Sale of the Eiffel Tower and Election Phishing 

In 1925, the Eiffel Tower was in a serious state of disrepair and there were rumors that it would be dismantled.  Not to let a good rumor go to waste, con artist, Victor Lustig, posed as a government official and invited several scrap metal dealers to a confidential meeting, claiming that the government wanted to sell the Eiffel Tower for scrap. Five dealers responded to his request for a meeting and one dealer, Andre Poisson, made the highest bid for the 15,000-beam structure.  Two days later the deal was closed for an undisclosed amount.   By the time Poisson discovered he was scammed, Lustig was in Austria.   

Con men and scammers have been around for ages.  In this digital age, scammers are using technology to add credibility to their scams.   Through email and text messaging they can cast a broad net.  It is a good day for them even if they only reel in two victims out of one hundred emails or texts.    Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Phishing is the number one entry point for ransomware. 

Hackers use whatever topics are current or in the news to entice someone to let their guard down so the victim clicks the link or gives up critical information.  As the election is less than two months away, election campaign phishing is on the rise. As I was reviewing dark web reports, I noticed an advertisement selling a phishing platform.  They had templated the faux campaign donation emails and would provide the mass email platform.  The dark web customer could choose to target either the Harris or Trump voters, or both.  Nowadays, criminals don’t have to be technically proficient, they can outsource their evil.  

These days I am receiving several text messages a day asking me to donate to or vote for a particular candidate with a link at the end of the message. From the text, it is hard to determine if the message is legitimate.  If you are interested, research on the internet for the candidate’s site and learn more.  If you are not interested, delete the message and mark it as junk.  Whether it’s email or text, don’t click on any links.  

Scammers use the same techniques whether it is a text, email, or a phone call.  If you receive a phone call, be very careful if you choose to engage the caller. If there is a campaign or a charity that you are interested in supporting, thank the caller for their time and go to a known-good website for that organization.  Do not give the caller any financial information like credit card or bank account numbers.  

Before donating to any Political Action Committee (PAC), it is a great idea to verify that the organization is legitimate.  All PACs must register and report to the Federal Election Committee (FEC).  Check out this website from the FEC to verify the organization. www.fec.gov/data/reports/pac-party  

What does the sale of the Eiffel Tower and an election have in common?  They both have con men and scammers looking for ways to take advantage of unsuspecting victims. Just as Victor Lustig duped the scrap metal magnate, scammers are phishing to see who will take their bait. 

Hidden Vulnerabilities: Why Cybercriminals Target Small Town Businesses 

Week after week, we write about the latest breach or how hackers use social engineering to get into corporate and government systems, but as you read this in Cochise County you think these types of things only happen to big corporations in big cities.  You may think: “My small business is not worth the hackers’ efforts.”  I’ve got news for you; your small or medium-size business is worth their effort.  Why?  Because some businesses make it so easy for them. As we do forensic investigations locally in Cochise County, we have met some of the victims.  Sometimes healthcare providers post a banner on their web pages discussing their breach and compromised data. 

One of the most common way hackers get unauthorized access to local business systems is to scan for open ports on public facing servers. A port is simply a door into your network. The port in particular that they love is the one used for remote access.  In this case think of this port as the magic wardrobe that the children found to enter Narnia. During COVID when many switched from working at the office to working at home, the local IT guru opened that famous port so that users could remote into their server or desktop using Microsoft Remote Desktop.  It was a great solution because it is easy, and it works.  Unfortunately for many, it is not at all secure and is a favorite target for our worldwide hackers.   

It’s possible to scan the entire internet in hours. In 2019, a researcher named Robert Graham scanned the entire IPv4 address space for the remote desktop port and found around 3 million exposed servers. That’s exactly what the bad actors do.   Once they find the open port, the first tactic they try is to determine the type of server and use the default usernames and passwords from the manufacturers.  Many people never remove and reset these.  The next thing hackers will attempt a password cracking technique.  Some techniques are sophisticated like the credential stuffing attack, where hackers look on the dark web for actual cracked passwords for the business which was hacked.  They are hoping that people will reuse their passwords.  Another technique is to run a dictionary attack where common usernames and passwords are automatically attempted.  We see this occur locally where the port is opened for maintenance and within an hour there are failed login attempts from North Korea, China, Russia, and Iran. It really happens here in Cochise County. 

