If you’re having trouble with Dish Network lately, you’re not alone. On 2/23/23, Dish was hit with a ransomware attack, and they’ve been struggling to recover from it for over a week now. You may notice troubles or outages pertaining to:
Dish TV channels
the Dish.com website
Sling TV
Dish Anywhere app
Boost Mobile cellular service
using your Dish login credentials/paying your bill
reaching Dish customer service
Ransomware attacks can take significant time and effort to bounce back from. Last year’s attack on Mail2World laid low their email services for a solid week, but recovery timeframes can vary widely. Dish is being tight-lipped, so far, about the gory details, so I couldn’t begin to predict when their service levels will return to normal.
For now, what I can recommend is keeping your eye on their website and the Dish statement for upcoming details. Also, it is possible that the attackers have stolen customer data, so you may want to proactively change passwords on Dish-related accounts and pay attention to financial accounts you’ve shared or linked to Dish.
If you’ve ever registered a domain name, you’ve probably come across some postal mail, offering to list your website in an online directory. Here’s an example I received recently:
Now, I’m not going to outright call this a scam. You may if you want to. But I imagine that if I paid them their money, they truly would list me somewhere on the internet. I bet they have a “directory” on their website that anyone can visit and view.
But this sort of offer is, of course, specious and suspect. Most people will spend $300 of their advertising budget in better ways than this. This company is engaging in a curious form of marketing, where they simply see who they can get to pay their bills. It’s not quite phishing and not quite panhandling, but smacks of both.
I’m sure you’re considering the above invoice and thinking, “I would never fall for this nonsense.” That’s good. But this is more about the weakest link in your business. Consider your staff, especially those that open your mail and pay your bills for you. Would any of them rubber-stamp this and pay it without a second thought? If this gives you pause, then perhaps it’s time to have a kind meeting about this topic. Frank conversation and education will defeat this scheme.
If you’re looking to buy Microsoft Office software, you can expect to rent it for $70 or $100/yr, or you can buy it outright for $150, $250, or $440, depending on the version you need. Those are the direct-from-Microsoft prices. But if you search the web for better pricing, you’ll very quickly meet up with software deals that are too good to be true:
Remember the axiom: If It’s Too Good to be True…
Please do not buy anything from these vendors. Only buy your software from trusted stores and websites. Buying directly from Microsoft/Adobe/Intuit is safest, but you’ll also be in good hands buying from Costco, Best Buy, Target and other big names.
There are legitimate software deals out there, but only for specific people or scenarios. Nonprofit orgs and students may be offered ultra-low prices for MS Office, and you can trust in those offers because they’ll come through official channels.
What’s at Risk with These Online Software Deals?
The common problem with these $20 Office specials takes a while to express. It all seems to be fine at first: John Q. User buys his Office software from CrayzeeDeals.com, it installs in a flash and works immediately. All of his Word docs open in his new Word 2021 app, and life is good…
Until a few months later. That’s when Microsoft pops up to say that there’s a problem with his license. The message may or may not be helpful, but at the end of it, Microsoft reports that his Office could not be activated and that it will not work until he purchases a valid activation key.
The explanation for this is a bit convoluted: Mr. Cray Z. Deals guessed, hacked or stole a volume license code or developer’s activation key for Office software. And then he sold that code many times to many people on the internet. Those special codes are designed to be used many times, but eventually, Microsoft will do an audit and catch any abuse. And when they notice a particular code being used in places it shouldn’t be, they flip a kill-switch on it. That switch echoes down to all the internet-connected computers where that license is in use. All those Office installations simply stop working.
That time-delay, between Sale and Kill-Switch, benefits the shady salesman. Mr. Deals is usually long gone by the time your Office software goes belly-up, and in many cases, it’s also too late for a charge-back/dispute with the bank. The bad guy gets away with the money, and the victim must then repurchase their software.
If You’ve Been Had
In the grand scheme of things, this scam does not cause lasting harm to its victims. If you’ve been swindled in this manner, the damage is limited to your lost money, and the time you spend pursuing a legitimate license. Your files will be fine. You can safely remove/replace Office software, and your Word docs and Excel spreadsheets will remain in place, waiting to be opened in the next software you load.
You’re also welcome to report this type of fraud to the FTC, if you like. But don’t look for big results. Most of these software scammers are hard to track down or catch. I’m sure the FTC appreciates the information, but their mission is sadly like a never-ending game of Whack-a-Mole with these criminals.
Remote-control scammers are dreadful. They get inside your head and your computer, and do whatever it takes to get into your bank accounts. I really hope you can avoid being tricked by these awful people. But in case you find yourself in a jackpot with these jokers, I need to tell you about one of their worst tactics: Locking your computer against you.
If you’ve been tricked into allowing a bad guy into your PC, your screen may look like the above graphic. That means that they have put a password on your computer, blocking your access to everything! Then the crook tries to ransom your computer back to you. I know this situation feels awful, but if this is where you’re at, don’t lose hope. I’ll explain more and describe your escape plan!
First, Some History
Scammers have doing this for a long time now. They usually surprise their victims with this technique when they sense that their spell is wearing off. Their scams usually start with lies and hypnotism, but they resort to brute force and cruelty as a last resort.
Many years ago, this password-locking tactic was extra-easy for a scammer to use. There was a small hidden feature in Windows (called Syskey) that they could turn on with a quick DOS command. And once enabled, only the scammer knew the password to make the computer usable again.
As news of this spread, though, Microsoft assessed the situation. They looked into that particular Windows feature and realized: Hey, what is that file in there for anyway? It’s no longer needed for Windows to run! So they did the right thing: They crafted a Windows Update to remove it, and nowadays, Syskey is no longer usable to lock any computer.
This just caused the scammers to scrounge for another tool, though. Locking a computer against its owner was too effective to give up. And they happened upon a piece of freeware called Lock My PC. Scammers began using this app to continue their extortions.
This App Has Locked My Computer, What Do I Do?
If you are confronted with the above graphic, then your computer comes second. What comes first?
Get off the phone with the scammer.
Turn off or reboot your computer
Contact your bank(s), if you were tricked into paying any money.
Talk to the police, if any large sums of money were stolen from you.
After all of that, we can resolve the Lock issue on your system.
There’s a small bright side to this tool being used to lock computers. The developers of this app are good people, and they do not like that their work is being used for evil. So they have made a way for you to defeat this lock!
Visit this site for their recovery steps. Follow the instructions, submit the number as shown, and wait for them to email you back. When they send you a code, it should work on the locked-up PC to let back you in.
And after you can access the computer again, uninstall Lock My PC from the Apps or Programs list, so you won’t have to ever deal with it again!
I hope this will get you out of a jam, but if you have any troubles with this, or just want help with the process, give me a call and we’ll get through this together.
Hacking is nothing new. In the 1970’s, we had hackers that were experts at gaming and abusing our telephone systems. They were able to avoid long-distance charges when placing calls, and those free calls may had led to them being called freaks. But soon after, those phone freaks were simply termed phreaks.
In the 90’s, cybercrime developed and spread via email. We needed a new term for all those deceptive, fraudulent messages going around. Borrowing from the cool jargon 20 years prior, we turned fishing into phishingand used that to refer to those emails that tried to get their hooks into people for their passwords and account numbers.
To this day, phishing remains a major vector for fraud and e-trickery. And phishing continues to evolve and adapt to how we communicate. The Simple Message System (SMS) caught on in the 2000’s and its text messages are now used for so much of our daily activities. And as SMS messages proved to be a viable medium for phishing attempts, a new portmanteau was born: smishing.
Only One Real Defense Against Smishing
Today’s smishes generally try to trick you into one of two things: 1) click on a bogus URL, so that you visit a deceptive site, or 2) call a phone number to connect you with a scammer. Each scam is a little bit different from the next, but in general, once you go down one of those two roads, your computer, finances, passwords and sanity are all at risk.
Your cellular provider blocks a lot of smish attacks, but there’s bound to be something that get through. Smish happens. Your best defense is education. Look at some examples of smishing messages and get familiar with them. And later, when some smish shows up at your door, you’ll just roll your eyes and move on.
Examples
Some smishing wants convince you of a purchase that you didn’t authorize. It could be for a laptop, or some antivirus or a Peloton Bike. It doesn’t matter what it is, what’s important is: the message is 100% fiction. There is no charge. There is no high-dollar item. Notice that the text message doesn’t even say which card has been charged! The bogus phone number doesn’t go to a bank; it goes right to a scammer’s cubicle.
Fake Purchase Smish
Another smish to consider is the Delivery Smish. This one lies about an imaginary package that couldn’t make it to your door. If you click the link, it will lead to a phishing website, where you will be asked for credit card information to cover a postage fee to get your package. But again, there is no package, but they will quickly run some real charges on your bank card, if they get that number from you!
Delivery Smish
You are almost never going to win anything through a text message. But below, you’ll see a smishing message that wants you to believe. Please don’t.
Lottery Smish
Ever get this text about a pending criminal charge or tax return problem? The police or FBI is not coming to arrest you. Or rather, if they are, they certainly aren’t going to text you in advance.
Going to Jail Smish
There are so many more examples I can give, such as Password Reset Smishing and Message from your CEO smishing. A couple of months ago, I blogged about the EBT Scam. Next year, I’ll have to blog about a new smish. Feel free to Google for “smishing examples” if you need more food for thought.
Common Traits to Watch Out For
The phone numbers in these bogus texts often give it away. The smish may arrive from an area code you’ve never dealt with before. Or the stated number may have odd punctuation. Plus, if you want, you can copy down the number and Google it. A lot of these scammers’ numbers will turn up in a search, on scam-watch websites.
The details are usually vague. There’s a pending charge, but it doesn’t say with which bank. You’ve won a prize, but from which company? Your plane tickets were cancelled, but the airline name is not mentioned. A legitimate notification would be crystal clear about important details.
The URLs are questionable, but sometimes you have to look closely. It’s a pretty obvious trap if the weblink contains wording like “curesickness.com.” But other URLs are written to look similar to trusted domains. They may only be one letter off, but if they’re trying to get you to tap on “www.disneyy.com”, think twice and back away.
How To Respond
First of all, don’t ever respond to a phishing text. Communicating in any way with a scammer is bound to get you more spam, phishing, smishing and other annoyances coming your way.
If you have a severe problem with too much SMS spam, contact your cell provider. They may offer extra spam-blocking options to curb the junk.
And if you’re just not sure, if you got a text and you worry that it might be legitimate… Close the text message and seek verification elsewhere. Call your bank from the number on your statement. Go to the Amazon website and chat with their support. Find real help somewhere else and they will corroborate the facts or dispel the myth.
Here’s another freebie that can do a one-time virus scan on your Windows computer: the Kaspersky Virus Removal Tool. It’s similar to others I’ve mentioned (ADWCleaner, Norton Power Eraser, and McAfee Stinger), and I can recommend it if you want a second or third opinion on how clean your computer is.
Kaspersky Virus Removal Tool can be downloaded from this site. Install the downloaded file and run its scan. Remove anything it finds, or simply close it if it reports nothing suspicious was found. This tool will not interfere with your full-time antivirus.
The internet is a hotbed for crime, Facebook especially so. It’s simply too big to police. But since we can’t give up using the internet or Facebook, our other options are to prepare, learn and adapt. I encourage you to maintain a rampant skepticism as you use the web.
Come with me and consider the following scam post from Facebook:
This post popped up in a local Facebook group and triggered my Spidey-Sense. But even I had to pause and doubt myself. C’mon, Jesse, it’s just some eggs, people are always selling off their excess henfruit. But as I dissected this post, I knew my gut was right.
The Clues
The first clue here was plainly visible: the poster turned off commenting for their post. Surely, there are good reasons to turn off comments on group posts. But if you are selling something, comments usually aren’t that big of a deal. The next clue is the few comments that occurred before they were turned off:
Notice that the poster is trying to get the commenters to PM her immediately, using identical comments. And the poster commented on her own post, first thing. These do not constitute a smoking gun, but they are suspicious to me, and I see this on many spammy posts.
Going further, I click on the poster’s name and noticed the following:
A new member in that Facebook group? Oh, really? Again, it’s not proof of a scam, but it looks more and more sus, as I go. Next, I clicked further to visit her Main Profile page:
There’s nothing here except for two photos. As I click through every menu, there is no other info to be gleaned. No Details, no Friends, no other Posts, etc. And that’s OK, I recommend that you hide most of your info from public view. But still, most of the locals would have a little something here to make them look authentic.
Next, I went to her two public photos. Those photos had one Like on each of them:
Two very nice looking people… from Kenya. I don’t have anything against the people of Kenya, but what are the odds that this poster in rural Virginia has two friends in Kenya (and no one else!), liking her photos?
The Final Clue
By now, you’re looking this over and nodding your head and thinking, “Yup, sure is fishy.” But thinking like a scientist or lawyer: All of these clues so far suggest something is off, but there is still a non-zero chance that maybe this character is really selling eggs in my community. So let’s go further.
I highlighted and copied the first sentence of her post, and then pasted it into Facebook search field in the left corner. And I turned up another FB post by the same poster:
Different photo, but the same exact text, posted at the same time as her other post. But wait, she posted in a Virginia group, and Nacogdoches is in Texas. And she’s ready to deliver in both states? To quote a Tarantino film, “Now I am calling you a liar, Señor Bob.”
Epilogue
After recognizing the scam on Facebook, I reported the content as best I could, to both Facebook and the group admins. And that’s all you can do, too, when you recognize something shifty on Facebook. Report it, and move on.
Unless you notice someone you know, commenting on or sharing the scam post. Then you might go the extra mile and reach out to them, tell them what they’ve stepped in.
What was the scam, anyhow? It’s probably an advance payment sort of scam, where they try to collect your cash through Zelle or Cash App. If I can message with these scammers and get proof, I’ll update these details.
Here’s a scam that you should know about, but not because it’s particularly dangerous. It’s just weird. But once you know the details about brushing scams, they won’t creep you out, and you can quickly move on from them.
Surprise‽
When an unexpected item arrives at your doorstep, it may be part of a brushing scam. The item may be lightweight or small or just plain curious: people have reported receiving packets of seeds, hand warmers, “dragon eggs“, and even Bluetooth speakers. The packaging often shows an international return address, but no further clues about the point of sale. No bill is included, no company name or URL can be spotted.
Nothing “killer” about this, just an artsy rock…
In general, the items are harmless. There have been no reports of hazardous items being shipped with this scheme. Whatever you receive, you do not have to pay for it, and you are under no obligations regarding what you do with it. Keep it. Donate it. Trash it.
Why Send Me Junk?
This scam is harmless to you specifically, because it isn’t targeting you. Certainly, someone used your mailing address in this scheme. But don’t take it personally. Your address was probably chosen at random, from any number of online public information sources.
The scam’s target is an e-commerce website. It could be Amazon, Wal*Mart, AliExpress or others. They are gaming the reviews in order to sell more merchandise. Their process is:
Create a new account and buy an item.
Have the item shipped to a random address in the USA.
Once the item is shipped, the new account is considered legitimate, and can leave a review. So the account holder leaves a 5-Star review on the item and for the seller.
If they repeat this over and over for a particular item/seller, that item will soon show a lot of trustworthy, 5-Star reviews, even though it may be a new listing or a shady, fly-by-night vendor. This can help encourage a lot of future sales.
Whatever it takes to sell more jewelry.
Final Takeaways
Most brushing scams give you no info to act on. But if you spot a clue on the parcel and you manage to determine what site it was purchased through, you could follow-up with that company. Don’t call any number listed on the package, but you may, for example, go to Amazon.com or Walmart.com and contact their support about the item. If they care to listen to you, you may ask that they:
File a fraud report for the item you received.
Find and remove any reviews associated with your name or address.
Brushing scams are actually incredibly effective at what they do. Amazon and similar stores are constantly battling fake reviews. But brushing reviews is where the bad guys have the upper hand. Brushed reviews are almost impossible to suss out, even with sophisticated software tools. So at the end of the day, I have to advise you: Don’t give 100% of your trust to online reviews. Sure, read them over, but take them with a grain of salt.
A couple of years ago, I blogged about Fake Flash Drives, and now I have to write a refresh article: You also need to watch out for Fake Hard Drives and Fake Solid State Drives. Please make sure you don’t buy these things!
Good & Bad Examples
First, some examples of legitimate, reliable storage drives:
If you regard those items, you should notice some clues that something’s not right. First, there’s no noticeable brand name, or if there is, it’s a name you’ve never seen before and won’t see anywhere else on the web. There’s a big price disparity, too; charging a few dollars per Terabyte of storage is too good to be true.
16TB storage drives do exist, for the rare few of you that need one. If you buy a legitimate 16TB hard drive, expect to pay around $300 at the time of this writing.
Details & Dangers of Fake Drives
The dangers of this scam go beyond losing some money. Your files are at risk if you fall into this trap. These fraudulent devices are mis-manufactured to offer 16TB of storage to your computer. And your computer will believe it when you attach the drive! But there isn’t really that much storage in there. It’s more like a couple of 64GB microSD cards glued to a reader board in these sham drives.
So what happens is that you can try to put data on the device. And it will work, up to a point, but then catastrophe will strike. As your computer pipes data into an area that it thinks is huge but is really much smaller, your data will fall into oblivion. Like lemmings walking off a cliff. And this won’t be apparent until later, when you try to open or retrieve those files. Then you will meet with errors and irrevocable data loss.
Dos & Don’ts
The Too-Long;-Didn’t-Read advice I can finish up with is:
Do pay attention to brand names, and buy something from a recognizable manufacturer.
Don’t jump on amazing prices/deals. If the price is too good to be true, it probably is.
Don’t believe the posted reviews! Amazon and other websites are commonly gamed by the scammers, and a sham product can have thousands of 5-star reviews below it.
Do be judgmental about where you buy (online). Costco, Staples & Best Buy vet their vendors more than Wal*Mart, Amazon and eBay. Avoid those free-for-all marketplaces where anyone can hawk their wares.
Do feel free to report scam products to the website’s support team, but don’t spend a lot of your time or emotion on it. I did that 2 years ago with the flash drive debacle, and it became obvious that these big companies don’t care about or can’t fix the problem from their side.
There are a variety of one-time scan tools available for free, that will check your system for baddies. I’ve previously blogged about ADWCleaner and Norton Power Eraser, and now I should mention McAfee Stinger.
McAfee Stinger is a quick scan for your PC that can detect and remove a specific set of viruses and trojans. If you have reason to think you’re infected, you can download Stinger and use it anytime. It won’t conflict with your full-time antivirus, and it won’t try to sell you anything.
