Cyberheist Not the Bank’s Problem

Mark Berry June 14, 2011

I’ve recently become aware of a legal case where a company lost a huge amount of money due to a computer virus. Hackers used the virus to steal the company’s online banking password, then proceeded to transfer out over half a million dollars. When the account was empty, the bank advanced over $200K of the company’s line of credit.

The Next Scam: Tech Support Calls You

Mark Berry May 19, 2011

A user contacted me yesterday telling me, “I just got a weird call from someone with an Indian accent saying his company had been getting error messages and they wanted me to go on the computer and have a technician walk me thru steps.” She did exactly the right thing:  “I refused and hung up.” But what is behind this scam? What are they trying to achieve?

Prevent Outside Parties from Scheduling Your Calendar

Mark Berry January 18, 2011

Ever receive an email with an Outlook calendar item attached, then find that the item appeared in your calendar without your permission? It turns out that by default, Outlook lets anybody in the world add items to your calendar as “tentative” appointments, whether you agree or not. I got instructions from Microsoft support on how to disable that “feature.”

Identifying and Avoiding Fake Anti-Virus Programs

Mark Berry December 21, 2010

One of the biggest threats to your computer comes when you land on a web site containing a fake anti-virus warning. These sites try to trick you into installing a program that is actually a virus. Sometimes these programs will encrypt files on your system, then charge you money to unlock them. But what does a fake anti-virus site look like, and what should you do? Here’s an example.

Got Backup?

Mark Berry September 29, 2010

Computer backup is an insurance plan for your data. Like any other insurance, it’s hard to think about when everything is going great, but you sure are glad it’s there when you need it.

Also like insurance, there are lots of factors to consider and lots of potential solutions.

So why do you need backup, exactly? And what kind of backup do you need?

Help! My Yahoo / Hotmail / Facebook Was Hacked!

Mark Berry September 28, 2010

In the last few weeks the personal accounts of at least four of my acquaintances have been hacked. As you may have experienced, when your friend’s account is hacked, you start getting emails that appear to be from them, but which actually contain some kind of spam.

A RARe Virus Delivery Method

Mark Berry July 27, 2010

Yesterday I received the following email from someone I don’t know:

The unusual thing is the attachment of type .rar. RAR is an archive format not as common as .zip in the Windows world.

I had an old copy of the freeware UnRAR on my machine so I had a look at the file contents. Sure enough, it’s a script file (.scr) which, like an .exe file, can make changes to a machine.

Virus Scanning Not Enough

This file was delivered through Postini, which means their virus scanner didn’t catch it. In fact, as of this writing, VirusTotal shows 23 of 42 antivirus engines identifying the malware. Major engines like AVG, ClamAV, and Sophos are not catching it yet. While infection is less likely since many people won’t have .rar archive utility installed, it still is up to the user to remember:  don’t open attachments from unknown senders. In fact, it’s best to avoid attachments even when you know the sender unless you are specifically expecting an attachment from them.

Facebook: Scam Central

Mark Berry June 3, 2010

In the last 24 hours I received two invitations from different Facebook friends to sign up for “events.” Both emails actually came from Facebook, and both included the first and last name of my friend as the person extending the invitation. The first promised me a $1000 Best Buy gift certificate:

The second was “only” for free ring tones, but besides the sender, it actually lists two other people I know as invitees:

Generous as they were, I didn’t accept these invitations, since I figured that would lead either to a virus site, a phishing site, or (worst) sending the invitation to all of my Facebook friends.

A few rules of thumb:

• If it sounds too good to be true, it probably is.
• If out of the blue, friends suddenly invite you to “events” that are supposedly product giveaways, don’t accept. You might send them a private email suggesting that they change their Facebook password in case it’s been hacked.
• Facebook is not a secure platform. Assume that anything you put on Facebook will be available to any Page, fan club, event, or friend that somehow earns the trust or interest of one of your friends. Set your privacy settings as high as possible, don’t post your birthday, and consider blocking Facebook access on work computers.