fake flash update warning

Fake Flash Update Warning

Fake Flash Update Warning

There’s a certain web site I’ve visited a few times that produces a fake flash update warning.  Beware of these warnings.  Adobe will never display a warning such as this when you’re surfing the web.

Here’s a screen capture.

fake flash update warning

First of all, I want to warn everyone never to click on anything like this without examining it first.  There are three glaring examples of fakery to be found at a cursory examination.

#1  The URL has nothing to do with adobe.com.

#2  The message says that you are required to update your flash player.  You are required to update nothing of the sort.  As the saying goes, you are only required to die and pay taxes! Adobe (and other legitimate companies) will not generally display scary messages like this.

#3  This is the most important part…   inside the red box, the advertiser says they are not affiliated with Adobe, the makers of Flash..

If you do accidentally click on the OK button, you will be asked to download or install something with a generic name, like “installer.exe.”  Don’t do it!  In my experience today, I clicked on nothing at all, and still got the download dialog box.

Well, now that you’ve determined you have detected a scam, what do you do?  My advice is to close the browser.  If you’re an inexperienced user, and you always seem to be getting malware, the best course of action is to go ahead and shutdown your computer without trying to click on anything at all.  Press the Windows button on your keyboard to get to the start menu and click Shut down.

Be careful!

Note: I use both Windows PCs and Apple computers.  I have only seen this happen on a Windows PC to date.

FBI issues another warning about tech support phone scams

I’m pasting this in verbatim, because The FBI has very effectively communicated the extent of the problem. Be very careful about giving remote access to your computers to people you don’t know and trust!

3 November 2014

Alert Number
I-111314-PSA

NEW TWIST TO THE TELEPHONE TECH SUPPORT SCAM
The IC3 has produced Scam Alerts in the past advising the public of an ongoing telephone scam in which callers purport to be an employee of a major software company. The callers have strong foreign accents. The callers report the user’s computer is sending error messages and numerous viruses have been detected. The caller convinces the user to give them permission to run a program allowing the caller to gain remote access. The caller advises the virus can be removed for a fee.

Intimidation tactics used in this scam have influenced victims to pay fees associated with the removal of alleged viruses. It has been reported to the IC3 an individual who paid the required fees, later received a call advising the victim the funds paid for the services went to India and were used to purchase weapons for ISIS. The call came with an additional request for money to remove the victim’s name from a black list.

In a new twist to the tech support scam, cyber criminals attempt to defraud using another avenue. The scam is executed while a user is browsing the Internet. In this scenario, a website being viewed provided a link to articles related to popular topics. The user clicked the link and was redirected to a website which produced a window that advised the user’s computer had been hacked. Another window was displayed that contained a telephone number to obtain assistance. The user reported all attempts to close the windows were ineffective. Upon calling the number for assistance the user was connected with an individual who spoke with a heavy foreign accent claiming to be an Apple representative. During the process the user’s web browser was hijacked. Restarting the computer in an attempt to regain access to the Web produced another message with a different telephone number to obtain assistance.

The execution of this fraud is similar to what was reported in a Public Service Announcement (PSA) dated 07/18/2013. The PSA reports on a version of ransomware that targets OS X Mac users. This version is not a malware; it appears as a webpage that uses JavaScript to load numerous iframes (browser windows) and requires victims to close each iframe. The cyber criminals anticipate victims will pay the requested ransom before realizing all iframes need to be closed. The full PSA can be found at http://www.ic3.gov/media/2013/130718-2.aspx

If you are a victim of this scam or a similar scheme it is suggested:

To file a complaint at www.IC3.GOV
Resist the pressure to act quickly
Be cautious of clicking on unknown links

The POODLE exploit

If you’re on the web much, have any online banking accounts or watch TV news, you’ve probably heard about POODLE in the last few weeks.

Rather than reinvent the wheel, I’m going to post some links here for those of you who are interested to peruse.

What you need to know about the SSLv3 “POODLE” flaw (CVE-2014-3566)

If you use the Internet at all, you’ll want to disable SSLv3 on the apps you use, too.  Here’s how you can disable SSLv3.

