Tag Archives: Cyber

Free TNG RFID Bar Code Scam Fact Check!

Will your phone get hacked if you scan the TNG RFID bar code?! Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-11-17 : Added new version, and more details.
Originally posted @ 2023-05-10

Claim : Scanning TNG RFID Bar Code Can Hack Your Phone!

This warning about an RFID bar code scam has gone viral on WhatsApp, and social media, claiming that scammers are sending people free TNG RFID stickers, and asking them to scan the bar code.

Allegedly, scanning the TNG RFID bar code will cause your phone to be hacked by these scammers!

They send the RFID to you. When you scan the bar code they hack your hp
It’s a scam

他们将 RFID 发送给您。当您扫描条形码时，他们会入侵您
这是一个骗局

Mereka menghantar RFID kepada anda. Apabila anda mengimbas kod bar mereka menggodam anda
Ia satu penipuan ☠️👻💩😱😰

If you get this free RFID card via courier, please throw away. Another scam.

Truth : Scanning TNG RFID Bar Code Will NOT Hack Your Phone!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media, and here are the reasons why…

Fact #1 : TNG RFID Bar Code Cannot Hack Your Phone

First of all – let me just say that the TNG RFID bar code cannot hack your phone. In fact, no one can hack your phone just because you scan an RFID bar code.

The bar code is nothing more than a series of numbers, which you can readily see printed under the bar code. These numbers cannot possibly hack your phone / smartphone.

Fact #2 : TNG Bar Code Is Used To Register RFID Sticker

The bar code visible in the clear window of the TNG RFID self-fitment kit is merely the serial number for the RFID sticker (also known as an RFID tag).

This serial number is used to register the RFID sticker, by scanning scan the bar code using the TNG eWallet mobile app. All it does is link the RFID sticker to your TNG eWallet account, so that all toll charges are automatically deducted from that account.

Fact #3 : TNG RFID Swapping Can Be Easily Detected

One of our readers suggested that the scammer might have swapped out the bar code, to trick you into registering a different TNG RFID sticker owned by the scammer.

This would allow the scammer to use his/her TNG RFID sticker to go through highway tolls for free, while you would be charged for his/her travels.

While that is plausible, it would be quickly detected by the victim who would not be able to use the RFID sticker to get through the toll. The victim would also be able to detect the illegal charges to his/her TNG eWallet account.

Fact #4 : TNG RFID Is Unique To Each Chip

One of our readers suggested that the scammer may be trying to trick people into scanning the barcode of a duplicated RFID sticker. The scammer can then use the duplicate RFID sticker to go through tolls, which would be charged to the victims’ TNG eWallet accounts.

Now, Touch ‘n Go has not revealed much about how it is protecting its RFID stickers, only saying that each TNG RFID sticker has an embedded radio-frequency chip that makes every sticker “unique to each customer”.

But that suggests that the RFID stickers are not only encrypted, the chip has a private key that prevents duplication, which makes a lot of sense. Without such encryption and private key, anyone can literally just read the number off any RFID sticker in a parking lot, and duplicate it in a programmable RFID sticker.

Unless the scammer has somehow stolen the private keys, and can perfectly duplicate the RFID stickers, this seems like an improbable scam. More so when the scammers would be limited to using the tolls for free. Hardly worth the effort, if you ask me.

Fact #5 : There Are Easier + Cheaper Ways To Hack Your Phone

Truth be told – there are far easier and cheaper ways to hack your phone, than send you a free RFID sticker and ask you to scan the bar code.

These scammers will have to put in considerable expense and technical expertise into hacking the TNG eWallet app, and inserting their malware that the fake RFID number would trigger.

But why bother? If they can hack the TNG eWallet, they don’t even need to send you any fake RFID bar code to scan!

Making fake RFID stickers (tags) that look like genuine TNG RFID self-fitment kits costs money. Sending these fake kits also put them at risk, because deliveries can be traced.

There are many other ways to compromise your smartphone. There is simply no reason why scammers to waste time and money on such a convoluted scheme.

Fact #6 : Packages Do Get Delivered Wrongly

The most plausible explanation for receiving a free TNG RFID sticker out of the blue is that it was wrongly delivered to you. If you receive one, check the name and address on the package. It may not be meant for you. In that case, contact the delivery company and have them resend it to the right person.

I have also personally experienced receiving packages that I did not order, some of which appear to be sent due to a database error of some sort – my name and phone number are on the package, but the address was wrong or non-existent.

Out of an abundance of caution, just don’t install any RFID sticker that you did not order. Or you can call up TNG to verify that the RFID sticker is legitimate.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can You Get Free Cash Via MyKasih App?!

Leave a reply

Is the MyKasih Foundation giving out RM1000 or RM1200 cash aid via its mobile app?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Get Free Cash Via MyKasih App!

Many people are getting messages about getting free cash through the MyKasih Foundation on WhatsApp and Telegram, from their family members and friends:

Terkini: Bantuan Percuma RM1000 Ke Dalam MyKad : Rujuk Cara Semakan & Syarat Kelayakan

Latest: Free RM1000 Assistance Into MyKad : How To Check & Eligibility Conditions

Jom claim RM1200

MyKasih Foundation : Cek MyKad Boleh Dapat Wang RM1000 Secara Percuma

MyKasih Foundation : Check MyKad To Get Free RM1000

Bantuan Tambahan STR 2023 MySARA RM800: Semakan Status & Tarikh Bayaran

Additional STR 2023 MySARA Assistance RM800: Check Status & Payment Date

Truth : MyKasih Free Cash App Is A Scam!

This is yet another example of SCAMS circulating on WhatsApp and Telegram, and here are reasons why…

Fact #1 : MyKasih Free Cash Initiative Is A Scam!

First, let me just point out that these messages on WhatsApp and Telegram, as well as the websites promoting the MyKasih free cash initiative is a scam!

The Malaysian government have already labelled these free cash offers as FAKE NEWS on Facebook and Twitter. Here is a non-exhaustive list of links that have been identified as scam links:

my.mykasihh.online

l.my-kasihapp.com

apps-mykasih.co/twe

There’s no need to memorise these links. These scammers will keep changing them.

Just know that the official MyKasih website is www.mykasih.com.my. Do NOT go to any other website when it comes to the MyKasih Foundation website.

Fact #2 : Those Accounts Were Hijacked

Those viral messages are actually coming from WhatsApp and Telegram accounts that have been hijacked by scammers. That’s why they are so convincing.

Those are really the actual WhatsApp and Telegram accounts of your family members or friends. But they have been taken over by scammers using tricks like the screenshot hack.

Take this opportunity to tighten the security of your own Telegram and WhatsApp accounts, by turning on two-step verification!

Fact #3 : SARA Cash Aid Is Only RM600

As part of its initiative to help the hardcore poor handle the high inflation this year, the Malaysia Ministry of Finance announced SARA (Sumbangan Asas Rahmah).

However, the SARA cash aid is only RM600, and limited to the hardcore poor. There is no way for anyone to get RM800, RM1000 or RM1,200 in SARA cash aid from the government.

RM100 x 6 months is credited directly into the MyKad of eligible hardcore poor, allowing them to purchase a limited list of essential goods from grocery stores and supermarkets across Malaysia, from July to December 2023.

In Sabah and Sarawak, the RM600 is credited directly into the bank account, or provided as cash through Bank Simpanan Nasional branches.

Fact #4 : SARA Recipients Are Automatically Selected

There is no need to apply for SARA cash aid. For one thing – it only applies to the hardcore poor. If you are reading this on a computer or a smartphone, you very likely do not qualify as “hardcore poor”.

SARA recipients are automatically determined using the existing eKasih Hardcore Poor data, and includes those who had earlier qualified for the STR 2023 cash aid.

Fact #5 : Real Website Asks Only For Your MyKad

Qualification for the SARA cash aid of RM600 is based entirely on your MyKad number.

On the official Sumbangan Asas Rahmah (SARA) website, you can check for your eligibility using your MyKad number only.

The fake websites look just like the real SARA website, but instead of asking for your MyKad number, they will ask you for your mobile number and ask you to submit a TAC number.

Needless to say – these are scam websites. You should NEVER submit your phone number or any TAC codes.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Is It Dangerous To Exit WhatsApp Exit Scam Groups?!

Leave a reply

Is it dangerous to exit WhatsApp scam groups? Or quitting such scam groups on WhatsApp cause your phone to be hacked?!

Take a look at the viral claim, and find out what the facts really are!

Claim : It Is Dangerous To Exit WhatsApp Scam Groups!

People are sharing this warning about quitting WhatsApp scam groups using the Exit Group link option! Take a look!

Here’s another Scam chat group. DO NOT CLICK ON ITS EXIT GROUP BUTTON to exit, instead go to your top right 3dots and click on exit group or report.

Clicking on the group’s exit button might have dire consequences..

Truth : It’s Not Dangerous To Exit WhatsApp Scam Groups!

This viral warning was likely created by well-meaning but clueless Internet “experts” who are apparently not tech-savvy enough to understand what’s going on.

Fact #1 : No Evidence Of WhatsApp Exit Group Hacking

First, let me just point out that there is no evidence that anyone was ever hacked after using the Exit Group link to get out of any WhatsApp group, whether they are scam groups or otherwise.

Even if an enterprising hacker / scammer was able to create a message with a fake Exit Group button that downloads an APK (Android Package Kit) file, it won’t automatically install that file. You will need to manually install the APK file from the Downloads folder.

Those who know how to do that would be tech-savvy enough to avoid installing APK files from unknown sources. Those who don’t know how to do that would not be able to install the downloaded APK file.

Fact #2 : WhatsApp Exit Group Option Is Genuine

The truth is – the Exit Group link that you may see in new messages from strangers is not a scam or a trick. It also does not download or install any APK file.

The Exit Group link is actually a safety feature in WhatsApp, that appears if you have been added to a WhatsApp group by someone who is not in your contact list – like a scammer, for example.

Once you open the new group you have been added to, WhatsApp warns you that you were added by someone who isn’t a contact. You are then given the option to exit the group, or click OK to continue.

There is really nothing malicious about this Exit group link in WhatsApp. Clicking on it to exit any WhatsApp group won’t harm you in any way, or cause your phone to be hacked.

Fact #3 : Older Exit Group Methods Still Work

The WhatsApp Exit group link offers an easy way to quickly remove yourself from a group you don’t want to be in. However, the older exit group methods still work, in case you prefer to use them:

Exit Group Only

Go into the group chat you wish to leave.
Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
Select More > Exit group.

An even better option is to actually report the scam group, while quitting it and removing the chat at the same time.

Report + Exit Group Only

Go into the group chat you wish to leave.
Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
Select More > Report
Make sure the Exit group and delete chat option is checked.
Tap Report to report and quit from the group, and delete the chat.

Fact #4 : WhatsApp + Telegram Scam Groups Are Real

Before I leave, I just want to remind all of you that there are many scam groups on WhatsApp and Telegram.

If you are added to any of these scam groups, just exit them without a thought. Do not read anything posted in these scam groups, lest you fall for the scam!

That’s why scammers often try to convince you to check out the group first, and “don’t rush to leave the group”:

Hello everyone! Please don’t rush to leave the group, thank you all for taking the time to read this message!

Ignore whatever they post in those scam groups. Hit the Exit group link, or better still – REPORT the group to WhatsApp / Telegram!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WithSecure Signs Partnership Agreement With LGMS!

Leave a reply

Finland’s WithSecure Corporation just signed a partnership agreement with LGMS Berhad to develop cybersecurity solutions for the SME market in Malaysia!

WithSecure Signs Partnership Agreement With LGMS

On Wednesday, 1 November 2023, Finland’s WithSecure Corporation (formerly known as F-Secure Business) signed a partnership agreement with LGMS Berhad (LGMS) to develop cybersecurity solutions for the SME market in Malaysia!

The partnership agreement was signed by LGMS Executive Chairman Fong Choong Fook and WithSecure Corporation CEO Juhani Hintikka, who flew in from Finland to emphasise its importance while demonstrating support for the progress of Malaysia’s Digital Economy.

The signing was witnessed by Malaysia Deputy Communications and Digital Minister Teo Nie Ching, together with His Excellency Sami Leino, Ambassador of Finland to Malaysia and Brunei.

The Deputy Minister said that the partnership was ‘timely’, and represents a ‘significant leap’ towards a secured Digital Economy, and more so ahead of the National Cybersecurity Bill the Unity Government is set to unveil in early-2024.

This partnership is also aligned with the government’s ‘Ekonomi Madani’ vision of attracting significant foreign direct investments and generating avenues for technological advancements and innovations.

It serves to demonstrate how collaborative efforts can facilitate a robust, secure and prosperous digital ecosystem, thereby solidifying Malaysia’s position as a preferred destination for global tech investments.

The partnership agreement today between LGMS and WithSecure embodies a philosophy of attracting significant foreign direct investments and generating avenues for technological advancements and innovations.

– Malaysia Deputy Communications and Digital Minister Teo Nie Ching

WithSecure CEO Juhani Hintikka expressed his ‘deepest appreciation’ to the Deputy Minister for endorsing this partnership, stating, “Your presence significantly amplifies the resonance of this initiative, showcasing a unified front in our endeavour to foster a secure and prosperous Digital Economy for Malaysia and also the region.”

WithSecure – LGMS Partnership Agreement Details

WithSecure is today a leading international cybersecurity group which had also invested significantly in Malaysia and in nurturing local talent. Besides its headquarters in Helsinki, Finland, WithSecure houses its intelligence, customer support, business operations and shared services in Kuala Lumpur for its Asia-Pacific operations.

LGMS Berhad, meanwhile, has been recognised as Cybersecurity Malaysia’s ‘Company of the Year’ with Fong himself being acknowledged as ‘Cybersecurity Professional of the Year’.

Fong said that, within today’s Digital Economy, cyberthreats and ransomware attacks have become more sophisticated and rampant and potential damages to SMEs, who often lack the necessary IT expertise and resources, can be catastrophic.

Most SMEs today are just one cyber attack away from a devastating setback or even closure. Recognising that most SMEs might not possess advanced IT know-how, our collaboration with WithSecure aims to deliver cybersecurity solutions that are not only robust but also intuitive and user-friendly.

The purpose is to empower our SME community to navigate the digital landscape confidently and securely.

– LGMS Executive Chairman Fong Choong Fook

This localised cybersecurity approach underscores WithSecure’s understanding of the region’s unique digital ecosystem and our commitment to crafting solutions that align with local business needs. It embodies WithSecure’s ethos of merging global cybersecurity expertise with local insights to foster a safer digital realm.

– WithSecure Corporation CEO Juhani Hintikka

One product of this partnership is the ‘Made in Malaysia’ StarSentry solution – a plug-and-play model that is more than just a ‘shield’ for SMEs but offers a proactive approach to threat prevention.

This solution is also aligned with broader sustainability goal and embraces the ESG framework of safeguarding critical infrastructures, nurturing a secure digital community and reinforcing stringent governance standards, demonstrating an unwavering commitment to responsible, transparent business operations.

Pre-orders for the solution can already be made.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bank Letter QR Code Scam : What You Need To Know!

Leave a reply

Are scammers sending bank letters with a QR code that can steal your money?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Bank Letter With QR Code Is A Scam!

People are sharing a photo of a letter from a bank, claiming that the QR code in the letter can steal your money if you scan it with your phone!

Circulating In WhatsApp : If you get a letter from the bank like this and ask to update the book using the QR CODE provided in the letter that was sent, don’t ever scan it, you will lose all your daily savings or old age savings, this is another scammer’s work and method take your money, please spread it to everyone so that siblings, relatives, neighbors & family members are not affected by this kind of scam…

Peng Seong, the one : ⛔️ Another Scam ‼️

Do NOT scan the QR code per the letter even with bank’s letterhead without verifying with the bank

Truth : Bank Letter With QR Code Is Not A Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this photo is not new. It first went viral, with a voice message in August 2022, and has subsequently gone viral on and off over the last year or so.

Fact #2 : CIMB Letter Was Genuine

The letter, which was sent by CIMB, is genuine. CIMB even posted a reply to one viral tweet, that the letter was genuine:

FYI, this [letter] is genuinely from our bank. You can refer to the link below for more information: [link no longer available]

[U]ntuk makluman, ia adalah sah dari pihak kami. Anda boleh rujuk pautan di bawah bagi maklumat lanjut: [link no longer available]

Fact #3 : CIMB Letter Was Only Sent To Business Customers

The letter was not meant for consumers, and was only sent to CIMB business customers, to request that they update their company/organisation’s information.

Re: Update on your records to improve your banking experience

We refer to the above mattes and our letter dated 27/06/2022.

We note that you have vet to update your company/organisations information with us.

As part of the Bank’s ongoing process to know our customers better and provide a seamless banking experience, we would like to remind you to return the completed Customer Information Update form to us

This letter appears to be CIMB’s efforts to comply with KYC (Know Your Customer) requirements set out by regulators like Bank Negara Malaysia (BNM).

Fact #4 : QR Code Leads To CIMB Website

QR codes is a type of barcode, which allows people and companies to share / deliver information, that can include links. QR codes can lead you to malicious websites, but they cannot deliver malware, or hack your computer or smartphone.

The QR code in the CIMB bank letter isn’t malicious. It actually codes for a link to the CIMB website. You can verify it by simply scanning the QR code in that “CIMB scam letter”. You will see that it only leads to http://www.cimb.com.my/bizupdate [which no longer exists]

Ultimately, this viral warning was likely created by well-meaning but clueless Internet “experts” who are apparently not tech-savvy enough to even verify the QR code by simply scanning it!

