Posted by: David Harley | November 26, 2015

Tech Support Scams Beginner’s Guide

Tech Support Scams: a Beginner’s Guide – a blog for IT Security UK. I thought maybe it was time we reconsidered what we tell end users what they need to know about support scams, as the scammers change their approach from cold-calling to pop-up fake alerts.

Also added to the AVIEN page PC ‘Tech Support’ Cold-Call Scam Resources.

David Harley

Posted by: David Harley | November 16, 2015

Hotel Key Cards: not usually a Security Issue

I first heard alarming stories about hotel keycards over a decade ago, though I don’t think I’ve written about the issue recently, or outside the healthcare organization I then worked for: I only started to blog publicly some time after I started writing for ESET. (My earliest blog piece for ESET seems to have been published in February 2008, though I’d been writing other articles for them for a while.)

The story that circulated when I first heard it concerned chain messages claiming that you shouldn’t let hotels have your key card back because they store potentially sensitive personal information such as the customer’s name, partial home address and credit card information, as well as more obviously relevant information (room number, check-in date, check-out date). The suggestion is that your data might be leaked or stolen when you return the keycard before it is re-encoded for the next visitor.

The story seems to derive from a case investigated by Pasadena police in 2003, and on the basis of information that was not intended to be shared with the general public until its accuracy was verified and actually referred to a somewhat different issue of stolen keycards being re-used by criminals as cloned credit cards. In a subsequent retraction, the Pasadena police stated:

As of today, detectives have contacted several large hotels and computer companies using plastic card key technology and they assure us that personal information, especially credit card information, is not included on their key cards. The one incident referred to appears to be several years old, and with today’s newer technology, it would appear that no hotels engage in the practice of storing personal information on key cards. Please share this information with anyone who has a concern over the initial information send out to others as a precautionary measure.

The rumour was debunked by the ever-reliable Snopes site long ago, but I’m guessing from the fact that  has just revisited the topic for Kaspersky suggests that the story is still circulating, though I can’t say I’ve seen it recently myself.

David Harley

Posted by: David Harley | November 16, 2015

Tech Support Scams and the FTC

Commentary from me for the AVIEN blog, and added to the tech support scam resource page there, regarding an interesting article from The Register – FTC fells four tech-support operations in scammer crackdown – by Shaun Nichols, about the FTC’s latest move in the war against support scams.

The FTC (the US Federal Trade Commission) has turned its attention to ‘four companies and four individuals in its legal complaint (PDF) alleging violations of both the FTC Act and the US Telemarketing Act’.

The violations cited here are in the form of fake system alerts, fake browser alerts, or fake security software alerts that advise the victim of a ‘problem’ with their device and direct them to a ‘helpline’ purporting to represent one of the major operating systems, not only for old-school computers (Windows, OS X, Linux) but for mobile devices such as smartphones.

A preliminary injunction ordered by The United States District Court for the Eastern district of Pennsylvania prohibits the named parties from fraudulent marketing and billing (though you’d think that would be illegal anyway), and effectively freezes their assets while the FTC’s complaint is investigated.

David Harley

Posted by: David Harley | November 12, 2015

Buhtrap, Ammyy, and support scams

It occurred to me that the Buhtrap gang’s misuse of Ammyy Admin, as reported by my colleague Jean-Ian Boutin for ESET – Operation Buhtrap, the trap for Russian accountants – might have affected some tech support scam victims. See my blog article for AVIEN: Buhtrap and Ammyy. (Both articles added to the AVIEN tech scam resources page, of course.)

David Harley

Posted by: David Harley | November 6, 2015

Additions to the AVIEN support scam resources page

The following links have been added to the tech support scam resources page at AVIEN:

“Since May 2014, Microsoft has received over 175,000 customer complaints regarding fraudulent tech support scams. This year alone, an estimated 3.3 million people in the United States will pay more than $1.5 billion to scammers.”

David Harley

Posted by: David Harley | October 21, 2015

Apple Support Scams Update

I’ve just added some links to the Support Scam Resources page at AVIEN that may be relevant to readers of this blog and the Mac Virus blog:

David Harley

Posted by: David Harley | October 8, 2015

Two tech support/popup blogs

One was added to the ESET WeLiveSecurity site: Tech Support Scams: Top of the Pop-Ups.

The other expands on the topic of cross-platform support scamming, with some more screen shots but less detail (and much less sarcasm):  Pop-ups and Support Scams

Both have been added to the AVIEN support scam resource page.

David Harley

Posted by: David Harley | September 18, 2015

Arachnophobia and the fear of hoaxes

Today I came across a photo of what was alleged to be an Australian Bird Eating Spider, making the human hand next to it looking pretty puny. And naturally, I was curious to see if the photograph was genuine. (Sorry, but I haven’t been able to find it again so you can check it yourself.)

I’m not a fan of spiders and make no claim to be any sort of zoologist, so I can’t say for sure that what I was looking it was really Phlogius crassipes (probably better known to its friends – if any – as the Eastern Tarantula),  but it did resemble some of the photographs Google found for me, and apparently it can grow up to 9 cm, which its leg span can extend to 23 cm, which is a little over 9 inches. Certainly bigger than my own delicate little Jimmy Shand.

However, I came across a hoax concerning Camel Spiders (or Wind Scorpions). Not actually spiders, but solifugae, though they are, like spiders, arachnids. And that led me to a whole page about Spider Hoaxes and Myths. I can’t vouch for its accuracy in every respect, but it’s certainly more fun than removing incredibly large spiders from the bath. And it might just come in handy sometime.

David Harley

Posted by: David Harley | September 18, 2015

419s: This Time it’s (not very) Personal

Disclaimer: this little article refers to two blog articles published by ESET Ireland, part of the company that provides me with a good proportion of my income. The article is not intended to promote either ESET’s products or the DoneDeal classified ads site. I’m blogging it because the first of those two articles, despite the outrageous frankly-acknowledged clickbait in the title, describes an interesting variation on an otherwise fairly standard 419 (advance fee fraud) scam email, while the second article incorporates some good generic advice. That is, advice that isn’t promotional or specific to DoneDeal.

Urban Schrott’s more recent article describes how one of his colleagues, advertising his car on DoneDeal, was contacted directly by a scammer who quasi-personalized the scam by using the car sale as a hook. In fact, the reference to the car is pretty perfunctory.


Thanks for your email concerning your offer. The offer is just a minor objective of my contacting you but am going to buy it at your selling price.’

In fact, the car had already been sold, and you may notice that the article refers to ‘the offer’ rather than ‘the car’, suggesting that the message is actually boilerplate text sent out to multiple recipients. Still, it may well attract the attention of some recipients long enough to be drawn into the scam – not only are they promised 30% of nearly 20 million dollars, but they get to sell their car/furniture/whatever.

From that point on, the message is of a type you may be familiar with, purporting to be from an American soldier needing help in transferring funds from Afghanistan. The English isn’t bad, though there are some errors ‘I have summed up courage to contact you’ that suggest that English wasn’t the writer’s first language. I particularly like the writer’s description of the misfortunes he’s experienced:

‘No compensation can make up for the risk we have taken with our lives in this hellhole, and I have been shot, wounded and survived two suicide bomb attacks by the special grace of God. ‘

Talk about guilt-tripping… Let us know next time you’re shot or bombed, Tim, and we’ll send you a bunch of grapeshot. Sorry, grapes.

Of course, if the recipient is naïve enough to fall for this tat, he or she will find that he needs to send various sums in advance so that the mythical money can be forwarded to him. There have been instances in the past where victims have spent hundreds of thousands of pounds or dollars (and more) but have (of course) never received a penny (or a cent).

Urban’s earlier article expands on DoneDeal’s own advice on scam avoidance and safety. If you’re not familiar with 419s and the other scams associated with classified ad sites, Urban’s article and DoneDeal’s advice are all worth reading.

There are, of course, many scams directly associated with buying and selling on the internet, but clearly it’s also worth looking out for other types of scam using sites like DoneDeal’s to reach potential victims, using what might at first glance seem to be a personal(ized) message.

David Harley

Posted by: David Harley | September 16, 2015

Tech support scams part umpteen

A couple of additions to the AVIEN blog, which nowadays is mostly concerned with information relating to tech support scams:

  1. A blog article re some comments that have been posted to one of my articles on the same topic for ESET. Tech Support Scams Latest
  2. Some additions to the resource page.

David Harley

Older Posts »



Get every new post delivered to your Inbox.