Showing posts with label hackers. Show all posts
Showing posts with label hackers. Show all posts

Monday, October 14, 2024

Your Online Account(s) Got Hacked & You Are Locked Out: What Do You Do!?


Online security is becoming increasingly critical as more of our daily lives move onto the internet. If you believe one or more of your online accounts have been hacked or compromised, it’s essential to act swiftly. If you are locked out of an account, the situation becomes even more urgent. Below are detailed steps you can take to mitigate damage, regain control, and enhance the security of your other online accounts.


*Note: One takeaway from my own personal "getting hacked" experience is that the new "Verified" model that most social media platforms use now is being leveraged to push users into paying for the verification, just to receive any kind of personal support if they happen to have any problems or issues with their account. Going forward I recommend (and will personally practice) that you verify ANY and ALL online social media accounts that are important or critical to your life/work. You can use the services for free, but if you have an issue like an account hi-jack/take-over, it can be next to impossible to get ANY help if you are un-verified.


1. Report the Incident Immediately!

Reporting the compromise to relevant authorities and service providers is crucial. This not only helps you recover control of your account but also aids in preventing further damage.

  • Local Police: If you suspect identity theft or fraudulent activity, file a report with your local police department. Keep copies of the report for further use.
  • Websites or Software Providers: Contact the customer support teams of any websites or services involved in the breach. Most platforms like Google, Facebook, and financial services have processes in place to assist users in recovering hacked accounts.
  • IC3/FBI: If the incident involves significant financial loss or cybercrime, file a report with the Internet Crime Complaint Center (IC3), which is a division of the FBI focused on internet-based crimes.

2. Recovering a Locked-Out Account:

If you are locked out of an account, follow these steps (and see further details at the end of the blog):

  • Use Account Recovery Options: Most services offer account recovery options like email or phone verification, but this may not be safe if these are compromised. Prioritize recovery methods like trusted devices or backup codes (which many services provide when setting up 2FA).
  • Contact Customer Support: If recovery options fail, reach out to the service provider’s customer support. Be prepared to verify your identity through personal information or past account details.
  • Keep Documentation: If you’ve filed reports with the police or the IC3, share these reports with the service provider, as this may help speed up the account recovery process.

3. Secure Any Associated Payment Services

If you're completely locked out of an account, especially one that’s linked to financial services, take immediate action by logging into any associated payment services and removing access to the hacked site or account. For instance:

  • PayPal
  • Venmo
  • eBay
  • Banking apps or credit card accounts

This helps to stop any unauthorized transactions that could stem from the compromised account. Be sure to carefully review recent activity on these services to identify any fraudulent activity and report it to your payment service provider.

3. Change Passwords on Any/All Online Accounts You Have!

Once you've safeguarded your payment methods, it's essential to change your passwords across all your online accounts. Start with the most important and sensitive accounts first:

  • Email Accounts: Your email is often the gateway to all your other accounts, so this is the highest priority.
  • Financial Accounts: Banking, credit cards, PayPal, Venmo, CashApp, Zelle, etc.
  • Shopping Platforms: Amazon, eBay, and any other sites where your payment information is stored.

Use strong, unique passwords for each account. Consider using a password manager to generate and securely store complex passwords, reducing the chances of reuse or weak password issues.

4. Monitor and Secure All Other Online Accounts

Even if only one account was compromised, hackers may have attempted to access other accounts through the use of the same password or linked email addresses. Take the following additional precautions:

  • Review all recent account activity for suspicious logins or transactions.
  • Revoke access to any suspicious devices or apps that are connected to your accounts.
  • Update security questions and answers, ensuring they aren't easily guessable or derived from public information.

5. Setup, Use, and/or Check Any Credit or Data Monitoring Services

If you use any sort of data monitoring or ID monitoring service(s), this would be the time to check on them or even ask the provider to run an up-to-date check of your personal information.

  • Guardio: We do use and recommend Guardia as an "Umbrella" service to not only monitor your personal information but also look for password leaks and even provide email/web filtering and monitoring. The service is not free, unfortunately. But their products and services have GREATLY helped us with similar issues in the past.
  • Free Credit Monitoring such as Experian, Equifax, Credit Karma, the FTC, and other resources.

6. Enable Two-Factor Authentication (2FA)

Where available, always enable two-factor authentication (2FA) for your accounts. However, be cautious with the type of 2FA you use:

  • Do not rely on 2FA through SMS or email, as these can be intercepted through SIM-swapping attacks or email compromises.
  • Use an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy.
  • Security Keys: For the highest level of protection, use your security key for 2FA on any accounts that support it.

Make sure to set up both security keys on all accounts that support them for redundancy in case one is lost or stolen.

7. Implement Security Keys for Two-Factor Authentication (2FA)

Using a security key (like a YubiKey) is one of the most effective ways to protect your accounts. Security keys provide an extra layer of security beyond traditional passwords by requiring physical confirmation for account access.

  • Buy Two Security Keys: Setting up two keys ensures that if one is ever lost, stolen, or damaged, the backup key can be used to regain access to your account.
  • Register Both Keys: Set up both keys on every account that supports their use (e.g., Google, Dropbox, Microsoft, social media, financial services, etc.).

8. Ongoing Protection and Monitoring

After recovering your accounts and enhancing their security, adopt good online security practices going forward:

  • Use a Password Manager: This helps you create and store strong, unique passwords for all your accounts.
  • Monitor Credit Reports: If financial information is compromised, regularly monitor your credit report for unusual activity. You can also consider placing a fraud alert or credit freeze.
  • Watch for Phishing Attempts: Be especially cautious of phishing emails or texts that may follow a breach, as hackers may try to gain further information by impersonating legitimate companies or services.

By following these steps, you can effectively respond to an account compromise and significantly reduce the chances of future breaches. The key is to act swiftly, report incidents, and continuously improve your security practices.


Read more »
Posted by at No comments:
Labels: , , , , , , , , , , ,

Monday, January 21, 2019

RansomWare or a Fake Tech Scammer Locked You Out of Your Computer using a "SysKey" Password

Image result for syskey attack

Some RansomWare Viruses and "Microsoft Tech" Scammers will Enable Windows' "SysKey" Function,
 and lock you out of your computer!

Well we have a few ways you can remove that pesky "SysKey,
and get you back into your computer!

*THIS IS FOR WINDOWS 7; MAY WORK ON 8 or 10 BUT THIS IS NOT TESTED OR CONFIRMED.

If this happens to you, the first thing you can try is use a Windows OS Media disk to remove the "SysKey" function using the Command Line.
  1. Boot to the appropriate OS Media (matches the installed OS version of the computer you are fixing). 
  2. When the OS installation screen comes up, Select USA English and then "Repair the Windows Installation"; DO NOT INSTALL!! 
  3. Go to "Advanced Troubleshooting" 
  4. Click on "Advanced Repairs" 
  5. Click on and open the the "Command Line" tool 
  6. Find the OS Disk by changing drive letters and checkin contents with the "dir" command. ie: cd C: cd D: cd E:, etc. 
  7. Run the following command on the OS drive:
    copy c:\windows\system32\config\regback c:\windows\system32\config 
  8. Say no to the "Software" replace prompt, but say yes to the others and replace a total of 4 files; Default, SAM, Security and System. 
  9. Reboot system 
You should be able to login to the computer again!
A warning however, you may have some security, OS and/or user account damage after the fact.

However there is an alternate method (or two) that can also do the trick, if the above process does not work, or is too difficult!

I have also removed the "Syskey" password using the following procedure:
  1. Boot from a Windows 7 Install DVD/Thumbdrive, or boot from a user created Windows Restore/Repair Thumb Drive.
    *You can also attempt the same procedure from Windows Start-Up Repair; if you are able to get there. 
  2. When the "Install Windows" screen appears, click on "Repair your computer" to access the system recovery options. 
  3. From the nex screen, run System Restore to last point before the syskey password on your computer.
    *This will fail, but must be done! 
  4. Click "run system restore again" and this will take you back to the main system recovery options list. 
  5. Open Command Prompt from the main system recovery options list. 
  6. Open Regedit; type "regedit" without the quotes, into the command prompt and the Regedit application will open. 
  7. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa and change the 'SecureBoot' value entry from 1 to 0. 
  8. Navigate to: HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account and delete everything for "F value" so that it's data/value is 0000 
  9. Reboot and you should now be able to Login! 

If you are not able to boot into the Windows 8 or 10 Startup Recovery Environment there is still yet another repair method you can try!

To get the computer to run a system restore if you can't get into the recovery environment, you try to make/trip the computer into doing a Startup Repair. 
  • The way we do this, is by turning the system off mid boot and then Startup Repair should catch that "issue" and run the next time you power on. 
  • During this process Windows typically recommends running a system restore to fix any possible boot issues; allow this process to proceed and complete. 
  • After this process has completed, open the computer's DVD drive and insert a copy of Hiren's All-in-one Boot CD/thumb drive. 
  • Turn the system off/restart the system. 
  • Booting from DVD or USB, boot into the Hiren's All-in-one Media and select "Mini XP Recovery Environment" 
  • Allow your system to boot into the "Mini XP Recovery Environment" RAM Drive environment. 
  • Once booted into "Mini XP" you can now run the built in Registry Editor (regedit) to complete the registry edits needed and listed in the previous repair steps. 
This procedure lets you complete the same repair tasks but using a different access methods and tools, but the same general repair principles and process.

These all have worked for me on client machines and has allowed me to get passed a "syskey" password each time. Once I am able to login to the client's system, I will physically disconnect the internet and start my cleaning procedures on the affected system. After a full clean-up, software removal and tune-up the once locked PC will now run fine without the user getting locked out anymore!

I hope this helps general users or other IT professionals!

Pacific Northwest Computers
Jon Pienkowski - Owner/Operator
www.pnwcomputers.com
360.624.7379
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Friday, June 5, 2015

How can I keep my computer from getting infected? Pacific NW Computers' PC Security Tips


1. Make sure you regularly run MANUAL scans with your installed security software!
Security Programs We Recommend (Or Have Installed):
  • Avast Antivirus, BitDefender Free, Microsoft Security Essentials
  • MalwareBytes Anti-Malware
  • Spybot Search & Destroy
  • CCleaner
*For direct download links to the software listed above, visit "Pacific NorthWest Computers' Links and Recommended Software" page on our Blog Link below!
http://pnwcomputers.blogspot.com/2013/06/pnw-computers-links-and-recommended.html

Basic/General Scanning Procedure:

  • Before running any scans with any of the installed security software, be sure to FULLY update the software FIRST.
  • After updating the security software, perform the deepest and most thorough scan that the software is capable of. This is usually labeled as a FULL or COMPLETE scan.
  • DELETE or QUARANTINE any and all of the security software’s findings.
  • Make sure you DON’T download and install any scanner/security software that solicits you to download and install its software. These scanners are blacklisted because of their questionable reputation.

2. Make sure your Windows is ALWAYS up to date!

  • An unpatched Windows is vulnerable and even with the “best” Antivirus installed; malware will find its way through.
    So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.
  • Be sure to download and install all CRITICAL and SOFTWARE updates! You also may have to do several “passes” of Windows updates before all the available updates/patches are actually installed.
  • Verify that your version of Windows Vista, Windows 7 or Windows 8 has the most recent service pack installed. If this is not currently installed on your system, the Windows Update website will recognize this vulnerability and request you to download and install any available Service Packs and other needed updats.

3. Stay away from questionable sites.

  • This is one of the main causes why a computer gets infected. Visiting cracksites/warezsites – and other questionable/illegal sites is ALWAYS a risk. Even a single click on the site can be responsible for installing a huge amount of malware. Don’t think: “I have a good Antivirus and Firewall installed, they will protect me” – because that’s not true… there is no “Magic Bullet”. Before you know it, your Antivirus and Firewall may already be disabled because malware already found its way on your system.


4. Be careful with email attachments!

  • Malware spreads via email as well, especially email attachments. The most common ones are emails telling you that your computer is infected and that you can find the removal tool in the attachment, emails telling you that your password has changed and can find it in the attachment, emails with product codes in the attachment from software that you purchased (which you didn’t), emails with attachments that are so called “Security Updates”, etc. etc.
  • Don’t trust any emails like the ones listed above. Don’t even attempt to preview/open them and delete them immediately instead! It may also happen you receive an email from someone you know, but with a questionable attachment present and strange content in the e-mail’s message. In this case, this person – or someone else who has your address book in his/her address book – is infected with malware (worm/spambot) and sends these emails without being aware of it.
  • Don’t click links in emails from someone you don’t know, because these links can redirect you to sites where malware gets downloaded and installed.

5. When surfing the internet…

  • Use Google Chrome or the FireFox web browser as your MAIN internet browser. These browsers does not use ActiveX controllers or BHO’s (these are programs that are a standard feature’s of Microsoft’s Internet Explorer and are “exploited” vulnerabilities that hackers use to infect computers). If a specific website (such as a financial institution website) may require Internet Explorer to be used in order for you to view their site, then use Internet Explorer. But for that specific website ONLY!
  • Don’t click on links inside pop-ups. ALWAYS close the windows via the "X" for the window vs. clicking "Cancel" or any other 'escapes' in the pop-up.
  • Download software off of the internet from websites you know and trust. A lot of free software comes bundled with other software, including malware.
  • Be careful when you are viewing videos online. Especially when you get a pop-up asking you to download a “Codec” to be able to watch the video. By default, your media player should already have the necessary codec installed to watch online videos. In the case that you’re prompted to install an additional codec while trying to watch a move online (or downloaded), it is most likely a false alert and this so-called codec may install malware.
  • Don’t install plug-ins (ActiveX) if you’re not certain what it is or why it is you need it. (Unless you are attempting to perform Windows/Microsoft Updates).
  • Glubble is a great FireFox add-on if you want to manage the sites your kids are allowed to see.

6. Watch what you download!

  • If you want to install certain software, always go to the developer’s site to download the software. Then you can be sure you’re downloading and installing the right software. Be aware of the fact that certain software (especially freeware) may contain/come bundled with extra software including spyware and/or adware. So only install when you’re sure they are OK.
  • The use of Torrent sites, Game Patches and Mods, Emulators; really anything "Free" is always a risk. Unless the download/host site is a reputable site, you can never be sure what you are exactly downloading. A file you are looking to download or have downloaded isn’t always what it’s made out to be.

If you have any questions or comments please don't hesitate to get in touch!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , , ,

Wednesday, April 30, 2014

Microsoft Internet Explorer Vulnerability ~ Fact and Opinion


As you have most likely heard, Microsoft is scrambling to fix a major bug which allows hackers to exploit flaws in Internet Explorer 6, 7, 8, 9, 10 and 11. The company has also confirmed it will not issue a fix for web browsers running on Windows XP after it formally ended support for the 13 year old operating system back on April 8th.

The vulnerability was discovered by cyber security software maker FireEye Inc. which stated the flaw is a ‘zero-day’ threat. This means the first attacks were made on the vulnerability before Microsoft was aware of it. FireEye also revealed a sophisticated hacker group has already been exploiting the flaw in a campaign dubbed ‘Operation Clandestine Fox’, which targets US military and financial institutions.

FireEye spokesman Vitor De Souza declined to name the hackers or potential victims as the investigation is ongoing, only telling Reuters: “It’s unclear what the motives of this attack group are at this point. It appears to be broad-spectrum intel gathering.”

For its part Microsoft has confirmed the existence of the flaw in an official post: https://technet.microsoft.com/library/security/2963983

Now, Internet Explorer has always been a vulnerable browser and has exploits created/identified against it everyday. This is why for YEARS I have pushed my customers to use an alternative Web Browser such as Mozilla Firefox or Google Chrome. As previously mentioned, both of those web browsers are safer to use than Internet Explorer and are both immune from the recently identified exploit!

What makes this recent vulnerability stand out from the others, and why this particular vulnerability is making all the headlines, is that the problem is pretty widespread; affecting 1 in 4 Windows based computers and ALL Windows XP systems.

A Temporary Fix
While Microsoft rushes to fix the bug, FireEye gave concerned users two workarounds .
  1. Use another web browser other than Internet Explorer
  2. Disable Adobe Flash. “The attack will not work without Adobe Flash,” it said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”
*Adobe has released a new patch/update for their Flash Player! Allow the Flash Player to update or manually download and install the latest version here: http://www.adobe.com/support/flashplayer/downloads.html

No Hope For Windows XP
Microsoft has confirmed that no fix will be rolled out for Windows XP because support has officially ended and there are no plans to make an exception. It states:

“An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information.”

The company’s advice to Windows XP users has remained the same for some time: upgrade to Windows 7 or 8 or buy a new PC. It has also repeatedly sent a pop-up dialog box to reachable Windows XP machines with the following end of support notification.

For users unsure whether their existing XP PCs can support Windows 8, Microsoft offers a software tool called ‘Windows Upgrade Assistant’ which can be downloaded here: http://go.microsoft.com/fwlink/p/?LinkId=321548

If you have any questions or concerns please don't hesitate to get in touch!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)