Tele-scams take on a new tact
Microsoft will never call you to tell you your computer is infected. Most of you know to hang up on a call like this. Just like the IRS will never call you to tell you owe back taxes that can only be paid with iTunes Gift Cards (no joke – this was real scam call). However, the criminals are still at it, busily crafting new ways to get you to part with your money. The latest craze is Malvertizing or malicious advertisements.
Everyone has seen advertisements on news sites and Facebook tucked to the side of the screen, sometimes disturbingly targeting some of the things you have recently been visiting on the internet. Well, if you don’t know, these ads are actually not being served from the site your visiting, but are pushed into the advertised space by ad services to which the owner of the site subscribes. These are massive services with millions of advertisers looking to peddle their goods to the audience of these often famous places.
These very carefully crafted advertisements are being posted to these advertising services and are making their way onto your computer, regardless if you’ve a PC or a MAC. The crooks are actually not only fooling you, but the advertisement services to which they’re posting. This is because the advertisement image looks completely normal to the systems accepting it. However, the image has special code within it that will cause your internet browser to open a new tab and browse to a target site where the malicious advertisement is displayed. We have seen some very crafty engineering with some of these. They will often claim to be from Microsoft or Apple. They can fill the entire screen, and not give you a title bar where you can close the window. Some of them will play a very loud and annoying alarm sound to really scare you.
Be not fooled!
This is their point. They are using a very old confidence scam and social engineering to get you to react without thinking. Because the number is toll free, people think it’s legitimate and call. The criminal on the other end will, of course, confirm that you are horribly infected and needs to gain access to your computer immediately to prevent your files from being destroyed. They will then show you a bunch of fake screen shots of things they “found” on your computer and ask for payment. We have seen these agencies bill for removal of these fake infections between $60 and $400. Some of them will charge you every month for service they’re simply not providing. As long as you think they’re legit and you don’t do anything, they are walking away with your money.
How to save yourself
So, the a-typical tech support answer always works. Reboot. Because this isn’t actually an infection at all, rebooting will close all open items on your computer and get you back to working. However, there could be times when this may be destructive to unsaved work that may be open in the background in another application. In this case, use Task Manager (CTRL+SHIFT+ESC for Windows, CMD+OPT+ESC for Mac) to select your internet browser (Chrome, FireFox, Internet Explorer, Safari, etc) and end it.
Prevention
- Keep your computer updated. These attacks take advantage of the fact that you are annoyed by the prompts to update your computer (Operating system, Java, Flash, Reader, etc) and they take advantages of known vulnerabilities on your system. Our Guardian Managed Service subscribers get their systems updated automatically by us with weekly regularity and are rarely disturbed by updates needed on their computers.
- Have a decent antivirus solution and know what it looks like when it warns you about malicious activity on your computer. All of our clients – regardless of service plan – have the option to have free, professional anti-virus software for their computers – and we take all the alerts for you!
- Network-wide security or threat management at the internet router. Customers that need more thorough network security and want to block malicious software before it reaches the desktop, have the option for software and devices that are more advanced that can provide much more control over internet content and the blocking of malicious attacks.
- Install AdBlock Plus. This free product (donations accepted) plugs right into your browser and will not only prevent this type of malicious attack, but many annoying advertisements as well. Just note that some sites are getting aware of software like this and will refuse to display content until you turn it off.
- Spread the word. As computers get more and more secure, social engineering scams are on the rise. Humans have been, and always will be, the weakest link in computer security. Share information like this with your friends. At work, make sure there is a clearly defined computer policy that includes incident reporting to your boss when something unusual happens to your computer. Staff should also be regularly trained and tested on computer and internet security skills. There are dozens of excellent resources available. We can help with training your staff, too!
If you have any questions whatsoever about your computers, networks, servers or security, we are here to help. Do not hesitate to email or call us!