LinkedIn Now Considered as Front Door For Phishing Attacks

A recent web seminar by Computing revealed that LinkedIn now is being considered a front door access for potential phishing attacks in order to encourage careless users to open malicious emails and their links. Now LinkedIn isn’t in itself the issue here, it is more the way people act that is and in combination with already available information.

We mostly see DDoS and similar attacks make the headlines, but phishing is now considered to be the top threat to businesses and it is constantly increasing in severity. The attacks use novel methods to make potential victims feel comfortable before they send their malicious payload. LinkedIn is now being used in a big fashion as that entry point. This is where hackers make the first contact with potential victims. After an initial trust has been built, it is far more likely for a victim to click a malicious link without double checking what it will do. Another reason that phishing has grown as a method of attack is that it doesn’t take any skill at all to do so. Anyone with bad intentions can do it.

One of the examples given at the seminar was from the law firm BLM that continuously is a target of phishing attempts. For example, they have had both email and phone calls attempting to extort money by someone purporting to be the CFO, and they very often originate from LinkedIn contacts.

Not all phishing attacks are as sophisticated, but they’re still very effective because people have developed a click mentality for their inbox. An example for this was given too. In one day they received 2500 copies on the same email in 10 minutes that seemed to come from the department of motor vehicles, and people just clicked the included link, no questions asked. Even though the email had a specific registration number listed, people still clicked it despite not being one they own. One person even clicked it not owning a car at all. Luckily BLM runs everything in a sandbox and these things are caught, but there are still a lot of companies that don’t take this threat seriously.

In most instances phishing can be combated with common sense, but in a world as busy as ours, common sense is often turned off in exchange for productivity.

Personally, I’ve seen a big rise in SMS fishing lately and I regularly get suspicious messages from numbers and names that appear to be genuine – but on close inspection they never are.

Image courtesy of Hotspot Shield

Denver Police Caught Using Database For Personal Gain

In this day and age, we like to think that our information is well protected. We know that isn’t always true though with companies like TalkTalk and even children’s toy company VTech having their data exposed in hacks. So what about the people who have access to our information? Well, it would seem that Denver police could be in trouble after it was revealed that some of their officers have used their access to information for personal gain.

The report outlining this was created by independent monitor Nicholas Mitchell and lists not just one but multiple “wrongful searches” where an officer used their access to find out information beyond work needs. An example of this was when a female hospital employee spoke with an officer, only to return home and find a message on her personal phone. To make matters worse she had never given her contact details to the officer, who it turns out, used their access to the database to find out her contact details.

In another example, an officer received a call from a woman who was in a custody dispute with her boyfriend over their teenage daughter. The women learned that her ex and their daughter had been given a lift by another individual and asked an officer to run the licence plate of the individual, even providing the women with information from the search. The women in question than rang the individual and revealed that she had personal information, including his home address.

What is the worst part about all of these situations? It would appear that the officers in question were never truly punished, with the most someone suffered because of this was a few days suspension without pay. The misuse of government property and information, and, in fact, breaching people’s data privacy and security, is by all means criminal in nature and goes to show that sometimes when people are afraid of who has access to their data, they have more than a right to be worried.

London Cabs Set To Allow Contact-less Payments By 2017

So there you are, having been busy rushing around London doing your shopping and decide you want to quickly grab a taxi back home, only to find you won’t be able to because you don’t have any cash on your person. It happens and normally the alternative for people these days is either to walk it or use alternative transport such as Uber. With the app based service looking to only grow and grow, not taking in mobile and card payments has limited London’s cabs. This could be set to change though as soon as mid-2017.

Transport for London (TFL) and Mayor Boris Johnson have agreed to move proposals for the scheme that would see all taxi’s requiring the capability to accept card payments, including contactless. This chance could be seen as soon as October 2016, just in time for next year’s Christmas rush, a welcome change I bet for the 86% of the people who responded to a consultation saying that they wanted cards accepted.

TFL have agreed to bring down the cost of transactions charges from 10% to around 3%, this meaning that you won’t be charged extra (after the additional 20p increase that’s set to come in earlier in the year).

With services like Uber and other forms of public transport already taking card and contactless payments, is it about time that Taxi’s joined the fold?

WHSmith Contact Us Sends Email To Companies Mailing List

Online shopping is a big thing, and companies like to keep track of what you’re buying and even send you the odd offer here or there, you brought a TV so why not buy a sound system for 20% less? Normally these offers mean we sign up with some sort of password and email combination, and you expect them to store these and be safe. In recent years we’ve seen some sites hacked and their details published online, but today it would seem that WHSmiths has taken it a step further with their contact us form emailing everyone who had registered for magazines with the company!

In a statement, WHSmiths stated that “I-subscribe [the company responsible for their magazine subscriptions] have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved”. They stressed in their discussion with the Guardian newspaper that it was “a bug not a data breach”.

The emailed not only included the information such as the person’s name and the message they wished to send but was sent to a large list of contacts, thus exposing their details to a wider than wanted audience.  Some of the earlier messages contained not only their real names and emails but also postal addresses and phone numbers.

With data security at its highest and customers, both paying, and interested parties, worried about the extensive breaches and accidents, will companies soon look at different ways of storing information where these accidents could happen less?

Thank you The Guardian for the information.

Image courtesy of Corporate Marks and Spencers

Apple Pay Now Live In The UK

You may have noticed that in the UK contactless payment is becoming a large thing, with many shops now allowing you to use the system to pay for items if their value is under a set amount (normally around £20). This means that in order to pay for your sandwich at lunch all you need to do is hold your card against the card readers top and after the lights are all green you’ve paid for your food without a single button press. Apple’s answer to this system has just been released live in the UK, ingeniously named Apple Pay.

Apple Pay uses not only your card but also your iPhone or Apple Watch (iPhone 6 or 6 Plus required). This means that after you’ve linked your credit/debit card to your apple account all you need to do is tap your phone against the card reader and provide it with your thumbprint. This gets over one of the biggest worries, in that the near field communication (NFC) used by contactless payments doesn’t require any verification, that is that you don’t need to confirm your identity when you use it. This means as long as all I buy is something to drink and some food that comes in under £20, there is nothing stopping me from using another contactless card. Apple Pay uses your thumbprint to confirm your identity and that you have the permission to use the card you’ve selected to pay for the items.

The system has also been taken up by other companies alongside retailers, Transport for London has stated that you can use the system of readers already installed for Oyster card readers to pay for your bus, tube or train tickets. Argos, Dominoes, Just Eat and even British Airways have also said you will be able to use Apple Pay within their apps.

With a rise to £30 for contactless  payments in September, more and more people are being drawn towards using this system as a way of shopping every day. The extra security provided by Apple Pay can’t hurt, it barely adds any time to the experience and keeps your cards safe, just hope you don’t run out of battery while shopping.

Thank you Engadget for the information.

Image courtesy of Buisness Insider.

Here’s How to Get $200 off Your Newly Bought Samsung Galaxy Note 4

It’s been a while since Samsung launched the Galaxy Note 4. Even so, people do enjoy it and proof stands in the number of people owning such an Android device. Samsung did pay attention to this and is still interested in getting people to buy the Note 4 with a new rebate promotion in the US.

According to the rules, everyone who purchased a Samsung Galaxy Note 4 handset at full price from a retailer or carrier is eligible to get $200 back. In order to get your hands on the cash, Samsung needs your contact information, the handset’s IMEI and the Wi-Fi MAC address, along with a photo of the receipt that has the purchase date clearly visible.

Once all the above have been submitted, it is said that it usually takes up to two working weeks to receive the money. One thing to take into account is that wireless carriers such as US Cellular or Sprint are not eligible. Also, the offer is only available between the 7th and 26th of July, so you have to hurry if you don’t want to miss this chance!

More information on the terms and conditions can be found here and you can start your rebate application here.

Thank you Android Central for providing us with this information

Image courtesy of TheGadgetBook

Vodafone Glitch Shuts Non-Emergency NHS, Police Phone Lines

A major fault with Vodafone’s network today (Saturday) meant non-emergency phone lines for the UK’s NHS and Police went down.

The NHS lost service to its 111 helpline, while 23 police forces, including the Metropolitan Police, lost their 101 non-emergency service. All lines were reinstated by 1pm GMT.

The fault, which also resulted in the road recovery company RAC losing its phone service, is now being investigated by Vodafone, who apologised for the problems.

“Our engineers have worked hard to resolve the issue as quickly as possible and services have now been restored,” Vodafone said.

It said it would continue to monitor the service closely, adding: “We apologise for any inconvenience caused.”

Source: BBC News

ECHO Urgent Messenger Aims to Notify Your Friends When You Are In Distress

A new personal SOS device is apparently in the works over at Indiegogo website, having it be able to let people know where you are and even speak to them after you press the ‘panic button’. The device by the name of ECHO Urgent Messenger, which basically has the same principle as a normal panic button, is said to fit on your keychain and help you in calling for help whenever you need it. The company is aiming to raise at least $5,000 in order to start production for the aforementioned gadget.

What makes the device stand out of the crowd is its ability to add friends to the contacts it sends a distress signal upon triggered. Aside from the staff, who will receive your distress signal and be able to talk to you (if you can) or at least listen to what is going on, the device is said to let users add individual phone, email and even Facebook contacts, who will be notified about your distress as soon as you press the button.

[youtube]https://www.youtube.com/watch?v=L97MDtdp0Nk[/youtube]

The message sent when triggered is said to contain your location within five feet, based on GPS, GLONASS and cell tower triangulation. However, with all the privacy concerns out there, this might sound as a way people could track your every movement. Nonetheless, the company has stated that all location tracking features will only activate once the user presses the button and will remain deactivated otherwise.

In terms of power, the ECHO gadget is said to run on a AAA battery, having the company stating that it would last as long as 7 years in standby or 5 hours of talk time in the case where it has been triggered. People interested in acquiring one can pledge at least $144 and wait for it to be delivered in December, though the target crowdfunding plays an important role to its actual release on the market.

Thank you Endgadget for providing us with this information
Image and video courtesy of Indiegogo