Category: Fight Back

How to Answer the Cold Callers

These suggestions are from  users of the Slummy Single Mummy website at https://slummysinglemummy.com/  and are in response to a cold caller telling you that you have been involved in a car accident, but the responses can be applied to most cold callers.

  • ‘Oh my goodness! I thought I was feeling a bit funny today. Am I seriously hurt?’
  • ‘Could you call me back in about ten minutes?’ (grunting) ‘I’m just having a poo and it’s proving stubborn.’
  • ‘Noooo!’ (breaking down in tears), ‘I knew this would catch up with me! I told Frank we shouldn’t have pushed the other car off that bridge, that we should have just owned up and told everyone it was an accident, and NOW SEE WHAT’S HAPPENED??’
  • ‘Well, that’s a funny coincidence as I have just been informed that you have been in an accident? Are you okay?’
  • ‘Well I have been in an accident but it WAS my fault. She had it coming.’
  • ‘Yes I have – it happened just then when I answered the phone to you, so I guess that makes it your fault? Could you give me your insurance details please?’
  • ‘Thanks for calling. I do need to make you aware that this call will be recording for training purposes.’
  • ‘Damn it,’ (in desperate voice), ‘I thought I’d managed to get all the witnesses. Who told you? Was it that snitch Tommo?’
  • ‘I’m so glad you called,’ (whispering), ‘I’ve been trying to tell everyone this for MONTHS but they keep telling me I imagined it. I’ve been in this strange hospital for six weeks now. Can I give you the name of my doctor and then you can call and explain to her that it IS true – you have been informed of it?’

Have fun with cold callers – they called to waste your time, so waste theirs instead.

If you have any better suggestions or answers you have tried, do let me know, by email.

Fightback Ninja Signature

Google Website Checker

Google examine many millions of websites each day as part of their search technology and they check whether each of those websites contains anything harmful to viewers.

Sadly, they do find thousands of such websites each day – some are scam sites, some setup to deliver viruses to anyone viewing the site, some unknowingly contain other malware and some are legitimate sites where interlopers have added their own content.

If your search criteria will produce results including bad websites then Google will warn you. Google say they issue around 50 million such warnings per week on average.

Plus they have a site where you can type in any Internet address and Google will tell you if they have found anything dangerous at that site.

Go to  https://transparencyreport.google.com/safe-browsing/search  and try it.

Better safe than sorry.

N.B. The term “malware” covers a range of malicious software designed to cause harm, including  ransomware, spyware, viruses, worms, and Trojan horses.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

British Police Shut Indian Scam Centres

The British Police service in cooperation with Indian police, have shut down two sophisticated criminal call  centres in Kolkata, known to have defrauded many thousands of victims in the UK and elsewhere.

The call centres were raided by 50 officers from the Cyber Division of Kolkata Police as part of a worldwide four-year operation conducted by the UK police and Microsoft.

Seven arrests were made and the two fraudulent call centres were put out of business.

“These raids and arrests mark the successful culmination of a four-year operation. Working with Indian authorities and Microsoft, we have stopped a number of criminal call centres from preying on UK citizens,” said Commander Karen Baxter of the City of London Police.

In the 12 months to April 2019, City of London Police’s National Fraud Intelligence Bureau received over 23,500 complaints of this form of fraud, with reported losses of more than 9 million pounds.

The scam involved call centre staff pretending to be from Microsoft and either charging the victims around £200 to fix non existent problems or introducing viruses onto the victim’s computers with the intention of stealing more money.

Hugh Milward, Head of Corporate and Legal Affairs at Microsoft UK, said: “This sort of deception will not go away and effective public/private partnerships are essential if we are to combat sophisticated cyber criminals who operate on a global scale. We are working with law enforcement, here in the UK and internationally, to tackle these crimes and these arrests are a great result for people who have been targeted by or fallen victim to these fraudsters”.

Always beware cold callers and remember that Microsoft, Virgin Broadband, BT and similar companies do phone anyone to tell them their computer has problems or is dangerous.

If you have any experiences with scammers, spammers or time-wasters do let me know, by email.

Fightback Ninja Signature

European Law Strong Authentication

In September 2019, the second Payment Services Directive (PSD2), specifically the requirement for Strong Customer Authentication (SCA) for remote payments came into effect.

These requirements will impact the way consumers in Europe access their Internet banking applications, pay for e-commerce purchases, and use new financial services provided through Open Banking.

The starting point for any financial transaction must be to establish the identity of the parties involved. In person, a valid ID card may be sufficient  and digitally, using a login and password is usually enough.

However, when interactions are happening remotely through multiple channels and multiple partners, there is often a need to use multiple factors of authentication e.g. a login and password plus a pin number.

PSD2

PSD2 is increasing the security level for authentication to financial services across the whole of Europe, and is harmonizing the strength of authentication processes for financial applications. Because of PSD2, financial institutions have been phasing out weak authentication methods.

PSD2 ensures that advanced authentication concepts, such as dynamic linking, device binding for mobile apps, mobile application shielding and transaction risk analysis become standard security tools in financial services.

PSD2 is also accelerating the adoption of adaptive authentication methods, which adjust the way in which the user is authenticated to the risk of what the user wants to do.

Deadline for banks to implement SCA for Internet banking: 14 September 2019, except in the UK where the deadline is set as 14 March 2020

Deadline for banks to offer Open Banking interfaces: 14 September 2019

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Scam Disruption Project

The Australian Scam Awareness Network ran the scam disruption project for several years. It involved working with state and territory police and consumer affairs agencies to alert at-risk individuals to the possibility of being a victim of fraud and it was terminated in 2017.

They say that you might be dealing with a scammer if:

  • you’ve never met or seen the person: scammers will say anything to avoid a ‘face-to-face’ meeting, whether it be in person or over the internet via a video chat (e.g. their camera isn’t working)
  • they’re not who they appear to be: scammers steal photos and profiles from real people to create an appealing façade – always run a Google Image search to help determine if they are a scammer
  • you don’t know a lot about them: scammers are keen to get to know you as much as possible, but are often less forthcoming about themselves
  • they ask you for money: once the connection’s been made – be it as a friend, admirer, or business partner – scammers will eventually ask you to transfer money – often waiting weeks or months before doing so
  • they ask to chat with you privately: many online dating sites have systems in place to detect scammers so scammers will try and move the conversation away from the scrutiny of community platforms to a one-on-one interaction such as email or phone.

How to Spot a Fake Profile

When looking at a new dating profile, note anything unusual about their choice of:

  • photo
  • location
  • interests
  • language skills matched to background

Scammers often use fake photos they’ve found online, so run a Google Image search to check the authenticity of any photos provided.

How to Spot False Documents

Documents are easily faked. Some will look just like the real thing, but others might have warning signs, such as:

  • generic rather than personal greeting
  • names of organisations that don’t exist
  • poor quality presentation
  • poor quality grammar and spelling
  • overly official or forced language.

If you have any experiences with such scammers do let me know, by email.

Fightback Ninja Signature

APP Shielding

When developers create a new APP and it becomes popular – there are hackers who want to get into the APP for one of several reasons

  1. The intellectual challenge of seeing how it works
  2. To understand how it works so they can create viruses or other malware that can attack it
  3. To find out if they can hijack the APP to do their bidding

An intellectual challenge isn’t threatening to others but the other reasons are criminal and it does happen that even APPS on APPLE and Android Pplay stores can be cheated by hackers and in some cases there has been a major loss of money and reputation as these problems come to light.

To prevent hackers getting into their APP, developers can use various coding techniques (called APP shielding), usually classified as

  1. Obfuscation and
  2. Integrity checks

APP shielding is important in many cases and especially with financial APPS.

App shielding is designed to prevent attackers from modifying your app during runtime or at rest, to protect your app’s memory, make app repackaging extremely complex, and provide additional protection against mobile malware.

What Can APP Shielding Do?

  • Prevents and effectively stops the most common types of cyber attacks on mobile apps.
  • Stop Mobile Malware
  • Advanced obfuscation and integrity checks prevents the APP being reverse-engineered which can lead to it being repackaged and released on the app marketplace under a new name.
  • Protect User Data
  • Stop untrusted keyboards, malicious screen readers or screen recorders from stealing the sensitive data, as well as the data leakage via user or system screenshots.

Recent research shows that :-

  • Of 1.7 million apps on the Google Play store, only 24.5% had any Code Protection.
  • 86% of Malware is delivered through APPS that have been re-packaged.

These numbers are of concern as we trust downloads from Google Play store and APPLE but maybe we shouldn’t be so trusting.

Increasingly, developers tool kits will contain code for implementing APP shielding, so it should become common practice for APP developers.

If you have any experience with APP shielding, do let me know, by email.

Fightback Ninja Signature