Don’t be alarmed at this Microsoft support scam if it hits your computer, billions of records with personal information found open on the Internet and protect your PIN from hidden cameras.
Welcome to Cyber Security Today. It’s Wednesday March 13th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast click on the arrow below:
There are all sorts of criminals running Microsoft tech support scams. A couple of weeks ago I told you about a phone call I got from a man pretending to be from Windows support. A woman in the Toronto area told me about another scam: She was online when suddenly the computer speakers began wailing like a siren. Then a voice said, “Someone is trying to hack your computer. It could be identity theft.” And on screen there was a message that said “Call this number” and the word “Microsoft.” This, of course, is a scam. If you call the number someone pretending to be Microsoft support will promise to clean your computer, if you first pay a fee. Not only do they get money, they get your credit card number. There are a number of ways to get rid of this fake alert which seems to have taken over your computer. One way is to open Task Manager by pressing the Control-Alt-Delete buttons and make it close your web browser. Another is temporarily turn your computer off. You may have been hit by going to a web site that was infected, or someone sent you an infected document.
Speaking of Windows, yesterday was the monthly Patch Tuesday when fixes are issued by Microsoft. You should check to make sure the updates were installed. Usually they are automatically. One of the fixes is a safety measure that lets Windows 10 automatically uninstall buggy software updates if it detects a startup failure. That’s because sometimes Windows fixes cause problems themselves.
More bad news on the fiasco involving a company called Verifications.io. Initially, when researchers last week revealed they had found an unprotected database open on the Internet it was thought there were 800 million records with personal information. Now it’s been discovered that there were 2 billion records in four databases. The information included email addresses, phone numbers, dates of birth, basic credit scoring, mortgage amounts and social media accounts related to the emails addresses. No passwords or social security numbers were exposed, but data like dates of birth can be used by criminals when combined with other stolen data. The company, which validates bulk email lists for companies, went offline a few days ago after being notified.
Most listeners use ATMs to get cash. However, they can be hacked, with criminals installing skimmers to read your bank card for copying, and fitting tiny cameras to capture your PIN number as you hit the keys. Security reporter Brian Krebs this week advises that a good way to protect yourself is always hold one hand over the other to make sure a camera can’t see the PIN number you’re entering. That’s good advice everywhere you use a credit or debit card.
Finally, I was in San Francisco last week for the RSA security conference. What struck me there were the number of businesses still insisting customers could only swipe their credit or debit cards — even if the cards had safety chips on the front. The much safer way to use a chipped payment card is to insert the card at the bottom of the card reader and then enter a PIN number. Then the machine accesses your personal information on the protected chip. The black stripe on the back of a card with your personal information isn’t safe — it can be hacked. My hotel check-in desk, the hotel restaurant and an airport food outlet were among the places that insisted I swipe. The hotel manager told me the chain is preparing to install the more safer readers later this year. Given the number of hotels that have been victimized by point of sale hacks that’s not good enough. If you can use a chip and PIN card but the business insists you swipe, tell the management you’re not happy with their security. In the U.S. they’re converting to chip and PIN systems, but not fast enough.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon