A Year After Equifax Breach: What We've Learned

A Year After Equifax Breach: What We've Learned

We've learned nothing apparently.

Looking back at the massive breach of Equifax Inc. in September of 2017, when the personal information of 143 million people, mostly in the United States, was leaked, we've seen that number climb to 148 million into 2018.

giphy.gif

It seems like with a breach of that magnitude, heads would roll. Uh, yeahhhhh, not so much…

Not only did no one worth noting get fired for the breach, at least publicly, the companies shares have all but recovered and will probably post a record annual profit next year. Not only did their CEO not get fined, fired, or face any reprimands, he was able to retired, collecting his 410k, which was probably through the roof. Again, no one was fired, but I'm guessing they were asked to retire. My assumption is the only firing that happened was to the one, single IT technician on which they blamed the hack after they failed to install the patch (a patch is finding a vulnerability in a system and fixing it, so it is no longer problematic). The only other known employees that have been fired for anything even related to the breach were employees arrested for insider trading, when they sold stock after the company knew about the breach but before the shareholders were informed. Sudhakar Reddy Bonthu, a software manager, was one of them, when he traded on the information he received while creating a website for consumers affected by the attack.

When stocks began to fall from $141.59 on September 1st, down to $92.98 a share on the 15th of September, it seemed like Equifax was at its all-time low. Now, we see the Equifax stock closing in on $140/share, which is only $5/share off of its all-time high, when it was $145.09 not long before the breach was disclosed.

 As of September 14, 2018 at 2:20PM ET

As of September 14, 2018 at 2:20PM ET

So maybe we haven't learned much from Equifax, but have we learned anything as the human cog in this technical wheel? Short term? Absolutely. After the Equifax breach, there was a huge backlash by users and anger over the way the breach was approached and disclosed. However, looking back, it was short-lived. "Equifax," although now becoming near synonymous with "breach" is rebounding perfectly fine.

The important take-away is how we as people and users operate on a day-to-day basis. Do you use one password for everything? Does it just meet the minimum requirements for password strength, or does it exceed them? Are you using numbers and symbols in combination with a word that isn't related to you? These are the things we need to learn from breaches. I do understand that some things are impossible to protect against, like the Equifax breach. Whether your personal information was involved or not, no amount of password protection was going to protect you from that breach. So as far as Equifax-esque breaches go, just be weary about your personal information.

Don't just sign up for random things online, don't use your full, real name unless required, password strength is key.

There are some resources out there to see if you or you’re email has been involved in any data breaches or leaks. It is called Have I Been Pwned. It’s a good resource that I highly recommend checking out. It is one of the reasons I got a new email account some time ago. I have one email to which I get all of the coupons and other garbage sent, and then I have a different one that only people very close to me have. It is also the email I use for things like online banking or Amazon. It is also good to frequently change your password. Try your best to think of something complex that combines letters, numbers, and symbols. I took roughly a week to come up with my most recent one. It is well over eight characters, in fact, I think its over fifteen. Regardless, try to change passwords often. If you have issues remembering passwords, there are things like iCloud Keychain or 1Password that many people like and trust.

Sextortion

Less than a month ago, security researcher Brian Krebs published an article called, Sextortion Scam Uses Recipient’s Hacked Passwords, and now, it appears that extortion has spread to the Apple platform.

Sextortion, by definition, is a form of blackmail in which sexual information or images are used to extort sexual favors from the victim. 

As noted by Krebs, the perpetrators would first hack the computers password. After receiving the computer's password, the hackers would email the victim and inform them that their password was hacked. What they would do next is tell the victim that they recorded them doing nefarious things. You can read an entire email below.

porn-blackmail-scam-email-example.png

This type of email would be very convincing, as the hackers literally know your password, which would make the average user and even more advanced users assume that recording through the webcam is possible. This is one of the more intimidating and personal scams I've ever seen. This isn't simply an attempt at extortion, it's uncomfortably personal.

Quite some time ago, I wrote a blog entitled simply Should You Cover Your Computer Camera. Now, when I wrote this, I hadn't really considered something like sextortion. That being said, if you are going to be doing..."personal" things on your computer, you may be better off using a camera cover. In addition to covering your camera, it may be worth it to get a piece of camera-monitoring software that can help monitor your webcam activity and alert you to its use.

When it comes to webcam monitoring, there is nothing better than Oversight by Objective-See. This software, as I mentioned, alerts you to both your camera and your microphone becoming active. It will throw you a notification in the top-right corner of your screen, alerting you to its activation. It also allows to whitelist certain apps, meaning that when you get the alert whether to allow or block the enabling of your camera, you can choose "Yes, Always" or "Just Once." This way, you can make sure Facetime always comes through, but other applications do not. Now you may be thinking, "Isn't that what the small, green light next to the camera is for?" The short answer is: yes. The slightly longer answer is that the green light can be bypassed to remain off even while the camera is active.

 © Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— example of whitelisting an application with Oversight

 © Objective-See —— Oversight Application for macOS

© Objective-See —— Oversight Application for macOS

There are other ways you can protect yourself, such as using a program such as Micro Snitch, which is a program by the creators of Little Snitch, or you could even use an actual camera cover. If you so desire, you even get a pair the two. I don't physically cover my camera, as I am not overly concerned of being spied on, but a large part of this is due to the fact that I purchased Micro Snitch years ago, and since then, Objective-See released Oversight, which I also have installed. I figure that between the two programs, I should be safe, although I've found myself definitely drifting towards Objective-See's tools as opposed to the creators of Little/Micro Snitch, Objective Development. TL;DR: Install Oversight.

I do understand why others may want it covered. We all remember that picture of Mark Zuckerberg holding up a sign in his office, and in the background you see a MacBook Pro with the microphone and camera covered. Many people were shocked by this, but I was not one of them. Zuckerberg has many whom I'm sure would like to access his webcam, whereas someone like myself doesn't really have to deal with creepy people like that in my reality. It's our differences in fame and fortune. Fortune will quickly make you a larger target for any type of cyber attack.

zuck_instagram.jpg

The FBI has listed a few ways to avoid sextortion scams. They are as follows:

1. Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.

2. Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.

3. Turn off [and/or cover] any web cameras when you are not using them.

If you or someone you know have been victims of a sextortion scam, contact the FBI toll-free at 1-800-CALL-FBI.

Finding Accurate Software Reviews: Harder Than It Looks

Preface: I recently received an email from one of my closest friends, and also one of the most knowledgeable people I know when it comes to Apple computers and Apple security. The email Matt Jacobs (@pnwbeard) sent me a short message followed by a link. His email was to the point, and I immediately knew I was going to do it. His email was as follows:

You should do an article about s***ty “review” sites that just link you to malware while running ads for malware.

https://www.soft32[dot]com/mac/?rel=menu
— Matt Jacobs

I followed the link on my iPhone, and the second the website popped up, I knew it was going to be a great article, so thanks to Matt's assistance and link to a jump-off point, here it is.


 MacKeeper ad on the bottom of the Soft32 website.

MacKeeper ad on the bottom of the Soft32 website.

There are many "review" sites out there that "review software," at least that is their claim. Soft32 is one of them. They claim to review software and give you download links to software that is for PCs, Macs, and iOS/Android. It took one scroll before I crossed the first and most glaring red flag. An advertisement for...you guessed it, MACKEEPER! Clicking the link takes you directly to the MacKeeper webpage - no surprise.

 

Soft32 is just one of many terrible "review" sites. These sites provide links to free software, which is laced with malware. They also run ads for companies like MacKeeper, which are considered PUPs (Potentially Unwanted Programs). They aren't necessarily considered "malware" by anti-virus engines, but they are programs that you'd best avoid. There was even a tweet put out by Apple Support, saying that you should avoid MacKeeper. It's probably one of my all-time favorite tweets.

However, I must digress, before I dive down the rabbit hole that MacKeeper typically makes me do.

Let's get back to the review sites. There are many, and they are persistent. I think one of the other most reviled "review" sites is the one that is commonly reference by MacKeeper. It is called ShopperApproved[dot]com. It is a nightmare of a site, that seems the most jaded review site I've run across. Although this one doesn't give you free downloads of malware-infested software, it is another one you best avoid.

Another very popular site is called CNet. CNet, which used to be a somewhat trustworthy site when it comes to software and product reviews, has deteriorated immensely. While on the other side, a site like Softonic[dot]com is just pure garbage, pushing horrendous software that has no business on your machine. It is plagued by malware and advertisements that link to software that is poorly made and slows down your computer. Those pieces of software typically come bundled with malware as well, so either way, it's going to put malware on your machine.

 It's unfortunate that you have to tip-toe across the internet in order avoid stepping in a steaming pile of malware, but it is the state of the internet today. This isn't just an Apple-specific issue, but also occurs across all platforms.

reviewmacsoftware.PNG

You see, these reviews occur on sites everywhere, and they are actually the most popular sites when consumers go out looking for reviews. This is due, in part, to the fact that these sites give away "free software." Sites like Softonic, along with the aforementioned Soft32, are all sites that utilize this "free" tactic in order to get you to click on their advertisements or download malicious content. Just remember that with software, as with phone calls, "If it sounds too good to be true, it probably is."

I'm sure you may be thinking, "Well then what is a reputable review site?" Unfortunately, there aren't a ton of good ones out there, and there are a ton of bad ones.

The best, publicly acclaimed review sites begin with Tom's Guide. Although I disagree with some of their content, overall, their reviews are, if nothing else, honest. They don't try to sell you additional software or offer free downloads. Another relatively good alternative for Mac users is the Apple Discussion boards. As a reminder, this is a user-to-user to discussion board, so the opinion your are getting is just another Apple user's opinion, however, many of the most common replies on this site are avid users who have a plethora of Mac knowledge. I am very often perusing the Apple Discussion boards in an attempt to provide insight to others who may need it. Another reputable site is 9to5Mac.com, Macworld.com(NOT Macworld[dot]co[dot]uk -- that site is a nightmare), and iMore.com.

With everything listed, I would recommend them in that order, but with one exception. . .ASK ME! Just send an email to stuart@crashsecurity.com or text/call me at (541) 714-5880, and I would be more than happy to let you know if the software in question is good or bad.

Gladiator_Thumb_Down_01.gif

A special thank you to my good friend and fellow Mac user Matt Jacobs (@pnwbeard) for the idea for this post. Matt is a Table Top Game designer and developer, and he does a fantastic job. He is currently working on a game called XO. Check it out and support him on Patreon.

How Scams Work

Taking scams back to the basics

597651f418864.image.jpg

I have written my articles about scams and how to identify them, but now, I wanted to give you a behind-the-scenes look at how these companies actually get people to fall for scams. There are a few different aspects of scams that I wanted to mention. I also didn't want to simply bring up computer pop-up scams, but also the new scam that seems to be picking up steam rather quickly, the neighbor spoofing scam.

I will start with phone scams, because they seem the most prevalent recently. The majority of the 12-Steps to Avoid Scams I mentioned in my last blog about Corvallis Scams were in reference to victims answering their phone and doing what someone on the other end of the line instructed them to do. I will do my best to keep this light on the tech-jargon, but if I do dive in a little deep, I will do my best to bring you along for the ride.

I'm guessing when you read the first paragraph, you probably had the question, "What is neighbor spoofing?" Don't worry, I had the same question the first time I heard the phrase as well. After a little research, I learned that it is something to which I've dealt.

Have you received a phone call from a number with your matching area code? Better yet, have you received a call with a match area code and a local prefix? For example, you have a cell number with the area code 541 and live in Corvallis, Oregon with the prefix 760. You may receive a call from 541-231-xxxx (Corvallis cell phone), or 503-838-xxxx (Salem cell phone), or 541-753-xxxx (Corvallis landline). This is an example of neighbor spoofing, the process of using VoIP phones and specific software in order to gather YOUR area code and prefix in order to determine what number they want to "mask" their number as. This is why many people let any number that calls that doesn't have a name registered for their Caller ID, go straight to voicemail. I am a little bit of an exception because I LOVE talking to these people.

1140-scam-trends.imgcache.rev19878294a6386b48ffe80c0e404a5bab.jpg

I recently took a phone call about how to lower my credit card interest, and that they have a deal "specially for me." Their first problem was that I don't have a credit card. Second, I knew it was a scam. When I finally got connected to a human, and I asked them how I could lower my credit card interest without a credit card, they promptly hung up. These are the types of things that make me smile. I know, it's a little pathetic.

Now before I give you ways to partially remedy this problem, I want to touch on how many people get started in a scam. It usually begins with a pop-up in their internet browser that tells them some scare-tactic to get them to call the number. An example may be, "We've detected a virus on your computer. Call 1-800-xxx-xxxx to get it removed."

The first thing everyone should know about pop-ups, they are always fake. You will never get a pop-up inside your web browser if you actually had a virus on your computer. 

My goal, however, is to give you a little insight on what's actually happening in your browser. When a pop-up occurs, it is triggered by potentially many different things. It could be triggered the second you reach a webpage, or it may be triggered by a timer, which starts counting down once you access the webpage. The following code would do just that:

// open after 5 seconds
setTimeout(() => window.open('http://crashsecurity.com'), 5000);

It's actually pretty smart. It runs by using Javascript, which is a scripting-language (a programming language for developers). Javascript is universal across all web browsers which is what makes it popular as a pop-up originator. Through Javascript code, it is possible to hide certain aspects of the pop-up, including the toolbar, which can make it impossible to close the page. They will also make it so everything else on your screen is unusable. Some simple code like this will make the pop-up full screen.

// full screen pop-up
window.open(href, windowname, 'type=fullWindow,fullscreen,scrollbars=no');

In some instances, the pop-up may be "dependent," meaning it won't close until a different window closes. Quite often scammers will hide the window that the pop-up is dependent on, making it seemly impossible to get the pop-up to go away. Javascript making it dependent is as follows:

// dependent pop-up, as you can see, dependent=yes
window.open(href, windowname, 'width=400,height=150,dependent=yes,scrollbars=yes');

This is when most people panic, and rightfully so. It is frightening, and it is not a fun experience. FORTUNATELY, there is an easy way to get rid of it. If you press the following keys and hold them down, it will open a Force Quit box that will allow you to force your web browser to close. The key command is: Command (⌘) + Option + Esc. Press them in that order then hold them down, so press and hold Command (⌘), continue to hold Command while you press and hold the Option key, then the Escape key the same way. If you are still a little confused, Apple provides a support page for Force Quit.

Let's now get to the part that you care about, how to keep this from happening. Unfortunately, pop-ups in your browser will, for the most part, always be relevant, but as long as you know how to Force Quit, you'll be just fine.

The more frustrating scam is the neighbor spoofing. It is a pain and invasive. Luckily, my good friends over at Malwarebytes recently released an application for iOS. I beta-tested their app, which is still on my phone, but it is now available in the App Store. It is subscription-based, but it is well worth the cost.

One of the best parts of the app is this simple aspect, it will alert you if a call is a suspected scammer. I received a call from a 541 area code, which is mine, and a 740 prefix, a very, very common prefix in my area. Malwarebytes for iOS alerted me on the screen of the incoming call, and after the fact, it continued to tell me in my Call History.

IMG_6626.jpg

They give you lots of options for assistance. From a Phone List Alert section to Web Protection, it has everything. It ALSO has mobile pop-up blocking.

IMG_6627.png
IMG_6629.png

I can't recommend this app enough, and no, they are not paying me for this. It is fantastic, and I am very happy with it.

Lastly, how are pop-ups and neighbor spoofing related? Well, they both have a lot to do with call centers utilizing Call Optimization. According to research by Symantec, scammers have been utilizing scripts to find out what kind of browser you are using, as well as utilizing call optimization to dynamically insert phone numbers into the pop-up itself. The script to find the browser is quite easy to write.

// first check the browser. Is it Firefox, Safari, etc?
if (browserTpye=='isFirefox)
{
    if(browser.version >= 57) // what version of Firefox is it
    {
        document.getElementbyId("fr_mozilla_html").style.display="block";
        document.getElementbyId("fr_ie_html").style.display="none";
        document.getElementbyId("fr_safari_html").style.display="none";
        window.location.href="assests/eng_ff_auth.html?" + sPageURL + "&p_num=" + phone_number; // insert phone number
    }

    else
    {
        document.getElementbyId("fr_mozilla_html").style.display="block";
        document.getElementbyId("fr_ie_html").style.display="none";
        document.getElementbyId("fr_safari_html").style.display="none";
        $("#fr_mozilla_html").load("assests/eng_ff.html");
    }

Then you just have a script that assists in the Call Optimization.

  Call Optimization Service Script (Source: Symantec)

Call Optimization Service Script (Source: Symantec)

Well, I know it was a long blog, but I hope you got a little insight into how some of these scams work. Also, if you haven't read our 12-steps to avoid scams in our Corvallis Scams blog, make sure you check it out.

Take care and safe browsing!

Corvallis Scams

Breaking down the scams occurring in my backyard

Most people think of a hacker or scammer as someone in a black hoodie, sitting in a dark room, trying to steal your information. That's not the case.

So this following list is a record of all of the scams that have occurred in the Benton County area, and the more I see it, the more it frustrates me. No one is talking about this. No one is reporting on it. No one even acknowledges it. Well, I'm going to do it now.

3090392251_911be4dfaf_z.jpg

Corvallis,_Oregon_-_Benton_County_Courthouse_01.jpg

I encourage you to read a few of these scams, and don't feel like you need to read them all, but when you've had your fill, you can scroll to my breakdown. Get ready to scroll, because this list is long. I will give you some ways to avoid scams, and some ways to immediately notice you are attempting to be scammed.

Corvallis (Oregon) Police Department & Benton County Sheriff's Office Police Log Reports (information gathered from The Corvallis Gazette Times)

July 30, 2018
SCAM: 9:50 a.m., [address omitted]
A trooper was made aware of a fraud attempt targeting OSU students through their email accounts. The email offered a job in New Jersey and requested students reply with personal information. Students were notified of the phishing email.

July 29, 2018
SCAM: [address omitted]
A man reported that he had sent $700 via Walmart to Ohio for a deposit on a rental home but that it turned out to be a scam. 

July 26, 2018
THEFT: 7:37 p.m., [address omitted]
A man told police he was contacted by someone purporting to be a Chinese official and who informed him he needed to transfer $10,000 into an account at the Bank of China to ensure it was "clean" because it could have been involved in an "economic crime." The man transferred the money and then realized he may have been scammed. Police told the man to cancel the wire transfer and to report the incident to authorities in China.

July 21, 2018
SCAM: [address omitted]
A Philomath resident reported that she sold an iPad through a buyer on Facebook and shipped it without receiving payment. She received what she had thought was an email stating that the payment had been credited to her account, but she learned that it was a fraudulent email.

July 17, 2018
SCAM: 11:08 a.m.,[address omitted]
A woman told police she listed two Country Music Festival tickets on Craigslist for $400 and received an offer out of California for $1,300 if she’d send $960 via Western Union to someone in New York. The woman said she did this and was later informed by her bank that the check she deposited was fraudulent.

July 11, 2018
SCAM: 1:58 p.m., [address omitted]
A woman told deputies she met a man on Facebook a few months ago and the man told her he was in a hospital in South Carolina and needed money for surgery. The woman said she gave the man $1,000 in Amazon gift cards and the man asked for $2,000 more. The woman wanted to verify she was scammed and deputies told her she was. They discussed ways to prevent the incident from occurring again.

July 10, 2018
SCAM: 10:03 a.m., [address omitted]
A woman told troopers she received an email that contained a check for $928. The woman was instructed to cash the check and buy something for the suspect and keep the change. The woman deposited the check and spent the money but did not send any money to the suspect. The bank then informed the woman the check was fraudulent and requested the money back.

July 6, 2018
SCAM: 12:53 p.m., [address omitted]
A woman told police she paid $299.99 to Microsoft for a subscription to keep her computer clean of viruses. The woman later realized it was a scam and canceled the check before it reached the recipient. Police think the scam involved international perpetrators and discontinued the investigation.

June 30, 2018
SCAM: [address omitted]
A person reported they received a phone call from someone claiming to be a Benton County Sheriff’s Office deputy. The caller told the person they had missed jury duty and needed to pay $3,000. The person bought $1,000 in Google Play cards and sent photos of the cards to the caller.

June 30, 2018
SCAM: 6 p.m., [address omitted]
A woman reported that some Chinese nationals called her posing as members of the Chinese consulate in San Francisco. They said that Shanghai police officers wanted to speak to the woman about some bank accounts opened in her name through the Industrial and Commercial Bank of China. The woman spoke with alleged Shanghai police officers, who stated she would be arrested if she could not prove she did not open the accounts. They convinced her to wire $90,000 to a bank account in Hong Kong with a promise of it being returned once her innocence was proven. The woman later realized the call was fraudulent.

June 19, 2018
SCAM: 11:23 a.m., [address omitted]
A man reported he had met a person online who identified herself as Ingrid Nugent and they had entered into a relationship. The man said $4,500 was deposited into his account by a person Nugent said was her attorney. Nugent then asked the man to send $4,064 by iTunes gift cards and money gram to Nigeria, which he did. The check deposited into the man’s account subsequently was declined.

June 15, 2018
SCAM: [address omitted]
A woman reported she had been having problems posting a video to Facebook, so she Googled a support number for Facebook. She called a number she found and was told her problem could be fixed if she provided $700 worth of gift cards. The woman bought the gift cards and provided the card's numbers to someone she believed to be a Facebook support employee. After providing the gift card information, the woman’s problem was resolved. The woman was informed by the person she called that if she provided another $300 worth of gift card information she would be reimbursed her money. She started to believe she was scammed and called police.

June 12, 2018
SCAM: 7:23 p.m., [address omitted]
A man reported he received a call from a person identifying himself as "Deputy Dale Ingram" with the Benton County Sheriff’s Office. The caller said the man had two failure to appear warrants and could pay the fine over the phone or be arrested. The man said he bought two Green Dot cards for $972 and read the numbers to the caller. When the man reported the incident to deputies, they informed him he was the victim of a scam.

June 5, 2018
SCAM: 4:17 p.m., [address omitted]
A man reported he was contacted by someone stating they were from the hospital and told him a Benton County deputy was trying to reach him. The man said he was contacted the following day by someone saying they were Sheriff Ingram with the Benton County Sheriff’s Office and that the man had a warrant for his arrest. The caller told the man he needed to buy two “Money Pak” cards with $494 on each to clear the warrants. The man purchased the cards and gave the caller the identification numbers. The man said he tried calling the number back, but there was no answer. Police tried calling the number but it went to an automated message machine and then the call ended.

May 31, 2018
SCAM: [address omitted]
A man told police he had listed his Microsoft Surface Book online for sale and was contacted by someone named “Yani Pedro” who wanted to purchase it. The man set up payment for the computer through PayPal and mailed the computer to an address in Houston. However, the man never received payment and discovered the email he was sent about PayPal was a scam.

May 15, 2018
SCAM: 4:37 p.m., [address omitted]
A woman told police she received a phone call at work from a woman who claimed to work for the state police. The caller told the woman that she did not file a Form 8886 with the IRS, and they were going to issue a warrant for her arrest. The woman said the caller instructed her to buy 12 gift cards worth $500 a piece. The woman told police she spoke to her bank and gave the caller some of her information, and then went to Wal-Mart to try and buy the gift cards. The woman said she tried twice to buy the gift cards, but her transactions were declined. Police informed her she had been scammed.

May 15, 2018
SCAM: [address omitted]
Police responded to Citizens Bank after a man cashed a fraudulent check. Officers contacted the man, and after he refused to remove his hands from his pockets, they placed him in handcuffs. The man told police he received the check in the mail from a Craigslist ad and was supposed to provide the account information to the sender. The man had deposited the $2,000 check on Monday and withdrew $200 of it. The bank then realized the check was fraudulent. Officers informed the man he had been scammed and released him. He returned to the bank the remaining cash he had from the $200 and was informed his account would be closed.

May 3, 2018
SCAM: 2:08 p.m., [address omitted]
A man told troopers he had received a call from a person posing as a Lane County deputy who claimed he had two warrants for his arrest. The “deputy” told the man he could turn himself in to the sheriff’s office or pay two payments of $489 in Green Dot Moneypak cards. The man sent the money.

April 26, 2018
SCAM: 4:25 p.m., [address omitted]
A man reported his brother, who has dementia, received a phone call from someone claiming to be the county sheriff. The caller claimed the man had missed jury duty and there would be a warrant for his arrest if he did not pay $1,500 via prepaid MoneyPaks. The man stayed on the phone with the caller while he purchased the debit cards and provided the card numbers to the caller over the phone.