Many business owners believe that they are safe from cyber-attacks because their IT person assured the owners that they have the best firewall the world has ever seen along with the latest and greatest anti-virus.  This is a good start, but the bad news is unless you block internet and email traffic on the firewall, it won’t stop phishing emails.  Your anti-virus won’t stop brand new malware.  According to Verizon’s 2023 Data Breach Report, around 90% of breaches are linked to phishing emails. The others are related to downloading malware through internet browsing.   

Some business owners might say they are safe and don’t need cyber security because their software is cloud-based.  In that case, what happens when an employee downloads a key-logger program that was on a link in their email?   The hacker has access to all company data and if that employee had administrative privileges, the hacker has total control.   

If a breach or ransomware attack could shut down your business for more than a day or if a breach would make you liable to your clients, your business needs solid cybersecurity.  We recommend a defense-in-depth strategy where there are multiple layers of defense.  Start with the basics of up-to-date firewalls and anti-virus, then add endpoint detection response that stops malware from executing, then get some monitoring and user training.  You follow that up with solid security policies. 

Don’t be an easy target.  Harden your business with a defense-in-depth strategy to thrive in the digital world.  Get a cyber risk assessment done to make sure that you are not low hanging fruit for the lazy hacker. 

Even the Experts Can Be Fooled

When even experts in social engineering can be fooled, it is important to ensure a defense in depth strategy for your business’ information security.  KnowBe4, one of the country’s largest providers of cybersecurity and social engineering training, got fooled by a North Korean IT worker intent upon loading their network with malware. 

KnowBe4 had a job opening. They were looking for someone for their internal Artificial Intelligence (AI) team.  What they received instead was a valuable training lesson in advanced social engineering. They were fooled. But unlike many companies, they disclosed the failure. Their experience might save others from a similar fate. 

Fortunately, they caught the imposter early enough so there was no breach or illegal access to the company’s systems.  They stopped him before he could do any damage.  Here is how it happened, how they stopped it, and some lessons learned. 

The human resources team did their jobs.  Background checks came back clean because the imposter was using a valid but stolen US-based identity.  They conducted 4 video conference-based interviews validating that the person matched the photo on the application.   The imposter took a stock photo and used AI to merge his features to the photo.  HR even verified his references. 

Once hired, the imposter asked to have his laptop sent to a farm. Not the kind you’re thinking of. It was “an IT mule laptop farm.”  The laptop farm is like an office filled with laptops and computers hackers use. They connect remotely from North Korea to the laptop farm. It was a good thing KnowBe4 restricted new employee access and didn’t allow access to the production systems. 

Once the imposter had been successfully hired and his laptop had been delivered, it was time for him to embed his malware onto the company network.  He downloaded and attempted to execute malware.  He then used some technical trickery to cover his tracks. 

The good news is the company security operations center (SOC) was alerted to potentially dangerous behavior and called the imposter.  The imposter claimed criminals must have compromised his router.  The SOC team quickly isolated his computer from the rest of the network preventing his access to valuable systems and data.  The imposter was unresponsive once he figured out that he was caught.  

Here are some lessons learned.  When a company uses remote workers with remote computers, the company should have a way to scan the device ensuring there are no other connections on the device.  When hiring workers, don’t rely simply on email references.  Do not ship laptops to locations that don’t match the applicant’s address.  Make sure applicants are not using Voice over IP (VOIP) phone numbers.  Lastly, watch for discrepancies in address and date of birth.  

With all the process failures, KnowBe4 did not suffer a breach.  They understood defense in depth.  They had multiple lines of defense in case one (the employee screening process) was breached.  All their laptops had endpoint detection and response (EDR) software loaded and they had a SOC watching over their network.  The EDR stopped the malware from executing and alerted the SOC. The SOC team isolated the computer right away and escalated the issue.   

When it comes to protecting your business, you cannot rely on the minimal protections.   Firewalls and anti-virus are useful, but they do not stop a hacker from entering through your email or your browser.  Technology, like EDRs and SOCs, may save the day, but must be backed up with tried-and-true policies and training.   Although KnowBe4 is an expert in social engineering, they got scammed due to lax hiring policies.  They have since updated their hiring policies.  Remember, a fool may learn from his own mistakes, but a wise man learns from the mistakes of others.   Be the wise man. 

Beware: Phishing Attacks Enter the Deepfake Era 

Bob’s boss was asking for something really weird. A wire transfer this big was never done. In all the years Bob worked for Alice, she had never asked for a transfer of this magnitude. But there she was in the zoom meeting, in the flesh (well, digital flesh anyway). How was Bob to know that wasn’t really Alice? 

In the digital dimension, threats to our life aren’t always the mortal kind. They also lurk behind screens, ready to exploit our human weaknesses. Those are the ones that we too often overlook. While phishing attacks are nothing new, they have evolved. Welcome to the Deepfake world. Oh, is that word new to you? Well, buckle up. You need to learn it… and fast. A deepfake is a video or audio of yourself or someone you know created by Artificial Intelligence (AI) out of parts and pieces of other audio or video. With deepfake voice and video capabilities, cybercriminals can now mimic your trusted contacts (like your boss) and authority figures (like your spouse) with alarming accuracy, aiming to deceive and manipulate you. If you use the internet to do banking or email, you are a target. You need to understand the risks and implement precautionary measures to safeguard your online identity and personal information. 

Deepfake technology uses AI to combine audio and video recordings, seamlessly grafting a person’s likeness onto another’s voice or image. This tool, once restricted to Mission Impossible, is real. And it has been weaponized by cybercriminals seeking to exploit your trust in familiar voices and faces. 

Imagine receiving a phone call. On the other end someone is demanding you confirm sensitive account information. The voice on the other end sounds EXACTLY like your boss, complete with the cadence and intonation you’ve come to recognize. Or perhaps you receive an email from your biggest client requesting urgent wire transfers, accompanied by a convincing video message imploring immediate action. In both scenarios, the other person isn’t a person at all. It’s an AI impostor, leveraging deepfake technology to deceive and manipulate you. 

The consequences of falling victim to a deepfake phishing attack can be dire – from financial fraud and identity theft to reputation damage and compromised personal data. The ramifications are deep. Being deceived by someone you trust, even if it was a fake someone, creates a psychological fissure that erodes your confidence in digital communications and exacerbates feelings of vulnerability and distrust. 

The threat posed by deepfake phishing attacks is unsettling. But there are proactive steps you can take to mitigate risks and bolster your defenses. 

Verify Identities: Before responding to any requests for sensitive information or financial transactions, independently verify the identity of the sender through alternative channels. Contact your bank or employer directly by phone using a number you know to be good to confirm the legitimacy of any requests. 

Exercise Caution: Whenever you receive unsolicited emails, phone calls, or messages treat them with profound skepticism. This is especially true if they contain urgent or unusual requests. Scrutinize the content for inconsistencies or irregularities. It may indicate a phishing attempt. 

Stay Informed: Find someone you trust to keep you informed about emerging cybersecurity threats and trends, including advancements in deepfake technology. Educate yourself and your loved ones about the risks posed by phishing attacks.  

Use Multi-Factor Authentication: Implement multi-factor authentication wherever possible to add an extra layer of security to your online accounts. This additional step can help thwart unauthorized access, even if your credentials are compromised. 

Report Suspicious Activity: If you encounter a suspected deepfake phishing attempt, report it to the relevant authorities, such as your IT department, cybersecurity agency, or the Federal Trade Commission. 

The emergence of deepfake technology underscores the evolving nature of cyber threats and the importance of proactive cybersecurity measures. By remaining vigilant, verifying identities, and staying informed, you can safeguard yourself against the perils of deepfake phishing attacks. Together, we can navigate the digital landscape with resilience and confidence, thwarting cybercriminals at every turn. 

The original article was publish in the Sierra Vista Herald and can be found here.

The Anatomy of a Social Engineering Attack

John Podesta, a key staffer for the Hillary Clinton presidential election campaign received an email, appearing to be from Google, warning him that someone had attempted to access his account and prompted him to change his password. John clicked on the link and entered his current username and password. Unfortunately for John, this was a phishing email and the link that he used to change his password was set up by the hackers to steal his credentials. The hacker used his credentials to download all his emails. These emails were later released to the public by WikiLeaks causing a bit of a stir.

