Category: information

Bitcoin Machines in Shops

We’re all used to ATMs in supermarkets and shops. Some charge for getting your money and some do not.

But recently, Bitcoin ATMS have started to appear in betting shops, general shops and elsewhere.

These don’t give you money – instead, they let you buy Bitcoins.

Bitcoin is a cyber currency that has been in the news a lot recently due to its rising price, thefts of Bitcoins and its use by online criminals.

These new machines are used by people wanting to invest in Bitcoin cyber currency but also there  is anecdotal evidence that they are used by criminals.  Some shopkeepers estimate that 50% – 80% of use is by drug dealers and other criminals wanting to change large amounts of cash into something they can access elsewhere, plus the cash is effectively laundered i.e it appears legitimate.

Once purchased, Bitcoins can be changed back into any currency in many places around the world.

The shopkeepers where the Bitcoin machines are situated sometimes get a  flat fee of £100 – £400 per month and sometimes they can get up to to 30% commission.

This shows that the charges the buyer has to pay to the machines must be very high to allow for such commission to be paid to the shopkeeper.

The machines generally have a limit of about £500 per transaction, but no limit on the number of transactions per person.

For criminals, these machines are ideal repositories for their ill-gotten gains.

The price of Bitcoins rose rapidly throughout much of 2017 but it is very volatile and could easily crash at any time and become almost worthless.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Fake Website Links

You will come across fake website links in emails, on websites, social media, text messages and more.

In this context, “fake” means a link that doesn’t take you where it says but instead goes to some other website or web page.

Why do people make such fake links?

Mostly there is a deliberate intention to mislead – promise a link to one site but take you to a different site where you don’t want to go.

This may be an attempt to infect your computer with malware or to get you to a page you have little interest in or simply to get you to look at a video or a webpage for which the link poster gets paid per visitor.

How to Identify Fake Links

  1. On a PC hover the cursor over the link and it should show the real destination URL. If this does not match what the link says then you have a fake link and you should not click it.
  2. On a MAC make sure you have the status bar showing first
  3. On Android phones you can press and keep your finger on the link and a box will open offering options but at the top it shows the complete link

Shortened URLS

Some webpages have very long addresses and if you’re sending a link to someone or posting on Twitter for example then some way to shorten these links would be welcome.  There are various services on the Internet that can do just that.  Twitter does this automatically for long links.

These shortened URLs make it difficult to identify the destination of the link. If in doubt – do not click.

Very Long URLs and Email Addresses

Most people create short URLs i.e. links as they want them to be easy to remember and to type e.g. fightback.ninja/the-inflammation-scam/

But some large websites deliberately create long URLs in order to make the purpose of the page easy to understand  from the name e.g. http://www.sheppardsoftware.com/content/animals/kidscorner/classification/kc_classification_appearance.htm

Scammers use long URLs in order to try to hide the true destination of the URL.  E.g. customerservice.lloydsbank.768092676414336492872654576277@78397123719273917cheapscam.com

That is not Lloyds Bank.

Scammers also use the confusion trick with email addresses e.g. customerservice.lloydsbank.768092676414336492872654576277@78397123719273917cheapscam.com

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Coffee Shop Facebook Like

A very clever way to demonstrate the danger of Facebook Likes was devised by CIFAS (Fraud Prevention Service) and BT.

They used a normal looking coffee shop with a sign in the window saying ’Like Us on Facebook for a Free Coffee and Croissant”.

People saw the sign and did ‘Like’ the coffee shop on their smart phones.. What they didn’t know was that a team of researchers watched their actions and trawled through Facebook and public websites to find them and any personal details they could find about the customer within a maximum of three minutes.

In the coffee shop, their free drink was made and the waitress listening in to the researchers on an earpiece then wrote that personal information on the drink.

The video is at http://home.bt.com/lifestyle/money/money-tips/coffee-shop-customers-shocked-by-like-stunt-in-cifas-data-to-go-video-11364071638280 3/9

The customers reactions are quite funny and range from suspicion to bafflement. Hidden cameras filmed their reactions and the film ends with the line ‘Don’t make it easy for fraudsters. Set your privacy settings’.

This is a great way to show how much of our personal information is online for anyone to find.

In 2015, 23,959 people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and is more than double the 11,000 victims in this age bracket in 2010.

People of all ages can be at risk of identity fraud of course.

Simon Dukes, Cifas Chief Executive, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, fraudsters have focused on stealing and using genuine people’s details instead.

Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they are now a hunting ground for identity thieves.

“We are urging people to check their privacy settings today and think twice about what they share. Social media is fantastic and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

Set the privacy settings on your social media profiles so only you  and people you trust can view them and be careful what you post as fraudsters can often access it.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Marketing Lessons From a Scammer

The radio station has been receiving emails about a cure for Tinnitus for months.

Lots and lots of these emails and interestingly they are not just copies from the same email address but show Marketing skills.

So, one day there were four such messages – all clearly from the same scammer.

But named as being from Krystal, Amanda Alexander, Jan Morris and Cliff Robertson.

Scammers don’t bother doing things one at a time so she will have software that generates random names, probably pairing up randomly from a list of first names and surnames.

Next day another four emails and this time from Emilia, Stanley Mayes, Gilbert and Nancy Clarke.

Third day from Sean Lewis, Orville Beck, Donald Hughes , Sylvia and Brooke.

And so on each day.

The email addresses these are actually from follows a pattern as a syllable then a hyphen then a syllable then .date as the suffix. E.g. curst-fay.date,  alice-sib.date. This changes each day to make it harder for people to block the sender.

How about the actual contents of the messages?

These are well written i.e. no grammatical or spelling mistakes and neatly laid out on the page using colour, bold, underline and different fonts to present an attractive easily read message.

There are two basic messages

  1. MAKE THE RINGING IN YOUR EARS STOP

Doctors usually said it was impossible, however once her ears were silenced and the ringing was gone they were stunned.

All she did was drink this and it went away fast.

  1. For decades doctors believed tinnitus was an ear problem.

They were wrong.

Studies performed at leading universities around the world revealed that tinnitus is actually a brain problem that destroys the auditory cortex.

For all the effort this scammer puts into his messages, it’s a pity she cannot find a better way to earn a living than sending out dumb messages about tinnitus.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The Value of Directory Submission Services

Online business directories used to be a good way to find items of interest on the Internet. But since the search engines became highly efficient, online directories have not been needed for general searching.  Search engines are the starting point for most users of the World Wide Web and directories are out of favour.

There are online services that will submit your website listing to hundreds or even thousands of online directories and they make it sound as if it’s the best way to get your website noticed.  But search engines pay little attention to directories and few people use them and directories don’t feature much in recommended search engine optimisation for your website, so the value is questionable.

Free and Paid Listings

While most online directories all offer a free listing option, they will try to upsell you to a paid option – this is generally a range packages available for a monthly fee. For example $25 might get you a listing with a logo and a website link, whereas $50 might guarantee you an entry in the top half of their search results page.

A free, basic listing can be useful just for the sake of another return link to your website, but it’s difficult to justify paying for an entry unless it’s a niche directory that is still much used by people searching in that niche.  This true for some trade directories that list for example architects or plumbers.

If your entry in a business directory is to your profile on the directory then this is unlikely to help your position in the main search engines as only the secondary link is to your website.

A paid listing will give you more visibility on the directory but probably be no better for the main search engines.

Maybe you know good reasons why business directory listings are worth paying for?

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Stay Safe on Western Union

Western Union is a money transfer system. It is very much favoured by online fraudsters as once you have made a payment in Western Union the money is untraceable and no way can you get it back.

Western Union recognise this problem but there’s little they can do as the whole process is designed to allow for easy money transfer as if paying cash. Untraceable.

Western Union do publish guidance on how to avoid scams and stay safe.

They publish a list of Money Transfer Never-Evers as they call them.

These are:-

  • Never send money to people you haven’t met in person.
  • Never send money to pay for taxes or fees on lottery or prize winnings.
  • Never use a test question as an additional security measure to protect your transaction.
  • Never provide your banking information to people or businesses you don’t know.
  • Never send money in advance to obtain a loan or credit card.
  • Never send money for an emergency situation without verifying that it’s a real emergency.
  • Never send funds from a cheque in your account until it officially clears—which can take weeks.
  • Never send a money transfer to an individual for online purchases.

If you follow those rules then you will be a lot safer using money transactions with Western Union.

There are countless other money transfer businesses of course including TransferWise, Currencies Direct, OFX and Moneygram.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

How Does Social Engineering Work for Scammers?

In this context, social engineering means to manipulate someone into doing what you want e.g. to type in login and password on a fake website so the scammer gets that information.

So, ‘social engineering’ is the methods used to trick people into doing what the scammers want.

It could be a phishing email asking you to urgently login in to your internet banking account or to call a support number as your computer has been infected with malware or a request from a company executive to urgently transfer money.

Generally, we prefer to trust people so if someone calls saying they are from your bank and they know your name and account – it’s easy to believe rather than to question everything. Maybe you answer their security questions and that gives them the details they need to access your account. It can be as simple and quick as that.

An Example Credit Card Payment Scam

A company selling telecom services receives an email from a possible new customer:

Hello,

This is Bill, I have just moved into the area and I need a new phone line.

Do you accept payment by credit card?

What information do you need in order to quote for the work?

Thanks

Bill

After a reply from the Telecoms Company confirming they do accept credit cards, , Bill’s next email sets up the conditions of the scam.

He’s in hospital waiting on an operation.  Lots of description to make it clear he cannot take phone calls or speak to anyone and very much needs help. He describes what he wants fitted in each room and then describes the removal company that is helping him to move while he’s in hospital and they can let the telecoms company in to do a survey if needed.

The purpose of this is to set-up the Telecoms company to accept an over payment by credit card from Bill then pay the removals company, as they cannot accept credit card payment and Bill can’t pay them any other way while in hospital.

This story is complicated and relies on the kindness of the Telecoms company to take the money and pass it on but also on their desire for business.

The telecoms company agrees, takes the credit card payment and then pays the removals company as per the instructions.  For example taking £1,000 for their work up front and £2,000 to pay to the removals company.

It all sounds quite safe, but then comes the sting.

The card was stolen but not cancelled straightaway and when the credit card company do cancel it then will claim the £3,000 back from the Telecoms Company who will end up out of pocket for the work they’ve done but also for the £2,000 paid to the removals company which was a fake operation.

That’s the credit card over payment scam

There are countless similar stories designed to get the punter to accept an over payment and it never ends well for the punter.

The stories are sometimes rough and have spelling and grammatical mistakes – to elicit sympathy for the scammer and at other times the stories have been polished by repeated use.

NEVER accept an over payment.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Trojan Horse Emails

“Trojan Horse” email is named after the famous huge wooden horse left by the Greeks outside the city of Troy. When taken inside, at night soldiers climbed out of the inside compartments of the horse and opened the city gates leading to its downfall.

A Trojan horse email is one that looks harmless but contains a malicious hidden payload.

They usually offer the promise of something you might be interested in—an attachment

containing a joke, a photograph, or a warning about something important..

When opened, the attachment may do any or all of the following:

  • give a hacker access to your files
  • install software that records your keystrokes and sends the results to an attacker, allowing a hacker to find your passwords and other confidential information
  • install software that monitors your online transactions and activities looking for confidential information

Trojan Horse emails commonly claim to be e-postcards or jokes or something else funny or a news item but they can be anything.

Make sure you have up to date anti-virus and anti-malware installed on all computers

Never click on a link in an email unless you are sure it’s safe.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Nicehash Bitcoin Theft

Criminals love Bitcoin because transactions are largely untraceable, no physical objects to store and can be converted into any currency.

Speculators love Bitcoin because although the value changes wildly and is unreliable, it has risen hugely during 2017.

Lots of scammers are pushing Bitcoin as much as they can – get the punters hooked while the price is rising.

Almost certainly it will crash at some point as there are no physical assets to underpin Bitcoin.

One other group that love Bitcoin is corporate hackers – break into an organisation that has Bitcoins stored on its servers, steal them and escape. There’s no cash or gold to move – it’s all on computer.

Nicehash was broken into and $64 million in Bitcoins stolen. Nicehash doesn’t know whether client accounts have been compromised.

Nicehash is an unusual business – It’s based in Slovenia and mines Bitcoins on behalf of its customers.

This is a strange process for which there is no correlation with real world currencies. Mining is how more bitcoins are created and requires huge amounts of computing power to solve equations.

If the price of Bitcoins continues to stay at such high levels then we can expect even more of this kind of attack.

Nicehash say that “Highly professional” hackers made off with around 4,700 Bitcoin and the Nicehash service was taken down so they could assess what had happened.

At least gold can be stored in a vault.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Bank Transfer Scam Compensation

In 2016, Which? Consumer Magazine launched a Super Complaint to the Payment Systems Regulator. Which? is one of only a few organisations empowered by government to raise super complaints on behalf of the general public.

The super-complaint said:- “We think banks need to do more to protect customers who are tricked into transferring money to a fraudster.”

Which? thinks banks should shoulder more responsibility for money lost to bank transfer scams. Customers who lose money due to scams via direct debit or credit and debit cards are reimbursed, for example, but not bank transfers. This would give banks an incentive to develop better mechanisms to prevent the fraud in the first place.

Which? Say “You only have to read the harrowing real life stories in our super-complaint to realise that these scams are often so sophisticated that it’s impossible for people to be savvy enough to completely protect themselves. And the people being scammed are not only the stereotypical vulnerable groups; they are often financially and technologically literate.”

Which? did some research by asking more than 1,000 members of the public if they could spot the difference between real and spoof emails and found that 50% of people were fooled by these sophisticated scam emails.

At last check, 359,823 people had signed the petition about this matter.

The Payment Systems Regulator has announced it is consulting on plans to reimburse victims of bank transfer scams. From the 1 January 2018, people who’ve been victims of a bank transfer scam will only need to deal with their bank when making a complaint – not the bank the fraudster was with. This means that banks will provide access to a dedicated team of staff trained to deal with scams.

However, the Regulator is also consulting on a reimbursement scheme for people who are tricked into transferring money to a fraudster when their bank failed to do enough to protect them. This is very good news.

The Regulator’s actions in response to the super-complaint will go a long way to tackling these scams. However, if banks are going to solve this problem and really protect their customers, they must also look at what other steps they can take to stop these scams from happening in the first place.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature