The Trust Alliance


https://otalliance.org

The Trust Alliance was formed in 2005 and today(now called OTA) has the mission to enhance online trust and empower users, while promoting innovation and the vitality of the internet. OTA is global organization supported by over 100 organizations and has offices in Washington DC.

The goals of OTA are:-

• Help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity.
• Supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.
• Promote data sharing and collaboration through working groups, training and committees.

Sponsors include individuals, technology leaders, social networks, ecommerce, financial institutions, service providers, government agencies and industry organizations.

Why Was OTA Stated?

Faced with increasing levels of spam and deceptive email, in early 2004, a group of business, industry and marketing leaders led by Epsilon Interactive, Email Senders and Provider Coalition, The Direct Marketing Association, Microsoft, Symantec and Sendmail began meeting to pursue solutions to authenticate email and improve user confidence and in July 2005, the first Email Authentication Summit was hosted in New York City and there have been further successful summits.

So, OTA work at the strategic level to improve Internet security. They are currently working on how to make email trusted. We all know the problems of emails that appear to be from one person but are in fact faked (this is called spoofing) and the design of email makes this possible and difficult to stop. But there are technologies that can improve this situation and ensure email is from who it says it’s from.

OTA are also investigating online advertising. There are major concerns about lack of privacy and security, click bait, fake news, sponsored content, and more. Online advertising is fast evolving so OTA will have to move quickly to keep pace.

OTA are also looking to the future at the Internet of Things and how this will affect privacy and security.

The Trust Alliance

https://otalliance.org

The Trust Alliance was formed in 2005 and today(now called OTA) has the mission to enhance online trust and empower users, while promoting innovation and the vitality of the internet. OTA is global organization supported by over 100 organizations and has offices in Washington DC.

The goals of OTA are:-

• Help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity.
• Supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship.
• Promote data sharing and collaboration through working groups, training and committees.

Sponsors include individuals, technology leaders, social networks, ecommerce, financial institutions, service providers, government agencies and industry organizations.

Why Was OTA Stated?

Faced with increasing levels of spam and deceptive email, in early 2004, a group of business, industry and marketing leaders led by Epsilon Interactive, Email Senders and Provider Coalition, The Direct Marketing Association, Microsoft, Symantec and Sendmail began meeting to pursue solutions to authenticate email and improve user confidence and in July 2005, the first Email Authentication Summit was hosted in New York City and there have been further successful summits.

So, OTA work at the strategic level to improve Internet security. They are currently working on how to make email trusted. We all know the problems of emails that appear to be from one person but are in fact faked (this is called spoofing) and the design of email makes this possible and difficult to stop. But there are technologies that can improve this situation and ensure email is from who it says it’s from.

OTA are also investigating online advertising. There are major concerns about lack of privacy and security, click bait, fake news, sponsored content, and more. Online advertising is fast evolving so OTA will have to move quickly to keep pace.

OTA are also looking to the future at the Internet of Things and how this will affect privacy and security.

A Case of Seller Beware


We all know the saying “buyer beware,” but sometimes it’s also “seller beware”.

Drew Silvers, sold a Ford Explorer on Craigslist only to end up in court over it. He did win but it’s an odd story.

The Sale

The Explorer was ten years old and had 90,000 miles on the clock. It had no problems until about a month before posting it on Craigslist when the “check engine” light popped up due to a misfire. Turned out to be the DPFE (emissions device) and it was replaced. I drove the car every day for about a month without problems until someone finally emailed me about it.

The guy offered less than the selling price but I needed to sell the car so I accepted. During this time, I had my paperwork laid out on my coffee table, which included a receipt from the recent DPFE repair, the title to the vehicle, and two copies of an “as-is” bill of sale for us each to sign and keep. My friend counted the buyer’s $3,300 cash, the buyer and I each signed both copies of the bill of sale, and the title. He went on his way for me to never see him again… Or so I thought…

An Unhappy Customer

A couple of days later, I received a long, irritated ramble about how he was driving “my” car and it started skipping, choking, shaking, and running extremely rough. I sent him an email back and said it didn’t make any sense to me because I had been driving it just fine for about a month before hand.

Emails and constant phone calls continued and he told me to do the “right thing” and take the car back or reimburse him for the money he had spent on it so far, but I didn’t respond to him.

About three months later a letter came in the mail from the magistrate court in my county. He was suing me over the Explorer.

My witness and I headed to magistrate court. The guy made the mistake of changing his case from claiming damages to fraud. That meant the magistrate couldn’t hear the case and she had it transferred to the Supreme Court much to the surprise of the buyer. I assumed the problem was over.

About a month later I received a trial notice in the mail from Clerk of the Superior Court in Atlanta. The buyer had followed through and still had no attorney as his listing was filed under “pro-se”. The date was subsequently changed and the final trial date was set for about a year after selling him the Explorer.

I went to court with my witness. The trial started and went exactly as I had thought and the buyer blamed me for selling him what he called a “fraudulent vehicle”, he called his girlfriend to the witness stand who really had nothing to say. The buyer had taken the Explorer to a Ford dealership and had them itemize everything which was not in new condition on the car and the “repair” total to bring it back to showroom condition was a hair over $10,000, which is the amount he was trying to push on me on top of the criminal charge. When it was my turn I did put the buyer on the witness stand and asked him about the “as-is” bill of sale he had signed, which he denied and said he wouldn’t ever put his name on such a thing. Then I took my copy of the bill of sale as well as the return receipt that he had signed when I changed the court date a few months before. I handed both of those documents to the judge so he could compare and he became even more angry and said “I’m no handwriting expert, but…please step down from the stand and take your seat.”

The judge told the buyer that he had no case, was well aware that the “as-is” bill of sale was legitimate, and it wouldn’t matter anyway because the state of Georgia falls under the “buyer beware” rule. We were then angrily asked to leave the court room as the judge’s face turned a nice red hue…

Be careful when buying or selling and always keep the correct documentation.

UK Biggest Cyber Criminals Caught

The UK’s biggest ever cyber scammers stole £113m by calling victims pretending to be from their bank. Fraudsters used bin bags full of cash for shopping sprees, bought supercars and a Lahore mansion. The Glasgow-based gang targeted small businesses in telephone fraud scam and they cleared out millions of pounds from their victims’ bank accounts

The ring leader Choudhary has been jailed for 11 years and 14 others also face prison terms.

The Burnley-born fraudster had fleeced over 750 British firms to fund his millionaire playboy lifestyle. Raking in £3million a month by cold-calling bank customers, he ruined hundreds of lives and put small businesses on the brink of bankruptcy – leaving one victim so distraught that she committed suicide. The Method

Choudhary phoned businesses claiming to be from their bank, saying security on the accounts had been compromised. He got internet bank security details and passwords from employees and emptied their accounts in minutes, blocking phone lines with software to stop contact with the real bank

Unwitting customers were told their accounts had been hacked and were duped into giving their internet banking passwords over the phone.

The cash was withdrawn by ‘money mules’ and moved through transfer exchanges from London to Pakistan and elsewhere. The biggest raid saw £2.2million taken from a solicitor’s firm in minutes

Choudhary used the details to convince businesses he was a genuine bank employee, telling them they had been hacked by ‘someone in Aberdeen’ called ‘King’

Scotland Yard believes at least 750 businesses were affected between January 2013 and October 2015, but there could be countless others. Choudhary targeted customers from Lloyds, Santander, Barclays and Royal Bank of Scotland.

Choudhary grew so rich that he flew his personal valets 8,000 miles across the world to polish his Porsches.

He posed as a music producer and property developer and owned a fleet of expensive cars including a Bentley, Rolls-Royce, Lamborghini and two Porsches.

Choudhary spent millions on a property portfolio in Pakistan, Dubai and Scotland, treated himself to £100,000 shopping trips at Harrods, bought £45,000 Rolex watches and enjoyed luxury holidays in the Middle East. Conviction

Choudhary was jailed for 11 years. Corrupt Lloyds business adviser, Jones Opare-Addo, was jailed for five years for leaking account details to the gang and setting up accounts to launder cash.

Emma Daramola, 23, was given a two-year suspended sentence for conspiracy to commit fraud by abuse of position for her role as an insider at Lloyds

A long list of accomplices were also jailed.

Good riddance.

TrashCan Disposable Email Addresses




Or maybe you’re just on the Internet and you have to key in your email address for a one off reason.

Disposable email addresses are the solution. Use once and throw away.

There are various email providers including Yahoo and Google etc. that offer disposable email addresses and there are some specialist suppliers.

Trashcan is a new supplier that has simplified the process as much as is possible.

You go to the site www.trashcanmail.com

Type in your desired email address @trashcanmail.com

If it’s already in use you’ll have to pick a new one otherwise it’s now yours.

You don’t have to register or give your name and email address.

The disposable email address is yours.

To check any incoming mail – go to the website and type in the address and see what you’ve got.

That’s it.

Clearly this is not very secure as anyone can go to the Trashcan website and key in your email address deliberately or accidentally while trying to make one for themselves.

But it’s designed for a one-off use then forget it.

If you want a secure disposable email address then there are lots of providers available eg. Yahoo, Guerilla Mail and Maildrop.
But if you want a one-off quick email address to use then Trashcan might fit the role.

Caller Protection Company Fined For Cold Calling

A West Sussex company has been fined £40,000 for making nuisance calls to the elderly.

The Information Commissioner’s Office (ICO) ruled that IT Protect Ltd, in Bognor Regis, broke the law because it called people registered with the Telephone Preference Service (TPS), which is a service home users can sign up to for preventing unsolicited calls.

Ironically, this firm was making nuisance calls to people to sell them a call blocking device. But by phoning people registered with the TPS it broke the law. The ICO investigation was aided by members of the public reporting the nuisance calls they’d received from IT Protect.. They told ICO that the firm had preyed on the elderly and misled people by giving the impression they were working with BT.” STEVE ECKERSLEY, HEAD OF ENFORCEMENT, ICO

IT Protect told the ICO it had bought a list of people and phone numbers from another firm, but it had not verified that the numbers were not on the TPS list and hence could not legally be cold called.

Reliance on another firm does not preclude the company from law breaking.

The law says that calls should not be made to anyone who has registered with the TPS unless they have told the caller that they wish to receive such calls from them. Companies failing to screen against the TPS, who then call people without consent, can expect enforcement action by the ICO.

IT Protect is the first company to be slapped with a bill by the ICO since it took over management of the Telephone Preference System in December

TPS is a free service designed to protect people from unsolicited sales or marketing calls

How to Charge Cold Callers


It is possible under specific circumstances that you can invoice cold calling companies and make them pay for your time wasted.


But it takes a lot of effort to make it work and is only possible with very insistent cold callers who refuse to stop.

Richard Herman is a retired BT engineer and he was plagued with calls from a solicitors.

He thought about what would make it possible for him to claim money from them and he put his plan into action.

1. He recorded every call and the date, time and length of each call.
2. He warned them that they would be incurring costs if they continued to call him against his wishes. This warning needed to be explicit rather than just saying ”It will cost you”
3. He specified that the charge would be £10 per minute or part thereof occupied in answering the cold calls.
4. His meticulous records, recordings of the calls and warnings to the callers to stop, put him in an excellent position with the law.
5. He wrote to the callers demanding payment
6. When payment was not forthcoming and the calls continued then he started legal action.
7. The company behind the cold calls turned out to be a solicitors and they fought the case but lost and had to pay up.

You can do the same if you’re willing to put in the time and effort.

Richard Herman has a website at http://www.saynotocoldcalls.com/index.html giving more detail and he will answer queries.

Liverpool Advertising Scammers Busted



George Williams controlled a Liverpool-based team conning firms into paying for adverts in a publication called “Emergency Services News”. There should have been about 1.2m copies per year to fulfil their promises to clients but instead police found they only printed 30,000 copies over 3 years.

Williams and others called themselves Weinstein Williams Associates Ltd and were found to have falsely claimed that they worked for the emergency services and detectives believe as many as 15,000 victims paid for adverts in publications that either did not materialise or didn’t reached the audience they had been promised.

Weinstein Williams Associates cold-called people all over the UK, claiming they were endorsed by emergency services to get people to place paid adverts in their fake magazine. Anyone who complained was threatened with legal action.

Williams, of Linacre Road, Bootle, took £2,000 a week and splashed out on flash cars, boats and property. He was jailed for seven years and four other men were sentenced at Liverpool Crown Court over the scam.

Judge Robert Warnock told Williams: “The evidence is overwhelming. You recruited guilty and unscrupulous sales staff. You enjoyed the criminal lifestyle.” “You have shown no remorse at all. It is highly probable you will offend in the same way. Your motive was greed and your method deception.”

Scammers like this create a plausible situation where they appear to help people in business. But it’s mostly fake and the businesses lose out and the scammers get very rich.

The Traffic Monsoon Ponzi Scheme


Pyramid investment scheme worth £160MILLION shut down after taking money from 162,000 people

Traffic Monsoon, which is run by Charles Scoville, claimed to make people money through online advertising ‘AdPacks’. Mr. Scoville, an American “entrepreneur” has a history of similar schemes.

The Securities and Exchange Commission stated that “Traffic Monsoon’s advertising business is an illusion designed to obscure the fact that it is offering and selling a pure Ponzi scheme” . “Over 99% of Traffic Monsoon’s revenue comes from the sale of AdPacks”.

“The company has virtually no other revenue from any other source”. ADPACKS

Everyone who joined bought AdPacks at $50 each (£38) and was required to click on 50 banner adverts each day, staying on each for five seconds. It’s this online traffic that members were told would generate income, but it didn’t.

In April, PayPal notified Scoville that his business had the hallmarks of a Ponzi scheme and in time froze the company’s funds – approximately $61 million. Scoville continued to sell Adpacks even though he couldn’t pay anyone.

The PayPal freeze ended on July 11, and Scoville transferred $25.6 million out of the PayPal account into a separate Traffic Monsoon account and immediately transferred $21 million of those funds into his own personal account.

He attempted to transfer additional funds out of the PayPal account, but PayPal stopped this.

Scovile continues to maintain his company is genuine and posted he on Facebook – “For those of you who read the report and wonder why I moved funds from the business account to my personal…it truly was to protect those funds”. Some people still believe in him and a petition has been launched on Change.org to raise money for Scoville.

The company has taken in $207 million dollars in actual cash, but on paper Traffic Monsoon had generated $738 million dollars in revenue. Clearly that extra revenue does not exist and only by continually increasing the number of new members buying adpacks could the scheme continue to pay out, until its inevitable collapse.

Had the SEC of not stepped in, Scoville and the funds may have disappeared.

Nuisance Caller Prosecuted

Louis Kidd, 27, lives at home with his mother in Brighton but was the owner of Prodial – a company responsible for 46 million nuisance phone calls in the UK about PPI (Payment Protection Insurance).

Prodial’s computer systems would dial numbers and play a recorded message about claiming PPI. Anyone who responded would have their details sold on to Claims Management companies.

The automated calls, dialled from a computer server in the south east of England, hit homes across Britain at the rate of over 330,000 a day, at all times of the day and night between January 20 and August 21, 2015.

Complainants said they were called repeatedly and often there was no way to opt out even for people who had never had PPI.

The Information Commissioners Office estimated that Prodial was making as much as £100,000 per month and described the operation as ‘one of the worst cases’ they had ever come across.

The regulator has ordered Prodial to pay a £350,000 fine but the company was wound up before the prosecution and has no assets left. Liquidators are trying to determine where the money has disappeared to. Previous Companies

Mr Kidd and Mr Carrington (his business partner) both worked previously at Italk Affiliate Telecommunications, which is itself under investigation by the ICO for making between four million and six million calls a day using similar, technology to Prodial.

Italk was raided by the ICO in March last year and faces a possible maximum fine of £500,000. By then, Mr Kidd and Mr Carrington had jumped ship.

There appears to be a group of people who know how to abuse the system and some have got away with it for a long time as this has happened with other companies as well. The Result

Prodial has been fined and is out of business, but the people responsible are free to open more companies and able do the same thing again.

“There is a group of people who know how to abuse the system and some have got away with it for longer than others,” said a source familiar with the investigation.

Lorraine’s Battle Over Fridge Insurance


Lorraine is retired. She has insurance against breakdown on her fridge and freezer and other items as it gives peace of mind. This is paid monthly by direct debit to Domestic General. Ltd

Then she received a call from the company about her insurance saying the company had changed ownership but they could start a new insurance policy to cover her fridge etc. and the best deal was to take 3 year cover.

Lorraine is a canny person and questioned to herself whether this was true, but the company knew about her fridge, the direct debit and that she had taken out the cover in 2003. So it all appeared correct and she agreed and paid in advance for the new 3 year deal (at the significant cost of £150).

She told her daughter Fiona about this sometime later and Fiona was suspicious when she found out the original direct debit was still in operation. She checked the documentation and found that the new cover was with Domestic Appliances.

She called them and realised it is a separate company nothing to do with Domestic General Ltd. Fiona tried to get the money back but Domestic Appliances refused to acknowledge the deceitful approach by their caller and refused a refund. They also denied having a recording of the telephone conversation and claimed their staff were well trained and would not engage in such subterfuge.

What to do?

Fiona cancelled the direct debit with the original company Domestic General Ltd. and explained to them what had happened. They couldn’t help but did say that this problem had happened before with Domestic Appliances.

The reputable company Domestic General Ltd offered monthly payment and a contract that could be cancelled whereas Domestic Appliances insisted on payment up front for a 3 year deal and no cancellation.

Unfortunately there seems to be no redress in this situation – no way to get the money back from Domestic Appliances.

Will they provide a good service if Lorraine has problems with her kitchen fridge?

We don’t know.

How to protect Yourself Against Online Scams


The points below can help you to be safer online – but stay cautious, especially where money is concerned.

1. Don’t buy anything or agree to anything that seems too good to be true.
The offer of riches or a bargain or some reward may tempt you, but be careful. If something seems too good to true then it almost certainly is.
2. Always check and confirm the identity of individuals and websites you are dealing with, both online and offline. Do not give away any personal information unless you are sure of who they are and why they need the information.
3. Don’t fall for an advance fee scam. That is do not pay upfront for a job application, a reward, a lottery win or anything else similar.
Any work-at-home scheme where you have to pay upfront is likely to be a scam and anything else where you pay up front for something where you don’t expect a charge is also likely to be a scam.

This applies, for example, to lotteries, other supposed competition wins or inheritances, and people claiming they want to share money they inherited or won.

1. Don’t buy (or rent) from someone you don’t know or haven’t checked out. This is a difficult one as it’s the business model for Internet business Airbnb and many people around the world have benefited from renting out their home to strangers or renting the home of a stranger. If you are going to do this, make sure to read the reviews carefully looking for anything suspicious and if there aren’t enough reviews on the property then find another one.
2. Protect your confidential information. Don’t give out private information in response to an inquiry you didn’t initiate.
3. Buying Online. Use services like PayPal to limit your exposure to card fraud. Once your card is registered on Paypal you can use it on most websites to make secure payment without those websites having sight of your card details.

When buying online, check for “https” in the address line and a closed padlock symbol . If they are missing then the site isn’t safe for confidential information such as login and password.

1. Don’t be pressed into taking precipitate action. The scammers will try to make you do things quickly – so you don’t have time to figure out that it’s a scam. They will make things appear urgent or set a deadline.

No matter how persuasive an offer seems or how much an agent pushes you to agree on a deal now to get a discount, don’t do it!

1. Do not respond to charity emails as these can be fake – only donate to charities you know or have checked out and send your money directly to the charity.
2. Use reputable Internet security software on your PC and keep it up to date. Choose products with “Internet Security” or similar wording rather than simple anti-virus programs as they have more comprehensive features and protection.

Regularly check that you’re using the latest version and that it automatically updates its malware definitions.

Ignore pop-ups and other warnings that your machine is infected that don’t come from this program. And never pay money in response to such warnings.

1. Don’t click on links and attachments in unsolicited, unchecked messages or social networks.

This may be difficult for some people used to such messages from friends, but it’s your choice to take the risk or not. At Christmas time many people send e-cards and scammers know this and send their own malware versions, so be warned.

1. Don’t use Cash Transfer companies such as Western Union or Moneycorp as if the transaction proves to be fraudulent you cannot recover your money.
2. Be wary about downloading software from unfamiliar websites or using torrent sites that share files. These might install malware on your PC.
3. Set strong passwords and ideally use different logins and passwords for each website.
4. Never reply to spam messages – there’s no point and you would only end up with more spam messages.

Defending FightBack Ninja Blog Against Online Attacks

The Fightback Ninja blog uses standard WordPress technology for the creation and management of the blog online.

WordPress is very good and free to use and there are many thousands of templates and addons available, so you can use it to create a wide variety of blogs, websites and more.

However, the fact that it is so well known also makes all WordPress installations a target for scammers and spammers.

Attack type 1 – the attackers try to access specific files that normally exist in WordPress installations, with the intention of amending those files to give themselves scammers complete access.

Counter action: I had installed iThemes addon for WordPress and it gives a good level of protection against the common sorts of attacks. It blocked access and will lockout any IP address or login that tries constantly to access specific files.

Attack type 2 – password guessing

All WordPress installations have an admin login with the ability to create new logins and do anything on the installation.

Counter action: After nearly 10,000 attempts to crack the password, they gave up. Good job I had picked one that cannot be guessed.

Attack type 3 – comment spamming

This is not directly an attack but is simply morons trying to post entries (full of links) on the comments of the blog. This is usually to increase the ranking of some website by having as many backlinks as possible.

Counter Action: I had Installed a spam comment blocking addon called Akismet. This puts all comments in a holding area till I chose to approve them or delete them. So far nearly one hundred such spam comments have been blocked. The sort of comment they typically try to post is anodyne e.g. “Good writing but have you checked out this list of good links?” This is just rubbish to be deleted. As their attempted posts never appear on the blog – they give up for a while then try again.

Also, Google ignores post comments where the post is less than 3 months old so these comment spammers always go for old posts.

If you allow these comments onto your blog then you will be inundated with more as they are produced automatically.

Attack type 4 – A deluge of comment spam

Counter attack: I had to install an addon that let me turn off the comment facility completely for a while.

It is a nuisance that all WordPress sites get attacked in these ways, especially the popular ones. But the right precautions make it difficult for the scammers to cause any damage.

No doubt, the morons, scammers and spammers will continue attacks at some time but hopefully will never succeed.

Project Honeypot


This is about systematically identifying spammers and hence being able to block their activities.

Project Honey Pot (www.projecthoneypot.org) is a system for identifying spammers and the spambots they use to copy addresses from people’s website. Spambots are automated pieces of software that can read websites and find and copy any email addresses.

Website administrators have few resources able to tell them whether a visitor to a site is good or malicious. Project Honey Pot was created in order to provide this information to website administrators in order to help them make informed decisions on who to allow onto their sites.

Project honeypot is a set of software you can install on your website and it will enable the project honey pot team to track spammers and provide lists of repeat spammers.

To do this, webmasters install the Project Honey Pot software somewhere on their website. Project Honey Pot Â*handle the rest — automatically distributing addresses and receiving the mail they generate. As a result, they anticipate installing Project Honey Pot should not increase the traffic or load to your website.

Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

They collate, process, and share the data generated by your site with you. They also work with law enforcement authorities to track down and prosecute spammers. Harvesting email addresses from websites is illegal under several anti-spam laws, and the data resulting from Project Honey Pot is critical for finding those breaking the law.

Project Honey Pot is free to use.

There are also Â*“comment spammers”

Comment spammers do not send email spam. Instead, comment spammers post to blogs and forums. These posts typically include links to sites being promoted by the comment spammer. Project Honeypot can identify these comment spammers. Resources

Project HoneyPot publish various useful information in the battle against spammers.

A list of theÂ*top IP addresses being used by comment spammers.

A list of the topÂ*URLs,Â*domains, andÂ*keywordsÂ*being promoted by comment spammers.

A list of theÂ*top IP addresses used by dictionary attackers.i.e. scammers who use every word in the dictionary to try to crack someone’s password. Statistics

Project Honey Pot is monitoring 235 million addresses and 124 million IP addresses and has identified 267 thousand harvesters and 28 million dictionary attackers.That’s a great record.
Â*Â*
Â*