Instead of getting you out of a jam, tech support scams get you into one. And they can get costly.

Tech support scammers had a banner year in 2022. They raked in more than $800 million in the U.S. alone, according to the FBI’s list of reported cases. The actual figure climbs higher when you factor in all the unreported cases. And it goes yet higher still when you consider all the victims worldwide.

In all, tech support scams make up a multi-billion-dollar industry.

They make their money several ways. Sometimes the scammers who run them charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis, but access your computer to steal information instead. Or they could hit you with several of the above.

You can stumble across these scams on your own as you go about your day online. Other times, they find you, such as when the scammer calls you directly.

One of our employees shared his story when a tech support scammer called his wife out of the blue:

I was messing around on my computer before dinner. My wife came in with a strange look on her face as she told the person on the phone, “I think you might want to talk to my husband about that.” Once on the phone I was greeted with, “Hi, this is Rick from Windows support and we’re calling because your computer is sending junk files to the internet.” I knew there was no way he was from “Windows support” since a reputable company isn’t going to call me up out of the blue like this, but as a security researcher I was curious, so I jumped right in.

“Rick” said that to fix my issue he needed me to install a free remote access tool and give him access to my system. Letting an unknown person access my actual computer seemed like a bad idea, so I let him log on to a “virtual machine” that I use for security testing. The first thing he did was turn off my security software, including the antivirus and firewall. After doing that, he downloaded a file that he tried to install. Since I had additional security software in place he wasn’t aware of, the installation failed each time he tried to run it. At this point, I had the file he was trying to install, the IP address he was connecting from, and the site he used to get the malicious file. I told “Rick” that I work for a security company and would like to know what he was actually looking for. I’m fairly certain he hung up before I completed my sentence.

Sure enough, after the call, a malware scan confirmed that “Rick” wanted to install a remote access tool (RAT) that would have given him full control of the computer.

That’s one example of how these scams go. They get costly too. The FBI further reported that the average loss for a tech support scam approached $25,000. In some cases, pop-up “security alert” ads spearheaded scams that cost people $200,000 and upwards to $1 million.

Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.

 What do tech support scams look like?

Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.

First, there are the scams that track you down.

This might be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they might reach you by way of a pop-up ad. Again telling you that your computer or device needs urgent repairs. These can find you a few different ways:

By clicking on links from unsolicited emails.
From pop-up ads from risky sites.
Via pop-ups from otherwise legitimate sites that have had malicious ads injected.
By way of spammy phone calls made directly to you, whether by robocall or a live operator.

Second, there are the scams that lie in wait.

These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads on social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:

Online classified ads, forum posts, and blog sites.
Ads on Social media sites such as Facebook, Reddit, YouTube, and Tumblr.
Search results—scammers place paid search ads too!

How to spot and avoid tech support scams

With regards to ads and search results, keep an eye open for typos, awkward language, or poor design and logos that look like they could be a knockoff of a trusted brand. Check our top tips to spot tech support scams of what these ads and search results look like.
Don’t fall for the call. If someone calls you with an offer of “tech support.” Chances are, it’s a scam. And if they ask for payment in gift cards or cryptocurrency like bitcoin, it’s absolutely a scam. Just hang up.
Note that big tech companies like Apple and Microsoft won’t call you with offers of tech support or an alert that “something is wrong with your computer.” Such calls come from imposters. Moreover, in many cases, the company will offer free support as part of your purchase or subscription that you can get on your own when you need it. (For example, that’s the case with our products.)
Don’t click or tap on any links or call any numbers that suddenly appear on your screen and warn you of a computer problem. Again, this is a likely sign of an attempted scam. Often, this will happen while browsing. Simply close your browser and open a fresh browser window to clear the ad or link.
Go to the source. Contact the company directly for support, manually type their address into your browser, or call the number that came with the packaging or purchase. Don’t search. This will help you avoid imposters that clog up search results with bogus ads.
Protect your browsing. Use a web protection extension that can spot malicious sites and help prevent you from clicking on them by mistake. Comprehensive online protection software will offer protection for your browsing, in addition to protection from malware and viruses.
Remove your personal info from data broker sites. How did that scammer get your phone number in the first place? Scammers often purchase personal information in bulk from data broker sites, which can include your phone number. Our Personal Data Cleanup can help you remove your information from some of the riskiest data broker sites out there.

Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download on your own, get it from the company’s official website. Stay away from third-party sites that might host malware.

What to do if you think you’ve been scammed:

Change your passwords. This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier.
Run a malware and virus scan right away. Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well by gaining access to one device on your network.
Stop payment. Contact your bank, credit card company, or online payment platform to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services don’t.)
Report the scam. In the U.S., you can contact the Federal Trade Commission, which reports the claim to thousands of law enforcement agencies. While they can’t resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?”

The post Be on the Lookout for Scam Tech Support Calls appeared first on McAfee Blog.

Read More

Interesting research: “An Empirical Study & Evaluation of Modern CAPTCHAs“:

Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile, CAPTCHAS have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans. Given this long-standing and still-ongoing arms race, it is critical to investigate how long it takes legitimate users to solve modern CAPTCHAS, and how they are perceived by those users.

In this work, we explore CAPTCHAS in the wild by evaluating users’ solving performance and perceptions of unmodified currently-deployed CAPTCHAS. We obtain this data through manual inspection of popular websites and user studies in which 1, 400 participants collectively solved 14, 000 CAPTCHAS. Results show significant differences between the most popular types of CAPTCHAS: surprisingly, solving time and user perception are not always correlated. We performed a comparative study to investigate the effect of experimental context ­ specifically the difference between solving CAPTCHAS directly versus solving them as part of a more natural task, such as account creation. Whilst there were several potential confounding factors, our results show that experimental context could have an impact on this task, and must be taken into account in future CAPTCHA studies. Finally, we investigate CAPTCHA-induced user task abandonment by analyzing participants who start and do not complete the task.

Slashdot thread.

And let’s all rewatch this great ad from 2022.

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The installation of Active Directory (AD) on Windows Server 2019 calls for a thorough understanding of technical nuances and a steadfast dedication to security best practices. This guide will walk you through the process of securely implementing Active Directory, ensuring the highest level of protection for the information and resources within your company.

Planning and design

Start by carefully planning and designing. Analyze your organization’s requirements, network topology, and security requirements in great detail. Establish the necessary number of organizational units (OUs), domains, and user and group structures. Make a thorough design plan that complies with your organization’s compliance standards and security guidelines.

Installing Windows Server 2019

Install Windows Server 2019 on a dedicated system that satisfies the system minimums. Use the most recent Windows Server 2019 ISO and adhere to recommended procedures for a secure installation. Set a strong password for the Administrator account and enable Secure Boot if it is supported in the BIOS/UEFI settings for hardware security.

Choose the right deployment type

Select the domain controller (DC) installation as the Active Directory deployment type. By doing this, you can be confident that your server is a dedicated domain controller overseeing your domain’s directory services, authentication, and security policies.

Install Active Directory Domain Services (AD DS) role

Add the Active Directory Domain Services (AD DS) role to Windows Server 2019. For the installation, use Server Manager or PowerShell. Select the appropriate forest and domain functional levels during the procedure and specify the server as a domain controller.

Choose an appropriate Forest Functional Level (FFL)

Select the highest Forest Functional Level (FFL) compatible with your domain controllers. This enables access to the most recent AD features and security upgrades. Examine the FFL specifications and confirm that every domain controller currently in use can support the selected level.

Secure DNS configuration

AD heavily relies on DNS for name resolution and service location. Ensure that DNS is configured securely by:

a. Using Active Directory Integrated Zones for DNS storage, enabling secure updates and zone replication through AD.

b. Implementing DNSSEC to protect against DNS data tampering and for secure zone signing.

c. Restricting zone transfers to authorized servers only, preventing unauthorized access to DNS data.

d. Implementing DNS monitoring and logging for suspicious activities using tools like DNS auditing and query logging.

Use strong authentication protocols

Configure Active Directory to use strong authentication protocols such as Kerberos. To stop credential-based attacks, disable older, less secure protocols like NTLM and LM hashes. Ensure domain controllers are set up to favor robust authentication techniques over weak ones when performing authentication.

Securing administrative accounts

Safeguard administrative accounts by:

a. Creating complicated, one-of-a-kind passwords for each administrative account, following the password policy guidelines, and rotating passwords frequently.

b. Adding multi-factor authentication (MFA) to all administrative accounts to improve login security and reduce the risk of credential theft.

c. Enforcing the principle of least privilege, role-based access control (RBAC), and limiting the use of administrative accounts to authorized personnel only.

d. To reduce the attack surface and potential insider threats, administrative account privileges should be regularly reviewed, and extra access rights should be removed.

Applying group policies

Leverage Group Policy Objects (GPOs) to enforce security settings and standards across your Active Directory domain. Implement password policies, account lockout policies, and other security-related configurations to improve the overall security posture.

Protecting domain controllers

Domain controllers are the backbone of Active Directory. Safeguard them by:

a. Isolating domain controllers in a separate network segment or VLAN to minimize the attack surface and prevent lateral movement.

b. Enabling BitLocker Drive Encryption on the system volume of the domain controller to safeguard critical data from physical theft or unauthorized access.

c. Setting up Windows Firewall rules to restrict inbound traffic to critical AD services and thwart potential dangers.

d. Performing regular domain controller backups and securely storing those backups to protect data integrity and speed up disaster recovery. Create system state backups using the Windows Server Backup feature, and for redundancy, think about using off-site storage.

Monitor and audit

Implement a robust monitoring and auditing system to detect potential security breaches and unauthorized access. Employ Security Information and Event Management (SIEM) solutions for thorough threat monitoring, set up real-time alerts for crucial security events, and use Windows Event Forwarding to centralize log data for analysis.

Perform regular backups

Create regular system state backups of Active Directory to ensure data integrity and quick recovery in case of data loss or disaster. Periodically test the restoration procedure to confirm its efficacy and guarantee that backups are safely kept off-site.

Conclusion

By following this technical guide, you can confidently and securely implement Active Directory on Windows Server 2019, ensuring your organization has a robust, dependable, highly secure Active Directory environment that safeguards valuable assets and sensitive data from the constantly changing threat landscape. Always remember that security is a continuous process, and maintaining a resilient AD infrastructure requires staying current with the latest security measures.

Read More

Experts welcome efforts to safeguard society from emerging technologies

Read More

Espionage campaign shares similarities with previous attacks

Read More

Threat actors use several evasion techniques to stay hidden

Read More