Category: information

Facts About Data Breaches

Hackers break into company computer systems and steal confidential information. i.e. they make copies of it for their own purposes.

The hackers might then ransom the data back to the owner or sell it to a competitor or sell it to other scammers or  might make us of it in phishing scams i.e. to get more confidential information which they can then sell to fraudsters.

This is big business and usually it’s the customers of the hacked business that suffer.

We give our private and financial information to companies to do business with them but we expect they will do everything necessary to keep that data secure.

Many companies do have excellent data security but some fall short.

The cost to a company of a data breach can include:-

  1. Creation of contact databases
  2. Regulatory requirements
  3. External experts
  4. Postal costs
  5. Communications set-ups
  6. Audit services
  7. Helpdesk
  8. Legal expenditures
  9. Reimbursement for customers
  10. Cost of cleaning up data

Besides the material costs, there may be reputation damage.

Recent research shows:-

  • The average cost of a data breach is $3.62 million
  • The average global total cost per record stolen is $141 but there is huge variance across incidents.
  • Companies in South Africa and India have the highest chance of data breaches whereas companies in Germany and Canada have the lowest.
  • The mean time to identification of a data breach is 191 days
  • The faster the breach is recognised, then generally the lower the total cost
  • The increasing use of mobile platforms is increasing the chances of data breaches.

For information on how to recognise a cyber attack see

[facts taken from 2017 Cost of Data Breach Study]

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

What is Cyber Currency XRP All About

Ripple is a business that operates a payment network RippleNet and uses a cyber currency called XRP and it is one of the biggest cyber currencies in the world.

This cyber currency is designed for enterprise use rather than for the public.

It claims to offer banks and payment providers a reliable, on-demand option to source liquidity for cross-border payments.

There’s also the claim that It’s the fastest and most scalable digital asset,  enabling real-time global payments anywhere in the world.

How does Ripple work?

RippleNet makes it easy to transfer almost any currency to almost any other currency in the world. Ripple claim this can be done in 4 seconds which is much faster than Ethereum and Bitcoin.

Using Ripple, if you wanted to transfer currency directly from China to the USA, you could trade CNY to XRP and then send XRP to the recipient who will have an online Ripple wallet or a bank in the USA. From there, they can trade the XRP into USD.

Ripple claims banks can save an average of $3.76 per payment using their network.

XRP Price

XRP has risen in price from under $0.01 to over $1 a coin in under a year, with it valued on December 29, 2017 at a high of $1.50.

XRP’s increase in value may be connected to the astonishing rise in price of Bitcoin. XRP also has a new partnership with credit card company American Express, who are looking to offer instant block-chain based payments and this contributes to market confidence.

The global market is currently valued at around $488billion, Bitcoin accounts for about 40 per cent of the daily turnover and Ripple accounts for 4 per cent. But some experts believe it will enjoy a larger boost in value in 2018.

Ripple does have serious investors working with it, including Santander InnoVentures, Andreessen Horowitz, Accenture, Google Ventures and Standard Chartered.

Cyber currencies are risky as the price is volatile but the future does seem to increasingly likely to be cyber currency.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Bitcoin Machines in Shops

We’re all used to ATMs in supermarkets and shops. Some charge for getting your money and some do not.

But recently, Bitcoin ATMS have started to appear in betting shops, general shops and elsewhere.

These don’t give you money – instead, they let you buy Bitcoins.

Bitcoin is a cyber currency that has been in the news a lot recently due to its rising price, thefts of Bitcoins and its use by online criminals.

These new machines are used by people wanting to invest in Bitcoin cyber currency but also there  is anecdotal evidence that they are used by criminals.  Some shopkeepers estimate that 50% – 80% of use is by drug dealers and other criminals wanting to change large amounts of cash into something they can access elsewhere, plus the cash is effectively laundered i.e it appears legitimate.

Once purchased, Bitcoins can be changed back into any currency in many places around the world.

The shopkeepers where the Bitcoin machines are situated sometimes get a  flat fee of £100 – £400 per month and sometimes they can get up to to 30% commission.

This shows that the charges the buyer has to pay to the machines must be very high to allow for such commission to be paid to the shopkeeper.

The machines generally have a limit of about £500 per transaction, but no limit on the number of transactions per person.

For criminals, these machines are ideal repositories for their ill-gotten gains.

The price of Bitcoins rose rapidly throughout much of 2017 but it is very volatile and could easily crash at any time and become almost worthless.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Fake Website Links

You will come across fake website links in emails, on websites, social media, text messages and more.

In this context, “fake” means a link that doesn’t take you where it says but instead goes to some other website or web page.

Why do people make such fake links?

Mostly there is a deliberate intention to mislead – promise a link to one site but take you to a different site where you don’t want to go.

This may be an attempt to infect your computer with malware or to get you to a page you have little interest in or simply to get you to look at a video or a webpage for which the link poster gets paid per visitor.

How to Identify Fake Links

  1. On a PC hover the cursor over the link and it should show the real destination URL. If this does not match what the link says then you have a fake link and you should not click it.
  2. On a MAC make sure you have the status bar showing first
  3. On Android phones you can press and keep your finger on the link and a box will open offering options but at the top it shows the complete link

Shortened URLS

Some webpages have very long addresses and if you’re sending a link to someone or posting on Twitter for example then some way to shorten these links would be welcome.  There are various services on the Internet that can do just that.  Twitter does this automatically for long links.

These shortened URLs make it difficult to identify the destination of the link. If in doubt – do not click.

Very Long URLs and Email Addresses

Most people create short URLs i.e. links as they want them to be easy to remember and to type e.g.

But some large websites deliberately create long URLs in order to make the purpose of the page easy to understand  from the name e.g.

Scammers use long URLs in order to try to hide the true destination of the URL.  E.g.

That is not Lloyds Bank.

Scammers also use the confusion trick with email addresses e.g.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Coffee Shop Facebook Like

A very clever way to demonstrate the danger of Facebook Likes was devised by CIFAS (Fraud Prevention Service) and BT.

They used a normal looking coffee shop with a sign in the window saying ’Like Us on Facebook for a Free Coffee and Croissant”.

People saw the sign and did ‘Like’ the coffee shop on their smart phones.. What they didn’t know was that a team of researchers watched their actions and trawled through Facebook and public websites to find them and any personal details they could find about the customer within a maximum of three minutes.

In the coffee shop, their free drink was made and the waitress listening in to the researchers on an earpiece then wrote that personal information on the drink.

The video is at 3/9

The customers reactions are quite funny and range from suspicion to bafflement. Hidden cameras filmed their reactions and the film ends with the line ‘Don’t make it easy for fraudsters. Set your privacy settings’.

This is a great way to show how much of our personal information is online for anyone to find.

In 2015, 23,959 people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and is more than double the 11,000 victims in this age bracket in 2010.

People of all ages can be at risk of identity fraud of course.

Simon Dukes, Cifas Chief Executive, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, fraudsters have focused on stealing and using genuine people’s details instead.

Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they are now a hunting ground for identity thieves.

“We are urging people to check their privacy settings today and think twice about what they share. Social media is fantastic and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

Set the privacy settings on your social media profiles so only you  and people you trust can view them and be careful what you post as fraudsters can often access it.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Marketing Lessons From a Scammer

The radio station has been receiving emails about a cure for Tinnitus for months.

Lots and lots of these emails and interestingly they are not just copies from the same email address but show Marketing skills.

So, one day there were four such messages – all clearly from the same scammer.

But named as being from Krystal, Amanda Alexander, Jan Morris and Cliff Robertson.

Scammers don’t bother doing things one at a time so she will have software that generates random names, probably pairing up randomly from a list of first names and surnames.

Next day another four emails and this time from Emilia, Stanley Mayes, Gilbert and Nancy Clarke.

Third day from Sean Lewis, Orville Beck, Donald Hughes , Sylvia and Brooke.

And so on each day.

The email addresses these are actually from follows a pattern as a syllable then a hyphen then a syllable then .date as the suffix. E.g., This changes each day to make it harder for people to block the sender.

How about the actual contents of the messages?

These are well written i.e. no grammatical or spelling mistakes and neatly laid out on the page using colour, bold, underline and different fonts to present an attractive easily read message.

There are two basic messages


Doctors usually said it was impossible, however once her ears were silenced and the ringing was gone they were stunned.

All she did was drink this and it went away fast.

  1. For decades doctors believed tinnitus was an ear problem.

They were wrong.

Studies performed at leading universities around the world revealed that tinnitus is actually a brain problem that destroys the auditory cortex.

For all the effort this scammer puts into his messages, it’s a pity she cannot find a better way to earn a living than sending out dumb messages about tinnitus.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The Value of Directory Submission Services

Online business directories used to be a good way to find items of interest on the Internet. But since the search engines became highly efficient, online directories have not been needed for general searching.  Search engines are the starting point for most users of the World Wide Web and directories are out of favour.

There are online services that will submit your website listing to hundreds or even thousands of online directories and they make it sound as if it’s the best way to get your website noticed.  But search engines pay little attention to directories and few people use them and directories don’t feature much in recommended search engine optimisation for your website, so the value is questionable.

Free and Paid Listings

While most online directories all offer a free listing option, they will try to upsell you to a paid option – this is generally a range packages available for a monthly fee. For example $25 might get you a listing with a logo and a website link, whereas $50 might guarantee you an entry in the top half of their search results page.

A free, basic listing can be useful just for the sake of another return link to your website, but it’s difficult to justify paying for an entry unless it’s a niche directory that is still much used by people searching in that niche.  This true for some trade directories that list for example architects or plumbers.

If your entry in a business directory is to your profile on the directory then this is unlikely to help your position in the main search engines as only the secondary link is to your website.

A paid listing will give you more visibility on the directory but probably be no better for the main search engines.

Maybe you know good reasons why business directory listings are worth paying for?

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Stay Safe on Western Union

Western Union is a money transfer system. It is very much favoured by online fraudsters as once you have made a payment in Western Union the money is untraceable and no way can you get it back.

Western Union recognise this problem but there’s little they can do as the whole process is designed to allow for easy money transfer as if paying cash. Untraceable.

Western Union do publish guidance on how to avoid scams and stay safe.

They publish a list of Money Transfer Never-Evers as they call them.

These are:-

  • Never send money to people you haven’t met in person.
  • Never send money to pay for taxes or fees on lottery or prize winnings.
  • Never use a test question as an additional security measure to protect your transaction.
  • Never provide your banking information to people or businesses you don’t know.
  • Never send money in advance to obtain a loan or credit card.
  • Never send money for an emergency situation without verifying that it’s a real emergency.
  • Never send funds from a cheque in your account until it officially clears—which can take weeks.
  • Never send a money transfer to an individual for online purchases.

If you follow those rules then you will be a lot safer using money transactions with Western Union.

There are countless other money transfer businesses of course including TransferWise, Currencies Direct, OFX and Moneygram.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

How Does Social Engineering Work for Scammers?

In this context, social engineering means to manipulate someone into doing what you want e.g. to type in login and password on a fake website so the scammer gets that information.

So, ‘social engineering’ is the methods used to trick people into doing what the scammers want.

It could be a phishing email asking you to urgently login in to your internet banking account or to call a support number as your computer has been infected with malware or a request from a company executive to urgently transfer money.

Generally, we prefer to trust people so if someone calls saying they are from your bank and they know your name and account – it’s easy to believe rather than to question everything. Maybe you answer their security questions and that gives them the details they need to access your account. It can be as simple and quick as that.

An Example Credit Card Payment Scam

A company selling telecom services receives an email from a possible new customer:


This is Bill, I have just moved into the area and I need a new phone line.

Do you accept payment by credit card?

What information do you need in order to quote for the work?



After a reply from the Telecoms Company confirming they do accept credit cards, , Bill’s next email sets up the conditions of the scam.

He’s in hospital waiting on an operation.  Lots of description to make it clear he cannot take phone calls or speak to anyone and very much needs help. He describes what he wants fitted in each room and then describes the removal company that is helping him to move while he’s in hospital and they can let the telecoms company in to do a survey if needed.

The purpose of this is to set-up the Telecoms company to accept an over payment by credit card from Bill then pay the removals company, as they cannot accept credit card payment and Bill can’t pay them any other way while in hospital.

This story is complicated and relies on the kindness of the Telecoms company to take the money and pass it on but also on their desire for business.

The telecoms company agrees, takes the credit card payment and then pays the removals company as per the instructions.  For example taking £1,000 for their work up front and £2,000 to pay to the removals company.

It all sounds quite safe, but then comes the sting.

The card was stolen but not cancelled straightaway and when the credit card company do cancel it then will claim the £3,000 back from the Telecoms Company who will end up out of pocket for the work they’ve done but also for the £2,000 paid to the removals company which was a fake operation.

That’s the credit card over payment scam

There are countless similar stories designed to get the punter to accept an over payment and it never ends well for the punter.

The stories are sometimes rough and have spelling and grammatical mistakes – to elicit sympathy for the scammer and at other times the stories have been polished by repeated use.

NEVER accept an over payment.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Trojan Horse Emails

“Trojan Horse” email is named after the famous huge wooden horse left by the Greeks outside the city of Troy. When taken inside, at night soldiers climbed out of the inside compartments of the horse and opened the city gates leading to its downfall.

A Trojan horse email is one that looks harmless but contains a malicious hidden payload.

They usually offer the promise of something you might be interested in—an attachment

containing a joke, a photograph, or a warning about something important..

When opened, the attachment may do any or all of the following:

  • give a hacker access to your files
  • install software that records your keystrokes and sends the results to an attacker, allowing a hacker to find your passwords and other confidential information
  • install software that monitors your online transactions and activities looking for confidential information

Trojan Horse emails commonly claim to be e-postcards or jokes or something else funny or a news item but they can be anything.

Make sure you have up to date anti-virus and anti-malware installed on all computers

Never click on a link in an email unless you are sure it’s safe.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature