Have you heard about this recent Comcast scam that combines several exploits including:
- Malvertisements
Legitimate looking, but malicious ads served by Google - Drive-by downloads
Click the malvertisement and it takes you to a malicious site that attempts to download malware onto your computer - Ransomware
Software that takes control of your data and attempts to extort a ransom from you to get it back - Social engineering
A pop-up that tells you to call a 1-800 number for technical support, where a criminal is waiting to take your credit card
This is one of the reasons why so many companies value employees that have a basic understanding of security. Even when Security+ isn’t a job requirement, it often adds enough value to your resume to get you a job interview.
I heard about this Comcast scam through KnowBe4. Here’s a cut and paste from their blog post.
More and more, legit-looking advertising served on major websites turns out to be malicious. Bad guys pay for and posts ads that they hope you will click on. But if you click on those ads, you get redirected to a compromised website. That malicious site might infect your computer with ransomware, and/or display popups that claim your PC has a virus and tell you to dial a toll-free number. If you call that number it will be answered by scammers who claim they are Microsoft but will try to charge your credit card to fix your computer. What to do? You need to stay vigilant at all times and “Think Before You Click”:
- Don’t click on links in emails but go to the website you want to visit using your browser.
- Do not click on display ads on websites but go to the website you want to visit using your browser.
- If you get popups that claim your computer has a virus and you need to dial a toll-free number, close your browser, and if this happens in the office, call the IT helpdesk.
In the office, IT will update your computer with the latest versions of software, but at the house you also need to update your applications to their latest versions. If you don’t do that, and you wind up on a compromised website, it will try to install malware on your computer. Remember, both in the office and at the house, you need to “Think Before You Click“.
Unfortunately, this isn’t just a Comcast scam. You can expect criminals to repurpose this attack to other Internet service providers soon.
Knowledge thwarts these attacks. The blog post encourages people to copy and paste the information and send it to family, friends, and employees. You can also just send them this link: https://blogs.getcertifiedgetahead.com/comcast-scam/.
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
