Seocheckout

Two birds, one stone, or in other words one malicious attempt



Write the reason you're deleting this FAQ

Two birds, one stone, or in other words one malicious attempt

Believe it or not, my local news recently did a piece on ransomware, which to me seems like it's an epidemic if they did a piece.. My city is small, and the state I live in is small too. No idea why they would run a piece of that magnitude. Now if you don't know what ransomware is, then where have you been for the past couple of years? Ransomware has been around as long as computers has been around but it wasn't a very popular subject.

Ransomware is basically "malware", or a "virus" that locks and encrypts your files and the only way to get your files unlocked and decrypted is to pay the malicious creator. Now what does ransomware have to do with phishing?

Not much. But did you know you can get ransomware by phishing attempts? You probably knew that already. I am currently witnessing an increase in fake login pages for payment processors. I also noticed a lot of the times these phishing pages will try to get you to download an addon like a fake flashplayer or other addon. They say you need this addon to view the website, but in reality you're being both phished and about to get your files encrypted and locked. Very sneaky indeed.

A couple days ago, well almost a week ago I was almost phished by a website. Won't mention the name here for obvious reasons, and because I already forgot what it was. However, I wanted to buy an item and I was redirected to pay via Paypal, but it wasn't Paypal. The site looked like paypal exactly, but the website URL was totally NOT paypal. I always check to make sure that I am on a legitimate payment processing site, bank site or any other site that does business with money due to phishing attempts.

This one site was good, however it said that my flashplayer was out of date, and that it needed to be updated to "click here to update flashplayer before continuing". So, what did I do? I downloaded "flashplayer" in a sandbox. This way whatever that program was wouldn't hurt my computer, and I could delete it. The flashplayer was ransomware. I was totally shocked. You think large companies, hospitals or other organizations with lots of money get ransomware, and not just some internet browser.. oh no.. wrong!

Please be very careful next time you purchase something. Always look at the website URL to make sure the site you're paying on is 100% legitimate. If you think even for a minute that something may be off, don't complete the payment. And do not download anything if you ever go to pay and what you're buying is not a downloadable service.

Ways to protect against ransomware and other malicious attacks:

1. Keep your operating system up-to-date, and your browser extensions such as flashplayer
2. Download an anti-virus program (there are many for free, i personally wouldn't use one that came with the computer itself unless it was Avast)
3. Download plugins and addons to block javascript and flash objects such as FlashBlock, or NoScript.
4. If paying via payment processor, double check to make sure it's the real website you went to pay for goods and services with.

Comments

Please login or sign up to leave a comment

Join
Judas2018
As good as some of these malicious types can make a faux site look or replicate an already existing site - there are always ways to tell them apart if you're savvy enough. Also avoid buying anything from questionable looking websites. Most likely, those sites also have questionable looking pay gateways.



Are you sure you want to delete this post?

augusta
Thanks for the tutorial,wow so to get the malware off one's files one need to pay the creator.What a wawu way of making money.I will try not to fall for these by adhering strictly to those piece of advices and the ones I will learn on this thread.



Are you sure you want to delete this post?

kgord
This is all good to know, because if we got hit with a ransomware attack we will not be happy. Some of the things that they seem to be capable of doing are certainly frightening. I hope it never happens to me.



Are you sure you want to delete this post?

Everett
The website looked professional, had everything that a legitimate website would have: Terms of Service, Privacy Policies, Cookie Policy, California Privacy Policy, Refund Policy, About Us page, and many other legal pages. Because it had the California privacy policy I initially thought it was based in California. The site had even had an SSL certificate showing the green pad lock that is now famous. However, with most sites that try really hard to look legit there was a few indicators that I overlooked or brushed off:

1. The site was in english, and offered other language variants. However the english itself was poor in some instances, and probably was poor in those other languages too. I just brushed this off as typos, or someone that didn't utilize spellcheckers.

2. The site had linked social pages, but didn't have any comments on the pages. This should've been a red flag, because even some scammy websites had comments that a user was scammed or they didnt receive an item.

So it's best practice to make sure that you're paying through the legitimate payment processors you initially wanted to pay through. Double check the url because some can buy a domain, and then add subdomains such as www.[payment processor website].com.example.com. just some quick tips to look out for.



Are you sure you want to delete this post?

kgord
Yes, poorly written English is often a tip off to scams. I look for things that don't make sense in conventional English and it is usually a scam. This is one sure fired way to tell.



Are you sure you want to delete this post?

DarthHazard
The easiest way to identify is by looking at the URL. Most of these fake sites won't have an SSL certificate either which gives them away immediately. All big sites will have an SSL certificate which will be displayed using that green bar next to the domain.



Are you sure you want to delete this post?

Corzhens
I have been receiving emails lately that purportedly are from reputable companies. There are 2 banks that have been sending me the same emails telling me to validate my account otherwise it will be suspended. The advertisement is authentic but that button to validate will bring you to another site which can be a way of hitting your with a malware. That ransomware is scary that’s why I am advising the people in our home to be discerning when clicking something in the email.



Are you sure you want to delete this post?

JoeMilford
Everett,
I fell for this once myself, but, luckily, my bank took immediate measures and stopped the "fake" PayPal account from shopping using my account. I could have been more savvy, as Judas2018 mentions above, but I was new to the game and got tricked. Since this experience, I have been much more careful about where I go and what I view online because we are all in danger of malware and ransomware out there. I have heard even worse horror stories than yours or mine, and they are some sites out there who really take advantage of people's lack of experience.



Are you sure you want to delete this post?

Everett
I didn't complete the transaction, thankfully. No payment provider that I know of would say you would need to download an add-on or other plugin unless it is a mobile payment provider? In those cases, it is the legitimate Apple or Android Pay. However, I would also look out to make sure you're downloading the real app in that case.



Are you sure you want to delete this post?

ballyhara
Here where I live, we had a terrible bad experience with a bank. This city is not so big, so when something like that happens, obviously it implies, at least half of the city was tricked. Thousands of clients were completely cleaned from their accounts, some others were erased from system, and at the end, horrible disaster. That made me more paranoid than usual, and I'm always checking URL. Sometimes I feel it's so frustrating to be looking over your shoulder all the time.



Are you sure you want to delete this post?

Tronia
Damn, your story is quite scary considering we all purchase things via the internet very often. I don't think that I have ever gotten tricked yet (thank god) but I remember a while ago, there was this weird website... it looked very nice, high-quality but for some reason, I just found it fishy. When I wanted to pay through PayPal it redirected me to something that wasn't it and wanted me to enter my details and password.

The moral of the story - be careful about all websites. Don't trust any, only trust yourself and your eyes. Always double check when paying.



Are you sure you want to delete this post?

Everett
Yes, double check and triple check. And also, don't pay for anything with a lack of sleep either. This was probably another reason I almost got scammy teeth sunk into me.



Are you sure you want to delete this post?

JoeMilford
I was thinking just the same thought, Tronia, and when i read the story here, I actually got a bit paranoid about some of the purchases I had just made that day. To be honest, I guess that no online purchase is always airtight, and you are taking a chance dealing with certain people, but to get the goods and services that you want, sometimes that is what you have to do.



Are you sure you want to delete this post?

Baburra
There was a big and popular one just recently that was all over the news and I really got worried about it. So much so that I barely turned on my laptops for a while and instead just used my phone and tablet. It's really what I hate about Windows because on Macs you rarely have to worry about such things. The problem is that I need Windows for work so I have to use it.



Are you sure you want to delete this post?

overcast
I regularly change my password. And I also make sure to upgrade my plans for the antivirus. And also update the software on both operating system and the antivirus. And that in itself is going to be helping a lot for the antivirus protection. I don't also buy things every time recommended on the browser. And same goes even if the antivirus is offering that. Because that in itself is going to affect the open ports. So it's safe to use the right antivirus.



Are you sure you want to delete this post?

Baburra
I used to be more relaxed with things like this but with the recent scares and as more and more of my information becomes important and dear to me, I am starting to become more careful. Nowadays I also try and change my passwords from time to time and I make sure to keep my operating system and defender and virus protection updated.



Are you sure you want to delete this post?

overcast
Yes. I am using lastpass password manageer. It protects the password. Also it is being desktop extension it can be good enough for protecting the identity. So it's good enough for most of the use. I'd say it's really good app. You may want to try it if you are serious about security.



Are you sure you want to delete this post?

JoeMilford
That's also a good suggestion--keep changing that password. Where I work, at my "regular" job, we are required to change our main password every thirty days, and I have heard one IT guy say he wished we did it every ten days to be on the safe side. Passwords must also be crafted well so that they achieve the most optimal level of security and strength. The more elaborate a password is, though, the harder it is to recall, so I think that most people just go the easy route when making up their passwords.



