TOTAL COMPUTER SOLUTIONS, INC.

News


Justice comes to some overseas scammers. 

Please read the linked article here for details. (image and article courtesy of the NY Times)

Not all scams come in the form of nerdy geniuses in dark rooms furiously hammering away at virus code on their keyboards.  In fact, some of the best scams involve nothing more complicated than a good con.  No matter how smart we think ourselves, there is always a way to push the right button and get us to grant information or access to something we'd normally safeguard.  A good con man knows how to social engineer his way into our computers, homes, bank accounts, even our lives. 

Scams like the IRS scam in the linked article come in many forms.  As I've no doubt you've experienced similar, some of the scams I've encountered are as follows:

-Elderly client received a call from Microsoft support indicating there was a problem with her PC.  After some wrangling, she let the "support" tech into her PC.  After watching a few minutes, she realized something was amiss, so she powered down her PC and called us.  I called the scammer back on the number he'd provided her, and he succinctly colorfully told me what I could do with my spare time. 

-I received a call (Yes, it happens to IT techs too) from the Miami office of the FBI.  I looked up the number, and it was indeed the Miami FBI office.  This piqued my interest, since I've never been to Miami, so I called back.  I spoke to one of the office workers there, and he said that scammers had been spoofing their phone number, and to disregard any calls from the FBI.

Now this is just the tip of the iceberg, but you get the idea.  The object is to get you to give up money, or to grant access to information that will affect the same result.  They don't care about you, your computer, your tax returns, or your criminal record; all they care about is your money, and the most efficient way to separate you from it.  In fact, there are scammers all over the world dreaming up new ways to drain your bank account, and most of these scams play on your fears.  If you feel scared after one of these encounters, remember that they want you to be afraid.  They want you to act quickly and rashly and give them what they want.  Your best defense is to trust your instincts and remain calm.

We at TCS recommend that you are mindful of these efforts.  Stay vigilant.  The IRS will not call you about your taxes unless you are already in discussion with them on such matters.  Microsoft will not call you to tell you there is something wrong with your PC; they charge $500 per incident for tech support, and you have to call them for the privilege of paying for such care.  If the FBI is going to call you, they will not use an autodialer with a canned message.  In the unlikely event that you talk to a live person claiming to be with the FBI, get his/her badge number, find out what branch office they're in, find the number on the Web, then call the office back.  If they are who they say they are, you should be able to get a hold of them fairly easily.

At the risk of appearing to have sympathy for the devil, remember that most of the people working for these scammers are themselves victims.  I had a conversation with one of these young men a couple weeks ago, and he very plainly admitted it was a scam, but it was the only job he could find.  For most of the people working for these scammers, they are just trying to eke out a living.  It's survival for them, so try not to take it personally.  I recommend you just calmly hang up the phone, then call us and let us deal with them on your behalf.
Comment Form is loading comments...
!! FLASH -- Intuit/Quickbooks Scam -- FLASH !!
DO NOT OPEN THE ATTACHMENT!!

Looks legit, right?  It's not.  The first clue is the from email address (below).  It's from a gary.terry@intuit-invoice.com.  If this email were a legit email from Intuit, the email domain would be intuit.com, not intuit-invoice.com
The second item that should grab your attention is the exorbitant amount, $23,389.41.  How on Earth could a small family-owned business run up such a huge tab using just Quickbooks?  It doesn't seem possible because it's not possible.  A Quickbooks annual license is about $300 for most small companies, so for 10 PCs it's only ~$3000, making the math for accumulating such a gargantuan tab nigh impossible.

Third, what exactly is a "level 3 officer" anyway?  Is that a legitimate title at any company on this continent?  Why don't Mr. Terry's email addresses match?  Fortunately, this "Mr. Terry" left a phone number, which -- if you call, will result in a "this number cannot be completed as dialed" message. 

As for the company that received this email, they were running Sophos, which immediately picked up the virus embedded in a macro in the attached .doc file, which brings me to the most salient point of this article: DO NOT OPEN THE ATTACHMENT!!  If you open this attachment on your PC, you will be slapped with a nasty virus, most likely some form of Ransomware. 

We highly recommend that you contact us to obtain a quote for a Sophos license, so that you can protect yourself and your business from this and threats like it.  You may be aware of these threats, but can you guarantee that your entire staff is equally cognizant?  It only takes one foul-up, no matter how innocent, to destroy the financial or proprietary information for an entire company.  These viruses are no joke; they can put you out of business.  Put the scammers out of business; call us to set up a consultation.

Comment Form is loading comments...
Let's Go Phishing!!

Recently one of our clients received the following email:

"To All Employees;

There's a scheduled maintenance on all Employee/Staff Microsoft Outlook from the 13th-15th of July (This Weekend) you may experience difficulty logging in between 7:00am to 12:00 Noon. Please provide your Username (___________) and Password (___________) immediately! Failure to do this may result in your account not been able to receive/send Emails. You can also contact the Office to do it in person.

©2018 HelpDesk."

Of course, we're their help desk, and we did not send this email, so this is immediately suspect from our standpoint.  We would never solicit credentials from our clientele in this fashion, first because our clients have already entrusted us with most of the credentials we need, and second because we'd never ask our clients to record their credentials in a place that could possibly be exploited, like an unsecure email.

Some things to look for in suspicious emails aside from the usual markers (usernames that don't match the email address of the sender, e.g. "Bob Smith<milkykitten@gmail.co.in>"), there are usually some tells in the body of the emails themselves.  Now, even as native English speakers, we all make grammatical and syntax errors, but since most of these endeavors originate overseas, there are mistakes that non-native English speakers are more prone to making.  Watch for incorrect punctuation, such as the use of the semicolon ";" instead of the colon ":" in the opening of the email.  Read the letter aloud to yourself.  If it sounds disjointed or doesn't sound like it would ever be spoken aloud, it's probably from a non-proficient English speaker.  The first sentence in the letter would probably be written as follows:

"There is scheduled maintenance on all employee Exchange email accounts July 13-15 (this coming weekend), from 7:00 AM to 12:00 PM."

Not that my grammar, spelling, or word use are perfect, but when you read this sentence, it makes more sense.  Also, the use of "noon" instead of PM tends to imply that the writer is not used to using AM and PM in his daily life.  A a proficient English speaker would not likely use "12:00 Noon" after using "7:00 AM."  This is significant because most countries outside of the English-speaking world use the 24-hour clock (i.e. "military" time). 

The use of "been" in the second-to-last sentence instead of "being" could easily have been committed by an English-proficient person, but taken in conjunction with the other errors, it further compounds the issue that it's likely a foreign phishing scam.

The last sentence, like the first, does not read as if written by an English-proficient writer.  It omits why the reader is supposed to call the office in the first place.

In closing, trust your gut.  If you feel like something is a scam, you're probably right.  In the meantime, if you think you may have been exploited, feel free to contact us to set up a time to check out your system.
HTML Comment Box is loading comments...
Here's A Recent Scam:

https://www.onlinethreatalerts.com/article/2017/2/14/beware-of-1-410-200-500-it-is-being-used-by-cybercrimininals/

Apparently, it's no longer enough to merely try to jack up your computers, these jokers also have to come after your phones too.  If you get any texts or calls that match the description in this article, ignore them.
HTML Comment Box is loading comments...
Ransomware Threats On The Uptick
A brief Google search (the picture to the left is page 2 of my search) is all that's needed to reveal the threat posed by Ransomware.  While viruses have been around since the first computer, for those affected, Ransomware has fulfilled the doomsday predictions of many of the worst scares since the inception of personal computing.

According to Tech Republic, Ransomware accounts for approximately 39% of all data breaches (statistics by Verizon).  Accounting for the remaining 61% of data breaches isn't that simple, as the distribution of those attacks is less concise.  This means that Ransomware represents the largest single outside threat to data, for both businesses and the consumers who patronize them.  In the U.S. alone, data breaches -- of which ransomware accounts for 2/5 -- cost businesses an average of $7 million per incident. 

Ransomware isn't just affecting the private sector either; less than a month ago at the time of this writing, the city of Atlanta was struck by Ransomware, leaving the city's utilities and bureaucracies with only paper and pen to fulfill their many functions.  Tally up the countless man-hours needed to enter all of that data into the system, and Ransomware pirates are racking up quite the tab at the Atlanta-area taxpayers' expense, $2.6 million according to the most recent figures.

We at Total Computer Solutions, Inc. do not care for the idea of losing our data, or forking over wads of cryptocurrency to some faceless cyberpirate.  To protect ourselves, we’ve partnered with the industry leader in Ransomware prevention, Sophos.  Sophos was one of the first antimalware companies to offer proactive Ransomware protection. Sophos monitors your network and computers for any activity that matches the signatures of Ransomware infections, and at the first sign of such activity, it stops the activity and rolls back any encrypted files.

Please contact us now to create a custom Sophos Endpoint package to help protect your business or home.
Comment Form is loading comments...