Ransomware Gets Personal

It was an ordinary Tuesday late afternoon for John Doe; catching up with friends and family on Facebook and sifting through his email before dinner. As he was scrolling, he noticed an email from an old acquaintance he hadn’t heard from in a while. Normally, John is hesitant to click on an email that is unfamiliar as he knows it typically is junk, but he hadn’t heard from this person in ages and was curious what the email was about. John clicked on the attachment and that is when the problems began.

When opened, the attachment appeared empty and didn’t include any information. John responded to his friend. While waiting for a reply, he noticed his computer was really slow and then a large pop window appeared on the screen with an ugly picture of a clown and the words, “Your computer files have been encrypted…you must pay the ransom or your files will be deleted.”

What just happened? John was hacked with a malicious file by cybercriminals under the guise that it came from someone he knew. He subsequently paid the ransom to the hackers to get his files back.

Does this happen often? Alarmingly, YES! Cybercriminals are no longer just going after companies, but individuals like you and me, and they are doing it at an alarming rate. These online scams infect your computer in different ways including opening email attachments, clicking on links in emails, or sometimes even visiting a valid website that has been compromised by cybercriminals.

So what can we do to protect ourselves from these attacks?

Backup all of your files religiously. Use an online backup that does it automatically for you like Backblaze, Crashplan, or Carbonite.

Ensure that you are doing updates on your computer for both Mac/Windows operating systems and the various software programs that you have installed including Java, Adobe Reader, Flash, etc. This will ensure that any vulnerabilities that have been discovered and pose a threat are eliminated.

Handle email with caution. Cybercriminals are getting better at disguising their phishing emails.

No matter how authentic the email looks, don’t open attachments or click on links inside unsolicited emails from friends, businesses, the IRS, or your bank. If it seems strange, call that person and verify they really sent you the file or link. Is it inconvenient? Yes, but it’s better than paying money or losing all of your files. It’ll be worth the extra precaution in the long run.

If you have been hit by ransomware, you have some difficult decisions to make. If your files are not backed up, you can either pay the cybercriminals for an encryption key to unlock them, or lose all the files and start over.

If your files are backed up with an online company, you can have someone help you wipe the hard drive and download your backup files. All of this takes time and is extremely inconvenient. It’s better to be cautious and verify the sender before clicking on attachments or links. If you are a victim of an attack, the FBI asks that you file a complaint through their IC3 site at IC3.gov.

5 Costly Scams Targeting Retirees

Con artists are using many schemes to prey on retirees. Don’t let your family members become victims of these prevalent scams.

  1. Since October 2013, the Internal Revenue Service (IRS) has reported over 290,000 scam calls. In these calls, the scammers claim to be from the IRS, declaring that the taxpayer owes money. The scammers threaten legal action and even arrest.
  2. Scammers will also call seniors pretending to be their grandchildren in need of money. They start the conversation like this: “Hi, Grandma. Do you know who this is?” Once they guess the name, the caller takes on that identity and asks for money.
  3. Beware of unknown, online pharmacies. With the cost of prescription drugs on the rise, some seniors go online looking to save money on prescription drugs and homeopathic remedies. Some fraudulent online pharmacies will take the money without ever mailing the drugs.
  4. Another scam has con artists reading obituaries in the local paper and calling the family of the deceased claiming that there are unpaid debts owed.
  5. A few unscrupulous funeral homes have also targeted retirees by encouraging them to purchase ridiculously expensive caskets. These same places also add unnecessary charges that are unfamiliar to the senior and more often unnecessary. The best defense is to go with a family member or friend to help look over everything at that vulnerable time of life.

These are just a few of the scams and they can affect everyone, not just retirees.

Fraud Alert: Email Scam

Hopefully everyone knows not to reply to an email sent by a “Nigerian prince.” However, criminals are becoming more sophisticated in their tactics. We recently learned of a new email scam during a national conference we attended. The reality of this scam was driven home when one of our own clients was hacked.

One day as I was sitting at my desk, I received an email from a client with whom I had spoken recently. The email said, “Are you in office?” As I was on the phone at the time, I replied I would call as soon as I was done with a call.

The response came, “We are currently out of town, we are here in Mexico and our cell phone is not working here , kindly email available accounts balances as of today.” (Hopefully, you noticed some of the grammar and punctuation mistakes as I did.)

What we had learned in our conference is that the new scam starts by hacking into an email by figuring out the password. Then the crook patiently finds out as much personal information as he can, including names, dates of birth, financial information, etc. Next, the crook will pose as the individual and try to make connections with the individual’s contacts (in this case, me). With so much information about the individual sometimes access is gained to a bank, credit card, or other financial account.

Dollar Sinking In The Sea

Our policy is to never send personal information via email, which inherently is unsecure. For that same reason we won’t accept trade requests via email.

When the email seemed to be fishy, I left a message for the client and waited until she contacted me. The client was indeed on vacation . . . , but not in Mexico. It is likely that the criminal knew she would be on vacation and waited for that moment to make a move.

Thankfully, none of the client’s financial accounts were compromised. However, the episode cost the clients an enormous amount of time and worry.

What lessons can be learned from this?

1. Use strong passwords and change them frequently.

2. Protect your computer. Make sure you have antivirus protection and that you have updated it recently.

3. Encrypt your wireless router by using a WPA key, or password, that will impede hackers using network sniffers.

4. Don’t give your passwords to others. (No one should ever ask.) If you aren’t sure you can trust the emailer/caller, don’t give them any personal information. Find the contact information through an independent source and contact the company that way.

5. Don’t be fooled by emails. Many scammers will send you an email that looks legitimate, but when you click on the link it will download a virus to your computer. Don’t click on any links if you haven’t subscribed to a service from that provider.

6. Limit online purchases and remember that even brick and mortar retailers can have their customer information breached.

If you do make purchases online use credit cards, which typically have fraud protection. If you are compromised the credit card company will usually write-off all of those charges. Debit cards allow thieves to take your money.

In this digital age, cybersecurity is increasingly important. Take a step towards protecting your personal and financial information by first protecting your email.