Beware Facebook Scams! Protect yourself!

CybercrimeAs Facebook now has more accounts than there are people in the United States, it should come as no surprise that it is possible to break into some of those 300 accounts.  This happens.  Well, what happens next when an attacker breaks into a Facebook account?  Several things are likely.  First, the attacker will retrieve as much information about the individual and his or her friends as possible.  There are several key pieces of information that prove valuable:

  • Birthday and Hometown are enough information for an attacker to reliably predict social security numbers of people born after 1989.  You can hide this information from your profile by going to your profile, clicking on the little box in the upper right of the Information tab, and deselecting birthday and home town.
  • Email address is useful to feed into a phishing/spam engine.
  • Telephone # and IM account information is enough to either use or sell to other scammers.

Next, an attacker may try to directly contact friends to scam money out of them.  While such attacks are unlikely to take the form of a 419 scam where the attacker tries to play on greed, they will more likely play on peoples’ sympathies.

Here is an example:

0Wn3d Friend: Hey
0Wn3d Friend: How are you doin?
Target: good evening, Friend!
Target: i’m doing well, and you and your family?!
0Wn3d Friend: Not too good
Target: oh?
0Wn3d Friend: We are in a very deep mess
0Wn3d Friend: Glad you are here
Target: what happened?
0Wn3d Friend: We are stranded in London England
Target: WHAT?!  how so?
Target: where?
Target: (in london)?
0Wn3d Friend: Kentish Town
0Wn3d Friend: We got mugged on our way back to the hotel at a gun point
Target: oh geez
Target: have you gone to the police?
Target: do you have a phone?
0Wn3d Friend: Yes,We were able to file a report to the cops and that is been Investigated
0Wn3d Friend: They made way with all we got here
0Wn3d Friend: Cash,bank cards and also the cell phone
Target: ok.
Target: i have a few friends outside of london.  are you in a hotel?
0Wn3d Friend: Yes
Target: do you still have your passports?
0Wn3d Friend: Yes,I’m still safe with the Passport
Target: ok.  how long are you supposed to be in London?
0Wn3d Friend: That has been the problem
0Wn3d Friend: I seriously need your urgent help getting back home
Target: what hotel are you in?
0Wn3d Friend: Sector Hotel
0Wn3d Friend: I have a flight back home in the next 3hrs but the hotel management won’t let go
Target: do you have the hotel’s address & phone #?
0Wn3d Friend: I don,t have the #
Target: i’ll need an address
0Wn3d Friend: 151 Kentish Town Road, London, NW5 2CG
0Wn3d Friend: I’m having problem with the hotel on the bills

What happens next is that the attacker asks for a credit card.

So how do you know it’s a scam?  First, Amazingly, Google is your friend.  If you enter just a few details from this example, you’ll see that Kentish Town and the Sector Hotel show up as a scam. The other odd thing about this exchange is that the person claims to have been mugged at gun point in London.  I’m not saying it doesn’t happen, but it’s rare.

More importantly, ask yourself why this friend is contact you, and not calling a relative for help.  To be sure, if this person really is a friend, you should already have a phone number for that person.  Call him or her, but do not rely on contact information from the attacker.  Calling a number they give you can cause you to lose a lot of money.  If they answer the phone and have no idea what you’re talking about, you know it’s a scam.  If they don’t answer, call a relative of theirs or ask for more details.  In this case the person said they filed a police report.  Get the report number from the person, name of an officer who took the report, and independently call the police.    Do not rely on anything in the facebook profile of the friend.  You should assume the attacker has already manipulated all of that information.

Most importantly, never send credit card information over the network in such circumstances.

Ok, so you’ve figured out it’s a scam.  Congratulations!  What do you do next?  Report it, and fast.  Facebook is pretty responsive when it comes to shutting down accounts.  In one case I’ve reported, they reacted within 10 minutes.  To report abuse on facebook, click on Help at the bottom of the page, and right at the top you will find the following:

Hacked accounts and spam

Click on that text, and it will help you report the information.  You will need the URL of the profile of the friend who you are reporting.  To get this, type the friend’s name in the search bar.

Don’t feel bad that you are reporting a friend, either.  This is a case where your friend is being maliciously used, and you are doing your part to putting an end to it.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

There really is nothing Easy about EasyJet

easyJet.com

Dear friends Steve & Mary have returned from living in Australia, and so we will visit them in the UK.  To do this, I did my level best to try and find a cheap flight from Zürich.  “Cheap flight” and Zürich?  Say it isn’t so?!

It isn’t so.

EasyJet advertised a low fare on their web site.  Indeed it was fantastically low at CHF 312.27 for the three of us.  And so I clicked on buy.  But wait, not so fast.  First we had to turn down travel insurance for 71.85  CHF, and then we had to spend 108 CHF so we could check luggage (anyone with a kid checks luggage), bringing the total to 427.

But wait!  Want seats?  Forget it, but you can spend some extra bucks to get on the plane first.  We didn’t.

But wait!  That will be an extra 20 CHF for using your Mastercard over the web.  Only a certain Visa (not all Visas) get you a break on that.

But wait!  They didn’t even accept my Mastercard for reasons passing understanding (of myself or my card’s issuing bank).

So after all of that, we’re flying Swiss.  819 CHF, but at least we can book them.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

We don’t need an opposition; we’re the Democratic Party

CNN reports today that Senator Max Baucus has been targeted in an ad campaign over his current health care proposal.  As I live abroad it is hard for me to express strong feelings over the current debate, other than to say that the fastest way to hand Congress to the Republicans is for Democrats to kill health care reform.  We can argue over the wisdom of Obama putting this issue front and center, but now that it is, he and the Congress have to deliver or there will be very serious consequences next Fall.  In fact, it would be a repeat of 1994, only here the consequences would be worse.  Back in 1994 President Clinton didn’t have a filibuster-proof majority in the Senate, and Senator Dole took advantage of that fact.

Open, honest debate is good.  It should be something that everyone allows for, and it was something that Republicans have traditionally suppressed.  However, that debate needs to be respectful, with a recognition that there are many sides to this very complicated issue.  Having seen several national health care systems up close and personal, I’ll just point out that each has its problems.  You cannot have both universal healthcare and the choice of every healthcare option for everyone.  The numbers just won’t add up.  I’ll also mention that in America the argument is not between the government choosing and consumers choosing, but rather between government-regulated insurance choosing and insurance companies choosing.  Consumers already have very few choices, and 46 million people have none.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

Grant Us Peace

I suspect we Americans all have very different emotions.  Rather than express mine in my usual verbose way, I’ll simply write two things: my thoughts are with my cousins who lost a father, a brother, and a spouse eight years ago this day.  Their grief is only compounded this week with another loss last week.  My thoughts are with them.  They’re also with my aunt who lost her closest friend, and with my brother and sister who bore witness, and all those suffered losses.

I’ll also just mention some of today’s play list (if you can figure out what most of these songs have to do with this day, you probably are or should be a shrink):

Please share your songs and thoughts.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]

Are Employees of the CIA above the law?

Update:  CNN’s Peter Bergen points out all the flaws in Dick Cheney’s logic here.

Over the last few days there have been a plethora of conservative commentaries that range in their argument from Dick Cheney accusing the Obama administration of a political vendetta to The Wall Street Journal repeatedly arguing that the prosecutions are just wrong headed (such as this one) to Debra J. Saunders in the SF Chronicle, arguing that the employees in question should be pardoned.  There are at least two problems with the arguments now appearing on the street:

  1. In all cases, torturer sympathizers seem to forget that we, the American People, don’t actually know what happened yet.  That is what an investigation is for.
  2. In some cases, the argument seems to be that members of the CIA who were acting on orders should be shielded by the fact they were just following orders.  We tried people and convicted them, not withstanding that defense, in Nuremberg.  They were known as Nazis.  We as a society need to send a message that no one is above the law.  It may take years to catch up with people who have been politically shielded from their crimes, but they will be brought to justice.
  3. According to the CIA, torture has been shown to be unreliable.

That leaves the argument that the current investigation by the Justice Department is politically motivated.  I would have to say that if one’s politics require one to believe that torture is illegal and immoral, then the answer is yes.  Our morality throughout the world has been called into question.  Do we condone the torturing of human beings?  What, then, separates us from those we accuse of being evil?

On the other hand, I do not see any evidence that this is some sort of game of political Gotcha.  While Debra Saunders writes that General Holder has in the past been inconsistent in his views when it comes to pardons, that means nothing in the context of a factual investigation.

As to Mr. Cheney, let him speak.  He may, at best, be shielded by the fact that the vice president cannot order anyone in the executive branch outside his own staff to do anything.  He would be the wrong person to go after, anyway.  If President Bush ordered a crime to be committed, let him be held accountable, assuming a crime was committed.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]