Marriot Hotels Data Breach

The personal information of Marriot Hotel group customers has been hacked. This started in 2014 and has only just been found out.

It may affect up to 500 million people. The company do not yet know the exact number but they have started to email all those thought to have been affected.

Marriot is providing all US, Canadian and British customers with free use of the WebWatcher internet security service which can monitor your Internet devices.

The data stolen includes name, address, phone number, email address, passport number, date of birth, hotel stay information and possibly more. It also includes financial information for some customers.

This is an extremely serious data breach and may lead to financial theft and identity theft.

Law enforcement agencies are investigating what happened but it may time for the picture to become clear.

Many hackers use a long slow approach to siphoning out data from a company and it can very difficult to determine exactly what they took.

If your data has been stolen then you will be contacted by Marriot.

However, scammers will also send out fake messages claiming to from Marriot about the data breach so if you have been a Marriot customer since 2014 then be careful with any messages or calls you receive.

What Can You Do?

  1. Check the website setup by Marriot about this at
  2. You can call their support line on 0808 189 1065 if concerned
  3. Check your payment card transactions regularly and look for anything out of the ordinary
  4. If your login and password have been used on other accounts then consider changing them

If you have had any problems with your data being compromised – do let me know by email.

Fightback Ninja Signature

Latvian Virus King Sentenced

Ruslans Bondars, a 37-year-old Latvian citizen, was convicted of conspiracy to violate computer crime laws, commit wire fraud, and computer intrusion with intent to cause damage and sentenced to 14 years in prison.

He is the creator of a notorious service called scan4you that helped malware authors avoid detection by anti-virus software.

He charged criminals a monthly fee and his service allowed them to upload their latest malware to receive a report on whether any of a wide range of anti-virus products would detect it as malicious.

Although Scan4You was not the only counter anti-virus service operating on the web, it became the most popular amongst online criminals.

One of the most infamous pieces of malware which took advantage of Scan4You’s service was the Citadel malware, which was then used to steal tens of millions of customer credit card details from US retail giant Target.

Citadel is thought to have infected millions of computers worldwide, inflicting hundreds of millions of dollars worth of damage.

Scan4You was advertised on online criminal forums and even offered technical support to its paying customers.

Bondars, who has also been linked to pharmaceutical spam campaigns peddling illegal prescription drugs, and assisting in the distribution of banking trojans, told the court that he felt “ashamed that some of the website users used it for such terrible things.”

Good riddance, at least for 14 years.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Inbox Pounds Scam or Not

Inbox Pounds is a way to make money for simple activities online including

  • Filling in surveys
  • Reading emails
  • Searching the web
  • Playing bingo
  • Shopping online

There are numerous companies offering money for filling in surveys but Inbox offers alternatives as well.

Does it pay up?

There seem to be more than a few people who have been paid by Inbox Pounds so that seems genuine.

The payments per activity are very very low so this is not a way to make any serious money – it seems more appropriate for people who spend a lot of time online and enjoy filling in surveys etc. They get a little extra money and if that’s all you want then maybe it will work out.

The adverts do make it clear that you have to accumulate a reward of £20 before you can cash out and reputedly that takes a long time to reach, plus if you become inactive for a period they will close your account.

So, as long as you don’t expect to make a lot of money easily – you might try Inbox Pounds but it is certainly not recommended.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

New Banking Code on Fraud

A new code of conduct has been created but it is not binding in law yet, so really it’s just a set of guidelines.

This has been created by the Payment Systems Regulator after Which? raised a super-complaint about the banks treatment of people defrauded in push payment scams. These are the scams where the victim transfers money to a scammer from their bank account. The banks consider these to be largely the victim’s own fault and hence not their responsibility. But many disagree and believe the banks should identify and stop these payments where possible and make it more difficult for scammers to get away with these frauds.

The issue of who pays compensation and under what circumstances has not been resolved – when should the banks compensate the victims of push payment fraud?

Figures from trade association UK Finance show that in the first half of 2018 consumers lost £92.9 million because of this type of fraud.

The guidelines propose the principle that where the victim of such a crime has met their requisite level of care, they should be reimbursed.

The draft code has been published by the APP Scams Steering Group, made up of industry and consumer group representatives. It has been open for consultation.

It said there may be instances where a victim of this type of fraud has met their requisite level of care, and so should be reimbursed, but no bank or other payment service provider involved has breached their own level of care.

It will work to identify “a sustainable funding mechanism” through which to reimburse consumers in such a scenario.

Under the draft code, banks and other payment service providers would take measures to tackle APP scams, such as:

  • Detecting APP scams through measures such as analytics and employee training;
  • Preventing APP scams from taking place by taking steps to provide customers with effective warnings that they are at risk;
  • Responding to APP scams, for instance, by delaying a payment while an investigation is conducted and, if necessary, carrying out timely reimbursement.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Kyani Superfoods

Kyani sell food supplements and that’s fine. Maybe they are good supplements or maybe there are better ones on the market.

But, Kyani is really a network marketing business.

“With Kyani’s unmatched Dream Car Program, exotic retreats and lucrative compensation, Kyani helps you create the lifestyle you’ve always dreamed of.”

The spam emails about Kyani do mention the food supplements but most of the sales pitch is about becoming a partner and having a rich lifestyle.

What they want is for you to become a Kyani ‘business partner’ which means an unpaid sales person for their business. For you to buy into the dream they peddle of riches for little effort. But it is they who become rich from your efforts – not you. To make the riches you are told to bring in more and more people to also become business partners i.e. people who pay Kyani.

To be a partner, you have to buy the products from Kyani then sell them on to others.

This is very low risk for Kyani but high risk for you. If you don’t manage to sell the products – well, you paid for them and are stuck with them.

For same people, this kind of network marketing is what they like and can do well, but for most it turns out to be a disaster and an expensive one.

Kyani is a legitimate company with legitimate products, but do beware that the chances of becoming rich through Kyani are exceedingly slim.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Shed That Wasn’t a Top Restaurant

This is the story of how a back garden shed became the number one rated restaurant in London according to TripAdvisor.

The guy who did this did lots of jobs including writing fake reviews on TripAdvisor for restaurant owners who paid him £10 a time.  One day, sitting in his shed, he wondered if it was possible to create a fake restaurant on Trip Advisor and push it up the rankings to number one.

Setting Up the Shed – April 2017

To get your restaurant on Trip Advisor you just fill in the details online and give a phone number, address, description etc. – all easily done. He didn’t give the proper address – just the street where he lived and described The Shed as an appointment-only restaurant.

Next he bought a suitable Internet domain name and setup a website for the non-existent restaurant called The Shed.

He knew that to create interest he needed something original and pretentious – such as naming all of the dishes after moods. So, he created pretentious descriptions of the restaurant and the food with ridiculous photos of these mood dishes using shaving foam and anything to hand. One photo is of a fried egg on his bare foot. Clipped so you cannot tell it’s a foot. Crazy stuff.

Getting the Shed to Number One

At first on Trip Advisor it was ranked at 18,149 i.e. the bottom of the list.

He got friends to start adding rave reviews of The Shed and that’s how Trip Adviser works so The Shed started to rise up the ranks despite the fact that no-one had ever eaten a meal there – it was just his garden shed.

People started to phone to make bookings – and were told it was fully booked for months ahead.  People were attracted by the fact it was brand new, little was known about it and it seemed to be difficult to get a table there.

People in his street would stop him and ask for directions to The Shed and the phone kept ringing with people keen to make bookings.

Six months after he started his fake restaurant, The Shed achieved number one status on Trip Advisor.

He did tell TripAdvisor of his ‘experiment’ and their response by email was:- “Generally, the only people who create fake restaurant listings are journalists in misguided attempts to test us. As there is no incentive for anyone in the real world to create a fake restaurant it is not a problem we experience with our regular community – therefore this ‘test’ is not a real world example.”

Fair enough. But do beware of reviews that may have been written for less than honest reasons.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature