All posts tagged alert

02 Dec 2015

Virus Alert: Major Banking Site Redirect + Phishing

Our engineers have reported a Trojan virus that’s floating around that’s utilizing a new phishing tactic that’s worthy of passing along to you.  Internet crooks and scammers are extremely active this time of year due to the massive number of online shopping transactions and they’re constantly coming up with ways to steal your financial information.  Here’s how this particular scenario unfolds:

  1. If your antivirus protection application is out of date, antivirus definitions are out of date, or the antivirus vendor has not included protections against this virus and\or its variants in their most recent definitions release, your machine may be infected by a Trojan virus that allows for this exploit.
  2. You browse to your bank account (this virus is applicable to most major banks).   You put in your username and password and everything appears to work as usual.
  3. If your machine is infected with this virus, the screen may spin for a few seconds or go white for a short period of time, the URL stays the same (your address bar gives the appearance that you’re still on yourbank.com) then suddenly, a box comes up saying your account has had some strange activity and they are forcing you to verify who you are.  The page prompts you for personal financial information such as your debit card number, expiration, 3 digit code, PIN or other security questions.  If you were to enter these and click next, it would say ‘thank you’ and take you to the screen for your bank like nothing ever happened when in reality, you just sent all of the personal financial information that you just entered to the bad guys.

This is a sophisticated scam called a “man-in-the-middle” attack.  The technical trickery that is happening in the background is re-routing of DNS over SSL AFTER you type in your pertinent log-in details, which then attempts to phish you for your credit card information.

Please remain diligent when faced with these crafty methods thieves utilize to phish for your personal financial information.  Asking for your personal financial information should always raise a red flag as legitimate financial institutions do not ask for your account numbers, credit\debit card numbers, PIN or Social Security Number to verify your identity.

FacebookTwitterGoogle+LinkedInTumblrEmailShare
17 Sep 2015

Virus Alert: Ransomware Diligence

The purpose of this virus alert is to inform and educate you, as well as encourage you to remain vigilant against malware. We continue to experience isolated incidents of CryptoLocker and its variants, a type of virus known as “ransomware”.  To learn more about CryptoLocker and ransomware please reference our previous blog post here:

http://sisadmin.com/virus-alert-cryptolocker-how-to-protect-yourself/

As mentioned in the above-referenced blog post, here’s steps you can take to protect yourself:

  1. Never open email attachments from unknown senders. Keep in mind that the people who create these emails are crafty. They are often carefully constructed to appear as if they came from legitimate businesses or vendors.
  2. Don’t follow links received in SPAM emails from unknown senders.
  3. Back up your data.
  4. Keep your antivirus and antimalware software updated. We recommend Webroot and MalwareBytes as a solid deterrent. Please be aware that no preventative platform is foolproof.

How do you know if you’ve been infected?

  1. You are unable to open files and/or files appear to be corrupted. This may occur on your local hard drive or on network shares if the infection has spread beyond a local machine.
  2. File extensions are changing from what they should be (.doc, .pdf, .xls) to .encrypted, .cryptolocker, or .[random characters].
  3. A HELP_DECRYPT file has appeared in each folder where files have been encrypted.
  4. A ransom screen may appear informing you that your personal files have been encrypted.

What do you do if you suspect an infection?

  1. Immediately disconnect your computer from your wired and/or wireless network. This will prevent it from further encrypting any files.
  2. Call SisAdmin at 425-482-1919 to report the infection ASAP.
01 May 2015

Security Alert: Wire Transfer Scam

phishing-attacks

We are issuing this security notice to alert our customers to a fraudulent wire transfer technique that some of our customers have encountered this week.  The technique is called spear phishing and relies upon email messages posing as urgent communications from senior officers to lower level employees.  The messages demand that employees wire funds to destination accounts provide in the message.

These emails can be very convincing and are typically sent to corporate executives, corporate finance personnel, or others likely to have roles in authorizing or executing accounts payable operations.  We highly recommend making your employees aware of this threat and cautioning them against falling victim to these attacks.  Typical signs to look for beyond the obvious tone of the funds transfer demands are:

  • Suspicious emails sent to executives or received from executives
  • Check the sender’s email address closely for spoofed or impersonated domains
  • The body of the email instructs the target to pay all new or outstanding invoices via wire transfer to a new bank account
  • The body of the message often includes a fake, back-dated “original message” in an attempt to set the context of the transfer request
  • Attached to the email is a PDF document containing wire transfer instructions, including bank name, account number, etc.
  • Wire transfer destinations typically include banks in the US, UK, China and Taiwan

The technical details of how scammers accomplish this are as follows:

  1. Scammers register “typo squatting” domains that for all intents and purposes look like the target company’s domain, but are subtly different.  For example, the legitimate domain www.mybusiness.com would be registered as www.mybusiiness.com.
  2. Scammers then create email accounts at the fake domain that mirror legitimate executive email accounts.  For example Joe.CEO@mybusiness.com would be created as Joe.CEO@mybusiiness.com, and the common name that appears on the email account would be identical to the original account, such as Joe CEO.
  3. The attack often relies upon knowledge of key players within the company and emails that are highly convincing to the recipients are created.  They rely upon the fact that when the CEO asks you to do something, you do it!
  4. Emails are sent to lower level employees from executives that are brief and urgent, demanding the transfer of funds and the progress of the transfer, thus making the request appear more authentic.

Please let us know if you have any questions or need our assistance.

REQUEST A
FREE QUOTE

Contact Form