Month: May 2018

Email Scam Log Entry #6: Why am I so lucky?

Email Scam: Boston Globe recently was reporting on a woman receiving an email from Publishers’ Sweepstakes she won but need to pay taxes and some fees first.  She called the phone number and a nice young woman congratulate her and urged her to keep it confidential and don’t tell anyone, even her family so it can be a surprise.  Right?!  Below is excerpt of another email received this past week.

“My name is Warren E. Buffett an American business magnate, investor and philanthropist. am the most successful investor in the world. I believe strongly in‘giving while living’ I had one idea that never changed in my mind ? that you should use your wealth to help people and i have decided to give {$1,500,000.00} One Million Five Hundred Thousand United Dollars, to randomly selected individuals worldwide. On receipt of this email, you should count yourself as the lucky individual.”

Visiting Geeks: Am I lucky or what?  Who doesn’t know Warren Buffett, the oracle financier hailed from Omaha?   Forget about grammatical mistakes and typos.  I’ll take ‘United Dollars’ whatever that is.  Smile and hit your <delete> key.

Rabbit Ear

After power was restored Tuesday night after the storm, we found the FIOS interface was fried.  It’s weird without Internet, phone and TV.  As we live just outside of Boston, we can get TV signals using good old antenna.  But we threw that out long long time ago but we found a short coax cable so we connect it to the TV but signal was weak. Adding a booster did the trick.  Our TV receives the usual major channels.  Here’s our signal booster.

Functional Antenna Design

Email Scam Log Entry #5

Scam Email #5: this appears in inbox…”

Good morning.

Dont regard on my English, I am from Japan.We loaded our malicious program on your device.After that I thiefted all private background from your device. Moreover I received some more evidence.The most amusing evidence which I got- its a videotape with your masturbation.I put virus on a porn page and after you loaded it. As soon as you decided with the video and tapped on a play button, my deleterious soft immediately loaded on your device.

After adjusting, your web camera shoot the videotape with you masturbating,  additionally I saved the video you watched. In next week my virus collected all your social media and email contacts.

If you wish to destroy all the compromising evidence- transfer me 980 united state dollar in BTC(cryptocurrency).

I provide you my Btc wallet address – 1FkizUB6vgJzUz6fQyTRZckcu3QBT

You have 24 hours to go from this moment. If I receive transaction I will destroy the evidence forever. Otherwise I will send the record to all your friends.”

Visiting Geeks: This sounds pretty alarming for the recipient but it’s a scam. Unfortunately, scammers can buy emails by the thousands and simply blasts this type of scary emails out to demand money. Ignore it.  We are testing email screening software to cut down these types of nonsense.  Stay tuned.

Top Robocallers According to YouMail

Estimated volumes of top phone scams in March 2018.

Category Type Volume
Interest rates “0% interest rates” 122.9m
Credit cards “Problem with your credit card” 82.5m
Student loans “Forgive/lower student debt” 71.0m
Business loans “Preapproved for business loan” 53.4m
I.R.S. “Owe money to the I.R.S.” 43.4m
Search listings “Listing has a problem” 31.0m
Travel “Free/discount trip” 27.0m
Preapproved loans “Ready to wire – just need info” 26.2m
Home security “Free service/installation” 26.1m
Utilities “Save money – need your info” 19.2m

Source: YouMail

Cybersecurity 101

My first encounter of computer breach happened almost 40 years ago when I just started as a systems programmer after graduating from MIT. My computer terminal was mis-behaving at random intervals.  Sensing a potential intruder, I wrote a small system utility to monitor and trap the offender.  Once trapped, my utility would identify and lock the hacker’s computer, display a 5-second count down clock and promptly crash the computer when the clock ticked to 0.  It didn’t take long to identify and confront the culprit. I smacked his head with a rolled up newspaper!

Fast forward to now. With the proliferation of Internet, cyberhackings are much more frequent, complex and damaging nowadays.  We hear and remember high-profile ones like Equifax, Home Depot, Target, Sony…  But according to 2016 State of SMB Cybersecurity Report, almost 50% of small businesses got hacked.

“Most small-business owners don’t think they’re at risk. As a result, … they are indeed ill-prepared to safeguard against an attack,” said Bryan Seely, a network engineer famous for hacking into the FBI.

You, my business customers, are small businesses.  I have to care. I don’t want you to fail. Yes, I know about antivirus software, firewalls and encryption.  But that’s baby stuff and I know there’s so much that I don’t know. So,

In a moment of insanity, I signed up a course on Cybersecurity: Technology, Application and Poilicy from MIT xPro.  I instantly regretted my witless decision after looking at the ridiculous syllabus, plus there’s a test weekly for 6 weeks before the final exam. Arrrrgh.

It started this week….  and I’m happy to report that MIT professors haven’t changed.  It’s fire hose water boarding time.  I just took week 1 assessment test…. We’ll see.

Drop me a line if you are curious about information flow tracking, taint propagation, trusted computing base, fully homomorphic encryption or obliviuos random access memory.

Am I having fun yet?!

Computer Scam Log Entry #4

Fake Email #4: Accountant receives email from colleague with invoice to pay vendor via wire payment.

Visiting Geeks: The from email address was correct and clicking the blue “from email” link shows colleague’s correct email address.  Forwarding the invoice was also usual procedure except the content to wire payment raised suspicion from the accountant and alerted Visiting Geeks. Visiting Geeks examines the email message routing details and determined that it was sent from Lagos, Nigeria.  This kind of spoofing is done frequently by criminals and not too difficult to carry out.  It doesn’t necessary mean that the colleague or the accountant’s  computers were compromised.

Take Away:  Even legitimate looking emails could be a scam. Anything out of the ordinary should raise an alarm.