WEBVTT 00:00:00.000 --> 00:00:06.970 align:middle line:90% 00:00:06.970 --> 00:00:09.340 align:middle line:84% In this video, we're talking about fake error messages, 00:00:09.340 --> 00:00:12.160 align:middle line:84% and we're going to take a look at what scareware is 00:00:12.160 --> 00:00:16.760 align:middle line:84% and talk about what it actually is. 00:00:16.760 --> 00:00:18.940 align:middle line:84% So how these attacks typically work 00:00:18.940 --> 00:00:22.390 align:middle line:84% are, first of all, Amygdala hijacking. 00:00:22.390 --> 00:00:24.970 align:middle line:84% And we did talk about this in the social engineering 00:00:24.970 --> 00:00:26.930 align:middle line:90% part of this course. 00:00:26.930 --> 00:00:30.610 align:middle line:84% So if you forgot, Amygdala hijacking is essentially 00:00:30.610 --> 00:00:32.590 align:middle line:84% a personal or emotional response that 00:00:32.590 --> 00:00:35.680 align:middle line:84% is immediate and overwhelming, and that's a term 00:00:35.680 --> 00:00:37.990 align:middle line:90% coined by Daniel Goleman. 00:00:37.990 --> 00:00:42.470 align:middle line:84% Now, essentially, when these come up, 00:00:42.470 --> 00:00:44.900 align:middle line:84% we have a fear that we've done something wrong 00:00:44.900 --> 00:00:48.170 align:middle line:84% and that we're caught, fear that something bad has happened 00:00:48.170 --> 00:00:51.860 align:middle line:84% to our computer, and it needs immediate remediation, 00:00:51.860 --> 00:00:55.670 align:middle line:84% fear that something is going to happen if we don't take action 00:00:55.670 --> 00:00:58.400 align:middle line:84% that it's telling us to take, and also 00:00:58.400 --> 00:01:01.520 align:middle line:84% fear of authority, fear of authority in that we 00:01:01.520 --> 00:01:05.060 align:middle line:84% must comply with what is being asked of us. 00:01:05.060 --> 00:01:09.580 align:middle line:84% So let's take a look at some examples here. 00:01:09.580 --> 00:01:12.030 align:middle line:84% Now, this was a really popular one 00:01:12.030 --> 00:01:14.250 align:middle line:90% that went around a while back. 00:01:14.250 --> 00:01:18.300 align:middle line:84% And typically, this worked by, you're surfing the web, 00:01:18.300 --> 00:01:20.680 align:middle line:84% all of a sudden your screen gets locked, 00:01:20.680 --> 00:01:26.070 align:middle line:84% this giant, scary looking splash page comes up on your computer. 00:01:26.070 --> 00:01:26.980 align:middle line:90% You can't close it. 00:01:26.980 --> 00:01:29.147 align:middle line:84% There's nowhere to close it, there's no back button. 00:01:29.147 --> 00:01:32.310 align:middle line:84% It just pops up on your computer and locks up your screen. 00:01:32.310 --> 00:01:34.530 align:middle line:84% And in big red bold letters, it says, 00:01:34.530 --> 00:01:37.320 align:middle line:90% your computer has been locked. 00:01:37.320 --> 00:01:39.750 align:middle line:84% This operating system is locked due to the violation 00:01:39.750 --> 00:01:42.450 align:middle line:84% of federal laws of the United States of America, 00:01:42.450 --> 00:01:45.930 align:middle line:84% article 1, section 8, clause 8, article 202, 00:01:45.930 --> 00:01:49.170 align:middle line:84% article 210 of the Criminal Code of the USA 00:01:49.170 --> 00:01:53.310 align:middle line:84% provides for deprivation of liberty for four 00:01:53.310 --> 00:01:54.330 align:middle line:90% to twelve years. 00:01:54.330 --> 00:01:56.700 align:middle line:90% So right there, it's scary. 00:01:56.700 --> 00:01:58.770 align:middle line:90% You can't close this thing. 00:01:58.770 --> 00:02:02.030 align:middle line:84% It just pops up on you, no warning, and all of a sudden, 00:02:02.030 --> 00:02:04.530 align:middle line:84% it says your computer has been locked, which essentially, it 00:02:04.530 --> 00:02:07.110 align:middle line:84% did kind of lock up your computer. 00:02:07.110 --> 00:02:10.410 align:middle line:84% And it's saying that the feds locked your computer. 00:02:10.410 --> 00:02:13.020 align:middle line:84% And they're naming off these different penal codes 00:02:13.020 --> 00:02:17.010 align:middle line:84% and saying that you can go to jail for four to 12 years, 00:02:17.010 --> 00:02:20.790 align:middle line:90% and violations were detected. 00:02:20.790 --> 00:02:22.740 align:middle line:84% They have your IP address, that you 00:02:22.740 --> 00:02:27.660 align:middle line:84% were on these horrible websites, pornography, child pornography, 00:02:27.660 --> 00:02:31.770 align:middle line:84% zoophilia, child abuse, all these horrible things. 00:02:31.770 --> 00:02:33.300 align:middle line:84% And that your computer is locked, 00:02:33.300 --> 00:02:36.240 align:middle line:84% and they're going to take immediate legal action 00:02:36.240 --> 00:02:38.140 align:middle line:90% against you. 00:02:38.140 --> 00:02:40.920 align:middle line:84% Now, in order to not be arrested, 00:02:40.920 --> 00:02:44.070 align:middle line:84% you're supposed to pay a $200 fine, 00:02:44.070 --> 00:02:46.860 align:middle line:84% and that you have 72 hours to pay the fine, 00:02:46.860 --> 00:02:50.070 align:middle line:90% or you will be arrested. 00:02:50.070 --> 00:02:54.630 align:middle line:84% And then it goes on to say how you could pay this $200 00:02:54.630 --> 00:02:57.780 align:middle line:84% fine, which is you're supposed to go get these Green Pak 00:02:57.780 --> 00:03:00.900 align:middle line:84% or Western Union type payment methods, 00:03:00.900 --> 00:03:04.080 align:middle line:84% and they'll walk you through how to, who to pay. 00:03:04.080 --> 00:03:07.990 align:middle line:84% Now, again, this is a pretty scary looking thing. 00:03:07.990 --> 00:03:10.540 align:middle line:90% It looks fairly official. 00:03:10.540 --> 00:03:11.590 align:middle line:90% It's big. 00:03:11.590 --> 00:03:12.100 align:middle line:90% It's scary. 00:03:12.100 --> 00:03:15.880 align:middle line:84% It has the Department of Justice FBI seal on there. 00:03:15.880 --> 00:03:19.270 align:middle line:84% And your computer, legitimately, got locked up 00:03:19.270 --> 00:03:21.400 align:middle line:90% to a certain degree. 00:03:21.400 --> 00:03:24.580 align:middle line:84% And again, they're citing these different penal codes, 00:03:24.580 --> 00:03:28.450 align:middle line:84% and they're telling you they have your IP address. 00:03:28.450 --> 00:03:30.850 align:middle line:84% They have recorded doing these horrible things 00:03:30.850 --> 00:03:33.610 align:middle line:90% and you have 72 hours to comply. 00:03:33.610 --> 00:03:38.090 align:middle line:84% So this puts a sort of scarcity on you. 00:03:38.090 --> 00:03:41.060 align:middle line:84% You have a small window to pay this off, 00:03:41.060 --> 00:03:43.250 align:middle line:90% or you will be arrested. 00:03:43.250 --> 00:03:45.680 align:middle line:84% And for the most part, a $200 fine 00:03:45.680 --> 00:03:50.270 align:middle line:84% isn't really that far out of most people's budget, 00:03:50.270 --> 00:03:54.170 align:middle line:84% especially when you're looking at the feds coming after you 00:03:54.170 --> 00:03:57.180 align:middle line:84% and thrown you in jail for four to 12 years. 00:03:57.180 --> 00:03:58.730 align:middle line:90% That seems pretty minor. 00:03:58.730 --> 00:04:00.830 align:middle line:84% But there's a lot of scary things here. 00:04:00.830 --> 00:04:07.620 align:middle line:84% Again, your computer locked, FBI seal, threat of going to jail, 00:04:07.620 --> 00:04:11.298 align:middle line:84% and also you have things like they have your IP address, 00:04:11.298 --> 00:04:12.840 align:middle line:84% they have you doing these bad things, 00:04:12.840 --> 00:04:17.100 align:middle line:84% and you have three days to, essentially, pay off the fine. 00:04:17.100 --> 00:04:19.769 align:middle line:84% And this was, again, a really popular scam. 00:04:19.769 --> 00:04:21.390 align:middle line:90% It scared a lot of people. 00:04:21.390 --> 00:04:25.620 align:middle line:84% I've known people that I've worked with that this came up, 00:04:25.620 --> 00:04:28.290 align:middle line:84% and they were freaking out even though they didn't do anything 00:04:28.290 --> 00:04:31.980 align:middle line:84% bad, they were just legitimately going on there 00:04:31.980 --> 00:04:35.080 align:middle line:84% and surfing the web, no horrible websites. 00:04:35.080 --> 00:04:37.510 align:middle line:84% It just hit a lot of different places. 00:04:37.510 --> 00:04:40.050 align:middle line:84% But again, this was really scary. 00:04:40.050 --> 00:04:42.760 align:middle line:90% Now, this is another one. 00:04:42.760 --> 00:04:43.260 align:middle line:90% Warning! 00:04:43.260 --> 00:04:45.540 align:middle line:90% Your computer may be infected. 00:04:45.540 --> 00:04:48.900 align:middle line:84% System detected two potentially malicious virus rootkits. 00:04:48.900 --> 00:04:51.060 align:middle line:90% And they name off these viruses. 