Scams and Scammers – Phones

Article (PSA-0025)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Scams and Scammers – Part 2 (Phones)

There are many types of scams and scammers you may encounter throughout your life. In the last article we talked a little bit about “Browser Hijacks” and what you can do when it happens to you. In this article we will address “Phone Scams” and in the next article we will cover email scams, better known as “phishing” emails.

In the world of scams and scammers, your personal information is the prize. Whether its your identity, bank account number or credit card number – they want it. The scammers’ intent is to sell your stolen information for money, extort you for money or steal your money directly from your accounts.

On the phone they will sound professional, helpful, kind and courteous. But their is nothing respectable about them. They are thieves pure and simple. For them the “Ends Justify the Means”. You are simply the next revenue stream to them.

You may be thinking all of this sounds rather harsh – knowledge can be powerful. You need to know what you’re up against. The solution to avoid getting scammed is going to sound rude, because you are going to need to be rude. Here is the big solution … hang up on them! Don’t engage in conversation. Once you realize that the caller is pumping you for information or attempting to get you to “go to their website” – hang up. The longer you stay on the line with them, the greater the risk. If they call you back repeatedly, hang up repeatedly. These people get paid when they talk you into giving something to them, and they can be very good at their jobs.

Microsoft is not going to call you about your computer or laptop. The bank is not going to call you to verify your account number or passwords and the state or federal government is not going to call you to verify your social security number. If your unsure whether the caller is valid, simply hang up. Then look up an official number for the organization or business and call them directly to inquire if they were trying to contact you. That’s it. Pretty simple right?

In this article we talked about phone scams, which are very easy to deal with, once you know what you’re up against. In the next article we’ll discuss email scams and what you can do to protect yourself from them.

If you have questions give PSA Computer Services a call at (707) 506-6802.

Scams and Scammers

Article (PSA-0024)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Scams and Scammers

There are many types of scams and scammers you may encounter throughout your life. Over the next three articles I would like to talk to you about three different types of scams you may encounter while browsing the web, answering the phone or checking your email.

In this article we will discuss “Browser Hijacks”.

This is a common type of scam/attack and can happen when you are using your computer to browse the web. Here’s how the scam works: when you visit a webpage, the scammers will have some type of “trigger” embedded in the webpage. These triggers are usually in the form of a link, image or ad. Have you ever heard of the term “clickbait”? That’s what these are: typically phrases, or pictures that many people cannot resist clicking on or rolling their mouse over. If you do click on them or roll over them with your mouse it will trigger a routine (execute code) which can then pop-up a dialog box with some kind of alarming text, such as “Virus Alert!”. Sometimes it will even be accompanied by alarming sounds, voices warning you that you have been infected or hacked and may even look like an antivirus software performing a scan and finding thousands of infections! Note – until you click something or call that number on the screen, YOU ARE OKAY. What you do next will determine the outcome of this browser hijack scam. Do they get what they want – your money, control of your computer and perhaps you via extortion or does it simply cost you a few minutes of your time … its up to you. So relax and ignore everything you see and hear on your computer in this moment. It’s all geared to induce a state of panic. Panicking makes it difficult for us to think clearly and more susceptible to making bad decisions and this is the goal of the scammers. Now that you’re relaxed, we have two tried and true methods of ending this “Browser Hijack” scam without actually being scammed. One is for computer savvy users, the other is for the rest of us. You’ll need to decide which one is right for you.

First way – perform a [CTRL]-[ALT]-[DELETE] key combination press and then select “Task Manager” from the displayed menu. This will, as the name states, open the Task Manager utility. This utility lists all the currently running processes on your computer. It can be configured to show “More details” or “Fewer details” by toggling the option in the lower left of the dialog status bar. Either view will work for our purposes. Scan the list of processes for the name of the browser you are using to browse the web. Common browser names are: Google Chrome, Firefox and Microsoft Edge. Right-click the browser name to display a shortcut menu. From the shortcut menu select the option “End task”. This should close your browser AND the alarming virus message. Now open the same web browser you just closed and if asked to “Restore pages … ” decline. If you restore the pages, you’ll be looking at the fake virus alert page again and starting over. If this process seems a bit complex for you, then on to the second way.

The second way. Warning – this process can cause data loss for any documents, currently open on your computer, which have not been saved. If you have data which needs to be saved, I encourage you to work through the “First way”. If you absolutely can not accomplish the first way, give me a call – the number is at the end of this article.

Okay, we are going to perform what is called a “hard stop” of your computer. Press and hold your power button for 4-6 seconds, until you hear it power off. This effectively closes all programs running on your computer – including the browser hijack. This is not ideal and should only be used as a last resort to deal with the browser hijack. Once it has powered off, simply power it back on and open the same web browser. If asked to “Restore pages … ” decline. If you restore the pages, you’ll be looking at the fake virus alert page again and starting over.

In this article we talked about browser hijack scams, which are pretty straight forward to deal with. In the next article we’ll discuss some basic phone scams and what you can do to protect yourself from them.

If you have questions give PSA Computer Services a call at (707) 506-6802.

Computer Security Software Considerations

Article (PSA-0023)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Computer Security Software Considerations
Original release date: June 10, 2023

Is more security really necessary? When is enough enough? Antivirus, spyware protection, malware protection, browser protection and firewalls, where does it all end? As we dive into this issue remember each case is different and depends on where, what and how the computer is used. So, for our discussion we will break computer security up into two categories: “online computers” and “always offline computers”.

Online Computers:
(1) If your computer is connected to a network or the internet, you should have a functioning, properly licensed and updated antivirus program. The antivirus software you choose should offer “Real Time” scanning, “Scheduled” scanning and “Manual: scanning. “Real Time” scanning allows the antivirus program to continually scan files as they move to and from your computer, and will notify you if any of the file(s) are suspicious. Think of this as “preventive protection”. “Scheduled” scanning allows you to schedule a recurring scan of all existing files (or selected files) on your computer hard disk in a systematic effort to locate suspicious files. “Manual” scanning allows you to scan a particular file or files anytime you feel it is necessary.

In the past Antivirus software was purchased and installed on your computer. This usually required an annual subscription and could become quite pricey. For those of us using a modern Windows operating system, antivirus protection is built into the operating system at no additional cost. You can still purchase antivirus protection from a third party vendor such as Symantec, McAfee and AVG, but be aware these programs have become quite expensive and massive. Worse yet, they can often render your computer unuseable.

(2) If your computer is connected to the internet, you should have a functioning, properly licensed and updated firewall. A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer using a list of rules. Some of these rules are generated automatically and others are rules we make. A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through your local network or the internet.

A “Software” firewall is installed directly on your computer. Microsoft operating systems have shipped with a software firewall built-in since the release of Windows XP service pack 2. A “Hardware” firewall, in most homes and small businesses, will be your router. With a hardware firewall there’s nothing to install on your computer. There are “paid for” firewall products available, but I would recommend taking a close look at the built in firewall of the operating system you are currently using (if it offers one) before running out and purchasing the newest firewall product. For the majority of computer users the built in firewall is more than adequate.

Non-Internet Connected Security Considerations:
If your computer will NEVER be connected to a network or the internet, EVER, then you are at liberty to relax your protection considerably, allowing more of your systems resources to be used on applications. However, there are still some very important considerations. If you will be using storage media containing files from other computers which are connected to the internet, then there is still the possibility of infection. If your computer will never be connected to the Internet, and you will never load files from another machine onto your computer, then you can bypass antivirus security software all together. If your computer will be using files from another computer then you should have an antivirus program installed.

Is More Protection Really Necessary?
In short, for a computer connected to the Internet, a single antivirus program, a single configured firewall and a healthy dose of common sense is adequate. Installing more than one antivirus program can generate a few notable issues. Let’s take a moment to look at the most critical of these issues.

(1) RAM Depletion. Each program running on your computer is using some of your system memory (RAM). The more programs running, the more RAM is used. When there is no more RAM available, your computer will begin to use your hard disk as a “type” of RAM. Hard disk access is not as fast as RAM access, and when your system has to start using the hard disk as RAM it degrades the performance of your entire system – TREMENDOUSLY!

(2) Software Conflicts. Having more than one antivirus program running on your system may result in a software conflict. If both programs are scanning your computer for “viral activity” there is a high probability they will see each other as “viral activity”, causing a software conflict. This particular problem can be extremely frustrating and can lead to the next very challenging issue.

(3) System Corruption. Files necessary to the other antivirus program can often be identified as “malicious”, and will be quarantined (made inaccessible) or removed, leaving the antivirus program corrupted. Trying to uninstall or repair a program in this state can be problematic, to say the least.

If you are unsure of your “Security” status – give PSA Computer Services a call at (707) 506-6802.

