Sextortion Scammers Using Email Address Spoofing to Fool Victims


written by Brett M. Christensen February 1, 2019
www.hoax-slayer.net

Fake blackmail sextortion scams are increasingly common. Typically, sextortion scammers send out thousands or even millions of identical emails claiming that they have captured video of the recipient visiting a porn site. The scammers threaten to send the compromising video to all of the recipient’s contacts if they do not receive a “keep quiet” payment via Bitcoin. But, the scammers have not created a compromising video. Nor have they hijacked the recipient’s contact list. The whole thing is a bluff. However, the scammers know that at least a few recipients will be panicked into sending the requested money. To increase their chances of success, the scammers use a variety of dirty tricks to convince potential victims that the claims in their fake blackmail messages are true.

Email Spoofing Trick
One such trick is to make it appear that the email was sent from your OWN account thereby supposedly proving that they have indeed compromised your device as claimed.

Here’s an example from a typical scam email:

Your account has been hacked by me in the summer of this year.I understand that it is hard to believe, but here is my evidence:
– I sent you this email from your account.
– Password from account [email address removed]: [password removed] (on moment of hack).

If you look at the sender address of the email, it will display YOUR email address. So, it may seem that the sender has indeed broken into your account to send the email. But the scammer has simply forged the header of the email so that your email address appears as the sender. This is a technique known as “spoofing’ and is not difficult to do. In other words, the email did not come from your account at all. It just looks that way because of the forged email headers.

Other Dirty Tricks
As I discuss in more detail in another report, the scammers often include user passwords in their scam emails as a way of making their false claim seem more plausible. And, in another variation, the scammers include the recipient’s phone number along with the password. The scammers are extracting passwords and phone numbers from old data breaches and automatically matching them to the corresponding email address. They can then distribute vast numbers of emails that are identical except for the password and phone number that matches each email.

Don’t Respond — Just Hit “Delete”
If you receive one of these scam emails, don’t be fooled. By including real passwords and real phone numbers, and making it appear that the recipient’s account sent the message, the scammers significantly increase the likelihood that their claims will be taken seriously. More people will fall for the ruse and send their money to the criminals. But, despite these clever tricks, the emails are still just empty bluffs. To reiterate, the sender has not hacked your computer and has not created a compromising video of you.

Don’t respond. Just hit the “delete” key.

New Phishing Email – Don’t get caught

There is a new phishing email doing the rounds claiming your incoming emails are on hold and to click one of the actions listed in the email. ( see below )

There are a number of clues to prove its spam.

Firstly the from address on service@vienna.taskwunder.com – not any Office 365 admin email address I’ve ever heard of! 🙂

Secondly – hover (don’t click) the links – they link to www.nlsandton.me – again not any email provider anyone’s ever heard of.

If you get this mail – simply delete it! 🙂

Why you need a professional email address for a business

Imagine you’re looking for a plumber online. You want to find a reputable professional who you can rely on and, after scrolling through numerous websites you finally decide on the one you want to contact. It all looks perfect until you read “Email me at joesplumbing@hotmail.com

Or what if you meet somebody at a business networking meeting. You are looking to hire a PR professional, for example, and the person you are talking to ticks all the right boxes.

Then, he hands you his business card and tells you to get in touch at cassanovajohn1987@yahoo.com.

Next time you’re on the road, keep an eye out for unprofessional email addresses. You’re sure to find one!

Unprofessional email addresses ruin the credibility of a business. You wouldn’t wear a Hawaiian shirt for a meeting with your bank manager or tell the Board of Directors the suggestive nickname you earned in Ibiza.

So, with professionalism in mind, don’t let your brand make a terrible impression with an inappropriate email address.

A custom email address helps your business to be taken seriously. If you create a professional email address, you can use the same name to create a website or simply a Facebook presence.

This will have five key benefits:

Branding

The email address joe.johnson@jjplumbing.co.uk incorporates the business’s brand name; people who see your contact details can even make an educated guess about the URL of your website.

Giving out your email address becomes an indirect way of promoting a company’s web address, whereas using joesplumbers@gmail.com gives potential customers no indication of where they can find you online.

Authenticity

A professional email address creates an air of authenticity. Using plumbingspecialist147@yahoo.co.uk, on the other hand, simply does not convey trustworthiness.

Consumers look for indications that an online business is legitimate before handing over their cash or sharing a web link with their friends so, if you have a well-presented website or Facebook presence with authoritative information and an appropriate domain name, don’t let yourself down with a questionable free email address on your contact page.

Simplicity

So many people use free email services that finding a username can be difficult. This means that people often have to add a string of numbers or an extra word to their name or nickname to find an available option.

So, while clothesshop@gmail.com looks unprofessional, clothesshop1989@gmail.com is even worse!

The lack of new username options means that getting an email address with one of the popular, free email platforms now requires creative thinking and compromises.

In contrast, emails set up with your own domain can be simple and streamlined. Some options include:

  • [firstname]@domain.co.uk
  • [firstname.surname]@domain.co.uk
  • sales@domain.co.uk, support@domain.co.uk, admin@domain.co.uk etc.

Scalability

If you founded your business as a solopreneur and have grown to house a staff of ten, using custom email addresses based on your domain name is the only realistic way to manage this growth.

When you already have saira@greatdogfood.co.uk and yasmin@greatdogfood.co.uk, creating new professional email addresses when Mark and Alex join the company is no big deal.

If you use free email addresses, however, new staff or departments will cause a headache.

Creating a series of addresses like greatdogfood-saira@hotmail.com and greatdogfood-alex@yahoo.com is unwieldy and looks, frankly, ridiculous.

Ownership

If your free email address is suspended, there is very little you can do about it because the email account never truly belonged to you. Could you cope if Gmail or Hotmail cancelled your account and lost all your messages?

If, for whatever reason, your free email account is cancelled, your customers will not be able to get in touch with you and your business cards and other promotional materials will be instantly obsolete.

Avoid this catastrophe by using email addresses owned by your business and take full control of your communications.

Conclusion

Email accounts can then be easily managed on the web, using software like Thunderbird and Outlook, or on gadgets like iPhones, Android devices and Tablets.

Speak to PR PC Support & Cloud Services for the complete package :
– Custom, Personalised domain name
– Facebook Page
– Professional business email accounts

Email addresses are not something any brand should compromise on. Create a great impression and make your contact details memorable and appropriate, not embarrassing and unprofessional.

PR PC Support & Cloud Services packages

Package 1
– Domain Name (3 Years), Facebook Page, Email setup £120 one off fee
– Office 365 Business Essentials Mailboxes ( £5 per month per user)

Package 2
– Domain Name (3 Years), Facebook Page, Email setup £120 one off fee
– Office 365 Business Premium Mailboxes ( £11 per month per user)

Optional website landing page – with logo & contact details – £50

New Email Extortion Scam Bomb Threat Demands Bitcoin

 Stu Sjouwerman (https://blog.knowbe4.com/)

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

The email was reported to KnowBe4 via a number of sources, including the (free) Phish Alert Button. It appears that the Bitcoin address was different in each message, indicating a higher level of automation than normal. This is essentially a variant of the recent sextortion strains that are doing the rounds. Here is a screenshot

This campaign was carried out by the same group of spammers responsible for the recent wave of sextortion scams, two cyber-security firms said on Friday. “Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign,” said Jaeson Schultz of Cisco Talos.

This campaign is likely to be very disruptive, some organizations receiving will have no choice but to treat this as a credible threat and go into lockdown like banks and school districts. This is a developing story, more will undoubtedly follow.  Here is the text of one version of the extortion email:

My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.

My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.

I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.

Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv

You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.

This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.

I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.

If the explosive device explodes and the authorities notice this letter: We are not terrorists and dont assume any responsibility for explosions in other buildings.

I suggest you send the following to your employees. You’re welcome to copy, paste, and/or edit:

The bad guys are getting very threatening with extortion scams. They now send you an email that looks like a bomb threat and they claim there is an explosive device in the building which will detonate unless you pay bitcoin. This threat is being sent to literally millions of people, so the likelihood that it real is very small. However, we cannot take any risks and please treat this threat as follow our organization’s security policy, and do not answer or forward this email. Think Before You Click!  [OPTIONAL]  Click on the Phish Alert Button to delete it from your inbox and at the same time alert IT about this scam.

The spammers behind this campaign stopped sending bomb threats on Friday, most likely realizing that this campaign won’t yield any results, especially after the FBI, the police, and the media told everyone to ignore the threats and not pay the ransom demand.

And according to Cisco Talos, no one did. Schultz said that Talos discovered 17 Bitcoin addresses inside the bomb threat extortion emails, but none held any money. “Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed,” Schultz said. “However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers.”

Now It’s Throwing Acid…

But the spammers have not given up. Talos said that as soon as theirbomb threat campaign appeared to hit a dead end, the group switched to anotherone. “The attackers have returned to their empty threats of harming theindividual recipient,” Schultz said. “This time, they threaten tothrow acid on the victim.” A copy of an email carrying this latest threat is available below.

Cloud backup and cloud storage: what is the difference?

The cloud hype has blurred the lines between cloud storage and cloud backup. Many providers like it that way because it gives them a broader appeal in capturing potential customers. But clouding up cloud definitions confuses the market. In reality they are very different solutions for different business challenges.

What is cloud storage?

Cloud storage, like Dropbox, Google Drive, Apple’s iCloud and Microsoft’s SkyDrive, is a great way to easy share files. The main goal of cloud storage is to store files online to be accessible, and to work with, from any device anywhere. You can compare it with a cloud based USB flash drive.

However, there is no guarantee, no monitoring and reporting, no support and if a server goes down in one of their data centers, you may never see those files again. The majority of the services have a web interface for you to upload files. Therefore files can only be encrypted on the server side; making transportation less secure. They do not offer an automated process for uploading or syncing files between your computer and their service. Files have to be put over manually or placed in a shared folder to be synced. And last but not least, only files and folders can be stored, so no application data.

Cloud Storage is a great way to share documents. However, it isn’t the place to back up your business-critical applications and documents.

What is cloud backup?

Cloud backup is a cloud-based application, which provides you with the ability to automatically backup your files, applications, virtual machines or servers and store them safely for disaster recovery purposes. Cloud Backup is an insurance for your data and business continuity.

Cloud backup is typically built around a local client application that runs on a, ideally multiple times daily, automatic schedule in the background. The application collects, compresses, encrypts and transfers data to the service provider’s servers. To reduce the amount of bandwidth consumed and the time it takes to transfer files, the service provider provides incremental backups after the initial full backup.

The primary data resides in the original location where secondary stored data is safely stored to the cloud, to be used for data recovery. The cloud backup solution stores all data with a custom retention policy, so you can fix corrupted files by restoring earlier versions of a file. Professional cloud backup solutions comprise special plugins to back up data from third party applications (e.g. MS Outlook, Exchange, SQL). Clear reporting on the success of the backups, makes it easy to verify if all files are safe.

Speak to me if you are interested in setting up Cloud backup on your PC , Server or Mac

Lloyds Bank fake email “FW: Incoming BACs Documents”

Just received the email below – proporting to be from Lloyds Bank – looks genuine enough but clearly it is just another phishing email looking to grab some details off you or drop some malware or Virus on your PC. If you receive this email – delete it. Do not click on the PDF link in the email

If you have already done so – contact me and I can clean your PC for you. If you don’t have a decent anti-virus – I can help you there too as I resell BitDefender GravityZone – one of the best on the market.

Ransomware: What Is It And How Can You Prevent It?

Bill Hess at PixelPrivacy wrote this great article and made me aware so I was able to share it with you. The original article is here https://pixelprivacy.com/resources/ransomware/ check out Bills other articles – there is so really informative stuff there

Ransomware: What Is It And How Can You Prevent It?

Ransomware

Ransomware has been around for a while now and grows more prevalent with each passing year. Cases of ransomware were first seen in Russia in 2005.

2006 report from Trend Micro told of an early ransomware strain that affected Windows computers, which would search a hard drive for certain files, zipping them into a password-protected file, deleting the original files. Also created on the drive was a “ransom note” text file, telling how to make a payment to get the files restored.

In 2011, Trend Micro reported about an SMS ransomware strain that repeatedly displayed a ransomware page to users until they paid the ransom by dialing a premium SMS number.

By early 2012, ransomware began to spread outside of Russia, as the bad guys began to realize what a profitable business model it could be if performed properly. The rise of cryptocurrency in recent years has also contributed to the rise of ransomware, due to the ability to receive the demanded ransom via Bitcoin and other anonymous forms of payment.

Late 2013 saw the rise of “crypto-ransomware” that encrypted a user’s files, ensuring the need to pay a ransom even if the ransomware itself was removed from the computer. This type of ransomware demands a ransom be paid, upon which the user would receive a private key to decrypt their files.

Of course, payment of the ransom didn’t always result in the bad guys holding up their end of the deal. (Um, they’re “bad guys,” DUH!) However, most ransom payments have proven to result in the needed key to unlock files, as the scheme depends on victims believing that payment of the demanded sum will result in the freeing of their data.

In this article, we’ll take a look at how ransomware can hold your computing device and its files hostage, how you can prevent ransomware from attacking your computer, and what you can do if you find that your data is being held hostage.

What is Ransomware?

Ransomware is malicious software that encrypts or otherwise blocks access to the data stored on a user’s computer or mobile device. The victim is then told to pay a “ransom” to have the files unlocked so they can be accessed once again.

While some simple forms of ransomware can be easily decrypted by a knowledgeable user, more advanced methods of encryption make it nearly impossible to retrieve the encrypted files without the private key needed to perform the task.

Ransomware attacks are usually launched via a “trojan” application, which enters a system through a downloaded file or a security vulnerability in a network service.

While operating system and networking companies regularly release updates to fix security flaws used by such trojan apps, many users fail to install the updates, leaving their machines and networks open to attack.

Once downloaded to your computer, the program then runs, locking the system, encrypting data or, in some cases, even making threats that appear to come from a law enforcement agency. (One user turned himself in after a malware app threatened to call the authorities about child pornography on his hard drive. He actually had child porn on the drive.)

No matter the type of ransomware, the goal of the evil payload is almost always to extort a payment of some sort from the victim. The amount of money demanded from individuals can be a substantial amount, but not financially crippling for the individual.

Tom’s Guide notes amounts have been reported to be in the range of $300 to $700 for victims in the United States, although amounts can vary according to the victim’s location.

Protecting Your Computer From Ransomware

There are several ways to protect yourself from ransomware, and we’ll take a look at each one in this section.

We’ll look at how “smart computing,” keeping your computer and other connected devices updated, and running anti-virus and anti-malware apps can help you keep your system running clean and green, keeping your personal or business data from possibly being lost forever.

1 Practice Smart Computing

Always practice smart computing.

When I say that, I mean that you should always think twice about opening emails or email attachments from unknown parties. Never click a link found in an email, even if it appears to be from someone you know.

When browsing the web, use common sense and stay out of the darker corners of the web. (Like my doctor, Vinnie Boombotz says, “If you break your arm in three places, stay out of those places!”) Sure, the lure of free movies and music can be enticing, but think before you click.

Never install an application on your computer or mobile device unless you’re absolutely certain of the source of the app. If possible, restrict app downloads to those from known sources, such as the Windows Store, the Mac App Store, the iOS App Store and Google Play.

Mac and Windows owners may find this rule a bit tougher to follow, due to the plethora of app sources available on the web, but at the very least, be sure of the websites you’re downloading from.

Always make sure you show file extensions on your computer. This will help you identify the types of files you’re viewing. Be wary of clicking files you’re not sure of, especially if they show file extensions like “.app,” “.exe,” “.vbs” or “.scr.”

2 Keep Your Computer or Mobile Device Updated

One of the most important things you can do to protect your computer or mobile device from threats like ransomware is to keep it updated, regularly installing the latest updates. The best way to do so is to turn on automatic updates, so your device will keep itself updated and patched against the latest threats.

Luckily, Microsoft, Apple and Google usually react quickly when security flaws are exposed, often releasing a fix for the security holes within days. Android users can still be exposed, however, due to the various devices that run the mobile operating system, and the need for individual device makers to release updates for those many, many devices.

Windows 10

Windows 10 is easy to keep updated. Simply go to “Update & Security” in the “Settings” menu and make sure updates are set to install automatically. You can also manually install any available updates while you’re in this area.

Windows 10 Update Status

macOS

macOS is also easy to keep updated. On your Mac computer running macOS High Sierra or any recent version of the macOS operating system, do the following:

  1. Click the Apple icon you’ll find on the upper left-hand corner of your Mac’s Desktop.
  1. Click “System Preferences.”
  1. Click the “App Store” icon.
  1. On the App Store screen, make sure the “Automatically check for updates” and the “Install system data files and security updates” boxes are checked.
macOS App Store Updates

Your Mac will then notify you when an update is available. You can then load the Mac App Store app, click the “Update” tab and click the “Update” button for the macOS update. The app will download and install. Your Mac may reboot a few times during the installation, and it may take awhile.

You can also manually check for a macOS update by loading the Mac App Store app and clicking the “Update” tab, where your Mac will automatically check for any available updates.

macOS Updates

Android

Before updating your Android device, make sure it is fully charged and connected to a charger. These updates can take a while, so power is important.

You’ll also want to be connected to the internet via a Wi-Fi connection. Otherwise, you’ll be eating up some of the data on your cellular plan, and a Wi-Fi connection is usually faster.

In addition, before updating your device, make sure you have a recent backup. (Backups are also handy to have if you need to restore your device in case of a ransomware attack. I’ll talk more about that in the next section.)

On your Android device, tap the “Settings” icon. In the Settings menu, look for and tap “About phone,” or the equivalent for your device and version of Android. (These can differ, as manufacturers are allowed to customize and modify the menus on the devices they sell.)

Android Settings

In the “About phone” menu, tap on the “Software Updates” or equivalent menu option.

Android Phone Status System Updates

You’ll see the Software Update screen, which will either tell you that your device is up to date, as seen here, or that there is an update available. If an update is available, tap the “Install Now” button to download and install the update.

Android Check for Update

iOS

When an iOS update is ready, your iPhone, iPad or iPod touch will notify you. When you see the prompt, simply tap the “Install Now” button in the notification.

You can also manually check for and install an update by plugging your device into its charger, making sure you’re connected to the internet via Wi-Fi and doing the following:

  1. Tap the “Settings” icon on your device’s Home screen to enter the Settings app.
  1. Tap “General” in the Settings menu.
iOS Settings General

3. Tap “Software Update” in the General menu.

iOS Settings Software Updates

4. Your device will check for an available Software Update.

iOS Software Update Checking for Update

5. If an update is available, tap “Download and Install.”

iOS Software Update Download and Install

6. Depending on how much free space you have remaining on your device, you may be asked if it’s okay to temporarily remove apps to make space for the update files. Tap “Continue.” iOS will reinstall any apps it removed once the update has been completed.

7. To update iOS now, tap the “Install” button. If asked, enter your passcode. The update will begin, your device will reboot and prompt you for your passcode once the update has finished.

3 ​Backup, Backup, Backup!

I can’t stress strongly enough the importance of backing up your computer or mobile device on a regular basis. Always, make use of a backup solution that will back up your data on a scheduled basis to an external drive.

Time Machine, which is built into macOS, is a great solution for Mac users, while Windows 10 users can take advantage of the built-in Backup and Restore app. Carbon Copy Cloner is a popular option for Mac users who want to make an image of their drive.

macOS Time Machine Back Up

Also, while a local backup is a great idea, a cloud backup is also an option you should strongly consider, which, in addition to offering a way to restore data in case of a ransomware infection, also provides a way to recover your data in case of a fire or other disaster that might destroy your local backup.

macOS Back Up

For mobile devices, users can make use of cloud backup services like iCloud for iOS, or Carbonite and Backblaze for both iOS and Android devices.

iOS iCloud Back Up

iOS users can also back their devices up to their Mac or Windows computer by connecting their device to their computer via a Lightning cable and using iTunes. Similar device-to-computer solutions are available for Android users.

​4 Use Antivirus and Anti-Malware Apps

Never, EVER connect to the internet on your computer or mobile device without running some type of antivirus and anti-malware software.

In this section, we’ll take a look at the options available to protect your Windows, Mac, iOS and Android devices from threats.

It should be noted upfront that while there are plenty of antivirus and malware scanning apps available for Windows, macOS and Android, there are much fewer available for the iOS platform.

This is due to how Apple keeps the iOS operating system locked down as a closed system, only allowing installation of apps via the Cupertino firm’s App Store. Many of the malware threats to the iOS platformhave been limited to “jailbroken” devices.

Windows Defender (Windows 10 Only)

When you install and run Windows 10 for the first time, Windows Defender is automatically enabled, offering you basic protection from online threats such as viruses and malware.

The app offers real-time protection against viruses, malware and other threats. It also offers the ability to scan your computer’s hard drive for threats.

Windows Defender Windows 10

Many users are pro-Defender since it’s included as a part of Windows, it automatically protects a new Windows installation and it’s relatively easy to use.

However, other users argue that Defender is not a viable way to protect a computer, as its features are limited compared to other antivirus packages, and it’s an attractive target for hackers due to its wide use (much like Windows itself became an attractive target due to its popularity.)

