Category: News

Why you should delete facebook immediately

It’s been reported by both Insider and Recorded Future, that a user in a low level hacking forum on the Dark Web has published the account details and phone numbers of around 533 million Facebook users. 11 million of those are from the UK.

The leaked data that has been published is made up of a wealth of personal data. The data includes information that users have posted on their profiles. This includes email addresses, phone numbers, profile names, employment information, gender details and Facebook ID’s.

Although this information from the leak is over 2 years old, Facebook confirmed that they were made aware back in 2019 and released a patch for the leak, now that the data is out in the public domain it could be very very bad for you as a Facebook user.

you have to assume your details have been compromised

The type of data which has been leaked is seen as a gold mine for cyber criminals of all levels. The information could be used for hacking attempts or social engineering attacks.

One of the most prevalent cyber attacks in the last year has been that of social engineering. Social engineering in it’s simplest form is the use of deception and manipulation in order to gain confidential information, it’s widely known as ‘hacking humans‘. With this type of data already out in the wild it makes the criminals jobs so much easier and they can use this data to impersonate you and commit all sorts of crimes.

But this data is from 2019, why should i care?

Exactly how many times have you changed your phone number or email address over the last 2 years? Chances are you’ve probably used the same details for facebook for many years… I know I have! So you have to assume your details have been compromised. Now that criminals have this data, you may see a large rise in reports of phishing attempts and fraudulent claims. Your emails and texts may become innundated with phishing and smishing attempts in order to further exploit you.

but why should I delete facebook?

This isn’t the first time Facebook has been involved in a data leak and I can promise you it won’t be the last. Unfortunately there isn’t much you can do now that the data is out in the open but what you can do is:

  1. Be vigilant to phishing or fraud attempts with your details.
  2. Spread the word to your friends and family, say to them “Hey, have you heard about the Facebook data leak, keep an eye out for any suspicious texts, emails or calls, it could be a hacking attempt!

What can I do if I don’t want to delete Facebook?

  1. Enable MFA. Multi factor authentication.
  2. Change your email associated with Facebook.
  3. Update your password recovery details.
  4. Tighten up your privacy settings.

You are never going to be 100% safe and secure when using the internet but the more you can reduce your digital footprint, the better.

Final Thoughts

Cyber security isn’t just geeks in hoodies sat in dark rooms. By creating a culture of talking about cyber security issues with our friends and families we can increase awareness and lower potential risk of being victim to cyber crime. I can’t speak for the whole of my generation but I can say this, we spend upwards of 6-7 hours a day, phone glued in hand, switching between social media accounts without really ever thinking of the security implications behind them. We live in a generation where our digital identity is paramount to feeling accepted but it’s extremely easy for these accounts to be compromised. We have power in sharing and reposting tweets and instagram stories so if you do see something in the news regarding a cyber attack, share it, spread the word!

M

For further information regarding the data leak, see links below:

https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T

https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/?utm_medium=email&_hsmi=119498507&_hsenc=p2ANqtz-_YoeuD-m-83Jjvy00xZTZM6fDX1twQpJ8_lhSodhFt8CjWFxHHcSrtwF3F0bhoncLEhbj9qH7VIy-LELYANnapuVqUZmgXZUGvuvVrKFzTxfWpQrk&utm_content=119498507&utm_source=hs_email

SEXTORTION EMAIL SCAM: Recorded masturbation and bitcoin blackmail

Threatening emails, containing allegations of your recorded self pleasure sessions, seem to be dropping into our email inboxes more and more frequently. In today’s post i’ll show you an example of one of these emails so you know what to look for if one does happen to make its way into your junk and what to do if you’ve already fallen victim to this popular scam.

Sextortion

Sextortion email scams are just another branch on the phishing tree. Criminals will try to blackmail you in to paying a large amount of bitcoin in order for them to not release videos they say they have recorded of you during your most intimate moments alone via your webcam. The criminals make this seem more legit by filling the email with technical jargon and even your old passwords which may have been leaked in a past security breach! (I’ll show you how to check if your email or password has been compromised at the bottom of this blog post). Unfortunately due to lack of awareness of this scam and the threatening language used, many of us can be intimidated and tricked into believing this is real. Reports have shown that sextortion scams have resulted in more than 500,000 cases worldwide and even suicide (Avast Blog, 2020). Below are some screenshots of a sextortion email that has been circulating the last couple of weeks in the UK:

What do i do if i’m a victim?

Advice taken from the National Cyber Security Centre’s website.

Pictured below is the official advice poster for sextortion scam victims, provided by the National Cyber Security Centre’s website.

How to check if your email or password has been compromised

Head across to this incredible site which will tell you if your email or password have been in a data breach.

Email: https://haveibeenpwned.com/

Password: https://haveibeenpwned.com/Passwords

Further information

AVAST blog on sextortion: https://blog.avast.com/sextortion-email-scams-avast

Smashing Security Podcast featuring Garry Kasparov. (Listen from 22:12-28:43): https://www.smashingsecurity.com/216

Final thoughts

For many of us, having our nudes leaked or videos of us pleasuring ourselves circulate around the internet, with the chance of our family, friends or employers seeing is horrifying and could have a catastrophic affect on our mental health. I’m sure if I was to receive an email like this a year ago I would be in a state of panic and unsure what action to take. Although we live in a time now when many of our friends are making money via onlyfans or justforfans, no one wants to have leaked images of yourself online without your consent. Luckily most of the attackers who are sending sextortion scam emails are just bluffing and have no access to your webcam or files, however it’s always better to be safe than sorry. I hope this post has highlighted some information which you can now be on the look out for when that strange email drops into your junk mail and hopefully before you make the rash decision of paying some random thousands of pounds in bitcoin!

M.

aliens in tesco carpark?

It only seems fitting that in the same week I start working night shifts at Tesco, 50 miles away a branch of the popular superstore is attacked by a potential cyber attack. In one of my favourite news stories of the week, the BBC reported on Saturday that a Tesco in Royston, Hertfordshire left shoppers in a state of mystery as 100s of people were locked out of their cars when their key fobs stopped working. One comment from a woman on facebook described the incident by saying ‘I thought it was some kind of alien phenomena‘.

Alas alien phenomena it was not. As the world becomes more advanced in the use of technology, our cars are becoming smarter and smarter and there’s a high chance that if you’ve bought a new car recently you will have the use of keyless entry or an electric fob. Although this may make our lives that little bit easier, it also adds another target for criminals to exploit. Hertfordshire police have commented and said the cause for the locked cars is not known but “was not being treated as malicious intent”, there’s a high possibility radio jamming devices blocked the signals which are used in remote locking.

I thought it was some kind of alien phenomena.”

Key jammers (transmitters) are extremely easy to buy online and can be used to interrupt signals from key fobs leaving your cars vulnerable to attacks. Low powered key jammers have enough range (around 75m) and power to target an area similar to a whole car park. Back in 2019 whatcar did a test on 7 different models to see how long it took to access the cars remotely and drive them away.

How cars performed in anti-theft test

Final Thoughts

In a more detailed post i’ll get more technical and give you some more information regarding the different ways your cars can be hacked but for now i’ll leave you with the link to the BBC article for further reading: https://www.bbc.co.uk/news/uk-england-beds-bucks-herts-56221408

M.

HMRC VISHING SCAM AND HOW TO AVOID!

It’s 08:19am on a Saturday morning in early Febuary and I wake up to three missed calls and three voicemails from a number I don’t recognise. Now I never listen to my voicemail messages but something told me that this morning I should check them out, clearly who ever called me was desperate for my attention so the least I can do is listen to what they have to say right?

So I access my voicemails and listen to them each in turn, all with the exact same pre recorded message:

“This is the HMRC, a tax fraud case has been filed against your name and unless you pay the amount requested an arrest warrant will be made against you, please press 1 to speak to an advisor”

Now i’m barely awake at this point but even I know something doesn’t feel right, I reverse search the number and realise this is the beginning to a vishing scam that is currently sweeping the UK but before we go any further there’s a few things you need to understand…

What is a vishing scam?

A vishing scam is a type of phishing attack where criminals will call you posing as a bank staff member or other financial service employees and try to get you to share your personal information over the phone, they will use social engineering tactics to persuade you to reveal personal details which will allow them to access your accounts.

But what is phishing? In a nutshell, phishing is a cyber attack that criminals use by using disguised emails as weapons to gain your personal credentials by tricking you into believing the email is from a legitimate source. The criminals spoof (fake) their email address so it looks like its coming from a trusted source, set up fake websites to look like the originals and use slightly modified URLs to direct you to a site created by the criminals in the hope you will provide them with your personal or financial information.

“Someone mentioned smishing is that the same thing?” – Absoloutely! Smishing is the equivalent to phishing and vishing but the criminals use text messages in order to try and steal your information.

THE hmrc scam

So what exactly happens in this scam?

Well it starts pretty much the same for everyone just how I described above. You’ll get a call from a mobile number that you don’t recognise and even sometimes the criminals will spoof their number to make it look like the official HMRC number. You will then have the pleasure of listening to that lovely pre-recorded message explaining that you will shortly be arrested unless you pay the money you owe and to press 1 to speak to an advisor. Pressing 1 transfers you to an ‘HMRC representative” aka the scammer. Now vishing scams are no simple feat and there is usually a highly complex criminal web with multiple people involved who may seem highly convincing. The representative will then proceed to tell you the accusations against your name and even provide pdf documents as if to seem legit, they will then ask you for more details and to start transferring money now as you’re on a timed call and the money has to be paid ASAP. (Some victims have said that the criminals told them the police were on standby 30minutes away and if they didnt pay within that time frame the police would arrive at their address). They’ll ask you to start transferring money in small amounts to different bank accounts as this makes it a lot harder for your bank to track the routes that the money takes.

Now you’re probably sat there thinking, “yeah i’d definitely know this was a scam and i’d hang up”, well lucky you but these calls can be highly intimidating and when you’re under pressure you can make extremely rash decisisons.

As the call progresses the questions get more personal in the hope you’ll reveal more information that is useful to the criminals until they’ve taken large amounts of your money and left you broken both financially and mentally. It’s intense and they will target anyone. Young or old, global pandemic or not.

I’ve been victim to one of these calls what should i do?

Well first of all you need to know that:

HMRC will never send an email, text message (or message in an app such as WhatsApp) or give you a phone call which:

  • tells you about a tax rebate or penalty
  • asks you for your personal or payment information

Next you need to report the call to the official HMRC phishing team

Final thoughts

hang up like it’s 2004 and you have a flip phone

Now I come from a performing background where I was registered as self employed and very rarely had anything to do with the HMRC unless it was to fill out my self assessment form. The rest of the year I never thought about taxes or any money I needed to pay them. I have many friends in the same position as me and to be honest the knowledge of paying taxes isn’t something i’ve ever been taught. Being a performer you often live from job to job and money is tight, so to receive a call like this without my cybersecurity knowledge, I would be scared. Taxes aren’t a thing that we ever learnt at school and more likely than not, if you get a call from the government saying you owe them money you probably will think that you do. Unfortunately the criminals don’t care. They will target anyone and right now there are a lot of vulnerable people that will fall for this scam. So I ask you all to share this post and talk to your friends about this, spread the word and make sure when you answer that unknown number and that pre-recorded message starts to play you hang up like it’s 2004 and you have a flip phone.

M.

Links for HMRC phishing page & ActionFraud:

https://www.gov.uk/report-suspicious-emails-websites-phishing/report-hmrc-phishing-emails-texts-and-phone-call-scams

https://www.actionfraud.police.uk/

The First post!

A quick insight of what to expect!

Well here it is… my first blog!

Why do this?

  • To give you all the most up to date cyber security news and tips
  • Because it will help you become aware of the risks we take each day just by having an online presence

Hopefully this blog will allow a wider audience the ability to learn what they need to do in order to keep safe online. I will try to post as frequently as possible and each week do a round up of my favourite news stories.

M.

Design a site like this with WordPress.com
Get started