Protect your tech
WATCH OUT FOR...
New tools
ScamWatch
Readers warn readers11Scams and threats to avoid, plus new security tools
Warn your fellow readers about scams
at [email protected]Fake Windows 10 updates
Firefox for Android’s
HTTPS-only modeKnowing that you’re always
visiting the HTTPS version of a
website brings great peace of
mind, so we’re pleased that many
browsers now offer this as an
option. The latest to do so is
Firefox for Android (install it
from http://www.snipca.com/41848),
which Mozilla has added to the
100th release of the browser.
To turn it on, tap the menu
button (three vertical dots, top
right) in the address bar, then tap
Settings and scroll down to the ‘Privacy
and Security’ section. Now tap ‘HTTPS-
Only Mode’ so the slider moves to the
right (^1 in our screenshot). Finally,
select whether you want it to work in
every tab you open^2 , or only tabs where
you have Private Browsing activated.
Once enabled, Firefox will force a siteto open HTTPS pages, even if you click
a link to the HTTP version. If a site
only has an HTTP version, you’ll see a
warning and be offered the options to
continue or go back.
To see what else is new in Firefox
100, turn to page 43, and read Mozilla’s
blog: http://www.snipca.com/41845.Another fake McAfee offer
In Issue 625 Ian Tilling warned about
a scam targeting McAfee customers
with a ‘Protect Now!’ button. I got a
different McAfee scam recently, which
said “we have noticed a suspicious
activity detected on your device”. It
follows the usual script of claiming that
your computer will no longer receive
security updates unless you buy Total
Protection, which it generously offers
at a 60 per cent discount. I knew it
was a scam because I no longer use
McAfee, having switched to Kaspersky
(and now Norton) about four years
ago. The email I received looked
similar to the one reported by Action
Fraud at http://www.snipca.com/41841.
Michael GoodmanWhat’s the threat?
Hackers are infecting computers with
ransomware hidden inside fake updates
for Windows 10. Once installed, the
malware encrypts files on the victim’s
computer, and wipes any backups. It
also creates ransom notes titled
‘README.html’ that give instructions on
opening the To r browser in order to pay
the ransom, which tends to be around
0.068 bitcoins (roughly £2,000). The
ransom apparently doubles every five
days if not paid.
The ransomware, called Magniber,
spreads through fake updates with
names that sound genuine, including
Win10.0_System_Upgrade_Software.
msi and Security_Upgrade_Software_
Win10.0.msi. Some of the updates
even have fake KB (Knowledge Base)
numbers that Microsoft uses to identify
updates – for example, System.Upgrade.
Win10.0-KB47287134.msi.
It’s thought the attack started on 8Also click the link to ‘View optional
updates’ to see updates that Microsoft
isn’t forcing on you. These are typically
fixes for problems with the operating
system, though never security updates
which are installed automatically.
If you know the KB name of an update,
you can search for it in Microsoft’s
Update Catalog. Visit http://www.snipca.
com/41843 then type the KB number in
the top-right box (see screenshot) and
click Search. Now simply click Download
on the next page.April, and that the updates are being
spread through so-called ‘warez’ sites,
where hackers offer pirated versions of
software.How can you stay safe?
These attacks rely on people searching
online for Windows updates, so make
sure you never do that. Instead, open
Windows Settings (press Windows
key+I), click ‘Update & Security’, select
Windows Update on the left, then click
‘Check for updates’ in the middle.Issue 632 • 25 May – 7 June 20222
1