Phishing Attempts From Cheapfixerproperties.com

We had a customer complaining about emails stuck in the spam filter. They were getting an email with the subject line “(3) Incoming messages failed to sync”. In the email was a button to “Restore Messages”; however, when we hovered over the link the web address was for “https://cheapfixerproperties.com/…”.

We told the customer this was a Phishing attempt, and to not click on that button. They are ready had. We ran a full Vipre scan on their machine.

The URL takes you to a site that Google has already flagged.

Let us know if this helped you…

 

Email Scam – I do know, XXXXXXXX, is your password.

We received an email from a old customer who got an email with the following message.

I do know, xxxxxxx, is your password. You don’t know me and you are probably wondering why you are getting this e-mail, correct?

actually, I actually installed a malware on the adult vids (sexually graphic) site and do you know what, you visited this web site to have fun (you know what I mean). While you were watching video clips, your web browser started out functioning as a RDP (Remote Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software obtained all of your contacts from your Messenger, FB, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you’ve got a nice taste lol . . .), and 2nd part shows the recording of your web camera.

exactly what should you do?

Well, in my opinion, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 149EV7BbQSuJTS8mHJ5kdjGBvSKMFu7tob
(It is cAsE sensitive, so copy and paste it)

There was more to the email. The point is this email is a SCAM.

The biggest question was it was a password the customer had used in the past. Our best guess is someone gained access to an account they had and was able to capture name, email address and password. With this information they were able to get the scam started.

A Google search lead me to others that have received this email, and they all confirmed it was a scam.

Let us know if this helped you…

 

VIPRE – A problem has occurred in VIPRE Threat Scanner

We had a customer who was having VIPRE pop ups. Here is a screenshot of what they were getting.

I contacted VIPRE and they knew right a way how to fix it. They said it was a bad definition that came down in early February. The fix is to download a small file that will remove the old definitions and restart the agent.  Here is the link they sent us.

https://homesupport.vipre.com/support/solutions/articles/1000259870-vipre-alert-2-6-2018-problem-has-occurred-in-vipre-scanning-engine-or-vipre-threat-scanner

I ran the executable which only took few minutes and I got a popup saying VIPRE was my antivirus. I could see in the VIPRE Console on the server that the definitions were updating, so the Console and the agent were communicating again.

Let us know if this helped you…

 

Windows Security Outlook Connecting To Prompt Dialog Box

Had a user getting prompted by Outlook to enter credentials for another email account. There were no additional accounts attached to her outlook. I ended up using Microsoft’s Credential Manager and deleting out all the entries. This time when Outlook opened it was asking to log into a different account that the user once had linked to her email account. I quit Outlook and went back to the credential Manager and deleted out a new entry. Restarted Outlook and the issue was solved.

Let us know if this helped you…

 

Domain Expiration SEO Registration Is Set To Expire – Scam

We have recently received a couple of emails asking us to re-register our SEO ( Search Engine Optimization ). There is a link to pay.

This is obviously a scam. The SEO are carefully crafted words in the webpage. You can pay someone to craft the SEO and put it in the page, but you don’t need to “register” anything.

The company is qualiSEO.org. They charge $75.00 per year with multi-year discounts.

Let us know if this helped you..

 

Is Google Ranking Websites With SSL higher?

We have been hearing about this since the beginning of the year, and yes we are hearing this from our hosting companies. We used Sucuri a number of times to have a some nasty website attacks cleaned up. They have also recently paired up with some hosting companies such as SiteGround because of the number of attacks across the web.

I watched a recent webinar from Sucuri and they are saying it is true that Google will make your site less important in their search results if you are not using an SSL. This is for straight HTML sites as well as an CMS ECommerce site.

The cost for an SSL is around $100 per year. Installing the SSL and configuring your website to work with the SSL takes a bit of work, but we are use to it. If you are interested in upgrading your site security and need some help feel free to contact us.

Let us know if this helped you…

 

Protecting From WannaCry Ransomware

We have been diligently verifying our customers computer systems are up-to-date and protected from the lastest round of Ransomware called “WannaCry”.

Not sure exactly what patches needed to be applied I found a good page from SolarWinds the lists the appropriate patches for a given Operating System.

https://support.solarwindsmsp.com/

Microsoft’s Update Catalog allows you to download the the “.MSU” patches. Microsoft recommends using Internet Explorer to download and install the patches. You may need to set downloads to “enable”. In Internet Explorer Tools, under the Security tab, select “Custom Level.”. Scroll down till you see “Download” and click enable.

For antivirus we have been using Vipre. We received a email from Virpe stating the were already protecting customer before the virus was released. That will save us a considerable hassle. Here is the link the sent us.

https://blog.vipreantivirus.com/important-news/urgent-announcement-wanacryptor-wannacry-information/?mkt_tok=eyJpIjoiT1RnME5XUXpObU13TVRVeCIsInQiOiJoQ1FNVmJsQjh3YUpmTFFQUEowbDZpUzZFTG1FV3g5NkN4cnNcL2RKN1AzSWZXSlZwaTA0UUFQTHF4N29lMndwSDlcL2pxK0I2QlVSbGJ0V2NPdDBuMnhhUktKOWlHdW1UbG1Lakp0NFNrTFhYV2lhQVFhM2N2elNMWG5mTHJFTUlxIn0%3D

This list above is good to know the patches.  The next step was to disable “SMB1”. I logged onto the clients server and open Powershell as an administrator, and ran the following commands.

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

All of these updates required a reboot of the server.

Let us know if this helps you…