Author: comptroller

December 3, 2018

Marriot Hotels Data Breach

The personal information of Marriot Hotel group customers has been hacked. This started in 2014 and has only just been found out.

It may affect up to 500 million people. The company do not yet know the exact number but they have started to email all those thought to have been affected.

Marriot is providing all US, Canadian and British customers with free use of the WebWatcher internet security service which can monitor your Internet devices.

The data stolen includes name, address, phone number, email address, passport number, date of birth, hotel stay information and possibly more. It also includes financial information for some customers.

This is an extremely serious data breach and may lead to financial theft and identity theft.

Law enforcement agencies are investigating what happened but it may time for the picture to become clear.

Many hackers use a long slow approach to siphoning out data from a company and it can very difficult to determine exactly what they took.

If your data has been stolen then you will be contacted by Marriot.

However, scammers will also send out fake messages claiming to from Marriot about the data breach so if you have been a Marriot customer since 2014 then be careful with any messages or calls you receive.

What Can You Do?

Check the website setup by Marriot about this at answers.kroll.co.uk
You can call their support line on 0808 189 1065 if concerned
Check your payment card transactions regularly and look for anything out of the ordinary
If your login and password have been used on other accounts then consider changing them

If you have had any problems with your data being compromised – do let me know by email.

December 2, 2018

Stupidest Scam or Spam of the Week – Tinnitus

Tinnitus cures are a popular theme with scammers. Perhaps it’s easier to believe that someone with no medical training has found a cure for Tinnitus than it would be for major illnesses such as cancer, which is also a scammers favourite.

This email is from Tonaki Tinnitus Protocol (of the misspelled doctors at doctoors.club).

It claims that a root vegetable is the cause of tinnitus and ramps up the volume each time it is eaten.

If there were any truth in it, many people would have noticed. Hey – I haven’t eaten such a root vegetable for days and my Tinnitus has gone.

But no, Todd Carson wants us to believe that scientists at the University of Leicester have found the magic answer.

It is true that there has been research into causes of Tinnitus at the University of Leicester and they found out interesting facts related to the causes of Tinnitus and something that can help in some cases.

They were looking at Tinnitus caused by excessive sudden noises and the use of magnesium compounds that may reduce the strength of that Tinnitus.

But that’s not a magic answer and further research is needed before any medical applications can be licensed.

If you have Tinnitus, talk with your doctor – don’t be conned by scammers.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

December 1, 2018

Time-Wasters Update

An email claiming to be from Yahoo Account Security telling me that my email address is now restricted and I need to click the link to verify my account and have it re-instated. But the email is from mawda_uganda @hotmail.com so it’s a simple phishing scam trying to get my login details.

Napoleon says he is the Personnel Manager of a large International Company, which surprisingly has no name. He wants to offer me a work at home job paying $2,200 – $5,600. He doesn’t know my name and clearly bought a spam list to send these dumb messages to. I hope nobody replies.

“Doctoors Club” (yup that’s their spelling of Doctor) offers a 3 step Pancrease Jumpstart (there’s no such thing as a pancrease) which they say will destroy diabetes in days. Nope – just a typical scammers message looking for victims.

There is an appalling Marketing company called sendly.com and it’s is very busy at the moment sending out huge numbers of stupid messages. One of todays says “I started dating a few weeks ago. It’s all quite exciting. I would like to get in touch with you” etc. I’m not going to click their link just to see what rubbish it leads to.

A very short scam message from Donna Baker that just has the word SURPRISE as a link. No thanks – I can do without nasty surprises.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

November 30, 2018

Latvian Virus King Sentenced

Ruslans Bondars, a 37-year-old Latvian citizen, was convicted of conspiracy to violate computer crime laws, commit wire fraud, and computer intrusion with intent to cause damage and sentenced to 14 years in prison.

He is the creator of a notorious service called scan4you that helped malware authors avoid detection by anti-virus software.

He charged criminals a monthly fee and his service allowed them to upload their latest malware to receive a report on whether any of a wide range of anti-virus products would detect it as malicious.

Although Scan4You was not the only counter anti-virus service operating on the web, it became the most popular amongst online criminals.

One of the most infamous pieces of malware which took advantage of Scan4You’s service was the Citadel malware, which was then used to steal tens of millions of customer credit card details from US retail giant Target.

Citadel is thought to have infected millions of computers worldwide, inflicting hundreds of millions of dollars worth of damage.

Scan4You was advertised on online criminal forums and even offered technical support to its paying customers.

Bondars, who has also been linked to pharmaceutical spam campaigns peddling illegal prescription drugs, and assisting in the distribution of banking trojans, told the court that he felt “ashamed that some of the website users used it for such terrible things.”

Good riddance, at least for 14 years.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 29, 2018

Inbox Pounds Scam or Not

Inbox Pounds is a way to make money for simple activities online including

Filling in surveys
Reading emails
Searching the web
Playing bingo
Shopping online

There are numerous companies offering money for filling in surveys but Inbox offers alternatives as well.

Does it pay up?

There seem to be more than a few people who have been paid by Inbox Pounds so that seems genuine.

The payments per activity are very very low so this is not a way to make any serious money – it seems more appropriate for people who spend a lot of time online and enjoy filling in surveys etc. They get a little extra money and if that’s all you want then maybe it will work out.

The adverts do make it clear that you have to accumulate a reward of £20 before you can cash out and reputedly that takes a long time to reach, plus if you become inactive for a period they will close your account.

So, as long as you don’t expect to make a lot of money easily – you might try Inbox Pounds but it is certainly not recommended.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

November 28, 2018

New Banking Code on Fraud

A new code of conduct has been created but it is not binding in law yet, so really it’s just a set of guidelines.

This has been created by the Payment Systems Regulator after Which? raised a super-complaint about the banks treatment of people defrauded in push payment scams. These are the scams where the victim transfers money to a scammer from their bank account. The banks consider these to be largely the victim’s own fault and hence not their responsibility. But many disagree and believe the banks should identify and stop these payments where possible and make it more difficult for scammers to get away with these frauds.

The issue of who pays compensation and under what circumstances has not been resolved – when should the banks compensate the victims of push payment fraud?

Figures from trade association UK Finance show that in the first half of 2018 consumers lost £92.9 million because of this type of fraud.

The guidelines propose the principle that where the victim of such a crime has met their requisite level of care, they should be reimbursed.

The draft code has been published by the APP Scams Steering Group, made up of industry and consumer group representatives. It has been open for consultation.

It said there may be instances where a victim of this type of fraud has met their requisite level of care, and so should be reimbursed, but no bank or other payment service provider involved has breached their own level of care.

It will work to identify “a sustainable funding mechanism” through which to reimburse consumers in such a scenario.

Under the draft code, banks and other payment service providers would take measures to tackle APP scams, such as:

Detecting APP scams through measures such as analytics and employee training;
Preventing APP scams from taking place by taking steps to provide customers with effective warnings that they are at risk;
Responding to APP scams, for instance, by delaying a payment while an investigation is conducted and, if necessary, carrying out timely reimbursement.

Do you have an opinion on this matter? Please comment in the box below.