We’ve updated you with several security threats and scams over the last few months, and we know it can be difficult to keep track of what’s out there. Here’s a roundup of the threats you should be aware of.
This past April, researchers announced that they had found the Heartbleed Bug, a security flaw that could leave secure information vulnerable online. As of late June 2014, more than 300,000 servers remained affected by the bug. If you haven’t updated your passwords yet, please do it now!
The Heartbleed Bug is a security flaw found in Open SSL, which is network software used by secure websites. You know you’re on a secure website when the web address starts with “https” rather than “http” or you see a little lock icon in your browser. Social media, banking, email, shopping, and dating sites use security software like this – though not all of them are affected by this bug.
How can you protect yourself? Check the list of websites affected, and then start changing your passwords. We know it's a pain to make all those changes, but a strong password is one of the best ways you can protect yourself.
It’s the ransomware that just won’t go away. A few months ago, we told you about Cryptolocker, a nasty virus that encrypts your files and promises to decrypt them for you – after you pay a $300 ransom.
The word got out about Cryptolocker, and the update is that it stopped working in early June and a potential mastermind has been targeted by authorities.
But that doesn’t mean you can rest easy – the hole left by Cryptolocker has been filled by a new ransomware threat: Cryptowall.
Cryptowall works much the same way Cryptolocker did: Once your computer is infected, the virus works to encrypt all of your files and documents. You don’t even know it’s there until its work is done. Once it has encrypted your files, a message pops up to tell you everything has been encrypted; to decrypt the files, you must send $500 — $1,000 if you wait 48 hours.
Tech Support Scam
Did you get a call from tech support? Don’t be so sure.
This scam doesn't happen in your inbox or online -- this one comes over the phone. Here's how it works:
A supposed tech support representative calls, claiming to be from a company you trust like Microsoft or Apple. He throws a barrage of confusing technical terms at you to convince you that the company has detected a virus or malware on your computer and that he is calling to help you fix it.
To do so, he needs remote access to control your machine. Give it to him, and he will poke around your computer, claiming legitimate files are problematic. He may install malware or keylogging software on your computer but tell you that it’s software that will fix the problem. He’ll scare you into thinking there’s a problem with your computer, but for a fee, he can help you fix it.
The FTC says that best-case scenario, you lose money and get useless software – or software that was available for free elsewhere. Worse-case scenario, the scammer gets access to your files and personal information as well as your credit card number, or he disables your security settings leaving you vulnerable to attack.
Variations on this scam:
A fake tech support call isn’t the only scam call you might get. Be on alert for these variations.
SMECO scam: Southern Maryland News Net is reporting a similar scam from a caller claiming to be from SMECO. The caller says you must submit a payment or your electric service will be shut off. Do not provide personal or financial information over the mail to this person! Hang up and call SMECO immediately.
SMECO says it issues bills once a month, and overdue charges will be noted on your bill.
IRS scam: When a caller claims to be from the IRS, red flags should go up. The IRS will never call or email you about overdue taxes or other payments or ask for financial information. You can report this scam to the IRS and the Federal Trade Commission (FTC).
Worried about your online security? Contact PNSolutions today! We’re happy to answer your questions and help you secure your home or business computers.