00:04:51.060 --> 00:04:52.860 align:middle line:84% And in order to get rid of it, you 00:04:52.860 --> 00:04:55.180 align:middle line:84% need to call the tech support line right away, 00:04:55.180 --> 00:04:57.457 align:middle line:84% and they will help you get rid of this. 00:04:57.457 --> 00:04:59.290 align:middle line:84% And to make it a little bit more legitimate, 00:04:59.290 --> 00:05:02.930 align:middle line:84% they would generally show your real IP address on there. 00:05:02.930 --> 00:05:05.340 align:middle line:84% So if you went online, you checked your IP, 00:05:05.340 --> 00:05:07.950 align:middle line:84% or you ran the console and checked your IP, 00:05:07.950 --> 00:05:09.990 align:middle line:90% you go, OK, well, that matched. 00:05:09.990 --> 00:05:13.230 align:middle line:84% And wow, my computer is infected by a virus. 00:05:13.230 --> 00:05:15.300 align:middle line:84% It looks like my antivirus popped up. 00:05:15.300 --> 00:05:17.065 align:middle line:90% I better call this number. 00:05:17.065 --> 00:05:19.440 align:middle line:84% And what typically happened is you call the phone number, 00:05:19.440 --> 00:05:22.620 align:middle line:84% and the person on the other line would kind of 00:05:22.620 --> 00:05:25.170 align:middle line:84% walk you through some things, and you go, OK, well, try this. 00:05:25.170 --> 00:05:26.190 align:middle line:90% Wow, that looks bad. 00:05:26.190 --> 00:05:28.455 align:middle line:84% OK, well, yeah, you have a virus. 00:05:28.455 --> 00:05:31.637 align:middle line:90% 00:05:31.637 --> 00:05:32.970 align:middle line:90% Give me your credit card number. 00:05:32.970 --> 00:05:33.750 align:middle line:90% We'll run it. 00:05:33.750 --> 00:05:37.380 align:middle line:84% We'll get you the software to clean it. 00:05:37.380 --> 00:05:40.240 align:middle line:84% And then they would steal your credit card information. 00:05:40.240 --> 00:05:44.038 align:middle line:84% And they would bill you, and you would never 00:05:44.038 --> 00:05:45.580 align:middle line:84% get rid of this thing, and you really 00:05:45.580 --> 00:05:47.080 align:middle line:84% didn't have a virus on you computer, 00:05:47.080 --> 00:05:51.610 align:middle line:84% this is just an annoying scareware tactic. 00:05:51.610 --> 00:05:53.860 align:middle line:84% Now, this one's a little bit different, 00:05:53.860 --> 00:05:57.040 align:middle line:84% and this looks pretty good for most people 00:05:57.040 --> 00:06:00.430 align:middle line:84% because if you're running Windows, which a lot of people 00:06:00.430 --> 00:06:03.290 align:middle line:84% are, it looks like Windows pops up on your computer 00:06:03.290 --> 00:06:07.870 align:middle line:84% and says Windows is running, you have this virus on here, 00:06:07.870 --> 00:06:12.160 align:middle line:84% it starts scrolling through, rattling off all these viruses. 00:06:12.160 --> 00:06:14.400 align:middle line:84% And it looks like your computer is actually 00:06:14.400 --> 00:06:16.630 align:middle line:90% popping this from Microsoft. 00:06:16.630 --> 00:06:19.870 align:middle line:84% And then it'll give you a very helpful 800 number 00:06:19.870 --> 00:06:21.320 align:middle line:84% that you would call, and a person 00:06:21.320 --> 00:06:23.570 align:middle line:84% would answer that they're from Microsoft tech support. 00:06:23.570 --> 00:06:25.460 align:middle line:90% And again, same type of scam. 00:06:25.460 --> 00:06:28.905 align:middle line:84% They will walk you through, try this and try this, OK, well, 00:06:28.905 --> 00:06:31.280 align:middle line:84% OK, we're going to try to clean the virus this other way. 00:06:31.280 --> 00:06:32.770 align:middle line:90% Well, it's not working. 00:06:32.770 --> 00:06:35.560 align:middle line:84% Well, you're going to have to pay for the additional service 00:06:35.560 --> 00:06:37.300 align:middle line:90% to get rid of this virus. 00:06:37.300 --> 00:06:38.890 align:middle line:84% And they'll tell you how dangerous 00:06:38.890 --> 00:06:41.290 align:middle line:84% it is to have this virus, and you need to get rid of it 00:06:41.290 --> 00:06:43.150 align:middle line:90% immediately. 00:06:43.150 --> 00:06:46.420 align:middle line:84% Again, they would charge you, take your money, 00:06:46.420 --> 00:06:49.750 align:middle line:84% and probably take your credit card information to use later. 00:06:49.750 --> 00:06:51.100 align:middle line:90% Again, it's another scam. 00:06:51.100 --> 00:06:52.840 align:middle line:90% It's not a real virus. 00:06:52.840 --> 00:06:56.790 align:middle line:84% It's just designed to scare you and make it look like one. 00:06:56.790 --> 00:06:58.000 align:middle line:90%