TwitterBuilding

Posted by on 21 January, 2010 No comments

Twitterbuilding (dot com) is a web site that promises a few Twitter features. It’s a fake site. It steals people’s Twitter account details. Do not use the Twitterbuilding site.

twitterbuilding.com - fake site

IE6

Posted by on 19 January, 2010 No comments

Internet Explorer 6 is still used in many large organisations. It’s because large organisations invest heavily in technology then expect to keep using it for many years to increase their returns on investment. Usually their internal programs won’t work on newer browsers, and it’s a major task to upgrade them.

But Internet Explorer 6 (IE6) is quite old and very vulnerable to being hacked. It’s so vulnerable that it’s the main (technical) cause of the recent hack attack by China against Google (read here). In short, it seems that the Chinese government (or agents working on their behalf) hacked certain people’s Google accounts. They were able to do this because these people weren’t using the latest version of Internet Explorer.

So any organisation that refuses to upgrade to the latest version of Internet Explorer is also at risk.

Microsoft have made an official statement that IE6 is vulnerable and they want everyone to upgrade to the latest version.

Update: The Australian Government has also asked people to stop using IE6.

Update 2: Microsoft has made a patch available to all IE6 users to fix the problem. Download it from here.

BlackBerry Hoax Message

Posted by on 15 January, 2010 No comments

fire The following message gets sent to BlackBerries. The idea is that people believe what’s written there and forward it to all their contacts. Then each one of those people repeats the same process.

It’s a hoax. No damage can be done by the message, whether you forward it or not. And of course it will annoy people if you do forward it. It’s also very unprofessional to forward things like this to work contacts.

The message reads:

Do not accept this contact : 21536 (mireya diaz) she’s a hacker!!!! She will format ur blackberry and all ur contacts also.

Att: if one of ur contacts accept her u will get hacked also!!! Send this to all ur contacts

And don’t take the mentality that you should forward it “just in case”, or that it’s “better to be safe than sorry”. This is the wrong attitude. Make a stand and accept that it’s a hoax, and let others know.

There’s also something called a “barcode photo” that people talk about on BlackBerry forums. I don’t use a BlackBerry so I don’t know what this is, but apparently you shouldn’t share this barcode with people you don’t trust. It lets strangers add your BlackBerry to their contacts and send you hoaxes etc. You should stay in control of your privacy and choose who to share details with.

Fake Haiti Donation Email

Posted by on 15 January, 2010 No comments

There’s a fake email being circulated in the UK asking for donations to help with the recent earthquake in Haiti. The email claims to be from the Red Cross but it’s really just a scam.

This is what the email looks like:

The British Red Cross Society
British Red Cross
UK Office
44 Moorfields
London EC2Y 9AL

MAKE YOUR DONATIONS NOW
=====================

Dear reader,

A devastating earthquake measuring 7.3 on the Richter scale struck Haiti on 12 January 2010 sending the Haitian Capital Port-Au-Prince into chaos, killing hundreds and affecting thousands more. Please give what you can today to help thousands of people there in desperate need of humanitarian assistance.

Relief aid workers from the Red Cross have already been arriving at the Haitian capital with relief materials.

Donations have been grouped into two cartegories:

1: Group A (£250 British Pounds to £1,000 British Pounds
2: Group B (£1,000 British Pounds and above)

Donations are to be made payable immediately via WESTERN UNION MONEY TRANSFER immediately and directly to our donations accounts liason officer as RECEIVER’S name:

DONATIONS ACCOUNT LIASON OFFICER:
LOCATION: 44 Moorfields, London EC2Y 9AL

Please provide us via return email the following informations below as they appear on the Western Union Money Transfer slip;

1. Name and Address of Sender
2. Exact Amount Sent ***
3. MTCN ***

NOTE: At British Red Cross we are committed to protecting your privacy as a STANDARD practice. We will not share your information unless you have previously indicated that you are happy for us to do so.

Hope to receive your donations soon as thousands need your help.

Please send return email with donations details to

Yours Sincerely,

For and on behalf of The British Red Cross Society

first_ aid kit The email has a few spelling and grammatical errors. They unnecessarily capitalise a few words. Both of these things are unprofessional and would not be done by a serious organisation. Also, they want money sent to Western Union! Any legitimate organisation would have a professional method of accepting money. All these things should make you suspicious of the email.

If you see this email remember that it’s a scam. And there’s no doubt that there’ll be dozens more emails with similar Haiti scams. If you want to donate to help with humanitarian efforts then find an official (and recognised) charity organisation and donate to them. Don’t click on links in emails that you receive.

Also be aware that scammers will use every event that makes the news as an excuse to send these type of emails. When celebrities die they send out similar emails, asking for money or asking you to click on a link (that goes to a malicious site). They never stop sending out these emails.

Fake banking App For Android

Posted by on 13 January, 2010 No comments

Android is a system used by some smartphones (similar to iPhone or Windows Mobile, but made by Google). Like other smartphones you can install apps on Android.

One Android app that showed up recently is a free banking app. It looks like it supports US banks. But instead of logging into your bank it sends your online banking details to a scammer. Then it won’t be long until someone steals money from your bank account.

Google has been notified of this malicious app and they have removed it. But for some people it may be too late.

There’s a lesson to be learnt here. Smartphones are cool, installing apps on them is cool. But we shouldn’t let our guard down and trust everything to them. Know what you’re installing, know who wrote the software, and how it stores and sends your login details.

As more people buy smartphone scams are only going to become more common.

Another Adwords Scam

Posted by on 6 January, 2010 2 comments

I just received the following email. It’s a scam made to look like Google Adwords, however the web site was registered just a few hours ago to somebody else.

If you go to this site and enter your Google account details you’re actually letting a stranger (hacker) know your account details. It’s a scam.

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:388520237785520
———————————————

Hello,

You have a new text alert from adwords

Please use the link below to login:

http://www.adwlordls.com/Selects/Login/static/index.html?ref=56105007342

Advertise your business on Google

Best regards, Google AdWords Customer Team © 2009

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:847914946168909
———————————————

So if you see this email or one like it, delete it. Google did not send this email.

Update: another version of this scam is,

This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please our Help Center to find answers to
frequently asked questions.
————————

Hello,

Please update your primary and backup payment information, even if you
plan to use the same information. Please follow the steps
below to update your information and trigger our billing system to try
processing your payment again. We’ll attempt to process your balance on
whichever card you update first.

1. Log in to your AdWords account at <link removed>
2. Enter your new or updated payment information.
3. Click ‘Save Changes’ when you are finished.

To update your backup credit card:
1. Visit the ‘Billing Preferences’ page, as described above.
2. In the Backup Credit Card section, click ‘Edit’.
3. Re-enter your backup credit card details.
4. Click ‘Save’.

To update your bank account:
1. Visit the ‘Billing Preferences’ page, as described above.
2. In the Bank Account section, click ‘Edit’.
3. Re-enter your bank account details.
4. Click ‘Save’.

Thank you for advertising with GoogIe AdWords.
Grow your business with us.

Sincerely,

The GoogIe AdWords Team

If you see this email delete it, don’t click on the link, don’t give them your Google password.

And yet another version:

Dear Valued Customer,

You have a new alert from Google Adwords.

Sign in to your AdWords account at http://adwords.googlxmcn.com/Select/login

Yours Sincerely,
The AdWords Team

Notice the domain name above, googlxmcn.com. This is not google.com, it’s spelt differently, so it’s a scam.

BitLocker Can Be Cracked

Posted by on 5 December, 2009 No comments

Microsoft make an encryption system called BitLocker, it encrypts hard drives so that it’s impossible to access any files without the key. Top level security.

That was true until now. Passware are a company that recently released new tool that cracks this BitLocker security. The way it works is complicated and someone would need physical access to the computer.

So if you rely on Passware for security life is suddenly more complicated. The best you could do is to also concentrate on the physical security of your computers.

More details here and here.

iPhone Viruses

Posted by on 28 November, 2009 No comments

A lot has happened in the past week with iPhones. First let me explain what “jail breaking” means.

iPhones have some security built-in, courtesy of Apple. This security’s main purpose is to let Apple decide what you can and can’t do with the phone. For example, you can buy and install an approved program, you can’t install a hacked program.

Now there are plenty of people in the world who want to use their iPhones in ways not sanctioned by Apple, such as using it on a non approved network or running non approved programs. So these people remove this layer of security. This is known as “jail breaking”.

Now for a summary of what’s happened recently:

First, there was a practical joke called “rickrolling” – some people found their phone’s wallpaper (background image) changed to a photo of the singer Rick Astley. It was a practical joke, harmless.

How were these phones hacked? Someone wrote a program that looks on the internet for vulnerable iPhones and installs this wallpaper, then the program copies itself to that phone and does the same thing to others. (More details here)

It only affected some jail broken phones. People were told that it’s nothing to worry about.

Then a couple of days later someone else took this idea and wrote a malicious version that works the same way. Again, only some jail broken phones are vulnerable. Except this time instead of being a practical joke it steals personal data.

It connects to a server in Lithuania and lets hackers connect to the phone and do what they want (such as stealing passwords and reading SMS’s). This is bad.

How can you protect your iPhone?

  • Firstly, if you don’t jailbreak your phone you have nothing to worry about.
  • If you do jailbreak your phone you need to change a special password that’s built into the phone. The password is usually “alpine” – you can’t see this password unless you know what you’re doing but it’s there and it needs to be changed. There are instructions here on how to do this.

Summary

An iPhone is a “smartphone”, meaning that it basically works like a computer and it has an internet connection just like a computer. And like computers it can be hacked and can get viruses. Apple goes to a lot of trouble to make sure everything works well (it’s in their best interest to deliver a quality product) so people who go about circumventing the device’s security are taking a great risk.

Google Work From Home Scam

Posted by on 11 November, 2009 2 comments

This link was posted on Facebook – it’s a scam. It says that Google is hiring people to work from home, no experience is necessary, and the article goes on and on about how good it is.

Below is an extract from the scam site:

Breaking News: Google Now Hiring People To Work From Home

If you live in America and you have been wanting to work from home, you might be in luck. Google has now released a new "Work From Home Program" that will allow Americans to work for the titan from the comfort of their own homes.
To thousands of Americans this means that they will soon have a safe and bright future working for one of the fastest growing companies in the world.

What you need: A Computer, an Internet Connection and the desire to make a living working from home. No special skills are required other than knowing how to use a computer and navigate the internet.

Google will send out your checks weekly. Or you can start to have them wire directly into your checking account. (Your first checks will be about $750 to $1,500 a week. Then it goes up from there. Depends on how many links you posted online.)

Like most scams, you don’t need any experience, you can work from home, and you can make $1500 a week so easily. It’s all too good to be true!

The fake article is hosted on a site called ValuePromotions.

If someone were gullible enough to sign up they’ll be asked to pay US$2 to get started. But instead of paying $2 they’ll be charged US$80 a month directly from their bank account.

There are so many scams similar to this one. They all feature the same principle – a promise of free or easy money. Always do research on articles like this (use Google) and have a sceptic mind – if it’s too good to be true it’s probably a scam.