jump to navigation

A “Free Android tablet”? Methinks not! May 11, 2017

Posted by wastedspacer in Scam.
Tags: , , , ,
add a comment

Another day, another scam – spread the word!

I just received an URGENT, rather rather official looking and unusual piece of mail suggesting that a “gifting department” was sending me an Android Touchpad Tablet and a $50 prepaid Visa card  reportedly valued at $199.99. The document was signed by (using an M… squiggle) reportedly  the Vice President of the Regional Awards Division, The document looked like a check, had a check number but contradicts itself in a memo line saying this has no cash value and is not a check.

If you get one of these refer it to your local police department as a potential fraud attempt and let’s shut these folks down!

This was sent from some vague and grandiose sounding “Accounting Division” with an address of 611 Pennsylvania Avenue SE #405 Washington DC- which is actually a UPS Store! After a little digging it seems that if you call the number you (and your spouse/partner – suitable and pre-screened to be of financial means) will be invited to collect your tablet and prepaid visa card from a nearby location. The collection point has to be attended by both parties as a couple and just happens to be at an upcoming, high-pressure timeshare/vacation sales event.

We can see where this is going, those poor souls that have actually fallen for this come-on are given the usual 90 minute timeshare type selling debacle, harangued and harried to drive most folks away before they ever get to the point of acquiring the “no charge (underscored) tablet and pre-paid visa card.

These type of scams started in Florida and have been going on for over 5 years garnering hundreds of complaints!

 

Advertisements

Who’s Risk Is It Anyway? June 6, 2016

Posted by wastedspacer in IT Security, Notable Incidents, Risk, Social State, Spam, SPIM and other annoyances, Technologies.
Tags: , , , , , ,
add a comment

Nolan GouldHuman beings as a species are generally terrible at rationally assessing risk. This is particularly apparent when we consider basic everyday risks as well as common threats and risk from an IT security standpoint.

All thanks to the media, blogs, viral videos and security services the general public substantially overestimate the likelihood of spectacular, headline-worthy catastrophes.  At the same time completely ignoring many extreme dangers posed by common, everyday activities.

A prime example of this irrationality is a fear of flying. Fueled by news reports citing terrorism, bomb-threats, near misses as well as mysterious or even spectacular plane crashes. Other perceived threat vectors come from government agencies with a stated vested interest in keeping us safe (and of course themselves funded). Consequently, airport security screening services further amplify this level of latent terror for the misinformed traveler.

The end-result, we in the US put up with paying(as of 2015) another $7 Billion in taxes and even more added to the cost an airline ticket for the illusion of feeling safe. As the former FBI assistant director when asked about an effective method to fund anti-terrorism he put it thus: “Keep Fear Alive”. The FBI can’t even explain their success metrics around the perceived “war on terrorism”. The only real measurement we appear to fall back on is when the security fails! The only answer seems to be: we need to spend more!

Tragically, this appears to be a similar rhetoric that the terrorists themselves use to measure how effective their terrorism is on their intended target populations. The more perceived threats and the larger the anti-terror agencies become the more apparent they are as they broadcast the potential threats posed by future terrorism! Aside from the actual heinous terrorist attacks, the terrorist organization perhaps measures their success by how much additional chaos, media coverage, public inconvenience, fear and growth in anti-terror security services their actions are catalysts for.

Shocking airborne terrorist attacks such as 9/11 understandably leave the vast majority of our world population with a “never again” security-at-all-costs attitude.  Although the total number of people ever wounded or killed by terrorism on air travel is many orders of magnitude less than the number of victims by “ordinary” dangers driving to and from the airport.  Consider events such as having a blow-out or hitting a (deer, cow, dog, pothole) or being hit by (distracted driver, truck, road debris) when driving to the airport, all of these have serious or even lethal consequences to 1000s of travelers every year.

From a pure risk/value/mitigation assessment seems like an absurd disparity we could dramatically reduce the overall risk simply paying a little more money to fix potholes. Our collective thinking is habituated and skewed by sheer terror, amplified by sensational media coverage, augmented by continual terrorist rhetoric and supplemented by security agency threat alerts. As a result the perceived terror risks are far more salient and likely than reality. Consequently we are collectively convinced that it is worth standing up and funding entire government security agencies to combat the potential threats!

OLYMPUS DIGITAL CAMERA

Keeping “Little Jimmy” safe!

As a general rule most individuals underestimate the risks for which there is a perceived benefit to the individual. The intended achievement of a laudable goal (or simply what’s in it for me) often creates tunnel vision where many risks are ignored or at least not adequately considered in context. Consider first-time parents of a small child they need to start taking to kindergarten. They logically purchase a very large SUV, perhaps a Chevy Suburban so that “little Jimmy” can be safe. What they understandably fail to consider is the consequences when the brakes fail on the Suburban. A smaller vehicle would simply bounce off the curb, the airbags would deploy and perhaps some minor injuries. With the height and gross tonnage of the Suburban however, it bounces over the curb and through the wall into the classroom killing six of little Jimmy’s classmates!

car-into-maternity-bvm-school

At least “Little Jimmy” was safe!

A less contentious example is the inevitable project management by dashboard method where NOT delivering on-time and on-budget are the only perceived risks. This conversely leads to the introduction of greater or imaginary risks for activities that have no perceived upside. The perfect IT security solution is a prime example where the pinnacle of success can be measured by “nothing bad happened today”!

We tend to mostly ignore or underestimate the less controllable risks in IT security. For example consider how easily can anyone in our organization get phished, scammed or inadvertently disclose sensitive information? We have awareness training for that but how easily or accurately can it be measured?  A number of security solution providers have a large marketing budget supporting products they can sell you to manage areas, functions and individuals you already have a degree of control over. But what happens when the actual threat is the password that’s shared with a spouse then used and inadvertently disclosed outside the organization? How can their solution address that?

The bottom line is that assessing risk can only be a general guide and not absolute. Perhaps risk assessment is more akin to Heisenburg’s Uncertainty Principle. A thorough unbiased quantitative risk assessment can certainly give a bottom-line risk score but as soon as it is observed and the results consumed by you, me or anyone else, each score will probably be different.

 

Darkweb and the consumer facing state of Cybercrime November 10, 2015

Posted by wastedspacer in Government, IT Security, Social State.
Tags: , , , ,
add a comment

The latest BBC Panorama episode (now available via YouTube) is a really effective and appropriately disturbing expose on the current state of cybercrime:

BBC Panorama How Hackers Steal Your ID BBC Documentary 2015

Darkweb = the eBay of Cybercriminality!

On the 9th of November BBC Panaroma put together this thought-provoking piece on the current state of the Darkweb. The primary focus was the volume of valid and current credit card numbers including the CVV were generally available via BitCoin payment for just a few dollars.

The recent internet provider breaches Talk-Talk and Comcast are merely the latest examples of known identity thefts that have been offered for sale via the Darkweb.

Many thefts begin with just general situational awareness and basic contact details (such as provided by these breaches) can provide organized criminal call-centers essential ingredients to perpetrate convincing but sophisticated identity theft along with personally targeted financial fraud.

According to the documentary, the Darkweb also provides sophisticated storefronts anonymously used by criminals to access all manner of highly illegal activities: Drugs, human and organ trafficking, child pornography, guns, valid passports, and even contract killings!

This raises the question: Is the leading edge of cybercrime pulling away from the ability of our law enforcement agencies to combat it?

Sadly the Panorama piece’s rather tepid “keep your anti-virus program current” advice from London Police commissioner – Adrian Leppard is not even altogether sound. Antivirus programs, once considered bastions of cyber-defense are marginalized and now under serious attack when seen by criminal hackers (and government spy agencies) as themselves potentially effective methods of malware delivery!

There are at least some publicly known indications of a response from international law enforcement such as the JTRIG team at the UKs GCHQ in concert with the NCA (National Crime Agency).

A simple credo to apply to all things internet related – always be seriously cynical and TNO (Trust NoOne)