And, once again, I want to encourage EVERYONE to backup!  Please call us if you need help setting up a backup system.  Or, please just click on this link to buy Carbonite now.

Stay safe out there!

Avoid installing junk you don’t need

For quite some time, the applications we trust and use every day have been tricking us into installing extra stuff we don’t need during the update process.

One example is Adobe Flash (pictured below). Sometimes, their “gift” to you is the Chrome browser. Other times, it’s the Ask toolbar. In this case, it’s McAfee Security Scanner. Almost always, you don’t need or want it.

You can avoid it by paying attention to the update screen and unchecking the box next to whatever it’s trying to install for you.

Avoid Installing Junk You Dont Need

Add an extra level of protection for free with Norton ConnectSafe

Norton offers a free service called ConnectSafe for home users.

Norton ConnectSafe ConnectNC InternetOnce you start using ConnectSafe, Norton checks the web sites you surf to against its extensive database to attempt to ascertain the site’s safety. If it’s deemed safe, you’re sent to your web site. If not, you receive a warning. Another feature is Unsafe Site Filter, which you can turn on or off. When the filter is on, you will only see Norton Secured sites when you search. Otherwise, you can make an informed choice, because your search results display Norton’s ok if they’re believed to be safe.

One of the things you may not like about Norton ConnectSafe is that when you attempt to reach an invalid web site (not found in DNS), you’re presented with a search site powered by Ask. But, I only consider it a minor imperfection.

Norton ConnectSafe allows you to choose from three levels of protection.

A – Security (malware, phishing sites and scam sites)
B – Security + Pornography *This is the default policy
C – Security + Pornography + Non-Family Friendly
All policies block malware, phishing and scam sites.

Norton ConnectSafe: https://dns.norton.com/dnsweb/homePage.do

Show your school spirit – but NOT in your password!

It’s great to be a loyal fan or follower of your school’s team, but the one thing you don’t want to do is use your team name as your password!  If you’re a UNC student or grad, and you’re using “tarheels” (or any variant thereof) as your password, change it now.  It’s insecure on many, many levels.  First, it’s a word in the dictionary.  Second, it’s too weak.  Be creative when choosing a password, and make sure it’s secure.  Your online accounts will be at risk of being compromised until you change your password!

What could you use instead?  If you really must use the word “tarheels” in your password, change it to a passphrase that will be easy enough for you to remember, but difficult to guess or crack.

For example, “I_love_my_Tarheels!” is probably something you can remember, and it’s way more secure than just “tarheels.”

Use a tool like this password strength checker to find out how secure your password is.  If the result is anything other than VERY STRONG, please change it!

Password Strength

http://www.passwordmeter.com/

PayPal’s automatically billed payments

PayPal SubscriptionsHere’s something to look out for! Have you ever paid for something with PayPal and expected that to be the last of it, but you ended up on a recurring billing plan? Here’s how you can check to see what’s been preapproved or has been scheduled.

  • Login to PayPal
  • Go to My Account
  • Click on Profile
  • Click More Options
  • Click My Money
  • Go to Preapproved Payments

Use this page to manage your payments for:

  • Subscriptions
  • Automatically billed payments
  • Installment plan payments

Click Update to change any item you see there.

Unexpected email with an unexpected link? Don’t click on it!

FedEx Bad Email

Trojan.LameShield

No matter what Internet Security software you’ve installed (you DO have something installed, right?), don’t ever click on a link you receive from an unexpected source!  These can include, but are not limited to, notices from FedEx about a shipment to you, or that you sent, Verizon (or other company) phone bill that is extremely high, notice from a bank (with which you probably don’t even have an account) or any other official-looking notice from a company asking you to click on something.

Read the message carefully.  You’ll almost always see poor grammar, spelling and punctuation. There will often be odd contradictions.  In the email to the left, the sender claims to be FedEx, but asks you to go to your US Post Office for a package.

There may be otherwise empty email messages from friends, too, that contain a link.  Never click on those either!  That’s a hallmark of a hijacked email account.  Let your friend know to change his or her account password asap.

If it’s too late because you’ve already clicked and installed a trojan, give us a call:  910-695-7068.