Category: information

Is Your PC Mining Bitcoins for Someone

Criminals keep finding new ways to take advantage of us. Bitcoins and other cyber currencies are constantly in the news and this has led to endless scam offers of untold wealth from Bitcoins and other cyber currencies. But there’s also a new way for criminals to take advantage of you.

The Creation of New Bitcoins

This is through a process called ‘mining’ and it applies to all cyber currencies.

Mining uses huge amounts of computer processing power to keep the blockchains consistent, complete and unalterable. The “blockchain” is how the records of the Bitcoins are stored. Mining becomes progressively more difficult as more Bitcoins are created over time – requiring more and more processing power.

Bitcoin has been in circulation for some years and effective mining requires super computers.

However, hackers get around this by commandeering processing power from large numbers of other people’s computers – possibly your computer.

The hackers infect your computer with malware that lets them download data to be processed and upload the results back to themselves. If you find your computer is always slow and seems to be busy doing something you haven’t asked it to do – this can mean your computer has been infected and is busy working for someone else.

The same hacking tool that allowed the Wannacry ransomware to wreak destruction in 2017 has also been used by hackers to take over people’s computers and use them for mining.

Another similar one is called Smominru and makes infected computers mine for the cyber currency Monero. It is thought that up to half a million computers have been taken over for this purpose.

Make sure your computer is protected against these attacks through the use of anti-virus and anti-malware, take regular backups in case of data corruption or ransomware attacks.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

ISO27001 Information Security

ISO 27001, also known as IEC 27001 is an information security standard and is published by the International Organization for Standardization  and the International Electrotechnical Commission.

Most organizations have some information security controls, but these may not be sufficiently comprehensive in their coverage. An information security management system (ISMS) can remedy this situation.

It specifies a management system and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.

ISO 27001 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis

The ISO 27001 certification, like other ISO management system certifications, usually involves a three-stage external audit process.

Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization’s information security policy, Statement of Applicability and Risk Treatment Plan. This stage serves to familiarize the auditors with the organization and vice versa.

Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/ 27001. The auditors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS). Certification audits are usually conducted by ISO 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/ 27001.

Stage 3 is Ongoing and involves follow-up reviews or audits to confirm that the organization remains in compliance with the standard. Certification maintenance requires periodic re-assessment audits to confirm that the ISMS continues to operate as specified and intended. These should happen at least annually but (by agreement with management) are often conducted more frequently, particularly while the ISMS is still maturing.

For detailed information on ISO 27001 refer to https://www.itgovernance.co.uk/iso27001

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Trust Pilot Customer Reviews

https://uk.trustpilot.com

Trustpilot is an online review community founded in Denmark in 2007 by  Peter Holten Mühlmann.

The website has more than 32 million reviews of 179,000 businesses and 1,000,000 new reviews each month created by 45,000 reviewers each day. So you can see this is a serious business and also that there must be a huge need for unbiased reviews of businesses.

Trustpilot “believe that people’s voices should be heard, which is why we’re dedicated to helping everyone share their genuine experiences. We’re committed to being the most trusted online review community on the market. Genuine reviews written by consumers are published instantly without censoring, and businesses can see and reply to them”

TrustPilot say they have zero tolerance for fraud and investigate any reported misuse

How Does TrustPilot Make Money?

They offer a series of packages to businesses for a monthly subscription.

The key sales points for these are:-

  • Connect with your customers by collecting reviews
  • Automate a review collection process seamlessly into your customer journey.
  • Build trust on a platform for both businesses and customers
  • Gather feedback and interact with customers on an independent website consumers trust.
  • Showcase your reputation where it matters
  • Amplify your presence across all channels including search, social, paid, and offline media.

The four business plans are:-

Free Plan £ 0 PER MONTH Lite Plan £ 149 PER MONTH (PAID ANNUALLY) Pro Plan £ 349 PER MONTH (PAID ANNUALLY) Enterprise Plan  CONTACT TO GET A QUOTE
Collect & respond to Trustpilot reviews for free. Showcase reviews on your website & clearly demonstrate marketing ROI. Give your marketing & sales a significant boost with a wide range of customizable tools. Full access to Trustpilot Business with superior integrations, data protection & account management.

 

If you want to build trust for your company. Then Trust Pilot  may be able to help.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Facts About Data Breaches

Hackers break into company computer systems and steal confidential information. i.e. they make copies of it for their own purposes.

The hackers might then ransom the data back to the owner or sell it to a competitor or sell it to other scammers or  might make us of it in phishing scams i.e. to get more confidential information which they can then sell to fraudsters.

This is big business and usually it’s the customers of the hacked business that suffer.

We give our private and financial information to companies to do business with them but we expect they will do everything necessary to keep that data secure.

Many companies do have excellent data security but some fall short.

The cost to a company of a data breach can include:-

  1. Creation of contact databases
  2. Regulatory requirements
  3. External experts
  4. Postal costs
  5. Communications set-ups
  6. Audit services
  7. Helpdesk
  8. Legal expenditures
  9. Reimbursement for customers
  10. Cost of cleaning up data

Besides the material costs, there may be reputation damage.

Recent research shows:-

  • The average cost of a data breach is $3.62 million
  • The average global total cost per record stolen is $141 but there is huge variance across incidents.
  • Companies in South Africa and India have the highest chance of data breaches whereas companies in Germany and Canada have the lowest.
  • The mean time to identification of a data breach is 191 days
  • The faster the breach is recognised, then generally the lower the total cost
  • The increasing use of mobile platforms is increasing the chances of data breaches.

For information on how to recognise a cyber attack see https://fightbackonline.org/index.php/business/102-do-you-know-if-your-business-has-been-cyber-attacked

[facts taken from 2017 Cost of Data Breach Study]

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

What is Cyber Currency XRP All About

Ripple is a business that operates a payment network RippleNet and uses a cyber currency called XRP and it is one of the biggest cyber currencies in the world.

This cyber currency is designed for enterprise use rather than for the public.

It claims to offer banks and payment providers a reliable, on-demand option to source liquidity for cross-border payments.

There’s also the claim that It’s the fastest and most scalable digital asset,  enabling real-time global payments anywhere in the world.

How does Ripple work?

RippleNet makes it easy to transfer almost any currency to almost any other currency in the world. Ripple claim this can be done in 4 seconds which is much faster than Ethereum and Bitcoin.

Using Ripple, if you wanted to transfer currency directly from China to the USA, you could trade CNY to XRP and then send XRP to the recipient who will have an online Ripple wallet or a bank in the USA. From there, they can trade the XRP into USD.

Ripple claims banks can save an average of $3.76 per payment using their network.

XRP Price

XRP has risen in price from under $0.01 to over $1 a coin in under a year, with it valued on December 29, 2017 at a high of $1.50.

XRP’s increase in value may be connected to the astonishing rise in price of Bitcoin. XRP also has a new partnership with credit card company American Express, who are looking to offer instant block-chain based payments and this contributes to market confidence.

The global market is currently valued at around $488billion, Bitcoin accounts for about 40 per cent of the daily turnover and Ripple accounts for 4 per cent. But some experts believe it will enjoy a larger boost in value in 2018.

Ripple does have serious investors working with it, including Santander InnoVentures, Andreessen Horowitz, Accenture, Google Ventures and Standard Chartered.

Cyber currencies are risky as the price is volatile but the future does seem to increasingly likely to be cyber currency.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Bitcoin Machines in Shops

We’re all used to ATMs in supermarkets and shops. Some charge for getting your money and some do not.

But recently, Bitcoin ATMS have started to appear in betting shops, general shops and elsewhere.

These don’t give you money – instead, they let you buy Bitcoins.

Bitcoin is a cyber currency that has been in the news a lot recently due to its rising price, thefts of Bitcoins and its use by online criminals.

These new machines are used by people wanting to invest in Bitcoin cyber currency but also there  is anecdotal evidence that they are used by criminals.  Some shopkeepers estimate that 50% – 80% of use is by drug dealers and other criminals wanting to change large amounts of cash into something they can access elsewhere, plus the cash is effectively laundered i.e it appears legitimate.

Once purchased, Bitcoins can be changed back into any currency in many places around the world.

The shopkeepers where the Bitcoin machines are situated sometimes get a  flat fee of £100 – £400 per month and sometimes they can get up to to 30% commission.

This shows that the charges the buyer has to pay to the machines must be very high to allow for such commission to be paid to the shopkeeper.

The machines generally have a limit of about £500 per transaction, but no limit on the number of transactions per person.

For criminals, these machines are ideal repositories for their ill-gotten gains.

The price of Bitcoins rose rapidly throughout much of 2017 but it is very volatile and could easily crash at any time and become almost worthless.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Fake Website Links

You will come across fake website links in emails, on websites, social media, text messages and more.

In this context, “fake” means a link that doesn’t take you where it says but instead goes to some other website or web page.

Why do people make such fake links?

Mostly there is a deliberate intention to mislead – promise a link to one site but take you to a different site where you don’t want to go.

This may be an attempt to infect your computer with malware or to get you to a page you have little interest in or simply to get you to look at a video or a webpage for which the link poster gets paid per visitor.

How to Identify Fake Links

  1. On a PC hover the cursor over the link and it should show the real destination URL. If this does not match what the link says then you have a fake link and you should not click it.
  2. On a MAC make sure you have the status bar showing first
  3. On Android phones you can press and keep your finger on the link and a box will open offering options but at the top it shows the complete link

Shortened URLS

Some webpages have very long addresses and if you’re sending a link to someone or posting on Twitter for example then some way to shorten these links would be welcome.  There are various services on the Internet that can do just that.  Twitter does this automatically for long links.

These shortened URLs make it difficult to identify the destination of the link. If in doubt – do not click.

