Tag Archives: CryptoLocker

ALERT! Order Confirmation Scam ALERT!

ID-100297156

Courtesy of Stuart Miles

Order confirmations scams are exploding all over the Internet this holiday season. Ask anybody that works for UPS, FedEx or the USPS and they will tell you this time of year is the busiest there is for them. And for many people this time of year is when you send or receive the most packages. And that is the sweet spot for this holiday scam.

Scammers are sending out phony order and delivery confirmation emails by the millions to people everyday. Many people, knowing they have sent or are expecting a package, do something they would not normally do. They let their guard down and click on that link or the attachment. They may never discover, or find out too late, that they have given up control of their computer or their identities. The links or attachments install malware on the victim’s computer capable of stealing passwords for email or banking websites. Or the malware turns their computer into a zombie on somebody’s bot net. If you are really unlucky you could end up with a CryptoLocker malware.

Seasonal scams like this one return year after year because the method of tricking you is so successful. Crooks are catching people off-guard during the holidays because so many packages are being sent and received. And they use exact email replicas of delivery services and reliable shopping websites like Amazon.com, Wal-Mart.com and Target.com. People are so intensely focused on making sure their orders arrive before Christmas that they forget the Cardinal rule of the Internet; trust no one. Most confirmation emails do not require you to click on anything to get the tracking number. It is right there in the email where you can see it.

Malcovery, a company that tracks email-based malware attacks, reported these phony “order confirmation” scams began around Thanksgiving. The emails use booby-trapped links and attached files to infect Windows PCs with the malware that powers the Asprox spam botnet. Apple computers seem unaffected.

The Asprox malware is a Trojan that steals email user names and other passwords from infected machines.  This type of malware runs in the background and you may not be aware of what your computer is doing. It also can infect your friends computer and perpetuate even more Asprox malware attacks. If you are infected Asprox can also use your computer to attack other websites.

Malcovery.com points out that the Asprox spam uses some tricky subject lines such as “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”

Be alert to these tricks. Should you receive an email from an online or brick and mortar store you do business with and it has a legitimate looking logo and it references an order, DO NOT CLICK ON THE LINK OR ATTACHMENT! Instead, open up another web browser window and visit the merchant site using the web address you are familar with.  Sign in with your own user name and password and check the status of your order. All that information should be there including order issues, your order number, tracking number and expected date of delivery date and who is delivering the package and other information specific to your transaction.  Remember trust no one! Use your own information to research your order. If there is a problem you will discover it.  And remind all your friends and relatives of this scam. Remember; friends don’t let friends play the fool online!

Here are few more tips to spot and fight order confirmation scams;

  • Print a copy of your order confirmation. Highlight all the relevant information and compare it to any email you get.
  • The scam email may be fairly generic not using your name or any information that is familiar to you.  Examine it carefully.
  • Hover you cursor over any links and examine the web address that appears. Make sure it is taking you where you want to go. BE CAREFUL NOT TO CLICK ON THE LINK!
  • Examine any attachment and look for “.exe”, or a double extension like “exe.pdf.” That could be a dangerous crypto malware.
  • Don’t trust any email just because it has a familiar logo or trademark.
  • Keep good records! What to did you buy and from whom? Who did you send it to? Call the person and let them know its coming, the tracking number and who is delivering it. And ask them to let you know what to expect with the same details.
  • Never click on links or attachments. Use your own information to research a problem with your order.
  • Never pay for delivery of something you did not order or were not expecting.
  • Never give personal information over the phone to someone who calls claming to have some thing to deliver to you.
  • Its the Internet; trust no one.

Now you know

See FedEx Fraudulent Email Alert

See UPS Fraudulent Email Alert

 

CryptoLocker Threatens the Holiday Season

cryptolocker-2.0Ransomware is not hard to understand. Its simply software, or malware, that takes control of your computer, encrypts all your files and threatens to destroy them unless you pay a ransom. Right now CryptoLocker is terrorizing people all over the world and destroying the joy of the holiday season.

CryptoLocker is probably the nastiest and most infuriating malware to ever cruise the information super highway. It’s primary target are users of Windows computers and devices running Windows 7, 8, Vista and XP operating systems. Most African-Americans use Windows computers. Apple users you are safe…for now. This particular malware has taken over even police computers not once but several times. The last thing you need this holiday season is the joy of paying hundreds of dollars for a computer you already own.

What makes this malware particularly nasty is that it gives you 96 hours to pay up. And some variations of the malware actually have a timer displaying the countdown until your files are destroyed. This adds significantly to your anger and frustration To get your files back you can be charged anywhere from $300-$800. Tracing the pay off ransom is next to impossible since it must be paid using Bitcoin or some other digital currency. The large ransoms combined with deadline make this malware far more aggressive than other malware. Another ugly fact is that it’s spreading faster than any other malware currently known.

The holiday season is one reason that the malware is spreading so fast. According to the US Computer Emergency Readiness Team, it appears in email in boxes appearing to be a tracking notification from UPS, FedEx or USPS.

Corey Nachreiner, Director of Security Strategy at Watchguard Security says, “This lure is far more common for the holiday shopping season,” he said. “As people are doing more shopping online, they’ll be more likely not to suspect emails about packages. My guess is we’ll also see CryptoLocker mimicking emails from Amazon and other shopping sites, too.” During the holiday season African-Americans send and receive packages by the millions. So a notice from a delivery service would not draw a lot of attention. That’s why this malware is so dangerous. But fortunately you have to do more than just open the email. You have to actually click on the attachment or link to download the malware.

There are a few ways to stop the spread and keep yourself safe.

  • Keep your anti-virus software up to date and scan emails and attachments before you open them.
  • Keep track of packages you are expecting and their tracking numbers. Tracking numbers sent in an email do not normally require you to download anything.
  • Examine the mail for double extension files. They have .pdf.exe extensions. If you see this at the end of an attachment or web address use extreme caution.
  • Make sure you have your files backed up on a separate drive or storage device.

If you do get this malware and you are backed up then its becomes a lot easier to clean up your system. According to Nachreiner, just about every anti-virus vendor has a CryptoLocker cleanup tool. A victim can use their regular anti-virus software or Nachreiner suggests the tutorial at FAQ at Bleeping Computer, which he links in his own blog post. You can also find some free tools from a few good Samaritans. These good guys have developed tools to stop CryptoLocker before it starts. One is called CryptoPrevent, and it prevents your computer from downloading double-extension files.

You can get more information about fighting CryptoLocker and eradicating it from your computer at these sites;

Answer.Microsoft.com

CryptoLocker: How to Avoid Getting Infected and What To Do If  You Are

New Site Recovers Files Locked by Cryptolocker Ransomware

Now you know.