IC3 Annual Report – 2022 Internet Crime Report

Dear Reader,

Today’s cyber landscape has provided ample opportunities for criminals and adversaries to target U.S. networks, attack our critical infrastructure, hold our money and data for ransom, facilitate large-scale fraud schemes, and threaten our national security. At the FBI, we know “cyber risk is business risk” and “cyber security is national security.” There is no shortage of recent examples showing the wide-ranging economic and national security effects of cyber crimes. We have seen cyber threats emanate from around the world and witnessed the scope and sophistication of these scams and attacks deepen. As these threats increase, we continue to encourage victims to report cyber incidents and cyber-enabled frauds to the FBI so that we may impose risks and consequences on malicious cyber actors.

Because cyberattacks and cyber-enabled frauds continue to affect our everyday lives, the FBI’s Internet Crime Complaint Center (IC3) is critical to combatting the cyber threat. The IC3 serves as a public resource to submit reports of cyberattacks and incidents, which allows us to collect data, identify trends, and pursue the threat at hand. In 2022, the IC3 received 800,944 complaints, which is a 5 percent decrease from 2021. However, the potential total loss has grown from $6.9 billion in 2021 to more than $10.2 billion in 2022.

While the number of reported ransomware incidents has decreased, we know not everyone who has experienced a ransomware incident has reported to the IC3. As such, we assess ransomware remains a serious threat to the public and to our economy, and the FBI and our partners will remain focused on disrupting ransomware actors and increasing the risks of engaging in this activity. In concert, the public can play a crucial role by taking proactive measures to prevent and prepare for a potential cyber attack and, if there is an incident, by reporting it to the FBI through the IC3. Though cybercriminals are continuously seeking to make their attacks more resilient, more disruptive, and harder to counter, public reporting to the IC3 helps us gain a better understanding of the threats we face daily.

The FBI’s commitment to assisting victims of cyber crimes and cyber-enabled frauds, as well as our dedication to working with partners to combat these crimes, allows for continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2022, RAT initiated the Financial Fraud Kill Chain (FFKC) on 2,838 Business Email Compromise (BEC) complaints involving domestic-to-domestic transactions with potential losses of over $590 million. A monetary hold was placed on approximately $433 million, which represents a 73 percent success rate. In 2022, RAT saw a 64 percent increase in FFKCs initiated compared to 2021.

While the cyber threat is ever-growing, the FBI remains appreciative of those individuals and entities who report cyber incidents to the IC3, as that valuable information helps fill in gaps that are crucial to advancing our investigations. Your efforts are critical to our ability to pursue the perpetrators and share intelligence to protect your fellow citizens. Cyber is the ultimate team sport, and we are in this fight together. The FBI is relentlessly focused on promoting safety, security, and confidence into our digitally connected world, and we are eager to continue working with the American public to bring cybercriminals to justice around the globe.

Timothy Langan
Executive Assistant Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

Backup, Backup, Backup!

Article (PSA-0022)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Backup, Backup, Backup!
Original release date: March 10, 2023

Reliable backups are the backbone of your IT “Disaster Recovery Plan” and “Business Continuity Plan”. Catastrophe can hit any business, no-matter how small or big you are, and catastrophe can come in many forms such as: fire, hardware failure or “ransomware”. The more data lost, the greater the impact on your business. Part of getting your business back up and running after a disaster, is being able to restore operations to where they were before the problem occurred. Businesses who have learned the value of backups employ the 3-2-1-0 backup rule. Lets take a quick look at each one of these rules.

Rule 3: Maintain at least three copies of your data and applications. That’s the one copy you’re using and two backups. This way, if one of your backups is unavailable for any reason, you can still recover what you need in a reasonable amount of time.

Rule 2: Store your backups on at least two different types of media. One reason for this is each type of media has its own vulnerabilities, and you don’t want both of your backups susceptible to the same problem. By utilizing different media, you can reduce your exposure to the same incident preventing access to both of your backups.

Rule 1: Keep one of the backups in a different location. Consider a catastrophe at your business, such as a break-in, fire or natural disaster. If all of your backups are at the same location, they will all be affected. This can result in total data loss for your business.

Rule 0: Verify your recovery plan has zero errors. It is not uncommon for businesses to implement a backup plan but fail to verify it is performing as expected. Regular testing is critical to ensuring you can recover your business data and applications in the event of a disaster.

It doesn’t matter if you are a business or home computer user, if you have anything on your computer that matters to you, it is your responsibility to make sure you have a backup plan in place. In my 20+ years of experience in the IT industry I have seen brand new hard drives fail within 90 days of purchase. I have seen years of family pictures vanish by accidental deletion and I have seen “un-tested” backups fail to restore important business files – files which everybody “thought” were being backed up.

If you are unsure of your backup status, give PSA Computer Services a call at (707) 506-6802.

Additional information on backups:
High availability – following the backup rule
The Importance of Effective Data Backup

Printer Installation 101 – (WiFi)

Article (PSA-0021)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Printer Installation 101 – (WiFi)
Original release date: December 10, 2022

In our last article, Printer Installation 101 – (USB and Ethernet), we discussed the basic process on how to setup a printer via USB connection and Ethernet connection. In this article we will address setting up a WiFi enabled printer on your WiFi network.

Basic preparation for installing most WiFi printers will include: knowing your WiFi network name (SSID) and having your WiFi connection password. Also, on initial configuration you will want your WiFi printer close to your WiFi router (or access point). Within four feet with clear line of sight will be fine for our purposes. In addition to having the printer installation software available for your make and model of printer, ensure your computer(s) are connected to the same WiFi network you will be connecting the printer too.

There are two common WiFi printer setups you are most likely to encounter – printers “with a touchscreen” and printers “without a touchscreen”.

1. Setting up a printer with a “touchscreen”.
If your WiFi printer has a touchscreen you will need to go into the menu system to access and configure the printers WiFi connection properties. Most of the menu systems are pretty intuitive but can vary greatly – so at this point you may need to refer to your printer user manual for specifics on where to enter your WiFi connection information. Once you are in the correct menu for configuring your printers WiFi connection settings, you will either select your network from a list offered by the printer menu or you will need to enter in the name of your WiFi network manually. If you have to enter it in, make sure it matches exactly! Next, you will be prompted to enter your WiFi connection key (password). Again, make sure you enter it exactly … passwords are case sensitive. If all went well, your printer should now be connected to your WiFi network. You can now unplug your WiFi printer and move it to any location you want, as long as it is within your WiFi network coverage range. There is still more to do before you can print to it though … but for those of you who have successfully completed this step – please skip to step 3.

2. Setting up a printer without a “touchscreen”.
If your WiFi printer does not have a touchscreen, then it will attempt to connect to your WiFi network using technology called WiFi Protected Setup or (WPS). Your WiFi router (or access point) will need to offer this technology for you to successfully connect your printer. If you are unsure whether your WiFi router offers WPS, please refer to your router user manual. Assuming your router offers WPS, the first step is to put your printer in WPS mode. This is usually accomplished by pushing a button on your printer (refer to your printer manual). Next you will need to put your router in WPS mode within two minutes by pushing the provided WPS button. Each WPS enabled printer will offer a visual queue to indicate whether it has successfully connected to your WiFi network or not. Please refer to your printer manual for specifics. Most printers will usually have a blinking light while connecting – which then turns solid once connected. If all went well, your printer should now be connected to your WiFi network. You can now unplug your WiFi printer and move it to any location you want, as long as it is within your WiFi network coverage range.

3. Finally, setting up your computer to print to your WiFi printer.
Run the installation software that came with your printer (or you downloaded from the manufacturers website) on your computer. Each installation setup can be slightly different. If asked what type of installation your are performing (USB, Ethernet or WiFi), choose WiFi. The software will use your computers WiFi network connection to look for your WiFi printer. That is why it is critical that your printer be on the same WiFi network as your computer(s). If all goes well, the installation software should present you with the option to choose your printer from a list. Once you select your printer the installation should proceed with minimal input from you. If there are multiple printers on your WiFi network, you may be asked to choose the correct printer from a list. The printer you want will usually be distinct based on the make and model. Once the installation is completed you can open up Notepad (or the text editor of your choice) type a word or two and hit print. If all went well your printer should jump to life and produce a copy of your document.

Setting up a printer can be challenging if technology is not your thing. This walkthrough is very generalized and may not be sufficient to help with all installation scenarios. If you run into a problem installing your new WiFi printer and feel you need some help, give PSA Computer Services a call at (707) 506-6802.

Printer Installation 101 – (USB and Ethernet)

Article (PSA-0020)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: Printer Installation 101 – (USB and Ethernet)
Original release date: September 12, 2022

So you got that new printer and your thinking … now what? Well don’t panic, depending on how you want to use your printer this should be pretty straight forward. Let’s take a look at the two most common printer setups.

1. You will use your printer on one and only one computer (desktop or laptop).

When you buy a consumer grade printer today it will usually provide, at a minimum, one of these three connection methods: USB, Ethernet or WiFi (or some combination of those three or all three). There are other connection methods, but we will only be addressing these three methods over the next couple of articles.

Setting up your printer directly connected to your computer using USB is the easiest setup, but comes with limitations on where you can put your printer. Typically the USB cable that comes with your printer will be 3 to 6 feet long. That’s not much length to work with, but if that works for you then simply pop the installation disk into your computer (or go online and download the drivers to your computer – the web address will be in the instructions – yes, you should review them as well!). Then run the setup program. The most common software setup routine will be to run the printer setup software BEFORE PLUGGING YOUR USB CABLE INTO THE COMPUTER. At some point in the printer software installation you will be instructed to plug the provided USB cable into the printer and your computer. The software installation will continue once the printer is detected. From there follow the on-screen instructions and once completed you should have the ability to print – congratulations!

(Note on USB printers. USB printers can be shared to other users located on the same network. This setup can produce setup issues and is therefore not covered in this walkthrough. If you would like more information on this type of setup, please give us a call.)

The setup process for a network printer will be the same whether it’s for one or many computers to access it – so we will just skip to section 2 for the ethernet network walkthrough.

2. You will use your printer on one or more computers (desktop or laptop).

Network printer installation is a little more involved. Network printers offer flexibility on where you can put your printer – especially the WiFi variety, but can require a little more work to setup. In this article I will cover ethernet installation only. WiFi installation will be more involved and we’ll take a look at that in my next article.

Setting up your printer on your ethernet network consists of first connecting your printer to an ethernet cable which is connected to your router. Now pop the installation disk into your computer (or go online and download the drivers to your computer – the web address will be in the instructions – yes, you should review them as well!). Then run the setup program. At some point in the printer software installation you will be instructed to choose a printer from a list of available network printers (unless there is only one). The software installation will continue once your new printer is selected. From there follow the on-screen instructions and once completed you should have the ability to print from this computer – congratulations! Run the exact same setup process on any other computer, on the same network, you want to have the ability to print. Congratulations again! Tune in next time as we tackle setting up a WiFi printer.

IC3 Annual Report – 2021 Elder Fraud Report

Dear Reader,

Working with the Department of Justice Elder Fraud Initiative and other internal and external partners, the FBI is committed to identifying, investigating, and prosecuting criminals who target seniors. The Internet Crime Complaint Center (IC3) is a key component in this endeavor, as it provides victims a venue to identify the subject and the fraud committed against them.

Through this voluntary submission of information, the IC3 receives and tracks thousands of complaints each day. These complaints contain the details of multiple types of schemes, including romance scams, investment fraud, government impersonation, and tech support fraud.

The number of elderly victims has risen at an alarming rate, while the loss amounts are even more staggering. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion to the IC3. This represents a 74 percent increase in losses over losses reported in 2020.

As a result of these trends and the emphasis by the FBI on protecting our seniors, the FBI is publishing the 2021 IC3 Elder Fraud Annual Report. This information is a companion report to the 2021 IC3 Annual Report released in March 2022. These reports, along with other publications, are available at www.ic3.gov.

The intent of this information is to educate, warn, and protect potential victims of all ages. Highlighting the crimes specifically affecting seniors will it be possible to ensure the necessary emphasis and resources are allocated to address this problem.

For those who unfortunately fall victim to these criminal tactics, please know the information you provide to the FBI is vital in bringing the criminals responsible to justice.

Luis M. Quesada
Assistant Director
Federal Bureau of Investigation
Criminal Investigative Division

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3ElderFraudReport.pdf

IC3 Annual Report – 2021 Internet Crime Report

Dear Reader,

In 2021, America experienced an unprecedented increase in cyber attacks and malicious cyber activity. These cyber attacks compromised businesses in an extensive array of business sectors as well as the American public. As the cyber threat evolves and becomes increasingly intertwined with traditional foreign intelligence threats and emerging technologies, the FBI continues to leverage our unique authorities and partnerships to impose risks and consequences on our nation’s cyber adversaries.

The FBI’s Internet Crime Complaint Center (IC3) provides the American public with a direct outlet to report cyber crimes to the FBI. We analyze and investigate the reporting to track the trends and threats from cyber criminals and then share this data with our intelligence and law enforcement partners. The FBI, alongside our partners, recognizes how crucial information sharing of cyber activities is to prepare our partners to combat the cyber threat, through a whole-of-government approach. Critical to that approach is public reporting to IC3 – enabling us to fill in the missing pieces with this valuable information during the investigatory process. Not only does this reporting help to prevent additional crimes, it allows us to develop key insights on the ever-evolving trends and threats we face from malign cyber actors.

In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. Among the 2021 complaints received, ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency are among the top incidents reported. In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion.

IC3’s commitment to cyber victims and partnerships allow for the continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2021, the IC3’s RAT initiated the Financial Fraud Kill Chain (FFKC) on 1,726 BEC complaints involving domestic to domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, which represents a 74% success rate.

In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them. Thank you to all those readers who reported crimes to IC3 throughout the year. Without this reporting, we could not be as effective in ensuring consequences are imposed on those perpetrating these attacks and our understanding of these threats would not be as robust. Please visit IC3.gov to access the latest information on criminal internet activity.

The FBI’s Cyber Division is working harder than ever to protect the American public and to instill safety, security, and confidence in a digitally connected world. We encourage everyone to use IC3 and reach out to their local FBI field office to report malicious activity. Together we can continue to create a safer and more secure cyber landscape.

Paul Abbate
Deputy Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf

What Is Cyber Extortion?

Article (PSA-0019)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: What Is Cyber Extortion?
Original release date: June 10, 2022

The news is constantly reporting cyber-criminal activity and the devastating consequences of those who are compromised. This article will define what cyber-extortion is, and some steps you can take to make it less likely that you will fall prey to their criminal schemes. I will also lay out for you a vital step you can do now to help recover in the event you are compromised.

So, what is cyber-extortion? Cyber-extortion is a network/internet crime where an individual or group demands money or some other response to discontinue whatever criminal activity they are enacting against you or your business. In one type of cyber-extortion the attackers compromise a device on the victims network and then attempt to install malware known as ransomware on the device. If successful they will then inform the user of the situation and demand payment for the user to regain access to their data.

How are we so easily compromised? Email. Email has become a serious problem with the shear volume of spam that most of us receive. Cyber-criminals know most people are dealing with large volumes of junk email everyday and are likely to click on a link in an email if the email looks legitimate to the user in someway. So these attackers expend quite a lot of effort to custom craft emails to closely resemble authentic emails from companies most of us are very familiar with. Embedded in these counterfeit emails are links to malware and phone numbers to hack groups. Once the link is clicked or the number is called you are well on your way to full compromise and at their mercy.

So what can we do to help avoid this situation? First step, don’t trust any email. You must exercise restraint and common sense. Let me give you an easy example. You receive an email stating that you just won a million dollars. All you have to do is click this link to start your claim. We now apply common sense and mark the email as Spam and then Delete it. Why? Because you did not just win a million dollars and if you click that link to claim it, your going to get something you’ll regret for a long time. Easy right? Let’s try a harder one. You receive an official looking email stating that your payment of $1,200 dollars has been successfully processed and will deduct from your account within the next 3-5 business days. The email then goes on to thank you for your payment and for being one of their valued customers. At the very bottom of the email, where you would expect it to be, is the statement: if you did not initiate this payment please click this link to cancel the payment. What do you do? Take a careful look at the return email address for the email – does it make sense? Now hover over the link they are directing you to – without clicking on it! Does the link make sense? With some training and skill you’ll be able to identify these scam emails and avoid a lot of trouble. If after examining the email you still can’t determine whether it’s legit or not, contact your IT service provider. They will take a look at the email for you and let you know if it’s legit.

What can you do now to help minimize the pain if you do become compromised? Backups. Backup, backup, backup. You hear it all the time, but are you doing it? Are you doing the right kind of backups? If not, you are in store for some serious heartache. With a proper backup system these compromises become less painful. If for some reason you or your business becomes the victim of a cyber-extortion group, it can be mitigated without paying them a dime and with minimal down-time by restoring the system (or systems) to a previous state.

In this article I have attempted to raise your awareness to the ongoing issue of cyber-extortion and cyber-criminals. These crimes are not just happening to corporations or down in the city, they’re happening to local businesses and our neighbors. Knowledge is power – if it is used correctly! I hope you will take what you have learned here and use it as a starting point for your own research into how to protect yourself and your friends from cyber-criminals.

If you have questions concerning cyber-crime, email, backup systems or any other issues give us a call.