Tag Archives: Cyber Attack

Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!

Please watch out for the Elon Musk Bitcoin and Ethereum giveaway scam, and warn your family and friends!

Updated @ 2024-05-21 : Added new scam website domains
Updated @ 2024-05-14 : Added new scam website domain
Updated @ 2024-05-12 : Added new scam website domain

Originally posted @ 2024-05-07

 

Elon Musk Bitcoin + Ethereum Giveaway : What Is It?

People are sharing a post (archive) by Tesla Event, about Elon Musk giving away cryptocurrency, in the form of 5.000 bitcoins (BTC) and 100.000 ether (ETH).

Great times have come! 🚀

To support crypto community, Elon Musk initiated 5.000 BTC and 100.000 ETH Airdrop!

💰First come, first served: TESLA.EVENT-PROMOTION.INFO / TESLA.EVENT-FINANCE.NET

The link leads to a website that looks like a Medium post by Elon Musk, with this message:

Elon Musk — Official ETH and BTC Giveaway

You can visit the website, but do not follow the instructions there, because it’s a scam!

Recommended : Can Scammers Hack Your Phone If You Call Back?!

 

Elon Musk Bitcoin + Ethereum Giveaway : Why Is It A Scam?

Here are the reasons why the Elon Musk Bitcoin and Ethereum giveaway is a scam

Fact #1 : There Is No Elon Musk BTC + ETH Giveaway

First, let me just point out that Elon Musk is not giving away any Bitcoin or Ether. He is a businessman who loves making money, not give it away.

Even his philanthropy appears to be largely self-serving, making him eligible for enormous tax breaks, and helping his businesses. That’s why he’s a billionaire.

There is also no reason why X (formerly Twitter) would ever give away over $600,000 worth of BTC and ETH cryptocurrency, when it is in financial trouble with negative cash flow, and has already lost about half of its value.

Fact #2 : Those Are Fake / Scam Websites

Those websites are fake, pretending to be a Medium post by Elon Musk. There is no such Medium post by Elon Musk.

And think about this – why would Elon Musk post on Medium, when he can post on X (formerly Twitter) – the social medium platform he owns???

The domains are also brand new, and do not belong to X or Tesla, or Elon Musk. In fact, their ownership is being hidden – which is common with scam websites.

  • event-promotion.info – hidden ownership, registered on 6 May 2024
  • event-finance.net – hidden ownership, registered on 10 May 2024
  • event-finance.org – hidden ownership, registered on 10 May 2024
  • finance-promo.net – hidden ownership, registered on 18 May 2024
  • finance-info – hidden ownership, registered on 18 May 2024

It appears that the scammers will keep switching the same scam website to different domains every time they are exposed.

Recommended : Can SIM swap attack empty bank account without warning?!

Fact #3 : This Is A Double-Up Crypto Scam!

This double-up crypto scam relies on your greed to cheat you of your cryptocurrency.

Instead of giving you BTC or ETH like in a real giveaway, it asks you to send your own BTC or ETH to receive double the amount in return!

To verify your address, just send from 0.05 to 2 BTC to the address below and get from 0.1 to 8 BTC (x2 back)!

That’s utter nonsense. Whatever BTH or ETH you send to those addresses will be lost for good. You will never get it back, never mind get double the amount!

To further tempt you into giving even more bitcoin or ether, the scammers offer special bonuses for large transactions:

If you send from 1+ ETH, you will receive from 2+ ETH back +40% BONUS.

If you send from 3+ ETH, you will receive from 6+ ETH back +60% BONUS.

If you send from 9+ ETH, you will receive from 18+ ETH back +80% BONUS.

If you send from 25+ ETH, you will receive from 50+ ETH back +100% BONUS.

If you send from 40+ ETH, you will receive from 80+ ETH back +200% BONUS.

All that is bullshit. They are just preying on your greed to trick you into sending more cryptocurrency.

So please do NOT send any bitcoin or ether to those addresses. It is a SCAM!

Please help us fight fake news – SHARE this article, and SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Crime | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did WEF Order Cyber Attacks On US Water Supply?!

Did the WEF order devastating cyber attacks on US water supply?! Take a look at the viral claim, and find out what the facts really are!

 

Claim : WEF Orders Cyber Attacks On US Water Supply!

People are sharing an article (archive) by The People’s Voice (formerly NewsPunch), which claims that the WEF ordered devastating cyber attacks on US water supply!

Here is an excerpt of that long and (intentionally???) confusing article. Feel free to skip to the next section for the facts!

WEF Memo Orders Devastating Cyber Attacks on US Water Supply

Recommended : Is WEF Planning Cyber Attack To Disrupt 2024 Election?!

 

Truth : WEF Did Not Order Cyber Attacks On US Water Supply!

This is yet another example of fake news created / promoted by The People’s Voice, and here are the reasons why…

Fact #1 : No Evidence WEF Ordered Cyber Attacks On US Water Supply

Let me start by pointing out that there is no evidence the World Economic Forum (WEF) ordered any cyber attacks on US water supply.

The US Cybersecurity and Infrastructure Security Agency also never once suggested, never mind reported, that there was any cyberattack by the WEF.

But more importantly – why would the WEF bother with cyberattacks when it allegedly has control over world governments? It can simply order them to restrict water supply, as and when it wishes to. Why bother with cyber attacks???

Unsurprisingly, The People’s Voice article provided no evidence to back up its ridiculous claim.

Fact #2 : WEF Video Is From 2022

Instead of providing any actual evidence, The People’s Voice article posted a link to its own video, which featured Professor Mariana Mazzucato, and claimed that the WEF ordered global water rationing to starve people into submission.

The video clip appears to be taken from the May 2022 WEF press conference on The New Economics of Water (link), and not 2023 as suggested by the article.

Needless to say, the actual video does not show Professor Mariana Mazzucato admit that a water crisis would help to starve people into submission, or that the elite was going to “experiment” on humanity.

Recommended : Did Insider Reveal WEF Global Famine False Flag Op?!

Fact #3 : CISA Warned Of Cyberattacks By Iran + China

On 18 March 2024, the US Cybersecurity and Infrastructure and Security Agency (CISA) highlighted two recent and ongoing cyber attacks against critical infrastructure in the United States, including drinking water.

However, those cyber attacks were not conducted by the WEF, but rather, by threat actors affiliated or sponsored by Iran and China. From the full CISA letter to US governors (PDF):

Threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) have carried out malicious cyberattacks against United States critical infrastructure entities, including drinking water systems. In these attacks, IRGC-affiliated cyber actors targeted and disabled a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password.

The People’s Republic of China (PRC) state-sponsored cyber group known as Volt Typhoon has compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories. Volt Typhoon’s choice of targets and pattern of behavior are not consistent with traditional cyber espionage. Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflict.

To be clear – these cyberattacks on American water systems have nothing to do with the WEF.

Recommended : Did Bill Gates Order Govts To Replace Farmers With AI Bots?!

Fact #4 : WEF Screenshot Is Fake

The cover image used by The People’s Voice article and video has a screenshot which purportedly shows the World Economic Forum (WEF) posting on X (formerly Twitter) that:

Water will soon become a privilege you must earn!

That is most definitely a fake screenshot, because there is no such post on X by the WEF.

If the WEF actually posted such a shocking warning, it would have been reported by the worldwide media. But of course, that didn’t happen, because the WEF never posted it!

Yet again, and unsurprisingly, The People’s Voice article provided no evidence that such a post ever existed!

Recommended : Did WEF Pass Law To Criminalise Criticism Of mRNA?!

Fact #5 : The People’s Voice Is Known For Fake News

The People’s Voice is the current name for NewsPunch, which possibly changed its name because its brand has been so thoroughly discredited after posting numerous shocking but fake stories.

Founded as Your News Wire in 2014, it was rebranded as NewsPunch in November 2018, before becoming The People’s Voice. A 2017 BuzzFeed report identified NewsPunch as the second-largest source of popular fake news on Facebook that year.

Its articles have been regularly debunked as fake news, so you should never share anything from NewsPunch / The People’s Voice.  Here are some of its fake stories that I fact checked earlier:

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Cyberattack Cause Dali To Hit Baltimore Bridge?!

Did a cyberattack cause the Dali to hit the Francis Scott Key Bridge in Baltimore, causing it to collapse?!

Take a look at the viral claims, and find out what the facts really are!

 

Claim : Cyberattack Caused Dali To Hit Baltimore Bridge!

Right after news broke that the Francis Scott Key Bridge in Baltimore collapsed after being hit by a massive container ship, some people immediately began suggesting there was more to the tragedy than meets the eyes…

Alex Jones : Looks deliberate to me. A cyber-attack is probable. WW3 has already started..

Andrew Tate : This ship was cyber-attacked. Lights go off and it deliberately steers towards the bridge supports. Foreign agents of the USA attack digital infrastructures. Nothing is safe. Black Swan event imminent.

Recommended : Baltimore Bridge Collapse Conspiracies Debunked!

No Evidence Cyberattack Caused Dali To Hit Baltimore Bridge!

This appears to be yet another example of fake news created or promoted by conspiracy theorists and conspiracists, and here are the reasons why…

Fact #1 : Dali Lost Power Before Hitting Baltimore Bridge!

Let me start by simply pointing out that the Dali – a massive container ship, only hit the Francis Scott Key Bridge in Baltimore, after it lost engine power.

The Dali lost power soon after leaving the Port of Baltimore in the middle of the night. Not only were the crew blinded in the dark, none of its electronics worked and there was no propulsion, so they were unable to control the ship.

As the crew tried unsuccessfully to restart its engine, a local pilot onboard the vessel ordered the ship to be steered to port (left), and the anchor to be dropped. While the crew managed to restore electrical power using an emergency generator, they were not able to restart its engines.

With the ship floating adrift, the two local pilots onboard issued a mayday call at 1:30 AM to warn authorities that a collision was imminent, which allowed them to stop traffic from going over the bridge. A Maryland Transportation Authority official was recorded saying at that time:

There’s a ship approaching that has lost their steering. Until you’ve got that under control, we’ve got to stop all traffic.

The video below, which is being shared on WhatsApp, does not accurately reflect the truth – the ship never regained the use of its engines, but it clearly shows when the ship lost power, and when it restored electrical power.

Recommended : Can Canada Social Credit System Freeze Bank Accounts?!

Fact #2 : No Evidence Dali Was Hit By Cyberattack

Despite claims by people with unnamed “inside sources”, there is simply no evidence that the Dali was hit by a cyberattack which steered it right into a bridge in Baltimore.

Built by Hyundai Heavy Industries, the Dali is powered by a single MAN 9-cylinder S90ME-C9.2 crosshead diesel engine. It also has a single 3,000 kW bow thruster for manoeuvring in ports, and four diesel generators for electricity.

While those engines, and controls, may be connected to a SCADA (Supervisory Control and Data Acquisition), they are not connected to the Internet. Even if the Dali’s SCADA system was somehow taken over by malware, the lack of Internet connectivity would make it impossible for any hacker to steer it into the bridge.

An early Cybersecurity and Infrastructure Security Agency (CISA) report appears to rule out an intentional or act of terrorism, finding that the Dali “lost propulsion” as it was leaving port.

The Baltimore Field Office of the Federal Bureau of Investigation (FBI) said in a press statement, that “There is no specific and credible information to suggest any ties to terrorism at this time.

United States Attorney for the District of Maryland Erek L. Barron also dismissed those claims in a public statement, saying “There is no evidence at this time to suggest that today’s collapse of the Francis Scott Key Bridge in Baltimore has any ties to terrorism.

If the Dali was indeed hit by a cyberattack before its crash, there would be evidence of hacking or malware in its SCADA system. However, until such evidence is discovered, anyone who tells out that it was definitely hit by a cyberattack is likely lying to you.

Unsurprisingly, none of those who claimed that a cyberattack caused the Dali to lose power and hit the Francis Scott Key Bridge ever provided a single shred of evidence from behind their keyboards.

Recommended : Did Russia Arrest Rustam Azhiev For Moscow Attack?!

Fact #3 : Ship Loss Of Power Is Common

The loss of power is common in the maritime industry (source) – as many as 600 cases each year according to FuelTrust, although most occur in open water. They are often associated with poorly mixed fuel, or changing from high-sulphur to low-sulphur fuels when entering coastal emission control areas (ECAs).

In fact, shipping experts think “dirty fuel” may be the reason for Dali to lose power before smashing into the Francis Scott Key Bridge (source).

That power loss could have been caused by dirty fuel clogging filters that lead to the ship’s main generator.

While inside a port, as the Dali was before the collision, ships typically run on a relatively light diesel fuel. That also could have been contaminated. Common contaminants include water, dirt and algae. He definitely could have had dirty fuel

– Gerald Scoggins, a veteran chief engineer in the oil and gas industry and the CEO of the Houston company Deepwater Producers

Ian Ralby, the CEO of I.R. Consilium, a maritime and resource security consultancy, also said heavy marine fuel loaded onto ships in port is mixed with what is called cutter stock, and is prone to being loaded with contaminants and is not closely regulated. Such dirty fuel could have “gummed up all of the fuel lines on the ship.”

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Is WEF Planning Cyber Attack To Disrupt 2024 Election?!

Is the WEF planning to launch a ‘false flag’ cyber attack to disrupt the 2024 US Presidential election?! Take a look at the viral claim, and find out what the facts really are!

 

Claim : WEF Plans Cyber Attack To Disrupt 2024 Election!

People are sharing an article (archive) by The People’s Voice (formerly NewsPunch), which claimed or suggested that the World Economic Forum (WEF) is planning to launch a ‘false flag’ cyber attack to disrupt the 2024 US Presidential election!

WEF Insider: Imminent ‘False Flag’ Cyber Attack Will Disrupt 2024 Election

Recommended : WEF ordered electors to not certify Trump’s 2024 election win?!

 

No Evidence WEF Plans Cyber Attack To Disrupt 2024 Election!

This is yet another example of fake news created / promoted by The People’s Voice, and here are the reasons why…

Fact #1 : No Evidence WEF Plans Cyber Attack To Disrupt 2024 Election!

Let me start by pointing out that there is no evidence of the World Economic Forum (WEF) plans to launch a cyber attack to disrupt the 2024 President election.

If a WEF insider did indeed reveal such a plan, it would have gone viral, and it would have been condemned by everyone from the left to the right. The FBI and US Department of Homeland Security would also have launched criminal investigations.

Yet, there was no such report by the mainstream media, and no social media outrage. Heck, even right-wing American websites did not so much as squeak about a juicy WEF plot to launch a cyber attack against the United States???

That’s because that never happened. The People’s Voice article, unsurprisingly, offered no evidence to back up its “fact checked” claim.

Fact #2 : Voters Don’t Use Ballot Tabulators

The People’s Voice article claimed that South Carolina primary voters were “reportedly unable to vote due to ballot tabulators being unable to connect to the internet [sic]”.

Well, I could find no report of South Carolina primary voters not being able to vote because ballot tabulators were unable to connect to the Internet. That’s probably because no voter ever uses ballot tabulators to cast their vote.

Ballot tabulators are machines used to scan and count ballots, and are never used by voters to cast their votes! So how would any ballot tabulator failure prevent voters from casting their votes?

Unsurprisingly, The People’s Voice article offered no evidence of such ballot tabulator failure, or that South Carolina voters were prevented from voting in its 2024 Presidential primary elections.

Recommended : Biden hired Bill Gates to flood Internet with AI censorship bots?!

Fact #3 : South Carolina Voting System Isn’t Connected To Internet

According to the South Carolina Election Commission, the South Carolina voting system is never connected to the Internet.

In fact, the ballot marking devices (BMD), ballot scanners, and computers used to tabulate the votes, are not even capable of being connected to the Internet!

Is the voting system connected to the Internet?

No, the voting system is never connected to the internet. Computers used to tabulate votes, BMDs, and ballot scanners used in South Carolina are not even capable of being connected to the Internet.

Needless to say, The People’s Voice article provided no evidence that ballot tabulators used in South Carolina were even capable of being connected to the Internet, never mind requiring it to work!

Fact #4 : WEF Screenshot Is Fake

The cover image used by The People’s Voice article and video has a screenshot which purportedly shows the World Economic Forum (WEF) posting on X (formerly Twitter) that:

The coming cyber attack will allow a New World Order to emerge.

That is most definitely a fake screenshot, because there is no such post on X by the World Economic Forum. And it’s a really silly creation too – why would the WEF reveal its nefarious cyber attack plan publicly?

Yet again, The People’s Voice article provided no evidence that such a post ever existed! In fact, it would not need some “WEF insider” to spill the beans when the WEF itself already publicly revealed its cyber attack plan!

Recommended : Did EU Legalise Child Porn As WEF Pedophilia Agenda?!

Fact #5 : The People’s Voice Is Known For Fake News

The People’s Voice is the current name for NewsPunch, which possibly changed its name because its brand has been so thoroughly discredited after posting numerous shocking but fake stories.

Founded as Your News Wire in 2014, it was rebranded as NewsPunch in November 2018, before becoming The People’s Voice. A 2017 BuzzFeed report identified NewsPunch as the second-largest source of popular fake news on Facebook that year.

Its articles have been regularly debunked as fake news, so you should never share anything from NewsPunch / The People’s Voice.  Here are some of its fake stories that I fact checked earlier:

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | PoliticsTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Will Microsoft Disable Your Computer If You Share Fake News?!

Is Microsoft planning to disable your computer if you post or share fake news / misinformation?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Microsoft To Disable Your Computer If You Share Fake News!

People are sharing an article (archive) by The People’s Voice (formerly NewsPunch), which claims that Microsoft is planning to disable your computer if you post or share fake news / misinformation!

Microsoft To Disable Computers of Users Who Share ‘Non-Mainstream Content’ Online

Recommended : Is Interpol Investigating Bill Gates For Murder?!

 

Truth : Microsoft Won’t Disable Your Computer If You Share Fake News!

This is yet another example of FAKE NEWS created / promoted by The People’s Voice, and here are the reasons why…

Fact #1 : Microsoft Did Not Announce Plans To Disable Computers

Let me start by pointing out that Microsoft did not announce any plans to disable computers of people who share “non-mainstream” content online, in an attempt to combat “misinformation” in the run-up to the 2024 US Presidential election.

If Microsoft actually announced such plans, it would have been major news covered by news outlets all over the world. It would also have gone viral on social media, with conservative and right-wing personalities criticising those plans.

Microsoft certainly made no such announcement, and The People’s Voice offered no evidence to back up its “fact checked” claim.

Fact #2 : Satya Nadella Is Microsoft CEO, Not Bill Gates

Interestingly, The People’s Voice article used a photo of Bill Gates, even though he handed over day-to-day operations at Microsoft more than 15 years ago. He also stepped down as Microsoft Chairman, when Satya Nadella was appointed as CEO in February 2014.

If Microsoft does indeed plan to disable computers to fight fake news, that decision would have to be approved by its CEO and Chairman, Satya Nadella. Not its former founder, Bill Gates.

How is Bill Gates involved in this “story”? Nothing in the article even remotely suggests that Bill Gates is, in any way, involved in Microsoft affairs, or the non-existent plan to disable computers of people who share fake news / misinformation.

Recommended : Is Bill Gates Planning To Kill Billions Using Turbo AIDS?!

Fact #3 : Satya Nadella Never Said Anything About Disabling Computers

The People’s Voice article used a video of Lester Holt from NBC News interviewing Satya Nadella as evidence that Microsoft plans to disable computers of people who share misinformation. However, that’s completely nonsensical.

The NBC News video only shows Satya Nadella saying that the tech industry is using technological solutions like watermarking [AI created content], detecting deep fakes, and implementing content IDs, to fight disinformation and misinformation.

This is not the first election where we dealt with disinformation or propaganda campaigns by adversaries and election interference.

We’re doing all the work across the tech industry around watermarking, detecting deep fakes and content IDs. There is going to be enough and more technology quite frankly in order to be able to identify the issues around disinformation and misinformation.

Fact #4 : Microsoft Can’t “Magically” Disable Computers Remotely

Even if Microsoft is so inclined, disabling a computer remotely isn’t like waving a magic wand, or chanting “Abracadabra”!

With the possible exception of specifically hacking into your computer to gain access, or tricking you into installing malware, it is not possible for Microsoft to remotely disable your computer simply because you shared fake news or misinformation.

The People’s Voice article certainly offered no explanation of how Microsoft might conceivably disable your computer remotely… like magic!

Recommended : Is Bill Gates Facing Life Behind Bars For Child Rape?!

Fact #5 : The People’s Voice Is Known For Publishing Fake News

The People’s Voice is the current name for NewsPunch, which possibly changed its name because its brand has been so thoroughly discredited after posting numerous shocking but fake stories.

Founded as Your News Wire in 2014, it was rebranded as NewsPunch in November 2018, before becoming The People’s Voice. A 2017 BuzzFeed report identified NewsPunch as the second-largest source of popular fake news on Facebook that year.

Its articles have been regularly debunked as fake news, so you should never share anything from NewsPunch / The People’s Voice.  Here are some of its fake stories that I fact checked earlier:

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WithSecure Signs Partnership Agreement With LGMS!

Finland’s WithSecure Corporation just signed a partnership agreement with LGMS Berhad to develop cybersecurity solutions for the SME market in Malaysia!

 

WithSecure Signs Partnership Agreement With LGMS

On Wednesday, 1 November 2023, Finland’s WithSecure Corporation (formerly known as F-Secure Business) signed a partnership agreement with LGMS Berhad (LGMS) to develop cybersecurity solutions for the SME market in Malaysia!

The partnership agreement was signed by LGMS Executive Chairman Fong Choong Fook and WithSecure Corporation CEO Juhani Hintikka, who flew in from Finland to emphasise its importance while demonstrating support for the progress of Malaysia’s Digital Economy.

The signing was witnessed by Malaysia Deputy Communications and Digital Minister Teo Nie Ching, together with His Excellency Sami Leino, Ambassador of Finland to Malaysia and Brunei.

Recommended : WithSecure Takes Offensive Security Approach To Cloud Threats!

The Deputy Minister said that the partnership was ‘timely’, and represents a ‘significant leap’ towards a secured Digital Economy, and more so ahead of the National Cybersecurity Bill the Unity Government is set to unveil in early-2024.

This partnership is also aligned with the government’s ‘Ekonomi Madani’ vision of attracting significant foreign direct investments and generating avenues for technological advancements and innovations.

It serves to demonstrate how collaborative efforts can facilitate a robust, secure and prosperous digital ecosystem, thereby solidifying Malaysia’s position as a preferred destination for global tech investments.

The partnership agreement today between LGMS and WithSecure embodies a philosophy of attracting significant foreign direct investments and generating avenues for technological advancements and innovations.

It serves to demonstrate how collaborative efforts can facilitate a robust, secure and prosperous digital ecosystem, thereby solidifying Malaysia’s position as a preferred destination for global tech investments.

– Malaysia Deputy Communications and Digital Minister Teo Nie Ching

WithSecure CEO Juhani Hintikka expressed his ‘deepest appreciation’ to the Deputy Minister for endorsing this partnership, stating, “Your presence significantly amplifies the resonance of this initiative, showcasing a unified front in our endeavour to foster a secure and prosperous Digital Economy for Malaysia and also the region.

Recommended : How WithSecure Offensive Security Drives Business Resilience!

 

WithSecure – LGMS Partnership Agreement Details

WithSecure is today a leading international cybersecurity group which had also invested significantly in Malaysia and in nurturing local talent. Besides its headquarters in Helsinki, Finland, WithSecure houses its intelligence, customer support, business operations and shared services in Kuala Lumpur for its Asia-Pacific operations.

LGMS Berhad, meanwhile, has been recognised as Cybersecurity Malaysia’s ‘Company of the Year’ with Fong himself being acknowledged as ‘Cybersecurity Professional of the Year’.

Fong said that, within today’s Digital Economy, cyberthreats and ransomware attacks have become more sophisticated and rampant and potential damages to SMEs, who often lack the necessary IT expertise and resources, can be catastrophic.

Most SMEs today are just one cyber attack away from a devastating setback or even closure. Recognising that most SMEs might not possess advanced IT know-how, our collaboration with WithSecure aims to deliver cybersecurity solutions that are not only robust but also intuitive and user-friendly.

The purpose is to empower our SME community to navigate the digital landscape confidently and securely.

– LGMS Executive Chairman Fong Choong Fook

This localised cybersecurity approach underscores WithSecure’s understanding of the region’s unique digital ecosystem and our commitment to crafting solutions that align with local business needs. It embodies WithSecure’s ethos of merging global cybersecurity expertise with local insights to foster a safer digital realm.

– WithSecure Corporation CEO Juhani Hintikka

One product of this partnership is the ‘Made in Malaysia’ StarSentry solution – a plug-and-play model that is more than just a ‘shield’ for SMEs but offers a proactive approach to threat prevention.

This solution is also aligned with broader sustainability goal and embraces the ESG framework of safeguarding critical infrastructures, nurturing a secure digital community and reinforcing stringent governance standards, demonstrating an unwavering commitment to responsible, transparent business operations.

Pre-orders for the solution can already be made.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bank Letter QR Code Scam : What You Need To Know!

Are scammers sending bank letters with a QR code that can steal your money?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Bank Letter With QR Code Is A Scam!

People are sharing a photo of a letter from a bank, claiming that the QR code in the letter can steal your money if you scan it with your phone!

Circulating In WhatsApp : If you get a letter from the bank like this and ask to update the book using the QR CODE provided in the letter that was sent, don’t ever scan it, you will lose all your daily savings or old age savings, this is another scammer’s work and method take your money, please spread it to everyone so that siblings, relatives, neighbors & family members are not affected by this kind of scam…

Peng Seong, the one : ⛔️ Another Scam ‼️

Do NOT scan the QR code per the letter even with bank’s letterhead without verifying with the bank

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

Truth : Bank Letter With QR Code Is Not A Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this photo is not new. It first went viral, with a voice message in August 2022, and has subsequently gone viral on and off over the last year or so.

Fact #2 : CIMB Letter Was Genuine

The letter, which was sent by CIMB, is genuine. CIMB even posted a reply to one viral tweet, that the letter was genuine:

FYI, this [letter] is genuinely from our bank. You can refer to the link below for more information: [link no longer available]

[U]ntuk makluman, ia adalah sah dari pihak kami. Anda boleh rujuk pautan di bawah bagi maklumat lanjut: [link no longer available]

Fact #3 : CIMB Letter Was Only Sent To Business Customers

The letter was not meant for consumers, and was only sent to CIMB business customers, to request that they update their company/organisation’s information.

Re: Update on your records to improve your banking experience

We refer to the above mattes and our letter dated 27/06/2022.

We note that you have vet to update your company/organisations information with us.

As part of the Bank’s ongoing process to know our customers better and provide a seamless banking experience, we would like to remind you to return the completed Customer Information Update form to us

This letter appears to be CIMB’s efforts to comply with KYC (Know Your Customer) requirements set out by regulators like Bank Negara Malaysia (BNM).

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #4 : QR Code Leads To CIMB Website

QR codes is a type of barcode, which allows people and companies to share / deliver information, that can include links. QR codes can lead you to malicious websites, but they cannot deliver malware, or hack your computer or smartphone.

The QR code in the CIMB bank letter isn’t malicious. It actually codes for a link to the CIMB website. You can verify it by simply scanning the QR code in that “CIMB scam letter”. You will see that it only leads to http://www.cimb.com.my/bizupdate [which no longer exists]

Ultimately, this viral warning was likely created by well-meaning but clueless Internet “experts” who are apparently not tech-savvy enough to even verify the QR code by simply scanning it!

Fact #5 : Form Was To Be Emailed / Delivered

The CIMB letter asked its business customers to download and fill in a form. However, that form was not to be submitted online.

Rather, the letter specifically asked its business customers to email the completed form to a legitimate CIMB email address, or to physically mail or courier it to the bank itself.

Scan the QR Code below to download the form. Once you have completed the form, please submit by email to cimb_updates@cimb.com or mail/courier to the address below within 21 days from the date of this letter, failing which, the Bank reserves the right to suspend or close the account in accordance with the account terms and conditions.

In a real scam, you will be asked to taken to a fake CIMB bank website, and asked to logged into your bank account. That’s how the scammer gets hold of your bank login credentials.

However, even that scam won’t work without access to your TAC (Transaction Authorisation Code), which is sent to your phone by SMS, or authenticated through the bank’s mobile app.

For certain, scammers cannot log into your bank account by simply gaining your company’s information through a form, unless you actually include your company’s bank account login details!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Scammers Hack Your Phone If You Call Back?!

Can scammers hack your phone if you answer their calls, or call back?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Scammers Can Hack Your Phone If You Call Back!

People are sharing this advice about scammers hacking your phone if you answer their calls, or call back!

Very Very Urgent …

Please pass this message to your family and friends NOW.

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

Truth : Scammers Cannot Hack Your Phone If You Call Back!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this fake message isn’t even new. It has been circulating on WhatsApp and social media platforms since April 2020, if not earlier.

Fact #2 : This Hoax Is Based On One Ring / Wangiri Scam

This hoax appears to be based on the 2019 FCC warning about the “One Ring” or “Wangiri” scam, where scammers use robocall devices to give victims a miss call, in hopes that they would call back and get charged for Pay-Per-Call services.

The Federal Communications Commission is alerting consumers to reported waves of “One Ring” or “Wangiri” scam robocalls targeting specific area codes in bursts, often calling multiple times in the middle of the night. These calls are likely trying to prompt consumers to call the number back, often resulting in per minute toll charges similar to a 900 number. Consumers should not call these numbers back.

Recent reports indicate these calls are using the “222” country code of the West African nation of Mauritania. News reports have indicated widespread overnight calling in New York State and Arizona.

Generally, the One Ring scam takes place when a robocaller calls a number and hangs up after a ring or two. They may call repeatedly, hoping the consumer calls back and runs up a toll that is largely paid to the scammer.

Consumer Tips: · Do not call back numbers you do not recognize, especially those appearing to originate overseas. · File a complaint with the FCC if you received these calls: www.fcc.gov/complaints · If you never make international calls, consider talking to your phone company about blocking outbound international calls to prevent accidental toll calls. · Check your phone bill for charges you don’t recognize.

This scam, however, does not involve hacking any phone. It only requires you to call back the number, which is a Pay-Per-Call service.

Once you call back, you will get charged a premium rate, as the scammers try to keep you on the line for as long as possible.

Recommended : Can Israel Seismic Wave Card Hack Your Phone?!

Fact #3 : Scammers Cannot Hack Phone Through Calls

It is simply not possible to hack your phone through a voice call, even if you’re using VOIP (Voice Over Internet Protocol), or apps like WhatsApp or Telegram.

What is possible though is voice phishing, also known as vishing. This is a form of social engineering, where scammers pose as a bank or police officer (or someone with authority) to obtain your bank account information, or trick you into transferring money into their bank accounts.

Fact #4 : 90# Telephone Scam Only Works With PBX / PABX

The #90 or 90# scam is a very old phone scam that only works on business landline phones that use a PBX (Private Branch Exchange) or PABX (Private Automatic Branch Exchange) system. Here is the official US FCC warning about this scam.

In this very old scam, the scammer pretends to be a telco employee looking into a technical problem with your phone lines, and asks you to help him by either mailing 90# or transferring the call to an outside line. If you do that, you will enable the scammer to place premium-rate calls that will billed to your phone number.

To be clear – these codes do NOT work on mobile phones or smartphones, because they do not run on PBX or PABX systems.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

PayNow PDF Malware Scam : What You Need To Know!

Is there a new malware scam involving a PayNow PDF?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : WhatsApp Block Button Is A Scam!

People are sharing this warning about a new malware scam involving a PayNow PDF. Take a look!

I just received below the latest and new scams Modus Operandi from my Uncle. Forward to warn and share.
======================

The scammers have changed their modus operandi. They don’t ask you to download the app.
My neighbour told me yesterday that her sister (a cancer patient) wanted a part-time helper to clean her house. Hence, she went to Facebook. I called the number and made the request. The advertiser asked whether she had a Paynow, and she said that she had. He directed her to make the partial payment, and he will send the invoice to confirm. (Note: He did not ask her to download an app, as people are getting alerts). When she received the invoice in the PDF format, she did not suspect any foul play and clicked it. The invoice showed the amount paid and the balance to be paid. After that, she went to sleep. The next morning, her phone could not be switched on.
She used her laptop to check her DBS bank account. Her $20K was gone, and her two fixed deposits of $25K, which had not reached the maturity date, were also gone—the total loss was $ 70K.
When she went to the bank and asked why her fixed deposit was also gone, the receptionist told her that digital banking allows you to transfer the amount back to your account to facilitate withdrawals without going to the bank.
Police told her the malware was embedded in the PDF document.
So folks, beware that the scammers are always changing their modus operandi to con your money $$$! 😡😡😡

Recommended : WhatsApp Block Button Scam : What You Need To Know!

 

No Evidence There Is Any PayNow PDF Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of PayNow PDF Scam

First, let me just point out that there is no evidence that anyone was ever scammed by a PayNow PDF invoice.

There has been no actual news report of such a case, never mind multiple cases involving malicious PayNow PDF documents.

Frankly, I don’t know of any PDF malware that can shut down a phone, and transfer money from a bank account, including liquidating fixed deposits!

Fact #2 : PDF Malware Generally Target Computers

PDF documents can contain malware, but malicious PDFs generally target Windows computers. In fact, many aren’t actual PDF documents, but are instead executable files masquerading as PDF files – invoice.pdf.exe, for example.

Malicious PDF documents or executables targeted at Windows computers won’t work on smartphones. The malicious PDF must not only be specifically designed to target smartphones, it must target the right operating system – iOS or Android. A malicious PDF targeting Android won’t work on an Apple iPhone, for instance.

On top of that, many PDF malware actually exploit vulnerabilities in a specific PDF reader – most commonly, the industry-standard Adobe Acrobat Reader. Most smartphones do not have Adobe Acrobat Reader installed, and instead rely on a variety of PDF readers like Samsung Note, OneDrive, Google Drive, Kindle, etc.

Embedded PDF malware that target vulnerabilities in the Adobe Acrobat Reader won’t work with other PDF readers. That’s probably why it’s rare to see PDF malware that target smartphones.

Recommended : Can StopNCII Remove All Nude / Deep Fake Photos?!

Fact #3 : PayNow Scams So Far Involve Phishing

Singapore reported 477 cases of PayNow scams in 2021, with 133 more cases in 2022. However, they were not due to PDF malware. Rather, their victims were deceived into giving scammers their digital banking credentials.

In other words, PayNow scams have so far involved phishing attacks, in which victims are tricked into logging into fake websites, or giving up their Internet banking login details by phone.

In one of these scams, victims received phone calls from people pretending to be bank employees. The callers would ask for the victims’ personal details, such as their Internet banking usernames and passwords, under the pretext that the bank needed them to verify transactions in their accounts.

Fact #4 : Singapore Police Warned About Android Malware

It seems likely that the viral warning is based on a misunderstanding of a Singapore Police Force warning about Android malware withdrawing money through PayNow.

Issued on 17 June 2023, the Singaporean police warned that scammers were tricking victims into installing an Android Package Kit (APK) file through WhatsApp and Facebook Messenger. Once installed, the malware allows the scammers to remotely access the victims’ devices, and steal their passwords.

The victims are then directed to fake websites that mimic banks like DBS to key in their banking credentials. The login information obtained through this phishing attack then allows the scammers to withdraw their victims’ money through PayNow.

To be clear – this PayNow scam does NOT involve any PDF. It requires the victim to install an APK file – to gain access of your 2FA (Two-Factor Authentication) device, and provide bank login information through a fake (phishing) website.

This allows the scammers to log into your bank account using the login info you provided, and authenticate all transfers using your mobile phone.

Recommended : Nurse Lost RM380K After Pressing Instagram ‘Like’ Button?!

Fact #5 : Here Are Some Common Cybersecurity Tips

Here are some simple cybersecurity tips to help you avoid getting scammed online:

  • Never install APK files (for Android) from unknown or untrustworthy sources.
  • Never sideload IPA files (for Apple iOS) from unknown or untrustworthy sources.
  • Always check the entire filename, including its file extension:
    – PDF documents should end with .pdf, and not .pdf.apk or .pdf.ipa or .pdf.exe.
    – Word documents should end with .doc or .docx, and not .doc.apk or .doc.ipa or .doc.exe.
  • Never click on any link to go to any bank website. Always type in the link yourself into a web browser, or better still – use the official app issued by the bank.
  • Never give your bank login details to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!
  • Never give your 2FA authentication code / TAC or OTP number to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WhatsApp Block Button Scam : What You Need To Know!

Will clicking on the WhatsApp block button install a malicious app that will hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : WhatsApp Block Button Is A Scam!

People are sharing this advice on a new WhatsApp scam involving the Block button in messages. Take a look!

New Type of Scam in Whatsapp.

Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message.

Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Whatsapp 中的新型诈骗。
不要按消息中的“阻止”按钮,因为当您按下该按钮时,您实际上是在下载此恶意应用程序,而是转到 WhatsApp 设置(右上角的 3 个点)并阻止该消息。
如果您在短信中收到此类消息,请执行相同的操作。

New Type of Scam in Whatsapp. Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message. Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Recommended : Can Mexico Did It Photo Infect Your Phone With Virus?!

 

Truth : WhatsApp Block Button Is New Feature!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of WhatsApp Block Button Scam

First, let me just point out that there is no evidence that anyone was scammed by the WhatsApp block button in messages.

Even if an enterprising hacker / scammer was able to create a message with a fake block button that downloads an APK (Android Package Kit) file, it won’t automatically install that file. You will need to manually install the APK file from the Downloads folder.

Those who know how to do that would be tech-savvy enough to avoid installing APK files from unknown sources. Those who don’t know how to do that would not be able to install the downloaded APK file.

Fact #2 : WhatsApp Block Button Is Part Of New Safety Tools

The truth is – the Block button that you may see in new messages from strangers is not a scam. It also does not download or install any APK file.

The Block button is actually part of the new Safety Tools feature that WhatsApp started introducing in July 2023.

The Safety Tools feature will only appear when you receive a message from an unknown number. You will be given some details about the safety of this new contact – whether you are in common groups, and in some cases – the country of origin.

You are given the option of either blocking this new contact, or adding it to your Contact list. You can also click on the Safety tools link for more details.

Recommended : Can Israel Seismic Wave Card Hack Your Phone?!

Fact #3 : Older Blocking Method Still Exists

The new WhatsApp Safety Tools offer an easy way to quickly block and remove obvious spammers and scammers. However, it may not be readily apparent whether the new contact is genuine, or just a spammer / scammer.

If you start messaging with this new contact – to find out if their identity / purpose, the Safety Tools option will disappear. But don’t worry – you can still block this new contact if you realise that he/she is a spammer / scammer.

  1. Go to the messaging screen for the person you want to block.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select More > Block.
    You can also select More > Report (to report block the scammer)

Alternatively, you can block multiple contacts using this method:

  1. Open WhatsApp, and go to the Chats screen.
  2. Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
  3. Select Settings.
  4. Tap on the Privacy option.
  5. Scroll down and tap on Blocked contacts.
  6. Tap on the Add Contacts () icon at the upper right corner.
  7. Search for the contacts you want to remove, and select them.

Now, blocking people does not remove your contact details or profile photo from their phones and devices.

However, they will no longer be able to call you, or send you messages. They will also not be able to see changes to your status updates including when you’re online / last seen, or changes you make to your profile photo.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Nurse Lost RM380K After Pressing Instagram ‘Like’ Button?!

Did a Malaysian nurse lose RM380,000 after pressing the Instagram Like button?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Nurse Lost RM380K After Pressing Instagram Like Button!

People are sharing an article which claims that a Malaysian nurse lost RM380,000 after pressing the Like button in Instagram for RM5 commissions! Here is an excerpt from the article:

M’sian Nurse Loses RM380K After Pressing Instagram ‘Like’ Button For RM5 Commission

Too late to unlike

Recommended : Scam Alert : How Fake Job Syndicates Operate!

 

Nurse Did Not Lose RM380K After Pressing Instagram Like Button!

First of all, I would like to applaud the website for writing about job scams, but that’s really a misleading title.

Unfortunately, many people don’t read beyond the headlines. People are even asking if they will get “hacked” like the nurse if they like Instagram posts!

The truth is – the Malaysian nurse did not lose RM380,000 because she pressed on the Like button in Instagram. In fact, Instagram and its Like button have nothing to do with the actual scam!

Social Media Jobs Are An Easy Lure

As I have earlier written on how fake job syndicates operate, the “job” and “platform” are not important. These scammers generally offer social media jobs, because that’s what most people already use, so it’s easy to hook victims.

These syndicates will offer quick and easy tasks to do on social media, for example – liking Instagram photos and Facebook posts. Other (non-social media) tasks include liking YouTube videos and/or subscribing to YouTube channels, or even making comments on businesses in Google Maps.

Whether the job is on Instagram / Facebook / YouTube / Google Maps, etc. is irrelevant. The first few “jobs” you are given are the bait. You will be paid for those simple tasks, like RM5 for liking an Instagram post, or RM10 for subscribing to a YouTube channel. Such an easy way to make money!

Paying For Jobs Is The Scam!

After you get the first payment, you will be asked to participate in a “prepaid job”. All you have to do is pay a “deposit” for the opportunity to make a lot of money in high-paying “jobs”.

At this point, you may feel that this is a genuine side job opportunity. After all, they paid you for the earlier jobs, didn’t they? Real scammers wouldn’t pay their victims, right? WRONG!

Once you make that first deposit, you are “hooked”. The scammers will not let you withdraw the money, but insist that you must continue with the next “prepaid job”, which would require another deposit. Then, you will be asked to pay again to participate in another “prepaid task”, and so on.

On paper, you appear to be earning a lot of money, but you won’t be able to withdraw any of that money. By the time you realise it’s a scam, you would have lost a LOT of money. That is the scam, not pressing on the Instagram Like button.

Recommended : How A University Student Lost RM22K In Online Job Scam!

Trying To Recover The Money Is The Scam!

In the nurse’s case, she fell for their trap to participate in the “prepaid assignment”. She ended up making 36 transactions worth RM387,000 to 21 different bank accounts over 13 days! She not only emptied her savings, she even loaned money from her friends and family members!

Why would any victim do that? Simple – the more money you invest in this fake job offer, the more desperate you will be to recover the money you “invested” and “earned”. To quit would mean losing everything, so you will feel that you have “no choice” but to continue.

To help you make that decision to “stick with the programme”, the syndicate have fake users in their Telegram group continuously posting bank deposit screenshots, while claiming that they just received their earnings.

The truth is – any money you send to their mule accounts will be quickly transferred to the scammers’ account. You will never see the money again.

As one student shared, he lost over RM22,000 in just two days, because he was so engrossed in trying to get back the money he “invested” earlier:

There’s one trick that this scammer is using. He let me start with a small investment, then proceed with stages.

They force me to continue because I want to rescue the money that I put in in the previous task. So it keeps getting bigger and bigger.

Just like that, two days, RM22300, gone.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Again, I’m glad to see more publicity about fake job scams. But it is important that YOU understand that the scam does not involve the pressing of the Like button in Instagram, or Facebook, or YouTube, or any other online platform.

This is ultimately just another case of a fake job scam. In this nurse’s case, the scammers used the simple job of liking Instagram posts as the lure, but it will be different for other victims. These scammers will use any convenient platform to give you simple jobs to trick you into falling for their scam.

Just remember – there is no such thing as easy social media jobs. Even unscrupulous social media promoters do not need to pay anyone to like a post, or follow someone. They simply use bots (automated software)!

Don’t fall for such fake job scams. No matter how enticing the offer is – NEVER pay for any job.

Please SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Israel Seismic Wave Card Hack Your Phone?!

Can the Seismic Wave Card containing photos of the recent Hamas attacks on Israel hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Israel Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent Hamas attacks on Israel has gone viral on WhatsApp:

URGENT

Some people are going to upload pictures of the fighting in Jewish settlements on WhatsApp. The file is called Seismic Waves CARD.

Do not open it, it will hack your phone in 10 seconds and cannot be stopped in any way.

They talked about it on TV. A cyber attack on us from all kinds of directions is also starting.

Pass the information on to family and friends.

Recommended : Did Fukushima Just Release Black Radioactive Water?!

 

Truth : There Is No Israel Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every disaster that comes along, like these examples show:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

Recommended : Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Can the Seismic Wave Card containing photos of the recent earthquake at Morocco hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Morocco Earthquake Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent earthquake at Morocco has gone viral on WhatsApp:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

他们将在WhatsApp上上传一些摩洛哥地震的照片。该文件称为地震波CARD,不要打开或看到它,它会在10秒内破解您的手机,并且无法以任何方式停止。与您的家人和朋友分享信息。
不要打开它。他们还在电视上说过

Recommended : Did Fukushima Just Release Black Radioactive Water?!

 

Truth : There Is No Morocco Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every earthquake that comes along, like these examples show:

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

They are going to upload some photos of the Calvario earthquake on WhatsApp. The file is called CARD Seismic Waves. Do not open them or see them, they hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. Don’t open it. They also said it on TV.

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Recommended : Can Greeting Photos + Videos Hack Your Phone?!

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

This transgression doesn’t end here; they siphon sensitive data and create vulnerabilities in your system’s security framework, providing a gateway for more perilous threats, such as malware and phishing schemes, to invade.

The protracted presence of Seismic Waves Card in your system exponentially escalates the risk of serious compromises, emphasizing the dire necessity for its immediate removal. Recognizing the malicious potential of such unwanted apps is essential in maintaining a secure and safe digital environment. Stay vigilant and prioritize your cybersecurity.

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bantuan Rakyat Malaysia Scam Alert!

Watch out for the Bantuan Rakyat Malaysia scam on WhatsApp, Telegram, Facebook and Twitter!

Find out how this scam works, and WARN your family and friends!

 

Bantuan Rakyat Malaysia 2023 Scam Alert!

These scam messages about Bantuan Tunai Rakyat (BTR) 2023, or Bantuan Percuma Kerajaan Malaysia 2023, is going viral on WhatsApp, Telegram, and social media platforms like Facebook and Twitter.

CARA SEMAKAN TARIKH BAGI PENERIMA BANTUAN RM600 DIKREDITKAN SETIAP BULAN

Untuk mereka yang layak, anda boleh lakukan semakan dengan mengikuti cara yang diterangkan.

Baca Cara Semakan Bantuan 👇
https://bntuanrakyatmalaysia.lynk.eu.org/

SHARE INFO ini kepada rakan-rakan dan saudara mara untuk manfaat semua

HOW TO CHECK THE DATE FOR RECIPIENTS OF ASSISTANCE RM600 CREDIT EVERY MONTH

For those who are eligible, you can check by following the described method.

Read How to Check Help 👇
https://bntuanrakyatmalaysia.lynk.eu.org/

SHARE this INFO to friends and relatives for the benefit of all

As one lady shared in the video below, she got tricked by the scammers, who took over her Telegram account to send the same scam message to all of her contacts!

While she claimed that she did not click any link, I will show you how she got scammed…

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

Bantuan Rakyat Malaysia Scam : How Does It Work?

Warning : To show you how the scammers work, I will share the links they use. I will highlight those dangerous links in red. Do NOT go to those links.

Super Long Link

To trick people into clicking on the scam links, the scammers intentionally use a misleading and very long URL, so you are less likely to notice the domain.

This is the scam link : https://bntuanrakyatmalaysia.lynk.eu.org/

Note how the scammer used a long list of descriptive keywords – “bantuan“, “rakyat“, “malaysia“, “lynk“, which helps to mislead people, and make it more difficult for them to notice that the domain is “eu.org“.

Obviously, eu.org is not a Malaysian government domain (which ends with .gov.my), and it has nothing to do with Malaysia or financial aid. This domain also has nothing to do with the European Union.

EU.org provides free subdomains, and so scammers use it to not only run their scams, but to give their scams a more “legitimate-looking domain”.

Pro Tip : Always check the domain of a link before you click on it. Avoid super-long links like this because they are often used to mask the domain name.

Recommended : Will Scanning RFID Bar Codes Hack Your Phone?!

Fake Telegram Invitation

After clicking to go to https://bntuanrakyatmalaysia.lynk.eu.org/, you will be taken to what looks like an invitation to join a Telegram group. But in reality, it is a fake Telegram invitation.

A real Telegram invitation will have a link like this – https://t.me/XXXXXXXX. But this scam page has the link – https://bntuanrakyatmalaysia.lynk.eu.org/my.php.

Also, a real Telegram invitation can detect if you are using Windows / Mac or Android / iOS, and suggest that  the right download for your device.

The invitation also has a glaring typo – the link says Massage Now, rather than Message Now. Hilarious!

In any case, a real Telegram invitation will not ask you to Message Now. Rather, it will allow you to either View In Telegram, or Preview channel in the web browser itself.

Recommended : Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

Fake Telegram Login Page

If you click on Join Group, you will be taken to this Telegram login page. Even though it offers you a list of countries to select from, the only option is Malaysia.

WARNING – THIS IS A SCAM PAGE. This is what is known in cybersecurity as a “phishing attack”.

First of all, Telegram invitations will never ask you to log into your Telegram account. It will simply launch the Telegram app and load the group for you.

Secondly, if you look at the link, it leads to the same scam domain, specifically https://bntuanrakyatmalaysia.lynk.eu.org/my.php.

Do NOT log into your Telegram account in this page.

Recommended : Scam Alert : How Fake Job Syndicates Operate!

If you log into your Telegram account using this phishing page, then the scammers will gain access to your Telegram account, and take it over for their own use.

They can then use your Telegram account to send the same scam message, or worse, cheat your family and friends of their money!

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

The lady in the viral video likely logged into this phishing page, thus giving the scammers control of her Telegram account. That was likely how they were able to message everyone on her contact list.

She also likely did not enable Two-Step Verification in Telegram, which would let her recover her account even after scammers have gained access.

That is why people who were hit by this scam had to call and inform their relatives and friends, or publicly post about it to warn all of their contacts.

Unfortunately, it is not always possible to warn all of their contacts, and inevitably, someone will get cheated of their hard-earned money. That’s why these scams are so popular – they really work, and scammers are making a ton of money!

Help us fight against these scammers. SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Warning – PDRM Parking Fine Scam Alert!

Scammers are targeting motorists with the PDRM parking fine scam! Make sure you warn your family and friends!

Here is what you need to know about the PDRM parking fine scam!

 

PDRM Parking Fine Scam Email

People are getting emails warning them that they just committed a parking violation, while offering them a cheap fine if they pay quickly.

Fines Inquiry and Payment

Dear recipient,

We are writing to draw your attention to a recent traffic violation in Malaysian jurisdiction.

Our traffic enforcement staff have observed your vehicle parked in a no-parking zone. This contravenes section (no. 2016-691] of the Road Traffic Act.

The fine is set at MYR 50. Payment of the fine is required within 7 days of the date of notification, to avoid further legal consequences.

If the fine is not paid within the time limit, you may be subject to legal action, resulting in an increase in the original fine.

Payment deadline: [08/26/2023]

Methods of payment accepted:

Cordially,

Malaysian Police Department

Recommended : Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

 

PDRM Parking Fine Email Is A Scam!

These PDRM parking fine emails are scam emails. This was confirmed by PDRM itself.

On 7 August 2023, the Cyber Crime division of the Royal Malaysia Police (PDRM) posted an alert warning motorists not to fall for the MyBayar scam.

These emails are designed to scare its victims into action. Hence, it offers a very cheap way to quickly “settle the problem”. However, if you take a breath, and analyse the email CAREFULLY, you will see many problems with it.

  • Letter is from PDRM : The Royal Malaysia Police (PDRM) will never write to you by email.
  • Letter is in English : The Royal Malaysia Police (PDRM) will never write to you in English.
  • Typo in the name : The fake email used My Bayar PDRM, instead of MyBayar PDRM.
  • Lack of name and personal details : The fake email refers generically to “Dear recipient“, without listing your full name and MyKad number.
  • Lack of vehicle details : The fake email doesn’t mention the vehicle make and plate number.
  • Lack of location details : The fake email does not mention where the offence occurred, or even when it occurred.
  • Fine is much too low : PDRM traffic fines are never as low as RM50. The cheapest fine is RM150 for Category 4 offences, but you can pay as low as RM70 within 15 days.
  • No such law : The fake email refers to the Road Traffic Act. There is no such act in Malaysia. The proper name is the Road Transport Act 1987 (Act 333).
  • No such section : If you look at the Malaysia Road Transport Act 1987 (PDF download), you will see that there is no such thing as Section 2016-691.

The email appears to be from My Bayar PDRM (typo in the name), but if you inspect the email address, you will see that it was sent by “in-to-no-reply@silverbackgames.xxx” or “hello@sooqr.com” or some other email address.

Obviously, this email did not originate from an official PDRM email address! This should immediately tell you that this is a fake or scam email!

Recommended : How A University Student Lost RM22K In Online Job Scam!

If you click on the Pay My Fine link in the scam email, you will be taken to a fake My Bayar PDRM website (with the same typo in the name).

You may notice that you now have 7 days to pay the RM 50 fine, instead of just 5 days in the email. Odd, isn’t it?

Also odd is the fact that the page does not mention your name, your MyKad number, your vehicle type and model, or even its plate number! The page also doesn’t mention where the offence took place, or the time you were caught committing said offence.

Do NOT proceed after this point… This is a scam website!

But if you have itchy fingers, and click on the Pay The Fine button, you will be asked to pay for the RM50 fine using your debit or credit card.

Needless to say, PLEASE DO NOT SUBMIT YOUR DEBIT / CREDIT CARD DETAILS!!!

If you provide these scammers with your debit / credit card details and TAC / OTP numbers, they will be able to charge ANY AMOUNT they want to your credit card, or withdraw ANY AMOUNT they want from your bank account!

Recommended : Wedding Invitation Scam : Don’t Install APK File!

It’s even worse if you are asked to log into your bank account to pay the fine. DO NOT DO THAT!

If you provide them with your bank login and password, as well as OTP/TAC number, these scammers will be able to transfer money out of your bank account!

Please note – this is a scam! This is a phishing attack to gain access to your credit card and/or bank account.

Regardless of how you get any notification from PDRM about any traffic offence you may have committed, you should always check the status through these official MyBayar PDRM options:

Please SHARE this warning with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Automotive | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

Watch out for the Bantuan Tunai Rakyat Malaysia 2023 scam on WhatsApp, Telegram, Facebook and Twitter!

Find out how this scam works, and WARN your family and friends!

 

Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

These scam messages about Bantuan Tunai Rakyat (BTR) 2023, or Bantuan Percuma Kerajaan Malaysia 2023, is going viral on WhatsApp, Telegram, and social media platforms like Facebook and Twitter.

Bantuan percuma kerajaan 2023 khas untuk yang mana bergelar usahawan,pendidik,suri rumah,kerani dan yang kerja sendiri di waktu sekarang, boleh dapatkan geran RM2500 😱 🧕👩‍🍳👩‍💻👷‍♂️👨‍🎓👨‍🌾
✅ Bantuan ni percuma
✅ Tak perlu bayar semula
✅ Maksimum sehingga RM2,500 / RM5,000
JOM CLAIM:

Free government assistance 2023 especially for those who are entrepreneurs, educators, housewives, clerks and self-employed at the moment, can get a grant of RM2500 😱 🧕👩‍🍳👩‍💻👷‍♂️👨‍🎓👨‍🌾
✅ This help is free
✅ No need to pay again
✅ Maximum up to RM2,500 / RM5,000
CLAIM HERE:

As one lady shared in the video below, she got tricked by the scammers, who took over her Telegram account to send the same scam message to all of her contacts!

While she claimed that she did not click any link, I will show you how she got scammed…

Recommended : Beware Of Telegram Screenshot Hack + Scam!

 

Bantuan Tunai Rakyat Malaysia Scam : How Does It Work?

Warning : To show you how the scammers work, I will share the links they use. I will highlight those dangerous links in red. Do NOT go to those links.

Super Long Link

To trick people into clicking on the scam links, the scammers intentionally use a misleading and very long URL, so you are less likely to notice the domain.

This is the scam link : http://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com

Note how the scammer used a long list of descriptive keywords – “bantuan“, “kerajaan“, “my“, “fase 3“, which helps to mislead people, and make it more difficult for them to notice that the domain is “financialanchorllc.com“.

Obviously, financialanchorllc.com is not a Malaysian government domain (which ends with .gov.my), and it has nothing to do with Malaysia or financial aid.

A quick WHOIS check reveals that the ownership of this domain is hidden by a paid service – which is not what a genuine government agency would do.

Pro Tip : Always check the domain of a link before you click on it. Avoid super-long links like this because they are often used to mask the domain name.

Recommended : Will Scanning RFID Bar Codes Hack Your Phone?!

Fake Telegram Invitation

After clicking to go to https://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com, you will be taken to what looks like an invitation to join a Telegram group. But in reality, it is a fake Telegram invitation.

A real Telegram invitation will have a link like this – https://t.me/XXXXXXXX. But this scam page has the link – https://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com.

Also, a real Telegram invitation can detect if you are using Windows / Mac or Android / iOS, and suggest that  the right download for your device.

A real Telegram invitation will not ask you to Join Group. Rather, it will allow you to either View In Telegram, or Preview channel in the web browser itself.

Recommended : Bursa Malaysia Stock Investment Scam Alert!

Fake Telegram Login Page

If you click on Join Group, you will be taken to this Telegram login page.

WARNING – THIS IS A SCAM PAGE. This is what is known in cybersecurity as a “phishing attack”.

First of all, Telegram invitations will never ask you to log into your Telegram account. It will simply launch the Telegram app and load the group for you.

Secondly, if you look at the link, it leads to the same scam domain, specifically https://bantuan-kerajaan-my-fase3-gcc.financialanchorllc.com/main/index.php.

Do NOT log into your Telegram account in this page.

Recommended : Scam Alert : How Fake Job Syndicates Operate!

If you log into your Telegram account using this phishing page, then the scammers will gain access to your Telegram account, and take it over for their own use.

They can then use your Telegram account to send the same scam message, or worse, cheat your family and friends of their money!

Recommended : Can Restaurant Menu QR Code Hack Your Phone?!

The lady in the viral video likely logged into this phishing page, thus giving the scammers control of her Telegram account. That was likely how they were able to message everyone on her contact list.

She also likely did not enable Two-Step Verification in Telegram, which would let her recover her account even after scammers have gained access.

That is why people who were hit by this scam had to call and inform their relatives and friends, or publicly post about it to warn all of their contacts.

Unfortunately, it is not always possible to warn all of their contacts, and inevitably, someone will get cheated of their hard-earned money. That’s why these scams are so popular – they really work, and scammers are making a ton of money!

Help us fight against these scammers. SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How WithSecure Offensive Security Drives Business Resilience!

Find out how WithSecure harnesses the power of offensive security to drive business resilience and enhance protection for its clients!

 

WithSecure Drives Business Resilience Through Offensive Security!

WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the SPHERE security conference 2023, WithSecure’s Chief Product Officer, Antti Koskela, shed light on their game-changing offering called ‘attack surface management.’ This managed service offers a comprehensive view of vulnerabilities in a company’s cloud-based estate.

As a result, WithSecure’s focus on the digital perimeter empowers businesses to reduce their overall attack surface, enhancing their cybersecurity posture in the ever-evolving threat landscape.

Recommended : WithSecure Takes Offensive Security Approach To Cloud Threats!

 

How WithSecure Offensive Security Drives Business Resilience!

WithSecure also introduced three groundbreaking services that amplify their commitment to ‘outcome-based security’ and ‘co-security’. This groundbreaking development was revealed by WithSecure Executive Vice President (Solutions) Scott Reininga, also at the SPHERE security conference 2023.

Reininga underscored WithSecure’s unparalleled expertise in offensive security, revealing that they are the home of one of the world’s most proficient offensive security teams. This team, a fusion of penetration testers (pentesters), red, blue and purple teamers, has profound knowledge of adversary tactics, tradecraft, and techniques.

Penetration testing is a cybersecurity practice that aims to discover vulnerabilities in a system by simulating controlled attacks. Their goal is not to cause damage but to pinpoint weaknesses for rectification. This proactive method, which can involve exploiting software vulnerabilities or simulating social engineering tactics, is key in any comprehensive cybersecurity strategy, offering a practical evaluation of potential risks rather than a theoretical one.

Our relentless pursuit of research and system testing allows us to uncover system vulnerabilities proactively. This crucial data is the building block of our products that are proactive, minimally disruptive, and crafted from the perspective of an attacker.

– Scott Reininga, WithSecure Executive Vice President (Solutions)

These insights were unveiled by Reininga during his recent product launch event titled ‘Co-security and co-managed services for partners’. He was joined on stage by WithSecure Vice President (Offering and Customer Experience) Niko Isotalo.

Expanding on WithSecure’s strategic approach, Isotalo said that the company’s outcome-based security framework model “connects Chief Information Security Officers (CISOs) and board members, offering clarity about the interplay between security outcomes and business objectives.”

This alignment clarifies the indispensable role of security in the core business framework to board members.

– Niko Isotalo, WithSecure Vice President (Offering and Customer Experience)

Recommended : Avanade Launches New Generative AI Services!

Reininga and Isotalo unveiled the three new offerings during their joint session. The first, termed “co-monitoring,” is a partnership model. WithSecure validates the genuineness of security incidents before alerting the duty manager, effectively curbing false alarms.

WithSecure collaborates with clients to supervise their digital ecosystems, particularly during periods when they are stretched thin on resources. This service, providing support beyond standard working hours, can also deliver round-the-clock monitoring if necessary.

Isotalo further introduced the second service, incident readiness software, recognising that many organisations lack comprehensive incident readiness plans.

Our software simplifies the creation, testing, and updating of such plans, which serve as essential shields against cyber threats.

Recommended : 5 Strategies for Negotiating Airfare Discounts with SAP Concur!

Focusing on the urgency of immediate incident response, Reininga introduced the third service, an incident response retainer.

Our incident response retainer provides unlimited incident response within the critical initial 72 hours of an event. We eliminate the need for negotiation about budget and resource allocation.

We engage consultants rapidly, supported by our globally lauded 24/7 incident response team and top-tier threat intelligence unit, guaranteeing our customers industry-leading service level agreements (SLAs).

By integrating offensive security acumen, co-monitoring capabilities, incident readiness software, and swift incident response, WithSecure empowers organisations to effectively safeguard their digital assets and curtail the impact of potential breaches.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WithSecure Takes Offensive Security Approach To Cloud Threats!

WithSecure is harnessing the power of the offensive security approach in tackling evolving cloud threats!

 

WithSecure Takes Offensive Security Approach For Cloud Threats!

In a shifting cybersecurity landscape, WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the recent SPHERE security conference 2023 in Helsinki, Finland, WithSecure’s Chief Product Officer, Antti Koskela, shed light on this approach.

We’ve done identity assessments for many cloud-based companies, unveiling weaknesses in their cloud platforms.

Our offensive security approach is about understanding the attack surface of a cloud-based estate. We focus on the digital perimeter, which is crucial to reducing the overall attack surface.

Koskela went on to explain that WithSecure has distilled this insight into an innovative managed service offering called ‘attack surface management’. This service provides a comprehensive view of a company’s vulnerabilities, including IP addresses, port vulnerabilities, exposed APIs and web services, identity matters, patching levels and more.

With more open architecture, control over your attack surface becomes paramount. ‘Zero trust’ alone isn’t the answer as human errors happen. Our holistic approach helps mitigate this.

Recommended : Avanade + Accenture: 2023 Microsoft Global SI Partner of the Year!

WithSecure’s product suite integrates various cloud-native solutions to deliver protection based on specific client requirements. This collaborative process, termed ‘co-security’, is driven by the security and business outcomes defined by the clients. Koskela emphasised the tripartite focus of their solution:

It’s about process, people, and technology. We collaborate to secure the outcomes, letting company directors steer the course of business.

Our WithSecure Elements platform is the cornerstone of our technology, built collaboratively with our clients.

Koskela acknowledged the evolution of the IT industry, from client-server in the ‘90s to hosted services in the 2000s, cloud computing in the 2010s and cloud-native in the 2020s. He underscored the need for a new security approach to match the evolving business environments:

The cloud offers agility, speed, cost-efficiency. But with new technologies come new security considerations.

WithSecure has been proactive, creating solutions for every technological shift – be it firewalling and endpoint protection during the hosted services era, or data security and VPNs for the cloud computing era.

And now, with the rise of cloud-native tech, we’re helping clients to understand and secure their digital perimeter through our offensive security approach.

Recommended : 5 Strategies for Negotiating Airfare Discounts with SAP Concur!

WithSecure Chief Product Officer, Antti Koskela (left), and APAC Regional Director Yong Meng Hong (right)

 

WithSecure Elements Picking Up In APAC

Since its mid-2021 debut, WithSecure’s Elements platform has gained considerable momentum here in Malaysia and the broader Asia-Pacific region. This comprehensive cybersecurity platform has made its mark by providing organisations with a unified solution to their security needs.

Elements equips enterprises with the insight, adaptability, and technology to tackle evolving threats and changing business environments.

Offering unified endpoint protection across devices, clouds and servers, Elements consolidates everything from vulnerability management and collaboration protection to detection and response into one easy-to-navigate security console.

– WithSecure Asia-Pacific Regional Director Yong Meng Hong

Yong further emphasised that the cloud-based Elements platform provides real-time visibility across an entire IT infrastructure, simplifying how enterprises manage their cybersecurity.

Flexible licensing options, including fixed-term subscriptions and usage-based billing, ensure that organizations can tailor their cybersecurity services according to their specific needs.

Elements offers centralised management capabilities, giving IT managers a comprehensive overview of their enterprise’s IT infrastructure, enhancing their reassurance and control.

Today, WithSecure is globally recognised, trusted by a myriad of enterprises to safeguard against cyber threats, while also protecting tens of millions of consumers through over two hundred service providers and telecommunications partners.

For organisations looking to navigate the cloud’s security challenges, WithSecure’s offensive security approach could be just the safeguard they need.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How A University Student Lost RM22K In Online Job Scam!

Find out how a university student just lost over RM22,000 in an online job scam!

Please SHARE this article to warn your family and friends to avoid such online job scams!

 

Online Job Scam Are Targeting The Poor + Desperate!

Online job scams have been around for a long, long time. But fake job syndicates have become more active recently, probably because more people are getting laid off, and inflation is eating into our money.

Online job scams come in a variety of ways, but most commonly, you get unsolicited messages through WhatsApp or iMessage, offering you the opportunity to make a lot of money through part-time work, in the comfort of your own home.

This is especially appealing to people who are currently jobless and desperate. Or in this recent case – a university student who is just starting out in life.

I am Shirley , a permanent employee at XXXX Company in the recruitment department. The HR department sent me this number and asked me to contact you to get you to a job opportunity.

Hello! I am Miss Aisyah Binte Ahmed, from The Recruitment Dept. at YYYY Digital, Malaysia. Our company is hiring part-time and full-time online Employees. Can I briefly share the details with you?

Recommended : Scam Alert : How Fake Job Syndicates Operate!

 

How A University Student Lost RM22K In Online Job Scam!

I had earlier written about how fake job syndicates cheat people of their hard-earned money, but I didn’t realise that these scammers are also targeting university students!

A university student recently shared how he quickly lost over RM20,000 to an online job scam, despite being warned that it could be a scam!

How They Reel The Student In…

These online job scams always start by offering their victims an EASY way to make A LOT of money!

It all started two days ago, when an unknown person asked me if I’m interested in a part time job. I usually don’t decline offers like this because I’m also a student looking for internship or job opportunities.

He gave me simple tasks, like subscribing to YouTube channels and get RM10 for each subscription. I was interested as money did really go to my account.

Then, I was added into a group. They would give these free tasks of subscribing to YouTube channels.

These scammers also know that people are now wary of scams, and will always demonstrate their willingness to pay… at least in the beginning.

And occasionally will provide merchant tasks throughout the day, which you bank in a certain amount of money to them, which was said to help improve crypto merchant’s reputation or some sort, then they’ll return you a good amount of earnings after the task is completed. It takes around half an hour to do so. So for these two days I earned around RM500.

This is how the scammers establish trust with their victims, and convince them to “invest” to get even more money!

Recommended : Watch Out For Telegram Phishing Attack!

The Scam Happens Very Quickly

The “merchant tasks” is when they start scamming you, and the scam occurs very quickly. You may think that you’re earning a lot of money, but you will never see a cent of it.

So here’s where the fishing begins. A merchant task has started. A rule was stated that I must complete all the tasks given or I will not get the money that I banked in before.

It doesn’t matter how little you “invest” in this “merchant task” scheme. Once you are in, they will quickly use your “earnings” to force you to keep paying them!

I chose the least risk package, give RM300 to get RM360. Then, I was required to continue the next task. Same, I chose the smallest amount RM2000 to get RM2600. Again, need to continue the next task, I chose the smallest RM5000 to get RM7000. Then, RM15000 to get RM19500.

Then, RM40000 to get RM52000. At this point, I still haven’t realize it’s a scam. All I’m focussed on is I need to take back the money that I banked in, so I’m just thinking about completing the tasks given.

By The Time He Realised… It Was TOO LATE!

Because the university student was so engrossed in getting back the money he “invested” earlier, he didn’t realise that he was giving the scammers more and more money… until it was much too late.

There’s one trick that this scammer is using. He let me start with a small investment, then proceed with stages. They force me to continue because I want to rescue the money that I put in in the previous task. So it keeps getting bigger and bigger.

Unfortunately, by the time the university student realised his mistake, it was much too late… He had already lost over RM22K!

At that time, I have not enough money in my bank to fork out RM40k. So I panic and find my friend to lend me some money.

Luckily my friend as a sideliner noticed that this is a scam and stopped me. I woke up finding that evervthing was too late. Just like that, two days, RM22300, gone.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Scammers caught on CCTV by hacker

Many People In The Group Are Scammers

As the university student later realised, many of the people in the group are part of the online job scam syndicate. Their job is to give the victims the perception that this is a legitimate job with many people participating.

During merchant tasks, I’m asked to leave the big group and will be joining a small group of 3-4 members. One of the scary parts in this operation after I realize it’s a scam is that, all the group members in the group are actually controlled by the same person.

Out of the 4 members, two might be playing rich vips who will play the highest package, pressuring you to play with more money, the other person looks like a newcomer like me and plays along with me, choosing the lowest package.

Precautions Were Useless

The university student was actually warned by his parents that it could be a scam. He even prepared for the possibility he could be scammed:

Some Precautions | Made While Attempting This:

I was being very careful with this. I shared with my parents on the first night. My parents did warned me about it being a scam, but didn’t stop me from it since I’m earning something. They just ask me to be extra cautious.

I have two bank accounts, so I moved most of my savings such that I have a “small” account and a “big” account, to prevent losses if anything goes wrong.

I also created a new chat account with another phone number solely for this “part time job”. I also made a plan and promise to only invest my earnings, so I cannot touch my savings.

But as German Field Marshal Helmuth von Moltke once said, “No plan survives contact with the enemy“, and the student’s precaution was useless when he got “emotionally invested” in getting his money back, and ended up taking out all of his saving from the “big account”!

I believe we always read about news of scams in Malaysia, asking why are they so dumb, why they fall into these type of scams. Until I’m in their shoes. I was being very cautious taking the above steps and always remind myself to not be greedy, play only the least risk.

The worse part is, when I’m within that situation and cannot think straight. I even use my savings from my “big” account, just because I want to rescue the money I put in.

Recommended : How To Block Facebook Ads + Pay Scammers!

The university student is now “emotionally depressed” and “thinking about suicide” over the loss of so much money. But do the scammers care? No, they couldn’t care less if people commit suicide over the loss of their hard-earned money.

He has also contacted his bank fraud hotline, and lodged a police report. Unfortunately, he is unlikely to ever recover any of the money he lost. But I hope he understands that his life matters more to his family than money, and he can always make back the money as long as he lives.

Please SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Malaysia To Ban SMS With Personal Details!

Telcos in Malaysia will soon ban SMS messages with personal information, as part of the MCMC’s initiative to prevent scams! Here is what you need to know!

 

Malaysia To Ban SMS With Personal Details!

On Sunday, 2 July 2023, four Malaysian telcos – Maxis, Celcom, Digital and U Mobile will ban SMS messages containing personal information , as part of the MCMC’s initiative to prevent scams.

In addition to the May ban of SMS links, both local and international users will be prevented from sending any SMS message containing:

  • personal details
  • mobile or fixed line phone number
  • banking details like account number
  • MyKad number

All SMS messages containing these forbidden items will not be blocked, but their senders won’t be charged for those blocked messages.

Read more : Malaysian Telcos Ban SMS Links To Prevent Scams!

 

No Ban For SMS With Personal Details Via Short Codes

It should be noted that this ban on SMS messages with personal details do NOT apply to businesses using legitimate Enterprise short codes. They will still be allowed to issue SMS messages with URLs (links), phone numbers, and personal details.

Here are the current Enterprise short codes for Celcom and DIGI, from which you “may” continue to receive SMS messages with hyperlinks (URLs) and personal information.

Telco Enterprise Short Codes
Celcom CelcomDigi / EASYRELOAD
Celcom / CELCOM
2000 / 2901 / 20000 / 78888
28888 / 28882 / 22288 / 28282 / 22888
2001 / 22002 / 22009 / 21888 / 22022 /
22033 / 22162 / 22244 / 22262 / 22990 /
23000 / 23222 / 23777 / 25000 / 25555 /
26664 / 26668 / 26674 / 26680 / 26699 /
27100 / 27200 / 27999 / 28000 / 29888 /
29992 / 29999 / 39131 / 39140 / 39146 /
39170 / 39172 / 39230 / 39231 / 39240 /
39254 / 39258 / 39281 / 39291 / 39442 /
39466 / 39470 / 39471 / 39496 / 39504 /
39505 / 39506 / 39509 / 39513 / 39514 /
39515 / 39518 / 39881 / 39437 / 39132 /
39133 / 39144 / 39162 / 39177 / 39498 /
39502 / 39511 / 39512 / 39495
Digi CelcomDigi / Digi / DigiRewards
200 / 2901 / 2691 / 5001 / 27676
20000 / 21000 / 28879 / 28888 /
28882 / 22288 / 28282 / 22888

Maxis has 5-digit short codes like 1XXXX, 2XXXX, and 6XXXX, but has chosen to block SMS messages containing personal information from their Enterprise short codes:

In order to prevent individuals from becoming online scam scams, the Malaysia Communication and Multimedia Commission (MCMC) has issued a directive to all telcos on 14 February 2023 to block sending and receiving of short messaging service (SMS) from local, international mobile numbers and applications containing below contents:

  • URL link and any clickable link e.g. shorten URL; shorten URL;
  • Request for user’s personal information e.g name, IC number, account number and
  • Mobile and fixed line number

Blockings are being implemented in stages; started from 2 May 2023 for SMS between individuals; the next and last stage is the blocking of SMS containing the above 3 elements from mobile and applications such as Enterprise SMS service and Maxis IoT SIM from 2 July 2023.

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Risky SMS Ban Helpful, But Other Platforms Still A Risk

While this measure is really helpful in reducing scams, the ban is limited to SMS messages. It does not prevent scammers from sending similar scam messages through instant messaging platforms like WhatsApp, Telegram, Facebook Messenger, WeChat, etc.

I should also point out that links are not inherently bad. Links in messages, even SMS messages, are mostly safe.

Perfectly Fine

  • Clicking on a link to read an article / terms and conditions of a promotion
  • Clicking on a link to enrol in a promotion which does not require you to log into any website
  • Clicking on a link to check in for a flight, or get a travel update

However, they can be used to send you to a phishing website which is designed to look like a genuine bank / payment website. Hence, it is critical that you should NEVER log into any website through a link.

NEVER DO THIS

  • Clicking on a link to log into a bank website
  • Clicking on a link to make a purchase or payment
  • Clicking on a link to log into any account / email

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityMobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Wedding Invitation Scam : Don’t Install APK File!

Please watch out for the wedding invitation scam, and find out why you should NEVER install any APK file from strangers!

Find out what’s going on, and warn your family and friends!

 

Wedding Invitation Scam Gone Viral!

A new scam has gone viral on social media in Malaysia – the wedding invitation scam. In this scam, scammers contact their victims on WhatsApp, pretending to send them an APK file as a wedding invitation!

Here is the Malay version of the scam messages, and their English translations.

Dengan rasa kesyukuran, Menjemput Tuan ZAITON OTHMAN Ke Majlis Perkawinan Anak Kami
Sila Klik instal Apk untuk dapatkan kad kahwin digital kami ⬇️⬇️
Sila klik instal nampak kad kahwin digital kami 🙏, agar nak tau Siapa 😀

With gratitude, Inviting Mr. Zaiton Othman to our Son’s Wedding
Please click install Apk to get our digital wedding card ⬇️⬇️
Please click install to see our digital wedding card 🙏, to know who this is 😀

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Wedding Invitation Scam : Don’t Install APK File!

This is yet another example of a Mobile Application Scam, and here are the reasons why…

Fact #1 : APK Is Android Installation File

First, it is important to know that APK files are not used to deliver wedding invitations, or photos and videos.

Short for Android Package Kit, an APK file is used to install software in Android devices. Think of it as the Android equivalent of an EXE installation file for Windows software.

Fact #2 : You Should Never Install APK File, Unless You’re An Expert

APK files, by definition, are merely installation files for Android devices. They can be used for legitimate purposes, as well as nefarious purposes.

However, legitimate Android apps are mostly delivered through proper mobile app platforms like Google Play Store and the HUAWEI App Gallery, where they are often scanned for malware before people are allowed to download and install.

Therefore, you should never download and install an APK file outside of legitimate mobile app platforms, unless you are an expert who needs to “sideload” an APK for a specific reason.

Now, this does not mean that only Android devices are vulnerable. Apple is slated to offer the ability to sideload apps too with iOS 17.

Fact #3 : Scammers Use APK Files To Install Malware

In most, if not all, cases where you receive an APK file from a stranger on WhatsApp, Telegram, through email or social media platforms, it is likely to contain malware.

Scammers use APK files containing malware to gain access to your phone. After you install these malware APK files, scammers can do anything – read your messages, steal your photos and videos, gain access to your TAC / OTP alerts, etc.

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #4 : APK File Scam Not Limited To Wedding Invitations

These mobile application scams are not just limited to wedding invitations, or offers to deliver illicit photos and videos. Scammers have also convinced their victims to install these APK malware files to :

  • book cheap temporary maid / cleaning services
  • book cheap air-conditioning services
  • book exclusive restaurants
  • receive special discounts
  • make investment transactions

Fact #5 : Scammers Use Social Engineering + Stolen Data

It is important to remember that scammers will use a combination of social engineering and stolen / purchased data to convince you to install their APK malware.

They may know your name, your MyKad number, your address and your telephone number. They may even know who is in your family, and even have your bank account or credit card details. All that information can be purchased from unscrupulous sources.

In some cases, scammers have taken over social media accounts and used them to trick the account holder’s family and friends into installing such APK malware files.

No matter who tells you to do it – even if they are your family member or friend, NEVER download and install an APK file.

Recommended : Scam Alert : How Fake Job Syndicates Operate!

Fact #6 : Bank Negara Malaysia Warned About Mobile App Scam

Bank Negara Malaysia has long warned consumers about such mobile application scams.

Be wary of clickable hyperlinks that redirects you to a site, or downloads an application to your phone. Banks will no longer send you any clickable hyperlinks via SMS!

Only download applications from your smartphone’s official application platforms (e.g. Google Play Store, [Apple] App Store, Huawei App Gallery).

Fact #7 : PDRM Confirmed This Is A Scam

On Monday, 19 June 2023, PDRM Commercial Crimes Investigation Department (CCID) Director Datuk Seri Ramli Mohamed Yoosuf warned the public about this wedding invitation scam:

This new tactic asks for an individual to open the link prepared to receive the wedding invitation. However, that’s the trick to steal information from the public and to make online transfer. The public are advised to avoid getting caught up in any message from questionable sources.

Please help us FIGHT SCAMMERS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Money | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Jomo Kwame Sundaram Stock Advice Scam Alert!

WATCH OUT for scammers pretending to be Jomo Kwame Sundaram offering stock advice on Facebook!

Find out what’s going on, and warn your family and friends!

 

Jomo Kwame Sundaram Stock Advice Scam Alert!

Scammers are running Facebook advertisements that claim that famed Malaysian economist, Jomo Kwame Sundaram, is created a WhatsApp group offering free stock investment advice!

I am Jomo Kwame Sundaram
A prominent Malaysian economist.
On June 14th, I said in the stock exchange group:
There have been abnormal transactions in the Southeast Asian stock market in the past two days
Indonesian stock market soars on the 15th, with huge volatility
Now the local exchange has access to supervise the stock movement
Next, Malaysia’s stock market will also experience abnormal fluctuations
Please pay attention to: ADVCON, KPSCE, ICON, MBL these stocks
Related stock abnormal information, I will continue to send in the group
If you haven’t joined the stock exchange group
Please join in time, I will share the stock information I have for free
Master stock information and avoid losing money in the stock market

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Jomo Kwame Sundaram Stock Advice Scam : What You Need To Know!

These Jomo Kwame Sundaram stock investment scams are being promoted heavily on Facebook in 2023, so please alert your family and friends!

Fact #1 : Jomo Kwame Sundaram Reported These Fake Ads

These fake Jomo Kwame Sundaram stock advice advertisements have been promoted on Facebook for several months now. On April 15, 2023, Jomo himself posted about this scam:

*Warning Letter from Jomo Kwame Sundaram*

I regret to inform you that someone is impersonating me. They have established an official website in my name, with many old photographs and other material to give this impression.

I am presented as an education and investment consultant, neither of which is true. There is even a contact telephone number for my supposed assistant.

I have reported the impersonation to Facebook and MCMC with no indication of any action so far. This happened several years ago as well when there was an earlier effort of this type.

I have never given investment advice, and have no intention whatsoever of doing so. It is highly irresponsible for anyone to claim they know the future. Whatever I do on economic and other matters is free for the public, and I urge you not to pay money to anyone who claims to be advising you in my name.

As I have been giving lectures in Tsinghua University in the past week, when this problem began, I did not realize how quickly the problem was growing and failed to act more promptly.

Please warn your friends and loved ones.

Thank you for your cooperation.

jomo

Unfortunately, as many people have discovered, Meta / Facebook does not appear to care about these fake ads. You can report them till kingdom come, but they will just keep running on Facebook as long as these scammers pay for them!

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #2 : Jomo Kwame Sundaram Is A Renown Economist

Jomo Kwame Sundaram is a world-renown economist, who writes extensively on economic policies. However, as he explained above, he is not an investment consultant!

He has better things to do than to offer you free stock investment advice! In May 7, he just published an article called “Inflation phobia, myths and dogma exacerbate policy responses” in the Review of Keynesian Economics.

Fact #3 : One Victim Lost RM480K To Investment Scam!

In November 2022, a 60 year-old housewife from Port Dickson fell for a similar investment scam, and lost almost RM480,000 (about US$104,000).

After being offered the free book on Facebook, she was asked to join a WhatsApp group called Family Discussion, where she was asked to convinced to “invest”.

The WhatsApp group administrator instructed her to download an application called Forza, and open a savings account. She was then asked to deposit money into certain bank accounts, and upload the slips using that Forza app as proof.

The lady withdrew her savings and borrowed from her children and friends to invest RM476,100. However, when she wanted to withdraw the interest paid by the company, her account was blocked. The group administrator told her that she would need to deposit an additional RM427,200 to withdraw the interest.

That was when the lady realised she had been scammed, and lodged a police report.

Please help us FIGHT SCAMMERS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Money | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bursa Malaysia Stock Investment Scam Alert!

Warning – both Datuk Muhamad Umar Swift and Bursa Malaysia are NOT giving out free stock investment advice or books!

Find out what’s going on, and warn your family and friends!

 

Bursa Malaysia Stock Investment Scam Alert!

Scammers are running Facebook advertisements that claim that Datuk Muhamad Umar Swift and/or Bursa Malaysia are giving free investment advice, or free books on stock investing!

Hi everyone, I am Datuk Muhamad Umar Swift
The Chief Executive Officer of Bursa Malaysia Bhd.
Since 2023, the Malaysian stock market has been relatively sluggish🤕🤕🤕
This may be because many stock market investors do not understand stock market trading
I have been blindly following the investment, resulting in a lot of losses
I have also received many letters from investors recently:
Ask if I have improved my trading skills?
Here I recommend a few stock books to everyone!
This can effectively improve your trading skills 💖💖💖
I also prepared 2,000 stock books for everyone📖📖📖
Free gift to Malaysian stock market investors, yes, it’s free!
Please add my assistant’s wapp, she will mail you books for free👇👇👇

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Bursa Malaysia Investment Scam : What You Need To Know!

