Phone Scam of the Week – A New Twist

A week doesn’t go by when we don’t get a call from a “Microsoft security specialist” telling us that they have “detected something wrong with the security of our computer”.

Depending on what we are doing, we’ll either hang up or explain to the “security specialist” that we don’t have time. First, though, we will listen to their script to see if anything has changed, and if it has, we’ll want to see what has.  Today was one of those days.

The call, this one from 203-695-4021 (a Connecticut phone number) came in at around 1:30pm.  The person, who had a thick Asian accent, identified himself as being a security specialist with Microsoft.  He said that for a few days “our firewall has not updated and he needed us to update the Windows key.

We played along, since this was a new script.  The steps were as follows:

Identify the Windows Key and push it, while pushing the R key.  This, of course, launches the Run command.  He requested that we enter “CMD” in the field.  This brings up a Command Prompt.  He had us check the IP address of the PC by using the IPCONFIG command.

Next he had us repeat the Run comma

nd and enter MSCONFIG in the field.  This brings up the basic settings on the computer.  The main reason for this is that they want to “show us some issues with the computer”.  These “issues” are normal everyday things going on with the PC.

Next he had us write down a “Windows Key”, which consisted of eight characters, five numbers and letters, then a dash, then three more letters.  He said we would need this “key” later in the process.

He next wanted us to open a browser window and go to www.help123.ml so that he could remote in to the PC.  This is where we stopped and informed him that we were terminating the conversation (we didn’t say it that politely).

Had we gone to the next step, he would have remoted into the PC, then taken over control and/or installed some malicious software (also known as malware).  This could range from keyloggers to capture user names and passwords, but also viruses or worms to spread to other computers.

As we have documented in the past, Microsoft does not monitor your computer.  They do not have people call you letting you know that there’s a problem with your PC.

Should you get a call from anyone who identifies him or herself as being from a computer company and that they have detected an error with your PC, or a virus on your PC, please hang up.

If you are reading this and you know that you’ve allowed access to your PC to someone who called you, contact your IT support person immediately so that they can scan your PC for malware.  If you con’t have an IT support person, contact us at pcmdxal@gmail.com for further assistance.

If you’ve allowed access to your PC by one of these scammers and you gave them your credit card (yes, they sometimes have the guts to ask for payment after they scam you), keep an eye on your statements for any unauthorized transactions.

The bad guys are smart.  We need to be smarter.

Scam E-Mails: How To Tell

 

Recently PCMDX received a call from a business who’s bank account had been compromised.  Someone, using legitimate information, was able to gain access to the account and make transfers from the account to another account, and also made wire transfers to a third party.

The business had been told by the bank that their network had been hacked and that they should seek some help in securing their network, which is why they contacted PCMDX.  We focus providing network support for small businesses that have less than 15 computers, and one of our specialties is cybersecurity and compliance.

Although how the actors (the term used for the “bad guys” since they are “acting” as a legitimate party) were able to get the necessary information is still under investigation, it’s likely that it was given to them by one of the company officers via e-mail.

 

We recently received a scam e-mail and we’d like to share it with you so that you can learn how to determine if it’s a legitimate e-mail or not.  Please note:  If you’re not sure if the e-mail is legitimate, call the sender and ask them if they sent it, even if it passes all of the tests.  It’s better to be safe and verify authenticity than take a chance.

Here’s a screenshot of the e-mail we received, along with some notes (Click on the image for a full size view).  We blurred out information that is not relevant.

 

Let’s begin at the top.  The subject line “Please Read! (Final Warning) | 06/05/2017” sounds pretty threatening and will get your attention right away.  But it doesn’t indicate who it’s from or what it’s about.

If you look at Blue Arrow 1, you’ll see that it’s from “ACME account team”, followed by the e-mail address of “admin@MAIL.HAMILTONTN.GOV”.  (We’re going to use ACME as the alias for the name of the company).  So here you have two major clues that this is a scam.  First, the words ACME account team.  Any legitimate company will list themselves as ACME Account Team, with all words capitalized.  This is a major clue that this e-mail did not originate in the US (most scam e-mails are from overseas, where grammar is poor).

Our next clue is the e-mail address.  Although “admin” is legitimate, MAIL.HAMILTONTN.GOV is not.  That’s an e-mail server for the city of Hamilton, Tennessee.  It has a .gov domain ending, which can only be assigned to government entities, such as cities, counties, states and the federal government.  Why would ACME have this domain?  If it were a legitimate e-mail from ACME, it would end with something like ACME.com or ACME.net, not a .gov domain.

The body of the e-mail is actually very good, at least when it comes to scam e-mails.  It’s convincing, it has information in it that the typical person would consider to be legitimate.  However, as we get to the bottom, some red flags appear.

When you hover over a link (and the Blue Arrow 2 is pointing to two links, “Visit Help and Support” and “Login to My Account”), the bottom part of your browser, known as the status bar, will display the link that it’s pointing to, which we’re using the red arrow to point to.  In other words, when you click on the link, it’s taking you to the web site that is showing in the status bar.

This particular link is pointing to baltoo.com/ACME/index.php .   This should immediately sound an alarm with the person reading the e-mail.  The company that is sending this is ACME, but the domain it’s pointing to (the first part of the web address is always the domain) is baltoo.com .  Anything after the domain name is irrelevant, since that’s just the directory and folder inside the server it’s pointing to, and you can name that anything you want.  When you hover over the link, it should point to the company you’re trying to go to.  So it should read acme.com/Acme/index.php.

Once you click on the link, one of two things will happen.  Either you will be shown a very convincing site that is asking for your user name and password, or you will end up on poisoned site that will infect your computer with malware, such as a virus, a Trojan, or ransomware.  If it’s the former, you’ll enter the user name and password, and within minutes the actors will have gained access to your site (as they wanted to in this case), or perhaps gained information such as name, address, social security number, date of birth, etc. (under the guise of “verifying your identity”).

Recent studies have shown that firewalls, anti-virus programs, and other security software and hardware, although still crucial in preventing attacks, need to be supplemented by training of staff so they know what they should look for.  (That page also has a quiz you can take to see how much you know about phishing attacks – we scored 10/10.  How’s your score?).

Our companion site, Don’t Become Another Target lists dozens of examples of how companies, some billion dollar plus companies, were compromised not by technology, but by social engineering.  In other words, a con job either via e-mail or via phone.  Adequate training would have prevented many of the attacks.

If you’re a small business that doesn’t have an IT department, but would like IT level support, contact PCMDX today.  We’ll take care of your computer network and cybersecurity needs so you can take care of your business.  And don’t wait until you’ve been compromised.  The cleanup is much costlier than the prevention.

Analysis of a Scam

Scams can happen to anyone, including IT companies like PCMDX.

Let’s look at a recent scam that someone tried on us and how we were able to determine it to be a scam.

On 8/17/16 at 2:59pm we received a text from 12025564828 that read:

“+12509000912 – Are you available to repair computers and please let me have your email so I can email you all details of my request.Contact Robert Gates on (737) 210-7809 & rg757711@gmail.com.”  (quotations put in by us).

Seemed OK, and we receive e-mails requesting repair quotes often, so we replied with our e-mail address.

On 8/19/16 at 12:09pm we received the same e-mail with one addition:

“+12509000912 – Are you available to repair computers and please let me have your email so I can email you all details of my request.Contact Robert Gates on (737) 210-7809 & rg757711@gmail.com.”

On 8/18/16 we received this e-mail from Robert Gates:

Hello,
 Thanks  for your  reply. I have some Hp PCs(Intel Pentium M) since we currently have a major breakdown on most of our systems and I thought it was best to have a general upgrade and maintenance. (I will be providing the software needed). Below are the things needed to be done one 
on each laptops:
1 Format Hard Drive
2 Install Window 7 with Service Pack 1 (sp1)
3 Install Microsoft Office Package
4 AVG Virus Software  (Free Lifetime Updates)
5 Adobe Acrobat Reader
6 Laptop Cleaning of the keyboard, screen and other case.
7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc.
The Laptops are in California  and will be shipped over to you from there.I am contacting you because we are about to have a  branch office there in  your  city 
We will move the  Computers to you  and after  fixing, they will be shipped to out branch office there this is why i’m  searching local  Computer expert  to fix it there. 
I have a reliable shipper whose service I’ ll employ to bring down the laptops. The shipper will bring down as well as pickup the laptops when you are done with fixing them. My shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers .  Also the windows CD’s are licensed and i have all the other software mentioned available.
So the question is can you really carry out this task from your place presently?Get back to me with your total cost for the services of 6 units of Hp PCs(Intel Pentium M). Please note that i have all the software with the licenses available with me for the job.I await your urgent response so that i can put the arrangement in order. Hope to read from you at your soonest convenience.
Best Regards,
The language seemed a little strange.  Let’s break it down:
Hello,
 Thanks  for your  reply. I have some Hp PCs(Intel Pentium M) since we currently have a major breakdown on most of our systems [this makes no sense] and I thought it was best to have a general upgrade and maintenance. (I will be providing the software needed). Below are the things needed to be done one 
on each laptops [again, this makes no sense]:
1 Format Hard Drive
2 Install Window 7 with Service Pack 1 (sp1) [Should read “Windows”]
3 Install Microsoft Office Package
4 AVG Virus Software  (Free Lifetime Updates)
5 Adobe Acrobat Reader
6 Laptop Cleaning of the keyboard, screen and other case. [Probably meant “outer” instead of “other”.  Punctuation errors]
7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc. [This is done before 1-6, not after]
The Laptops are in California  and will be shipped over to you from there.I am contacting you because we are about to have a  branch office there in  your  city We will move the  Computers to you  and after  fixing, they will be shipped to out branch office there this is why i’m  searching local  Computer expert  to fix it there. [This is riddled with punctuation and grammar errors.  Where is the city? ]
I have a reliable shipper whose service I’ ll employ to bring down the laptops. The shipper will bring down as well as pickup the laptops when you are done with fixing them. My shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers .  Also the windows CD’s are licensed and i have all the other software mentioned available.  [This is riddled with punctuation and grammar errors. Why make a point of the license?]
So the question is can you really carry out this task from your place presently?Get back to me with your total cost for the services of 6 units of Hp PCs(Intel Pentium M). Please note that i have all the software with the licenses available with me for the job.I await your urgent response so that i can put the arrangement in order. Hope to read from you at your soonest convenience.  [This is riddled with punctuation and grammar errors. Again, the point of the license.  Urgent?]
Best Regards,
Warning Number 1 when suspecting a scam is taking place:  Grammar.  Spelling.  Punctuation.
These scams are perpetrated by people who’s native language is not English.  Since English is their second or third language,  or perhaps their Google Translate version of English, there will be mistakes.
A legitimate company will NOT make this many errors.
Warning Number 2:  Vagueness
Where in California is he based?  Where is the city where his “new office” is opening?  A Gmail address with letters and number?  Too vague.
Next step to confirm a scam is to check the wording by Googling a sentence.  These people use a template, often changing just a couple of items, so it’s possible to find a report of a scam that occured in the past.
We Googled: Get back to me with your total cost for the services of 6 units of Hp PCs
which returned this page:
https://www.scamwarners.com/forum/viewtopic.php?f=43&t=24038&start=30
One post in this forum showed the following e-mail had been sent to the reporting person on 6/12/12:
Hello, i want to know if you still repair computer because i have issues which i need you to resolve.

Second email:

Thanks for reply I’ve got some Pentium-D dell laptops that needs to be fix. Below are the things needed to be done one on each laptops.

1. Format Hard Drive
2. Install Win XP with Service Pack 3
3. Microsoft Office Package
4. AVG Virus Software (Free Lifetime Updates) 5. Adobe Acrobat 6. Diagnostics of the entire system ( i. e. check hard, cdrom, floppy, etc.)

The Laptops are ten 10 in number and will be shipped over to you from there I have a reliable shipper whose service I’ ll employ to bring down the laptops. The shipper will bring down as well as pickup the laptops when you are done with fixing them.

Also the windows CD’ s are licensed and i have all the other software’s mentioned available. So the question is can you really carry out this task from your place presently? Get back to me with your total cost for the services of 10 units. Please note that i have all the software with the licenses available with me for the job.

Regards.

Hmm…coincidence?  We think not.
The above link shows that in fact it is an ongoing fraud.
On 8/23/16 Mr. “Gates” attempted to find out the status.  We replied with the link.  Hopefully he’s moving on.
If you suspect something fraudulent, don’t give ANY information out.  If you need a cybersecurity specialist, contact us today.

Ransomware: Time to Pay Attention or Pay Big Bucks

This post is a very long one, but it’s important you read every word if your data is important.

If you follow us on Facebook.com/pcmdx you know we’ve posted twice over the past month about ransomware attacks that we’ve been called to.

The attacks usually use the same method.  The user will receive an e-mail from an unknown sender and it will have the subject line of “Invoice Attached” or something similar.  The word invoice is the common denominator.

The user will look at the e-mail and see that it asks them to open the attached Word document, which is the “invoice”.  When they open the document, the ransomware attack begins, however, it is not noticeable to the user.

These particular attacks encrypted all of the users Office files (Excel, Word, Powerpoint, Access, Outlook PST) files.  It did not encrypt any PDF files or any image files, which usually would have been encrypted as well.

The user will notice that the attack has taken place when they attempt to open one of the files and the Windows program selector launches.  This is the Windows feature that comes up when you attempt to open a file and no program is associated with it, meaning it doesn’t know what program to use to open the file and it asks you to choose one.  In this case, there’s no program to launch an encrypted file.

We were called to attempt to recover the files and to remove the malware that encrypted the files.

The ransomware senders (we’ll call them the “bad guys”), usually have the ransomware program generate a text file that it leaves in each directory that has files that were encrypted.  We found this text file in all of the directories with Office files, as well as the Desktop.

The text file is the “ransom note”.  It explains what happened to the user’s files, and details how the files can be decrypted back to a usable state.

In a nutshell, the bad guys want a payment made via Bitcoin, usually ranging from a few hundred dollars to several thousand.

Although not always the case, once the ransom is paid, the decryption code is sent via e-mail.  Once the code is entered, the files are decrypted and are usable again.  It should be noted that this is some of the time, not all of the time.

In two of the cases, the ransom was not paid and the users accepted the fact that the files were gone.

In one of the cases the user felt that they needed the files, there was no backup, so they agreed to pay the ransom, although we recommended against doing so.  The payment process took about three hours to complete.

It included opening a Bitcoin wallet, which is a software based wallet.  Once the wallet was created, Bitcoin needed to be purchased.  We found a seller in Tennessee who would sell the amount of Bitcoin needed (B 0.74, which was about $350, the amount of the ransom).  Since there’s a trust issue between seller and buyer, the only way to pay the seller was to go to a Western Union type facility and wire the money.  In this particular case, the Walmart 2 Walmart method was chosen.  For those of you who don’t know what that is (and we didn’t know until this episode), you go to Walmart, fill out a form with the recipient’s name, address and phone number, give Walmart the cash amount, they then wire it to the Walmart closest to the recipient, who then picks it up.

Once the seller has been paid, he places the Bitcoin in an electronic escrow account, which the Bitcoin buyer then accesses and sends to his electronic wallet.  Once this has been completed, he sends the ransom Bitcoin amount to the wallet of the bad guys, which is given to him in the ransom note.  Once the bad guys confirm receipt, they provide a program to decrypt the files.  If this sounds complicated, it is.  Very complicated.

With this client, we received the decrypt program, ran it and it responded that the ransom had not been paid, therefore it shut down, without decrypting any files.

As odd as this may sound, the bad guys did have a “support” form on their web site where one could ask for help if the files didn’t decrypt.  We used this form and they responded by asking that we submit five of the encrypted files to them and they would send a new decrypt program.  Based on the timestamp of the response, we determined that they were in western Europe.

They provided a web site address to send the files to, but it required their e-mail address in order to send, which they refused to give, so we were unable to send the files.  After a back and forth requesting their e-mail address, they blocked any further conversation, so the episode was closed.

