Archive for July, 2017

« Older Entries
Newer Entries »

Norton By Symantec Research Finds Most Canadians Feel Invincible on Public Wi-Fi

Posted in Commentary with tags on July 10, 2017 by itnerd

For a second year, Norton by Symantec surveyed consumers around the world about their public Wi-Fi behaviors and perceptions – finding consumers continue to willingly put their personal information at risk despite security gaps in public Wi-Fi networks.

Yet, what’s astonishing is the false sense of security consumers feel while using public Wi-Fi – the 2017 Norton Wi-Fi Risk Report found 64 per cent of Canadians feel safe when using public Wi-Fi, yet only 16 per cent of people use a VPN to secure their Wi-Fi connection. And while online, Canadians admit to some questionable behaviors:

  • 12 per cent of Canadians admit to viewing adult content on public Wi-Fi.
    • Of those who admit to using public Wi-Fi to watch adult content, the top five locations where they’ve done so were:
      • Hotel/Airbnb (48 per cent)
      • At a friend’s place (31 per cent)
      • Café/Restaurant (28 per cent)
      • Work (23 per cent)
      • Airport (17 per cent)
    • Eighty-eight per cent of Canadians have taken actions on public Wi-Fi that potentially put their information at risk:
      • Sixty-six per cent of Canadians have logged into a personal email account over public Wi-Fi.
      • Thirty-one per cent of Canadians have checked banking or financial information over public Wi-Fi.

Here’s are some things that you can do to protect yourself:

  • Take Protective Measures: One of the best ways to protect your information online is to use a Virtual Private Network (VPN) from a trusted vendor. VPNs provide a “secure tunnel” that encrypts data being sent and received between your device and the internet.
  • Do HTTPS: Many companies use secure websites — HTTPS (Hypertext Transfer Protocol Secure) — to provide online security. You can tell if a website is secure if it has “https” in its URL and has a small lock symbol next to it. However, even though the website itself might be safe, your personal information could still be vulnerable if your network connection isn’t secure.
  • Sharing Less Is Best: Think twice before entering any type of personal information – from passwords, to financial details and photos – over public networks. Even if you’re not actively sharing the information, your device may be doing so for you. Many devices are programmed to automatically seek connections to other devices on the same network, which could cause your files to be vulnerable. Be sure to disable sharing on your devices to ensure what’s yours stays yours.

For Canadian specific insights, you can read the Norton WiFi Risk Report on Canada [Warning: PDF].

Leave a comment »

Investigating A Tech Support Scam – Part 2: Who Are People Connect Inc.?

Posted in Commentary with tags on July 10, 2017 by itnerd

After dealing with the events of part one of this investigation , I turned my attention to finding out who People Connect Inc. were. As I mentioned in my previous post, I found that the name and the phone number that they are associated with tech support scams in the past. Thus I was really motivated to find out who these people were and expose them for the scammers that they are. Before going further, I want to point out that I have hyperlinked some info that doesn’t go to this group of scammers, and anything that goes directly to the scammers is not hyperlinked. The latter can be easily found via Google or whatever search engine that you prefer if you’re interested.

The first thing that I looked at was the phone number that the scammers were using which is 1-800-690-3683. Google search indicated that this number has been associated with tech support scams using a variety of company names. That suggests that this scammer has been around for a while and has used or is using a number of business names to scam people and avoid detection. But they don’t seem to change the phone number. The other thing that this Google search did is that it led me to the website of People Connect Inc:

PCI

The company claims to offer these services:

Capture services

Two things got my attention. The first is the fact that they claim to be a Microsoft Partner. I can find no evidence that supports that this is true. The second was the ITES link is the one that got my attention. When I clicked on it, this is what I saw (Click to enlarge):

Capture ITES

It says nothing about phoning people up and providing tech support. Real or otherwise. But it does say enough that a person who is not tech savvy may buy into what they are claiming.

But things got really interesting when I did a whois lookup on peopleconnectusa.com and got this result back (Click to enlarge):

whois

The registrant has an address in Plainview New York, and the location turns out to be a house according to Google Street View which is strange seeing as search on Google Maps comes back with a different address in Uniondale NY with a different phone number that is tied to this domain name. The funny thing about this address is that Google Maps lists them as “computer support and services” with a couple of 5 star reviews which I would say are likely fake. On top of that, there is no suite number listed in this Google Maps entry. If you take that and combine it with the fact that there is a company that operate short term office space rentals in the same building, it leads one to suspect that this address is a front for this scam so that people are more likely to hand over credit card info and the like.

On top of that the technical contact is located in Kolkata India which is a known hotbed for tech support scams coming from India. Here’s where things get interesting. If you look at the e-mail addresses you’ll see that the ones for the registrant and admin contact (who are the same person) have the same first name as the technical contact, who strangely uses a Gmail address. That suggests that the person behind this scam might be the tech contact, or he at least is responsible at least in part in terms of setting it up, and the scam is run out of India.

Another couple of things to point out, at the bottom of their website they have links to a Facebook page where they post their own content to so that they can look legitimate. However, they also have a link to what I suspect should be their Twitter feed, but it simply goes to Twitter.com. Clearly attention to detail is not a strong point with these scammers. They also have a LinkedIn page that doesn’t have a whole lot of content on it. Finally, People Connect Inc are using a website called provencredible.com to try to add to the impression that they are legitimate. Ignoring the fact that only a tiny number of companies use this service, when you go there to see what’s listed there for People Connect Inc. you see this (Click to enlarge):

CredibleCapture

 

I am going to go out on a limb and suggest that the first testimonial is fake, and the second one is real.

Clearly, there’s enough evidence here to support the fact that these people are scammers, and they’ve been running this scam for a while. Thus if you get a call from People Connect Inc., hang up the phone. Or if you get a call from 1-800-690-3683, don’t even pick up the phone.

In the next part of this investigation, I going to focus on what software that these scammers tried to install on my client’s PC so that you can see what an operation like this does to the unsuspecting. What I will do is install this software on a virtual machine and analyze what it does. As soon as I have completed that, I will post the results here so that you can see how dangerous scammers like these are.

 

10 Comments »

Investigating A Tech Support Scam – Part 1: The Call

Posted in Commentary with tags on July 8, 2017 by itnerd

I got a panic call from a client on Thursday who went over to his parents house and apparently, his mother had received a call from someone claiming to be from Microsoft and saying that her computer had viruses. She had then initiated a remote access session with this “technician” and he was doing stuff to the computer. I literally dropped what I was doing and raced over there. The reason for my urgency was simple. The scammer will typically attempt to get the victim to allow remote access to their computer. After remote access is gained, the scammer relies on confidence tricks and social engineering.  Typically involving utilities built into Windows and other software in order to gain the victim’s trust to pay for the supposed “support” services, when the scammer actually steals the victim’s credit card account information, or to persuade the victim to login to Internet banking. Sometimes they will even steal files off of the computer. Clearly this sort of scam is very dangerous.

When I got there, I saw someone controlling the computer remotely. I put an end to that by pulling the power plug. I then warned the clients that the scammers would be phoning back and when that happened (which it did about 5 minutes later), the scammer needed to be told that the Internet is out. Meanwhile, I went about seeing what these scumbags had done. There was a remote access program running with the name People Connect Inc. I Googled the name and found that the name and the phone number that they are associated with this sort of scam. The remote access session showed that they had uploaded a number of files to the computers:

  • A text file that was meant to show that these scammers were legit.
  • CCleaner which is a utility to clean up a computer.
  • The installer for the Chrome web browser
  • Several files named unlock.bat, hosts.exe, lock.bat, execunlock.bat, execlock.bat, Nautilus Blue.exe, Nautilus Green.exe as well as a encrypted zip file that had the same files.

I took a copy of the ZIP file and deleted the rest. The reason why I took the ZIP file is I wanted to see what they were up to using a pristine copy of all of these items. As I type this, I am running a password cracker on it in a Windows 7 virtual machine. Once I crack it, I will test out the utilities to see what these files are and what effect they have on a Windows computer. I will then submit them to various anti-virus makers so that they can add these files to their virus definitions.

I ran a virus scanner that boots the computer from a USB thumb drive. I found nothing. I then went through the system and I ended up not really finding anything. From what I could tell, there were still in the process of setting up shop to carry the scam forward. I then ran several other malware and antivirus scanners and found nothing. I then ensured that the system was properly protected and left.

Now to protect themselves, the client cancelled the credit card that they used to stop the scumbags from getting paid. And to ensure that everything is okay, I will be doing a follow up. Meanwhile I will be looking at the files that these scumbags left behind after I break into the ZIP file. I’ll report on both of those in the coming days. In closing, I will also give you tips on how not to become a victim of a scam like this. Please stay tuned for further developments.

4 Comments »

Infographic: Is Your Privacy At Risk When Shopping Online?

Posted in Commentary with tags on July 7, 2017 by itnerd

NPT-infographic.jpg

Source: NordVPN

Leave a comment »

Microsoft Sheds 3000 Jobs In Major Re-org

Posted in Commentary with tags on July 7, 2017 by itnerd

CNBC is one of a number of news outlets that are reporting that Microsoft is undergoing a major re-org which will include the layoff of 3000 people. Most of them will be in sales and most will come outside the US. The purpose of the layoffs is to help Microsoft to focus on selling their Azure cloud services which is currently booming for them. Now, is this a big deal? From a numbers perspective maybe not:

Microsoft has 71,000 employees in the U.S. and 121,000 employees around the globe, suggesting that these cuts are relatively small compared to the size of its entire workforce.

Though, that’s likely not going to wash with any of the 3000 who have been let go. Having said that, it is a big deal from the perspective of focusing on an area that is big for the software giant. It will be interesting to see how this plays out over the near to medium term.

Leave a comment »

Kia Canada Announces Free Upgrades To Android Auto & Apple CarPlay….. With A Catch

Posted in Commentary with tags on July 7, 2017 by itnerd

If you own a Kia vehicle that was made between 2015 and 2017, you might be eligible for an upgrade to Android Auto and Apple CarPlay. Assuming that the infotainment system inside your Kia is compatible of course. All you have to do is go to this website and have your VIN number handy. That will allow their system to confirm that you are eligible for the upgrade. Instructions on how to perform the upgrade can be found here if you have a car with a navigation system or here if you don’t.

There is a catch though. There’s this text on the Kia Canada website:

Please note that this software update is currently at beta-testing phase. If you experience any difficulties, please contact us.

While I am sure that some won’t be bothered by that, others might be put off. If the latter is you, then paying for the update via MnSoft would be your route to get all the Android Auto and Apple CarPlay goodness you’re looking for. Or you could just wait for the “beta” to end. Either way, Kia Canada owners now have options when it comes to getting cutting edge infotainment into their vehicles.

Leave a comment »

Xchime Video Doorbell 400% Funded On Indiegogo

Posted in Commentary with tags on July 7, 2017 by itnerd

Home security and automation just got a bit smarter today with the launch of Xchime’s Indiegogo campaign. With video doorbells being a key part of any home safety setup, Xchime aims to broaden the usefulness by adding convenience and security features such as a garage door opener and smart light bulb integration. The campaign has been extended until the end of July 2017,  Xchime is now over 400% funded with first units expected to ship quickly in August 2017.

vcsPRAsset_3427828_63686_725a5193-e36f-468d-a3be-05df65d268a1_0.jpg
Expand Beyond the Front Door
Garages are one of the entry points for criminals, typically when home owners forget to (completely) close the garage door. With an additional Xchime unit set up in the garage, instantly view the status of your garage door from your mobile device. Open or close it with one touch from our mobile app, using the optional garage door opener kit add-on accessory. Light is also a major deterrent to would-be thieves. Integrate your smart light bulbs with Xchime to remotely turn on or off exterior lights.

Say Goodbye to Lag
Lag time is a common complaint with other video doorbells. Anyone who’s used one knows the frustration of having a 7 or 8-second delay from when someone pushes the doorbell to when you can see and hear what’s going on.Xchime’s crack team of engineers worked hard to significantly reduce lag time, getting it closer to real-time.

Fits Any Budget
Leading video doorbells range from $199 to $249. Early backers of Xchime can get units for only $129 each, making the Xchime a perfect fit for any home budget.

Xchime features also include:

  • HD video (1080p)
  • Two-way audio
  • Video live-view and communication
  • Latency (lag)-free streaming
  • Night vision
  • Wide-view angle
  • Cloud recording
  • Wide operating temperature range (-40F to 150F)
  • Dual power supply (16-24VAC & 12-24VDC)

Get your early units of Xchime now at https://www.indiegogo.com/projects/xchime-doorbell-watch-your-home-from-your-phone/x/628323#/

Leave a comment »

Guest Post: NordVPN Survey Suggests Many Online Shoppers Are Still Not Aware of the Risks

Posted in Commentary with tags on July 6, 2017 by itnerd

Online shopping fraud and identity theft are on the rise. While hackers and fraudsters are developing new hacking methods, many online shoppers are still unaware of basic online privacy rules.

NordVPN (Virtual Private Network) has recently conducted a survey, where it was found that as many as one third of respondents believe that various activities – such as checking email, logging into a social media account, shopping online or checking a bank account – are safe on public WiFi.

While checking a bank account on a public hotspot is assumed to be very risky (less than 2% agree that is safe), entering banking credentials to make a purchase online is seen as a lesser risk (23% think it is safe).

“This points to a lack of understanding of just how vulnerable users can be on public networks, where the level of security is unknown and anyone with basic hacking skills can access sensitive data of everyone connected,” said Marty P. Kamden, CMO of NordVPN.

E-commerce merchants will be spending $9.2 billion annually in fraud-detection by 2020, up 30 percent from current spending, according to Juniper Research.

Javelin said the number of U.S. identity-theft victims rose to a record 15.4 million last year from 13.1 million in 2015.

“Online fraud usually happens when people are not careful with their online activities – not using strong passwords, entering credit card information without making sure the website is not a fake, and doing any online transaction on unsecured hotspots,” said Marty P. Kamden.

Here are the main rules to avoid online fraud:

  1. https

The first thing you should always see while making an online payment is whether the payment gateway has an https URL. The ‘s’ in the URL means that it is a secure protocol and your data is encrypted properly.

  1. Be wary

Being vigilant can help you a lot with the task of shopping online securely. Whenever a website requests for more information than is usually required, like your Social Service number or any other kind of personal information, it usually spells fraud. You should always be cautious before giving your personal or financial details anywhere on the internet.

  1. Stay away from public terminals

It cannot be stressed enough how dangerous it is to share your personal or financial information with any website or any person over the internet while using a public internet connection. Public Wi-Fi networks are common hunting grounds for attackers and data snoopers who try to access your personal information and use it for their benefit at your expense. Since public networks have negligible security, you should try and avoid using them while making online payments. If you must do online transactions while using a public network, then you have to use a VPN to stay safe.

  1. Use a VPN

VPNs (Virtual Private Networks) encrypt Internet traffic on any website. They are the best security mechanism you can employ to make sure your Internet traffic is safe from prying eyes and remains confidential. NordVPN is one of the most advanced VPNs on the market that uses the latest encryption protocols. From the moment a user turns on NordVPN, their Internet data becomes encrypted. It becomes invisible to third party snoopers or hackers and even NordVPN. Being based in Panama, which is Internet-friendly country and does not require data storage or reporting, NordVPN keeps no user logs.

  1. Stronger Passwords

Perhaps the most basic requirement for any online account setup is using strong passwords. Weak passwords make it simple for hackers to break into your account and cause severe damage. It’s always advised to change passwords in order to stay safe online, and that means having to use a unique password for each site or account. Apps such as 1Password for Families allow a family to share passwords, credit cards, and other sensitive information.

Leave a comment »

Guest Post: Awesome Ways People Are Solving Problems The Banking System Can’t

Posted in Commentary with tags on July 6, 2017 by itnerd

By: Liina Lass – Paxful Ninja

In this day and age when bitcoin is booming you would expect it to be really easy to get your hands on some bitcoins, right? Wrong. The more popular this awesome crypto becomes the harder it seems for a first time user to get their hands on bitcoin. It’s all well and good if you are a tech savvy crypto enthusiast but what about when you’re just getting into it? 

How to buy bitcoin if you’re in a hurry?

The largest and most popular places to obtain bitcoins are exchanges. This is all good when you’ve set your account up and got verified already. Not so good when you need to buy bitcoin fast. Right now a lot of bitcoin exchanges are struggling to keep up with the huge demand and it might take days, even weeks to get your account verified. Before you’ve done this, there is no way for you to buy bitcoin with a credit card for example.

As bitcoin prices fluctuate a lot, by the time that you’ve got your account verified the price might already not be the one you were looking to buy at.

What if you don’t want to buy using a credit card? What if you haven’t got one and have no way of obtaining it? When bitcoin arrived it promised very fast and free transactions all over the world, for everyone. This would truly be the case, if everyone had Bitcoin. Yet it seems that as time passes it is taking a lot longer and you need to jump through more hoops to get your first bitcoin.

The problem

Two friends trying to buy and sell bitcoin online to make ends meet, realised that there were all sorts of roadblocks. The deeper they looked into it they realized there was even a bigger problem for a vast amount of people. 2.5 billion people today have no access to financial services. Not because they choose to, they have restraints due to their credit ratings, their income or the part of the world they were born in.

Thanks to their coding skills they were able to create Paxful, a bitcoin marketplace. This is a place where people can meet and exchange all sorts of payments for bitcoin. Like Ebay for online payments if you like. Be it gift cards, cash, online transfers or card payments.

Paxful was founded in 2015 and is based in Tallinn, the hottest startup capital of Europe.

Currently with a userbase of 700 000 and growing fast, Paxful connects 50 000 people every single day. The weekly volume has doubled compared to the beginning of 2017 and is hitting over $5 million on a regular basis.

After talking to the customers and gathering feedback they realized that people aren’t doing this to make a profit or for investing in Bitcoin. These were people that had no way of paying online. Some cases came up that they’d not even thought of. People in Nigeria for example, trying to buy something online but due to the restrictions from their banks were limited to only very small amounts. To solve this issue, they buy gift cards with cash, exchange them into bitcoin and then find someone that turns the coins into Alipay for example. Give people the tools and they will find a way.

Bitcoin is a problem solver

Everyone should have a way to pay. There are so many cool things you can do and buy on the internet, that many people can only dream of. That is just not right. Yes, it might be something that in the grand scheme of things that may seem unimportant, like wanting that iPhone. It may also be something a lot more deep that can save lives, for example sending money to relatives at an area of conflict.

Bitcoin allows us to do this, and there should be no restrictions of entry. Different people from all over the world with different stories and situations can meet and exchange values with one another.

You may quickly need bitcoin to pay for the things your bank won’t let you.

No authority should have the right to restrict people from using their hard earned money.

It may just be the need to make some use of the gift cards people got from someone that are now gathering dust in a drawer (sorry, grandma). Almost any payment option is available to convert to bitcoin on Paxful and vice versa.

ICO Boom

ICO’s have become the next big thing and everyone wants in on it. People that are already familiar with Bitcoin are also looking at other altcoins. Ethereum has paved the way for crowd sales and some remarkable things are being created at a vast speed. Even though Paxful was originally created as a marketplace for Bitcoin, people are now creating offers to buy altcoins like Ethereum on the platform. Development is now in process to allow people to do that better.

Altcoins and tokens are now too slowly but steadily going mainstream and the Paxful team is finding ways to introduce these to the crypto first timers.

PAXFUL EXTENDS THE FINANCIAL DEMOCRACY OF A DECENTRALIZED CURRENCY LIKE BITCOIN BY CREATING A PEER TO PEER MARKETPLACE ESPECIALLY DESIGNED FOR ON-BOARDING NEW BUYERS. SOME PEOPLE CALL IT THE “PEOPLE’S WALLSTREET”.— RAY YOUSSEF

 

 

                                

1 Comment »

Guest Post: Data Cleaning Checklist By ADVIZOR Solutions

Posted in Commentary with tags on July 6, 2017 by itnerd

Data cleaning and data organizing should be a top priority for any business that has to maintain large stores of customer data. Keeping your data clean minimizes the inefficiencies that can bring the wheels of your organization to a grinding halt and improve the speed with which you serve your customers. Organizing your data any number of ways won’t make a difference if that data is rife with incomplete information, outdated data points or inconsistent formatting. It’s only when your databases are populated with consistent and clean data that you can receive the full benefit of those databases. Otherwise, you and your personnel may be wasting time chasing outdated contacts or missing information that has not been properly organized.

The accompanying checklist from ADVIZOR Solutions outlines the basic steps you and your organization should take when cleaning your data.

Leave a comment »

« Older Entries
Newer Entries »