IRS Reports Surge in Email, Phishing and Malware Schemes

The IRS has issued several alerts about the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information in order to steal their identity and assets. Scammers use the regular mail, telephone, fax or email to set up their victims. When identity theft takes place over the web (email), it is called phishing.

The IRS saw an approximate 400 percent surge in phishing and malware incidents in the 2016 tax season.

Scam emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. These phishing schemes can ask taxpayers about a wide range of topics. Emails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.

Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country. The IRS is aware of email phishing scams that appear to be from the IRS and include a link to a bogus web site intended to mirror the official IRS web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between “IRS” and “gov”), though notably, not IRS.gov (with a dot). These emails are not from the IRS.

The sites ask for Social Security numbers and other personal information, which could be used to help file false tax returns. The sites also may carry malware, which can infect people’s computers and allow criminals to access your files or track your keystrokes to gain information.

For more details, see:

The IRS does not initiate taxpayer communications through email. Unsolicited email claiming to be from the IRS, or from an IRS-related component such as EFTPS, should be reported to the IRS at phishing@irs.gov.

For more information, visit the IRS’s Report Phishing web page.

Beware – Microsoft Security Email Scam

OK, so you got an email from “Microsoft” and it reads something like Microsoft Security info We’ve discovered series of attempts on your mail account from new IP locations. This is for your own safety to continue using your account, click the button below.

Without spending more than a few seconds you can see this came from a gmail account and also had grammar issues.  These are quick identifiers to show they are not legit.  Microsoft would never send you a message from gmail.  There are also other clues… if you hover over the “Verify My Account” link without clicking it revels a URL to a foreign server not a Microsoft domain.

Although this type of Phishing is nothing new, we have had a surge in inquiries regarding these messages.  Microsoft will not send you any email like this asking you to logon or provide credentials.  You should always type in the URL manually or use a bookmark and never click a link in an email message you are not sure of.

Refer back to our 8 Ways to protect yourself from Viruses and Malware article for additional information on avoiding malware.

 

 

 

It’s the season of giving but scammers are taking

The holiday season is one of the busiest times of year for scammers and many Americans are putting themselves at risk. Don’t be one of them.

Here are 10 tips on how to protect yourself from holiday scams:

holiday-security-tipsCheck the charity: Before donating to a charity, make sure it is registered with the Secretary of State and ask how much of the money goes to the charitable fundraiser and how much goes to the charitable purpose.

Travel Safely: Millions hit the road, rail and sky during this holiday season. But with the cost of travel on the rise, especially airfares, passengers are easy prey for a host of scams.  Some seem legitimate. But there are some warning signs. For example, you want to travel to Europe or the Bahamas and a travel site offers you a hotel or apartment rental at a great price in a city you want to go to. It seems perfect, except you can’t pay with a credit card. They want cash, a bank or wire transfer. DON’T do it. It’s a scam.  Also, during the holidays, you can often be targeted using familiar e-mail addresses of your friends. You may receive an e-mail purporting to be from friends saying they were traveling and had their wallet stolen and that they’re in a hotel, unable to pay their bill. This is a travel scam that uses details taken from social networking sites (such as Facebook) to send phony distress e-mails to family and friends. And of course, these e-mails ask that money be wired or transferred.

Gift Card Fraud: Only purchase gift cards from reputable sources and try to get them directly from the store they’re from.  Ask the store cashier to scan the card to ensure it has the correct balance and provide a receipt before leaving.  Look at the back of the card to ensure the area with the protective scratch-off is intact.

Surf safely: Do not use public Wi-Fi to check sensitive financial information, or to make purchases using your credit card.

Package Theft: Require a signature on all package deliveries. You can also write specific instructions for the delivery company on where to leave your package, and don’t forget you can always have your package delivered to you at work.

Use credit: Use a credit card instead of your debit card when making holiday purchases.

Fake checks and free gift offers:  Websites may offer free gifts if you “click here,” and letters in the mail could ask for personal information in exchange for a $500 check.  Believe us, people you don’t know don’t want to give you free money. Remember the adage that there ain’t nothing in life for free. Similarly, the emails and shared status updates on social media saying “click here for your free gift” are likely phishing schemes or malware-laden, and letters asking for an advance payment to receive your free check for thousands of dollars are bogus.

skullBeware Suspicious Emails: Pay special attention to emails you receive from sources such as your bank, retailers and shipping companies such as FedEx or UPS. Scammers use the names of reputable companies to try and get you to open attachments containing malicious software or enter logon credentials to your accounts.  Never click links from emails or open the attachment in an email, especially if you’re not expecting a message from the source.  Instead, close the message and visit the site by manually opening it in your browser.  Call the source directly if you are suspicious or believe the message to be false.

Beware of deals: Watch out for deals offered by companies with unfamiliar websites. Look for reviews on Yelp, Google and the Better Business Bureau or search the retailer’s name and “scam” to see if it checks out before giving your payment information.

Secure your systems: Take added precautions with your security.  Make sure your antivirus and malware software’s are up to date and functioning. Ensure your windows and java security patches are applied and your firewall is configured correctly.  Backup your data!  These steps along with some simple common sense can help mitigate your exposure while online.

If you need assistance securing your systems or help cleaning up from a suspected scam contact us.

(561) 404-9251 | TMDTechnology.com

Dell Security Flaw Identified and Fix Available

dellpcPC-maker Dell is taking action to fix a security vulnerability on a number of its laptops shipped since August 2015.

The flaw was found in the digital certificate, eDellRoot, installed by Dell Foundation Services, which is part of a support tool to make it faster and easier for customers to service their system, according to a press release from Dell. But security researchers discovered that the certificate could leave users exposed to online spying and malware attacks.

Dell posted instructions on how to permanently remove the certificate on its website and stressed that the certificate will not reinstall itself once it is properly removed.

Learn more about the flaw and how to fix it here.

If you need additional assistance or would like to ensure the fix is applied correctly please contact TMD Technology Services.

+

Ransomware’s latest threats: What to do about CryptoWall, Chimera, etc

In a PCWorld Article they report what most technology professionals have probably already heard about…

Ransomware thieves have come up with creative new schemes in the past month and are targeting people heavily this holiday season.

Current ransomware typically encrypts victims’ data and then threatens to delete the key if payment is not made. The latest variant of the prolific CryptoWall malware, however, now scrambles the filenames on infected computers, making it even more difficult for victims to recover without buying the key from the attackers.

Potentially worse, another ransomware operation, known as Chimera, has threatened to publish the data of any non-cooperative victim—whether business or consumer—to the Internet. The operation, which currently aims at German targets, demands the payment of almost 2.5 bitcoins, or more than US $800, according to German cybersecurity site Botfrei, which reported the initial attack.

“To frighten the user even more, the message indicates the threat to publish personal data and pictures somewhere on the internet – if user doesn’t pay the bribe,” states Botfrei’s analysis of the attack.

An empty threat that may still signal a trend

Subsequent analysis has found that the program does not actually steal data. While this makes its threat largely toothless, it also raises questions about whether such tactics are a possible escalation in ransomware.

It would be a logical move in the cat-and-mouse game between data-encrypting criminals and security experts. In the past, online blackmail schemes have taken one of two paths. In the oldest type of schemes, criminals hack computers or use malware to steal—or create—sensitive or embarrassing information and then demand a payment for not publicizing the information. More recent schemes involved denial of service—the criminals use encryption to deny access to data, or use packet floods to overwhelm Web sites.

“Ransomware has always been a two-pronged attack,” says Adam Kujawa, head of malware intelligence for Malwarebytes Labs. “One being against the technology of the system and the other against the psychology of the user.”

The claimed abilities of Chimera combines these two attacks, denying access to data but promising to embarrass any victims that do not pay.

Chimera ransomware screenshot by BotfreiCourtesy of Botfrei
The Chimera ransomware claims it will leak your data, if you don’t pay.

Ransomware has become a significant threat to both businesses and consumers online over the past three years. The malicious software targets Windows and Macs, and even Linux servers and systems are not immune to attack. In August, Dell Secureworks researchers estimated that more than 600,000 computers had been infected by one type of ransomware, CryptoWall, in the first six months of 2015, and at least 0.27 percent of victims paid the ransom, garnering more than $1 million for the operators.

Security experts have also identified two fundamental hurdles to any ransomware schemes that threaten to publish data.

Currently, ransomware operators only encrypt data and then store the key to that data. Uploading copies of all of a victim’s data, or even a subset, is most resource-intensive and will make the ransomware more noticeable, says Chester Wisniewski, senior security advisor with security firm Sophos.

“There is nothing stopping them from saying they are going to go through your files, but are they really going to spend all that time for a few hundred dollars?”

Finally, publishing some or all of a person’s data to the Internet undermines the other part of the ransomware threat—losing access to the data. A victim could just not pay and then download their data from the information posted online, says Malwarebytes Kujawa.

Yet, future ransomware could turn the threat into a real tactic.

So what’s the latest advice? Security experts have a few recommendations.

1. Attend to your systems’ security

The first line of defense is to not get infected by ransomware. Users should avoid clicking on links or opening attachments in suspicious email messages and beware of dodgy Web sites, but also harden their systems. Update your software regularly, especially the ubiquitous code often targeted by attackers, such as Adobe’s Flash, Oracle’s Java and Microsoft’s Office formats.

In addition, users should maximize their chances of detecting malware, which is changed frequently to try to avoid security software. “There is a lot of money on the line, so these guys are working hard to keep their malware dynamic,” Sophos’s Wisniewski says.

Users should make sure to turn on the advanced settings in their security software, he says.

2. Back up your data

Historically, security firms have recommended that that businesses and consumers restore their files from backup, but not all businesses—not to mention consumers—back up their files regularly, leaving payment as the only option. In addition, it is often cheaper for a company to restore files using the encryption key rather than from backups.

“We always tell people to have backups and we tell people to never pay, but that is not always realistic,” says Chester Wisniewski, senior security advisor with security firm Sophos.

The FBI recently gave a nod to this reality. Joseph Bonavolonta, assistant special agent in charge of the Cyber and Counterintelligence Program in the FBI’s Boston office, told a recent conference, “To be honest, we often advise people just to pay the ransom.”

3. Encrypt data even on your own hard drive

Even security experts have had their files and email stolen by hackers and posted to the Internet. Increasingly, businesses are encrypting their most sensitive data and any sensitive email discussions. While encryption will not necessarily protect the content of messages, if the computer itself is compromised

This step is not foolproof, but it does add another hurdle for the data thieves.

Source: PCWorld