Why are we so susceptible to falling for these attacks? There are six (6) principles that social engineers use to deceive us. The first is reciprocity. Reciprocity suggests that people feel obligated to reciprocate favors received by others. If you do something for me, I will be happy to do something for you. Many scams use a free gift or a prize to entice the victims to click their link or provide information.

Another method that social engineers use is social proof. This concept suggests that people are more likely to conform to the actions if they see others doing it. This works especially well in ambiguous or unfamiliar situations. A familiar tactic would be the website that says 57 people in your area have recently purchased this item.

Authority is a huge tactic that social engineers use, and the one employed above to get John to click on that link. Scammers often pretend to be people from the government or your IT department or one of your trusted vendors. Since they are in authority, you usually trust them and do what they suggest.

Commitment and consistency suggest that once individuals make a public commitment or take a small initial action, they are more likely to remain consistent with that commitment or action in the future. Some phishing scams ask recipients to confirm their email addresses for security purposes. Once they click the link, the victim feels commitment to engage in the sender. The scammer subsequently asks for more personal information or login credentials.

Social engineers use “likability and empathy” to build rapport and trust with their targets by establishing a sense of familiarity and likability. They may mirror the victim’s behaviors, interests, or communications styles.

The final principle to discuss is scarcity. The emotion being pushed here is the fear of missing out. This may look like those familiar statements “for a limited time only” or “while supplies last.” This encourages the target to act quickly out of emotion, rather than slowly, logically, and methodically considering what is being offered.

Let us look at some of the scams out there to see what they are using. The tax collector scam impersonates an IRS agent usually contacting by text or a prerecorded voicemail. They may send you a form to pay and may ask for gift cards or bitcoin in payment. The scammer uses “Authority” to intimidate people to do what they ask, sometimes threatening arrest or revocation of driver’s license. They also use commitment and consistency. Once they pull the victim into the trap, they are committed to continue the discussion. Some issues to note on this scam are the IRS will not ask for payment in Bitcoin or gift cards. They will not send forms via email – forms pulled from the website. The IRS cannot revoke your driver’s license.

The “pig butchering” scam uses “likability and empathy” to capture the victim’s trust and “commitment and consistency” once the victim is engaged. This scam usually starts with a wrong number text or a dating app. Once the scammer builds trust, they mention their success in Bitcoin and connection to an insider. This is the concept of “scarcity.” They share their fake website for trading with the victim.

When the victim uses the site, they watch their money grow and invest more money hence the name of the scam. They are fattening the victim up until they cut contact and take their money. Do not use any digital wallet that you have not thoroughly researched.

So, if you are approached via email, text, or phone slow down, take the emotion out, and determine if it is legitimate. If the proposal sounds too good to be true, identify what social engineering principles are being employed and why.

Original article can be found here.

Scammed! How Hackers Hijack Your Amygdala

Last week an elderly friend called me. He had been scammed out of $13,000 … almost. RIGHT before he finalized sending the money, he had a lucid moment and thought “this is probably a scam”. He ended the call and phoned his bank. All ended well.

So, what can we do to help our elderly friends and family? They are easy pickins for professional scammers. These scams work because they incite a cognitive response in the mind of the potential victim that causes them to jettison all logic. They simply fall prey to an ancient brain-part — the amygdala. Chris Hadnagy (professional white hat social engineer) references the term “amygdala hijacking”. It’s a term coined by Dr. Daniel Goleman. Hadnagy states scammers use techniques that hijack the amygdala which shuts off the logic center of your brain. The tragic result is that in less than 30 minutes your elderly loved one will transfer tens of thousands of dollars to a person they’ve never met.

According to Hadnagy, there are 4 vectors of social engineering attacks: 1. Phishing. 2. Vishing. 3. SMiShing. 4. Impersonation. I’m sure we could add to or subdivide these categories, but this is enough for now.

Phishing is typically an email delivery. That’s how my friend was targeted. He received an email informing him his Norton antivirus subscription had just been renewed for $250. He was kindly informed to “call this number if you’d like to cancel.” Panic set in. The amygdala hijack was on. He completely ignored the fact he NEVER had a Norton antivirus account.

Vishing uses the same content essentially as a phishing email but delivered over a phone call. SMiShing is the same – except over text message. Impersonation is an in-person visit from someone pretending to be someone like phoneline repair or a plumber.

In almost all these cases the scam works because the content of the message causes the victim to immediately panic. The anger, fear, or excitement they feel disables all the logic which they would normally use to make informed decisions. This is where the amygdala takes center stage. Logic takes a lunch break.

It’s here that the scammer handholds the victim all the way through the scam. They promise to fully refund the victim’s money. This makes the amygdala happy. The scammers convince the victim to let them remote connect to their computer. Next, they do some confusingly technical looking things to build false trust. But it’s all a ruse. The scammer is counting on the good heart and trusting character of the victim. Trust and honesty make them the perfect victim.

To protect yourself and your loved ones, here are a few rules:

1. Trust no one.

2. If you get any kind of communication you didn’t expect, pay attention to your feelings. Does it make you anxious in any way? Then it’s a scam.

3. If the message you received claims your bank account or credit card have been charged, close the message and contact your bank using a known-good number.

4. If the message appears to come from a government agency, close the message and contact the agency using a known good number.

5. Every organization that deals with your money has a fraud department. Contact them. They can help you get things straightened out.

6. Contact the Cyber Guys at CyberEye.

Original Article appeared in the Sierra Vista Herald here

Put On Your Cyber Armor Before Your First Cup

Knights Prepare: In the early Middle Ages, knights spent hours getting ready for battle putting on their armor with the help of a squire.  There were hooded coats, trousers, gloves and shoes made of chain mail. Add the helmet, shield, and sword, and they were ready for war.

Cyber Protection: In order to be safe in the cyber world, computer users need to be prepared for the cyber battle that we did not request. We need protection.   Here are two examples of attacks and how to defend your home or business.

Ransomware Attacks: To avoid having to pay the ransom for your data held hostage, your organization should be backing up data nightly or more often if operations require.  In that case, you will only lose one day’s worth of data plus the time and resources it takes to restore your infected system.    

Suncrypt: This happened to Haywood County School District in North Carolina.  Their computers were attacked by Suncrypt ransomware.  They did not pay the ransom because they had backups, however, they had to delay school for a week to restore everything.  Suncrypt uses a Windows admin utility called “PowerShell” to send a file to execute on other computers in order to rename and encrypt every folder on the infected computer. The hackers now have your data hostage.

Could It Have Been Avoided?: What could the school district have done to avoid the infection altogether? 

Admin Privileges: First, the person who clicked on the phishing email had “administrative” privileges.  Cybersecurity has a concept called “least privilege” where a user has a least amount of privilege to do her work.  All internet browsing and email reading should be done as a non-admin user.  It is critical to only use admin privileges when performing admin functions (configuration and installation).

Outbound Powershell: Second, the computer security policy allowed the use of outbound PowerShell.  The system policy should have disabled outbound PowerShell capability. Powershell is the new favorite of hackers.  According to https://news.softpedia.com/news/malware-created-with-microsoft-powershell-is-on-the-rise-503103.shtml   eighty-seven percent (87%) of common malware uses PowerShell. This one change to your system can block much of the current malware.

Controlled Folder Access: Finally, for this particular attack, and those like it, the entire attack would have been thwarted if the systems had a simple setting enabled called “Controlled Folder Access.”  This feature allows only authorized applications and users to modify folders.  This would have completely blocked Suncrypt.

Phishing Attacks:  Phishing is getting very complex.  There are new targeted phishing campaigns where emails are sent to company users claiming to be from the IT Department.  The emails explain that certain sent emails were quarantined and provides a link for the user to login and review the files.  The link takes you to a screen that looks exactly like the company login.  The hackers grab the user’s credentials when they attempt to login and fix the problem.

Don’t Click It: The lesson here is to always hover over any link.  Do NOT click the link without checking it.  When you hover over the link, the details of the link show in the bottom left-hand corner of your browser or pops out on your email application.  Verify the entire link carefully. Hackers can be creative with their domain names making them similar to the real domain names. So look closely.   When it comes to links, hover, hover, and hover again. 

Put Your Cyber Armor On: So, along with that first cup of coffee or tea in the morning, remember to put on your cyber armor before you check your emails.

Gone Phishin’

Happy to Help: An entry level accountant, “Sebastian”, receives an email from his CEO. Sebastian is excited the CEO recognizes him and needs his help on a major acquisition. The CEO requests a wire of 50 million Euros immediately sent to a bank account for the acquisition. Sebastian quickly executes the transfer. He feels like a hero. He can almost smell that promotion.

Oops: Unfortunately for Sebastian, and his large Austrian aerospace company, FACC, the email was not from his CEO. This was one of the most profitable phishing expeditions ever. The company could only recover 20% of the funds.  The CEO was fired and most likely, Sebastian. 

Phishing: Phishing is a type of cyber-attack that uses email to trick the recipient into doing some particular action or providing private information.  The term was coined in 1995 as a variant of fishing and refers to the “bait” used to get the victim to “bite.”   There are several variations of phishing.  Whaling refers to targeting high-level personnel in an organization.   Spear phishing refers to a phishing attack targeting a specific group of people like the military, a specific company, or certain professionals.

More Complex Today: With the techniques used today, it is not always simple to identify a phishing attack.  Although the Nigerian Prince scam, with its poor grammar and misspelled words, is still around, there are new scams that look extremely legitimate and appear to be from legitimate organizations. 

What to Watch For: Here are some methods to skillfully spot the phishing email. If an email is asking for personal information or asking you to verify details like bank or credit card information, don’t take the bait.  Established companies never ask for sensitive information. Be cautious of emails presenting dire warnings and potential consequences which require urgent action. Some examples might be a warning that an account of yours has expired or has been hacked.  Similarly, be wary if there is an urgent deadline to go along with the dire consequences.  Another common phishing tactic is to offer large financial rewards. This could be winning a lottery that you did not enter or being the prize-money winner for a bogus contest. If it sounds too good to be true, it probably is. 

What Next?: Now that you are starting to smell something phishy, how do you determine what to do? First, don’t click on the provided link, if there is one.  Hover over the link and look at the bottom left corner of your browser or email client.  It should show the full web address.  Some bogus web addresses will have extra words or letters added which do not belong to the legitimate address. Carefully scrutinize the address. (For example, g00gle is not the same as google.)  Also, beware of short URLs (hyperlinked website addresses).  Hackers can hide their true address inside a tiny URL link.  When you get an email that seems like it really came from your bank, for example, mentioning dire consequence and an urgent deadline, call the bank using a number YOU KNOW is good, or check the official website. (Google the website; don’t click the link in the email to determine if the email is legitimate.)  Many spear phishing attacks can be thwarted with policies requiring a second method of approval prior to email requests for funding (which Sebastian should have looked for).

Protection: To protect your business, you should look at increasing your cyber defenses. This may be something like using email services that stop most phishing attempts. Businesses can use email certificates to digitally sign emails so recipients can verify they came from you.  

The Keys: Training and awareness are the key.  There are services you can leverage that provide phishing training. It’s even better if the training also includes simulated phishing attempts targeting your employees to determine how well the training is sinking in.

Perhaps if “Sebastian” from FACC had the proper training, he might still be enjoying his employment there – along with his CEO. 

On A Hot Day

Not The Droids You’re Looking For: On a hot day (which was not unusual for the desert planet of Tatooine), overlooking the Mos Eisley space port, the Jedi master warned his freshly-minted apprentice to be careful, with good reason. No sooner had they hovered into town in the weathered X-34, when they were stopped at an impromptu checkpoint. The gleaming troopers searching for stolen imperial plans demanded to see identification. Waving his aged fingers, the holy man muttered, “You don’t need to see his identification.” In a perplexing turn of events, the menacing guard robotically repeated those words, thereby blasting that exchange into galactic popular culture.

Cyber Jedi Mind Tricks: You may compare your computer to the weak-minded fools vulnerable to a Jedi mind trick: It does what it is programmed to do. Nothing more. For example, when an operating system looks for files (like when it hunts for malware), it does so in a methodical manner. Malware authors know how this is done, and they modify the list the operating system uses to find files, hiding their secret plans deep in the file system. They may even modify registry settings, install additional user accounts, and set up scheduled tasks.

Defender: According to several reputable sources, the Windows Defender component of Windows 10 is all the antivirus you need. It will take care of commodity malware, and it does so quietly. It doesn’t alert you when it finds malicious files. That’s good and bad. You won’t have a lot of alerts you have to investigate–that’s good, but you also won’t have a lot of alerts to investigate–that’s bad. You want to know when you get infected, so you can do something about it.

Don’t Fall For It: You also need to be aware and avoid falling for the Jedi mind trick yourself. It may come to you in the form of a popup, warning you that your computer is infected. It’s a lie. Don’t click anything in that window of warning. The red “x” in the upper right corner isn’t the close button. Every part of that window is the “install” button. Instead of clicking anywhere in that window, use the Windows Task Manager to find your browser instances, and end the task on all of them.

If Infected: What do you do if your computer legitimately becomes infected with malware? Like the stormtroopers on Tatooine, you can systematically check the identification of every program, and visit every mysterious dark hole within the Windows Operating System; however, be aware there are Jedi that will prevent your successful search. The most effective way to be sure you’ve deleted all the secret plans the malware left behind is to reinstall the operating system then reinstall all the necessary programs. Just make sure you create a backup of all your irreplaceable files before you do.

Let’s just be clear: Malware wants to hide, and it’s very good at it. A knot of Stormtroopers  fitted with pure white armor briefly interrupted the Jedi concerning his mismatched metal companions at Mos Eisley. They were rebuffed. You will be rebuffed if you think you can find the malicious secret plans embedded in your computer.

Riddled by Ransomware

Ransomware. The word sends chills up your spine; or it should. Ransomware is essentially a cyber-criminal holding hostage your digital life in a binary bag. Cyber-criminals do this by zipping all your important, irreplaceable files and setting a password on them. The crooks “generously” offer to sell you the password for a “minor” fee. Truth is, the fee is not so minor, nor convenient.

How It’s Delivered: Most ransomware comes as either an email attachment, or it comes by infecting you when you visit a compromised website. For example, a few weeks ago, the actual website for the World Health Organization was compromised and serving up malware to every visitor to the site!

Protection: You used to protect yourself from this type of attack by creating a daily backup of your critical files. Files like Quickbooks, family photos, and the digital scan of your high school diploma. I said keeping backups used to work. The crooks have changed their tactics. As more and more of us got better at backing up our files, fewer and fewer of us paid the ransom; therefore, we cut into their profits. That’s bad for business.

Lockout or Stealing: Before, they just stole your access to the files by encrypting them. Now they actually steal copies of the files. If you don’t pay up, they will dump your files on the dark web–not to the highest bidder–but for free. Maybe you’re not concerned if your pictures of Fluffy end up in the darkest corners of the Internet, but how about your Quickbooks, or the scans of your birth certificate, social security card and driver’s license? It is not uncommon (nor is it recommended), for people to keep spreadsheets of all their bank and investment account numbers and the associated usernames and passwords. These are certainly not the files you want to become public!

Anti-Virus Enough? I know what you’re thinking. “I have anti-virus so I don’t have to worry, right?” Wrong. Your antivirus won’t stop it. If it could, you’d rarely hear about these attacks in the news. Don’t delete it though; it will stop some malware.

Two Keys: It is imperative for every user to do two things. First, ensure you don’t surf the web with an account that has administrator privileges. Second, become suspicious of EVERY email you receive; if your gut tells you an email looks “fishy”, then it is probably “phishy”. Additionally, if you receive an email, and the tone is one intended to terrify you with dire consequences for inaction, be on your guard. That is a favorite tactic of cyber-crooks.

Helpful Hint: One last suggestion, if you do store critical files like those I mentioned, then you should zip them and password-protect them yourself with an annoyingly long password. Finally write the password in a book and lock it in your desk drawer. If you follow this recommendation, it won’t matter if those files get dumped onto the dark web, because you have protected them.  You turned the tables on crooks. They will be unaware that the bag they hold is filled with digital dust.