BBB Scam Alert: Watch Out for Malware Disguised as Sudoku Generator
A scam that promises unlimited Sudoku puzzles is extra tempting this time of year as you slowly start to get back into your work groove.
How the Scam Works:
You receive a Microsoft Excel spreadsheet that promises to automatically generate Sudoku puzzles. However, when you open the file and try to create a new puzzle, you get a message that you need to “enable macros” by disabling the software’s security setting.
If you do so, you will allow the malware to run on your computer. It will scan your system and send an email with details about your machine, according to computer security blog Naked Security.
What are Macros?
If you perform a task repeatedly in Microsoft Excel (or another Microsoft Office program), you can speed up your work by automating the task with a macro, a series of commands. However, macros are also a common way for scammers to sneak malware onto your computer.
Back in the 1990s, scammers frequently used this trick until Microsoft set all its software to automatically block macros. This adjustment forced scammers to abandon this technique and find new ways of fooling users. With this new malware, scammers hope that today’s Excel users have forgotten all about macros.
My File is Asking me to Enable Macros. Is This a Scam?
It can be hard to know when to allow macros in your Microsoft files. Follow these tips to ensure you don’t accidentally allow a virus to run on your computer.
- Whenever you open an Excel workbook that contains macros, you can verify their source before you enable them. Just look for the digital signature, an electronic stamp of authenticity.See Microsoft’s page on macro security for more information.
- Set your macro security level to control what happens when you open a workbook that contains a macro. You can choose to run macros based on whether they are digitally signed by a developer on your list of trusted sources. (To find this setting, go to the Tools menu, Macrosubmenu. Then, click the “Security Level” tab in the “Security” dialog box).
- Watch out for macros in other Microsoft software. This scam involves Excel, but if this technique works, scammers will produce similar tricks using Power Point and Word Documents.
For More Information
Learn more about macros on Microsoft’s support website.
New Phishing Scam Hurts Small Businesses
When a small plumbing company in Monroe, Louisiana, got an email yesterday from BBB saying they’d had a complaint filed against them, they took it seriously. After all, the company is a BBB Accredited Business and the owner serves on the board of directors of BBB of Northeast Louisiana. What they got, however, was much worse than a complaint from an unhappy customer. The email was a fake, a phishing scam that downloaded viruses on two of the small business’s computers, which had to be wiped clean in order to get rid of the malware infection. Fortunately for the plumbing company, the virus hadn’t had a chance to steal any banking information.
Unfortunately, small businesses and consumers across the country are falling victim to the latest phishing scam that exploits BBB’s trusted name. The campaign that started yesterday was the second biggest phishing scam in the country on Wednesday, according to the University of Alabama at Birmingham’s Spam Data Mine, one of the nation’s foremost computer forensics labs. SDM is assisting the Council of Better Business Bureaus in tracking phishing scams that use the BBB name.
The phishing emails – the fifth wave since Thanksgiving that uses the BBB’s name – uses BBB’s name and logo in an attempt to look like a notice of a newly filed complaint. The latest round includes a ZIP attachment, but that has not always been the case. Whether by an attachment or a link, the phishing emails attempt to trick the recipient into clicking and opening the “complaint,” which downloads malware onto their computer. The malware is designed to infect the computer and look for information such as bank account numbers and passwords in order to steal money from the recipients’ accounts.
If you receive an email that looks like it is about a BBB complaint:
- Do NOT click on any links or attachments.
- Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
- Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
- Hover your mouse over links without clicking to see if the address is truly from bbb.org.
- Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
- Run anti-virus software updates frequently and do a full system scan.
- If you are not certain whether the complaint is legitimate, contact your local BBB (www.bbb.org/find).
- Forward the email to firstname.lastname@example.org so that our security team can track the perpetrators. If you receive a “bounce” message, there is no need to resubmit.
BBB also recommends that all businesses take steps to secure their data and the information they’ve collected on their customers. BBB’s “Data Security – Made Simpler” is available free-of-charge at www.bbb.org/data-security.
Take This ID Theft Quiz for National Consumer Protection Week
One thing everybody should be celebrating is our 14th annual National Consumer Protection Week! Running through March 10, this holiday will shine a national spotlight on consumer safety in the U.S.
I thought it would be fun to take a little quiz on identity theft from the Privacy Rights Clearinghouse: Answer to see what your risk is. I myself scored 45—not bad, but I could do better.
___ I receive several offers of pre-approved credit every week. (5 points)
___ I do not shred the pre-approved credit offers I receive (cross-cut shredder preferred) before putting them in the trash. (5 points)
___ I carry my Social Security card in my wallet. (10 points)
___ I use a computer and do not have up-to-date anti-virus, anti-spyware, and firewall protection. (10 points)
___ I do not believe someone would break into my house to steal my personal information. (10 points)
___ I have not ordered a copy of my credit reports for at least 2 years. (20 points)
___ I use an unlocked, open box at work or at my home to drop off my outgoing mail. (10 points)
___ I do not have a P.O. Box or a locked, secured mailbox. (5 points)
___ I carry my military ID in my wallet at all times. (It may display my SSN.) (10 points)
___ I do not shred my banking and credit information, using a cross-cut “confetti” shredder, when I throw it in the trash. (10 points)
___ I throw away old credit and debit cards without shredding or cutting them up. (5 points)
___ I use an ATM machine and do not examine it for signs of tampering. (5 points)
___ I provide my Social Security number (SSN) whenever asked, without asking why it is needed and how it will be safeguarded. (10 points)
___ Add 5 points if you provide it orally without checking to see who might be listening nearby.
___ I respond to unsolicited email messages that appear to be from my bank or credit card company. (10 points)
___ I leave my purse or wallet in my car. (10 points)
___ I have my driver’s license number and/or SSN printed on my personal checks. (10 points)
___ I carry my Medicare card in my wallet at all times. (It displays my SSN.) (10 points)
___ I do not believe that people would root around in my trash looking for credit or financial information or for documents containing my SSN. (10 points)
___ I do not verify that all financial (credit card, debit card, checking) statements are accurate monthly. (10 points)
Ok, now tally up your points. Guess what? Each one of these questions represents a possible avenue for an identity thief. How did you do?
- 100 + points – Recent surveys* indicate that 8-9 million people are victims of ID theft each year. You are at high risk. We recommend you purchase a cross-cut paper shredder, become more security-aware in document handling, and start to question why people need your personal data.
- 50-99 points – Your odds of being victimized are about average.
- 0-49 points – Congratulations. You have a high “IQ.” Keep up the good work and don’t let your guard down now.
Remember, you cannot prevent identity theft. Criminals can commit identity theft relatively easily, but you can reduce your risk of fraud. One of the best things you can do is to check your 3 credit reports at least once a year. If you are a victim of identity theft, you will catch it early by checking your credit reports regularly. Your annual free credit reports are available from (877) 322-8228 or at www.annualcreditreport.com.
Over thirty different agencies are participating in providing great information for consumers this week, including the BBB, so check out National Consumer Protection Week information. Also, sign up for a daily tip from the BBB!