You're casually browsing the internet when all of a sudden a pop up appears on your screen saying something along the lines of "Microsoft has detected a security error. Contact Microsoft Certified Live Technicians," followed by an 800 or 888 number.
Here's what you DON'T do under any circumstances: Call the number.
The pop up is usually persistent, and hitting OK or trying to close out of it doesn't work, causing most people to panic. You should, however, be able to right click on the browser icon along the bottom of your screen and choose "Close Window."
This is a scam that's been popping up left and right. Here's how it works:Hackers take over websites with weak security or sites that users accidentally navigate to as a result of a misspelling (Goigle, for example, instead of Google). When you come upon one of these sites, the dreaded pop up will appear. The goal is to scare you into thinking your computer has been infected and get you to call the number. If you do call, they will direct you on how to grant them remote access to your computer. They will then tell you they need to run a scan/clean the machine and ask for a credit card to cover the cost, usually $199 or $299, or $399.
What they're actually doing: When they've been granted remote access to your computer, they are copying all of the files they can, searching for anything that can be used for their benefit- banking information, passwords, accounts, and other personal data.
What to do if you've been a victim of this scam: Contact your IT company and have them run an actual scan on your machine and look for anything that may have been installed without your knowledge. Unfortunately, the one thing that cannot be determined is what documents or files, if any, the hacker copied over from your machine. For this reason, we advise that you err on the side of caution and update passwords to any online accounts.
Remember, it is imperative that you NEVER allow anyone you do not know access to your computer, EVER.
IMPORTANT: If you're a business and there's even the slightest chance that any of your client's personal data has been accessed, you are likely required by law to disclose the security breach. Your company name may be released to the public, and you will be required to contact your clients to let them know about the breach. 47 of the 50 states have laws regarding the disclosure of a security breach. In my home state of NJ, the statute can be found here. States that don't have security breach laws? Alabama, New Mexico, and South Dakota.
If you're concerned about system security, Electro-America can help. We are experts in internet and system security and can help to ensure that your crucial business information is protected. Contact us at 908-687-0020 or email@example.com to schedule a 100% free consultation.
5 Myths about Ransomware Debunked
August 15, 2017
Cybercriminals Are Posing as Job Applicants to Spread Ransomware
April 14, 2017
5 Ways a Managed Services Provider Can Give You Peace of Mind