Christian got a free tablet from Caesar's Palace. Leo says it's possible that there's a gambling game on it that will pay for itself. So it's important to be "look a gift horse the mouth." There is no free lunch, and any device that gets on your network can "play with things." Even if all they are doing is selling your activity. So how legit can it really be? But Caesar's is a legitimate company, so it may just be worth it to send it to him. The more you play, the more money they will make. That's how gambling works.
Heather calls in to talk about a client who got bit by a browser hijack. Leo says the first thing to do is get him off Windows, where he's most vulnerable. If that's not an option, get him to run as a standard or limited user and not an administrator. The browser hijack and malware can't install themselves as a standard user.
Why does her client keep getting hit over and over? Leo says it's because of his behavior. They keep repeating the same behavior that causes them to get hit. The key is to change the user behavior. That's the only way it will stop.
Leslie teaches the blind to use computers, and one of his students is getting a popup for a "system optimizer." Leo says that it's a scam. Those popups are designed to get user credit cards by showing false positives from the Windows Event Viewer. The popup isn't actively harmful, but it is annoying. He can go into Programs-Features-Find PC Accelerator Pro and remove it. If it isn't there, then he'll need to Google PC Accelerator Pro Removal Guide. But be careful, some of those can be malware themselves.
Char has discovered a new scam like the old Nigerian scam. Leo says that the Secret Service calls it the 419 scam. This new scam is a variation that seeks to lure one through a lost relative or old school classmate. Leo says that those records are online and they can be inserted. It's very common. So common that Americans were bilked for over $50 million last year.
And remember, if it sounds too good to be true, it IS.
Check out the book The Confidence Game by Maria Konnikova
Bill thinks his network has been infected because his email won't let him send anymore. It's completely missing. Leo says to make sure the SEND port is correctly configured in the email client (in this case Thunderbird). It's the SMTP server and it usually runs port 587. The scam came from "Spectrum" and "Thunderbird Help" that said he was having a driver issue. Leo says that's a scam. Email doesn't use drivers. It just uses an internet connection.
Rio James recently got an email thanking him for payment and comes with a statement attached. But he never made such a payment. He knew right away that it was a phishing scam. Leo agrees, saying that the idea is to get him to open an attached PDF File that has been corrupted with a worm or virus. In many cases, it's harmless if the software and Windows are updated. If not, then it can take over a machine. The whole idea is to play on fear and greed, even curiosity, and get him to click on the link without thinking. So RJ was wise not to open it.
Much like phishing and spear-phishing, VISHING is the latest online scam designed to steal your logins. Only VISHING uses voicemail to do it, according to the FBI and the Cyber Security Agency (CISA). They are targeted attacks on employees of corporations using voicemail to get users working at home to call back and then use social engineering to steal VPN credentials. Check out Brian Krebs' article here.
Matt's mom got bit by a remote access scam and he's gotta clean up her computer to make sure it's secure. Leo says it's a common scam designed to get one to launching the "event launcher" which will show "red x's", which Leo says are perfectly normal. But if she doesn't know that, it'll make her think there's something wrong with her computer. But there isn't. Then they'll try and get her to give them a credit card to pay to fix it remotely. That gives them her credit card. Once that's done, they'll tell her they need remote access.
Brad says that his company email looks to be compromised. Leo says it's more likely his email address has been "spoofed" by spammers, and it's really easy to falsify or spoof a reply email address. Sooner or later, they will move on to a new random return address. That's why everyone gets spam and even bounced back emails that don't work. So it's unlikely Brad's email address has been compromised, just spoofed.