Steven Rottman, an Expert at Detecting Computer Fraud, Offers Tips to Optimist Club Members

Share Story

Steven Rottman spoke about internet scams to the Optimist Club.

When Steven Rottman of Roving Technology was asked to speak to the Optimist Club on February 2, members had so many questions that he agreed to stay after the meeting to answer them.

He also gave some Wi-Fi and email warnings that we all would be wise to heed.

First of all, if somebody “cold” calls you and says that they were monitoring your computer and noticed a problem, hang up.

“Never engage anyone who ‘cold’ calls,” said Rottman, who explained that hackers are looking to leverage your fear or greed to get you to grant them access into your computer and your accounts. It may seem legitimate, but it’s not.

If someone emails you and claims to be from Microsoft or another reputable company, Rottman said, you should scrutinize that email closely. “Float your mouse over any web links in the email to see if the web address is in fact where you will really be directed to.

“Additionally, closely look at the sender’s email address and make sure the domain (the part after the @ symbol) really is “microsoft.com” or “apple.com.”

He said that hackers will use the name Microsoft to look legitimate, but if you look more closely, you can see the e-mail actually is one letter off, for example Micnosft.com.

Rottman said hackers are experts at playing on your psyche. “Who wouldn’t want to investigate further by opening that email attachment that supposedly will tell you something that was purchased on your credit card or about a refund that you are supposedly owed?”

He said, “If someone claims your email inbox is full and needs to be cleaned, look at the email address.” DO NOT click on the email link but delete it if the sender’s email is not from the relevant organization.

If you receive an email with “Refund” in the subject line, “Don’t fall for those,” Rottman said. “If you click on a link, you allow them [criminals] to harvest your information.”

He explained that a phishing attack might appear to come from Bank of America, asking you to provide a new password and username.  If you comply, you have just given a thief access to your banking information.

Two-step authentication, now used by many companies, is good. “Those are blessings, because they’re difficult to break through,” Rottman said. “It’s a little bit of an arms race between us – the good guys and the bad guys, who want your information.”

If someone either emails or calls you for money, the best way to protect yourself is to call the person directly.

What if you have an antivirus on your computer? “No matter what antivirus you have, it’s no better than a picket fence,” Rottman said. “Nothing is foolproof.”

He said that large corporations hire consultants to see if they can “hack” into the company computers. One did this easily by sprinkling a couple of thumb drives in the parking lot. Employees picked them up and took them inside and automatically put them in their computers.

The city of Baltimore’s computer files were held ransom.

He said that hackers target cities, asking for ransoms to get the information back. In May 2019, the City of Baltimore’s files were hacked, and officials were asked for $76,000 in bitcoin.

Initially, Baltimore leaders resisted, but after estimating the city had lost $18.2 million, which included lost or delayed revenue such as property taxes, real estate fees and fines, it paid $6 million at the end of August.

Atlanta spent $2.6 million to recover from a $52,000 Ransomware demand. Other cities hit have included Valdez, Alaska; Greenville, North Carolina and West Haven, Connecticut.

West Haven officials said, “… our police IT experts determined the best course of action, given all the available information, was to pay a one-time fee of $2,000 to unlock servers. The money was paid in digital currency. The data restoration of a critical system occurred shortly after the completion of that transaction.”

Cities can avoid paying if they have backups, but then they have to rebuild the system. “External drives are vulnerable to ransom,” Rottman said.

For people who have Macs, and feel secure because PC’s are targeted more often, there is a new warning — a February 20 article in Ars Technica (“New Malware Found on 30,000 Macs Has Security Pros Stumped”). It notes that a previously undetected piece of malware has been found on 30,000 Macs, and researchers are trying to understand what it does and what purpose its self-destruct capability serves. So far, they don’t know, but “The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.”

“There are no guarantees. The only true protection is backups,” said Rottman, who grew up in the San Fernando Valley, received a mechanical engineering degree from Cal State Northridge and a master’s degree in business from LSU, with an emphasis in IT.

He worked at TRW in space and defense until 1993, then spent three years consulting individuals who needed help on computers. He lived in Pacific Palisades until he moved to Brentwood in 1995, and now lives in Sherman Oaks.

He took a full-time job in the IT department with DreamWorks Interactive, a video game developer that, in 1999, published the video game “Medal of Honor.” The company was taken over by Electronic Arts in 2000 and Rottman followed.

But by 2005, recognizing that “I like being my own boss,” he returned to full-time consulting.

He started Roving Technology in 2008, at the beginning of the deep recession, but his company has gone on to great success — particularly this past year, with so many people relying on Zoom and hiring him to improve their Wi-Fi, slow computers and all points in between.

Email: steve@rovingtechnology.com, call (310) 350-6960 or visit:rovingtechnology.com.

 

FIND THE MISTAKES:

I turn this email over to my clever readers, thanks to Rottman. Can you find the clues about why this is bogus and an attempt to gain access to your computer? Give it a read. The answers are below.

From: “Thank You For Your Payment…!” <jiyarawat4677@gmail.com>

Date: Friday, February 19, 2021 at 10:29 AM

To: “steve@rovingtechnology.com” <steve@rovingtechnology.com>

Subject: Thank You For Your Payment…!

Help Desk :-+1 855-200-2990

Invoiced for $349.99

Invoice    :- #69341568

2 Years Technical Support and antivirus protection.

Norton Security for 2 year

Technical Support for all Device 2 year

Transactions ID :- 535TSH58FHT9JXNJ (Pending)

The transaction of $349.99 would appear within the next 24 working hours on your account or in case of Credit it will be appeared on your next billing cycle

If you have any questions about this invoice, simply reach out to our Support Team +1 855-200-2990 (Toll Free) for help.

You have 24 hrs to refund this charge from the date of transaction without being charged.

Our Support team will gladly assist you with any questions or requests you may have – Simply contact us through our dedicated channels

It may take a few hours for this transaction to appear in your account.

Cheers,

The Billing Team

+1 855-200-2990

Please don’t reply to this email. To get in touch with us,+1 855-200-2990

Norton Internet Security Protection in USA are provided by Norton Life Private Limited. Users are advised to read the terms and conditions carefully.

MVP Consumer Security 2014-2016 Norton Insider MVP 2019-2020

NOTE : If email received in your spam box ask service desk to verify machine identity.

Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

 

ANSWER:

  1. Look at the email: jiyarawat4677@gmail.com. Companies do not allow employees to use personal emails. Corporate emails generally do not have numbers in the email.
  2. This email has put so much specific information such as an invoice number, the amount, etc. in an effort to make it look legitimate.
  3. Repeating the phone number (and underlining it in yellow) is an attempt to have the recipient call, so that a person can instill fear. Before calling, Google the number. This particular number shows up as fraud.
  4. There is no company logo.
  5. If there is a link, float your mouse over the link and the actual location to where this post may have originated will come up.

If you’re not sure, go to the actual company website of the supposed sender, such as Norton, and speak to a representative. That extra step could be invaluable.

 

This entry was posted in businesses/stores, Community, Education. Bookmark the permalink.