Beware of Fake Emails

Beware of Fake Emails

Recently, I have noticed a great increase of emails, both at home and at work, that appear to come from legitimate sources, but are bogus emails. Sent under recognizable names, either personal or professional, the sender wants you to open the attachment so your information can be stolen, a virus installed, and your computer shut down for a ransom.

The fake emails that come to me most often are supposedly from my daughter, who lives in another state and works for a university. The email address looks correct, yet the subject information is something that I know my daughter would never say to me. The first thing I did, before opening the first one like this, was to call her and ask if she sent me an email. When she said, “No,” I immediately set my computer to block further emails from this address. That worked for a while, but now they have returned with a small change from the original email address used. Hackers can be very sneaky.

Other malicious emails I have received say they are from UPS about a package that may have been lost, from the Internal Revenue Service about a tax I supposedly owe, and from DHL about a delivery.

The best way to deal with fake emails is to install a good anti-virus program, and also use extreme caution before opening any attachment that looks even remotely “fishy.” Carefully assess the email address, subject line, and even the language used. Ask yourself if this is an expected email, or something unexpected. Be careful and be safe!

If you ever think you may have been hacked, call us at once for help. Our techs can work with you to get you back on track! Our number Is 425-672-4806 or you can email us.


GDPR – The General Data Protection Regulation Compliance Requirements

GDPR – The General Data Protection Regulation

The GDPR imposes rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where those businesses are located. Among the key elements of the GDPR are the following:

Enhanced personal privacy rights – strengthened data protection for residents of the EU by ensuring that they have the right to access their personal data, to correct inaccuracies in that data, to erase that data, to object to processing of their personal data, and to move it

Increased duty for protecting personal data – reinforced accountability of organizations that process personal data, providing increased clarity of responsibility in ensuring compliance

Mandatory personal data breach reporting – organizations that control personal data are subject to stringent reporting and notification requirements in the event of a personal data breach

Significant penalties for non-compliance – steep sanctions, including substantial fines that are applicable whether an organization has intentionally or inadvertently failed to comply November Accelerate Your GDPR Journey 2017 13

As you might anticipate, the GDPR may have a significant impact on your business, potentially requiring you to update privacy policies, implement and strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training.

If your company has business transactions that involve European Union (EU**) Companies or customers, you can contact CCS Retail Systems to help you plan how to avoid GDPR penalties before this regulation is enacted on May 25th, 2018.

**EU Austria, Belgium, Croatia, Bulgaria, Cyprus, CzechRepublic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxemburg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom

Marilyn McCormick

Recovering From a Ransomware Attack

Recovering From a Ransomware Attack

Ransomware attacks are on the rise. It is getting more common to get random emails with subjects indicating they are package tracking, voice mails, photo edits, and so on. Many of these are attempts to get you to take the bait, click the link, and ultimately install ransomware. Much has been written about recognizing malicious emails, not opening mail from unknown users, and other good advice. What happens, however, if you are unfortunate and do get hit with ransomware?

We are assuming this is a true Ransomware infection, where an active payload of malware has been added to your system. Another type of Ransomware is Scareware masquerading as Ransomware. This latter Ransomware has no payload but threatens you with data encryption as well. It is best to assume any Ransomware threat includes a payload, at first. A safe mode reboot investigation can help you check if a payload is active. If the infection is just Scareware, you may be safe with a reboot and comprehensive malware scan to confirm there is no infection active.

First, be very suspicious of any unusual activity. One of the first signs, even before the ransom notice pops up, is that programs will stop working, or documents will disappear. This activity is due to the malicious software starting to encrypt your files. If anything like that happens, take immediate action. First, disconnect your computer from your network. That is, physically disconnect the network cable, or if you use a wireless connection, turn it off. Also, immediately shut down your computer. I do not usually advocate just turning off the power, but this is one time that it is not a bad idea. The idea is that if ransomware has started on your system, to limit the damage occurring.

Try to start your computer in safe mode, and begin investigating. Make sure you lookup entering safe mode in Windows on your version to MAKE SURE you do NOT get a normal boot or the Ransomware will be active again. Check for those programs or documents that suddenly disappeared. If there is a file with the same name, but the extension has changed, most likely ransomware is the culprit. In that case, be prepared to do some research, and possibly still lose some work. It depends on the active Ransomware variant since some have been Ransomware payloads have been cracked and there are recover utilities available.

Other Ransomware payloads do not have removal utilities, and you will have to go to your back copies. Before that, however, you need to make sure that the machine is cleaned of the ransomware programs or your system will be reinfected and you will need to start over again. If utilities exist to clean the Ransomeware for your system, they should be used immediately. If not, a lot of digging and experimenting will be required. If there is no cleaning utility you may need to reformat the infected drives, reinstall the operating system, and then restore from a full image backup, NOT just a file backup. In either case, spend a lot of time checking your system, before putting it back on your network and getting on with your work. You want to be very, very, sure that the Ransomware is gone, or you will be exposing the rest of the computers on your network to Ransomware infections.

Recovering from Ransomware is a critical task that can be very complex.  This blog is just a simple overview.  We recommend you contact CCS Retail Systems Support for further guidance and services to ensure the Ransomware is properly eliminated from your systems. Remember that if you comply with the Ransomware demands there is NO guarantee that your payment will result in any recovery of your system.  The best course of action is to defeat the Ransomware request NOT honor it.


Postcard from Hallmark” Virus Hoax – Urban Legends

A hoax circulating since February 2008 warns users to beware of "the worst virus ever" in the form of an email attachment titled "POSTCARD" or "POSTCARD FROM HALLMARK." Though real e-card viruses certainly do exist, this one is a hoax.

Note that while some versions of the hoax below claim the information was "verified" on, this is NOT true. What has been verified is a different e-card virus threat with a similar name. Proceed with caution!

Protecting Yourself From Viral Hoaxes and Threats

With so many real viruses in circulation with names almost identical to the bogus threats you may read about in hoax messages like the ones below, it’s crucial to know how to distinguish real virus threats from bogus ones.

Hospital pays nearly $17G in bitcoins to hackers

A Los Angeles hospital paid a ransom of nearly $17,000 in bitcoins to hackers who infiltrated and disabled its computer network because paying was in the best interest of the hospital and most efficient way to solve the problem, the medical center’s chief executive said Wednesday.

Alert (TA15-337A) – Dorkbot

Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and Microsoft, is releasing this Technical Alert to provide further information about Dorkbot.

Crypto certificates impersonating Google and Yahoo pose threat to Windows users

People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties.

Botnet aims brute-force attacks at point-of-sale systems

A new malware threat scans the Internet for POS systems and tries to access them using common usernames and passwords.

Thousands of compromised computers are actively trying to break into point-of-sale (POS) systems using brute-force techniques to guess remote administration credentials.

Fake malware U.S. government bitcoin ban report

When the visitor clicks “Install,” they will be given several files, including the Install_Adobe_Flash_Player.exe, two DLL files and a ReadMe.htm. It turned out that the files were actually not for a Flash Player but instead a Trojan and the files place themselves into the Temp folder and become hidden. Once this process is completed, the computer becomes infected with the malware.