A scam email I received earlier today

I had the following email - minus the black blobs - waiting for me when I checked in earlier this morning.

It was from a friend, had no malicious attachments, and so hadn't been consigned to trash or the spam folder.

The content wasn't what I'd expect from that friend so that helped to confirm that it wasn't an email they'd consciously sent me. I made contact and, sure enough, they were fully unaware of the fact that the message had been sent from their personal email account to multiple recipients from their address book.

The implications of this are that the email account had been hacked and/or their computer (an Apple Mac) was infected with some virus or trojan. My advice was to assume the worst; both to be correct and act accordingly. I also advised them to contact everyone who will have received a copy of the email advising them of the situation and to delete the email without reading since the link it contains will, no doubt, be a fast-track to further woes.

For the email account the quick fix is an immediate change of password, preferably using a strong one which at least meets their service provider's recommendations.

Their response, when I suggested the possibility of a virus infection on the Mac, was surprising. They'd been led to believe that "Mac's don't get virus infections" which, apparently, came from the sales assistant. I set them straight on that piece of misinformation and advised they assume the worst and get it checked out even if it is unlikely to be the case. I think they're planning a return visit to the shop within the next few days and will, I suspect, provide some relevant customer feedback.

Intego, Kaspersky and Symantec all offer highly rated security solutions designed to keep your Mac as clean and pure inside as it looks outside. Intego's VirusBarrier 6 offers protection for 2 Macs about £70, Kaspersky's One product will run you about £25 and the Symantec product is about £30 for 2 Macs. All three offer comprehensive anti-malware protection.

If these are too pricey, Sophos and ClamXav are available for free. If you're new to anti-virus software (and most Mac users are) you might want to try a free option to learn more about what's available to you.

How to check that a web site is safe to visit

Links to web sites present themselves to us in a myriad different ways. That link in a Facebook post that'll show us a funny video; an email from an acquaintance containing a link to an amazing special offer; a message posted in a newsgroup or forum containing a link to a valuable piece of information; the list is endless. Most of the time these links do exactly what is expected. However there are folks out there hoping to trick us into visiting some web page or launch a piece of code that'll attempt to perform some unexpected and probably harmful action. But, hey, I've got internet security software so I'm protected against this kind of thing, right? Not necessarily. It's not guaranteed that your internet security app, even when fully up-to-date, will 'know' about that new piece of malware and, therefore, may not be able to block it. So the best advice is  if you really want to proceed then do so with caution. Thankfully there are some resources out there that'll help. Here are a couple of sites the purpose of which is to check the safety of a web site when given the site's address.

McAfee's Site Advisor - It's not necessary to install the free download in order to use this resource. Instead I suggest you go ahead and enter the site's URL into the  text box in the right sidebar under the heading of View a Site Report (see image on right) and you'll see either a green (safe) or red (unsafe) at the beginning of the report. If you're interested to know more SiteAdvisor goes on to provide a lot more detail.

Norton’s SafeWeb (see screenshot below) works in a similar way to the McAfee site. When displaying a site’s threat report it contains user community input in the form of reviews and ratings in the right sidebar. The actual Norton review starts with the green (safe), orange (caution advised), red (unsafe) or grey (unknown) icon, followed by the threat report, that includes the results of 17 different malware tests. For certain sites, Norton’s SafeWeb also reports information of e-commerce safety (whether the site encrypts transactions and has a privacy policy).







In summary it makes perfect sense to use one or other of these sites to check out a web site if you're at all unsure about its safety.

The Microsoft phone scam continues to plague us in 2013

If you receive an unsolicited phone call from a security 'expert' from Microsoft (and possibly other vendors) offering to fix your PC - it's a scam. It's been doing the rounds for several years now and is obviously deceiving some into parting with money. Otherwise it would have gone away by now. Here's how to avoid the 'Microsoft phone scam', and what to do if you fear you have fallen victim to it.


Here's how the scam works...

The scammer calls you and asks for you by name. He/she will say they are a computer security expert from Microsoft (or another legitimate tech company). The 'security expert' is direct and polite, but quite forceful. They'll say that your PC or laptop has been infected with malware, and that they can help you solve the problem. What happens now depends on the particular strain of scam with which you have been targeted.

Some scammers will request that you to give them remote access to your PC or laptop, and then use the access to harness your personal data. Others will instruct you to download some piece of software which contains malware that will automate the task of harvesting your personal data. Another variant of the scam involves the scammer simply asking for a payment in return for a lifetime of 'protection' from the malware they allege is on your machine.

The bottom line: no bona fide IT security specialist is ever going to call you in this way. For one thing, they can't tell that your PC is infected. The scammer is calling you simply because they've harvested your name and number from a phone book, or some other marketing list to which your details have been added at some point in the past. The scammer knows nothing about you or whether you've even got a home computer - it's nothing more than a trawler trip. However the scammer fully expects to catch the unsuspecting and unsure off-guard which is the only reason he/she is doing it. It's not personal, but, like any crime, it makes you the victim and is ultimately harmful to you on many levels.

The Microsoft phone scam: my advice if you're called by one of these scammers...

1. Just put the phone down. Don't react to the call. In fact your best response is to say nothing at all.

2. If they do manage to engage you in conversation, don't provide any personal information. This is a good advice for any unsolicited call. And certainly never reveal credit card or bank details.

3. Don't allow any unknown caller to guide you to a webpage, or instruct you to change a setting on your PC or download software.

4. If you feel motivated to report the call to the police (yes it is a crime after all) you can attempt to get the caller's details. Having some information can only help the police track the criminal.

5. If you have revealed any information to the scammer e.g. username/password info change those passwords and, if possible, the revealed usernames. It's also worth running a scan with up-to-date security software. Also ensure that your firewall is active 

The Microsoft phone scam: what to do if you have been caught out by this

1. Don't give yourself a hard time over this. It's a successful scam and has been - and continues to be - used to successfully trick many. 

2. As already mentioned change all the personal data that you can change. There's lots of data you simply can't change because it's fixed e.g. date of birth. But you can usually change your passwords and usernames. It can cause a lot of grief to change but you can create a new email and then start using that separate email account for linking to your online accounts for banking, shopping, etc. 

3. Contact your bank to explain what happened and ask them what they can do to help.

4. Ensure you use up-to-date security software to scan and, if necessary, cleanse your PC of any virus or malware. And if the scammer did get you to do something to your PC using Windows' built-in System Restore facility to roll back the settings is a good step to take. Here's an article that describes how to use system restore in Windows 7.

5. Do tell the police, especially if you've lost money. It's worth checking whether your credit card company or contents insurance will cover the loss.