Beware of Scareware!

What is Scareware?  Designed to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user; scareware is comprised of several classes of scam software, often with limited or no benefit, sold to consumers via certain unethical marketing practices.

You are clicking around on the internet, checking search results, playing games, watching videos or reading an article with an advertising window that changes every 60 seconds next to it – basically minding your own business when POP! A window pops up in the middle of your screen that says:

“We’ve detected a virus on your computer!
Click Here to Remove the Virus”

….before the world as you know it is over…

You Panic!!

You must remove the threat before it destroys your computer!  So you click on the box to remove the offending virus or download the software to fix it – you even pay whatever they want to charge you for their program because you’d rather pay that cost than buy a new computer and lose all of your files.

Problem is… that is exactly what they wanted you to do.  By now you have just downloaded their scam software which probably contained the virus they wanted to infect you with primarily. Or you paid good money to download non-functioning inoperable malware that won’t do you any good and now your credit card number is in their hands.

What should you do when a window like that pops up?   Close it!

Close everything! Including the internet, don’t take a chance of it infecting your system while you make a decision on what you should do about it.

Here’s the trick though.  You see the sample window above?  Say you know better than to click on the “Remove the Threats” button.  You know that your own computer’s Antivirus program or Firewall would notify you of threats not some strange window on an internet page somewhere in cyberspace. So you click on the “Continue Unprotected” button, or “Ignore this Threat” button.  Guess what? Another window pops up asking if you are sure.  Declaring there are more threats or the threat is spreading and you are running out of time!  You click ignore again… Do you know what you are doing?  Downloading the virus anyway. 

There is only one way to get out of a mess like that and it is to close your internet program immediately. 

  • Close Microsoft Edge
  • Close Mozilla Firefox
  • Close Safari

Whichever program you use to surf the internet, close it.  Never respond to an unexpected offer for security software via a pop-up or bubble, telling you that you are at risk.  Any click on that window can start the download process. Sometimes even the little x at the top right of the popup window won’t even close it and will start the download.

If you close the internet immediately you should be safe, however, you never know.  The best thing to do at that point is to run your computers virus checker and spyware searcher.  As clients of Leprechaun Technical Services your computer should be running the ZoneAlarm Firewall and AntiVirus/AntiSpyware program, as well as, Spybot Search and Destroy. Both of these programs will protect and if necessary remove any infections or rogue programs that may have been inadvertently planted on your machine.  If you suspect an issue run a scan with both of them in succession starting with Spybot Search and Destroy.  Make sure your computer comes back clean. Yes it is time consuming but so is reformatting your hard drive or retyping that document that was lost when your computer was fried.

These threats are popping up more frequently. They have recently been found attached to advertisements which means that even the websites you trust are susceptible to this scam.  Scareware is just a criminal tactic to catch you off guard.  When you are prepared for such attacks their scare tactics won’t work and you will remain safe.

As always please feel free to contact Leprechaun Technical Services’ offices if you have any questions or concerns.

How to Spot phishing Emails

It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. But knowing which emails are real and which are phishing emails is crucial and can save you money and problems in the future.


It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. But knowing which emails are real and which are phishing emails is crucial and can save you money and problems in the future.

Let’s jump right in and examine some examples of fake emails:

In this example, overall, it looks like a normal email from Netflix. It even uses its header and logo. It mentions a billing problem and invites you to click on a link to update your payment details. So far, so good. But if you take a closer look, you can see a generic greeting: “Hi Dear.” That’s not very typical for a business to say. Maybe your mother. On top of that, most legitimate businesses won’t have a link for you to click on to login, they suggest going to their website to login to your account.

In this example, it seems that PayPal recognized a security issue with your account and urges you to review it by clicking a login link which will then encourage you to insert your login details. But if you take a closer look at the sender’s URL (at the top of the email), you can see that it doesn’t end in @paypal, but rather a misspelled version of PayPal and a @outlook ending, which is a public email address service. ALWAYS look at the sending email address! If it is anything but a professional looking, domain name email address, it’s likely not legitimate.

Not all phishing emails direct you to a phishing website. In the above example, you can see that it urges you to call some 800 number. Besides the sender URL having similar issues as the previous example, we notice problems in the writing: “a malicious user might trying” (makes no sense), “Windows” is in lowercase, and other grammatical and spelling issues. This should be a red flag that this is, in fact, a phishing email.
Sounds scary? Don’t worry. Following the next tips can be helpful in spotting and preventing phishing attacks.

Here are some tips to protect yourself from phishing attacks:

  1. Trust your instinct
    When you get an unusual email from your bank saying your account has suddenly closed, most people’s initial thought would be that it…well…makes zero sense. Others may panic and frantically follow the instructions of the email attempting to steal your information. Whatever your reaction may be, try to remain calm and follow the next steps.
  2. Check the email address of the sender
    Does it look familiar? Does it end in a “@amazon.com” or simply include “amazon” in a random place? When you run a search on your email with that address, does any previous communication come up? Are they using a public email service like google (gmail)? If so, it may be fake.
  3. Contact the real company directly
    If you aren’t sure whether the suspicious email is real or not, just give the company a call or email. Nowadays, you should get most companies’ contact info by doing a quick Google search. Go directly to the company’s website and get the phone number there.
  4. Be wary of alarming content.
    Anything that urges you to act fast with a short deadline (such as 48 hours), asks for your financial information, offers you a reward, or just seems overall wrong, it probably is. Of course, you may receive a legitimate message informing you to take action. For your safety, don’t click the link in the email, no matter how real it appears to be. Instead, visit the real website from your browser and log in from there to check your account status.
  5. Check improper spelling or grammar
    This is one of the most obvious signs that an email is fake. Sometimes, the mistake is easy to spot, such as ‘Dear Facebook Costumer’ instead of ‘Dear Facebook Customer.’ So when in doubt, check the email closely for misspellings and improper grammar.
  6. Watch out for emails saying you’ve won a contest you haven’t entered
    A common phishing scam is to send an email informing recipients they’ve won a lottery or some other prize. All they have to do is click the link and enter their personal information online. Chances are if you’ve never bought a lottery ticket or entered to win a prize, the email is a scam.
  7. Watch out for emails urging you to make a donation
    As unbelievable as it may seem, scam artists often send out phishing emails inviting recipients to donate to a worthy cause after a natural or other tragedy. For example, after Hurricane Katrina, the American Red Cross reported more than 15 fraudulent websites were designed to look like legitimate Red Cross appeals for relief efforts. Potential victims received phishing emails asking them to donate to the Red Cross, with links to malicious sites that stole their credit card numbers. If you’d like to donate to a charity, do so by visiting their website directly.
  8. Be careful of emails containing suspicious attachments
    It would be highly unusual for a legitimate organization to send you an email with an attachment unless, of course, it’s a document you’ve requested, such as a monthly account statement you’ve subscribed to receive. As always, if you receive an email that looks in any way suspicious, never NEVER click to download the attachment, as it could be malicious.
  9. Use security software or app such as ZoneAlarm Extreme Security.
    ZoneAlarm Extreme Security includes all you need to protect your PC and mobile device (Android or iOS) from cyberattacks, including phishing attacks, all using enterprise-grade technology by Check Point. Its anti-phishing feature prevents you from inserting your credentials while it checks if the potentially dangerous website/email opened is safe or not. Only after it is deemed safe can you go ahead and insert your credentials.

To summarize, to avoid phishing, you need first to know the primary forms of phishing emails. This post covered the most relevant areas that would help you identify phishing scams and stay safe.

Computer Security

Types of Security Threats and Leprechaun Countermeasures:

Malware

  • Software designed to infiltrate a computer system without the owners informed consent
  • Malware includes computer viruses, worms, Trojan horses, spyware, crimeware and other malicious and unwanted software

Viruses

  • A computer program that can copy itself and infect a computer
  • Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them

Spyware

  • Type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge
  • The presence of spyware is typically hidden from the user and can be difficult to detect
  • It can install additional software, redirect web browsers, change computer settings, set different home pages, and/or result in loss of internet

Rogue Software/Scareware

  • Form of malware that deceives of misleads users into paying for the fake or simulated removal of malware
  • Mainly relies on social engineering in order to defeat the security software
  • Most have a Trojan horse component, which users are misled into installing
  • Browser plug-in (typically toolbar)
  •    Image, screensaver or ZIP file attached to an email
  •    Software shared on peer-to-peer networks
  •    A free online malware scanning service

Ransom Virus

  • Comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed.

Phishing

  • Criminally fraudulent process of attempting to acquire sensitive information (usernames, passwords, credit card details) by masquerading as a trustworthy entity in an electronic communication
  • Commonly used means: social websites, auction sites, online payment processors, IT administrators

Email Usage

  • The fastest most-effective method of spreading malicious code to the largest number of users

IN OTHER WORDS: Be aware of where you go on the internet, what you click on to open, what you are agreeing to when you install something. Never install an exe file unless you trust the source. Never click on a link in an email to update your information. Be on alert!

Use a cache cleaning service, install a real-time anti-virus and anti-spyware program and implement a firewall. Allow for automatic updates and scheduled scans.  Leprechaun Technical Services can help.