Spam calls have plagued modern society for years now and are only getting worse. With the availability of generative AI technology to anyone, bad actors have started using it for evil.
If you haven’t seen Obama playing Minecraft or Plankton from Spongebob singing Rolling in the Deep, you may be unfamiliar with artificial intelligence voice synthesis. Artificial intelligence voice synthesis is a voice changer or text to speech program that uses AI learning models to mimic someone’s voice. Think of it like when you speak through a fan and your voice sounds like Darth Vader, but instead of a fan you use a computer and now it sounds like Taylor Swift. Apple introduced an accessibility feature that uses the same tech in iOS 17 that allows for mimicry of one’s voice with less than a minute of recording. In this case, it can be used for good. For example, someone with a speech impairment can use it to talk to someone by only typing into their phone.
With all that said, this tech can also be used for some very nefarious purposes. A new trend among spam callers is using the voice of a loved one, or someone you know to trick you into giving away personal information and sending money to the scammer. This is done by taking a model of someone’s voice who is known to be connected to you and calling you with their voice. It is important to be suspicious of any call that you get from an unknown number and with this new technology, one needs to be extra careful. If you still need to answer unknown callers for work or otherwise, a common work around is to set up a code word or phrase with your loved ones and friends. For example, if I were to get a call from an unknown number with the person claiming to be my mother and sounding like my mother too, I would ask them, “Do you remember our code?” and if she responded with the code we agreed upon, I would know it is legitimate.
Overall, it is wise to be wary of any unknown phone numbers. Using common sense when receiving asks for money or other critical personal information goes a long way in stopping you from becoming the next victim in a scam.
Ever gotten a call from Microsoft, Apple, or Amazon about your computer being infected or a recent purchase you made? While computers have gotten (by many measures, anyway) more secure over the years, for many would-be attackers, the human is now the easiest part of the puzzle to solve. Large, elaborate scams today have been built around the premise of tricking users into divulging credit card numbers, account login info, and other sensitive pieces of information by imitating familiar companies claiming to be reaching out for security purposes. Using some particularly difficult to dismiss pop-up ads, sometimes these grifters will even try to get you to call them directly, with warnings of viruses or other such problems blaring at you from an often-legitimate looking error screen. Others will simply email potential victims directly, using stolen accounts disguised with a quick name change or an email account with an address close to a legitimate one. The tactics used and the avenue taken by these scammers is manifold, but generally, there are a few rules you should stick to.
Avoiding Scams
For one, you can almost universally write-off any phone calls from most of these large companies as being illegitimate – they don’t have the time, resources, or incentives to reach out to you regarding something specific to your computer or account. Secondly, always double check the email address (rather than the name attached) or phone number on any of these messages to confirm it is who it claims to be. Oftentimes, the number or address will be completely wrong, or in more sophisticated cases, it may only have a single letter out of place. The contents of the message may also contain spelling or grammar errors, which (generally) large companies do their best to avoid in contacts with customers. Finally, where possible, contact the company / financial institution / individual directly using a method you can verify to be legitimate. Never follow any links from, or call or reply to any phone numbers or email addresses provided in, a message containing any such notices.
Over the years, cyber threats have come in many shapes and sizes. Viruses that scramble your data and hold it for ransom, worms that conscript your computer into armies and forced to illegally attack websites, and phishing emails designed to steal personal information from you are just some examples if threats today. The method of attack has changed consistently throughout the years because of a constant game of cat and mouse between cybersecurity researchers and cybercriminals – as new flaws and vulnerabilities are discovered and exploited, companies race to “patch” them over to keep it from being exploited. While computers are in many ways more secure than ever, it’s still important to stay up-to-date and have an antivirus to keep you safe from as-yet-unseen threats. Likewise, staying conscious of potential threats and never downloading files from untrustworthy sources or suspicious links in the first place is a good policy to have.
No, You Didn’t Buy That $500 Antivirus: The Erroneous Charges Trap
We’ve been seeing a lot of fraud and scammer activity lately, so we wanted to warn about some of the common tricks and traps we’ve seen. “Call Center Scammers” are unfortunately nothing new. Just about everyone, whether they’ve realized it or not, have encountered these types of swindlers in some form or another, including the erroneous charges trap.
For some years now, the most common thread we’ve seen have been tech support scams. In this type of scheme, criminals will try to trick users into handing over control of their computer by pretending to be “support staff” for Microsoft, Apple, Google, or another large-scale tech company. They will do this by either directly calling you (often spoofing a number in your area code so as to not raise suspicion) or by putting a pop-up advertisement out on the internet that will, once stumbled upon, prevent you from closing it and display threatening and official-sounding warnings about your computer, with a phone number to call to “fix” whatever issue the scammers are claiming your computer has. Once they get you on the phone, they will do their best to convince you that your computer is having some sort of issue, and that they are going to fix it for you. No matter what, the most important thing to remember with these is that most of these companies will ever contact you for any reason, let alone a computer issue, and anyone claiming to be calling from them is trying get one over on you.
Which brings us to one of the schemes we have been seeing more recently. An exception to the above rule is a company that does contact you regularly regarding bills – such as an antivirus provider, for example. One of the most common scams we’re seeing now is formatted very much the same way as the previous one, but instead of luring you in with threats of a problem needing to be fixed, they lure you in with the threat of a double-billing or a purchase you didn’t mean to make. These types of scammers will typically disguise themselves as Norton or McAfee and will send out Emails and alerts about large payments made for service that they want you to think you’ve purchased. If you contact them to dispute the charge, they will often indicate that the charge was made in error, and offer to refund you. In order to give you your money back, all they need is your banking information… and you can probably see where this is going. Other times, they won’t directly raise the red flag by asking for this information outright, instead “sending the refund” and making it look like they accidentally gave you too much money. The scammer will then plead with you to send back just the amount they overpaid in the “refund,” implying legal consequences for you, or in really low cases, pretending they’ll be fired if they cannot get the overpayment back. This is all an elaborate ruse to get you to send them money, as you’ll find no such transaction actually went through at the end. Similar scams are also known to take place pretending to be Amazon or the like, those these are often more obvious due to their commonality.
As unfortunate as it is, the best way to stay safe on the internet these days is to just assume anyone trying to contact you unsolicited is suspicious. Many cybercriminals have realized that, as secure as many computer systems have become in recent years, the easiest thing to do now is focus on tricking the person behind the screen.
Around this time last year, we addressed a very common trend that we were seeing involving popups and scareware hijacking people’s computers while they were browsing the internet. These popups, such as the ones below, are a facade meant to convince you that your computer is either infected by a virus or at risk of serious damage. Their main goal is to get you to either download a program that will then ACTUALLY infect your computer, or call a “Support Number” wherein a call center operator will then remotely access your computer and either lock it down and hold it for ransom or “Fix the problem” and then charge you several hundred dollars for the “Service”.
Some of the most common offenders’ designs.
Seemingly innocuous messages warning of viruses.
Imitation virus scanners claiming the presence of a number of threats.
Loud colors and bold warning messages.
We get calls every week from people encountering this issue, and the prevalence of these sorts of problems has only increased over time. They affect nearly every class of user across every platform; from Windows to Mac OS, iPhone to Android, no one that browses the internet is immune to this sort of encounter.
So what can we do about it?
Unfortunately, not much – many of these people are far outside U.S. Jurisdiction for legal action, and the diversity, profitability, and widespread nature of these types of scams make them very popular and difficult to decisively put down. As a result, the best type of security against such attacks are awareness and user preparedness. Everyone knows someone who has been assailed in such a way, so it should be important to remember how to get out of such a trap.
We won’t go through the tells that will allow you to identify such a scam as we did last time, but instead leave it at thus: ANY pop up you get while browsing the internet warning of critical errors or viruses, and telling you to download something or call someone should be looked at with extreme skepticism. As far as incoming calls go, remember this: no brand or company will ever call you – this goes for all types of phone scams going today; neither Microsoft nor Apple, Windows nor Mac, Dell, HP, or anyone else has the type of information to know you may have a virus or the capacity to be receiving errors. Additionally, they do not have the type of manpower (or even the necessary information in many cases) to cold call their customers, nor do they have any desire to do so.
There are, importantly, a few methods of escaping these popups, which are important to go over again.
Method one is available to most users running a third-party internet browser; if you are running Google Chrome, Mozilla Firefox, or Opera Chromium, the option to “prevent this page from creating additional dialogues” will be available as a little checkbox at the bottom of the notification that seems to keep opening no matter how many times you close it. Checking it and acknowledging or closing the notification one more time will prevent it from appearing again, allowing you to simply close the page normally.
Method two is available to all users, but requires you forcefully close the process of your internet browser which, if you keep multiple pages open at a time, can cause you to lose whatever you are doing on the other tabs of your web browser. On your keyboard, pressing CTRL, Alt, and Delete (DEL) at the same time on a Windows PC will allow you to open the task manager. From there, simply choosing your internet browser and clicking on “End Task” will force it to close, allowing you to simply reopen it and continue working.
For Mac users, pressing the key combination of Command, Option, and Escape (esc) allows you to activate the equivalent function, “Force Quit”. From that windows, simply selecting the program you wish to close and clicking “Force Quit” will accomplish the same result.
Method three should only be used as a last resort. It’s simple to execute, but it can potentially cause problems if you perform it while your computer is updating or installing something, and can at least cause you to lose data if you are editing documents or files that haven’t been recently saved. In this case, simply holding down the power button on either a Mac or PC will force it to shut down, and the problem should be gone upon restarting it and logging back in.
Now in some cases, especially those in which you may have inadvertently installed something, you might be afflicted with something known as a “Browser Hijacker“, or “Scareware“. These pieces of software are some of the more extreme measures such call center scammers have been using in recent years, and they usually have the effect of forcing the error message or popup to appear every time you start the computer or open your web browser. If this happens, or you have questions or concerns about such pop ups, it is usually recommended that you consult your local technician.
We’ve spoken before on the subject of the numerous call center scams that exist for the purpose of convincing people they have a problem and taking their money to “fix it”, but with the increased frequency at which we’ve been hearing about more and more clients being affected, we decided that it would be prudent to go into more detail on the types of blue screen popups and tactics users may encounter.
As we’ve mentioned, on many occasions users might run into a page that is disguised to look like an error or even a Blue Screen of Death.
This type of message can be very jarring on its own, and to make matters worse, it will often be accompanied by a computerized voice making claims about errors or viruses on your computer. However, there are some tells that clearly indicate its illegitimacy. First off, if you take a moment and look at the screen, you can tell that this screen is clearly within the internet browser, which means the computer is still running. In every case, a blue screen is a complete crash of Windows itself, which means everything else will have closed before it can be displayed. Not only this, but it prompts for readers to call a support phone number. Microsoft has no such number that they provide on the blue screen of death. Third, and sometimes most telling, is the lack of proper spelling, grammar, or capitalization on the page. These types of trap pages are oftentimes surprisingly shoddily designed, and will often mis-word or misspell even basic terms. In the case of the example above, the message not only repeats the “Please contact Microsoft technicians” twice, but it also forgets to capitalize Microsoft, while it capitalizes “Immediately” and “Rectify” for some reason. The sentence as a whole also seems somewhat clunky and indicative of “English as a second language.”
Calling the number on the page will get you to a (usually foreign) call center that will walk you through “fixing the problem” and charge you a great deal of money to do so. Refusing to comply once they have connected after a call to them can often lead to them actually messing with your computer in some way, and if the worst happens, they may make your computer unusable. To make matters worse, the page itself usually traps visitors on it with a continuously reappearing notification that prevents you from closing it, leading even people who might know better to call the number just to get control of their computer back.
Thankfully, wrenching control back from these types of pages is not impossible, and any consequences implied by the pages in question are usually empty threats. Three methods might be available to you, depending on your situation.
Method one is available to most users running a third-party internet browser; if you are running Google Chrome, Mozilla Firefox, or Opera Chromium, the option to “prevent this page from creating additional dialogues” will be available as a little checkbox at the bottom of the notification that seems to keep opening no matter how many times you close it. Checking it and acknowledging or closing the notification one more time will prevent it from appearing again, allowing you to simply close the page normally.
Method two is available to all users, but requires you forcefully close the process of your internet browser which, if you keep multiple pages open at a time, can cause you to lose whatever you are doing on the other tabs of your web browser. On your keyboard, pressing CTRL, Alt, and Delete (DEL) at the same time on a Windows PC will allow you to open the task manager. From there, simply choosing your internet browser and clicking on “End Task” will force it to close, allowing you to simply reopen it and continue working. For Mac users, pressing the key combination of Command, Option, and Escape (esc) allows you to activate the equivalent function, “Force Quit”. From that windows, simply selecting the program you wish to close and clicking Force Quit will accomplish the same result.
The “Task Manager” window in Windows 10.
The “Force Quit” screen on a Mac.
Method three should only be used as a last resort. It’s simple to execute, but it can potentially cause problems if you perform it while your computer is updating or installing something, and can at least cause you to lose data if you have any programs open and you are editing documents or files that haven’t been recently saved. In this case, simply holding down the power button on either a Mac or PC will force it to shut down, and the problem should be gone upon restarting it and logging back in.
Now in some cases, especially those in which you may have inadvertently installed something, you might be afflicted with something known as a “Browser Hijacker“, or “Scareware“. These pieces of software are some of the more extreme measures such call center scammers have been using in recent years, and they usually have the effect of automatically defaulting the home page of your internet browser to their own error page, or even going so far as to generate an otherwise inescapable error message upon computer startup. If this is the case, getting rid of such malware can be rather complicated, at which point it is usually recommended that you consult your local technician.
A lot of Microsoft’s talk about Windows 10 has been dedicated to its enhanced security features and has even gone so far as to make the claim that a third party antivirus is no longer necessary for Windows users. Windows Defender was originally provided as a free download from Microsoft for the Windows XP platform, but it has recently been completely rebuilt and overhauled for Windows 10.
Now, it is true that the effectiveness of Windows Defender has been improved dramatically over previous versions, and the platform has a lot of advantages over other mainstream antivirus products, especially among its free peers. In addition to this, its actual effectiveness at stopping malware in its tracks is good, too. It will nab the vast majority of dangers on the web, and it gets a lot of help being the native favorite of Windows. However, the bottom line is, among the top performing paid antivirus products on the market, Windows Defender does fall somewhat short of some of the others. Is it bad? Not by a long shot. But does it still have room for improvement? Definitely.
As we’ve already established its performance as being sufficient for most potential threats, albeit not to the same degree as some higher-end products out there, it’s important to mention its advantages and its potential improvements over other products.
For one thing, it doesn’t bother you and ask you for money on a regular basis. It’s free. That alone is enough for many people. Not only that, but it’s “free” in the literal sense, and not in just the “doesn’t cost money” sense. Many other “free” antivirus programs out there, while not actually charging you for money, will often do everything from continuously harassing you to buy their premium editions, or even installing junk software and useless or annoying programs on your computer in addition to themselves.
Secondly, it ships with Windows. Every new Windows machine has it pre-installed. This saves users the hassle of even having to make a decision or go looking in the first place. And in this day and age of look-a-like knockoffs, trojan horses, and misleading website adverts, not having to go looking for this piece can save you a lot more trouble than just finding the website download page.
Thirdly and lastly, it’s built to fit into Windows 10 rather well. It does not take up much space, it does not use many resources, and it does not constantly pop up asking to be updated to the latest version. It updates automatically and quietly, just like Windows itself does these days, and that’s a good thing. The less direction you have to give it, the better. And as it stands, no antivirus is as silent a protector as Windows Defender.
So, if you prefer a quiet, lightweight, well integrated, and free antivirus, give Windows Defender a try. It might not be the best out there, but at its huge price tag of $0 (both in terms of your money and your trouble), it’s definitely a tough one to beat.
For the past 20 years or so, websites and applications across the world have relied on platforms such as Shockwave, Java, Flash, and Silverlight to show everything from video games to interactive graphics and financial graphs. Although many have declined in use over the past decade, most of the computers in the world still run Java or Flash Player, but the vast majority of people don’t know what either of them are for, only that they might be “important”. For this reason, it is important to understand more about Flash and Java updates.
Unfortunately, the almost universal adoption of these two programs opens up an easy target for scammers looking to steal user information or fool people into installing less than legitimate programs on their computers. The weakness comes from both sides in the form of updates for Flash,
as well as Java.
As far as the first group is concerned, their objective is to hit people who have not updated in a while, and who still have outdated versions of either program, in attempts to exploit glitches or chinks in the program to their advantage. This is usually with the intention of stealing valuable information such as credit card or social security numbers, online banking logins, et cetera. For this group the best defense is to always stay up to date and never open any emails from senders you don’t recognize. Frequently, links or attachments to any such exploits are sent via email in a message that may seem completely innocuous.
Now, this brings us to group two. Group two relies on the fact that most people have Flash and Java, and most people wish to keep them up to date, and so disguises their malicious or unwanted software as Flash or Java in order to trick people into downloading them. This method is typically more prevalent than the first, and ironically takes advantage of people’s fears concerning not being up to date and protected. More often than not, these types of illegitimate “updates” are shoehorned over webpages in the form of popups such as the one below.
The average person might see this and choose to download the “update”, believing it to be to their benefit. However, at the very least, the resulting program will be annoying, and at the very worst, dangerous to your security. The best defense against these types of attacks is to never download anything from a popup, and to always take careful notice of details in the popup itself. Ask yourself, “does this look legitimate?” Comparing the two Flash “updates” above, we see that the bottom one has several tells that indicate it’s not what it says it is. For example, the bottom one lacks any sort of officially licensed Adobe markings or insignias, is filled with jargon intending to sell itself rather than inform users of improvements, has no option to install the update later, and it possesses no End User License Agreement.
All the same, it’s usually best to avoid any sort of popups claiming to be updates or “free downloads” if possible. When you see a popup, even one that seems legitimate, there’s a fool-proof way of telling. Go straight to the developer’s website for the product, whether it be Flash or Java, and you can get the latest version from adobe.com and java.com, respectively.
We all remember the classic Mac Vs. PC advertisements of the late 2000s, where you would see casual “I’m a Mac” asking “I’m a PC” about all of his many problems. PC would then go on an awkward tirade about his glaring flaws and his “this just represents the status quo when you’re a PC” mentality. With an incredulous look on his face, Mac proceeded to recapitulate how “woe is you” PC’s existence was, and then outline a series of ways in which Mac doesn’t experience this problem or that. Of the many claims made therein, one huge drawing point Apple always made sure to underline was the invulnerability of Macs to malware-based threats. Commercial campaigns belonging to the Mac Vs. PC series ended several years ago, and yet many people still assume that Macs are immune to pretty much any threat. The truth is, although a virus by definition typically won’t pose a threat to a Mac, most people tend to mistake a “Virus” for the broader term of “Malware“.
In many cases, malware does not even have to be written for Mac OS to be able to get in. Especially in cases where Java or Flash are involved, nearly any device running either runtime can be vulnerable. Not only that, but many forms of pervasive Adware, which can be just as annoying to deal with, have been designed exclusively for the Mac environment.
When it comes to actual vulnerabilities that can be exploited, both Mac and PC have become increasingly more secure as time has passed, and relatively few major breaches occur compared to years past. However, devices running Mac OS are still just as crippled as those running Windows in probably their greatest vulnerability: You.
Many threats, from online scams, to phishing and identity theft schemes, to malware and trojan horses, are designed with minimal or no intention of breaching or otherwise exploiting a vulnerability in software design. Instead, they aim to trick or convince users of their validity, and then, once they have your unwitting permission, they carry out their purpose, whatever it may be.
