Don’t trust inbound e-mails, phone calls, texts, etc.  People will say anything to trick you out of your money.  As a rule, change your passwords often.  Protect your passwords.  Don’t share them with anyone and don’t use the same ones on different accounts.  Keep your AV up to date.  We recommend WebRoot (ask us about it).  Cover your camera when not in use as a rule of thumb too. Read more about this scam at the link below. Source: Sextortion Scam Uses Recipient’s Hacked Passwords — Krebs on Security

We have seen this in the wild.  The users are targeted and it seems legit.  The key to not falling for this stuff is communication.

Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized—with total dollar losses exceeding $740 million. That doesn’t include victims outside the U.S. and unreported losses, the FBI stated. According to IC3, since the beginning of 2015 there has been a 270% increase in identified BEC victims.

Source: FBI: Major business e-mail scam blasts 270% increase since 2015

As IT Professionals we see a lot of malware and phishing schemes.  Something that many people still don’t realize is that bad guys still use the phone.

I am writing this today because a good client and a very sweet lady called me.  She said that someone just called her indicating they were from Microsoft.  Said  she was riddled with viruses, walked her through downloading and installing some remote access software, then tried to get $49 from her to remove the virus!  She got suspicious, stopped just in time and called us.  We verified she had no virus.

The SCAM: Windows Computer Service Center

The caller claims to be from  California yet the calls may originate from 212-654-3212 which is a New York area code.  When asked the man with an Indian accent didn’t know the street the office is on.  Not the number, but the actual street name after a second request they hung up.

When we get calls like this (as techs) we like to take our time.  😉  How did you get my number?  Never answered.  Which computer?  They don’t know.  What version of Windows?  No clue.  How can I identify which computer?   They may tell you your CLSID is 888dca60-fc0a-11cf-8f0f-00c04fd7d062 which is NOT your computer ID it’s for a component that should be on all PCs.

A quick Google Search finds dozens of hits for this scam and it’s only one of thousands like it. This gentleman recorded a video of the scam.

This site has some more details on it: SecureList.com

Some good rules for safety and security:

• NEVER accept a support from someone you didn’t personally contact. (on the phone or in person)
• DO NOT give out private or secure information or access to your computer to ANYONE you don’t trust.
• ALWAYS call them back at their listed number.  Not a number the caller gives you.
• Google Search them or go direct to their website if you know it (Like www.idez.com) Call them back at that number.
• DO NOT assume that because you see a number on your caller ID it is a valid one.  With todays phone system you can put in any number you want for your own caller ID. So, ask to call them back! If they refuse, call someone else (Like us:  315-424-0707)

Whenever in doubt call your IT professionals.