Category: Warning

Phishing a WiFi Password

Most people believe that using Wi-Fi in public places is safe as long as there is a password needed to access the service, rather than the public ones with open access.

However, there are assorted methods used by hackers to get into Wi-Fi services and in particular a set of software and techniques we’ll call Wi-FiX (not the real name).

Sadly, Wi-FiX is available on the Internet to anyone with programming skills.

The basic method used involves the software creating a fake Wi-Fi access point that mimics the real ones on the selected network. Then it jams any messages to the real access points and posts up a message requesting login and password. The user cannot get around this so enters their login and password and then the software relays on the messages to the real wi-fi access point so the user believes everything is OK again, but the fake Wi-FI access point is recording all of the traffic.

In that data may well be logins and passwords, credit card details etc.

The details are complex but below is a simple technical explanation

  1. The victim is deauthenticated from their access point. WiFiXcontinuously jams all of the target access point’s wifi devices within range.
  2. WiFiXcopies the target access point’s settings. It then creates a rogue wireless access point that is modelled on the target. It also sets up a NAT/DHCP server and forwards the relevant
  3. The victim is requested to re-input login and password which WiFiX can use to access the genuine access point. The victim joins the hacker’s rogue access point.

The victim continues to use the Wi-Fi unaware that all of their messages are being copied and examined for confidential information etc.

Always be wary of using Wi-Fi outside of your home and office.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

You Have a Car Problem Scam

This is a well known scam that targets single women in cars – either arriving back home or just parked in a quiet area or about to leave a multi storey car park.

The target is approached by a man with an East European accent who warns her of a problem with her car.

He points out something wrong at the back of the car – could be trailing wires, something that looks like it’s fallen off underneath the car etc. Anything the scammers can easily add to the car unseen.

While the first scammer keeps the woman occupied worrying about car problems, a second man appears and his job is to rifle the handbag on the passenger seat for credit and debit cards and notes. If there’s nothing valuable in the car or she is carrying her handbag – they either give up or snatch the bag.

Either way they typically get away with payment cards and cash.

A Surrey woman recently suffered this scam where she had just driven into her driveway and a man pointed out loose wires at the back of the car. The accomplice got her payment cards and stole £500. Luckily for her they also tried to take out £2,000 from her account but the bank blocked it.

Stay safe.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

Fake Event Tickets

Festivals, sports events and other big events attract a lot of attention and a lot of people wanting to visit and usually find accommodation as well Scammers can see these people as easy targets and target them with specific adverts for a popular event of any kind. .

This is most common with the huge events such as World Cup football but also applies to smaller events such as niche music festivals.

The scammers sometimes go to the trouble of creating realistic looking websites, advertising campaigns etc.

Action Fraud estimate that  people are losing more than £1.6 million per year to the perpetrators of these scams. The fraudsters may sell fake tickets, fake travel arrangements, fake accommodation or all of these things.

If you’re travelling to a big sports event or festival etc. make very sure that the tickets you buy are valid. It would be sad to arrive at the event only to discover your bargain price tickets were fake and you’d wasted your time and money.

If you have been caught out by this scam – do let me know, by email.

Fightback Ninja Signature

Domain Name Theft

Your Internet domain name e.g. mybusiness.co.uk can be very valuable and a key part of your business. Without it, online customers won’t be able to find your website or may be redirected without their knowledge to a copycat site.

You may think it’s impossible for someone to take your domain name but it does happen and the scammers are clever in how they do it, leaving you with the difficult task of proving you are the rightful owner.

For a hacker to take your domain name, there are two basic methods:-

  1. They change your DNS configuration, to redirect traffic from your site to their site
  2. They modify your registration contact information, which gives them full control over your domain

A hacker can also change the registration data in the WHOIS database. This then makes it difficult for you to prove that you are the rightful owner. If they have control, then the hacker may also move the domain registration to another registrar which makes it more difficult to get your domain name back.

Q. How Can Hackers Access Your Domain Account?

The most common method is through a phishing attack. They send you emails that look to be from some official body, such as the domain registrar and get you to click a link to their fake website page and use your login and password thus giving them your login credentials.

Alternatively they get your login credentials from a data breach or simply buy the information from another hacker who has employed phishing attacks etc.

Protecting Your Domain

Prevention is the key, rather than planning what to do in the event of such a problem.

Ensure a strong password and that only you know the password for domain control, guard against phishing attacks and anything out of the ordinary regarding your domain.  The most effective control is domain locking.

Domain Locking

You can ‘lock’ your domain, which means that changes will not be allowed unless you ‘unlock’ the domain.  Your domain registrar will do this for you and it’s normally a free service.

Domain locking also stops unauthorised transfer of your domain name to another registrar.

Keep your domain name safe.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

 

Are You Prepared for Security Incidents

  1. How well prepared are you to respond to a cyber security incident?
  • Do you have plans in place to respond to, and recover from, the most likely scenarios?
  • Have you practised your response to such incidents, including at senior management level?
  • Do you have the relevant expertise within the business or access to external sources with that expertise?
  • Do you have experts on call and ready to respond to a cyber incident?
  • Will the company be able to keep running in the aftermath of a serious cyber attack?

Cyber attacks are increasingly common and it’s not just large companies at risk, but businesses of all sizes.

Large businesses may have all the requisite controls necessary to deal with a cyber disruption, yet businesses of all sizes are at risk.  Get the protection and planning you need.

Average Investment in Cyber Security 2017/2018

  Micro/Small Businesses Medium Businesses Large Businesses
Mean Spend per year £2,220 £41,600 £149,000
Median Spend Per Year £152 £5,190 £24,700

You can see the difference in average spending on cyber security and this is reflected in the level of preparedness for cyber incidents by these various sized businesses. Charities spent significantly less than commercial business in all three size categories.

Whatever size your business and whatever it’s business, make sure you spend enough to ensure you are able to deal with cyber attacks and recover from them as too many businesses fold within months of such an attack.

The nature of your business may determine the dangers involved with online data and services and also the level of protection needed.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Problem of Automated Competition Services

If you host a competition on your website you may find that hundreds of emails or online entries appear but they all have the same format and just have a person’s name, phone number and address.

If there were any questions to answer in the competition they wont be in the submissions.

Q. What is going on?

It’s likely your competition has come to the attention of one or more online automated competition entry services.

These services charge people a monthly fee to enter them automatically into lots of competitions.

Services such as

  • Win24
  • WeWin4U
  • Prizewise
  • Prize500
  • PrizeDrawCentre

For some competitions maybe that isn’t a problem, but for others it can a big annoyance and even overwhelm the number of genuine entries by individuals.

One of the companies listed above guarantees each person at least 1,000 competition entries per year.

Automated competition entries are of little benefit to a website running a competition as there isn’t anyone looking at the website – just software.

How To Avoid Competition Spam

  • Don’t offer an email route to enter the competition – only through a form on the page
  • Don’t have a competition where only name and address are required to enter – include at least one question to be answered and preferably one or more questions that are open rather than having multiple choice answers
  • Use a form with a CAPTCHA to stop the automated entries
  • Consider making users login to enter your competitions, but you might lose some people that way
  • Make it a rule that automated/bulk entries will be disqualified and do disqualify any that get through

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature