Microsoft hacking scam - how do you decide
What can you do if you get scammed by Microsoft?
- Uninstall applications that scammers asked to be install. ...
- Run a full scan with Microsoft Defender Antivirus to remove any malware. ...
- Change passwords.
- Call your credit card provider to reverse the charges, if you have already paid.
It's 2021, and like every year before, it seems like scammers are becoming more common. So in this article I'm going to go over a bunch of different scams that are either brand new that I've really never heard of, or at least they're getting more and more common, even if they're not exactly new, so you'll still have to go up this year So let's start with what is known as the car wrap scam. Either you see a job posting, or maybe even an email or an ad for something that claims you can pay you to just drive around in your car.
And the idea is you reply to that ad and they say, 'Yeah, all you have to do is put an advertising logo on your car, drive around like you normally would, and we'll pay you several hundred dollars a week for it. Usually, if you accept that, they will send you a check that is a counterfeit check for a few thousand dollars. It is cashed in at the bank before they realize it's rough.
But in the meantime they are going to tell you, 'Oh, use that money and go to our supplier who specializes in car wrapping and just give him the money and pay him and he will take care of it.' I'm going to tell you to do this in a way that isn't really reversible, like a wire transfer or money order, something like that. At some point, probably not long after you've made that payment to the so-called specialist who is simply part of the fraud, then after a few days the bank will find out that the check is fraudulent.
And then the money is withdrawn from your account because it should never have been deposited was deposited from the check and the money you sent to the scammer. So you've lost everything. So this is just another variation on counterfeit check scams.
Always be careful of any company that says we'll send you a check and you will go and use that to buy something. It's kind of sketchy. Okay, next we have what is called the family.
You may have heard of this. These have been around for a while, but they seem to be getting more and more common. On this call, you get a phone call claiming to be a relative of yours and it is an emergency where you need to give them money.
This is often like they are out of town on vacation and have just been arrested. For example, they need money on bail targets the elderly and then they pretend to be grandchildren. And they'll say, 'Oh Grandpa, Grandma, I'm in jail.
I need a deposit, 'whatever. And then they'll say something like, 'Please don't tell mom and dad. You will be so mad.
Please send the money over now and I'll sort it out and tell you. 'And the idea is to get them to send the money before you approve.' this story with anyone to find out if that person is out of town at all.
So they are trying to get you to send the money urgently for whatever reason. It's always very urgent. They need the money now.
Maybe the hearing is tomorrow and they need the money for a lawyer, or they need to get out of jail now because I don't know there are scary people in jail, that sort of thing. And these scammers are smarter than You may think so. I saw a post where someone asked why they sound different.
They say, 'You don't sound like my grandson.' And they said, 'Oh, well, I broke my nose when I was arrested and that's why I sound different. So if you ever get a call from someone, even someone you know, who claims they need money right away and you need to transfer the money or do something similar, it is best not to answer a call from a number first who you don't know but at least somehow check history and know this is a scam.
So if you get a call from someone who needs a deposit it is likely a scam. Okay, keep it up, the next scam is fake phone calls from people claiming to be Apple or Amazon Support lly a variation on the fake order confirmation scams you may have heard of in the past. Usually this has been an email until now.
They send you a fake order confirmation and tell you to cancel that order, go in here. And it's a phishing thing. Well, that's different.
They actually call you and do a robocall, and they might say something like, 'This is Amazon support and this is warning you of an unauthorized purchase of a thousand dollar iPhone. Press one to speak to customer service to cancel. 'And of course, if you answer the phone and say,' Oh, I didn't order this, 'press one, you're talking to a scammer, and then they'll usually ask for your credentials.
You're trying to get your bank account number to say, 'Oh, to cancel this we need your original credit card details' or something like that a scam, and in fact the FTC has a couple of sample audio clips, I'm going to play one now to get an idea of what that might sound like.A An unauthorized purchase of an iPhone XR 64 gigabytes for $ 749 is ordered through your Amazon account. To cancel your order or to connect with one of our account managers, please press one or just stay on the line.
That's just one example for Amazon. But apparently Apple is another one that scammers use. They call you again with some sort of robocall and say something like unauthorized access to your iCloud account.
Hit one again, or speak to customer service, or call that number to access customer service, and then you go and connect with a scammer, so if you get any of those calls, never call the number that is they tell you, only if you are really unsure then go to Amazon or Apple's official website and contact them using the official number listed on the website, not a number that gives you a phone call as it is a fake could. As a side note, if you ever get a robocall from this type of scam or another, never hit numbers on the phone. Just hang up immediately.
