New Twist to Online Tech Support Scam and more

This one has been going on for quite a while, but it is definitely spreading like a bad rash. Just to prove it, one of my clients got a call from one of these while I was actually at their home for an appointment to work on their computer. What’s the chance of that happening? It’s certainly never happened before. And they are definitely using some serious social engineering to fool people into allowing them to get into their computers to quote/unquote fix their computers.

Thanks to Windows Secrets and Fred Langa for the link:

Windows Secrets reader Scott Brande was recently on the receiving end of a typical tech-support con. Recognizing it for what it was, he carefully documented the attempted snow job, then sent in his notes as a service to all Windows Secrets readers.

Check out the rest of Fred Langa’s article for the fully documented story.

And from IC3.gov site:

New Twist to Online Tech Support Scam and more – IC3.gov Scam Alerts (Jan 7, 2013)

NEW TWIST TO ONLINE TECH SUPPORT SCAM

The IC3 continues to receive complaints reporting telephone calls from individuals claiming to be with Tech Support from a well-known software company. The callers have very strong accents and use common names such as “Adam” or “Bill.” Callers report the user’s computer is sending error messages, and a virus has been detected. In order to gain access to the user’s computer, the caller claims that only their company can resolve the issue.

The caller convinces the user to grant them the authority to run a program to scan their operating system. Users witness the caller going through their files as the caller claims they are showing how the virus has infected their computer.

Users are told the virus could be removed for a fee and are asked for their credit card details. Those who provide the caller remote access to their computers, whether they paid for the virus to be removed or not, report difficulties with their computer afterwards; either their computers would not turn on or certain programs/files were inaccessible.

Some report taking their computers to local technicians for repair and the technicians confirmed software had been installed. However, no other details were provided.

In a new twist to this scam, it was reported that a user’s computer screen turned blue, and eventually black, prior to receiving the call from Tech Support offering to fix their computer. At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems.

Unbelievable! MICROSOFT DOESN’T DO THAT!

Avoid tech support phone scams

Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

• Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
• Take control of your computer remotely and adjust settings to leave your computer vulnerable.
• Request credit card information so they can bill you for phony services.
• Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

More here at Microsoft’s article: Avoid Phone Scams

Some more interesting things in the IC3 Scam Alerts:

You might also find the rest of the IC3 Scam Alerts interesting; including a list of the most popular passwords out there. If you are using any of them as passwords, you might just want to change it now!

Also some info on Java Exploit that is for sale for 5 digits! :

Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.

Might want to check out: How to Unplug Java from the Browser

Lizamoon and Epsilon breach

[tweetmeme source=”franscomputerservices” only_single=false]There are two major things that users need to be aware of right now, as if there weren’t enough already. 😉

One affects email and the other affects browsing/surfing the Internet. Both bad news, and we all need to be very aware of what has happened and why we have to be very vigilant in making sure we don’t click on links in email, open attachments sent in email, or respond to potential unexpected boxes and requests while surfing the Internet.

Financial and payment services are the biggest areas being hit right now, and will continue to be so much more effective and dangerous due to the current economy while people scramble to survive around the world.

Targeted Sectors Q2 2010 - Anti-Phishing Working Group (APWG)

Lizamoon/LizaMoon drive-by rogue malware infection

Lizamoon is a drive-by rouge antimalware or antivirus download infection. Thankfully you generally have to take some action to allow it to install as noted by Fred Langa in the comp copy of WindowsSecrets.com newsletter in his article entitled, “LizaMoon infection: a blow-by-blow account“. Must read!

The most important takeaway is that Fred said he had to take action on four separate occasions before the infection took place:

On the other hand, deliberate choices and actions by a user can defeat any software. LizaMoon required my active, voluntary involvement four different times before the infection took hold.

LizaMoon wasn’t even subtle: I had plenty of warnings and opportunities to abort the process, the malware itself provided abundant clues to its own bogus nature (such as an inability to keep its aliases straight).

Much more in the article. A must read for all who surf the Internet to be able to identify this rogue drive-by infection when it happens/if it happens.

The biggest takeaway:We can prevent these types of things by being aware and not clicking on things just because they are presented to us while surfing the Internet.

Epsilon breach – Spear Phishing attacks

Epsilon is an outsourcing marketing company for many big companies/banks. They have a huge database of people’s email addresses, names and the company or bank associated with each email address. This makes the spear phishing, generally a very effective social engineering technique and can make their attacks via email so much more effective…mainly because they know the email addresses are real, and more importantly they can link the real name and the actual company/bank connected the email address.

Computerworld reports, “Security experts today warned users to be on the watch for targeted email attacks after a breach at a major marketing firm that may have put millions of addresses in the hands of hackers and scammers.”

Brian Krebs (KrebsOnSecurity) and Heise Online Security report,

Epsilon has now confirmed that approximately 2 per cent of its total clients were affected. According to a blog post by security blogger Brian Krebs, financial services company Visa and American Express (Amex) say that they were not impacted by the Epsilon breach. However, the following banks, service providers and online retailers are said to have been affected:

1-800-FLOWERS
AbeBooks
Air Miles (Canada)
Ameriprise Financial
Barclay’s Bank of Delaware
Beach Body
Bebe Stores
Best Buy
Benefit Cosmetics
Brookstone
Capital One
Chase
Citigroup
City Market
College Board
Dillons
Disney Destinations
Eddie Bauer
Eileen Fisher
Ethan Allen
Euro Sport (Soccer.com)
Food 4 Less
Fred Meyer
Fry’s Electronics
Hilton Honors Program
Home Depot Credit Card (Citibank Editor)
Home Shopping Network
JPMorgan Chase
Kroger
Marks and Spencer
Marriott
McKinsey Quarterly
MoneyGram
New York & Co.
QFC
Ralph’s
Red Roof Inns
Ritz-Carlton
Robert Half International
Smith Brands
Target
TD Ameritrade
TiVo
U.S. Bank
Walgreen’s

Much more in these articles, must read, as well as others on the web including WashingtonPost, eWeek, BBC, and others.

The biggest takeaway: Don’t believe everything you see in email. Don’t trust links or downloads in email. Check with the person who sends it before opening any downloads and don’t give out information from your bank, and other sites, etc. unless you can confirm it definitely came from them. You can always go to the site directly from your own bookmarks/favorites and login to ensure you get to the right place. Don’t use their links in email unless you can verify it’s really from the company. In fact, one can get into trouble and get further compromised by clicking on links in email.

Side note: this is why I do not view email as HTML. So much can be hidden behind all the pretty pictures and code.

And be prepared. Keep your antivirus software and antimalware program as well, clear your Internet cache frequently. If you suspect you have been hit with one of these rogue antivirus/antimalware attacks, unplug the Internet/network cable from your computer to prevent further harm and take appropriate action by running Malwarebytes Antimalware, CCleaner (or other temporary Internet cleaner program you use), and then a scan with your antivirus software and take whatever recommended action they call for. Links to these programs provided on our Resources page.

If you make sure both of these are updated before you surf for the day, you will be in a much better situation should you somehow get hit with something.

And do your backups, and have an image of your OS to restore from if it becomes necessary. Windows 7 makes this very easy to do with their built-in image creator and backups, and system repair disk.

How to Defeat Lizamoon in One Easy Step

[tweetmeme source=”franscomputerservices” only_single=false]Lizamoon is a social engineering trick. Don’t fall for it.

PCWorld’s David Murphy, has the best solution for users surfing the Internet with this Lizamoon crap out and about on websites and posted it in an article entitled, “How to Defeat Lizamoon in One Easy Step“:

The simple solution: Don’t install unknown files! The more complex solution: Know what antivirus programs already exist on your system, and know what they look like when they scan for and find files. If something says you have malware on your system, and this something looks nothing like applications you already have on your system, be suspicious!

Much more in the article. Must read.

Yep, we are the biggest defense against many malware infections from websites, including this one. Just say no. 😉

And of course immediately run your temporary Internet files (TIF) cleaner, such as CCleaner, etc. as soon as you close your browser to remove anything that might have copied itself to your temporary Internet files. And run your security software to make sure nothing has gotten a foothold on your system right away.

If something like this happens, do yourself a favor and make a preemptive scan with your antimalware program, such as a great one called Malwarebytes Antimalware. Just because your antivirus didn’t pick up on it, doesn’t mean you don’t have a problem. No single program can pickup on everything.

Another great program option to help prevent this sort of thing would likely be WinPatrol, which can alert you to changes in your HOSTS file, items that are injecting themselves into your system through placing them in the auto run on boot, or other system changes that may be injected that you may not know are happening otherwise.

An ounce of prevention is worth a pound of cure.