Tis the Season: Overtime is Authorized!


That seems to be the current trend for the scammers and bad guys as is evidenced by the above screenshot from one of my Gmail accounts. Between the hustle of the season and the too-good-to-be-true deals, the bad guys are hitting the emails pretty hard. Perhaps it’s for a noble cause such as buying a new hearing aid for dear ol mom, but more than likely, it’s just that they want to take your money for their own personal gain. Either way, it pays to keep your eyes peeled more than ever during this time of year.


This means doing some basic things such as looking for the padlock in your browser on sites you are going to make a purchase from. No lock, no buy! See these examples and look for the lock!

secure1    screenshot_2016-11-28-12-55-11

Also, if you receive emails about package delays and/or delivery status with an attachment, DO NOT OPEN THE ATTACHMENT. Instead, if you are really concerned, log in to the account you placed the order from and see if there is an updated order status there. In 99% of cases, if there is a delay, they will include a tracking number in the email (not the attachment). Copy that tracking number (don’t click the link!) and paste it in to Google. It will usually point you in the right direction. If not, go to the website for the shipping company (not from a link in the email) and track it there.


Stay safe and have a great holiday season!

Erich’s “What in the (cyber) world is going on?” 11-28-16 edition


I hope everyone had a great Thanksgiving weekend, US peeps or not. I’ve been a bit busy working on my Raspberry Pi powered music-synced Christmas light project and have made some headway in that department. It’s going to be fun seeing if I can muster the time to get that up and running. That being said, let’s move on to events of the last week or so:

San Francisco’s SFMTA (San Francisco Municipal Transportation Agency) Popped with Mamba Ransomware

Sucks to be them. Word is over 2112 machines were impacted by the MBR encrypting ransomware. Customers got free rides since the ticketing system was offline and they couldn’t just shut down the system. On a another note, the uber-cool Javvad Malik was quoted in the article as well.




Santa (well, the Russian version) got hacked

It looks like a bunch of kiddo’s that just wanted new toys, or food, or heat, or whatever in Russia have had their info (name, address, phone#, etc.) posted online thanks to 55 compromised websites. Oops. Just a friendly reminder to be careful what info you put out there. I’m not sure why the sites would need all this info as Santa already knows where everyone is (perhaps the Russian version is behind the times?) and what they want. The dude is kind of creepy and looks like he belongs in a windowless van with “Free Candy” written on the side of you ask me, but I’m just one guy.




Homeland Security Chief Cites Phishing as Top Hacking Threat

Looks like my message got through to Jeh Johnson as he stated that phishing is the top hacking threat. Not groundbreaking I know, but it’s nice to see the leadership acknowledging it. I’m sure he heard it from me and I’m available for interviews if you need me.  😉


Madison Square Garden Was Breached… For a Flippin Year.

So, yeah, “Cards used to purchase merchandise and food and beverage items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater and Chicago Theater between Nov. 9, 2015, and Oct. 24, 2016, may have been affected“. C’mon man!  SMH



So, I figured I’d put this out there as a shameless plug for my, myself and I. These are the things I’m up to in the next week or 2:

As always, if you have an event and need a speaker that can talk about ransomware, phishing and other similar fraud, let me know.


Have a great week

It’s that time of year – Beware of scammers more than ever


As we roll in to Black Friday here in the US, the scammers are not taking any time off. In the hype of “too good to be true” deals, scammers operate more easily. After all, “70% off an iPhone” doesn’t raise an eyebrow this time of year. In addition, emails about a delayed shipment or something similar, will be hitting pretty hard.

Make sure that you hover over links in emails with your mouse (<- good info there!), to make sure you know where the link is actually taking you. When in doubt, go to the page directly and do NOT open attached emails.

Stay Safe everyone!

Erich’s “What in the (cyber) world is going on?” 11-21-16 edition

So, yeah… I’ve been away for a bit. Been a pretty crazy last few weeks with a lot of traveling and some illness tossed in for good measure. Hanging out in “germ tubes” (some people call them airplanes) may have caught up with me, but things have not stood still, so let’s get started…


There was this election thingy.

Some folks are too happy, some are too sad, I for one am thrilled that the TV commercials are done. I spent about a week peeking in to Facebook and leaving quickly to avoid the drama. It’s dropped off a bit (for me it seems) but there is still a lot of emotion going on. What does that mean? Phishing emails.

Any time there is an emotional or controversial event, expect that the bad guys are going to try to capitalize on it, and be careful what you click on. In addition, the light has been brought on a number of fake news stories and other clickbait. Do your part to remain calm when you read something and make sure clicks are taking you where you want to go.


Black Friday

I’m already seeing a number of reports of Black Friday themed phishing emails going around. Be careful, if it looks too good to be true, it still might be even with BF going on. Hover the links and look at the reply addresses.


Crysis decryption keys posted

And in some good news, it looks like these folks have taken their ball and gone home. If you were hit by Crysis ransomware, check out BleepingComputer for a possible key. There is more on this in the KnowBe4 blog post today.


Madison County Indiana had a crappy week

The folks in Madison County Indiana has a pretty lousy time when they got hit by ransomware and were down for about a week. It only impacted little things like, you know, the jail and stuff. here are a couple of my favorite quotes from the stories I saw:

Herald Bulletin

Lisa Cannon, director of the county’s IT department, said the county will make sure the system is secure before new data is placed in the system. “We’re in the process of adding a backup system,” she said.

Infosecurity Magazine

“…both first responders and civic officials are logging all calls for service by hand. Anderson Police, the Madison County Jail and the county court systems are locked out.”

“On the sheriff’s office side, we cannot book people into jail using the computers. We are using pencil and paper like the old days.”

I’m thinking they should train their users as well.


New strain uses Social Media profile of victim

The folks at ProofPoint found a new variant of a browser locker called Ransoc that uses social media information to add credibility to a totally BS extortion attempt. According to multiple FBI Special Agents I have done presentations with, they will never notify you that you should pay a fine like this. They prefer the old knock on the door and show a badge method. Besides that little detail, I do like the ol’ “All money will be refunded to you if you are not caught again within 180 days.” touch. Nice try.



That’s about all I have for today. Take care and be safe