Net Work
Alan Winstanley
This month, read the latest on Internet-based fraud, ID theft and advice on using 2FA (two-factor
authentication) in your online dealings. Plus, SSDs – can you really entrust them with your digital data?
A
t the end of last year, the UK’s
National Fraud and Cyber Crime
Reporting Centre – Action Fraud
– reported the case of two brothers from
the West Midlands who were involved
in a nationwide eBay scam that raked
in a six-figure profit over several years
before they were finally caught. They
recruited innocent so-called ‘trading assistants’ to sell on eBay what turned out
to be non-existent mobile phones and
tablets: the goods were never shipped
but the monies were collected from
the ‘assistants’ by the fraudsters themselves. After skipping bail and fleeing
abroad, the crooks were extradited
from The Philippines and were jailed
for nine years for a scam that spanned
nearly half a decade. The scale of the
fraud became apparent when victims
reported their losses to Action Fraud
(www.actionfraud.police.uk), and local
police units eventually joined the dots
and caught the villains.
eBay, PayPal, Facebook, banks...
Meanwhile, their victims’ eBay and
Paypal accounts were frozen and some
were hounded by debt collectors; one
victim reportedly took out a second
mortgage to raise cash, while another
suffered serious bouts of depression.
British legislation is very unforgiving about the plight of money mules
– those who accept a ‘fee’ for passing
bogus third-party transactions through
their own accounts, whether driven by
sheer desperation, naivety or (more
often) plain greed. The penalties for
this form of money laundering can be
very harsh – up to 14 years imprisonment in the worst case, Financial Fraud
Action UK reminds us.
In 2018, over 40,000 cases of bank
account abuse due to suspected money
mule activity were reported in the UK,
says the fraud prevention service CIFAS.
Social media and instant messaging
channels were frequently used to attract mules before switching to secure
encrypted channels like WhatsApp to
ensnare them. Younger, impressionable
people and university students were
being taken in by these phony job offers.
The obvious advice is to never, ever be
12
tempted by job opportunities for ‘sales
agents’, ‘transaction processors’ or any
other schemes that let you ‘earn money
working from home’ as a middle man,
processing sales transactions through
your personal accounts.
Too much information
Personal data is highly valuable to
crooks and the author is sometimes
shocked by the naivety of those who
insist on sharing their details online
when conducting private business in
public. For example, I have just seen a
rather elderly user post her full name,
postal address, post (zip) code and
hours of availability on a local Facebook
group regarding someone taking away
her old washing machine for scrap. (I
asked admin to delete the post.) Useful
snippets of data like these can help
crooks to form a bigger picture about
victims, leading to impersonation fraud
or other forms of crime.
In the June 2018 CIFAS Report,
Wolves of the Internet: Where do fraudsters hunt for data online (available at:
http://bit.ly/pe-mar20-wolves) the value
of personal data traded by ID thieves
and fraudsters was laid bare. So-called
‘Fullz’ (a complete package of an individual’s ID credentials) are traded
openly both on the ‘surface web’ as well
as the underground ‘dark web’. Most
prized on the dark web were PayPal
logins, valued at £279 each, followed
by eBay logins (£267). Online banking credentials were worth £161 but
a lowly Facebook passcard was just
£3.74, said the report. Nearly 50% of
stolen data was then used to fraudulently apply for a credit card. Analysts
Forensic Pathways Ltd in London
used dark web crawlers to sample
and collate stolen personal data over
a 50-month period, and they estimated
that someone’s ‘Fullz’ data was worth
about $42 and a BIN (Bank Identification Number) was about $21. A bank
card’s magnetic data ‘dump’ was more
valuable, about $93. One person’s Fullz
profile was posted online where it attracted more than 270 hyperlinks to
it, and it was used to apply for nearly
two dozen dodgy accounts and cards.
Two-factor authentication (2FA) can alert
users of unauthorised login attempts.
Two-factor authentication
As always, one should remain incredibly vigilant and safeguard against
personal data theft as much as possible. In today’s wired world, and
with 5G coming around the corner,
it’s more important than ever to be
on the look-out for fraud and ID theft
and not ignore any suspicious events.
As an extra safeguard, Two-factor
authentication (2FA) adds another
step to logging in by sending an SMS
message and PIN code, for example,
which can alert account holders if
their logins have been compromised.
The remote possibility of impersonation fraud means that 2FA may not
be 100% foolproof though. To enable
it, go to: My eBay -> Personal information -> Security information -> 2
Step verification. Gmail and Facebook
users should sign up for 2FA if you
haven’t already done so – for further
Practical Electronics | March | 2020
details see http://bit.ly/pe-mar20-2fa
and http://bit.ly/pe-mar20-2fa-fb
Solid-state survivor
My thanks to regular PE reader Godfrey Manning who followed up on my
January item concerning upgrading
personal computers with solid-state
drives (SSDs). Godfrey asks:
‘How reliable have you found solid-state drives? I’ve had a couple fail
after just a few months. The system
freezes or displays a “Blue screen”
error. For example, a full-system virus
scan stalls or crashes. The drives are
usually still readable by a stand-alone
disc-copying utility, so I’ve reverted to SATA spinning discs. This has
happened to different brands of SSD.
After retrieving a Western Digital SSD,
I broke it open and found it to contain
a SanDisk chipset. Integral-brand SSDs
have different chips.’
I admit to having a slight nagging
doubt when installing my first solid-state drive at the heart of what is
my main production machine. I chose
to keep ‘busy’ data on my legacy spinning hard disk, while devoting the
new SSD to hosting Windows. Many
SSD users adopted that approach too,
but others are not fazed by SSD reliability at all. I chose a Samsung Evo
SSD mainly because Samsung is renowned for semiconductor memory
and I preferred their Spinpoint hard
drives in the past; I could also get one
delivered quickly!
There is plenty of life left in spinning hard disks (a 14 TB drive is yours
for £450) but the market has consolidated in recent years, taking some
memorable brands with it: Samsung
eventually sold its disk business to
Seagate, the brand that also acquired
Maxtor, while IBM hived off its Deskstar drive business to Hitachi, which
in turn went to Western Digital. Flash
memory chipmaker SanDisk is now
owned by Western Digital too, which
is why SanDisk-branded chips appeared in Godfrey’s SSD. In a vote of
confidence, PE’s Internet Service Provider tells me that they replaced all
their servers’ hard drives with SSDs
last year.
Amazon’s
Echo Flex
is a smaller,
plug-in
adaptor unit
offering Alexa
services.
Practical Electronics | March | 2020
In my system, some
local files are backed
up online to Microsoft OneDrive, but
I also back up key
data to a RAID-style
NAS using the excellent Macrium
Reflect software (a
free unsupported Lite
version is available
from: www.macrium.
com/reflectfree). My
Synology NAS currently hosts a pair of Blue Origin’s New Shepard VTOL space vehicle lands successfully
Western Digital ‘Red’ after a test launch.
hard disks, but I also
In early January, SpaceX launched
take a ‘last gasp’ ransomware insurance
backup of it on a removable 2TB Sam- its third crop of 60 satellites for Starsung drive (which has a Seagate label link, its low-earth orbit Internet satellite
underneath). Seagate has since dropped project. The first stage successfully
Samsung’s branding in favour of using landed vertically again on their drone
the Maxtor name on these drives, and vessel ‘Of Course I Still Love You’
SSD portable drives are catching on too. in the Atlantic (seen on the Youtube
As for the reliability of Flash memory, video https://youtu.be/HwyXo6T7jC4
all one can do is hope for the best but at 20:14). Astronomers are increasinginsure against the worst. A new SanDisk ly concerned about the impact that
MicroSD card in my new Christmas the satellite constellations are having
on observations, but thousands more
gift of a trail camera failed without
warning, taking some video snaps of satellites are set to be launched in the
elusive wildlife with it. I guess noth- future. Special satellite coatings are
being tested that might minimise ining is 100% secure.
terference with astronomers’ optical
News roundup: ransomware, instruments. This year may also see
Echo, browsers and space
test flights of SpaceX’s new Starship, a
Major currency exchange company 37-engined super-heavy lifter designed
Travelex suffered a serious ransom- to carry crew or up to 100 tonnes of
ware attack on New Year’s Day, which cargo, possibly to the Moon or Mars.
caused their trading platform and inAnother name to watch out for is
ternal networks to go down for several Blue Origin, an aerospace firm founded
days, with traders reverting to pen and by Jeff Bezos of Amazon fame. It has
paper. It is reported that Sodinokibi been quietly developing lower cost,
malware was introduced via unpatched reusable vertical take-off and landing
Pulse Secure VPN servers. No details of sub-orbital vehicles that will take payany ransom demands were publicised. loads – and maybe paying passengers
Amazon has launched a small plug-in – into space and back again (useful
version of its Echo smart speakers. The when you’re a passenger). Space fans
Echo Flex offers the usual Alexa voice will enjoy Blue Origin’s New Shepard
control in a smaller form factor that fits vehicle test launch and vertical landdirectly into a wall socket. Amazon em- ing at: https://youtu.be/9pillaOxGCo
phasises that Echo Flex is not optimised
Unseasonally mild weather condifor music playback. It costs just £24.99, tions recently affected some Freeview
UK and Ireland only. More details at: TV broadcasts for several days. The
https://amzn.to/2urCyEB
useful Radio & Television Investigation
As an alternative to Chrome or Fire- Service website is provided by the BBC
fox, Microsoft is re-engineering its Edge to help troubleshoot problems with both
desktop web browser to make life easier terrestrial and satellite systems. The
both for website users and developers. RTIS blamed the fine weather condiEdge is adopting the Chromium open- tions for causing ‘tropospheric ducting’
source model as its engine, which they – more details of this, along with lots
hope will improve website compati- more practical advice is on the RTIS
bility and performance for surfers and website at: http://bit.ly/pe-mar20-rtis
encourage developers to adopt more
That’s all for this month’s roundup –
uniform web design standards. Users see you next month for more Net Work.
can expect it to be delivered by a Windows 10 update and a new version of
The author can be reached at:
Edge for macOS is slated. More details
alan<at>epemag.net
from: www.microsoftedgeinsider.com
13
