Locksmith Bait and Switch

The bait and switch price scheme is where a customer is lured into a purchase by an unrealistically low price then finds out the real price is much higher for what they want or the product/service offered is far less than they believed.

This scam is common with many types of product and service sales but has recently become a bigger problem in the world of locksmiths with many adverts appearing on local websites such as Gumtree, for  locksmiths services advertised at false prices. Customers find out after the work is completed that the cost is actually dramatically higher than they believed.

Typically, these services are offered at £39, £49 or £59 for a lock fitting, lock replacement, emergency access etc. but the customer ends up being charged several hundreds of pounds or more.

If a locksmith offers services at prices that are dramatically lower than the industry prices then there is almost certainly a scam going on.

  1. Always get multiple quotes and specify as clearly as possible what you want and ask exactly what will actually get for the quoted price.
  2. Make sure to be clear on what the call out price is and what the cost per hour or per task is on top of that.
  3. Ideally get a detailed written / email quote for the work
  4. Select a local company, not a national business where you may be talking to someone in a call centre hundreds of miles away
  5. Ideally you want to talk to the locksmith who will do the job, not to an admin person.

If you have any experiences with bait and switch scams do let me know, by email.

Fightback Ninja Signature

Dark Overlord Member Jailed

Nathan Wyatt of Wellingborough in Northamptonshire has been jailed for five years in the USA.

He was a key member of the hacking team known as The Dark Overlord.

Their speciality was stealing confidential information such as medical records, client files and personal information then ransoming those files back to the owner.

The ransom was between $75,000 and $300,000 but the FBI do not believe any of the companies paid that ransom.

Those companies did suffer financially due to the cost of the intrusions, fixing the problems and dealing with clients.

Nathan Wyatt pleaded guilty to conspiring to commit aggravated identity theft and computer fraud and was also ordered to pay $1.5 million in restitution.

The only question left is “If none of the companies paid the ransom, how is he rich enough to pay the restitution?”

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The Danger of Online Pharmacies

An increasing number of people buy their prescription medication on the Internet (with or without a prescription). Often this is because it can be cheaper but also at times because the person believes either they can get the medicine they want without a prescription or that it may be easier to convince someone online to give them what they want.

The big problem with online pharmacies is that many are unregistered and that means unregulated, so buying from them is potentially unsafe. The drugs they provide may be unsuitable for the patient or unsafe or be badly or unhygienically produced – you don’t know what you will get.

Medication should only be taken under the supervision of a healthcare professional as their guidance and knowledge of your state of health is crucial in ensuring you get the safest medications.

For prescription-only medicines, an online pharmacy must receive a legally valid prescription before dispensing the medication. This means you’ll either need a paper prescription or an electronic prescription via the Electronic Prescription Service from your GP.

Some sites do offer prescriber services, where provide a consultation with a medical practitioner who can write prescriptions.

It can be difficult to distinguish between registered online pharmacies and other commercial websites. The General Pharmaceutical Council operates an internet pharmacy logo scheme to identify legitimate online pharmacies and you should only buy from registered pharmacies. However, some illegal online pharmacies fake the logo so you have to check carefully.

Check if a website can legally sell medicines online

Search the Medicines and Healthcare products Regulatory Agency (MHRA) register to check if a website is allowed to sell medicines.

You can search the register by the business:

https://medicine-seller-register.mhra.gov.uk/search-registry

If you have any experiences with online pharmacies do me know, by email.

Fightback Ninja Signature

How Accidental Data Leaks Happen

It’s easy to assume that all data breaches are the result of criminal activity, but that’s far from true.

A study of data from 2016/17 showed that 92% of security data incidents and 84% of confirmed data breaches were due to accidents or mistakes.

Here are the most common problems leading to leaks of data:

1. Expired Security Certificates

These certificates are an essential component in protecting systems and Equifax found out the hard way in 2017 when hackers accessed huge amounts of confidential data through an expired certificate. This data included 143 million records exposed containing names, addresses, dates of birth, Social Security numbers, and driver license numbers.

The data was stolen by hackers who exposed a vulnerability in Equifax’s web servers. If the relevant security certificates had been updated as they should have been – the hackers couldn’t have used that way in.

2. Unsecured Third Party Vendors

Many websites and complex systems are a mix of the owner’s software plus a variety of third party plugins, addons and linked external services. As in any other part of life – the weakest link determines the safety level of the whole system. If the 3rd parties aren’t adequately secured then the whole system becomes vulnerable.

3. Poor Email Security

Most hackers still gain access through phishing – that is sending out emails that attract people to respond in some way that gives the hackers the information they need to access systems. Maybe it’s through a fake quiz that requires a login and password or an offer of a gift token etc.

Or could just be that people haven’t learned the need to use passwords that are unguessable and not to write them down by their desk.

A company named Nightfall protects systems data and they have created the following article to explain in more detail how accidental data leaks can happen: https://nightfall.ai/resources/accidental-data-leaks/

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature