Category: information

DMARC Email Authentication

We all get far too many emails claiming to be from a well known company but actually sent by scammers and spammers. Internet Service Providers trap a large percentage of these fake messages and delete them before they they can get to their intended target, but a lot still get through to us.

What can be done?

There is a standard called DMARC used by many large organisations including Google, Facebook, Apple, Craigslist, Virgin Media, British Airways, Dropbox, Amazon and many more.

Implementing DMARC ensures that genuine emails can only be sent using specified company servers and hence any Internet Services Provider can filter out the messages claiming to be from these companies, but are fake.

Sending Out Emails

The sender sets up two pieces of machine readable information in advance

  1. A document that describes how the emails will be sent (e.g. which servers will be used for the outgoing mail). This is called SPF (Sender Policy Framework).
  2. A proof of identity document called DKIM (Domain Keys Identified Mail)

Receiving Emails

The email service provider in receipt of the message, checks the SPF and DKIM entries for the legitimate sender and compares the meta data for the messages against that. If it passes then the message is accepted but it there is a mismatch then the messages are marked as fake. That can mean they are deleted or can mean they are delivered to the users spam folder.

It does take effort to implement DMARC as a sender but the more large companies start using DMARC the better and the more email service providers start to check incoming mail for DMARC then the less rubbish will get through.

If you know anything more about this then let me know, by email.

Fightback Ninja Signature

The Amazon Brushing Scam

This is a strange scam as it starts with unexpected packages being delivered to you, typically from Amazon but could be from other suppliers.

The fraud starts with a the scammer creating an account on Amazon using a real stranger’s name and address. Then the scammer orders products and they are delivered to the stranger’s home address, which is a surprise for the recipient.

Q. Why would anyone do this?

It’s all about getting good reviews. The scammers use the account they’ve set up to post fake ‘verified reviews’ on Amazon (or another service) that are positive about the products the scammers want to push or may be negative about competitor’s products. The scammers may be the sellers of the products or may be paid to specifically create these fake reviews, or to damage a sellers reputation.

Investigators believe it is largely third-party sellers on Amazon that are buying their own products in order to leave a  five-star review, and using stranger’s  names and addresses to appear as independent customers.

The recipients of the products may be very surprised at goods turning up on their doorstep but they are not charged for the items in questions, so it is theft as such.

Where the problems arise for the recipients is that they may not be able to turn off the deliveries and getting the account cancelled will be difficult as only the scammers know the passwords etc.

There is also a bigger worry – how did the scammers get their details in order to create the account?

If the scammers have that information about you then they may use it to carry out more damaging forms of identity theft.

If you receive packages from businesses such as Amazon that you did not order, then do contact the supplier and change any relevant logins and passwords.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Are Consumer Reviews Biased

Research shows that it is often the people with strong opinions who leave reviews of products they’ve bought and service they’ve received and the majority without strong opinions tend not to leave so many reviews.

So what about that silent majority?

Research at MIT suggests that some reviewers may be systematically biased or easily manipulated by the presence of previous reviewers comments. This is commonly called “social proof” where people assume the actions of others are correct and duplicate them in an attempt to reflect correct behaviour in the situation.

Imagine you dine at a restaurant and aren’t too impressed by the food. When you get home and want to post a review, you find that the restaurant has very high ratings – people love the place. You may still post a negative review but it is quite likely you will assume your not so good dish was an exception for the restaurant and will hold off on posting that negative view or at least tone it down.

When we see that other people have appreciated a certain book, enjoyed a hotel or restaurant or liked a particular event — and given them a high rating online — this can cause us to feel the same positive feelings about the book, hotel, restaurant or event and to likewise provide a similarly high online rating,

If you had a moderate view on a restaurant meal or event etc. you’re likely not to bother leaving a review, thinking it not worth the time and effort.

An academic study titled “Understanding and Overcoming Biases in Customer Reviews.” had analysis of several hundred thousand reviews from four major online retailers, and highlighted evidence of two major types of bias in the online review system:  social influence bias and selection bias.

Social Influence Bias is when a user’s opinion is influenced by the opinion of others. So, if your business has bad reviews, people who post reviews are more likely to follow suit, and post more bad reviews. If your business has good reviews, people are more likely to post good reviews.

Selection Bias (also called voluntary response) is where the people that submit reviews feel motivated to do so, which usually means that the resulting sample over-represents individuals who have strong opinions.

There is also the problem of how to interpret rating scales. For example, does 5 out of 5 stars means exceptional or does it just mean very good?

A well designed mass survey will put considerable effort towards standardizing responses, as vague and inconsistent response criteria will make an otherwise legitimate survey meaningless.

It can be difficult to get wide ranging responses from  groups of people without ignoring the silent majority but use of incentives can make it possible.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

The Instagram Effect

Would you take pictures inside someone else’s home then put the pictures on Instagram and claim it’s your house?

A recent survey showed that one in six of us have done just that – posted pictures of other people’s better homes and pretended it’s theirs.

More than a quarter of the 2,000 people polled at the Ideal Home Show admitted to being so envious of images of friends’ properties on Instagram, Twitter and Facebook, that it made them miserable.

It is sad that so many people are affected in this way, especially as much of what you see on social media is faked.

Nearly half of 25- to 35-year-olds confessed they would buy an item purely on the basis of how it would improve their home’s appearance on social media. Some even admit to buying desirable objects including furniture for their home, taking pictures for Instagram then returning the items.

17 per cent said they would pay more for a home they thought would impress their friends.

It’s clear that social media is making people feel the need to not just keep up with their friends but to keep up with people they don’t even know across the world.’

The vast majority of the photos on Instagram are genuine in that there is a real object being photographed but a significant minority are created by Photoshop type techniques or are amended so much so as to provide an unrealistic image.

The things you covet on Instagram may well be fake.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

How Fake Social Media Profiles Are Created

It is very simple to create fake social media profiles and takes little effort. You make or buy a new email address and a phone number, fill in the registration screen and that’s most of it done.

However, making them believable takes more time and effort.

Some scammers take the time to do this as part of what are usually phishing scams – aimed at gaining people’s confidential data for sale to other criminals.

Criminals create these fake profiles on social media for a variety of reasons, including:-

  1. A profile for phishing
  2. Support profiles to make the master profile more believable
  3. For advertising of scam products
  4. To build up lists of people on social media, to sell to other criminals

Generally, the key is to create subsidiary profiles to support the central one (master profile) and these need to have a reasonable level of information and posts but not in great detail as they are only to support the master profile.

The master profile needs to be as detailed as possible – full education history, current and previous occupations, qualifications, pastimes etc. Then register that profile with Facebook groups or similar on other platforms and so on.

Once the hackers have built this information, they may be ready to launch their attacks – Phishing or otherwise.

If you are contacted by someone you don’t know and feel there is reason to check if they are genuine then look in detail at dates the information was added and if it’s all recent – that’s a warning flag. Check their friends, employers etc.

For most of us this level of investigating is not needed, but if you have access to sensitive information or think someone may try to steal your identity – then take care.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Are Companies That Only Use Paypal Untrustworthy

When you come across a business that only accepts payment by PayPal, this may be fine or may make you wonder why they cannot accept credit or debit cards. Is it to avoid extra costs and complexity in their business or is there a more shady reason?

A company may choose to only allow payment by Paypal for a variety of reasons, such as :-

  1. They are a single person business and don’t want the complexity of a payment system other than the simplest, which is PayPal
  2. They may only operate on eBay or ETSY or similar auction sites / niche retail sites and not be able to offer other payment options
  3. They are a small business with plans to grow but don’t want the overheads of multiple payments systems until essential
  4. PayPal charges area a lot less than credit card charges.
  5. They are a scam operation and are likely to disappear after taking in customer payments.

Plus, Paypal payments release the money immediately to the retailer whereas payments by credit card take time to be completed.

Many small businesses find it difficult to pay the costs of having a credit/debit card payment system. Also, PayPal was started in conjunction with E-bay, so is well trusted by buyers and holds the money until the buyer verifies the quality and condition of the item.

It is easy to integrate PayPal with most website and a lot of hosting services offer Paypal integration without charge.

Adding a facility for taking card payments does cost – possible $25 – $50 per month from a merchant provider and the banks do often charge more for credit card transactions.

If you want to buy from an online business but are worried by the lack of alternatives payments to PayPal then research the business and check for online of their products and the business and then make your choice.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature