Posted by: David Harley | April 21, 2018

UK ID Theft, IWF report on child abuse, Gold Galleon BEC

(1) The Register: ID theft in UK hits record high as crooks shift to more vulnerable targets – “Less checked online services bear brunt”

‘… Conor Burns MP, chairman of the All-Party Parliamentary Group on Financial Crime and Scamming, said:

“Fraud is the 21st century volume crime and the issue is not going to go away. With more and more people sharing data, transacting, setting up businesses, dating and chatting online this trend is only going to continue.”‘

(2) International Watch Foundation: “Our 2017 Annual Report (published on 18 April 2018) gives the latest data on what’s happening globally to tackle child sexual abuse images and videos online…Visit our interactive 2017 Annual report microsite here…” The statistics are summarized in a press release here.

(3) SecureWorks: GOLD GALLEON: How a Nigerian Cyber Crew Plunders the Shipping Industry – “In 2017, Secureworks® Counter Threat Unit™ (CTU) researchers continued to track GOLD SKYLINE, a financially motivated Nigerian threat group involved in business email compromise (BEC) and business email spoofing (BES) fraud. During the investigation, CTU™ researchers discovered a previously unidentified BEC group that they have named GOLD GALLEON.” BEC could be defined as 419 scammers wearing their corporate hat.

David Harley

Posted by: David Harley | March 28, 2018

Two Facebook hoax updates from Sophos

Posted by: David Harley | March 27, 2018

(Anti-)Social Media

If you’ve regularly read this blog, you probably realize that I’ve often covered Facebook issues on this blog, which nowadays has a much wider scope than email hoaxes. That being so, you may be surprised that I haven’t been covering the Facebook/Cambridge Analytica issues here. This is mostly because I’ve been flagging those issues on the (nearly) new Anti-Social Media page on the revitalized AVIEN (Anti-Virus Information Exchange Network) blog and portal, now transferred here.

I’m in the process of rationalizing my blogging protocols and processes, so such things might start to turn up here as well, but the Anti-Social Media is still my priority for Facebook security issues, and here is the best place to go for a full report on updates to AVIEN and other resources I manage.

David Harley

Posted by: David Harley | March 23, 2018

A brief history of Stephen Hawking

Well, not exactly.

For Malwarebytes, Chris Boyd reports on a more than usually inept 419 scam that makes a feeble attempt to capitalize on the recent death of the esteemed physicist/cosmologist with a ‘quiz’.

“Celebrating Stephen Hawking” with a 419 scam

It’s hard to imagine many people falling for this one, but the article is worth a read anyway.

David Harley

Posted by: David Harley | March 20, 2018

Bomb hoax targeting schools

If I had a separate category for ‘miscellaneous extortion’ this hoax might belong there. Not just a hoax, but one that centres on extortion, though it looks as if the point is to embarrass/harass the apparent sender of the extortion email (the Michigan company VELT)  rather than actually make a direct profit from extortion. The company’s CEO told the BBC that the attacker was probably a Minecraft player who had been banned from using the Veltpvp server, by way of revenge.

The BBC: School bomb threats: Disgruntled Minecraft gamer ‘behind hoax’

The Guardian: School bomb threats: more than 400 schools in England receive hoax warnings “Police say threats contained in emails are not credible and evacuations are unnecessary.”

The Telegraph: Hackers target more than 400 schools with  bomb hoax.

David Harley

Posted by: David Harley | March 7, 2018

SANS tips on using social media

I’m not as convinced by SANS as the complete authority on all security issues as SANS is. But the latest ‘OUCH! newsletter offers reasonable (if basic) advice: Top Tips to Securely Using Social Media. Sadly, I can’t say there isn’t a need for such advice…

If this level of advice would be useful to you or perhaps to people to whom you offer advice or support, there’s an archive and invitation to subscribe here.

David Harley

Posted by: David Harley | March 2, 2018

Tearing your hair out at hacker hoaxes

Sophos: Facebook’s see yourself bald app: extreme hackers or extreme hoax?

Snopes: Are Hackers Stealing Private Information via ‘What Would You Look Like Bald’ Facebook Apps? “Viral warnings about “extreme hackers” stealing information via popular entertainment apps on Facebook are false and misleading.”

And here’s Facebook’s overview of what information apps can really collect.

David Harley

Posted by: David Harley | February 22, 2018

Guns, hoaxes and propaganda

Mostly, I keep my thoughts on gun control to myself – on social media, at any rate – except when spammed by the NRA, which hasn’t happened lately. Let’s just say that I find it hard to empathize with gun culture, but realize that the US is a very different country to the one in which I grew up, and I’ve grown weary of the to-and-fro misrepresentation of shooting statistics that seems to dominate the arguments on Facebook and elsewhere.

However, the still-spreading meme that identifies Democrats rather than conservatives or NRA members as implicated in assassination attempts and other shootings looks very much like an example of political propaganda that dovetails into the hoaxes that were the original target of this web site. And I would at least recommend that you check the facts before spreading it.

Here’s an analysis from Snopes: Is this List of Democrat Shooters Accurate? concludes that “A viral list of dozens of shootings purportedly committed by Democrats is based on faulty, inaccurate, and unsubstantiated claims.”

David Harley

Posted by: David Harley | February 22, 2018

SecureList article on tax scams

Kaspersky’s Nadezhda Demidova contributes an exhaustive article on tax scams – all too familiar a topic at this time of year: Tax refund, or How to lose your remaining cash

Summary: “Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given that tax authorities and their taxpayers are moving online, it’s no surprise to find cybercriminals hard on their heels.”

Specifically addresses information relevant to the US, Canada, UK and France as well as other countries.

Some other relevant (older) articles from ESET – other vendors and blogs are available, but I can lay hands on these easily for obvious reasons. (In fact, I’ve just been looking them up for an ESET-related project.)  🙂


David Harley

Posted by: David Harley | February 22, 2018

Avast: Android APT delivered via Facebook

Avast: Social engineering used to trick Facebook users into downloading Advanced Persistent Threat disguised as Kik Messenger app.

Apparently, the fake FB profiles from ‘attractive but fictitious women’ lure victims into downloading spyware the company calls Tempting Cedar Spyware.

Commentary by Danny Palmer for ZDnet here: Hacking group used Facebook lures to trick victims into downloading Android spyware

“At least three fake social media accounts posing as young women have encouraged victims into downloading highly invasive Android malware.”

David Harley

« Newer Posts - Older Posts »