Category: information

How Accidental Data Leaks Happen

It’s easy to assume that all data breaches are the result of criminal activity, but that’s far from true.

A study of data from 2016/17 showed that 92% of security data incidents and 84% of confirmed data breaches were due to accidents or mistakes.

Here are the most common problems leading to leaks of data:

1. Expired Security Certificates

These certificates are an essential component in protecting systems and Equifax found out the hard way in 2017 when hackers accessed huge amounts of confidential data through an expired certificate. This data included 143 million records exposed containing names, addresses, dates of birth, Social Security numbers, and driver license numbers.

The data was stolen by hackers who exposed a vulnerability in Equifax’s web servers. If the relevant security certificates had been updated as they should have been – the hackers couldn’t have used that way in.

2. Unsecured Third Party Vendors

Many websites and complex systems are a mix of the owner’s software plus a variety of third party plugins, addons and linked external services. As in any other part of life – the weakest link determines the safety level of the whole system. If the 3rd parties aren’t adequately secured then the whole system becomes vulnerable.

3. Poor Email Security

Most hackers still gain access through phishing – that is sending out emails that attract people to respond in some way that gives the hackers the information they need to access systems. Maybe it’s through a fake quiz that requires a login and password or an offer of a gift token etc.

Or could just be that people haven’t learned the need to use passwords that are unguessable and not to write them down by their desk.

A company named Nightfall protects systems data and they have created the following article to explain in more detail how accidental data leaks can happen: https://nightfall.ai/resources/accidental-data-leaks/

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Scammers Target the Elderly

Many scammers believe that they can more easily trick older people, or that older people have the time to listen and be some are more opportunistic and realise that retired people are more likely to be at home during the day when scammers call.

The Most Common Scams Targeting the Elderly

  1. Health insurance scams – scammers offer unrealistically cheap insurance cover but really they just want your money and personal details – there is no insurance.
  2. Fake prescription drugs – it’s very dangerous to buy prescription drugs from a non accredited source as you can not be sure what you get will be safe and contain the genuine medicine.

3.Funerals —fraudsters use obituaries to find out information about the deceased, then attempt to extort money from family members or grieving spouses, by falsely claiming for debts.

4.Anti-aging products — scammers offer various products which either don’t exist or are worthless.

5.Investments — pension release schemes, Ponzi schemes, guaranteed winners on the stock market etc. However good a scheme sounds, always check with an independent reputable expert.

  1. Homeowner/reverse mortgage scams – it is quite common for people who have paid off their mortgage and would like some cash to take out a new mortgage and the scammers offer an assortment of fake mortgages.
  2. Lotteries —This is generally invitation to join a wonderful lottery, but the tickets are fake so you have no chance of winning.
  3. The grandparent scam —this is a very nasty one as it frightens people. The scammer calls and pretends to be a grandchild. They wait for the victim to use the grand child’s name then claim to be that person but with urgent financial problems. The scammers asks for payment by transfer through Moneygram or Western Union usually as these payments cannot be traced or reversed.
  4. Charity Scams – scammers setup fake charities to take advantage of people’s generosity.

Trust your instincts. If you feel at all wary or suspicious, you’re probably right!

“Sixty and Me” have created a detailed list of the common scams targeting elderly and how to avoid them.

Got to https://sixtyandme.com/seniors-scams/

If you have any experiences with phishing scams do let me know, by email.

Fightback Ninja Signature

Australian Scam Losses

 

Statistics show that in 2019, Australians lost $634 million to scammers, made up as follows:

 

(note: this only covers scams reported to the authorities).

Scam Type

Money Lost
Investment Scams $61.8M
Dating and Romance $28.6M
False Billing $10.1M
Hacking $5.3M
Online Shopping $4.8M
Remote Access Scams $4.8M
Identity Theft $4.3M
Threats to Life $4.3M
Classified Scams $2.8M
Inheritance Scam $2.6M

 

If you have any experiences with scammers, spammers or time-wasters do let me know, by email.

Fightback Ninja Signature

Phishing Tackle Website

Phishing Tackle at  https://www.phishingtackle.com/  offer a range of online courses to help keep businesses safe from Phishing scams. These scams are where scammers send out messages (usually by email but can also be by text and phone call) claiming to be a trusted organisation e.g. HMRC, local council, Marks and Spencers, Nat West Bank, The Police and so on. They are after your personal information and especially login and password information and financial details.

Over 90% of data breaches are caused by an end-user clicking on a phishing email and Phishing Tackle say they reduce the risk of people clicking on phishing emails.

Phishing Tackle’s automated online security awareness training, simulated phishing and policy management platform reduces the risk of end-users clicking on phishing emails by over 90% – that’s the claim.

Website resources include:-

  • A click-prone test
  • Domain spoof test
  • Phishing quiz

And lots of information on various types of online scams.

Free Phishing Awareness & Training is available to not-for-profits in some cases.

They also offer a manged service to protect businesses.

The website is a good resource for those looking to protect their business from Phishing scams

If you have any experiences with phishing scams do let me know, by email.

Fightback Ninja Signature

 

Cold Caller Number Lookup

It is estimated that each day, twelve million people in the UK receive one or more cold calls.

Have you received a scam call or an annoying cold call and wished you could register their phone number online to warn others about them?

Or do you want to know if a caller is a scammer or cold caller?

Go to www.badnumbers.co.uk   to check their number or register the caller’s number as ‘bad’.

Bad Numbers is a reverse telephone number lookup website and has collected over 20,000 ‘bad’ telephone numbers so far.

The website is very simple – you just type in a number and see if it is already registered. If not and you want to register it then you type in why and that’s about it.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

How Hackers Take Email Addresses From Websites

To build up lists of email addresses that can be sold to spammers and scammers, hackers run software that scans websites and looks for email addresses.

This is called email harvesting and is done on a huge scale.

The hackers typically scan websites, mailing lists, internet forums, social media platforms and anywhere else they can find email addresses online.

The characteristic format for an email address is [email protected] so it is simple for email harvesters to read web pages and look for the @ symbol as it seldom occurs anywhere on web pages except in an email address.

The harvesters can also check for unusual variations on that theme e.g. User[at]domain.com or User[AT]domain[DOT]com

In web pages, an email link is generally of the format ‘mailto:[email protected]’ so these can easily be spotted and added to their list by the harvesters.

Many web developers try to stop this happening by disguising any email links such as by displaying the email address as a picture that the user must then type in the address to their email system or by encoding some or all of the letters in the email address.

e.g. “A” is letter A, “@” is letter B and so on.

The simplest approach is to use a contact form instead of an email address link. His works for one email address but not so applicable if you have lots of email address links on the same page.

There are many more ways to hide email address links from harvesters, but whatever you try – make sure not to have such addresses showing in clear text.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature