Category: Warning

Warning: Chain letter Scams

Chain Letters used to be very common as physical letters , in the days before home computing. These do still exist but almost all chain letters these days are by email.

We’ve all received email chain letters – urgent messages that warn us of computer viruses, social media fraud, money making opportunities, urgent charity requests etc. Typically, these emails will exhort you to add your name and forward them to other people – DO NOT. Press the Delete button instead.

Some chain letters can be amusing, but others may contain security threats – viruses or phishing attempts etc.

In recent years, they have appeared on social media as well. Some are carefully crafted and similar to the physical letters but some are very different, consisting of just a few lines directly pitching “Money for Nothing” schemes unashamedly. It is surprising that people fall for these such obvious frauds but some do.  Unfortunately people are so used on social media to just retweeting or reposting without thought that these frauds can circulate quickly.

There are 5 main categories of chain letter:-

  1. A sick child story. A story about how the child needs expensive treatment that the parents cannot afford. The message asks you to donate and to pass on the message so more people can donate.
  2. Fake warnings e.g. that Facebook accounts can all be hacked within seconds or that a new virus is spreading or that an email with a specified title can wipe out all of your files etc.
  3. Big money. A promise of a large financial reward if you take a list of specified steps. This is backed up by a celebrity name e.g. Bill Gates recommends this or Beyonce swears by this etc. Sign up and also your friends but only if you act fast. Always fake.
  4. Petitions, which can be for something obvious such as ban all whaling or can be something very specific. In any case, the idea is to get your name and address which can then be used for a variety of fraudulent purposes.
  5. These used to be very common but less so nowadays. The idea is to threaten bad luck if you don’t pass on the message.

Never forward any message you are unsure about.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

The Danger of Online Pharmacies

An increasing number of people buy their prescription medication on the Internet (with or without a prescription). Often this is because it can be cheaper but also at times because the person believes either they can get the medicine they want without a prescription or that it may be easier to convince someone online to give them what they want.

The big problem with online pharmacies is that many are unregistered and that means unregulated, so buying from them is potentially unsafe. The drugs they provide may be unsuitable for the patient or unsafe or be badly or unhygienically produced – you don’t know what you will get.

Medication should only be taken under the supervision of a healthcare professional as their guidance and knowledge of your state of health is crucial in ensuring you get the safest medications.

For prescription-only medicines, an online pharmacy must receive a legally valid prescription before dispensing the medication. This means you’ll either need a paper prescription or an electronic prescription via the Electronic Prescription Service from your GP.

Some sites do offer prescriber services, where provide a consultation with a medical practitioner who can write prescriptions.

It can be difficult to distinguish between registered online pharmacies and other commercial websites. The General Pharmaceutical Council operates an internet pharmacy logo scheme to identify legitimate online pharmacies and you should only buy from registered pharmacies. However, some illegal online pharmacies fake the logo so you have to check carefully.

Check if a website can legally sell medicines online

Search the Medicines and Healthcare products Regulatory Agency (MHRA) register to check if a website is allowed to sell medicines.

You can search the register by the business:

https://medicine-seller-register.mhra.gov.uk/search-registry

If you have any experiences with online pharmacies do me know, by email.

Fightback Ninja Signature

Surrey Broadband Scam

Surrey Police are urging people to be wary of phone calls leading to scams and victims have recorded more than £180,000 in losses to these scams within months.

e.g. an elderly lady from Surrey was phoned by a man claiming to be from BT and he had called to warn her that they were going to turn her Internet connection off for 24 hours  for improvements.

He directed her to a website to download some test software and informed her that compensation would be paid. He just needed her bank details to make the transfer. With that information, the scam moved up a gear and he convinced her to transfer all the money in her account to one he controlled.

The Police warn that these callers target the elderly and will take any money they can get.

They also warn everyone to be careful on receiving an unsolicited call-

  • Do not give financial details to anyone by phone
  • Do not make payment for a service you did not request
  • Do not allow anyone to have remote access to your computer
  • Trust your instincts – if unsure then end the conversation

If you have any experiences with such scams do let me know, by email.

Fightback Ninja Signature

Domain Names Offered

The domain name for your business is an important choice and it should be protected against hackers trying to steal the domain name or the customer traffic it gets.

Once you have a domain name e.g. mybusiness.co.uk then you face the choice of whether it’s worth buying the same name with different extensions e.g. mybusiness.com, mybusiness.uk, mybusiness.london etc.

If you think you might lose customers to other variants on your domain name, then it may be worth the extra small cost to buy more domain names and redirect the traffic from them to your main site, otherwise it could be pointless.

Some people specialise in buying and selling domain names.

They have two basic ways of working-

  1. They look for variants on high profile web site names and see if they can buy any similar names. These might be misspellings on the original name or very similar names or the same name with different extensions etc. They buy up any they think will sell for a high price.
  2. They do as above but don’t actually buy any domain names.

They can then contact the owner of the high profile web site and offer to sell them the variants and spin a story on how it is essential for the owner to buy all variants on the name.

For the ones who take the risk and buy the domain names, it’s a little akin to blackmail but they take a risk and see which ones pay off and it is legal.

For those who don’t risk their own money (i.e. don’t buy the domain names and just pretend to have them) it is legal but more of a con as the owner can just buy the domain names they want directly without having to pay an inflated cost from the scammer.

If you have any experiences with phishing scams do let me know, by email.

Fightback Ninja Signature

Spreadsheet Macros

Scammers send out huge volumes of emails containing malware attachments and they try to get the recipients to open those attachments. Some of these contain programming code which activates as the file is opened, so this can be dangerous

You can avoid attachments that are actually programmes, but spreadsheets are very useful for financial documents e.g. invoices and statements.

Microsoft Excel spreadsheets usually have the file extension .xls but ones that contain macros are usually .xlsm

Macros are Excel programming code and can contain malware so you need to be beware of these.

e.g. an email claiming to be from Bank of America with a confirmation notice in the format of a spreadsheet with macros i.e. .xlsm format.

Some email systems will automatically turn off automatic macro activation and some anti malware services will do this, but best to be sure by not opening the attached file, however much you may want to know what’s in it.

One particularly nasty phishing campaign used spreadsheets with macros to install a remote access trojan  on the computer’s system. This trojan is known as Grace Wire or Flawed Grace.

That software then steals information from the system and sends it back to the scammer. The attachment also contained malware downloaders that install Dridex and Trick banking trojans.

Do not open attached files unless you are certain they are safe.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Drive-by Downloads

Generally on web pages, you have to click a link or a button or do something to enable the page to download malware to your device.

But, if your software is sufficiently out of date or missing security updates, then  it may be possible for a web page to initiate a download of malware without you taking any action and it may not warn you of the download.

This can be very dangerous.

Anti-malware services can generally spot such danger and block the download but the key is to always keep your software fully up to date.

Common drive-by exploits

Hackers looking to create drive-by malware, generally look at the following:-

  • Old operating systems
  • Browsers such as FireFox, Chrome, Opera, and others, especially out of date versions
  • Out of date browser plug-ins
  • Early versions of Microsoft Office
  • Adobe/Shockwave Flash (ActiveX)
  • Adobe Reader
  • WinZip compression

The types of drive-by malware commonly found include:-

  • Trojan horses – these take remote control of the user’s device
  • Ransomware—allows the attacker to encrypt or threaten to destroy data on the device unless a ransom is paid
  • Botnet toolkits—attackers may install a botnet application that on many devices which can then be controlled as one to carry out actions such as sending spam email or participating in DDoS attacks
  • Man in the Middle tools—enables attackers to eavesdrop on the user’s communications
  • Keyloggers—capture keystrokes and feed them back to the hacker.

If you have any experiences with scammers, spammers or time-wasters do let me know, by email.

Fightback Ninja Signature