Category: Fight Back

DMARC Email Authentication

We all get far too many emails claiming to be from a well known company but actually sent by scammers and spammers. Internet Service Providers trap a large percentage of these fake messages and delete them before they they can get to their intended target, but a lot still get through to us.

What can be done?

There is a standard called DMARC used by many large organisations including Google, Facebook, Apple, Craigslist, Virgin Media, British Airways, Dropbox, Amazon and many more.

Implementing DMARC ensures that genuine emails can only be sent using specified company servers and hence any Internet Services Provider can filter out the messages claiming to be from these companies, but are fake.

Sending Out Emails

The sender sets up two pieces of machine readable information in advance

  1. A document that describes how the emails will be sent (e.g. which servers will be used for the outgoing mail). This is called SPF (Sender Policy Framework).
  2. A proof of identity document called DKIM (Domain Keys Identified Mail)

Receiving Emails

The email service provider in receipt of the message, checks the SPF and DKIM entries for the legitimate sender and compares the meta data for the messages against that. If it passes then the message is accepted but it there is a mismatch then the messages are marked as fake. That can mean they are deleted or can mean they are delivered to the users spam folder.

It does take effort to implement DMARC as a sender but the more large companies start using DMARC the better and the more email service providers start to check incoming mail for DMARC then the less rubbish will get through.

If you know anything more about this then let me know, by email.

Fightback Ninja Signature

Hacking Group Sentenced

Five men have been found guilty of hacking into an e-mail account and attempting to steal more than £3 million from a London businessman.

All five suspects were convicted at Southwark Crown Court on Wednesday, 22 May at the end of a five-month trial following a complex investigation carried out by the Metropolitan Police Service’s Cyber Crime Unit over four years.

Anthony Oshodi,, Foyjul Islam, Mohammed Siddique, Mohammed Rafeek and Meharoof Muttiyan were found guilty of various counts including money laundering, false identification documents and possession of articles for use in fraud.

Oshodi fled three weeks into the trial but was convicted in absence.

The suspects carried out their scam by altering the email account of a single victim, enabling them to send emails without his knowledge and preventing him from viewing messages from his accountant and bank.

The group sent several emails from the victim’s account to his bank requesting payment be made to a number of people. Payment was requested through fraudulent invoices containing account numbers belonging to the suspects.

In one week, approximately £1.3 million was transferred into three accounts. The money was then transferred again to cover their tracks.

Detectives managed to identify each suspect through the examination of banking, phone and computer records. They pieced together key evidence of the money trail, patterns of communication and the ownership of individual devices linked to the offences.

Oshodi’s computer also contained copies of 1000 third party passports and bank cards which were used to create false identities.

Muttiyan acted as a primary money mule, transferring cash through the bank accounts of a petrol station, an insurance claims company, and a computer business owned by the group. Siddique organised the distribution of £600,000.

Rot in jail.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Website: The Daily Scam

The Daily Scam website is a resource to help people counter online fraud – it is funded by donations and has been attacked a number of time by hackers trying to stop them.

www.thedailyscam.com

“The Daily Scam was developed by Doug Fodeman and David Deutsch in response to the overwhelming number of Internet scams and online fraud targeting them, their friends and colleagues”.

Mission Statement

“Our goal is simple: To help people better understand internet-based threats, scams and fraudulent practices, and how to avoid them”.

Solution

“The problem is getting larger every year. Despite people’s best intentions to stay safe online there are extremely talented scam artists and criminal gangs who successfully manipulate us into infecting our computers with malware, or trick people into revealing personal information that puts us at risk. During the last few years these threats have been increasing and we’re as sick and tired of them as you!”

These guys are big believers in education as the solution to these scammers.

They have created resources on their website to educate business and the public to keep your computers and your information safe. There is a free weekly newsletter “The Daily Scam” which aims to expose the latest scams and offer tips for reducing your risks online.

They offer webinars and workshops to help to educate people.

The website includes:-

  • Lots of useful articles
  • Warnings
  • Videos
  • Newsletters
  • T-shirts and mugs with anti scam slogans

 Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Nuisance Call Bosses Fined Up to £500,000

Estimates by telecoms regulator Ofcom show British consumers were bombarded with 3.9 billion nuisance phone calls and texts in 2018.

Company directors whose firms make unsolicited nuisance calls are now directly liable and could face fines of up to £500,000 under recent legislation from the Information Commissioner (ICO).

In the past some company directors had avoided company penalties for nuisance calls by going bankrupt and then starting a new firm under a different name. Once a company has been dissolved any penalties cannot be collectable.

Previously, it was only the businesses themselves that were liable for fines of up to £500,000 rather than individuals.

Andy Curry, of the nuisance call enforcement team at the ICO, said “It will mean we can recover the fine more easily and also make it much harder for unscrupulous operators to set up in business again.”

Last year, the ICO issued 26 penalties totalling £3.28 million for breaches of electronic marketing laws relating to nuisance calls and spam text messages, along with 10 enforcement notices.

Minister for digital and creative industries Margot James said: “We are determined to stamp this menace out and this new law is the latest in a series of measures to rid society of the plague of nuisance calls.”

If you have any experiences with nuisance callers – do let me know, by email.

Fightback Ninja Signature

Zain Qaiser Jailed

A Londoner named Zain Qaiser has been jailed for blackmailing porn users worldwide.

His jail sentence of six years and five months is a major success for the National Crime Agency and the court heard he is the most prolific cyber criminal to be sentenced in the UK.

Investigators have discovered about £700,000 of his profits – but his network may have made more than £4m.

Working from his bedroom at his family home in Barking, Qaiser began to make money through “ransomware” attacks when he was only 17 years old.

This is a form of attack in which a computer is hijacked (and often the files are encrypted) and frozen by  downloaded  software until the user pays a fee for its release.

Qaiser contacted the Russian controller of one of the most potent attack tools and agreed a split of his profits.

Over 18 months, the teenager posed as a legitimate supplier of online promotions and booked advertising space on some of the world’s most popular legal pornography websites. But each of the adverts that was promoted on the websites contained a malicious tool called the “Angler”.

Any visitor to the adult site who clicked on one of Qaiser’s fake adverts would trigger the download to their own computer of the attack kit.

The software would search for vulnerabilities and If the home computer was not protected with up-to-date anti-virus software, would deliver the ransomware that seized control of the device.

The ransomware then splashes a full screen message to the user, claiming to be from the FBI or Metropolitan Police or other law enforcement agency, accusing the user of breaking the law – warning them they faced up to three years unless they paid a fine of hundreds of dollars immediately in Bitcoin.

It was calculated that one of the fake adverts appeared on 21 million web browsers every month.

Quaiser spent almost £5,000 on a Rolex watch and £2,000 on a stay in a Chelsea hotel. He regularly spent money on prostitutes, drugs and gambling, including almost £70,000 in a casino.

When a Canadian company selling advertising space asked Qaiser to stop, he launched a massive cyber attack against it, causing hundreds of thousands of pounds worth of damage to the business.

Qaiser initially denied the crimes and claimed he had been hacked, before pleading guilty to 11 charges – including blackmail, fraud, computer offences and possessing criminal property.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

Google Fined 1.5 Billion Euros by the EU

The European Union has levied a third antitrust fine against Google.

EU antitrust commissioner Margrethe Vestager said that the technology giant had abused its dominant position by forcing customers of its AdSense service to sign contracts stating they would not accept advertising from rival search engines. “The misconduct lasted over 10 years and denied other companies the possibility to compete on the merits and to innovate.”

This brings the total in fines against Google by the EU to 8.2 billion Euros, but it’s also ends the last of the investigations that were in progress.

The third fine is lower than the previous two as Google actively worked with the European Commission to change its AdSense policies after the EU announced its case in 2016.

In 2006, Google started selling its AdSense for Search product. This let companies place a Google search box on their website. When a search is entered Google shows the results but also its adverts.

Google made customers sign contracts banning them from including rival search engines on their sites. In 2009, Google allowed the inclusion of rival search engines as long as Google’s was more prominent. In 2016, around the time the EU announced its case, the company removed these terms altogether.

Possibly, to avoid further anti-trust cases On Android phones, Google used to automatically install its own services (including Google search) but has recently switched to allowing users which services they want.

Today’s fine brings an end to EU’s current trilogy of open probes, the organization is still looking at a number of other areas of Google’s business and could open new cases in future.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature