SiS Logo

My Digital Identity

Sharp Perspectives on Identity, Security, and Privacy

Requested Security References

Requested Security References

The following are some reference links requested from my Information System
Security Officer Orientation
course.

Reference for Urban Legends and Scams

Free Windows Malware Protection Applications:

Web of Trust Crowdsourced Website Reputation

  • This browser WOT software
    can provide warnings about Web sites that have a bad reputation for malware,
    incorrect information, or aggressive marketing scams

Privacy

Future Computer UX Security Challenges

DocZone Online Scam Investigation

The video is 45 minutes long but it is well worth watching to really increase awareness about the extent of online scams. The highlights for me were:

  1. 419 eBook by Will Ferguson (419 is the Nigerian criminal code for the famous “Nigerian” scam) which is based on an ancient scam from English history
  2. “Catfish” documentary? by Ariel Schulman on the epidemic of people assuming virtual identities or stealing identities to deceive people. There is also a tv show.
  3. 419eater.com about volunteers battling against fraudsters to at least waste their time if not discourage them from committing fraud
  4. The “Clairvoyant” in a tent in Belgium demonstration (around 37 minute mark) which shocks people about what anyone can know about them from their social media posts.
  5. Monica Draper, a web site developer (and hero in my opinion), who used access to fraudster Glenn Whitter’s web site and email to uncover and contact his other victims. She wrote a book about it – Raped Financially (or if you prefer the Raped Financially eBook). She also provides a useful tip (at the 41 minute mark) on a Google photo search feature to catch suspicious photos being used in scams. Just drag the photo you are questioning onto the Google Image web site to see all the places it is being used.

The DocZone site for the dot.con episode also has some useful links regarding online scams:

  1. Dot Con character updates
  2. Top 10 Canadian Scams in 2014
  3. How Vulnerable Are You to Online Fraud?
  4. How to Protect Yourself Against Scams
  5. To see comments on the DocZone Dot Con episode or leave your own comment there. Comments include everything from complaints about the government, fraud on match.com, paypal fraud on kijiji, LinkedIn business deals, etc.

DocZone has some really excellent documentaries on other subjects too so check it out.

Gamergate Discrediting Wikipedia?!

Mark Bernstein has written a 3 part series on the serious issue of how Wikipedia is being used as a weapon against feminists who have been criticizing the portrayal of women in games. Gamergate refers to gaming developers and enthusiasts who are using Wikipedia and other media to discredit their critics. Mark’s articles are an important expose of how Wikipedia’s policy decisions are allowing the web site to be used as a weapon in an information war. If this is not corrected will we ever be able to trust Wikipedia again and is this the beginning of the end of its downfall?

Gamergate Part 1 Infamous
Gamergate Part 2 Thoughtless
Gamergate Part 3 Careless

Previous to this Wikipedia has been a success story because of their editorial processes that prevented lies and misuse of the information on its site. What has gone wrong?! Will it be corrected?

Smishing Scam

Today a smishing1 scam was attempted against my iPhone.
It all starts with a SMS text message which directs you to a web site that is intending to trick you into thinking is somehow related to Apple2.

Figure 1 – SMS text message received on my iPhone.

The phone number can be checked out of curiosity but be aware that it is very simple to insert a fake originating number so the phone number doesn’t really reveal anything other than a preferred diversion location for the perpetrator.

Figure 2 – The scammer chose Miami Beach Florida as the fake address.

The whole idea is to get you to go to their fake “won gift” web site to trick you into entering personal information.

Figure 3 – Wongift web site

Looking at the URL the scammer has a domain name of wongift.cc. The .cc Top Level Domain (TLD) was originally assigned as the country code assigned to the Cocos Islands but registrars allow it to be purchased by anyone.

The directory has been named apple.ca to suggest an affiliation with Apple Canada but this is meaningless because directories on a top level domain server can be called anything without any registration. If you enter the 0000 requested they capture your personal information. This Smishing (SMS phishing) scam is based on luring you with Apple products but a similar scam with bogus Best Buy or Walmart gift cards has been documented by the Better Business Bureau.

Better Business Bureau Alert:

Scammers Using Wal-Mart and Best Buy Names to Lure Consumers Into Gift Card Scam

CHICAGO, IL – March 22, 2012 – The Better Business Bureau serving Chicago and northern Illinois (BBB) received a report about a smishing attempt via text message being sent to users claiming customers won a $1,000 Best Buy or Wal-Mart gift card. The message continues to tell the user to visit a website to claim the amount.
“This is not a legitimate offer and is not promoted nor sent by Best Buy or Wal-Mart,” said Steve J. Bernas, president & CEO of the Better Business Bureau of Chicago and Northern Illinois.  “We strongly advise consumers to not complete the form or enter any personal information into the website provided.”
Smishing is the practice of sending a phishing message to steal credit card or identity information via cell phone text messaging. 
Bernas explained text messages are not typically blocked and only contain text, making it easier for scammers to make smishing messages appear legitimate.
“As consumers utilize their cell phones more and more to access the Internet, they need to guard against scams as they would on their home or office computers,” he added. 
Smishing messages may also direct recipients to call a phony toll-free number in order to complete or cancel some financial transaction where a fake operator will take down your financial information over the phone.
The BBB offers the following tips if you receive a questionable or unsolicited text message:
Check out the URL or phone number of a company before you disclose any personal or financial information for FREE at www.bbb.org
Most financial institutions, utility, or other business will not communicate with you via text message. If you do not recognize the website or phone number being sent to you, don’t visit or call it;
Avoid e-mailing and texting personal and financial information. If you have determined the website to be legitimate and do decide to submit financial information, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission;
Review your credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances. 
For more information on smishing and other scams targeting consumers, visit the BBB online at www.bbb.org

###
 
As a private, non-profit organization, the purpose of the Better Business Bureau is to promote an ethical marketplace. BBBs help resolve buyer/seller complaints by means of conciliation, mediation and arbitration. BBBs also review advertising claims, online business practices and charitable organizations. BBBs develop and issue reports on businesses and nonprofit organizations and encourage people to check out a company or charity before making a purchase or donation.


1. [SMS text sending you to a fake web site]?

2. [a web site pretending to be another web site is called phishing]?

Facebook is Attacking the Internet

Anil Dash has written an important article, Facebook is gas lighting the web, explaining the dirty tricks Facebook is doing to fight for domination of the Internet. He calls it gas lighting and it is way beyond just competing for ad revenue. People need to be aware of the tactics being employed and their implications so they can make an informed decision whether they want to support a company that wants to control the Internet and abuse users in that way.

The truth about Internet Rumours revealed

I have found snopes.com as a quite useful and trustworthy site for research on Internet rumours and scams. It is a bit like the mythbusters tv show as it strives to provide the truth on information being spread especially when the sources aren’t usually known.

Some items that I have recently checked on.

Hallmark Postcard Virus is partially true.

The rumour that hotel magnetic door key cards are a risk for disclosing personal information is false according to snopes.com research. The examples at the top of the article that look like sheets of paper are showing the incorrect information that is sometimes sent via email. You have to read the whole article to get the full story. Computerworld did an extensive study that showed that hotels don’t put sensitive personal information on the cards. They have no reason to do so.

Snopes confirmation of the story that a man horrified people by running into a skyscraper window actually happened in Toronto. Windows do crash so don’t take the risk.

SMB Security Knowing-Doing Gap

A survey of 2000 small businesses in the US and UK shows a gap between security awareness and action.

Security software company AVG surveyed a sample of 2,000 SMBs in the United States and United Kingdom and found that not only do more than half have no security guidelines, but that “1 in 7 have no Internet security software or solutions in place at all.”

Notably, 83% of respondents in AVG’s survey said they were aware of the importance of Internet security, yet not all of them had preventative solutions in place.

67% of respondents are considering moving to cloud-based services in the future.

The results for Canadian small businesses are probably similar or perhaps worse since Canada has often lagged in technology deployment.

Not surprisingly another survey from a security vendor (Panda Security, a company specializing in cloud security) shows that 33% of 315 SMBs surveyed have been infected with malware – mostly through social networks like Facebook.

Symantec and Panda have cloud based anti-malware services suitable for small business and AVG provides free anti-virus software for personal computers.