Mac Security

Call Toll Free + 1-800-870-3001? Don't Do It!

You may see an alert in the Safari web browser telling you to "Call Toll Free + 1-800-870-3001". This is referred to as browser hijacking – don't call!

 

A misspelled url or inadvertent click may send you to a website that immediately presents the window shown below:

Call Toll Free 1-800-870-3001

This is a kind of browser hijacking, and the people that caused that message to display are not your friends. Calling that number will only lead to more problems and tremendous expense.

But don't worry, your machine is not really locked. Simply click the "Don't show more alerts from this webpage" box at the bottom left, then close the tab/window that remains. It too will display more warnings (as shown below), just ignore these too.

If that doesn't work, or you don't see the "Don't show more alerts from this webpage" checkbox, don't worry – just check out this post on escaping this browser hijacking attempt.

Beware Delvelogic LLC Mac Ransomware Scam

If your Mac freezes with a message to contact Apple support and you end up talking to Delvelogic LLC be careful – it is a ransomware scam.

 

Earlier in the week a colleague had a very scary experience. Her Mac laptop locked up and displayed an official message that the machine had been compromised. The message went on to explain that she needed to contact Apple support immediately, along with a phone number.

She followed the directions to the letter. Technicians connected to her machine and confirmed the existence of malware and spyware. They showed her diagnostics as proof of this, and explained specifically that foreign hackers were secretly observing her activity, logging keystrokes, stealing passwords, etc. They scared the hell out of her.

They then transferred her to an Apple support partner for resolution. The support partner, a company that identified themselves as Delve Logic LLC, connected to her computer and removed all of the malware and spyware. My colleague was happy to have her computer back and gladly paid the $499.99 fee.

Unfortunately the whole thing was a scam. The people she paid to help were also responsible for locking her machine in the first place. The official looking message was fake, as was the number that she called. These people took control of her machine, then tricked her into paying them to unlock it.

And, adding insult to injury, they used the unfettered access she granted during the support session to her machine to install more spyware that really did let them steal passwords, etc.

At this point I should point out that the affected person affected is not unaware, gullible or naive. She is a mature, sophisticated, highly intelligent individual. These scams work because the people who run them are very good at what they do.

A short while later she started to have second thoughts. She looked up the actual Apple support line from the official Apple website and called in. The service was great and she was quickly escalated to a senior team that connected and removed all of the malware. They also gave her additional help and advice, encouraging her to change all passwords, etc. She is also pursuing a chargeback with Visa.

  • In this case the company identified themselves as Delvelogic LLC. There does appear to be a technology company called Delvelogic but there is no reason to assume any association between them and the scam. It is possible that the culprits just use the names of legitimate companies, harming their reputations to help carry out their scheme.
  • Install all official Apple updates as soon as possible as these frequently include security patches.
  • Use some kind of Antivirus software. Sophos Antivirus for Mac and Clam Xav are both excellent free antivirus tools.
  • If you intend to call Apple support go straight to the Apple website and get the contact information there. It is very easy to fake an official-looking email, etc. with bogus information that will misdirect you.
  • If there is any talk about a charge ask for a quote/estimate, or other email. In this case the receipt, issued after the fact, used a random-looking gmail account that appeared to have no connection to the company name being used (Delvelogic), which is a significant red flag.

This situation also illustrates why a strong password strategy is so important. Through keyword logging for even a brief period, or through social engineering, it is very easy for someone bad to get one of your passwords.

It can be assumed that you bank online, have an account with Amazon, etc., and it is also extremely easy to test one password against multiple sites. If you use the same password in multiple places you are then in very deep trouble – the one password has now given them access to everything.

Better Security With Google Authenticator

Some new content on my personal blog looks at how Google Authenticator can help protect you online.

One post looks at the concept of multi-factor authentication and the advantages and disadvantages of the three types of factors...

 

  • Possession Factors – Something You Have: a key or credit card, also tokens like single-use PIN numbers.
  • Knowledge Factors – Something You Know: a password, PIN number or "secret question" like "what was your mother's maiden name?"
  • Inherence Factors – Something You Are: a fingerprint, retina scan, etc.

 

... and how combing different factors in multi-factor authentication makes the authentication process stronger. One example would be the new Chip and PIN credit card authentication model. Right now using a credit card really only requires a single possession (something you have) factor – the credit card itself. Adding a second factor, a something-you-know knowledge factor in the form of a PIN – makes the entire process more secure.

A second post looks at the Google Authenticator app and how it can be used to better secure many websites and services by adding an additional factor(s) in the form of a token (single use PIN – something you have).

Authenticator is a great tool. I was reluctant to make the authentication process more cumbersome until some research into security card breaches and other well publicized hacks, right about the time I was starting to experiment with mining crypto currencies, got me moving. It was a good change to make and I'm now using Authenticator whenever possible.

Marriot WiFi "Jamming"... Really Not All Bad

The FCC has stated that the Marriott Gaylord Opryland Hotel and Convention Center deliberately used Wi-Fi jamming tactics that made it impossible for guests to use their own personal hotspots, leaving their paid Wi-Fi as the only available option. The hotel agreed to pay a $600,000 penalty and stop its signal-blocking activities.

They don't admit to any wrongdoing though. Instead they claim that they were using a known feature in the FCC approved hardware that they use to run their official network – a feature that lets them send de-authentication packets to Wi-Fi Internet access points that are not part of Marriott’s Wi-Fi system or authorized by Marriott and that Marriott has classified as “rogue”.

Why? According to a hotel rep their intentions were good – they were trying to protect their guests from "rogue wireless hotspots that can cause degraded service, insidious cyber-attacks and identity theft.”

That holds up. The very "jamming" practice they were fined for employing would indeed have protected guests from "evil twin" and other attacks that can lead to identity theft.

The problem is the lack of discretion. It sounds like they could have used the same feature to selectively target evil twin access points while sparing legitimate personal hotspots. Instead they targeted everything and made a lot of money off of guests who, unable to use their own personal hotspots, had to buy wifi access from the hotel.

Marriot WiFi 'Jamming'.... Not All Bad

Good Time To Think About Digital Security

A few weeks ago I presented a session on digital security with Joe Aldeguar at the 2014 SAF Annual Convention. Shortly afterwards the celebrity phone hacking scandal hit the news and our content suddenly seemed even more relevant.

The loss of privacy suffered by the victims is terrible and it seems to have people thinking more about security. I heard from quite a few people who had questions about how they could protect themselves better so I put the relevant content on my personal website.

In a perfect world nobody would try and break into your home. In the real world breaking happen, so we take steps to protect our homes. This is much the same - ideally nobody would try and steal your digital assets but it seems like they will and we can all take steps to protect ourselves.