Tag Archives: computer security

How to Close Those Full-Page Scams

Hoax web page that is NOT from Microsoft. Don't call that phone number.

Full-page scams are those HOAX scary web pages that say your computer is infected (or worse) and you MUST call some phone number now (DON’T), and Microsoft has detected an issue. (NOPE). Microsoft doesn’t want your phone call, can’t identify ‘suspicious activity’ on your computer, and would not be able to match your computer to a random web page visitor. It’s impossible, implausible, and completely evil. I’ve had reports back from users who called the numbers: The ‘Department of Windows’ wants to log into your computer, give you the totally FREE and BUILT-IN Windows Defender, as a special $400 lifetime edition. Or worse, much worse. Don’t call those numbers, ever.

Those hoaxes are all full-screen and hard to exit. Press F11 to exit full screen mode, and then close the browser. Or use Alt-F4 to close the browser. Or use the keyboard method to go to task manager with Ctrl-Alt-Delete, and then close the browser. If all else fails, turn the computer off.

After restarting the computer, if your browser then asks “Restore prior pages?” answer NO. It’s also a good idea to go into the browser’s page history and clear out the last dozen pages or so, or use the ‘clear browsing history option’ and select ‘last hour’ or ‘today’ for the time range.

Is That eMail for Real?

The easiest way for hackers and ransomware to mess with your computer is social engineering. Basically, that means ‘Wear the appropriate repair-guy uniform, walk into the building looking confident, and go directly to the system that you will be “fixing.” No one challenges that, right?

OK, well then, would you click on this email? I don’t remember ordering a pricy server from Amazon, but it looks like I’m getting one. I guess I’d better look in there and see who ordered it for me; could be that my account was hacked. 

Fake Amazon Order

So what’s wrong with it? Here goes, most obvious and visible items first:

  • I ordered no such thing.
  • The sender’s email address has the wrong domain, ‘amazons.com’ which is also not the web address for Wonder Woman’s family island.
  • The return address for Amazon orders is generally auto-confirm@amazon.com.
  • The format of the email is simpler than the usual Amazon shipping confirmation, missing gray backgrounds, logos, and a picture of each item ordered. It looks a lot like an Amazon confirmation from ten years ago.
  • The order number is not a text link in the email, and the last section has too many numbers.
  • “it may take 24 hours for tracking information to be available in your account.” No, tracking shows up in Amazon before the email is sent; it’s Fedex and UPS that will just say ‘label printed’ until the next morning.
  • Finally, not visible above, if you float your mouse over the ‘Order Details’ button, which is missing the orange logo that Amazon would normally use, you will see the link, which goes to usintecmedical_ com_br, not Amazon. That ‘com.br’ points to a site in Brazil, probably hacked.

What to do? Will this big Dell system show up at my door? No. I TYPED ‘amazon.com’ into my browser, didn’t follow the link, and checked. No surprises there. However, that medical address in Brazil would likely have looked like an Amazon page, asked for a login, which it would keep and use, and then forwarded you to the real Amazon. Or the site would attempt to install malware. Be suspicious. These fake confirmations can look like they come from nearly any large company.

Should you Unsubscribe from SPAM?

A reprint from the PC410 Security Newsletter:

Sometimes, yes. Sometimes, no. Here’s how to tell the difference, and why.

First, definitions: SPAM is unsolicited, untargeted email, generally selling something. It’s named after an old Monty Python’s Flying Circus sketch that featured a restaurant with vikings that repeatedly burst into song, singing about Spam, the meat product. They’re still doing it here:

There’s also HAM, which is targeted commercial email, or email that is pointed at someone who is a possible purchaser. A lot of this is completely legitimate, difficult to filter out, and safe to unsubscribe from. Most junk mail that gets past spam filters is ham, and much of the ham can be removed from your daily email.

Don’t Try to Unsubscribe from Everything

If the sender’s email in a spam is an address that has nothing to do with the product, it was probably sent out from a BotFarm of infected computers using stolen email services. Any reply to that just goes to the email server used by the infected computer. Don’t send replies; the owners of those systems have enough problems already–thousands of bounces and “I’m out of the office until…” messages are already clogging their systems. And don’t click any unsubscribe links in those messages, either; they’re either confirming that you read the message, so they can send more spam, or they will go nowhere. Just delete these messages.

If the sender is an actual company that you’ve done business with, and the unsubscribe link is to their own web address, or to a known good newsletter company, yes, click the link and unsubscribe. The best-known newsletter companies are Constant Contact, MailChimp, and MadMimi, and they take spam very seriously, and will honor your unsubscribe requests.

Some of the worst offenders are retail stores, and these are safe to try and unsubscribe from, but unless they’re using a service, their actual removal process may take weeks, or may not actually succeed. Resorting to a phone call is unlikely to work; contact your email provider for a block if the volume of HAM from any one company is annoying.

And a reminder: Float the mouse over a link, without clicking, and the destination should appear at the bottom of the screen. If it’s not going where you expect it should, it’s either evil, or it was sent by someone who doesn’t care about security. Just delete it and move on.