CART0669,CART0470

“Get a Personal Trainer for Your Computer!”©

Coach Web Graphic

 

 

YOU’VE GOT QUESTIONS... WE’VE GOT ANSWERS!

SEE OUR COMPUTER GLOSSARY!!

CHECK OUT THE NEWS PAGE, newsTOO

FOR LATEST DEVELOPMENTS

CLOSELY RELATED: HOAXES ARE A SECURITY THREAT!

[See the information in the SECURITY page of this site.  Also closely related:  See the SCAM page of this site.]

 7/10/16:  As I discussed in the General Rules for spotting hoaxes, below, always look for a hoax centered on the next new thing.  And here we go:  Pokemon Go, introduced on 7/6/16, already as hoaxers setting up fake hot sport to rob users of their devices and other items.  On July 10, four teenagers allegedly used digital “lures” to trick players to visit remote Pokestops, then rob them at gunpoint.  It just never stops, just like the Windows 10 Upgrade hoaxes earlier this year.

 11/26/15:  We shouldn’t have to mention this, but holiday season is a prime time for scammers.  Beware deals that appear too good to be true, phishing e-mails purporting to contain delivery for items unspecified or unordered items, phony on-line stores and gift cards from dubious sources. And charities that have similar names to real charities soliciting your money.  Look for return e-mail and text messages not from a legitimate source, also read the endless disclaimers that you would usually ignore.  Do your homework before ordering online.  Don’t fall for the fake e-mails from Amazon or others claiming a breach of their system and asking you to put in your original and/or a new password to update their system, it’s not them.  And this year be particularly careful about buying those internet connected toys for your kids that require their personal information and even photo to connect to pads, phones and social media.  Several states have launched investigations into V-Tech, a Hong Kong toy manufacturer which has been breached this season, revealing childrens’ personal information over the Internet.  The SQL injection hack of some 5 million users was done through the Learning Lodge app store, where parents can download apps, games and e-books for various V-Tech toys (like the Mobigo).  Click HERE for the story.

 11/1/13:  Click HERE for more information about the CryptoLocker virus/scam.

 4/30/13:  Check your Firefox browser, it may not be what you think, although it probably is legitimate.  Today Mozilla sent a cease-and-desist letter to FinSpy to stop spoofing Mozilla by creating a piece of spyware masquerading as the Firefox browser, complete with Mozilla’s trademark and code.   Nevertheless, if Firefox starts acting hinky, download it again from Mozilla directly.

 Recently (April, 2011), a ransomware hoax has been appearing after victims unknowingly download and install a Trojan which displays a message on their PC that says “This copy of Windows is locked.  You may be a victim of fraud or there may be an internal error.”  Just like the real Microsoft message, you are prompted to reactivate your copy of Windows, which is always denied, then given six telephone numbers to call for customer assistance, assured that they will be free calls.  But they’re anything but, as the pretend Microsoft representatives direct the call to an automated call center where you are kept on hold for several minutes, racking up high long distance calls in a practice known as “short stopping (billing a call at a rate much higher than is reasonable).  How to fix this?  Try using the current unlock code 1351236 (source:computerworld.com) or go to a previous Windows restore point or image backup if you have one.

 Beware the Reveton FBI ransomware scam.  This is actually aFBI RANSOMWARE SCAM computer virus that is installed when a user visits a compromised website that causes the computer to lock up and display a warning that the FBI or Department of Justice has identified the computer as being involved in  criminal activity, then demanding that the user pay a “fine” by using a prepaid money card which will then (Ha!) unlock the computer, otherwise you will be threatened with criminal prosecution.  It’s very convincing:  The FBI seal, if not viewed carefully, looks quite real.  If you have an active webcam, the screen may even show a photo of you at your computer, as if you were caught in the act!   Unfortunately, this virus has morphed into six versions (FBI Moneypak, FBI Green Dot Moneypak, FBI Virus Blackscreen, FBI Online Agent and FBI Cybercrime Division), each of which has become more difficult to remove.  At this point, you probably can’t remove the virus without professional help, but you can always try if you can actually initiate anti-virus software. 

 If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid downloading a nasty Trojan Horse virus.  It’s a scam.  Of course, you should know this by now, since Microsoft never sends e-mails with download links embedded in them.  Nor does Microsoft make unsolicited telephone calls to computer users, or collect any personally identifiable information.  Never!  If you receive a call from someone who purports to be from Microsoft (or an independent working for Microsoft) telling you that they’re monitoring of your computer shows that it is infected, hang up!  Sometimes, they’ll tell you that the “.inf” files on your computer mean that they’re “infections”!  Ridiculous!  They’re “information” files that contain plain text information that Windows uses when installing a software driver, like your printer!

 According to MX Logic, a company specializing in messaging security, the most prevalent spam tactics being employed at this time are the tried-and-true bogus e-card platform, much of which was pitched around  holiday related themes   Fake overnight shipping bills, which included malware-infecting links were also popular.  Also, the traffic camera photo scam, FedEx/UPS scam, IRS Notice scam and others, all calculated to get you to click on the attachment so that you will install the virus. The top five most popular spam verticals were messages related to topics of health, one-time consumer offers, phishing, foreign languages and gambling.  Pharmaceutical related spam was also strong, as well.  The U.S. remained the leading source of unsolicited e-mail, followed by Spain, Brazil, the U.K. and Germany.  Among the malware attacks affiliated with the spam, Trojan threats occupied four of the top five spots for the month.  On the bright side, spam has been even for several months, and has not increased.  If you don’t click on it, you’ll be safe.

 If you’re on YouTube and you get a message telling you that you must download a plug-in to view a video, be careful.  Many of the plug-ins are redirections to an alternate site that may contain malware.  If it’s not from a source like Adobe, Macromedia or the like, you may not want to take the chance. If you need it, go directly to the site to download.

 E-mails claiming that recipients accounts are overdrawn or have been accessed by someone else are increasing.  These e-mails attempt to trick users into running an attached file (often “instructions.zip”) which is carrying a malicious payload (such as Mal/FakeAV-BT or Mal/BredoZp-B).  The e-mail claims that access has temporarily been prevented to your account, and that you have to follow the instructions in the attached file to regain access.  Don’t.  Call your provider by telephone if you have any doubts as to your account information.

TIP:  IF IT’S NOT BROKEN, DON’T FIX IT!  You’ll notice a commonality in the Hoaxes, Security and News pages of this site.  It involves the pressure to upgrade software (such as drivers or video software) or to install new software (for example, in order to view certain types of video or graphics on a web page).  Think twice before doing so:  If everything is working fine on your computer, leave it alone!  You don’t need to upgrade, no matter what you’re told.  If you’re told to download and install software to view or play a webpage or a file, think twice - - There’s a very strong chance that your download may include malware.  Unless it’s from a major player such as Adobe, Macromedia or the like (you can verify this by going directly to their Home page, then “downloads”) you should be aware of the risk.  And, if you do upgrade or install, don’t click the boxes for “free offers” or “updates” since you’re giving them permission to e-mail you whenever they want.  Think about how badly you really want to view that web page!

 If you get an e-mail message that purports to be from a friend or family member in your address book and contains a YouTube link, beware.  That’s the tactic being used to spread a worm that can turn off your antivirus, firewall and anti-hijacking software so that it can spread.  This is a variation of the similar type of e-mail from an electronic greeting card company, or a “Hallmark card for you,” notifying you that you have an e-card from a friend.   Beware!

 According to the Federal Trade Commission, if you receive e-mails informing you that a claim has been filed with the FTC against your e-mail address, it is a virus.  The phony e-mails contain a return address of “frauddep@ftc.gov” and contain an attachment which, if opened, will install a virus that can steal passwords and account numbers.

 Over the past several years there have been many hoaxes claiming that cellphone numbers are going to be made public and that, as a result, telemarketing companies will be assaulting your with calls for which you will possibly be charged.  THIS IS NOT TRUE.  If you respond to the telephone number provided (888.382.1222), the good news is that it really is the telephone number for the national Do Not Call Registry at the FTC and that registering is simply another level of protection, not harmful.  For more information, click HERE.

