I want to let you know that scammers are trying to utilize the phone systems to get your money. They are calling your office and letting you know that you have some kind of computer problem. They try to tell you that you have a virus or your computer has been hacked. They try to get you to go to websites or go to obscure settings on your computer to prove that you computer problems. I received a phone call from one of these scammers last week they said that they were Microsoft. I was in an odd mood and I stayed on the line with him and messed with him for 4 minutes. At the end of the phone call he called me a couple of bad words and hung up on me.
Here is another call where Thinkgeek really messed with them. http://www.howtogeek.com/180514/
I had a client call me today and let me know that they had a call from Comcast saying that they had a server that was sending out spam from a NTP server. When the tech support person sent the "official" email of the problem to the client it was sent from a Gmail account.
I had another client who had one of their clients send them an email to redirect money to a different bank. Their clients' email was compromised and the scammer was reading their normal conversations and fooled them.
Here are my recommendations:
- Be SKEPTICAL without being rude
- Do not share your email passwords and keep them complex
- Do NOT use POP email - the passwords are transmitted in clear text with every email
- Secure your mobile devices with a password
- If someone calls you check the caller ID
- If you don't know what they are saying is true, then get their number and we will call them back.
- Don't let someone that you don't know login to your computer.
- Read emails carefully.
- I have received scam emails from: Banks, Intuit, Microsoft, IRS and many other businesses that we know.
- Do not install toolbars or any programs or games that you do not need on your computer.
- If you are running Quickbooks or other financial programs on your computer I suggest that is all that you do on that computer.
Microsofts warning concerning scammers - http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
Here is the email that my client received today:
From: Jeremy C [mailto:csatech278@gmail.com]
Sent: Tuesday, January 28, 2014 3:17 PM
To: xxxx@gmail.com
Subject: NTP server issue
A public NTP server on your network, running on IP address 50.197.243.26, p=
articipated in a very large-scale attack against a customer of ours today, =
generating UDP responses to spoofed "monlist" requests that claimed to be f=
rom the attack target.
Please consider reconfiguring this NTP server in one or more of these ways:
1. If you run ntpd, upgrading to the latest version, which removes the "mon=
list" command that is used for these attacks; alternately, disabling the mo=
nitoring function by adding "disable monitor" to your /etc/ntp.conf file.
2. Setting the NTP installation to act as a client only. With ntpd, that ca=
n be done with "restrict default ignore" in /etc/ntp.conf; other daemons sh=
ould have a similar configuration option. More information on configuring d=
ifferent devices can be found here: https://www.team-cymru.org/ReadingRoom/=
Templates/secure-ntp-template.html.
3. Adjusting your firewall or NTP server configuration so that it only serv=
es your users and does not respond to outside IP addresses.
If you don't mean to run a public NTP server, we recommend #1 and #2. If yo=
u do mean to run a public NTP server, we recommend #1, and also that you ra=
te-limit responses to individual source IP addresses -- silently discarding=
those that exceed a low number, such as one request per IP address per sec=
ond. Rate-limit functionality is built into many recently-released NTP daem=
ons, including ntpd, but needs to be enabled; it would help with different =
types of attacks than this one.
Fixing open NTP servers is important; with the 456x amplification factor of=
NTP DRDoS attacks -- one 40-byte-long request generates 18252 bytes worth =
of response traffic -- it only takes one machine on an unfiltered 1 Gbps li=
nk to create a 450 Gbps attack!
If you are an ISP, please also look at your network configuration and make =
sure that you do not allow spoofed traffic (that pretends to be from extern=
al IP addresses) to leave the network. Hosts that allow spoofed traffic mak=
e possible this type of attack.
Further reading:
ng-large-scale-ntp-reflection-attacks