April 2, 2018
SCAM: 9:38 a.m., [address omitted]
Police responded to Jimmy John’s for a fraud complaint. An employee told officers a man had called the shop stating he was from the corporate office. The man told the store manager that the shop was being investigated for employee theft and needed to provide the corporate office with $1,000 in gift cards. The manager drove to Fred Meyer, purchased two Visa gift cards and sent the images of the front and back of both cards to the phone number provided by the caller. A different employee had the cards locked so they could not be used.

March 22, 2018
SCAM: 12:10 p.m., [address omitted]
Two people told police they posted an ad on Craigslist seeking housing. They said they were contacted via email by “Larry Dunkin,” who claimed he lived out of state but was renting out 950 SE Powell Ave. The two people agreed to wire $800 via Western Union for the deposit, and Dunkin was to mail the keys. After they wired the money, Dunkin demanded $2,700 for three months’ rent before he would send the keys. The people refused to send the money. Police determined the house was not for rent.

Feb 27, 2018
SCAM: 3:38 p.m., [address omitted]
A woman told police she placed an ad on Craigslist to rent a room. An individual responded and assumed they had been selected as the next tenant and sent a check to the woman for $3,500. When the woman informed the person she would not rent a room to them, the person told her to cash the check and send a money order back in return. The woman knew it was a scam and gave the check to police.

Feb 25, 2018
SCAM: 2 p.m., [address omitted]
A man told police that someone, whom he believed to be a woman in Colorado, added him on Facebook. They video chatted and the man exposed his genitals. The other person then told the man that if he did not pay $500, they would post a video of his genitals online. The suspect wanted a money order sent to the Ivory Coast. The suspect’s Facebook account has since been deactivated.

Feb 21, 2018
SCAM: 4:12 p.m., [address omitted]
A woman said she received a phone call from someone claiming to work for Microsoft. The caller told her that her computer’s virus protection had expired and he could clear her computer of viruses for $499.99. The woman gave the caller her debit card information, as well as remote control of her computer. She later realized it was a scam and noticed a second charge for $512 on her bank statement.

Feb 15, 2018
SCAM: 8:34 p.m., [address omitted]
A woman told police she met a man online who claimed to have lost his wallet while on vacation. The woman sent the man $600 via Western Union. The following day, Western Union’s fraud department called her and said they felt she had fallen for a scam and put a hold on the transaction. The woman then received a call from someone claiming to be an FBI special agent and who said they knew about her involvement with the first man and that she was under investigation as a potential terrorist. The caller told her she needed to send $600 via money order to a judge in Florida, which she did.

Feb 15, 2018
SCAM: 10:30 a.m., [address omitted]
A man reported he sold a computer on Craigslist to “Tonnie Hooker III” for $770. He said he received a check in the mail for $2,300 with instructions to send the rest back via Western Union. The man wired the money from his bank account and then found out the check did not clear, for a total loss of $1,530. The man said “Hooker” had told him he would arrange for someone to pick up the computer in person but the person never arrived.

Feb. 14, 2018
SCAM: 11:38 a.m., [address omitted]
A man told police he had received a $2,450 check from Dial America Marketing with the agreement he would do bookkeeping for the business for $200 a week. The man said he was told to redistribute the funds by wiring the money to a Walmart in Texas, which he did. His bank later told him the check he received was fraudulent. The man lost a total of $2,450.

Feb 5, 2018
SCAM: 11:03 p.m., [address omitted]
Police responded after an employee at Burger King received a phone call from someone asking her where they keep the money and how much was in their safe. An officer took the phone and asked who he or she was speaking with. The caller promptly hung up. The employee who answered the phone said the caller claimed they were doing an FBI investigation for corporate and asked the employee to take money out of the safe and meet them nearby. The employee realized it was a scam and kept the caller on the phone until police arrived.

Feb 1, 2018
SCAM: 10:24 a.m., [address omitted]
A man told police he received an email on his OSU account regarding a job offer from a biotech company where he could earn $200 a week. The man said he received a check for $2,400, which he deposited into his bank account. He said he was asked to transfer $1,680 to someone in Texas via Western Union, at which point he realized it was a scam.

Jan 25, 2018
SCAM: 10 a.m., [address omitted]
A woman reported receiving messages from phone number 443-342-4190 stating her Social Security number had been stolen. She told police she called her mother, who called the number back and spoke to someone who said the Social Security number was being used by drug traffickers in Texas to send money to Mexico. The woman’s daughter called the people back and was advised to get all the money from her bank account, put it on Walmart gift cards and give the card numbers to them, which she did. The caller stated the money would be refunded to her the next day by a police officer. When that didn’t happen, she looked up the phone number and discovered it was a scam.

Jan 17, 2018
SCAM: 3:44 p.m., [address omitted]
A woman told police she accepted a job from a Craigslist post and was sent a check from an individual who identified himself as Taiwo Ayeni. The woman said she cashed the check and sent $850 via Western Union to her new employer's “supplier.” The woman said the employer then requested she buy several iTunes gift cards with the remainder of the money. The woman said that sounded odd and she contacted her bank, which informed her the check she deposited was not legitimate and she was most likely the victim of a scam. The woman said she sent a message to the original sender saying she was not sending anything to him. She said the posting on Craigslist has since been deleted.

Jan 12, 2018
SCAM: 2:22 p.m., [address omitted]
A woman reported receiving a phone call from a man who stated her identity had been stolen. The man told her to buy a $1,500 gift card from Target and provide the security code to him, which she did. She also gave the man the last four digits of her Social Security number, a picture of her and the name of her bank. The woman said the man spoke with an accent and called from the number 443-648-5751.

Jan 8, 2018
SCAM: 1:08 p.m., [address omitted]
A woman reported receiving a phone call from a man who identified himself as Benton County Sheriff's Deputy Cook at phone number 541-847-5100 (the Benton County Sheriff’s Office Monroe number). The man told her she had a "contact warrant" for missing jury duty and needed to pay her bail before getting off the phone with him or she would be arrested. The woman said she stayed on the phone with him while she drove to Safeway, purchased a $2,000 MoneyPack gift card and then drove to the Law Enforcement Center, where she provided him with the gift card number over the phone. The woman said the caller told her the gift card did not work and to purchase additional gift cards. She said she asked him to come out of the Law Enforcement Center and she would give him the physical card, and he disconnected the call. The woman then realized it was a scam and went inside to report it.

Dec 19, 2017
SCAM: 9:41 p.m., [address omitted]
A woman told police she received a call from 443-579-5816 and a man identifying himself as “Richard Gomez with the Federal Marshals” told her that her social security number was being cancelled due to pending criminal charges. The woman stated Gomez instructed her to take all the money out of her bank account and buy Walmart gift cards. The woman bought $2,675 worth of Walmart gift cards and provided Gomez with the pin number on the back of each card. Gomez told the woman the charges would be dropped and her social security number would be reactivated. Police have no suspects.

Dec 4, 2017
SCAM: 6:39 a.m., [address omitted]

A man reported he met a girl on the website Chatroulette about two years ago and began video chatting with her via Skype. The man said that on Sunday he received a message via Skype demanding $400 or the sender would disseminate explicit videos or photographs to the man’s Facebook friends. The sender requested the money be sent to the Philippines. No suspects were identified.

Dec 4, 2017
SCAM: 3:50 p.m., [address omitted]
A woman reported she had received a pop-up on her computer stating it was hacked and she needed to call 1-855-236-8222. She spoke with a man by the name of Ben Carter, who told her to write a check for $249.99, scan it and send it to him to remove the virus. The woman did so and later learned it was a scam.

Dec 1, 2017
SCAM: 2:15 p.m., [address omitted]
A woman reported she received a call from her boss informing her the Sheriff’s Office had called looking for her and to call them as soon as possible. She said she called the phone number given to her and was told she had two warrants for her arrest and she needed to go to the Sheriff's Office immediately to sign paperwork. She agreed to go to the Sheriff's Office and was told to bring a $500 gift card with her to pay a fine for which she would be reimbursed for if it turned out she did not have any warrants. She was instructed to get the card, which she did, and call them and give them the number on the card, which she also did. She was then told to go to the post office and mail the card to the USPS MCO Division, which she did, and then go to the Sheriff's Office. While at the Sheriff’s Office her husband called and informed her it was a scam.

Nov 27, 2017
SCAM: 9:46 a.m., [address omitted]
A man reported he had received a call in October from someone claiming to be Alex Williams with Apple Inc., who told him his computer was infected with a virus. The man said he agreed to pay about $3,000 in iTunes gift cards for two software packages to protect his computer. When the suspect asked for additional gift cards, the man became suspicious and called Apple and learned he had been scammed.

Nov 21, 2017
SCAM: 10:50 a.m., [address omitted]
A woman reported she had received a Facebook message from a friend telling her they had won $50,000 grants. The woman’s friend gave her a phone number and told her to call and ask for agent Paulsen Glenn. The woman said Glenn asked her to send a picture of her debit card and to buy $300 in iTunes gift cards, which she did. Her father learned what she was doing and told her it was a scam. The woman closed her bank accounts and is not out any money. Police spoke with the woman’s friend, who said she had not sent the Facebook messages. Police said her account appeared to be hacked.

Nov 21, 2017
SCAM: 12:16 p.m., [address omitted]
A woman reported she received an email on her OSU account indicating she was qualified for a job making $200 a week. The woman said she was sent a check for $2,450 and asked to send $2,100 back to the sender by Western Union. The woman sent the money and later realized the check was fraudulent.

Nov 4, 2017
SCAM: 9:43 a.m., [address omitted]
A man reported he had met a woman on the Plenty of Fish dating website and exchanging revealing photographs with her. The woman’s profile stated she was 23 years old. However, an unknown man called him stating he was the girl’s father and she was 16 years old. The “father” said he needed to pay him or he would go to police, so he put $60 on a prepaid card and gave the “father” the account and pin number. The man realized this was a scam after the “father” called again requesting more money.

Oct 19, 2017
SCAM: 12:02 p.m., [address omitted]
A woman reported her 15-year-old son had put $1,200 worth of camera equipment on Craigslist. A man named Hernandez Gago contacted them and offered to pay through PayPal if they would ship the camera equipment to New Jersey. They did so and found out the PayPal emails they were receiving were fake.

Oct 18, 2017
SCAM: 2:30 p.m., [address omitted]
A woman reported a man named Mark contacted her via phone and computer saying her bank account had been emptied. The man said he could get the money back for her if she sent him money. The woman withdrew $35,000 from her bank account and deposited it into various accounts at different banks that Mark instructed her to go to. An officer contacted Mark, but he would not answer questions and hung up the phone.

Oct 17, 2017
SCAM: 3:45 p.m., [address omitted]
A woman reported she had been contacted by a man who claimed to work for Wells Fargo and took the woman’s information. She later noticed $4,000 had been withdrawn from her account.

Oct 13, 2017
SCAM: 1:05 p.m., [address omitted]
A woman reported her husband planned to update their Garmin GPS device on the internet. However, he went onto a fake site and paid $180 to a man who pretended to be a Garmin technician. The couple verified with Garmin that they had fallen for a hoax.

Oct 11, 2017
SCAM: 3:30 p.m., [address omitted]
A woman reported she received a phone call from a man who identified himself as David New and told her she had won a 2017 Mercedes Benz. The man asked the woman to provide him credit card information to pay taxes on the car. The woman said she did not give the man any information.

Sept 27, 2017
SCAM: 3:45 p.m., [address omitted]
A woman reported she felt she was being scammed. She said she was contacted by a woman who identified herself as Kristen Anderson on Roommate Finder. After communicating for two weeks, Anderson sent the woman a check. But the check was written for $2,000 more than the agreed upon amount and Anderson asked the woman to wire back to her the extra money. Before wiring the money, the woman realized it might be a scam.

Sept 21, 2017
SCAM: 2:03 p.m., [address omitted]
A woman told police she thought her computer had been hacked after she found she had contacts she had not created. She said she was contacted by Microsoft, who told her they would resolve the issue and to buy iTunes gift cards to pay for the computer repair. The woman bought $700 worth of iTunes gift cards and provided them with the numbers. The woman told police the website "www.fastsupport.com" and the phone number 1-866-955-7984 were used during the scam. An officer called the phone number and spoke with someone but was not able to acquire tangible suspect information.

Sept 11, 2017
THEFT: 2:09 p.m., [address omitted]
A man reported he received a call from a man with an Indian accent claiming to be the federal police. The scammer told his victim that he filled out his admission paperwork to the University of Oregon incorrectly and had to either pay a fine or go to jail. The man agreed to pay the fine and was directed to purchase iTunes gift cards from Safeway and relay the relevant information over the phone. The man provided the scammer with $400 worth of iTunes gift cards. Police informed the man he had been scammed.

