How to deal with Tech Support Scams

You get a pop-up message that says your infected and for you to call “Microsoft” Tech Support with the provided number, a voice may come from your speaker instructs you that your data is in harms way and to not shut off your PC. In a panic, PC users call this number and long story short, end up paying hundreds of dollars to a scam artist that claimed to fix something that was never an issue to begin with. This story is all to common today if you read the news.

A tech support scam artist claims to be an employee (or work with) of a major software company offering technical support to the victim. This can range from someone claiming to be your ISP, your cable provider, or even a Apple or Microsoft. The scam artist will claim the “company” has received notifications of errors, viruses, or issues from the victim’s PC. Scam artists are also claiming to work on behalf of the government to fight computer viruses and threats from enemy nations, hackers and terrorist organizations.

How they get you

Tech Support scam artists have a few tricks to try to extort you or scare you into paying them:

Cold Call. You’ll get a random call from the scammer who claims your PC is infected or has a serious error.

Pop-Up or Rogue Website. This is the more popular tactic where the victim will accidentally stumble upon a rogue website or receive a pop-up claiming you have a Windows OS Blue Screen Error, a massive data error, or a serious infection. Sometimes, it will lock your screen up and freeze your internet browser, or play a sound or voice over the speaker in an attempt to scare the victim. The pop-up or rogue website will always include the scam phone number for the victim to call.

Once you are speaking to them and letting them in

They will attempt to scare you further and instruct you to allow them to remote access your PC or devices to “fix” them. One they are in, they will claim they found the “errors” or “viruses” and ask you to pay for them to be removed, this usually amounts to hundreds of dollars. The money is collected from the victim usually by debit/credit card, wire transfer, or even prepaid gift carts!

If the tech support scammers are remotely accessing your devices, they can use this as a way to hold your information hostage and ransom you. They can intentionally install malware onto your PC, or steal your sensitive data on your PC such as passwords, financial accounts, and other data. There have been been reports of the scammers becoming so agitated they have threatened to destroy the computer and all its data unless the victim pays on spot.

What can you do to stop them?

We at SUPERAntiSpyware recommend a few different forms of defense and mitigation against the plague of tech support scams:

Do NOT give out credit card or bank information.

Recognizing what is occurring and ending the call immediately if you are speaking to a tech support scammer.

Do not allow unknown and unverified organizations remote access your devices such as your phone or PC.

Make sure you are using the latest version of SUPERAntiSpyware and it is up to date.

If you see a pop-up or you stumble upon a rogue website that is claiming you are infected, have an error, or a Blue Screen of Death go ahead and close your web browser, if needed force it down via the Process Manager. If you cannot do that, reboot your machine.

If you are a victim

File a fraud report with your Bank or Card issuer immediately and stop payment, or see if you can dispute the payment if it has already been made.

File a Complaint with the FBIs Internet Crime Complaint Center

Change your passwords to the services the tech support scam artists may have uncovered when they remote accessed your PC.

Remove any remote access software the scam artist may have had you install on your PC.

Prevention is Best!

Prevention is the best way to ensure you are never infected with spyware and your data is never lost or stolen. It is possible to clean up an infected machine and remove spyware but sometimes the damage from certain spyware, such as ransomware, cannot be fixed as files become encrypted or otherwise corrupted.

While no single solution available is a silver bullet, the following list outlines some of the best practices in lessening the risks of losing data after an infection:

1) Backup your files and software! Having backup copies of your photos, documents, software, and other files can make sure you never lose them to a malware infection such as ransomware encryption. Many people choose to use external drives or the cloud for their backups, but keep in mind that if you use external drives, the data can still be at risk if you leave your backup drives connected to your machine at all times.

We at SUPERAntiSpyware offer an Online Backup Solution as an optional service when purchasing SUPERAntiSpyware at $6.95 a month. This subscription allows you to backup and protect your important files and documents onto a cloud-like server so you always have copies of your important files.  You can read more about our backup services here: https://www.backup.support.com

2) Keep SUPERAntiSpyware up to date and run regular scans. We update our definition list twice a day to make sure our users catch the latest threats, as well as periodically release software updates. It is imperative users keep up to date so their software continues finding the latest threats. In order to make sure that nothing creeps in between scans, we recommend regular scanning at least once a week, if not every day.

3) Update your Windows Operating System and Software you use. Make sure you always are using the latest version of Windows with the latest updates and security fixes. Most Windows updates are patches for existing and/or potential vulnerabilities, so keeping these holes filled is crucial in stopping the spread of malware. Additionally, using unsupported operating systems (anything older than Windows 7 as of right now) can leave you just as unprotected. If you are using web browsers such as Firefox, Chrome, or others, always make sure you are using the latest versions, and don’t forget to update any add-ons, plugins, or extensions you use to the latest editions.

4) Double Check Emails before opening them. Check the sender of every email you receive. If you do not know them, or the email looks suspicious, do not open it! Delete it! Do the suspicious emails include links to click or strange attachments? Do not click the links or open the attachments no matter how innocent they sound. If it claims to be from an official organization, call them and ask if the email is legit. Better safe than sorry!

5) Use strong passwords and/or multi-factor authentication. Good passwords are long. Good passwords also contain capital and lower case letters, numbers, and special characters. Do not use an easily guessable password that contains personal information like your birthday or the name of your pet, and do not use the same password for every website! This makes it harder for hackers to gain access to your personal information, especially when you use different passwords for every site. It might be a bit more to remember, but it diminishes the risk and the headache of sorting everything out after your information is stolen.

Many sites, such as banks, often will have multi-factor authentication available. With these systems, you not only need a password, but you also will need a special code that is often randomized on a dongle or smartphone app. These types of systems are more secure than just a typical password, as the extra step is incredibly difficult to hack into.

6) Use an Ad blocking Extension. Software such as Adblock Plus and uBlock Origin for your internet browsers are free, cross-platform browser extensions that filter unwanted content such as ads, pop-ups, rogue scripts, and even IP leaks. Using an ad blocking extension on your web browser will greatly lessen the impact of “Malvertising”, website ads that drop rogue programs onto your PC without your knowledge. While these programs might not block every ad you encounter, the chances of you running into something particularly malicious will be reduced dramatically.

7) Remove unsupported software. Many software programs, such as Flash or QuickTime, are no longer supported by their publishers, or are no longer supported by modern web browsers. This means that existing versions can have massive security flaws, despite there being many users who still have the software installed on their computers. It is recommended that users uninstall software that has been abandoned by their creators, especially if it is something that deals with content on the web.

At the same time, many newer pieces of software cannot run on older operating systems such as Windows 98, Windows ME, and even Windows XP. Keep your operating system up to date! When Microsoft stops supporting an old operating system, they stop all updates, which can lead to vulnerabilities being exploited.

8) Don’t talk to tech support scammers. If you’re on the internet and suddenly get a pop-up or email claiming your PC is infected with a virus, and that you need to call a listed number immediately, do not do it! A real security company wouldn’t sell their services from sketchy pop-ups or emails. These companies typically list a 1-800 number for you to call so they can try to lure you into spending potentially hundreds of dollars and giving them remote access to your PC.  More likely than not, they will try to infect you or steal personal information during their remote access “work”.

9) Make sure you are on secure connection when purchasing products online or entering in personal information. You can tell you are on a secure website when the URL reads “https” and not just “http.” This is also referred to as HTTP over SSL which is encrypted. This protects against eavesdropping and tampering. Often, the address bar will change color or display a lock icon next to the URL you are visiting if you are connected through a secure HTTPS connection.

10) Use a firewall. Since Windows XP, every Microsoft operating system has come with a firewall. It is recommended you make sure this is always enabled. If you use a third party firewall, it is also recommended you always keep it up and running. Firewalls use rules and examine network traffic as it passes in and out of your PC. If a connection does not follow the firewalls rules, it will be blocked. This also allows you to monitor activity on your network from intrusion attempts or if rogue software on your PC is trying to reach out to a hacker.

Even the most cautious of people can get infected; however, by following these tips your risk of getting infected or being unable to recover from an infection will go down dramatically. Remember to stay safe, exercise caution, scan regularly, keep everything up to date, and backup your data often.

Typosquatting: Another front of malware attacks

Typosquatting is a type of internet scam that relies on end users making mistakes, such as spelling errors or entering the wrong domain name when entering a websites URL. It is also commonly known as URL Hijacking. There are many motivations for a hijacker to take the Typosquatting approach to deceiving unsuspecting victims:

1) To redirect web traffic to their own or a competitor’s product.

2) Installing malware to infect the user’s machine, typically with ad-hosting pieces of malware.

3) Freeze the web browser for a fake Tech Support scam, scaring the user into calling a fake tech support number claiming the user has a virus infection. These scams potentially cost the users hundreds of dollars.

4) To steal user information by running a phishing scheme to mimic legitimate website.

5) Making revenue from the user clicking on advertisements (either in plain site or disguised as legitimate search links) on the Typosquat website.

6) To blackmail or strong-arm payment from the company they're Typosquatting in order to force a purchase of the website from the Typosquatter.

A scammer who runs a Typosquat scam typically registers a website address with spelling close to the legitimate websites address. This is typically something simple like omitting a letter, adding a letter, or using a different Top Level Domain. For example if a user wants to go to our website, they may end up typing superaantispyware[dot]com with double a’s. This will end up showing a user a Typosquatting website such as this:

Another type of Typosquat scam would be due to the person improperly typing out the full URL, typing something like google [dot] om , rather than typing google [dot] com. In this instance, the person typing the .om domain would actually be viewing a page hosted on Oman's Top Level Domain, rather than the basic .com domain. In some instances, large corporations will buy up as many associated domains as they can in order to prevent this type of mistake (Google, for example, has variants of their site containing multiple o's and different Top Level Domains); however, not all companies have the foresight and/or money to do this. 

It is easy to avoid falling prey to a Typosquatting scam. Here are a few easy things you can do to prevent this.

1) Never open links in emails from unexpected senders, and exercise caution when visiting sites you're not familiar with.

2) Bookmark your favorite websites so you can easily access them.

3) Use a search engine like Google, Bing, or Yahoo when looking for a specific website if you are unsure about the spelling or if the business' website is the same as their name. Some car dealerships, for example, use dealer names or slogans as their website.

4) Double check the URL you are typing before loading the page

5) Make sure Real-Time Protection is turned on in SUPERAntiSpyware Professional

6) If you are starting a web-based business, consider buying multiple domains that are similar to your primary site to preemptively stop Typosquatters. Most domain registrars will offer bulk rates when you purchase more than one domain at a time.

While this type of attack is somewhat uncommon by today's standards, it still happens every once in a while. By practicing safe browsing habits, keeping your web browsers up-to-date, and running regular scans of your machine, you should not be impacted by most of these types of attacks.

Macros and You: An old attack becomes chic again

Some of the earliest computer viruses and malware were created using macros in Microsoft Office documents. These pieces of malicious code would run once the document was opened, and the infection would happen without the user even being aware that their machine had been compromised. While these types of attacks had fallen out of favor over the years, they've come back in style and are more popular than ever before.

What exactly is a macro? While you've probably heard the term thrown around before, most people don't actually know what they are, or what they're capable of. In short, macros are little snippets of code that run through your office software. Many people use macros to speed up a repetitive processes, like formatting items. Unfortunately, the same type of code that is used to perform the mundane can also be used to perform the malicious.

Due to the ease of abuse, Microsoft removed the automatic enabling of macros many years ago. This is ultimately what lead to the majority of these types of attacks going by the wayside. Because there was no longer a way to abuse this on most machines, would-be attackers changed their methods to more traditional programs, which are far easier to detect with a normal malware scanner.

With the recent surge in ransomware, new methods of delivery were needed by would-be attackers. The anti-malware engines had been able to detect many variants, and it was only getting easier. This meant that stealth was needed. What better way to do that than to bring back a tried-and-true method in Office Macros. Few people expected it due to the fact that these infection types hadn't really been seen in years. 

The basic attack is carried out like this:

1) An infected person sends you an email with the subject similar to "ATTN: Invoice Attached" that has a Word document attached. 

2) The person downloads and opens the file, only to see a garbled mess of characters with a notice that says "Enable macro if the data encoding is incorrect" in big bold red letters at the top of the window

3) The unknowing victim enables macros, thereby initiating the malicious code

4) The code runs, sending out an email to your Outlook contacts (attempting to infect them), downloads whatever payload(s) it wants, then runs the ransomware (locking your files)

Because of the sharp increase in these types of attacks, Microsoft, SUPERAntiSpyware, and many other security vendors recommend that all users disable macros if they do not need to use them. While Macros should be disabled by default, it is worth double-checking your preferences in order to ensure that you are protected as best as possible.

For more information on how to disable macros in Office files, please visit this Microsoft Support article.

NOTE: This is a recommendation specifically for home users, if you are in a work environment please contact your IT department first before making any changes!

Holiday scams

                The holiday season can be a very busy time for many people, but it is also a busy time for cyber criminals. There are a lot of online scams going around this time of year, looking to take advantage of increased shopping activity and people’s generosity. We’ve listed some tips and warnings about some of the most common scams.

Fake Retailer Websites
                A counterfeit website which mimics the site of a real retailer using similar layouts, color schemes, graphics and logos. Sites like these have been known to send low quality merchandise that doesn’t work or falls apart, or simply send nothing at all and just simply steal the personal and financial information you provide them.

Deceptive Advertising
                We’ve all heard the old adage “If it’s too good to be true, then it probably is.” This certainly applies to online advertising. If I saw an ad offering a Rolex watch for $100, for example, I would be very suspicious. Even if you didn’t end up buying anything from the site, simply clicking the link could install malware onto your system.

Point-Of-Sale Malware
                Over this past year there have been several data breaches from some major retailers. Many of these breaches were due to malware inside the Point-Of-Sale devices. When a card is swiped through, the malware will send a copy of your card information to the malware creators. The best way to protect yourself is to be diligent in checking the transaction history of your accounts. If you notice any unintended purchases, contact your financial institution immediately.

New Devices
                Many people will buy or receive new phones, tablets, USB drives, or other devices this holiday season. Devices like these can get infected with malware. Connecting your device to your work computer (even just to charge the battery) could wreak havoc on your company’s servers and systems. Make sure to check with your IT department about BYOD (Bring Your Own Device) policies.

ATM Skimming
                Holiday shopping may mean hitting up the ATM. Before inserting your card, double-check to make sure that the ATM hasn’t been compromised. If the keypad, card slot, or cover look different or loose, a device (or malware) may have been installed to steal your banking information. Another ATM tip is to cover the keypad with one hand while entering your PIN with the other. Criminals have been known to install tiny cameras in ATMs in order to find out your PIN.

Public Wi-Fi
                While it may be convenient to sit down at your local coffee shop and use their internet connection, you should be very cautious of what information you send over their free Wi-Fi. Systems like this are usually not very secure, and someone could steal your information with little effort. Never do banking or online shopping on public Wi-Fi.

Shop only on secure websites
                A lot of holiday shopping is done online – make sure that the site you are shopping on is secure. Look at the website address at the top of your web browser. If the URL begins with ‘https://’ then you know that they are encrypting your sensitive information. If the URL begins with ‘http://’ then the website is not using encryption. Additionally, most major browsers will display a lock icon in the address bar. You can click this lock to get more detailed information about the website.

Fake charities
                Make sure to do your homework on any charitable organization before donating. Their name and website may seem legitimate, but it could be someone trying to take advantage of your generosity and scam you out of money.

Social Media
                Some things to be wary of on social media sites such as Facebook and Twitter:

·         Phony Profiles
                A random person sends you a friend request. Even if their profile looks legitimate, you shouldn’t click that ‘Accept’ button quite yet. That new ‘friend’ could be a criminal after your data, and accepting their friend request gives them access to your personal info, posts, and your list of friends. Make sure that you only accept friend requests from people you actually know; otherwise you’re opening yourself up for an attack.

·         Hacked Profiles
                You see that one of your friends posted a link claiming that they got a free XBox for filling out a survey. In reality, someone has hacked their account and posted this malicious link. Contact your friend immediately and have them change their password.

Email
                Email is a very popular way for criminals to try to infect your system. Here are some of the more common email scams:

·         Malicious e-cards
                Looks like a simple greeting card, but downloads malware when you open it.

·         Grandparent scams
                Scammers target the elderly with an email from a “stranded” grandchild claiming to need money wired to them.

·         Letters from Santa
                An offer to send your child a personal letter from Santa Claus may be a phishing scheme to collect personal information.

·         Bank Account scam
                An email seemingly coming from your financial institution which informs you that your bank account has been compromised. You are given a link to follow or a phone number to call in order to verify your account information.

·         Shipping notification/Order confirmation
                You receive an email claiming to be an order confirmation or package tracking number. Make sure that the email is actually from a retailer you have ordered from before clicking any links within.

·         Golden rules of Email
                Do not follow unsolicited links
                Do not open unsolicited attachments
                NEVER send any financial information through email