The 20 | internet Archives

In a very short time, the internet will become a much more secure place.

That’s because the Board of Directors for the Internet Corporation of Assigned Names and Numbers (ICANN) has approved plans for the first-ever changing of the cryptographic key that helps protect the Domain Name System (DNS) – also known as the internet’s address book.

During a meeting in Belgium on September 16, the ICANN board passed a resolution, directing the organization to proceed with its plans to change — or “roll” — the key for the DNS root on October 11 of this year. It will mark the first time the key has been changed since it was first put into use in 2010.

“This is an important move and we have an obligation to ensure that it happens in furtherance of ICANN’s mission, which is to ensure a secure, stable and resilient DNS,” says ICANN Board Chair, Cherine Chalaby.

“There is no way of completely assuring that every network operator will have their ‘resolvers’ properly configured, yet if things go as anticipated, we expect the vast majority to have access to the root zone,” Chalaby went on to say.

ICANN notes that some Internet users might be affected if the network operators or Internet Service Providers (ISPs) have not prepared for the roll. Those operators who have enabled the checking of Domain Name System Security Extensions or DNSSEC information (a set of security protocols used to ensure DNS information isn’t accidentally or maliciously corrupted) are those who need to be certain they are ready for the roll.

“Research shows that there are many thousands of network operators that have enabled DNSSEC validation, and about a quarter of the internet’s users rely on those operators,” says David Conrad, ICANN’s Chief Technology Officer.

“It is almost certain there will be at least a few operators somewhere across the globe who won’t be prepared. But even in the worst case, all they have to do to fix the problem is turn off DNSSEC validation, install the new key, re-enable DNSSEC, and their users will again have full connectivity to the DNS.”

The changing of the DNS root key was originally scheduled to happen a year ago, but plans were put on hold after ICANN found and began analyzing some new, last-minute data. That data dealt with the potential readiness of network operators for the key roll.

Ultimately, an analysis led the organization to believe it could safely proceed with the changing of the key. As a result, the organization (after consultation with the community) developed a new plan that recommends putting the new key into use exactly one year after originally scheduled.

In the intervening time, the organization has continued extensive outreach and investigations on how to best mitigate risks associated with the key change.

“This is the first root key change, but it won’t be the last,” says Matt Larson, Vice President of Research at ICANN and the organization’s point person for the key roll.

“This is the first time, so naturally we are bending over backwards to make certain that everything goes as smoothly as possible. But as we do more key rollovers in the future, the network operators, ISPs, and others will become more accustomed to the practice.”

If it’s not one thing, it’s something else.

This is pretty much how one can describe internet scams at any given point in any given year. There’s always something being thrown at us that progressively gets more and more difficult to detect; scams that threaten our security and our privacy.

At the moment, tech support fraud is out of control. The FBI’s Internet Crime Complaint Center (IC3) says it received roughly 11,000 complaints about tech support fraud in 2017 with claimed losses nearing $15 million. That’s a whopping 86% increase in losses over the numbers reported for 2016!

The IC3 warns that, “Criminals may pose as a security, customer, or technical support representative offering to resolve such issues as a compromised email or bank account, a virus on a computer, or to assist with a software license renewal.” Scary. That’s certainly someone you would want to trust.

Tech support scams can sneak up on you under many different guises — from a hijacked computer browser to a phone call or an email. To protect yourself, you need to know what to look out for. Here is what the IC3 says are the most common scams that try to trick you into thinking you’re dealing with legitimate tech support services:

Fake Website Pop-ups

Suddenly a message pops up in your browser while you’re surfing the web, warning that you have a virus on your computer. It may also include an audio message. It gives you a phone number to call for help. Heck, it may even have a reputable company attached to it like Microsoft! This can be jarring and you may feel like your browser is trapped, but don’t call the number. It connects you to a fraudulent tech support company. The scammer may try to get you to pay up to fix the issue or may try to gain access to your personal information.

Phishing Emails

An email arrives. It looks official. It’s a warning of a compromised bank account or credit card, or an alert about a problem with your computer or an online account. It encourages you to click on a link for assistance or to call a fake support number…

“Once the fraudulent tech support company representative makes verbal contact with the victim, the criminal tries to convince the victim to provide remote access to the victim’s device,” says IC3. As with the fake pop-ups scheme, the scammer may try to get you to pay up to fix the fictional problems with your computer or accounts.

The “Fake Refund”

This is an unusual approach criminals are using to gain access to your online bank account. The scammer contacts a victim to offer a refund for tech support services. To get the refund, the scammer talks you into giving them access to your computer. They then ask you to log into your bank account to process the refund. The criminal then gets access to your account to proceed to process a fake refund. This elaborate scheme involves transferring money among accounts and talking the victim into sending money to the scammer via a wire transfer or prepaid card.

The IC3 calls this particular scam a “widespread issue.”

Unsolicited Phone Calls

Not all scams start through a web browser or email program. The IC3 also cautions about unsolicited phone calls from a person claiming your computer is infected with a virus or who is sending error messages to the caller. Again, this turns into an attempt to extract payment or personal information. “Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals,” says the IC3.

So if the tech support world is fraught with peril, how does one protect themselves when they need real tech support help? The answer is simple — use a legitimate tech support provider with decades of experience and demonstrated expertise. The 20 is serious about superior IT support. We leverage the combined skills, expertise, and knowledge of hundreds of IT companies to tackle your IT problems quickly so you can simply focus on growing your business.

Don’t be a victim!