Posted by: David Harley | February 8, 2018

Another Facebook hoax

Lisa Vaas, for Sophos, tells us that a Facebook hoax claims:

Guess what, friends…. Facebook’s algorithm now chooses your 26 FB friends. If you can read this, please leave me a “hi,” whatever, so you will appear in my news feed.

Feel free to copy and paste on your wall, too, if you want to see more than FB’s algorithmic selection. FB shouldn’t choosing my friends. 

Here’s the Sophos article: Facebook HOAX! New algorithm will NOT only show you 26 friends

Another version of the hoax claims that:

I checked Snopes… And yes it’s TRUE…

Well, of course it isn’t. And Snopes is eager to point out that it isn’t.

Does a New Facebook Algorithm Only Show You 26 Friends?  “Facebook hasn’t limited your feed to only a certain number of people, and sharing a post saying otherwise won’t make any difference.”

Sadly, hoaxers discovered long ago that lots of people check possible hoaxes with Snopes, and try to persuade them that Snopes says white is black. More often than not, chain letters/emails and their equivalents on social media are dubious and often downright wrong. Check for yourself rather than take some anonymous person’s word for it. And yes, Snopes is an excellent place to start checking.

David Harley

Posted by: David Harley | February 8, 2018

Tech support scammers ‘lock’ Chrome

[Also posted to AVIEN.]

For Malwarebytes, Jérôme Segura continues to fight the good fight against support scammers by warning us that ‘Tech support scammers find new way to jam Google Chrome.’ (If you saw this when it first appeared, note that it has been updated since.) By abusing an API, the scammers manage to freeze the browser in the hope that users will be panicked into calling the fake ‘helpline’ advertised on the pop-up or pop-under that accompanies the freeze.

However, he observes:

Since most of these browser lockers are distributed via malvertising, an effective mitigation method is to use an ad-blocker. As a last resort, the Windows Task Manager will allow you to forcefully quit the offending browser processes.

David Harley

Posted by: David Harley | February 1, 2018

Coercive Messaging and Windows Defender

[Also published at AVIEN]

It’s not all about tech support scams, but Microsoft’s announcement about beefing up detection of ‘coercive messaging’ in Windows Defender is certainly related to some approaches used by tech support scammers, such as the use of malware that directs victims to a scam-friendly ‘helpline’.

Coercive messaging? As indicated in Microsoft’s evaluation criteria for malware and unwanted software,  that would be messages that ‘display alarming or coercive messages or misleading content to pressure you into paying for additional services or performing superfluous actions.’ That includes exaggerating or misrepresenting system errors and issues, claiming to have a unique fix, and using the well-worn scamming technique of rushing the victim into responding in a limited time-frame.

Certainly that’s all characteristic of the way that fake tech support is monetized, but it’s also characteristic of the lower-profiled but persistent issue of useless ‘system optimizers’.

Microsoft’s article actually strongly resembles some of the hot potatoes topics addressed by the Clean Software Alliance, which describes itself as ‘a self-regulatory organization for software distribution and monetization’. Unsurprisingly, since Microsoft had a great deal to do with the launching of the initiative. Anyway, it covers a great many issues that are well worth considering. I don’t think Microsoft and Windows Defender will be able to fix all these problems all on its/their own, but any movement in this direction is a Good Thing.

Shorter article focused more on coercive messaging from Barak Shein, of the Windows Defender Security Research Team: Protecting customers from being intimidated into making an unnecessary purchase.

Commentary by Shaun Nichols for The Register: Windows Defender will strap pushy scareware to its ass-kicker machine – Doomed: Junkware claiming it can rid PCs of viruses, clean up the Registry, etc

On behalf of the security industry, which provides a large chunk of my income, maybe I should stress that not all programs that claim to rid PCs of viruses are junkware. 🙂 But perhaps it’s worth remembering that the difference between legitimate and less legitimate marketing is sometimes paper-thin. And talking about papers, here’s one on that very topic. 🙂 However, since that ESET paper for an EICAR conference goes back to 2011, maybe I should consider revisiting the topic.

David Harley

Posted by: David Harley | January 31, 2018

Ohio and FTC versus tech support scammers

Kevin Townsend, for Security Week, reports on action against tech support scammers in the US and UK.

Tech Support Scammers Fined in US, Jailed in UK

Kevin says:

Ohio Attorney General Mike DeWine and the Federal Trade Commission (FTC) announced Monday that operators of a nationwide computer repair scam have been banned from the tech support business as part of settlements with the FTC and Ohio.

Includes some commentary from me.

David Harley

Posted by: David Harley | January 9, 2018

Hoaxbusters bowed out – and here’s a phone scams page

This is actually very old news (i.e. just over a year old), but I don’t have as much involvement as I used to with hoaxwatching, so I hadn’t noticed that Hoaxbusters had announced its official retirement.

The retirement was actually pointed out to me by Joseph Keller – thanks for that! – with reference to a post from 2017 that cited a HoaxBusters article that’s no longer available. I’ve addressed that and a couple of other broken links, but obviously I’ve blogged too much over the years to go back over everything checking for broken links. (I have been checking articles on the ESET blog for a while, but only when time allows, so there’s a lot left to do there.

However, Joseph did point out the phone scams page at, which readers of this page might find of some interest.

David Harley

Posted by: David Harley | December 14, 2017

Death threats, 419s and ransom’ware’

Mark Stockley for Sophos: Ransom email scam from ‘hitman’ demands: pay up or die

In fact, this isn’t ransomware so much as a new twist on a 419. More info in my article for AVIEN: The Smiling Assassin (shaken not stirred)

David Harley

Posted by: David Harley | December 12, 2017

Tech Support Scams: using Spotify to boost SEO

[Previous posted to the AVIEN blog.]

Lawrence Abrams for Bleeping Computer: Tech Support Scammers Invade Spotify Forums to Rank in Search Engines

Extract: “Over the past few months, Tech Support scammers have been using the Spotify forums to inject their phone numbers into the first page of the Google & Bing search results. They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google.”

David Harley

Posted by: David Harley | June 25, 2017

Church, State, and a Misleading Meme

This morning I came across a meme that posed me something of a quandary. It appeared to be intended to address the vexed question of the ‘separation between Church & State’ in the USA, and claimed that

  • Thomas Jefferson, 3rd President of the United States, said ‘Christianity is the most perverted system that ever shown [sic] on man’
  • Benjamin Franklin said ‘Lighthouses are more useful than churches’
  • George Washington, the 1st President, said ‘As the Government of the United States of America is not, in any sense, founded on the Christian Religion…’

Being neither a Christian nor American, I tend to keep my thoughts on US politics to myself, especially when it concerns the 1st or 2nd amendment. But I was a little surprised that these three individuals were apparently being held up as poster boys for atheism. So I looked a little harder, and found that all three of those assertions were misleading.

Jefferson & Christianity

This, apparently, is what Jefferson wrote to Joseph Priestley in 1801:

“…those who live by mystery & charlatanerie, fearing you would render them useless by simplifying the Christian philosophy, the most sublime & benevolent, but most perverted system that ever shone on man, endeavored to crush your well earnt, & well deserved fame.”

While both Priestley and Jefferson seem to have suffered to some extent for their ‘unconventional’ religious beliefs, both regarded themselves as Christians, and it seems clear from the expanded extract that Jefferson was using ‘perverted’ in its formal sense, with reference to forms of worship that be believed to have strayed from what he regarded as the true teachings of Christianity.

Franklin & Christianity

I’m unable to find any evidence that Franklin ever said that ‘Lighthouses are more useful than churches’. However, Wikiquote directed me to a footnote in the ‘Memoirs of the Life and Writings of Benjamin Franklin’ to a memoir explaining how close he came to being shipwrecked on the Western Rocks of Scilly. The footnote told me that ‘In a letter from Dr. Franklin to his wife, dated at Falmouth, the 17th July, 1757, after giving her a similar account of his voyage, escape and landing; he adds, “The bell ringing for church, we went thither immediately, and with hearts full of gratitude, returned since thanks to God for the mercies we had received: were I a Roman Catholic, perhaps I should on this occasion vow to build a chapel to some saint; but as I am not, if I were to vow at all, it should be to build a light-house.”‘

It seems entirely likely that the quote about the superior usefulness of lighthouses is based on this quotations and an observation on the same page that ‘This deliverance impressed me strongly with the utility of light-houses, and made me resolve to encourage the building some of them in America, if I should live to return thither.’ However, the footnote also makes clear Franklin’s eagerness to attend church after his narrow escape: I suspect that he would be less than happy to have been credited with this ‘apples versus oranges’ comparison.

Washington & Christianity

Washington didn’t make a big deal out of his Episcopalian affiliation, and the precise nature of his beliefs has been much discussed since his death. Michael and Jana Novak suggest that he maintained a ‘studied ambiguity (and personal privacy)’ regarding his own deepest religious convictions’ with the intention of encouraging tolerance and respect for other Christian denominations. I’m not sure how far his own tolerance extended to non-Christians, but as it happens this quotation is not from Washington (or at any rate not directly*) but from Article 11 of the Tripoli Treaty, an agreement between the US and Tripoli. This was one of a series of treaties negotiated with the Muslim countries that constituted the Barbary Coast or the Berber Coast(the countries now called Morocco, Algeria, Tunisia, and Libya, Libya being known at that time as Tripoli), intended to stop US ships and crews being taken for ransom by privateers (government-sponsored pirates) from those countries.

In fact, it seems that Article 11 may not have been included in this form in the Arabic version of the treaty, but it was in the English translation ratified by the Senate in 1797, and has often been cited in defence of the argument that the US is a secular state.


Does this really matter, you may wonder?

I don’t intend to use this article as a soapbox from which to air my own views on Christianity – or deism in any form – but the meme that was my starting point does seem to propagate the view that three of the Founding Fathers of the United States were actively anti-Christian. If this wasn’t intentional, perhaps whoever put the meme together should have done a little more research. If it was intentional, I can’t pretend to be enthusiastic about dishonesty from either end of the Deist/Atheist spectrum, even though I’m all too aware that immense harm can be done by governments that don’t separate church and state, not least where religion is used as a cloak for self-interest. (On the other hand, I don’t underestimate the harm that can be done by governments that don’t represent any religion but self-interest.)

David Harley

*Washington did appoint a Commissioner Plenipotentiary to negotiate treaties with the Barbary states. It’s by no means impossible that he had some influence on the wording of those treaties. However, it was John Adams, the 2nd President of the United States, who actually passed the document to the Senate for ratification and, indeed, signed it.

Posted by: David Harley | April 13, 2017

The Spanish Harmada – more info on support scams

After our recent joint blog for ESET, Support scams now reign in Spain, Josep Albors was contacted by a Spanish online newspaper asking for further information and general commentary. After collaborating on some responses to those questions, we used them as the basis for a lengthy follow-up blog. As well as allowing us to expand on the reasons why this elderly scam has managed to gain a new lease of life, this piece introduced me to abduction scams, another nasty scam variation that had somehow passed me by, up to now. (Briefly described in the article.) But I’ll probably get back to that in another article.

In the meantime, here’s the article: Spanish Harmada: More on tech support scams

David Harley

Posted by: David Harley | February 15, 2017

Facebook Cloning – don’t panic!

Here’s a Facebook post I’ve seen people cut and paste a couple of times recently.

Heads-up!! Almost every account is being cloned. Your picture and your name are used to create a new face book account (they don’t need your password to do this this). They want your friends to add them to their Facebook account. Your friends will think that it’s you and accept your request. From that point on they can write what they want under your name. I have NO plans to open a new account. Please DO NOT accept a 2nd friend request from “me”. please forward to all your contacts.

Clearly this is the Facebook equivalent of a chain letter, but that doesn’t necessarily mean it isn’t true, does it?

Well, no: Facebook accounts do get cloned, but it doesn’t happen as regularly as this implies. Snopes – always a good resource for checking potential hoaxes and chain messages – classifies it as ‘partly true’ and includes this and three other examples of the messages that have circulated. David Mikkelson also points out that it’s far from new and doesn’t entail real ‘hacking’. Facebook Pirates – Warning alerts social media users that Facebook ‘pirates’ Facebook “pirates” perpetrate scams by setting up look-alike Facebook accounts that copy other users’ profiles.

Facebook users who make a lot of information about themselves public make it easy for a cloner to use images and information to set up a fake account. Several scams such as ‘Londoning‘ depend on the cloner being able to contact the friends of the owner of the genuine account. While you can’t eliminate the possibility of your account being cloned, you can lower the risk by reducing the value of your account to the scammer. You can do this by tightening your privacy settings: obvious ways of doing this include setting your account so that only friends can see your posts


and no-one but you can see your friends list.


Brett M. Christensen provides a longer analysis on Hoax-Slayer, and includes some useful advice on how to take those measures: Viral Facebook Post Warns About Facebook Cloning – Warning Is Valid.

David Harley

Older Posts »