DropBox File Virus?

[Tax Prep by Deb]

I hope this has not happened to any of you, but if it did I would like to hear from you what happened.  I received an email from a client that was suppose to be a document he forwarded to me via drop box.  Like an idiot I followed the directions and signed into what I thought was drop box via my email account.  After looking at the document I thought it was a bit strange, yet still related to tax issues and sort of in character for this client, so I paid it no mind.

This morning in another email account that I only use for things that are not important (never given to clients) a similar email showed up, this time however it was flagged (different email provider) as potential spam, so I did not open it.

Then came the dawn.  I immediately went to reset my pass word to my email account but before I could finish a flood of emails were sent to my contacts containing this same file.  I proceeded to reset my password, sent a warning email to all contacts not to open it, and took my computer down to my IT guy who is currently checking it for viruses ect.....

My concern is that this is going to turn out to be a Ransom Ware problem, not just an email hack.  Has anyone else had this happened (I hope not, and I feel so stupid because I am extremely cautious and careful in this regard, and should have known better, as this is not how DropBox works)?  Did you find out anything?

I am so nervous right now all I want to do is cry, and I don't cry easy!

[Jack from Ohio]

This is exactly the reason I do NOT use any cloud based file storage or retrieval.  PERIOD.

[NECPA in NEBRASKA]

I am so sorry. I have not had this happen, but will definitely be on the lookout. 

[Gail in Virginia]

I appreciate the warning!

[Abby Normal]

I recently got an email from a lawyer I deal with for several clients and it was one of those secure email systems. I almost clicked on it but the link looked suspicious so I replied to the lawyer and he confirmed that he had not sent that email.

Clicking on links in emails has always been and still is one of the most dangerous things you can do. Did you not have any antivirus protection?

[Lee B]

20 minutes ago, Abby Normal said:

.

Clicking on links in emails has always been and still is one of the most dangerous things you can do. Did you not have any antivirus protection?

Antivirus software will not protect you against this type of scam.

[Abby Normal]

 

10 minutes ago, cbslee said:

Antivirus software will not protect you against this type of scam

Browsers have some built it protection (Get me out of here!), and my antivirus (Eset) does block suspicious sites, plus I have Comodo firewall which blocks suspicious activity... so I feel pretty safe. But if you enter your login credentials on a fake site, you're on your own, especially if you use the same password on your email and other sites.

[Medlin Software, Dennis]

The only protection is the grey matter you have.  No software can protect you.  Period.  Software can make a little easier should you forget safe practices, but software fails miserably at guessing at future threats, and fails often in accuracy.

The worst part is "security" software makes some feel protected and they do things they should not.  This is coupled with "security" software falsely flagging safe items as unsafe, making the user disable the "security" software, which proves the futility of relying on software for security.

If we would go back to reading emails in text only, and not html, email would be incredibly safer.  Attachments you were expecting should be saved, scanned (if you believe in such actions), then opened.

[Tax Prep by Deb]

Hard lesson learned!  Turns out it wasn't ransom ware but it was a big bug.  Computer is brand new so my tech guy is going to reformat the hard drive and restore my operating system. 

Actually I am one of those who believes you can not be to careful, and I don't know why I did it, I guarantee I will be even more carefull in the future.

[Kea]

I got a "Donald shared 'Tax return Filing' with you" email today.  I did open the message, but did not open the dropbox link.  I do not have a client named Donald and suspected this to be a scam.  Is this the same message you got today?

[SaraEA]

Yesterday I got FOUR emails from different people I never heard looking for "representation" work.  Yea, right.  In the past I have received emails from people I never heard of wanting me to do their returns and attaching their previous year returns, out of the clear blue sky.  Yea, right.  When I renew my PTIN this year I am definitely opting out of sharing.  I take very few new clients anyway.  All the IRS listing does is give crooks my contact info.

Deb, don't beat yourself up over this.  The crooks are really good at what they do, to wit a careful person like you was fooled into entering their den.  Good thing you caught it so quickly.  Getting into address books is a goal for some of them.  I can't count the number of invitations I've gotten from actual clients from their Linked In accounts.  Like I really belong in their contractors group or IT group or artist group.  I'm with Jack...no drop boxes or cloud retrieval.  (One exception:  Banks sometimes give me docs this way but always call first with a one-time password.)

[jklcpa]

About a week ago a supposed attorney sent me an email with a link to documents that he was waiting on for me to sign.  I think NOT!

[BHoffman]

With the sophistication of cyber crooks, I don't know if this does any good but I've always had two email addresses. One is strictly for friends, family, and clients and the other is the one I use for everything else that requires an email account. The "everything else" email account has no contacts.   Lots of spam advertising for Viagra, though.....

 

[Catherine]

15 hours ago, Tax Prep by Deb said:

and I don't know why I did it

I know why you did it.  Your mind was on three different things at once, the name was familiar, you have received similar items before that were legit, and your attention missed the tell-tales for just a half-minute too long.  It can happen to ANY of us - which is why you telling us about this incident helps us to stay vigilant.  (That it also garners you some sympathy for your aggravation and problem is a nice side effect.)  Thank you for the warning!  And I hope your IT guy gets everything all set and restored quickly.

[Medlin Software, Dennis]

Add external backups.  One to keep in your desk, one to keep at home, one to keep in another secure location.  More in separate locations as needed for your comfort level.  And just as important, do a test disaster recovery at least once a year to make sure you really can restore from a backup, even on a new computer.  This includes not only restoring from your backup, but reinstalling needed software.  If you do not test the process, you will undoubtedly find gaps in the needed information/knowledge.  Do not rely on a computer "expert" for this process.  It MUST be you.  YOU are the only one who really knows what you will need.

Example.  Customer had a computer failure.  Sent drive off to a high dollar recovery service.  Waited.  Got a drive back with whatever was able to be recovered.  There were no instructions showing how to use what was recovered, so the person, so far, has not been able to make proper use of the recovered information.  Could be what was needed was not actually recovered at all.  A large amount of time and money spent with no results.  The time and expense was well over what it would have cost to hire someone to recreate the missing data.

Only YOU can prevent data loss...

[Eric]

42 minutes ago, Medlin Software said:

Only YOU can prevent data loss...

...and forest fires.

 

[Tax Prep by Deb]

Thank you all for your comments.

The saving grace is that it was a new computer and I was just starting to move things over.  We opted to completed reformat the harddrive and start over.  I am very diligent on backups and do keep more than one in different places so it will not be that difficult to restore.  My biggest concern is if it is just a virus or where they after and did they get any info.  I try hard to ensure safety.  I encrypted my hard drive to protect encase of someone breaking in and steeling, I have an external firewall to keep others out, I password protect just about everthing, but there is the chance that something wasn't.  Don't know when the bug really took hold, I do know I opened the stupid email on Friday and became aware of something just as they sent out emails to my contacts.  I was actually changing my email password when the first email was returned because it couldn't be received, and within 15 minutes sent my own emails out to my contacts to hopefully keep them from opening the attachment.  That I know of the only one who did was my brother but doing so on his cell phone and not any of his home or work computers, so we are hoping he's ok.  I had a couple call saying they tried but couldn't open it, so don't really know if they have been effected or not, but my IT guys says they could be.  So now I'm waiting to get my computer back so I can start over and hope that nothing else comes of this.

[Tax Prep by Deb]

3 hours ago, BHoffman said:

With the sophistication of cyber crooks, I don't know if this does any good but I've always had two email addresses. One is strictly for friends, family, and clients and the other is the one I use for everything else that requires an email account. The "everything else" email account has no contacts.   Lots of spam advertising for Viagra, though.....

That is exactly what I do, unfortunately it came from a client who by the way feels so bad, but like I told him he was just as innocent as a victim as I was.  The company he works for uses Drop Box all the time so I know he would be none the wiser.  I on the other hand should have known better and looked closer.  I guarantee the next time I will.  For now though I am left to pick up the pieces and beef up my security even more if possible.

I'm actually considering not opening any emails from the computer at all until I first look at them thru my tablet.  I can just through the tablet away and no harm no foul, but this other thing scares me to death almost to the point I'm ready to quit a profession that I love, I just don't know if the stress is worth the love at this point.

