Internet Safety - is our new landing page for information about how you can be more aware about the various ways methods you can become vulnerable to a security breach, personal identity theft, virus/malware infections, and other attacks to compromise your way of life.
Walmart Financial Exploits
Walmart Scam Example
This message pertains to recent news stories on various cable networks, including our local WNEM TV 5 reporting about Cryptovirus (aka CryptoLocker). The reports are about a serious and nasty variation of other past ransomware viruses like FBI CyberCrime and Homeland Security. Watch this video for some insider technical information about how this virus works, from Sophos.
This latest variation informs you that your system files have been locked (encrypted) and you must pay $300 with X amount of time to get the key to unlock/decrypt your machine (or risk losing the key forever). And it actually does encrypt your files (see news articles below for a list of common files). Of course, there is no way you can trust them to provide you the key (after you give them your account information and money).
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
The only way to ensure you do not lose your files is to:
- Back your files up to a source that's not always connected to your computer or network. Variations of the virus may extend past your local hard drive and look for files on USB flash drives, external hard drives, and network shares.
- Cloud-based backup solutions (such as DropBox or SkyDrive) would be ideal.
- Practice safe computing!
- Make sure your computer anti-virus software is up to date.
- Make sure System Restore is enabled
- Most viruses are propagated through email links and attachments; phishing and scam emails attempting to be something they're not.
- Scrutinize the messages and think critically - an ounce of suspicion should cause you to exercise extreme caution.
- Do not blindly click on links; instead, visit the site manually (if you feel you must!)
- Do not open attachments just to check them out! Read the paragraph above about how these are typically spread!
Additional information below:
The recent Walmart Email is just one example of the Blackhole Exploit - read more here:
From: Mike Holliday (email@example.com)
Subject: New Virus Attack
The purpose of this message is to inform you of a new sophisticated Virus infected message, that does not require you to click on links - simply load the message into a "dated" web browser (like Firefox, IE, Chrome, Safari) and it searches for exploits on your computer.
If your system had AVG popup as you viewed it, and it blocked the message - great! That means AVG stopped its actions cold. If it did not, we should have your system inspected. Please contact the IT Support Center at x4225.
Below is a sample message. The circled areas are items you should scrutinize before acting on messages.
- If you hover over the From address - you'll see not only is Walmart misspelled (has two L's), and the actual address is poorly named and even sometimes has a different extension (.com, .net, .org).
- If you hover over the links (not clicking) it shows a completely different web address not related to the subject or material in the message.
- The fact they use an email address for salutation, versus your actual name on file when you order things online.
- The fact that the shipping details are not even close to being related to you.
Again, being aware of these kinds of nuances in messages will help further protect you. Be careful and assume that the message is not legitimate. Ask yourself basic questions.
If you are concerned, your next best course of action is to go directly to the website and log in normal and/or contact their Customer Service via phone (never click on links in these messages to get there).
- Do I have a Walmart/PayPal/eBay account?
- Did I order something online recently?
- Does something about this message seem suspicious or "phishy"?
And as always, please feel free to contact the IT Support Center (989-964-4225) for advice or to report something that is phishy. If you accidentally clicked and became a victim, you should change your passwords immediately and contact the IT Support Center to have your system inspected.