 Here’s another hoax that just won’t go away:  Speed up your computer by up to 80% by disabling Windows’ QoS feature.  Not.  QoS (“Quality of Service”), which was first included in Windows 2000 was a network setting that only works with certain sites using QoS, which also has to be enabled on your computer.  When enabled, it caps your QoS bandwidth connection at 20%.  If you’re not connected to a site using QoS and it is not enabled on your computer, disabling it will have absolutely no effect on the internet speed of your computer and may actually slow it down for certain applications (like VoIP).  There is no truth to the fact that disabling QoS will free up 20% or more of your bandwidth.  Much less 80%.  And there’s no way to determine which sites use QoS, so just leave the setting alone!

 Password Stealer Targets SKYPE - If you happen to see any downloads or receive any file attachments named Skype-Defender, stay away from them.  The file, targeted at Skype Internet telephony users, is actually a Trojan that steals passwords. 

 If it LOOKS like a get-rich-quick scheme, and FEELS like a get-rich-quick scheme, then IT PROBABLY IS!  By now most of us are aware of the Nigerian Scam and its variations, but for those of us who aren’t:  BEWARE e-mail letters purporting to be from Nigeria or thereabouts asking assistance in reaching money supposedly tied up by the government and agreeing to share the proceeds if you will only send some money to help them recover the funds. 

GENERAL RULES FOR SPOTTING HOAXES:

1.  Is it a chain letter?  If so, it’s probably a hoax, no matter how well written or how slick its style.  Also, if it was obviously sent to tons of recipients, it’s probably a hoax, even if you know the sender.

2.  Does it use lots of UPPERCASE and BOLD text and repeated exclamation points !!!!!!!  If so, it’s probably a hoax.

3.  Does it claim that it “is NOT a hoax”?  Then it probably is.

4.  Does it ask you to “forward this to everyone you know”?  It’s most likely a hoax.

5.  Does it look like it was actually written by the person who sent it (if you know them), or is it identified by signature? If not, it may well be a  hoax.

6.  Does the e-mail present really important information that you’ve never heard about before (e.g. cell phone numbers going public)? It could be a hoax.

7.  Is it too good to be true?  (See “Nigerian Scam,” above)  Of course, it’s a hoax.  Especially if you’re requested to pay up front.

8.  Are there any references verifying the information or links to corroborating information, i.e. are the facts supported?  If not, you’re likely being hoaxed.  Check independent sites or sources to verify the facts. 

9.  Also, check the hoax sites and links shown below to see if it is, in fact, verified as a hoax.

10.  Same for internet hoaxes, Twitter posts, blogs and the like.  Celebrities like Jeff Goldblum, Tom Cruise, Celine Dion and Cher did not die, despite Tweets that claimed they did.  (That’s probably why subscribers were skeptical when Paul Walker’s death was tweeted.)  Many sites like Buzzfeed, Huffington Post and Upworthy propagate an internet model that feeds on celebrities and cute little internet stories that can generate income, without the verification that would be required of traditional news organizations.  Remember Manti Te’o’s fictional girlfriend that died of leukemia within hours of his grandmother’s death?  Or waitress Dayna Morales, who claimed that she didn’t get tipped because she was openly gay, but it was found that she did, in fact, get an $18 tip?  Or Linda Walther Tirado, who claimed she lived in poverty, but actually owned her home, had a job, attended a private boarding school and was married to a U.S. Marine?  Why do people do this?  Usually, money.  Morales, Tirado and others received thousands in donations after posting their plight.  Don’t be fooled - not everything you read on the internet is even close to true!

For more advice about specific types of scams and how to avoid them, go to the How To Spot Scammers page.  It’s always a good idea to check Snopes or even Reddit for the accuracy of internet posts, as the web community is quite protective.  For a comprehensive discussion about the various types of spyware, go to the Spyware page.

GENERAL RULES FOR PHISHING E-MAILS:

1.  The first thing to look for is a “mismatched URL”.  That is, if you hover the mouse over the top of the URL (web address), it should show the same address as the sender.  If not, it’s probably fraudulent.  And even if it does contain a reference to the correct domain name, make sure it’s not in a “child domain” part of the address.  Some phishers create a sub or child domain which looks official, but still directs the user to a phishing site with a fake child page that looks like the real thing but steals information or delivers malware.  For example:  BankofAmerica.com.phishingsite.com would go to the malicious URL phishingsite.com, then to the fake BankofAmerica page within that site. Or phishingsite.com/BankofAmerica.  Obviously, those sites with a URL like http://23n,ddim48282 are almost always fake.  Always check for these “polluted” URLs.  If you are overly concerned or are getting lots of these, it’s a good idea to turn off the Preview Pane in your e-mail app, as sometimes just viewing the e-mail in that pane can actually activate malicious content.  Other times you have to click on the attachment (delivery receipt, ticket or photo) to enable the payload.  Or, if you know what you’re doing, view the header content without any links or malware becoming operational, using View Source mode, but that’s a little much for most home users, as you have to actually understand what’s in the header.  Main point:  If it looks funny, just delete it.  If it’s real, they’ll get in touch with you some other way.

2.  Poor grammar or spelling of obvious items.  Most major companies spell check their communications.  Also, it your e-mail is JSDogLover and the communication starts with “Dear JSDogLover” you know that they don’t know you and that it’s probably not the name on your bank account or mail.  Or spelling $6 million by writing 6m or some other unusual shorthand. 

3. Most obviously, all of your banks and accounts already know your account number, they won’t ever ask you for it.  In fact, almost no companies, government agencies or credit bureaus will ever initiate communicating with you via e-mail.  So don’t provide information to a company that should already have that info.   If you give them the account info, then all they have to do is to get you to change your password and they’re in.

4.  If you look at the examples above, you’ll see that phishers appeal to our senses of greed and fear and are getting increasingly creative about this.  Note the FedEx/UPS package delivery scam, IRS refund scam, red light ticket scam and many others.  These are particularly dangerous, because you can’t rely on the fact that you didn’t initiate the contact, such as the scam claiming that you have won the lottery when you’ve never even purchased a ticket (they’re relying on reaching the 50% of people who have).  Phishers rely on sending out millions of e-mails and hitting even a few.  Like throwing a pot of spaghetti at the wall, some will always stick.

5.  Never send payment.  Eventually most scams will ask for money.  That’s the tip off.  Don’t do it.

6.  Don’t be deceived by threats.  No matter how official the e-mail looks, don’t believe that if you fail to respond to an e-mail, your license will be revoked, your bank account will be closed, your assets will be seized or the like.  You’d have to receive a much more official notice than this, as e-mail isn’t ever their initial contact.  The effect is to (1) scare you by pretending to be the government and (2) impart a sense of urgency to respond before you think about how silly the threat really is.  They just want you to give up information. 

Of course, this page has only scratched the surface of this subject:  For a fairly complete listing of various actual hoaxes, click on these links: Symantec    McAfee    F-Secure

ALSO: Snopes2; TruthOrFiction; About.com; Hoax-Slayer; VMyths; HoaxBusters.

Don’t forget to check out the Scammers page to learn more about how to identify and avoid scams on the Internet.

For an extensive discussion of Online Fraud Prevention - including Identity Theft, Online Scams, E-Mail scams, Phishing & Credit Card Fraud, plus more on prevention tips and resources, click HERE to go to the Host Merchant Services site.  [Thanks to Ms. Clark’s Class for the suggestion!]

Another useful and comprehensive Internet site is the “Consumer Complaint Resources: A Guide to Internet Fraud”  which is published by “Complaints List: The Consumers Voice”.  It has comprehensive links about the types of fraud, reporting fraud and prevention tips for avoiding fraud.  [Thanks to Jackie in Ms. Ward’s Class for the tip!]

Another useful and comprehensive link  is “A Collection of Computer Security and Safety Tips[Brought to my attention by  Alex, referred by Evelyn Rogers at openmedialibrary.org]

The explosion of personal data available on the Internet has created a significant danger of both credit card fraud and identity theft.  It’s important to know how to protect yourself from these dangers.  An excellent article with lots of great links on the subjects, written by Katie Colburn at Accupos can be found at "Credit Card Fraud Protection and Safety Guide"  

CLICK TO SHARE THIS PAGE

MURPHY’S LAWS OF COMPUTING #11:  The attention span of a computer is only as long as it’s electrical cord.

© Computer Coach.  All written materials are the sole property of Computer Coach (unless otherwise attributed) and no part of this website may be used in any format without the express written permission of Computer Coach.