Phishing Attempts From Cheapfixerproperties.com

We had a customer complaining about emails stuck in the spam filter. They were getting an email with the subject line “(3) Incoming messages failed to sync”. In the email was a button to “Restore Messages”; however, when we hovered over the link the web address was for “https://cheapfixerproperties.com/…”.

We told the customer this was a Phishing attempt, and to not click on that button. They are ready had. We ran a full Vipre scan on their machine.

The URL takes you to a site that Google has already flagged.

Let us know if this helped you…

 

Email Scam – I do know, XXXXXXXX, is your password.

We received an email from a old customer who got an email with the following message.

I do know, xxxxxxx, is your password. You don’t know me and you are probably wondering why you are getting this e-mail, correct?

actually, I actually installed a malware on the adult vids (sexually graphic) site and do you know what, you visited this web site to have fun (you know what I mean). While you were watching video clips, your web browser started out functioning as a RDP (Remote Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software obtained all of your contacts from your Messenger, FB, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you’ve got a nice taste lol . . .), and 2nd part shows the recording of your web camera.

exactly what should you do?

Well, in my opinion, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

BTC Address: 149EV7BbQSuJTS8mHJ5kdjGBvSKMFu7tob
(It is cAsE sensitive, so copy and paste it)

There was more to the email. The point is this email is a SCAM.

The biggest question was it was a password the customer had used in the past. Our best guess is someone gained access to an account they had and was able to capture name, email address and password. With this information they were able to get the scam started.

A Google search lead me to others that have received this email, and they all confirmed it was a scam.

Let us know if this helped you…

 

Protecting From WannaCry Ransomware

We have been diligently verifying our customers computer systems are up-to-date and protected from the lastest round of Ransomware called “WannaCry”.

Not sure exactly what patches needed to be applied I found a good page from SolarWinds the lists the appropriate patches for a given Operating System.

https://support.solarwindsmsp.com/

Microsoft’s Update Catalog allows you to download the the “.MSU” patches. Microsoft recommends using Internet Explorer to download and install the patches. You may need to set downloads to “enable”. In Internet Explorer Tools, under the Security tab, select “Custom Level.”. Scroll down till you see “Download” and click enable.

For antivirus we have been using Vipre. We received a email from Virpe stating the were already protecting customer before the virus was released. That will save us a considerable hassle. Here is the link the sent us.

https://blog.vipreantivirus.com/important-news/urgent-announcement-wanacryptor-wannacry-information/?mkt_tok=eyJpIjoiT1RnME5XUXpObU13TVRVeCIsInQiOiJoQ1FNVmJsQjh3YUpmTFFQUEowbDZpUzZFTG1FV3g5NkN4cnNcL2RKN1AzSWZXSlZwaTA0UUFQTHF4N29lMndwSDlcL2pxK0I2QlVSbGJ0V2NPdDBuMnhhUktKOWlHdW1UbG1Lakp0NFNrTFhYV2lhQVFhM2N2elNMWG5mTHJFTUlxIn0%3D

This list above is good to know the patches.  The next step was to disable “SMB1”. I logged onto the clients server and open Powershell as an administrator, and ran the following commands.

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

All of these updates required a reboot of the server.

Let us know if this helps you…