Sextortion Emails With A Twist

There’s a new email scam in town, and it’s taking people for quite a bit of money. The scam asserts that it has captured video of the recipient watching porn using their computer’s web cam, and threatens to send that video, along with the video the recipient was supposedly watching, to everyone in the recipients contact list. The twist? They give the recipient a password that the recipient has used in the past. It might be the distant past, or recent past, or even a password that’s currently in use.

This new twist lends a scary amount of credibility to the scam. To that end, as Vice reports, the culprits have made off with over half a million dollars so far in this scam. We’ve already had a number of clients call in about this scam, and our advice is to not pay the extortion money. You can find the full text of one of these emails on Kerbs On Security’s site, but I will post a snippet below.

 

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

 

The fact that they have a valid password is really the scariest part for most people. I would recommend that if the password they present to you is one that you currently use, change that password. If you are still concerned about an email you’ve received, or someone you know needs to be talked out of paying the extortion fee, please give us a call. Our clients’ information is always confidential, but we can discuss the similarities between the different instances of this that we have seen.

Uptick In Phony Tech Support Scams

Microsoft is stating that there is an increase in the number of phony tech support calls, The Register reports. Microsoft puts the number of tech support scam calls at about 153,000, and roughly 15 percent of those calls resulting in the victim losing money.

It’s important for everyone to remember that Microsoft will not call you to fix a problem with your computer. The two big reasons are that basically 90% of the computer-using world are their customers.  That’s a lot of customers, and would require an impossibly large support team. The other reason is verification. Microsoft cannot verify who you are, and you cannot verify that it is actually Microsoft that’s actually calling you.

If you get a call from someone claiming to be Microsoft, do not give them any of your personal information, and do not let them remotely connect to your computer. If you have any concerns about such a call, feel free to reach out to us and we will assist in any way that we can.

Malware Disguising Itself As An Update

An ArsTechnica article posted today is talking about a rash of websites that have been compromised, and are now delivering phony web browser updates to site visitors.

What’s important for our clients to understand is that all major web browsers have a control method for updates. Internet Explorer and Edge are updated through Windows Update. Chrome and Firefox both phone home and download updates from their trusted sources. There is never a legitimate reason for a website to distribute an update to your web browser.

As always, keep your anti-virus software up-to-date, and if you run into any problems, Reinforcements are just a phone call away.

Secure Website Warnings

Symantec had a bit of a bumpy 2017, starting out with the mis-issuance of roughly 30,000 secure website certificates. For a very in-depth read on that, check out Ars Technica’s post here.

With the mis-issuance issue in mind, The Register kindly reminds us that in mid-April of this year, Google Chrome is going to stop considering certain certificates issued by Symantec as being valid. This means that if you visit a site with one of these certificates, you will get a security warning before you see the actual web site you were intending to visit.

We just want you to be aware that these security warnings could be coming. It’s possible that site owners will have upgraded all of their certificates before the deadline. But if they don’t, then for those of you using the Google Chrome browser, you may expect to start seeing these warnings sometime in April. For those of you using Mozilla Firefox, the warnings should be popping up a month later in May. Unfortunately I couldn’t find time lines for Microsoft Internet Explorer or Edge.

The main take away is that if you see these alerts, give it some time. Don’t put any personal information into a site that has thrown one of these warnings. Given the wide spread popularity of Google and Firefox, web site administrators will be keenly aware when the switch has been flipped, if they weren’t aware already.

Vulnerable Cisco Firewalls

Ars Technica reports on a vulnerability to some Cisco firewalls. You can read their article here:

https://arstechnica.com/information-technology/2018/01/cisco-drops-a-mega-vulnerability-alert-for-vpn-devices/

What does this mean to TRI customers?

Well, it looks like the vulnerability exists in Cisco’s ASA software that is used in many of their firewalls (note: some of the firewalls running the software don’t necessarily say ASA on them). If you’re using one of the affected firewalls, and you’re using WebVPN, you should patch immediately. That brings us to the next hurdle. Patches for Cisco devices either come from behind their paywall, or by contacting their Technical Assistance Center (TAC). Some people are reporting slow response times from TAC, and if you don’t have current support with Cisco, the download behind their paywall is out of reach.

Need Help?

If you’d like assistance assessing your firewall, working with TAC, or even replacing your firewall if it’s simply too old, we are here to help.