Sextortion, TV License, HMRC (again) and Amazon Scams
Latest Scams To Watch Out For
3 scams which are still quite prevalant at the moment to be aware of.
The first involves an email warning the recipient they have been looking at dubious websites and need to send money, via Bitcoin or similar, or have their activites advertised to the wider world. The clever aspect of this is the scammers reinforce the message by claiming they have the recipient's password on file to enable them to hack their social media accounts and notify friends and family.
What they actually have is an older password gleaned from a list which has been sold to them by hackers on criminal websites. These password lists are acquired, then redistributed, after serious data breaches of larger companies which are often reported on the news. If you get one of these emails, ignore it, but make sure you change, and are no longer using, any password the criminals clearly have access to.
The next is a TV Licensing email doing the rounds claiming you are behind on payments or similar. A series of hyperlinks then leads you off on a path which only ends in a potential loss of funds so ignore any such emails, more on this one here: TV licensing scam details
There's also been a rise in email scams coming from HMRC and Amazon so treat any emails, or text messages with links, with the utmost care. If in doubt always inspect the properties of any email sender, and links to any website addesses, very carefully for typos and accuracy.
End of Life for Windows 7
Unfortunately Microsoft have announced there will be no further security updates beyond January 14 2020 so there are implications for all Windows 7 users. It’s a bit of a shame as Windows 7 is still widely used and arguably still Microsoft’s best operating system to date (we've always recommended it and are still using it here at Ptnsystems) but once the security fixes stop coming, it effectively makes this operating system obsolete.
Luckily Windows 10 has addressed most of the issues which came with Windows 8 (the rather poor successor to Windows 7) and is the only real option when it comes to upgrading. At the time of writing it looks like Windows 10 will get extended support until Oct 2025.
It doesn't necessarily mean the end of your current computer/laptop as many newer devices will take the upgrade but worth planning ahead and putting the date in your diary so you have time to prepare.
Here’s a link with more details from Microsoft: https://support.microsoft.com/en-gb/help/4057281/windows-7-support-will-end-on-january-14-2020
Chrome Extension, Warning of Impending Doom
We've seen a few recent cases of clients' computers showing rather alarming screens within the Chrome browser announcing their PC is about to self destruct and to call a telephone number within a certain time frame or risk losing everything. In all cases we've seen it has proven nothing more than a scam created via a browser extension in Chrome.
The alarming audio and screen can be shutdown using task manager, and resetting Chrome to its default settings gets rid of all extensions, it's then a good idea to do a full scan with anti-virus and anti-malware software, just to be sure.
Passwords and Encryption
Password protected files are not the same as encrypted files (which offer a whole different level of security). Information sent to and from encrypted websites, and via encrypted email, is also a lot more secure, so here's some basic differences explained.
Passwords have been around for a long time and offer a "better than nothing" defence against intruders; the problem is passwords alone, once cracked, obtained or discovered, allow any data to be easily read. Think about a common scenario, your PC's operating system breaks and we need to transfer data from your old hard drive to a new PC, do we need your password to access your data? No, it's simply a matter of changing permissions on your old hard drive. However if you had encrypted your data we would need a "key" to decrypt it.
Sounds great but there's no "back door" so if you don't have the key, or the password that generated it, no-one can access it.
Passwords and encryption are often used interchangeably but without going into detail (and encryption is detailed), suffice it to say that a password protected Excel file is quite easy to open without the password but an Excel file on an encrypted drive/USB stick is pretty much impossible to access. Passwords are used with encryption but only to generate the "key" which scrambles the data, passwords alone do none of the scrambling.
Microsoft provides Bitlocker for encryption purposes on its later Windows operating systems, there are also plenty of encrypted USB devices (starting around £20) and NAS (Network Attached Storage) boxes which provide an alternative. Encryption can slow things down and have other side effects so no need to encrypt everything, you could get a couple of encrypted USB's and store any sensitive data on those, safe in the knowledge that should they get lost or stolen, the data is safe.
Website addresses starting HTTPS:// (note the S) show the traffic to and from them is being encrypted in transit, your email software will be using SSL/TLS if this is using encryption in transit.
Laptop Desktop or Tablet ?
Laptop, Tablet or Desktop?
A question we are often asked when it comes to choosing a new or replacement PC so here’s a few pointers which may help in the decision process.
Probably the most important factors are space and portability. Obviously if you need to work on the move then laptops/tablets are the choice but you probably don’t need the burden of a laptop if you are only sending email and web browsing.
Tablets, such as Ipads and their Android counterparts, are generally much quicker to turn on, have longer battery life than laptops and, due to their operating systems, are less of a worry when it comes to viruses and malware. Unfortunately the very operating system that gives them those advantages also means you cannot always install the same software as on your desktop PC or laptop, so compatibility can be an issue. They are also a bit uncomfortable to work on for long periods due to their size and, whilst keyboard attachments are available, it’s not the same as working on a standard size keyboard. The other main reason to choose a laptop/tablet over a desktop would be if space is an issue as they obviously have a much smaller footprint and require less cabling.
All laptops running on Windows operating systems can generally operate in the same way as a desktop PC. Be aware though that if you buy a modern laptop it may not have a CD/DVD drive, something to consider if you have lots of software/music on CD’s/DVD’s. Also, laptops and tablets normally come complete with built in Wi-Fi, Bluetooth and cameras, all of which are normally additional items to buy on desktops, if required.
So it sounds like the end of the road for the desktop PC but not so, there are a few areas where their lighter, skinnier cousins fall short. Firstly longevity, due to their size there is less room for cooling and the circulation of air on a laptop and the inbuilt nature of their construction, means repair is generally far more difficult, and costly.
Desktop PC’s are generally more ergonomically friendly and, with their full size keyboards and mice, it means longer periods of work are less of a chore. Component failure is less of a problem on a desktop PC and it’s much easier to configure multiple screens and other external devices. Upgrading the internals is less common these days, but still far easier on a desktop.
Whilst, the laptop/tablet may look like the obvious choice you may find the old desktop PC actually suits your needs better in the long run.
Ransomware in the News Again
After the first major ransomware outbreak last year we advised our clients to take some extra precautionary measures to guard against future attacks and mitigate the effects of such. Depending on your IT infrastructure we would advise taking some/all of the following precautions:
1. Blocking many of the known sources of such outbreaks via router blocking, attachment blocking - if your broadband router allows.
2. Guarding against infection from removable media - always scan USB drives and CD/DVD's before use.
3. Do not use important business machines for casual Internet browsing as well as vigilance regarding emails, attachments and links - check the sender's email address and if in doubt do not open attachments and click hyperlinks.
4. Regular server/workstation maintenance to check for any obvious malfunctions/software failures.
5. Cloning important workstations/servers to reduce the impact should infection occur.
6. Check Windows operating systems and Antivirus are up to date.
The most recent outbreak seems to have targeted Windows XP, support and updates for which ceased some time ago. This doesn't mean you need rush out and upgrade your Windows 7 or Windows 8 PC as support for these is still current. Jumping to a Mac won't save you either as there has been a progressive rise in the number of malware/ransomware attacks aimed at the more expensive Windows alternative.
Online data backups may seem like a safe bet but there have been many real world cases of the ransomware getting its hands on those once it found all the network locations connected to the infected machine.
As ever always backup your data to an external device, disconnected from your main system for peace of mind and/or consider regularly cloning your important servers/workstations to mitigate the effects of a complete loss due to ransomware infection.
Websites and Online Marketing
Most businesses have some form of web presence these days, usually in the form of a website. This often forms the company’s “shopfront” and conveys the overall branding of the company or individual concerned. The end users’ ability to find key information quickly and clearly (on all devices) should not be underestimated with any negative experiences reflecting badly on your brand.
A few basic things we would advise to check objectively:
1. Does your website work on phones, tablets and desktops (tablets and phones can easily make up 50% of your traffic)?
2. Can the end user find your telephone number easily?
3. Do you have a contact form on the website, and do you answer those emails quickly (we would advise against having a readable email address on the site as spambots love these)?
4. Does your website, email signatures, signage, business cards and other literature look consistent with the same colours, logos and fonts?
5. Do you have good quality images of your business; poor quality images can be worse than none for the end users?
6. Is the information on your website relevant and is the most important information easy to find, less is often more with text and excessive text is a sure fire way of people moving on?
Google Analytics is a free script that can be added to your website which, in time, will reveal a great deal about your website and how end-users are interacting with it. Google’s webmaster tools can also give you invaluable insights into performance and how your website is viewed by the world’s most influential search engine.
Google AdWords (search engine paid adverts)
Your website will (hopefully) no doubt appear somewhere in search results when people look for your products and services, but the ads at the top and bottom of the page are there due to paid advertising by competitors. Don’t assume by having a website that potential customers are casually browsing it as, the further down the search results your page lies, the less likely you are to be found. Online web advertising can seem the preserve of the “big boys” but many people don’t realise it is quite feasible to setup a campaign with a budget of a few pounds a day, you can also turn your ads on and off whenever you like. Advertising can also targeted at certain areas and scheduled to run at certain times as well as many other configurable options.
We've had two recent cases where businesses have fallen foul of a new strain of ransomware which encrypts data and holds the victims to ransom demanding payment in Bitcoin to their Russian bank accounts. Whilst the infection is quite easy to remove, the data is rendered useless without the other half of a digital encryption key. The latest encryption uses an algorithm so complex it makes it almost mathematically impossible to break; this gives the victim two choices, pay the ransom or recover your data from backups.
There is plenty of detailed information on the web regarding the history and current status of ransomware, but suffice it to say there are many high profile cases in the news, on a daily basis, making this one of the biggest threats to business and home users alike. Here's a quick breakdown of what we know about the latest ransom-ware outbreaks:
1. Spread via compromised websites, with code contained in ads; news reports even claim ransomware has been found on some high profile sites including the BBC, the New York Times, MSN and AOL.
2. Another popular means of delivery is via email attachments, praying on people’s inquisitive nature tricking them to open disguised PDF, Word and Excel documents containing the code (social engineering).
3. Once the code is run, the program immediately encrypts as much data as it can, sending the key back to the originators thus rendering all your data useless.
Here’s the bad news:
1. Regarding the latest versions of ransomware, at the time of writing, there is no known way to decrypt your data once encrypted, apart from paying the ransom.
2. The virus circumvents anti-virus software, in both cases we have witnessed, the client had current, business grade anti-virus running.
3. Whilst there are a couple of products in development, none of the current anti-virus vendors have a solution other than restoring data from backups.
4. Ransomware can affect Windows, mobile phones, Mac’s, Linux and NAS systems.
5. All backups attached to the infected system, including cloud based backups, can be rendered useless via ransomware.
6. Whilst only a small percentage of business and users are thought to have paid the ransom, this is thought to be so widespread that it has netted millions to date. This probably makes it one of the biggest threats as there is now a financial incentive to its circulation, versions of the malware are now selling on the dark web with entrepreneurial cyber-crooks taking a commission on monies earned.
On both occasions we were able to recover important data from external, disk based backups that had not been in contact with infected systems, but not without considerable inconvenience and time lost. Ultimately there is no magic fix that will protect you from this threat; no anti-virus can stop all versions of it and once on your system it will wreak havoc in seconds. At the time of writing all we can advise is to be extremely vigilant when it comes to web browsing and opening of email attachments, even from friends and business associates; always scan external memory devices before use, using up-to-date anti-virus and/or malware detection software such as Malwarebytes and make sure all important data is regularly backed up to an external source.
Updates to follow.
You can also check the current status of this threat on Google News here.
Responsive Web Design
And Online Advertising for Your Business
Our website design and online marketing business has been extremely busy this year, having taken on some major clients. With online marketing replacing many of the more traditional, paper based advertising methods, we’ve seen an increase in demand for AdWords’ campaigns and the creation of business pages within well known social media environments.
The recent announcement that Google would actively favour responsive websites, together with the enormous rise in the use of smartphones and tablets, has made this one of the more important aspects of modern web design. Google Adword campaigns can also be finely tuned to make sure your advertising is tightly focused on key areas such as location and demographic. These campaigns can also be far less expensive than you think with small daily budgets, and often gain far greater exposure than other advertising methods. Using analytics you can also review your website’s performance, how clients are interacting and see how improvements can be made. If your business needs any help with website design, artwork, online advertising or marketing please call or email and have a look at our website for more details.
Our Findings So Far
Those of you who aren’t already using Windows 10, you may have an icon in your system tray on the bottom right of your screen, and/or regular pop-ups, encouraging you to upgrade. Our suggestion regarding Windows 10, is only to upgrade if you are running Windows 8 or 8.1, as these were Microsoft’s poor attempt at making an OS (operating system) to cover all devices including desktops, phones, touch screens and tablets.
Windows 8 and 8.1 (slight improvement) were quickly identified as another of those upgrades to avoid, along with Vista and Windows ME, for those of you old enough to remember. Thankfully Windows 10 re-establishes some of the functionality those OS’s removed and looks to be a big improvement on its predecessors.
Having said that, we have seen quite a number of machines which have failed mid upgrade so it’s the usual case of ensuring your data is fully backed up before attempting this upgrade and probably not prudent to do this the day before an important presentation.
Our experience so far has concluded that Windows 8 machines benefit from being upgraded to Windows 8.1 then fully updated, before moving on to the Windows 10 upgrade, as this has proven less troublesome. For those of you running Windows 7 our advice would be to hold off until Windows 10 is more established and Windows 7 no longer has the functionality that only Windows 10 can provide.
Here at PTN we have looked at Windows 10 and concluded there is no benefit to ourselves in upgrading, therefore it’s not worth the time and risk involved at this stage.
The New Software Model
We often see both desktops and laptops that need to be re-built because of the age of the machine, hardware faults or malware & viruses.
In the good old days of CD’s, the procedure was pretty straightforward; back up the users data, install programs using the CD’s & licence key’s, install anti-virus, anti-malware, cleaning programs and then run any updates.
Recently things are taking a bit longer as some of the familiar programs like Microsoft Office are now only available as a subscription service and/or downloaded from the Microsoft website using login details i.e. an email address and password. If you do use any subscription services for the likes of Microsoft, Adobe , Apple etc. it is a good idea to print any email confirmations of purchases together with any license keys as it can be very time consuming trying to find these in the future, should you need to re-install. Some clients have even had to re-purchase software due to them being unable to find license information and proof of purchase.
A Bit of a Story
Another alarming report we had from a customer recently is that his trip to a checkout at a large computer retailer involved him being told he had to buy security software and subscriptions to Microsoft for their Office programs, this is nothing more than scaremongering and a dubious sales technique at best.
You may want to use Microsoft Office on your new device but yearly subscriptions to the latest version are not the only option, you can buy a previous version such as 2007 or 2010 and install it the old fashioned way or even use one of the free alternatives such as Open Office.
We've been using Microsoft’s free Security Essentials for some time and it is perfectly adequate for most scenarios, in fact the most expensive versions of well-known security software can actually slow down your PC and still fail when it comes to malware. As ever, be careful when it comes to browsing websites and installing software.
Premium Rate Calls and Spam
A Real Money Saver
It’s a common practice to charge premium rates when calling company helplines with many 0845 and 0870 numbers being very expensive to dial. There is an often an alternative number which can get you connected without having to pay through the nose whilst on hold. Have a look at this website www.saynoto0870.com and, using the search facility, you can reduce the pain of calling support lines.
With so many online purchases being made, you will nearly always need to input an email address at some stage of the checkout process. Unless you want to receive a boat load of marketing emails shortly afterwards, always look for the marketing check-boxes and make sure you haven’t allowed the seller to circulate your email address to every possible sales company in the known universe.
USB Device Security
Watch Those Pen Drives
This has always been a concern in business environments in regards to viruses and data security, but USB is starting to make the news more as a potential for malware infection on home PC’s. Recent reports have shown it is possible for USB sticks and devices to contain code that trick the PC into thinking a keyboard has been plugged in, the “keyboard” then instructs the computer to go online and start downloading further malware. USB sticks should be scanned before any files or folders are opened on them, it only takes a few seconds and can save a lot of problems later.
To scan a USB drive: open My Computer, from there you can normally right click on the icon and select scan for viruses, this should scan the USB device and report back.
If you tend to transfer data between computers using your own USB stick or external drive, it pays to scan them for malware and viruses regularly and not assume they are free of nasties just because you haven’t seen evidence of infection. Businesses with servers can disable all USB devices with Group Policies, something we always advise to do.
Bad Code in Word and Excel
There has been a rise in macro viruses spread through the usual channel of email attachments, normally in the form of Word or Excel documents. Macro code can be included in Word or Excel documents which can then be used for malicious purposes, typically a user opens an attachment and is then asked to enable macros via Microsoft Word, if the user agrees the malicious code is executed.
Macro security, with Word and Excel, can be found in the Trust Centre settings under File / Options / Trust Centre Settings and should be set to disable with notification unless there is a good reason for not doing so. As always, be extra vigilant if you receive an attachment via email, but macros are not always bad and are an excellent way of recording and storing repetitive tasks when using Microsoft’s Office programs.
Phone and Tablet Life
Screens and Battery Life
Modern phones and tablets use a lot of battery resources if the Wi-Fi and Bluetooth are left on, try turning them off when not needed. Apple have made this even easier on the new IPhone by simply dragging your finger up from the bottom of the screen whereby you can quickly access the on/off buttons for Wi-Fi and Bluetooth, other brands have similar gestures giving the user quick access to these power hungry components.
Screen Cleaning - If your computer, phone or tablet screen needs a clean, try some hand cleaning gel and/or a clean cloth dampened with water from the kettle once it has cooled down. Always try a small area first and needless to say too much water and computers don’t mix well.
Encryption Viruses and Phone Scams
Calls from the Blue
We are starting to see more encryption viruses appear, these are generally spread by the usual channels of a convincing looking email from a bank, building society, DHL, HMRC or other business or government body. Please be extra vigilant with any email attachments and if in doubt do not open anything suspicious, you are welcome to call us if you have any concerns over a particular email or attachment.
Microsoft Phone Call Scam - This has been around for a while but continues to catch people out, Microsoft will NEVER call you out of the blue. If someone calls you saying they are from Microsoft, or similar, and knows of problems with your computer the best course of action is to gently put the phone down, go and make a cup of tea and hope they have gone by the time you return. Some of our customers have recently been duped by these convincing scammers, and lost money, so always be wary and by all means give our office a quick call for free advice on any such matter.