Security warning! Don’t be a Sextortion victim

When it comes to IT security, there is always something new around the corner. Threats are constantly evolving. The bad guys are constantly finding ways to get through defences. Unfortunately, this isn’t just sophisticated, technical attacks but often, very simple emails, either pretending to be from Apple or Amazon etc or claiming they have something of yours and threatening to expose the data/video etc.

When you study this kind of things like I have to, you can quickly recognise the type of language used, the time limit, the threat, the easy way to pay. The stress the email tries to put you under so that you don’t think straight and panic. They want to make you panic and pay them because you’re scared of what may happen. Don’t stop and think, don’t ask someone for help, just pay and make this problem go away.

Let me first assure you that these guys don’t have pictures of you giving yourself a treat. This is a mass attack, not a small, concentrated one. They could possibly get a picture of you via your webcam but it would take a lot of skills and time. And unless you are constantly treating yourself, it is unlikely they will get the timing right to catch you in the act.

What they have managed to do is to use hacked data to get hold of your email address and a password. The password is probably old and may have been changed already but because you recognise it, you panic. Hundreds of large organisations have been hacked who have some of our data and this is what is being exploited.

Yahoo was hacked, Dropbox, Equifax, eBay, the list goes on. There is a huge amount of our data out there. The problem is, despite its age and limitations, the bad guys are finding ways to utilise it.

Sextortion

Is a serious internet crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favours, or money.

Here are some things you can do to avoid becoming a victim:

  • Never send compromising images of yourself to anyone, no matter who they are — or who they say they are (Dating sites)
  • Be very wary of opening any attachments in email, regardless of whether you know the person or not.
  • Cover any web cameras when you are not using them.

If you receive an email that claims they have a video of you viewing pornography, do not answer, delete the scam email and do not pay any amount in any form.

In many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, report it to the police.

The email

 

The email you receive, claims to have compromising images of the recipient and goes on to ask for payment in order to stop the images being released publicly. This is known as sextortion, and has been used for years. What makes this scam different is that it’s added something extra: it contains a real password used by the victim.

Here is an example of the email:

I do know, [PASSWORD REDACTED], is your password. You do not know me and you are probably thinking why you are getting this e mail, correct?

actually, I placed a malware on the adult videos (pornography) website and do you know what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser initiated working as a RDP (Remote Desktop) that has a key logger which gave me accessibility to your display and also webcam. after that, my software program obtained all your contacts from your Messenger, Facebook, as well as email.

What exactly did I do?

I made a double-screen video. First part displays the video you were viewing (you’ve got a nice taste haha), and second part shows the recording of your webcam.

exactly what should you do?

Well, I believe, $2900 is a reasonable price tag for our little secret. You’ll make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 19ZFj3nLSJCgoAcvZSgxs6fWoEmvJhfKkY
(It is cAsE sensitive, so copy and paste it)

Important:
You have one day to make the payment. (I’ve a unique pixel within this email message, and now I know that you have read this e mail). If I do not get the BitCoins, I will definitely send out your video to all of your contacts including relatives, co-workers, and so forth. Nonetheless, if I receive the payment, I’ll erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video to your 9 friends. It is a non-negotiable offer, that being said do not waste my time and yours by replying to this e-mail.I do know, [PASSWORD REDACTED],

Additional info

The Anti-Phishing Working Group (APWG) most recent report covers the phishing trends found in Q1 of 2018.

The highlights of the report included:

  • Over 11,000 phishing domains were created in Q1
  • The total number of phishing sites increased 46% over Q4 2017
  • The use of SSL certificates on phishing sites continues to increase to lull visitors into a false sense of security and site legitimacy.

All three of these trends add up to one thing – the bad guys are rapidly becoming more sophisticated and basically just spending a bit more time to orchestrate attacks. The higher the threat levels they can establish through targeted spear phishing attacks which leverage very private information, the more successful the campaign.

A lot of these bad guys (threat actors) come from poor backgrounds. They have an opportunity to make a ridiculous amount of money and basically have nothing to lose. They have no morals and don’t realise the full extent of the harm they cause.

Man pleads guilty to ‘sextortion’ — blackmailing women to provide lewd photos

Click here to read the full story.

Windows 10 spying: Microsoft reveals what data its collecting from your PC

Microsoft is revealing more information on the data that Windows 10 collects from all the computers it installed on.

With the impending rollout of the Creators Update for Windows 10 coming on the 11th of April 2017, Microsoft is releasing more information on the so called diagnostic data it collects by itself.

The next major overhaul of Windows 10, the Creators Update, will be available on April 11, but you may want to hold off on making the leap.

Windows 10’s Anniversary Update, the last significant feature upgrade to the OS, triggered complaints about frozen systems and broken webcams, due to a string of bugs that were uncovered after its rollout last summer.

This transparency has only comes after Microsoft faced the threat of enforcement action from various European regulators over the “excessive” and somewhat opaque nature of the OS’ data collection.

Microsoft will for the first time release the complete list of the diagnostic data collected at the Basic level, the lowest level that can be set by Home and Pro users. The firm will also provide a detailed summary of the data collected at the Basic and Full level.

Microsoft has recently reduced the amount of data collected at this Basic level by about half.

“One of our most important improvements in the Creators Update is a set of privacy enhancements that will be mostly behind the scenes,” said Terry Myerson, Microsoft’s executive VP of the Windows and Devices Group, in a blogpost .

The body representing EU privacy watchdogs, the Article 29 Working Party, users recently criticized Microsoft for the lack of clarity over the information Windows 10 collects.

“Microsoft should clearly explain what kinds of personal data are processed for what purposes. Without such information, consent cannot be informed, and therefore, not valid,” The group has not yet commented on whether this additional transparency addresses their concerns, but Microsoft said the changes were informed by the Article 29 Working Party’s concerns.

Apparently. the new Creators Update introduces a new privacy settings menu. This allows users to choose what information they are comfortable being sent back to Microsoft. Users can toggle off the collection of various pieces of information, including location data when using maps, voice recordings when using the Cortana virtual assistant, or diagnostic information related to what they type and write, and the apps they use.

Every user will be presented with the menu when upgrading. Obviously the default setting will be “on” to send various data back to Microsoft.

Alongside these changes, Microsoft has also launched a web-based privacy dashboard , which lets Microsoft account holders check the data Microsoft has collected about their use of its various services, for example, data related to location, search, browsing and Cortana.

Microsoft is also improving the in-product information about privacy and updating the Microsoft privacy statement to include more detail and reflect privacy changes in the Creators Update.

A Single Click Caused the Massive Yahoo Data Breach

A single click was all it took to launch one of the biggest data breaches ever.

One mistaken click. That’s all it took for a Canadian hacker aligned with rogue Russian FSB spies to gain access to Yahoo’s network and potentially the email messages and private information of as many as 1.5 billion people. To be fair, most ransomware and data breaches start with a single click.

The FBI has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday the , the FBI indicted four people for the attack, two of whom are rogue Russian FSB spies who work for the division that is supposed to cooperate with America’s FBI on cybercrime investigations. (The FSB is the successor of the KGB).

Kremlin Intelligence Services Overlap With Russian Cybercrime Underworld

One of these two rogues, Dmitry Dokuchaev, was himself recently arrested on what the Moscow press calls “treason” charges for passing information to the CIA. In reality, Dokuchaev started out as a criminal hacker who moved to the FSB but never stopped his old tricks. He was just one of the many criminals working inside Russia’s intelligence bureaucracy, and for personal profit he sold information to intermediaries that ultimately found its way to the CIA.

The investigation exposed rivalries inside the Kremlin intelligence establishment as well as inside the Russian cybercrime underworld with which it overlaps. Dokuchaev was part of the Shaltai-Boltai, a hacker group that exploits stolen data to embarrass and blackmail Russian politicians and business officials.

Image result for Shaltai-Boltai

The hack began with a spear phishing email sent in early 2014 to a Yahoo company employee. It’s unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.

Unimaginable that Yahoo did not sufficiently step employees through new-school security awareness training to prevent disasters like this.

How did the hackers do it?:

The hack began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It’s unclear how many employees were targeted and how many emails were sent, but it only takes one person to click on a link, and it happened.

Once Aleksey Belan, a Latvian hacker hired by the Russian agents, started poking around the network. Aleksey had two main objectives: Yahoo’s user database and the Account Management Tool, which is used to edit the database. Being the clever little fellow he is, it didn’t take him long to find these.

He then installed a backdoor on a Yahoo server that would allow him remote access control whenever he required it. Once he had access, he stole a backup copy of Yahoo’s user database back in December and downloaded it to his own computer.

The database contained names, phone numbers, password challenge questions and answers and, crucially, password recovery emails and a cryptographic value unique to each account.

It’s those last two items that enabled Belan and fellow commercial hacker Karim Baratov to target and access the accounts of certain users requested by the Russian agents, Dmitry Dokuchaev and Igor Sushchin.

Karim Baratov is shown in a photo from his Instagram account. Baratov, a Canadian man accused in a massive hack of Yahoo emails, posed an "extremely high flight risk" in part due to his alleged ties to Russian intelligence agents, law enforcement officials allege in documents filed with an Ontario court. (HO - Instagram/THE CANADIAN PRESS)

Karim Baratov is shown in a photo from his Instagram account. Baratov, a Canadian man accused in a massive hack of Yahoo emails, posed an “extremely high flight risk” in part due to his alleged ties to Russian intelligence agents, law enforcement officials allege in documents filed with an Ontario court. (HO – Instagram/THE CANADIAN PRESS)

Read more here:

http://www.csoonline.com/article/3180762/data-breach/inside-the-russian-hack-of-yahoo-how-they-did-it.html

Petya MFT Ransomware Returns, Wrapped in Extra Nastiness

Kasperksy researchers discovered a new variant of last year’s Petya Master File Table (MFT) ransomware, with “new and improved” crypto and ransomware models. Remember, MFT ransomware only encrypts the table where access to all files is kept, and does not encrypt the files themselves. It’s a very effective way to lock a machine and demand ransom in a few seconds.

Kaspersky’s Ivanov and Sinitsyn called the new version “PetrWrap” (because it wraps Petya), which uses the PsExec tool to install ransomware on every workstation and server it can access.

Instead of using the original Petya code, which was cracked last April, “the group behind PetrWrap created a special module that patches the original Petya ransomware ‘on the fly’”, the Kaspersky post states. This on-the-fly patching was created to hide the fact that Petya is handling the infection, and PetrWrap uses its own crypto routines.

If the PetrWrap malware coders had stuck with Petya’s ransomware-as-a-service model, they would need a Petya private key to decrypt victims’ data, but with this new version they can use their own keys.

Once the workstation or server is infected, the victim ends up with the file system’s master file table encrypted with a better scheme than the old Petya used. The PetrWrap coders used a tried-and-true, debugged version of Petya’s low-level bootloader, ensuring they had “production-quality” criminal software to make sure their infections would be successful.

Scam of the Week: New FBI and IRS Alerts Against W-2 Phishing

Read more about this scam here:
https://blog.knowbe4.com/scam-of-the-week-new-fbi-and-irs-alerts-against-w-2-phishing

Microsoft & Talk Talk scams

Microsoft & Talk Talk scams are no joke. They have been going for years and people keep getting caught out by them. It is important that you are not only aware of this potential scam hitting you but also protect your friends, family and parents (if they’re still around).

It begins with a phone call from someone who probably has an Indian accent purporting to be from either Microsoft or Talk Talk. They will tell you that you have a virus on your computer but not to worry because they can help. They will get you to download some software so they can get remote access to your computer.

They will then install some kind of software that looks like it is anti-virus software but it actually isn’t as it is designed to show you have loads of viruses on your computer when you actually don’t.

microsoft scam

They will then tell you that you need to buy the software so that it can remove the virus. This is where things get even worse for you because they get hold of your credit card details. They may tell you that they only need to take £5 but in a case we had last week, the payment taken was almost £500. Luckily the victim checked his bank account and instead of seeing Microsoft or Talk Talk or something similar, it said “Patel”.

Once they have your card details, they will not only take a large payment straight away but can try take subsequent payments as well as sell your card details to even more unscrupulous characters.

talk talk scam

We have also seen that some scammers have corrupted the registry or locked the computer so that it needs a password to boot into Microsoft Windows.

locked computer

Locked computer

However, it doesn’t stop there. As they have remote access to your computer, they can now monitor your computer and record you entering your online bank details. They can see passwords your enter. They could gain access to your email account and then access other secure websites you access.

As a lot of people use the same password to access different websites, they could easily gain access to a variety of websites. Including shopping sites and icloud etc. They could then sell these details on where some other delightful individual could steal your identity and rack up thousands of pounds of debit. I have seen this in the past, they could buy a car, remortgage your house. All in your name but have managed to change your address.

identity theft

So, what may start out as just a small scam and not seem that serious can very quickly escalate to something very nasty and life changing.

What do you need to do?

The first thing you need to do is be aware of this scam. Make your friends and family aware as well, especially people from older generations as they are more vulnerable. These are well organised scams and they are not going away anytime soon because they keep making money. And as they are based in India, it is practically impossible to clamp down on it.

What if I have been a Victim?

If you have had a call from a scammer and have let them onto your computer then you need to immediately shut your computer down. Don’t use it for anything and get it into us or another reputable computer company. Ring us now if this has happened to you – 01926 337 648

Here is your victim checklist:

  1. We need to check and remove any dodgy software from your computer
  2. Check for viruses they have left behind or key logging software
  3. You need to change any main passwords you are using
  4. If you gave out your credit card details, cancel the card immediately and get a replacement with a new number
  5. Change any bank passwords if you have logged in since the scam call
  6. Make sure you have paid for, good anti-virus. We recommend Kaspersky and Panda.
  7. We strongly recommend additional security software like Heimdal which protects DNS traffic and updates your programs automatically. Ask us for more info. This is only £2 a month per computer.
  8. Bring your computer into our shop so we can check it out for you – 22 Park Street, Leamington Spa, CV32 4QN

microsoft scam

Just get your computer checked our by a professional before you use it again.