This was a sample taken from reported scams that have happened in Corvallis and the surrounding areas.. Again, I did not pick all of them, just a sample. There are thousands that happen in every city each year. These scams can range from an attempt to receive money from you, to stealing various account credentials, purchasing a service that doesn't exist, etc.


Yep, it was actually that long. Ridiculous, right?

These are my 12 ways to avoid scams:


1. The IRS will NEVER call you. Ever. They will send you snail mail, and that is all. If in doubt, call up your local Internal Revenue Service office (for all people in Benton County, there's one in Salem).

2. Never purchase gift-cards over the phone. Whether they say they're a lawyer, the Corvallis PD, or a "friend," they are not. Gift-cards are never a sufficient form of payment. I have, 100% of the time, see this result in scams. Also, shame on stores who don't ask someone why they're wanting to "buy $300 in iTunes gift cards". Never be guilt-tripped into purchasing them either. It is a scam.

3. Don't use Western Union/money orders to make payments. They are non-refundable. This includes if the person on the other end of the phone line will "send you a check for more than the amount and you wire-transfer the difference." This is the usual form that scammers request payment. They will send you a check, and you wire-transfer them the difference. The idea in and of itself doesn't make a whole lot of sense, but it is a popular scamming technique. Instead, ask them to wire you the money, and that you will wire back the difference. If they say "no," then you just foiled the scammer.

4. If you are "involved in an international crime in (a different country)," you are not. Verify with your local police department if you're unsure.

5. If you see a pop-up on your computer while you're browsing the internet that says you have a virus, there is a 99% chance you don't. Do not call the number on the screen. You can even call me, and I will walk you through how to get the pop-up to go away.

6. When making a purchase on either Craigslist or Facebook, first, meet a neutral site. Never meet at your residents. It's not only dangerous for you, but why would you want a stranger to know exactly where you live. Second, if you are purchasing electronics, meet at a local electronics store and have someone inspect it. I have inspected hundreds of computers when I was a hardware technician with an Apple Authorized Service Provider for people who were selling & buying machines. It's smart. Never accept checks; only cash or money order.

7. You don't win things over the phone. If you have actually won something on the phone in past, and it wasn't on the radio, that's why they do it now. That's why it's now a scam, because it's worked before, and the scammers hope it'll work again.

8. Don't exchange explicit photographs or videos over text, online chat, Skype, Snapchat, everything, even if it is a former girlfriend, boyfriend, lover. If your going to do it, do it in person. First, if it is someone you know and have met, and you put up explicit images or videos without their permission, you can be prosecuted under the "revenge porn" law, §166.065 of Oregon Revised Statutes for sexual harassment. If you don't know them, even more reason not to do it. You have no idea who's on the other end. Have you ever seen the show, Catfish?

9. Always be weary. If it sounds too good to be true, it probably is.

10. Never be pressured to "act now." If someone tells you that if you turn off your computer, the "virus will spread," they are lying to you. Don't let anyone talk you into a purchase, especially if you are speaking to them because you called a number from a pop-up.

11. Be cautious on social media. There are many fake profiles in the wild, and one of the most common is for a profile to imitate someone who is over 70-years-old. I don't know why that's their target, but it is. If you get suspicious messages from family members or from someone else in your friends list, be cautious and don't click on any links. Never, ever click a link in a suspicious message OR email.

12. Don't trust your caller ID. Nowadays, scammers will spoof their phone number to make it look as if it's in your area. For example, in Corvallis you may receive a number with an area code 541 and the prefix 753, 754, or 757. All of these are common Corvallis prefixes with the appropriate area code. You may also receive phone calls from common cell phone numbers in your area. You can answer the phone, but be very aware and weary if the phone number is unknown to you. Lastly, don't purchase anything unless you've been expecting their call, and you've done your research to make sure it's reputable.

That's my list. Twelve ways to avoid scams. Can you still be scammed? Yes, it is possible, but if you follow these rules, it will reduce your chances ten-fold. Luckily, for the most parts, banks will issue refunds if you paid via credit card, and even if you didn't, it never hurts to ask. Always ask your bank for a refund if you've fallen victim to a scam.

If you follow these and still have doubts about an email, pop-up, or phone call you received, send me an email at stuart@crashsecurity.com or call/text at 541-714-5880. I would much rather have you send me a text to check, then to purchase $500 in gift-cards. 

Best of luck and safe browsing!

Is This A Scam - Part III

A few weeks ago, my wife and I were at my parents home enjoying dinner when my family got on the topic of cable. When I was younger, my family didn't have cable or Dish, but we did have an antenna that would allow us to watch television channels. This conversation led to my mother telling my wife about a fake, scam phone call we received when I was around 18-years-old. I answered the phone and toyed around with the person on the other end of the line, trying to tell me that I'm overpaying for my Dish services. We didn't have Dish. TL;DR: I've loved messing around with scammers for quite some time.

What you are about to view is a scam. There is absolutely no doubt in my mind that the person exchanging emails with me in the following screenshots is nonexistent. It starts out relatively simple, with a gentleman claiming to be Louis George claiming that I have a relative named George (he doesn't give a last name) who passed away, and that he had no next of kin, so I am entitled to his $6.8 million estate. I will walk you through the back and forth as I try to find out what this scammer is really after, as well as hope to ask some questions that cause him(?) to slip up.


It begins innocent enough with the claim I stated above. He then asks for my "full names," as if I have mutliple names...but you find out why he asks this in a following email. He also asks for my "private telephone," which there is no way I'm about to give out.

Screen Shot 2018-05-05 at 2.21.19 PM.png

I respond as, unfortunately, many may respond - in the affirmative. I ask where Louis is located, and if he could meet in person. I also inquire about his charges for a service such as this. I sign the email "Stuart Ash," as I can see what he is trying to do. Unforunately, one of GMail's many downfalls is the fact that your whole name appears in the To:/From: bar. As I've noticed as of late, Google's email client is becoming the new email client which is preferred by hackers. It turns out they've finally shifted from Hotmail.

Screen Shot 2018-05-05 at 2.22.08 PM.png

This is where the interesting parts begin. "Louis" begins his email with "may Almighty God continue to be with you and your family." Not bad for a scammer, basically praying for my family and me after "the loss of my relative." He claims my relative is John C. Ashenbrenner, who does not exist. Immediately following telling me the name of the deceased, he reveals to me that he resides in "Lome Capital City of Togo." What he is trying to say is that he lives in Lome, the capital of the country Togo. If you're wondering where Togo is, it is in Western Africa, not too far west of Nigeria. Coincidentally, this isn't the infamous "Nigerian Prince Scam," where you get a cold-call telling you that the Prince of Nigeria needs your money. This is the dead-relative-from-Togo scam apparently.

He then launches into all of the necessary information he requires. Which includes, but is not limited to my name, address, phone number, drivers license or passport number. My assumption is that this is their end game - the drivers license or passport number.

Capture1.PNG
Screen Shot 2018-05-05 at 2.22.50 PM.png
Screen Shot 2018-05-05 at 2.23.30 PM.png

After that extremely lengthy and broken-English email, I was sort of at a loss of what to say. Split the money 50-50? Supposedly for a family member that had no next-of-kin to pass on the inheritance. So I reply, questioning this point. I also wanted a little clarification on how we was able to do this from Togo...

Screen Shot 2018-05-05 at 2.24.01 PM.png

So he sent me another lengthy reply, about a day later. If you read through this, he is actually somewhat eloquent, if that's the proper word.

The most fascinating part of these scams is the scammers themselves. These scams have been happening since the '90s, and it would not still be continuing 20-30 years later if they weren't doing something right. After seeing enough of these, I think I've figured out what they do right: They know emotion.

The emotion this scammer conveys in the following email truly appears genuine, although difficult to understand at times. If you think about this from someone who isn't necessarily computer savvy or doesn't have knowledge scammers, this type of email may actually work in baiting and phishing for these scamming victims.

Screen Shot 2018-05-05 at 2.24.50 PM.png

I requested a certificate of death as well as how we needed to move forward. I kept expecting him to request money via Western Union or wire transfer. I also give a slight jab at his "millions of Ashenbrenner(s) in your country." There's maybe a dozen.

Screen Shot 2018-05-05 at 2.26.00 PM.png

And this last email from Louis is where things have ended, and where I'm going to leave it, because know it is obvious what they're after, my ID. With the information below that they are requesting, it would be incredibly easy to steal my identity. Full name, address, profession, email, valid ID, all of those would pass the check for a new ID.

Screen Shot 2018-05-05 at 2.26.34 PM.png

To sum all of this up, this email skipped my Junk email box, and it came directly to my Inbox. I knew immediately it was a scam, but many don't realize this. 

If you come across a suspicious email, please forward it on to me, and I would be happy to advise you on how to move forward. When it comes to email and the internet, do the opposite of what we're supposed to do in real life. Online, you have to expect someone has ill intentions first, then learn to trust them. If you trust first, you will fall victim to scams like this. I have done a blog on a specific scam called The Scam of A-Tech Networks. Feel free to read it as well.

Be careful and safe browsing!

-Stuart

Why MacKeeper IS a Scam

Known Bad Software Part I - MacKeeper


Before starting, I need to thank Matt Jacobs (@pnwbeard - Primary Apple Authorized Mac Technician, Apple Certified iOS Technician, Apple Authorized Support Professional), Diego Munoz (@diegomunozmusic - Primary Apple Certified iOS Technician, Apple Authorized Mac Technician, Apple Authorized Support Professional), mac-interactive (@macinteractive - Operated company providing Apple Support since 2003, experience in maintaining large networks of Macs in enterprise environment), and MacFixer.co.uk (@TheMacFixer - provides computer support, hardware repair, maintenance and upgrades for Apple Macintosh and iOS users in Hampshire, Isle of Wight, Wiltshire, Berkshire, Surrey and West Sussex for on-site repairs/collections) for their contributions to this blog post. Their knowledge and assistance over the years have made this possible. Give them a follow on Twitter as a thank you! Thank you very much for your contributions!

Let's begin...

Known Bad Software (KBS), or sometimes referred to as Potentially Unwanted Programs (PUPs) are on the rise. As PUPs seems like a "politically correct" term to call these programs, I'm going to call a spade a spade. Welcome to Part 1 of a multipart series focusing on Known Bad Software. Our first software, the well-known, persistent piece of garbage, MacKeeper.

 My   Badge of Honor

My Badge of Honor

As most of you know, I have never been a fan of the software MacKeeper. In fact, I have been undoubtedly critical of them, enough to have them block me on Twitter. A fellow computer technician, @mac-interactive, took a screenshot of the message saying "MacKeeper has blocked you" and referred to it as the 'Badge of Honor'. I of course concur. 

I wanted to write a post that chronicles the reasoning behind my hatred. I also want to talk about specific articles that praise MacKeeper, and touch on why I still believe it is garbage.

History: I want to start with a little history of MacKeeper, and the two companies that have owned it since its inception in March 2010.

MacKeeper was started by ZeoBIT, LLC, out of Sunnyvale, California. MacKeeper, and as most programs, started out slow before gaining speed in the computer "security" industry. The way it gained speed, however, is part of the reason that MacKeeper is so highly criticized.

In 2014, Holly Yecha filed a class-action lawsuit against MacKeeper's, at the time, former owner, ZeoBIT, LLC, claiming that the company's computer security program identifies problems that don't exist and generates false error messages to scare users into purchasing an upgrade. (see Holly Yencha, et al. v. ZeoBIT LLC, Case No. 2:13-cv-00578, in the U.S. District Court for the Western District of Pennsylvania). The lawsuit was settled, and I am ommitting a lot of the legal jargon, but ZeoBIT settled for $2 million and told customers they could get a refund if MacKeeper was purchased before 8 July, 2015. A win for the people!

As of December 6, 2016, ZeoBIT, LLC is no longer in operation, but not before they sold MacKeeper to Kromtech Alliance Corp. in April, 2013. Keep in mind, this is before the class-action lawsuit against ZeoBIT, LLC, which I believe is the reason ZeoBIT went under. It is, I think, an accurate guess to think that ZeoBIT, LLC simply rebranded as Kromtech Alliance Corp.

