I always hesitate to write about the “scary” aspects of technology. Some people are already too scared of technology, but usually in the “That’s why I refused to do online banking” wrong way. For most people though, stories about the bad things that can happen are too easily dismissed as “Well, that’ll never happen to me.”
But I have to share four stories of people right here in Anderson, SC who have lost hundreds, thousands, or tens of thousands of $$ from online con artists and hackers. I want you to know what’s out there so you can keep these evil, evil people from hurting you or your business.
Story #1: Meet The New Boss
In late November a local small business owner needed to wire $50,000 to a vendor. He emailed the same local banker he used all the time, and she sent over the appropriate forms which he filled out and returned. The problem was the banker needed a verbal authorization but the small business owner was stuck in jury duty and could only respond via email. They sent wire transfers all the time, surely this one time the bank could make an exception?
The banker agreed to bend the rules and release the $50,000. But, right before she pushed whatever button would send the funds along, she decided to call the business to double-check that everything was correct. Good thing she did – the REAL business owner was there and was COMPLETELY unaware all this was happening. Turns out hackers had gained access to his gmail account and setup rules so that any correspondence with the bank was shifted to a different email that they controlled, so they were able to use the owner’s email without him ever knowing about it.
Sound like a pretty unusual situation? Sadly, it’s not as rare as you think. We hear about this sort of thing happening to local businesses several times a year. Just today a client forwarded us an email from their business owner asking him to send a wire transfer – in this case the hackers knew the business owner’s name, knew who inside the company could send wire transfers, and they had registered a whole set of fake email addresses using a small, almost unnoticeable typo in the company’s name. (The one thing they hadn’t counted on in this case was that the owner didn’t use email).
Story #2: Staying Offline Isn’t Safer
Last summer we got contacted by a local auto dealership with an unusual and frustrating situation – 
a steady stream of customers had begun showing up at their car lot demanding the cars they had purchased from the company’s website.
These frustrated customers were confused when the dealership owner told them he didn’t have a website. “Of course you do” they’d say, and show it to him – yep, there was a website with his company name and address. It had a local number, but that wasn’t the real number.
Turns out some clever folks in another state had setup this website and a internet-based phone number to take calls (but they only answered the phone for out-of-state callers, since local callers would discover their scam too easily). They advertised collectible cars with prices that were a little too low, but not so low that it looked like a scam. Still, some people would get suspicious and call other dealers in Anderson to make sure the website was legit. I assume the calls went like “Hey do you know XYZ cars?” “Oh sure, they’ve been around a long time”, and then the person would feel more comfortable wiring a very large deposit (which they would never see again).
The only good news for our auto-dealer client was they didn’t directly lose any money from this scam. They did lose a lot of time talking to very angry “customers”, and in dealing with law enforcement, and potentially getting sued from the folks who did lose money though.
Story #3: Microsoft Comes Calling
Like every other scam, the “Microsoft” tech support scam is all about money. It either starts with a random phone call (usually from “Microsoft”, sometimes from “Windows” or from some generic support name), OR from a virus on your computer that pops up a message asking you to call a support number.
Actually “asking you” is not the right term. “Trying to scare you into calling” is more accurate. They usually mention some serious problem they have detected and that your computer is running slowly and that you must call to get it fixed. (See the video above for typical examples).
If a person calls, and gives them control of their computer…. then all bets are off. They may infect the machine, they may demand a payment to “fix” problems they describe as critical issues (but which are mostly or entirely made up). They may erase or encrypt your files and demand a ransom.
At least 2 or 3 times every single week we have people drop off computers at our service center for repair after they’ve been “fixed” or infected or hacked by these scammers. Unfortunately most of the time they have already paid hundreds of $$ to the scammers.
PLEASE don’t fall for these folks – remember that we fix ANY computer problems here for $89, and even the most expensive places like Office Depot or Best Buy are still under $200 most of the time. We’ve seen customers who have paid up to $1000 for these “repairs”.
Story #4: The Return of Crypto
Since the early 2000’s computer viruses and malware have been about making money. By planting infections on your computer they can do things like sending spam from your computer or using your computer to attack other computers.
Most of the malware infections we see do these things, but the payoff is pretty low, maybe a few pennies a day for each infection. Still, well written viruses can infect hundreds of thousands of computers, so it adds up.
In 2013 though a Russian hacker named Evgeniy Bogachev changed the rules when he invented Cryptolocker, the first widespread ransomware virus which used encryption. Cryptolocker worked like this:
- Infect a PC
- Begin encrypting all the files, photos, and data on the PC. Encryption is like a combination lock – if you don’t know the combination, you’ll never be able to access your data or photos ever again.
- When encryption is complete, halt the computer and demand a ransom in untraceable funds.
The original Cryptolocker was destroyed thanks to a multinational effort lead by the US Department of Justice and Microsoft, however the creator is still freely living a luxurious life with the estimated $3 million he collected in 2013 and 2014 from his victims.
Unfortunately the idea lives on – just last week you may have seen in the news that a hospital in California had to pay $17,000 to get their patient data un-encrypted. Here in SC a school system had to pay $8500 to unlock 24 infected servers for their elementary schools.
Keeping your virus protection, malware protection, and security patches up to date can help, but it’s not enough. Many of these “ransom” infections start from an email attachment opened by someone in the organization, something that’s usually disguised as a bill or invoice or legal notice or fax – anything to get people’s attention in the hopes they’ll double-click to see what it is. Once they do, it’s hard to stop.
What Can You Do?
- Keep your software up to date
- Use good quality anti-virus and anti-malware programs, and keep them updated daily. (Even though they can’t prevent these problems, it’s still a good start).
- Change your passwords regularly, and use two-factor authentication for important accounts such as banking and email. Write down your passwords in our handy password keeper to keep them safe.
- Educate your team – make sure everyone knows not to click on any attachments they aren’t sure about.
- Backup your data! The only surefire solution to ransomware is having a safe, offline backup copy of everything that is important.
- Make sure you have a website, and make sure your hosting provider is scanning it for malware as well. (We spent 2 weeks recently cleaning infections off of a client’s website)
What Clever Techs is Doing
We have already been working aggressively to secure our clients, including changing our updated protection software last year and adding DNS filtering to most of our contract clients.
For 2016 we have already invested over $2000 in advanced security assessment tools and ransomware prevention kits. Starting next week we’ll begin scheduling network and security assessments for our small business clients (if you’d like to get your business on the list let us know).
We’ve also started a partnership with a company called Ninjio which provides weekly training videos for everyone inside a business, to educate them on what they can do to reduce the risk of cybersecurity issues within the organization. For more information about getting access to Ninjio, contact us.
Finally, if you or anyone in your organization receives an email or a phone call that you aren’t sure about – especially if it wants you to open an attachment or call “Support” – send it to support@ct-anderson.com. Even if you aren’t on a service contract with us we’re still happy to take a look at it for you free of charge and let you know if it’s legitimate or not.