Avoiding Malware Threats
At the end of the day, the best defense against malware is a conscientious user. Gone are the days of click and think; the best practice today is to think before you click. Always remember to read what’s on the screen, especially looking for the fine print – and ask yourself when you’re installing something, “Do I need to install this program? What purpose does it serve? Am I getting only what I’m asking for?” If you’re unsure of something, or a program looks fishy, don’t take the risk. Call a professional or your local technician and inquire.
Were there a ranking for the most dangerous and show-stopping malware, the various types of Ransomware, and especially Cryptoviruses, would top the list. Imagine this scenario:
You’re browsing the internet, maybe watching a Youtube video, checking Facebook, playing a game, or maybe even reading some Emails, when a program pops up telling you that it’s time to update an innocuous program such as Adobe Flash Player. You think to yourself, “Sure, Flash is pretty important, I’ll update it.”
You continue going about your business when suddenly, your computer locks up and a window like this appears.
Now, to most people, this will be pretty jarring. As if the accusations were not startling enough, the page also turns on the user’s webcam and displays a live video feed, as if collecting video evidence. However, the page is a clever ruse designed to convince users that the FBI (or some other government organization) believes that they are guilty of a crime and requires them to pay a fine to avoid criminal charges or jail time. Rebooting the computer does not solve the problem, as the virus starts with the afflicted computer. The computer remains locked until the “fine” is paid, and in some cases paying might not even unlock the computer. Now, this type of virus is much more invasive and troublesome to defeat than most, and even harder to avoid. However, in most cases, an experienced technician can find a way around it, so that it can be removed.
CryptoLocker, CryptoWall, and other Encryption Viruses
On the by and large, Ransomware can usually be defeated in relative brevity by technicians with the proper set of knowledge and tools at their disposal. But what happens if the virus does more than just lock up your computer?
A Cryptovirus is one type of Ransomware that not only locks up the user’s computer, but encrypts all the user’s data as well. When the data (which can range from pictures to Word documents to AutoCAD work files) is encrypted, it becomes unreadable and inaccessible unless the person trying to open the files has the decryption key. This can be pretty problematic, as even if the virus is removed, the data will remain encrypted.
What Can Be Done?
Most of these dangerous programs encrypt the files of the victim’s computer with a heavier encryption than the average bank, so trying to crack it is not only unfeasible, but practically impossible.
If the files are of little consequence or not worth the effort, then your technician can remove the virus and get the computer working again, but the data could be lost forever. Occasionally, the good men and women of the various cybercrimes divisions in agencies such as the FBI, Interpol, or alternatively, the employees of various companies specializing in data security, expose a vulnerability in the encryption or manage to obtain a set of decryption keys with which previously encrypted files could be returned to normal.
The first version of CryptoLocker was shut down in a joint effort in such a way, and one of the parties managed to obtain the decryption keys so that victims of this attack were able to unlock their data. As such, if you would appreciate the possibility of eventually getting your data back, speak with your technician about saving the encrypted data somewhere long-term, as the potential for this to happen again exists.
There is also the option of paying the ransom, however such a prospect is usually expensive (in the order of several hundred dollars) and is not guaranteed to work. In addition to this, if one chooses to pay, it can be difficult even to execute such a payment as often the virus maker will request Bitcoin, or some other form of anonymous cryptocurrency, which can be difficult to acquire and transfer. There is also the distinct possibility that any ransom paid could go to the funding of either terrorist organizations, or at the very least, supporting such cyberattacks in the future.
Prevention and Safeguards
Unfortunately, at the present time, the best way to deal with this type of threat is not to run into it at all. Keeping an up to date antivirus, maintaining good browsing habits, and always reading the screen before you click “accept” should improve your chances.
Preferably, an antivirus providing real time protection should be considered, since these types of viruses are the types that need to be stopped at the gate. Once they get in, it could very well be too late.
Besides this, data backup is paramount. There is no such thing as a perfect defense, and when something does get through and wreak havoc, you will want to know that your data is safe. In some cases, even data backups can be affected, so it’s good to use your local technicians as resources to finding the best strategy for your situation.