Because when they hear you press the number they now know it is a live work number and then it can be added to a list and you get more and more spam calls it is best just not to answer when Don't realize it and immediately hang up if you discover it is a scam. All right now the next type of scam is the overpaid utility bill scam kind of phone call, usually a robocall, maybe a voicemail that says, 'Hey, you overpaid your last utility bill' or whatever. 'And you are entitled to a cash refund.
All you have to do is. to press or call that number to speak to customer service. 'It may not be a cash refund.
You may say, 'Oh, well, confirm and we'll give you a discount on your next bill.' Something like that. Of course, when you press one or connect with this customer service who is actually the scammer, then there will usually be some kind of confirmation for the payment in the form of your bank account number where you have to deposit the money.
We need to know where to deposit the money or something like that, your personal information, which they use to steal your identity, anything they can pick up from you - and even in the best case, it isn't you Thief trying to steal your money it is at best like a really sketchy marketing firm trying to get you to switch to their crap provider and they are basically still there lying. So you don't even want to interact with them. You are still using sketchy, lying marketing tactics.
So it's either a scam or someone you don't want to have anything to do with anyway, we're in fifth place. We have what is known as parcel waiting fraud. And what's new about it is that they are actually text messaging, while previously it's some kind of fake order confirmation email you get like I mentioned before but now you can start getting text messages and know them maybe even your first name or something from data brokers and the like.
And they'll say, 'Oh, you've got a package from USPS or from Amazon waiting. Click on this link to learn more and how to 'receive' something like that. But when you then click the link, you will be taken to a sign-up page for likely Amazon or whatever website they claim they came from.
But of course it's a phishing site and they will instantly steal your login information and then use it to order from your real account and then collect your money that way. But again, if you get one of these never click the scam link and you are curious what the website is going to be like, don't because they definitely have trackers for those links to know who is on the links clicks and who doesn't. And then you'll start getting even more text message spam because they know you have a job number.
So just don't do it. Alright, next we have a whole category of scams commonly known as income scams. And these have gotten so much more common over the past year that even the FTC has launched a new campaign to raise awareness called Operation Income Illusion to let people know that these scams are becoming more common.
These scams come in all shapes and sizes. In fact, the car wrap scan we talked about at the beginning was basically a form of it. But usually you will see some kind of job posting or maybe an ad on social media.
You may even get an email. And basically it will say, oh, work from home and you will be making tons of money in a short amount of time. And it's basically going to be something that's just too much, it's good to be true.
And regardless of the excuse they use to get your attention, there are several ways they can take your money. You can do the fake check scam again and say, 'Oh, you are for this job' You have to go out and buy a printer or something from our supplier y it's an investment opportunity or a business opportunity, 'Oh, you will be your own business and you'll use our best business method, 'something like that. And of course you have to invest your money, but you will never get any of it.
But usually the common thread is that you need to somehow invest your own money upfront. And then of course they will instantly disappear several times, it's like a fake check fraud. So you will be hiding the fact that you are using your own money, but in reality it is you.
Or maybe it's like some kind of tiered marketing where you have to buy the product before you sell it. But with all of these you can just ask, wait a minute when they say they are going to refund me for buying this thing, why don't you? If they don't just buy it themselves? And that's obviously because it's a scam. Well, next, the next category of scams is Coronavirus Relief and Stimulation.
Basically, given the upcoming tax season, there are scammers in the USA and the discussion about incentive laws offer many opportunities for fraudsters to take advantage of and defraud people. A common tactic is for scammers to contact you in a variety of ways, whether it's an email, a text message, a phone call, whatever, and they will say, hey, you are now entitled to congratulations on your Get stimulus check of $ 2,000 whatever. And all you have to do to claim it is XYZ after which they can steal your money or personal information in various ways.
For example, they might say, “Hey, your coronavirus check is ready. We only need your bank details to deposit it. Maybe your bank account number or your bank login. 'And then of course they go in and drain it if they can.
Or they'll contact you and say, 'Hey, to even get that coronavirus check, you have to log in to be at all.' You're not signed in. And then of course they'll give you a link to a website that's either going to steal your information and use it to steal your identity, or in turn they could steal your bank login, such things.
If you're curious about whether you're eligible to receive any type of stimulus or when, it's always best to stick to official news sources. I think there are a lot of news outlets that are official for your local or national news and they tell you and describe who is eligible, if you have to sign up at all, I don't think you really have to, and you do Don't have to rely on those sketchy emails coming in and you don't know who they are from. Okay, now we're going to talk about the last type of new scam that is vaccine-linked cams.
I'm not talking about the vaccine itself, of course, being a scam, but the FBI and state and local governments have said that scammers use the vaccine as an excuse to trick people into cheating on them in various ways. And you can Get in touch with these scammers in a number of different ways an ad on social media. You may get another text message, an email we were talking about.
And then when you click the link or reply to the ad, they'll likely try to do, for example, get you to enter a whole bunch of personal information, such as: B. 'Hey, to sign up for the vaccine listing, you need to give us all of your information, social security number, bank details for payment' or something like that. Or you could say, 'Oh, you need to enter your credit card number to claim the processing fee Another example I've heard is that you might be trying to say, “Hey, if you just pay us a fee, we can get you the vaccine first.
That is also a scam. There is no way to pay to get to the head of the line an official way to sign up for the coronavirus vaccine. So always go to your state or local government official website and look for information on how to do this t.
Don't sign up by clicking on social media links or unsolicited emails you receive but be aware that this is a scam so you can just check that you have received an email and check that it is from an official source. And again, you can always just go to the official website and not click any links if you want to be sure. Hopefully you are now better prepared for these scams that I mentioned that are more common now. or you can spot similar scams, say, hey, this sounds a lot like other scams.
It could just be a variation of that. And you can be better prepared in the future. If you want to keep watching, I would recommend checking out last year's article about new scams in 2020.
These scams haven't stopped. You haven't disappeared. So you can be even better prepared by checking this out.
You can just click on it there. Thanks for watching guys, and see you in the next article.
What is the Microsoft hack?
On March 2, 2021 Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. ... On the same day, Microsoft announced they suspected the attacks were carried out by a previously unidentified Chinese hacking group they dubbed Hafnium.6 mei 2021
Ah, here it goes again. Another day and another hack, and this time it's Microsoft. So the story goes like this.
A group of hackers from China, Microsoft called Hafnium, took advantage of several zero-day vulnerabilities that have existed in the Exchange server's code base since 2010. China or not, experts find out who is behind an attack. First, the malware itself has tell-tale signs that lead you back to the author, such as encryption methods for obfuscated blocks of code; the compiler left clues like unicode, strings, and then there are tactics, techniques, procedures, or what is known as TTP.
Anyway, if you didn't know, Microsoft Exchange Server is Microsoft's email, calendar, contact, planning and collaboration platform. It is deployed on the Windows Server operating system by medium and large companies around the world. A zero-day vulnerability is a software vulnerability that a vendor or developer was not aware of.
The zero refers to the number of days a vendor was aware of the problem. Microsoft Exchange has a huge customer base and these exploits appear to have been attempted by around a dozen different groups. Let's talk about what happened, who did it, why it matters, and what it means to cybersecurity or IT professionals in this article.
Let's go. Hello. My name is Afaq.
Hope you are fine .Hope your stock portfolio is better off than mine. I hate to say it, but we've been here before.
In April 2020 or less than a year ago, DHS CISA warned Microsoft that hackers were targeting a critical vulnerability in Exchange servers aim and most of these errors have not yet been resolved. Whenever a new story surprises us, we should put the events that led to it into one Here's What We Know About the Microsoft Exchange Server Hack. Earlier last week, Microsoft announced that a China-based group called Hafnium had launched cyberattacks against businesses by exploiting four zero-day vulnerabilities on-premise with versions of its Exchange Server software similar to SolarWinds.
Microsoft also sells one hosted Version of the Exchange server called Exchange Online and the cloud-hosted Office 365 e-mail solution Cloud and managed by a major technology provider remains the safest choice, more on that later. According to Microsoft, the attacks will be carried out in three steps. First, the group can gain access to an Exchange server by either using stolen account information or by using the zero-day vulnerability to impersonate someone who should have access.
Second, the group can remotely control the compromised server by creating a web shell, malicious code that gives attackers remote administrative access. A web shell is a malicious script created by an attacker that allows them to escalate and maintain permanent access to an already compromised application. Third, the group uses remote access to steal data from an organization on-network.
So what is the main target that hackers are pursuing here? Data exfiltration. One of the largest Exchange server installation bases exists in the healthcare and IT industries. According to Microsoft, the main goal of hafnium is to exfiltrate information such as infectious diseases and target law firms, higher education institutions, defense companies, political think tanks and non-governmental organizations.
These are known targets when a nation-state actor is involved. While the Hafnium group is based in China, the group apparently apparently runs its malicious operations mostly through rented virtual servers in the US, again something we have already seen at SolarWinds. This hack against Microsoft Exchange is 1,000 times more devastating than the SolarWinds attack because hafnium was targeting small and medium-sized businesses as SMBs do not have the skills to do a security post.
Here is a linear timeline of how events have developed The first week of January in January 2021, VOLEXITY and DEVCORE warn Microsoft about the discovery of the exploits. On February 18, Microsoft confirmed with DEVCORE March 9 as the target date for the publication of the security patches. Around February 26th, the targeted exploitation turns into a global mass scan, in which attackers quickly start backdoors on vulnerable servers.
In response to this escalation, Microsoft releases the patch a week earlier on March 2nd. As of March 5, tens of thousands of US-based Exchange servers and hundreds of thousands of servers worldwide have been behind the door, the number of casualties, but it's definitely more than a quarter of a million. Nobody knows how the number of attacker groups grew so quickly, but a plausible explanation is that as soon as Hafnium found out about the upcoming patch and they shared the exploit with other groups, it would be that there is a common exploit seller and the exploit or maybe the price of the exploit fell earlier this year.
The underground one-time market patches were imminent and other groups piled up. These are the six groups of hackers who exploited the vulnerability during the zero-day period. Hafnium, Tick, LuckyMouse, Calypso, Websiic and Winnti.
Now let's talk about the steps you can take to protect your organization. Make it a priority if your Exchange server is accessible from the Internet. If your Exchange installation base has NOT been protected by backdoors, you can check this out by running the script provided by microsoft, the script will look for the IOCs in the exchange server logs then you can go ahead with patching and that will take care of that for now.
If your Exchange server has been protected by backdoors, you may have to rebuild your Exchange server deployment from scratch with the backups of compromised accounts, reset all passwords and secrets. If you can't patch your Exchange server, block internet access to it or limit access to it by blocking untrusted connections or the servers behind your VPN. What else can you do? Well, consider either online on Switching a hosted Exchange server or switching to Office 365.
This attack would have been devastating if it had happened in 2010. At the time, the Microsoft Exchange server had over 70% market share and no Office 365 was available. Fast forward to today and roughly 60% of Microsoft's email customers have already switched to Office 365 and some to Gmail for business.
Anyway, where does it go from now on. Number one. It can be assumed that for-profit cybercriminals will pounce on the victims by using the ransomware en masse.
Number two. The compromised Exchange servers will serve as a virtual door to the rest of the victim's network. Number three, this appears to be the first working public proof-of-concept exploit for the ProxyLogon bug, although Microsoft has been trying in the past few days to disable exploits published on GitHub.
ProxyLogon is the name g name Applied to the Microsoft CVE , a vulnerability that could allow an attacker to bypass authentication and pretend to be a user. By examining the differences or differences between a pre-patch binary and a post-patch binary, researchers could determine exactly what changes were made were. They used these changes to reverse engineer the original vulnerability and create the proof-of-concept exploit.
Number four And finally, the Biden government now has a really difficult political problem. The SolarWinds hack was significant, but far more organizations will be affected. The SolarWinds hackers went quiet the whole time.
Targeted at common government goals and never switched to a looting model, the Exchange attack shows a complete disregard for possible ramifications on behalf of those responses. There is no reason why an attacker with access to a zero-day should not just take advantage of every possible target knowing that the attack is about to be depreciated, we don't know how to make that calculation but hopefully we can find out somehow, thanks for watching the article, hope you found it helpful, I'd love to hear your thoughts and will see you again here on monday and friday sometimes on wednesday. We'll see each other soon.
Are calls from Microsoft a scam?
Microsoft does not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to provide technical support to fix your computer.
When it comes to fraudulent call centers, India is number one. Right now I'm sitting in front of a fraudulent call center that makes over $ 300,000 a year. Yes.
Probably not the smartest thing for me to film here. But we do it anyway. That's how I roll.
But what's worse than stealing all that money from foreigners is with every single scam that's named. They are destroying India's reputation around the world. So let's take revenge.
Let's call and destroy these scammers and then let's expose the owner of this call center. Let's give her a call and have fun with him. Before we call you on how the scam works, they place advertisements on websites telling you you have a virus.
You need to call them to fix the problem. Then they try to bill you for four hundred dollars or more, but they don't fix anything. There is no virus on your computer.
It's a total scam. So they are mostly targeting older, more computer illiterate people and making a ton of money doing it. How sad is that Addressing old people like that.
That's what they do. So let's call them and yes, listen to the lies and let's destroy them. Let's give these guys a call.
My name is victor How can I help? Hello, who is this? This is Victor. How can I help you. Karl: Oh, is that Microsoft technical support? Cheater: Yes sir.
Karl: Okay, good. So i was on a website and got a pop up and it said i need to call you right away. Scammers: All right, no problem.
For sure. Do not worry. You will be given the toll-free number to call from on your phone.
Karl: Exactly, I'm really worried about 65 and this is a new computer. What happened? Why does it say there is a virus but that is Microsoft USA, right? Cheater: YeahKarl: Where are you based? Scammers: We're in California. Karl: Okay, good.
So what details do you need? Impostor: Sir, not until the fall, please tell me your name. Karl: Roger Betrüger: Now tell me what you did on your computer and what the master view has? Karl: I've only done a few things. Do I have to tell you? Scammers: Yes Karl: I went to a dating website and watched a movie.
That's okay, right. It's not illegal. What happened to the computer Scammers: So maybe you get a popup on the internet website because on most of the social website and the pornographic website the viruses are then on the computer system and that's why you then infected the computer security server.
That's why you get the popup in front of you and it says you need to call Microsoft, right? Karl: Yes Cheater: Okay, so don't worry. We wanted to help you. I will make sure that I solve your problem when the call ends.
Okay Karl: Okay, so we have to do it quickly because my wife is coming home soon. You understand Scammer: Okay, I see. Okay, when does it come, how long? Karl: I'm not sure.
She is in the mall. Cheater: All right. Okay, so okay.
So what are we going to do, we are going to diagnose your computer for you? I'll connect your computer to a secure server asap and diagnose this for you. And tell you how we can remove this virus from your computer, alleged software to help you connect to a second secure server. So that we can diagnose your computer.
Basically, it is the diagnostic software that helps us diagnose the computer system that we run on you. Karl: How long have you been working at Microsoft, does it have to be a good company to work for? Cheater: Yes, I was here for about a year and a half. Karl: Oh, wow, and did you have to go to college to get this job because I'm looking for a job.
Scammers: Sir, we are not here to get any personal information as this is a company line. I can't share my personal information here? So let me work on the computer. OK? Karl: Is that safe? Cheater: Yes, of course.
OK. So your computer is currently connected to your server. This is how you are connected to your support team.
Okay.Karl: Okay Scammer: So don't move your mouse and just let me check the virus. Okay, I'm in control of your computer now.
Let me diagnose your computer. Karl: Okay, but you want to look at my files, right? Scammers: I don't look at files. I'm working right now checking out all of the things that are a little overworked.
All right Give me a moment In fact, there are some services that have been stopped on your computer. That's why you might see the popup. Can you show me the pop Karl: I got it from this website, from this website.
I clicked on it and it disappeared, it's from one of those sites. Scammers: Okay, so you're from PhilippianKarl: No, I'm looking from Oakland. This is a dating website.
Scammer: Oh, okay, so you're looking for a Filipino girl, okay over there. Karl: Yeah, don't worry about what I'm doing man. I just have to fix this before my wife gets home.
Scammers: Okay, now let me close this website for you or let me ignore this. Karl: You can, okay. I'm worried man.
I'm really worried. Scammers: Are you worried about what? Karl: What's up, the virus. Scammers: Okay, so you watch a lot of porn or go to different websites online? Karl: No, I just got this one got new laptop and I'm just trying to watch a movie and you already know you do dating stuff.
Scammers: So actually there is no reduction if you are currently running on your computer and there are a lot of porn sites made by your account. Karl: Oh my God Scammer: And a file is running on your computer. Karl: Mmm-hmm Scammer: But actually Trojans.
Karl: What is a Trojan? What do you mean? What is a trojan? Scammers: Oh, you don't know about it, now you just search very easily first, you can go online and search for it. Karl: Trojans what is that? Scammers: What, what, what are you talking about? I'm talking about the Trojan virus. In fact, Trojan horse is a virus that is designed to infect computer devices and you can also read and detail Google and its various websites.
Okay, indeed, sir, there are viruses that run on a computer system and your various services stop stopping. just let me go ahead and check if your email id is infected with it or not too. ok, and then.
Can you please write down your email address here? Karl: Okay, sure. Scammers: Some of the information has been verified. Karl: Oh my god.
Scammers: You could be scammed. Karl: Oh my god. Oh my god, that scares me.
Scammers: don't worry. Here we will help you. Karl: I'm worried.
I am really worried about this. Scammers: What general purpose are you using this computer for? Karl: I told you. Cheater: Okay, do you remember my name? Karl: No Cheater: It's Rob, oh there is a telephone connection in the computer system.
Karl: WhatScammer: If that's what you're seeing, there's a phone connection I made on your computer. You can see what? Karl: Oh shit! Scammer: So, in order to remove these people, what they're doing, they're stealing your information. Karl: You have to stop doing that.
Scammers: I'm just checking what other devices are connected to the computer system? So several foreign connections have been made on your computer system. We need to remove this asap. All right? Karl: All right.
Scam: Okay, so to set up Microsoft security on your computer system, sir. Karl: Mmm-hmmScammer: There are several safeguards to level the wireless protection market. But that will only solve the problem for the viruses but now there are more infections on your computer system is a complete package.
We need to install this on your computer to protect it from hackers. Karl: Good. Scammers: Okay.
Okay, we're going to set up basic security for Microsoft Defender to fix this issue. It will cost you about $ 399Karl: how much? Scammers: $ 399. So this is protective software that we have to use.
Karl: Okay. Scammers: On a computer system, okay. And that will fix your problem.
Let me work on it. Karl: What was your name again? Scammers: My name is Robert. Karl: Robert, okay from California.
Scammers: Mmm-hmm Okay, put your account number away. Karl: Okay. Before I pay you, I have to thank you.
OK. I really appreciate your helping me. So thanks for your help.
OkayScammer: Thanks for nah Karl: no, no listen to me, listen, right? Are you not an Indian scammer. Scammer: No Scammer: What are you saying? Karl: No. Thank you, you are an Indian scammer.
Is your mother's cheater too? Cheater: I'm not Indian. Karl: You are an Indian from Delhi? We all know what happens to these scams. Here you are man.
Cheater: No sir, where are you from? Karl: Delhi But I was born in Rohtak in Haryana. Cheater: Why did you call? Karl: Fucking you to waste your time. To tell you that you bring shame to all Indians.
You're not even a 2 rupee person. Cheater: what do you mean, what do you mean? Karl: So you don't speak Hindi? Cheater: I am not Indian. Karl: Don't lie.
You are a liar. Everything you told me is a lie Cheater: Why should I lie to you, you are telling me the lie. Karl: No, you're telling me that life is not a virus there, man.
You are just a scammer from India. We all know man. Scammers: I only provide the protection software, nothing else.
Karl: No. Why do they do that? Are your parents proud of you You are a scammer. Scammer: I am not a scammer, I just provide the supporting software for you.
You can see that while you are still pulling on the map. Karl: No, you scold. Who do you think brought the pop-up? Who do you think brought the pop-up? You put the pop-up on the website.
So people call you and then you offer fake service. What do you do not understand? Cheater: You are wasting my time. Karl: Yeah, I do and you cheat people.
Cheater: We don't cheat people, brother. Karl: You are, you cheat up here. Scammers: Okay, this is a waste of time.
Let it be well with you. By the way, what's your name, Karl: You'll find out my name soon. Do not worry.
Cheater: All right Karl: Okay, cheater: Thank you, thank you Cheater: I told you I didn't understand much. I can't speak much. Bye have a nice day.
Karl: That guy was such a liar. So that's what happens, right? We call these numbers because we think we have a virus and then they say we could fix it for $ 400 when in reality there is absolutely nothing wrong with our computer. It's fine and they won't fix anything.
It's all wrong and a lie. And if you thought I was being too strict with this guy the way I talked to him. There was a time when these call center reps actually thought they were working for Microsoft, but there is so much awareness of fraudulent call centers these days.
There have been so many police raids here that all these call center workers now know if they work for a fraudulent call center. You can no longer rely on ignorance. You saw how much this guy just lies to me.
Tell me he's not even in Delhi. I know for sure. Now we are confronting the owner of this call center, Himanshu Nigam from Uttar Pradesh.
But before that, I have some good news for you about the call center and some bad news for me. So the bad news, obviously, I'm not in the same place where I took the rest of this article, am I? I was gone for four days. I came back and my wife had cleaned the house.
Which meant that she had thrown away the dining table I was working at and I had been relegated to the sad little corner of the desk. I'm going to take revenge on her. That's the bad news for me.
The good news for you guys on this call center is my friend on YouTube Jim Browning, he's flooded your call center with calls for the past few days. He got people refunds from visas. He has closed the call center numbers and is in the process of reporting them to the US and Indian authorities.
So check out Jim's channel. He's basically a one man army against these fraudulent call centers here in India and he's taken them down one by one. Now let's call Himanshu Nigam and let's see what he says.
You are Himanshu Nigam, the head of a new technology restricted who runs a fraudulent call center in Rohini Sector 3 and in fact I have conducted an investigation into your operation, only fraudulent call center and a article will appear on YouTube if there are multiple articles about your fraudulent call center come and you could? Jim Browning noticed this week that he was flooding your class with calls. He shut down your phone numbers and Visa issued refunds. And we know about Mahir Shah too.
