Ransomware

18 November 2016

There is a serious computer threat that has been increasing since 2016. It's called ransomware and it involves a bad actor sending you an email with a link or perhaps a file to open. DON'T CLICK! This problem is not limited to emails (phishing attempts) sent to you. Ransomware is cybercrime's most profitable criminal business model to date. If you are struck, everything on your computer will be encrypted and you will be presented a screen demanding that you send money within a set time in exchange for a key to decrypt your data. In recent months, not only are people losing  their data, but failure to pay could result in your personal information being placed on the web for anyone to see. Worse still, payment does not guarantee return of your data.

As if that weren't bad enough, now scam apps have been placed into the app stores. Thankfully, the app stores have gotten better at spotting these attempts, but you must beware!

NEW!: A company called Cybereason has made their ransomware protection app, RansomFree, available free for personal use. You can download it from their website. Instructions for installation are on their website as well. Unfortunately, the software is only for Windows 7, 8 and 10 machines at  this time.

image304

Courtesy of Cyberheist News, published by KnowBe4

The New York Times warned about a new kind of ID theft: App ID theft just in time to deceive holiday shoppers. It's something you need to alert  your employees, friends and family about because it can be damaging in several ways. So-called "retail apps" are cool again, but think before you click! Apple’s App Store is getting crowded with fake impostor apps and Google Play is having the same problem. The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big  department stores like Dillard’s and Nordstrom, online product bazaars  like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo. They appear to be legitimate retail store apps — in some cases, they fill a void left by retailers that don’t have apps — but when users install them, the criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets. Starbucks started the first "retail app", and many stores have followed. But scammers are now creating fake apps, trick you into downloading them to your smartphone or tablet, and ask you to load your credit card information in these apps. You can guess what happens next. 


Here are 5 things to think about:  

  1. Be very judicious in deciding what app to download. Better safe than sorry.  
  2. If  you *do* decide to download an app, first thing to check is the  reviews, apps with few reviews or bad reviews are a big red flag.
  3. Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legit app on the App Store  or Google Play.
  4. Give as little information as possible if you decide to use an app.
  5. Be very, very reluctant to link your credit card to any app!

There is more information about this at the KnowBe4 website.

Social Engineering

Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access.