Posted by: David Harley | March 2, 2014

ESET blog on phishing and vulnerable smartphone users

Just for a change, an ESET blog on phishing that I didn’t write, though Rob Waugh does quote me at some length:

Smells phishy? New email scams –and why smartphone users need to stay alert

Rob points out that:

Phishing is unique among cyber attacks – it doesn’t rely on weaknesses in computer software, or new vulnerabilities – it relies, initially at least, on human gullibility.

This means that devices users often think of as ‘immune’ to cyber attacks – such as smartphones – are in fact the perfect vehicle for phishing attacks.

David Harley
Small Blue-Green World

Posted by: David Harley | February 26, 2014

Softpedia Warns of Fake Facebook Giveaway

, writing for Softpedia, describes a Facebook scam where people are lured into Liking a Facebook page by the promise that one of them will receive a brand new BMW X6. He says:

Of course, BMW doesn’t have anything to do with this BMW Manager page or with the alleged giveaway. Instead, as Hoax Slayer highlights, scammers are simply trying to trick users into liking their Facebook page to increase its value.

The article is at Facebook Scam: BMW Manager Donates a Brand New X6. Of course, there are probably lots of legitimate pages that offer giveaways for Likes, but there are also a lot of pages that don’t represent the company they seem to. Unfortunately, it’s not always easy to distinguish between fakers and the real thing.

(HT to Steve Santorelli for flagging the article)

David Harley
Small Blue-Green World

Posted by: David Harley | February 26, 2014

Fake conference papers

An article on Slashdot reports that Publishers Withdraw More Than 120 Fake Papers: the papers referred to are apparently ‘computer-generated papers’ that were published in conference proceedings between 2008 and 2013, the publishers involved being Springer and the IEEE.

The article is referring to a far more detailed report by Richard van Noorden for Nature: Publishers withdraw more than 120 gibberish papers. While the automation aspect is new to me, it’s been apparent for quite a while that dubious conferences and  journals that have more to do with quantity than quality, and more to do with the exploitation of the need many academics have to publish in order to maintain tenure, have been a considerable blot on the scientific escutcheon for some time. I posted a brief article addressing some of the issues for the Anti-Phishing Working Group blog about a year ago: Academic Vanity Press: Who Gets Scammed?

There may not be any direct connection, but those of us who have got tired over the years of being contacted every few months by editors at the security magazine Hakin9 in search of lengthy but unpaid articles from the security research community had a quiet giggle in 2012 when Hakin9 published an article on DARPA Inference Checking Kludge Scanning (note the acronym) apparently submitted to draw attention to the magazine’s poor editorial standard. John Leyden’s Register article Experts troll ‘biggest security mag in the world’ with DICKish submission has the detail on that story.

David Harley
ESET Senior Research Fellow

Posted by: David Harley | February 23, 2014

Call centre scams: not just tech support

I’ve written here and elsewhere many times about tech support scams. However, one of my recent blogs for ESET includes some new info on those,  but also looks at some other scams apparently deriving from the same call centres, especially the accident insurance scams and PPI scams that seem to be particularly prevalent in the UK at the moment.

Scams: Tech Support, Accident Insurance, PPI, Oh My My

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Posted by: David Harley | February 23, 2014

Not Angelas but maybe not Angels*

As I mentioned here recently, the Talking Angela myth Graham Cluley first reported about a year ago still has legs (not to mention its mouth, which seems to be the main point of contention). As well as Paul Ducklin’s look at the chain message, Graham has had occasion to return to the topic several times in the past week or two.

  • Talking Angela app scare spreads between English and French Facebook users:  I’m not sure whether it’s serendipitous or maybe a subtle intentional pun that Graham describes the app as a chat-bot. The app centres on conversations with an Eliza-like program that extracts elements from sentences typed in by a human and uses them to generate human-like responses, but ‘Angela’ is represented as a cat, not a human. And the French for cat is ‘chat’. :)
  •  Two days later he reported on a story that a 7-year-old boy had disappeared after his mother installed Talking Angela onto her iPhone. The story apparently originates on Huzlers, a site that announces its intentions (in a footnote at the bottom of its main page) as being: “… a combination of real shocking news and satire news to keep its visitors in a state of disbelief.” While that footnote seems to suggest that some of its ‘shocking news’ stories are real, there’s a Huzlers Facebook page that proclaims ‘…because you like being lied to”, and other sources assume that its content is purely satire/fiction. Be that as it may, I’ve found no indication anywhere that there’s any truth in this particular story, and I don’t advocate passing on any Huzlers story without very careful verification. At the very least, it seems that the site is inspiring a state of belief rather than unbelief in social media users.
  • Most bizarrely, perhaps, he reported on a phone call he received from a lady in the North of England wanting to know if he’d written the app, since his name cropped up when she looked up ‘Talking Angela’ on Google. He didn’t, and if you’re reading this, madam, neither did I. :) The worrying aspect of this story is that when people are determined to believe a hoax or semi-hoax, they can be quite aggressive in its defence, resorting to ad hominem attacks on the morals and intellectual capacity of someone advocating a reasoned, analytical consideration of an issue rather than an emotion-clouded knee-jerk reaction. Happily, that doesn’t seem to have been the case in this instance.

Stuart Dredge also looked at the Talking Angela issue for the Guardian: he talked to the real developers, Outfit7, and it turns out that the conversations are collected, though the company states that “We take out anything that could be potentially identifiable. We’re over-cautious in how we filter information, to make sure nothing identifiable can leave the app.” Dredge’s article is by no means a PR exercise in favour of the company: he does raise some concerns about the app, though they seem very minor compared to the hysterical tone of some of the warnings Graham quotes. In another article - What the Talking Angela app is really saying to your kids - he examines some of the app behaviour that seems to have inspired some of the hysteria and concludes:

A couple of commenters on my previous article about the Talking Angela hoax suggested concerns about the app normalising the kind of conversations that you wouldn’t want children having with strangers in the real world. That’s a legitimate criticism, and one that Outfit7 should act on by making it harder for kids to turn off the Child Mode.

He raises some other issues that would probably discourage me from allowing my own young children from using the app, if I still had any. However, that’s a long way from the sort of exploitation and grooming scares that are currently circulating.

Outfit7 has an FAQ that tries to address some of the concerns here.

*There is a story that when Pope Gregory (c. 540-604 A.D.) first saw fair-haired children in the slave market he was told that they were Angles (one of the Germanic peoples who settled in England following the fall of the Roman Empire – hence Anglo-Saxons), he punned ‘Non Angli sed Angeli’ (not Angles but Angels). I don’t see why he and Graham should have all the pun fun.

David Harley
Small Blue-Green World

Posted by: David Harley | February 18, 2014

Tax scams, malware, phishing, 419s

…in other words, the same old unwanted email, as considered on an ESET blog. Though a blog comment suggests that the 419 might be spammer detritus rather than a 419. Could be.

Tax Scams, Malware, Phishing and a 419

I’m quite proud of the feature graphic, though.

Also on the ESET blog, a 419 post by Righard Zwienenberg: The Billgate Foundation – the fall for money, eh many…

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Posted by: David Harley | February 15, 2014

Death and Tax Scams

Further to some previous articles referenced here with some reference to tax scams:

There’s an article (by me) devoted entirely to tax scams in ESET’s January Threat Radar report. (The monthly Threat Radar report is an online resource to be found on ESET’s Virus Radar site.) Sadly, it’s the time of year for tax scams, and I expect we’ll see more of them.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Posted by: David Harley | February 15, 2014

Angela still talking…

A year ago I pointed out an article by Graham Cluley, then a stalwart of the Sophos Naked Security blog (and now blogging on his own independent site), about a hoax/semi-hoax at that time spreading via Facebook: Talking Angela Blues. Apparently the (in)famous talking cat app is still suspected by Facebook users of asking children too many personal questions if they access the app.

Paul Ducklin returns to the theme and while debunking the Talking Angela hoax, takes the opportunity to offer tips on how to avoid being a hoaxer’s accessory: The “Talking Angela” chain letter: Three tips to help you avoid Facebook hoaxes.

Good to see Graham, a friend from way, way back, contributing the occasional article to ESET’s WeLiveSecurity blog (my own most usual outlet), by the way.

David Harley
Small Blue-Green World

Posted by: David Harley | February 10, 2014

Wangiri: how a missed call might prove expensive

Missed a phone call? The Better Business Bureau says answering international telephone fraud calls looking like US calls might cost you more than you think. (But not every alert is accurate, as Snopes tells us.)

Yet another scam story posted on ESET’s WeLiveSecurity site: Wangiri Telephone Fraud – One Ring to Scam Them All.

Hopefully, it will be the last one I post for a while. Not that scams aren’t an ongoing problem, and I guess I find them interesting, but I’d quite like to write about something else occasionally. :) Still, at least it’s not yet another tech support scam post. Though I suppose there’ll be another of those along in a minute.

David Harley
Small Blue-Green World

ESET Senior Research Fellow

Posted by: David Harley | February 6, 2014

Caveat Venditor

We hear a lot about various kinds of fraud encountered by people trying to buy goods and services from unreliable sources. 419 Scams: Let The Seller Beware is an article for ESET about 419 scams that target sellers of goods and services, from hoteliers to people with goods to auction online. The main point is that when funds from a cashier’s check become available in your account, that doesn’t actually mean that it’s been cleared: if it turns out to be a fake, your bank is going to reclaim it from your account, and if you’ve sent money or goods to the scammer on the assumption that it’s cleared, you’re going to lose all the way round.

Hat tip to Urban Schrott, whose artice for ESET Ireland on What’s scamming this week? first reminded me of this type of scam.

David Harley 
Small Blue-Green World 

« Newer Posts - Older Posts »

Categories

Follow

Get every new post delivered to your Inbox.