Welcome to Simcom.ca - Simcoe Computes! Home on the Internet
This article was received from Microsoft September 12, 2023 and I believe it worth distributing. It's a long article but I believe is well worth giving it a full read. It talks about some of the most common attacks and scams that we see and provides information on things you can do to protect yourself.
Gone phishing
One of the most common attacks we see are what we call “phishing” attacks
(pronounced like fishing). This is when an attacker contacts you pretending
to be somebody you know or an organization you trust and tries to get you to
give them personal information or open a malicious website or file.
The message or call will appear to come from a person or organization you trust. Could be your bank, the government, a service like Netflix or Spotify, a tech company like Microsoft, Amazon, or Apple, or some other service you recognize. The truly daring scammers may try to impersonate your boss or a family member.
An urgent request
The messages usually have a sense of urgency to them. Something is going to
be canceled, you’re going to have to pay some kind of penalty, or you’re
going to miss out on some kind of special deal, and you have to act NOW.
The urgency is to get you to take the message seriously and also to get you
to act on the message without thinking about it too much, consulting a
trusted advisor, or looking into whether the message might be a fake.
A link or attachment
The message will include something you need to click on – a link to a
website, or an attached file most commonly. The website will likely be a
fake version of a legitimate website, designed to fool you into entering
your username and password, or other personal information, so they can steal
that information to use themselves. Any attached file is almost certainly
malware.
What can you do about phishing?
1.
Look carefully at any messages you get that want you to take urgent action.
Pay particular attention to the email address of the sender. If the message
claims to be from your bank but the sender’s address is not your bank’s
domain name that should be a loud warning.
If you get a link that appears to be from your bank or other trusted
organization, open a new tab in your web browser and go directly to the
organization’s website from your own saved favorite, from a web search, or
by typing in the organization’s domain name yourself. A link from a phishing
email will take you to a site that looks very genuine but is designed to
trick you into entering your personal information. If you
get an attachment you weren't expecting, don't open it. Instead reach
out to the sender, preferably via a different method like text message or
phone call and confirm that the attachment is genuine before you open it.
Malware
Malware is malicious software and is sometimes referred to as a "virus". It
can be designed to do many different things including stealing your personal
data, identity theft, using your device to quietly attack other machines,
using your computer’s resources to mine cryptocurrency, or any number of
other malicious tasks.
There are a few ways your machine can get infected with malware, but the
most common ways are by opening a malicious file attachment or downloading
and opening a file from an unsafe website.
You can also get infected with malware by opening a file or installing an
app that appears to be useful but is actually malicious. That sort of attack
is referred to as a “Trojan Horse”. One version of this that attackers are
using is to disguise the malware as a browser update. If you get an unusual
notice that your browser needs to be updated, close the suspicious update
message, and go to the settings menu for your browser. Look for a Help > About page;
on all major browsers going to that page will cause the browser to check for
legitimate updates.
One type of malware that is common today is called “Ransomware.” This is a
particular kind of malware that encrypts your files then demands you pay the
attackers to unlock the files so that you can access them. Increasingly
ransomware also tries to steal your data so that the attackers can also
threaten to release your files publicly if you don’t pay them the ransom.
If you get infected with ransomware, the
FBI recommends that you do not pay the ransom. There's no
guarantee that even if you pay the ransom that you'll get your data back,
and by paying the ransom you may make yourself a target for additional
ransomware attacks in the future.
What can you do about malware?
1.
Be careful. Don’t open attachments or links you weren’t expecting. Be
extremely thoughtful about what apps you choose to install and only install
reputable apps from reputable providers. Be especially careful about
downloading files or applications from torrent or file sharing sites.
2.
Be current. Make sure that your operating system and applications are
updated with the latest patches and fixes. On PCs, Windows
Update can help.
3.
Be defended. Have an active, current, antimalware program running on your
computer. Windows 10 includes Microsoft Defender Antivirus and it’s turned
on by default. There are also a number of 3rd party antivirus applications
you can choose from.
Another attack that we see often is the technical support scam. In this
attack the scammer contacts you and tries to convince you that there is
something wrong with your computer and that you should let them “fix” it for
you.
The two most common ways they contact you are via fake error messages on
your computer, or by calling you on the phone.
The fake error messages are usually generated by a malicious or compromised
website. You’re just using your web browser, perhaps you click on a link in
a web search or on social media, and suddenly your screen fills with scary
looking messages telling you that your machine has a problem or a virus and
that you need to call the provided phone number right away. These pop-ups
may appear to block access to your machine so that you can’t close them and
may even use alarming sounds or recorded voices to make them seem even
scarier.
Tip: Sound
familiar? Urgent messages, threatening bad things, if you don’t act right
now? This is a recurring theme with attacks and scams.
The phone calls usually take the form of a “tech support agent” calling you
and pretending to be from a trusted company like Microsoft or Amazon. These
scammers are professionals and will often sound quite convincing.
Regardless of whether you call them from a pop-up or other error message, or
they call you posing as a tech support agent, the story is always the same.
They tell you that they’ve spotted something wrong with your machine or your
account and they want you to let them fix it.
There are a few things that typically happen at that point:
§
They’ll want you to let them access your computer remotely so they can "fix"
it. While they pretend to fix your computer, they’ll actually be stealing
your information or installing malware.
§§ They may ask you for personal information so they can help “fix” your account. This information will probably include things like your name, address, username, passwords, social security number, birthday, and just about any other kind of personal or financial data they think they can trick you into revealing.
They will often try to charge you a small fee for their services to “fix” the non-existent problem. If you give them your credit card information, they may pretend the card didn’t go through and ask if you have a different card. They do that to see if they can get you to give them multiple credit cards.
What can you do about tech support scams?
Warning signs of tech scams
Urgent
pop-ups warning
you that your computer has a serious problem, telling you not to turn it
off, and giving a phone number to call. Real Microsoft error messages do not
include phone numbers to call for support.
DO Restart
your device immediately. DON’T Call the number or click any links.
Unsolicited
phone calls or messages warning you they’ve spotted a critical problem
with your computer or account that they need to fix.
DO Delete
the suspicious messages. If it’s a call, ask for their full name and hang
up. If you’re going to call back, use the phone number on their official
website, on the back of your membership card, or on a recent statement.
DON’T Click
any links or call any numbers in the message. DON’T Give the caller
remote access to your computer or any personal information like passwords or
account numbers.