Author: admin

LinkedIn Scams

LinkedIn is a business social media network with over 500 million members. LinkedIn profiles show a lot about you that is of use to scammers. If scammers find a way to connect with you, they have an easy way to send you email and generally people are more trusting on LinkedIn than other social media networks.

There are two common types of scams that involve LinkedIn.

  1. Emails that appear to have come from LinkedIn. Fraudsters ask the recipient to click a link within the email to accept the invitation or to view the sender’s LinkedIn profile. The links within these emails are often to another website and these may be scam sites ready to download malicious software to your computer.
  2. Requests coming from LinkedIn members. The fraudster creates a LinkedIn account. With the fake profile, the fraudster can then send LinkedIn connection requests. These invitations arrive in the LinkedIn inbox, which makes the request look less suspicious, especially if the criminal has been successful in connecting with a few other people that you may know or who may be on your contact list.

Pointers to a Scam

  • The sender has very few connections
  • The sender’s profile is mostly blank
  • There are numerous misspellings and grammatical errors
  • The photo is not of a person but is a graphic or a logo or something meaningless
  • The sender’s job title typically makes them an executive at a bank or other financial institution

If you accept a connection request from one of these scammers, the only value is that it makes their profile look more legitimate as it now has a larger number of connections . But what the scammer wants is to talk with you online, pull you into their fraudulent world and steal from you.

If you regret having agreed to a connection, you can block it and if there is evidence of fraud then pass that on to the LinkedIn authorities so they can stop the account.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Reporting Data Breaches to the Information Commissioner

Not all organisation data breaches get reported to the Information Commissioner’s Office (ICO).

ICO do recommend that any serious breach is reported to them, but it isn’t mandatory and ‘serious breaches’ are not defined. However, the following should assist data controllers in considering whether breaches should be reported:


  1. The potential detriment to individuals is the overriding consideration in deciding whether a breach of data security should be reported to the ICO. Detriment includes emotional distress as well as both physical and financial damage.

Ways in which detriment can occur include:

  • exposure to identity theft through the release of non-public identifiers, eg passport number
  • information about the private aspects of a person’s life becoming known to others, eg financial circumstances

The extent of detriment likely to occur is dependent on both the volume of personal data involved and the sensitivity of the data where there is significant actual or potential detriment as a result of the breach.

Where there is little risk that individuals would suffer significant detriment, for example because a stolen laptop is properly encrypted or the information that is the subject of the breach is publicly-available information, there is no need to report.

  1. The volume of personal data lost / released / corrupted: There should be a presumption to report to the ICO where a large volume of personal data is concerned and there is a real risk of individuals suffering some harm.
  2. The sensitivity of the data lost / released / corrupted:

How to Report a Breach

Serious breaches should be reported to the ICO using the DPA security breach helpline on 0303 123 1113 (open Monday to Friday, 9am to 5pm). Select option 3 to speak to staff that will record the breach and give you advice about what to do next or report in writing using the  DPA security breach notification form, which should be sent to the email address or by post to the office address at:- Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

When a breach is reported, the nature and seriousness of the breach and the adequacy of any remedial action taken will be assessed and a course of action determined.

ICO may:

  • Record the breach and take no further action, or  Investigate the circumstances of the breach and any
  • remedial action, which could lead to further action;
  • Set a requirement on the data controller to undertake a course of action to prevent further breaches;
  • Start formal enforcement action which could lead to a fine of up to £500,000

For further information see

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Stupidest Scam of the Week – Your Real Life Superpower Revealed

The email is titled “Your Real-Life Superpower Revealed”.

So this is obviously either a stupid quiz or a stupid scam message and this one is a scam.

It begins:-



Imagine being able to bend the world to your will.

What if you could use your mind to create a reality that you desire in the same way that Neo did in the blockbuster movie The Matrix?

Believe it or not, some of the smartest, most successful and most educated people in the world believe we are living in a Matrix-like virtual world.

Movies like the Matrix are great fun and very creative but they are just movies. How we think obviously influences our lives a great deal, but anyone who thinks that they can create their own world using the power of their mind is either permanently day-dreaming or heading for a major mental problem.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Google Project Zero

Project Zero is the name of a team of security analysts employed by Google, tasked with finding zero-day vulnerabilities in commercial software. This means bugs in other people’s software that can lead to security problems. They have no interest in everyday bugs that affect people’s work but not security.

After finding a number of flaws in software used by many end-users while researching other problems, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. It’s establishment fits into the larger trend of Google’s counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden.

Responsible Disclosure

When serious security bugs are found in software, should the world be informed or just the software maker?

Bugs found by the Project Zero team are reported to the manufacturer and only made publicly visible once a patch has been released or if 90 days have passed without a patch being released.

This is Google’s way of implementing responsible disclosure, giving software companies 90 days to fix a problem before informing the public so that users themselves can take necessary steps to avoid attacks.

Notable Discoveries

On 30 September 2014 Google detected a security flaw within Windows 8.1 which allows a normal user to gain administrative access. Microsoft was notified of the problem immediately but did not fix the problem within 90 days, so the information about the bug was made publicly available on 29 December 2014. Releasing the bug to the public brought a response from Microsoft that they were working on the problem.

On 19 February 2017 Google discovered a flaw within Cloudflare, which caused their edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.

On 27 March 2017 Project Zero discovered a vulnerability in the popular password manager LastPass and four days later LastPass announced they had fixed the problem.

Project Zero was involved in discovering the Meltdown and Spectre vulnerabilities affecting many modern CPUs, which were discovered in mid-2017 and disclosed in early January 2018.

Keep up the good work!

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

How Scammers Make Their Offer Irresistible

Scammers use a set of psychological tricks to make you trust them then accept whatever they are offering.

These’ ‘tricks’ are well-known and used by Marketers and many others.

These include

  1. Create a sense of legitimacy
  • Lists of references from satisfied customers
  • ‘Professional’ reviews of the product or service
  • Celebrity endorsements
  • Ride on the back of well respected products2

2. Invoke emotion

  • Create excitement around a new release or a ‘first’ of some kind
  • Create fear that they may miss out on the product or service
  • Make them worry they may regret not taking the opportunity
  • Create anger that the product has been kept hidden away from the public until now

3. Create a sense of urgency

  • Fake deadline
  • Only a limited number/amount of the product remains
  • Be the first to get this product or service

4. Use social influence

  • Happy references from members of the public
  • 100,000 people have tried this and recommend it

Do think about how the scammer’s message affects you before making any decisions. This also applies to whenever someone is trying to sell you something  or to get you to do something.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Why You Need Double Opt-In Marketing

With single opt-in, you let people sign up to your newsletter, subscription or whatever by simply clicking once on a link or filling in a contact form etc.

But double opt-in takes this a stage further and you have to get the person to either return an email confirming their registration or  click on another link in an email to confirm.

Hence it is a two-step process to register.  This extra step will mean you lose some people, who would have otherwise registered with just the single opt-in, but there are advantages to double opt-in and it becomes law in May 2018 with the European Directive General Data Protection Regulation (GDPR).

From May 2018, consent for processing personal data and any Marketing communications must be freely given and unambiguous pre-ticked boxes, generic descriptions or over complicated terms and conditions.

GDPR also states that companies must keep a record of how and when the customer gave such consent. The double opt-in method is considered the easiest way to comply.

If you’re offering incentive to get people to sign up to your subscription or newsletter etc. then there are likely to be many people who sign up but with fake email addresses and spambots that try to sign up.  This means that many of the email addresses on your list will be bogus and hence you will be wasting your time sending out emails to them.

Double opt-in takes care of this as only people who give correct email addresses will sign up and if the second stage of confirmation has not put them off then you have a better quality email list.

So, double-opt-in as well as becoming a legal requirement may actually help you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature