Trusteer Rapport

Trusteer Rapport is a free security tool that’s often promoted by banks for online banking.

It’s advertised as an additional layer of security over and above anti-virus software. It is designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) or by phishing.

The software includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping; it attempts to protect users against the attacks know as:- man-in-the-browser, man-in-the-middle, session hijacking and screen capturing.

Trusteer Rapport is installed as a browser extension.

This all sounds very good, but there are reviews on the Internet suggesting that Trusteer can cause computers to run very slowly, cause conflicts with your already installed anti-virus software and cause browser crashes.

Various financial institutions have been distributing the software to their customers via internet banking services.

This has included:- Bank of America, Société Générale,Tangerine, INGDirect, HSBC,The Royal Bank of Scotland, CIBC, Ulster Bank, First Direct, Santander, Standard Bank of South Africa, Nedbank, Scotiabank and more.

It is usually good advice to follow your banks recommendations, but do be careful if you install Trusteer and report any problems immediately to your bank. .

September 20, 2018

The New Breed of Computer Takeover Compensation Scam

A computer takeover scam has been doing the rounds for years now, where a scammer will call, claiming to be from Microsoft or Virgin or

BT or a similarly well-known company, saying that your computer has been hit with a virus and that they can remove it for you remotely. When you let them take over your computer, they then try to take as much personal information as possible (logins, password, card payment details etc.) in order to steal your identity or steal from your accounts.

However, according to Financial Fraud Action (FFA) UK, scammers are branching out by impersonating other firms or organisations, and offering to help with a slow computer or internet connection, or even claiming your information has been hacked and you are due compensation.

The Scam

Once the victim has handed over remote control of their computer, the fraudster will tell the victim that they may be entitled to compensation, or put them through to a supervisor who will appear to make an offer of compensation.

The scammer will say that they are sending the money and ask the victim to log into their bank account to check that it has arrived.

But the fraudsters will put up a fake screen to make it appear that the money has arrived. Meanwhile they will be working away in the background to empty your bank account.

They may ask for a bank passcode to be sent by text, which they will claim is necessary in order to process the refund. In reality, they need this to set themselves up as a new payee from your bank account and take your money.

How to Protect Yourself

The FFA recommends following these steps to ensure you aren’t duped by this version of the scam:

be wary of any unsolicited approaches by phone offering compensation
do not let someone you do not know have access to your computer, especially remotely
do not log onto your bank account while someone else has control of your computer
do not share one-time passcodes or card reader codes with anyone
do not share your Pin or online banking password, even by tapping them into a telephone keypad.

If you are in doubt, then call the organisation back on a number you trust; if they are legitimate they will help.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

September 19, 2018

The eBAY Community

This is a website at https://community.ebay.co.uk/

“Welcome to the eBay Community … your community. It’s a meeting-point for eBay buyers and sellers to chat, ask questions, exchange advice and tips.”

“It is a discussion group for eBAY sellers and buyers to share useful information, ask each other questions, warn about scammers etc. and generally give feedback on anything eBAY that they wish to share..”

The site has:-

Answer Centre
Discussion Boards
Groups
Meet the Community Team
Community Content Policy
Board Usage Policy
eBay News
Safety Center
Feedback Forum
Buying Guides

The answer centre is filled with questions about everything to do with eBAY – and answers.

A check showed the most recent questions are to do with how do with:- can i block a specific address, refunds, Seller not replying about item guarantee, profile image, VARIATIONS BUTTON MISSING, Relisting fees, item becomes faulty, Location etc.

The eBAY café is a group for people who want to chat about anything vaguely connected to eBAY such as how to look after plants they bought on eBAY.

The eBAY community website is well used so it can be a useful resource for some who would rather deal with human beings than eBAY automated answers.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

September 17, 2018

The Netflix Free TV Scam

The email is titled ‘Information About Your New TV’.

“Recently, it was discovered that Netflix has more users than any other streaming service in the UK, and we would like to celebrate.”

“We have randomly chosen twenty five individuals to receive a brand new sixty five inch Samsung Smart television from us.”

That’s quite a catchy message and will make some people keep reading for how they get their free TV.

Click on the usual “Click Here” and you start the process which is four extremely easy questions for which everyone will get the answers correct and the page tells you that you are right and thanks you for answering.

Then all you have to do to get your new TV is either click to login to your account or click to make a new Netflix account.

If you click to login then you get a fake login screen and you are handing your login and password to the scammers who can sell that information and someone else will use your account at your expense.

If you click on the ‘Open a New Netflix Account’, this leads to a fake registration page. Once registered, you don’t get a Netflix account – just the scammers then sell your information and use it to make themselves a real Netflix account but with you paying the bills.

Either way, there is no free TV, just criminals scamming you.

Don’t be fooled – free TVs are not free.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

September 16, 2018

Stupidest Scam of the Week – Investment Portfolio

Mr. James Eric with the dumb email address of test @srijanafinance.com says he got our details from a real estate business directory.

That’s lies of course.

He claims to be a broker with high profile investors who are willing to fund us in any current projects we are undergoing as they want to expand their investment portfolio globally.

His return email is a personal one mr.jameseric1967 @gmail.com

So, he doesn’t know who we are or what we do but his investors want to give us money for any project.

They wouldn’t remain investors very long behaving like that – they would go bankrupt.

But it’s all just a pathetic phishing scam of course and maybe a 419 advance fee scam mixed in there as well.

Just a trap for the gullible.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

September 15, 2018

Time-Wasters Update

One of the hundreds of emails about photo retouching this month and it’s from lamppizza.com. Pizza places don’t usually go in for photo retouching. Just a scam.

Nola Clewer sent me what she claims is an invoice for my Microsoft Office 365 account. But I don’t have Office 365 so it cannot be a real invoice. Probably virus laden so I wont try opening it.

Try the 4 day Thyroid diet and lose all of that unwanted weight. No thanks – you can keep your ridiculous new fad diet.

“Super Freighter37 Years Ocean and Air Services” is a strange title for an email. The email continues in such broken English e.g. “We provide door to doot price”. Just a rubbish email looking for a reply but it wont get one from me.

Ahmed Abdul Ahmed says he has $20 million and wants me to have 60% for helping him to invest in my country. I just need to send him my mobile phone number to start the business. As he doesn’t know me, my name or even which country I live I it seems a rather unlikely offer unless he’s a scammer of course – which he is.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

September 14, 2018

Fake Email Address Traps

Brooklands Radio website includes several email addresses – for sales, website queries, music requests etc.

Hackers scan websites and collect email addresses which they can then sell. This is annoying as it means a flood of stupid spam and scam emails and once you’re on the spammers list you cannot get off it except by deleting your email account and taking up a new one.

Brooklands Radio added some fake email addresses to the website, to judge what spam and scam messages are common and to be able to identify such messages arriving at valid email addresses.

What Fake Email Addresses Should I Create?

It depends on what business you are in. For the radio station the fake email address “purchasing_manager” did the job and attracts a lot of scam and spam messages.

We have never given that email address to anyone, so we know that anything coming into the address is going to be rubbish.

The Purpose of Fake Email Addresses

They act as honey pots – luring scammers and spammers
They can reduce the volume of rubbish emails going to valid email addresses
You can monitor the scam and spam messages and learn what scammers are up to

Catchall Email Address

Some email services allow the use of a catchall email address, whereby any emails to the domain name but with an incorrect email address will be moved to the catchall email address. This makes it possible to see all incoming messages without the invalid ones clogging up valid email accounts.

The catchall email address shows clearly that spammers guess email addresses and then sell them as part of their email lists.

The creators of the spam lists either simply guess possible email address e.g. for the domain radiostatio.com they might invent accounts@ or sales@ or john.smith@ or paul@ or mary@ and so on. Then they sell these email addresses and the people who buy such poor quality email lists get ripped off paying for rubbish.

For the radio station, there’s about 30 invalid email addresses used by the spammers and scammers and floods of emails arrive at these addresses.

If your email service provider does not use a catchall address, then it is likely any messages to invalid addresses will be bounced .i.e. the recipient will get a message back saying that email account is invalid. You might think that will stop the spammer sending messages to those addresses – but they ignore such messages and carry on sending.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

September 13, 2018

Fake LinkedIn Emails

Action Fraud has received multiple reports of fake LinkedIn emails which lead to ‘malicious’ websites. The UK’s national reporting centre for fraud and cyber-crime has warned against clicking on any links in these emails.

These fake LinkedIn emails claim that your LinkedIn profile has appeared in multiple searches and provide links you can click on to get more details, but the links lead to malicious websites designed to steal your personal and financial details.

LinkedIn Advice on Phishing Emails

Fraudsters may use a practice called phishing to try to obtain your sensitive data such as usernames, passwords, and credit card information. These criminals impersonate legitimate companies or people, sending emails and links that attempt to direct you to false websites, or infect your computer with malware. LinkedIn will never ask you for your password or ask you to download any programs.

Possible warning signs of a phishing message:

Messages containing bad spelling, grammar, and that aren’t addressed to you personally.
Messages asking you to act immediately.
Messages asking you to open an attachment to install a software update.

To report phishing emails you’ve received, please forward the suspicious email to phishing@linkedin.com.

If you receive a message on LinkedIn and believe it’s a phishing attempt, you can report it by clicking the More icon and selecting ‘Report This Conversation’

You can also block that person from contacting you again.

The most common titles used in phishing emails are :-

Account Suspended
LinkedIn Closing & Termination of your Account
LinkedIn Profile Security Alert
YOUR ACCOUNT WILL BE TERMINATED!!!

Stay safe on LinkedIn

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

September 12, 2018

WordPress Owners Survey

Dan Moen carried out a survey in 2016 of people who have WordPress websites that have been attacked, seeking to understand why and how the attacks were being made. 1,032 people responded to the survey.

The most telling statistic is that 61% of respondents didn’t know how the attacker compromised their website.

This is of concern as if you don’t know how the attack was made it is difficult to be sure you have blocked a repeat.

For the site owners who did figure out how the attackers entered, there are two main fidnings:-

Plugins Are A Big Risk

Plugins play a big part in making WordPress very popular and very useful and there are tens of thousands of plugins available for WordPress. But you obviously need to be careful with them, as plugin vulnerabilities represented 56% of the known entry points reported by respondents.

Brute Force Attacks Are A Big Problem

A brute force attack is a password guessing attack. The attacker needs to both identify a valid username on your website and then guess the password for that username. This type of attack is a huge problem, representing 16% of known entry points.

How to Protect Your WordPress Site

Don’t Use Obvious Usernames

Every WordPress site has an administrator login and this should be renamed as administrator or admin are too easy to guess and the most used in brute force attacks.

Make the login something impossible to guess and not used elsewhere on the site.

Add Security Plugins

e.g. WordFence, Jetpack etc. which typically use these kind of features:-

Enforce strong passwords
Lock users out after a defined number of login failures
Lock out users after a number of forgot password attempts
Lock out invalid usernames

Keep Plugins updated

Reputable plugin creators fix any vulnerabilities quickly when discovered. By keeping them up to date you insure that you benefit from fixes before attackers can exploit them. Check for updates at least weekly if your WordPress website does not do this automatically.

Only download plugins from reputable sites

If you are going to download plugins somewhere other than the official WordPress repository, you need to make sure the website is reputable. One of the easiest ways for attackers to compromise your website is to trick you into loading malware yourself. An attacker will do this by setting up a website that looks legitimate and getting you to download a compromised plugin.

Keep your WordPress website safe.

If your website has been attacked – let me know the details and the outcome by email.

September 11, 2018

The Bitcoin Loophole Scam and Fake News

You may have seen adverts for Bitcoin Loophole or even read the website entries about how two guys won over the Dragons Den (BBC TV) for Bitcoin Loophole.

Hers’s part of the sales pitch:-

Two best friends from university pitched their idea for an automated bitcoin trading platform, called Bitcoin Loophole. The idea was simple: allow the average person the opportunity to cash in on the bitcoin boom. Even if they have absolutely no investing or technology experience.

A user would simply make an initial deposit into the platform, usually of £250 or more. The user should open a position on Bitcoin and let the trend do the work for him.

Deborah Meaden deposited £250 live on the show then account management helped her opened up a position on Bitcoin so she could buy low and sell high.

Peter Jones said “Bitcoin is so hot right now and if even somebody like Deborah, no offence Deborah, can make money from it, I’m all in. I need to have a piece of this. I’m going to make a huge offer, £2 million for 25% of the company.”

Before the entrepreneurs even had a chance to respond to Jones’s offer, Deborah Meaden interrupted and said with a smile on her face: “I’ve gone up to £398.42 after just 8 minutes”.

Although at this point all 5 Dragons were ready to invested, a bidding war quickly emerged between Touker Suleyman and Peter Jones. Suleyman improved on Jones’ offer, by £2.5 million for 25%, whereas Jones hit back with a revised valuation of £2.5 million for 20%, effectively valuing the company at £12.5 million.

Then some quotes apparently days after the show.

“Bitcoin Loophole has been the greatest investment I’ve ever made! The business has been growing at over 2,400% this year alone. And as a user of the platform, my Bitcoin trading profits have increased by 320% on virtual autopilot.” – Peter Jones

“Bitcoin Loophole has revolutionised the world of investments for me. I’ve almost completely abandoned my normal stock portfolio in favour of Bitcoin trading. With the use of Bitcoin Loophole, you can make more money, faster, easier and with absolutely no prior bitcoin or investor knowledge.” – Tej Lalvani

And so it goes on for pages becoming more and more ecstatic over how much the Dragons love Bitcoin.

The final pitch is to get you to sign up immediately so as to not miss the opportunity.

This is a good example of fake news as the whole thing is written to look like a news item but is completely fake.

The websites showing the fake news items are also fake – deigned to look like news sites and with logos stolen from reputable news organisations.

IT’S ALL FAKE

Peter Jones and others have publicity denounced these fake stores and Bitcoin Loophole as a scam.

Do not be taken in by fake news and scams and do not invest in anything without professional advice or at least checking for yourself that it is genuine.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.