The Browse Safely App Scam

Google Chrome Safe Browsing offers protection against malicious websites – it warns you if you are about to navigate to a dangerous website or to download something dangerous.

AVAST anti malware offer their Secure Browser extension for the most popular browsers for Windows and Mac.

Other anti-virus and anti-malware companies offer similar facilities – designed to stop malware attacks in your browser before they can get to your device.

However there is a website “get.browsersafelyapp.com” which sis advertised as offering such protection, but doesn’t do that.

Instead it hijacks your browser i.e. it changes your web browser’s settings and does not allow you to change them back.

Typically, browser hijackers promote fake search engines by changing the default search engine. In this case, it’s to browsesafelysearch.com which does give search results, but those results come from Yahoo (which is legitimate). However, the fake search engine can insert whatever fake links it wants to in the results.

Removing browsesafelyapp once it’s installed is possible but is a tricky process.

It is common that browser hijackers collect data such as IP addresses, geolocations, search queries etc. and forward the data to the scammers, where it can be sold to Marketing companies or to other scammers.

Only use the reputable search engines such as Google or Yahoo.

If you have any experiences with these scams do let me know, by email.

November 7, 2021

Stupidest Spam of the Week Fund Authorisation

There are endless 419 scam messages i.e. those offering some fortune in cash or diamonds or gold etc. and a long winded ridiculous story of why they have that fortune for you.

The scam works by getting you to pay small sums of money to release the fortune and paying again and again until you realise it’s a scam and stop.

Some scammers moved on to trying to catch out people who have already been stung by this scam, by sending out emails claiming the people responsible have been caught and now you will really get the fortune owed to you.

All lies of course.

This latest scam claims to be from the World Bank although the sender’s email address is a personal Gmail address.

It says that your problems are over because you have been issued with security Identification IFC09-WB2021-17CCXX65(PIN2001)/ ATM CARD

The ATM card had supposedly been loaded with $10.5 million and will be sent anywhere you want it to go.

That would be a very stupid way of sending money to someone. Would you trust $10.5 million to the post?

The email is addressed to Dear beneficiary i.e. they have no idea of the people’s names they are sending the emails to.

Hence the email then asks for your name as well as address, occupation, contact details etc.

All good information to sell to identity thieves.

Pathetic lies.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 6, 2021

Time-Wasters Update

Most criminals with products to sell try to stay unknown outside of criminal circles and sell only to known associates or on the dark web. An email from Isabel Growth tells a story about she has hacked several pieces of key software to do with extracting email addresses from websites. This is software that scammers and spammers use and also some less than upright Marketing companies. Announcing that she is stealing from the makers is something you would expect her to keep quiet about but no! She sends out millions of emails to spam addresses. Let’s hope she is found and prosecuted, if only in civil court.

A message from the laziest scammer in the world just says ‘Hello and Bye’. It’s an attempt to see if the email address is valid so don’t do the scammers work by ever replying to empty messages.

Mandy Hughes tells us we are now 30 days overdue paying her invoice for 230.32 – no currency specified so it could be anything. Her due date and date of email are more than 30 days apart so she cannot count. She doesn’t have a company name or list the items supposedly bought. Just a simple scam looking for gullible people.

“New scientific studies show that this 5 second water trick crushers all sugar cravings and will reduce fat while you sleep” is a catchy sales pitch by a scammer. It goes on about Harvard scientists proving this and that Sandra lost 30 pounds in no time using this trick without a diet. This is just the usual scammer rubbish – there is no such trick.

Aniska Dugal wants me to confirm that I received her previous email about Digital Marketing. I did but have no intention of replying as her email is one of hundreds received at the radio station each week offering website development, SEO, digital marketing etc. The title of the email is ‘Please revert me’ which is a use of words sometimes written by Indian people and often by scammers. Either way the message is just spam rubbish and will be ignored.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

November 5, 2021

Government Cyber Resilience Centres

The UK government has assorted plans to do with beefing up cyber resilience as businesses and other organisations across the country increasingly come under attack from hackers.

The government’s creation of local centres for cyber resilience is progressing well.

The Cyber Resilience Centre for the South East (SECRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Lead by Policing, and facilitated by Business Resilience International Management (BRIM), they say that they have followed a structured modular programme based on a highly successful model that had previously been established for over 9 years in Scotland.

They work in structured partnership with regional Policing, Academia, Businesses, Third and Public Sector organisations through a variety of ways:

Security Awareness Training

This is focused on those with little or no cyber security or technical knowledge

Corporate Internet Investigation

This service may be used to learn what is being said on the internet about an organisation, what information employees are releasing, or if there are any damaging news stories, social media posts or associations.

Individual Internet Investigation

These investigations gather information that can be used to support pre-employment checks, to manage potential threats to a Director of an organisation or their families, or to understand more about a specific person of interest.

Remote Vulnerability Assessment

These assessments focus on identifying weaknesses in the way your organisation connects to the internet. Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed.

Internal Vulnerability Assessment

The assessment will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.

Web App Vulnerability Assessment

This service assesses your website and web services for weaknesses. The service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.

Security Policy Review

This is a review of your current security policy, how it is written and how it is implemented.

Cyber Business Continuity Review

This service offers a review of your business continuity planning and the resilience of your organisation to cyber-attacks such as ransomware or when attackers take control of your core systems.

https://www.secrc.co.uk/contact-us is the south east SERCR

There are equivalent centres in other regions of the country.

If you have any experiences with this do let me know, by email.

November 4, 2021

Email Trojan Horses

“Trojan Horse” emails are named after the famous huge wooden horse left by the Greeks outside the city of Troy. When taken inside, at night soldiers climbed out of the inside compartments of the horse and opened the city gates leading to its downfall.

A Trojan horse email is one that looks harmless but contains a malicious hidden payload.

They usually offer the promise of something you might be interested in—an attachment containing a joke, a photograph, or a warning about something apparently important.

When opened, the attachment may do any or all of the following:

give a hacker access to your files
install software that records your keystrokes and sends the results to an attacker, allowing a hacker to find your passwords and other confidential information
install software that monitors your online transactions and activities looking for confidential information

Trojan Horse emails commonly claim to be e-postcards or jokes or something else funny or a news item but they can be anything.

The best practice is to make sure you have up to date anti-virus and anti-malware installed on all computer devices and never click on a link in an email unless you are sure it’s safe.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

November 3, 2021

Avoid Cryptocurrency Scams

Digital money (or digital currency) refers to any means of payment that exists in a purely electronic form, such as Bitcoin or the way banks can move money between themselves without there being any physical representation of the currency.

If you already own cryptocurrency, chances are it’s stored in a digital wallet and you have both public and private keys that provide access to it. Scammers try to get you to hand over the private keys – to join their ‘investment’ or to make your currency more secure or to upgrade etc.

Never hand over the private keys as you will be saying goodbye to your currency.

If you don’t have cryptocurrency but are thinking of investing in some, then only deal with well-established reputable businesses – not the ones that appear on social media or in adverts offering something better than everyone else.

Tips to Avoid Cryptocurrency Scams

Ignore Cold Callers: They should never be trusted. Cold callers trying to sell cryptocurrency investments are guaranteed to be scammers.
Avoid Social Media Adverts: Scammers often use social media to advertise fake cryptocurrency investment opportunities. The ads may look professional and you might think that because they are on Facebook or Twitter then they must be genuine but that’s not the case – anyone, including scammers can advertise almost anything on social media.
Too Good To Be True: Cryptocurrency scams often promise to make high returns from your initial investments that are too good to be true. Any company offering get-rich-quick investment opportunities is likely to be fraudulent and if they offer guaranteed returns then it’s definitely a scam.
Take Your Time: Scammers typically try to put pressure onto try to force a ‘sale’ e.g. the offer ends anytime now, or you will be the last person accepted into this plan or something similar condition. Always take your time and do your research before making any decisions.
Celebrity Endorsement: A lot of scammers use fake adverts with photos of some celebrity and claim their endorsement, but these are almost always fake and clearly ridiculous. The relevant celebrities often struggle to stop the adverts using their name but the advertiser disappears before they can be found and then re-appears again with the same adverts. Plus, of course most celebrities know nothing of cryptocurrencies.

If you have any experiences with these scams do let me know, by email.