If you’re looking for simple, easy-to-use protection for your computer, Defender may prove to be enough for your needs. In April 2017, independent IT-security institute AV-Test found that Windows Defender caught 99.9% of “widespread and prevalent” malware, and 98.8% of zero-day attacks.

However, you should be advised that there are better options available. I’ll share some of my favorites below.

For more information, visit the Microsoft website.

BitDefender (Mac, Windows, iOS, Android)

BitDefender for Mac and Windows is a reliable security application, offering protection against malicious websites, a built-in password manager and even a secure browser for use when you want to protect online financial transactions and other security-sensitive online activities.

BitDefender (Mac, Windows, iOS, Android)

In addition to real-time virus and malware protection, as well as scanning capabilities, the app provides an anti-phishing module that will warn you when there are malicious links in your search results and even block access to dangerous websites.

Bitdefender on the iPhone and iPad offers only limited functionality, allowing you to check to see if any of your email accounts have been leaked, and an anti-theft module that allows you to locate, lock or wipe a lost or stolen device, which is already possible via iCloud.

In my humble opinion, the app isn’t worth the download, though you may feel differently.

Bitdefender for Android offers much more protection than the iOS app does. The app offers malware scanning, e-mail account security, the ability to lock your apps with a PIN, real-time protection for Chrome and default Android browsers, the ability to track, lock, and wipe your lost or stolen device, and more.

This version is a pay-for-play app, but it offers a 14-day free trial, so you can try it out without putting any money on the table.

For more information, visit the Bitdefender website.

Avast Antivirus (Windows, macOS, Android)

Avast Antivirus is free antivirus protection for Windows and macOS machines. The free version provides protection against viruses and malware using both real-time and hard drive scanning methods.

It scans your Wi-Fi network for security issues and intruders, and also stores your passwords for use on websites.

Avast Antivirus (Windows, macOS, Android)

Avast offers paid solutions as well, which adds features such as anti-phishing protection, spam email blocking, a firewall, webcam spying blocking, file shredding and more.

Avast Antivirus 2018 is available for Android devices. The ad-supported app (the ads can be removed with an in-app purchase) scans Android devices for malware and protects users from phishing attacks sent through email, phone calls, websites and SMS messages. The app also provides a PIN-protected photo vault, anti-theft features and more.

For more information, visit the Avast website.

Malwarebytes Anti-Malware (Windows, macOS, Android)

No matter which antivirus solution you select for your Windows, Mac or Android device, I strongly suggest you also install the Malwarebytes malware scanner.

Malwarebytes is designed for one thing, and one thing only: detecting malware that might be hiding on your device.

Malwarebytes Anti-Malware (Windows, macOS, Android)

The free version of Malwarebytes for Mac and Windows scans your computer’s hard drive for malware threats (and does it quite quickly). Most of the scans I perform on my Mac run for around 3 minutes or so.

If any malware is detected, the malware files are “quarantined” in a special directory created by Malwarebytes. Users can then view which files were quarantined and even delete the quarantined files with the click of a button.

Malwarebytes Anti-Malware (Windows, macOS, Android) Quarantine

The premium version also offers real-time protection against threats. If you’re budget-challenged, the free version will likely provide sufficient protection – just be sure to run the scan periodically.

A free trial period provides all of the premium features for 14 days.

Malwarebytes for Android checks for ransomware, malware and junk files, and also scans for malicious code. It scans for malicious links in emails, texts, websites, Facebook and WhatsApp. In addition, it detects apps that may be tracking your location, attempting to monitor your calls or charge you hidden fees.

The free version of this app does a great job of scanning your Android smartphone or tablet, and does it quickly, meaning you might be more apt to run the app for a scan from time to time.

For more information, visit the Malwarebytes website.

CRAP! I’ve Been Hit by Ransomware! Now What?

Your computer has been hit with ransomware, and now you’re faced with paying the ransom and hoping like hell that the bad guys will give you the key to unlock your precious data.

Don’t do that – only pay as a last resort. There is a good possibility you can recover your data without paying up.

1 Scareware (Windows and Mac)

Some ransomware is relatively easy to remove. “Scareware” browser screens that claim you have child porn on your hard drive and that your computer is locked are never true. (If you’re actually suspected of being in possession of child porn, the FBI will come knocking on your door, search warrant in hand, bright and early some morning. Just ask Jared from Subway.)

If you’re faced with this type of ransomware, you can usually shut it down by using force-quit on a Mac, or the Windows Task Manager on a Windows machine, to close the browser.

Then you’ll need to run an antivirus and/or malware detection application to remove the files causing the issue. That should clear this pesky critter from your machine.

2 ​Ransomware (Windows)

If your Windows machine is hit by real ransomware and you’re unable to access your data, or even unable to boot your computer to the Windows Desktop, try to do a System Restore to roll your system files to a point before they were infected.

Note: System Restore must have been enabled beforehand, but the good news is that Windows enables it by default, so unless you’ve changed the settings, you’re good to go.

To perform a System Restore in Windows 10, do the following:

  1. If your computer can boot to the Windows login screen, hold down your Shift key on your keyboard, click the power icon and select “Restart.”
  1. Your PC should then reboot to the recovery screen.
  1. Click “Troubleshoot.”
  1. Click “Advanced Options.”
  1. Click “System Restore.”
  1. Wait for the process to complete.

If you can’t access the recovery screens, you can use the USB stick or DVD you installed Windows from to boot the PC to access the recovery tools. You’ll need to click the “Repair Your Computer” option if you have to go this route.

If running System Restore doesn’t do the trick, try running a virus scanner from a bootable disc or USB stick. Bitdefender, Avast and many other antivirus software companies offer scanners that can be used in this manner.

I highly recommend creating a rescue disc or USB stick with apps that can help you in situations like this. Note to self: Write an article telling you how to create a rescue disc/stick.

This is the bad news part of this section: if you have no luck trying any of the above, you will likely need to perform a full restore from a backup or perform a clean reinstallation of Windows.

But, the good news is that you have a good backup of your hard drive, containing all your files, right? Right? Be sure to scan the backup for malware before restoring. No sense in starting this whole thing all over again. (If you need a refresher on backing up your computer, I suggest that back up a bit to the Backup section of this article. BEEP! BEEP! BEEP!)

If you get “lucky” enough to be infected by malware, and it didn’t appear to have encrypted your data, but it still looks like you’re missing some files, the malware may have just hidden them.

Try the following:

  1. Open a File Explorer window.
  1. Click the “View” tab in the top pane.
  1. Click the “Hidden items” checkbox to select it. (A check will appear, showing that it is enabled.)

If your lost data shows up after opting to show your hidden files, you’re golden. Just navigate to “C:\Users\”, open the folder for your username and right-click each hidden folder. Open “Properties” and uncheck the “Hidden” box. Your data should once again be accessible.

3 Ransomware (Mac)

The Mac has had relatively few malware attacks compared to the Windows platform. However, as the platform has become more popular in recent years, it has become more popular with hackers looking for a quick ransomware hit.

In February 2017, the Findzip ransomware was discovered. Only a relatively few Mac systems were hit by the ransomware.

The bad news was, even if you did pay the demanded ransom to the parties behind Findzip, they couldn’t give you the key to decrypting your data. Other than a rather involved method of recovery procedure, the only way to get your data back was to restore from a (hopefully) unaffected backup.

Your best bet for recovery from a ransomware attack on your Mac is to have a recent backup of your hard drive, which can be used to restore your files after the ransomware is cleaned, either using an antivirus and/or anti-malware app, or via a reinstallation of the macOS operating system.

What Have We Learned?

Ransomware can infect your computer, encrypt your files and prevent you from accessing your data, forcing you to either pay the price in hard currency or lose the time you’ll spend restoring your system to its former glory.

1 Practice Safe Computing

Always think twice before downloading files from questionable websites, opening attachments in emails or downloading that pirated movie, album or game. Only install apps from known-safe sources, such as the Windows Store or the Mac App Store.

2 Backup, Backup, Backup

Always have a recent hard drive backup handy, just in case you are hit by ransomware. In addition to a local backup on an external hard drive or USB stick, also back your files up to the cloud. Offsite backups like cloud backups offer another layer of protection.

3 Keep Your Computer or Mobile Device Updated

Always keep your devices’ operating systems updated. Either set your computer to automatically update or periodically check for updates.

Both Microsoft and Apple regularly provide updates for Windows 10 and macOS, respectively. Updates usually only take a few minutes and pay dividends by providing patches for recently discovered security holes used by ransomware developers.

4 Use Antivirus and Anti-Malware Apps

Install antivirus and anti-malware apps on your device. Also be sure to keep the app and its definitions updated to provide the latest in protection for your system.

5 Don’t Panic

If your computer or mobile device is hit with malware, don’t panic. Follow the steps I’ve laid out in the paragraphs above, and you’ll have a good chance of recovering your stricken data.

Now, go forth and sin no more! Or, at least use protection.

 

Look out for Office 365 Phishing email

I received this email this morning (below) which looks genuine enough at the first glance – however – hover over the ‘rectify issue’ button and you get taken off to some bizarre phishing site were you to click the link – be aware and don’t fall for these emails – if in doubt ask somebody in the know or simply hover over the button to display the destination ( this one went to http://fatebegins.com/localization/customize/index.php – clearly not a Microsoft site!

Document Management from Storetec coming soon

Another great product coming to our cloud based product catalogue – StoreTec Document Management. Achieve an all-digital workplace with Document Management from Storetec. Easily upload paper documents into the Cloud, such as confidential and sensitive invoices or documents, and store them securely online with access to them 24/7, from any location.

The Paper Trail

It’s highly likely that you still have bits of paper in desk drawers, in folders and filed away in cabinets. And most of those documents are likely to include sensitive information about current or former employees, clients and past invoices that need to be kept for auditing purposes. We know you have a paper trail. Every business does. But what if you could digitise that paper trail and even locate those documents easily with OCR capabilities – a quick search and find feature?

Introducing Document Management

Document Management is just that. Everything is stored within the ultra-secure hosting platform and all your documents are accessible in mere minutes. Since the average office worker spends 2.5 hours each week looking for misplaced, misfiled or lost paperwork, using Document Management means you can save 10 hours per month on average without experiencing any hassle.

It’s a real space saver

Paper documents take up approximately 18% of modern office space – that’s a huge chunk of space that could be better spent elsewhere in your business. With Document Management, you can purchase up to 50,000 DSUs (Document Storage Units / Pages) for unlimited users. Plus, it’s competitively priced too.

Full encryption at your fingertips

With GDPR around the corner, your business doesn’t have to worry when it comes to their document storage, while security is a major factor too. Document Management keeps your files stored securely in a UK-based Tier-4 Data Centre with layers of hack-proof encryption, so your data is always safe in the Cloud.

No software to install

Document Management is available directly from a cloud hosting platform, so that means there’s no software to install.

If you need more info, or would like to register interest , let me know.

Exclaimer email signatures available soon from PR PC Support

PR PC Support will soon be adding Exclaimer email signatures for Office 365 to our product catalogue

As a multi award-winning company, Exclaimer are widely recognised for their innovative email signature software. In 2016, they won the MSExchange.org Reader’s Choice Award and were also Windowsnetworking.com’s First Runner Up. Backed by industry experts and chosen by 50 million users across the globe, Exclaimer is first-class software that is based entirely on the web.

Pain Points

If you’ve ever created an email signature from scratch , you’ll know just how time consuming it can be. With Office 365 and Exchange Online, it can be just as tricky to create signatures as there’s no real way to test their designs with a preview function or embed HTML images for upselling and cross-selling. Other pain points might include:

  • Creation of numerous transport rules for departmental signatures
  • Copy/paste HTML signature designs
  • No signatures available for mobiles and macs
  • Blank spaces in contact details
  • Not able to place signatures under replies or have reply signatures
  • Lack of consistency when getting employees to use on-brand templates

Exclaimer makes creating signatures easy

With a drag-and-drop editor, Exclaimer can be used by those at any skill level and applied to an Office 365 mailbox with ease. There’s no need to be an IT whizz or a design pro as there are pre-designed templates available to use. For marketing departments, Exclaimer enables customers to easily upload their own custom fonts, icons and images for consistent branding, while professional company photographs can be added into individual signatures too. With such a simple user setup that can be completed online in minutes, you can be ready to design email signatures straight away

Compliant, trusted and consistent software

As the world’s number one leader in email signature management solutions, Exclaimer’s smart and intuitive design is also compliant with email disclaimer law. It works by passing mail from your customer’s Office 365 mailbox through to Exclaimer’s Azure servers using Office 365 connectors. Then regional, load-balanced Azure servers add signatures to all emails sent from any device – be it desktop PC, laptop, tablet, mobile and mac. With new data protection laws closing in, it’s vital that any software you purchase is legally compliant.

Further info will be posted when Exclaimer email sigantures are available.