Posted by: David Harley | September 2, 2015

Support Scams: Old Dog, New Teeth

[Also posted on Mac Virus]

Further to the tech support scam issues with OS X and iOS that I flagged here, here and here, I recently included some information on those and many other recent support scam trends in an article for ESET on Support scams, malware and mindgames without frontiers. The article concerns the expansion of tech support scamming across platforms and into languages other than English, as well as scam activity associated with real malware.

Unfortunately, there’s life in this rabid old dog yet. I’m referring to the scamming, not me. This is an attack whose scope, evolution and impact is still underestimated.

David Harley

Posted by: David Harley | July 17, 2015

iOS and support scams addendum

Here’s a further Mac Virus article in the light of an F-Secure article explaining that pop-up blocking in Safari doesn’t fix the iOS Support Scams issue I added yesterday: A bit more on iOS support scams.

Added to the AVIEN resources page, along with some links.

David Harley

Posted by: David Harley | July 16, 2015

iOS support scams

Here’s an extract from another Mac Virus article – iOS Support Scams – on tech support scams, this time targeting iOS users:

A new blog by Graham Cluley for Intego actually has some points in common with my most recent blog here (which also involved pop-ups misused by support scammers, particularly in the context of Safari). However, Graham’s article is about iOS, whereas mine related to questions asked regarding OS X and Safari (citing advice from Thomas Reed that also addressed other browsers).

I’ve added it to the AVIEN resources page, of course.

David Harley

Posted by: David Harley | July 14, 2015

Support scams and Mac pop-ups

Out of my own blogs, this one tends to the one where I put my scam-related articles, as well as stuff relating to hoaxes and chain letters. However, since the issue I’m flagging here relates to a Mac version of the support scam, I’ve blogged about it on Mac Virus:

Here’s an excerpt that explains a little more:

Thomas Reed’s The Safe Mac site features generally sound commentary and advice page and has an article here that specifically addresses pop-up scam ‘virus alerts’ targeting Mac users, and if you’re seeing something like this, his advice on how to get rid of a scam message may work for you. I’ve had a few conversations with Thomas regarding malware in the past couple of years, and he seems pretty well-informed. There are also lots of comments worth reading from other victims, and Thomas is pretty good at responding to them.

I’ve included it on the AVIEN resource page PC ‘Tech Support’ Cold-Call Scam Resources even though it doesn’t relate directly to Windows PCs.

David Harley

Posted by: David Harley | June 26, 2015

Some phone scam statistics

I’ve just added a link to one of my articles for ESET to the AVIEN scam resources page. The article is not primarily about support scams (unlikely nearly all the other links on that page), but looks at interesting data from reports by the Consumer Sentinel Network Data Book for January-December 2014 and Pindrop Security – The State of Phone Fraud 2014-2015: a Global, Cross-Industry Threat.

I don’t recommend (see my article) that you take the statistics as gospel, but interesting trends and commentary.

It occurs to me that maybe I should widen the scope of that page, given the range of phone scams that hit my radar nowadays.

David Harley
Small Blue-Green World

Posted by: David Harley | June 19, 2015

Webmail: how password recovery can be abused

short video by Symantec demonstrates how a password recovery mechanism for webmail services can be abused if an attacker knows your cell phone number and you’ve registered the phone for password recovery/reset: basically, the attacker can click on the ‘I forgot my password’ link so that a verification code is sent to that phone number by SMS. While the attacker doesn’t see the text from the provider directly, he’s then able to text the potential victim, pretending to be the provider, and requiring the victim to return the code in order to counter unusual or unauthorized activity on the account. If the victim does so, his account is wide open to compromise.

A recent blog by Graham Cluley summarizes the scam rather well, and John Leyden’s article for the Register covers much the same ground. However, there’s more to be said on this type of attack (including a potential email variation), and I intend to do just that in an article due to be published on Monday by Infosecurity Magazine. (Now published here.)

David Harley

Posted by: David Harley | May 4, 2015

Nepal Earthquake Scams

Every time there’s a major disaster, the media and the security industry point out the risk that scammers and other criminals will make use of it to spread scam messages and malware. Unfortunately, they’re right more often than not, and a number of scammers have taken advantage of the Nepal earthquake, as I reported in a blog for AVIEN:

Nepal earthquake scam: out for a duck…

I also took the opportunity to add a couple of older links to AVIEN’s PC tech support scam resources page.

David Harley

Posted by: David Harley | April 24, 2015

In-the-Wild (organ) harvest?

Being a guitarist, I’ve never really devoted much time to organ harvesting. (Sorry: I never could resist a pun, the worse the better.) In fact, there’s a long-standing urban myth about people in the US being drugged and waking up to find themselves in a bath of ice minus one of their kidneys, which has inspired several books/stories, movies and TV programmes. (Snopes, a site which is very informative on hoaxes and semi-hoaxes and which is also not averse to the occasional pun, has an article on the subject called You’ve Got to Be Kidneying.)

Of course, I’m not saying that organ harvesting never happens. There are obviously mechanisms for organ donation, whether it’s for close relatives or complete strangers. In fact, it’s quite common in some countries for people to sell their own organs, and I certainly wouldn’t claim that no-one has ever had an organ removed without their permission or knowledge. However, it tends to be quite difficult to verify stories of such misappropriation in the US or Europe, though there are reported links with human trafficking. And that’s not funny at all.

Still, I can’t help chuckling at this Art of Trolling post concerning an invitation to participate. Joke or social engineering? I think probably the former.

Hat tip to Kurt Wismer for calling it to my attention on his Security Memetics blog.

David Harley
Small Blue-Green World

Posted by: David Harley | April 8, 2015

Facebook Makes the World go Round

Well, I hope it doesn’t, but an awful lot of those people who don’t look up from their smartphones are probably on it. Facebook, like the social media in general, has enormous faith in its own algorithms, but I’m not sure that faith is justified. But how much difference does it make?

An article for Top Facebook Stories: Your Choice?

David Harley
Small Blue-Green World

Posted by: David Harley | February 12, 2015

Valentine Scams

[Update: clearly, someone at ESET thought they should make up for the dearth of Valentine posts last year: since I posted yesterday, Sabrina Pagnotta has warned us about 7 unromantic Valentines gifts from a cybercriminal, and Graham Cluley advises us that Sexy Russian scammers would love to break your heart this Valentine’s Day. I hope you’re all feeling the love from Bratislava.]

For ESET, Rob Waugh considers six common types of Valentine’s Day scams and how to spot them:  Is your valentine for real? Six signs you might be falling for an online dating scam

One gambit he doesn’t mention is the use of Valentine-related social engineering (using malicious links, fake ecards etc.) to deliver malware as Storm and Waledac (for instance) did. Of course, for that sort of clickbait, pretty much any holiday, news story, hoax video etc. will do.

Actually, it’s become somewhat traditional for my colleagues at ESET to take all the fun out of Valentine’s Day with doom and gloom about incoming scams, though we seem to have missed the boat last year:

Other seasonal blog articles from other vendors are, of course, available. I just don’t have the energy to go looking for them. ;)

David Harley
Small Blue-Green World

« Newer Posts - Older Posts »



Get every new post delivered to your Inbox.