Don’t get caught by this holiday email scam!

The holidays are a busy time for all of us and with the advent of online shopping to avoid the crowds we are becoming conditioned to receiving purchase related emails from a variety of sources.

The cyber crime community is well aware of this and a new trend in cyber crime using fake order confirmation and other typical purchase-related emails has been noticed, as reported by internet security company Malcovery. The primary payload of these emails is the malware known as ASProx, a particularly nasty trojan that collects email addresses and passwords from it’s victim’s computers, then turns the infected machine into a botnet relay allowing spam messages to be passed through it.

Malcovery reports that in December 2013, spammers used ASProx to deliver fear in the form of a Failed Delivery email from CostCo, BestBuy, or WalMart.  Malcovery analysts identified more than 600 hijacked websites that were used as relays to prevent detection by causing the spammed links to point to websites that had been “white listed” until the very day of the attack. People responded because the email told them their Christmas gift shipment had been delayed and the only way to get a refund was by clicking the (infected) link.

This year the scammers are getting even craftier and their tactics have changed. Fake order confirmation emails appeared after cyber Monday with titles like “Thank you for your confirmation,” “Order Confirmation,” “Thank you for buying from [company name],” “Acknowledgement of Order,” and “Order Status.”. The email content now targets people’s greed by saying that a delivery (that they didn’t order) is waiting for them:

“We are happy to inform you that our online store HomeDepot.com has an order whose recipient details match yours.  The order could be received in any Local Store of HomeDepot.com within the period of 5 days.  Open this LINK to see full information about your order.”

Opening the link infects the victim’s machine.

Another trend is with hijacked credit card numbers. Instead of charging several hundred dollars on a single credit card – which is immediately noticed and blocked – online thieves are now content to charge several thousand people $20 – $30 each, which is less likely to be noticed by either the bank or the victim.

Cognoscape is committed to your security

There are a few simple rules to follow whenever you open your inbox:

  • Ask yourself: Were you expecting this email?
  • Check the sender’s address – hover over the address to verify the sender
  • Check the link address – hover over the link to read the address it is sending you to. Does the domain name look valid?
  • Learn to spot fake domain addresses
  • If you have any concerns DO NOT click the link, instead type the address into your browser and access the information from there
  • Review your credit card statement regularly for fraudulent transactions
  • Remember scammers target people’s greed – if it sounds too good to be true, it probably is!

Would you like to learn these techniques and have them taught to your colleagues? Cognoscape are now providing a series of lunch and learn presentations to avoid phishing scams and keep you safe from these attacks. Fill in the “Request a Consultation” form to the right of this blog post if you would like more details.

Don’t forget your friends need to know about this too – please share this post!

Top 3 Benefits of Network Security Services

If you’re running a business, you need to make sure that your network is secure – there’s no question about it.

Imagine. What would happen if a hacker infiltrated your network and accessed your critical data? You could lose that data or, even worse, you could lose your company!

Don’t leave your company vulnerable and risk losing everything you’ve worked so hard for. There are several ways your company can benefit from network security services – here are the top 3.

 

#1: Peace of Mind

It can be a challenge to safeguard your business from security threats since hackers are constantly devising new ways to steal data and wreak havoc on businesses.

So, what can you do about these security threats?

Luckily, you don’t have to face them alone. By taking advantage of network security services from Cognoscape, you can gain the peace of mind that you need. You’ll be able to sleep well at night knowing that your network is not at risk and your valuable company information is safe from harm.

 

#2: Productivity

When you aren’t dealing with security breaches and network security issues, you’ll be able to empower your employees to be more productive. You’ll also save your software and hardware from harm caused by security breaches.

Instead of dealing with downtime and the stress of losing critical data, you and your employees can focus on your job duties. That way, everyone can work as efficiently as possible instead of being unnecessarily disrupted.

 

#3: Compliance

Every company has certain regulations in place that are set to improve efficiency.

Here at Cognoscape, we understand that adhering to the security compliance regulations for your industry is not an option – it’s a necessity. You can trust that the security solutions you’ll receive from Cognoscape will meet all of the security compliance regulations necessary.

 

It’s easy to see how network security can lift a huge burden from your shoulders and improve your company processes. Contact Cognoscape today for a network security solution, and let’s work together to help your business succeed.

Security Risk! Windows XP And Office 2003 Pose A Dangerous Threat To Your Business.

XP security alert

Security Alert for Windows XP. If you’re using Windows XP or Office 2003 you only have until April 8th before hackers may attack.

 

 

As a Microsoft Certified Partner, Cognoscape LLC, a Dallas based IT Security Company, would like you to know that you may very well be at risk of serious cyber attacks. Microsoft has announced that it will stop support for the XP operating system and Office 2003 software suite on April 8, 2014. Your entire business will be exposed to serious cyber attacks that can take control of your network, steal data, crash your system, and cripple your business. Many companies that we meet with don’t think they still have XP in their environment. However, what we have seen time and time again after a network review is that we typically find instances where XP still exist on their network. Postage machines, machines set up for printers, work-group machines etc. are all examples of possible security risk in a companies defense. The code has already been written… hackers are lining up right now waiting just waiting for the date.

You Must Migrate from XP and Office 2003 Before April 8, 2014. By law, all medical and financial service companies must upgrade any and all of their computer systems running XP or Office 2003. Firewalls and anti-virus software won’t protect you. According to Tim Rains, Director of Microsoft Trustworthy Computing: “XP has been a beloved operating system for millions and millions of people around the world, but after 12 years of service it simply can’t mitigate the threats we’re seeing modern-day attackers use.”—USA Today. Cognoscape, Dallas area IT Services company is offering area businesses a complimentary Security Audit. We will provide you with a comprehensive executive report detailing possible security risks and advice and recommendations on how to fix them. CLICK HERE to sign up for your Security Audit. 

How Do I Remove a Virus?

We often get asked about virus removal. Here’s a great article from Microsoft to get you on the right path…

https://windows.microsoft.com/en-us/Windows7/How-do-I-remove-a-computer-virus

How do I remove a computer virus?

If your computer is infected with a virus, you’ll want to remove it as quickly as possible. A fast way to check for viruses is to use an online scanner, such as the Microsoft Safety Scanner. The scanner is a free online service that helps you identify and remove viruses, clean up your hard disk, and generally improve your computer’s performance.

If you’re not sure whether your computer has a virus, see How can I tell if my computer has a virus? to check for some telltale signs. To try a different online scanner, follow the links to other companies that provide them on the Windows Security software providers webpage.

If you can connect to the Internet

If you can reach a website using your web browser, run an online scan.

To run the Microsoft Safety Scanner

  1. Go to the Microsoft Safety Scanner webpage to download the scanner.
  2. Click Download Now, and then follow the instructions on the screen.

If you can’t connect to the Internet

If you can’t get to the Microsoft Safety Scanner online, try restarting your computer in safe mode with networking enabled.

To restart in Safe Mode with networking enabled

  1. Restart your computer.
  2. When you see the computer manufacturer’s logo, press and hold the F8 key.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
  4. Log on to your computer with a user account that has administrator rights.
  5. Follow the steps above to run the Microsoft Safety Scanner.

For more information about different startup modes, see Start your computer in safe mode.

If you still can’t access the Internet after restarting in safe mode, try resetting yourInternet Explorer proxy settings. The following steps reset the proxy settings in theWindows‌ registry so that you can access the Internet again.

To reset Internet Explorer proxy settings

  1. In Windows 7, click the Start button. In the search box, type run, and then, in the list of results, click Run.-or-

    In Windows Vista, click the Start button, and then click Run.

    -or-

    In Windows XP, click Start, and then click Run.

  2. Copy and paste or type the following text in the Open box in the Run dialog box:reg add “HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings” /v ProxyEnable /t REG_DWORD /d 0 /f
  3. Click OK.
  4. In Windows 7, click the Start button. In the search box, type run, and then, in the list of results, click Run.-or-

    In Windows Vista, click the Start button, and then click Run.

    -or-

    In Windows XP, click Start, and then click Run.

  5. Copy and paste or type the following text in the Open box in the Run dialog box:reg delete “HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings” /v ProxyServer /f
  6. Click OK.

Restart Internet Explorer and then follow the steps listed previously to run the scanner.

Remove a virus manually

Sometimes a virus must be removed manually. This can become a technical process that you should only undertake if you have experience with the Windows registry and know how to view and delete system and program files in Windows.

First, identify the virus by name by running your antivirus program. If you don’t have an antivirus program or if your program doesn’t detect the virus, you might still be able to identify it by looking for clues about how it behaves. Write down the words in any messages it displays or, if you received the virus in email, write down the subject line or name of the file attached to the message. Then search an antivirus vendor’s website for references to what you wrote down to try to find the name of the virus and instructions for how to remove it.

Recovery and prevention

After the virus is removed, you might need to reinstall some software or restore lost information. Doing regular backups on your files can help you avoid data loss if your computer becomes infected again. If you haven’t kept backups in the past, we recommend that you start now.

To learn how to help protect your computer against viruses in the future, see How can I help protect my computer from viruses?

Word doc containing embedded malware.

Network Security tools are not always enough

Network Security tools and antivirus products do not provide complete protection from the Viruses and Malware that threaten businesses on a regular basis.  Common sense and intuition can help fill the gaps where network security tools leave off.  A recent example comes from a client who correctly DID NOT open the attachment and referred the email to our team for analysis.  Working for a lawfirm, our client knew that such a notification would arrive as a certified letter instead of just an email to a distribution list.  The email came in as follows:

From: Douglas Rosenthal – Attorney [mailto:doug.rose@douglasrosenthal.com]
Sent: Monday, August 02, 2010 3:04 PM
To: Recipients
Subject: Cease and Desist

Dear Sir

It has come to our attention that your website contains a logo thatis identical/substantially similar to our copyrighted Work.
Permission was neither asked nor granted to reproduce our Work and your Work therefore constitutes infringement of our rights.
In terms of the Copyright Statutes, we are entitled to an injunction against your continued infringement, as well as to recover damages from you for the loss we have suffered as a result of your infringing conduct.

In the circumstances, we demand that you immediately:
1. remove all infringing content and notify us in writing that you have done so;
2. credit all infringing content to ourselves.
3. immediately cease the use and distribution of copyrighted material;
4. undertake in writing to desist from using any of our copyrighted Work in future without prior written authority from us.

Attached is a list of the copyrighted material in question.

We await to hear from you.

This is written without prejudice to our rights, all of which are hereby expressly reserved

The email attachment is a Microsoft Word document named 822010.doc with a size of 112,532 bytes.  Opening the document you see what looks like a PDF file named infrige_documents.pdf with the instructions “(double click to view)”.

A quick look at the properties of the embedded file (In Word 2010 – Right Click on the file/Packager Shell Object Object/Properties) shows the embedded PDF file is really an executable named  INFRIG~1.EXE with a description of “Ufouonkt Uvadb”.  The file name was even a misspelling of INFRINGE, another clue that the whole thing is bad.  Launching this file would have launched a virus that would attempt to infect the computer.  When I tested this file, only 17% of the the world’s anti-virus engines would have flagged it as bad.

With any email or pop up message we advise our clients to either call us or forward the email so we have a chance to prevent a much bigger problem.  When in doubt, DO NOT open items or click messages when you can easily pick up the phone and get the help of an IT professional.