Posted by: David Harley | December 25, 2019

Checking it out…

If there’s one thing I’ve learned from decades of tracking hoaxes and scams, it’s that the victims of these assaults on humanity are not always eager to acknowledge that they’ve fallen prey to malicious social engineering. So here’s an offer: contact me via this page, and I’ll give you the best information I can on whether you’ve been spammed or scammed. If you don’t, fair enough. This is not a commercial site, and I don’t lose anything if you don’t contact me, but after 30+ years of working in the security industry (and not being fully retired…) I’m still interested in any information that hurts the bad guys.

David Harley

Posted by: David Harley | January 14, 2019

DVLA ‘tax disk’ scams

Having seen a fake DVLA text message today, I thought I’d remind you that the DVLA does not send text message asking for personal data or payment details. The one I saw today simply asked the recipient to log into a dodgy URL to respond to an ‘urgent’ message, but since the message has already been deleted I can’t give you further details. However, the DVLA has said, in response to a previous set of scam messages: “…if you receive anything purporting to be from DVLA don’t open any links and delete the email or text immediately.” I’m sure if the DVLA really wants to contact you, they’ll send you a letter…

Here’s the DVLA warning from 2016:  Scam warning for DVLA customers

And here’s an article by Paul Ducklin for Sophos that isn’t about the DVLA scams, but is certainly relevant: Got an SMS offering $$$ refund? Don’t fall for it…

David Harley

Posted by: David Harley | December 30, 2018

Service suspended

As I no longer have a permanent role in the security industry, this blog is not currently being maintained.

David Harley

Posted by: David Harley | November 20, 2018

Susceptibility to phishing

A paper from the University of Maryland – Phishing in an Academic Community: A Study of User Susceptibility and Behavior – came up with an unexpected conclusion.

“Students who identified themselves as understanding the definition of phishing had a higher susceptibility than did their peers who were merely aware of phishing attacks, with both groups having a higher susceptibility than those with no knowledge of phishing. ”

It certainly seems counter-intuitive that greater knowledge of the phishing issue should result in greater susceptibility to phishing attacks. Perhaps the answer lies in the wide spread of demographic variables addressed in this study (“age, gender, college affiliation, academic year progression, time spent on a computer, cyber club/cyber scholarship program affiliation, cyber training, and phishing awareness demographics”). There are a number of factors that could have a bearing on this result:

  • The assumptions behind the weighting of that range of variables might be methodologically unsound.
  • My own informal (but longstanding…) experience suggests that people who have significant technological knowledge but are not specialists in security or the relationships between technology and human behaviour may be at least as susceptible to attacks involving psychological manipulation such as phishing, hoaxes and such as are members of the population at large.
  • A significant number of subjects may have overestimated their own understanding of phishing and security, an optimistic assessment that may have spilled over into the experimental design. The possibility of inaccurate self-assessment is a point made by the group conducting the experiment, and it does jibe with my own experience.
  • The group also suggests that the “the act of falling for the phishing scheme might have increased the user’s awareness about phishing.” If this is the case, it certainly suggests a weakness in the experimental design.

In any case, there’s certainly scope for some further research here, whether or not it’s in the specific context of the academic community.

Commentary from The Register here: A little phishing knowledge may be a dangerous thing

David Harley

Posted by: David Harley | October 26, 2018

Je te plumerai le BEC

Posted by: David Harley | October 19, 2018

Recognizing scams

Tomáš Foltýn for ESET: Scams and flaws: Why we get duped – “What are the emotional triggers and errors in judgment that make you fall for an online scam?”

Unrelated, but on a somewhat similar theme:

Phil Muncaster for Infosecurity Magazine: European Banks and Police Warn Consumers of Cyber Scams – “A dedicated site explains the tell-tale signs of such scams, and what consumers can do to stay safe.”

The site includes documents devoted to:

  • Spoofed Bank Websites
  • Romance Scam
  • Phishing / Vishing / Smishing
  • CEO/Business Email Compromise (BEC) Fraud
  • Investment Scams
  • Invoice Fraud

Adrien Gendre of Vade Secure for Help Net: Who gets spear phished, and why? A good generalist guide to the issue.

David Harley

Posted by: David Harley | October 11, 2018

Facebook cloning revisited

A lot of people know by now that the widely-received warning about multiple Friend requests is generally unhelpful (to say the least). Many are dismissing it as a hoax, but that doesn’t address the more general confusion about FB cloning, hacking (not the same thing), clickjacking and clickbait, and general misinformation. This article for ESET attempts to put it into the wider context in a form that doesn’t require a PhD in information security. 

Send in the clones: Facebook cloning revisited

David Harley

Posted by: David Harley | October 6, 2018

Extortion & Breach Compilation archive; BEC as a service

Pierluigi Paganini: Experts warns of a new extortion campaign based on the Breach Compilation archive – “Crooks attempted to monetize the availability of a huge quantity of credentials available in the underground market …. [using] the credentials collected in the infamous database dubbed ‘Breach Compilation’.”

Graham Cluley for Tripwire: BEC-as-a-service offers hacked business accounts for as little as $150 – “Researchers at threat intelligence firm Digital Shadows report that companies don’t even need to be hacked to spill their address books and email archives. Careless backups of email archives on publicly-accessible rsync, FTP, SMB, S3 buckets, and NAS drives have exposed some 12.5 million archive files (.eml, .msg, .pst, .ost, .mbox) containing sensitive and financial information.”

David Harley

Posted by: David Harley | September 18, 2018

Tech support scams: curse of the Evil Cursor, and Technet ads removed

[Also posted to AVIEN]

Jérôme Segura for Malwarebytes: Partnerstroka: Large tech support scam operation features latest browser locker – “We have been monitoring a particular tech support scam campaign for some time which, like several others, relies on malvertising to redirect users to the well-known browser lockers (browlocks) pages. … we were still able to isolate incidents pertaining to this group which we have been tracking under the name Partnerstrokam …. and noticed that the fake alert pages contained what seemed to be a new browlock technique designed specifically for Google Chrome.”

Summary/commentary from Zeljka Zorz for Help Net: Tech support scammers leverage “evil cursor” technique to “lock” Chrome

John E. Dunn for Sophos: Microsoft purges 3,000 tech support scams hiding on TechNet – “Microsoft has taken down thousands of ads for tech support scams that had infested the company’s TechNet support domain in a sly attempt to boost their search ranking….Microsoft’s site was home to around 3,000 of these ads, mostly associated with the downloads section.

The ads covered a wide range of fraudulent support issues, from virtual currency sites to Google Wallet and Instagram. Johnston told ZDNet…”

David Harley

Posted by: David Harley | August 28, 2018

Green Card scams & Tech Support scams

William Tsing for Malwarebytes: Green card scams: preying on the desperate – Green card scams are far from new. Though in fact this site does actually indicate in the small print that its usefulness to someone wanting to improve their chances of getting a green card via the diversity visa lottery is going to be very limited indeed. But Tsing makes the interesting point that the scam site looks more authentic than the real site because it provides more information, and compares it to “what we see with legitimate tech support and tech support scammers. An official entity does a poor job communicating with its constituency, and that creates a vacuum that scammers are all too eager to fill.” Seems an entirely valid point.

I talked about the issue of inadequate tech support in an article for ESET – Tech support scams and the call of the void – The importance of providing the best possible after-sales service to customers. That article was sparked off by a useful article on the Security Boulevard site by Christopher Burgess on When Scammers Fill the Tech Support Void.

David Harley

Older Posts »