AARP Posts Ransomware Scam ALert:
- AARP - http://blog.aarp.org -
New Threats in Ransomware
Posted By Sid Kirchheimer On May 6, 2016 @ 8:00 am In Bulletin Today, Scam Alert
Ransomware is on a rampage, seizing control of personal computers and institution-wide networks and encrypting files to make them inaccessible until a ransom is paid to release them.
In just the first three months of 2016, reported attacks have increased tenfold over all of 2015, when the FBI received about 2,500 ransomware complaints about incidents that cost victims $24 million. And the $209 million paid to cybercrooks from January to March is likely only a fraction of actual losses, as experts say the majority of attacks go unreported. Meanwhile, cybersecurity sleuths report that new strains and variants are being developed (typically by cybercrooks in Eastern Europe), some specifically to elude security software.
Ways to save, expert investment advice, scam alerts and more! — AARP Money Newsletter »
Ransomware infects computers when people click on a malicious link or attachment. In recent weeks schemes have included mass-sent emails that claim “Your package has been successfully delivered” (the infected link promises details of “the proof of delivery”) and, to coincide with the new season of Game of Thrones, a scam targeting eager-to-watch fans at a popular file-sharing piracy website.
This type of malware then locks computers, usually displaying a notification that its contents have been encrypted and are being held hostage until a ransom is paid. Victims who pay the ransom usually receive an emailed “decryption key” that unlocks the system and releases the files. If the cybercrooks are not paid within a short period — a nerve-wracking countdown clock is included — they threaten to, and usually do, delete the files.
Ransom amounts for individual computer users typically range from $200 to $800 (but they can be in the thousands), demanded in untraceable digital currency known as bitcoins. But increasingly, there are bigger and more profitable targets: the computer systems of hospitals, schools, city governments and even police departments. So far this year, at least six major health care systems have been victimized, including Hollywood Presbyterian Medical Center in California, which paid a $17,000 ransom in bitcoins, rather than risk losing its patients’ medical records and other crucial files.
“Ransomware attacks are not only proliferating, they’re becoming more sophisticated,” the FBI notes in a new warning. “Because email systems got better at filtering out spam, cyber criminals turned to spear phishing emails targeting specific individuals,” sending more believable correspondence that addresses you by name.
In addition to these tips for institutions and their employees, follow these best practices for everyday computer users:
1. Regularly back up the contents of your computer with an external hard drive or CD-ROM. If you keep offline copies of important files, photographs and the like, ransomware scams will have limited impact.
2. Use reputable antivirus software and a firewall. Keep software updated and set to accept security patches, as they become available, to combat ransomware and other threats. Run scans several times a week, if not daily.
3. Click wisely. Don’t click on any emails or attachments you don’t recognize, and carefully read body text and links, looking for spelling and grammatical errors. Some malware-laden links purport to come from legitimate businesses, but the sender’s address may end in Gmail.com, Hotmail.com or another free email service.
4. Enable pop-up blockers. Criminals regularly use pop-ups to spread malicious software. Preventing pop-ups is easier than making accidental clicks on or within them.
5. Avoid free online offers for screen savers and games unless you download them from trusted websites.
6. Go to the real source. If you are expecting a delivery (or news that one was made on your behalf), don’t trust “proof” provided in emailed links. Go to Amazon.com, FedEx.com, UPS.com, USPS.com, etc., for legitimate tracking or delivery news.
For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.
IRS-Impersonation Telephone Scam:
An aggressive and sophisticated phone scam targeting taxpayers, including recent immigrants, has been making the rounds throughout the country. Callers claim to be employees of the IRS, but are not. These con artists can sound convincing when they call. They use fake names and bogus IRS identification badge numbers. They may know a lot about their targets, and they usually alter the caller ID to make it look like the IRS is calling.
Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.
Or, victims may be told they have a refund due to try to trick them into sharing private information.
If the phone isn't answered, the scammers often leave an “urgent” callback request.
Note that the IRS will never: 1) call to demand immediate payment, nor will the agency call about taxes owed without first having mailed you a bill; 2) demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe; 3) require you to use a specific payment method for your taxes, such as a prepaid debit card; 4) ask for credit or debit card numbers over the phone; or 5) threaten to bring in local police or other law-enforcement groups to have you arrested for not paying.