Posted by: David Harley | October 18, 2016

Support Scam Victimology

Interesting statistics regarding the relative proportions of tech support scam victims in various parts of the world:

David Harley

Posted by: David Harley | August 8, 2016

Wire-Wire Scam

Another case of ‘the biter bit’: for The Register, Richard Chirgwin describes a “‘Nigerian scammer’ busted after he infected himself with malware – Researchers able to watch wire-fraudsters operate in real time

Apart from the Schadenfreude many of us experience when a scammer shoots himself in the foot, it’s worth reading the article for the summary of how the ‘wire-wire’ scam works. Chirgwin considers this to be a variation on a family of scams described earlier this year by the FBI: FBI Warns of Dramatic Increase in Business E-Mail Scams.

The Register’s article is based on a comprehensive analysis by Joe Stewart and James Bettke for SecureWorks of Wire Wire: A West African Cyber Threat.

The report describes how practitioners of the traditional 419 scam, based on simple social engineering, have moved towards two more technically sophisticated types of this particular scam:

  • Business email compromise (BEC) — Hijacking an email account or an email server to intercept business transactions and redirect payments
  • Business email spoofing (BES) — Sending spoofed email from an external account pretending to be a company executive authorizing an irregular payment transaction

David Harley

Posted by: David Harley | August 8, 2016

Support scams and ransomware

I’ve added two stories to the AVIEN blog and resources pages touching on the link between support scams and ransomware.

In the second one, the link is rather more tenuous: it’s basically about how a support scammer was tricked into running ransomware on his own system.

David Harley

Posted by: David Harley | July 4, 2016

ESET Ireland’s phishing warning

Urban Schrott – for ESET Ireland – warns of phish attacks targeting users of Irish utilities: Irish Water and Electric Ireland customers targeted in latest online scams.

David Harley

Posted by: David Harley | June 7, 2016

Scamming the would-be scammer

Every so often I find myself dealing with a blog comment by someone claiming to offer a blank ATM card that can be used to hack any ATM to get an unlimited supply of free money. And every time I wonder whether I ought to blog about it, but it’s never seemed a high priority. After all, it’s pretty obvious that if such a thing actually existed, it couldn’t possibly be legal, could it? Even the scammers who offer it tend to admit that it’s illegal – one recent example tells me that it’s nevertheless untraceable, since it also stops the CCTV camera from ‘detecting’ you. It also lays golden eggs and predicts the winner of the Grand National. (I made that last bit up, but it doesn’t seem that much more far-fetched.)


So who cares if people who don’t have a problem with robbing banks get caught out by a scammer? Well, maybe some of the potential victims are desperate rather than intrinsically amoral.

It’s worth noting, maybe, that 419 scammers are often frank about the fraudulent nature of the transaction they’re proposing – without making it clear, of course, that it’s their ‘partner’ in crime who will be scammed, not the government or bank – but attempt to justify it by claiming that the money they’re offering would otherwise be misused by the organization from which it’s stolen. The perpetrators of this scam will sometimes make somewhat similar justifications – ‘because the government cannot help us so we have to help our self’ – and it’s often quite hard to feel much sympathy for a government agency or a bank… Of course, the illegality of the transaction does make it difficult for the victim to report it when they realize they’ve been scammed.

It’s sometimes assumed that this kind of scam is a 419 – I don’t know that this is always the case. They’re usually badly written, but not in the same stilted way that characterize so many 419s. Here’s an example of a blogger who found a scammer who certainly seems to be based in Nigeria, though.

So here’s the bad news (though it’s good news for those whose hard-earned cash helps to keep the banks afloat). There ain’t no such card. If you have a few hundred bucks to spend on something so improbable, there’s a scammer someone who’ll gladly relieve you of it and no doubt will feel quite justified in doing so.

David Harley



Posted by: David Harley | April 12, 2016

Symantec threat report

Extract from a blog article for AVIEN: UK threat prevalence – Symantec

John Leyden for The Register has summarized Symantec’s latest Internet Security Threat Report, and focuses on UK-specific figures for threat prevalence: Spear phishers target gullible Brits more than anyone else – survey; Ransomware, 0days, malware, scams… all are up, says Symantec.

Longer extract added to the tech support scam and ransomware resources pages, but there are a few thoughts in the longer article that didn’t really fit either of those pages.

I haven’t checked out the report directly as it requires registration, and I’m fussy about giving my details away where marketing information is mandatory.

David Harley

Posted by: David Harley | March 24, 2016

Tech Support Scammer, not your ISP

Jérôme Segura has blogged for Malwarebytes about a somewhat innovative tech support scam campaign: Scammers Impersonate ISPs in New Tech Support Campaign.

The scam is pushed by malvertising which

‘detects which Internet Service Provider (ISP) you are using (based on your IP address) and displays a legitimate looking page that urges you to call for immediate assistance.’

Added to the tech support scam resource page at AVIEN.

David Harley

Posted by: David Harley | March 21, 2016

Sonia denounces Rahul, we denounce a virus hoax

At some length… I’ll probably come back to the topic of virus hoaxes. They haven’t disappeared, but tended to migrate from email to social media. Meanwhile, here’s my article for ITSecurity UK.

Virus hoaxes still thrive while ‘Sonia disowns Rahul’

David Harley

Posted by: David Harley | February 20, 2016

Support Scams: Now what do I do?

It suddenly occurs to me that while I usually flag my articles on support scams to readers of this blog, I hadn’t mentioned an article I recently published on the ESET WeLiveSecurity site.

Support scams: What do I do now?

I returned in this case to the theme of what to do if a scammer actually gets a foothold on your system, because I still see a number of blog comments from people worried about the implications of such an intrusion and wondering what action they need to take.

David Harley

Posted by: David Harley | February 2, 2016

Email Scams in Ireland

These days, I don’t even try most of the time to keep track of spam/scam/phish emails, but here are a couple of notable recent examples from my colleagues at ESET Ireland:

What were the main email scams in Ireland in January?

I think it’s safe to assume that there will be similar mails seen in other regions.

David Harley

« Newer Posts - Older Posts »