We help you stay sane with your computers!

News Flash!

Phishing email targeting Wells Fargo customers

Wednesday, March 9th, 2016

I just received a phishing email targeting Wells Fargo customers, and thought it might provide a good example of some things to watch out for. This particular phishing email is rather clumsy so there’s several items that stand out as fishy, or phishy if you prefer.  I’ve included a couple photos in the article here.  You can click on the image to see it full size.  Unfortunately for Facebook, the images will not be imbedded.

 

Image2 First of all, notice that the From address is a yahoo address.  Wells Fargo isn’t going to send you an email from a Yahoo address.  It is all too easy to forge the from address, so just because the address looks like it’s from Wells Fargo isn’t a home-free card.  Did I mention this one was clumsy? It appears to me that this message was actually sent from a compromised yahoo account.  
 
The next clue is the wording of the message: “We kindly implore” and “Customer Care Service.”  I suppose if the business was located in the UK, that might be a bit more understandable, but in the US the stilted language is a dead giveaway.  Someone not in the US composed this message.
 
Image1 Finally, if I hover the pointer over the link – hover, not click! – then Outlook at least will show me what the real link is.  You’ll notice that the text of the message makes it look like it’s a Wells Fargo address, but hovering reveals the actual link to point to a different address – “http://tokblast.pw/kwlz”  Although I didn’t click on the link, I’m guessing it would present a page with graphics “borrowed” from Wells Fargo to make you think you were on a Wells Fargo site, and prompt you to log in.  
 
When you try to log in on that website, you give them your bank login information!  Now they can log into your bank account, and transfer all your funds to their account in the Bahamas or wherever.  Nifty, eh?  If you have a line of credit, they can probably also max out your loan, too.  Now you’re not just broke, you’re in debt!
 
Be careful with emails!

 


Bancorp email compromised

Monday, March 7th, 2016

Bancorp email compromised

I use unique email addresses for various vendors that I use.  There’s a couple different reasons for that – one is that I can retire that address if I start getting spam, and the other is that I KNOW whose system has been compromised when I start getting spam to that address.  I generally let them know that I’m getting spam from the unique address I’ve given them, so that they can do something about it.  If they choose. 

Today I got a malware email from an address that was given to Bancorp.  The email was crafted to look like an invoice, and had a zip attachment.  I’m sure the zip attachment had some type of malware payload that would be delivered if I unzipped the zip file.

The email subject line was E-Service (Europe) Ltd Invoice No: 10013405 and appeared to be from a company in UK.

Be careful out there!  Make sure any employees know to NOTICE if an email looks fishy before they open any attachments.


Trade Ad Exchange malware

Tuesday, March 1st, 2016

Recently we worked with a client who had been infected with the Trade Ad Exchange malware.  One of the sneaky things this malware had done is changed the DNS settings on their Wifi router.  DNS stands for Domain Name Service, it’s the service that translates a domain name – like teamveritas.com into an internet address – like 72.44.93.196.  This is really nasty because it means they can route your internet traffic wherever they want!

One thing to check on occasion is the DNS settings for your workstations and network gear such as wifi routers.  I generally use public DNS servers such as Google’s 8.8.8.8 and 8.8.4.4. 

Does this all sound like greek to you?  Team Veritas can help verify your PC’s and network to make sure there’s no issues.  Give us a call!


Newsflash up and running

Tuesday, March 1st, 2016

We now have the newsflash facility up and running.  This means that we’ll be able to post updates to the website, Facebook, and Twitter simultaneously – through an email interface that makes it easy for us to post.  Like our Facebook page https://www.facebook.com/teamveritasva or follow us on Twitter at @teamveritasva to get handy information and updates as they become available!

Team Veritas provides computer, network, and website support for individuals and small to medium businesses in the greater Charlottesville VA area.