Microsoft Phone Scam Still Running

Have you seen reports about people from Microsoft Tech Support, who call you because you have malware on your computer? Have you had a call from a plausible sounding agency saying you have a virus on your PC? Did you feel uneasy about someone who knew your name and had details about how slow your PC was running? Chances are that you have been at least peripherally involved with a Phishing attack. Today’s security incident concerns the Microsoft Phone Scam, which is still running after eight years or so.

Why the Microsoft Phone Scam?

This attempt to get access to PCs, or personal information on them, often targets Windows users, so the scammer claims to be from Microsoft tech support. They target Windows based PCs, because there are a lot of them, but they are equal opportunity criminals. They will attempt to hack a Mac too.

What the Scammers Do

Today the support line received a call from a very helpful gentleman named Derek, who claimed to be from Microsoft tech support. He asked for me by name, which was nice, but then went on to explain how my PC had become infected by malware, and so was running slowly. A safe bet really. Is there anybody who doesn’t think their Facebook response time could be quicker? Pity that his technical report did not tell him I was using a Mac. Still, we decided to let the call run, as we were recording for training purposes.

He then proceed to explain that the fix for this problem was simple, and would only involve typing something into the command line. We got him to repeat the instructions several times to make sure we got it right. Had we actually been following his very patient instructions, we would have connected to fastsupport.com and accepted a GoTo Assist remote call. This would have given him unrestricted access to our PC, at user level, so he could have installed anything he liked.

Unfortunately we developed “technical difficulties” once we received the support key number, and had to hang up on Derek. He was persistent, and called back five times over the next ten minutes. He even let the phone ring for up to two minutes at a time. When we tired of this game, we answered, and informed Derek that we were cyber security specialists, investigating Phishing attacks. We told him that we were recording the conversation, and pointed out that our PC was, in fact, a Mac. He still tried to get us to accept the remote access call!

You couldn’t make this up!

How the scam works

Rather than producing computer virus directly, which is time consuming and involves skill, these scammers resort to Social Engineering. This is the practice of manipulating people so they give up confidential information. If they can trick you into letting them access your computer remotely, they can secretly install their malicious software themselves. That would give them access to your passwords and bank information, as well as giving them control over your computer.

How to deal with Microsoft phone scam calls

As Fast Support is a legitimate company, they have a mechanism to prevent abuse of their system. If you want to get one back at the scammers, play along up to the point that they give you the support key. Get them to repeat it a couple of times, to make sure you have it right, and then hang up and report the incident to Fast Support using the following link:
www.fastsupport.com/abuse. You will only need the support key number, and it only takes a couple of seconds

What Else You can Do

Probably the most important thing you can do is let people know about the Microsoft phone scam. It preys on people’s insecurity about their lack of technical knowledge. The best defence against Social Engineering is sharing knowledge, so tell everyone about it.

You can also report the incident to the police through reportlite.actionfraud.police.uk. As we have pointed out previously, they will only record the incident for statistical purposes.

Another PayPal Scam Email To Delete

Another day, another PayPal scam email hits the in-box. It would be easy for someone to think that this was genuine, especially when is rendered with PayPal graphics. This is why we investigate each and every scam email to see how convincing they are, and assess the risk of people getting fooled into responding. We then report them through the appropriate channels, and encourage others to do the same.

What to look for on this PayPal scam email

The email, reproduced below, is based on a genuine PayPal notification, but with subtle differences.

PayPal Scam Email Image
PayPal Scam Email

A quick check of the sender by hovering over the from PayPal  shows that it is directing to someone called anitad@uvigo.es.  So the PayPal scam email would send your  reply there, not to PayPal! Be warned.

The Log in now button, does render in the browser as a button, but we have the html blocked to avoid surprises. As you might expect from a scam email it does not point to PayPal either, but an unlikely domain registered in Australia. This site is buried at the bottom of a deep sub-domain chain, so it is possible that the site owner does not know about it. We will be contacting the organisation separately, as they might not even be aware that their site is being used nefariously.

How to deal with PayPal scam emails

Make sure your family, friends and colleges are aware that these emails are out there, waiting to trap the unwary.  If you receive an email claiming to come from PayPal, please do not reply to it. Do not click on any link or button, or open any attachments. Simply forward the email to spoof@paypal.co.uk, then delete it.

