Category: information

Amazon Merged Reviews Make No Sense

Amazon monitors product reviews by the public and manages to delete most fake reviews, but “merged reviews” are proving to be a problem as scammers are increasingly using them.

Merged reviews are where a seller may have multiple items  that are basically the same item but with very minor differences such as woolly hats where one has a bobble on top and the other doesn’t.

In these cases Amazon allows for the same reviews to appear on both products.

But scammers are merging reviews for entirely different products in order to show popularity for items that haven’t earned it.

Which? magazine investigated this and found for example reviews for headphones that are actually reviews for cuddly toys – done as a way of getting apparently excellent reviews for a new product. Some of the these scammers are dumb enough to do this even where the original reviews have photos attached to show they are completely different products.

Which? found that nine out of 10 of the top-rated headphones on the site earlier this year had glowing reviews for a range of unrelated products.

Amazon took action to remove these products and reviews, once informed of the problem.

But using such reviews for unrelated products is against Amazon’s terms and conditions, because it can make something look more popular than it is.

Which? focused on just one category – Bluetooth-enabled headphones – and followed the reviews for the top 10 products over the course of a month, from February to March this year.

Most of the brands were not household names and were all sold by more than one seller, so Which? was unable to determine whether the brands themselves were implicated in any wrongdoing.

One headphone listing had 863 reviews for a personalised jigsaw puzzle, while a third had 1,386 reviews for beach umbrellas

Only one of the headphones on the list, made by one of the best-known audio electronics firm Bose, showed no evidence of review merging. But its headphones were ranked only eighth best out of the 10 investigated.

Which? magazine focussed on earphones but also found that various other products have the same problem.

If you’re relying on customer reviews, then try to make sure they are genuine.
E.g. check if there is a photo attached that matches the product and ignore any reviews that could conceivably be for anything else.

If you have any experiences with these issues do let me know, by email.

Fightback Ninja Signature

Scammers Make Their Offer Irresistible

Scammers use a set of psychological tricks to make you trust whatever they are offering.

These’ ‘tricks’ are well-known and used by Marketers and many others.

These include

  1. Create a sense of legitimacy
    • Lists of references from satisfied customers
    • ‘Professional’ reviews of the product or service
    • Celebrity endorsements
    • Ride on the back of well respected products
  2. Invoke emotion
    • Create excitement around a new release or a ‘first’ of some kind
    • Create fear about missing out on the product or service
    • Create worry about regretting not taking the opportunity
    • Create anger that the product has been kept hidden away from the public until now
  3. Create a sense of urgency
    • Fake deadline
    • Only a limited number/amount of the product remains
    • Be the first to get this product or service
  4. Use social influence
    • Happy references from members of the public
    • 100,000 people have tried this and recommend it

 

Do think about how the scammer’s message affects you before making any decisions. This also applies to whenever someone is trying to sell you something  or to get you to do something and always applies to unsolicited emails, texts and calls.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

UK Gov Phishing Attacks

A phishing attack is when criminals create fake websites that look like well-known websites such as Marks and Spencer or HMRC or British Gas etc.  They use the fake websites to get your confidential information.

Top 10 Government ‘Brands’

Brand                                                   No of phishing sites    No of attack groups    Phishing Site Availability                                                                            in hours

HM Revenue & Customs                     16,064                         2,466                           10

Gov.uk                                                 1,541                           241                              15

TV Licensing                                        172                              93                                5

DVLA                                                   107                              53                                11

Government Gateway                        46                                22                                6

Crown Prosecution Service                 43                                26                                15

Student Loans Company                     19                                11                                17

Student Finance Direct                       13                                3                                  3

British Broadcasting Corporation       8                                  7                                  35

Phishing

When a phishing site is identified that is pretending to be a UK government brand, the hosting provider is asked  to take the site down. While some government departments do their own brand protection, most don’t and it is simpler and cheaper for this to be done centrally.

Example of a phishing site impersonating HMRC

The domain name that’s been used is onlinehmrctax @ gov.co.uk. That’s intended to deceive the user into thinking this is a real HMRC site. Not all phishing sites use domains like this and many are hosted in areas of legitimate sites that have been compromised by the criminal. Phishing sites are also automatically added to a number of industry safe browsing lists that are consumed by the major browsers and so even if the hosting provider doesn’t respond, or it takes long time for the site to be removed, users of modern browsers with the default security settings are protected anyway

The availability of an attack is the total amount of time the phishing site is available from when the Netcraft service  first becomes aware of the attack through to when it is  finally taken down. This accounts for the

times when an attack is reinstated by the criminal after first being taken down by the provider, which can happen multiple times in some cases. It is also often the case that a single attack can involve multiple spoof sites, hosted on the same server. If there are many phishing URLs in a single attack, they can easily skew statistics through the responsiveness or otherwise of the hosting provider. Given a group of attacks are all hosted on the same `server’, we group these together taking the longest time any one of them is available as the availability for that group.

Over the last calendar year, we’ve taken down 18, 067 HMG-related phishing sites.

For comparison, in the previous 6 months 5, the volume was 19; 443 sites, also shown on the chart. It’s clear that we have performed fewer HMG-related phishing takedowns in 2017 and the trend is generally downward. Given how the service is driven, it’s reasonable to assume that it sees a relatively constant percentage of the global phishing and so this strongly suggests that there has been less HMG-related phishing this year than last.

However, it is very likely (in the opinion of the author) that this work has had a direct impact on the viability of criminal phishing targeting HMG brands, making them less lucrative and therefore less likely to be used.

It’s obvious from the table that the vast majority of HMG-related phishing attacks continue to use the HMRC brand. That’s unsurprising given that most adults have a relationship with them and everyone would welcome a tax refund.

Fightback Ninja Signature

Dark Web Pricelist

The Dark Web is the name for websites and services on the Internet that are hidden. You cannot find them on Google or other normal search engines – only on ones for criminal purposes or if you have the direct URL.

On the Dark Web, people buy and sell assorted criminal products and services such as selling stolen credit cards, providing ransomware as a service, facilities to send out mass scam emails etc.

It’s a bad place filled with bad people.

Below are some example prices charged for stolen information, credit cards etc. as found by researchers in October 2020

Category Product
Credit Card Data  
Cloned Mastercard with PIN $15
Cloned American Express with PIN $35
Cloned VISA with PIN $25
Credit card details, account balance up to $1000 $12
Credit card details, account balance up to $5000 $20
Stolen online banking logins, minimum $100 on account $35
Stolen online banking logins, minimum $2000 on account $65
Walmart account with credit card attached $10
Payment processing services  
Stolen PayPal account details, minimum $100 $198.56
Western Union transfer from stolen account, above $1000 $98.15
Forged documents  
US driving license, average quality $70
US driving license, high quality $550
Auto insurance card $70
AAA emergency road service membership card $70
Wells Fargo bank statement $25
US, Canada, or Europe passport $1500
Europe national ID card $550

 

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Keep your personal information safe

Fraudsters are after your personal information including – full name, address and contact details, bank account numbers, logins and passwords for websites and Identification numbers such as passport details and driving licence.

Once they obtain your full name and other personal details, they can search official records, social media etc to piece together a fuller picture about you, with the intention of scamming you or even identity theft.

How To Stay Safe

  • Use multiple email addresses [link]
  • Use disposable email addresses (https://fightback.ninja/disposable-email-addresses/)
  • Use temporary email addresses [link]
  • Use the magic phone number if you don’t want to be contacted by phone, but a website insists you provide one [https://fightback.ninja/a-magic-phone-number-and-call-blocking]
  • Stop tracking cookies
  • Opt out whenever possible of Marketing emails etc.
  • Withhold data when you can or make something up if it is unimportant

Removing your personal information from the internet

There is a trade-off between having some information on the Internet about you so that prospective employers, old friends and others can find you and the problem of there being so much that criminals can use that information to con and steal from you. Also, it’s virtually impossible to remove all traces of your Internet activity.

  1. Restrict or Delete Social Media Accounts

Scammers seeking your information may start with your social media posts so make sure not to post anything personal or mention holiday dates etc. Simply deleting such accounts is safer.

  1. Close down Blogs and Blog Posts

Close or delete any blogs posts or the whole blog if it gives away personal information on you.

Personal blogs may contain intimate details about your daily life, family, jobs, health information and financial situation — which is information a fraudster could use to scam you or access your accounts. If you publish a blog, be mindful of the details you’re sharing.

  1. Websites, Chat Groups etc. With Your Information

If someone else has posted sensitive information about you on their website or blog, then you can contact the webmaster of the site and ask them to remove the information.

If a website refuses to remove your info, then you can send a legal request to Google and ask to have it removed.

  1. Phone APPS

Many APPS on your smartphone and tablet collect personal details such as your name, email address, spending habits, and geographical location. This information could be accessed by cybercriminals, leaked or stolen, and if it ends up in the hands of scammer, your finances could be at risk.

If you’re unsure whether an app is trustworthy, it’s a good idea to review the Terms of Use and Privacy Notice first to determine what info is collected, why it is collected, and how it may be secured, stored, and shared. You might also check some user reviews.

  1. Block Tracking Software

While browsing the web, you’ve probably noticed disclaimers about “cookies,” which is technology that tracks your web browsing habits. If you don’t want that information tracked and stored, then consider running security software that contains features to block online tracking. You should also understand the limitations of your browser and any do-not-track feature.

  1. Clean out your computer data

There’s a trove of personal information stored on your browser history, including the websites you visit (including financial institutions), passwords, and cached images and files. If a cybercriminal gains access to your device, they may be able to use that information. Regularly clear your browser history, delete cookies and install and use security software that includes online privacy features.

If you do all of the above then you will remove most of the data that anyone can find about you on the open Internet. There will always be data on government systems, retailers you buy from etc. but that is harder for any criminals to access.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Police Report Common Phone Scams

The National Fraud Bureau reports that the most common phone scams are:

  1. False reports of a problem with your computer or device
  2. A fake fraud investigation
  3. An investment opportunity

Number 1 is better known as the Microsoft Support scam as most of the scammers cold call random people, pretending to be from Microsoft Support and warning of a severe computer problem. They offer to fix it and to do so they need access to your computer and will charge a fee for their time or for some software they supposedly have to install.

Since these scams became commonplace, most people know to put the phone down on any such call. A message to the same effect (you have a computer problem – call …) may pop up when you are on a new website and it will exhort you to phone a specified phone number – this will be to a scam call centre so do not call it.

Number 2 is the fake fraud investigation which can take many forms with the scammer pretending to be from your bank or the government or the Police etc. Usually, they warn you that your bank account has been hacked and they will assist you to save your remaining money – i.e. by taking it away from you. Any such callers should be ignored but if you want to check with your bank then use a different phone to call your bank on a known number.

Number 3 is scammers offering investments that have zero risk and give guaranteed returns are always fake and you should seek expert advice before making any investment.

Anything that looks too good to be true is almost certainly a scam.

Stay safe.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature