Monthly Archives: March 2017
A new report on the say “Yes” telephone call scam we talked about back on February 6th.
Anyone who still has a traditional home phone (myself included) dreads those irritating robocalls. As part of the latest scam, the caller, instead of mentioning who they are, simply asks “Can you hear me?” That seemingly innocent question could be a sign that a scammer is on the other end of the line.
The Federal Communications Commission issued a consumer alert against just such scammers yesterday, Monday, March 27, 2017. When you reply and say, “Yes,” that you can hear the scammer, your reply is recorded and used to authorize fraudulent charges via telephone on the victim’s utility or credit card account, the FCC says.
The scam must be much more prevalent, based on complaints the agency has received and from news reports across the U.S. The fraudulent callers may even try to impersonate familiar organizations to get you to answer and talk.
“Robocalls are the number one consumer complaint to the FCC from the public. And it’s no wonder: Every month, U.S. consumers are bombarded by an estimated 2.4 billion robocalls,” said FCC Chairman Ajit Pai last week at the agency’s March meeting, during which the commission voted to begin a rulemaking process to eliminate robocalls. “Not only are unwanted robocalls intrusive and irritating, but they are also frequently employed to scam our most vulnerable populations, like elderly Americans, out of their hard-earned dollars.”
What should you do?
According to the FCC, if you receive this type of call, immediately hang up. If you have already responded to this type of call, review all of your statements such as those from your bank, credit card lender, or telephone company for unauthorized charges. If you notice unauthorized charges on these and other types of statements, you have likely been a victim of “cramming”.
Anyone who believes they have been targeted by this scam should immediately report the incident to the Better Business Bureau’s Scam Tracker and to the FCC Consumer Help Center.
Now back to my thoughts on this “Scam”…
At first glance, this warning sounded reasonably valid: major news outlets covered it as recently as last night on the 6:00 ABC news hour. But just because the media is running around reporting that the sky is falling doesn’t mean you have to duck for cover. A closer examination of the purported scam reveals some questionable elements.
First, we’ve yet to identify any scenario under which a scammer could authorize charges in another person’s name simply by possessing a voice recording of that person saying “yes,” without also already possessing a good deal of personal and account information for that individual, and without being able to reproduce any other form of verbal response from that person.
Moreover, even if such a scenario existed, it’s hard to imagine why scammers would need to utilize an actual audio recording of the victim’s repeating the word “yes” rather than simply providing that response themselves. As far as we know, phone companies, utilities, and credit card issuers don’t maintain databases of voice recordings of their customers and use them to perform real-time audio matching to verify identities during customer service calls.
So – once again, I believe the media is simply reporting on something they found on the wire without doing any due diligence as to the authenticity of the scam. Even though the FCC has issued an alert – it’s not backed up by any concrete, documented evidence of people actually getting scammed. It’s simply the result of people reporting that they got the “Can You Hear Me” phone call and are worried about what to do next. To answer that question, the FCC has provided the following information.
Directly from the FCC website (web link below)
Consumers should always be on alert for telephone scams. The following tips can help ward off unwanted calls and scams:
• Don’t answer calls from unknown numbers. Let them go to voicemail.
• If you answer and the caller (often a recording) asks you to hit a button to stop receiving calls, just hang up. Scammers often use these tricks to identify, and then target, live respondents.
• If you receive a scam call, write down the number and file a complaint with the FCC so we can help identify and take appropriate action to help consumers targeted by illegal callers.
• Ask your phone service provider if it offers a robocall blocking service. If not, encourage your provider to offer one. You can also visit the FCC’s website for information and resources on available robocall blocking tools to help reduce unwanted calls.
• Consider registering all of your telephone numbers in the National Do Not Call Registry.
Better Business Bureau Scam Tracker:
FCC Consumer Help Center
We always seem to be talking about another security breach or hacked web or email accounts and so on. Many of us have multiple email addresses and it would probably be good to know if any of our many different email addresses have been hacked (or pwned).
You pronounce pwned as p-owned as it is an abbreviation of professionally owned. “Owned is a slang word that originated among 1990s hackers, where it referred to “rooting” or gaining administrative control over someone else’s computer. The term eventually spread to gamers, who used the term to mean defeat in gaming.”
Here’s a free website that will search your email address and report when and where your email was “pwned”. This site will even notify you when future pwnage occurs and finds your email account has been compromised.
What is the site all about?
This site came about after what at the time, was the largest ever single breach of customer accounts — Adobe. Post-breach analysis of user credentials kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.
The FAQs page goes into a lot more detail, but all the data on this site comes from publicly leaked “breaches” or in other words, personal account data that has been illegally accessed then released into the public domain. Have I been pwned? aggregates it and makes it readily searchable.
Why build the site?
This site serves two primary purposes: firstly, it obviously provides a service to the public. Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur. By aggregating the data here, it not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s internet. Secondly, the site provided its developer, Troy Hunt, with an excellent use case for putting a number of technologies through their paces and keeping his hands-on skills somewhat current.
Who is behind Have I been pwned?
I’m Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.
I created Have I been pwned? as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.
Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today’s modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!
Just when you thought the internet couldn’t get any creepier. There is apparently a disturbing trend going on called “digital kidnapping.” And if that phrase is new to you, allow me to fully weird you out. “Digital kidnapping” is when someone steals a stranger’s baby photos and reposts them on the Internet. Sometimes, these virtual photo thieves will pass the snapshots off as their own. But other times, it goes a step further. Just last week, a couple took the photos of a child suffering with cancer from a Go Fund Me page and went door to door trying to collect money for funeral costs. They weren’t the sharpest knives in the drawer because they got caught after going to the child’s grandparents work place…
Another example found on Instagram, accounts were being set up specifically to encourage others to join in on “adoption role playing,” inventing new identities for each child and inviting users to chime in.
So, in the wake of recent news reports about digital kidnapping, it’s important that parents know what can be done to see if anyone is using your child’s photo.
Once you post a picture online, it’s hard to know where it’s going to end up. Most likely, it will be one of the millions that people scroll past on their Facebook feed every day. Considerably less likely, it could go viral and become a meme. But somewhere in between those possibilities, is the potential for that image to be used by strangers for all the wrong reasons. Pictures of your children could end up in the hands of people with intentions that would make you cringe.
Here’s a quick, simple tutorial on how to do a reverse image search on Google so you can find out where your personal pictures might have gotten to beyond where they were originally posted.
1: Go to google.com and click “Images.” 2: In the search bar, click the camera icon. 3: Either upload a picture from your computer or enter the URL of a picture to search for it. 4: Google will return every instance of that image they can find
Ultimately, the most important thing for anyone to do is to be careful of what you post online and to always enable the privacy setting on your accounts. When you do a reverse Google image search, hopefully you will find that your, or your child’s photos, aren’t anywhere they’re not supposed to be. Google isn’t the only company to offer this service. You can also search for specific images using TinEye, BING and Copyscape.
- Google Reverse Image Search. This is my default go-to for looking out sources of images. You click on the camera icon in the search bar and upload the image. Google then brings up the sources for the image that you searched for.
- TinEye.This works in a similar way as Google Reverse Image Search and the results are usually the same but not always.
- Copyscape.This works in the same way as the above but for written words instead of pictures.
(Unfortunately, you cannot do this on your phone. So if you want to check any images shared on a social media app, you’ll have to log into their website.
More information on how to find out if your images have been stolen: http://stopstealingphotos.com/find-images-stolen/
If you find your intellectual products or images are being used, here’s some info on what you can do. https://ongoingpro.com/copyright-find-stolen-photos-online-reverse-image-search/