Posted by: David Harley | May 20, 2018

HoweyCoins: fake offer, real education

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website,, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

And, returning to a more common scam topic on this site…

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

David Harley

Posted by: David Harley | May 12, 2018

Tech support scam article for ESET

Here’s an article by me for ESET: Tech support scams and the call of the void

“Christopher Burgess for Security Boulevard on what happens When Scammers Fill the Tech Support Void … says: “I still haven’t figured out why those companies that provide tech support tend to hide the connectivity to these saviors of their brand in the weeds of the website, but they do, and we search—and sometimes we strike gold.”

However, I don’t think the reluctance of companies to draw attention to their support services is too much of a mystery…”

There may be persuasive reasons why providers are reluctant to engage directly with their customers, but the consequences may be grim for both provider and customer.

And here are a couple of other scam-related stories you may find of interest:

David Harley

Posted by: David Harley | April 27, 2018

Microsoft on support scams – plus, assessing gullibility

Erik Wahlstrom for Microsoft talks about tech support scams, the volume of complaints Microsoft receives, and the partnerships it has built in an effort to reduce their impact. Worth reading. Teaming up in the war on tech support scams. Some commentary and basic advice from Graham Cluley: Reports of tech support scams rocket, earning handsome returns for fraudsters.

Homeland Security News Wire: Tool measures individuals’ likelihood to fall for internet scams. Taking a look at the actual survey, I find it hard to assess the validity of the questions, despite (or perhaps because of) my academic and professional background. There are a lot of questions there I simply wouldn’t choose to answer. Still, the paper is interesting: We will make you like our research: The development of a susceptibility-to-persuasion scale [Update: commentary from ESET: This test will tell you how likely you are to fall for fraud]

David Harley

Posted by: David Harley | April 21, 2018

UK ID Theft, IWF report on child abuse, Gold Galleon BEC

(1) The Register: ID theft in UK hits record high as crooks shift to more vulnerable targets – “Less checked online services bear brunt”

‘… Conor Burns MP, chairman of the All-Party Parliamentary Group on Financial Crime and Scamming, said:

“Fraud is the 21st century volume crime and the issue is not going to go away. With more and more people sharing data, transacting, setting up businesses, dating and chatting online this trend is only going to continue.”‘

(2) International Watch Foundation: “Our 2017 Annual Report (published on 18 April 2018) gives the latest data on what’s happening globally to tackle child sexual abuse images and videos online…Visit our interactive 2017 Annual report microsite here…” The statistics are summarized in a press release here.

(3) SecureWorks: GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry – “In 2017, Secureworks® Counter Threat Unit™ (CTU) researchers continued to track GOLD SKYLINE, a financially motivated Nigerian threat group involved in business email compromise (BEC) and business email spoofing (BES) fraud. During the investigation, CTU™ researchers discovered a previously unidentified BEC group that they have named GOLD GALLEON.” BEC could be defined as 419 scammers wearing their corporate hat.

David Harley

Posted by: David Harley | March 28, 2018

Two Facebook hoax updates from Sophos

Posted by: David Harley | March 27, 2018

(Anti-)Social Media

If you’ve regularly read this blog, you probably realize that I’ve often covered Facebook issues on this blog, which nowadays has a much wider scope than email hoaxes. That being so, you may be surprised that I haven’t been covering the Facebook/Cambridge Analytica issues here. This is mostly because I’ve been flagging those issues on the (nearly) new Anti-Social Media page on the revitalized AVIEN (Anti-Virus Information Exchange Network) blog and portal, now transferred here.

I’m in the process of rationalizing my blogging protocols and processes, so such things might start to turn up here as well, but the Anti-Social Media is still my priority for Facebook security issues, and here is the best place to go for a full report on updates to AVIEN and other resources I manage.

David Harley

Posted by: David Harley | March 23, 2018

A brief history of Stephen Hawking

Well, not exactly.

For Malwarebytes, Chris Boyd reports on a more than usually inept 419 scam that makes a feeble attempt to capitalize on the recent death of the esteemed physicist/cosmologist with a ‘quiz’.

“Celebrating Stephen Hawking” with a 419 scam

It’s hard to imagine many people falling for this one, but the article is worth a read anyway.

David Harley

Posted by: David Harley | March 20, 2018

Bomb hoax targeting schools

If I had a separate category for ‘miscellaneous extortion’ this hoax might belong there. Not just a hoax, but one that centres on extortion, though it looks as if the point is to embarrass/harass the apparent sender of the extortion email (the Michigan company VELT)  rather than actually make a direct profit from extortion. The company’s CEO told the BBC that the attacker was probably a Minecraft player who had been banned from using the Veltpvp server, by way of revenge.

The BBC: School bomb threats: Disgruntled Minecraft gamer ‘behind hoax’

The Guardian: School bomb threats: more than 400 schools in England receive hoax warnings “Police say threats contained in emails are not credible and evacuations are unnecessary.”

The Telegraph: Hackers target more than 400 schools with  bomb hoax.

David Harley

Posted by: David Harley | March 7, 2018

SANS tips on using social media

I’m not as convinced by SANS as the complete authority on all security issues as SANS is. But the latest ‘OUCH! newsletter offers reasonable (if basic) advice: Top Tips to Securely Using Social Media. Sadly, I can’t say there isn’t a need for such advice…

If this level of advice would be useful to you or perhaps to people to whom you offer advice or support, there’s an archive and invitation to subscribe here.

David Harley

Posted by: David Harley | March 2, 2018

Tearing your hair out at hacker hoaxes

Sophos: Facebook’s see yourself bald app: extreme hackers or extreme hoax?

Snopes: Are Hackers Stealing Private Information via ‘What Would You Look Like Bald’ Facebook Apps? “Viral warnings about “extreme hackers” stealing information via popular entertainment apps on Facebook are false and misleading.”

And here’s Facebook’s overview of what information apps can really collect.

David Harley

Older Posts »