Very Long URLs and Email Addresses

Most people create short URLs i.e. links as they want them to be easy to remember and to type e.g. fightback.ninja/the-inflammation-scam/

But some large websites deliberately create long URLs in order to make the purpose of the page easy to understand  from the name e.g. http://www.sheppardsoftware.com/content/animals/kidscorner/classification/kc_classification_appearance.htm

Scammers use long URLs in order to try to hide the true destination of the URL.  E.g. customerservice.lloydsbank.768092676414336492872654576277@78397123719273917cheapscam.com

That is not Lloyds Bank.

Scammers also use the confusion trick with email addresses e.g. customerservice.lloydsbank.768092676414336492872654576277@78397123719273917cheapscam.com

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Coffee Shop Facebook Like

A very clever way to demonstrate the danger of Facebook Likes was devised by CIFAS (Fraud Prevention Service) and BT.

They used a normal looking coffee shop with a sign in the window saying ’Like Us on Facebook for a Free Coffee and Croissant”.

People saw the sign and did ‘Like’ the coffee shop on their smart phones.. What they didn’t know was that a team of researchers watched their actions and trawled through Facebook and public websites to find them and any personal details they could find about the customer within a maximum of three minutes.

In the coffee shop, their free drink was made and the waitress listening in to the researchers on an earpiece then wrote that personal information on the drink.

The video is at http://home.bt.com/lifestyle/money/money-tips/coffee-shop-customers-shocked-by-like-stunt-in-cifas-data-to-go-video-11364071638280 3/9

The customers reactions are quite funny and range from suspicion to bafflement. Hidden cameras filmed their reactions and the film ends with the line ‘Don’t make it easy for fraudsters. Set your privacy settings’.

This is a great way to show how much of our personal information is online for anyone to find.

In 2015, 23,959 people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and is more than double the 11,000 victims in this age bracket in 2010.

People of all ages can be at risk of identity fraud of course.

Simon Dukes, Cifas Chief Executive, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, fraudsters have focused on stealing and using genuine people’s details instead.

Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they are now a hunting ground for identity thieves.

“We are urging people to check their privacy settings today and think twice about what they share. Social media is fantastic and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

Set the privacy settings on your social media profiles so only you  and people you trust can view them and be careful what you post as fraudsters can often access it.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Marketing Lessons From a Scammer

The radio station has been receiving emails about a cure for Tinnitus for months.

Lots and lots of these emails and interestingly they are not just copies from the same email address but show Marketing skills.

So, one day there were four such messages – all clearly from the same scammer.

But named as being from Krystal, Amanda Alexander, Jan Morris and Cliff Robertson.

Scammers don’t bother doing things one at a time so she will have software that generates random names, probably pairing up randomly from a list of first names and surnames.

Next day another four emails and this time from Emilia, Stanley Mayes, Gilbert and Nancy Clarke.

Third day from Sean Lewis, Orville Beck, Donald Hughes , Sylvia and Brooke.

And so on each day.

The email addresses these are actually from follows a pattern as a syllable then a hyphen then a syllable then .date as the suffix. E.g. curst-fay.date,  alice-sib.date. This changes each day to make it harder for people to block the sender.

How about the actual contents of the messages?

These are well written i.e. no grammatical or spelling mistakes and neatly laid out on the page using colour, bold, underline and different fonts to present an attractive easily read message.

There are two basic messages

  1. MAKE THE RINGING IN YOUR EARS STOP

Doctors usually said it was impossible, however once her ears were silenced and the ringing was gone they were stunned.

All she did was drink this and it went away fast.

  1. For decades doctors believed tinnitus was an ear problem.

They were wrong.

Studies performed at leading universities around the world revealed that tinnitus is actually a brain problem that destroys the auditory cortex.

For all the effort this scammer puts into his messages, it’s a pity she cannot find a better way to earn a living than sending out dumb messages about tinnitus.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The Value of Directory Submission Services

Online business directories used to be a good way to find items of interest on the Internet. But since the search engines became highly efficient, online directories have not been needed for general searching.  Search engines are the starting point for most users of the World Wide Web and directories are out of favour.

There are online services that will submit your website listing to hundreds or even thousands of online directories and they make it sound as if it’s the best way to get your website noticed.  But search engines pay little attention to directories and few people use them and directories don’t feature much in recommended search engine optimisation for your website, so the value is questionable.

Free and Paid Listings

While most online directories all offer a free listing option, they will try to upsell you to a paid option – this is generally a range packages available for a monthly fee. For example $25 might get you a listing with a logo and a website link, whereas $50 might guarantee you an entry in the top half of their search results page.

A free, basic listing can be useful just for the sake of another return link to your website, but it’s difficult to justify paying for an entry unless it’s a niche directory that is still much used by people searching in that niche.  This true for some trade directories that list for example architects or plumbers.

If your entry in a business directory is to your profile on the directory then this is unlikely to help your position in the main search engines as only the secondary link is to your website.

A paid listing will give you more visibility on the directory but probably be no better for the main search engines.

Maybe you know good reasons why business directory listings are worth paying for?

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature