Ransomware

As computer-savvy consumers, you have likely heard about malware, viruses and spyware. You should also be aware of a new threat that even has the federal government worried on behalf of consumers. Ransomware is a dramatic new scheme used to steal from unsuspecting computer users. Ransomware gets its name from how it holds the computer hostage, unable to operate until the owner pays the scammer to release it. Many people have already been fooled by the scare tactics used in this scam.

Most commonly, the program that activates the ransomware is disguised as a normal computer update. While you are searching the Web, streaming videos, or checking out a blog, a message will appear on the screen claiming that in order to view this content a software update must be downloaded. Your antivirus software may not warn you not to download if your program is out of date. So, without any warning to do otherwise, you might download what looks like a normal software update. This is how ransomware enters your computer.

One day without warning, the computer screen will freeze. Instead of displaying the desktop or user files, the screen will show a fake message claiming to be from the Federal Bureau of Investigation (FBI), the Federal Trade Commission (FTC), U.S. Department of Justice, or other government agencies. The message claims that illegal materials have been found on the computer and that the government has locked it. In order to have the computer unlocked, the user must pay a fine via a prepaid debit card. The message claims that if the user does not pay the money, then the computer will not be unlocked and local authorities will be notified of the illegal activity.

Because the message looks official and threatens legal punishment, many people become frightened and pay the ransom for their computer. Unfortunately, scammers who operate these schemes often just take the money and do nothing to fix the hostage computer. If your computer ever becomes frozen by a ransomware virus, do not pay the scammers. Instead, contact your antivirus or Internet provider, who will then work to get the virus off your computer. To avoid this trouble altogether, be suspicious of any free software updates offered to you online. Do not download software that you do not recognize. If you need an update, try going to the official Web site for the software program rather than trusting a pop-up on another site.

Reference:

Federal Bureau of Investigation. (n.d.). New E-Scams and Warnings: Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money. Retrieved January 14, 2013, from http://www.fbi.gov/scams-safety/e-scams.

Video Post: "'Tis the Season for Phishing Scam Emails"

As mentioned in our last blog, phishing is particularly worrisome because there are so many different versions of the scams. This video describes how phishing has grown from simple mass emails to official looking messages that can even fool professionals.

The scam emails are becoming more complex by name-dropping popular stores, airlines, and banks. Phishing emails often copy the logos and letterheads of site such as Amazon and Facebook. And the most troubling thing about the new scams is that that they can follow you almost anywhere by reaching you through your cell phone. 

Luckily, there are ways to avoid being fooled by the new phishing schemes. Be sure to carefully read all you emails and unsolicited texts, and look for errors in grammar or spelling. Scammers write their messages in a rush, so they commonly may mistakes. Then, check to see who the message is addressed to. If the message does not list you by name or was send to numerous people, then it is probably not legitimate. Next, make sure that any and all links on the message are secure. You can do this by hovering your mouse arrow over the link. The web address should appear in the corner of the screen. If it does not match the link typed by the sender, then DO NOT click. If an email seems suspect, then type the web address yourself instead of clicking the link. And if the message name-drops a major company, then do not hesitate to contact the legitimate company to confirm  any suspicions. 

READERS, what do you think?

Are you more likely to trust an email if it comes from a company you know?

Do people needs better online habits?

References

KSDK. (2012). 'Tis the season… for phishing scam emails. [Video file]. Retrieved from http://www.ksdk.com/video/1280452927001/1/Tis-the-season-for-phishing-scam-emails

Microsoft Phishing Targets Consumers

 Phishing – scams that send unsolicited messages trying to get you to send them personal information – is still a big problem, even for those who are Internet savvy. Recently, a widespread phishing scheme has raked in tens of thousands of Americans' dollars. The scheme has become such a problem that both the Federal Trade Commission and Microsoft released statements warning consumers to be vigilant.

The way the scam works is that someone calls claiming to be from Microsoft Tech Support. The caller says your computer has been infected by a virus and that they are willing to fix it for a fee. The fee is usually between $50 and $500. If you agree and give your credit card number, the caller will remotely access your computer and "fix" the nonexistent problem. Sometimes, the scammer will download spyware or steal your information.

Some versions of this scheme involve fraudulent e-mails appearing to be from Microsoft, offering security updates and a number of other services. What makes phishing so dangerous is the sheer number of separate scams that exist. So to avoid phishing, keep in mind that:

• Microsoft never sends unsolicited e-mails.
• Microsoft Tech Support will never call you about possible problems.
• Banks and software companies will not contact you via text message.
• Software companies and the government will not freeze your computer and then charge a fee to repair it.

References

Federal Trade Commission. (2012, October 3). FTC halts massive tech support scams. [Press release]. Retrieved from http://www.ftc.gov/opa/2012/10/pecon.shtm.

Microsoft. (2012). Avoid scams that use the Microsoft name fraudulently. Safety & Security Center. Retrieved from http://www.microsoft.com/security/online-privacy/msname.aspx.