Missy Cramer of Akron was recently searching the Internet for a replacement part for the family’s grill.
When she found it on Amazon.com, she turned the laptop screen toward her husband, Richard, to ask him if it was the right part.
Instead, her husband gave her a strange look and asked what was on the computer screen.
He was referring to a pop-up box saying it was from the FBI. There was a picture of her husband that appeared to have been taken from the computer’s webcam since it mirrored what he was wearing.
The alert said the FBI had detected child pornography on the computer, even including the file name of a folder. It then said she had 72 hours to pay the fine and get a Moneypak or someone would show up at her house.
“I instantly knew it was a scam. If someone had child porn on their computer, the FBI isn’t going to say, ‘Pay this money and we’ll sweep it under the rug,’ ” Missy Cramer said.
Cramer immediately hit the control-alt-delete keys to reboot her computer. When she got back on in half an hour, she saw her webcam light up.
“I turned it against the wall and it took a picture of the wall,” she said.
Cramer was so scared about what the scam might do to her computer or that it might gather personal information that she immediately shut down her computer and hasn’t turned it on in the two months since.
Steven Sundermeier, president of Medina-based Internet security firm ThirtySeven4 LLC, said what the Cramers got on their computer is part of a category called “ransomware,” where the scammers will literally lock up your system so you can’t do anything until you pay their “ransom.”
Called the FBI Moneypak or FBI Virus, the ransomware alleges the infected computer user has been involved in illegal activity (such as downloaded and/or distributed copyrighted material or viewing of child pornography, among the allegations). It demands a penalty of $100 or $200 to be paid by the use of Moneypak cards to unlock the system, according to a post at www.thirtyseven4.com/fbiscam.html.
The link from the Internet security company also includes information on how to manually remove the virus. It’s likely a user needs to print out the instructions from a noninfected computer to better follow the directions.
Another option is to go online to www.thirtyseven4.com and use the free “virus security tools” on the right side to download a program to remove the ransomware. You would have to do this on a computer that isn’t infected and you could save it to a flash drive and then run it from the infected computer, Sundermeier said.
Download the third program listed, called “Rogueware remover.” There’s also a free “online malware scanner” on the company’s site you can use to regularly check for malware.
But remember, these free tools don’t replace the need to have good, up-to-date antivirus protection.
The ransomware goes by other names called Citadel and Reveton. Among the problems the FBI Moneypak can cause are slower computer systems, the software turning off existing antivirus software and obtaining login names and personal information from the computer.
All of this, obviously, is not good.
According to Thirtyseven4, the ransomware usually enters a computer when a user visits a malicious or compromised website.
In the case of the Cramers, Sundermeier said it’s likely that while they thought they were on Amazon’s website, they probably did an Internet search for the grill part they wanted and thought they were going to Amazon.
Sundermeier suggests going directly to trusted websites instead of linking through an Internet search.
Sundermeier also said his company’s analysis from previous samples of the FBI Moneypak ransomware is that the program pulls a profile picture from a user’s social-networking directories to look like its coming on a livecam. When I told Sundermeier of Cramer’s account, he said it’s not impossible that their ransomware did use the webcam.
Cramer did the right thing by turning off the computer and not clicking on any buttons. I also told Cramer of the manual instructions posted by Thirtyseven4 that would allow her to remove the offending software and use her computer again.
Cramer said ransomware is “definitely driven for financial profit.”
Fake email
While it’s a different category of “malware” or malicious software, ThirtySeven4 has also released information about a fake CNN Breaking News email with a subject line: Obama speech to urge ‘refocus’ on economy.
The unsolicited email has a forged email address that makes it look like it was sent directly by CNN and the message contains links that go to malicious websites, Sundermeier said.
A user will be prompted to download a fake Adobe Flash update, which inadvertently installs a Trojan software that will work behind the scenes on the computer to attempt to steal personal and banking information. The Trojan is so named because people often don’t know that something’s wrong and it stays “asleep” until the user goes to a financial or banking website, he said.
“Whether it’s President Barack Obama, Paula Deen or Kate Middleton and Prince William, cybercriminals find their prey by capitalizing on high-profile celebrities and the top news stories surrounding them. Their tactics are alluring and sophisticated, and our guard needs to be up,” Sundermeier said.
Sundermeier said a good anti-virus program is worthwhile and must be up to date in computer scans for the user.
Such a program should be able to stop a user from downloading the fake CNN/Obama item, he said.
Sundermeier said often the malware isn’t designed to be financially profitable to the scammer, but gaining personal information is where someone can try to make money.
Often, a pop-up from a malicious program will say your computer is unprotected and you need to take some action. You can always go directly to the anti-virus software on your computer and see if there are active alerts.
A story I reported before concerned an elderly person caught off guard when a caller claimed to be from Microsoft and said something was wrong with her computer. She ended up letting the caller have remote access to her computer and eventually pop-ups appeared wanting her to buy extra protections.
Microsoft doesn’t call consumers. It’s safe to say no company will call to tell you have a problem with your computer.
I got a call the other day where the caller butchered my name and asked to speak to Mrs. Fee-sher, before telling me he was calling about a problem with my computer. I promptly hung up.
Do not disclose information on any type of call or email or unsolicited message about an alleged problem with your computer or your bank account. Hang up, find a number for the company and call directly or go directly to that company’s website to check it out yourself.
Betty Lin-Fisher can be reached at 330-996-3724 or blinfisher@thebeaconjournal.com. Follow her on Twitter at www.twitter.com/blinfisher and see all her stories at www.ohio.com/betty.