I got an email this morning from a friend, a world-renowned security expert, and — dare I say it — an ex-detective.
He was in trouble. In Ukraine. He’d been mugged and lost his money. His passport had been impounded by his hotel, and he was stuck. Could I help?
Well, even Google can recognise a London Scam (Dear Mum, I’ve been mugged in London — please send money); although I personally haven’t seen one for a couple of years now.
But the interesting thing here is that the scammer used the correct email address: firstname.lastname@example.org. Closer inspection showed, however, that the reply address was slightly different: email@example.com.
So what we have is a scammer who had taken the trouble to find a relationship between two people and register an email address close to one of them. We can assume that the real a.person hasn’t been hacked and lost his contact list otherwise the scammer wouldn’t have needed the separate reply-to address. So the question is, how did the scammer tie the two of us together?
Finding my email is not a problem — as a journalist I hardly keep it secret. I would expect the real a.person to be more circumspect, however. And then there’s the relationship. I guess LinkedIn and Twitter serve a few more functions than most of us realise…
I got this email from Apple Support about my Apple ID. That’s not surprising since their developer site may (or may not) have been breached last Thursday (see here for details).
It was a little more surprising since I’m not an Apple developer and don’t have an Apple ID – but hell, I’m not going to argue; they might sue me.
But, despite the fear of being sued, I would suggest that Apple spends a little time on its grammar and style checker. The spelling’s not bad, but it doesn’t seem to understand the relationship between full-stops (or American periods) and spaces.
Oh, and that sentence. “We need your help in order to not be frozen your account,” is decidedly not Anglo-Saxon in structure.
So, Apple, until you can improve things, I don’t think I’m going to bother with you. But one last thing. Although you’ve got the link “update Now >” looking quite reasonable, I do suggest you change the name of your support site hidden beneath it. http:// e-kosmetyczka.waw . pl/404.html could almost look like a scam site.
Sometimes Nigerian scammers just don’t quite get the idiom right. A headline screaming at me, Treat as Urgent For Christ Sake probably wasn’t meant to convey the attitude it does.
Mrs Marie Smith actually wants to give me a lot of money, because we can “become good friends in the Lord” and do good deeds together.
It is sad, though. She’s childless, 57 and only has two months to live; so probably can’t have any children of her own now. Her math is no better than her idiom.
So, Mrs marie_smith38 at AOL, you’ll need a better story than this, for chrissake!
As you know, I love statistics because they never add up and always lie.
Here’s another. It’s from the UK’s ‘let’s go digital’ programme.
The digital strategies set out how departments will redesign or create new online services with the support of the Government Digital Service. The first wave of services to be totally redesigned to serve the user includes driving test bookings, tax returns, and state pension applications. They will be easier and quicker to use, and cheaper to run, saving the taxpayer £1.2bn by 2015. Just last week, a report by the National Audit Office confirmed that government ICT reforms and spending controls saved the taxpayer £316m last year alone.
Francis Maude tells technology suppliers: “We’re open for business – let’s turn government digital”
It’s a little bit ambiguous. Take tax returns. Are they going to be redesigned, or have they been redesigned? If the former, thank God! If the latter, God help us! and everything else in the statement is clear poppycock. The government’s existing online self-assessment tax returns are a scam designed to collect a stealth tax. Government says, ‘tax needn’t be taxing’; a clear breach of the Trades Description Act designed to lull the taxpayer into a false sense of security. It takes weeks simply to get into the system; then it is full of ambiguity and impossibility; and just when you think you’re getting close it logs you out and makes you start again.
By the time you succeed, you’re past the deadline and facing an automatic fine. Think I’m joking?
Those who miss the midnight Thursday deadline for online tax returns will still be fined £100 even if they have no tax to pay or if they pay all the tax they owe before this date.
Penalties mount up when your tax return is three, six and 12 months late: £10 daily fines if you are three months late, and £300 penalty or 5 per cent of tax due – whichever is higher – if you are six months late.
Last year, the taxman raked in an estimated £1billion from these fines.
Five tips to get that self-assessment form in before midnight
So here’s where the statistics come in. The taxman’s scam earned him £1 billion last year. How is that accounted? Presumably it goes into the Chancellor’s public pocket and not his private pocket – which would mean that it’s £1 billion he doesn’t have to get from overt taxes, which means he’s saved the taxpayer £1 billion even though he took it from the taxpayer in the first place.
But from the Cabinet Office we have learned that “government ICT reforms and spending controls saved the taxpayer £316m last year alone.” What happened to the other £684m from the self-assessment scam alone? The implication has to be that the reforms have cost the taxpayer that amount which is offset by the self-assessment income. OK, I doubt that’s the whole story – but it just confirms what I already know: don’t believe anything government ever says.
HOORAY! I’m rich. I won.
But dear honoured friend, I live in the UK and have a philosophical dislike of the Euro. So, since you are a person of integrity, I believe I can trust you: and I’m offering you 50% – that’s nearly €500,000 – to convert my 50% to £Sterling.
All you have to do is send me your name and phone number and we can take it from there. I’ll get the full amount paid into your bank account, and you can than transfer my share to my account.
Anyone? Please? Email me…
I dislike infographics. Nine times out of ten they are a betrayal. When they appear on the author’s website, one time out of ten, they’re fine. When they’re sent to me with the invitation that my blog readers will be interested, they’re a con; and I dislike them almost as much as I dislike the people who send them.
I got another yesterday. The covering letter said:
“Don’t be evil.” Google’s unofficial corporate motto was originally adopted as company-wide belief as well as a jab to its competitors. However, Google has come a long way since it was incorporated in 1998. Can we still trust Google to do no evil? There is increasing evidence to suggest that the answer is ‘no’. Please check out our infographic on Google to learn more and please feel free to reuse it on Kevin Townsend using the embed code provided at the link.
Of course we can’t trust Google. We can’t trust anyone or anything on the internet. What we do is try to understand the issues and act within the level of risk we are prepared to take. But many of us still don’t realise how much data Google has on us – so a nice graphic explanation sounds appealing. I had a look.
It starts with the same paragraph that was used in the email. It ends with “Or you can simply quit using Google products altogether…”
But it was sent to me by firstname.lastname@example.org – clearly someone who believes in what he preaches. And then you see the purpose of this con: the advert for the author of the infographic. Sending these infographics to bloggers in order to get free advertising is a con; and a betrayal of the true purpose of infographics.
Nevertheless, I had a look at the advertiser. Would you believe it? Background checks. “Background checks can be a great way to ensure the safety of your family, home, and employees. You can use them to look up information about an individual’s criminal, financial, and educational history, and then use that information to make an informed decision about that individual’s character and trustworthiness.” Here’s a company effectively complaining about the private information gathered by Google saying ‘we can get you more.’
I dislike infographics. I dislike this one with a vengeance.
You have to look long and hard, but eventually you find it. There, on page 51 of ‘Building on our inheritance – Genomic technology in healthcare’ is the one and only mention of the national whole genome sequence database. From the beginning you know it must exist. The report talks throughout about the benefits that will accrue to mankind from the widespread use whole genome sequence research; but it only makes sense if the data is complete and freely available. But not until page 51, and only on page 51, is the national genome database mentioned.
This would not necessarily require data stored locally: patient sequence data could be stored securely in a national database, making it accessible to the centres but also to the patient’s physician or GP.
let’s be clear: this is a national DNA database. But it’s OK, because this is for health rather than law enforcement. And it will, yeah right, only be available to health officials, and health researchers, and pharmaceutical companies and academics and probably anyone who pays for it – internationally. The report makes very clear that if national research is good, international research is very much better.
It is, in effect, a national DNA database writ large. It has all the worst elements of the police DNA database combined with the NHS central records database and will undoubtedly cost a great deal more than both and be more dangerous and insecure than either.
And for what? “Government should not be duped by hype about genomics: some useful applications will exist but most diseases in most people and many adverse drug reactions are not predictable from people’s genes,” said Dr Helen Wallace, Director of GeneWatch UK. “Storing personal genomes for no reason would lead to a massive marketing scam, based on selling drugs to healthy people who are told they are at risk of getting diseases in the future.”
My concern is that government is quite relaxed about a new national DNA database from which it will gain all the benefits with none of the blame; that, in effect, a national genome database is already a conspiracy between government and the pharmaceutical companies in just the way that ACTA and DEA and SOPA and PIPA and others are a conspiracy between governments and the entertainment industry.
I had the following email from a friend.
This friend is big in the Truth movement – so ‘persuasion’ is strong in his agenda. He also collects, distributes and televises independent ‘truth’ videos. So it’s all reasonable, and because of the friendship I’m tempted to view.
He doesn’t usually SHOUT. He invariably says ‘hello’ and ‘how are you’ – and we haven’t spoken since before the holidays. His grammar is usually a bit better, and a belated ‘happy new year’ would be typical.
So I had a niggle. Rather than checking the video I checked the sender.
Happy new year! Can you confirm you sent me this?
If you did, I’ll have a gander. If you didn’t, you’ve been hacked…
Within half an hour I got a reply:
Happy new year.
I’ve been hacked!
The link in the email is redirected here, by the way. I didn’t, and wouldn’t recommend, going any further. In fact, I wouldn’t recommend going this far…
The moral to this tale is simple: Look before you Link.
I’m one of 734 at the moment.
Born yesterday? Me? I don’t think so…
The problem with being a paranoid conspiracy-freak (which, of course, I deny) is that I see security threats round every corner and at every junction. For example, is there currently a sophisticated Sky phishing campaign going on? I got the following email:
There is a reason I haven’t used this email address: I don’t have a Sky account. When Barclay’s and Halifax tell me there’s a problem with an account I don’t have, I’m pretty certain it’s a scam. Why should Sky be any different?
Or is it just incompetence from Sky? I very nearly did have a Sky account. I tried to have a Sky account. In fact on three occasions I expected to get a Sky account – but each time they went to a different address to install it. After that I gave up. Given that initial incompetence, this could also be incompetence. Or phishing.
And how about this one?
If anybody ever says I qualify for something free, I run a mile. And this one just reeks of a scam. But it isn’t. This is an Avira advert, and I qualify to receive the promotional offer because I avail myself of Avira’s free AV.
So what to do? Abandon my paranoia? Certainly not since this is clearly a conspiracy to make me do so. But maybe I need to temper that paranoia just a little in case I miss a genuine opportunity. Maybe that lottery win is genuine after all…