Archives 2023

Scams and Scammers – Phones

Article (PSA-0025)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Scams and Scammers – Part 2 (Phones)

There are many types of scams and scammers you may encounter throughout your life. In the last article we talked a little bit about “Browser Hijacks” and what you can do when it happens to you. In this article we will address “Phone Scams” and in the next article we will cover email scams, better known as “phishing” emails.

In the world of scams and scammers, your personal information is the prize. Whether its your identity, bank account number or credit card number – they want it. The scammers’ intent is to sell your stolen information for money, extort you for money or steal your money directly from your accounts.

On the phone they will sound professional, helpful, kind and courteous. But their is nothing respectable about them. They are thieves pure and simple. For them the “Ends Justify the Means”. You are simply the next revenue stream to them.

You may be thinking all of this sounds rather harsh – knowledge can be powerful. You need to know what you’re up against. The solution to avoid getting scammed is going to sound rude, because you are going to need to be rude. Here is the big solution … hang up on them! Don’t engage in conversation. Once you realize that the caller is pumping you for information or attempting to get you to “go to their website” – hang up. The longer you stay on the line with them, the greater the risk. If they call you back repeatedly, hang up repeatedly. These people get paid when they talk you into giving something to them, and they can be very good at their jobs.

Microsoft is not going to call you about your computer or laptop. The bank is not going to call you to verify your account number or passwords and the state or federal government is not going to call you to verify your social security number. If your unsure whether the caller is valid, simply hang up. Then look up an official number for the organization or business and call them directly to inquire if they were trying to contact you. That’s it. Pretty simple right?

In this article we talked about phone scams, which are very easy to deal with, once you know what you’re up against. In the next article we’ll discuss email scams and what you can do to protect yourself from them.

If you have questions give PSA Computer Services a call at (707) 506-6802.

Scams and Scammers

Article (PSA-0024)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Scams and Scammers

There are many types of scams and scammers you may encounter throughout your life. Over the next three articles I would like to talk to you about three different types of scams you may encounter while browsing the web, answering the phone or checking your email.

In this article we will discuss “Browser Hijacks”.

This is a common type of scam/attack and can happen when you are using your computer to browse the web. Here’s how the scam works: when you visit a webpage, the scammers will have some type of “trigger” embedded in the webpage. These triggers are usually in the form of a link, image or ad. Have you ever heard of the term “clickbait”? That’s what these are: typically phrases, or pictures that many people cannot resist clicking on or rolling their mouse over. If you do click on them or roll over them with your mouse it will trigger a routine (execute code) which can then pop-up a dialog box with some kind of alarming text, such as “Virus Alert!”. Sometimes it will even be accompanied by alarming sounds, voices warning you that you have been infected or hacked and may even look like an antivirus software performing a scan and finding thousands of infections! Note – until you click something or call that number on the screen, YOU ARE OKAY. What you do next will determine the outcome of this browser hijack scam. Do they get what they want – your money, control of your computer and perhaps you via extortion or does it simply cost you a few minutes of your time … its up to you. So relax and ignore everything you see and hear on your computer in this moment. It’s all geared to induce a state of panic. Panicking makes it difficult for us to think clearly and more susceptible to making bad decisions and this is the goal of the scammers. Now that you’re relaxed, we have two tried and true methods of ending this “Browser Hijack” scam without actually being scammed. One is for computer savvy users, the other is for the rest of us. You’ll need to decide which one is right for you.

First way – perform a [CTRL]-[ALT]-[DELETE] key combination press and then select “Task Manager” from the displayed menu. This will, as the name states, open the Task Manager utility. This utility lists all the currently running processes on your computer. It can be configured to show “More details” or “Fewer details” by toggling the option in the lower left of the dialog status bar. Either view will work for our purposes. Scan the list of processes for the name of the browser you are using to browse the web. Common browser names are: Google Chrome, Firefox and Microsoft Edge. Right-click the browser name to display a shortcut menu. From the shortcut menu select the option “End task”. This should close your browser AND the alarming virus message. Now open the same web browser you just closed and if asked to “Restore pages … ” decline. If you restore the pages, you’ll be looking at the fake virus alert page again and starting over. If this process seems a bit complex for you, then on to the second way.

The second way. Warning – this process can cause data loss for any documents, currently open on your computer, which have not been saved. If you have data which needs to be saved, I encourage you to work through the “First way”. If you absolutely can not accomplish the first way, give me a call – the number is at the end of this article.

Okay, we are going to perform what is called a “hard stop” of your computer. Press and hold your power button for 4-6 seconds, until you hear it power off. This effectively closes all programs running on your computer – including the browser hijack. This is not ideal and should only be used as a last resort to deal with the browser hijack. Once it has powered off, simply power it back on and open the same web browser. If asked to “Restore pages … ” decline. If you restore the pages, you’ll be looking at the fake virus alert page again and starting over.

In this article we talked about browser hijack scams, which are pretty straight forward to deal with. In the next article we’ll discuss some basic phone scams and what you can do to protect yourself from them.

If you have questions give PSA Computer Services a call at (707) 506-6802.

Computer Security Software Considerations

Article (PSA-0023)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Computer Security Software Considerations
Original release date: June 10, 2023

Is more security really necessary? When is enough enough? Antivirus, spyware protection, malware protection, browser protection and firewalls, where does it all end? As we dive into this issue remember each case is different and depends on where, what and how the computer is used. So, for our discussion we will break computer security up into two categories: “online computers” and “always offline computers”.

Online Computers:
(1) If your computer is connected to a network or the internet, you should have a functioning, properly licensed and updated antivirus program. The antivirus software you choose should offer “Real Time” scanning, “Scheduled” scanning and “Manual: scanning. “Real Time” scanning allows the antivirus program to continually scan files as they move to and from your computer, and will notify you if any of the file(s) are suspicious. Think of this as “preventive protection”. “Scheduled” scanning allows you to schedule a recurring scan of all existing files (or selected files) on your computer hard disk in a systematic effort to locate suspicious files. “Manual” scanning allows you to scan a particular file or files anytime you feel it is necessary.

In the past Antivirus software was purchased and installed on your computer. This usually required an annual subscription and could become quite pricey. For those of us using a modern Windows operating system, antivirus protection is built into the operating system at no additional cost. You can still purchase antivirus protection from a third party vendor such as Symantec, McAfee and AVG, but be aware these programs have become quite expensive and massive. Worse yet, they can often render your computer unuseable.

(2) If your computer is connected to the internet, you should have a functioning, properly licensed and updated firewall. A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer using a list of rules. Some of these rules are generated automatically and others are rules we make. A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through your local network or the internet.

A “Software” firewall is installed directly on your computer. Microsoft operating systems have shipped with a software firewall built-in since the release of Windows XP service pack 2. A “Hardware” firewall, in most homes and small businesses, will be your router. With a hardware firewall there’s nothing to install on your computer. There are “paid for” firewall products available, but I would recommend taking a close look at the built in firewall of the operating system you are currently using (if it offers one) before running out and purchasing the newest firewall product. For the majority of computer users the built in firewall is more than adequate.

Non-Internet Connected Security Considerations:
If your computer will NEVER be connected to a network or the internet, EVER, then you are at liberty to relax your protection considerably, allowing more of your systems resources to be used on applications. However, there are still some very important considerations. If you will be using storage media containing files from other computers which are connected to the internet, then there is still the possibility of infection. If your computer will never be connected to the Internet, and you will never load files from another machine onto your computer, then you can bypass antivirus security software all together. If your computer will be using files from another computer then you should have an antivirus program installed.

Is More Protection Really Necessary?
In short, for a computer connected to the Internet, a single antivirus program, a single configured firewall and a healthy dose of common sense is adequate. Installing more than one antivirus program can generate a few notable issues. Let’s take a moment to look at the most critical of these issues.

(1) RAM Depletion. Each program running on your computer is using some of your system memory (RAM). The more programs running, the more RAM is used. When there is no more RAM available, your computer will begin to use your hard disk as a “type” of RAM. Hard disk access is not as fast as RAM access, and when your system has to start using the hard disk as RAM it degrades the performance of your entire system – TREMENDOUSLY!

(2) Software Conflicts. Having more than one antivirus program running on your system may result in a software conflict. If both programs are scanning your computer for “viral activity” there is a high probability they will see each other as “viral activity”, causing a software conflict. This particular problem can be extremely frustrating and can lead to the next very challenging issue.

(3) System Corruption. Files necessary to the other antivirus program can often be identified as “malicious”, and will be quarantined (made inaccessible) or removed, leaving the antivirus program corrupted. Trying to uninstall or repair a program in this state can be problematic, to say the least.

If you are unsure of your “Security” status – give PSA Computer Services a call at (707) 506-6802.

IC3 Annual Report – 2022 Internet Crime Report

Dear Reader,

Today’s cyber landscape has provided ample opportunities for criminals and adversaries to target U.S. networks, attack our critical infrastructure, hold our money and data for ransom, facilitate large-scale fraud schemes, and threaten our national security. At the FBI, we know “cyber risk is business risk” and “cyber security is national security.” There is no shortage of recent examples showing the wide-ranging economic and national security effects of cyber crimes. We have seen cyber threats emanate from around the world and witnessed the scope and sophistication of these scams and attacks deepen. As these threats increase, we continue to encourage victims to report cyber incidents and cyber-enabled frauds to the FBI so that we may impose risks and consequences on malicious cyber actors.

Because cyberattacks and cyber-enabled frauds continue to affect our everyday lives, the FBI’s Internet Crime Complaint Center (IC3) is critical to combatting the cyber threat. The IC3 serves as a public resource to submit reports of cyberattacks and incidents, which allows us to collect data, identify trends, and pursue the threat at hand. In 2022, the IC3 received 800,944 complaints, which is a 5 percent decrease from 2021. However, the potential total loss has grown from $6.9 billion in 2021 to more than $10.2 billion in 2022.

While the number of reported ransomware incidents has decreased, we know not everyone who has experienced a ransomware incident has reported to the IC3. As such, we assess ransomware remains a serious threat to the public and to our economy, and the FBI and our partners will remain focused on disrupting ransomware actors and increasing the risks of engaging in this activity. In concert, the public can play a crucial role by taking proactive measures to prevent and prepare for a potential cyber attack and, if there is an incident, by reporting it to the FBI through the IC3. Though cybercriminals are continuously seeking to make their attacks more resilient, more disruptive, and harder to counter, public reporting to the IC3 helps us gain a better understanding of the threats we face daily.

The FBI’s commitment to assisting victims of cyber crimes and cyber-enabled frauds, as well as our dedication to working with partners to combat these crimes, allows for continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2022, RAT initiated the Financial Fraud Kill Chain (FFKC) on 2,838 Business Email Compromise (BEC) complaints involving domestic-to-domestic transactions with potential losses of over $590 million. A monetary hold was placed on approximately $433 million, which represents a 73 percent success rate. In 2022, RAT saw a 64 percent increase in FFKCs initiated compared to 2021.

While the cyber threat is ever-growing, the FBI remains appreciative of those individuals and entities who report cyber incidents to the IC3, as that valuable information helps fill in gaps that are crucial to advancing our investigations. Your efforts are critical to our ability to pursue the perpetrators and share intelligence to protect your fellow citizens. Cyber is the ultimate team sport, and we are in this fight together. The FBI is relentlessly focused on promoting safety, security, and confidence into our digitally connected world, and we are eager to continue working with the American public to bring cybercriminals to justice around the globe.

Timothy Langan
Executive Assistant Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

Backup, Backup, Backup!

Article (PSA-0022)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Backup, Backup, Backup!
Original release date: March 10, 2023

Reliable backups are the backbone of your IT “Disaster Recovery Plan” and “Business Continuity Plan”. Catastrophe can hit any business, no-matter how small or big you are, and catastrophe can come in many forms such as: fire, hardware failure or “ransomware”. The more data lost, the greater the impact on your business. Part of getting your business back up and running after a disaster, is being able to restore operations to where they were before the problem occurred. Businesses who have learned the value of backups employ the 3-2-1-0 backup rule. Lets take a quick look at each one of these rules.

Rule 3: Maintain at least three copies of your data and applications. That’s the one copy you’re using and two backups. This way, if one of your backups is unavailable for any reason, you can still recover what you need in a reasonable amount of time.

Rule 2: Store your backups on at least two different types of media. One reason for this is each type of media has its own vulnerabilities, and you don’t want both of your backups susceptible to the same problem. By utilizing different media, you can reduce your exposure to the same incident preventing access to both of your backups.

Rule 1: Keep one of the backups in a different location. Consider a catastrophe at your business, such as a break-in, fire or natural disaster. If all of your backups are at the same location, they will all be affected. This can result in total data loss for your business.

Rule 0: Verify your recovery plan has zero errors. It is not uncommon for businesses to implement a backup plan but fail to verify it is performing as expected. Regular testing is critical to ensuring you can recover your business data and applications in the event of a disaster.

It doesn’t matter if you are a business or home computer user, if you have anything on your computer that matters to you, it is your responsibility to make sure you have a backup plan in place. In my 20+ years of experience in the IT industry I have seen brand new hard drives fail within 90 days of purchase. I have seen years of family pictures vanish by accidental deletion and I have seen “un-tested” backups fail to restore important business files – files which everybody “thought” were being backed up.

If you are unsure of your backup status, give PSA Computer Services a call at (707) 506-6802.

Additional information on backups:
High availability – following the backup rule
The Importance of Effective Data Backup