A client who visited iTandCoffee last week was concerned that her Mac may have 'caught a virus'.
She had been browsing flights, going between web pages, when a nasty message popped up in her Safari session, saying that she had a virus and that she had limited time (a count-down clock was shown) to contact a provided phone number to resolve the issue - otherwise her files would be wiped.
In this case, the pop-up that she saw in Safari was a scam, designed to make her think she had a problem when she didn't.
13/8/2021 0 Comments
Some of you will have received this warning from me in an email on Friday 13th, and you have probably seen alerts in the press.
But for those of you who haven't seen any of these alerts ...
Please beware of a nasty text message that many of us have been receiving this week - sometimes over and over. It has different variations, but looks something like that in the image above - saying that you have missed a call (usually spelt wrong) and to tap the link to listen.
Owners of routers worldwide are being asked to turn off their routers then reboot them, to "thwart a sophisticated malware network linked to Russia". This issue has been reported by the FBI in the USA.
This one nearly made me click! Have a close look at these emails (click to enlarge) and see if you can spot the differences - the things that indicate that one is a fake.
Having only recently received a real email from ASIC about the renewal of the iTandCoffee business name, I really had to look twice (and three times) at the 'same' email that I received this week.
Given that I have registered two business names, my initial reaction was to believe that the email was real. Can you tell which one is real?
Working out which is legitimate
But, as I always do with any email before clicking on any links or opening/downloading any files, I had a look at who the email was from (by clicking on the email address) - and it was definitely not ASIC.
The address attempted to look like an ASIC address - email@example.com - so could easily catch out many people.
Another giveaway was that there was no mention of my name, or business name in the email - it seemed very generic.
I also used the 'Quick Look' feature in my Mac Mail to preview the web page associated with the 'Pay now' link. (Hover to the right of the link and click the 'down-arrow'. You can also just hover the mouse over the link to see what website it links to. On the iPad or iPhone, hold your finger on the link to see a screen that shows the link's website address at the top.)
And boy, did the preview look authentic. But the giveaway was that the website shown at the top (see the red arrow above) was NOT ASIC.
What would have happened if I 'clicked'?
In fact, the 'Pay now' link did actually 'redirect' to the real ASIC website (after first taking me to the eoaclk.com website). Obviously the scammers want you be believe they are ASIC, so that you will click the 'renewal notice' link a bit further down.
Clicking the 'renewal notice' link would have downloaded malware, a virus, or even ransomware - so I dared not click it on my Mac to find out which! (I could see on my iPhone that this link would have downloaded a ZIP file to the computer - I'm sure containing all sorts of 'nasties'.)
Here is the article on the ASIC website, describing this scam.
Be alert to scam emails like this. Always be sure the sender is legitimate before clicking any link or downloading/opening any file in an email.
Do you need further help?
We have a free video that demonstrates how to detect a fake email - here is the link:
If you need further help in assessing whether an email is real or a fake, you can forward the email to iTandCoffee (at firstname.lastname@example.org) and we will check it for you to let you know if it is safe.
If you are looking to learn more about your Mac, why not attend our great class series, called 'Getting to know your Mac' - check out the dates below.
Become a member of The iTandCoffee Club
2/6/2017 0 Comments
I had a visit from my lovely Aunty V this week. Her Windows computer had, recently, been regularly popping up messages saying that she had lots of problems with her computer.
A product call Win Tuneup Pro had somehow made its way onto her computer - she's not sure how - and she was concerned about what it was, and whether her computer did have the level of problems reported by Win Tuneup Pro.
Googling Win Tuneup Pro comes up with a long list of search results about this product being classified as 'Malware'.
What is Win Tuneup Pro
Like MacKeeper on a Mac, these results show that Win Tuneup Pro is classified as an 'adware' product, trying to convince you that you have non-existent problems and that you should pay them money to fix these non-existent problems.
The best approach is to remove it!
How do you remove a product like this?
To remove Win Tuneup Pro, we went to the Control Panel and chose the 'Add or Remove Program' option (Aunty V's computer is still on Windows 7). After finding Win Tuneup Pro in the list of programs, we selected it and chose the 'Uninstall' option.
However, the 'uninstall' seemed to 'stall'.
How to force the removal of a product like this
So we downloaded an excellent product call Malwarebytes and ran it. Malwarebytes is a free product that can remove products like Win Tuneup Pro - products that have been classified as 'malware'.
Malwarebytes found all the 'hidden' files and registry entries on Aunty V's computer and 'quarantined' them, so that we could easily delete them.
Then, lo and behold, Win Tuneup Pro was gone - finally uninstalled!
Where did this product come from?
But how did this product make its way onto Aunty V's computer, especially given that she has AVG anti-virus software running on it?
Products like Win Tuneup Pro can get onto your computer when you download other free software. They are sometimes bundled with another product, and you don't realise that you have installed more that the product you intended to install.
The best approach when downloading free software is to make sure you get it from the maker's website. Sometime when you download software from other sites, you will get a 'bundle' of other software that you did not ask for.
(A word of warning though - even free software from the maker's site can sometimes come with 'stowaways'. An example was the free video converter Handbrake, whose download was compromised by hackers recently. This was quickly fixed, but as a user of Handbrake, it was worrying to think how easily one can fall victim to malicious downloads - even when 'playing by the rules'.)
Related Handy Hints and Articles
This week saw another iTandCoffee client with unwanted MacKeeper files on her computer. When Malwarebytes was run to detect any malware resident on her computer, it popped up with several items relating to MacKeeper - even though MacKeeper had been removed from the computer at some point in the past.
Co-incidentally, I received a newsletter from MacWorld on the same day, with an article that outlines how to full remove MacKeeper from you computer.
So, for anyone who might be interested in how to FULLY remove MacKeeper from their Mac, here is the MacWorld article.
What's on at iTandCoffee ?
Join us for a short, fun 'topic of the day' classes known as PTT sessions (Personal Training for your Technology fitness!) - these are run on a regular basis. Or join any of our other classes shown below to learn so much about your technology.
If you have questions, why not join our The iTandCoffee Club to attend fun and informative 'user group' meetings.
All classes are run as online classes (using Zoom) which means you can attend from anywhere.
27 Sycamore St, Camberwell, Victoria Australia
Call 1300 885 420
to book an appointment or class, or to enquire about our services and products
SENIORS CARD WELCOME HERE:
Seniors Card holders qualify for a 10% discount on all classes booked and paid for online (excludes PTT sessions and classes already discounted during COVID-19 crisis). To activate the discount at the time of booking, select Redeem Coupon or Gift Certificate and enter 10OFFSEN before selecting Pay Now.
© 2012-2021 iTandCoffee Pty Ltd. All rights reserved ACN: 606 340 434