tl;dr you have to keep complaining to Virgin for several months and then take them to the Communication & Internet Services Adjudication Scheme then complain to their Data Protection team by contacting them on LinkedIn. Background Virgin have a spammy DNS hijacking service. If you accidentally misspell a domain - for example example.coom - Virgin will pretend that the domain exists and serve you up an advertising page. Yahoo powered! Yeuch! This means my data is sent to these advertisers…
Continue reading →
Yesterday, January 2nd, my wife received a billing alert from her phone provider. Luckily, she's not with EE - because it's a pretty convincing text. That domain name is specifically designed to include the day's date. If you're stood up on a crowded train, with your phone screen cracked, would you notice that a . is where a / should be? A quick look at the URl shows a trusted domain at the start - followed by today's date. It starts with https:// - that means it's secure, right? Is .info…
Continue reading →
It seems that Twitter has lost control of its advertising system. This blog post will show you why it is dangerous to click on any Twitter advertising. Twitter ads have always been a bit crap, but I've seen a recent influx in outright scams. Let me step you through a couple of examples. A typical click-bait headline. What has our favourite celeb done this time? In a moment of weakness, let's click through... Straight away we can see that the branding on the site has been set up to…
Continue reading →
Twitter has a problem with scam advertising. Rather than having humans manually check adverts for acceptability and authenticity, they let almost anyone promote anything. Whatever meagre protections they build in are rapidly evaded by the scammers. Let's take a look at an example of a promoted crypto-scam about Singapore. I'd say it was obviously a fake, but Twitter says this story comes from CNBC...! Take a look at the bottom of the image - the CNBC domain name is there... Diving into…
Continue reading →
Blogging - because Google don't offer a bug bounty for spam reports... Back in 2007, Google introduced "My Maps": Easily create custom maps with the places that matter to you. Allow friends to see and edit your maps, or publish them to the whole world. Like most Google products, it was effectively abandoned after launch - receiving a superficial update in 2014. Now it is a haven for spammers and fraudsters. Even Google's mighty AI is unable to detect this complex spam... How big a…
Continue reading →
Ever had a moan at your bank on Twitter? You're not alone - it's one of the most popular ways to interact with large companies. But how can you be sure that you're actually talking to the real customer services team? There's been a worrying rise in the number of fake accounts which attempt to trick people into handing over their banking details. Let's take a look at one of them. Here we see what looks like a genuine account from one of the UK's biggest banks - NatWest. This account belongs …
Continue reading →
Gmail is usually pretty good at stopping spam from reaching my inbox. When it slips up, it reminds me of just how terrifying the modern internet is. Early one morning, I received this email from someone I know (details redacted by me). It came from his email, it has his signature at the bottom. This doesn't look like someone hijacking his email so far. I don't put much stock by "Protected by Antivirus" claims - because they provide no proof that scanning has taken place. I know you…
Continue reading →
Regular readers will know that I take a keen interest in Twitter spam. It seems the more popular a network gets, the greater the propensity for spam. A shame, but it seems to be the way of the world. Recently, one of my Tweets which mentioned SoundCloud was retweeted in rapid succession by a variety of accounts. Take a look at the mugshots below and see if you can spot a pattern. Ok, let's ignore the obvious - spammers apparently think that blonde women attract more attention. A quick…
Continue reading →
Journalist Dave Lee pointed out a disturbing new spear-phishing attack on Twitter. The phony account looks for people who are Tweeting their dissatisfaction with Lloyds Bank - one of the largest and oldest banks in the UK - and sends them messages urging them to log in to a fraudulent site. The tweets have some realistic touches - such as ending with "^LY" to signal the initials of who is using the account. As you can see, in some cases, customers interact with the account believing it to…
Continue reading →
Like a lot of you, my Facebook feed often fills up with dodgy adverts for discount sunglasses. In this case, Mark's account has been hacked and the spammers are tagging lots of his friends. The post then shows up on my feed as "look what your friend is up to!" Annoying. So, here's how to stop it. There's a slightly obscure FB privacy setting called: Review posts that friends tag you in before they appear on your Timeline? Timeline Review controls whether you have to manually approve…
Continue reading →
Earlier this year, I received SMS Spam from Paddy Power. I went into full-on Taken mode! I have a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for spammers like them ☺ It culminated with barrage of complaints and an interview on BBC Radio 4. A few months on, it's time to see what my complaining has achieved. First up, a pretty good response from the Direct Marketing Commission. May I thank you for raising your concerns a…
Continue reading →
What could be worse than email spam? Animated gifs in the subject line of email spam! This is a trend I've recently started to see on Gmail - here's what it looks like and how it works. So, what's going on here? How have they got an animated image into the subject line? Here's the raw text of the message's subject line: …
Continue reading →