Are you sure you want to delete this post?

overcast
You can use the lastpass. And it can add different type of the password remember option for you. And there are some really good options for the saving and using the passwords. You can also autogenerate password with the app too. I think changing password every 4 months is a good option.



Are you sure you want to delete this post?

DenisP
There are book smarts, there are street smarts, and a lot of people may not realize this, but there are also internet smarts. If you aren't very savvy when it comes to navigating the internet, it can be all too easy to find yourself the victim of a scammer, hacker, or virus.

As someone who has spent literally countless hours on the internet, I can almost instantly notice when something isn't right. However, those who are less experienced with technology, such as the elderly, can be the most gullible and easiest to prey upon.

So many simple tips can help you avoid a lot of pain and inconvenience. For example, always check the file format when downloading something off the internet. If you're downloading a picture, or a song, or a movie, there is absolutely no reason that it should be a .exe file, because .exe means it is an executable program and 100% guaranteed to be a virus.

The best anti-virus is sitting on your own shoulders.



Are you sure you want to delete this post?

TimothyAlex
Yeah, I use to think I was savvy enough too. But, one time I was caught off guard and ended up inadvertently handing over my Twitter password. Typically, those sites are easy to spot, even if it is a great forgery. But, it only takes a momentary lapse. However, that was years ago. Now I use two-step verification on those sites that offer it, and I allow Google to remember my passwords. So, if Google is not automatically entering my username and password, I know something is wrong.



Are you sure you want to delete this post?

DenisP
That's a good strategy for maintaining awareness of where your information is going. But I definitely agree that even the savviest of internet surfers can find themselves scammed, because like you said, all it takes is a momentary lapse in awareness.

I find that I'm most vulnerable when I'm stressed out and trying to put together some new project through the internet, or something along those lines. If I'm rushing through putting in my account information and just trying to get things done, that is when I'm least aware of exactly where I'm logging in to, and leaves me at my most vulnerable.



Are you sure you want to delete this post?

TimothyAlex
Absolutely! When I am putting in 12 to 15 hour days, with a backlog of work, that is when I start making mistakes too.



Are you sure you want to delete this post?

DarthHazard
One of the best ways to prevent ransomware is to be careful. If you are more careful when browsing the internet and reading your emails then you won't have to worry about ransomware too much. If you download stuff carelessly or just click links without even bothering to inspect them, then you will pretty much be infected with ransomware sooner or later.



Are you sure you want to delete this post?

wiseagent
I think when the problem is ransomware, the word of order is attention.

What links are you clicking on? How attentive are you when you decide to read your emails? These kinds of situations are common and we usually neglect the care we should always have with them.



Are you sure you want to delete this post?

overcast
True. Most of the freebies and clickbaits are going to have that issue with the attention. And that in itself is going to lead to more or less of an issue. You can see that it leads to the malicious ad issue. And it can install some stuff. So I guess one has to be really secure in terms of the browsing this way.



Are you sure you want to delete this post?

wiseagent
In my way of seeing things, clickbaits are like a real minefield that seems to have no end (they are multiplying in an almost unbelievable way). I try to avoid them most of the time - almost always, to be honest - they appear.



Are you sure you want to delete this post?

overcast
Yes. I have seen many people downloaded some rogue software. Like say registry cleaner. And malware clearner after reading those apps. So surely it is something not worth it. Most of the people sell such software and make money. And we fall for fake viruses and the security issues.



Are you sure you want to delete this post?

Judas2018
Falling for an internet scam doesn't mean you're dumb, stupid or naive. It's just that you made a mistake - and that's what people should remember in the long run. Consider it a lesson learned. Now of course - you do have people who make some foolish decisions with their passwords or online credentials. But if you were fooled one day by an alarming email claiming your amazon account was compromised and you need to follow these steps to protect it - they basically used your fear against you knowing you would react. It's a cheap trick, but it's also like that old saying - "fool me once shame on you, fool me twice shame on me."



Are you sure you want to delete this post?

peachpurple
Thanks very much for your advice, I don't have the habit to look out for the URL link, I must make it a habit to take note. I use PayPal a lot



Are you sure you want to delete this post?

mildredtabitha
Thanks for this useful tips.
Antivirus apps always help to solve this malware problems but some viruses can still not be removed.
I have also keep my advice to date by downloading latest updates.



Are you sure you want to delete this post?

Steve5
They do help with that. Updates are very important in order to ensure we're getting the best level of protection from that app. You can also try deleting apps that could be causing you security issues.



Are you sure you want to delete this post?

Pixie06
That's scary. I purchase many things online and to be honest I don't really pay attention while making the payments. I will try to be more vigilant now. However, I join or purchase only on trustworthy sites. I also have a good antivirus.



Are you sure you want to delete this post?

Judas2018
Buying online is fine just so long as you stick to your usual's when purchasing certain goods. If you're buying from a new site - make sure you've visited that site often enough or chat with people at that site on a regular basis. So you'll know you're buying in safety and with confidence.



Are you sure you want to delete this post?

jaymish2
Thanks for this information. Malware is such a big problem, you just don't know which sites to trust especially banking sites and payment processors.I also think both parties should invest in more security to protect against attacks.They, however, seem quite content with the status quo and leave it to the customer to sort themselves out, which I think is quite unfair.I also have a free Anti-virus on my computer and it works quite well for me.



Are you sure you want to delete this post?

Steve5
One way to avoid them is to always be familiar with your frequently visited sites. You can tell if they're not what they seem since others look and function differently than the original. Also, suspicious activity is a good sign that it's fake.



Are you sure you want to delete this post?

kgord
It is very scary to think about these attacks on your system. Last night Grey's Anatomy, a show that revolves around doctor's in a hospital, dealt with this very thing. There was a cyberattack on their hospital and they demanded money paid in Bitcoin to access their systems which of course are all online. I didn't see how the show ended though.



Are you sure you want to delete this post?

JoeMilford
Ransomware is a scary thing, to be sure, and when you think about this type of tactic being implemented upon a hospital, or any other grid system that people depend upon for survival, things get pretty scary pretty fast! That sounds like an interesting episode of that show--I have not watched that series in a while, but this is a problem in our emerging technocracy which is not going to go away. Internet security issues threaten all of us, and not just in financial issues with things like identity theft and the like--hackers can actually destroy our physical lives as well, as this show demonstrates.



Are you sure you want to delete this post?

kgord
Yes, it is amazing the kinds of tools that hackers can use. Since it isn't going to go away the best thing to do is be aware and be proactive so that we or our software can stop and prevent attacks before they happen.



Are you sure you want to delete this post?

Steve5
That's awful. People have become too greedy for money. Even risking the lives of innocent people is just a means to an end. This shows that technology definitely has its dark side.



Are you sure you want to delete this post?

rhombus
Some interesting advice, I was also under the impression that I was safe from hackers as I had nothing anyway. I am not sure of a solution, while they keep making money the ways and means used will increase. I am not sure what I would do in a similar situation, only hope that I would be able to notice. Hopefully, the anti-virus sites etc are working on it and step up their game.



Are you sure you want to delete this post?

Steve5
Me too. I hope our anti-virus systems can safely remove them. They're too much of a threat to our online property. This is why I limit my online transactions and double check to see if the site is legit.



Are you sure you want to delete this post?

Rumu
As much as some people will want to argue that one can tell when you come across a malicious website, i really don't think it's a valid argument because no matter how inclined or carefull you are or even savy, one can't tell in most cases. It's not a matter of being dumb, its just the way things happen. A person can never be too careful when it comes to hackers. We just have to be really careful with our online activities.

Drawing from the points laid out on the post, i think your recommendations and advices are really good. They are good steps to employ in order to reduce the risk of getting hacked online.



Are you sure you want to delete this post?

Corzhens
To be honest about the issue, I am scared of that malware called ransomware because it is not an ordinary virus. I cannot imagine myself paying the ransom demanded by the virus makers that I deposit the amount in bitcoins to their bitcoin account. It’s like saying my hard drive is a goner when it is hit by a ransomware. And for protection? The anti virus should always be up to date with the list of virus so new viruses can be checked.



Are you sure you want to delete this post?

Steve5
Yes, it's scary. It's like taking hostage your property. Even if it's mostly digital content, you still wouldn't want them controlling your data. So always stay vigilant while surfing the web.



Are you sure you want to delete this post?

Steve5
That's really unsettling. It's common to find it nowadays. This is why many tend to avoid untrustworthy websites. I'm glad I too practice checking the URL for authenticity.



Are you sure you want to delete this post?

Judas2018
Yeah but with a digital age, comes new problems. When the web changes again 10 or 20 years from now, there'll be something even more unscrupulous to worry about.



Are you sure you want to delete this post?

Steve5
I wonder what that will be. Well, you can't really avoid such troublesome things. The best we can do is to be prepared. Like by learning as much as we can about preventive measures.



Are you sure you want to delete this post?