Posted by: David Harley | October 24, 2016

Anti-Phishing Working Group phish/malware report

According to the Anti-Phishing Working Group’s report for the second quarter of 2016, phishing attacks (as measured by the number of phish sites) reached an all-time high in that period (61% higher than the previous recorded high in 2015 Q4). It also cites PandaLabs as reporting detection of 18 million ransomware programs over that period, amounting to more than 200,000 per day.

Phishing Activity Trends Report 2nd Quarter 2016

David Harley

Posted by: David Harley | October 19, 2016

Facebook and those ‘legal’ disclaimers

I’ve mentioned those not-very-useful disclaimers that people keep posting to stop Facebook ‘misusing’ their posts a number of times. For instance:

So I won’t press the point again, even though there does some to be another upsurge in such disclaimers, which are based on (a) a misunderstanding of Facebook’s view of its users’ right to their own posts (Facebook’sview is expressed here) and (b) a mistaken belief that such a disclaimer will somehow affect the existing implicit contract between Facebook and its users.

Sorry, I’m going to quote myself:

…your agreement with Facebook is a contract, as is the case with other social media providers: you can’t use a unilateral statement like this to opt out of the contract stipulations you agreed with the company when you joined, as long as they’re conditions that Facebook can legally impose (or modify, if it chooses). You can try to negotiate a non-standard contract with a provider, but a service with hundreds of millions of subscribers isn’t likely to consider one-to-one contract variations, especially when it isn’t charging for the service it provides.

And that remains the case. But I did come across an article you might find interesting in the Washington Post, which tries to explain Why that ‘Facebook copyright’ hoax will never, ever die.

David Harley

Posted by: David Harley | October 18, 2016

Fighting Hoaxes with Hoaxes?

NewsThump apparently attempts to reduce the number of Facebook hoaxes by generating a hoax of its own. Where would the internet be without satire?

Mark Zuckerberg to give everyone $1000 to stop sharing stupid Facebook hoaxes

I thought of sharing this article on Facebook, but was torn between not wanting to mislead people who lack the hoax/satire recognition gene, and not wanting to offend people who would see right through it anyway by explaining that NewsThump isn’t a real news site…

David Harley

Posted by: David Harley | October 18, 2016

Support Scam Victimology

Interesting statistics regarding the relative proportions of tech support scam victims in various parts of the world:

David Harley

Posted by: David Harley | August 8, 2016

Wire-Wire Scam

Another case of ‘the biter bit’: for The Register, Richard Chirgwin describes a “‘Nigerian scammer’ busted after he infected himself with malware – Researchers able to watch wire-fraudsters operate in real time

Apart from the Schadenfreude many of us experience when a scammer shoots himself in the foot, it’s worth reading the article for the summary of how the ‘wire-wire’ scam works. Chirgwin considers this to be a variation on a family of scams described earlier this year by the FBI: FBI Warns of Dramatic Increase in Business E-Mail Scams.

The Register’s article is based on a comprehensive analysis by Joe Stewart and James Bettke for SecureWorks of Wire Wire: A West African Cyber Threat.

The report describes how practitioners of the traditional 419 scam, based on simple social engineering, have moved towards two more technically sophisticated types of this particular scam:

  • Business email compromise (BEC) — Hijacking an email account or an email server to intercept business transactions and redirect payments
  • Business email spoofing (BES) — Sending spoofed email from an external account pretending to be a company executive authorizing an irregular payment transaction

David Harley

Posted by: David Harley | August 8, 2016

Support scams and ransomware

I’ve added two stories to the AVIEN blog and resources pages touching on the link between support scams and ransomware.

In the second one, the link is rather more tenuous: it’s basically about how a support scammer was tricked into running ransomware on his own system.

David Harley

Posted by: David Harley | July 4, 2016

ESET Ireland’s phishing warning

Urban Schrott – for ESET Ireland – warns of phish attacks targeting users of Irish utilities: Irish Water and Electric Ireland customers targeted in latest online scams.

David Harley

Posted by: David Harley | June 7, 2016

Scamming the would-be scammer

Every so often I find myself dealing with a blog comment by someone claiming to offer a blank ATM card that can be used to hack any ATM to get an unlimited supply of free money. And every time I wonder whether I ought to blog about it, but it’s never seemed a high priority. After all, it’s pretty obvious that if such a thing actually existed, it couldn’t possibly be legal, could it? Even the scammers who offer it tend to admit that it’s illegal – one recent example tells me that it’s nevertheless untraceable, since it also stops the CCTV camera from ‘detecting’ you. It also lays golden eggs and predicts the winner of the Grand National. (I made that last bit up, but it doesn’t seem that much more far-fetched.)


So who cares if people who don’t have a problem with robbing banks get caught out by a scammer? Well, maybe some of the potential victims are desperate rather than intrinsically amoral.

It’s worth noting, maybe, that 419 scammers are often frank about the fraudulent nature of the transaction they’re proposing – without making it clear, of course, that it’s their ‘partner’ in crime who will be scammed, not the government or bank – but attempt to justify it by claiming that the money they’re offering would otherwise be misused by the organization from which it’s stolen. The perpetrators of this scam will sometimes make somewhat similar justifications – ‘because the government cannot help us so we have to help our self’ – and it’s often quite hard to feel much sympathy for a government agency or a bank… Of course, the illegality of the transaction does make it difficult for the victim to report it when they realize they’ve been scammed.

It’s sometimes assumed that this kind of scam is a 419 – I don’t know that this is always the case. They’re usually badly written, but not in the same stilted way that characterize so many 419s. Here’s an example of a blogger who found a scammer who certainly seems to be based in Nigeria, though.

So here’s the bad news (though it’s good news for those whose hard-earned cash helps to keep the banks afloat). There ain’t no such card. If you have a few hundred bucks to spend on something so improbable, there’s a scammer someone who’ll gladly relieve you of it and no doubt will feel quite justified in doing so.

David Harley



Posted by: David Harley | April 12, 2016

Symantec threat report

Extract from a blog article for AVIEN: UK threat prevalence – Symantec

John Leyden for The Register has summarized Symantec’s latest Internet Security Threat Report, and focuses on UK-specific figures for threat prevalence: Spear phishers target gullible Brits more than anyone else – survey; Ransomware, 0days, malware, scams… all are up, says Symantec.

Longer extract added to the tech support scam and ransomware resources pages, but there are a few thoughts in the longer article that didn’t really fit either of those pages.

I haven’t checked out the report directly as it requires registration, and I’m fussy about giving my details away where marketing information is mandatory.

David Harley

Posted by: David Harley | March 24, 2016

Tech Support Scammer, not your ISP

Jérôme Segura has blogged for Malwarebytes about a somewhat innovative tech support scam campaign: Scammers Impersonate ISPs in New Tech Support Campaign.

The scam is pushed by malvertising which

‘detects which Internet Service Provider (ISP) you are using (based on your IP address) and displays a legitimate looking page that urges you to call for immediate assistance.’

Added to the tech support scam resource page at AVIEN.

David Harley

« Newer Posts - Older Posts »