The other day, a company sent me a 2FA code which was only four digits long. I'll admit, this weirded me out. Surely 4 is just far too short. Right? I think almost every 2FA code I've seen has been 6 digits long. Even back in the days of carrying one of those physical RSA fobs, 6 has been the magic number. But why? A 2FA code is meant to prevent a specific class of problem. If an attacker has got hold of something you are (your username) and something you know (your password), you are…
Continue reading →
Earlier this week, my holiday was interrupted by a sophisticated SMS scam. Rude! Let's take a look at it. Let's take a look at all the ways we can tell it is a scam. Firstly, and most obviously, I am not a customer of Lloyds Bank! But these scammers send out to multiple people hoping to catch victims. Secondly, I've not made a complaint to Lloyds! But, again, scammers know that plenty of people have. So this adds a touch of authenticity. If you were a Lloyds customer who had recently…
Continue reading →
The UK is facing an epidemic of SMS fraud. Scammers know that we're all at home eagerly waiting for deliveries. So they send out phishing messages saying "Sorry we missed you" or "You need to pay a delivery fee". If you click on the link they send, you'll go to a very convincing website which looks identical to the courier's page. Whereupon the fraudsters will ask for your bank details, credit card number, mother's maiden name, and inside leg measurement. There are many complex reasons why…
Continue reading →
A curio from the archives. Waaaaaay back in 2003, I was working at Vodafone on their graduate training scheme. One of their fancy new ideas was a crowd-sourced employee suggestion box for new business proposals. As an eager young grad I submitted dozens of ideas. Most of them were crap. But, as I looked back over them, this one struck me as being a lot less crap than others. Terence Eden is on Mastodon@edentLooking through some *very* old documents.Discovered that I pitched the idea of…
Continue reading →
Earlier this year, I received SMS Spam from Paddy Power. I went into full-on Taken mode! I have a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for spammers like them ☺ It culminated with barrage of complaints and an interview on BBC Radio 4. A few months on, it's time to see what my complaining has achieved. First up, a pretty good response from the Direct Marketing Commission. May I thank you for raising your concerns a…
Continue reading →
Earlier this week I appeared on BBC Radio 4's "You And Yours" to talk about the scourge of SMS Spam. You can listen to it on their website - or, if it has expired, I've grabbed an audio clip for your listening pleasure. 🔊 💾 Download this audio file. I've asked the Direct Marketing Associate to create a "Do Not Text" list - so that people can opt-out of spam SMS. They already operate the Mail Preference Service and the Telephone Preference Service for opting out of junk mail and ca…
Continue reading →
This is a cautionary tale of how my personal details have been repeatedly sold and resold by a British network of spammers - each of them turning a blind eye to the provenance of their data. I'm calling on the Direct Marketing Association to create a universal opt-out file - just like they do with junk mail and nuisance calls - to prevent people receiving spam via SMS. Like lots of people, I awoke on Sunday morning to a spam SMS seemingly sent on behalf of the gambling firm Paddy Power …
Continue reading →
One of the greatest cultural achievements of the last Labour Government was making museum entry free for everyone. Whether you're rich, poor, British, foreign, young, old - you can enjoy the treasures of our museums and galleries. Of course, while museums are funded by the state, they still rely on generating some external revenue - hence the ubiquitous gift shop and major corporate donations. In the front of most museums, you'll find a vessel for collecting donations. Usually half full…
Continue reading →
I don't like spam. I'm very careful always to tick the "do not pass my details on to 3rd parties" box on forms. So, when I do get SMS spam, I like to know who has been flouting the rules. See my previous investigation. A few weeks ago, I received this rather annoying message: I'm not a gambler - and I've never had a business relationship with Coral. So why are they sending me this tripe? I took to Twitter to find out. Terence Eden is on Mastodon@edentHey, @Coral - SMS spam is not cool. …
Continue reading →
Remember text adventures, eh? They were pretty nifty! "You are in a maze of twisty little passages, all alike" >Go East "You have been eaten by a Grue. A dwarf starts singing about gold" Smashing! Just like the pictures are better on the radio, so the graphics are immeasurably superior when they're in your head. Don't get me wrong, I love the 5.1 surround sound snarl of a rabid beast rendered in 1080p - but nothing is quite as good as using your imagination. Text Adventures - or, more…
Continue reading →
I recently read about an innovative telephone call scam. A scammer rings the mark and asks for her credit card details. If the mark refuses, the scammer tells her to hang up the phone, then dial 999 and ask for "Sergeant Scammer of the Fraud Squad". The mark does so, and is connected to what they assume is the emergency services. However, because the scammer hasn't hung up at their end, the call is still active. So the mark isn't speaking to 999, but to the scammer. Pretty devious. …
Continue reading →
Cracking on with my Raspberry Pi, I've written my first program in Python. The aim - to be able to send an SMS via a 3G USB dongle. The problem - the way SMS needs to be encoded is hideously complicated. For example, suppose you want to send "This is a very simple message :-)" to the phone number +447700900123. This is the command that you need to send to your dongle: AT+CMGS=42 079144872000626001000C9144770009103200112154747A0E4ACF416190BD2CCF83E6E9369C5D06B5CBF379F85C06E95A29 WHAT? THE? …
Continue reading →