Kromtech is known for its shady marketing techniques, which many users claim try to scare the user into buying their software. This is similar to how ZeoBIT, LLC operated.

 https://mackeeper.com/blog/post/5-avira-licenses-anti-virus-technology-to-kromtech-to-power-mackeeper-security

https://mackeeper.com/blog/post/5-avira-licenses-anti-virus-technology-to-kromtech-to-power-mackeeper-security

In June 2014, Kromtech partnered with Avira, a well known antivirus software, to integrate the Avira database technology into MacKeeper. ZeoBIT did the same in 2011. The licensing agreement, which you can even see when your installing MacKeeper, allows Avira's Secure Antivirus API to run as a background service, which can also take requests from MacKeeper to run scans.

Now keep in mind, there is a difference between Kromtech Security Center, and the software Kromtech is putting on the market. Kromtech Security Center has done some great work in security research. I just wish Kromtech put a little more effort into their poor excuse for their security software.

How I learned about MacKeeper: I was first introduced to MacKeeper in 2015. I had recently began my work as a technician with an AASP (Apple Authorized Service Provider). I was being trained by Matt Jacobs, who had been with the company for a little over two years at the time. This was about the time when MacKeeper was starting to gain some notoriety in the Apple community as being a piece of software that should be avoided.

I remember one of my first days of training: I had a yellow legal pad out, taking notes on what was referred to as the "Security Bundle," a suite of programs and processes designed to help customers that were having security issues. A piece of this was removing programs that at the time, were known by the acronym KBS, for Known Bad Software, a phrase and acronym coined by Matt. It was Matt's knowledge and experienced that really sparked my interest into the world of computer security, and more specifically, Mac Security.

mavericks-600x409.png

"It all started with (OS X 10.9) Mavericks, which also seemed to open the door to malware," Matt told me. "I was running a 'tune-up' on a customer's machine (in 2013) that was running slower than it should. When I was working through my normal process of running a tune-up, MacKeeper crashed and asked if I wanted it to reopen. As I was just running a tune-up, I didn't think it was necessary to have it open. Right after I told it to not to reopen, the machine sped up to the speed it should be running. Not realizing MacKeeper was actually bad software, I thought it was a bad installation of the program, so I went out and installed it again. Sure enough, once it started running, the whole machine started running slow again."

After a lot of research, and going down the rabbit hole of Google, Matt discovered from a reputable source within the Apple Discussion Forums, that you (users) should stay away from MacKeeper. Matt fired off an email to Thomas Reed, at the time the creator of Adware Medic and owner/blogger on The Safe Mac website, now with Malwarebytes. Shortly after, a blog post by Reed went up on The Safe Mac, and MacKeeper began it's downfall in the eyes of the Apple community. "I don't know if my email to Thomas (Reed) had anything to do with his blog post, but I like to think it was," Matt stated.

It was after my training with Matt that triggered my love for investigating these types of poorly designed, unwanted programs.

 From left to right: Stuart Ashenbrenner, Diego Munoz, Matt Jacobs

From left to right: Stuart Ashenbrenner, Diego Munoz, Matt Jacobs

When I was initially hired, I was being hired as Matt's replacement, as he and his family were moving. Roughly nine months later, Matt returned, and our store was also fortunate enough to get Diego Munoz, around a month before Matt came back. The three of us quickly became very close friends, and we worked very diligently on Matt's Security Bundle, Matt spearheading it. We were identified as Simply Mac's Research & Development team a short time later for the Security Bundle that went company-wide the following year, which I confirmed yesterday is still in use, and I just need to say this, Matt Jacobs has yet to get any credit for the production of this software, which is an abomination by that company. In our off-hours, we would test programs, run adware and see what it did and how it persisted, and worked to refine the Security Bundle to be as efficient as possible. The Security Bundle is still ran within the company, but the R & D team has mostly been disbanded with the massive customer increase, as well as some Apple Repair Extension Programs, that have kept Matt and Diego extremely busy, leaving little to no time to work on research and development. Even though I've left the company, I still spend my free time and time with Crash Security researching malware, adware, and known bad software like MacKeeper, so I can bring you blogs like this one.

Mac expert mac-interactive dug through some old emails, and he found the first surfacing of MacKeeper in his inbox from 30 November 2011. His email was sent out to his coworkers. It said, "Just had an email from a friend saying they had 'installed MacKeeper'...followed by 'is it any good? (...I removed some content for brevity...) Do [sic] the team have an experience? I would stay away from the app purely because of its excessive banner advertising and the fact that the banner click downloads the package!" Package is referring to MacKeeper's installer. 'Package' is the technical term for a type of installer. The response to mac-interactive was in the affirmative, telling him to stay away from it.

One of mac-interactive's coworkers stated at the time, "The client had carried out a 'clean up' operation using the application (MacKeeper), and it deleted a lot of their files from the Library folder in their home directory and also complete applications like 'iPhoto' and 'Pages'. A total of 2 hours has been spent getting the client's iMac up and running again. I talked the client through the reinstallation of Mac OS X 10.6 from their DVD which restored most functions. Then the client decided to purchase, download and install the latest version of Mac OS X (10.8), iPhoto and Pages applications from the App Store as they weren't sure where their original installation disks were and they wanted to be up to date.

The application, as I suspected was 'MacKeeper'. It's an app that appears a lot in 'Speed Up Your Mac' (advertisements) all over the internet.

This is a bad application in my opinion, and I generally uninstall it as soon as I find it on client's computers. Some versions of this application have been VERY difficult to remove in the past."

dwightschrute_false_mac-300x207-300x205.jpg

MacKeeper's problems: First, they provide cleaning software, which they claim you need, and they claim that they are criticized on forums because the people on the forms don't understand this and still believe Macs don't get viruses. Let's address this: NO! Many people who criticize MacKeeper on forums and discussion boards are actually security or Mac professionals. I believe that Macs need malware protection, which is sometimes bundled with an antivirus program. I think it is necessary. Macs are getting targeted for malware more and more every day. The idea that "Macs can't get viruses" just isn't true anymore, which prior to OS X 10.9 Mavericks was actually a valid statement. Actually, the phrase should have said, "Macs haven't gotten viruses." The ad campaign that Apple put out years ago is now irrelevant, except for the fact that the majority of Mac users truly believe that Macs can't get a virus, malware, adware, anything. What this does is makes them extremely vulnerable, and in-turn, they click on anything, believing that there is no way it can be malicious. However, malware protection is COMPLETELY, 100% different than "cleaning" software, which claims to "free up RAM space", yada yada yada.

Now for my favorite part...why do I, personally, have such hatred for MacKeeper? Now keep in mind, I am one of many who hate this software. I asked Diego Munoz, why he thought MacKeeper was so reviled. Munoz says, "I think most people who revile it are somewhat tech savvy and know how different computer processes work and they can see how "sketchy" they are."

Marketing: Beginning with their marketing tactics, MacKeeper is supremely one of the most aggressive advertisers that I've come across online. Their ads are predominantly on pages that are uncommon to the average user, but occasionally, you will see them on CNN[dot]com or other popular sites.. You will see their banner ads splattered across common pirating or torrenting pages, any page that speaks about computer speed, and the strangest - on the pages of other "security" software like CleanMyMac. Speedtest.net, a well known webpage for testing the upload and download time of your internet runs MacKeeper ads, and I have yet to run across a computer that is running MacKeeper and is benefiting from it. When I asked Diego about why he thinks it gets installed, he replied, "I think it's a guilt trip scam, and 100% of the computers I've worked on have not benefited from this. In fact, 100% of them do better without it."

Screen Shot 2018-05-08 at 8.46.58 AM.png

MacKeeper has been everywhere as far as marketing is concerned. Part, if not all of this, is made possible by CJ Affiliate, formerly Commission Junction, who is owned by Alliance Data. CJ Affiliate is a site that allows you to publish advertisements to target a specific audience. Based on how many 'clicks' your links get, you "stock" goes up, meaning that affiliates can turn a higher profit per click. Let me give you an example...if I use CJ Affiliate, MacKeeper can run an ad on my site, potentially. For ever click from my website to MacKeeper's site, I would give a certain amount of kickback money from that. Furthermore, if someone goes on to MacKeeper's site and buys something after visiting from my link, I get a kickback from that as well. Because of this, MacKeeper is on a TON of websites, because it is easy money for businesses, as they are getting a kickback off each click. The thing about MacKeeper that pushes this forward is that fact that MacKeeper sure does look legitimate. I will give them that. There website and software look as if they will actually help, which I don't think they do. I, as Diego mention, believe that removing it is more beneficial.

Fake Advertisements: MacKeeper has even been known, in the past, to also produce fake advertisements, trying to get the user to click on them. MacKeeper claims this is due to competitors trying to deface the company, but the following still remain. MacKeeper has been so well noted as being a piece of Known Bad Software, that some highly touted antivirus engines actually recognize MacKeeper as, not necessarily a piece of malware, but as a PUP, and the antivirus will help you remove it.

Macfixer.co.uk told me, "I think the selling tactics give it away, any legitimate software would not use pop-under ads telling people they needed to clean their Macs by scaring them. They also make it difficult to uninstall and even if you follow the guides on-line various crap is left remaining. So whilst the only harm it may do is to slow down your system and bundle a number of very poor ‘utilities’, ultimately its the shoddy business tactics that mean I tell all and sundry to avoid it. I’ve had dozens of cases where a poorly running Mac is restored to full health after MacKeeper has been given the boot."

I digress momentarily to say this: many antivirus programs make your Mac slower, especially the big ones that you heard of from the Windows platform. Antivirus software like Norton, Sophos (not as much), Avast, McAfee, AVG, and Kaspersky seem to slow a Mac down rather drastically. The difference with MacKeeper is that it repeatedly tells you that "your system is at risk," and that you should update MacKeeper to the Premium version, of course at a cost.

They claim their software can clean your memory, to name just one. You don't need a program to "clean your memory." It may remove the 200MB from your Safari cache, but 200MB on a hard drive over the size of 128GB is so minute, it's ridiculous to market towards people in this fashion.

Fake Reviews: One of the issues I have seen is the false advertising by people claiming to be Mac experts, lobbying for MacKeeper. To give you an example, I found macsumo[dot]com, a website that contains the word "mac," which also makes Apple users more trustworthy of them. Macsumo has only four articles, but unfortunately, the website lands on one of the first pages of a "MacKeeper" web search.

Macsumo[dot]com's most recent article posted on 3 April 2018, titled Mackeeper Review (April 2018) – Testing The World’s Most Controversial Mac App leads off with an interesting question. "First things first, do you really need cleaning tools like Mackeeper?" they ask. Their answer...Yes, you do!?!?! This is a flat-out falsehood. You don't need "cleaning tools." Do you need malware tools? Yes, I think so, but cleaning tools, no. Macsumo also claimed it sped up their machine, which would be a first. The most bizarre part of this blog post was the fact that one-eighth of the way into the article, they offer an "Exclusive MacKeeper discount", claiming "Macsumo exclusive 20% discount link." These ads then are scattered throughout the ENTIRE article, and by entire, I mean there are six in total. Yet, when you follow the link, you get to the purchase page for MacKeeper. No discount, just their primary purchase page. So much of the "advertising" from MacKeeper, in these forms, is simply clickbait (an ad designed to just make you click it). If you think about it, MacKeeper not only makes money on their product, but they make money on page hits, so if they put ads that convince consumers that their computer is running slow, then user clicks on it, and MacKeeper can then tell potential advertising clients that their pages get x-amount of hits per day. Still, there was a funny aspect to macsumo[dot]com: 1.) Their Terms of Service, which contain the "Links" section. See the picture below to see what I mean.

 Macsumo[dot]com Terms of §6

Macsumo[dot]com Terms of §6

2.) The amount of CPU usage my computer was using simply having their website loaded. Pictured below - a whopping 95%

Screen Shot 2018-04-19 at 4.51.54 PM.png

Leave it to a lobbyist for MacKeeper to have high CPU usage...

A big question regarding if MacKeeper is a scam is still lingering. To use the definition of a scam directly from the dictionary:


scam

noun

informal

1. 

a dishonest scheme; a fraud.

"an insurance scam"

synonyms:fraud, swindle, fraudulent scheme, racket, trick; More

verb

1. 

swindle.

"a guy that scams the elderly out of their savings"

synonyms:swindle, cheat, deceive, trick, dupe, hoodwink, double-cross, gull;


IMG_4837.png

If those are the definitions of a scam, then MacKeeper is most definitely a scam. "Deceive": MacKeeper claims your computer is at high-risk when it is not. It seems ridiculous that a company that many find trustworthy is still in operation.

Now I do differ with some of my colleagues in this belief. People like mac-interactive said, "I think it has been a scam in it’s history, but now they seemed to have morphed into a general support service.
An example of a point in history of when it definitely was a scam can be seen in the September 2011 Apple Help Writer article (since updated) and here: http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/. A fake scan window that claims that the (clean system) is in a SERIOUS condition."

The other thing I have found that MacKeeper does to deceive its customers is constantly touting their 5-star rating from shopperapproved[dot]com. Here is one of the 5-star reviews. Read the review carefully. It doesn't seem like a 5-star review to me.

The website shopperapproved[dot]com is a site in and of itself that is questionable. In its first 12 days online, it had over 1,000 reviews, which sounds fishy to me. Also, according to TrustPilot, ShopperApproved[dot]com has a trust-rating of 3.4/10, basically meaning you shouldn't trust it.

Deception in Support: The funniest thing MacKeeper does, is it only speaks to its reviews from this site, but you have to dig to find their negative reviews, which there are a ton of them.

Screen Shot 2018-05-07 at 7.45.59 PM.png
Screen Shot 2016-06-17 at 8.09.21 PM.png

Again, their deception is almost staggering into wanting to make you believe that everything they do is 5-star service, and every customer representative you chat with through MacKeeper is the most Apple-savvy technician you could possibly find. Yet, every time I have chatted with someone on MacKeeper, which is well over twenty times, I have always "chatted" with the same representative, Andrew, or according to MacKeeper's website, Andrii (above-left). They have only FIVE customer support staff members, all who are, according to MacKeeper's website, "Apple Certified Professionals,"  which is their equivalent to the Apple Certified Support Professional, which is an actual accreditation through Apple. Yet, when you look at each profile, four of the members are only certified through OS X 10.9 Mavericks (circled in the picture above), which came out in October 2013. One member is certified with OS X 10.10 Yosemite, released in June 2014. We are currently on macOS 10.13 High Sierra, and it's 2018!

They will walk you through your system scan, then tell you, "Your system is at critical risk," which is a direct quote from a chat log I had with them. This was after installing MacKeeper on a fresh operating system, meaning that I erased a hard drive, installed an operating system, installed MacKeeper, and ran their scan. They said my newly installed operating system was at "Serious" status. Below you can see a video-only beginning interaction which they claim is a chat with a real person. It's not. It's 100% auto-generated text. They are auto-responses, just one message after another, which you can see below (no audio).

IMG_4838.jpg

This type of "support" leads to reviews like the this review. One of the more bizarre parts is that I have installed MacKeeper probably over one-hundred times to experiment with it, have chats with their "technicians," etc. Yet over all this time, I have never ONCE been asked to review the software. Even if you go to shopperapproved[dot]com, you can't just leave a review for something. I still have no idea how those reviews appear, but mac-interactive believes that once a purchase is made, the customer is sent a specific link to leave a review.

One of the most difficult parts is finding positive MacKeeper reviews that aren't from shopperapproved[dot]com. When you type it into an internet search, you get some options, but then you stumble across an ad, yes an ad, that is for "MacKeeper reviews." The link to it? It goes to MacKeeper's website! I couldn't believe this. Do you know what this means? It basically means that MacKeeper is paying for an ad that claims it has MacKeeper reviews and it goes directly to their site. The advertisement on Google below and left leads to the page below and on the right. It is absolutely reprehensible. One of the funniest parts, MacKeeper's ad gave them only 4.1 out of 5 stars 😂😂😂.

Screen Shot 2018-04-28 at 3.58.12 PM.png

There have been some reviews left over the years from well-known website. In 2014, a company/website called 9to5Mac said, "Buying MacKeeper is basically paying to get scammed everyday."

Screen Shot 2018-04-28 at 3.58.47 PM.png

Likewise, two years prior, CultOfMac.com noted, "MacKeeper uses hidden "activators" which download malware without the user's consent."

Even people who write positive reviews of MacKeeper on their webpages, like macsumo[dot]com almost always have advertisements for MacKeeper on their website. If I am going to give an honest review about a product, I probably shouldn't be running their advertisements too. Isn't that exactly what a conflict of interest is? But this goes back to the CJ Affiliate part of it; getting paid for clicks.

MacKeeper is so bad at having their content reviewed, that their own Youtube channel put up this video, saying it was a review of MacKeeper. By the way, noticed how it says "Shopper Approved" in the title. They claimed this video was her testimonial. 

This shows your what a mess MacKeeper is. If this is their types of reviews, then you can tell they are a fledgling operation. That is, if their reviews are even legitimate, which I highly doubt.

Blatant Lies: One of the things that companies similar MacKeeper purport is that if you use free antivirus or malware software and don't pay for it, that you yourself become the product. Now I realize that on occasion, this holds true. The idea of "too good to be true" can be accurate in many circumstances when you are talking about computers. However, until recently, Malwarebytes for Mac was 100% free, and it still is free but contains a paid option. ClamXAV, one of my favorite virus-scanners was free until approximately a year ago. EVERY tool created by Patrick Wardle (@patrickwardle) on his website, Objective-See.com (@objective-see) is free, and they are amazing tools that are perfect for anyone concerned about computer security or information security. Please let me know if you are interested in any of these, and I can give you more information.

IMG_5498.PNG

Apple's Faux pas: As much as I would like to place 100% of the blame directly on MacKeeper's shoulders, you simply can't without calling out Apple simultaneously. Apple has, for seven years, allowed ZeoBIT, LLC, followed by Kromtech Alliance Corp., to carry a valid, signed certificate, meaning that Apple is allowing MacKeeper to be produced for their machines. Apple even once called out MacKeeper on the Apple Support Twitter account, claiming MacKeeper to be malware in January of 2018. Unfortunately, this tweet has since been removed, which is a shame. It felt like a momentary win for Apple, only for them to most likely kowtow to MacKeeper threats.

According to mac-interactive, "It did exist on the App Store for a while as the 911 Bundle, which was a great shame." I did confirm this in only a few seconds of research. If Apple could be more upfront with the terrible software that is out there, we may be able to curb this problem.

Final Thoughts: The problem is that there are also garbage pieces of software that not only don't help your computer, they seem to actually make it worse. There are a surprising number of these, and unfortunately, most of the ones you may see in the App Store aren't good. I highly suggest doing some research before downloading any antivirus or malware protection, and even ask me if you would like.

Lastly, I'd like to leave you with my own review of MacKeeper, and yes, it is SHOPPER APPROVED! Enjoy!

Where Will Malware Hit Next

Part of the job of a malware researcher is to try and predict what will be hit next. These predictions are based on past attacks on different institutions, the discovery of malware on certain systems, 0days (a bug that gives you 'zero days' to patch it) and where they are found, and many, many more.

Since the beginning of 2017, I've been certain that sooner or later, the education system will be hit. This isn't just because it is an astronomically large institution, but it is also contains so much valuable information. Student, both current and past, have their social-security numbers, contact information, payment information (to pay tuition), current student loans, address, and the list unfortunately rolls onward.

My other estimation, which I'm already starting to see come to fruition is the attack on POS (point-of-sale) systems in restaurants. Again, massive amounts of customer information accompanied by credit or debit card information. If done properly, the malware could also grab employees ID numbers to sign in.

Most restaurants run on specific POS systems that are deigned for restaurant use. Two of the more popular ones are Clover and Aloha. If an attacker knows how these specific pieces of software work, it is extremely easy to exploit. We just recently saw that 160 Applebee's locations had discovered malware on their POS terminals. This is just another portion of our economy in which we are starting to see threats of cyber attacks.

My last, and probably most frightening expectation is the banking system. We've seen it a little already, but the banking system, while being probably the most secure sector of the economy (probably even more secure than the government), can have very many flaws. Part of it is the easability to do anything banking related anywhere. Whether you're using a TD Ameritrade application on your iPhone, transferring funds from one US Bank account to another, a simple piece of malware could grab hold of these. My biggest fear is a smaller entity, like Mint or a small stock trading company being hacked. This could be catastrophic, and could very quickly spiral out of control. 

We recently saw something similar with the hack of Equifax. If I take of my white hat and put on my black one, it is a brilliant breach. Between May and July, the attack was carried out on the Equifax servers through an "unnamed U.S. website application vulnerability." It took until September for it to be publicly announced, which I think, in a somewhat conspiratorial way, was 100% intentional. August would've been a great time to sell those shares in Equifax, as the day after the announcement, their shares plummetted 13.7%.

UPDATE: Full disclosure, I started this blog two weeks ago. It started with simply the idea that I wanted to write about where I thought malware was headed. Over the ensuing few days, I wrote down a few ideas. Those ideas included what you read above. However, today, I saw two news articles. One article referencing a POS system attack[1] and another speaking about how I assumed that August would've been a great time to sell stocks. Again, today, a news article of the Equifax CIO getting indicted for insider trading[2]. With that, i will change my focus on the rest of this article, as it seems like I didn't post this article fast enough. It's still interesting enough to leave in here.

UPDATE 2: Let me start this by saying this blog has now been started for three weeks, but writing finals has kept me from finishing it, and boy am I regretting it now. At the top of this article, you read that I have expected the education system to get hit sooner or later. This morning, I got an email from my college, and guess what...they got hit by ransomware at midnight last night. I couldn't believe it. See the photos below that show the emails I received. The photo on the left is the initial email, the picture on the right is a followup. As you can see "Macs were not effected."

IMG_5614.jpg
IMG_5615.png

  It's A Wonderful Life (1946)

It's A Wonderful Life (1946)

Since I'm apparently in the right vein when it comes to predicting the future, and I swear to God that I actually wrote this before those stories, "I wish I had a million dollars. *flips cigar lighter* Hot dog!"

But I digress. Now I have to think what is next. Well, first, these aforementioned attacks are not going to end here. This is going to continue to be a larger and larger issue. This ransomware attack against the local university is the first one that's reached my ears, but I know it will not be the last. The education system is a prime entity for hackers to attack. The amount of information in the university system is unparalleled except by maybe the stock market, which is another place I think will be attacked. I read a book in Nelson DeMille's John Corey series, a fiction series, where the antagonist says that there isn't a point to physically attack Wall Street because they will do more damage themselves than an physical attack would. However, with the amount of information, both personal and banking, hovering around Wall Street, I could easily see Wall Street being subject to a future attack.

That being said, I better post this before an attack on Wall Street happens, and I have to do another update to this post.

Take care!

Stuart


1. New Pos Malware Pinkkite Takes Flight, Tom Spring - https://threatpost.com/new-pos-malware-pinkkite-takes-flight/130428/

2.  Senior Ex-equifax Executive Charged with Insider Trading, Dan Goodin - Mar 14, 2018 6:50 pm UTC - https://arstechnica.com/information-technology/2018/03/senior-equifax-executive-charged-with-insider-trading/

Is This A Scam - Part II

This publication has been a long time coming, but for some reason, it always has gotten put on the back-burner in lieu of a "more interesting" story. After reading a news article out of Chesapeake, Virginia today, which was February 22nd, I realized that this was an article that needed to be written. So, this is:


Is This A Scam - Part II

The trigger for this post was actially an article I read which referred to a gentlemen who was contacted and told that he owed the IRS money, and that he needed to pay or "the police will come."

636173109841874978-iTunes-card.JPG

Let's first address the fact that we are in full swing of IRS scams. It's terrible that people choose such a time to profit off of others, with so much sensative data, but I guess you could say hackers don't exactly have the highest moral standards. That being said, DO YOUR TAXES AS SOON AS POSSIBLE. Do not wait. The longer consumers wait to file their taxes, the better the chance of having your identity stolen. Now I'm not try to scare you, but let me put it in this perspective...if you wanted to steal people's IRS information, what would be the best time to do it? April 5-14th most likely. Plus, the longer hackers operate, the more likely they are to get caught, so hackers typically will try to infiltrate a system and get out in a small amount of time, so file your taxes as soon as you can.

Now I want to get back to the main reason behind this post - the scam portion of the story I mentioned in the opening paragraph. If you read my last post, I mentioned a scam that happened right in Corvallis, Oregon, and quite frankly, is occurring all over the country. 

Scammers are contacting "customers" and explaining the to them that "they may be in trouble with the police if they don't give (insert amount of money) to (insert company name ie: IRS). In order to do this, the scammer almost always has the customer do one of the following: go to a Western Union and wire the money, buy gift cards then give the scammer the gift card number on the back, or the scammer sends a check for an amount more than requested, you then wire back the excess amount of money.

I spoke with a customer that I was working with last night who said, "Who would fall for that?" I responded, "Apparently quite a few people."

Just be cautious when you receive phone calls and keep these in mind:

  1. NEVER WIRE SOMEONE MONEY OR BUY GIFT CARDS TO "SETTLE DEBT"
  2. Apple, Comcast, Microsoft, or the IRS will NEVER call you because of a "hacked account." Apple, Comcast, and Microsoft will email you (most likely); the IRS will send you a letter
  3. If it sounds fishy, it probably is.
  4. Get a second opinion. That's why I'm here! Give me a call (541.714.5880) or an email (stuart@crashsecurity.com) about what happened, because 99% of the time, I'll know within the first two sentences (just because I've seen these types of issues so many times).

Please spread this to your friends, as I know this has been an issue of my town of Corvallis.

Be safe out there, and get your taxes done early!

-Stuart

Is This A Scam - Part I

This was originally published on February 22, 2018. I have since updated the police log to reflect the scams since February 15, 2018 through July 29, 2018

Corvallis Police Department Reports (Oregon)

July 26
THEFT: 7:37 p.m., [address omitted]
A man told police he was contacted by someone purporting to be a Chinese official and who informed him he needed to transfer $10,000 into an account at the Bank of China to ensure it was "clean" because it could have been involved in an "economic crime." The man transferred the money and then realized he may have been scammed. Police told the man to cancel the wire transfer and to report the incident to authorities in China.

July 17
SCAM: 11:08 a.m.,[address omitted]
A woman told police she listed two Country Music Festival tickets on Craigslist for $400 and received an offer out of California for $1,300 if she’d send $960 via Western Union to someone in New York. The woman said she did this and was later informed by her bank that the check she deposited was fraudulent.

WEDNESDAY, JULY 11
SCAM: 1:58 p.m., [address omitted]
A woman told deputies she met a man on Facebook a few months ago and the man told her he was in a hospital in South Carolina and needed money for surgery. The woman said she gave the man $1,000 in Amazon gift cards and the man asked for $2,000 more. The woman wanted to verify she was scammed and deputies told her she was. They discussed ways to prevent the incident from occurring again.

TUESDAY, JULY 10
SCAM: 10:03 a.m., [address omitted]
A woman told troopers she received an email that contained a check for $928. The woman was instructed to cash the check and buy something for the suspect and keep the change. The woman deposited the check and spent the money but did not send any money to the suspect. The bank then informed the woman the check was fraudulent and requested the money back.

July 6
SCAM: 12:53 p.m., [address omitted]
A woman told police she paid $299.99 to Microsoft for a subscription to keep her computer clean of viruses. The woman later realized it was a scam and canceled the check before it reached the recipient. Police think the scam involved international perpetrators and discontinued the investigation.

June 30
SCAM: [address omitted]
A person reported they received a phone call from someone claiming to be a Benton County Sheriff’s Office deputy. The caller told the person they had missed jury duty and needed to pay $3,000. The person bought $1,000 in Google Play cards and sent photos of the cards to the caller.

June 30
SCAM: 6 p.m., [address omitted]
A woman reported that some Chinese nationals called her posing as members of the Chinese consulate in San Francisco. They said that Shanghai police officers wanted to speak to the woman about some bank accounts opened in her name through the Industrial and Commercial Bank of China. The woman spoke with alleged Shanghai police officers, who stated she would be arrested if she could not prove she did not open the accounts. They convinced her to wire $90,000 to a bank account in Hong Kong with a promise of it being returned once her innocence was proven. The woman later realized the call was fraudulent.

June 19
SCAM: 11:23 a.m., [address omitted]
A man reported he had met a person online who identified herself as Ingrid Nugent and they had entered into a relationship. The man said $4,500 was deposited into his account by a person Nugent said was her attorney. Nugent then asked the man to send $4,064 by iTunes gift cards and money gram to Nigeria, which he did. The check deposited into the man’s account subsequently was declined.

June 15
SCAM: [address omitted]
A woman reported she had been having problems posting a video to Facebook, so she Googled a support number for Facebook. She called a number she found and was told her problem could be fixed if she provided $700 worth of gift cards. The woman bought the gift cards and provided the card's numbers to someone she believed to be a Facebook support employee. After providing the gift card information, the woman’s problem was resolved. The woman was informed by the person she called that if she provided another $300 worth of gift card information she would be reimbursed her money. She started to believe she was scammed and called police.

June 12
SCAM: 7:23 p.m., [address omitted]
A man reported he received a call from a person identifying himself as "Deputy Dale Ingram" with the Benton County Sheriff’s Office. The caller said the man had two failure to appear warrants and could pay the fine over the phone or be arrested. The man said he bought two Green Dot cards for $972 and read the numbers to the caller. When the man reported the incident to deputies, they informed him he was the victim of a scam.

June 5
SCAM: 4:17 p.m., [address omitted]
A man reported he was contacted by someone stating they were from the hospital and told him a Benton County deputy was trying to reach him. The man said he was contacted the following day by someone saying they were Sheriff Ingram with the Benton County Sheriff’s Office and that the man had a warrant for his arrest. The caller told the man he needed to buy two “Money Pak” cards with $494 on each to clear the warrants. The man purchased the cards and gave the caller the identification numbers. The man said he tried calling the number back, but there was no answer. Police tried calling the number but it went to an automated message machine and then the call ended.

May 31
SCAM: [address omitted]
A man told police he had listed his Microsoft Surface Book online for sale and was contacted by someone named “Yani Pedro” who wanted to purchase it. The man set up payment for the computer through PayPal and mailed the computer to an address in Houston. However, the man never received payment and discovered the email he was sent about PayPal was a scam.

May 15
SCAM: 4:37 p.m., [address omitted]
A woman told police she received a phone call at work from a woman who claimed to work for the state police. The caller told the woman that she did not file a Form 8886 with the IRS, and they were going to issue a warrant for her arrest. The woman said the caller instructed her to buy 12 gift cards worth $500 a piece. The woman told police she spoke to her bank and gave the caller some of her information, and then went to Wal-Mart to try and buy the gift cards. The woman said she tried twice to buy the gift cards, but her transactions were declined. Police informed her she had been scammed.

May 15
SCAM: [address omitted]
Police responded to Citizens Bank after a man cashed a fraudulent check. Officers contacted the man, and after he refused to remove his hands from his pockets, they placed him in handcuffs. The man told police he received the check in the mail from a Craigslist ad and was supposed to provide the account information to the sender. The man had deposited the $2,000 check on Monday and withdrew $200 of it. The bank then realized the check was fraudulent. Officers informed the man he had been scammed and released him. He returned to the bank the remaining cash he had from the $200 and was informed his account would be closed.

May 3
SCAM: 2:08 p.m., [address omitted]
A man told troopers he had received a call from a person posing as a Lane County deputy who claimed he had two warrants for his arrest. The “deputy” told the man he could turn himself in to the sheriff’s office or pay two payments of $489 in Green Dot Moneypak cards. The man sent the money.

April 26
SCAM: 4:25 p.m., [address omitted]
A man reported his brother, who has dementia, received a phone call from someone claiming to be the county sheriff. The caller claimed the man had missed jury duty and there would be a warrant for his arrest if he did not pay $1,500 via prepaid MoneyPaks. The man stayed on the phone with the caller while he purchased the debit cards and provided the card numbers to the caller over the phone.

April 2
SCAM: 9:38 a.m., [address omitted]
Police responded to Jimmy John’s for a fraud complaint. An employee told officers a man had called the shop stating he was from the corporate office. The man told the store manager that the shop was being investigated for employee theft and needed to provide the corporate office with $1,000 in gift cards. The manager drove to Fred Meyer, purchased two Visa gift cards and sent the images of the front and back of both cards to the phone number provided by the caller. A different employee had the cards locked so they could not be used.

March 22
SCAM: 12:10 p.m., [address omitted]
Two people told police they posted an ad on Craigslist seeking housing. They said they were contacted via email by “Larry Dunkin,” who claimed he lived out of state but was renting out 950 SE Powell Ave. The two people agreed to wire $800 via Western Union for the deposit, and Dunkin was to mail the keys. After they wired the money, Dunkin demanded $2,700 for three months’ rent before he would send the keys. The people refused to send the money. Police determined the house was not for rent.

Feb 27
SCAM: 3:38 p.m., [address omitted]
A woman told police she placed an ad on Craigslist to rent a room. An individual responded and assumed they had been selected as the next tenant and sent a check to the woman for $3,500. When the woman informed the person she would not rent a room to them, the person told her to cash the check and send a money order back in return. The woman knew it was a scam and gave the check to police.

Feb 25
SCAM: 2 p.m., [address omitted]
A man told police that someone, whom he believed to be a woman in Colorado, added him on Facebook. They video chatted and the man exposed his genitals. The other person then told the man that if he did not pay $500, they would post a video of his genitals online. The suspect wanted a money order sent to the Ivory Coast. The suspect’s Facebook account has since been deactivated.

Feb 21
SCAM: 4:12 p.m., [address omitted]
A woman said she received a phone call from someone claiming to work for Microsoft. The caller told her that her computer’s virus protection had expired and he could clear her computer of viruses for $499.99. The woman gave the caller her debit card information, as well as remote control of her computer. She later realized it was a scam and noticed a second charge for $512 on her bank statement.

Feb 15
SCAM: 8:34 p.m., [address omitted]
A woman told police she met a man online who claimed to have lost his wallet while on vacation. The woman sent the man $600 via Western Union. The following day, Western Union’s fraud department called her and said they felt she had fallen for a scam and put a hold on the transaction. The woman then received a call from someone claiming to be an FBI special agent and who said they knew about her involvement with the first man and that she was under investigation as a potential terrorist. The caller told her she needed to send $600 via money order to a judge in Florida, which she did.

Feb 15
SCAM: 10:30 a.m., [address omitted]
A man reported he sold a computer on Craigslist to “Tonnie Hooker III” for $770. He said he received a check in the mail for $2,300 with instructions to send the rest back via Western Union. The man wired the money from his bank account and then found out the check did not clear, for a total loss of $1,530. The man said “Hooker” had told him he would arrange for someone to pick up the computer in person but the person never arrived.

Feb. 14
SCAM: 11:38 a.m., [address omitted]
A man told police he had received a $2,450 check from Dial America Marketing with the agreement he would do bookkeeping for the business for $200 a week. The man said he was told to redistribute the funds by wiring the money to a Walmart in Texas, which he did. His bank later told him the check he received was fraudulent. The man lost a total of $2,450.

Feb 5
SCAM: 11:03 p.m., [address omitted]
Police responded after an employee at Burger King received a phone call from someone asking her where they keep the money and how much was in their safe. An officer took the phone and asked who he or she was speaking with. The caller promptly hung up. The employee who answered the phone said the caller claimed they were doing an FBI investigation for corporate and asked the employee to take money out of the safe and meet them nearby. The employee realized it was a scam and kept the caller on the phone until police arrived.

Feb 1
SCAM: 10:24 a.m., [address omitted]
A man told police he received an email on his OSU account regarding a job offer from a biotech company where he could earn $200 a week. The man said he received a check for $2,400, which he deposited into his bank account. He said he was asked to transfer $1,680 to someone in Texas via Western Union, at which point he realized it was a scam.

Jan 25
SCAM: 10 a.m., [address omitted]
A woman reported receiving messages from phone number 443-342-4190 stating her Social Security number had been stolen. She told police she called her mother, who called the number back and spoke to someone who said the Social Security number was being used by drug traffickers in Texas to send money to Mexico. The woman’s daughter called the people back and was advised to get all the money from her bank account, put it on Walmart gift cards and give the card numbers to them, which she did. The caller stated the money would be refunded to her the next day by a police officer. When that didn’t happen, she looked up the phone number and discovered it was a scam.

Jan 17
SCAM: 3:44 p.m., [address omitted]
A woman told police she accepted a job from a Craigslist post and was sent a check from an individual who identified himself as Taiwo Ayeni. The woman said she cashed the check and sent $850 via Western Union to her new employer's “supplier.” The woman said the employer then requested she buy several iTunes gift cards with the remainder of the money. The woman said that sounded odd and she contacted her bank, which informed her the check she deposited was not legitimate and she was most likely the victim of a scam. The woman said she sent a message to the original sender saying she was not sending anything to him. She said the posting on Craigslist has since been deleted.

Jan 12
SCAM: 2:22 p.m., [address omitted]
A woman reported receiving a phone call from a man who stated her identity had been stolen. The man told her to buy a $1,500 gift card from Target and provide the security code to him, which she did. She also gave the man the last four digits of her Social Security number, a picture of her and the name of her bank. The woman said the man spoke with an accent and called from the number 443-648-5751.

