Re: Public Service Announcement


Chris Krause
 

Thanks for the info, Jim…we all need to be careful.

Chris

On Sat, May 22, 2021 at 2:13 PM Jim Stutsman via groups.io <onlinesewing=icloud.com@groups.io> wrote:
In my neighborhood I am "that guy" that people go to with technical problems. I don't usually mind, and if I get pulled in early enough I can usually avoid protracted efforts to help. Recently my next door neighbor called. She had been searching for a recipe and suddenly got a window popping up on her computer that said it was from Microsoft. The pop-up claimed that a terrible virus had been detected on the computer, and it also included audio reiterating that. Instructions said to call Microsoft at the included 800 number, but NOT to turn off the computer. She could not close the browser or the pop up, and she could not do anything else. This is just another one of the myriad ways for the bad guys to scam people out of money. I've even gotten a similar thing on a Mac, warning me that my Windows was infected, even though I'm not using Windows!

This type of infection is called a "drive-by" infection, because it happens just because you happened to visit a website that was itself infected. Way back in the early days of the web, pages were just electronic versions of printed pages. They could be viewed, but they didn't do much of anything else. Then Netscape came up with the idea of "scripts" that could be embedded in a page that would actually cause the computer to do things. Now JavaScript, the language used for this, is everywhere on almost every page in the web. It has evolved to be more powerful, and can be used to make malware that can create situations like that above, including locking the computer entirely. What most people don't know is that this type of page, while terrifying, can't do anything bad UNLESS YOU CLICK ON IT. Of course my neighbor didn't know that and I spent the next two hours rebuilding Windows. In situations like this there is one thing you have full control over, it is the power switch. As soon as the pop-up comes up, DO NOT touch the mouse. Just turn the computer off, count to 10, turn it back on. I've even had to do this with my Mac, when the supposed "Windows infection" could not possibly happen. If you do click on the screen in an attempt to close the warning, it enables the script software to install on your computer. Once that happens, if you turn it off and back on you'll have a full-blown infection and you won't be able to easily get rid of it.

We now live in an age where technology is the preferred tool for crime. You probably heard about the pipeline that got shut down by cyber criminals, causing gas shortages all over the east coast. You may even have experienced the long lines and staggering prices that resulted. The attack that caused this was a ransom-ware attack. Using the Internet, the perpetrators infected one of the Windows computers used by the company, and encrypted everything on it. This type of attack works by reading every file, coding it with a special key, and rewriting the encrypted data. The computer is essentially locked without the key and software to unlock it. To get that the owner of the computer is asked to pay a large ransom in BitCoin. That form of payment is untraceable, so it is preferred by criminals. In this case the ransom request was $100 million dollars. However investigators were able to determine that the perps were in Russia, though the attack had nothing to do with the Russian government. They settled for $5 million and quickly left the country. Even when the ransom is paid, the trouble is not over. Before encrypting the data, the thieves will copy massive amounts of data - things like account numbers, addresses, credit card numbers, anything that you would not want public. They then say if they are not paid they will publish it on the Dark Web, where you can buy a credit card number for as little as 25 cents. Large companies don't want the word to get out that they were hacked, so they will pay to prevent that. Of course that only works with "honest thieves" who will keep their word and not publish the facts of the hack or the stolen data.

Most attacks like this happen because access is gained through links in emails. In what's called a "spear-phishing" attack, emails will be sent to various people in a company that may have high level access. The emails will look completely official, and will direct the recipient to log in, for some urgent purpose, by clicking a link in the email. This will take them to a website that looks exactly like the one they expect, but it will capture the login credentials, send them to the bad guys, and then log the person into the real website. Nothing will appear to be wrong. The lesson here is that you must be vigilant. When you get an email that appears to be from your bank, your credit card company, Social Security, or some other "official" source, don't just blindly click on any links within the email. Most organizations will not ask you to do that, although some of my credit cards will tell me to click a link to go to their "Secure Message Center" to view a document. This is bad form on their part, and I'm extra careful about that. In most email programs you can hover the mouse over a link and see where it is going to take you. If the link says https://www.chase.com, it might look like you're going to Chase Bank. But if you hover over the link and it says https://chase.somerandomsite.com that's a giant red flag.

It has been several years since an email was sent to this list that caused infection. I wasn't moderating then, and implemented moderation immediately after that happened. More than once I've thought about turning off moderation, because it's a burden to me, reviewing every post before publishing, and you, having to wait to see your post. Newbies usually think something went wrong, and post again, creating additional overhead. Because the threats keep coming, I will keep moderating, even though 99.99999% of the posts are safe. It only takes one to ruin your day! Be safe out there.

Join onlinesewing-janome@groups.io to automatically receive all group messages.