3 hours ago, BHoffman said:

 

 

[Roberts]

Couple of months ago I shifted my corporate email to Google and it runs through the Gmail servers with my corporate name. I've always had Gmail for personal emails - holy cow it's nice having their spam filters on my corporate account also. It catches the vast majority of that junk so I really only get about 15 emails per day - I can actually read and critique 15 emails.

I get a bill from the New York Stock Exchange every month in my email. It looks so fake I rarely pay with it and wait for the bill to show up in the mail.

 

[Catherine]

Using a throwaway tablet as as screening tool is potentially a good idea - but.  (Always a "but"!)  If it gets a virus *and* is wifi'd onto your network - it can get on your network.

A seminar I just attended said if you suspect anything, first thing to do is pull the ethernet cord off that machine!  Then you can change passwords, delete, etc. without viruses getting to your network or going out.

[jklcpa]

It never ends. Today's is a phishing attempt, supposedly from Logmein. It says my user account and IP address are blocked because of too many failed attempts at logging in.  Uh, I don't use logmein, never have.  

[Tax Prep by Deb]

By the time everything was said and done on my costly mistake I have ended up spending about $500.00 to have two computers completely wiped and everything re-installed.  The IT guy I use has a monthly monitoring service that includes beefed up security software, malware, ect.... plus monitors my computer for anything really strange and alerts him for which he can decide what to do.  To make a long story short, I had my computer back and within 15 minutes of starting it up and trying to install quickbooks pro from online, my brand new super duty computer came to a near stop.  After about two hours quickbooks was only about 50% done and I literally couldn't do anything else with the computer.  It was after hours so I didn't want to call my tech guy, decided just to reboot the computer and then everything worked perfect.

Went to pickup my laptop today from him and told him my problem, he said he knew.  Apparently when I was on the opening page of the browser a Trojan tried jumping on and he was successful in blocking it.  He said his software nailed it to the wall and alerted him so he was able to delete is before it got to me.  I have already got my money worth!

The service he is offering is what the Medical professionals are running and complies with all the Hippa regs, ect...  He said the biggest problem he has with this software is that once he installs it he rarely hears from his clients.  We shall give it a years run and see what happens.

[Medlin Software, Dennis]

The part that raises my attention is "getting the computer back" and getting something from opening your browser.  Why was your browser set to a bad default/home page?  That is something the security people should have checked, and should be monitoring.  Home page hijack is not a new issue...

I am not saying the security folks you are using are bad, but that this should have been caught in advance.  Ask them how it happened and how they will prevent it in the future.

[JohnH]

On 12/14/2016 at 11:19 AM, BHoffman said:

With the sophistication of cyber crooks, I don't know if this does any good but I've always had two email addresses. One is strictly for friends, family, and clients and the other is the one I use for everything else that requires an email account. The "everything else" email account has no contacts.   Lots of spam advertising for Viagra, though.....

 

Every time I get a stream of Viagra ads, I always ask myself "How did they know...?"

[Pacun]

If  you use your working tools to see fancy and nice looking websites, you need to reimage your computer every year at least.

My partner was laughing (she doesn't do taxes or touches my computer) because she tricked the Microsoft technician and the technician fixed her computer and  she didn't pay him. She got infected and then she got a message that if she wanted the computer to be fixed, she needed to call Microsoft at this number. She called the number and the Microsoft technician took control of her computer and fixed. The technician told her that if she wanted to be protected, she would have to pay $199. She replied that she needed to contact her partner and that the partner was out of the country. The technician said, that he could sell her another protection for $99... she gave him the same answer and the technician hung up the phone. I call her about 5 minutes later and she was laughing because the Microsoft technician fixed her computer and didn't charged her. I asked if she was done for the day and she said yes. I said shut down your computer and unplug the LAN cable from it and go home. I also told her, tell your husband what happened and follow his advice.

a couple of hours later, while I was having dinner, my phone started ringing and ringing. Her husband told her what I didn't. She wanted me to reimage her computer. I reimaged her computer and she learned her lesson.

How can you laugh after you have been so stupid about three times? The first, when they get you and they install the program on your computer, the second, when you call "Microsoft" and the third one when you give control of your computer to the "Microsoft Technician".