A client who visited iTandCoffee last week was concerned that her Mac may have 'caught a virus'.
She had been browsing flights, going between web pages, when a nasty message popped up in her Safari session, saying that she had a virus and that she had limited time (a count-down clock was shown) to contact a provided phone number to resolve the issue - otherwise her files would be wiped.
In this case, the pop-up that she saw in Safari was a scam, designed to make her think she had a problem when she didn't.
This one nearly made me click! Have a close look at these emails (click to enlarge) and see if you can spot the differences - the things that indicate that one is a fake.
Having only recently received a real email from ASIC about the renewal of the iTandCoffee business name, I really had to look twice (and three times) at the 'same' email that I received this week.
Given that I have registered two business names, my initial reaction was to believe that the email was real. Can you tell which one is real?
Working out which is legitimate
But, as I always do with any email before clicking on any links or opening/downloading any files, I had a look at who the email was from (by clicking on the email address) - and it was definitely not ASIC.
The address attempted to look like an ASIC address - firstname.lastname@example.org - so could easily catch out many people.
Another giveaway was that there was no mention of my name, or business name in the email - it seemed very generic.
I also used the 'Quick Look' feature in my Mac Mail to preview the web page associated with the 'Pay now' link. (Hover to the right of the link and click the 'down-arrow'. You can also just hover the mouse over the link to see what website it links to. On the iPad or iPhone, hold your finger on the link to see a screen that shows the link's website address at the top.)
And boy, did the preview look authentic. But the giveaway was that the website shown at the top (see the red arrow above) was NOT ASIC.
What would have happened if I 'clicked'?
In fact, the 'Pay now' link did actually 'redirect' to the real ASIC website (after first taking me to the eoaclk.com website). Obviously the scammers want you be believe they are ASIC, so that you will click the 'renewal notice' link a bit further down.
Clicking the 'renewal notice' link would have downloaded malware, a virus, or even ransomware - so I dared not click it on my Mac to find out which! (I could see on my iPhone that this link would have downloaded a ZIP file to the computer - I'm sure containing all sorts of 'nasties'.)
Here is the article on the ASIC website, describing this scam.
Be alert to scam emails like this. Always be sure the sender is legitimate before clicking any link or downloading/opening any file in an email.
Do you need further help?
We have a free video that demonstrates how to detect a fake email - here is the link:
If you need further help in assessing whether an email is real or a fake, you can forward the email to iTandCoffee (at email@example.com) and we will check it for you to let you know if it is safe.
If you are looking to learn more about your Mac, why not attend our great class series, called 'Getting to know your Mac' - check out the dates below.
Become a member of The iTandCoffee Club
I had a call from my lovely Aunty V during the week, after the news came out about yet another 'ransomware' attack.
She asked me if I could explain a term that was being used in news reports, about the need to 'patch' your computer to ensure that you are protected against attacks.
What does 'patching' mean?
Microsoft, Apple, Google (i.e. Alphabet) are constantly working on the software that runs our computers and mobile devices (know as operating systems), to ensure that evil-doers cannot gain access to our devices and lives via the internet.
Microsoft's computer operating system is Windows. Apple's computer operating system is OS X or, more recently, MacOS. Apple mobile devices run iOS, and many other mobile devices run Google's Android operating system.
All of these operating systems are, at times, targeted by hackers who try to find 'holes' in the security of these system, so that they can sneak in and steal stuff from computers that run the operating system - or even (in the case of ransomware) scramble all the information that is on the computer so that we can no longer use it.
(I'll leave you to read up about ransomware in this article from Wikipedia: Ransomware - Wikipedia.)
Most commonly, it is Windows that is the target of such attacks (as has been the case with the last two highly publicised 'ransomware' attacks).
Microsoft, Apple and Google have, in most cases, already 'patched' the hole in their operating system security, and 'released' that patch as an 'update' to our computers' operating systems.
Any computer on which the 'patch' is installed is protected if you, inadvertently, click on a nasty link or file in an email or on a website that might have otherwise taken advantage of the security hole.
Are you patched?
On some computers and mobile devices, these updates (patches) are automatically installed.
The problem is that many computers have not been 'patched' because the business or individual user of the computer has not installed the updates that have been made available.
This has left them at risk of falling victim to the ransomware attacks that seem to be getting more and more frequent.
How to check and how to patch
The big question is how do you 'patch' your computer or device.
To help you with this, we have included some 'how to' articles about below, that will (hopefully) help you ensure your computer or mobile device is up to date with all 'patches'.
We are here to help if you need assistance
We know that for many of our clients and subscribers, the information provided in the above articles will still leave them unsure how to proceed.
If you need assistance with this area, iTandCoffee is available for one-on-one appointments at the shop in High Street Glen Iris, or in your own home (depending on location).
Over-the-phone support can also be provided if required.
Just call 1300 885 420 or email firstname.lastname@example.org to make an appointment.
Recently, I published an article about a scam that caught out a young client, and resulted in a charge of over $500 on his credit card and some scammers from India gaining access to his Mac computer.
This scam has also impacted THREE iTandCoffee clients during the past fortnight.
All of these clients contacted iTandCoffee to say that they had received a strange message on their devices while using their web browser. Two were Mac users, and one was a Windows user.
This message told them they had a virus and needed to contact a 1800 number. Here are some images of messages showing variations on the same theme.
In each case, the client's web browser locked up, rendering them unable get rid of the message and go to any other web page.
In two cases, the clients called the 1800 number and allowed the scammers to get onto their computers. Fortunately, they realised they were being scammed when they were asked for credit card details.
But the scammers still had access to their computers!
Needless to say, these two clients were very distressed when they called iTandCoffee.
The first thing we asked them to do was to turn off their internet and shut down the computer. iTandCoffee was then able to subsequently remove offending software that the scammers installed, and the clients are now back up an running.
PLEASE DON'T GET CAUGHT BY THIS SCAM ON ANY OF YOUR DEVICES.
This type of message can also appear on your iPad or iPhone.
You DO NOT have a virus. DO NOT call the 1800 number.
The scammers are trying to
Here are a couple of past articles that tell you what to do if your web browser does get locked up by one of these scams.
If you are concerned you have been caught out by this, or need help to sort unlock your browser, please contact iTandCoffee to make an appointment.
We can walk you through what to do over the phone, or in-shop at 34 High Street Glen Iris, Victoria. If you are in Melbourne, we can do a home visit to help sort you out. (Please note that charges apply for all appointments.)
7/8/2016 2 Comments
In another recent article on the blog, I told the story of a young man whose Mac Safari session had appeared to be under attack - locking up and preventing him from doing any web browsing.
Even if he closed Safari, even when he restarted his Mac, he could not stop this nasty screen taking over his browsing session.
This is a form of Malware, and to stop it occurring, it is necessary to access Safari Preferences and Remove Website Data ...
However, how do you get into the Safari preferences if this screen keep taking over and preventing any selection of Safari options?
Find out how to resolve this sort of problem in this week's Handy Hint, for iTandCoffee Club Members.
An iTandCoffee client contacted iTandCoffee this week after receiving an extremely concerning message on her iPad. She wrote:
"I am sending you a snap shot of my iPad screen showing a pop notice that I have now received twice which renders my Safari inexcessable unless I action the okay option at the bottom, which then brings up some slightly alarming boxes."
This message is a form of Ransomware, a scam designed to force you to pay money to fraudsters and perhaps even give away your credit card details.
If you click OK on a Windows or Android computer, you may find your device has been locked up by a virus, asking you to pay the 'ransom' in order to 'release' your device. In actual fact, all that is required in this case is the removal of the virus - here are articles on how to do this on Android and Windows.
Fortunately for this iTandCoffee client, the message came up on her iPad - so clicking OK did not have had any ill effects, other than to give a big fright. (This is just one of the great advantages of Apple devices - scams like this do not work on iPads and iPhones.)
But this client was still 'stuck' by the message in Safari, as it seemed to have 'hijacked' her Safari and was stopping her from getting to any other functions in Safari.
How to deal with scams that 'lock up' your Safari on your iPad or iPhone
It is quite easy to resolve such a problem - by resetting your Safari browsing history and website data.
Go to Settings -> Safari and tap on Clear History and Website Data
Once you have done this, you will find that you can start up a fresh Safari session that is free of the fraudster's message.
I just received a SPAM email that really made me take a second look, as they were very clever in how they made this email look like it had come from the ATO.
While it is pretty obvious that it is not legitimate - even the amount of the refund that is show in pretty ridiculous - I figure it is worth mentioning because of certain aspects that make it look legitimate.
When you look at who the email is from - by clicking on the sender to see the 'from' email address - it certainly looks like the ATO (see the second image below, which shows the 'From' address that shows, which is email@example.com).
Even the link in the body of the emails seems to be a link to the ATO website, since it starts with 'https://www.ato.gov.au/'.
What completely gave this one away as an absolute scam was that, when I inspected the link that was shown, it was actually going to take me a totally different website (certainly not the ATO) that would have immediately downloaded a file to my computer - a file that probably contained a nasty piece of Windows malware (or worse).
Because I am on a Mac, this would not have caused my computer any harm - but the same would not have been true if I was using Windows.
So, don't be fooled if an email 'looks like' it comes from a legitimate source, and perhaps has a link that 'looks like' it is taking you to a legitimate website. What you see is not necessarily what you get!
How did I work out that the link in the email was fake?
To check any link that has been sent in an email, I right-click on it and choose Copy Link.
Then, I open a Word document. Right-click in the body of the new document and choose Paste to paste the copied link into the document. What you will then see is the real address behind the link, instead of the fake address that showed in the email.
Just make sure that you choose the right-click and not the left-click!
Once again, the rule of thumb is to never trust an email that asks you to click a link! (Of course, the exception is the iTandCoffee Newsletter!).
Please beware of an email scam that is doing the rounds again, and that may come in two different forms.
A client of iTandCoffee received one of these only this week.
In both types of scam, the email says that you have missed delivery of a parcel or letter, and that you need to pick it up from the Post Office.
It may look like an official Australia Post (or other major courier) email, but its is almost definitely not! It may even have your name and address in it. Do not be fooled. If you think there might be a parcel waiting for you call or visit the Post Office nearest you to check.
DO NOT click on any attachment in this email.
DO NOT click on any link in the email.
What would happen if you do either of the above?
In one of the scams, clicking on the link or the attachment may install something called 'ransomware', which will lock up your computer until you pay some money - sometimes a significant amount of money! I have included an article below that describes this type of malicious software in more detail.
In the other scam, you will be asked to pay some money to print off a docket to take to the Post Office. The price they will ask for is not much - but their aim is to steal your the credit card details that you enter.
Contact iTandCoffee (1300 884 420 and firstname.lastname@example.org) if you have any queries on the above, or if you get any emails that you are unsure about. I am only too happy to look at the email and advise whether it is safe.
If you are interested in reading more, here are links with further information about these scams.
I must say that, until recently, I didn't have any anti-virus products on the Macs that I use for my work. I am very careful about what sites I visit and what I click on if ads pop up. So I have never had any problems.
However, my recent visits to two clients have caused me to re-think my unprotected status, and I have now download a free virus scanning tool and run regular checks of my Mac.
Two iTandCoffee clients with Adware Trojans on their Macs in one week!
The first iTandCoffee client had a problem with Safari on her Mac.
When she visited the Webjet website and tried to book flights, her Webjet session seemed to be 'hijacked' and all sorts of advertisements would pop up on the screen, making it impossible to search for her flights.
Yontoo Adware Trojan causes strange Safari behaviour
Well, in this case the problem was that her computer had been infected with a Malware product known as Yontoo - in this case, most likely introduced by kids accessing illegal download sites.
The below information about Yontoo is extracted from an article on the cnet website ...
Security company Dr. Web is reporting on a new adware Trojan attack that is targeting Mac users, where malicious Web sites will trick users into installing a plugin that will track your browsing and display ads to you.
When the malware is running, affected systems will be actively tracked for browsing behaviors, and legitimate Web sites will be hijacked with ad banners and other content that attempts to lure you into clicking it.
If you have noticed similar strange behaviour in Safari (or any other web browser on your Mac), you too may have this Adware Trojan on your Mac. Check out this cnet article for details of what to do to remove the Yontoo trojan.
Genieo Adware Trojan replaces Google as search engine
A visit to a second client in the same week involved uninstalling a similar, but less obvious, Adware product that had installed itself on that client's computer.
This particular one was Genieo, which was causing every search that the client did using her Mac's Safari search bar to return results using something called Genieo - even though she had specified in her Safari Preferences that she wanted to use Google.
This was another case where a unwanted product - similar to Yontoo - had installed itself as part of the download of another legitimate product.
If you notice similar behaviour on your own Mac, check out this article for information about Genieo and how it appeared on your Mac, and of how to remove this Adware product.
Products for detecting and removing malware from your Mac
For an article that looks at various options for anti-malware products for Mac (many of which are free), check out the below article scooped on the iTandCoffee Scoop.it page recently.
Contact iTandCoffee if you need help with getting rid of malware or installing an anti-malware product on your Mac - call n1300 885 420 or email email@example.com.
What's on at iTandCoffee ?
Below is our list of videos, classes and other events that are coming up soon.
Videos shown are offered for eligible members of the iTandCoffee Club.
If you have questions, why not join fun and informative 'user group' meetings, held once a month.
All iTandCoffee classes are run as online classes (using Zoom), which means you can attend from anywhere.
27 Sycamore St, Camberwell, Victoria Australia
Call 1300 885 420
to book an appointment or class, or to enquire about our services and products
SENIORS CARD WELCOME HERE:
Seniors Card holders qualify for a 10% discount on all classes booked and paid for online (excludes PTT sessions and classes already discounted during COVID-19 crisis). To activate the discount at the time of booking, select Redeem Coupon or Gift Certificate and enter 10OFFSEN before selecting Pay Now.
© 2012-2023 iTandCoffee Pty Ltd. All rights reserved ACN: 606 340 434