The Google Photos Scam

This is a simple phishing scam.

The title of the email is “Your photo takes first place”.

It has a Google photos logo and specifies that you have 2 albums and 9 photos on Google Photos.

Then it offers a further 1GB of space on Google Photos free of charge.

Sounds good but it’s a scam of course.

If you click the link then it asks you to confirm your login and password first, but that’s on a fake login page and it sends your details to the criminal behind this scam.

It should be obvious that this is a scam message from the fact that the email is sent from an address that cannot be Google, such as ddgre5f2avf

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Stupidest Spam of the Week Professional Listings

Yippee! Who’s Who in America say I have been nominated as a biographical candidate for the next edition and the first phase of my assessment has been passed.

They say they obtain information from executive listings and professional listings but I need to complete my profile for the next step.

Most people use social media and website entries etc. for looking up information on professional people rather than searching Who’s Who or anything similar. Their day ended when we all moved online.

The sales pitch in the email is laughable.

E.g. “the biographical data comes from the most authoritative source – the biographees themselves”.

That means people can make up whatever they want for inclusion, so that sentence dooms the publication to be a fantasy document.

The whole thing is just a Marketing exercise – trying to get personal information from people then charging for a high profile inclusion in their publication rather than a standard entry.

The message sender doesn’t even know my name – the message starts with ‘Dear Valued Candidate’.


To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Time-Wasters Update

Medic Feet” the new solution to any pain problem. Use the magic of acupuncture but without needles. You just wear these special sandals and all pain will vanish.  There’s lots of sandals on the market with pressure bumps that stimulate acupuncture points and it’s possible they will help some people’s circulation etc. but they cannot be honestly described as the solution to all pain. Never buy from idiots who promise far too much. 

A typical phishing email arrives titled “Attn: Verify Your Records”. It claims that’s due to Equifax’s latest security breach, my records have been compromised and I must login to verify. The email is from which is obviously not Equifax. No thanks.

The Bible Has Cracked The Code for Longer Life”. There are lots of these crackpot emails aimed at Bible believers and this one says the bible mentions a specific nutrient that inhibits aging and can reverse todays deadliest diseases. You just have to click the link to get full details. Typical brainless rubbish.

There seems to be a permanent battle in the USA between those wanting everyone to have open access to firearms and those who want more controls on who and when people can have such weapons.  A latest set of emails exhort people to take out a concealed weapons permit before the government makes it more difficult. The email explains that anyone can fill in the fast track online form and will get a concealed weapons permit unless they are an illegal drug user or have a criminal record.  Is it really that easy? Who knows? But it is madness to try to push people to get further into weapons use without very good reason.

A new summer heat busting portable AC device claims to be taking the United States by storm.  And of course you need to get one before they are sold out. Some of these messages are just spam adverts by people who have bought up a batch of portable AC device but many are scams – no products to sell, just someone who wants your name, address and credit card information. Only buy from reputable sources.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Email Verifier Website

The website at ( is very simple and has two services:-

  1. To verify an email address
  2. To check a phone number to see if it is an automated service (known as a robocaller)

There is no explanation on the website of how these checks are made – they are assumed to be checking the entered phone number or email address against industry blacklists, but that could be wrong.

You enter an email address and get either ‘Email is Valid’ or ‘Email is Invalid’ response with no explanation.

Or you enter a phone number and either get ‘Phone number is clear’ or ‘This phone number is a robocaller’ response.

The website also doesn’t state whether it does anything with the phone numbers and email addresses entered – maybe they are added to blacklists or maybe not.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Cyber Security Checklist

IT Governance is a leading global provider of cyber risk and privacy management solutions, with a special focus on cyber resilience, data protection, PCI DSS, ISO 27001 and cyber security.

  1. Staff awareness training

Human error is the leading cause of data breaches, so you need to equip staff with the knowledge to deal with the threats they face.

Staff awareness training will show staff how security threats affect them and help them apply best-practice advice to real-world situations.

  1. Application security

Web application vulnerabilities are a common point of intrusion for cyber criminals.

As applications play an increasingly critical role in business, it is vital to focus on web application security.

  1. Network security

Network security is the process of protecting the usability and integrity of your network and data. This is achieved by conducting a network penetration test, which scans your network for vulnerabilities and security issues.

  1. Leadership commitment

Leadership commitment is the key to cyber resilience. Without it, it is very difficult to establish or enforce effective processes. Top management must be prepared to invest in appropriate cyber security resources, such as awareness training.

  1. Password management

You should implement a password management policy that provides guidance to ensure staff create strong passwords and keep them secure.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature