Category Archives: Security

Phishing

Posted on by
Reply

You may have heard of a social engineering technique called “phishing” in which hackers attempt to trick you into revealing personal login information, which they then use to defraud you in some way. These phishing attacks usually take the form of an email which purports to be from a known and trusted organisation such as your bank or an online retailer.

I received one such email this morning and I wanted to share it with you to demonstrate just how realistic they can seem:

This email may look legitimate enough, but the embedded link actually takes you to a fake site which is intended to steal your login information and credit card details. In this case the rogue server is hosted at the NongMin Daily Newspaper Office in China, which presumably has been compromised.

Please follow this advise to stay safe:

  • Do not trust “From” addresses as these can easily be faked.
  • Never divulge personal or banking details in response to an email.
  • Do not click on links or attachments that you receive in unsolicited emails.

Cash Machine Scams

Posted on by
Reply

Some old photos showing how a common cash machine scam is operated.

Looks normal right?

But it isn’t!

The gangs attach these inconspicuous devices to the cash machine and wait for unsuspecting customers. When you insert your card they copy the magnetic stripe details, which is enough to create a cloned card. The camera records your key presses and so they have your PIN too. After skimming a few cards they download the information to a PC, often remotely from a nearby vehicle.

The first you know about it is when you find your bank account has been emptied ๐Ÿ˜ฅ

Examine the card slot carefully before inserting your card. If you see anything suspicious, do not use the machine!

Most importantly, cover your hand when keying your PIN. This scam relies on being able to see your input, so don’t feel embarassed about covering up.

ยป BBC: Police issue cash machine warning
ยป Thames Valley Police: Suspected skimming device – Maidenhead

More photos at National Criminal Intelligence Service.

Chip and SPIN

Posted on by
Reply

Chip and SPIN is a web site examining the technology behind the “Chip and PIN” initiative. It is maintained by Mike Bond, a research associate working in the security group at the University of Cambridge.

It makes for very interesting reading, particularly the disadvantages of C&P for the customer since default liability in a disputed C&P transaction is on the customer. The banks proclaim that the system is flawless and in doing so have shifted the burden of proof in favour of them ๐Ÿ‘ฟ

‘Cabir’ Mobile Phone Worm

Posted on by
Reply

So the first ‘worm’ for mobiles has been discovered – that took a while then ๐Ÿ˜‰

http://www.kaspersky.com/news?id=149499226

“Cabir” does not contain a destructive payload but can transfer itself via Bluetooth to other Symbian devices and could be considered a proof-of-concept for what can be achieved. I guess it’s only a matter of time before a malicious version appears in the wild.

Cabir

Again this underlines the importance of secure code-signing to protect unsuspecting users from malicious applications. Symbian has started their “Symbian Signed” program, but unless users are educated about the potential dangers and are made aware of the damage that can be done by blindly installing rogue apps, then I predict widespread chaos on mobile networks.

http://www.symbian.com/press-office/2004/pr040518.html

Operators can assist by automatically scanning content that is downloaded via their networks, but as Bluetooth circumvents the commercial wireless networks, there is little that can be done to protect yourself other than installing personal firewall and anti-virus products on your own device.