You can also report the incident to the police, although they will only record it for statistical purposes. The police suggest that the public can help disrupt fraudsters by reporting scam emails. People are urged to report them through reportlite.actionfraud.police.uk.

What else can we do?

For further advice on fraud and how to avoid it, see the police fraud action  website: www.actionfraud.police.uk (opens new window)
For further information on phishing and malware please use the following links:
www.actionfraud.police.uk/fraud-az-phishing (opens new window)
www.actionfraud.police.uk/fraud-az-malware (opens new window)

VAT Return and Payment Overdue Scam Email

Why User Vigilance Is Important

Today we received a gentle reminder that no matter how hard we work to keep out cyber-threats, there is always a weak link to target in any business system. The users. This exploit concerns a VAT Return and Payment Overdue scam email which was received in the office today. The instant reaction was to jump to the conclusion that we had to do something quickly, to avoid a penalty. Which is just what the reprobate behind the email was hoping.

What To Look For

This is a warning about a VAT Return and Payment Overdue scam email, which may catch out the unwary. If you are a business owner or have responsibility for finance matters please watch out for this innocent looking communication.

VAT Return and Payment Overdue Scam Email image
VAT Return and Payment Overdue Email Scam

How To Tell It Is A Scam Email

VAT Return and Payment Overdue Scam WhoIs Result Image
WhoIs Result

If you hover the mouse over the sender, most good email systems will tell you the address you will be replying to. In this case you will not be surprised to learn that it is not from HM Revenue and Customs  (HMRC) at all! It comes from a suspicious email address which is registered to someone called Denis. Denis apparently lives in Moscow, and is using the unlikely email address of info@hmrccustomersupport157.top.

When The Penny Drops

After a few laps of the office, looking for a quick solution, or a way to pass responsibility over to someone else, the recipient had the good sense to check up via the HMRC website. The information there on the site , which is linked below, made him think twice. He reported the matter to Information Security, fortunately, before clicking on and opening the email attachment.

Cost of the VAT Return and Payment Overdue Scam

In our case, the cost of this particular email scam was trivial. It mostly involved additional wear and tear on the carpet and some lost productivity. According to an anonymous source in finance, there was also some lost paint from the ceiling. It could have been much more costly, if the user had opened the attachment and did not have up to date anti virus.

While HMRC may send you an email if you are overdue with VAT payments, they will use the normal contact email address, and will recommend that customers pay online to avoid further action. These emails will never ask you to provide personal or financial information. You won’t be able to reply to the emails, which will be sent from no.reply@advice.hmrc.gsi.gov.uk.

In Conclusion

This VAT Return and Payment Overdue scam email has been timed to catch the unwary by being the right date, but a month early. Let people know that they should ignore the call to act immediately, and instead report the matter to IT security. Even if there is no malicious payload in the attachment, scam emails like this can disrupt the flow of energy in a business and ultimately cost money.

The Upside

On the upside, this scam is an early reminder that our VAT return has to completed at the end of this month, so I might go and give the finance team a gentle reminder!

Further Information

For authoritative information about when your VAT return is due, see www.gov.uk/vat-returns/deadlines

To report instances of this email scam, forward the suspicious emails to HMRC phishing team at: phishing@hmrc.gsi.gov.uk

Microsoft Lobbying Practices Accused Again

Once again, Microsoft has been accused over it’s UK government lobbying practices, according to an article in Computer Weekly yesterday.

In the article by Brian Glick, a former director of strategy to David Cameron while opposition leader and as prime minister, Steve Hilton has claimed that Microsoft threatened to shut down research facilities in Conservative constituencies over Tory plans for government IT reforms.

According to The Guardian, Hilton told an event in London to promote his new book that, “When we proposed this, Microsoft phoned Conservative MPs with Microsoft R&D facilities in their constituencies and said, ‘We will close them down in your constituency if this goes through’.”

It appears that Microsoft has lobbied for years to prevent the government pursuing its open standards policy, which arguably levels the playing field for other software vendors. After a somewhat controversial consultation process, the adoption of the open source Open Document Format (ODF) as the standard for document formats was confirmed by government in July last year.

The International Organisation for Standardisation (ISO) had previously approved the open source Open Document Format (ODF) as an international data format standard. The ODF Alliance, a cross-section of industry associations with more than 150 members worldwide, academic institutions and suppliers, had all been lobbying for the decision. The ODF Alliance was created to resolve the potential problem of proprietary software limiting the ability of governments to access, retrieve and use records and documents in the future.

While it is often good sport to knock Microsoft for being a giant of the industry, and stifling (or buying up) the competition, if these accusations are true then the criticism is justly deserved. Round the office, we suspect that the motivation may be less about open standards, and more about potential market share and loss of revenue. If government should enact the long threatened Open Source initiative, then the writing may be on the wall for the big ticket software packages, at least in public service.

Perhaps that would be a good thing for consumers in general, and tax payers in particular.

For more on the story of the open source Open Document Format see the following links:

New Windows XP Support Deal Vetoed by Whitehall Technology Chiefs

In an amazing new twist to the seemingly endless death throws of Windows XP, it seems that someone in the corridors of power has managed to negotiate a contract with Microsoft to further extend support, and so prolong use in government departments.

Sales of Windows XP licenses to original equipment manufacturers (OEMs) ceased on June 30, 2008, although they continued for netbooks until October 2010. Extended support for Windows XP ended on April 8, 2014, after which the operating system ceased receiving further support or security updates to most users.

When the previous XP support arrangement was signed last year, the intention was to give 12 months breathing space for government users to move off XP. However, in a move that seems to be right out of an episode of Yes Minister, the Crown Commercial Service (CCS) had negotiated a contract with Microsoft to replace the one-year deal with a contract to support XP and Windows Server 2003, which reaches its end of life on 14 July 2015.

However, according to Computer Weekly sources, the proposed deal was put together without involvement from the Technology Leaders Network, the forum for government CTOs that governs Whitehall technology policy. Fortunately the Whitehall technology chiefs have vetoed new Windows XP support deal.

It is difficult to describe the continuing use of this ancient and venerable Operating System (OS) in government circles, without making reference to zombies, or the walking dead. Whether the metaphor refers to the Windows XP operating system, or the civil servants haunting the corridors of power, we will leave it to your imagination.

For more information on Microsoft and the Extended Windows XP Support see:

7 Ultra Useful WordPress Plugins

WordPress, one of the most popular content management systems now powers over 16.6% of all websites. The great thing about WordPress sites is the community support that it gets, which means WordPress developers are busily created useful plug-ins that help with SEO, social media, editorial, site speed, and more.

There was until recently a useful list of seven helpful plug-ins at evergreensearch.com, compiled by Eric Siu which we have found could significantly enhance your site. They’re simple to install and will have effects that scale across your site. Keep in mind that not every plug-in will be a fit – mix and match and see what works for you.

  1. Scribe SEO – this plugin will help you do keyword research, grade your post in terms of overall SEO, and also help you find external or internal links. In short, it’s like having an SEO assistant in WordPress. If you have multiple editors writing for you, Scribe SEO is a must.
  2. Facebook for WordPress – enable your posts and pages to include Like, Send, Subscribe, Social Publisher, Recommendation Bar, and Comments capabilities. This plugin also includes Facebook Insights in your backend. In a nutshell, this plugin connects your site to Facebook.
  3. Tynt – if you are worried about scrapers or people that manually cut and paste your content without giving you credit, you can use Tynt to automatically create a link back to your site when people scrape your content. By doing this, you’re adding a wall of defense from scrapers and gain some SEO value by acquiring more links. Tynt states that you can expect to get up to 40% traffic from these added links. If you’re a big news site, you can expect to see 8,000 to 10,000 more links per week. Not bad for a plugin, right?
  4. WordPress SEO – this is the best SEO plugin out there for WordPress. Control indexation, breadcrumbs, RSS feeds, sitemaps, authorship, titles, and more. A must have.
  5. Social Sharing Toolkit – if you want to add social media buttons before and after your posts, this is the plugin to do so. You have the option of displaying various social network buttons such as Twitter, Facebook, Google+, and more. The added benefit is the ultra clean look and feel of the buttons.
  6. WP Touch – with mobile usage slated to overtake desktops by 2015, it’s no secret that you need to have a mobile site. This plugin will create a simple mobile version of your site.
  7. Zemanta – this plugin allows you to add relevant links and images around the web to your blog posts. It’ll also help you tag your posts and give you more additional research points. In short, this plugin can help drive more traffic to your site.

Update: eMarketer’s estimates US Time Spent on Mobile to Overtake Desktop by 2014

Top 10 WordPress Plugins

When we get asked “What are the Top 10 WordPress Plugins?”, it is sometimes a challenge to limit the list because there are so many out there. The ones which we are currently finding the most useful are (in alphabetical order):

  1. Breadcrumb NavXT
  2. Broken Link Checker
  3. CMS Tree Page View
  4. Contact Form 7
  5. Quick Page/Post Redirect Plugin
  6. Types – Complete Solution for Custom Fields and Types
  7. Viper’s Video Quicktags
  8. WordPress Database Backup
  9. WP-PageNavi
  10. WP-Table Reloaded

The details of our Top 10 WordPress Plugins are listed below, together with links to further information. Each is given a TechCo Rating, which is an indication of the level of use which we would expect to see.

TechCo Rating:

  • Basic – Every site must have a plugin like this.
  • Intermediate – Most sites should use this plugin
  • Advanced – Plugin could provide functionality to make the site special.
  • Admin – Plugin provides administrators with tools not seen by the public.

Breadcrumb NavXT
TechCo Rating: Intermediate
Breadcrumb trails are a good supplementary navigation system that aid in site usability, and can provide SEO benefits. This plugin adds a breadcrumb navigation showing the visitor’s path to their current location. These represent the page hierarchy leading to the current page.

For details on how to use Breadcrumb NavXT plugin visit Breadcrumb NavXT.

Broken Link Checker
TechCo Rating: Admin
This useful WordPress plugin checks your blog for broken links and missing images and notifies you on the Admin dashboard if any are found.

Among other things it will detect missing images and files, and links to deleted YouTube videos. New and modified entries are checked immediately, while the plugin periodically checks links in posts, pages, comments, custom fields and the blogroll. If any problems are found you get a notification on the Dashboard.

You can run a full site scan from scratch by Settings, Link Checker, Advanced and then click on Recheck All Pages. You might get a surprise if you add this plugin to a mature WordPress site!

For more information on the Broken Link Checker plugin visit the Broken Link Checker site.

CMS Tree Page View
TechCo Rating: Admin
This plugin is for admin use only, and adds a CMS-like tree view of all pages on the site. You can use the tree view to edit, view, add and search pages, while drag and drop allows you to rearrange page order.

To find out more about CMS Tree Page View visit the CMS Tree Page View site.

Contact Form 7
TechCo Rating: Intermediate
Not just another contact form plugin, Contact Form 7 is simple and flexible. It allows you to flexibly design the form and mail, and allows you to manage multiple contact forms. In addition, it supports many features including AJAX submitting, CAPTCHA, Akismet spam filtering and file uploading.

To find out more about Contact Form 7 visit the Contact Form 7 site.

Quick Page/Post Redirect Plugin
TechCo Rating: Advanced
This plugin can be useful for managing permalinks without losing existing SEO to the page, or for sites converted to WordPress. It allows you to redirect Pages, Posts or Custom Post Types to another location quickly, for internal or external URLs.

The options available are extensive, so for more information on how to use the Quick Page/Post Redirect Plugin visit the Quick Page Post Redirect plugin site.

Types – Complete Solution for Custom Fields and Types
TechCo Rating: Advanced
This is a useful plugin if you need to create custom fields, custom post types, or a custom taxonomy to your website through the WordPress admin screen instead of adding PHP code to your theme. For PHP developers, Types provides a comprehensive PHP API and documentation.

To find out more about the Types plugin, check out the Types User Guide

Viper’s Video Quicktags
TechCo Rating: Intermediate
Easily embed videos from various video websites such as YouTube, DailyMotion, and Vimeo into your posts. Since version 2.9, WordPress has featured native easy embeds. However this plugin offers more customization than the default options. It will work alongside the easy embed code, and you can opt to use either embed method.

For more information about Viper’s Video Quicktags, visit the Viper’s Video Quicktags site

WP DB Backup – WordPress Database Backup
TechCo Rating: Basic
Everyone should have a regular backup of their WordPress database, and this plugin provides on-demand and scheduled backups. To configure your backup go to Tools, Backup, and backup your WordPress database.
To install this plugin search for “WP DB Backup” Keyword on the Install Plugins page.

To find out more about WP DB Backup

WP-PageNavi
TechCo Rating: Advanced
This is a handy plugin if you want to replace the old Older posts and Newer posts links with some more advanced paging navigation.

This plugin provides the wp_pagenavi() template tag which generates fancy pagination links. See the installation instructions for using it in your theme.

To ind out more about WP-PageNavi, visit WP-PageNavi site

WP-Table Reloaded
TechCo Rating: Intermediate
This plugin allows you to create and easily manage tables in the admin-area of WordPress. However it has been superseded by the TablePress plugin, which at time of writing stands at 0.9-RC

You can still download WP-Table Reloaded, but if you are starting a new project, we recommend waiting for the full release of TablePress.

For more information on the table plugin see TablePress replaces WP-Table Reloaded from the plugin author.

Well, that is our current stab at the Top 10 WordPress Plugins. This list may change in a few months as trends and available plugins, so is not fixed in stone. In future we will offer deeper insight into some of these plugins a give examples of how they can be used.

Campaign Management Planning with HootSuite

Are you involved in developing your company’s social media campaign? If so, it is important, if not imperative, that you use the best practices. Fortunately HootSuite provides some useful tools and information to help manage social media campaigns.

HootSuite Enterprise provides advanced features for team members to leverage HootSuite’s advanced functionality to deliver effective social media campaigns campaigns every time.

Best Police Social Media practice across Europe

Have you been watching the rate of uptake in new media changing rapidly as each new form emerges? Have you heard of new uses for social media and wondered if your organization could also benefit? Do you feel that you need some guidelines in adapting your policies to cope with the widespread use of social media? Perhaps now is the right time to take a look at the way police forces across Europe have adapted to the phenomenon of social media

First some facts about the growth of social media:

  • It took radio 38 years to reach 50 million listeners.
  • Terrestrial TV took 13 years to reach 50 million users.
  • The Internet took four years to reach 50 million users.
  • In less than nine months, Facebook added 100 million users.

In the 2012 document by COMPOSITE Project titled Best Practice in Police Social Media Adaptation, the document describes the best practice of European police forces in adapting social media. According to Russell Webster in a blog post, the report’s findings are of particular interest to a British audience because they are based on different approaches to social media across Europe bolstered by an additional focus on the UK because of the riots study.

The researchers identified nine key themes:

  1. Social media as a source of criminal information
  2. Having a voice in social media
  3. Social media to push information
  4. Social media to leverage the Wisdom of the Crowd
  5. Social media to interact with the public
  6. Social media for community policing
  7. Social media to show the human side of policing
  8. Social media to support police IT infrastructure
  9. Social media for efficient policing

If you want to find out more, see the article titled Best Police Social Media practice across Europe by Russell Webster

Sir Patrick Moore Dies Aged 89

Sir Patrick Moore, an inspiration to generations of astronomers has died aged 89. The Astronomer and Sky at Night TV presenter died died peacefully at 12.25pm on 09 December at his home in Selsey, West Sussex.

Sir Patrick Moore

Sir Patrick Moore was born on 4 March 1923, and presented the world’s longest-running television series with the same original presenter, having presented the show since 1957, which is acknowledged as a Guinness World Record.
His rapid diction and monocle made him a popular and instantly recognisable figure on British television.

Sir Patrick Moore was a former president of the British Astronomical Association, co-founder and former president of the Society for Popular Astronomy (SPA), author of over 70 books on astronomy. As an amateur astronomer, he became known as a specialist on observing the Moon and creating the Caldwell catalogue.

His work has been an inspiration to generations of scientists and engineers, and particularly his willingness to admit that Astronomers (and by implication scientists and engineers) are not infallible. They make mistakes, but unlike politicians are honest enough to admit them.

Sir Patrick Moore Links and Credits