Tuesday, September 20, 2016

It's Microsoft Calling (Not!)

   The amount of automation and detection in our world today can be scary but it can also be useful.  You can set your lights to come on as you approach your home.  You can have your phone switch to wifi when you get to the office.  And Microsoft will even call you when they detect a problem with your PC!

   OK, maybe not that last one!  As we've discussed before, this is a common scam that has now been around for a few years.

   It works like this... There are 2 basic scenarios:
  1. you get a popup on your computer telling you that "Microsoft" has detected that there is a problem with your PC, and you should call the phone number they provide, or;
  2. you get a phone call directly from "Microsoft" telling you that they have detected a problem on your PC.
   Of course, neither of these are legitimate.  Microsoft will not call you.

   This article has a recording of what one of these calls sounds like.  Here's another.

   I said PC above, but people with Macs have received these as well!

   Here's the thing about these scammer orgs...  they provide very good customer support!  That, of course, is good for them but bad for us.  It's one of the reasons that these scams work.  People are very happy to receive great customer support - it's unfortunately too rare.   So when a friendly, attentive "customer service" rep is telling someone that their computer is infected, it can be convincing.

   Typically the "customer service" rep will ask the victim to pop a web browser and type in what they tell them.  The victim's web browser is directed to a malware site that will give the attacker control of that PC.

   Why do they do this?

Tuesday, September 6, 2016

Call Me

  I recently received some awesome news via email.  And it was totally unexpected.  Check it out:


   Now I can retire in style!  :-)

   Needless to say, this is a phishing email.  We've talked about phishing many times in the past.  And we keep talking about it.

   So why does phishing still work?  There are two primary reasons:
  1. No cost/low barrier to entry.  It is effectively free to send out potentially millions of phishing or spam emails.  Attackers can easily relay email through open mail relay servers, but there are other ways to send spam and phishing emails.  Open mail relays are systems that send email but don't require any kind of identification.  Here's some more technical info on open relays.
  2. Exploiting the human factor.  People are busy and we all receive too much email.  It's not always easy to take the time to figure out if an email is OK or not.  Attackers leverage this by sending plausible-looking email, though there are plenty of poorly-created messages as well (like the one above that I received).
   As I mentioned in a previous column, rather than looking examining an email for evidence of phishing, we can approach all email as if it's hostile and then look for indications that it's OK.

   If you'd like to have some fun... try these spot the phishing online quizzes!

   I won't be contacting the "friend" to sent me the above email.  And I did not win.

   Have you seen any interesting phishing emails you'd like to share?