He is your contact in the USA. And you have been reported to the Indian police force and the US police force. Okay, it might be time for you to move your office.
No, brother, you lie, you completely lie. So Himanshu says that he has nothing to do with it. He's innocent, but if you just dig a little deeper.
You will find all the information you need to prove that he is just a complete liar. So, they run these fraudulent call centers behind legitimate companies. They are fake deals.
They are letterbox companies and if you are looking for renewed technology Private Limited and check out this Facebook page you will find in 2018 that they are hiring candidates for the US and UK shifts. The very people who cheat on them, he told us that he does search engine optimization SEO, right? Complete liar. Look at the username there; HR and Nigam.
He set up this page and he posted on this page. There you have the address, Rohini. Exactly where this call center is.
Now if we go to the website it is the fake website, the shell company they are using to hide the call center for new technology. Check out how fake that is, the sites aren't even finished yet. It's just super generic.
It's not a real website and if you just go to the 'About Us' page it says here. Dedicated call center. This is the mailbox company that runs the scam call center and you know the first rule of doing something wrong is never admit your crime if you get caught, right? So that's all Himanshu does, all the evidence Jim has shown me shows that he is absolutely the owner of this operation.
We as Indians must fight these rogue call centers that are destroying our reputation all over the world. When foreigners get these calls from these rogue call centers they start to think that all Indians are like that, but that's not true. It couldn't be further from the truth.
Indians are the most hospitable people in the world, right? If you want a full investigation and see all the evidence against the fraudulent call center head over to Jim Browning's channel, watch this article. I have a link to that in the description and if you want to support my work and become a member -onlybenefits, head, join the button and become part of the rock army. Long live India.
Is hacking a hacker illegal?
Regardless of motive, doing so is likely illegal, under U.S. and some foreign laws, and could result in civil and/or criminal liability.” What makes hacking back “likely illegal” is the Computer Fraud and Abuse Act.
One hears about it again and again: A large bank has been hacked. Tumblr was hacked. The Ashley Madison infidelity website was hacked and now everyone who cheated on each other knows what you see in the movies.
Hacking isn't about typing a few magic words with one hand on one keyboard and the other hand on another keyboard. Or like, two people use the same keyboard at the same time. Hacking is difficult, and it usually requires careful planning and a lot of time.
Stopping malicious hackers can be even more difficult. But some people put a lot of time and energy into doing just that. Hacking is when an unauthorized person breaks into a computer system.
A hacker breaks in, and then suddenly they have access to information they shouldn't have. You can hear their Facebook or Twitter have been hacked, but that's not exactly what we're talking about here. When someone's personal Facebook account is hacked, it is usually because hackers use it to find out their password.
It can be devastating, but it's not on par with breaking into a company's entire infrastructure and stealing a billion passwords. Fortunately, these large-scale attacks are much more difficult. But they do happen anyway - in December, for example, Yahoo announced they had been hacked back in 2013 and just discovered that more than a billion accounts containing personal information like security question answers and passwords had been compromised.
This is why companies need to be really vigilant to protect themselves from hackers. Once a hacker enters, they have several options: they can gather information, damage the computer system, or do nothing, and just tell the company about the security risk. And that's the difference between The three main types of computer hackers: There are black hats, hackers who are basically the bad guys: They hack into systems to get information or otherwise cause damage ay.
There are also white hats, hackers who either break into their own systems or be hired to break into other systems - not to cause damage, but to test weaknesses that can then be fixed. And then there are gray hats, hackers who, as the name suggests, are, to a certain extent, on the border between black and white hat hacking. They're not actively trying to do harm, but they are still doing things that are illegal or considered unethical - for example, they could break into a system without getting hired, but you wouldn't steal information and tell the company later, but they could publish the vulnerability online in the meantime.
But whether you are a black hat, a white hat, or a gray hat, the inhacking techniques used are largely the same. If you're a white hat testing system for vulnerabilities, you need to know how to do all of the things a black hat hacker would do. It's like Defense Against the Dark Arts in Harry Potter - you have to know what the dark side is doing if you can fight it.
One of the most important things White Hats do is called a penetration test, or pen test for short. They test a system for vulnerabilities and then fix any they find rather than cause damage like a black hat would. This is a pretty normal procedure, so it's a great way to look at some of the basic principles of hacking to explore some of the basic principles of hacking.
Usually, the first step in a pen test is educating or educating yourself as you gather data about the target to find out how best to hack into your system. For example, if you were a black hat, it would be helpful to know what operating systems are running on the target's computers so that you can launch an attack that is tailored to the users, so if you are a white hat you would want to know what data you can access so you can find out what vulnerabilities need to be addressed. There are two different types of reconnaissance: passive and active.
Hacker collects information without taking any action You interact with one of the target's computer systems. There are many different ways to conduct passive reconnaissance: You can search for information that is already out there, such as files that are publicly available on a website. Or a black hat might even try to steal old hard drives that the target has thrown away.
Passive reconnaissance strategies can take a while, but when a black hat uses them, they are also difficult for companies to detect and combat - because there is nothing in the company's systems to detect, so there is no warning of a planned attack. The best a company can do is make sure there are no traces lying around by destroying as much unnecessary data as possible, even if it seems harmless if you don't just throw old hard drives back in the dumpster, it helps. Active intelligence, on the other hand, is when a hacker tries to obtain valuable information about a company by interacting directly with the company's systems.
Hackers can get more information, making it quick, but also easier to spot. This is because companies can, for example, keep track of which computers are communicating with their servers - the more central computers that provide data to other computers. If they notice a strange computer on their network or suspicious commands are being sent, they can take action - for example, by blocking the address sending these commands.
As a white hat, part of the pen test usually includes an active education itself to see if the safeguards you put in place can stop Black Hat from learning too much. Usually you first look for open connections or ports. Each open port acts as a kind of link between a device and the Internet, where data can be exchanged.
And that can be dangerous because a hacker can use an open port to send code that attacks a machine. Once you've found an open port, the next step may be to determine what hardware the port is running on and what operating system it is using, because that's exactly what a black hat would do. If you find that a black hat can gather enough information to start an attack, you may need to rethink the ports open or find ways to keep machines from disclosing information about themselves.
In most cases, you should have that many ports keep closed as much as possible. One way to do this is to use a firewall, which is either a program or an entire device that blocks unwanted access to a computer. Firewalls track a computer's ports, among other things, and ensure that only ports that need to be opened need to be opened.
You're like a computer security guard making sure all the right doors are locked Once you've done some educational work, you may want to move on to protection from attacks that exploit your particular setup. Basically, you take a list of the hardware and operating system versions that you are running and see if they contain known hacks. People can find ways to get around an operating system or software where the exploit is usually published online.
Then the company that makes the operating system or software tries to fix the vulnerability. However, patches and updates are not always installed on your systems immediately. It is important to see if you are using older, vulnerable versions.
Of course, a black hat could also develop new exploits and use them. But that requires a lot more effort and skill, so protecting against known hacks greatly reduces the likelihood. that you are being hacked.
Another part of the penetration test has to do with websites. For every website on the internet, there is the part that you should see. Like YouTube, you can see different channel pages and article pages, and you can watch me do this with my hands.
But websites also have a whole administrative page with pages and files that you shouldn't see. These pages can contain information that the developer needs to operate the website, or files that the public should not have access to databases with user names and addresses. Ideally, you'd want these pages and files to be secured so that a random guy named Steve can't access all of them by just entering a specific url, if someone could access it, do what a black hat would do: give it a try Look up different URLs and see if you can find any pages or files that shouldn't be publicly available.
To do this you can use crawlers - programs that map automatically. You can also get to the site by visiting various links and directories. You can also use programs that will try out the typical URLs that might store this type of information.
So pages like your website.com/info or / files or whatever. If the crawler encounters an error page, that can also be important.
Companies need to make sure that the errors that occur do not contain information that a hacker can use against them For example, if an error says that a certain page is private, it tells a Black Hat that that page would be a great destination if you can, so you should be careful about how much information appears on your error pages. Another part of the website test includes pages that use forms, such as: B. on which you enter your delivery address or hundreds of questions for your OkCupid profile.
If these forms are not set up correctly, black hats can use them to send malicious code to a system. Often times, with this type of code, they can gather information from databases that a company may be using, happily retrieving all of the credit card numbers that someone has ever submitted. Hence, it's important to make sure a website that its form input looks suspicious, and to test these protections by trying to break through a penetration test yourself, but those are the basics.
Once the test is complete, it's time to go through the results and fix any weaknesses. Even then, a company's systems may not be completely secure from all hacking attempts. Black hats are always coming up with more creative ways to break into systems, and when they have a specific target, like a government or other high-profile organization, whitehats need to be on the lookout for attack all the time.
But as long as they keep an eye on potential security threats and stay ahead of the black hats, which Yahoo is apparently completely incapable of doing, they can put up a pretty strong defense. Thank you for watching this episode of SciShow brought to you by our patrons on Patreon. If you want to support this show, you can give us your money and we will use it to make scishow a reality on patreon.com/scishow.