Category: Warning

Fake Designer Goods

Market stalls, tourist spots, high streets, beaches, the Internet – all places where you are likely to come across people selling fake designer goods.

But is there any harm in nabbing a pair of “Louboutins” from a market, or a “Chanel” handbag from a girl selling them on a foreign beach?

The answer depends a lot on the situation and what the buyer expects. If you make an impulse buy in a tourist market and pick up fake perfume – as long as you know it’s going to be fake then that’s up to you. Whereas if you invest a lot of money in an APPLE iPhone believing it to be genuine but at a bargain price and then find out the item is a cheap knock-off – you’re not going to be pleased.

The argument that by buying fakes you are doing the legitimate business out of their sales is true sometimes but most people are never going to buy the expensive designer goods and buying something that looks expensive but was cheap may be harmless fun.

Fake goods do damage the reputation of the legitimate companies and chances are the fakes are made in much worse factories and conditions than the genuine articles, so should be avoided for that reason alone.

The National Fraud Intelligence Bureau advises consumers to avoid buying fake goods because “you’re helping the trader to break the law”. “Many fraudsters use the proceeds from selling counterfeit goods to fund drug dealing or other types of organised crime”

“In 2010, Louis Vuitton initiated 10,673 raids and 30,171 anti-counterfeiting procedures worldwide, resulting in the seizure of thousands of counterfeit products and the breaking up of criminal networks.”

“So long as people know what they’re getting, there’s really no need to get worked up about it.”

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Fake Trip Advisor Reviewer Jailed

An Italian has been jailed for selling hundreds of fake TripAdvisor reviews.

The owner of an Italian business (Promo Salento) that sold fake TripAdvisor reviews has been sentenced to nine months in prison. He posted favourable reviews on behalf of hundreds of restaurants and was sentenced by a court in Italy and also ordered to pay around €8000 euros (£7,100) in damages and legal costs.

The unnamed businessman submitted over 1,000 paid-for reviews to TripAdvisor, pretending to be satisfied diners. He charged restaurants €100 euros for 10 reviews.

The court in Puglia ruled that writing fictional reviews using a false identity is criminal conduct. Paid review fraud is illegal in EU countries, but this is the first case to result in a jail term. TripAdvisor hailed the result as “a landmark ruling for the Internet”.

TripAdvisor said that writing fake reviews has always been fraud, but this is the first time we’ve seen someone sent to jail as a result” – Brad Young, the company’s vice-president, in a statement. He also said that since 2015, they’d put a stop to the activity of more than 60 different paid review companies worldwide.

TripAdvisor is the world’s biggest travel website with more than 600 million reviews covering accommodation, airlines, museums and restaurants. The quality of the customer reviews is essential to TripAdvisor and there has been bad publicity over fake reviews at times with complaints that TripAdvisor doesn’t do enough to weed out the fake ones.

There has been the development of a market for businesses offering reputation management which can them include writing good reviews and submitting negative reviews of their competitors.  This not legal but is difficult to prove.

As an experiment, a Vice journalist wanted to see if he could get a ridiculous non existent restaurant to rank high on TripAdvisor.

He selected his garden shed, called it “The Shed”, created a pretentious website and made photographs of ridiculous looking food – largely created with shaving foam, colourants and anything to hand. Then using friends he created so many top reviews that his shed became the number one restaurant in London according to TripAdvisor.

Oh dear, TripAdvisor.

Almost all reviews on TripAdvisor and similar sites are believed to be real, but do beware the fakes.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The New Breed of Computer Takeover Compensation Scam

A computer takeover scam has been doing the rounds for years now, where a scammer will call, claiming to be from Microsoft or Virgin or

BT or a similarly well-known company, saying that your computer has been hit with a virus and that they can remove it for you remotely. When you let them take over your computer, they then try to take as much personal information as possible (logins, password, card payment details etc.) in order to steal your identity or steal from your accounts.  

However, according to Financial Fraud Action (FFA) UK, scammers are branching out by impersonating other firms or organisations, and offering to help with a slow computer or internet connection, or even claiming your information has been hacked and you are due compensation.

The Scam

Once the victim has handed over remote control of their computer, the fraudster will tell the victim that they may be entitled to compensation, or put them through to a supervisor who will appear to make an offer of compensation.

The scammer will say that they are sending the money and ask the victim to log into their bank account to check that it has arrived.

But the fraudsters will put up a fake screen to make it appear that the money has arrived. Meanwhile they will be working away in the background to empty your bank account.

They may ask for a bank passcode to be sent by text, which they will claim is necessary in order to process the refund. In reality, they need this to set themselves up as a new payee from your bank account and take your money.

How to Protect Yourself

The FFA recommends following these steps to ensure you aren’t duped by this version of the scam:

  • be wary of any unsolicited approaches by phone offering compensation
  • do not let someone you do not know have access to your computer, especially remotely
  • do not log onto your bank account while someone else has control of your computer
  • do not share one-time passcodes or card reader codes with anyone
  • do not share your Pin or online banking password, even by tapping them into a telephone keypad.

If you are in doubt, then call the organisation back on a number you trust; if they are legitimate they will help.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

WordPress Owners Survey

Dan Moen carried out a survey in 2016 of people who have WordPress websites that have been attacked, seeking to understand why and how the attacks were being made.  1,032 people responded to the survey.

The most telling statistic is that 61% of respondents didn’t know how the attacker compromised their website.

This is of concern as if you don’t know how the attack was made it is difficult to be sure you have blocked a repeat.

For the site owners who did figure out how the attackers entered, there are two main fidnings:-

  1. Plugins Are A Big Risk

Plugins play a big part in making WordPress very popular and very useful and there are tens of thousands of plugins available for WordPress. But you obviously need to be careful with them, as plugin vulnerabilities represented 56% of the known entry points reported by respondents.

  1. Brute Force Attacks Are A Big Problem

A brute force attack is a password guessing attack. The attacker needs to both identify a valid username on your website and then guess the password for that username. This type of attack is a huge problem, representing 16% of known entry points.

How to Protect Your WordPress Site

  1. Don’t Use Obvious Usernames

Every WordPress site has an administrator login and this should be renamed as administrator or admin are too easy to guess and the most used in brute force attacks.

Make the login something impossible to guess and not used elsewhere on the site.

  1. Add Security Plugins

e.g. WordFence, Jetpack etc. which typically use these kind of features:-

  • Enforce strong passwords
  • Lock users out after a defined number of login failures
  • Lock out users after a number of forgot password attempts
  • Lock out invalid usernames
  1. Keep Plugins updated

Reputable plugin creators fix any vulnerabilities quickly when discovered. By keeping them up to date you insure that you benefit from fixes before attackers can exploit them. Check for updates at least weekly if your WordPress website does not do this automatically.

  1. Only download plugins from reputable sites

If you are going to download plugins somewhere other than the official WordPress repository, you need to make sure the website is reputable. One of the easiest ways for attackers to compromise your website is to trick you into loading malware yourself. An attacker will do this by setting up a website that looks legitimate and getting you to download a compromised plugin.

Keep your WordPress website safe.

If your website has been attacked – let me know the details and the outcome by email.

Fightback Ninja Signature

How to Stay Safe on Public WI-FI

The first piece of advice is to avoid public Wi-Fi completely.

A public Wi-Fi network is inherently less secure than your home or office Wi-Fi because it is publicly available.

If you do need to use public Wi-Fi then pick one which needs a password and do not carry out any financial activity or buy anything or access your email or do anything else needing passwords.

If you want to be secure when using public Wi-Fi you will need a VPN (Virtual Private Network) installed on your devices.  These encrypt all communications between your devices and their target websites etc.

They also let you browse websites without anyone being able to track your location and activities.

Alternatively you can take your own Wi-Fi with you by using your mobile phone to create a Wi-Fi hotspot for your devices.

Points to Remember

  1. Leave Wi-Fi turned off until you need it.

When you’re finished working online, turn it off again.

  1. Turn Off File Sharing

If you have file sharing of any kind enabled then turn it off while on public Wi-Fi as it could be copying your confidential information to the Internet unencrypted.

  1. Keep Your Antivirus and Antimalware Up to Date

You must have anti-virus and ant-malware installed and make sure to keep them up to date or their effectiveness will diminish.

  1. Use https Websites where Possible

Https access is safer than http access so stick to those websites that have https versions where possible.

  1. Don’t Leave Your Devices Unattended in Public

You don’t want some accessing your laptop, smart phone or other device. Even if they don’t steal it, they may access your information or install a malicious APP

Stay Safe.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Warning – Web Coin Mining on Your PC

For normal physical currencies, each country has an appointed currency maker – such as The Royal Mint in the UK that makes currency for the UK and several other counties. But with cyber currencies – who makes it and how?

The creation of new coins is called “mining” and involves large amounts of computer processing and this increases as more currency is created. For Bitcoin, the effort involved in making new currency means very few can manage it.

But, if you could somehow spread that computer processing demand out among thousands or even millions — of unknowing user’s computers, it would make mining a lot cheaper and possibly quicker.

This is exactly what some websites are doing. They use your CPU to mine cryptocurrencies like Bitcoin without your knowledge.

This can happen to you simply from visiting a website that uses JavaScript to start using your CPU for processing.

There are other methods but this is the most common and can be avoided if your browser has JavaScript disabled – but that will also block the functionality on some popular websites.

How to know if this has happened to your computer?

It’s not easy to identify unless your PC is suddenly very very slow and the CPU seems extremely busy while doing nothing.

Some websites can quietly use your CPU to mine cryptocurrency and they limit they effect on your work so you wouldn’t know unless you went out of your way to find out.

On a windows PC you can press CTRL, ALT and DELETE at the same time then select Task manager and see the CPU utilisation levels.

But if in doubt, the easiest remedy is to reboot your computer.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Parisian Gold Ring Scam


Paris is a beautiful city and generally it’s a very safe city to visit.

But it does have some notorious scams that regularly happen to tourists.



You’re walking along noticing the sights and see someone apparently pick up something from the ground.

They seem to have a ring and they come over to you and show their good fortune as they’ve just found a gold ring on the ground.

They ask if it’s yours.


Then they offer to sell it to you for maybe 50 Euros.

If you’re not interested then the price drops and keeps dropping as they will probably agree to just 10 Euros for the ring.

But even that is a bad deal as the ring is just cheap metal with gold colouring.

Don’t pay these scammers anything.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

The Impact of Cyber Attacks on Business

The impact of cyber-attacks can be bruising for a business with both short and long term effects to consider.

A 2016 survey of 428 businesses that have suffered cyber-attacks in the previous months.

You can see from the statistics above for 2016, that the biggest impact reported by businesses that have suffered from cyber-attacks is the provision of new measures to prevent further attacks. This can be costly but is essential to protect against further attacks.

There are the short term issues:-

  • Bringing in expert technical staff to find out how the attack happened
  • Technical expertise needed to start to build defences against further such attacks
  • Extra staff to deal with recovery, communications with customers, legal ramifications etc.
  • Disruption to staff and service to customers

Then there are the long term effects:-

  • Reputation damage
  • Steps needed to restore reputation and customer confidence
  • Share price

It is better to build strong defences against cyber-attacks than simply trust to luck.

It is prudent to have plans in place for how to deal with such attacks as the FBI now say that it’s not a question of whether any organisation will be attacked, but simply when.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

The SIM Swap Scam

If you access a website and have forgotten the password, there is usually a link labeled ‘Forgot Your Password’ or similar and if you click the link they will send you a password reset request by email.  You click the reset request in the email message and reset your password.

Now, if scammers can get hold of such an email message, then they can reset your password and lock you out of your own account and you will have great difficulty getting your account back.

This situation is becoming more dangerous as many people and businesses rely on mobile phones for proof of identity. e.g. your bank may send you security numbers to type into your account to prove your ID but if scammers can access your phone and read your messages, they are in control.

The SIM Card Swap

Unless you have leave sufficient information openly online for scammers to break your password, then their usual approach is called social engineering.

This means to take advantage of people’s trust. So they will research your information online and use what they find to convince a mobile phone shop worker (or customer service worker) to cancel your current SIM card (I lost it) and activate a new one.

They will then have access to your messages, contacts list etc.

Then they try to access your bank account and shopping accounts.


To be safe, you need to limit the amount of personal information that is available about you online. Anything you make public can be read by criminal’s intent on defrauding you or stealing your identity.

Text messages are very useful, but remember that they are not encrypted and can potentially be read by anyone.

You can use APPS that encrypt the data such as iMessage, WhatsApp, Signal, etc. for anything that must be kept private.

If there is any suspicious activity on your account or you receive suspicious calls, then contact your bank or phone company.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature