Hi, My Name is Bernie

Another news item caught my eyes today.  The news reports that new and sophisticated Business Email Compromise (BEC) attack has compromised three (3) British Private Equity firms.  The attack involved Phishing for ranking executives of the compromised companies and then actually tampering with the victims' email application.  This enabled the group to intercept and redirect the emails of the executives.  To make a long story short, the hacker group was able to run off with approximately 1.3 MILLION DOLLARS! This type of cyber attack is nothing new.  Phishing attacks had been victimizing people for years now.  I personally handled cases where an unsuspecting victims lost all their savings because they unwittingly opened Phishing emails that redirected them to fake banking websites.  The victims, s thinking that they are on their bank's website, will then attempt to log in and that's it -- their user ID and password has been stolen by hackers. To avoid being vict

I just stumbled upon an alarming news that there is a "zero-day" vulnerability on the iPhone that can me exploited by a malware where a user does not even have to click on the malicious message to get infected.  According to the report: "At the time of writing, only the beta 13.4.5 version of iOS, released just last week, contains security patches for both zero-day vulnerabilities." At this point in time, the only way to protect ourselves from this threat is to avoid using the iPhone's default Mail application and simply access our emails direct from Gmail, Yahoo or other web-based clients. Full article here: Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Mails

In my previous post, I discussed Online Anonymity, its importance and how it is different from Online Privacy. Now that the importance of Online Anonymity has been highlighted, the question my five readers have in mind now is "how do we maintain our Online Anonymity?" First things first: in order to use the internet with Online Privacy in mind will require a paradigm shift -- in order to surf the net anonymously, we must try to relearn some of the things we are used to doing when accessing the internet in the convectional way.  Here are some things that we are all used to doing but should not practice if we want to access the internet Anonymously: use an anonymizing browser such as TOR Brower . when searching for information or anything else, do not use Google, Bing or Yahoo.  These search engines keeps a record of all searches, including which users did the search. never log in to any of your usual social media sites.  Once logged in, these social media sites will s

If you have among the 5 readers who has been taking time to read articles from this site, you may notice that I have been discussing Personal Technology Security and I have been concentrating a lot on personal data privacy.  This is because most of the online scams I have encountered in the practice of my profession stems from either the careless handling or the (un)intentional leakage of personal information. But there is an aspect in Personal Technology Security that is just as important but is often overlooked, even ignored.  I am talking about Online Anonymity .  Internet technology is now so advanced that it can now track the activities of each individual online -- what one purchases, searches for, reads, and even writes in emails/message boards. Majority of people would dismiss the concept of anonymity outright because apparently "they have nothing to hide".  These people cannot be more wrong in their assumption. Let me put it this way: Have you ever searched for

This will be the first of a series of posts I will call "IMOW" or In My Own Words.  The objective of this is to explain tech stuff such that it will be, hopefully, understandable to not-to-technically-inclined users.  Feel free to comment/criticize if you find me going too technical/geeky so I can adjust accordingly. I came across this news item this morning and it is sort of alarming considering that I used to work for a large local bank and it may affect thousands of clients if it reaches our shores.  The news reports of a new malware that infects a computer when a user opens video that is supposed to be about the "Corona Virus".  This video is hosted on a compromised internet server which in turn infects everyone who attempts to open the Corona Virus video.  Security researchers named this malware " Grandoreiro ". Now, it the infected computer happens to be using Google Chrome and visits an internet banking site, the malware will generate an &q

If you have been reading my Personal Technology Security Series posts, you now know that online fraud and cybercrime are mostly done with minimal or even no hacking involved.  A lot of victims' accounts were compromised through social engineering -- the victims were somehow tricked into disclosing enough information so that allowed fraudsters to perform transactions in their name.  I know of a lot of cases where the victims themselves disclosed their passwords through phishing/SMISHING/VISHING and their savings go missing in front of their eyes.  Credit/debit card holders unwittingly disclosing their card numbers and watch as their debts rack up. But social engineering is not the only way cybercriminals and fraudsters gather information that they can use to do their nefarious jobs.  One way they get useful information is through carelessy trashed account statements from banks and credit card companies.  This document contains everything that a cybercriminal needs to start

I recently saw a compelling article on a new webmail service that promises to solve the usual problems we all encounter with email. Onmail promises to solve the problem brought about by spam, junk mail and other email nonsense. If you are interested in having a more secure email address, just follow this link to get your invitation:  https://www.onmail.com/redeem?type=onmail&code=7EptADguqg

A few days ago, a former colleague messaged me asking for a recommendation for Antivirus for his presumably new Windows 10 installation. If this question came my way 5 years ago, I would have recommended a veritable laundry list of reputable anti-virus for him . However, technology moved on and I personally believe that 3rd party anti-virus is no longer necessary for personal PCs.  Let me explain myself.  Nowadays, threats from convetional computer viruses is no longer as dangerous as it was years ago.  Most malicious behaviour of conventional computer virus are automagically detected by most modern Operating Systems, including Windows 10 (as long as it is updated).  Real threats nowadays are not as obvious as computer viruses.  These new threats include Phishing, Ransomware ,  Drive-by Downloads , Malvertising , etc. and most of these are not necessarily detected and "fixed" by antiviruses. So that we have established that conversional antiviruses are no longer a neces

Yesterday, I discussed two most successful and most prevalent social engineering tactics used nowadays. One emerging tactic that may not be as widespread but just as damaging is VISHING.  What is VISHING? According to wikipedia, VISHING is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial gains. How does it work? Unsuspecting victims will receive a phone call from someone claiming to work for their bank.  The caller will claim that the victim's credit/debit or ATM card needs to be verified to prevent it from being deactivated.  The caller will then ask for the victim's personal information for "verification".  The caller will also ask for the card's CVV/CVC number (it is the three-digit number at the back of the card). To make the conversation appear legitimate, other questions may be asked but all the fraudster actually need from the