Tuesday, May 30, 2017

Mortgage company sites get hacked, siphoning payments from homeowners with phishing schemes


The FBI Office in Minneapolis is warning consumers about “mortgage phishing”.  Before closing, a mortgage company’s database is hacked and the criminals send phishing emails to accept payment, with a fake website and emails to fool the consumer into believing she is paying the mortgage company.

NBC News has the story here.

Back in 2000, I was paid a settlement from Texas that was stolen this way, but I got repaid anyway.

Sunday, May 21, 2017

Be wary of Facebook friend requests from existing friends


Be wary of Facebook friend requests from people who are already friends.

Kim Komando has a page on the problem here , and WJLA-TV will have a story about it Monday night, May 22.

There have been cases of people creating duplicate fake profiles to divert friend requests. 
Fake requests could also solicit personal information.

A fake profile of someone could be used as a ploy to call for money, claiming a need for bail or arrest in a foreign country.  That’s a common scam.  In my case, my friends would probably be very suspicious.

I had one fake make of mine a few months ago (with no posts) which a friend (who knows my books well) reported and it was deleted by Facebook before I found out about it.  She said it had happened to her once and that it is a fairly common scam, probably from overseas hackers.  



Update:  May 24

Sinclair Broadcasting's ABC affiliate WJLA 7-on-your-side has a video on the problem, aired May 22, here

Friday, May 19, 2017

Property insurance companies start to cover ransomware, sometimes bundled with home and auto; is this always a good idea?


NBC News is reporting that several insurance companies, including AIG (from 2008) are offering new cyberinsurance, against identity theft and specifically ransomware losses. The story and video are here.

Homeowners’ policies today often cover identity theft now, but the ransomware payments and recovery seems to be new.   Usually this coverage has to be requested as an add-on endorsement for about $100 a year.

Bundling cyberinsurance with property insurance (auto and home) in umbrella (“rain shield”) insurance may not always be in the best interest of consumers.  It could lead to companies’ being nosey about consumer online reputation and habits.  This does not need to complicate covering your home from a tornado or car from a drunk driver.

The report mentioned threats against consumer cloud accounts (maybe bogus, by phishing). Consumers should always watch their bank and investment accounts online diligently. And don't click on attachments or links from sources you don't know.  Verify that the mail really came from (or would come from) the company in the header.  There is such a thing as safe computing. 

Thursday, May 18, 2017

New covert malware attempts to mine for bitcoin on your computer


There are reports of a new “invisible” malware, It’s called “Adylkuzz” and it seems to be designed to get karma points toward bitcoin mining. CNN has a story here.

It apparently offers the dubious”benefit” of blocking other malware (maybe even ransomware) while it runs.  Of course, ransomware usually demands payment it bitcoin.

Friday, May 12, 2017

Massive "WannaCry" malware hits Europe, Russia; Edward Snowden had found it


There are plenty of news accounts of the “Shadow Brokers” attack on many systems around the world, revealed today, hitting Spain, Russia, and the British NHS pretty hard.  Here is a New York Times story.

And the Washington Post story. The NSA has known about the vulnerability which was apparently exposed by Edward Snowden,

Microsoft updated its systems in March but another patch is said to have been released this week. It is unclear if the latest updates Tuesday (to Windows 10, including 1703 Creator’s Update) has all the fixes. My systems updated this week and show up-to-date.

The UK NHS (single payer healthcare) infection apparently occurred with zip file attachments.  But the media reports that the WannaCry  malware could be spread by infected ODF files.

Webroot, in a tweet, directed me to read this Microsoft bulletin about SMB MS017-010 here.  UK Computing has a story here. Infection seems much more likely through Server and through network shares, it seems less likely at home.

Timothy B, Lee of Vox has a detailed explanation here.



Update: May 13 

US Cert's analysis of the problem.

This worm can spread from computer to computer within a network with a different user clicking on a phishing link or dangerous site.  It's not clear it can get through a firewall.

A 22-year-old programmer in Britain (or was it Indiana) disable the current malware by buying an unregistered domain used as a pivot in the worm.



Microsoft has a new update.   Windows 10 computers are not affected. However earlier computers still running Windows 8 or earlier may be vulnerable if not updated after May 13, particularly if connected to network shares.  Here is the latest I can find. I find their advice problematic;  older computers to not run Windows 10 very well.

Ars technica discusses Port 445 exposure (not requiring user interaction) here.



Update: May 16

Here's a blog post from Kaspersky about the Lazarus Group and possible ties to North Korea.

Update: May 17

Trend Micro offers a Folder Shield, which provides one more layer of protection against a designated folder, in the Data section.  It also offers users with earlier Windows OS to check to see if they have all the necessary patches against WannaCry.

Tuesday, May 09, 2017

Chrome browser said to be enforcing https standards


A site called “Nestify” is advising web users that Google Chrome will apparently mark all non “https” sites as unsafe, and also mark certain https sites as unsafe if they don’t pass certain standards. The article, shared today on Twitter, is here

It’s obvious that sites that require you to log in need encryption and SSL.  It’s less clear if you’re browsing and the website owner doesn’t require you to log in.  But the business climate of most webmasters today is that most of them need to sell something (however rarely) to some visitors, so an all https environment seems more credible.

Generally, newspapers having a paywall (as more do all the time) are starting to use https for all access (now the New York Times does). Vox does not require login but has installed SSL (maybe because Timothy B. Lee works there and influenced the company to do so).  But some news broadcast networks don’t yet, as they all have totally “free” content.

The article mentions Wordpress sites.  Right now I have four Wordpress blogs on Bluehost, under one account with three add-ons.  Blue Host allows one site per account to have SSL right now.  Since BlueHost has a subdomain naming structure internally, it would sound plausible that they could offer it to all addons on a hosting account at some point with more “programming” or re-engineering of how some routing works.  But that could be hard to install without interfering with access. 

My native Wordpress blog  (URL)  I’m putting some old archived material there) is SSL, as are 13 of the 16 Blogger blogs.  The three that are equated to domain names are not https because SSL is based on domain name (“Blogspot.com”). 

Wednesday, May 03, 2017

Unusual phishing scam targets Google Docs


There is a bizarre phishing attack involving sharing of Google Docs.  It will lead you to a real Google account page but then to fake documents page, as Timothy B. Lee explains on Vox here.

Fixing the hack involves removing an instance of “Google Docs” from the Google app permission page. Changing your own password doesn’t do any good.


 
But apparently this scam has circulated before, given YouTube videos about it.

Monday, May 01, 2017

Facebook memes could pose security hazards


Some security experts are warning Facebook users about memes on favorite activities, like asking users to identify a fake concert among others they have attended, as in this New York Times story here.
 
It’s possible for some criminals to guess security questions for other accounts from these, or to use social engineering to target users for future scams, according to some security experts.

I’ve never played on such a meme.

But one time I was greeted with a survey when logging on to Facebook, only to find later I had indeed misspelled the domain name.  Fortunately for me, nothing came of it.