Posts Tagged ‘scam’
If you’re a big fan of eBay, then be aware that there’s a scam doing the rounds, which you won’t be a fan of, at all! As usual, the aim of the scam is to get at your personal details, and to distribute all manner of malware.
Security crew, Check Point, notified everyone of this flaw, who say that you could be in a world of trouble if you get hit by it. Basically, the scam works like this - the scam artist sets up an eBay shop, complete with listings with a bunch of products that have malicious code in them.
A pop-up message tricks you into opening the page, and gets you to download an app that looks like an official eBay thing offering a one-off 25% discount, when obviously, it gives you no such thing at all. That’s because it is a scam, if you drifted off half way through all this.
Oded Vanunu, Security Research Group Manager at Check Point, said: “The eBay attack flow provides cybercriminals with a very easy way to target users: sending a link to a very attractive product to execute the attack. The main threat is spreading malware and stealing private information.”
“Another threat is that an attacker could have an alternate login option pop up via Gmail or Facebook and hijack the user’s account.”
eBay, at the time of writing, haven’t managed to lock this scam down, so stay vigilant! And here’s a video of the scam, so you know what you’re looking for.
Keep ‘em peeled.
Are you a customer of JustEat? Well, there’s a scam doing the rounds, masquerading as the food shovelling app. Some customers have been sent a dodgy text claiming to come from the company.
It offers recipients a cash incentive to complete a survey, which directs you to a fake JustEat page, which asks you to provide your card details. Obviously, you shouldn’t give them that info.
The company say that they “would never send an email or text message to customers asking for personal and financial details. We urge recipients of this text message not to enter their account or personal details on the login page provided and to delete the message immediately.”
It looks like this
Here’s what the fake login page and survey pages look like:
If you have received this text, let JustEat now at email@example.com. If you have responded to this scam message, then you need to get in touch with your bank, immediately.
Stay vigilant, pizza lovers.
People who use WhatsApp are being targeted with a phishing attack, which obviously, you should keep an eye on.
Basically, you get an email which looks like it is from WhatsApp, often with something saying ‘you have obtained a voice notification’, or ‘an audio memo was missed’, or something along those lines. If you look at the ‘from’ email address, you’ll see it doesn’t come from WhatsApp at all.
Subject lines end with a set of random nonsense like “xgod” or “Ydkpda”, and basically, you should delete the email as soon as you get it. Have nothing to do with it at all. If you do open it, you’ll find that you’ll get a Zip file and, when that is opened, it unleashes hell on your computer.
Not only that, it’ll give hackers access to your computer and all your lovely private and sensitive information.
“Cybercriminals are becoming more and more like marketers – trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs.
With over 900 million people using WhatsApp, there’s a lot of people who need to be vigilant with this. Of course, Bitterwallet readers are too smart to fall for such a thing, but this is worth showing to the less savvy who you know.
The pensioner who was conned out of £23,000 with a cash machine scam, has got some good news this Christmas - Natwest have repaid the full amount to him.
The video, which you can see below, shows one man distracted the 93 year old, while the other does the dastardly deed. Lincolnshire Police referred to the incident as a “despicable and callous theft”.
NatWest said: “Unfortunately our customer fell victim to a callous distraction technique whilst using an ATM. We have refunded all the money to the customer and continue to do everything we can to help the police identify the criminals.”
DI Simon Bromiley, heading up the investigation, said: “What is quite clear from our inquiries so far is that these three men were very well organised in their deception and very selective about their victim. They watched the gentleman as he came into the bank and then carried out this despicable and callous theft.”
Anyone with information is asked to call police on 101.
You may have seen a voucher, offering 40% off at Aldi doing the rounds, but the retailer says that it is a scam and should be avoided. They have explicitly said that this voucher can’t be redeemed in any of its UK stores.
They’ve also pointed out that you shouldn’t give away any personal details when trying to get the voucher, or take part in the competition that is linked to this discount.
It looks like this.
Aldi are now investigating the suspicious coupon.
As you can see from the image above, there’s something fishy about it – the font on the date is irregular, with the ’5′ in the ’15′ being different to the other numbers. That sets alarm bells off immediately. And of course, anyone who asked for personal details for a coupon like this, is bound to be up to something, especially if it isn’t coming straight from the supermarket themselves.
A post on Aldi’s Facebook page reads: “We have been notified that there is a hoax 40% off Aldi voucher being circulated online. Please be aware that this post is fraudulent and cannot be redeemed in our stores.”
“We strongly advise that you do not complete any personal details or enter the competition that is running as part of claiming the voucher. This is currently being fully investigated. Thank you, Aldi UK”
They also tweeted: “ALERT: We are aware that there is a hoax 40% off Aldi voucher being circulated. This post is fraudulent and cannot be redeemed in store. We strongly advise you not to enter any personal details on this website. This is currently being fully investigated. Thank you, Aldi UK”
So now you know. If you see one, avoid.
Online takeaway service JUST-EAT have today issued an email letting their subscribers know that there is currently a scam email circulating purporting to be offering £10 takeaway credit when the recipient completes a quick survey.
To be fair, the emails do look pretty genuine until you get to the part asking you to confirm your personal credentials.
JUST-EAT have said:
Dear JUST EAT Customer,
The online security of our customers is really important to JUST EAT.
We will never ask you to enter your JUST EAT account details or any personal information via email. And we don’t store payment information or card details anywhere in our systems.
Some customers are receiving particularly sophisticated scam emails. These emails look like they come from JUST EAT and ask you to enter personal and JUST EAT account details.
Unfortunately, email scams are all too common on the internet. We encourage you to remain vigilant online, frequently change your passwords and make sure your passwords are robust.
If you have any questions you can contact JUST-EAT at firstname.lastname@example.org.
There’s a new scam knocking about, which sees people being asked for money from one of their bosses. Now, most people don’t like their bosses and would think unprintable things if they asked them for money… but we’re still going to give you all a warning about it.
Basically, there’s emails doing the rounds which are fake, coming from your gaffer’s email address, telling them to transfer cash.
The Financial Fraud Action UK (FFA UK) said this particular scam has spiked in the past couple of weeks, and a number of small/medium-sized businesses in the UK have lost between £10,000 and £20,000 as a result.
What happens is, staff will get an email from what appears to be senior management, where they ask for money for a pressing matter, like the need to secure a contract. Any money transferred goes straight in the pocket of the fraudsters.
“While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam,” said Katy Worobec, director of FFA UK.
There’s a host of advice being doled about about this scam, but Bitterwallet has the only advice you really need – don’t lend your boss any money if they ask for it in an email. If they do, ring them up and ask them about it (or tell them to piss off).
The biggest online pharmacy in the UK has been slapped with a £130,000 fine after they sold patients’ personal data to scammers. Those scam artists then targeted people who are vulnerable and sick, which is just great.
Pharmacy2U (P2U) was hauled in by the Information Commissioner’s Office (ICO) after it was discovered that they’d been giving names and contact details for people who had bought prescriptions and remedies from their site, through their Alchemy Direct Media company. It turns out they’d illegally sold the personal data of more than 21,000 NHS patients and P2U customers.
You’re supposed to get people’s permission before you sell their personal data – they did not.
It might be an idea to run a quality control over who you’re selling it to, which this lot clearly didn’t do, as one of the companies that bought the data were lottery fraudsters, who then went after pensioners with chronic health conditions.
Over 100,000 customer details were advertised for sale on the database, which actually broke people down into categories, such as detailing which people had Parkinson’s disease, or which ones were over 70.
ICO deputy commissioner David Smith said: “Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable. Put simply, a reputable company has made a serious error of judgement, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish.”
“Once people’s personal information has been sold on once in this way, we often see it then gets sold on again and again. People are left wondering why so many companies are contacting them and how they come to be in receipt of their details.”
“Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable”
Daniel Lee, managing director of P2U, said: “This is a regrettable incident for which we sincerely apologise. While we are grateful that the ICO recognises that our breach was not deliberate, we appreciate this was a serious matter. As soon as the issue was brought to our attention, we stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed. We have also confirmed that we will no longer sell customer data.”
“We take our responsibilities to the public very seriously and want to reassure our customers that no medical information, email addresses or telephone numbers were sold. Only names and postal addresses were given, for one-time use.”
The PPI scandal hasn’t even been sorted out, and we’re already looking at the next one to contend with. If you’re planning on making a PPI claim, do hurry up though – and here’s advice on how to do it.
Anyway, it looks like the next massive financial mis-selling scandal is going to concern pensions.
“These reforms have been in operation for six months now: long enough for the scammers to get going, working on defrauding people out of their life savings,” said Frank Field, chair of the Commons’ Work and Pensions Committee.
Some pensioners are already being hit with massive fees when they start using the freedoms they’ve now got with their pension, and there’s a lot to consider regarding the new rules on pensions. With all this to think about, Field said that the government need to start giving data – and fast – on how the reforms are working out for people, and fix any problems that have already arisen.
One of the big gripes is that, while the pensions now give people the right to take their savings as cash, advice needs to be given to any person who has not considered the long-term implications for later years, and make them aware of tax charges and the like.
“Good quality, co-ordinated and accessible guidance and advice will be the best tools to ensure people make the best, informed decisions about their retirement savings, and protect them from scammers,” said Field, adding: “We have seen all too clearly, too many times, what happens when financial information is not properly provided and regulated. We literally cannot afford another financial mis-selling scandal.”
Now, the government are doing something about this, and have set up the Pensions Wise service, which gives you a session over the phone, offering guidance and information about your pension and what you can do with the new rules. Sadly, it seems like there’s not many people using the service (so hop to it if you’re reading this – go and make the most of it) and pension companies should be doing more to point people toward it.
If being single isn’t tough enough, all the baddies on the internet are going after their dating profiles. AshleyMadison was the big profile hack, complete with leaks, and now, Match.com has been compromised as well.
A security alert was issued by an outfit called Malwarebytes, and they noted that the dating site was hacked and has spilled data all over the place. A hackers version of a money shot, if you like.
Malwarebytes said the site has fallen victim to malvertising, which looks to swindle the lonely out of their hard earned money. It is thought that there’s 5.5 million users at risk from this attack, which happens to be based on the Bedep trojan for those of you who know about this sort of thing. In plain English, it means that ne’er-do-wells can get at a load of private info and start trying to cadge money from you.
“The cost per thousand impressions for the booby trapped ad was only 36c, which is nothing compared to how much infected computers can bring in terms of revenues. For instance, CryptoWall demands $500 per victim,” said Jerome Segura, senior security researcher at Malwarebytes.
“We alerted Match.com and the related advertisers, but the malvertising campaign is still ongoing via other routes.”
A spokesperson for Match.com told The Inquirer: “We take the security of our members very seriously indeed. We are currently investigating this alleged issue.”
Even though Apple’s iOS is well regarded for its robust security, it isn’t completely without the risk of some swine causing bother with it. If you jailbreak a phone, you do away with all that lovely security so you can get full control of your gadget.
With that, malware is being installed via third-party iOS apps onto jailbroken iPhones, which has resulted in what is being described as “the largest known Apple account theft caused by malware.”
The malware is called KeyRaider, and has stolen around 225,000 iOS users’ Apple account credentials, purchasing receipts, certificates and private keys according to the security firm, Palo Alto Networks and Chinese iPhone developers Weiptech.
And now, for a lot of jargon.
“The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device. KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” the Palo Alto Networks wrote in a blog post.
So what’s happening, in plain English? Around 225,000 accounts are thought to be affected, and some people have said that their accounts are showing abnormal purchasing history. Others have said that their phones are being held for ransom by people who are best described as ‘not-rights’.
If you don’t have a jailbroken iPhone, iPad or iPod, then you don’t need to do anything at all. You’re golden. Those with affected jailbroken phones reside in countries including the UK, France, Germany, Australia, Russia, Japan, America, Canada, Israel, Italy, Spain, Singapore, and South Korea.
You can read all of Palo Alto Networks findings and check out their tool which will help you to check if your device has been affected and some other helpful bits… click here.
Volkswagen won a high court case to keep the paper from being unpublished, written by the University of Birmingham’s Flavio Garcia, and two colleagues from a university in the Netherlands.
The team found that car manufacturers including Audi, Volvo, Citroën, Honda and Fiat, as well as the aforementioned Volkswagen, had cars that were exposed to ‘keyless theft’ thanks to a device that was supposed to stop cars from being nicked, could be easily disabled.
And now, after a series of negotiations, Volkswagen have agreed to the report being published after getting one sentence removed from the original paper.
Garcia, and Roel Verdult and Bariş Ege from Radboud University in Nijmegen, said that they discovered flaws in the Swiss-made immobiliser system called Megamos Crypto, which is a device that stops the engine from starting when the corresponding transponder (which is embedded in the key) is not present.
However, it was found that it was possible to listen to signals sent between the key and the security system, which means that cars could be attacked by “close-range wireless communication.”
“Our attacks require close range wireless communication with both the immobiliser unit and the transponder,” say the team. “It is not hard to imagine real-life situations like valet parking or car rental where an adversary has access to both for a period of time. It is also possible to foresee a set-up with two perpetrators, one interacting with the car and one wirelessly pickpocketing the car key from the victim’s pocket.”
An injunction stopped the report from seeing the light of day, with Volkswagen arguing that the report would basically give criminals an idea or two. However, the research team brushed that complaint aside, saying that they were “responsible, legitimate academics doing responsible, legitimate academic work”.
This of course, follows the recall of 1.4m Fiat Chrysler vehicles, after some hackers got control of a Jeep.
You need to install updates on your browser at once, because there’s an exploit in it that wants to steal your data and has been turning up on websites and causing havoc.
Right away, go to Help, then hit ‘About Firefox’, then press the ‘Check for Updates’ button, to ensure you’ve got the latest version of the browser.
In a blog, Mozilla say the exploit makes use of a weakness in Firefox’s PDF viewer. The bug basically gets into your Windows computer and searches through your files looking for passwords from a host of popular FTP apps, as well as any text files with ‘pass’ or ‘access’ in the name. It will then, you suspect, send all that information to people who you really don’t want to be having that sort of information.
Even if you’re on a Mac and using Firefox, it’d be a good idea to do an update, as there’s no good reason why the baddies aren’t going after you too. So hurry up. Update your Firefox. Do it now!
How the Android fanboys laughed at the Apple fanboys, when there was a text message that could crash iPhones.
Well, the Apple crew can get their own back now, as there’s news of a text that can really stuff things up for Android devices. The rest of us, meanwhile, can wonder why people argue about which phone you should have. Seriously. Go for a walk or something.
Anyway, what’s this flaw? Well, seeing as most Android phones automatically download photos, and there’s a scam going around that enables hackers to take control of your phone via photo messages, and there’s 950 million Android users worldwide, we’ve got a problem.
The picture in question allows nasty sorts to get complete control of Android devices, accessing your camera and everything else. Thanks to Android phones automatically downloading photos in texts, you wouldn’t even need to open it to be vulnerable to the malware.
So what are Google doing about it?
They said: “This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users.”
“As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we’ll be releasing it in open source when the details are made public by the researcher at BlackHat.”
There you go then.
We told you about the trouble surrounding Adobe Flash and how the hackers might come after you. Well, the software is now automatically blocked by all versions of the Firefox browser. Remember Firefox? Awww.
Anyway, Mozilla – the people behind Firefox – have brought in the block, which saw cyber-scallies able to do all manner of dodgy things, including stealing documents from a security firm. Mozilla said that this block will stay until ”Adobe releases an updated version to address known critical security issues”.
Adobe have said that they’re taking all this very, very seriously and that they’re working on fixing the bugs and flaws.
Mozilla have given out advice on how to adjust Firefox’s settings so Flash will only run with your permission. You can see that here. Or, you can click here to make sure you have the latest version of Flash, but it is advised that you stop using it at all, for the time being.
You should only activate Flash on sites that you trust.
Facebook’s security chief Alex Stamos, wants Flash killed off completely, saying: “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”
Adobe have said that the patches to fix all the Flash troubles should be made available to everyone at some point this week, so until then, stay vigilant or continue with your cavalier attitude. Whatever. We’re not your real dad.