Public Service Announcement


Jim Stutsman
 

In my neighborhood I am "that guy" that people go to with technical problems. I don't usually mind, and if I get pulled in early enough I can usually avoid protracted efforts to help. Recently my next door neighbor called. She had been searching for a recipe and suddenly got a window popping up on her computer that said it was from Microsoft. The pop-up claimed that a terrible virus had been detected on the computer, and it also included audio reiterating that. Instructions said to call Microsoft at the included 800 number, but NOT to turn off the computer. She could not close the browser or the pop up, and she could not do anything else. This is just another one of the myriad ways for the bad guys to scam people out of money. I've even gotten a similar thing on a Mac, warning me that my Windows was infected, even though I'm not using Windows!

This type of infection is called a "drive-by" infection, because it happens just because you happened to visit a website that was itself infected. Way back in the early days of the web, pages were just electronic versions of printed pages. They could be viewed, but they didn't do much of anything else. Then Netscape came up with the idea of "scripts" that could be embedded in a page that would actually cause the computer to do things. Now JavaScript, the language used for this, is everywhere on almost every page in the web. It has evolved to be more powerful, and can be used to make malware that can create situations like that above, including locking the computer entirely. What most people don't know is that this type of page, while terrifying, can't do anything bad UNLESS YOU CLICK ON IT. Of course my neighbor didn't know that and I spent the next two hours rebuilding Windows. In situations like this there is one thing you have full control over, it is the power switch. As soon as the pop-up comes up, DO NOT touch the mouse. Just turn the computer off, count to 10, turn it back on. I've even had to do this with my Mac, when the supposed "Windows infection" could not possibly happen. If you do click on the screen in an attempt to close the warning, it enables the script software to install on your computer. Once that happens, if you turn it off and back on you'll have a full-blown infection and you won't be able to easily get rid of it.

We now live in an age where technology is the preferred tool for crime. You probably heard about the pipeline that got shut down by cyber criminals, causing gas shortages all over the east coast. You may even have experienced the long lines and staggering prices that resulted. The attack that caused this was a ransom-ware attack. Using the Internet, the perpetrators infected one of the Windows computers used by the company, and encrypted everything on it. This type of attack works by reading every file, coding it with a special key, and rewriting the encrypted data. The computer is essentially locked without the key and software to unlock it. To get that the owner of the computer is asked to pay a large ransom in BitCoin. That form of payment is untraceable, so it is preferred by criminals. In this case the ransom request was $100 million dollars. However investigators were able to determine that the perps were in Russia, though the attack had nothing to do with the Russian government. They settled for $5 million and quickly left the country. Even when the ransom is paid, the trouble is not over. Before encrypting the data, the thieves will copy massive amounts of data - things like account numbers, addresses, credit card numbers, anything that you would not want public. They then say if they are not paid they will publish it on the Dark Web, where you can buy a credit card number for as little as 25 cents. Large companies don't want the word to get out that they were hacked, so they will pay to prevent that. Of course that only works with "honest thieves" who will keep their word and not publish the facts of the hack or the stolen data.

Most attacks like this happen because access is gained through links in emails. In what's called a "spear-phishing" attack, emails will be sent to various people in a company that may have high level access. The emails will look completely official, and will direct the recipient to log in, for some urgent purpose, by clicking a link in the email. This will take them to a website that looks exactly like the one they expect, but it will capture the login credentials, send them to the bad guys, and then log the person into the real website. Nothing will appear to be wrong. The lesson here is that you must be vigilant. When you get an email that appears to be from your bank, your credit card company, Social Security, or some other "official" source, don't just blindly click on any links within the email. Most organizations will not ask you to do that, although some of my credit cards will tell me to click a link to go to their "Secure Message Center" to view a document. This is bad form on their part, and I'm extra careful about that. In most email programs you can hover the mouse over a link and see where it is going to take you. If the link says https://www.chase.com, it might look like you're going to Chase Bank. But if you hover over the link and it says https://chase.somerandomsite.com that's a giant red flag.

It has been several years since an email was sent to this list that caused infection. I wasn't moderating then, and implemented moderation immediately after that happened. More than once I've thought about turning off moderation, because it's a burden to me, reviewing every post before publishing, and you, having to wait to see your post. Newbies usually think something went wrong, and post again, creating additional overhead. Because the threats keep coming, I will keep moderating, even though 99.99999% of the posts are safe. It only takes one to ruin your day! Be safe out there.


ladybug35186
 

Thanks for the info!


-----Original Message-----
From: Jim Stutsman via groups.io <onlinesewing@...>
To: onlinesewing-janome@groups.io
Sent: Sat, May 22, 2021 4:13 pm
Subject: [onlinesewing-janome] Public Service Announcement

In my neighborhood I am "that guy" that people go to with technical problems. I don't usually mind, and if I get pulled in early enough I can usually avoid protracted efforts to help. Recently my next door neighbor called. She had been searching for a recipe and suddenly got a window popping up on her computer that said it was from Microsoft. The pop-up claimed that a terrible virus had been detected on the computer, and it also included audio reiterating that. Instructions said to call Microsoft at the included 800 number, but NOT to turn off the computer. She could not close the browser or the pop up, and she could not do anything else. This is just another one of the myriad ways for the bad guys to scam people out of money. I've even gotten a similar thing on a Mac, warning me that my Windows was infected, even though I'm not using Windows!

This type of infection is called a "drive-by" infection, because it happens just because you happened to visit a website that was itself infected. Way back in the early days of the web, pages were just electronic versions of printed pages. They could be viewed, but they didn't do much of anything else. Then Netscape came up with the idea of "scripts" that could be embedded in a page that would actually cause the computer to do things. Now JavaScript, the language used for this, is everywhere on almost every page in the web. It has evolved to be more powerful, and can be used to make malware that can create situations like that above, including locking the computer entirely. What most people don't know is that this type of page, while terrifying, can't do anything bad UNLESS YOU CLICK ON IT. Of course my neighbor didn't know that and I spent the next two hours rebuilding Windows. In situations like this there is one thing you have full control over, it is the power switch. As soon as the pop-up comes up, DO NOT touch the mouse. Just turn the computer off, count to 10, turn it back on. I've even had to do this with my Mac, when the supposed "Windows infection" could not possibly happen. If you do click on the screen in an attempt to close the warning, it enables the script software to install on your computer. Once that happens, if you turn it off and back on you'll have a full-blown infection and you won't be able to easily get rid of it.

We now live in an age where technology is the preferred tool for crime. You probably heard about the pipeline that got shut down by cyber criminals, causing gas shortages all over the east coast. You may even have experienced the long lines and staggering prices that resulted. The attack that caused this was a ransom-ware attack. Using the Internet, the perpetrators infected one of the Windows computers used by the company, and encrypted everything on it. This type of attack works by reading every file, coding it with a special key, and rewriting the encrypted data. The computer is essentially locked without the key and software to unlock it. To get that the owner of the computer is asked to pay a large ransom in BitCoin. That form of payment is untraceable, so it is preferred by criminals. In this case the ransom request was $100 million dollars. However investigators were able to determine that the perps were in Russia, though the attack had nothing to do with the Russian government. They settled for $5 million and quickly left the country. Even when the ransom is paid, the trouble is not over. Before encrypting the data, the thieves will copy massive amounts of data - things like account numbers, addresses, credit card numbers, anything that you would not want public. They then say if they are not paid they will publish it on the Dark Web, where you can buy a credit card number for as little as 25 cents. Large companies don't want the word to get out that they were hacked, so they will pay to prevent that. Of course that only works with "honest thieves" who will keep their word and not publish the facts of the hack or the stolen data.

Most attacks like this happen because access is gained through links in emails. In what's called a "spear-phishing" attack, emails will be sent to various people in a company that may have high level access. The emails will look completely official, and will direct the recipient to log in, for some urgent purpose, by clicking a link in the email. This will take them to a website that looks exactly like the one they expect, but it will capture the login credentials, send them to the bad guys, and then log the person into the real website. Nothing will appear to be wrong. The lesson here is that you must be vigilant. When you get an email that appears to be from your bank, your credit card company, Social Security, or some other "official" source, don't just blindly click on any links within the email. Most organizations will not ask you to do that, although some of my credit cards will tell me to click a link to go to their "Secure Message Center" to view a document. This is bad form on their part, and I'm extra careful about that. In most email programs you can hover the mouse over a link and see where it is going to take you. If the link says https://www.chase.com, it might look like you're going to Chase Bank. But if you hover over the link and it says https://chase.somerandomsite.com that's a giant red flag.

It has been several years since an email was sent to this list that caused infection. I wasn't moderating then, and implemented moderation immediately after that happened. More than once I've thought about turning off moderation, because it's a burden to me, reviewing every post before publishing, and you, having to wait to see your post. Newbies usually think something went wrong, and post again, creating additional overhead. Because the threats keep coming, I will keep moderating, even though 99.99999% of the posts are safe. It only takes one to ruin your day! Be safe out there.


Kathy Strabel
 

Jim---Thank you for publishing this notice. I have noticed a large uptick in the number of phishing attempts in the past few months, also increased nuisance phonecalls. I do not answer calls that I do not recognize the number from. Some of these callers will leave a message which turns out to be a recording of a message that says things like "There has been notice of fraudulent activity on your Social Security number."  Or, I got one a few days ago saying "this is the SECOND attempt to deliver to your address", and saying they are the USPS calling, and they need me to verify my address. Phooey on these folks!!!   I can see how people get fooled, the best advice is to do as you say--be vigilant, and you should always be checking the current status of your bank accounts and credit cards.  
Thank you for your service, both with technical sewing issues, and with the general computer/technical safety and awareness messages. We appreciate the information!!
Kathy Strabel  Camas WA
  

On Sat, May 22, 2021 at 2:13 PM Jim Stutsman via groups.io <onlinesewing=icloud.com@groups.io> wrote:
In my neighborhood I am "that guy" that people go to with technical problems. I don't usually mind, and if I get pulled in early enough I can usually avoid protracted efforts to help. Recently my next door neighbor called. She had been searching for a recipe and suddenly got a window popping up on her computer that said it was from Microsoft. The pop-up claimed that a terrible virus had been detected on the computer, and it also included audio reiterating that. Instructions said to call Microsoft at the included 800 number, but NOT to turn off the computer. She could not close the browser or the pop up, and she could not do anything else. This is just another one of the myriad ways for the bad guys to scam people out of money. I've even gotten a similar thing on a Mac, warning me that my Windows was infected, even though I'm not using Windows!

This type of infection is called a "drive-by" infection, because it happens just because you happened to visit a website that was itself infected. Way back in the early days of the web, pages were just electronic versions of printed pages. They could be viewed, but they didn't do much of anything else. Then Netscape came up with the idea of "scripts" that could be embedded in a page that would actually cause the computer to do things. Now JavaScript, the language used for this, is everywhere on almost every page in the web. It has evolved to be more powerful, and can be used to make malware that can create situations like that above, including locking the computer entirely. What most people don't know is that this type of page, while terrifying, can't do anything bad UNLESS YOU CLICK ON IT. Of course my neighbor didn't know that and I spent the next two hours rebuilding Windows. In situations like this there is one thing you have full control over, it is the power switch. As soon as the pop-up comes up, DO NOT touch the mouse. Just turn the computer off, count to 10, turn it back on. I've even had to do this with my Mac, when the supposed "Windows infection" could not possibly happen. If you do click on the screen in an attempt to close the warning, it enables the script software to install on your computer. Once that happens, if you turn it off and back on you'll have a full-blown infection and you won't be able to easily get rid of it.

We now live in an age where technology is the preferred tool for crime. You probably heard about the pipeline that got shut down by cyber criminals, causing gas shortages all over the east coast. You may even have experienced the long lines and staggering prices that resulted. The attack that caused this was a ransom-ware attack. Using the Internet, the perpetrators infected one of the Windows computers used by the company, and encrypted everything on it. This type of attack works by reading every file, coding it with a special key, and rewriting the encrypted data. The computer is essentially locked without the key and software to unlock it. To get that the owner of the computer is asked to pay a large ransom in BitCoin. That form of payment is untraceable, so it is preferred by criminals. In this case the ransom request was $100 million dollars. However investigators were able to determine that the perps were in Russia, though the attack had nothing to do with the Russian government. They settled for $5 million and quickly left the country. Even when the ransom is paid, the trouble is not over. Before encrypting the data, the thieves will copy massive amounts of data - things like account numbers, addresses, credit card numbers, anything that you would not want public. They then say if they are not paid they will publish it on the Dark Web, where you can buy a credit card number for as little as 25 cents. Large companies don't want the word to get out that they were hacked, so they will pay to prevent that. Of course that only works with "honest thieves" who will keep their word and not publish the facts of the hack or the stolen data.

Most attacks like this happen because access is gained through links in emails. In what's called a "spear-phishing" attack, emails will be sent to various people in a company that may have high level access. The emails will look completely official, and will direct the recipient to log in, for some urgent purpose, by clicking a link in the email. This will take them to a website that looks exactly like the one they expect, but it will capture the login credentials, send them to the bad guys, and then log the person into the real website. Nothing will appear to be wrong. The lesson here is that you must be vigilant. When you get an email that appears to be from your bank, your credit card company, Social Security, or some other "official" source, don't just blindly click on any links within the email. Most organizations will not ask you to do that, although some of my credit cards will tell me to click a link to go to their "Secure Message Center" to view a document. This is bad form on their part, and I'm extra careful about that. In most email programs you can hover the mouse over a link and see where it is going to take you. If the link says https://www.chase.com, it might look like you're going to Chase Bank. But if you hover over the link and it says https://chase.somerandomsite.com that's a giant red flag.

It has been several years since an email was sent to this list that caused infection. I wasn't moderating then, and implemented moderation immediately after that happened. More than once I've thought about turning off moderation, because it's a burden to me, reviewing every post before publishing, and you, having to wait to see your post. Newbies usually think something went wrong, and post again, creating additional overhead. Because the threats keep coming, I will keep moderating, even though 99.99999% of the posts are safe. It only takes one to ruin your day! Be safe out there.



--
Have a good one!
Kathy Strabel





Chris Krause
 

Thanks for the info, Jim…we all need to be careful.

Chris

On Sat, May 22, 2021 at 2:13 PM Jim Stutsman via groups.io <onlinesewing=icloud.com@groups.io> wrote:
In my neighborhood I am "that guy" that people go to with technical problems. I don't usually mind, and if I get pulled in early enough I can usually avoid protracted efforts to help. Recently my next door neighbor called. She had been searching for a recipe and suddenly got a window popping up on her computer that said it was from Microsoft. The pop-up claimed that a terrible virus had been detected on the computer, and it also included audio reiterating that. Instructions said to call Microsoft at the included 800 number, but NOT to turn off the computer. She could not close the browser or the pop up, and she could not do anything else. This is just another one of the myriad ways for the bad guys to scam people out of money. I've even gotten a similar thing on a Mac, warning me that my Windows was infected, even though I'm not using Windows!

This type of infection is called a "drive-by" infection, because it happens just because you happened to visit a website that was itself infected. Way back in the early days of the web, pages were just electronic versions of printed pages. They could be viewed, but they didn't do much of anything else. Then Netscape came up with the idea of "scripts" that could be embedded in a page that would actually cause the computer to do things. Now JavaScript, the language used for this, is everywhere on almost every page in the web. It has evolved to be more powerful, and can be used to make malware that can create situations like that above, including locking the computer entirely. What most people don't know is that this type of page, while terrifying, can't do anything bad UNLESS YOU CLICK ON IT. Of course my neighbor didn't know that and I spent the next two hours rebuilding Windows. In situations like this there is one thing you have full control over, it is the power switch. As soon as the pop-up comes up, DO NOT touch the mouse. Just turn the computer off, count to 10, turn it back on. I've even had to do this with my Mac, when the supposed "Windows infection" could not possibly happen. If you do click on the screen in an attempt to close the warning, it enables the script software to install on your computer. Once that happens, if you turn it off and back on you'll have a full-blown infection and you won't be able to easily get rid of it.

We now live in an age where technology is the preferred tool for crime. You probably heard about the pipeline that got shut down by cyber criminals, causing gas shortages all over the east coast. You may even have experienced the long lines and staggering prices that resulted. The attack that caused this was a ransom-ware attack. Using the Internet, the perpetrators infected one of the Windows computers used by the company, and encrypted everything on it. This type of attack works by reading every file, coding it with a special key, and rewriting the encrypted data. The computer is essentially locked without the key and software to unlock it. To get that the owner of the computer is asked to pay a large ransom in BitCoin. That form of payment is untraceable, so it is preferred by criminals. In this case the ransom request was $100 million dollars. However investigators were able to determine that the perps were in Russia, though the attack had nothing to do with the Russian government. They settled for $5 million and quickly left the country. Even when the ransom is paid, the trouble is not over. Before encrypting the data, the thieves will copy massive amounts of data - things like account numbers, addresses, credit card numbers, anything that you would not want public. They then say if they are not paid they will publish it on the Dark Web, where you can buy a credit card number for as little as 25 cents. Large companies don't want the word to get out that they were hacked, so they will pay to prevent that. Of course that only works with "honest thieves" who will keep their word and not publish the facts of the hack or the stolen data.

Most attacks like this happen because access is gained through links in emails. In what's called a "spear-phishing" attack, emails will be sent to various people in a company that may have high level access. The emails will look completely official, and will direct the recipient to log in, for some urgent purpose, by clicking a link in the email. This will take them to a website that looks exactly like the one they expect, but it will capture the login credentials, send them to the bad guys, and then log the person into the real website. Nothing will appear to be wrong. The lesson here is that you must be vigilant. When you get an email that appears to be from your bank, your credit card company, Social Security, or some other "official" source, don't just blindly click on any links within the email. Most organizations will not ask you to do that, although some of my credit cards will tell me to click a link to go to their "Secure Message Center" to view a document. This is bad form on their part, and I'm extra careful about that. In most email programs you can hover the mouse over a link and see where it is going to take you. If the link says https://www.chase.com, it might look like you're going to Chase Bank. But if you hover over the link and it says https://chase.somerandomsite.com that's a giant red flag.

It has been several years since an email was sent to this list that caused infection. I wasn't moderating then, and implemented moderation immediately after that happened. More than once I've thought about turning off moderation, because it's a burden to me, reviewing every post before publishing, and you, having to wait to see your post. Newbies usually think something went wrong, and post again, creating additional overhead. Because the threats keep coming, I will keep moderating, even though 99.99999% of the posts are safe. It only takes one to ruin your day! Be safe out there.


Lou Ann
 

Thanks, Jim, once again, for your generous expertise.  I've received more than one email telling me I need to click a link to claim a refund from sites I have visited in the past.  Gee "free" money!  I always look at the return address first and delete/mark it as spam any emails that have a goofy-looking return address.  Better safe than sorry.


bhd02@...
 

Really appreciate this info. Scary world out there.


bhoryn
 

Thank you.  That explained a lot.    Thanks for all you do for this group. 


Sent from Yahoo Mail for iPad

On Saturday, May 22, 2021, 5:13 PM, Jim Stutsman via groups.io <onlinesewing@...> wrote:

In my neighborhood I am "that guy" that people go to with technical problems. I don't usually mind, and if I get pulled in early enough I can usually avoid protracted efforts to help. Recently my next door neighbor called. She had been searching for a recipe and suddenly got a window popping up on her computer that said it was from Microsoft. The pop-up claimed that a terrible virus had been detected on the computer, and it also included audio reiterating that. Instructions said to call Microsoft at the included 800 number, but NOT to turn off the computer. She could not close the browser or the pop up, and she could not do anything else. This is just another one of the myriad ways for the bad guys to scam people out of money. I've even gotten a similar thing on a Mac, warning me that my Windows was infected, even though I'm not using Windows!

This type of infection is called a "drive-by" infection, because it happens just because you happened to visit a website that was itself infected. Way back in the early days of the web, pages were just electronic versions of printed pages. They could be viewed, but they didn't do much of anything else. Then Netscape came up with the idea of "scripts" that could be embedded in a page that would actually cause the computer to do things. Now JavaScript, the language used for this, is everywhere on almost every page in the web. It has evolved to be more powerful, and can be used to make malware that can create situations like that above, including locking the computer entirely. What most people don't know is that this type of page, while terrifying, can't do anything bad UNLESS YOU CLICK ON IT. Of course my neighbor didn't know that and I spent the next two hours rebuilding Windows. In situations like this there is one thing you have full control over, it is the power switch. As soon as the pop-up comes up, DO NOT touch the mouse. Just turn the computer off, count to 10, turn it back on. I've even had to do this with my Mac, when the supposed "Windows infection" could not possibly happen. If you do click on the screen in an attempt to close the warning, it enables the script software to install on your computer. Once that happens, if you turn it off and back on you'll have a full-blown infection and you won't be able to easily get rid of it.

We now live in an age where technology is the preferred tool for crime. You probably heard about the pipeline that got shut down by cyber criminals, causing gas shortages all over the east coast. You may even have experienced the long lines and staggering prices that resulted. The attack that caused this was a ransom-ware attack. Using the Internet, the perpetrators infected one of the Windows computers used by the company, and encrypted everything on it. This type of attack works by reading every file, coding it with a special key, and rewriting the encrypted data. The computer is essentially locked without the key and software to unlock it. To get that the owner of the computer is asked to pay a large ransom in BitCoin. That form of payment is untraceable, so it is preferred by criminals. In this case the ransom request was $100 million dollars. However investigators were able to determine that the perps were in Russia, though the attack had nothing to do with the Russian government. They settled for $5 million and quickly left the country. Even when the ransom is paid, the trouble is not over. Before encrypting the data, the thieves will copy massive amounts of data - things like account numbers, addresses, credit card numbers, anything that you would not want public. They then say if they are not paid they will publish it on the Dark Web, where you can buy a credit card number for as little as 25 cents. Large companies don't want the word to get out that they were hacked, so they will pay to prevent that. Of course that only works with "honest thieves" who will keep their word and not publish the facts of the hack or the stolen data.

Most attacks like this happen because access is gained through links in emails. In what's called a "spear-phishing" attack, emails will be sent to various people in a company that may have high level access. The emails will look completely official, and will direct the recipient to log in, for some urgent purpose, by clicking a link in the email. This will take them to a website that looks exactly like the one they expect, but it will capture the login credentials, send them to the bad guys, and then log the person into the real website. Nothing will appear to be wrong. The lesson here is that you must be vigilant. When you get an email that appears to be from your bank, your credit card company, Social Security, or some other "official" source, don't just blindly click on any links within the email. Most organizations will not ask you to do that, although some of my credit cards will tell me to click a link to go to their "Secure Message Center" to view a document. This is bad form on their part, and I'm extra careful about that. In most email programs you can hover the mouse over a link and see where it is going to take you. If the link says https://www.chase.com, it might look like you're going to Chase Bank. But if you hover over the link and it says https://chase.somerandomsite.com that's a giant red flag.

It has been several years since an email was sent to this list that caused infection. I wasn't moderating then, and implemented moderation immediately after that happened. More than once I've thought about turning off moderation, because it's a burden to me, reviewing every post before publishing, and you, having to wait to see your post. Newbies usually think something went wrong, and post again, creating additional overhead. Because the threats keep coming, I will keep moderating, even though 99.99999% of the posts are safe. It only takes one to ruin your day! Be safe out there.


Pixey
 

Thanks for the reminder on this Jim.  I tend to forget the “hover” ability to see embedded emails.  Also the “just turn it off” element as well.

My husband got stung by one of the Microsoft looking pop ups some years back, so we tend to be super cautious but the crooks keep getting more and more sophisticated.

Pixey


On May 22, 2021, at 4:13 PM, Jim Stutsman via groups.io <onlinesewing@...> wrote:

In my neighborhood I am "that guy" that people go to with technical problems. I don't usually mind, and if I get pulled in early enough I can usually avoid protracted efforts to help. Recently my next door neighbor called. She had been searching for a recipe and suddenly got a window popping up on her computer that said it was from Microsoft. The pop-up claimed that a terrible virus had been detected on the computer, and it also included audio reiterating that. Instructions said to call Microsoft at the included 800 number, but NOT to turn off the computer. She could not close the browser or the pop up, and she could not do anything else. This is just another one of the myriad ways for the bad guys to scam people out of money. I've even gotten a similar thing on a Mac, warning me that my Windows was infected, even though I'm not using Windows!

This type of infection is called a "drive-by" infection, because it happens just because you happened to visit a website that was itself infected. Way back in the early days of the web, pages were just electronic versions of printed pages. They could be viewed, but they didn't do much of anything else. Then Netscape came up with the idea of "scripts" that could be embedded in a page that would actually cause the computer to do things. Now JavaScript, the language used for this, is everywhere on almost every page in the web. It has evolved to be more powerful, and can be used to make malware that can create situations like that above, including locking the computer entirely. What most people don't know is that this type of page, while terrifying, can't do anything bad UNLESS YOU CLICK ON IT. Of course my neighbor didn't know that and I spent the next two hours rebuilding Windows. In situations like this there is one thing you have full control over, it is the power switch. As soon as the pop-up comes up, DO NOT touch the mouse. Just turn the computer off, count to 10, turn it back on. I've even had to do this with my Mac, when the supposed "Windows infection" could not possibly happen. If you do click on the screen in an attempt to close the warning, it enables the script software to install on your computer. Once that happens, if you turn it off and back on you'll have a full-blown infection and you won't be able to easily get rid of it.

We now live in an age where technology is the preferred tool for crime. You probably heard about the pipeline that got shut down by cyber criminals, causing gas shortages all over the east coast. You may even have experienced the long lines and staggering prices that resulted. The attack that caused this was a ransom-ware attack. Using the Internet, the perpetrators infected one of the Windows computers used by the company, and encrypted everything on it. This type of attack works by reading every file, coding it with a special key, and rewriting the encrypted data. The computer is essentially locked without the key and software to unlock it. To get that the owner of the computer is asked to pay a large ransom in BitCoin. That form of payment is untraceable, so it is preferred by criminals. In this case the ransom request was $100 million dollars. However investigators were able to determine that the perps were in Russia, though the attack had nothing to do with the Russian government. They settled for $5 million and quickly left the country. Even when the ransom is paid, the trouble is not over. Before encrypting the data, the thieves will copy massive amounts of data - things like account numbers, addresses, credit card numbers, anything that you would not want public. They then say if they are not paid they will publish it on the Dark Web, where you can buy a credit card number for as little as 25 cents. Large companies don't want the word to get out that they were hacked, so they will pay to prevent that. Of course that only works with "honest thieves" who will keep their word and not publish the facts of the hack or the stolen data.

Most attacks like this happen because access is gained through links in emails. In what's called a "spear-phishing" attack, emails will be sent to various people in a company that may have high level access. The emails will look completely official, and will direct the recipient to log in, for some urgent purpose, by clicking a link in the email. This will take them to a website that looks exactly like the one they expect, but it will capture the login credentials, send them to the bad guys, and then log the person into the real website. Nothing will appear to be wrong. The lesson here is that you must be vigilant. When you get an email that appears to be from your bank, your credit card company, Social Security, or some other "official" source, don't just blindly click on any links within the email. Most organizations will not ask you to do that, although some of my credit cards will tell me to click a link to go to their "Secure Message Center" to view a document. This is bad form on their part, and I'm extra careful about that. In most email programs you can hover the mouse over a link and see where it is going to take you. If the link says https://www.chase.com, it might look like you're going to Chase Bank. But if you hover over the link and it says https://chase.somerandomsite.com that's a giant red flag.

It has been several years since an email was sent to this list that caused infection. I wasn't moderating then, and implemented moderation immediately after that happened. More than once I've thought about turning off moderation, because it's a burden to me, reviewing every post before publishing, and you, having to wait to see your post. Newbies usually think something went wrong, and post again, creating additional overhead. Because the threats keep coming, I will keep moderating, even though 99.99999% of the posts are safe. It only takes one to ruin your day! Be safe out there.


Ceil J
 

Thanks, Jim!  My sister recently went through this attack and actually called the number provided.  She hung up when she heard what they said.  I did help her get her computer free (started in safe mode, used Malwarebytes and everything else I could think of to rid her machine of the program).  But I think she must have turned it off before the program downloaded as I was able to fix it.  However, then I wasn't feeling well one day and tried a trial of a new program.  I saw that the program was able to access (or so I thought) my computer and so deleted many items.  Well, it turned out that the program was just opening folders and I must have been in a fog and not thinking.  Result:  I lost things that weren't backed up, not a lot, but I did lose my most recent income tax forms (luckily I made hard copies) and a few other things.  Had to use Dell support to get some things fixed. 
Bottom line:  the computer isn't always the best place to be if you don't have your brain with you. :)
I did get an announcement a few months back that my computer was taken over and I closed it right away.  It happened when I clicked on an item I was searching from a list of Google results.  I once had a program that gave a safe site rating for search results but that was years ago and I'm not sure it would even work now with all the hackers out now.
Also, for some reason Chris Krause's reply was sent to my spam folder even though my gmail account seems to be letting some spam items through lately.  Not sure why that's happening.


Sheila Cheatham
 

Thank you. This is a good reminder that phones and computers can be open books to you life. Everyone needs to be cautious.

Sheila
My iPhone


ikego58
 

Thank you Jim!  I am going to pass this on to my family; it is very clearly written.  Kelly