Government Secure by Design

The government department for Digital, Culture, Media and Sport (DCMS) is working to ensure consumer “smart” devices are more secure, with security built in from the start.

Matt Warman, Minister for Digital Infrastructure has said “This government wants you and your families to be safe online. In these extraordinary circumstances, we all increasingly rely on internet-connected products to socialise, work and live out our lives. You should be able to trust that those products – whether they be watches, speakers, doorbells or baby monitors – are designed and built securely”.

At the moment, many manufacturers concentrate on producing their products cheaply and leave security to be a minor feature, not worth investment. Their products are shipped with very basic security and little advice to the buyer. This puts people at risk as consumers will assume a product is safely setup and trust the seller has put in the effort to ensure safety, but this is often not the case.

The government say that Cyber security is at the heart of their approach to digital technology, and plays a critical role in ensuring people and businesses can benefit from the huge opportunities of technology.

In 2018, DCMS published a Code of Practice for Consumer Internet of Things Security and have been supporting the development of the first industry standard on consumer smart product security.

Despite widespread adoption of the guidelines in the Code of Practice for Consumer Internet of Things Security, both in the UK and overseas, change has not been swift enough, with poor security still commonplace.

In January 2020 the government announced the intention to bring in legislation to ensure stronger security is built into consumer smart products. This work has been progressing in collaboration with industry leaders and cyber security experts.

The government response to the 2020 call for views on proposals for regulating the cyber security of consumer smart devices was published on 21 April 2021.

We need this to move as so products can be safe by design not by accident or not at all.

If you have any experiences with these scams do let me know, by email.

July 19, 2021

Amazon Listing Hijack

This scam is nasty as it takes business from legitimate sellers and can blacken people’s names who know nothing about the scam being perpetrated using their name.

A scammer picks a high selling product on Amazon and then sets up entries on Amazon selling that same product and using copied photos and descriptions etc.

The scammers may simply duplicate the product entry on Amazon, take orders and then disappear but the most damage is caused where the scammer buys counterfeit products and sells them as if originals. The fakes, by their nature, will be inferior to the originals and complaints will lead back to the original seller whose reputation is then damaged, as well as not having made the sales.

The Amazon Buy Box

Typically, smaller companies may go to great lengths to ensure they have high quality products that no-one else sells and have put a lot of time and money into building a brand, only to see a scammer cashing in on that hard work.

Amazon has something called the Buy Box for certain products and this is where a supplier can be the ‘King’ of selling that item, but unscrupulous sellers can push in and take advantage of that on the same screen.

For some categories of products, Amazon automatically designate one seller as the default seller of a product. If a customer clicks the “Add to Cart” button, the seller that owns the Buy Box will get the sale (unless the customer specifically changes to purchase from a different seller). This is called Buy Box hijacking. Scammers selling counterfeit goods can undercut your pricing and take control of the Buy Box – killing your sales.

Their product quality is not going to be as good and they are likely to use your company details and contact details for complaints, so the result can be unhappy customers who blame you and you lose more sales.

Amazon know all about this scam and if you report an Amazon seller it will be dealt with in time. The process means you have to complain to the seller first and only if they fail to respond then Amazon will take action.

If you face this problem, start the complaint procedure with Amazon straightaway and collect all the evidence you will need.

If you have any experiences with these scams do let me know, by email.

July 18, 2021

Stupidest Spam of the Week Undertake Scribe

There are many people and businesses who will create any kind of copy you wish, for web pages, books, ebooks, college essays, articles etc.

Some are very good and some are essentially idiots trying to take advantage of the fact that many people are lacking confidence in their writing and need some help with that for their essays, articles, web pages etc.

Also, some APP developers try very hard to make computer systems able to produce good quality copy or to take previously written copy and rearrange it to create something that appears to be new copy – useful for spammers wanting post the same thing repeatedly with just minor differences.

There is also the Grammarly APP which is heavily advertised and does seem quite good at helping people to improve their grammar.

Back to the idiots – a latest email appears to be an attempt to attract people who want original copy written on their behalf, but the email is a collection of ridiculous statements that would only convince the reader to go elsewhere

e.g.

Past master undertake scribe at your disposal
Amplify the comprehensive return speciality profundity
We resolution make steadfast to customise postulated requirements
Our whack writer waiting has been propitious
Lease out unique dissertation chirography mace that has the provocation
Scribble your essays ordered better
So if you emergency a professional holograph gossip columnist

This is all very funny but sad that such rubbish messages are being sent out by the million.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

July 17, 2021

Time-Wasters Update

An email arrives looking as if from Santander bank. The correct logos and graphics, security information, well written and claiming to be from The Santander Online Banking Help Team to warn us that they suspect an unauthorised transaction on our account. But the email sender’s address is tts-concreterepairs.com which really gives the message away as a scam, plus, we don’t have an account at Santander.

Binti Danish Rayyan sent an email to the radio station titled ‘Greetings from Malayasia’. Sounds friendly but is just a scam as the email offers us to the opportunity to submit bids for supply to the government of Malaysia for 2021/22. The government would be to be very hard up to send out mass emails to unknown companies for unknown products and from an Outlook address. We won’t be submitting any bids.

Another wave of fake emails claiming to be from IONOS and needing me to confirm my email address or to reactivate my account. No thanks – the message is from active10_21518098111@ bellianti.net which is not IONOS.

PayPal users are a big target for scammers – sending out endless emails claiming that your PayPal account is blocked or that there is suspicious activity on your account or something similar. The latest one has the title ‘Paypal L*m**ited’. The reason for the asterisks is to try to bypass the email providers blocking such messages and home users filtering out such rubbish. But is still rubbish of course and should be deleted.

A message arrives claiming to be from Yahoo and using their logo etc. but is an obvious fake. It says that a new phone number has been added to my account and if I didn’t do this then I should click the link to logon and correct it. But the link goes to gvbzc1wessddxx.nsmteytravv.senka.jp which is an obvious scam website as no-one but a scammer would want such an obscure web site address.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

July 15, 2021

Suckers List

A sucker list is a list of contact details for people suspected to be vulnerable to various types of scam and these lists are sold by scammers and hackers to other scammers.

The lists are usually made up of people who have replied to scam emails, texts or letters or they can be details of people who have fallen for a scam, as people who have been scammed before have a higher probability of falling for a subsequent scam.

Once your name is on a sucker list, you are likely to be inundated with scam emails, texts and letters.

Your details may end up on a suckers list simply because you made an online donation to charity or click a link in an email without checking what it was for or for downloading an APP from a site that isn’t Google or APPLE.

Some organisations sell their contact lists to others without properly checking that the buyer is trustworthy or maybe hackers get into business contact data and upload it to the dark web.

Can You Remove Your Name from Sucker Lists?

That isn’t possible, as these people are criminals so any request to them to stop sending you messages just confirms that the email address is active and hence worth more than a dead email address.

But there are ways to limit these solicitations and stay off future lists.

The Data & Marketing Association (DMA) is an industry trade group that offers a service called DMAchoice that allows users to remove their names from the mailing lists maintained by those members. But that only works with reputable companies.

If you think your details are on suckers lists the only answer is to change your telephone number, logins and passwords etc. even this can be time consuming and inconvenient.

If you have any experiences with these scams do let me know, by email.

July 14, 2021

Paying on Shopify Sites

Shopify is a software service used for building and running online shops.

It has about 20% of the market currently and is very popular for its reliability, ease of use and pricing.

As a user, you don’t need to know the technology used by your favourite retailers with their online shops – just that it is safe.

Shopify sites typically use one or more of the following payment services

Shopify
Shop Pay
Paypal
Google Pay
Apple Pay
Amazon Pay

The built in Shopify Pay service is easiest for the retailer, but they can choose what they want.

Recently, Shopify created the Shop app to put hundreds of thousands of independent merchants in one convenient app. If you buy using the Shop App, they say that your card information is already encrypted and protected.

The app also allows split payments e.g. pay by instalments, which seems to becoming increasingly popular as a way of avoiding credit card interest payments.

You choose how you want to pay.

If you have any experiences with these scams do let me know, by email.