The holiday season is a time of good will, but it also attracts a crowd decidedly lacking in that spirit.
“Holidays, like disasters, are a common time for scams to increase,” said Ed Mierzwinski, director of the consumer program at the U.S. Public Interest Research Group.
With the convenience of online shopping, consumers need to consider the possibility of identity theft. Other holiday rip-offs might not seem as obvious — disguising themselves through advertisements, fake charities or gift cards — but they are a threat nonetheless.
According to an October National Retail Federation survey, one-quarter of consumers plan on completing 26% to 50% of their holiday shopping online this year. Mierzwinski recommends the use of credit cards — not debit cards — when shopping online.
If someone is a victim of identity theft using a credit card, they still will have to undergo an investigation to validate the fraud, but they won’t lose the money in their account.
“You have more rights by law with a credit card than a debit card,” Mierzwinski said.
Other important tips:
Be careful with gift cards: Consumers need to act cautiously because scammers can copy or use portable scanners to get the code of a gift card and place it back on the rack. When consumers purchase the cards and activate them, the thieves can discover the values and take advantage online or in stores.
Make sure your shopping sites are legit: National Consumers League executive director Sally Greenberg said consumers should check the legitimacy of online shopping websites, especially when buying from unknown stores, and read the return policies.
Be wary of cut-rate pricing: Online advertisements for merchandise priced well below the product’s typical cost are a trick used by scammers looking to get personal identification from consumers or to install malware — software that performs unwanted tasks and gathers private information — on their computers.
As a precaution, said John Breyault, a consumers league vice president who specializes in telecommunications and fraud policy, people should have their antivirus software up to date when shopping online.
Watch out for charity scams: Phone calls and websites can solicit information from donors by posing as charities, and then steal from those who fall for the trap.
Mierzwinski said potential donors should use websites to check the legitimacy of charities, including GuideStar USA Inc. (www.guidestar.org) and CharityWatch (www.charitywatch.org). Fraudulent charities can disguise themselves by using names and Web addresses similar to real ones.
In terms of phone calls and emails from charities, Breyault recommended hanging up and deleting the emails. “If you’re thinking about donating to a charity,” Breyault said, “go to that website on your own.”
Cryptolocker continues to spread havoc on unprepared and unprotected computer systems throughout the world. Thousands of business and residential users are either losing their data or paying a ransom to retrieve their files. To update where we are some five weeks from our last report, the virus continues to evolve. While the evolution of viral infections is not unheard of, the mutations usually come in the form of copy cats, the copy cats change the file slightly to avoid detection and often change the user interface along with creating different ransom destinations. What differs with Cryptolocker is the fact that the virus infection is treated as a business. The secret to the scam succeeding is that they have to actually provide the decryption service or no one would ever pay. Without the decryption the business plan falls apart. This is a much more sophisticated attack that is making them millions.
The evolution comes in maximizing the chance that the victims will pay up. Here are things that can sabotage their scheme and how they deal with them.
If your computer is infected and your data files encrypted here is how things go. After encryption you are presented with a desktop wallpaper that looks similar to this.
cryptolocker wallpaper
Things that can go wrong at this stage are:
Your antivirus program can remove the virus. While this sounds good, in this situation it is just the opposite. Your files are still encrypted and your pathway to be able to pay the ransom has been deleted.
You try and do a system restore or otherwise alter the system state of the computer to remove the virus. This has the same result as number one.
The program states you have 72 hours to pay by either Bitcoins or Western Union Moneypack. Both of these forms allow the recipient to remain anonymous. If the 72 hours has passed and you do not make payment they claim that the key needed to decrypted your files will be deleted.
As the developers saw potential “loss in sales” do to these variables they added some additional features to their extortion program.
There is a link on the desktop wallpaper to make payment as well as to download a new copy of the virus should you find yourself encrypted but uninfected do to scenarios 1. or 2.
While it is a contradiction to their stated policy of deleting the key after 72 hours. they have graciously provided a new “service” whereby you upload on of your encrypted files and the system will scour their database to find the missing key to allow you to decrypt your files. Naturally for providing such a level of customer service their will be an increase in the ransom from $300 to $2000. Ouch!
In the last five weeks their have been some developments in how we try to prevent disaster from striking.
The first course of action is a cold back up, identify the key data files that need to be saved and back them up to an external source that can be detached from the system.
Next make sure that all your systems are thoroughly patched and updated, now more than ever is a great time to move away from Windows XP systems which will reach end of life next year, to a Windows 7 or 8 system which offers much greater security.
Education! Everyone in your home or company needs to be keenly aware of potential scams, bogus emails, unsafe surfing habits and what to look for to stop an infection before it can open a door for crypto locker.
Malware protection, make sure you have adequate protection against virus and spyware. Free programs at this point are not cutting it. Not only must you have active antivirus but the definitions need to be updated and the protection modules need to be enabled.
Traditional virus programs as of this writing are hit or miss. The nature of crypto locker is to dupe you into installing it. In this scenario it by passes many of the current security programs.
Computer Doctor of Hampden has helped support the development of a specific software program that closes a big hole and has the potential to stop cryptolocker and many other malicious programs in their tracks. What makes this software different is that it prevents the malware from being able to install itself. We own the rights to brand and distribute the software and have kept the price point very low to give you a fighting chance should this malware strike you, your family or your business.
Crypto Inoculator creates over 200 group policy rules that block crypto locker from installing. The system requires installation and configuration by one of our technicians, this allows software that is desirable to continue to work, and to ensure that there are no active infections currently on your system. After the virus check, the process of whitelisting takes a few minutes and the whole procedure can be done via remote connection to our office in Hampden. The software runs daily updates and can be configured to send you or one of our technicians an email if the crypto inoculator blocks a file. This notification will give us insight into what has caused the security breech and how to avoid it in the future. Computer Doctor of Hampden offers unparalleled, secure, remote service done locally.
Are You Sick of Ongoing IT Issues? Like a persistent cough or muscle strain that won’t go away, many IT issues prove ongoing. Every time they come back you ...
With a couple days still to go until one of the biggest shopping days of the year, a mixture of leaks and early announcements have revealed the best product deals...