Embed Size (px)
Citation preview
MalwareViruses
Ransomware
Can my computer be infected by just visiting certain websites in my windows browser?
How can I be sure my computer and files are fully protected from viruses and malicious software?
Is it safe to open attachments in my email? How about online-banking, is it safe? What would happen to my files if my
computer crashed or became infected with ransom-ware like Cryptowall?
Questions
Be aware of emails purporting to be from shippers or retailers. No established business would ask a consumer to disclose her password via email or on the phone, McAfee's Davis said. Shoppers should look at the specific email address and domain name of the sites they are pointed to, making sure it's really from the retailer and not a close derivative.
Fake Emails
Fake Charter Login
Fake Charter Login
Data attacks on retailers such as Target, Home Depot, Michael's, Neiman Marcus, Apple, Microsoft, Sony, Facebook, Anthem 80 million health records have been the victims of hacker attacks and means that criminals also have access to millions of stolen emails. Those can be used in phishing scams…
The phishing attempts can appear to come from either a retail or a shipping company, such as UPS or Fedex, but actually are fake emails that are trying to get consumers to disclose their emails.
Phishing
Email Scam (Mar 26, 2015): "Hello"From: [email protected] To: undisclosed-recipientsDate: March 25, 2015Subject: Hello
Body: I sent you this documents earlier but I noticed the failure delivery, So I had to resend it again. VIEW DOCUMENTS<http://www.adrianmoroianu.com/Zoop/Adobefile/Adobefile/> and login in with your email to view the content and importance.
THANK YOU.
Phishing for your email
Email Scam (Apr 21, 2015): [No Subject]From: Craig Sentry
<[email protected]> Date: Tue Apr 21 06:58:32 2015
Body: ICT Service Desk require you to upgrade to the latest e-mail Outlook Web Apps 2015 , kindly Click on ICT Service Desk http://webowa.wix.com/outlook to upgrade to the latest e-mail Outlook Web Apps 2015
Connected with Microsoft Exchange© 2015 Microsoft Corporation. All rights reserved
Phishing for your email-2
Adobe Flash Player
Chase Bank
IRS
TARGET
FedEx
Intuit Payroll
Microsoft phone scams
The average age of a victim is 59 91% were White 53% were female Anyone who has a home computer
connected to the internet can become a victim
Who is most likely to be affected?
Do not allow remote access to your computer.
Hang up the phone when you identify that the call is uninvited.
Never divulge passwords or pin numbers. Microsoft or someone on their behalf will
never call you.
How to protect yourself
WASHINGTON — Aggressive and threatening phone calls by criminals impersonating IRS agents remain near the top of the annual "Dirty Dozen" list of tax scams for the 2015 filing season, the Internal Revenue Service announced today.
http://www.irs.gov/uac/Newsroom/IRS-Completes-the-Dirty-Dozen-Tax-Scams-for-2015
The IRS has seen a surge of these phone scams in recent months as scam artists threaten police arrest, deportation, license revocation and other things. The IRS reminds taxpayers to guard against all sorts of con games that arise during any filing season.
"If someone calls unexpectedly claiming to be from the IRS with aggressive threats if you don't pay immediately, it's a scam artist calling,” said IRS Commissioner John Koskinen. "The first IRS contact with taxpayers is usually through the mail. Taxpayers have rights, and this is not how we do business."
IRS Phone Scams
Call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill.
Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
Require you to use a specific payment method for your taxes, such as a prepaid debit card.
Ask for credit or debit card numbers over the phone. Threaten to bring in local police or other law-
enforcement groups to have you arrested for not paying.
The IRS will never
Hackers send email containing a malware program called Carbanak to hundreds of bank employees, hoping to infect a bank’s administrative computer.
Programs installed by the malware record keystrokes and take screen shots of the bank’s computers, so that hackers can learn bank procedures. They also enable hackers to control the banks’ computers remotely. The hackers seem to limit their theft to about $10 million before moving on to another bank to stay under the radar - has stolen up to $1 billion from banks around the world.
How Hackers Infiltrated Banks
By mimicking the bank procedures they have learned, hackers direct the banks’ computers to steal money in a variety of ways:
Transferring money into hackers’ fraudulent bank accounts
Using e-payment systems to send money to fraudulent accounts overseas
Directing A.T.M.s to dispense money at set times and locations
How Hackers Infiltrated Banks
When you look at card activity, keep an eye out for "microcharges." the average consumer looks for big purchases, but hackers often test cards to see if they are valid by charging small amounts of $1 or $2. If those cards are found to be valid, hackers can then sell them to other crooks for a premium.
Your Credit Cards
#10 Sweepstakes Scam: You have won a contest! Or the lottery! Or the Publishers Clearinghouse Sweepstakes! All you have to do to claim your prize is to pay some fees or taxes in advance so they can release your prize… This is not a new scam, but it is a perennial problem.
#9 Click Bait Scam: This one takes many forms, but the most notorious of the past year was when the Malaysian Airline plane went missing (“click here for video”). Other click bait schemes use celebrity images, fake news, and other enticing stories to get you to unintentionally download malware.
#8 Robocall Scam: The notorious “Rachel from Cardholder Services” made a comeback in 2014. This scam claims to be able to lower your credit card interest rates and takes personal information – including your credit card number – and then charges fees to your card.
#7 Government Grant Scam: You get a call saying you have been awarded a government grant for thousands of dollars. It may even mention a program you’ve heard about in the news. All you have to do to collect your grant is pay a couple hundred in fees by wire transfer or prepaid debit card.
#6 Emergency Scam: This one is sometimes called the “grandparent scam” because it often preys on older consumers. You get a call or email from your grandchild or other relative who was injured, robbed or arrested while traveling overseas and needs money ASAP.
Top 10 scams (the BBB)
#5 Medical Alert Scam: Another one that preys on older folks. You get a call or a visit from a company claiming a concerned family member ordered you a medical alert device in case you have an emergency. They take your credit card or banking information but you never receive anything.
#4 Copycat Website Scam: You get an email, text message or social media post about a terrific sale or exciting new product. You click through and it looks just like a popular retailer’s site. But when you order, you either get a cheap counterfeit or nothing at all… and now they have your credit card number!
#3 “Are You Calling Yourself?” Scam: Scammers can make a call look like it’s coming from anywhere. The latest trick puts your number in the Caller ID, which piques your curiosity and gets you to pick up the phone or return the call… and then they’ve snagged you in whatever scam they are running.
#2 Tech Support Scam: You get a call or a pop-up on your computer claiming to be from Microsoft (or Norton, or Apple) about a problem on your computer. They say if you give “tech support” access to your hard drive, they can fix it. Instead, they install malware on your computer and start stealing your personal information.
#1 Arrest Scam: You receive an ominous phone call from someone claiming to be a police officer or government agent (often the IRS in the United States or the CRA in Canada). They are coming to arrest you for overdue taxes or for skipping out on jury duty… but you can avoid it by sending them money via a prepaid debit card or wire transfer. Another variation on this is that you’ll be arrested for an overdue payday loan. Whatever the “violation,” it’s scary to be threatened with arrest, and many people pay out of fear.
Top 10 scams (the BBB)
What is a secure password that I can still remember?
Don’t use just common words found in the dictionary
Add Capitals and Special Characters Use acronyms EGBDF, GWTW (gone
with…) Use common identifiers + key phrase
likeegbdfYahoo7$, egbdfGmail7$, GWTWyahoo7
Secure Passwords
Yes, it's a massive chore of inconvenience
Over 650,000 PC’s infected with Cryptowall in 6 months
Inconvenience
2 things: passwords & sensitive information. A new employee arrives early to work, eager to start
the day. As he enters the building, he finds, on the ground, a USB drive with the company’s logo. He diligently sends out an email to the office to alert his coworkers of his discovery, but no one responds to claim the lost drive. Still curious, he tries to identify the owner by opening up a few of the files on the drive.
Bad idea. This USB drive was planted in the parking lot by sophisticated hackers who have loaded it with malware. Within minutes the hackers gain access to sensitive information.
What are the hackers looking for?
Ransomware
Ransomware Hackers Hit Maine Police Central Server
Four police departments in Maine have paid $300 to cybercriminals after being hit by ransomware. Officials say they weighed up their response and decided they had no real choice but to pay up.
Ransomware is a form of malicious software which restricts access to certain parts of a computer it infects. Victims then see on-screen messages stating that a ransom must be paid to regain access.
Ransomware
The Malwarebytes research team has determined that Cryptowall is ransomware. These applications deny you access to your own files or computer unless you pay
the ransom.This particular one encrypts your documents and offers to decrypt them for a price.
Malwarebytes' Anti-Malware removes Cryptowall completely. But it cannot decrypt your files. You will need backups to replace the
encrypted files.
We hope our application has helped you eradicate this malicious software. If your current security solution let this infection through, you might please consider purchasing the FULL version of Malwarebytes Anti-Malware for additional protection.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Cryptowall rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late. And warned you about an outgoing connection to a malware server.
What is Cryptowall?
Buy Malwarebytes premium (paid version is $24.95 a year for 3 PC’s) which is always active and runs in the background along with your regular anti-virus program without a conflict between the two. (The free version of Malwarebytes won’t detect any viruses, since it isn’t active all the time).
Install Hitmanpro.alert active browser protection (free)
BACKUP all of your files, pictures, documents, pdf’s to an external hard drive or flash drive and then UNPLUG it from your PC when done (so virus can’t also infect your externally backed up files).
Protection from Cryptowall
You could backup your files to a cloud-based backup (Dropbox, Google Drive, etc) but if you sync with your infected PC, all of your files will still be encrypted. (Carbonite Backup)
The 100% only secure way to protect your data is to save it to an external hard drive or flash/thumb drive and unplug it until your next backup.
Remember, your data is not SAFE if it’s not backed up!
Back Up Your Data
Do create a separate login account if others need to share your PC
Do have a good anti-virus program on your PC
Do have an active malware program running on your PC (malwarebytes.org, hitmanpro)
Do backup your data (USB thumb/flash drive, external hard drive)
Do’s and Don’t’s
Don’t open attachments in email Don’t click on embedded links, instead go
directly to the website and login (ie Paypal) If someone calls you offering computer
help, don’t trust them
Do’s and Don’t’s
