Seagate Sends Employees’ Payroll Information After Phishing Scam

Seagate is known for many things, but most of all they are known for their hard drives. I would recommend you look elsewhere if you are looking for something a little more secure I would say avoid them for now as it’s been revealed that employees’ payroll information was sent out after a phishing scam.

Phishing is the act of pretending to be someone else, asking for details (normally bank details or contact information) in order to gain access to information you normally couldn’t. From Nigerian Princes to Sergeant in the Army, they use anyone to obtain information. This time, the email claimed to be from Seagate’s CEO Stephen Luczo requesting data about current and former Seagate employees.

Believing the email to be genuine, the employee responded with the W-2 (Wage and Tax statement) documents. With the scope currently set at “several thousand” employees, the company has been working with federal law enforcement agencies since the incident on the 1st March. To help support their employees, two years of credit protection has been provided on the off chance that their data is used.

With most details of this nature being used in returning fraudulent tax returns with the IRS (something which is made all that much easier by being hacked recently), it could cost the government thousands if they don’t catch the culprits involved.

Seller of Indian $4 Smartphone Accused of Fraud

Recently an Indian company revealed that they would be selling a smartphone for only $4, however, 30,000 unit sales later, it has turned out that it may just be too good to be true. The company has been accused of fraud by congressman Pramod Tiwari, with another MP, Kirit Somaiya calling the operation a huge Ponzi scam and requested the government launch an investigation into the company. This is hardly the first trouble for the $4 smartphone too, with an early prototype of the device being uncovered as a phone belonging to another company as well as being subject to a government raid making the device seem less and less of a reality.

Set to be launched by a small company named Ringing Bells, the $4 Freedom 251 device originally impressed many by packing a decent set of specifications for the price. A 1.3 GHz quad-core processor, 1,450 mAh battery, 4-inch 960 x 540 qHD display, 1GB of RAM, 8GB of internal storage and a 3.2-megapixel camera was what it was capable of on paper, far from the expensive flagship phones launched by big companies, but for 251 rupees, it seemed incredible. Pankaj Mohindroo, the founder and president of the Indian Cellular Association told CNN that the sum cost of the Freedom 251’s components, even when using the cheapest possible, would cost at least 2700 rupees ($40) to manufacture. The device’s 3.5-inch touchscreen alone would cost more than the $4 that the entire device was to sell for.

Adding to this, at the launch event for the phone, the sample handsets given out by Ringing Bells looked nothing like the previous renders of the phone, which were later revealed to be Chinese Adcom Ikon 4 phones with the branding covered up. Ringing Bells founders Mohit Goel and Ashok Chanda claimed that the branding was present on the devices as the screen components had been sourced from Adcom and the device was a quickly put together prototype to show off.

It doesn’t stop there either, with Ringing Bells having faced a government raid on one of its offices due its lack of credentials and attempting to market a device without having a Bureau of Indian Standards certification. Ringing Bells hadn’t even begun manufacturing the phones by the time they were selling them, with the money raised from pre-orders to be put towards purchasing the manufacturing unit to create them. The final falsehood from the company is their participation in the government run Make in India program, which they were proud to be a part of. Except they were planning to make the devices in India with no subsidies and the Indian Government confirming that the company had nothing to do with the program.

With so many deceptions and inconsistencies floating around, it is hard to consider that this device could really materialize. Even now Ringing Bells has stopped taking orders for the device, reportedly to work on creating the phones already ordered. Whether those who have ordered their devices ever see them materialize, it is hard to tell, but with the release date for the handset targetted for June, we may not have to wait too long.

HMRC ‘Reluctant’ to Tackle VAT Fraudsters Says Tax Law Professor

HMRC is responsible for investigating companies and individuals who failed to disclose VAT when selling goods online. However, according to Rita de la Feria, a professor in tax law at Durham University, HMRC isn’t intervening due to EU law and soaring legal costs. Additionally, she discussed the legislation which demands companies like eBay to properly inform users of their legal obligations. As a result, Amazon and eBay could legally be charged billions in pounds of unpaid VAT if they do not properly safeguard against VAT fraudsters. La Feria said:

“I doubt there will be a case immediately. But if HMRC starts asking questions based around the legal principle, which is now sufficiently strong, that could be a stick for Amazon and eBay.”

“HMRC is trying to avoid [acting] as the legal costs of this will be high.”

eBay responded to these claims and released a statement which reads:

“eBay reminds all its users of their need to comply with their legal obligations and we also provide helpful guidance on VAT through our Policies and Help pages with the aim of providing a safe and fair marketplace for all our buyers and sellers. If eBay sellers are found to be breaching UK VAT compliance rules, we will cooperate with HMRC in all cases where HMRC provides evidence of underpayment of taxes.”

As with any legislation, the finer details are quite complicated. EU law takes precedence over UK common law, which means the company’s trading with a EU base have to uphold their legal responsibilities. Although, HMRC isn’t doing enough and needs to apply pressure on large corporations.

Malware In Hilton Hotels Results in Card Details Being Stolen

How often do you use your card? When you pop down to the shop and breaking that ten-pound note will result in too many coins to carry back? How about when you’re buying things online? Finally, how many have used their cards to book hotels? If you’ve stayed at a Hilton hotel recently and used your card to pay at one of their Point of Sale (POS) terminals, you may want to double check your cards not got anything suspicious on it.

Hilton Hotels has stated they are investigating the possible security breach reported by Brian Krebs, an investigative journalist, who traced a collection of misused cards and found a common source in the till’s that are located in one of the many restaurants and gift shops located in Hilton Hotels  located in the US.

Sadly this is not the end of the story, the security alert that Visa released for this flaw was made in August, with the malware apparently being active between April and July this year. Given the number of hotels, and the ease at which people can pay for things using their cards, the number of potential cards that have been affected by this issue is surely only going to rise as more and more people become aware of it.

As with all cards, credit or debit alike, you should always keep an eye on it and raise any concerns regarding payments that you don’t recall making, or seem to be to companies you’ve never heard of, to your bank/building society.

Thank you the Register for the information.

Image courtesy of ITP.

Tax Credit Refund Scam Is affecting UK Based Individuals

Tax credits are a hot topic at the moment, this is in part to the Conservative death by a thousand cuts, I said cuts, plans which are set to reduce the income of many of the poorest in society by an average of £800 a year. Unfortunately, the adverse media coverage has been picked up by scammers who have devised a fraud which promises tax credit refunds.

Individuals have received messages within the last few days to a week which utilizes the Goo.gl shortening URL to redirect victims to what appears to be a compromised website: The message reads “Dear valued customer, we are happy to inform you that you have a new tax credit refund from HMRC. Click on the following link [URL] to claim your HMRC refund”

These messages have been sent via texts although you may want to keep a look out for other forms including emails in case the scammers diversify. The stats are below concerning this fraud, as you can see, it’s shocking to note that there have been 731 clicks so far considering the scam is pretty new.

  • 731 clicks so far, with the majority of them coming from the UK.
  • 440 of those were on iPhone, and 252 were using Android. Just 31 people were browsing via Windows.
  • The shortened link is around 1 week old, so the scam is pretty fresh.

The phishing page is located at – savingshuffle(dot)com/hmrc/Tax-Refund(dot)php:

The scam page appears to be from HMRC, but to be clear it is certainly NOT from the official government-backed site. The page would like many personal details which includes the following

  • Name
  • Address
  • Phone
  • Email
  • telephone number
  • card details,
  • Sort code and account number.

Scroll further down the page and the scammers would also quite like a piece of “Identity Verification” in the form of a driving license number, national insurance number and mother’s maiden name. There’s also a pre-filled refund amount of £265.48 next to the submit button.

This is fake; this is a scam and please DO NOT under any circumstances click on any link which purports to offer any kind of refund. The official HMRC do not send any messages which purport to offer any kind of refunds in the first place. An official bank or government-backed service wouldn’t start a message with the words “Dear Valued Customer” Also, be aware just in case you receive a message with your name offering a refund, this would also be a scam with absolute certainty.

There will be inevitably more variants of this scam which prey on people’s financial circumstances; always be suspicious.

Thank you malwarebytes for providing us with the information.

Former Mt. Gox CEO Mark Karpelès Arrested Over Lost 650,000 Bitcoins

More than a year after troubled Bitcoin exchange Mt. Gox folded, authorities have finally moved against the beleaguered firm. Japanese police have arrested former CEO Mark Karpelès for his involvement in the collapse of the exchange. Leading up to the collapse, the exchange reportedly lost 750,000 Bitcoins belonging to customers as well as 100,000 held by Mt. Gox itself.

According to the Japanese police, Karpelès faces allegations that he manipulated the balance of company accounts as well as those of customers. Claims were also made that some of the missing Bitcoins may have never existed at all and that he falsified data to inflate the company’s assets. At the time, Mt. Gox blamed the loss of the Bitcoins on a bug and later hackers as well as simply losing them. Before filing for bankruptcy, the firm announced it had “found” 200,000 of the missing coins.

At the time of its closure, Mt. Gox was the biggest and most well-known Bitcoin exchange. When the coins were lost, they were worth almost $500 million, though that has since dropped to about $184 million. Karpelès denies any wrong doing at this point and blames the loss of Bitcoins on hackers and weak cyber security.

Thank you Engadget for providing us with this information 

FTC About to Mail out 55 Thousand Checks Worth $1.9 Million

Multi-level marketing, or MLM for short, is an old scheme rarely used anymore because people aren’t stupid enough to fall for it now. It isn’t that long ago that it wasn’t the case and BurnLounge made a small fortune with their pyramid scheme.

A pyramid scheme and multi-level marketing aren’t completely the same, and some forms are even legal in some places, but let us just say it is one thing for the sake of this article. BurnLounge promised the path to riches with its digital music store concept, but the only ones that got rich in the experience were the founders.

The site promised six-figure incomes, but most people didn’t even make back their initial investment. The company was shut down in 2007 after the FTC filed a suit against it. Since then BurnLounge has been fighting the case, hoping to end up as a winner. In 2011, a US District Judge issued a judgment that this was a pyramid scheme and illegal. That was appealed and BurnLounge lost again earlier this month.

On Monday, the FTC announced that it is mailing 52,099 checks totaling nearly $1.9 million (~£1.2 million) to consumers who paid to become BurnLounge “moguls.” A long case finally closed.

It worked the way that BurnLounge customers got their own online music store on a pre-made web page. There were several pre-paid plans and selling music led to rewards points, which could be traded for cash if the consumer paid to join the Mogul program for an additional fee. The company guaranteed a minimum commission of just 50 cents for selling a $9.90 album, while offering bonuses of $10 to $50 for selling product packages—in other words, for recruiting. The FTC’s expert found that 90 percent of the bonuses paid, minimum, would be for packages tied to recruitment, not for music.

Thank you ArsTechnica for proving us with this information

Three Spammers Accused of Largest Data Breach in History

The US Department of Justice has charged three men with what could be the biggest data breach in the history of the internet. The three spammers are accused of stealing billions of e-mail addresses from the databases of e-mail service providers. Two of the men, Giang Hoang Vu and Viet Quoc Nguyen, are Vietnamese citizens residing in the Netherlands, while the third, David-Manuel Santos Da Silva, is Canadian.

A statement from Assistant Attorney General Caldwell read: “These men… are accused of carrying out the largest data breach of names and email addresses in the history of the Internet. The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers.”

The three men targeted the largest e-mail providers in the world, including Gmail, Yahoo! Mail, and Hotmail. Considering the scope of the operation and the volume of addresses accrued, it is quite likely that someone reading this has had their e-mail address stolen by these spammers. Only addresses were gathered, though: no passwords were compromised during the data breach.

Santos Da Silva is alleged to have laundered money that Hoang Vu and Quoc Nguyen earned through their spamming through his website, marketbay.com. Da Silva and Hoang Vu have been arrested, but Quoc Nguyen remains at large. Huoang Vu has pleaded guilty to computer fraud.

Source: Cyber Kendra

Phone Tech Support Scammer Threatens to Kill Sceptical Mark

Ten years ago, the most common internet-related scam was the infamous “419” confidence trick, e-mails promising vast wealth in exchange for a small investment. So infamous, in fact, that few people fall for it anymore. So, criminals had to evolve their approach, instead tricking their mark (or victim, to us) into thinking that they are getting a legitimate service for their money.

Thus was born the fraudulent technical support phone call, preying on people’s ignorance of computers to fool them into giving the tricksters unrestricted access to their computer. Thankfully, call victim Jakob Dulisse of British Columbia, Canada, wasn’t naive enough to fall for the fake tech support call he received, refusing them remote access to his PC to install malware and branding the caller a crook; the scammer didn’t take kindly to being called out.

“You do understand we have each and every information, your address, your phone number. We have our group in Canada. I will call them, I will provide your information to them, they will come to you, they will kill you,” the tech support scammer threatened.

Dulisse recorded the call two weeks ago, and the recording was picked up by CBC News:

Dulisse told CBS that he found the threats “chilling, but hard to take seriously.”

“He was still trying to get me to do what he was trying to do with my computer,” Dulisse said. “He was actually threatening me as a tactic.”

Source: Ars Technica

Woman Buys PlayStation 4, Gets Box of Bibles

In a repeat of a story from last week, a woman from California bought a PlayStation 4 as a Christmas gift for her boyfriend discovered, when her boyfriend opened the gift on Christmas morning, that the console had been replaced with two heavy bibles.

Sandra Ortiz bought the PS4 from a local Target store, with no clue that there could be anything out of the ordinary lucking within the console’s box. Ortiz told CNN that her boyfriend reacted in good humour, saying, “He said he didn’t want the Bibles unless they were autographed by Jesus himself.”

The most likely scenario is that a customer bought the console, swapped it for the two bibles, and returned it to Target for a refund, granted without re-checking the contents of the box. When Ortiz return the PlayStation to the store, Target employees “immediately apologized for any inconvenience and exchanged it for a new one.”

Source: CNet

Man Buys PlayStation 4, Gets Bags of Rocks Instead

A man from Denver, Colorado who bought a PlayStation 4 from his local Walmart was shocked to find upon opening the box that the console was missing, its place taken by two taped-up bags of rocks.

Igor Baksht bought the PlayStation 4 as a present for his niece and, despite the store clerk informing him that the console he was buying was a returned item, he did not check its contents until he was home. Baksht said that, before he wrapped the present, he opened the box, “Just to make sure everything was inside, that all the contents were inside, all the games were inside. When I opened it, I said, ‘Oh my God.” He says the clerk who served him commented about the weight of the box.

When Baksht returned to Walmart with the console box, he was initially told that there was nothing that could be done, and that they could not give him a refund. Only after pursuing the matter did the store manager call Baksht to offer him his money back.

Source: Kotaku

Norton Develops Wireless-Blocking Jeans

Anti-virus service provider Norton has helped develop a pair of jeans capable of blocking wireless signals, designed to protect credit cards and passports from being remotely hacked via radio frequency identification (RFID) signals.

The jeans were designed in conjunction with fashion retailer Betabrand and uses silver-lined pockets to form a wireless-proof ‘Faraday cage’ that protect against RFID signals. The duo are also offering a blazer, integrating the same technology. Both items, priced $151 and $198 respectively, go on sale next February.

Source: BBC

Scientists Developing Unforgeable Credit Cards

Dutch scientists have created a theoretical system that could render credit cards nearly impossible to clone. Currently, credit cards are secured by numerical encryption which, given the appropriate equipment, can be deciphered so that the card can be copied. Scientists at the University of Twente in the Netherlands propose using quantum encryption to secure the credit cards of the future.

Quantum technology uses shaped photons to transmit data in configurations so unique they are the technological equivalent of a fingerprint. Project leader Professor Pepjin Pinkse explains, “The best thing about our method, which we’ve called Quantum Secure Authentication (QSA), is that secrets aren’t necessary… so they can’t be filched either.”

The team maintain that the system could be easily implemented using current technology, so credit card cloning could soon become a thing of the past.

Source: E & T

Former Apple Manager Gets 1 Year in Jail, $4.5 Million Fine for Leaking Apple Secrets

Paul Devine, formerly Apple’s Global Supply Manager, has received a year of jail time as well as a fine of $4.5 million for leaking the company’s secrets.

Devine leaked secret product plans to a number of accessory manufacturers in return for money. This comes after Devine pleaded guilty to  wire fraud, money laundering, and conspiracy over 3 years ago. Devine reportedly made $1 Million on the leaks, after working for Apple between 2005 and 2010. As MacRumors points out, it was initially suggested that Devine could receive up to 20 years in jail over his crime, so it’s intriguing that he received such a comparatively small sentence.

Source: MacRumors

U.S. State Accuses Oracle of Lying, Fraud and Racketeering

The state of Oregon, U.S, has sued Oracle America Inc. and six of its top executives on Friday. Reason for the lawsuit is their failing to deliver a working website for the Affordable Care Act program, also known as Obamacare. Oregon had paid Oracle around $240 million dollars for a system that never worked.

A 126 page long lawsuit was filed in Marion Country Circuit Court claiming that fraud, lying and “a pattern of racketeering” by Oracle cost the state and its Cover Oregon program hundreds of millions of dollars. “Not only were Oracle’s claims lies, Oracle’s work was abysmal,” the lawsuit said. 

In a statement issued from Oracle, it reads “the lawsuit is a desperate attempt to deflect blame from Cover Oregon and the governor for their failures to manage a complex IT project. The complaint is a fictional account of the Oregon Healthcare Project.” Oracle plans to fight the lawsuit and is confident that they will win both in this lawsuit and the one filed 2 weeks ago in the federal court.

Oregon was initially enthusiastic about the federal healthcare plan and their own Cover Oregon and quickly engaged in television commercials and print ads in advance of the rollout. But the Oracle-built site never worked and Oregonians were forced to submit paper applications in a hastily-organized process. In April Oregon moved to an exchange run by the federal government.

The original whistle-blower on this told the state that Oracle “planned … a behind the scenes effort” to keep the state from hiring an outside systems integrator who would oversee the project. The suit asks Oracle to pay for Cover Oregon’s financial losses, plus penalties for damages.

Thank you Reuters for providing us with this information.

Image and video courtesy of Oracle.

UK’s National Crime Agency Gives Two-Weeks Notice Regarding GoZeuS and CryptoLocker

The UK National Crime Agency warns the public to take advantage of a two-week notice in order to protect themselves from two major malware roaming the internet, the GoZeuS and CryptoLocker, which are responsible for transferring cash from online accounts and holding personal data for ransom.

The NCA stated that the alert is the most largest industry and law enforcement collaborations to this date and that the FBI’s involvement in several countries has weakened the global network of infected computers, meaning that the notice and prevention ahead of the malware activity can help diminish the infection chance.

GoZeuS, also known as P2PZeuS or Gameover ZeuS, and CryptoLocker are said to target all versions of Windows operating systems, including the ones running in virtual environment, servers or embedded versions. The agency also states that the malware is responsible for transferring hundreds of millions of pounds around the world.

In the case where GoZeuS cannot transfer significant amounts of money from a personal computer, it is said that CryptoLocker is called as a back-up plan, locking the user’s personal data and holding it for ransom, currently price at 1 Bitcoin. The recent estimate of infected systems is said to be at 15,500 PCs in the UK alone.

The infection is said to occur by clicking fake links or attachments in e-mail sent by people in the contact book who have already been infected by the malware. The NCA recommends users to always keep their software up to date and check their computers for infection using antivirus software.

Thank you TheNextWeb for providing us with this information
Image courtesy of TheNextWeb

PayPal President’s Credit Card Gets Hacked – Well Deserved?

PayPal is a bit like Marmite (Yeast Extract/Vegemite depending on where you are in the world), you’ll either love it or hate it. If you’ve spent any amount of time involved in internet shopping (or internet selling) you’ll have heard all the horror stories about PayPal freezing people’s accounts for no reason, sometimes even shutting people out of their own accounts and then expecting people to provide a wide range of personal documents to fix PayPal’s mistake. People’s accounts have been frozen for days, weeks, months and in some extreme cases even years. Why do PayPal do it? Who knows? Suggestions range from them trying to earn interest on frozen balances to them having genuine security concerns with certain accounts.

Well it seems PayPal have had a bit of Karma bestowed on them as their president, David Marcus, had his credit card cloned in the UK. Since then the fraudster has gone on a spending spree and run up huge bills on the credit card. Though the Karma is a bit short lived when you realise that PayPal would have prevented the problem from occurring since PayPal masks card numbers during a transaction effectively making “skimmers” (devices that clone cards) useless. Although it’s worth noting most credit card companies would also fix the problems that result from credit card fraud so either way David Marcus won’t be losing any money.

Image courtesy of Businessinsider.com.au

Criminals Can Recover Personal Details From Used Phones, Even After Factory Reset

A recent Channel 4 investigation into the used phone trade in the UK has exposed some worrying privacy concerns. An investigation into two of the largest pawn brokers that are selling second-hand phones, CEX and Cash Converters, revealed that many phones still have recoverable details on them once sold. Some of the data that is left behind on the devices, or is recoverable, includes photos, text messages, passwords, credit card information and internet history. This comes despite Cash Converters and CEX telling customers that their devices will be wiped clean of all personal data before they are sold.

The issue arises from the assumption by these companies that a “factory reset”, or something of that equivalence, is enough to wipe all personal data from the device. The reality is a factory reset doesn’t completely eradicate all personal data as it is still recoverable from the memory. One security expert that Channel 4 spoke to claims that data can be easily recovered using freely available software and about 10 minutes of your time.

“The phones look like they’re completely blank, but the data is still there in the memory,” said Glenn Wilkinson of SensePost. “You can use software to find it, and that software is freely available for download. I can teach you how to access the data in 10 minutes.”

The extent of information that people store on their phones means that for criminals and fraudsters second hand phones are a goldmine of valuable and sensitive private information.

The Chief Executive of one of the major pawn brokers, Cash Converters, stated that:

“All phones are wiped to a standard level and full factory restores are carried out,” said Mr Patrick. “It is our understanding that specialist software may still be able to recover certain information stored on the phone, but we do everything in our power to ensure all personal data is removed from the device.”

However, the clear moral of the story is that if you’re selling your phone make sure you have securely removed all your data to the best of your ability. In some cases the manufacturer reset function will be enough but in others it may not and specialist data removal software may be needed.

Image courtesy of the Guardian