These Datuk Muhamad Umar Swift and/or Bursa Malaysia free book / investment group scams are being promoted heavily on Facebook in 2023, so please alert your family and friends!

Fact #1 : Bursa Malaysia Reported These Ads As Fake

Bursa Malaysia is aware of these fake advertisements on Facebook, posting this scam alert on May 17, 2023:

[SCAM ALERT] Don’t be fooled by Facebook ads or pages that offer stock advice. Scammers are known to impersonate Bursa Malaysia representatives to lure you into their fake investment schemes. If you have come across ads or pages like this, be sure to report it to Bursa2U along with a screenshot and source link at bursa2u@bursamalaysia.com or call Bursa Malaysia’s Help Centre at +603-2732 0067. Remember to check the Securities Commission Investor Alert List at http://sc.com.my/investor-alert before investing. Contact the National Scam Response Centre hotline 997 if you have been a victim of scam.

[AMARAN SCAM] Jangan terpedaya dengan iklan atau halaman Facebook yang menawarkan nasihat saham. “Scammer” seringkali menyamar sebagai wakil Bursa Malaysia untuk memujuk anda ke dalam skim pelaburan palsu mereka. Jika anda menjumpai iklan atau halaman seperti ini, pastikan anda melaporkannya kepada Bursa2U berserta tangkapan skrin dan sumber pautan ke bursa2u@bursamalaysia.com atau hubungi Pusat Khidmat Bursa Malaysia di talian +603-2732 0067 . Semak Senarai Amaran Pelabur Suruhanjaya Sekuriti di http://sc.com.my/investor-alert sebelum melabur. Hubungi talian hotline Pusat Respons Scam Kebangsaan 997 jika anda menjadi mangsa penipuan.

#StayAlert #ScamAlert #TakNakScam #JanganKenaScam

Fact #2 : Bursa Malaysia Is Not A Charity

Please do NOT be naive. Bursa Malaysia is not only the stock exchange of Malaysia, it is also a public listed company, whose focus is to make money, not a charity to give you free books or advice!

Datuk Muhamad Umar Swift is not only the CEO of Bursa Malaysia Berhad, he is also the director of its subsidiary companies. He certainly has more important (and profitable) things to do than to create a WhatsApp group to answer YOUR questions or advice YOU on what stocks to buy!

Recommended : Can SIM Swap empty bank accounts without warning?!

Fact #3 : Bursa Malaysia Does Not Use WhatsApp To Communicate

Bursa Malaysia offers a multitude of contact options by snail mail, online forms on their Bursa2U portal, email or telephone.

What it does not have is a WhatsApp account. So when scammers message you to collect your “free books” using WhatsApp, or ask you to join the Bursa Malaysia WhatsApp group, be warned!

Datuk Muhamad Umar Swift (fake) : I’m sorry because too many people have privately messaged me, please click to add administrator 👇whatsapp👇, send “PM” to join our company’s free communication group! https://wa.me/6019527xxxx

The real Datuk Muhamad Umar Swift, and Bursa Malaysia, will never ask you to join a WhatsApp group for any reason, whether it’s for investment advice, stock tips, or to buy and sell stocks, etc.

Fact #4 : One Victim Lost RM480K To Investment Scam!

In November 2022, a 60 year-old housewife from Port Dickson fell for a similar “free book” scam, and lost almost RM480,000.

After being offered the free book on Facebook, she was asked to join a WhatsApp group called Family Discussion, where she was asked to convinced to “invest”.

The WhatsApp group administrator instructed her to download an application called Forza, and open a savings account. She was then asked to deposit money into certain bank accounts, and upload the slips using that Forza app as proof.

The lady withdrew her savings and borrowed from her children and friends to invest RM476,100. However, when she wanted to withdraw the interest paid by the company, her account was blocked. The group administrator told her that she would need to deposit an additional RM427,200 to withdraw the interest.

That was when the lady realised she had been scammed, and lodged a police report.

Please help us FIGHT SCAMMERS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : How Fake Job Syndicates Operate!

Find out how fake job syndicates operate, and how they reel you into their scams, and cheat YOU of your hard-earned money!

Make sure you SHARE this article, to warn your family and friends to avoid the fake job scams!

 

Fake Job Scams : What Are They?

Fake job scams have been around for a long, long time. But fake job syndicates have become more active recently, probably because more people are getting laid off, and inflation is eating into our money.

Fake job scams come in a variety of ways, but most commonly, you get unsolicited messages through WhatsApp or iMessage, offering you the opportunity to make a lot of money through part-time work, in the comfort of your own home.

Good day YouTubers!! This is Alexa from Youtube Entertainment. We invite you to participate in our event by liking and subscribing to our channel and we will give you XXX. Please reply “YES” if you are interested. Thank you.

Hi, I’m the recruitment manager of XYZ company. XYZ invites you to do regular work at home.

You can easily earn [large amounts of money] with your mobile phone every day, and your salary will be settled on the same day.

Please add my WhatsApp to sign up. The number of places is limited, only for today.

Hey! You have been selected for a job. Daily salary XXXX to YYYYY. WhatsApp [number removed]. Reply YES to apply.

Recommended : How To Block Facebook Ads + Pay Scammers!

 

Scam Alert : How Fake Job Syndicates Operate!

I personally have received many of such fake job offers, and have always ignored them. But when I saw a sudden surge of fake job offers, I decided to look into it. I also wanted to find out how they worked.

So I took a dive into two different fake job scams last week, and here was what I found…

How They Reel Their Victims In

It all starts with scammers tasked with “fishing” for victims. They will try to contact you by email, Facebook Messenger, SMS, WhatsApp, Telegram, or iMessage. Regardless of the method, the hook is simple – we are offering you an EASY way to make A LOT of money!

Once you are suitably impressed, these “fishing” scammers will offer you a simple task to show you just how easy it is to make a lot of money. To entice me, the two scammers offered me a pretty good sum of money for a very simple task:

Syndicate A : Subscribe to this YouTube channel, and send me the screenshot to receive XXXX.

Syndicate B : Like this YouTube video, and send me the screenshot to receive YYYY.

Recommended : Watch Out For Telegram Phishing Attack!

The Fishing Scammer Hands You Over To The Syndicate

After you complete that task, the fishing scammer then hands you off to the actual fake job syndicate, ostensibly for payment. You are asked to contact the company secretary / account manager on Telegram, with a “payment code”.

From what I surmise, the “payment code” is actually the fishing scammer’s referral code – they get paid for every victim they send the syndicate.

This will be your last contact with these fishing scammers. They are off to reel in more victims!

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Syndicate Baits You With Payment

The syndicate secretary / account manager will ask you to register your details with them, but they are not too particular with any details, except for your phone number. If you give them the fake number, they will know because they will check with the fishing scammer using their referral code. But feel free to give them other fake details – they won’t care.

The fake job syndicate will then send you the payment for that “test” job, using a mule account. If you ask them why they are sending you the money through a different company account or even a random person’s account, they will tell you that they have many bank accounts because of daily transaction limits.

Syndicate Baits You With Simple Tasks

The syndicate will then add you to their Telegram channel offering multiple tasks per day. Instead of YouTube channels or videos, you are tasked to very simple tasks like:

  • open a link to a product page on an online shopping platform
  • take a screenshot of that product page
  • post that screenshot to the Telegram group
  • share that screenshot with your syndicate agent

You will breeze through the first three tasks easily, and the fake job syndicate will pay you promptly.

Fantastic, isn’t it? What could go wrong? After all, there are hundreds of other people participating in the same tasks, and getting paid!

Recommended : Can SIM Swap empty bank accounts without warning?!

Syndicate Tempts You With Pay To Earn Scam

At this point, you have done some calculations, and realise that you can easily make good money every day doing these simple tasks.

That’s when the fake job syndicate offers you the opportunity to make some serious cash. But there’s one catch – you need to PAY them to get access to jobs with serious money.

For every dollar you prepay, the fake job syndicate promises that you will get that back PLUS 10% to 30%, within minutes. Just in case you are worried about losing your money, hey, they are offering a refund. Honest!

And how can they offer you so much money for so little work? The syndicate throws in the magic word – cryptocurrency! Of course! That’s the only way anyone can make tons of money easily, with both eyes closed!

Recommended : BitiCodes Scam Alert : Fake Celebrity Endorsements!

Syndicate Pressurises You With Bots

To convince you that they are legit, you will see many people posting screenshots of their payments to the Telegram group. They will also publicly announce how much they are investing. In some cases, they also post excitedly about how much money they already made, and how much they plan to make today.

This is just a charade to make you believe that people are really making money through this scheme. Most of these “participants” appear to be bot accounts, with a few sock puppet accounts. If you monitor these accounts over time, you will see them change names. I even spotted one of these fake participants (mercado livre in the screenshot above) become the Telegram group admin!

The genuine victims are those asking questions in the group like “We have to prepay?” But oddly enough, no one else in the group (except the Telegram group admin) will respond. That’s not how real people behave.

And if you check their receipts, you will notice some discrepancies in their receipts, which suggest that they were edited:

  • transfers within the same bank were labelled as transfers “to other banks”.
  • account numbers are too short / long for that particular bank

The others are possibly genuine receipts (by people who were scammed earlier), with their dates and times changed.

Recommended : 2023 Turkey Earthquake : Fake Photos + Scam Alert!

Once You Pay, It’s Game Over

I managed to get in touch with two victims of this scam, who claimed that once they deposited the prepaid amount, they were ghosted and removed from the Telegram group.

So that appears to be the scam – they bait you with a bit of money, until you are convinced that they are real. Then once you prepay them for the “big job”, they dump you right away.

Your assigned syndicate agent will block you, and you will get kicked off the Telegram group, which often disappears after scamming a few victims. Often, you will find your Telegram conversations with them mysteriously deleted. By then, it’s much too late – you have already lost your money.

To ensure they don’t lose money, they will price the introductory offer low enough to entice victims, but high enough to cover their costs and then some. But they will inevitably score some big fish, which is why the fake job scam persists.

Now that you know how the fake job scam works, please DO NOT get trapped into it! NEVER pay to get a job. It is just a scam!

Please SHARE this article out, and WARN your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Gigabyte motherboards shipped with firmware backdoor!

Millions of Gigabyte motherboards and laptops shipped with a built-in backdoor in its UEFI firmware!

Here is what you need to know about this cybersecurity danger, and what you can do about it!

 

Gigabyte Motherboards Shipped With Firmware Backdoor!

On 31 May 2023, researchers at the cybersecurity firm Eclypsium revealed that 271 Gigabyte motherboard models have been compromised with UEFI firmware with a built-in backdoor!

Eclypsium’s heuristic detection methods recently began flagging suspicious backdoor-like behaviour in Gigabyte motherboards. When its researchers looked into it, they found that Gigabyte motherboard firmware was executing a Windows native executable during the system start up process. This executable then insecurely downloads and executes additional payloads.

From their analysis, the executable appears to be a legitimate Gigabyte module called WpbtDxe.efi:

  • it checks to see if the “APP Center Download & Install” feature is enabled
  • it downloads executable payloads from Gigabyte servers
  • it has a Gigabyte cryptographic signature

They also found that the downloaded payloads have Gigabyte cryptographic signatures too, which suggest that this firmware backdoor was implemented by Gigabyte itself.

However, Eclypsium researchers discovered that the Gigabyte implementation had a number of problems, which would make it easy for threat actors to abuse the firmware backdoor:

  • one of its payload download locations lacks SSL (using plain HTTP, instead of the more secure HTTPS), allowing for Machine-in-the-middle (MITM) attacks
  • remote server certificate validation was not implemented correctly even when the other two HTTPS download locations were used, which allows for MITM attacks
  • one of its payload download locations is a local network-attacked storage device (NAS), which could allow a threat actor to spoof the location of the NAS to install their own malware
  • the Gigabyte firmware itself does not verify any cryptographic signatures, or validates the downloaded executables.

In short – millions of Gigabyte motherboards have a cybersecurity vulnerability, due to their firmware which includes an insecure / vulnerable OEM backdoor. As John Loucaides from Eclypsium put it:

If you have one of these machines, you have to worry about the fact that it’s basically grabbing something from the Internet and running it without you being involved, and hasn’t done any of this securely.

The concept of going underneath the end user and taking over their machine doesn’t sit well with most people.

Note : This vulnerability affects all computers using Gigabyte motherboards, including laptops.

 

Gigabyte Rolls Out New Firmware To Mitigate Backdoor!

After the news blew up inconveniently during Computex 2023, Gigabyte quickly rolled out new beta firmware upgrades for its AMD and Intel motherboards.

According to Gigabyte, the new beta firmware upgrades have “improved security mechanisms” that will “detect and prevent malicious activities during the boot process“. It also appeared to have implemented other changes:

  • enhanced the signature verification process for fils downloaded from its remote servers
  • conduct more thorough checks of file integrity to prevent the introduction of malicious code
  • enabled standard cryptographic verification of remote server certificates

The new firmware has just been released for AMD 600-series motherboards, as well as Intel 500- and 400-series motherboards, but will eventually be introduced for older motherboards. The new firmware will have the description, “Addresses Download Assistant Vulnerabilities Reported by Eclypsium Research“.

As Gigabyte does not intend to remove the backdoor feature, you might want to consider Eclypsium’s advice on how best to reduce the risk of malicious actors taking advantage:

  1. Scan and monitor systems and firmware updates in order to detect affected Gigabyte systems and the backdoor-like tools embedded in firmware. Update systems to the latest validated firmware and software in order to address security issues like this one.
  2. Inspect and disable the “APP Center Download & Install” feature in UEFI/BIOS Setup on Gigabyte systems and set a BIOS password to deter malicious changes.
  3. Administrators can also block the following URLs:
    – http://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
    – https://mb.download.gigabyte.com/FileList/Swhttp/LiveUpdate4
    – https://software-nas/Swhttp/LiveUpdate4

For starters, you should definitely download and update your Gigabyte motherboard or laptop with the improved firmware. Then disable APP Center Download & Install in the BIOS.

Let’s hope Gigabyte will be able to quickly issue new and improved firmware to mitigate, if not remove, the backdoor vulnerability for the affected 271 motherboard models, and its future motherboards and laptops. Even so, many users might not be aware of this vulnerability or these updates.

It seems likely that threat actors will have access to this backdoor vulnerability in many Gigabyte motherboards and laptops for years to come. Even Eclypsium’s Loucaides believes so:

I still think this will end up being a fairly pervasive problem on Gigabyte boards for years to come.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Computer | Cybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Restaurant Menu QR Code Hack Your Phone?!

Did the FBI just warn people to avoid using the restaurant menu QR code, because it can hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : FBI Says Restaurant QR Code Can Hack Your Phone!

People are sharing a Daily Mail article, or screenshots of it, which claims that the FBI just warned people not to use any restaurant menu QR code because it can allow hackers to steal your data!

Here is an excerpt from the Daily Mail article. Feel free to skip to the next section for the facts!

Why you should ALWAYS ask for a physical menu: FBI warns hackers are planting fake QR CODES in restaurants that steal your data when you click the link

  •  Scammers are making fake QR codes to place on top of real ones 
  • This is letting them access smartphones and steal personal data

QR codes have become the new default for accessing restaurant menus across the US post-Covid — but scammers are seizing upon the new practice.

The FBI warns thieves are creating fake QR codes and planting them at eateries, retail shops and even parking meters.

Instead of taking you to an online menu or checkout, the links instantly download malware onto your device, stealing your location and personal information

The FBI has urged consumers to look out for typos or misplaced letters in URLs accessed through QR codes and ask restaurants for a physical menu.

Recommended : MSI Users At Risk Of Rogue BIOS / Firmware Updates!

 

Truth : FBI Did Not Say Restaurant QR Code Can Hack Your Phone!

This appears to be a “misunderstanding” of an actual FBI warning about QR codes. Here is what you need to know about the risks of scanning a QR code for a restaurant menu.

Fact #1 : FBI Issued QR Code Warning In January 2022

I could find no reference to a recent QR code warning by the FBI, and oddly enough, The Daily Mail did not provide a source or link to the FBI warning its article was referring to.

The FBI only released one public service announcement (PSA) about QR codes, and that was Alert Number 1-011822-PSA which was released on January 18, 2022.

If that was the source for the Daily Mail article, then it’s more than a year old, and not recent as the article appears to suggest.

Fact #2 : FBI Warned About General QR Code Risk

The FBI advisory was a general warning about the risks of tampered QR codes. Specifically, it warned about cybercriminals tampering with both digital and physical QR codes.

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site…

Fact #3 : FBI Advisory Did Not Mention Restaurant / Menu

Interestingly, the entire FBI advisory did not once mention restaurants or menus, and that makes a lot of sense.

It is odd to focus on the risk of using QR codes for online menus in restaurants, when they are used in so many other ways today – from making mobile payments, as mobile tickets, login tokens, etc.

Any security risk involving restaurant menu QR codes would also apply to QR codes used for other purposes. So it really doesn’t make sense for the FBI to “pick on” restaurant menu QR codes.

Recommended : Can Approve New Participant block WhatsApp hackers?!

Fact #4 : QR Code Is Not Malicious In Nature

QR code (which is short for Quick Response code) is not nefarious or malicious in nature. The FB advisory specifically pointed that out – “QR codes are not malicious in nature“.

The QR code is merely a type of two dimensional barcode that was invented in 1994 by the Japanese company, Denso Wave, to track automotive parts. It has since been adopted for other purposes because it is more efficient and can support more than just numbers. For example, Version 40 QR code can contain up to 7,089 numbers or 4,296 characters.

Ultimately, a QR code is nothing more than a series of numbers or characters – data which can be used for a variety of purposes, including providing a link to an online restaurant menu.

Fact #5 : QR Code Can Be Tampered With

It is true that QR codes can be tampered with. In fact, the FBI advisory was issued after Texas police departments discovered fraudulent QR code stickers on parking meters in San Antonio and Austin. Drivers who scanned those fake QR codes were taken to a scam website. instead of the real payment website.

Hence, the FBI issued that warning to remind people to check the URL link to make sure that it is the intended website, and not a phishing page with a similar link. For example, the fake website may use www.quikpay.com when the real website is www.quickpay.com.

To completely avoid this risk, avoid using QR code to access a payment website. Always go directly to the payment website on your smartphone’s web browser by keying in the link yourself. Genuine payment labels with a QR code will often include a direct URL link for you to use as a safer alternative.

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #6 : Restaurant Menu QR Code Is Low Risk

While scammers can place fraudulent QR codes over genuine ones at restaurants, bars, and other eateries, this is a very unlikely attack vector.

That’s because restaurants often use QR codes to redirect you to an online system to order food and drinks for your table. Imagine if you scan a fraudulent QR code and are asked to key in your credit card details. That would be absurd, and you would surely complain to the waiter since you haven’t even ordered your food!

In most cases, you are not expected to pay at the table using QR code. You either pay using cash / credit card / mobile payment using QR code at the payment counter. Even if that QR code is compromised, the cashier would notice it immediately as any payment made using that QR code would not reflect in the restaurant’s point-of-sale (POS) system.

And payment only occurs after dining – a fraudulent QR code that leads you to a fake website won’t allow you to actually order anything, since it’s not connected to the real restaurant and its ordering system. That’s why this attack vector is highly improbable.

In any case, many restaurants now generate temporary QR codes on disposable paper stubs to avoid this risk. The QR code is only valid for your dining session. The next person to dine at the same table will receive a different QR code.

Fact #7 : QR Code Can Potentially Inject Malware

It is possible for QR code to inject malware into the smartphone that you are using to scan. In fact, there are apps like QRGen that allow scammers / hackers to easily generate malicious QR codes. However, it isn’t quite as simple as the article makes it out to be.

For one thing – malware and exploits are limited to specific operating systems or phone models. For example, an Android exploit / malware won’t work on iPhones. Or an exploit / malware that makes use of an Android 11 vulnerability won’t work on newer / updated Android smartphones since they would have patched the exploit.

Second – any malware will require considerable amounts of code to load. The scammer / hacker will have to use an enormous QR code like the version 40 example below, or it will need to convince you to download and install the malware package itself.

Recommended : Must You Disable Facebook Auto-Fill To Block Scams?!

Genuine restaurant menu QR codes are simple – like the version 1 / version 10 examples above, because they only serve a link to their online menu / ordering system. If you see a large and complex QR code like the version 40 example, avoid scanning it, and ask the restaurant staff to verify its authenticity.

Restaurant menu QR codes would also never ask you to download or install anything. They only serve to load a link to an online menu / ordering system, so if you are asked to download or install anything, do NOT proceed, and notify the restaurant.

These tips also apply to other businesses that use QR codes to show you a menu, discounts, offers, information, etc.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MoneyTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Malaysian Telcos Ban SMS Links To Prevent Scams!

Malaysian telcos have started banning SMS links, as part of the MCMC’s initiative to prevent scams! Here is what you need to know!

 

Malaysian Telcos Ban SMS Links To Prevent Scams!

On Tuesday, 2 May 2023, four Malaysian telcos – Maxis, Celcom, Digital and U Mobile started banning SMS links, as part of the MCMC’s initiative to prevent scams.

From this day onwards, users will be blocked from sending or receiving SMS with a link. MCMC had earlier issued the directive to all telcos on February 14, 2023, but the ban on SMS links is only now being implemented.

The ban on SMS links is currently not mandatory for all telcos, and is being implemented in phases. Currently, the ban is limited to SMS between individuals.

Businesses using short codes like 6XXXX, 2XXXX and 1XXXX will eventually be banned from including a URL link in their SMS messages. They will be given time to switch to other methods to send promotional messages with links to their customers.

The MCMC has issued a directive to all telcos to block sending and receiving of SMS with URL link. The objective is to prevent users from becoming victims of online scams

MCMC issued the directive to all service providers on Feb 14 and is currently assessing the progress. For now, the block is still not mandatory.

The blocking of person-to-person SMS with URL links will take effect from 2 May 2023. For SMS sent by business via short codes such as 6XXXX, 2XXXX and 1XXXX, this will be done later and specific notification to business users will be sent.

Malaysia Deputy Communications and Digital Minister Teo Nie Ching said in February 2023 that blocking such SMS links will ensure that people won’t click on them and possibly end up as a scam victim.

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

 

Only SMS Links Banned, Links Via Other Platforms Still A Risk

While this measure is really helpful in reducing scams, the ban is limited to SMS links. Scammers can still send links through instant messaging platforms like WhatsApp, Telegram, Facebook Messenger, WeChat, etc.

That does not mean that links are inherently bad. Links in messages, even SMS messages, are mostly safe.

Perfectly Fine

  • Clicking on a link to read an article / terms and conditions of a promotion
  • Clicking on a link to enrol in a promotion which does not require you to log into any website
  • Clicking on a link to check in for a flight, or get a travel update

However, they can be used to send you to a phishing website which is designed to look like a genuine bank / payment website. Hence, it is critical that you should NEVER log into any website through a link.

NEVER DO THIS

  • Clicking on a link to log into a bank website
  • Clicking on a link to make a purchase or payment
  • Clicking on a link to log into any account / email

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > CybersecurityMobile | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can hackers use Good Morning greetings to hack you?!

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?!

Find out what is happening, and what the FACTS really are!

Updated @ 2023-04-21 : Updated with a new 2023 version of the hoax
Originally posted @ 2022-11-01

 

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.
Warning from Olga Nikolaevnas lawyer:

Recommended : Can Approve New Participant block WhatsApp hackers?!

 

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Recommended : Scam Alert : Watch Out For Telegram Phishing Attack!

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MSI Users At Risk Of Rogue BIOS / Firmware Updates!

MSI users are at risk of rogue BIOS / firmware updates, after hackers got hold of its source codes, private keys and BIOS firmware!

 

MSI Hit By Ransomware Attack + Data Theft!

On 7 April 2023, MSI (Micro-Star International) was hit by a ransomware attack, in which the hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys and other data from its servers.

In its terse regulatory filing with the Taiwan Stock Exchange (TWSE), MSI admitted that it was hacked, but did not detail the circumstances or nature of the attack.

After detecting some information systems being attacked by hackers,MSI’s IT department has initiated information security defense mechanism and recovery procedures. The Company also has been reported the anomaly to the relevant government authorities.

MSI claimed that the attack had “[no] significant impact our business in terms of financial and operational currently“, but said that it was “enhancing the information security control measures of its network and infrastructure to ensure data security.

In a public statement, MSI also urged users to only obtain firmware / BIOS updates from its official website, and refrain from using other sources.

Read more : MSI Hit By $4 Million Ransomware Attack + Data Theft!

 

Stolen Data Exposes MSI Users To Rogue BIOS / Firmware Updates!

The MSI ransomware attack and data theft appear to be committed by the Money Message ransomware gang, which has threatened to release the 1.5 terabytes of critical data that it exfiltrated from MSI servers.

While MSI has apparently restored files encrypted by the ransomware, exposure of the private keys and source codes, will likely allow Money Message or other threat actors to develop rogue BIOS or firmware updates.

Installing rogue BIOS / firmware updates will give the malware the access level of a super-low-level rootkit, giving it full control over your computer, with the ability to spy on almost everything you do. Such malware will also be extremely difficult to detect and remove. After all, it boots up before the operating system!

These days, rogue BIOS or firmware updates are much less of a problem because they are usually digitally-signed by the vendor, MSI in this case. Even if threat actors distribute Trojanised downloads for MSI users, they cannot create the right digital signatures for those files.

However, now that MSI’s private keys have been stolen, they can be used to create rogue BIOS or firmware updates with authentic digital signatures! MSI users downloading and installing those updates will never know the difference.

Recommended : Can Approve New Participant block WhatsApp hackers?!

The biggest risk right now is with PC hardware enthusiasts who enjoy installing unofficial firmware updates to gain access to special settings. That is precisely why MSI is urging its users to only download files from its official website.

Of course, this assumes that the MSI download servers are secure, and have not been compromised. If the threat actors have access to the MSI download servers, they can insert Trojanised downloads with proper signatures, and MSI system administrators may be none the wiser!

Let’s hope that this incident forces MSI to take a much closer look at its cybersecurity measures, and run penetration tests to ensure that its download servers are secure. Otherwise, some threat actors will likely hit pay dirt with MSI users!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | ComputerTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

MSI Hit By $4 Million Ransomware Attack + Data Theft!

MSI just got hit by a massive ransomware attack, but even worse – it lost a ton of critical data to the hackers!

 

MSI Hit By Ransomware Attack + Data Theft!

On 7 April 2023, MSI (Micro-Star International) was hit by a ransomware attack, in which the hackers allegedly exfiltrated 1.5 terabytes of source codes, BIOS firmware, private keys and other data from its servers.

In its terse regulatory filing with the Taiwan Stock Exchange (TWSE), MSI admitted that it was hacked, but did not detail the circumstances or nature of the attack.

After detecting some information systems being attacked by hackers,MSI’s IT department has initiated information security defense mechanism and recovery procedures. The Company also has been reported the anomaly to the relevant government authorities.

MSI claimed that the attack had “[no] significant impact our business in terms of financial and operational currently“, but said that it was “enhancing the information security control measures of its network and infrastructure to ensure data security.

In a public statement, MSI also urged users to only obtain firmware / BIOS updates from its official website, and refrain from using other sources.

Read more : MSI Users At Risk Of Rogue BIOS / Firmware Updates!

 

Hackers Demand $4 Million From MSI To Not Release Stolen Data

The MSI ransomware attack and data theft appear to be committed by the Money Message ransomware gang.

While MSI has apparently restored files encrypted by Money Message’s ransomware, the gang now has access to about 1.5 terabytes of critical MSI data.

According to BleepingComputer, chats between Money Message and an MSI representative show the gang demanding a ransom payment of $4 million. Otherwise, Money Message will release the stolen files.

To show that they did indeed steal those MSI files, Money Message posted screenshots of what they describe was MSI’s Enterprise Resource Planning (ERP) databases and files containing software source code, private keys, and BIOS firmware.

Recommended : Can Approve New Participant block WhatsApp hackers?!

If Money Message releases MSI confidential data, it may not just be embarrassing for the Taiwanese company, it could allow other threat actors to use the source code and private keys to create malware targeting their customers.

In light of that, MSI users should only download and install software or BIOS firmware from the official MSI website.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Business | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!