The client lost his files.  The client lost his ransom money.  The moral of the story is DON’T PAY THE RANSOM AND MAKE SURE YOUR FILES ARE BACKED UP! (PCMDX had recommended that they do not pay the ransom, however the client insisted).

The latest type of ransomware goes a step further.  It doesn’t encrypt the files.  It encrypts the entire hard drive, so nothing is usable.  Unless you have an backup image of your hard drive, you won’t even be able to log into Windows.

So what can you do to prevent ransomware from ruining your day, or your year?

First, ask yourself one simple question:  “Is there anything on my computer that I cannot absolutely, positively live without?”  If the answer is “Yes”, then you need to take steps to protect yourself against malware (including viruses, ransomware, Trojans, worms, rootkits, etc), hardware failures,  data theft, and other data losing issues.

The very first thing you need to do is to make sure you have a backup of your system.  PCMDX uses and installs two backup strategies, an image based backup and a file based backup.

An image based backup consists of an image, or “picture”, of you hard drive.  The backup software makes an exact replica of your hard drive.  In the event of failure or loss, the backup software recreates the hard drive onto another hard drive.  Think of it like cloning your hard drive.

PCMDX believes this to be a better system for one main reason:  time savings.

A conventional backup copies only the data from a hard drive.  Let’s say there’s a failure of the hard drive.  Here’s the recovery steps:  reinstall the hard drive, reinstall the operating system, reinstall the updates and patches,  reinstall the programs,  copy the data from the backup.  This could take hours, perhaps days until completed.

If there’s a hardware failure on a computer with an imaged backup, here’s the recovery steps:  reinstall the hard drive, insert rescue disk, point to image location, begin restoration.  45-60 minutes later it’s like nothing happened to the computer in the first place.  Everything is as it was when the image was created.

Depending on the software used, individual files can also be recovered from an image.  This is great if a user accidentally deletes a file.

The cost of setting up a backup system is less than what would be paid if there’s a ransomware attack.

We cannot emphasize the two following points enough:

  1.  Have a backup plan in place.  If you don’t know how to implement one, call PCMDX today.  We’re not talking about backing up one or two files on a thumbdrive (although that’s better than nothing).  We’re talking about backing up your system, and other systems in your network in case of disaster.  Again, if you answer the question “Is there anything on this computer that I cannot live without” with a “yes” answer, and you don’t have a backup plan in place, you need to create one today.
  2. NEVER open any attachments from senders you don’t know, from senders you’re not expecting anything from, from e-mails that are vague in nature or have spelling and/or grammar errors in the body of the e-mail.  If in doubt, call the sender and ask them if they sent you an attachment.
  3. If you’re hit, DON’T PAY THE RANSOM.  Our latest experience proves that even after you pay it, you’re dealing with people who have no ethics, no morals, no sense of right and wrong, and very poor command of the English language.  Your files are lost and paying the ransom simply adds to the cost of fixing the problem without recovering your data.

One other bit of information:  If your PC is on a business network, and you have networked drives (places on a server where you can access your files), including Dropbox, OneDrive, and Google Drive, those files can be encrypted as well.  Make sure they are also part of the backup plan.

Feel free to share this with your friends.

 

 

Windows 10 – Update 3

The questions about Windows 10 upgrade have not stopped.  We get them daily.

“What do you think of Windows 10?”

“My computer keeps bugging me about upgrading.  Should I?”

“Do you think it’s time to upgrade yet?”

It’s looks very pretty.  No.  And No.

We’ve talked about the upgrades in our two previous posts (Part 1 and Part 2)

In their latest campaign to convince users to upgrade, Microsoft has taken to SMB (Small to Medium sized Businesses).  They have a Facebook post that features a video that shows the benefits of upgrading to Windows 10.  Here’s the part that bothers us about the video:

About a minute in, the “Microsoft Spokesperson” shows a business how easy it is to upgrade.  He sits in front of the PC surrounded by “employees” of the company, clicks on the Windows button in the system tray, it launches the upgrade process.  The he says “Just agree to the terms and conditions and you’re done!”.  They all go to lunch and by the time they get back they live happily ever after since the Windows 10 upgrade is complete.

OK, let’s get out of make-believe land and back to reality.

We all have done it.  Most of the time we continue to do it.  We’re used to doing it.  What?  Agreeing to the Terms and Conditions without reading them.

But in this case, is it the right thing to do?  Needless to say, we’re required to accept the terms and conditions on any software that we install, but all those pages contain information that may be good to know.  Especially in this case.

Windows 10 offers two types of install, Express and Custom.  Express means you agree to the terms and conditions, and accept all of the default settings.  For those of you who haven’t seen the default settings, many of them include a feature that sends information back to Microsoft.  Microsoft uses this information to deliver a more personal experience.  In the Express settings mode, this includes a variety of tracking software.

Microsoft has said they’ve discontinued the practice of tracking everything.  However, they just released the latest stats on Windows 10:

“Here’s the list of milestones that Microsoft just achieved:
  • People spent over 11 Billion hours on Windows 10 in December 2015.
  • More than 44.5 Billion minutes were spent in Microsoft Edge across Windows 10 devices in December alone.
  • Windows 10 users asked Cortana over 2.5 Billion questions since launch.
  • About 30 percent more Bing search queries per Windows 10 device compared to prior versions of Windows.
  • Over 82 Billion photographs were viewed in the Windows 10 Photo application.
  • Gamers spent more than 4 Billion hours playing PC games on Windows 10 OS.
  • Gamers streamed more than 6.6 Million hours of Xbox One games to Windows 10 PCs.”

How do they know this?  Hmmm….

PCMDX clients know that we’re huge advocates of Microsoft, however our main focus is privacy and security.  Yes, if “they” want it, “they” will get it, however, we don’t have to leave the door not only unlocked, but open for them.

No, at this time we’re not recommending that those of you using Windows 7 upgrade to Windows 10.  Those of you using Windows 8 or 8.1 will have to decide if privacy or usability is more important.  We’re writing this post on a Windows 10 laptop (it came with the laptop).  It’s much more user friendly than Windows 8.  But we turned off all of the data mining features that we could turn off.

Is this the best operating system that Microsoft has released?  The word “best” is subjective.  What’s best for you may be different than what’s best for us.  Is it the most feature packed?  Absolutely.  Is it powerful in today’s internet world.  Yes.  If you use a PC to check e-mail, update your Facebook status, and surf the web, then there will be little difference between Windows 10 and Windows 7.

But wait!  Microsoft just issued a warning to those who use Windows 7.

And the latest information tells us that Microsoft will start to make the Windows 10 upgrade a “Recommended Update”.  What does that mean?  Glad you asked.  It simply means that if you have your Windows Update settings set to install all updates automatically, it will install the files even if you’re not interested.  This means if you don’t want it, you’ll have to turn off the automatic update function and go to “Notify me of updates but let me decide to download and install them” in the Windows Update settings in Control Panel.  Which means that you’ll need to make sure you install the important updates at least once a month.

Stay tuned.  Microsoft wants you to have Windows 10.

Your credit card got hacked…how did it happen?

We read every day stories about people’s credit cards that were “hacked”.  We put the word hacked in quotes because it’s really not the correct term.  The better word is breached.

Regardless of the what you call it, the bad guys got your credit card number and now you have to jump through a bunch of hoops in order to fix it, from calling the credit card provider, to looking over your statements to see where all the bad guys used your card.

But how did you get here?  Where did the bad guys get your card?  When did it happen?  What method did they use?

First thing’s first.  It most likely didn’t happen recently.  Unless you lost your card, chances are your card was compromised weeks, if not months ago.  So don’t blame the last place that you used your card.  Not only did they probably not have anything to do with it, but you’re also making possibly a slanderous statement against that company and could find yourself in legal trouble.

The card may have been compromised at a merchant who was not PCI Compliant, a requirement for any merchant who takes credit cards.  Unfortunately, many merchants don’t have a clue that they need to be compliant, or under the assumption that they already are, based on wrong information they are receiving from their credit card processor.  Here’s some simple facts:

  •   No breach has ever occurred at a merchant who was 100% PCI Compliant.
  •  All breaches that have occurred were at merchants who were not PCI Compliant.  

The card may have been breached at a gas station or ATM that had a skimmer installed.   This method collects card information for a period of weeks or months.  The bad guys (and girls) then take the numbers and encode them on pre-paid credit cards they purchase at a drug store, and go on shopping sprees.  The length of time between the skimmed cards and the using of the accounts could be a few months.

Banks have become smarter when it comes to compromised accounts.  Many years ago when a card was compromised, the victim would find charges that were made in other states or even other countries.  Today, if there’s suspicious activity on an account, often times the bank will call the account holder and ask them if they are in another state.  If they are not, they will not authorize the transaction.

Because the banks are now monitoring accounts, the bad guys are adapting.  Usually, if a card holder is based in a particular ZIP code, the bad guys will harvest all of the account numbers for that area, then descend on that area and begin to use the compromised accounts in that area.  That raises less suspicion with the banks.  However, the time between the breach and the using of the account can be weeks or months.

Here’s a great article that gives you a very detailed view on credit card breaches.

If you’re a merchant who takes credit cards and are not sure if you’re PCI Compliant, contact PC Medics of Alabama today at 205-201-0389 or via e-mail a info@pcmdx.net for a free consultation.  Our PCI Compliance experts will go over your network and give you recommendations on how to become compliant.

Before you get rid of that old PC or Laptop, read this!

So you’re about to replace your PC or laptop.  You’ve transferred all your files and folders and are ready to sell it, donate it, give it to someone or throw it out.  Before you do that, STOP!

Simply deleting files from your hard drive doesn’t make them go away.  All it does is remove the “pointer” to the files so that the operating system (OS) thinks that it’s OK to write new data to that space.  In other words, the data is still there until something else overwrites it, and even then, a good “undelete” program can recover it.

OK, so how about formatting the drive?  Will that take care of it?  Nope.  A good undelete program can still recover the data.

A recent study by Blancco Technology Group and Kroll Ontrack showed that 48% of the used hard drives being sold on Amazon still had enough residual  data on them to reveal information on the previous owner.

So what should you do?  There’s a number of options.  PCMDX sponsors an organization called Learning To Be the Light (2BTL). 2BTL refurbishes PCs and gives them to low-income students in the Hoover City Schools.  Any student who is on free or reduced lunch, 2BTL  will give them a PC, a monitor, keyboard, mouse and anything else they may need.  If they are a junior or senior in high school, they are also given a laptop in addition to the PC.

When someone gives their PC to 2BTL to be refurbished, 2BTL  will ask if they want the old hard drive.  If they do, then the old HD is removed and given to the person giving the PC.  This is by far the safest method because all of the data is on the HD and the HD doesn’t take up much space.  So if you’re giving away or selling your old PC, try to remove the HD first.  A replacement drive usually will cost under $100.

What’s the downside of doing this?  Usually restoration software is on the HD, which means the recipient will have to order the restore software or re-install the OS, then re-install the drivers.  This can be complicated and expensive.

If the person giving the PC to 2BTL  doesn’t want the old HD, then 2BTL  will use a software program called Darik’s Boot and Nuke (DBAN).  DBAN is a free program that will not erase the HD, but write data over the existing data 8 times, usually in the form of 0s and 1s.  After 8 times, the original data is not retrievable, even by the best forensic experts.  This will work on most non-SSD, non-RAID HDs.

The downside of this process is that it’s very time consuming, sometimes taking over 24 hours per drive.  The recipient of the HD, if they plan on using it again in the same PC, will have to order restore software or install the OS, then drivers.

Either method is inconvenient, however, having your personal information compromised is more inconvenient.

If you need to sell or otherwise get rid of your PC or laptop, but don’t want to give it to Learning To Be the Light, PCMDX can take care of securing your HD before you hand your PC or laptop to the new owner.  Contact us today for a free estimate at 205-201-0389 or via e-mail at pcmdxal@gmail.com .