Jan 8
SCAM: 1:08 p.m., [address omitted]
A woman reported receiving a phone call from a man who identified himself as Benton County Sheriff's Deputy Cook at phone number 541-847-5100 (the Benton County Sheriff’s Office Monroe number). The man told her she had a "contact warrant" for missing jury duty and needed to pay her bail before getting off the phone with him or she would be arrested. The woman said she stayed on the phone with him while she drove to Safeway, purchased a $2,000 MoneyPack gift card and then drove to the Law Enforcement Center, where she provided him with the gift card number over the phone. The woman said the caller told her the gift card did not work and to purchase additional gift cards. She said she asked him to come out of the Law Enforcement Center and she would give him the physical card, and he disconnected the call. The woman then realized it was a scam and went inside to report it.

Dec 19, 2017
SCAM: 9:41 p.m., [address omitted]
A woman told police she received a call from 443-579-5816 and a man identifying himself as “Richard Gomez with the Federal Marshals” told her that her social security number was being cancelled due to pending criminal charges. The woman stated Gomez instructed her to take all the money out of her bank account and buy Walmart gift cards. The woman bought $2,675 worth of Walmart gift cards and provided Gomez with the pin number on the back of each card. Gomez told the woman the charges would be dropped and her social security number would be reactivated. Police have no suspects.

Dec 4, 2017
SCAM: 6:39 a.m., [address omitted]A man reported he met a girl on the website Chatroulette about two years ago and began video chatting with her via Skype. The man said that on Sunday he received a message via Skype demanding $400 or the sender would disseminate explicit videos or photographs to the man’s Facebook friends. The sender requested the money be sent to the Philippines. No suspects were identified.

Dec 4, 2017
SCAM: 3:50 p.m., [address omitted]
A woman reported she had received a pop-up on her computer stating it was hacked and she needed to call 1-855-236-8222. She spoke with a man by the name of Ben Carter, who told her to write a check for $249.99, scan it and send it to him to remove the virus. The woman did so and later learned it was a scam.

Dec 1, 2017
SCAM: 2:15 p.m., [address omitted]
A woman reported she received a call from her boss informing her the Sheriff’s Office had called looking for her and to call them as soon as possible. She said she called the phone number given to her and was told she had two warrants for her arrest and she needed to go to the Sheriff's Office immediately to sign paperwork. She agreed to go to the Sheriff's Office and was told to bring a $500 gift card with her to pay a fine for which she would be reimbursed for if it turned out she did not have any warrants. She was instructed to get the card, which she did, and call them and give them the number on the card, which she also did. She was then told to go to the post office and mail the card to the USPS MCO Division, which she did, and then go to the Sheriff's Office. While at the Sheriff’s Office her husband called and informed her it was a scam.

Nov 27, 2017
SCAM: 9:46 a.m., [address omitted]
A man reported he had received a call in October from someone claiming to be Alex Williams with Apple Inc., who told him his computer was infected with a virus. The man said he agreed to pay about $3,000 in iTunes gift cards for two software packages to protect his computer. When the suspect asked for additional gift cards, the man became suspicious and called Apple and learned he had been scammed.

Nov 21, 2017
SCAM: 10:50 a.m., [address omitted]
A woman reported she had received a Facebook message from a friend telling her they had won $50,000 grants. The woman’s friend gave her a phone number and told her to call and ask for agent Paulsen Glenn. The woman said Glenn asked her to send a picture of her debit card and to buy $300 in iTunes gift cards, which she did. Her father learned what she was doing and told her it was a scam. The woman closed her bank accounts and is not out any money. Police spoke with the woman’s friend, who said she had not sent the Facebook messages. Police said her account appeared to be hacked.

Nov 21, 2017
SCAM: 12:16 p.m., [address omitted]
A woman reported she received an email on her OSU account indicating she was qualified for a job making $200 a week. The woman said she was sent a check for $2,450 and asked to send $2,100 back to the sender by Western Union. The woman sent the money and later realized the check was fraudulent.

Nov 4, 2017
SCAM: 9:43 a.m., [address omitted]
A man reported he had met a woman on the Plenty of Fish dating website and exchanging revealing photographs with her. The woman’s profile stated she was 23 years old. However, an unknown man called him stating he was the girl’s father and she was 16 years old. The “father” said he needed to pay him or he would go to police, so he put $60 on a prepaid card and gave the “father” the account and pin number. The man realized this was a scam after the “father” called again requesting more money.

Oct 19, 2017
SCAM: 12:02 p.m., [address omitted]
A woman reported her 15-year-old son had put $1,200 worth of camera equipment on Craigslist. A man named Hernandez Gago contacted them and offered to pay through PayPal if they would ship the camera equipment to New Jersey. They did so and found out the PayPal emails they were receiving were fake.

Oct 18, 2017
SCAM: 2:30 p.m., [address omitted]
A woman reported a man named Mark contacted her via phone and computer saying her bank account had been emptied. The man said he could get the money back for her if she sent him money. The woman withdrew $35,000 from her bank account and deposited it into various accounts at different banks that Mark instructed her to go to. An officer contacted Mark, but he would not answer questions and hung up the phone.

Oct 17, 2017
SCAM: 3:45 p.m., [address omitted]
A woman reported she had been contacted by a man who claimed to work for Wells Fargo and took the woman’s information. She later noticed $4,000 had been withdrawn from her account.

Oct 13, 2017
SCAM: 1:05 p.m., [address omitted]
A woman reported her husband planned to update their Garmin GPS device on the internet. However, he went onto a fake site and paid $180 to a man who pretended to be a Garmin technician. The couple verified with Garmin that they had fallen for a hoax.

Oct 11, 2017
SCAM: 3:30 p.m., [address omitted]
A woman reported she received a phone call from a man who identified himself as David New and told her she had won a 2017 Mercedes Benz. The man asked the woman to provide him credit card information to pay taxes on the car. The woman said she did not give the man any information.

Sept 27, 2017
SCAM: 3:45 p.m., [address omitted]
A woman reported she felt she was being scammed. She said she was contacted by a woman who identified herself as Kristen Anderson on Roommate Finder. After communicating for two weeks, Anderson sent the woman a check. But the check was written for $2,000 more than the agreed upon amount and Anderson asked the woman to wire back to her the extra money. Before wiring the money, the woman realized it might be a scam.

Sept 21, 2017
SCAM: 2:03 p.m., [address omitted]
A woman told police she thought her computer had been hacked after she found she had contacts she had not created. She said she was contacted by Microsoft, who told her they would resolve the issue and to buy iTunes gift cards to pay for the computer repair. The woman bought $700 worth of iTunes gift cards and provided them with the numbers. The woman told police the website "www.fastsupport.com" and the phone number 1-866-955-7984 were used during the scam. An officer called the phone number and spoke with someone but was not able to acquire tangible suspect information.

Sept 11, 2017
THEFT: 2:09 p.m., [address omitted]
A man reported he received a call from a man with an Indian accent claiming to be the federal police. The scammer told his victim that he filled out his admission paperwork to the University of Oregon incorrectly and had to either pay a fine or go to jail. The man agreed to pay the fine and was directed to purchase iTunes gift cards from Safeway and relay the relevant information over the phone. The man provided the scammer with $400 worth of iTunes gift cards. Police informed the man he had been scammed.

This was a small sample taken from reported scams that have happened in the past few months here in Corvallis. Again, I did not pick all of them, only a few. There are thousands that happen in every city each year. These scams can range from an attempt to receive money from you, to stealing various account credentials, purchasing a service that doesn't exist, etc.


Welcome to my mutli-part series on scams. That's about as straightforward as I can make it. This multi-part blog will touch on MANY different types of scams, as well as some more specific ones that were not mentioned above. We will cast a broad net on some, and get down to intricate details on others, so brace yourself, because this information is not only important, but in some ways frightening. We're going to ignore the 'Foreign Nigerian' scam, but we'll touch on a few that aren't too far removed from that.

Part I - Advertising Scams


macAds.jpg
Screen Shot 2018-02-20 at 2.59.13 PM.png

To kick things off, let's define adware. Adware is ads that are designed to make you click on it and purchase whatever type of product they are selling. These kinds of adware can be described as 'clickbait,' which is designed to scare, confused, or intrigue you into clicking on a specified page. Adware is incredibly easy to acquire or accidentally click. Take the screenshot, this is if you type MacKeeper into a search engine. By the way, DON'T download MacKeepr. I am using it strictly as an example and not endorsing it in the slightest. I think it does more harm than good to your computer. I digress...you can see three links to a "MacKeeper" download. If you further analyze it, or worse, click into those pages, only the third one down will take you to the actual MacKeeper webpage. If you look close enough, you can see, in green, the word "Ad" next to the top two links.

If I click on the first link, I see this (picture left). It looks legitimate, until you read the URL. Instead of MacKeeper.com, it is http://mackeeperapp.mackeeper.com/landings/198... What does this mean for you? Be extremely careful when searching the internet, and be very cognizant of the word "Ad" next to the URL.

Screen Shot 2018-02-20 at 3.13.07 PM.png

And just to note, this can happen simply from typing in 'mac help' (pictured below) to a Google search, which yields this first result. If you click on it, it takes you to a page that looks legitimate, and has a phone number plastered across the top of it, which will take you to a call center with another attempt at a scam.

Screen Shot 2018-02-22 at 9.41.21 AM.png
DVe7s-7VAAIyCMi.jpg-large.jpeg

It is surprising how easily ads can trick you into clicking on something accidentally. Again, take the following screenshot. This came from my PERSONAL Facebook page. It is an advertisement for piece of software(?) called Mac Software. As you also tell from the bottom-left of the screenshot, it clearly links you to MacKeeper.com, which I verified. This is one of the reasons I have written so much about MacKeeper, because this is the type of advertising they do. They steal other titles just to attempt to get you to click on their 'clickbait-esque' advertisements. Most users download MacKeeper without even truly realizing what happened. One of the things that I am pleased about is the response by many of those in the Apple community. As an avid member on Apple Discussions boards, which are user-to-user forums that allow average users to ask questions to a community of more experienced users, typing in MacKeeper immediately pulls these results:

Screen Shot 2018-02-20 at 3.24.20 PM.png

Now MacKeeper might think I am calling their software a scam, which I can't legally say, as they're known for sending their cease & desist letters to security researchers, but their advertising strategy is, in every way, shape, and form, a scam.

IMG_5498.png

Fortunately, I have noticed many users starting to realize the many downfalls of this software. Even Apple Support, as they mentioned on Twitter, consider MacKeeper a form of malware. While it may not be malware in-and-of itself, it is what many companies refer to as a PUP (Potentially Unwanted Program) or PUA (Potentially Unwanted Application). One of the only companies that I have seen not identify MacKeeper is a PUA is Avira. After a little research, however, you'll notice that Avira licenses their AV engine (anti-virus engine) to MacKeeper, noted in the MacKeeper EULA (End User License Agreement) during their install.

If it hasn't been made clear, I despise this piece of software, and I have uninstalled it on an insanely, large number of machines, but MacKeeper isn't the only piece of software that gets exploited through adware.

I can comfortably say that one of, if not the, most devious and exploit pieces of software comes from Adobe - more specifically, Adobe Flash Player. Adobe Flash Player has been a long time transmitter of malware and adware to end-user's computers. If usually originates with a pop-up saying that your Flash Player is out of date. This is a scam. If you have any doubts, visit Adobe's Flash Player webpage which will allow you to download a legitimate download. It is unfathomably easy to get duped into downloading one of these fake Flash Players. To show you, check out the video. In this video, I go to a Youtube-ripping site, which converts a Youtube video into just an audio file. It just so happens that when I attempted to "convert a video," it led me to a fake Adobe Flash Player. The most hilarious part was at the end, when it asked me to download MacKeeper...they are the WORST.

The installation of a fake Adobe Flash Player found from a video to music converting website

flash-out-of-date.jpeg

This type of scam is frequently preceded by a picture like the one to the right, so if you see it, exit immediately. I even disassembled the the fake Adobe Flash Player and uploaded the executable file to VirusTotal, which responded with only one hit from different anti-virus companies, saying it was a part of OSX/Bundlore, which is a common form of malware. See the results below.

Screen Shot 2018-02-22 at 3.03.41 PM.png

The primary point is to tell you that you have to be careful when browsing the internet. Only go to reputable sites, and please try to avoid any Google search result that begins with the green letters "Ad," and if you get a popup telling you that your Adobe Flash Player is out-of-date, go directly to Adobe's website, which was linked above. 

Safe browsing!

-Stuart