Answers...

to commonly asked questions.

scams

Is this true?

Seen this before, Scotty?

Screen Shot 2019-10-02 at 7.05.26 AM

__________

Straight up total garbage. Do not interact with this.

CC Cleaner Free legit? No!!!

CC Cleaner free???

Scotty, I just noticed that I have an icon for the software listed above (shows a broom superimposed on a large red C). It indicates that it replaces an earlier version (1.14.something). Any ideas on whether it is legit? In addition, some download called CCMacSetup. These appeared this am when I started up my computer after shutting it down from last night. Thanks



___________


No! "CC Cleaner" is not software you want to have on your system. Things like this usually lead to other problems including false advertising, take over of ads on websites, false alarms that you have some problem and need to call some number. No No No. I can't tell you how many clients I deal with accidentally fall victim to these fake "cleaning" programs.

The Scams Continue. Don't fall for them!

  I continue to work with people who are falling victim to scams they accidentally come across on the internet.  A couple weeks ago I sent out a heads up to everyone warning to be very careful when visiting websites or clicking links in email.  There are many fake ads out there that appear to be very convincing.  These will often tell you something is wrong with your account and that you should call them or that your credit cards have been compromised and the only way to restore your security is to interact with them.  None of this is real!  You may be saying to yourself, “I never fall for that stuff.  Who would be such a sucker?”  But more and more I am working with highly intelligent clients who are becoming victims to these strategies.  There are many reasons that could result in letting one's guard down.  It’s easy to become flustered or overwhelmed in the moment if you think something may have happened to your accounts.  These scammers are using that sense of panic and confusion to get you to make bad decisions.  Several times I’ve seen clients pay these scammers with gift cards or check routing numbers.  They will allow the scammer to remote in to their computer and cause more havoc.  It could also be as simple as your child clicking things and entering your password.  
Another strategy they’re using is to get you to install software they can use against you.  This can look innocent.  An ad claiming that you need to update
Flash or some other software.  Then you type your admin password in and the next thing you know, you’ve installed their garbage software.  
Here are a few general rules to follow:
FYI:
enter your admin password unless you have a good reason to do so.  
Do not
  • allow someone you don’t know to remote in to your computer.
    Do not
  • legitimate company allows payment of any kind via gift cards.
    No
  • use non password protected wifi networks.
    Do not
  • call a number you see on a webpage that is warning you that something bad has happened to your accounts.  If you are concerned, call your bank directly.
    Do not
  • strong passwords, not a word that can be found in the dictionary followed by numbers.  Tarheels1 or Rolltide are not good passwords.
    Do use
  • and account for every small charge you see monthly.  A dumb thief will try to steal a large amount all at one time.  A smart thief will steal a small amount from lots of people hoping no one will notice.  
    Monitor your bank accounts
  • A couple other scams of note not related to internet use:
    Inspect the credit card slot at Gas stations or ATMs before you insert the card.  Bad guys will sometimes place false card readers that fit over the actual card reader just so they can harvest card numbers.
    Once a bad guy has your card number a new scam they’re running is to order things using your address and info and have it shipped to you.  You realize it’s fraud and cancel the card.  About a week later you receive the item you didn’t order.  Within a day or so you also receive a letter apologizing for the mistake and a shipping label to return the package.  Actually, that shipping label or return address is going to the original bad guy that ordered the item in the first place.  Basically, they’re using you to launder stolen items.  Of course the bank will probably credit your account back of the fraudulent charges so you’re not really hurt so badly in the process but getting a new card is always a drag.  The proper thing to do is write “refused, did not order” on the package and return it directly to the post office.  Do not ship it back using some address that was mailed to you separately.  
    If you feel you may have installed any malicious software accidentally or would just like a security checkup with all your devices, you can schedule a session directly on my website at www.sellsconsulting.com.  I also work with people outside the Charlotte area remotely so if you have a relative who you think may have or could fall victim but they don’t live in the Charlotte area, I can help there as well.  
    New clients
    mentioning your name when scheduling now earn you a discount coupon for the next time you schedule!

    Don't fall for scams like this one!

    Bad guys are getting better and better at tricking people into giving up their personal information. Here's a very good one. It looks to be from AT&T but let's take a closer look…



    Even the usual first trick of looking to see who it's really from doesn't help. Notice the email legitimately does look to be from @att.com.



    But when you hover your mouse over the link they'd like you to click on, then you can start to see a little more suspicious clue…



    Notice the URL is misspelled? Now let's see where this takes us when we click on it…

    attscam

    The site looks legit but note the same misspelled URL in the bar. This site has been set up so that you'll be tricked into entering your username and password. The major lesson to be learned here is to not trust links provided in email. No matter how legit it looks. If you are actually concerned about an email you received, type the link to the website in manually. As we see in this example, clicking the link doesn't do anything harmful. It's what you do once you land on the site. If you are actually expecting an email from a friend or company…that may be a little safer. But if the email is random and asking you to go sign in somewhere…Sheilds up!

    Another scam caught by a smart user.

    Hi -

    This came through just now that is clearly not my charge - the originating email looks like a fake, but then it is copied to apple.com

    I don't want to respond because I think its fake, but wanted to get your take 1st.

    Thanks-
    Screen Shot 2019-02-18 at 10.21.24 PM

    ___________

    Yes, totally fake. Good catch. Reminder, you can always hover over the link in an email to reveal where it REALLY wants you to go.

    Scams Galore!

    There's a very big trend on the rise. More and more, clients are being tricked into giving up their own information. They think they're logging into a site they trust when they're actually handing over their private info. Here's a recent example of the bad guys strategy.

    You might receive an email that looks like it's from Apple pretending to want you to check your account.

    Screen Shot 2018-11-29 at 6.16.06 AM

    At first glance it looks like you're being charge for an App. That's designed to get you to let your guard down and click the link. It looks like they're trying to "help" you. No!

    If you click the right side of the email address in the From field, it will reveal who the email is REALLY from:

    Screen Shot 2018-11-29 at 7.10.26 AM

    So you fall for it and click the link. It takes you to a site that looks like this:

    Screen Shot 2018-11-29 at 6.15.28 AM

    This looks exactly like the real front door to icloud.com. However if you look closer at the url bar at the top you can see it's not Apple. Someone has set up a page to look just like an Apple page with the hope that you'll enter your AppleID and password. They then have access to your account.

    The bottom line here is while clicking a link in an email by itself is not going to hurt you, it's what you do once that next site opens. Just don't click links from emails that you weren't expecting. If you are concerned about an email, just type the website in to a browser yourself. Don't trust that a link is taking you to the correct place.

    Have I been hacked?

    Is it possible my MacBook air is hacked? Two days in a row around the same time (6 a.m) my mouse was “taken over” meaning I couldn’t control it and immediately shut computer down, now I pulled up my mail and before it “straightened itself out” all my mail headers were in kyrillic (russian writing?) Otherwise it’s been operating normally
    ___________


    That does sound like odd behavior. One of the crucial factors here would be if you saw your mouse moving around on the screen and things being clicked as you watched. For a computer to be "taken over" that would insinuate that someone was controlling it remotely using a piece of software such as TeamViewer, AnyDesk, Zoom, or GoToMeeting. You would have also needed to grant permission for either of those in the past by having entered your computer's Admin password at some point then left elements of one of those applications running so someone could log in remotely. While I definitely have seen this behavior (just this week with another client) it is very rare that someone would get that far.

    As for the different language appearing, I don't have an explanation for that. One guess could be that there's a problem with the graphics card of the computer as it tries to display characters. (doubtful) Another guess is that there's a problem with the operating system causing the fonts or characters to display incorrectly. (also doubtful)

    The most interesting piece of evidence is the fact that it happens consistently at 6am. There are small programs or procedures that run on our computers called chronscripts. These procedures usually run when the computer is left open all night. These are healthy tasks a computer does in the background to keep our computers organized. Think of them as a background cleanup. They don't run during times when you're using your computer. It is possible one of these chronscripts is damaged and causing that behavior.

    I've given several explanations to things but to give you piece of mind I would be happy to address the issue remotely or in person. Most of the time, in my experience people feel they've been "hacked" or their privacy violated when often there's a different reason a certain behavior has occurred. However, that's not to say that this doesn't happen. I've seen it plenty for many many reasons. Just this week I worked with a client who was tricked into paying a very large amount of money ($2000) because they through they were talking with Apple support on the phone and the person thought their computer was locked and the only way to unlock it was to pay this person on the phone. It was only an ad on a webpage that got them to that point.

    Please let me know if you have any additional questions. You could also take a screenshot of the Russian language and share it with me. command+option+4 then drag a square around what you'd like to share. The screenshot will land on your desktop and you can email it.

    Don't fall for "official sounding" email scams

    Here's yet another example of a fishing scam email. Just because it has a company logo doesn't make it legitimate. If you are ever concerned about an email, be it amazon, PayPal, netflix, your bank, gmail, apple, facebook, etc… don't use the link provided. Go to the website yourself and type it in. If there's truly a problem with your account, you'll usually find it there. A very good indicator that something is not legitimate can be seen by clicking the right side (downward arrow) next to the email address in fhe "from" field. That reveals who actually sent the email. In this case, it's bogus. Another very good indicator is incorrect grammar and punctuation. As you can see in this example, it's full of it.

    Screen Shot 2018-01-23 at 7.02.36 AM

    Is this legit?

    Scotty. I got this email yesterday from Google. Looks legitimate… I just wanted to make sure it’s not phishing. I have not opened it yet.

    IMG_9871

    ___________



    There's no way for me to tell just by this screenshot alone. The best thing to do is to log into Gmail yourself by typing in gmail.com in your browser instead of using any link provided in an email. Then go to security settings. Fraudulent emails will always provide a dummy link sending you to a site that "looks" like where you think you're going but it's really a front to harvest email addresses and passwords. In general, don't click on links in emails. Type it in manually and you're safe.

    Do I have a virus?

    Am very worried about something I may have inadvertently done today to my Mac.
    I was looking for a new font to use on an email and clicked on something like “new fonts download” and before I knew it something called Wow is now my search engine instead of safari.
    We left today to go to Cashiers NC until Jan 3rd so I am away from my computer. Is this something I should be concerned about and is there anything I can do from here?
    ___________

    These days it's very easy to be tricked into downloading crapy software pretending to be something it isn't. The majority of these are looking to change your search engine into their own so they can sell advertising through it. Others pretend to be able to "fix" your mac after they have supposedly found 1000's of problems with it after running a scan. These are also frauds. While we should take these things seriously, if you're not using your computer at the moment, there's very little to worry about. We can clean it off when you return. Or we can also work remotely to solve it if you have taken the computer with you. Unfortunately this is very common these days. There will always be more than enough bad guys out there.

    Tricked, not hacked...

    Here's yet another example of the strategy bad guys use to trick you into giving up your username and password to any given service. Then they proceed to try that username and password on other services like Amazon, PayPal, random banking sites, eBay, and so on in hope that you use the same combination on multiple accounts.

    Common email received:
    Screen Shot 2017-01-15 at 6.26.54 PM

    Now click on the far right side of the email address to see who it's really from:
    Screen Shot 2017-01-15 at 6.26.08 PM

    Now hover your mouse over the link in the email to see where you are really being sent:
    Screen Shot 2017-01-15 at 6.24.04 PM

    So let's say you fall for it by clicking the link. What happens next? They take you to a page that looks exactly like eBay with one very important exception. It's not. Here's how to tell:
    Screen Shot 2017-01-15 at 6.23.51 PM

    Notice the URL address? That's not eBay. Moral of the story is don't trust the email links. If you feel it's really important, type the website address in yourself in your browser.

    Do NOT fall for THIS!!!

    With all the talk of getting "hacked" in the media these days I thought I would take a second to clarify what is really the most common occurance. Bad guys don't actually have to write super secret programs to get to your data. They just have to trick you into giving them what they want. So here's a very good example of how they fool us all:

    You get an email from Apple about problems with your ID.
    Screen Shot 2017-01-05 at 8.23.04 PM

    Sounds legit. Yep, come to think of it, I have had some problems lately. I better click that big blue link right there in the middle.

    STOP. Let's take a closer look at this email.
    Screen Shot 2017-01-05 at 8.23.30 PM

    If you click on the sender's email address, you'll get a better look at who is really sending it. In this case it's just some random @me.com email address. Needless to say, Apple's not going to send you an email from some guy's personal email account. But let's go a little further…
    Screen Shot 2017-01-05 at 8.23.16 PM
    There's a very useful feature in mail that allows you to see where a link is going before you click on it. Hover your mouse over any link and it will reveal the URL it's pointing to. In this case, it's not Apple. It's pointing to some random number IP address. So what started as a pretty convincing email, after looking a little closer we see it's a fishing scam. They're trying to get us to click that link. This is where you should just delete the email and move on. But let's say you didn't. Let's say you fell for the trap and you clicked the email anyway. What happens now…?

    It takes you here:
    Screen Shot 2017-01-05 at 8.24.15 PM

    "Scotty you were totally wrong! It took me to Apple.com to log into my account." Nope, look a little closer.

    While it looks exactly like Apple's ID page, check out the URL address in the menu bar at the top:
    Screen Shot 2017-01-05 at 8.40.46 PM

    You're about to give your AppleID and password to some guy in Uzbekistan and the first thing he's going to do is log into your account, change your security questions, wipe all your devices, change your password, harvest your email account for useful info so he can beg your close friends for money via email, sell your contacts to a spamming company, and maybe even take your hair appointment because he has your calendar also. Other than that, there's nothing to worry about.

    Long story short. don't worry about being "hacked". You're not going to get "hacked". Worry about why you're being asked for your email address and password. As you've seen here, clicking the link does nothing. it's the decisions you make once you land on that webpage that impact your digital life. That's it. Just because a page looks like you think it should, doesn't mean it's the real page. If you are in fact worried about an email you get and think it actually is real, simply type the web address in yourself.

    P.S. don't join open wifi networks that don't have passwords.

    Don't be scammed! There's nothing wrong with your Mac.

    Scotty,  been experiencing several problems including not interfacing with my printer.  Called Pixma to get them to reinstall software to fix and they said that that system has been compromised.  They further showed me that I have a virus in the name of Trojan Horse and that my network is corrupted by CSRSS.exe.  They suggested that they install, from their end, 'Network Shield' for $239 + tax for one year.    Can you advise , as they are sure that my personal data and financial info online is at the mercy of Hackers from Nigeria.  To date those have not been disturbed, to my knowledge.  I am wondering if I was talking to scammers. I used an 855 number on Pixma website.
    ___________


    Ok. Where to begin? Pixma is a model of Canon printers so calling any number associated to “Pixma” would possibly result in the scam you’ve happened upon. Do not, repeat DO NOT give your card to any online phone service claiming your computer has been hacked etc... That is 100% a scam. The fact that you may not be able to print to your printer is irrelevant to anything they can see as having been hacked or having a virus etc...

    Furthermore, CSRRS.exe would be an executable file that would ONLY run in windows as it is. Any file by that name would not run on your Mac. These type of companies: Tunemymac, Mackeeper, Network shield or whoever the people you spoke with, are all preying on mac users who may not know any better and would fall for any story they tell. It is a hoax. They will say anything to scare you.

    You most likely dialed a number advertised on the web as an advertisement claiming to be able to help your mac. I can not stress enough that your printer issues have nothing to do with anything these people you spoke with. I strongly suggest you do not give any personal information out. Instead, you can join me on my weekly town hall on Monday and we may be able to troubleshoot the printer issue remotely. If you’ve never used my free town hall meetings, you can check out what they’re like in the link at the top of this page marked “
    previous town halls”. No scams! Just free help.
    This image is a theme.plist hack