How to spot cryptojacking, the newest phone scam and a dangerous fax con
Welcome to Cyber Security Today. It’s Friday October 5th.
I was at the annual SecTor security conference in Toronto this week, and while most sessions were aimed at businesses and security professionals, some speakers had things to say for a consumer audience. An official from security software maker Sophos spoke about the problem of cryptojacking, which is the sneaky taking over of computers and smartphones to mine for cryptocurrency like Bitcoin and Ether for criminals. One way to know you’ve been victimized is if your computer starts slowing down. The same warning sign can come from your smartphone. Here’s another: The phone gets hot. That’s because the malware is pushing the phone’s processor to maximum power as it does the calculations for mining. Laptops will run hot, too. For a computer, if you know how to display your processor’s workload and temperature, that will show whether the power is running at full tilt. If you think you’ve been hit you’ll need to run anti-malware software. Remember also that sometimes you can be hit just by going to a web site that has been corrupted with code to take over your machine. So watch for the warning signs.
More of my stories from the conference for security pros are on ITWorldCanada.com.
This being Cyber Security Awareness Month, I’m peppering my podcast with helpful tips. Here’s one: Trying to scare people into giving up their passwords or downloading corrupted software is an old scam. Often the way it’s done is with a phone call from someone purporting to be from a software company. The latest version is a phone call from an obviously recorded voice saying, “This is in regards to security software we installed on your computer last year. Now we see a red flag error that there is a security breach on it. Call 1 866../. Don’t call that number. This is a scam. No company will telephone you about your computer.
According to security vendor Proofpoint, another old con is targeting a number of countries, including most recently the U.S. It’s an email scam with a message from a company called eFax that says a fax has been sent to you. All you have to do is click on the “Download Fax” button, or a link in the email. If you do, it opens up a message that says you have to click on buttons like “enable editing” or “enable content” for you to read the fax. What then gets downloaded is malware that will steal your password the next time you got to a bank online. If you’re not expecting a fax, ignore the message. If you are expecting a fax by email, the person sending it should include information about them and the fax to convince you it’s legit. When in doubt, delete.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.