SMS Photo Scam

Below is an SMS scam. It’s personalised, which means the person running the scam has a list of names and phone numbers. The idea is that you’re being tricked into clicking the link, which takes you to a website. In some cases the website is a fake store telling you you have $500 credit. It then asks you to download an app. You should never install apps on your phone from random scammers.

If you see this SMS delete it. It’s a scam.

The sender’s phone number is most probably fake, which isn’t hard to do with SMS messages. The link shown at the end will probably be different each time. The country code shown in this SMS (+855) is from Cambodia.

smsscam1

The message says:

Chris, you received (1) new photo message: http://sn.im/<characters removed>

The sender’s phone number here is:

+855 1207355146

 

Domino’s Pizza France and Belgium

The websites of Domino’s Pizza in France and Belgium were apparently hacked last week. Hackers stole customer information including full names, delivery addresses, phone numbers, email addresses and passwords. In total the hackers claim to have 592,000 accounts and are threatening to publish all the details on the internet.

If you’ve ever ordered pizza from Domino’s in France or Belgium, now’s a good time to think about your password. If you use the same password on other websites then it’s time to change them. E.g. if your Facebook password is the same as your Domino’s password, then your login details will soon be public knowledge, anyone will be able to look it up and log into Facebook as you – and if you can’t see a problem with that, keep in mind that some fraudsters would like to pose as you and ask your friends for money.

This is a good time to say that you should not use the same password for different sites. You should have a unique password for every site. And you should use a password manager to keep track of them all (because no one can remember so many passwords).

Ebay Accounts Stolen

Ebay was hacked and a database with 146 million accounts was stolen. If you have an eBay account change your password now, even if you rarely use it.

The incident actually happened 2 weeks ago but eBay kept quiet about it while they investigated. They’ve now announced that confidential account data was stolen including passwords and addresses. The passwords are hashed, meaning it’ll take hackers some time to decode them. In the meantime you need to change your password.

Password tips:

  • Don’t use the same password you use on other sites. If hackers steal a password (like they did with eBay) then they can try using the same password on other sites like your email or Facebook, the chances of getting it right are pretty good.
  • Use a password manager such as LastPass or KeePass
  • Don’t use a common password such as Password1

AV-Test Results

AV-Test is an organisation that interdependently tests antivirus software. Some of this year’s results are shown below, you can go through all of the results on their website. The list is large and worth looking through.

Here are the top antivirus programs according to their tests – for Windows 8.1. I’ve only copied the ones that received a top score in detecting malware (protection level). They also measured things like performance and usability but I won’t focus on that.

In alphabetical order:

  • Avira: Internet Security 2014
  • Bitdefender: Internet Security 2014
  • F-Secure: Internet Security 2014
  • G Data: InternetSecurity 2014
  • Kaspersky: Internet Security 2014
  • MicroWorld: eScan Internet Security Suite 14.0
  • Panda Security: Cloud Antivirus FREE 2.3
  • Symantec: Norton Internet Security 2014
  • Trend Micro: Titanium Maximum Security 2014

 

Notice to appear in court

The following email is part of a scam, it includes an attachment that most likely contains a virus, you should not open. Delete the email if you see it.

Notice to Appear in Court,

This is to advise that you are required to attend
the court of Los Angeles in January 8, 2014 for the hearing of your case.

Please, kindly prepare and bring the documents related to this case to Court on the date mentioned above.
Attendance is compulsory.

The copy of the court notice is attached to this letter, please, download and read it thoroughly.

WILKINS ALSTON
Clerk to the Court.

Snapchat Hacked

Snapchat is a popular photo messaging application mostly used by teenagers. Yesterday hackers stole information from Snapchat and published it as a database for anyone to see.

The hacked data includes usernames, real names and phone numbers of 4.6 million accounts (this is not all of Snapchat’s users). The hackers “censored” the phone numbers by removing the last 2 digits, but it’s possible they’ll publish it again with the complete number.

What does this mean? If you have ever used Snapchat then your personal information may have been leaked and made public. There’s nothing else you can do, the blame lies with Snapchat for not securing their system.

It also means you might receive personalised spam or fraud in the future. If a scammer knows your real name and the real names of your friends then committing fraud becomes much easier.

More information here.

Fake Apple Billing Update

The following email is not from Apple. It’s part of a scam. If you get this, delete it. Do not click on the links.

Subject: Warning !-Apple-Update-Billing-Account

Dear Apple Customer (),

This is an automatic message sent by our security system to inform you know that you have to confirm your account information in 48 hours.
Your iTunes – Account & Billing is prone to be frozen because we are unable to validate your account information. If you do not confirm your account your applications will be deleted from your App Store.
This process does not take more than 3 minutes. To proceed to confirm your account details please click on the link below and follow the instructions.

Verify Now >

Wondering why you got this email?
It’s sent when someone adds or changes a contact email address for an Apple ID account. If you didn’t do this, don’t worry. Your email address cannot be used as a contact address for an Apple ID without your verification.

For more information, see our frequently asked questions.

Thanks,
Apple Customer Support

How can you tell if it’s real or not? Easy. In your email program (e.g. Gmail), place the mouse over the “Verify Now” link. Don’t click, just hover the mouse over it. Somewhere on your screen, usually at the bottom, you’ll see a link. In this email, the link in this fake email starts with tilassa. This is not Apple. If were genuine, Apple’s domain is apple.com, not tilassa. So it’s fake.

Other clues that it’s fake:

  • The email sounds urgent. Most scams use this tactic, it’s a psychological trait we have that we don’t scrutinize urgent matters well.
  • There are mistakes. This one’s pretty good compared to the usual scam, but it says to confirm your account in 48 hours. It should say within 48 hours (there’s a small technical difference).

Vodafone Iceland Hacked

Vodafone Iceland’s servers were hacked on 30 November 2013. Hackers managed to steal confidential account information including customer names, email addresses, social security numbers, and SMS messages.

If you’re a Vodafone Iceland customer it’s a good idea to change your password. And if you’ve sent any confidential information via SMS (such as credit card details, passwords, etc) you should look into that as well.

This is a good time to remind everyone that SMS messages are not very private. Most phone companies keep all SMSs, usually for law enforcement reasons.

Skype Privacy

In the distant past, Skype messages were encrypted and were considered secure and private. But lately there’s been growing evidence that they are no longer private. It seems that Microsoft (the new owners of Skype) have been monitoring messages.

Ars Technica did an experiment by sending a unique link. They monitored their server logs and found that someone (or some system) at Microsoft accessed the link. In less technical terms, this is proof that that Microsoft have full access to your Skype messages. Details of the experiment are here.

Also, another company called H-Online recently did a similar experiment and came to the same conclusion.

This isn’t a risk for most people, it’s just something to be mindful of. Especially if your work requires privacy.