dfwci.com

Posted on 13th March, 2013 | No Comment

AT&T Wireless Billing Phishing SCAM

A very disturbing new phishing scam looks exactly like your monthly AT&T Wireless billing notification.

If you’re like many iPhone users, you receive a monthly notification that your wireless bill is ready to be viewed online.

What you may not notice is your next “reminder” is not at the usual time in your billing cycle and you may click on the link to log in and… KAFLOOEY! (that’s the technical term) – your identity is promptly tossed into the garbage disposal.

Watch out for these SCAMs.

Before you click on any link in an email, hover your mouse (DO NOT CLICK) over the link and observe the destination in the gray bar across the bottom of your browser or email client window to determine the destination. If it is really ATT.com, you’re OK. If not, DELETE it immediately.

The current crop of SCAMs look like this:

Subject: Your AT&T wireless bill is ready to view
Sender: AT&T Customer Care
(this is the correct address – but not the REAL address this crap is coming from)
REAL source: account birchingy9@hemc.net
(plus a lot of other spoofed addresses)

These come in a lot of “flavors” so I won’t bother to include the websites you’ll be redirected to. Just check before clicking or you’ll spend six months un-wrecking your credit.

Let’s all be careful out there!

Posted on 27th February, 2013 | No Comment

But wait! There’s more…

How about a phishing scam from FDIC?

Your very first clue in this bad boy is the sender’s address. Anything in cyrillic is clearly bogus, right? (of course)

Subject: Special requirements for your account security
Sender: ????.??????@fdic.gov
(See what I mean? And once again, any domain ending in .de is likely not kosher…)

Return address:
(again – not the same as the Sender address – clue #2)

Message contents:

Attn: Accounting Dpt.

In order to diminish the number of wire fraud cases, we have introduced a new security system. In this connection all the ACH and WIRE transactions of our customers have been temporarily blocked until you update your security version in compliance with our new requirements.. In order to fully re-establish your account, it is required that you install a special security software. Please use the link below to read the instructions for the installation of the latest security version.

We apologize for causing you inconveniences by this measure.
If you need any assistance, please do not hesitate to contact us.

Faithfully yours,

Federal Deposit Insurance Corporation
Security Department

(In general, the grammar in this message is just enough left of center that you should be suspicious of it.)

Were you foolish enough to click on this link, you would be redirected to:
….jakmurowane.pl/templates/beez/i.php?fdic

Needless to say, you would not be happy with the outcome.

Let’s all be safe out there.
Like

Posted on 4th June, 2012 | No Comment

Until sometime in August or September of 2012, DFWCI will be on hiatus while the owner recovers from a massive spinal surgery.  Please refer to Google for alternate services until then, but send us an email and we will follow up as soon as possible.  Keep in mind this is a procedure that requires 6-12 months for complete recovery, so please be patient.

The Preston Road office is now closed and we will be doing on-site / pickup and delivery data recovery when we return.

Thanks

DFWCI

Posted on 10th January, 2012 | No Comment

Effective January 1, 2012, DFWCI no longer provides forensic services.

We will, however, continue to provide the finest data recovery services.  We will not be able to investigate the results for you, so if that is a service you need, we can no longer assist you.

Due to personal reasons, I no longer choose to participate in computer forensics, preferring to focus my energies in other directions.  Those of you who know me well will understand why.

If you’ve lost critical files, photos or emails – whether on your computer of mobile phone, contact me and I will do my best to recover your data.  As usual.

Posted on 2nd November, 2011 | No Comment

New Mac Infection

DevilRobber, the latest in a growing trend of Mac-centric infections, hijacks the GPU to generate Bitcoins, while harvesting sensitive user data.   Also known as “OSX/Miner-D”, DevilRobber was discovered embedded in “Torrent” downloads of Graphic Converter 7.4 obtained from bit-torrent file-sharing sites.

Detailed in a security report from Sophos released last Saturday, this particular Trojan operates as a keystroke logger, taking snapshots of  user activity and stealing usernames / passwords.  DevilRobber can also run information harvesting scripts “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and bash_history” to a text file.

This infestation has been found searching for “pthc” files, a term apparently associated with pre-teen hardcore porn.  The exact reason for this search is unclear at this time.

A performance-robbing capability of this infestation is it’s ability to redirect the Mac’s GPU to generate Bitcoins, a form of Internet currency, trading at roughly $3.20 USD per Bitcoin at this time.  Bitcoin Miner is the application used to create Bitcoins on a Mac, Windows or Linux system.  A local wallet is used to store generated Bitcoins and DevilRobber is capable of stealing this wallet.

Signs of infestation include a general slowdown of performance.  As always, Sophos recommends not downloading software from untrusted sources.

We recommend never downloading software from sharing sites.

Posted on 13th August, 2011 | No Comment

Did you know that photos taken with your smart phone contain GeoTracking information?  Yep.  It’s incredibly easy to find out exactly where you took any photo you upload to Facebook or Twitter (or anywhere else for that matter).

How it works:

Smartphones have a GPS built in so you can use mapping functions and a compass in addition to other native functions.  This is a very valuable tool.  However…  They also have the option to record the exact location where your photos are taken.  This information is then embedded in the picture data and follows that photo wherever it is uploaded.

Anyone who can see your photos on Facebook, Twitter or any photo sharing network can read this information and knows where the picture was taken.  This is incredibly useful to criminals, pedophiles and the like.

Think about the possibilities.

They are.

You can disable the feature in your smartphone.  For an iPhone, go to Settings / Location Services and make sure the option for Camera is turned off.

Posted on 3rd May, 2011 | No Comment

MacDefender Attacks

Just this week, Antivirus vendor Intego announced the discovery of a new and virulent strain of malware referred to as “MacDefender”, which specifically targets Mac OS X systems.  It gains access through the Safari browser, deployed as a compressed .zip file and transmitted via Javascript.

If an OS X user’s Safari preferences are set to ‘Open “safe” files after downloading’ the infection is immediately opened, launched and installed without user intervention.  The only sign of infection with be when the Malware asks for a credit card number to sign up for their bogus “virus protection”.

End users running in “Administrator” mode and with their browser preferences set to ‘Open “safe” files…’ are the most at risk.

It has been reported the the infection is also showing up directly in Google image searches.

The following steps are recommended for those infected by the MacDefender Malware.

1. Open Applications > Utilities > Activity Monitor and quit any MacDefender processes.
2. Delete MacDefender from the Applications folder
3. Check System Preferences > Accounts > Login Items for bogus entries and remove them if found.
4. Perform a Spotlight search for “MacDefender” and delete any remaining files.
5. In Safari > Preferences > General – make sure ‘Open “safe” files…’ is unchecked.
6. Do the same for any other browsers you may be running.

Posted on 19th April, 2011 | No Comment

Facebook Email Scam

Just today I received this email:

Subject: Your password is changed

Dear Customer

Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it’s automatic mail notification!

Thank you for your attention.
Your Facebook!

Attached is the file FacebookP762151.zip which is simply a viral infection.

Notice the numerous grammatical and punctuation errors.  This is your primary clue that this is a SCAM.

Never respond to these scams.  Never open the attachment.  Never bother reporting them.  Simply delete the email immediately and think nothing further about it.

Posted on 28th March, 2011 | No Comment

Everyone needs a little time off and so do we.

Therefore, we will be closed until April 11, 2011 while taking some time off to recharge our batteries.

See you when we get back.

Posted on 9th March, 2011 | No Comment

Are You Safe in Your Own Home?

Maybe not.

In fact, Probably Not – if you installed your own wireless router, that is.  Or even if you had someone else install your wireless router, you could still be at risk.  Just today there was a news story of a man who was sitting in his 12th story apartment, minding his own business when a squad of armed FBI agents burst through the door, accusing him of distributing child pornography.  He was, fortunately, innocent.  His WiFi signal had been stolen by a man in a boat almost a quarter mile away, who was allegedly using this usurped signal to distribute his library of over a million child porn images.

How could this happen?

Easy.

And to you.

Every wireless router need to be protected for you to be safe.

• By default, they are not.
• Out of the box, they are not.
• If you don’t personally see to their security, they are not.

There are three levels of security you MUST address.

First, the actual WiFi signal must be secured, requiring a Key to connect to the router.  And it needs to be a complex key.  There are numerous standards from WEP to WPA in several configurations.  WEP is incredibly easy to crack, but better than nothing.  WPA is much more secure.  If using a passphrase to create your Key, you want it to be as complicated as possible.  A combination of uppercase and lowercase letters with numbers is best.

• Never use a word from the dictionary.
• Never use your address
• Never use your name
• Never use your phone number.
• Never use your kids’ names
• Never use your pets’ names.
• Always use something complex that Your can remember but No One can guess.

Second, You MUST change the Admin login.  Preferably to something other than Admin – and again, with a very complex password.

Third, You MUST change the SSID – the “name” your WiFi signal broadcasts so you can find it to connect to it.  The default will be Netgear (something), D-Link (something), Linksys (something) etc.  Anyone trying to find a “free” WiFi signal that knows what they’re doing will be able to hack a system with the default name if they simply Google the manual for the router & use the default Admin login – if you haven’t changed it.

Attend to these three areas immediately.  If you don’t know how, contact a highly qualified technician to implement them for you.  Contact us for recommendations if you don’t know where to turn.