Further info:

https://www.microsoft.com/en-us/reportascam/

I wrote this back in 2012 and it is still just as relevant – Link

http://www.ctvnews.ca/w5/inside-an-illegal-call-centre-in-india-scamming-millions-from-canadians-1.3310044

https://arstechnica.com/tech-policy/2017/01/two-india-based-call-center-employees-blew-whistle-on-massive-phone-scam/

https://www.nytimes.com/2017/01/03/world/asia/india-call-centers-fraud-americans.html?ref=technology&_r=0

http://www.bbc.co.uk/news/world-asia-india-37564408

Trojan “Svpeng” steals bank data

Security experts from Kaspersky Lab have discovered a new variant of mobile Trojan “Svpeng”. The Banking Trojan hides in Google AdSense ads and uses a vulnerability in Google Chrome. Its goal is to tap sensitive data from Android smartphones.

Users load the mobile phone trojan on their smartphone when visiting websites with infected advertisements.  read on to find out how “Svpeng” works exactly and how you can protect yourself. 

magnifying glass scanning android for a infected one

The mobile phone Trojan “Svpeng” infects Android devices via adverts.

Trojan “Svpeng” steals bank data

The Trojan has one primary goal: To access the bank andaccount data of the Android users. However, other sensitive information about the user is also at risk. “Spveng” can gain access to call-responses, texts and multimedia messages, browser bookmarks, and contacts.

The malicious software is usually downloaded unintentionally which is particularly sneaky. The Trojan hides behind Google AdSense ads. The Trojan is downloaded by the user just by visiting a page with an infected advertisement;

Click here to read more.

Online Christmas Shopping – beware of scams

Christmas is approaching and more and more of us are buying our gifts online.

But security company Kaspersky Lab have warned against rogue vendors on the Internet that roam on approved platforms.

You should be exercising extreme caution when buying online. Read on to find out what you have to pay attention to, to avoid pre-Christmas Internet rip-off.

The Internet attracts customers with lots of great bargains in the run up to Christmas. In addition, there are more and more campaign days with many price wars. And this brings danger as you are exposed to increased fraudulent traders and potential phishing attacks.

kennilworth computers

Beware of online shopping this Christmas

Christmas gifts online shopping can be risky

But what makes buying gifts online for Christmas so dangerous? Where are the dangers? One thing is certain- not only you as an online buyer are jeopardised, even the online retailers themselves are not safe from attacks. The dangers that Kaspersky Lab have said will threaten Christmas shopping:

  • The number of phishing attacks against online shops and payment systems is increasing significantly.
  • Malware is particularly popular on criminals’ campaign days.
  • Trading in counterfeit money cards is booming at Christmas time.
  • The number of hacker attacks on online retailers’ websites is increasing at Christmas time.

Gifts online – tips for safe shopping

click here for tips

New WhatsApp subscription trap: clicking on the link can be costly

Once again, a WhatsApp subscription trap hides behind what looks like a serious message. What is especially cruel is that you get the message from your own contacts.

So the message appears to be serious because you would think that your contacts do not want you any harm. But beware. If you click on the link in the message, a website opens asking you to answer some questions. This is where the subscription trap is hiding..

So be always watchful, because WhatsApp is very popular with fraudsters.

Whatsapp subscription scam

WhatsApp subscription trap entices with vouchers

Initially you are asked numerous questions, you will be then asked to send the message to ten of your contacts. If you do not, you have no chance to participate in the promised contest. But of course, you want to  enter into the competition, because you have already answered so many questions. And so the annoying news spreads like a chain letter.

Read more

Your account is locked, please verify your data

“Your account is locked” or “Account status suspended” – or something similar,  is the new wave of phishing emails that look as if they apparently come from PayPal. The police have already warned about the deceptively real-looking messages. PayPal have also responded to the scam emails and warns about them on it’s site .

It is not easy to detect whether the emails are genuine or fake. They are published as an exact copy of the original PayPal page. The colour and design are virtually indistinguishable from the original. Even the logo appears to be the original. The sender address service.team@paypal.co.uk  indicates a mail from PayPal itself.

Image result for paypal phishing email

Read more…

Macro virus risk; Spreading via attachments

A new danger lurks in e-mail attachments: The macro virus. These nasty little viruses embed themselves in the computer, change all the documents and even gain access to the e-mail program in order to spread itself independently. We will tell you how macro viruses work and how you can protect yourself from them.

Macro viruses are small viruses that are not available as a standalone program but as a macro They initially go unnoticed whilst they go about their mischief. Many commands in Office programs are based on macros, such as the command “Open File”, for example. A macro virus changes the instruction sequence and crashes the computer into chaos.

Read more here

virus alert