The evolution of support scamming, which also makes reference to an article by Paul Ducklin on An unholy alliance – Fake Anti-Virus, meet Bogus Support Call!

Also linked on the AVIEN PC Support Scam resources page.

David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow

Support scams are apparently not a problem that’s gone away, but they have been evolving.

An article I posted recently for ESET summarizes some recent developments, including:

• a new twist on misusing system utilities (in this case MSCONFIG) to ‘prove’ that you have a system problem, reported by Jerome Segura
• indications that recent legislation in the US may have persuaded scammers to modify their approach
• an article by ESET’s Jean-Ian Boutin on malware suggesting a convergence between genuinely malicious software and cold-call scammers
• an amusing anecdote about a fake Microsoft scammer calling real Microsoft people

Support Scam Cold-Calling: the Next Generation

Also added to the PC ‘Tech Support’ Cold-Call Scam Resources page at AVIEN.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

I just added a couple of links to the resources page from my most recent blog here. However, I’ll try to add some more external resources in due course: at the moment, most of the stuff on that page is written or co-written by me, and I know I’m not the only person who ever wrote anything worth reading about hoaxes, scams, and all the rest of it.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Today I came across an article on Trial by Facebook – Dangerous Trends by Craig Charles Haley.

Haley makes some good points about the use and misuse of vigilantism in the social media, though such ugliness as ‘Fred Bloggs is a hacker’ hoaxes (see also http://www.welivesecurity.com/2013/02/08/its-a-wonderful-hoax/), the malicious victimization of individuals such as joe jobs (no relation to Steve – a joe job is an attack, not a person), and orchestrated online bullying were around in some form long before Facebook and Twitter. He cites a number of recent examples of people who were mistakenly victimized, and offers a sensible high-level guide to distinguishing fact from rumour.

In fact – and Haley does hint at this – the issue goes far beyond the question of how to distinguish between fact and uncorroborated stories. It’s about how people behave in an environment that allows them to express themselves in front of huge virtual audiences while remaining themselves to some extent anonymous or pseudonymous.

Not that anonymity or the use of a pseudonym is invariably malicious or undesirable, but in situations where human beings perceive themselves as being less accountable for their behaviour than in a room with a few of their peers, they don’t always behave admirably. Much is made in the Age of the Internet of ‘crowdsourcing’ and ‘the wisdom of crowds’, but we seem to have forgotten the historical lessons of the ‘Madness of Crowds’.

It sometimes surprises me how often I’ve referred to Mackay’s book on ‘mob psychology’, first published in 1841, when writing about the psychosocial aspects of IT security, but his examples are constantly re-echoed in contemporary events. A shorter and more scholarly contemporary analysis by my friend Mich Kabay on Anonymity and Pseudonymity in Cyberspace: Deindividuation, Incivility and Lawlessness Versus Freedom and Privacy offers an excellent introduction to many of the psychological drivers underpinning social behaviour on the web, though he was probably more focused on frankly antisocial behaviour than the greyer areas where you or I might sometimes cross a line. And while the Radio Times isn’t generally the first place I’d look for security-related commentary, a recent article by Justin Webb (Radio Times, 27th April – 3rd May 2013) makes some interesting points about the way in which a healthy scepticism can give way to a less healthy refusal to believe anything that challenges views they already hold. (He cites Nate Silver’s The Signal and the Noise: The Art and Science of Prediction which I haven’t read, but sounds like something I possibly should read.)*

Hat tip to my colleagues at ESET Ireland for bringing the site to my attention. And while I generally keep my security-related writing and my attempts at a more literary style separate, I can’t resist including a link to a poem I wrote in the 1980s called Rumour, which seems strangely apposite. Curiously, it turned up in a pile of papers I was sifting through as I wrote this piece, so I added it to a more appropriate blog page.

* Webb also quotes Senator Daniel Moynihan as telling Americans that ‘they were entitled to their own opinions, but not to their own facts.’ That’s a little ironic, in that while Moynihan may well have said something to that effect in 1994, the same quote has been attributed to James R. Schlesinger in 1973. Well, many of us have had the experience of coming up with what we believed to be a good original thought (or even a mistaken thought*) only to find that someone else had much the same idea. And the essential value of the is particular thought is not devalued by a slight uncertainty about its provenance. It does demonstrate, though, how easy it is to absorb and disseminate information that may not be altogether accurate.

Another example I’ve seen several times recently is the attribution of the quotation ‘Tact is the knack of making a point without making an enemy’ both to Sir Isaac Newton and to the much more contemporary Howard H. Newton. While the phrasing of the aphorism suggests Howard H., I’ve given up trying to find a verifiable source – i.e., exactly when or where either Newton actually made the remark.

**I have in mind an anecdote by Richard Dawkins about how both he and E.O. Wilson, apparently totally independently, mistitled papers by Hamilton about his theory of kin selection. The papers were called, according to Dawkins – I haven’t read them! – ‘The genetical evolution of social behaviour’, but both Wilson and Dawkins cited it as ‘The genetical theory of social behaviour’. In Dawkins’ own words (in the end-notes to Chapter 11 of The Selfish Gene), ’Wilson and I had independently introduced the same mutant meme!’

David Harley
Small Blue-Green World
ESET Senior Research Fellow

But not necessarily on the Internet, as shown by this simulated newspaper, generated in a few minutes from a web site I noticed flagged on a social media site. That’s a few minutes to write the text, and a few seconds to generate the ‘newspaper’. Of course, if I were a real hoaxer (or outright scammer, or worse) I could have generated something intentionally deceptive. And I have software that’s capable of making – with a little more effort – whatever text I like look just as convincing as this (as soft-copy, at any rate), if not more so.

And so, probably, do you.

To address a point I didn’t have room for in that ‘clipping’: why are hoaxes and semi-hoaxes so frustrating? Because so many people are so reluctant to abandon a ‘truth’ they have adopted uncritically – perhaps because they don’t want to admit having been fooled – that they respond defensively, even aggressively. But I don’t suppose it’s going to stop me trying.

As Lincoln said…

David Harley
Small Blue-Green World

John Leyden commented for the Register on the MI5 warning I blogged yesterday, in MI5 undercover spies: People are falsely claiming to be us (love the subtitle: go and read it!)

Just one observation: Leyden rightly remarks that the warning is more likely to refer to Reveton-like ransomware than to “bogus offers to shift seized assets and the like, the staple of advanced-fee fraud (aka 419 scams)”. I should have made it clearer that I had in mind the type of 419 that attempts to extort money by threats of assassination, rather than the “I need you to put £30m of a dead dictator’s gold into your Post Office account” type of 419.

It’s actually the use of the Director General’s name that makes me suspect a possible 419: ransomware generally uses the name of an agency to intimidate rather than that of an individual. (HT to Kafeine for the examples referenced there.)

There’s an amusing variation on the friendly assassin 419 theme noted here - A Deadly 419. Presumably that particular post was meant more as pastiche than a serious threat to extort, but it’s based on a sub-class of 419 that has been around for quite a while. Here’s part of an example from 2007:

Good day Mr Firstname Lastname ,

I want you to read this message very carefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from, till i make out a space for us to see, i have being paid $50,000.00 in advance to terminate you with some reasons listed to me by my employers, its one i believe you call a friend, i have followed you closely for one week and three days now and have seen that you are innocent of the accusation, Do not contact the police or F.B.I. or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do, beside, this is the first time I turned out to be a betrayer in my job.

Of course, an extortion attempt from ‘MI5′ might take quite different forms to this assassination scenario: unless Thames House decides to break the habit of a lifetime and release a little more information, who knows ?

David Harley
Small Blue-Green World
ESET Senior Research Fellow

There’s a tantalizing note up on the MI5 website (that’s the UK’s security service), in the unlikely event that you don’t regularly visit it.

It warns that people have been contacted by email or by phone by people claiming to be working for the security services, or even from the head of MI5, Sir Jonathan Evans, and making it clear that these are financial scams that have nothing to do with security services or the Director General.

Unfortunately, that’s all the warning makes clear, but I suppose secrecy is their business. Still, it might have been useful to know more about the type of scam the warning refers to. It could, after all, be anything from a 419 to some form of ransomware, and the ways of recognizing and dealing with those different kinds of scam can be very different. But I have yet to find an actual example.

I hope that blogging about this doesn’t put me in breach of the Official Secrets Act.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Interesting video on Ghanaian internet fraud, including Sakawa Romance Scams and Shopping Scams: Internet Scamming in Ghana. Though it’s more about the cultural context than the details of the scams. Doesn’t really make the connections it could with Nigeria and the 419, either. But does touch on the social and economic problems in regions where fraud seems to flourish, irrespective of whether it’s Africa, Eastern Europe, South America…

Hat tip to ESET Ireland for drawing my attention to it.

David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow

A new post for ESET looks at a phish message I received recently, apparently from the Internet banking service Smile, though it’s just one example of phishes that have targeted a number of banks. It’s slightly different from most phishing emails. More often than not, they tend to threaten to block your access to your account if you don’t log in (to their fake site, of course) immediately,  thus giving the scammers access to your account. This one, however, provides a financial incentive. Much more detail (and a larger version of the cartoon) in Phishbait: not so much a Smile as a rictus.

Meanwhile, Facecrooks tell us that ‘ phishing scams are very popular on Facebook’. Well, I don’t think they’re popular with the victims, but I know what they mean: phishing for Facebook credentials is all too common. If you do happen to lose control of your  Facebook account, the Facecrooks article Four Things You Need To Do If Your Facebook Account Gets Hacked is likely to be helpful.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Still under construction (right now it’s mostly or all stuff that’s kept on or linked from ESET’s resources pages), but should be useful in its present form.

Divided into sections that approximately map to the sort of content I cover here:

• Hoax papers
• Phishing papers
• Support scams
• Spam
• Education
• Miscellaneous

Find it here. (I’m working on a wider range of resources for elsewhere on this site, too.)

David Harley
Small Blue-Green World
ESET Senior Research Fellow