. Watering Hole Websites
These are fake websites that want to install malware onto your hard drive. These are usually fake news sites.
5. Card Skimming
These are readers that people use to get a copy of your credit card when you use an ATM or get gasoline. Glassberg says the only defense is to physically check the machine.
6. Fake Emails Or Text Alerts
This is the phishing attack that can look like it is from your bank, government agency or even a friend.
7. Charity Scams
These are fake emails or phone calls from an organization that sounds like a charity. Glassberg says they will ask for a credit card payment immediately or even a gift card. Glassberg says if they ask for a gift card, you can be almost sure this is a scam.
8. Clicking On A Link From A Hacked Friend
If you have a friend who is hacked, you may get an email that appears to be from them so check with them first if the link seems suspicious.
You are affected by a piece of malware that wipes out all of the data on your computer, and you are expected to pay a ransom to get it back. Glassberg says to just regularly backup your data.
10. Wi-Fi Hacking
Keep your WiFi equipment up to date
11. Fake Call Centers
This is an old scam that is popular during the holidays. Someone will call and claim that you owe money for a past due bill. Glassberg says to verify with your company.
12. Car Fob Redirector
Some hackers have now been able to build a “redirector” that replays your car unlock mechanism. Glassberg says to lock your car using your key.
In light of hurricane Harvey, I pulled the information below in this blog post directly from the US-Cert website and the FTC website warning people to be cautious when responding to emails that may contain links or attachments that direct user to phishing or malware-infected websites.
From my experience, when life events occur of great magnitude, there is an element of our global society that will try to take advantage of people. This element of people will try to scare, intimidate, scam and rob you via electronic means; whether it be by phone, email, SMS messaging and even Facebook. My motto in our electronic world is “Believe Nothing, Verify Everything”. Just because it looks legit or a friend posted it, make sure you verify it.
I encourage you to read the article below by Colleen Tressler, Consumer Education Specialist, FTC to educate yourself about scammer’s exploiting people when tragedy occurs.
Wise giving in the wake of Hurricane Harvey
August 28, 2017
by Colleen Tressler
Consumer Education Specialist, FTC
It’s heartbreaking to see people lose their lives, homes, and businesses to the ongoing flooding in Texas. But it’s despicable when scammers exploit such tragedies to appeal to your sense of generosity.
If you’re looking for a way to give, the FTC urges you to be cautious of potential charity scams. Do some research to ensure that your donation will go to a reputable organization that will use the money as promised.
Consider these tips when asked to give:
- Donate to charities you know and trust with a proven track record with dealing with disasters.
- Be alert for charities that seem to have sprung up overnight in connection with current events. Check out the charity with the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
- Designate the disaster so you can ensure your funds are going to disaster relief, rather than a general fund.
- Never click on links or open attachments in e-mails unless you know who sent it. You could unknowingly install malware on your computer.
- Don’t assume that charity messages posted on social media are legitimate. Research the organization yourself.
- When texting to donate, confirm the number with the source before you donate. The charge will show up on your mobile phone bill, but donations are not immediate.
- Find out if the charity or fundraiser must be registered in your state by contacting the National Association of State Charity Officials. If they should be registered, but they’re not, consider donating through another charity.
To learn more, go to Charity Scams. For tips to help you prepare for, deal with, and recover from a severe weather event, visit Dealing with Weather Emergencies.
An example of where someone asks you to pay money to get money is reflected in a recent FTC Alert where a scammer poses as a government official to get you to send them money. I encourage you to read more below to see how this scam works.
The scammers in this instance are pretending to be calling from the National Institutes of Health (NIH). According to reports, callers are telling people they’ve been selected to receive a $14,000 grant from NIH. To get it, though, callers tell people to pay a fee through an iTunes or Green Dot card, or by giving their bank account number.
If you get a call like this from someone asking you to pay money to get money; STOP, and hang up the phone. The federal government will not call you to give you a grant. NIH does give grants to researchers, but they have to apply for them, and those grants are for public purposes, not for personal use.
Again, as I have recommended in the past when receiving a telephone call do not answer the phone unless you can positively identify the number. If you do not recognize the number, let it ring through to voicemail. Once a scammer has a live person on the phone, even if you do hang up, there is a high probability that you will be called again, for the same scam or for a different one.
Many of you may be aware of this scam as a result of being a victim and/or know someone that has been a victim. I have found that the criminals who work this scam have a tendency to target our more elderly computer users through scare tactics. The scammers will either call you on the telephone to tell you they are Microsoft and that they have detected a problem with your computer AND/OR you will be working on your computer (typically on the internet) and will get a popup alerting you that there are problems with your computer and that you need to call Microsoft (or a tech support number) at such and such phone number.
Whether it is by telephone or on your computer, PLEASE avoid falling for this scam. If these scammers (criminals) do call you on the telephone, be prepared for subsequent calls where they will try again and/or will change the scam to something else.
My recommendation is to never answer your phone unless you can positively identify the caller. If you cannot positively identify the caller, let it ring through to voicemail.
To learn more about how this scam works and what the scammers try to extract from you, here is information “word for word” from Microsoft:
Cybercriminals don’t just send fraudulent email messages. They might call you on the telephone and claim to be from Microsoft. They might also setup websites with persistent pop-ups displaying fake warning messages and a phone number to call and get the “issue” fixed. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:
- Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
- Convince you to visit legitimate websites (like ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
- Request credit card information so they can bill you for phony services.
- Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
“Remember, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.”
Some scammers call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Other scammers send pop-up messages that warn about computer problems. They say they’ve detected viruses or other malware on your computer. They claim to be “tech support” and will ask you to give them remote access to your computer. Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary – or even harmful – services.
If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don’t click on any links, don’t give control of your computer and don’t send any money.
Below you will see a “fraud alert” that was circulated by my cable TV service provider. I am sure this is a common template used by criminal element in many areas around the United States (and maybe abroad). Bottom line is, DO NOT REACT or RESPOND or CLICK to any emails where personal information is being requested. These type of emails typically contain a threat of some type (such as loss of service); then, go on to request that you to click on a link contained in the email that will route you to a website where your information (such as credit card info, social security number, etc…) will be harvested.
ALWAYS, If in doubt, contact your service provider. It will save you a whole lot of grief…
ATTENTION ANTIETAM CABLE CUSTOMERS: FRAUD ALERT!
Several Antietam Cable customers have notified us they have received an email from an IT company claiming to be myACTV Customer Care. This company claims that accounts will be terminated if the customer does not enter their personal information, and asks for access to customer’s accounts.
In many cases, the email contains a message similar to the following:
“Your email account will be blocked in response to a complaint received by the administration.
myACTV may at any time, terminate its Services for your account and all your data will be lost.
You have to upgrade now to the newest myACTV Office to avoid this termination process.
Once your account is upgraded, we will restore your account to its normal state.
Follow the account service link below:
This process takes just a few minutes and once complete.
We’ll get back to you.”
What is nice about having your own blog is that you can have some fun with your friends and at the same time educate others…
My elders alway told me, “If it is too good to be true, stay away from it…” Two computer friends of mine, who I will call Bill and George, came across a “no name” flash drive that was advertised as 1 TB for $16 (out of China). They were excited when they received their perfectly packaged “no name” drives (all the way from China) and were bragging to ALL, “look what we got, 1 TB drives for $16″… Their excitement soon turned to blush when they started filling the drive with data and discovered at approximately 10% capacity of the drive the data started spilling out and the drive would not accept anymore data.
Bill and George were victims of what has become a very common scam on the internet of counterfeit USB flash drives. Many of the these drives can be found on eBay (and even Amazon); typically ship from China; and, often are in packaging (and branding) that replicates popular manufacturer’s such as Kingston, SanDisk, Toshiba and Corsair. Oftentimes, the seller themselves are unaware that the drives are counterfeit and take the hit on this, as the middleman (resulting in poor customer feedback that affects their seller ratings).
So, as you can see great measure and tactic has been taken by these crooks to take your money. Usually, with these drives, most folks do not realize in time, that there is an issue, due to the fact most folks do not “right away” start maxing out the capacity of the drive.
Again, “If it is too good to be true, stay away from it…”. Here are two tips to abide by when purchasing these drives:
- Do your homework… See what is current from reputable manufacturer’s (such as Kingston, Corsair, Sandisk, Patriot, etc…). You will get a general idea of what the current generation drive capacities are (and their true costs). For example, CLICK HERE to see the real cost of what a 1TB drive can be at present…
- Buy only from a reputable online source or buy at a local box store… I am seeing that a great majority of these counterfeit drives are found on eBay and typically ship from China (making it difficult to get your money back).
If you are an Android smartphone or tablet user; and, you use the Google Chrome browser (or the native Android Browser), you may want to take a look at (and install) the mobile version of Web of Trust. I currently use the PC version of Web of Trust on all of my computers to help me determine which sites are reputable and which sites are not.
Against what types of online threats can WOT protect you?
Malware & Viruses – Avoid visiting websites that host malicious software, such as viruses, spyware, and adware that can steal your information and spread to other devices.
Phishing – Turn back from malicious links in fake emails, websites and text messages that are designed to fool you into giving away personal information.
Scams – Users ratings warn you when you visit a site that may host any type of fraud designed to steal money or personal information.
Spyware – WOT can warn you when a site has been reported to host spyware, which collects your personal information without your knowledge.