Free Xbox Points hoax

There have been messages appearing on Facebook saying that Microsoft is giving away 4000 Xbox points. It’s fake (a hoax). Firstly, they’re not really called “Xbox Points”, the correct term is “Microsoft Points”, so this is an obvious scam. Secondly, Microsoft has had to step in and make it clear that it’s a hoax (link here)

Below is a screenshot of the hoax,

points

As always, be wary of any free offers. And very ware of things you read on Facebook, a lot of it is false. Always copy and paste things into Google and do a search, you’ll quickly be able to tell if something is true or a hoax.

 

Nokia Xpress Browser

Some older Nokia phones, those running Series 40, use a web browser called Xpress Browser. This browser was previously known as Nokia Browser. It’s just been discovered that Nokia decrypts all HTTPS traffic and passes it through their proxy servers. They do this to increase data performance, and they “promise” they don’t store any data.

But it’s still a little disturbing that they do this. HTTPS web traffic is commonly assumed to be encrypted and safe. And it’s probably OK to trust Nokia since they made the phone and its browser anyway. But the fact that they kept how it works a secret is a little unsettling.

Detailed information can be found here and here.

Any if you’re confused by all of the above, it just means that on some older Nokia phones, all web pages go through Nokia’s servers, even “secure” pages. In theory they could one day read or store these pages and you wouldn’t know. If you’re not comfortable with this change phones.

German Privacy

It’s been revealed that the German ministry for home affairs (and thus the German police) are monitoring Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat if deemed necessary.

Skype used to be secure, encrypting data before being sent across a P2P network. Now we see that some authorities have a way to eavesdrop.

So just keep in mind that if you value privacy you shouldn’t be using the networks shown above. It’s also a good time to remind you that SMSs are often recorded for the same reasons.

More details here.

Apple $100 Reward Scam

Some people have received an email that looks like it came from Apple. The email promises a $100 reward card. All you have to do is give the scammers your name, address, date of birth, driver’s license, mother’s maiden name and your credit card details, then pay them $9.

It’s a scam. It’s easy for scammers to fake an email, complete with Apple’s logo and their email address. If you hand over any details your credit card will highly likely be sold off and used for fraudulent transactions. And that $9 – you’ll never see it again.

The email looks like:

Dear Apple Customer,Apple is rewarding its long-term customers.

Your loyalty for our products made you eligible for buying an Apple Discount Card.

With this only 9 AU$ Discount Card you will have 100 AU$ credit at any Australian Apple Store or on http://www.apple.com/au/ .

To acquire your Apple Discount Card please download and complete the attached form.100 AU$ Credit Bonus

(You will receive your Apple Discount Card via e-mail in the following 24 hours after your payment has been made.)

Once again, this email does not come from Apple – it’s a scam. You should never trust unsolicited emails (or phone calls or door knockers).

How could anyone fall for this?

Sadly, there are people who think “what if it’s true, I don’t want to miss out”. The same scam would work with any high profile company or product. Be wary and let others know.

 

New PCs

It used to be that a new PC was safe and couldn’t have malware. This is no longer true. New PCs, straight from the shop or distributor and just unpacked, can contain malware.

In the past few days an investigation of PC manufacturers in China has found that some PCs came with some nasty malware already installed. Investigators bought 20 computers from different manufacturers and suppliers and found 4 were infected.

The manufacturer isn’t to blame here – the malware was installed by other parties along the supply chain. A supply chain includes delivery companies, companies that rebrand generic devices, distributors and shops. There are many opportunities to infect a computer these days – even before you turn it on.

In this investigation the malware was part of the Nitol botnet, which keeps installing more malware once the computer is connected to the internet. This makes it especially hard to clean. And it does things including turning on the computer’s camera and recording keystrokes (and recording passwords you type in).

So what should you do?

Install a good antivirus package from day one. This generally costs a bit of money but it isn’t much compared to the cost of the PC. Most computers come with a trial version of antivirus software – you can use this or go buy something else.

You should also run Windows Update as soon as you connect the computer to the internet.

There’s more information on the investigation here.

Facebook Apps

As Facebook continues to grow and become a larger part of everyone’s lives, security and privacy concerns have become more important than ever. So a company called Secure.Me has stepped in with a tool to warn you about privacy issues, called App Advisor.

Facebook allows 3rd party “apps” to use your data for various things. Like collecting your friends’ birthdays to remind you of them, or sharing your game updates with everyone. But it’s not always clear what personal information is collected or shared. Secure.Me’s new App Advisor tool tells you, in plain English.

It comes out on Wednesday and installs as a browser plugin. It supports Firefox, Chrome, and Safari. (If you’re still using IE I highly recommend installing Chrome).

How does Secure.Met App Advisor work?

It starts working when you load Facebook on your PC (so it won’t work on your iPhone). It then notices what Facebook Apps you’ve added to your account. This part is great, because most people don’t know what Facebook Apps they’ve added, or won’t remember what they added 2 years ago.

Then it looks up each app in their database, and tells you what they know about the app.

I think it’s brilliant. It gives you independent advice about Facebook apps, when you need it, and without having to really do anything.

When it launches on Wednesday I’ll update this post with more information.

Photographer Scam

A recent scam targets photographers, asking them for money. Here’s a quick summary of how the scam works:

  • The scammer places an ad on Craiglist, looking for a photographer to photograph an event. The ad is appealing, offering an easy job and high pay.
  • A real photographer responds and they engage in a quick negotiation and get things going.
  • The scammer sends the photographer a cheque as pre-payment. The cheque is for more than the agreed value (overpay). The cheque is counterfeit.
  • The photographer banks the cheque.
  • The photographer makes out a new cheque to return the balance and posts the new cheque to the scammer.
  • The bank tells the photographer that the cheque bounced. By then it’s too late.

Below is an example email of this scam:

Hello ,

Thanks for the quick response and I’m sorry if my message came in late , i have been busy with other arrangements and i hope you understand .Its really nice reading from you and im glad to hear that you are available for my wedding .

I want you to know that this is a inside wedding and the order of events will mail to you a week before the wedding day but the order events is likely to be pictures first, then the wedding ceremony , and then the reception but let me discuss this with my lady because is our wedding so our two has to make the decision together . I hope you understand my point of view.

I want you to know that we will be taking formal pictures so i will like you to recommend 45minutes or an hour set aside for taking formal pictures because we have large family from both my side and the bride side and friends /co-workers we will want to take pictures with . So it will be easier if we can take the pictures before the ceremony because it will be more relaxed with fewer time constraints and would like you to set up a great “first look” shot of me looking at my bride for the first time on the wedding day.

the wedding date is ##th of sept 2012

Basically we need your service starting from 12pm to 6pm .

We are expecting 250 guests i.e 200 adults and 50 children .

And also there will be a table place set for you at the reception , so you don’t need to bring your own food but it will be nice if you can just give me an hint of what kind of food you want us to arrange for you i.e if you are vegetarian or eat all kind of foods .

Further more , there will be special important parts/people at the ceremony or reception that i would want you to take a picture of .I will send the list of the important parts/people to you a week before the wedding day and i want you to know that my wedding is a sleek modern wedding .

I need you to get back to me with your charges and i will be paying you upfront , I just called my uncle who will be in charge of your service fees he told me that your payment will be paid to you via certified check so he has asked me to ask for your full name and physical address with zip code that you want the payment to be send to so as for me to secure your service for my wedding party.

I’m currently on working on off shore and im using impaired device ,so therefore i can only send message via internet or send you an sms from my pinger ..

I will send you the venue address once you agree to everything i stated above and also waiting for the details to issue on the check…

Will be expecting to read back from you with the details I have asked for thanks so much and God bless.

Regards,
CENSORED NAME

And here’s a photo of the the actual counterfeit cheque:

Counterfeit cheque used in phtographer scam

What can we learn from this? Maybe not to return any money until the cheque clears. And to be vigilant of similar scams. If you know any event photographers you might want to let them know about the scam. There’s more information here.

Blizzard Battle.net Hacked

Hackers have broken into Blizzard Entertainment’s Battle.net service. They’ve stolen account details including  email addresses, phone numbers, and encrypted passwords. The affected regions are China, North America, Latin America, Australia, New Zealand and Southeast Asia.

User’s passwords are safe at the moment but there’s no way to know how long it could take to crack them. It could be hours or years, it really depends how well they were encrypted.

If you have a Blizzard Battle.net account you should change your password now. And if you’re reused the password on other websites you should change those as well.

Melbourne Myki System

Melbourne (Australia) has a transport ticket system called Myki. If you use it there’s currently a security risk you should be aware of.

If you purchase a ticket using their ticket vending machines and pay by credit card, the machine issues a receipt. The receipt shows the credit card owner’s full name, the card’s expiry date, and more than the last 4 digits of the card. All of these things are considered security risk. Anyone finding the receipt can use the information on it to commit credit card fraud.

If this applies to you, don’t use a credit card to purchase tickets until the issue is resolved. I can’t verify it but apparently you can’t avoid printing a receipt. Hopefully all of these issues will be resolved soon.

And for everyone, it’s worth highlighting that you should always pay attention to credit card receipts. They should never show your name, your card’s expiry date, or more than the last 4 digits of the card. You can’t assume that the payment terminal you use is perfect, as shown above.

And you should be careful how you dispose of credit card receipts. Recently there’s been a lot of publicity over a hacked iCloud account –  the hackers used the owner’s last four digits of his credit card to gain access to various accounts.

If you use Melbourne’s Myki system and pay with a credit card or have ideas on credit card receipts please leave a comment below, I’d like to hear more.