Newsletter Archives

  • Technology fail! Hackers steal $870M from Zelle users, US says

    Posted on January 13, 2025 at 02:43 CST by Comment in the Forums

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    Three of America’s largest banks — Bank of America, JPMorgan Chase, and Wells Fargo — were sued last month by the US Consumer Finance Protection Bureau (CFPB) for fraudulent losses suffered by their Zelle online-payment customers.

    These banks and others launched Zelle in 2017 to compete with electronic funds-transfer apps like PayPal, Venmo, and Cash App. But the financial institutions failed to implement basic fraud-prevention measures, and as a result, Zelle customers have lost $870 million to hackers since the services began, the CFPB says.

    Read the full story in our Plus Newsletter (22.02.0, 2025-01-13).

    Public Defender , , , , , , , ,

  • Watch out for fake ‘Windows Defender’ scare

    Posted on June 5, 2023 at 02:44 CDT by Comment in the Forums

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    My readers are reporting a new wave of fraudulent “security warnings” that freeze the screen, threaten to auto-delete users’ files, exhort victims to call what is supposedly a Microsoft phone number, and demand a fee for useless “virus removal.”

    Bogus messages from “Microsoft,” “Google,” and every other famous name in the tech industry are as old as the Internet, of course. But the frauds seem to be getting more intense and, unfortunately, more convincing all the time.

    Read the full story in our Plus Newsletter (20.23.0, 2023-06-05).

    Public Defender , , , , ,

  • Randy’s remedies: Oops! — I called the scam number

    Posted on December 5, 2022 at 02:43 CST by Comment in the Forums

    SUPPORT

    Randy McElveen

    By Randy McElveen

    The fact that you got tricked into calling a scammer’s phone number does not mean you’re stupid. It means the world has gotten stupid.

    I remember the vacuum salesman coming to the door when I was a kid. Of course, my mom and dad let them in. They were just people doing their job. They showed my parents what this new vacuum could do, and my parents made a decision to buy a vacuum or not. If they said no-thank-you, the salesman didn’t put a padlock on our old vacuum. He didn’t set any booby traps in our front yard as he left. He just told my parents to have a great day and moved on to the next house.

    Read the full story in our Plus Newsletter (19.49.0, 2022-12-05).

    Support , , , ,

  • Be watchful for scams in the forums

    Posted on November 21, 2022 at 02:44 CST by Comment in the Forums

    FROM THE FORUMS

    Talk Bubbles

    By Susan Bradley

    Last week, there was an incident in the forums that was unexpected and of some concern.

    Someone (let’s codename the person “Rogue”) signed up for a Plus membership, then used it to send direct messages (DMs) to several other members. The DM contained a solicitation.

    I took immediate action.

    Read the full story in our Plus Newsletter (19.47.0, 2022-11-21).
    This story also appears in our public Newsletter.

    From the Forums , , ,

  • The other ransonware scam

    Posted on January 31, 2022 at 02:42 CST by Comment in the Forums

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    You can’t decrypt your way back to normal.

    In addition to all the other irons I have in the fire, I help moderate a group that assists information technology professionals in dealing with ransomware as well as other security issues.

    When people ask to join, we try to vet them as best as we can. The vast majority of people joining the group are consultants and firms in the “Managed Service Provider” category who assist small businesses with their technology needs. But there is a second group of people attempting to join, which I’m going to call “the other ransomware scammers.”

    Read the full story in the AskWoody Plus Newsletter 19.05.0 (2022-01-31).

    On Security , , , ,

  • How small businesses are easy ransomware targets

    Posted on March 9, 2020 at 01:15 CDT by Comment in the Forums

    ON SECURITY

    By Susan Bradley

    Yes, they really are out to get us. Recent trends in malicious attacks mean that small businesses need to be more vigilant than ever.

    As exploits rapidly evolve, we face the threat of falling behind in the battle to protect ourselves. On the latest front, simply keeping backups of our data isn’t enough.

    Read the full story in AskWoody Plus Newsletter 17.10.0 (2020-03-09).

    On Security , , , ,

  • Tech support scams

    Posted on September 3, 2018 at 23:07 CDT by Comment in the Forums

    It’s great to see that Google have finally acknowledged their part in dodgy tech support ad scams – on The Register today (by John Leyden):
    Google cracks down on dodgy tech support ads
    Verification programme aims to weed out the miscreants

    So what do you do if you do get caught by one of these scams?

    Microsoft have a Tech Support Scam info page, which details what these scams are, and how to best protect yourself from them. I was surprised to find in this page that they want to hear about such scams, whether the caller pretends to be representing Microsoft OR some other company:

    Help Microsoft stop scammers, whether they claim to be from Microsoft or from another tech company, by reporting tech support scams: www.microsoft.com/reportascam.

    Microsoft’s Digital Crimes Unit uses customer reports to investigate, take action against criminals, and make referrals to law enforcement when appropriate.

    In addition, the page has a list of known tech support scam phone numbers – this is not just a list of U.S. numbers, either.

    Another Microsoft Secure blog, Teaming up in the war on tech support scams, dated April 2018, gives background on the problem, including social engineering aspects.

    Your government may also have a portal for reporting such scams, such as:
    U.S.: https://www.ftc.gov/complaint
    Canada: http://www.antifraudcentre-centreantifraude.ca/index-eng.htm
    U.K.: http://www.tpsonline.org.uk/tps/
    Australia: http://www.scamwatch.gov.au/
    N.Z.: https://www.netsafe.org.nz/report/
    For Europe, see: https://www.europol.europa.eu/report-a-crime/report-cybercrime-online

    In addition, other companies also have scam reporting options, such as:
    Google: https://support.google.com/faqs/answer/2952493?hl=en
    TinyURL: https://tiny.cc/contact
    Facebook: https://www.facebook.com/security
    Dell: https://blog.dell.com/en-us/five-tips-help-you-avoid-tech-support-phone-scams/ (does contain links to report)

    @swiftonsecurity’s DecentSecurity.com has a great summary of phishing, evaluation, reporting information, that’s well worth checking out. While it’s primarily focused on US reporting, there is a lot of useful information for everyone.

    While we need to keep on our toes as citizens of the www, reporting scams may just help to rein in this wild west aspect of it.

    Other ,

  • Fascinating detailed study of tech support scammers

    Posted on February 28, 2017 at 07:42 CST by Comment in the Forums

    You know the scam: A web page tries to convince you (sometimes forcefully) that your system is infected. Getting away from that site can be very difficult. The scammers feed on naive users, frequently swindling them out of hundreds of dollars.

    In a new study from Stony Brook University, entitled “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams (PDF), authors Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis built “an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers.” They also contacted 60 different scammers and collected details about the scams.

    Here are just a few of the study’s many surprising results:

    • While 15 different telecommunication providers were used, four of them were responsible for more than 90 percent of the phone numbers used by scammers.
    • Although the average lifetime of a scam URL is approximately 11 days, 43 percent of the domains were pointing to scams for less than three days.
    • 69 percent of scam campaigns have a lifetime of less than 50 days.
    • The average call center houses 11 technical support scammers, ready to receive calls from victims.

    The study also talks about the use of Content Delivery Networks “such as CDN77, CDNsun, and KeyCDN [which] offer free services without requiring a phone number or a credit card. In addition, every uploaded scam page gets its own random-string-including URL which can not be guessed and thus cannot be preemptively blacklisted.”

    The study includes a long list of social engineering tricks that scammers use; a geographic breakdown (“85.4 percent of them were located in different regions of India, 9.7 percent were located in the U.S., and 4.9 percent were located in Costa Rica”); and a call for browser manufacturers to “adopt one universal shortcut that users can utilize when they feel threatened by a web page.”

    It’s a fascinating expose of a topic that affects all of us.

    Other
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.