ATM Card Skimmers

card skimmer ATM card skimmers are still very common. There’s a new web page showing the latest ones found (click here). It’s a very good quality card skimmer,  most people wouldn’t be able to tell it’s actually stealing card details. In the photo on the right can you tell which one is the real card reader and which is the skimmer?

Inside the card skimmer it has:

Some other card skimming devices also have a mobile (cell) phone built in, to transmit details to the criminal. This one doesn’t.

So the next time you use an ATM have a good look at the card reader. These things are out there, people get caught out every day.

22 January 2010 | Filed Under Fraud | Leave a Comment 

Common Passwords

Security companies sometimes get to analyse real people’s passwords and create interesting reports. Imperva has just done that, analysing 32 million passwords used on the Rockyou.com site (which was recently hacked).

Below is a summary of their findings. Why is this important to you? Because it means that statistically, you probably have a weak password that can be guessed.

The ten most common passwords were:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

If you use any of these as your password then change it now, it’s too easy to guess, especially now that everyone can see this list.

For tips on how to choose a good password read our previous article. And here are some tips on testing how good your password is.

Imperva’s complete report is here. It’s full of interesting technical details on what they found and what the risks are.

22 January 2010 | Filed Under General, Security, Statistics | Leave a Comment 

Fake ATO Emails

More fake ATO emails are being sent in Australia. If you receive an email about your “taxe refund” keep in mind that it’s a scam. The real ATO would never misspell tax.

Clicking on the link in the email takes the reader to an exact copy of the real ATO website. The address is clearly wrong,

If you’re in Australia please let others know of this scam.

21 January 2010 | Filed Under Phishing, Scams | Leave a Comment 

TwitterBuilding

Twitterbuilding (dot com) is a web site that promises a few Twitter features. It’s a fake site. It steals people’s Twitter account details. Do not use the Twitterbuilding site.

twitterbuilding.com - fake site

21 January 2010 | Filed Under Identity Theft, Phishing | Leave a Comment 

IE6

Internet Explorer 6 is still used in many large organisations. It’s because large organisations invest heavily in technology then expect to keep using it for many years to increase their returns on investment. Usually their internal programs won’t work on newer browsers, and it’s a major task to upgrade them.

But Internet Explorer 6 (IE6) is quite old and very vulnerable to being hacked. It’s so vulnerable that it’s the main (technical) cause of the recent hack attack by China against Google (read here). In short, it seems that the Chinese government (or agents working on their behalf) hacked certain people’s Google accounts. They were able to do this because these people weren’t using the latest version of Internet Explorer.

So any organisation that refuses to upgrade to the latest version of Internet Explorer is also at risk.

Microsoft have made an official statement that IE6 is vulnerable and they want everyone to upgrade to the latest version.

Update: The Australian Government has also asked people to stop using IE6.

Update 2: Microsoft has made a patch available to all IE6 users to fix the problem. Download it from here.

19 January 2010 | Filed Under Security, Software | Leave a Comment 

BlackBerry Hoax Message

fire The following message gets sent to BlackBerries. The idea is that people believe what’s written there and forward it to all their contacts. Then each one of those people repeats the same process.

It’s a hoax. No damage can be done by the message, whether you forward it or not. And of course it will annoy people if you do forward it. It’s also very unprofessional to forward things like this to work contacts.

The message reads:

Do not accept this contact : 21536 (mireya diaz) she’s a hacker!!!! She will format ur blackberry and all ur contacts also.

Att: if one of ur contacts accept her u will get hacked also!!! Send this to all ur contacts

And don’t take the mentality that you should forward it “just in case”, or that it’s “better to be safe than sorry”. This is the wrong attitude. Make a stand and accept that it’s a hoax, and let others know.

There’s also something called a “barcode photo” that people talk about on BlackBerry forums. I don’t use a BlackBerry so I don’t know what this is, but apparently you shouldn’t share this barcode with people you don’t trust. It lets strangers add your BlackBerry to their contacts and send you hoaxes etc. You should stay in control of your privacy and choose who to share details with.

15 January 2010 | Filed Under Privacy, hoax | Leave a Comment 

Fake Haiti Donation Email

There’s a fake email being circulated in the UK asking for donations to help with the recent earthquake in Haiti. The email claims to be from the Red Cross but it’s really just a scam.

This is what the email looks like:

The British Red Cross Society
British Red Cross
UK Office
44 Moorfields
London EC2Y 9AL

MAKE YOUR DONATIONS NOW
=====================

Dear reader,

A devastating earthquake measuring 7.3 on the Richter scale struck Haiti on 12 January 2010 sending the Haitian Capital Port-Au-Prince into chaos, killing hundreds and affecting thousands more. Please give what you can today to help thousands of people there in desperate need of humanitarian assistance.

Relief aid workers from the Red Cross have already been arriving at the Haitian capital with relief materials.

Donations have been grouped into two cartegories:

1: Group A (£250 British Pounds to £1,000 British Pounds
2: Group B (£1,000 British Pounds and above)

Donations are to be made payable immediately via WESTERN UNION MONEY TRANSFER immediately and directly to our donations accounts liason officer as RECEIVER’S name:

DONATIONS ACCOUNT LIASON OFFICER:
LOCATION: 44 Moorfields, London EC2Y 9AL

Please provide us via return email the following informations below as they appear on the Western Union Money Transfer slip;

1. Name and Address of Sender
2. Exact Amount Sent ***
3. MTCN ***

NOTE: At British Red Cross we are committed to protecting your privacy as a STANDARD practice. We will not share your information unless you have previously indicated that you are happy for us to do so.

Hope to receive your donations soon as thousands need your help.

Please send return email with donations details to

Yours Sincerely,

For and on behalf of The British Red Cross Society

first_ aid kit The email has a few spelling and grammatical errors. They unnecessarily capitalise a few words. Both of these things are unprofessional and would not be done by a serious organisation. Also, they want money sent to Western Union! Any legitimate organisation would have a professional method of accepting money. All these things should make you suspicious of the email.

If you see this email remember that it’s a scam. And there’s no doubt that there’ll be dozens more emails with similar Haiti scams. If you want to donate to help with humanitarian efforts then find an official (and recognised) charity organisation and donate to them. Don’t click on links in emails that you receive.

Also be aware that scammers will use every event that makes the news as an excuse to send these type of emails. When celebrities die they send out similar emails, asking for money or asking you to click on a link (that goes to a malicious site). They never stop sending out these emails.

15 January 2010 | Filed Under Fraud, Scams | Leave a Comment 

Fake banking App For Android

Android is a system used by some smartphones (similar to iPhone or Windows Mobile, but made by Google). Like other smartphones you can install apps on Android.

One Android app that showed up recently is a free banking app. It looks like it supports US banks. But instead of logging into your bank it sends your online banking details to a scammer. Then it won’t be long until someone steals money from your bank account.

Google has been notified of this malicious app and they have removed it. But for some people it may be too late.

There’s a lesson to be learnt here. Smartphones are cool, installing apps on them is cool. But we shouldn’t let our guard down and trust everything to them. Know what you’re installing, know who wrote the software, and how it stores and sends your login details.

As more people buy smartphone scams are only going to become more common.

13 January 2010 | Filed Under Fraud, Phishing, Scams | Leave a Comment 

Another Adwords Scam

I just received the following email. It’s a scam made to look like Google Adwords, however the web site was registered just a few hours ago to somebody else.

If you go to this site and enter your Google account details you’re actually letting a stranger (hacker) know your account details. It’s a scam.

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:388520237785520
———————————————

Hello,

You have a new text alert from adwords

Please use the link below to login:

http://www.adwlordls.com/Selects/Login/static/index.html?ref=56105007342

Advertise your business on Google

Best regards, Google AdWords Customer Team © 2009

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:847914946168909
———————————————

So if you see this email or one like it, delete it. Google did not send this email.

6 January 2010 | Filed Under Phishing, Scams | 2 Comments