Category: Fight Back

British Airways Fined for Data Breach

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

The Data Breach

The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff. This included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.

Also, the usernames and passwords of BA employee and administrator accounts as well as usernames and PINs of up to 612 BA Executive Club accounts were potentially accessed, but this is uncertain. It is often impossible to be certain which data the hackers copied.

The ICO concluded that there were numerous measures BA could have used to mitigate the risk of an attacker being able to access the BA network. These include:

  • limiting access to applications, data and tools to only that which are required to fulfil a user’s role
  • undertaking rigorous testing, in the form of simulating a cyber-attack, on the business’ systems;
  • protecting employee and third party accounts with multi-factor authentication.

Since the attack, BA has made considerable improvements to its IT security.

BA did not detect the attack in June 2018 themselves but were alerted by a third party more than two months afterwards in September 2018. Once they became aware BA acted promptly and notified the ICO.

“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security,” said Information Commissioner Elizabeth Denman.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

An Introduction to Scambaiting

We have all received unsolicited emails offering us a ’get rich quick’ opportunity. These are soften called 419 scams or Advance Fee scams. The scammer makes you believe there is a fortune for you to collect but you end up paying a small fee then another fee then another until eventually you realise it’s a con and give up.

You can just delete these messages or you can choose to play the scammers at their own game. They lie so why shouldn’t you. Make up your own persona and story.

The are various communities of scambaiters and the most famous is 419eater which you can find at 419eater.com with lots of examples of what they do.

Why Scambait?

It is very difficult to stop these people, but by wasting their time you are preventing their attention on scamming someone else. Plus an effective scambait may well give you personal information about the scammer – that can be passed on to the Authorities. Reporting the scambait online also warns others of how the scams work and what they can to tie up the scammers. If you can get their name, address and more then you can publish it on a scambaiter website.

Scambaiting Strategies

Create yourself a fake persona with name, address, email addresses, back story etc. and you’re ready to go when a 419 scam lands in your email inbox.

The most common strategies used by scambaiters are:-

  • just go with whatever comes up in the emails
  • try to get the scammer to join your Church. Promise the payments he wants once he has joined you imaginary Church.
  • get the scammer to pay the freight charge of delivering something entirely useless to him. Gives you an address to publish.
  • get the scammer to travel to meet you (you wont be there of course) e.g. your false address
  • make up characters to bring into the story e.g. Messrs Screw Hup and Ivor Itch solicitors or a fake Church Deacon or your neighbour Mac Donald

Keep those scammers busy and have some fun at their expense.

Fightback Ninja Signature

Deal with Cold Callers by Questioning

We all get fed up with cold callers – trying to get us to buy products and services we have no interest in or the criminals attempting to get personal information, tricking, lying and conning for their living.

You can slam the phone down or decide to have a bit of fun at their expense and waste their time as they waste yours.

The cold callers expect to make a connection with you by asking simple opening questions such as ‘How are you today?’ then moving on to getting your personal details and/or convincing you to buy something or transfer money to them etc.

Cold callers have a script to follow – their set of questions and expected answers and if you behave unexpectedly – they don’t know what to do and will often give up i.e. put the phone down.

There are endless things you can do to confuse them, such as

  1. Keep a take-away menu by the phone and start reading it out – place an order and ignore anything they say – just keep reading it out. E.g. I’d like to order 3 spring rolls followed by the Peking Duck with egg fried rice and 2 portions of crispy noodles and some of that seaweed stuff . Plus … and so on.
  2. Say pardon to everything and just keep saying that when asked anything
  3. Say ‘I don’t speak English’ to whatever they ask
  4. Invent your own religion and try hard to convert them. I’m glad you called today as I have the good news of the 3rd coming of Quixacoatl to tell you about. Now, Quixacoatl created the earth in 5 minutes and he’s due back tomorrow to collect all of the believers. And so on.
  5. Accuse them of breaking into your garden and damaging your flowers. Claim you know it’s them. The more ridiculous your story the better.
  6. Say Thank you for calling the PPI hotline – we can get your thousands of pounds back. I just need you name, address and bank details first. You’ll hear the phone slam down
  7. In these days of Coronavirus, accuse them of breaking the restrictions by not wearing a mask on the phone. They cannot prove otherwise.

Any unexpected behaviour will do the trick – so confuse them.

Or you can confuse them with genuine questions

So, you could for example, tell them you are busy at the moment but will call them back at home that evening and ask for their home phone number.  You wont get it – unless they fancy you of course.

If they say they can’t give out a home number then that leads in to the comment  “I presume  you don’t want anyone bothering you at home, right? Now you know how I feel!”

Or how about this example:-

“while I’ve got you on the line, I’ll just ask you a couple of very brief questions?

Where are you based?

Who do you work for?

What computer systems do you use?

What is your name?

What is the name of your manager?

It’s amazing how people who want to know so much about you are so unwilling to give you information about themselves.

So, annoy the cold callers by asking them personal questions they don’t want to answer.

If you have any good ways to get rid of the cold callers or have fun at their expense – do let me know, by email.

Fightback Ninja Signature

John McAfee Arrested

John McAfee was the creator of the McAfee anti-virus software and helped start a multi billion dollar industry but he holds some unusual opinions (including that taxation is illegal) and has come to the interest of the Police in various countries over the years since he sold his company to Intel.

He was arrested in Spain over tax evasion charges and faces extradition to the US.

Prosecutors say he failed to file tax returns for four years, despite earning millions from consulting work, speaking engagements, crypto-currencies and selling the rights to his life story.

If convicted, he could face up to 30 years in prison.

In a statement the US Justice Department said Mr McAfee allegedly evaded tax liability by having his income paid into bank accounts and cryptocurrency exchange accounts in the names of nominees. As a result, it is alleged, he failed to file any tax returns from 2014 to 2018.

He is also accused of concealing assets, including a yacht and real estate property, in the names of others.

The government regulator alleges that Mr McAfee made over $23m by “leveraging his fame” and recommending seven cryptocurrency offerings between 2017 and 2018, which allegedly turned out to be “essentially worthless”.

The SEC is seeking to impose a civil penalty on him, and remove any “allegedly ill-gotten gains”, with interest. It also wants to permanently ban him from serving as an officer or director of any listed company, or any company which files reports to the SEC.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Review: Should I Answer

www.shouldianswer.com is a website about cold callers and fraudsters. There is a Should I Answer APP which warns you against all kinds of unwanted calls and can block callers if you choose.

These were created by Mister Group ltd who explain their mission to be:

“We have gained the first experience on our own few years ago. Our friends and people around us started to be bothered by telemarketing calls, which were rapidly raising in our country those days. Some of our friends even lost their money because of these telemarketing scams! So we decided to do something about it – and that’s the story about how the Should I Answer APP was born.”

“Our goal is to make our smart devices friendlier to regular users, so they should serve exactly the purpose the users want them to – not to the purpose the other dark side tries to force us. Telemarketing, number spoofing, unsolicited calls… all such activities are in our radar, and we try every day with all the possible powers to make them behave within legal boundaries.”

How It Works

The Should I Answer APP uses a huge database of spam and telemarketing calls from numbers reported to Do Not Call Registry, numbers reported to Federal Communication Commission and of all the community reviews at Should I Answer.

How is The Service Paid For?

Should I Answer say they try to keep as much of the project for free as possible. Plus, there are adverts on screen and donations.

Fightback Ninja Signature

The National Crime Agency Scam

The job of the National Crime Agency (NCA) is described as leading the fight against organised crime; human, weapon and drug trafficking; cyber crime and economic crime that goes across regional and international borders.

However, criminals are posing as National Crime Agency officers over the phone in an attempt to con people and steal from them.

The scammers target the elderly and some victims have lost their life savings.

The NCA has so far recorded hundreds of  reports of scammers claiming to be NCA officers and they often give a bogus NCA identity number.

The criminals warn victims about a banking scam and persuade them to allow remote access to their computers, or to hand over personal information and bank details.

Sometimes they ask their targets to move the money to a “safe” bank account.

One case involved a 70-year-old man from London who transferred his life savings of £350,000 out of his account after scammers pretended to be NCA officers and staff from an IT security company. The victim allowed the men remote access to his computer after they said he had been hacked and needed to move his money to safe account.

Members of the public should be aware that an NCA officer will NEVER:

  • Ask for remote access to your computer via phone, email or online
  • Ask you to verify personal details such as passwords, account numbers or card details via phone, email or online
  • Ask you to transfer or hand over money via phone, email or online
  • Threaten you into providing this information

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature