Posted by: David Harley | December 12, 2014

Recognizing Facebook hoaxes

Rob Waugh’s article for ESET, Facebook hoax – how to tell instantly if a story is fake sounds as if it’s promising more than it can deliver. However, as a summary of some common types of hoax and scam, it’s worth a look. The sort of brief summary that Facecrooks often does well.

David Harley

Posted by: David Harley | December 10, 2014

A hoax is not just for Xmas

Yesterday, I put up a new post on ESET’s WeLiveSecurity site, about Trust, Truth and Hoaxes in Social Media. The main point of the article was to address common misconceptions about Facebook’s right to control content that its subscribers post, with reference to a widely distributed but legally unhelpful disclaimer that people are posting to their wall in the hope of retaining control.

A couple of other issues are also addressed there: a widely distributed hoax message claiming that Facebook is trying to stop a nativity picture being posted (not the case), misleading photographs incorrectly labelled to persuade FB users in the UK that their MPs are only interested in debating their expenses and salaries, and a more-or-less-true but outdated warning about a premium rate scam that was current several years ago.

However, another story caught my eye today, one that claims that Loggers Accidentally Cut Down World’s Oldest Tree in Amazon Forest. Well, I don’t for a moment say that deforestation (legal or otherwise) isn’t a critical issue in the Amazon (and elsewhere), or that riding roughshod over the culture and beliefs of native communities never happens. But in this instance, the story comes from World News Daily Report, whose reputation for the accuracy of its reporting is non-existent. As, apart from Hoax-Slayer’s brutal analysis, you might also gather from the tone of its About Us page and various highly probable stories also to be found on the site such as Mexican Drug Smugglers Eaten Alive By Giant Squids After Boat Sinks Near Coast Of California  and Plastic Surgeon Gives Free Nose Jobs to Homeless for Christmas. 

I’m sure there must be a use for this sort of thing, but I can’t quite think what it might be. I guess I don’t have a future as a satirist. There again, given the behaviour of some MPs, maybe there isn’t a difference between satire and real life anymore.

David Harley
Small Blue-Green World

Posted by: David Harley | October 26, 2014

This is how to do tech support

I actually saw this a few months back, but didn’t do anything with it until Kurt Wismer reminded me of it. It’s a G+ post by Chris Blasko on how he used his ‘powers’ as a sysadmin to disrupt a telemarketer. I don’t advocate vigilante action as such against nuisance callers, for a number of reasons, but I have to admit that this was a highly amusing example of social engineering. As Kurt remarks, it would have been even funnier used against a support scammer.

David Harley
Small Blue-Green World 

Posted by: David Harley | September 22, 2014

Getting into a scrape

I was amused to note that a couple of ‘readers’ of my Mac Virus blog (i.e. comment spammers) were apparently so impressed by its ‘interesting content’ that they suggested that since ‘probably you spend a lot of time writing’ (well, they got that right), they could save me a lot of time writing by steering me towards ‘an online tool that creates high quality, SEO friendly posts in minutes’.

If only it was that easy. Unfortunately (from a research point of view at any rate), the link had already disappeared when I tried to take a look at it, so I’m not absolutely sure what was actually on offer. Somehow, though, I think those discriminating people who read my finely crafted prose – not to mention those who actually pay me to write (some of my) blog articles (though Mac Virus is not in any way sponsored) – would be less than impressed if I started passing off some form of content scraping as my own work. Assuming that’s what’s on offer.

I hate to think of how much of such reconstituted material is cluttering up the web. I do know that from time to time I see my own material sitting on web sites I’ve never heard of. Which is annoying.

David Harley
Small Blue-Green World

Posted by: David Harley | September 22, 2014

Support scam discussion at Virus Bulletin

Support scam paper at Virus Bulletin 2014 is an article on the AVIEN blog noting that Malwarebytes’ Jérôme Segura is presenting a paper at the 2014 Virus Bulletin conference this week on recent developments in support scams, as previewed in a Virus Bulletin blog article by Martijn Grooten.

David Harley

Posted by: David Harley | September 17, 2014

Swotting up on SWATting

Well, this is embarrassing.

Yesterday, a blog article of mine appeared at on The economics of benevolence: mean memes’ bemoaning the fact that ‘members of the security community, an industry which is so sensitive (with some justification) to statistical legerdemain and to being misrepresented in the media (social or otherwise), being so insensitive as to spread unverified, misleading commentary when it relates to contexts outside their own fields of expertise.’ Elsewhere, with reference (pun intended) to an article on the anal preoccupation in academia with correctly cited references, I remarked:

I’m ambivalent about this. I don’t enjoy doing the sort of paper where I have to spend more time getting the references into exactly the right format – in fact, the older I get, the less I’m inclined to submit for academic conferences, for more than one reason – but there is so much misinformation and misattribution on the internet, I can’t say that rigour isn’t called for.

And then I saw an article shared on Facebook by one of my colleagues in the security industry about a gamer imprisoned for SWATting. Not swatting as in swatting flies or wasps like ‘wanton gods’ (King Lear, Act IV, Scene 1), but swatting as in tricking an emergency service into responding to a fake emergency. Unfortunately, my BS antennae were evidently taking the day off – I thought, “that’s interesting…” and shared it myself, before it was pointed out to me (thank you, Zusana) that it was a repost/retread (one among many) of a known hoax article – sorry, apparently it’s satire, not a hoax – from the National Report. In fact, the photograph seems to be of Dylan Schumaker, who is reported as having been sentenced to 25 years for killing his girlfriend’s toddler.

I’m sure there’s a good reason for the explosion in fake news stories on the 21st century internet, even if I haven’t quite worked out what it is. Nor do I know when the term satire became a synonym for hoax. But I do know that it’s getting (even) harder to distinguish fact from factoid from fiction, and even those of us who’ve been scam/spam/hoaxwatching for decades can get sucked in sometimes.

In my defence, swatting is a long-established issue and no joke at all. And yes, there are frequent reports of the online gaming fraternity (brotherly love, huh?) perpetrating it. There are instances of more hard-core criminals doing the same thing, though. Security blogger Brian Krebs has himself been victimized and has written several articles about the phenomenon since.

David Harley

Posted by: David Harley | August 14, 2014

New tech-support-related blog

“Chris Larson, for Blue Coat, reports finding a site with a fake anti-virus scan masquerading as Microsoft Security Essentials. However, instead of being prompted as with old-time fake AV to download fake AV, he was prompted to connect with a ‘live’ support specialist via LiveChat.”

Read more in Malvertising leading to fake support, posted to the AVIEN blog. Two links also added to the PC ‘TECH SUPPORT’ COLD-CALL SCAM RESOURCES page.

David Harley
Small Blue-Green World

Posted by: David Harley | August 3, 2014

Automated phishing scams to cell phones

For Betanews, Joe Wilcox reports that he received on successive days automated scam calls purporting to have come from Barclays and AT&T: Don’t fall for phone phishing scams.

The ‘Barclays’ call claimed that there had been suspicious purchases on the Wilcoxes’ account (which they doesn’t have), and wanted his card number in order to proceed. It’s not unknown for a bank to call a customer to verify a purchase, but you should expect the bank to authenticate itself to you before it starts asking for personal data.

‘AT&T’ claimed that the Wilcox account (which they also don’t have) had been breached and demanded the last four digits of Mrs Wilcox’s social security number. (I discussed the misuse of SSNs as an authentication measure at some length, in a paper for ESET: Social Security Numbers: Identification is Not Authentication.

Hat tip to ESET’s Aryeh Goretsky for flagging the article.

David Harley
Small Blue-Green World

Posted by: David Harley | July 3, 2014

Windows Support Service Scam Center

Another article for Graham Cluley’s blog about a site used to direct support scam victims to remote access software: Support scammers – at your service! (There is an ESET connection: I was alerted to the existence of the site by someone commenting on one of my ESET blogs on the topic.)

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Posted by: David Harley | June 24, 2014

Psychological Testing and Psychobabble Hoaxing

This is a version of an internet meme I’ve only come across recently, though an article on Snopes about a very similar message notes that it’s been around since 2002.

This is a genuine psychological test:

It is a story about a girl. While at the funeral of her own mother, she met this guy whom she did not know. She thought this guy was amazing, so much her dream guy she believed him to be just that, she fell in love with him there and then but never asked for his number and then… A few days later the girl killed her own sister.

Question: What is her motive in killing her sister?

Think about this before you scroll down for the answer.

Since this isn’t a genuine psychological test and doesn’t prove what it claims to prove I don’t mind in the least if you scroll down to find out what the answer is. On the other hand, you might find it amusing as an exercise. So the only purpose and relevance of this photograph of the Wordsworth family graves in Grasmere, in the English Lake District, is as a distractor, to give you a moment to think about whether you want to have a guess or just cut to the chase.

(Please, no Hitchcock jokes about shower curtains.)


OK. Ready for the answer?

Answer: She was hoping that the guy would appear at the funeral again.

If you answered this correctly, you think like a psychopath.

This was a test by a famous American psychologist used to test if one has the same mentality as a killer. Many arrested serial killers took part in this test and answered it correctly. If you didn’t answer correctly – good for you. If your friends hit the jackpot, may I suggest that you keep your distance. (If you got the answer correct, please let me know so that I can take you off my distribution list.)

You know what I’m going to say about this, don’t you?

The last line is amusing in a sour sort of way, but this is a hoax. (Or maybe a semi-hoax: a meme that isn’t true but may not have ben intended to mislead, but has become more misleading as it has passed from person to person.) It might have some validity as a test of lateral thinking, but if a psychologist – or, come to that, a psychiatrist – had really proposed that you could use a single question as a test of psychopathy, he’d need to be sent back to shrink school.

The fact that there’s no attempt to attribute it by name is a fair indication of an attempt to deceive, though it’s very common for real people or organizations to be cited in a hoax as a source, on the all-too-justified assumption that many people won’t take the time to check.

There isn’t even universal agreement on whether psychopathy is a discrete psychological category or just a definition of someone who scores higher than the general population in certain antisocial traits and behaviours, let alone on the exact definition of a psychopath.

So no-one who answers the question correctly should start worrying about being an undiagnosed psychopath. Though you might argue that someone who would worry about that would probably not score highly on generally-acknowledged psychopathic traits like disinhibition and lack of empathy.

Being able to think like a psychopath isn’t something to fret about (though it’s not necessarily something to boast about): I’d worry more about thinking like a scriptwriter.

On the other hand, if you feel the need to forward this thing for the joke value of its rather weak punchline, at least make it clear that it is a joke. I’m not sure that everyone is going to get it. And some people who do get it are going to find it less than amusing.

In a Facebook-disseminated variant I saw, the punchline was something like “if you got it right, let me know so that I can unfriend you…” It’s amazing how well email hoaxes have translated to social networking.

By the way, Barbara Mikkelson, at Snopes, does a pretty good job of explaining just why this is such a ‘silly canard’, even if she does give the impression that psychopathy and sociopathy are exactly the same thing. This isn’t altogether true, even though these conditions may present similarly, clinically speaking. But that’s a discussion probably best left to someone with more (and more recent) experience of the mental health system.

David Harley
Small Blue-Green World

« Newer Posts - Older Posts »



Get every new post delivered to your Inbox.