Category: Fight Back

Google Website Checker

Google examine many millions of websites each day as part of their search technology and they check whether each of those websites contains anything harmful to viewers.

Sadly, they do find thousands of such websites each day – some are scam sites, some setup to deliver viruses to anyone viewing the site, some unknowingly contain other malware and some are legitimate sites where interlopers have added their own content.

If your search criteria will produce results including bad websites then Google will warn you. Google say they issue around 50 million such warnings per week on average.

Plus they have a site where you can type in any Internet address and Google will tell you if they have found anything dangerous at that site.

Go to  https://transparencyreport.google.com/safe-browsing/search  and try it.

Better safe than sorry.

N.B. The term “malware” covers a range of malicious software designed to cause harm, including  ransomware, spyware, viruses, worms, and Trojan horses.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

British Police Shut Indian Scam Centres

The British Police service in cooperation with Indian police, have shut down two sophisticated criminal call  centres in Kolkata, known to have defrauded many thousands of victims in the UK and elsewhere.

The call centres were raided by 50 officers from the Cyber Division of Kolkata Police as part of a worldwide four-year operation conducted by the UK police and Microsoft.

Seven arrests were made and the two fraudulent call centres were put out of business.

“These raids and arrests mark the successful culmination of a four-year operation. Working with Indian authorities and Microsoft, we have stopped a number of criminal call centres from preying on UK citizens,” said Commander Karen Baxter of the City of London Police.

In the 12 months to April 2019, City of London Police’s National Fraud Intelligence Bureau received over 23,500 complaints of this form of fraud, with reported losses of more than 9 million pounds.

The scam involved call centre staff pretending to be from Microsoft and either charging the victims around £200 to fix non existent problems or introducing viruses onto the victim’s computers with the intention of stealing more money.

Hugh Milward, Head of Corporate and Legal Affairs at Microsoft UK, said: “This sort of deception will not go away and effective public/private partnerships are essential if we are to combat sophisticated cyber criminals who operate on a global scale. We are working with law enforcement, here in the UK and internationally, to tackle these crimes and these arrests are a great result for people who have been targeted by or fallen victim to these fraudsters”.

Always beware cold callers and remember that Microsoft, Virgin Broadband, BT and similar companies do not phone anyone to tell them their computer has problems or is dangerous.

If you have any experiences with scammers, spammers or time-wasters do let me know, by email.

Fightback Ninja Signature

European Law Strong Authentication

In September 2019, the second Payment Services Directive (PSD2), specifically the requirement for Strong Customer Authentication (SCA) for remote payments came into effect.

These requirements will impact the way consumers in Europe access their Internet banking applications, pay for e-commerce purchases, and use new financial services provided through Open Banking.

The starting point for any financial transaction must be to establish the identity of the parties involved. In person, a valid ID card may be sufficient  and digitally, using a login and password is usually enough.

However, when interactions are happening remotely through multiple channels and multiple partners, there is often a need to use multiple factors of authentication e.g. a login and password plus a pin number.

PSD2

PSD2 is increasing the security level for authentication to financial services across the whole of Europe, and is harmonizing the strength of authentication processes for financial applications. Because of PSD2, financial institutions have been phasing out weak authentication methods.

PSD2 ensures that advanced authentication concepts, such as dynamic linking, device binding for mobile apps, mobile application shielding and transaction risk analysis become standard security tools in financial services.

PSD2 is also accelerating the adoption of adaptive authentication methods, which adjust the way in which the user is authenticated to the risk of what the user wants to do.

Deadline for banks to implement SCA for Internet banking: 14 September 2019, except in the UK where the deadline is set as 14 March 2020

Deadline for banks to offer Open Banking interfaces: 14 September 2019

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Scam Disruption Project

The Australian Scam Awareness Network ran the scam disruption project for several years. It involved working with state and territory police and consumer affairs agencies to alert at-risk individuals to the possibility of being a victim of fraud and it was terminated in 2017.

They say that you might be dealing with a scammer if:

  • you’ve never met or seen the person: scammers will say anything to avoid a ‘face-to-face’ meeting, whether it be in person or over the internet via a video chat (e.g. their camera isn’t working)
  • they’re not who they appear to be: scammers steal photos and profiles from real people to create an appealing façade – always run a Google Image search to help determine if they are a scammer
  • you don’t know a lot about them: scammers are keen to get to know you as much as possible, but are often less forthcoming about themselves
  • they ask you for money: once the connection’s been made – be it as a friend, admirer, or business partner – scammers will eventually ask you to transfer money – often waiting weeks or months before doing so
  • they ask to chat with you privately: many online dating sites have systems in place to detect scammers so scammers will try and move the conversation away from the scrutiny of community platforms to a one-on-one interaction such as email or phone.

How to Spot a Fake Profile

When looking at a new dating profile, note anything unusual about their choice of:

  • photo
  • location
  • interests
  • language skills matched to background

Scammers often use fake photos they’ve found online, so run a Google Image search to check the authenticity of any photos provided.

How to Spot False Documents

Documents are easily faked. Some will look just like the real thing, but others might have warning signs, such as:

  • generic rather than personal greeting
  • names of organisations that don’t exist
  • poor quality presentation
  • poor quality grammar and spelling
  • overly official or forced language.

If you have any experiences with such scammers do let me know, by email.

Fightback Ninja Signature

APP Shielding

When developers create a new APP and it becomes popular – there are hackers who want to get into the APP for one of several reasons

  1. The intellectual challenge of seeing how it works
  2. To understand how it works so they can create viruses or other malware that can attack it
  3. To find out if they can hijack the APP to do their bidding

An intellectual challenge isn’t threatening to others but the other reasons are criminal and it does happen that even APPS on APPLE and Android Pplay stores can be cheated by hackers and in some cases there has been a major loss of money and reputation as these problems come to light.

To prevent hackers getting into their APP, developers can use various coding techniques (called APP shielding), usually classified as

  1. Obfuscation and
  2. Integrity checks

APP shielding is important in many cases and especially with financial APPS.

App shielding is designed to prevent attackers from modifying your app during runtime or at rest, to protect your app’s memory, make app repackaging extremely complex, and provide additional protection against mobile malware.

What Can APP Shielding Do?

  • Prevents and effectively stops the most common types of cyber attacks on mobile apps.
  • Stop Mobile Malware
  • Advanced obfuscation and integrity checks prevents the APP being reverse-engineered which can lead to it being repackaged and released on the app marketplace under a new name.
  • Protect User Data
  • Stop untrusted keyboards, malicious screen readers or screen recorders from stealing the sensitive data, as well as the data leakage via user or system screenshots.

Recent research shows that :-

  • Of 1.7 million apps on the Google Play store, only 24.5% had any Code Protection.
  • 86% of Malware is delivered through APPS that have been re-packaged.

These numbers are of concern as we trust downloads from Google Play store and APPLE but maybe we shouldn’t be so trusting.

Increasingly, developers tool kits will contain code for implementing APP shielding, so it should become common practice for APP developers.

If you have any experience with APP shielding, do let me know, by email.

Fightback Ninja Signature

Scams Awareness Network

www.scamwatch.gov.au/about-scamwatch/scams-awareness-network

The Scams Awareness Network (SAN), is made up of government regulatory agencies and departments in Australia and New Zealand that work alongside private sector, community and non-government partners to raise awareness about scams and disrupt them.

The core purpose of the SAN is for members to regularly share information about scams and to deliver a coordinated awareness campaign for consumers, including the Scams Awareness Week in August each year.

Members and partners of the SAN include government departments, national agencies, state and territory agencies, charities, the Police, banks, technology companies, small business and many more.

Scamwatch is run by the Australian Competition and Consumer Commission (ACCC) and provides information to consumers and small businesses about how to recognise, avoid and report scams.

Targeting Scams Report

The ACCC produces Targeting Scams: Report On Scam Activity each year. The report explains key trends in scam activity and highlights the impact of scams on the community. It also illustrates the collaborative work of the ACCC, other regulators and law enforcement agencies to disrupt scams and educate consumers.

Criminal Offences

Some scams may also be criminal offences when someone who commits fraud has acted dishonestly or by omission to deliberately deceive someone. Fraud is regulated under various acts, including state and territory criminal legislation and under Australia’s common law.

Where an actual crime has been committed, it’s best to contact the local police, or report it to ReportCyber if the crime has taken place online. ReportCyber helps law enforcement to better combat the growing threat of cybercrime in Australia. Common types of cybercrime include hacking, scams, fraud, identity theft, attacks on computer systems and illegal or prohibited content.

A consumer may be able to bring a private action in the Federal Court or in a state or territory Supreme Court. If the action is successful, the remedies sought could include damages, injunctions and other orders.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature