Stupidest Spam of the Week Support Grants

There have been endless Coronavirus scams and many have focussed on government grants, income replacement schemes etc. Some are messages that make little attempt to look realistic but some scammers have gone to great lengths to make their messages appear genuine.

This latest set is just a copy of previous scam messages and is obviously fake.

Instead of showing my email address as the recipient it shows ‘no-reply’.

It claims to be from the government and that they have determined I am eligible for a grant, but the sender doesn’t know my name.

Part way through the explanation the grant turns into a tax refund which is totally different from a grant.

The message says I need my driving licence and passport in order to claim online – if I am already identified and eligible for a grant then there would be no need for such documents, especially to have both which would be pointless except to a scammer seeking ID information to sell to other scammers to use in identity theft.

The link to click which supposedly is to the HMRC web site is actually to alive-11cn.net which is clearly not the government.

Finally, the email threatens that any wrong input will be criminally pursued which is an odd phrase and certainly not used by government. And that ‘delibrate’ wrongness is not allowed. A curious misspelling in a world where everyone has a spell checker.

All fake of course, trying to steal from people affected by the pandemic.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

July 24, 2021

Time-Wasters Update

There are endless scam emails offering magic remedies to achieve weight loss with no effort. ‘Red |Wine and Fat Loss’ is the title of another one. Supposedly you add a supplement to your glass of wine each evening and your metabolism speeds up resulting in huge weight loss and no hunger or cravings. Obviously complete rubbish.

Some scammers are very professional but many are just total idiots. The email is titled ‘Request from the website’ so it is pretending to be from the radio station website. The email senders address is dorris @ [the radio station] so someone has gone to the trouble of spoofing the sender address. The message is trying to sell swim shorts that change colour when wet, but the scammer has forgotten to add a link to click and replying to the email would simply send a message to a non-existent email address at the radio station. She’s not going to get rich on this scam unless she realises her mistake.

Calvin Harris tells me that “We would like to hire your professional experience and want to inform you that we urgently interested in working with you on a temporary (contract) basis. Get back to us for details on compensation”. He has no idea who I am so is obviously scammer just trying to find out if the email address is active.

An email from Candace Petterfill says she’s interested in a job and I just have to click a link to read her c.v. No thanks – is likely to be a link to a malware site. The message specifies a password for the c.v. which is so you cannot scan the document for malware without opening it first, using the password. Her message also contains multiple 16 digit numbers for which there is no obvious reason – too long to be phone numbers. A dangerous email, to be ignored.

Occasionally at the radio station we get emails from people wanting us to add links to their site from ours, and in return get a reciprocal link. These are only a good idea if the business you’re going to link to is safe and reputable and is some way complementary to your own business. Adding random links to unrelated businesses is a bad practice and can result in a lower place on search engine results.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

July 23, 2021

The Lazarus Heist

In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and almost succeeded. It was only down to luck that all but $81m of the transfers were halted.

The hackers prepared meticulously for months, gained access to the systems then waited for months for the exact right moment that would give them the longest window of opportunity.

This was at the start of a weekend, at a holiday time giving them a clear 5 days starting in Bangladesh, then the Fed in New York then the Philippines where much of the money was intended to end up.

They carried out their plan meticulously, but bad luck got in the way.

They had created a number of fake accounts at a bank branch in Jupiter street in Manila but Jupiter was the name of an Iranian ship and that raised red flags in New York and all but $101 million of the transactions were temporarily blocked for investigation.
$20m was to be transferred to a Sri Lankan charity called the Shalika Foundation but the name was misspelt and the transaction blocked
$81 reached a hotel and Casino in the Philippines to be laundered but much was lost in the process

The group got away with around $34 million of the $1 Billion they targeted.

Analysis of the digital fingerprints of the theft point to the government of North Korea, to a group of hackers known as the Lazarus Group.

These are the people believed to have spread the Wannacry ransomware that devastated the NHS in 2017 and also various large organisations around the world.

For more detailed information see https://www.bbc.com/news/stories-57520169

If you have any experiences with these scams do let me know, by email.

July 22, 2021

Is Ledger Wallet Safe

This is about the storage of cyber currency – these things only exist in the digital world so how do you store them?

Normally that is through an online ‘wallet’ where you store the access keys to your currency and those are the only evidence you have of ownership. If the keys are stolen then your cyber currency is also gone.

Most people store the keys on their computer, but some prefer something more secure and choose a hardware wallet e.g. a USB drive with specialised software.

Ledger Nano S claims to be The world’s most popular hardware wallet for cryptocurrency.

Data Breach

Ledger suffered a data breach in 2020 and confidential information on 272,00 customers was released by the hackers.

The hackers included the customers home addresses which puts them at risk of physical attack as some had substantial holdings in cyber currency on their ledger devices.

Phishing Attempts

Ledger users are frequently the targets of phishing attempts. Many scammers go to great lengths to duplicate the ledger website and Ledger email messages. They try to get the users 24 word recovery phrase which would let them take over the account and hence steal the crypto currency.

Fake Wallets

Following the data breach in 2020, some scammers have created fake Ledger Nano wallets and are sending them out to the list of customers they have from the breach.

These fake wallets look similar to the real ones and have tricked people into ‘upgrading’ free of charge to the latest version. Sadly, these fake wallets steal the private keys needed to take the cyber currency.

July 21, 2021

Government Secure by Design

The government department for Digital, Culture, Media and Sport (DCMS) is working to ensure consumer “smart” devices are more secure, with security built in from the start.

Matt Warman, Minister for Digital Infrastructure has said “This government wants you and your families to be safe online. In these extraordinary circumstances, we all increasingly rely on internet-connected products to socialise, work and live out our lives. You should be able to trust that those products – whether they be watches, speakers, doorbells or baby monitors – are designed and built securely”.

At the moment, many manufacturers concentrate on producing their products cheaply and leave security to be a minor feature, not worth investment. Their products are shipped with very basic security and little advice to the buyer. This puts people at risk as consumers will assume a product is safely setup and trust the seller has put in the effort to ensure safety, but this is often not the case.

The government say that Cyber security is at the heart of their approach to digital technology, and plays a critical role in ensuring people and businesses can benefit from the huge opportunities of technology.

In 2018, DCMS published a Code of Practice for Consumer Internet of Things Security and have been supporting the development of the first industry standard on consumer smart product security.

Despite widespread adoption of the guidelines in the Code of Practice for Consumer Internet of Things Security, both in the UK and overseas, change has not been swift enough, with poor security still commonplace.

In January 2020 the government announced the intention to bring in legislation to ensure stronger security is built into consumer smart products. This work has been progressing in collaboration with industry leaders and cyber security experts.

The government response to the 2020 call for views on proposals for regulating the cyber security of consumer smart devices was published on 21 April 2021.

We need this to move as so products can be safe by design not by accident or not at all.

If you have any experiences with these scams do let me know, by email.

July 19, 2021

Amazon Listing Hijack

This scam is nasty as it takes business from legitimate sellers and can blacken people’s names who know nothing about the scam being perpetrated using their name.

A scammer picks a high selling product on Amazon and then sets up entries on Amazon selling that same product and using copied photos and descriptions etc.

The scammers may simply duplicate the product entry on Amazon, take orders and then disappear but the most damage is caused where the scammer buys counterfeit products and sells them as if originals. The fakes, by their nature, will be inferior to the originals and complaints will lead back to the original seller whose reputation is then damaged, as well as not having made the sales.

The Amazon Buy Box

Typically, smaller companies may go to great lengths to ensure they have high quality products that no-one else sells and have put a lot of time and money into building a brand, only to see a scammer cashing in on that hard work.

Amazon has something called the Buy Box for certain products and this is where a supplier can be the ‘King’ of selling that item, but unscrupulous sellers can push in and take advantage of that on the same screen.

For some categories of products, Amazon automatically designate one seller as the default seller of a product. If a customer clicks the “Add to Cart” button, the seller that owns the Buy Box will get the sale (unless the customer specifically changes to purchase from a different seller). This is called Buy Box hijacking. Scammers selling counterfeit goods can undercut your pricing and take control of the Buy Box – killing your sales.

Their product quality is not going to be as good and they are likely to use your company details and contact details for complaints, so the result can be unhappy customers who blame you and you lose more sales.

Amazon know all about this scam and if you report an Amazon seller it will be dealt with in time. The process means you have to complain to the seller first and only if they fail to respond then Amazon will take action.

If you face this problem, start the complaint procedure with Amazon straightaway and collect all the evidence you will need.

If you have any experiences with these scams do let me know, by email.