Chinese Domain Names

People all across the world access the Internet and websites.

The suffix .cn means a Chinese organisation.

At Brooklands Radio we get email warnings every so often from a scammer, with a message about Chinese companies trying to register our name brooklandsradio with the .cn suffix and they are concerned that we should have these domains rather than anyone else having them.

”It’s Very Urgent. Please transfer this message to your CEO.”

“We are the domain registration service for China. We have received an application from Hukai Ltd. for brooklandsraido as their Internet keyword and the domain names brooklandsradio.cn and brooklandsradio.com.cn, brooklandsradio.net.cn and brooklandsradio.org.cn.”

“But after checking we found this conflicts with your company name or trademark”

And so it goes on.

It’s all fake – they aren’t the domain registration service for China, no-one is seeking to acquire brooklandsradio.cn or similar and if they were it wouldn’t bother us anyway.

It’s just a scam to get us to provide confidential information.

Plus, they send these same messages every few months – can they not guess that this destroys any possible credibility

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

October 27, 2021

Social Engineering in Scams

In this context, social engineering means to manipulate someone into doing what you want e.g. to type in login and password on a fake website so the scammer gets that information.

So, ‘social engineering’ is the methods used to trick people into doing what the scammers want.

It could be a phishing email asking you to urgently login in to your internet banking account or to call a support number as your computer has been infected with malware or a request from a company executive to urgently transfer money.

Generally, we prefer to trust people so if someone calls saying they are from your bank and they know your name and account – it’s easy to believe rather than to question everything. Maybe you answer their security questions and that gives them the details they need to access your account. It can be as simple and quick as that.

It may feel discourteous not to trust someone who’s called you, but scammers relay on this to get any with their crimes. If you are unsure then question and if appropriate end the call.

An Example Credit Card Payment Scam

A company selling telecom services receives an email from a possible new customer:

Hello,

This is Bill, I have just moved into the area and I need a new phone line.

Do you accept payment by credit card?

What information do you need in order to quote for the work?

Thanks

Bill

After a reply from the Telecoms Company confirming they do accept credit cards, , Bill’s next email sets up the conditions of the scam.

He claims he’s in hospital waiting on an operation. Lots of description to make it clear he cannot take phone calls or speak to anyone and very much needs help. He describes what he wants fitted in each room and then describes the removal company that is helping him to move while he’s in hospital and they can let the telecoms company in to do a survey if needed.

The purpose of this is to set-up the Telecoms company to accept an over payment by credit card from Bill then pay the removals company, as they cannot accept credit card payment and Bill can’t pay them any other way while in hospital.

This story is complicated and relies on the kindness of the Telecoms company to take the money and pass it on but also on their desire for business.

The telecoms company agrees, takes the credit card payment and then pays the removals company as per the instructions. For example taking £1,000 for their work up front and £2,000 to pay to the removals company.

It all sounds quite safe, but then comes the sting.

The card was stolen but not cancelled straightaway and when the credit card company do cancel it then will claim the £3,000 back from the Telecoms Company who will end up out of pocket for the work they’ve done but also for the £2,000 paid to the removals company which was also fake.

There are countless similar stories designed to get the punter to accept an over payment or to do something for the scammer.

The stories are sometimes rough and have spelling and grammatical mistakes – to elicit sympathy for the scammer and at other times the stories have been polished by repeated use.

NEVER accept an over payment.

Do you have an opinion on this matter? Please comment in the box below.

October 25, 2021

Jay Scammed in His Garden

The Tree work crooks.

Jay says I thought I was careful but I have just been robbed.

A man at the front door said my neighbour, who was out, wanted some of my back garden tree branches that were over lapping his garden trimmed back. He came in the back garden to show what he was going to do; I had no intention of paying for anything. He pointed out some problems with my trees that he could fix for £150 including removal. It sounded creditable and I was foolish and agreed.

Then there was a problem; a large branch had broken off. There would be a charge of £2.75 per kg to take it away, he wouldn’t give me a weight estimate, he said that it would be known when it was chipped. I was shocked when he told me it weighed 980kg and the cost was £2500.

I said it couldn’t be that heavy but he insisted it was. I was given a lot of hassle and told I had agreed to it and ended up paying online.

Later in the day I was phoned and told there was too much for one load and there was another £2000 to pay; he was extremely aggressive when I refused to pay. Later I found that nothing had been taken away; it had been hidden behind another tree.

Also, my neighbour hadn’t asked for anything to be done.

Every thing he said was lies. I have reported this information to the police.

Be careful.

If you have any experiences with these scams do let me know, by email.

October 24, 2021

Stupidest Spam of the Week Fake Project Loans

Fake loans are big business for scammers.

Many offer loans in the low thousands of dollars – but these are just phishing scams intended to get your personal and financial information to sell onto other criminals who will then rob you and likely steal your identity.

Some scammers go big on these scams – this latest one offers up to $1 billion on 25 year repayment.

It can be for any reason, but only in a list of selected countries.

However, that list includes continents and only the Antarctic is not included, so ‘selected countries’ actually means every country on earth.

As if the offer of untold millions of dollars isn’t enough, the scammer also includes an offer to pay referral fees for any projects brought to their attention.

Of course, the scammer has a personal email address rather than a company email and the sender’s supposed name of ‘Nizat Shafterit’ doesn’t match the email address.

The scammers just want your details so they can choose the best scam to try on you.

Pathetic.

The number of people replying to emails like this is probably only a few in a million or even less, but the scammers send out huge numbers of these and they latch on to anyone dumb enough to reply.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

October 23, 2021

Time-Wasters Update

Yet more fake Santander messages. This latest one uses a fake email address at the radio station and tells me that the email address is blocked indefinitely because it has exceeded the time allowed for the current security keys. Obviously nonsense but the scammer has gone to the trouble of copying paragraphs of text from a genuine Santander message to try to make it believable. The scammer has also spoofed the email address to look like a genuine Santander bank email address. It’s still just pathetic lies of course.

Yandex.com provide an email service used by huge numbers of scammers. The message is from longilbert19978712081 which is obviously a made-up one by a scammer and in the email claims to be from Travis Kat – these scammers often don’t seem to know their fake own name. This scammer is so dumb he forgot to include the link to the malware or an attached file containing the malware, so he wont get anything from this email.

An email offers us the chance to go into business with Frederick O’Grady by importing CBD products from him. CDB is cannabis products based products and these are legal in most countries and generally supplied to help people with digestive problems, pain, anxiety and insomnia. Why so many scammers and other criminals are trying to get into this market is hard to understand but someone must be making a lot of profit from it. Even if you do want to consider selling such products, never never respond to unsolicited emails.

Everyone gets lots of fake emails claiming that their email mailbox is full or needs to be authenticated or something similar. There’s a link to click which asks for your login and password and sends that information to a criminal. This latest one is titled “Login Attempt Blacked (verify your email)” but the dumb scammer has forgotten to include the link to click. Some scammers are clever but most are as dumb as slugs.

Dean Tan who has someone else’s email address (Amiya Fountain) says he is in charge of sales at Glowtex Innovation Trading Ltd (which has a non matching domain name of sdhwsgcchem.com) and he’s interested in our products and wants a brochure and price list. But radio stations don’t have product lists and price lists. Another pathetic scammer.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

October 22, 2021

Strong Customer Authentication

New Strong Customer Authentication (SCA) regulations will add an extra layer of security at online checkout making it safer to shop online. This was proposed in 2019 and became law in the UK from September 2021.

As fraud levels in digital payments have risen in Europe, new regulations have followed. Strong Customer Authentication (SCA) has become a key piece of the EU’s Revised Payment Services Directive (PSD2) required by merchants.

PSD2 introduced the concept of Strong Customer Authentication (SCA). The idea is simple: 2 out of 3 elements need to be checked during authentication.

As a customer, this means asked to identify yourself by another means as well as the payment card details e.g. through a passcode sent to your smart phone.

This may become an annoying delay at times but it is to protect your accounts from criminals.

The goals of PSD2

Make the European payments market more integrated and efficient
Improve the level playing field for payment service providers (including new players)
Make payments safer and more secure
Protect consumers from fraud

Strong customer authentication demands multi-factor authentication on all payer-initiated payments including at least two of the below methods.

Something you know g. pin or password
Something you have g. phone or device
Something you are e.g. facial scan or fingerprint

If you have any experiences with this new system do let me know, by email.