Microsoft Sues Company For Allegedly Providing Phony Tech Support

Have you ever received a call from a mysterious person claiming to represent a legitimate company? The person then proceeds to ask you for payment information for some bogus good or service he is providing after some social engineering to convince you of his legitimacy. Many years ago, I received a call claiming to be from the company I had purchased a computer from within the past 1-2 years. Within approximately 1 minute, I was being asked for my credit card number Continue reading Microsoft Sues Company For Allegedly Providing Phony Tech Support

Over 100,000 WordPress Sites Compromised by Malware

Over 100,000 WordPress sites have been compromised by malware called SoakSoak. According to security company Sucuri, the compromise occurred via a plugin called RevSlider. The developers of the plugin have been criticized for making automatic updates difficult.

According to Gizmodo, the malware only affects self-hosted sites; not sites hosted on WordPress.com. Furthermore, WordPress itself is not affected, so you shouldn’t be vulnerable just because you’re using WordPress; you had to have used a vulnerable version of the RevSlider plugin. If you think you might have been affected though, Sucuri provides some technical details here. Its instructions, however, could have been clearer. For example, they tell you to “remove all backdooors [sic],” but don’t provide any specific instructions on how to remove these backdoors. An article in The Guardian hints that one such backdoor may consist of new administrator users.

Protecting Yourself Against Fake Order Confirmation E-mails

Brian Krebs has written a new post warning about the dangers of fake order confirmation e-mails. 2 of the screenshots in the post show examples of fake order confirmation e-mails from Home Depot and Walmart, respectively. I don’t know with absolute certainty the dates the e-mails in these screenshots were sent, but because both e-mails mentioned Thanksgiving and have a copyright date of (or ending in) 2014, they are likely to be recent.

Nevertheless, Krebs is correct in referring to this type of e-mail as a “perennial scourge.” A quick Google search reveals similar scams going back as far as 2004, though the DSLReports scam does not seem to explicitly mention the holidays. Here’s another example in 2012 that probably linked to a phishing website. Here’s a third example Continue reading Protecting Yourself Against Fake Order Confirmation E-mails