Email Scam From AFP

Today we would like to remind you of the importance of NOT clicking any links in your emails unless you are very sure of where the email came from and if you can trust it.

In the last couple of weeks we have heard of and seen on TV how people are getting emails from the Australian Federal Police. ( well not really but that’s what the email says)

here is what the AFP website says. (see story here)

The Australian Federal Police (AFP) is urgently warning the public of an email scam currently circulating throughout Australia and internationally that requests payment for a bogus AFP Traffic Infringement Notice.

The scam email initially asks the recipient to pay an ‘AFP fine’ of approximately $150. If links within the message are clicked, the recipient’s computer is infected with malware which renders it inoperable.

At that point ransomware is activated where the recipient is asked to pay thousands of dollars to reactivate their computer.

AFP National Coordinator Cyber Crime Adrian Norris has said anyone who receives the email should delete it immediately.

“This email has taken off widely today and looks legitimate, and many people have been compromised, so I would urge people to be vigilant,” Superintendent Norris said.

“The AFP never sends out traffic infringement notices via email, so if you have received an email that purports to be from the AFP and have doubt about its authenticity, do not make a payment or provide personal details.

“This email scam looks legitimate and contains AFP branding and may be from email addresses like TrafficInfringement.afp.org, TrafficInfringement.afp.com. or similar.

“Payment of this Traffic Infringement Notice will not go to the AFP, your money will be going to scammers overseas.”

Superintendent Norris said this was a timely reminder to ensure your anti-virus software is current and those who may have received the email to consider running a virus scan of their computer in case it has been infected.

Members of the public who believe they have been a recipient of the fraudulent email should report it to the Australian Cyber Crime Online Reporting Network (ACORN) immediately via http://www.acorn.gov.au/ or to ScamWatch http://www.scamwatch.gov.au.

So the rule is, Don’t click on any links in your emails unless you are sure you know where it has come from. And Remember, The AFP, Your Bank (or any bank), Microsoft, Telstra etc etc will not email you unless you are expecting an email because you have recently spoken to them etc.
You just have to think, how did they get my email address? Did I give it to them? If No, then consider it a scam.

Ransonware

The above AFP email was opened by a customer of ours and EVERY personal file was encrypted, as well as many other files on his computer. So in all, 33,000 ( yes that many) files we locked up with no known way to get them back. He lost 100’s of photos and documents.

Oh and remember also that if you have any USB devices like backup drives are also part of your computer when they are plugged in. So unplug these when not in use.

Lesson learnt the hard way.

Please take care

Unfriendly Links In Emails

Spam EmailsThis week (Mid May 2015) some clients that are hosted with Hostgator were getting emails saying they should be putting in place a SSL Certificate for their site and to click a link in the email to go and buy a SSL Certificate from Hostgator.

This turned out to be a phishing email.

The content of the email is as shown below.

Block the bad guys. Prevent hackers, spies and thieves from gaining access to sensitive information. Positive SSL encryption establishes a secure connection between your server and any visitor’s web browser, and keeps personal data private. Your SSL security icon lets visitors know their data and transactions are always safe on your site.

Build Customer Confidence with Positive SSL.
Encrypt credit card data.
Protect passwords and confidential information.

Secure online payments and form submissions.

Standout with Google!

Recently Google made a change to their algorithm that prioritizes rankings for websites with SSLs. Make sure you aren’t penalized by ordering an SSL today!

So, is it now true that google will penalise us for not having SSL on a non money generating site.
and 2, do we really need SSL on every site we produce?

Suspicions were that the email was NOT legitimate because of the email address that the email came from.
The email address was info@e.hostgator.com ( it was the e. that gave it away when it should have been hostgator.com (Not e.hostgator.com)
So we contacted Hostgator to confirm this and a reply was sent saying that,
The email you received which claimed to be from HostGator was actually a targeted phishing campaign against our customers. This phishing campaign’s goal was intended to obtain cPanel usernames and passwords from our clients. These emails are not from us at HostGator. Email addresses also appear to be obtained using public WHOIS information. Please do not click on any content within these emails.

So to answer the question of “Do I need an SSL Certificate on my site?”

The answer is mostly a no at this point.. with a catch.

Google does now use SSL as a ranking signal, but it accounts for a very small amount at present, with the potential it might mean more in the future as we move to a SSL-everything world.

You definitely don’t *need* SSL on every site you create, but it can lead to a perceived higher amount of trust by consumers, even if only using something like CloudFlare’s free-ssl offering.

Generally you only need an SSL for your site if you are passing money through it.
So if you are looking at taking payments thru your site then yes..
Payments as in when you ‘connect’ to the bank etc.
Not Bpay as that is done from within the bank of the buyer and not paypal as they are also secure.

 

So as the image says in the email we got, “Stop Evil Do’ers”  HaHa what a laugh as these turkeys are the Evil Doers themselves.

Please Please be very careful of any emails you get from anyone with links in them. Dont assume that the email is legit. Like this one it was sent to gain access to your hosting account.