Posted by: David Harley | February 22, 2018

Guns, hoaxes and propaganda

Mostly, I keep my thoughts on gun control to myself – on social media, at any rate – except when spammed by the NRA, which hasn’t happened lately. Let’s just say that I find it hard to empathize with gun culture, but realize that the US is a very different country to the one in which I grew up, and I’ve grown weary of the to-and-fro misrepresentation of shooting statistics that seems to dominate the arguments on Facebook and elsewhere.

However, the still-spreading meme that identifies Democrats rather than conservatives or NRA members as implicated in assassination attempts and other shootings looks very much like an example of political propaganda that dovetails into the hoaxes that were the original target of this web site. And I would at least recommend that you check the facts before spreading it.

Here’s an analysis from Snopes: Is this List of Democrat Shooters Accurate? concludes that “A viral list of dozens of shootings purportedly committed by Democrats is based on faulty, inaccurate, and unsubstantiated claims.”

David Harley

Posted by: David Harley | February 22, 2018

SecureList article on tax scams

Kaspersky’s Nadezhda Demidova contributes an exhaustive article on tax scams – all too familiar a topic at this time of year: Tax refund, or How to lose your remaining cash

Summary: “Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given that tax authorities and their taxpayers are moving online, it’s no surprise to find cybercriminals hard on their heels.”

Specifically addresses information relevant to the US, Canada, UK and France as well as other countries.

Some other relevant (older) articles from ESET – other vendors and blogs are available, but I can lay hands on these easily for obvious reasons. (In fact, I’ve just been looking them up for an ESET-related project.)  🙂


David Harley

Posted by: David Harley | February 22, 2018

Avast: Android APT delivered via Facebook

Avast: Social engineering used to trick Facebook users into downloading Advanced Persistent Threat disguised as Kik Messenger app.

Apparently, the fake FB profiles from ‘attractive but fictitious women’ lure victims into downloading spyware the company calls Tempting Cedar Spyware.

Commentary by Danny Palmer for ZDnet here: Hacking group used Facebook lures to trick victims into downloading Android spyware

“At least three fake social media accounts posing as young women have encouraged victims into downloading highly invasive Android malware.”

David Harley

Posted by: David Harley | February 8, 2018

Another Facebook hoax

Lisa Vaas, for Sophos, tells us that a Facebook hoax claims:

Guess what, friends…. Facebook’s algorithm now chooses your 26 FB friends. If you can read this, please leave me a “hi,” whatever, so you will appear in my news feed.

Feel free to copy and paste on your wall, too, if you want to see more than FB’s algorithmic selection. FB shouldn’t choosing my friends. 

Here’s the Sophos article: Facebook HOAX! New algorithm will NOT only show you 26 friends

Another version of the hoax claims that:

I checked Snopes… And yes it’s TRUE…

Well, of course it isn’t. And Snopes is eager to point out that it isn’t.

Does a New Facebook Algorithm Only Show You 26 Friends?  “Facebook hasn’t limited your feed to only a certain number of people, and sharing a post saying otherwise won’t make any difference.”

Sadly, hoaxers discovered long ago that lots of people check possible hoaxes with Snopes, and try to persuade them that Snopes says white is black. More often than not, chain letters/emails and their equivalents on social media are dubious and often downright wrong. Check for yourself rather than take some anonymous person’s word for it. And yes, Snopes is an excellent place to start checking.

David Harley

Posted by: David Harley | February 8, 2018

Tech support scammers ‘lock’ Chrome

[Also posted to AVIEN.]

For Malwarebytes, Jérôme Segura continues to fight the good fight against support scammers by warning us that ‘Tech support scammers find new way to jam Google Chrome.’ (If you saw this when it first appeared, note that it has been updated since.) By abusing an API, the scammers manage to freeze the browser in the hope that users will be panicked into calling the fake ‘helpline’ advertised on the pop-up or pop-under that accompanies the freeze.

However, he observes:

Since most of these browser lockers are distributed via malvertising, an effective mitigation method is to use an ad-blocker. As a last resort, the Windows Task Manager will allow you to forcefully quit the offending browser processes.

David Harley

Posted by: David Harley | February 1, 2018

Coercive Messaging and Windows Defender

[Also published at AVIEN]

It’s not all about tech support scams, but Microsoft’s announcement about beefing up detection of ‘coercive messaging’ in Windows Defender is certainly related to some approaches used by tech support scammers, such as the use of malware that directs victims to a scam-friendly ‘helpline’.

Coercive messaging? As indicated in Microsoft’s evaluation criteria for malware and unwanted software,  that would be messages that ‘display alarming or coercive messages or misleading content to pressure you into paying for additional services or performing superfluous actions.’ That includes exaggerating or misrepresenting system errors and issues, claiming to have a unique fix, and using the well-worn scamming technique of rushing the victim into responding in a limited time-frame.

Certainly that’s all characteristic of the way that fake tech support is monetized, but it’s also characteristic of the lower-profiled but persistent issue of useless ‘system optimizers’.

Microsoft’s article actually strongly resembles some of the hot potatoes topics addressed by the Clean Software Alliance, which describes itself as ‘a self-regulatory organization for software distribution and monetization’. Unsurprisingly, since Microsoft had a great deal to do with the launching of the initiative. Anyway, it covers a great many issues that are well worth considering. I don’t think Microsoft and Windows Defender will be able to fix all these problems all on its/their own, but any movement in this direction is a Good Thing.

Shorter article focused more on coercive messaging from Barak Shein, of the Windows Defender Security Research Team: Protecting customers from being intimidated into making an unnecessary purchase.

Commentary by Shaun Nichols for The Register: Windows Defender will strap pushy scareware to its ass-kicker machine – Doomed: Junkware claiming it can rid PCs of viruses, clean up the Registry, etc

On behalf of the security industry, which provides a large chunk of my income, maybe I should stress that not all programs that claim to rid PCs of viruses are junkware. 🙂 But perhaps it’s worth remembering that the difference between legitimate and less legitimate marketing is sometimes paper-thin. And talking about papers, here’s one on that very topic. 🙂 However, since that ESET paper for an EICAR conference goes back to 2011, maybe I should consider revisiting the topic.

David Harley

Posted by: David Harley | January 31, 2018

Ohio and FTC versus tech support scammers

Kevin Townsend, for Security Week, reports on action against tech support scammers in the US and UK.

Tech Support Scammers Fined in US, Jailed in UK

Kevin says:

Ohio Attorney General Mike DeWine and the Federal Trade Commission (FTC) announced Monday that operators of a nationwide computer repair scam have been banned from the tech support business as part of settlements with the FTC and Ohio.

Includes some commentary from me.

David Harley

Posted by: David Harley | January 9, 2018

Hoaxbusters bowed out – and here’s a phone scams page

This is actually very old news (i.e. just over a year old), but I don’t have as much involvement as I used to with hoaxwatching, so I hadn’t noticed that Hoaxbusters had announced its official retirement.

The retirement was actually pointed out to me by Joseph Keller – thanks for that! – with reference to a post from 2017 that cited a HoaxBusters article that’s no longer available. I’ve addressed that and a couple of other broken links, but obviously I’ve blogged too much over the years to go back over everything checking for broken links. (I have been checking articles on the ESET blog for a while, but only when time allows, so there’s a lot left to do there.

However, Joseph did point out the phone scams page at, which readers of this page might find of some interest.

David Harley

Posted by: David Harley | December 14, 2017

Death threats, 419s and ransom’ware’

Mark Stockley for Sophos: Ransom email scam from ‘hitman’ demands: pay up or die

In fact, this isn’t ransomware so much as a new twist on a 419. More info in my article for AVIEN: The Smiling Assassin (shaken not stirred)

David Harley

Posted by: David Harley | December 12, 2017

Tech Support Scams: using Spotify to boost SEO

[Previous posted to the AVIEN blog.]

Lawrence Abrams for Bleeping Computer: Tech Support Scammers Invade Spotify Forums to Rank in Search Engines

Extract: “Over the past few months, Tech Support scammers have been using the Spotify forums to inject their phone numbers into the first page of the Google & Bing search results. They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google.”

David Harley

« Newer Posts - Older Posts »