AUO365.fw

Ransom-ware scammers targeting AU Office 365 and Outlook.com Users

There seems to be a group of people targeting people using the Outlook.com and Office 365 platform. They are sending spoofed messages that are appearing to be coming from Microsoft to people on these services that appear as invoices. When you open up the documents they run code in the background that lets your run-of-the-mill ransomware launch to encrypt your documents.

This is not a flaw in these systems, just people that are being clever to bypass the filtering and target uninformed users. This is a fairly standard practice but it is becoming widespread on these platforms, primarily in Austraila right now.

I took the quote from the original article below but do note that this is not what anyone or myself would call “zero-day”. It is a standard practice for scammers to send out these to people in hopes that they will open them. It is just that in this case, they are targeting users on these specific platforms right now. Any user with an email address can receive these emails.

The ideal thing is to make sure you have working backups BEFORE you need them. This means local backups AND offsite. I personally have a small file server that I backup to and I also use a Cloud Backup service as well to offsite my important data. If you need help getting some sort of backup plan in place for your home or business please contact myself or your local IT person.

Original Article: News.Com.AU

Discovered by leading cyber security company Check Point, the particularly vicious “Zero-day” malware has widely spread across Office 365 — including Word, Excel, PowerPoint, Outlook and other applications.

 

Security analyst Raymond Schippers said cyber criminals were catching unsuspecting victims by asking them to open an invoice sent by email.

 

“The email sent to Office 365 users via Outlook gives the appearance of an invoice in the form of an Office document,” he told news.com.au

 

“When they go to open it, a message will appear telling people the document was created with a previous version of the software, so they will need to click something to enable the content.

 

“Users should not click the message as it will open up the ransomware, which will collect all of their files before asking for a payment to get them unlocked.”

 

 

If you see this message, close the document immediately.
If you see this message, close the document immediately.

Mr Schippers said the cyber criminals would ask for a couple of hundred Australian dollars to be paid, but under no circumstances should people comply.

 

“We are advising users to close the document and delete the email if they have opened it,” he said.

 

“If the message has been clicked and the ransomware installed, people should restore their computers from an available backup.”

 

Of course, Mr Schippers said this should be the last case scenario and reminded people that prevention was the best protection.

 

“People should ensure they keep regular backups of their computers, which should be stored offline. They should install a variety of protections types and should be more wary of suspicious content.”

OBICover.fw

How to fix OBI 100 and OBI 110 Not Connecting to Google Voice

Why Isn’t My Google Voice Ringing?

This is what I was wondering earlier today when I noticed that calls were not ringing in and when I went to make a call I was greeted with an error message from the OBI100. After looking into it and logging into the OBI portal they wanted me to pay $10 for support to update the device to the latest firmware and setup my Google Voice again. I decided to look online and found that they had the firmware available publically and if you follow the steps below your service will start working again.

I think it is crazy that they want to charge you $10 for “priority support” just to do something that they offer for free on their site and support forums. I am willing to bet that some unsuspecting people have paid the fee and not realized that it can be fixed easily on their own.

This was broken because Google forced everyone to switch to OAUTH 2.0 and this broke the old Google Voice system that the older firmware used.


Step 1

Download this firmware for the OBI100/OBI110 and install it. If you do not know how to install the firmware please see below for instructions.

 

Then Reboot.


Step 2

In the OBITalk Portal, delete the device and set it up again as a new device.

Run through the Google Voice setup again and it will start working again!

NOTE – It may take 4-5 minutes for the OBI to get the new settings but just be patient.


How to Update the Firmware

If you don’t know how to install the firmware:

Dial * * * 1

It will give  you the IP Address:  192.168.XXX.XXX   (example 192.168.1.27 )

In your browser, enter the IP Address as the URL.

User Name: admin
password: admin

 

On the left side, navigate to SYSTEM MANAGEMENT

Click DEVICE UPDATE

At the top where it says “Firmware Update – Select file to update firmware [BROWSE] ….”

Click BROWSE and add the file.  Then click UPLOAD

OBI100/110 Update Screen
OBI100/110 Update Screen

Once it reboots its done.

Go back to Step 2 to continue.

Thanks for reading and enjoy this fix!

LGG5Post1.fw

Verizon LG G5 Issues – “Like-New” Devices, More like Russian Roulette

UPDATE (6/10/16)

After digging around it looks like I am not the only person having issues with this device. There is an entire section of Reddit’s LG G5 forum that are having problems to the point of them making a survey for people to fill out.

Unofficial LG G5 Issue Report
Results from the Survey

Opening/Background

In March, I pre-ordered the LG G5 and received it on March 31st, 2016. I setup the phone as normal and used it as my main line. After about 2 weeks I started noticing that the signal would tend to drop down to 1X and/or 3G mode quite frequently. I also happen to carry an LG G4 that is for my work line with me so whenever this happened I would compare the signal type and strength of the devices. Every time when the LG G5 fell back to 1x or 3G my LG G4 had a 2-3 bar LTE signal.

Begin the Russian Roulette of “Like-New” phones!

Phone 1  – Original New LG G5

Replacement #1
Replacement #1

I called Verizon about the issue and they immediately cited that I had over 90 applications installed on the phone and that was the issue. They told me that I needed to factory reset the device and then see if that fixed the issue, it didn’t. The signal issue persisted. The Verizon tech even had me do a low-level software reset with my PC before they would go forward. It took me over 3 hours on the phone and a total of 5 phone calls to get this device replaced and numerous resets. This went on until May 5th, 2016 when I was finally able to get Verizon to send me a replacement. Add on 2-3 hours to get my apps loaded on the failing device so I could still use it and then again on the new device.

 


Phone 2 – “Like-New” Replacement

Replacement #2
Replacement #2

Fast forward to around May 15th when I started using my GPS for directions more I noticed that the phone would not get a signal from the GPS reliably. Again I pulled out my LG G4 and it immediately got a lock. Repeat the same steps, except this time I made a backup of the phone with the LG Backup and set it to factory defaults. I called in and got the same runaround. I explained that it is doing this without any application installed but they still made me reset it AGAIN and then demonstrate it to them. This took another 3-4 hours between reinstalling my applications and 3 phone calls. The replacement phone was approved and sent out on May 31st, 2016.

I am not the only person that has this issue either: https://www.youtube.com/watch?v=Wb28Z-bd5dk

 


Phone 3 – “Like-New” Replacement

Replacement #3
Replacement #3

Immediately when receiving the 3rd phone it was malfunctioning (rebooting during the setup phase) out of the box and I ended up having to do a factory reset. This seemed to work so I figured it was fine, I was wrong. The phone has been restarting at random the entire time. I even ran it for 2 days without anything on it but the stock applications and it still reset. I put my apps back on and then dealt with it for a few more days. Unfortunately, the restarts are getting more common and happening at the worst times (like when trying to pay with my phone at a store).

 

LG G5 Phone 3 - Display Corruption
LG G5 Phone 3 – Display Corruption

I called Verizon today about the issues and explained that this is the 3rd device and I am getting tired of dealing with them failing. I explained the troubleshooting steps that I had taken already to verify that it was not any applications I have installed. It didn’t matter, the rep yet again blamed the applications and required me to do a reset. I did this and of course, the phone didn’t lock up that time. I explained to her that it is random and it may not do it again, she couldn’t do anything and transferred me to the “LG Support” department. I spent 25 minutes on hold until I was offered to have them call me back, I entered the other line I have for the callback number. 5 hours later still no call from that department.

 

I decided to send out some tweets to Verizon Customer Support and a rep got in touch with me. Doesn’t matter that I have a picture of the crash taken with my other phone I got the same runaround. In addition to that, they told me that other than leaving them or buying another phone (outright or extending my contract) my only option was to keep swapping them out. After arguing with the rep for about an hour and resetting the phone AGAIN it finally happened, it crashed during the setup process. They approved the replacement and it won’t be here until Monday.

Concerns, Thoughts, and App List

At the end of the day, I am having to go out of town with a non-functioning device that I usually would rely on to make calls in emergency situations and navigate when I am in an area I am not familiar with. In addition to that, I will have to spend another 2-3 hours getting the replacement phone setup with my applications and accounts yet again. Even worse, I now am stuck with a string of refurbished devices when not even 3 months ago I purchased a new phone. Their support literally just follows the “blame the apps approach” no matter the issue.

I have completely zero faith that the replacement device will have no issues and that I will be stuck dealing with this asinine process yet again. They would not give me a new device despite all the issues with the refurbished ones, they did offer to “upgrade” me to a Droid Turbo or a Droid MAXX for “free” if I send back the LG G5, I am just insulted. I am honestly ready to just go out, buy an unlocked phone, and move to a BYOD carrier like StraightTalk after all this.

Verizon also does not follow their “Like-New” guidelines since all the phones I received from them did NOT have the latest OTA software installed and required a patch shortly after taking them out of the box. I am also not the only person who has had issues with these devices: Verizon Wireless: Our ‘Recertified’-Used Phone Replacements Are Better Than Factory Fresh Phones

Just for the record here is a list of all the applications on my phone:

List made using List My Apps

Cover2.fw_

IRS Scam Calls – Recordings and Details

A few months ago when it was tax season I was getting calls almost every week from these scammers claiming to be from the IRS. They leave a very threatening voicemail if you do not pick up the call. Here is the transcript and a copy of the voicemail their call system left.

The numbers they have called me from are:

  • 202-864-1255
  • 202-599-9525
  • 202-864-1320
  • 202-864-1181
  • 202-241-6439
  • 202-506-9166
  • 202-370-7654
  • 202-657-6504
  • 240-342-3341
  • 415-251-3754
  • 803-335-2833
  • 860-281-7627
  • 972-619-4706
  • 202 378-4907
  • 228-357-9084
  • 717-816-4385
  • 208-269-8331
  • 619-924-0154
  • 562-902-5205
  • 904-563-2374
  • 844-395-7947
  • 813-262-0170
  • 202-297-1425
  • 251-581-4832
  • 305-587-2983
  • 786-650-0448
  • 646-564-9359
  • 509-233-4061
  • 202-864-0212
  • 206-823-3369
  • 213 289-3855
  • 559 650-0052
  • 202 831-1038
  • 702 582-4145
  • 206 973-3241
  • 346 204-8362
  • 254 433-5137
  • 202 864-1122

Voicemail Transcript

Voicemail Recording

 

Fear and Threat Tactics

I decided to call them back and record the calls when I could (my recorder app was having issues).

Every time I called they answered stating they were with some government agency and they all sounded Indian.

They then asked about if you have an attorney and read you from a script that threatens you with legal action and even sending police to your house.

Surprisingly they had my home address and read it to me as well as my name. It was a little creepy but that’s not hard to get, to be honest.

They told me various amounts that I owed after threatening me with police and legal action. I am going to assume that at some point if I hadn’t have pissed them off they would have given me info on how to do a wire transfer to them.

Call Recordings

Here are some actual call recordings and even one “call center agent” that was really honest. It actually made me a little sad hearing him to be honest.


Full Call – Many Threats They Hung Up


Full Scammer Call – Threats and Anger


Call Center Guy – “It’s Just Another Job”


Tips for dealing with IRS Scam Calls

— The criminals use fake names and IRS badge numbers and have often researched the background of their potential victim. They may, for example, know the last four digits of your Social Security number. Such information proves nothing.

— Scammers may also “spoof” the IRS toll-free number, making it seem to the victim as if the call is coming from the government.

— The callers may also fake background noise to make it seem as if the call is coming from a large-scale call center. It’s not.

— If you have questions about your taxes, call the IRS at 1-800-829-1040. IRS staffers can help. You can also fill out the “IRS Impersonation Scam” form at tigta.gov, or call the Treasury Department inspector general’s line at 1-800-366-4484. Anyone receiving a scam email can forward it tophishing@irs.gov.

Cover2.fw

TeamViewer Confirms That “Significant” Amount of User Accounts Were Breached

I posted last week that there was a suspected breach with TeamViewer. They have confirmed it. Please see the ArsTechnica article below, however they are still blaming the users.

Source: http://arstechnica.com/security/2016/06/teamviewer-says-theres-no-evidence-of-2fa-bypass-in-mass-account-hack/

Excerpt:

On Sunday, TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was “significant,” but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.

FULL ARTICLE