How the Android fanboys laughed at the Apple fanboys, when there was a text message that could crash iPhones.
Well, the Apple crew can get their own back now, as there’s news of a text that can really stuff things up for Android devices. The rest of us, meanwhile, can wonder why people argue about which phone you should have. Seriously. Go for a walk or something.
Anyway, what’s this flaw? Well, seeing as most Android phones automatically download photos, and there’s a scam going around that enables hackers to take control of your phone via photo messages, and there’s 950 million Android users worldwide, we’ve got a problem.
The picture in question allows nasty sorts to get complete control of Android devices, accessing your camera and everything else. Thanks to Android phones automatically downloading photos in texts, you wouldn’t even need to open it to be vulnerable to the malware.
So what are Google doing about it?
They said: “This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users.”
“As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we’ll be releasing it in open source when the details are made public by the researcher at BlackHat.”
There you go then.
The National Trading Standards Scams Team (NTSST) have been cracking down on these ne’er-do-wells for the past three years, and have discovered lists of would-be victims who were being targeted because they’ve previously engaged with marketing mailings.
A lot of these people were vulnerable, so were likely to live alone or be elderly, according to the the NTSST.
These particular scams included fake prize draws and special deals, with the average victim losing out on £1,100, or more. So, keep an eye on nana next time you see her.
Lord Toby Harris, chair of NTSST, said: “To have saved consumers more than £5m in three years is a great achievement and shows the powerful effect the National Trading Standards Scams Team is having. However, we know our work is not done. Criminal scammers are targeting some of the most vulnerable people in society – ripping them off in many cases for thousands of pounds.”
“We are going to continue in our fight to protect consumers and we urge you to help us by reporting suspected cases of postal fraud to the Royal Mail.”
That’s right – the Royal Mail are in on this too. The NTSST have teamed-up with the postal service and have 2,000 staff trained-up, in a bid to spot bogus marketing and other scams. However, such is the volume of these scams, We The People need to help them out as well.
Louise Baxter, who leads the NTSST, added: “We really need the public to help us with this – by being vigilant about mass marketing scams themselves but also looking out for relatives or neighbours, particularly those who are elderly or vulnerable. We often find victims who have lost hundreds of thousands over several years; the impact on individuals and consumers is devastating.”
There’s a limit on how much you can spend via a contactless payment, but the watchdog found that, by buying some cheap contactless card-reading technology, they were able to remotely make off with key details from a contactless card, and then use the info to buy stuff, including a telly that was worth £3,000.
That is considerably more than the £20 limit (increasing to £30 in September).
Which!!! tested 10 cards, and they found that, via software from what they call ‘a mainstream website’, they could read the card number and expiry date from all 10 cards. Don’t worry – the cards came from volunteers.
They were not able to get the CVV security code from the back of the cards, but it turned out that this didn’t matter, as they were able to make purchases without the cardholder’s name or CVV code.
With their dodgy reader, a mere tap saw Which!!! getting enough details to enable a trip to the online shops, and thanks to online transactions not being subject to a limit, some scamster could go crazy with your card.
Peter Eisenegger, a security expert who helped develop EU standards for contactless cards, told Which!!! that it would be possible for crims to get a card reader that could lift your details from further away than the one in this test.
He said: “It’s vital to protect consumers from fraudsters who have the knowhow to develop mobile card readers with much greater reading distances than those used by retailers.”
Well, you might want to tell your boss (and if you are the boss, pull your finger out already) that Microsoft have not only stopped support for the operating system, but they’ll also stop their free anti-virus software. So basically, you will be using a computer that is just asking for trouble and malfunctions.
On Microsoft’s sites, they say that the Malicious Software Removal Tool and updates to Microsoft Security Essentials will stop being a thing after 14th July 2015. Yes. That’s a date that is now gone.
If you don’t know, the Malicious Software Removal Tool checks your computer for infections by prevalent malicious software. Normally, it is updated once a month, but as of yesterday, any threats can now waltz their way inside your XP computer and cause bother.
And you can guarantee that cyber-crooks will be looking to exploit those who are lazy and have thought ‘it’ll be fine’. That’s what they do. They’re good at it too.
Naturally, if you’re running a computer that has XP on it, then it is invariably a bit on the old side. That means it is worth considering buying a new one. You could buy a cheap Windows 8 PC and just wait for the Windows 10 free release, which will be happening very soon. Or, if you’re a Linux nut, you could eye that up.
Failing that, you can just try and style it out and hope for the best, but don’t go crying to anyone when your PC dies with loads of infections.
According to the Information Commissioner’s Office (ICO), there’s been a rise in spam calls and texts, with more than 180,000 complaints made about these nuisances in the last year alone. That’s a 12% rise, compared with the year before.
The watchdog also said that they’d issued five fines relating to all this, totalling £386,000, alongside eight enforcement notices, with another 31 firms being “monitored”.
The said: “Most concerns related to accident claims, green energy deals, payday loans and lifestyle surveys. Live calls generate significantly more concerns than automated calls and spam texts.”
One of the reasons there’s been a spike, is that this year, the law was changed, to make it easier for companies to be fined for breaching rules regarding nuisance calls and texts. The ICO have also been doing a load of investigations where allegations of personal data being obtained or disclosed illegally. In one case, a Transport for London employee was prosecuted for illegally accessing Oyster card records.
Launching the report, the information commissioner, Christopher Graham, said: “We’ve seen real developments in the laws we regulate during that time, particularly over the past year. Just look at the EU court of justice ruling on Google search results, a case that could never have been envisaged when the data protection law was established.”
The executive director of Which!!!, Richard Lloyd, said that this was jst “tip of the iceberg”, adding: “This is why regulators, government and industry must work harder to cut off unwanted calls and texts that annoy millions of us every day. The ICO must use its new powers to full effect and hit hard any company breaking cold-calling rules. We also want to see senior executives personally held to account if their company makes unlawful calls.”
“Our community assigns an item a value that is at least partially determined by that item’s scarcity. If more copies of the item are added to the economy through inventory rollbacks, the value of every other instance of that item would be reduced,” say Steam’s policy.
“We sympathize with people who fall victim to scams, but we provide enough information on our website and within our trading system to help users make good trading decisions.”
Valve concludes that “all trade scams can be avoided”.
So basically, they’re saying ‘it really is your own stupid fault if you get scammed, soz like’. Seems a bit odd to put the onus on the user, but there you go.
If you’re going to trade, then you might want to do some reading up on scams first, so you don’t get burned, because they’re not going to help you out one bit
The keyboard comes installed in advance of 600 million of Samsung’s mobile devices, and apparently, it can be very easily hacked, which in turn, can give away a lot of your vital information.
This is according to Ryan Welton, who is a researcher with cyber-security firm NowSecure. He reckons that the flaw could allow hackers to see what you’re up to and can access your GPS, camera and microphone, as well as enabling them to secretly install malicious applications.
NowSecure say they told Samsung about this back in November, but no-one has done anything about it, so they’ve gone public.
In a statement by SwiftKey a while ago, they said, “the way this technology was integrated on Samsung devices introduced the security vulnerability.” However, they soon deleted that. The Guardian ran a quote from Joe Braid, chief marketing officer of SwiftKey, saying, “Unfortunately, we were only made aware of the issue on Tuesday. We are working as hard as possible to support Samsung and help it fix the issue.”
Samsung have since said that they “take emerging security threats very seriously… and [is] committed to providing the latest in mobile security.”
If you’re worried about this, there’s a host of other keyboards you can download from the Google Play store or, if you want to bolster your device’s security, here’s the Bitterwallet guide to the best security and anti-virus programs you can download.
Careful on your phone, now! Why? Criminals are sending people text messages that look like they’re from your bank – but they’re not! And of course, they’re after you juicy bank details so they can steal your pennies.
So what’s the skinny? Well, the texts claim that there has been fraudulent activity in your account or, in a more sly move, that your account details need to be updated. A phone number and website are provided, saying that the matter is very urgent.
Of course, the number and website is controlled by scammers, and Financial Fraud Action UK, have warned that this type of hoodwinkery is on the rise, with a spike in the last couple of weeks.
To make the texts seem authentic, fraudsters use specialist software which alters the sender ID on a message so that it appears with the name of a bank as the sender. This can mean that the text becomes included within an existing text message thread on the recipient’s phone.
Katy Worobec, director of Financial Fraud Action UK, said: “These text messages can look very authentic, so it’s important to be alert. Always be wary if you receive a message out of the blue asking you for any personal or financial details. If you’re ever at all suspicious, call your bank on a number that you know. Remember, fraudsters are after your security details – don’t reveal anything unless you are absolutely sure who you are dealing with.”
Of course, what normally happens when there’s fraud, is that your bank will ring you up and tell you what’s going on. There, you’ll go through security and other means to put your mind at ease. If your bank texts you, ever, it is usually to sell you something, so be aware. However, some fraudsters will send a text to say you’ll be receiving a call from your bank’s fraud department, which makes the whole thing more complicated.
Things to look out for
If you get a text, asking you for your personal details and sensitive information, chances are, it is a scam. A bank will never ask for your full password.
If you’re asked to call the number given in the text message, it’d be worth entering the number online, as it is likely to come up as a scam number. If you’re unsure, get a number you trust, like one included on your statement or one from your bank’s official website.
Your bank will never ask you to update your personal details via a link in a text, or tell you how to respond to a text message to confirm a transaction. They will also never ask you to transfer money into another account, ever. So if you get a whiff of anything that sounds dodgy, don’t do it.
The watchdog sent an illegal Vauxhall Astra with broken and missing light bulbs, irregular tyre pressures, oil leaks and faulty windscreen wipers to the centre in Filton, Bristol. The car was supposed to get a major service, which should’ve cost £235.
Investigators soon found that something was amiss, and told North Avon Magistrates’ Court: “It became obvious that not all the checks were done. Things were ticked as having been done that had not been and the consumer was not made aware (of the defects).”
“This is a national company. A consumer puts a lot of trust and faith in a national firm to do a proper job to ensure a car service is conducted thoroughly and professionally and in these circumstances it was not.”
This won’t allay some of the fears that many drivers have, that they’re being ripped off when it comes to getting their cars fixed or given the once over. This uncover sting came about after the number of complaints about the car industry in the area, were rather high.
Halfords pleaded guilty to eight counts of breaching consumer protection laws and the mechanic who carried out the service, has since resigned. Magistrates fined the company £32,000, ordered them to pay £14,862.04 costs and a £120 victim surcharge.
There’s a spate of cases where Android users are finding that ransomware has been posing as a warning from the FBI, to frighten you off from looking at dirty stuff online. These come via spam emails, and there’s been 15,000 cases thus far, which are very convincing.
If you end up activating one of them, the ransomware demands $500 from you to restore access, which is a kick in the gusset. Of course, UK Android users should be wary of anything that comes from the FBI, because why would they be bothering with Steve from Cleethorpes or whatever.
It gets worse – if you try to independently unlock your devices, the amount goes up to $1,500.
This particular malware pretends to be an update from Adobe Flash Player and when you press ‘OK’ to continue, you see an FBI warning which you can’t navigate away from. It tells you that you’ve been breaking the law by visiting pornographic websites and, in a clever (but nasty) move, the scammers include screenshots of what they claim to be your browsing history. Then, it claims to have screenshots of your face and says that they know your location.
Basically, the malware doesn’t actually encrypt the contents of your phone, but instead, makes your device’s home screen button and back buttons completely inoperable. Turning your phone on and off won’t help either. It really is a nasty piece of work, but you can attempt a reboot in safe mode.
How to start your Android device in Safe Mode
- Ensure that your device’s screen is on and then press and hold the power button.
- In the dialogue box that opens, touch and hold ‘power off’.
- Touch ‘OK’ when you see ‘Reboot to safe mode’ box.
- Your device will start up in safe mode.
Also, to be safe, it is worth having your antivirus software on the go. If you don’t have antivirus software installed on your Android device, here are the best apps to download.
According to research, there’s around 2.8 million of you out there who have downloaded Minecraft applications on their Android smartphones and tablets, which are malicious.
There’s been a host of dodgy apps doing the rounds in the last year, and 33 of them have been spotted in the Google Play store. These apps tend to offer cheats and tips to players, but of course, they’re doing something else that is no good for you at all. Once you download these apps, you end up getting a warning which says your device has been infected with a “dangerous virus”.
These are some of the malicious apps.
If the apps fool you, you’re then asked to sign-up with a premium-rate SMS subscription which tells you that it’ll rid your gadgets of nasties.
It won’t, of course. What it will do is charge you for texts, coming in at £3.40 per week, which is around £177 per year if you don’t sort it out. The bogus virus warning page looks like this.
One of the things that gives away these apps are the myriad of negative reviews and comments they’ve received. If you’re ever downloading any app, it is always worth looking at the score they’ve been given and checking out the reviews on Google Play, right before you hit the download button.
A number of the apps have been removed from Google Play, but that’s not to say they got them all. Obviously, snide developers are probably making more and tying them in the with hugely popular Minecraft game.
Like we said, to stop this happening, always look at the ratings and reviews on any app and get some security software for your Android phone. You can see some of the best anti-virus Android software here.
Seeing as Google Play is a bit of a mess and there’s a lack of curating going on, on their part, it is hard to find the best apps for you.
One of the reasons there’s such a dizzying amount of apps around is that anyone can submit their apps to Google’s Play market, and that includes scammers and those who want to brick your phone and all that. Apps can also be downloaded from all over the place, not just Google’s store.
With Android being more open than other operating systems, this is often a good thing – but as ever, there’s always someone who wants to spoil it for everyone.
So with that, let us look at what we think are the best Android antivirus apps around. Search for these in the Google Play Store, read the reviews from other users and see what is best for you.
THE BEST ANDROID ANTIVIRUS AND SECURITY APPS
Avast Mobile Security & Anti-Virus (click)
One of the most highly rated anti-virus apps is the Avast Mobile Security & Anti-Virus, which provides you with a load of background tools to thwart any bleakness you may stumble across. The app is free, too! This is probably the best you can get.
Qihoo 360 Mobile Safe (click)
Another good freebie, the Qihoo 360 Mobile Safe has a big array of useful tools and fares well with other users. This is arguably as good as the Avast app.
Kaspersky Internet Security for Android (click)
Yet another good free app, Kaspersky Internet Security is a solid app that offers protection for your Android devices. Well worth checking out.
Ikarus Mobile Security (click)
This app will cost you £7 inc VAT, and is a lightweight security app that should give you what you need to protect your Android device. That said, we feel it isn’t quite as good as the aforementioned freebies.
Norton Mobile Security 2014 (click)
A popular and famous name, the Norton Mobile Security 2014 app has a lot of helpful tools to manage and secure your phone and again, it is a free download.
Do you like putting human urine on your face? How about rat poo? Do you want to daub yourself with a mixture of the aforementioned, especially when it is mixed together with arsenic? If you’re into that, you should totally buy a load of fake make-up.
If not, then the police are saying that you should avoid fake beauty products, which are being sold all over Britain.
A campaign has been launched called ‘Wake Up – Don’t Fake Up’, which aims to warn consumers about the fake beauty product industry, which is reportedly worth £90m a year. This isn’t some dodgy person flogging counterfeit perfume out of a suitcase on a street corner – thanks to the internet, these products are everywhere.
Sadly, consumers are being conned as, online, you can’t hold the product to see inspect it and stock images are being used with these knock-off goods, so they look like the real deal.
The police’s lab tests have shown all manner of horrible stuff in them. Fake perfumes have been tested and, in them, they’ve found cyanide and urine.
Many counterfeit cosmetics are made in unsanitary factories, which means whatever vermin is creeping around there is taking a dump in the products, which you then wipe all over your face. Not cool.
Something is being done about this, though – in the last 18 months, the Police Intellectual Property Crime Unit (PIPCU) has suspended more than 5,500 websites which were flogging fake-up, and they seized more than £3.5m worth of products.
Detective Superintendent Maria Woodall said: “Many people don’t know about the real dangers counterfeit beauty products pose to their health. That is why this week we are urging the public to Wake up – don’t fake up! Criminals are exploiting every opportunity to fool customers into buying counterfeits in order for them to make some quick cash – putting people’s health, homes and lives at risk.”
“Beauty products are meant to enhance your features, however the fakes can in fact do quite the opposite. Our general rule is: if it seems too good to be true then it probably is.”
The hack sees ne’er-do-wells able to take funds from customer credit cards, bank accounts and PayPal accounts. You see, the app is linked to an online payment service and hackers have found a way in, so they can take advantage of the cash auto-reload function and online gift cards that a lot of people use.
Basically, they can transfer money to themselves.
So what’s the deal? Well, Starbucks say that they know there’s a problem, but rather than this being their fault, they say this is an issue with weak passwords. While they’re seemingly not willing to do anything about this security flaw, they are saying that customers won’t be held responsible for any charges that someone else is responsible for.
Starbucks said in a statement: “If a customer believes their account has been subject to fraudulent activity, they are encouraged to contact both Starbucks and their financial institution immediately.”
“Customers are not responsible for charges or transfers they did not make. If a customer’s Starbucks Card is registered, their account balance is protected.”
If you’re worried about this, change your password and disable the auto-reload feature, and you should be fine.
The drink vendors said that they’d identified “some unusual activity” on some customers accounts while they were doing security checks.
A Costa spokesperson said that the number of people affected was in the “low to mid-hundreds”, but were confined to the UK. It will take a couple of days to reset everyone’s passwords and, until they’ve completed this, all online accounts will be suspended.
Mercifully, Costa don’t hold any customers financial data.
“We have already contacted those customers affected and emailed all registered Coffee Club members to make them aware of the situation. Customers can still continue to collect and redeem points as usual,” Costa Coffee said in a statement.
Now, feel free to complain about people spending too much money on coffee in the comments.