Author: comptroller

May 21, 2022

Time-Wasters Update

There are endless scam messages claiming to be from PayPal – trying to get your login and password. This latest one shows order details for an iPhone I supposedly bought. The order has no name as the scammer doesn’t know my name so says ordered by my email address. The sender claims to be PayPal Store 28019 but is actually from a personal Gmail account so very obviously not PayPal, just a lying cheating criminal.

“Congratulations. Your email was randomly selected to be the beneficiary of $300.000,00 courtesy of the Open Society Foundation”. The email was sent from a personal Japanese domain name and the message says make contact to claim and it gives a different personal Gmail address. This is a common rubbish scam message.

Scammers send out endless emails to Americans offering magical ways of reducing or eliminating their electricity bills. They seem to target solar panels by claiming their product is much better than any kind of solar panel. This is ridiculous. Solar panels are well established and do save money but they cost to purchase and install and often the benefits are small compared to that upfront cost. This latest scammer claims a carpenter has discovered how to save $975 from your electric bill by a simple trick and MIT is stunned that this will kill solar panels. Pathetic rubbish from a dumb scammer.

An email from AA ORE claims it is the biggest mineral supplier in Africa and offers Feldspar, Pozzolan, Bentonite and numerous other minerals for sale. Why would any self-respecting mineral company send out bulk spam mail to random people. Obviously not real. Pathetic.

Julia’s email claims she is in Ukraine – a frontline worker and needs my assistance to help her move some funds from there. The actual sender’s email address is [email protected] which shows she is a very stupid scammer. Scammers choose a life of stealing from others but some have no morals at all – trying to take advantage of the desperate situation in Ukraine. The email is the start of a 419 scam – promising a reward but her plan is to steal instead from anyone open hearted enough to reply.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

May 20, 2022

Jim Browning – Scam Fighter

Jim Browning is the Internet alias of a software engineer and YouTuber who focuses on scam baiting and exposing scam call centres and he publishes the results on Youtube.

Browning began researching scam operations after a relative lost money to a technical support scam. He started his YouTube channel to upload footage to send to authorities as evidence against scammers.

He has since carried out various investigative scam baits, infiltrating computer networks run by scammers who claim to be technical support experts and use remote desktop software to take control of the victim’s computer.

Such scams usually involve unsolicited calls offering computer services, or websites posing to be reputable companies such as Dell or Microsoft.

BBC Panorama

Browning was featured in a March 2020 episode of British documentary series Panorama, in which a large-scale technical support scamming operation was infiltrated and extensively documented by Browning and fellow YouTuber Karl Rock.

The duo recorded drone and CCTV footage of the facility in Gurugram, Haryana, and gathered incriminating evidence linking alleged scammer Amit Chauhan to a series of scams targeting computer-illiterate and elderly people in the United Kingdom and United States. During a private meeting with his associates, Chauhan was quoted as stating, “We don’t give a **** about our customers”.

Some of his call centre agents were recorded scamming and laughing at a British man who admitted to being depressed. They were also recorded conning a blind woman with diabetes. Although he was arrested along with his accountant Sumit Kumar in a raid.

In 2021, Browning was targeted by scammers who pretended to be YouTube support staff and misled him into deleting his own channel. His channel was reinstated four days later. He explained in a video that the scammer used Google Chat to send a phishing email from the “google.com” domain and convinced Browning to delete his channel under the pretence of moving it to a new YouTube brand account.

The YouTube channel for Browning is at https://www.youtube.com/c/JimBrowning

If you have any experiences with these scams do let me know, by email.

May 19, 2022

Large Scale Ransomware Attacks

The ransomware threat is on the rise as almost 40% of businesses reported an attack in the previous year according to a recent survey.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack. It’s the downtime caused by the ransomware rather than the cost of paying the ransom that does the most damage to a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses ceased operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

The most common source of ransomware infections is via email – links to scammer websites or malware loaded attachments.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

May 18, 2022

UK Gov Cyber Essentials 10 Step Plan

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1. Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2. Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3. Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4. Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5. User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6. Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7. Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8. Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9. Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10. Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

May 16, 2022

What is Jesus Oil?

There are a variety of scams claiming secret knowledge from the Bible to heal ailments and one of the most common is “Jesus Oil” or “The Oil of God”..

The emails claim that Jesus used a special type of cannabis oil, known as Kaneh-bosm, to cure various debilitating illnesses.

There isn’t really any secret in this as for thousands of years people all over the world have used plant based medicines including sometimes extracting oil to make a more concentred form of the medicine. This process is far more advanced nowadays but essential oils are still extracted by the same though more sophisticated version of the method.

These oils and their various chemical components have been known to science for a long time and some are the active ingredients in modern medicine. Some are anti-bacterial such as Cypress and such are inflammatory or pain relievers such as Frankincense and Juniper and so on.

What the scammers are actually selling is either their own poor quality version of the medicinal oils or often nothing – you pay and receive nothing.

Before buying any such products – do always check on their effectiveness and don’t be swayed by claims of Godlike powers, Jesus or other religious connections.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

May 15, 2022

How Come Celebrities Stay So Skinny?

“One of the country’s top addiction specialists just shared a shocking secret with the public”.

That’s the tagline to get you interested in the scam email.

It goes on about a single hormone causing addiction, but that no-one ever talks about.

“This secret has nothing to do with drugs”.

“And while no-one in weight loss ever talks about it”.

This is just the scammer’s fantasy.

Then the sales pitch is that a specialist has found a way to silence the craving hormone, leading to some “shocking” results e.g. a woman who lost 52 pounds.

The scammer invoked the idea of celebrities in the email title so goes on to state that celebrities learn this secret by paying tens of thousands of dollars – but you can know it now by clicking the link below.

It’s all rubbish of course – there are endless fat celebrities even though the industry of celebrity tries to push them to be skinny and those that are skinny typically make money by publishing their diet tips etc.

Just another pathetic scammer.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.