Showing posts with label fake tech support. Show all posts
Showing posts with label fake tech support. Show all posts

Monday, August 26, 2024

Understanding Phishing and Social Engineering Attacks: A Deep Dive Into Modern Scams

Understanding Phishing and Social Engineering Attacks: A Deep Dive Into Modern Scams

Phishing and social engineering attacks have become increasingly sophisticated, targeting individuals and organizations intending to deceive and exploit. One of the most prevalent forms of social engineering is the fake tech support scam, where attackers pose as legitimate technical support representatives to gain access to personal information, financial details, or direct control of the victim’s computer. However, there are many other ways a scammer can convince someone into believing and going along with a targeted Scam. In this article, we’ll explore how these scams operate, their common tactics, and how you can protect yourself and others from falling victim.


How Online Scams Work

Initial Contact: The Hook

Scammers often initiate contact with potential victims through various channels, employing different tactics to lure them into the trap:

  1. Cold Calls: The scammer calls the victim directly, impersonating a representative from a well-known company such as Microsoft, Apple, or a popular antivirus provider. They usually claim to have detected viruses, malware, or other critical issues on the victim’s computer.
  2. Pop-Up Warnings: While browsing the web, the victim may encounter alarming pop-up messages. These pop-ups often mimic legitimate security alerts, claiming that the computer is infected and instructing the user to call a provided number for immediate assistance.
  3. Phishing Emails: The scammer may send phishing emails that appear to come from reputable companies. These emails typically warn of security threats and urge the recipient to call for support or click on a link, leading them to a fraudulent website or direct contact with the scammer.

Convincing the Victim: The Bait

Phishing email attacks are designed to trick recipients into revealing sensitive information, such as passwords, credit card numbers, or other personal data. Below are some common examples of phishing email attacks:

  1. Fake Account Security Alert:
    You receive an email claiming to be from your bank or another financial institution, warning you of suspicious activity on your account. The email urges you to click on a link to verify your identity or secure your account.
    • What to Look For:
      • Urgent language like "Your account has been compromised!" or "Immediate action required."
      • Links that appear to be legitimate but lead to a fake website designed to capture your login credentials.
      • Generic greetings like "Dear Customer" instead of your actual name.
    • Protective Action:
      • Do not click on links in the email. Instead, go directly to the institution’s official website and log in there to check your account status.

  2. Impersonation of a Trusted Contact:
    You receive an email that appears to be from a colleague, friend, or family member asking for help or money. The email might claim that the sender is in trouble or needs urgent assistance.
    • What to Look For:
      • The sender's email address may look similar to the real one but have small differences (e.g., john.doe@examp1e.com instead of john.doe@example.com).
      • Requests for unusual actions, such as purchasing gift cards or transferring money.
      • Poor grammar or language that doesn’t sound like the person you know.
    • Protective Action:
      • Contact the person directly using a different method (like a phone call) to verify the request before taking any action.

  3. Fake Invoice or Payment Request:
    You receive an email from a supplier or service provider claiming that you owe money for an invoice that you don’t remember. The email includes a link or attachment to view the invoice
    • What to Look For:
      • Unfamiliar sender or details about a purchase you don’t recall.
      • Attachments that might contain malware or links to phishing websites.
      • Pressure to make a payment quickly.
    • Protective Action:
      • Verify the legitimacy of the invoice by contacting the supplier directly using known contact information. Do not open attachments or click on links in the email.

  4. Job Offer or Employment Scam:
    You receive an email offering a job opportunity with an attractive salary or benefits, often asking you to provide personal information or pay a fee upfront.
    • What to Look For:
      • Unsolicited job offers that seem too good to be true.
      • Requests for personal information like Social Security numbers or bank details early in the process.
      • Professional-looking emails but with poor grammar, odd formatting, or vague job descriptions.
    • Protective Action:
      • Research the company independently, and avoid sharing personal information until you have verified the legitimacy of the job offer.

  5. Delivery Notification Scam:
    You receive an email claiming that a package delivery attempt failed and that you need to click on a link to reschedule delivery or update your shipping information.
    • What to Look For:
      • A sender claiming to be from a delivery service like UPS, FedEx, or DHL.
      • Links to websites that are not the official delivery service's domain.
      • No specific details about the package, such as the sender's name or tracking number.
    • Protective Action:
      • Visit the delivery service’s official website and enter your tracking number manually, or contact the service provider directly to confirm the delivery status.

  6. Phishing for Credentials:
    You receive an email that appears to be from a service you use (like Google, PayPal, or Netflix) stating that there’s a problem with your account. The email includes a link that directs you to a fake login page designed to steal your username and password.
    • What to Look For:
      • Emails that urge you to "confirm your account" or "update your payment information" immediately.
      • Links that, when hovered over, show a different URL than the official site.
      • Fake login pages that mimic the real site but have slight differences in the URL.
    • Protective Action:
      • Never log in through links in unsolicited emails. Instead, navigate to the service provider’s official website manually to check your account.

  7. Tax Scam Emails:
    You receive an email purporting to be from the IRS or another tax authority, claiming that you are due a refund or owe additional taxes. The email instructs you to click a link to provide your financial details.
    • What to Look For:
      • Emails from government agencies, especially those asking for personal information.
      • Claims that you are entitled to a refund or need to pay taxes urgently.
      • Requests for sensitive information like your Social Security number or bank account details.
    • Protective Action:
      • The IRS and most government agencies do not initiate contact via email. If you receive such an email, report it to the appropriate authorities (like the IRS at phishing@irs.gov).

Gaining Remote Access: The Trap

Scammers often will try to gain remote access to a victim's computer or online accounts, giving them control and the ability to steal personal information, install malware, or commit fraud. Here’s a basic rundown of how these scams work:

  • Creating Urgency: To make the victim anxious and more likely to comply, the scammer uses technical jargon and alarming language. They might say that immediate action is needed to prevent severe damage or data loss.
  • Gaining Trust: The scammer may instruct the victim to perform simple tasks on their computer, such as opening the Event Viewer, which naturally shows error messages. They use this to "prove" the computer is compromised, even though these messages are normal and harmless.
  • Requesting Remote Access: The scammer then persuades the victim to install remote access software (like TeamViewer, AnyDesk, or LogMeIn). This software allows the scammer to take control of the computer as if they were physically present.
  • Exploiting Access: Once they have control, the scammer might:
    • Install malware to steal personal information.
    • Access online accounts, such as banking or email.
    • Demand payment for their "services" or for fixing the supposed problem.

Continued Exploitation: The Aftermath

Even after the victim has paid, the scam may not end. The scammer might leave behind software that allows them to regain access to the computer later, or they might sell the victim’s information to other scammers, leading to further fraud attempts.


Protecting Yourself Against Phishing and Social Engineering Attacks

Be Skeptical of Unsolicited Contact

Legitimate companies rarely contact customers out of the blue about computer issues. If you receive an unsolicited call, pop-up, or email, be cautious. Do not provide any personal information or grant remote access to your computer.

Verify Claims Independently

If you encounter a warning or receive a message claiming there’s an issue with your computer, do not trust it without verification. Use official channels to verify the legitimacy of the claim. For example, look up the company’s official contact information and reach out to them directly.

Do Not Allow Remote Access

Never allow someone you do not know or trust to control your computer remotely. Legitimate support personnel will only ask for remote access if you have initiated the contact through verified means.

Use Reputable Security Software

Ensure that your computer is protected by up-to-date antivirus and anti-malware software. Programs like Malwarebytes Anti-Malware are excellent tools to detect and remove potential threats.

Educate Yourself and Others

Awareness is key. Educate yourself about common scam tactics and share this knowledge with friends and family, particularly those who may be less tech-savvy.


What If You’ve Fallen Victim to a Scam!?

If you’ve fallen victim to an online scam, acting quickly is important to minimize potential damage. Here’s what you should do:

  1. Stop All Communication
    • Immediately cease any communication with the scammer. Do not respond to emails, messages, or calls.
  2. Disconnect from the Internet
    • If the scam involves remote access to your computer, disconnect from the internet immediately by unplugging your ethernet cable or turning off your Wi-Fi. This prevents the scammer from accessing your system further.
  3. Change Passwords
    • Change the passwords for your online accounts, starting with your email, banking, and any accounts where sensitive information is stored. Use strong, unique passwords for each account, and consider enabling two-factor authentication (2FA) where possible.
  4. Contact Your Bank or Credit Card Company
    1. If you’ve provided financial information or made payments, contact your bank or credit card company immediately to report the scam. Request that they monitor your account for suspicious activity and possibly issue new cards.
  5. Check for Unauthorized Activity
    • Review your bank statements, credit card accounts, and online accounts for any unauthorized transactions or changes. Report any suspicious activity to your financial institution or the respective service providers.
  6. Remove Any Installed Software
    • If the scam involves installing software on your computer (such as remote access tools), uninstall it immediately. Go to `Control Panel > Programs > Programs and Features` to uninstall the software, and then check Task Manager (`Ctrl + Shift + Esc`) for any suspicious startup entries.
  7. Scan for Malware
    • Run a full system scan using reputable antivirus and anti-malware programs like Malwarebytes Anti-Malware. This will help identify and remove any malicious software that the scammer might have installed.
  8. Report the Scam
    • Report the scam to the relevant authorities. In the United States, you can file a report with:
    • The Federal Trade Commission (FTC) at [ReportFraud.ftc.gov](https://reportfraud.ftc.gov/)
    • The Internet Crime Complaint Center (IC3) at [www.ic3.gov](https://www.ic3.gov/)
    • Your local law enforcement agency.
  9. Monitor Your Identity
    • Keep an eye on your credit report and consider placing a fraud alert or credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion) to protect against identity theft.
  10. Educate Yourself and Others
    • Learn about common scams and share this information with friends and family to help protect them from similar threats. Awareness is one of the best defenses against online scams.
  11. Consider Professional Help
    • If you’re unsure about the extent of the damage or how to secure your system, consider seeking professional assistance. Pacific Northwest Computers in Vancouver, WA, can help you secure your system and recover from a scam. You can contact them at 360-624-7379 for further assistance.


Conclusion

Phishing and social engineering attacks, such as fake tech support scams, are a significant threat in today’s digital world. By understanding how these scams operate and taking proactive steps to protect yourself, you can avoid becoming a victim. Always be skeptical of unsolicited contacts, verify claims independently, and never allow remote access to your computer unless you’ve initiated the contact through verified channels. If you do fall victim, act quickly to secure your computer and seek professional help to ensure your personal information remains safe.




Wednesday, July 10, 2024

Fake Tech Support Scam: What You Should Do!


A fake tech support scam is a type of fraud where scammers pose as legitimate technical support personnel from well-known companies to trick victims into giving them access to their computers, personal information, or money. Here’s how these scams typically operate and how to clean up your system if you did/do fall victim to this type of scam!


How Fake Tech Support Scams Work

Initial Contact:

  • Cold Calls:
    Scammers often call victims directly, claiming to be from reputable companies like Microsoft, Apple, or a popular antivirus provider. They usually say they've detected viruses, malware, or other issues on the victim's computer.
  • Pop-Up Warnings:
    Victims might encounter alarming pop-up messages while browsing the web. These pop-ups often claim that the computer is infected and instruct the user to call a provided number for immediate support.
  • Emails:
    Scammers may send phishing emails that appear to come from legitimate companies, warning about security threats and urging the recipient to call for support.

Convincing the Victim:

  • The scammer tries to convince the victim that their computer is at serious risk. They use technical jargon and alarming language to create a sense of urgency.
  • They might ask the victim to open certain files or run specific commands that produce harmless but alarming-looking results, reinforcing the scammer’s claims.

Gaining Remote Access:

  • The scammer persuades the victim to install remote access software, such as TeamViewer, AnyDesk, or LogMeIn. This gives the scammer control over the victim’s computer.
  • Once they have access, they might pretend to run diagnostics or show fake errors to maintain the illusion of a serious problem.

Exploiting Access

  • The scammer may install malware, steal personal information, or use the computer to commit further fraud.
  • They often demand payment for their "services," claiming they can fix the issues they "found." Payment might be requested via credit card, wire transfer, gift cards, or other non-reversible methods.

Continued Exploitation

  • Even after payment, scammers may leave behind software that allows them to regain access or continue monitoring the victim's computer.
  • They might sell the victim's information to other scammers, leading to further fraud attempts.


How to Protect Yourself

Be Skeptical of Unsolicited Contact

  • Legitimate companies rarely contact customers out of the blue about computer issues. 
  • If you receive an unsolicited call or message, be wary.

Verify Claims Independently

  • Don’t trust pop-ups, emails, or calls without verifying their legitimacy through official channels. 
  • Look up the company’s official contact information and reach out directly.

Do Not Allow Remote Access

  • Never give control of your computer to someone you do not know or trust. 
  • Legitimate support personnel will not ask for remote access unless you have initiated the contact through verified means.

Use Reputable Security Software

  • Keep your antivirus and anti-malware software up to date. Use reputable programs like Malwarebytes Anti-Malware to protect your system.

Educate Yourself and Others

  • Learn about common scam tactics and share this knowledge with friends and family, especially those who might be less tech-savvy.


Here's a step-by-step guide to help you ensure your computer is secure and free of any unwanted remote access software if you did fall victim to a fake tech support scam/scammer.


Immediate Steps To Take If You Have Been Scammed

1. Disconnect from the Internet

  • Unplug your ethernet cable or turn off your Wi-Fi to prevent further remote access.

2. Identify and Remove Remote Access Software

  • Check Installed Programs
    • Go to `Control Panel > Programs > Programs and Features`.
    • Look for any remote access software (e.g., TeamViewer, AnyDesk, LogMeIn, RealVNC).
    • Uninstall any suspicious or unfamiliar programs.
  • Check Task Manager
    • Press `Ctrl + Shift + Esc` to open Task Manager.
    • Go to the `Startup` tab.
    • Disable any suspicious entries that start with Windows.

3. Scan for Malware and Adware

  • Malwarebytes Anti-Malware:
    • Download and install Malwarebytes
    • Run a full scan and remove any detected threats.
  • ADW Cleaner
    • Download and run ADW Cleaner.
    • Follow the prompts to clean any adware, toolbars, or PUPs.


Additional Steps You Can Take...

Network Settings

  • Ensure no changes have been made to your network settings:
    • Go to `Control Panel > Network and Sharing Center > Change adapter settings`.
    • Right-click your network connection, select `Properties`, and check for any unfamiliar protocols or services.

Check for Suspicious Services

  • Press `Win + R`, type `services.msc`, and press Enter.
  • Look for any unfamiliar services that are running and set to start automatically.
  • Right-click and stop these services if they seem suspicious

Update Your System

  • Ensure your Windows operating system is up to date:
  • Go to `Settings > Update & Security > Windows Update`.
  • Install any available updates.

Reset Passwords

  • Change the passwords for your computer accounts, especially if they have administrative privileges.
  • Change passwords for any online accounts accessed from this computer.

Enable Firewall and Antivirus

  • Ensure Windows Firewall is enabled:
    • Go to `Control Panel > System and Security > Windows Defender Firewall`.
    • Make sure you have an antivirus program running and up-to-date.

Monitor for Unusual Activity

  • Keep an eye on your system for any unusual behavior or performance issues.


Final Steps

Consider Professional Help

Data Backup and Recovery

  • Backup your important data to an external drive or cloud storage.

System Restore or Reinstallation

  • If you suspect deep-rooted infections or issues, consider performing a system restore or a clean installation of Windows.


Feel free to reach out if you need further assistance or if anything is unclear. Stay safe!


Monday, October 19, 2020

Protect Yourself From Cyber Attacks & Digital Fraud!


PROTECT YOUR INFORMATION

Make sure you know who you're communicating with.

  • Fraudsters pose as credible organizations, such as banks and the IRS, "phishing" for your information.
  • Be aware of COVID-related scams.
  • Criminals are taking advantage of the pandemic. Learn more about the top scams criminals are using during these difficult times.

Report suspicious texts and emails.

  • Fraudsters impersonate companies to get consumers to click links and provide personal information. These deceptive emails, phone calls, and text messages appear to come from a legitimate source.
  • Don't let online shopping scams trick you.
  • Before providing your billing information online, make sure you are working with a credible site. 
  • Don't download any software or click unknown links.

SECURITY BEST PRACTICES

Layer your protection.

  • A strong password is the first line of defense against cybercriminals. We recommend using multifactor authentication for an added layer of protection for all your accounts.

Be alert.

  • Monitor your accounts regularly, respond to fraud alerts, and report unauthorized transactions promptly.
  • Watch out for phishing attempts.
  • There are some easy ways to ensure an email is from "who you think" sent it. There are some simple methods to spot Email Spoofing, which you can find here.

Set your preference for digital documents.

  • Mailbox fraud has been an ongoing strategy for criminals. 
  • Safeguard your correspondence by signing up to receive digital information for your products and services instead of by Mail/USPS.
  •  Use a shredder to destroy paper documents when you are done with them.

Stay alert about industry trends on cybersecurity threats!

Monday, January 21, 2019

RansomWare or a Fake Tech Scammer Locked You Out of Your Computer using a "SysKey" Password

Image result for syskey attack

Some RansomWare Viruses and "Microsoft Tech" Scammers will Enable Windows' "SysKey" Function,
 and lock you out of your computer!

Well we have a few ways you can remove that pesky "SysKey,
and get you back into your computer!

*THIS IS FOR WINDOWS 7; MAY WORK ON 8 or 10 BUT THIS IS NOT TESTED OR CONFIRMED.

If this happens to you, the first thing you can try is use a Windows OS Media disk to remove the "SysKey" function using the Command Line.
  1. Boot to the appropriate OS Media (matches the installed OS version of the computer you are fixing). 
  2. When the OS installation screen comes up, Select USA English and then "Repair the Windows Installation"; DO NOT INSTALL!! 
  3. Go to "Advanced Troubleshooting" 
  4. Click on "Advanced Repairs" 
  5. Click on and open the the "Command Line" tool 
  6. Find the OS Disk by changing drive letters and checkin contents with the "dir" command. ie: cd C: cd D: cd E:, etc. 
  7. Run the following command on the OS drive:
    copy c:\windows\system32\config\regback c:\windows\system32\config 
  8. Say no to the "Software" replace prompt, but say yes to the others and replace a total of 4 files; Default, SAM, Security and System. 
  9. Reboot system 
You should be able to login to the computer again!
A warning however, you may have some security, OS and/or user account damage after the fact.

However there is an alternate method (or two) that can also do the trick, if the above process does not work, or is too difficult!

I have also removed the "Syskey" password using the following procedure:
  1. Boot from a Windows 7 Install DVD/Thumbdrive, or boot from a user created Windows Restore/Repair Thumb Drive.
    *You can also attempt the same procedure from Windows Start-Up Repair; if you are able to get there. 
  2. When the "Install Windows" screen appears, click on "Repair your computer" to access the system recovery options. 
  3. From the nex screen, run System Restore to last point before the syskey password on your computer.
    *This will fail, but must be done! 
  4. Click "run system restore again" and this will take you back to the main system recovery options list. 
  5. Open Command Prompt from the main system recovery options list. 
  6. Open Regedit; type "regedit" without the quotes, into the command prompt and the Regedit application will open. 
  7. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa and change the 'SecureBoot' value entry from 1 to 0. 
  8. Navigate to: HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account and delete everything for "F value" so that it's data/value is 0000 
  9. Reboot and you should now be able to Login! 

If you are not able to boot into the Windows 8 or 10 Startup Recovery Environment there is still yet another repair method you can try!

To get the computer to run a system restore if you can't get into the recovery environment, you try to make/trip the computer into doing a Startup Repair. 
  • The way we do this, is by turning the system off mid boot and then Startup Repair should catch that "issue" and run the next time you power on. 
  • During this process Windows typically recommends running a system restore to fix any possible boot issues; allow this process to proceed and complete. 
  • After this process has completed, open the computer's DVD drive and insert a copy of Hiren's All-in-one Boot CD/thumb drive. 
  • Turn the system off/restart the system. 
  • Booting from DVD or USB, boot into the Hiren's All-in-one Media and select "Mini XP Recovery Environment" 
  • Allow your system to boot into the "Mini XP Recovery Environment" RAM Drive environment. 
  • Once booted into "Mini XP" you can now run the built in Registry Editor (regedit) to complete the registry edits needed and listed in the previous repair steps. 
This procedure lets you complete the same repair tasks but using a different access methods and tools, but the same general repair principles and process.

These all have worked for me on client machines and has allowed me to get passed a "syskey" password each time. Once I am able to login to the client's system, I will physically disconnect the internet and start my cleaning procedures on the affected system. After a full clean-up, software removal and tune-up the once locked PC will now run fine without the user getting locked out anymore!

I hope this helps general users or other IT professionals!

Pacific Northwest Computers
Jon Pienkowski - Owner/Operator
www.pnwcomputers.com
360.624.7379