Fact #5 : Form Was To Be Emailed / Delivered

The CIMB letter asked its business customers to download and fill in a form. However, that form was not to be submitted online.

Rather, the letter specifically asked its business customers to email the completed form to a legitimate CIMB email address, or to physically mail or courier it to the bank itself.

Scan the QR Code below to download the form. Once you have completed the form, please submit by email to cimb_updates@cimb.com or mail/courier to the address below within 21 days from the date of this letter, failing which, the Bank reserves the right to suspend or close the account in accordance with the account terms and conditions.

In a real scam, you will be asked to taken to a fake CIMB bank website, and asked to logged into your bank account. That’s how the scammer gets hold of your bank login credentials.

However, even that scam won’t work without access to your TAC (Transaction Authorisation Code), which is sent to your phone by SMS, or authenticated through the bank’s mobile app.

For certain, scammers cannot log into your bank account by simply gaining your company’s information through a form, unless you actually include your company’s bank account login details!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Scammers Hack Your Phone If You Call Back?!

Leave a reply

Can scammers hack your phone if you answer their calls, or call back?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Scammers Can Hack Your Phone If You Call Back!

People are sharing this advice about scammers hacking your phone if you answer their calls, or call back!

Very Very Urgent …

Please pass this message to your family and friends NOW.

People have been receiving calls from
Tel: +375602605281
Tel: +37127913091
Tel: +37178565072
Tel: +56322553736
Tel: +37052529259
Tel: +255901130460
or any number starting from +371 +375 +381

These guys only ring once and hang up.
If you call back,they can copy your contact list in 3sec and if you have a bank or credit card details on your phone, they can copy that too…

+375 code is for Belarus.
+371 code is for Lativa.
+381 Serbia.
+563 Valparaiso.
+370 Vilnius.
+255 Tanzania.

Don’t answer or Call back.

Also, Don’t Press
#90 or #09
on your Mobile when asked by any caller.

It’s a new trick which is use to access your SIM card, make calls at your expense and frame you as a criminal.

URGENTLY FORWARD this message to as many friends as you can to stop any intrusion!!

Show less

Truth : Scammers Cannot Hack Your Phone If You Call Back!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : This Is Old Fake News

First, let me just point out that this fake message isn’t even new. It has been circulating on WhatsApp and social media platforms since April 2020, if not earlier.

Fact #2 : This Hoax Is Based On One Ring / Wangiri Scam

This hoax appears to be based on the 2019 FCC warning about the “One Ring” or “Wangiri” scam, where scammers use robocall devices to give victims a miss call, in hopes that they would call back and get charged for Pay-Per-Call services.

The Federal Communications Commission is alerting consumers to reported waves of “One Ring” or “Wangiri” scam robocalls targeting specific area codes in bursts, often calling multiple times in the middle of the night. These calls are likely trying to prompt consumers to call the number back, often resulting in per minute toll charges similar to a 900 number. Consumers should not call these numbers back.

Recent reports indicate these calls are using the “222” country code of the West African nation of Mauritania. News reports have indicated widespread overnight calling in New York State and Arizona.

Generally, the One Ring scam takes place when a robocaller calls a number and hangs up after a ring or two. They may call repeatedly, hoping the consumer calls back and runs up a toll that is largely paid to the scammer.

Consumer Tips: · Do not call back numbers you do not recognize, especially those appearing to originate overseas. · File a complaint with the FCC if you received these calls: www.fcc.gov/complaints · If you never make international calls, consider talking to your phone company about blocking outbound international calls to prevent accidental toll calls. · Check your phone bill for charges you don’t recognize.

This scam, however, does not involve hacking any phone. It only requires you to call back the number, which is a Pay-Per-Call service.

Once you call back, you will get charged a premium rate, as the scammers try to keep you on the line for as long as possible.

Fact #3 : Scammers Cannot Hack Phone Through Calls

It is simply not possible to hack your phone through a voice call, even if you’re using VOIP (Voice Over Internet Protocol), or apps like WhatsApp or Telegram.

What is possible though is voice phishing, also known as vishing. This is a form of social engineering, where scammers pose as a bank or police officer (or someone with authority) to obtain your bank account information, or trick you into transferring money into their bank accounts.

Fact #4 : 90# Telephone Scam Only Works With PBX / PABX

The #90 or 90# scam is a very old phone scam that only works on business landline phones that use a PBX (Private Branch Exchange) or PABX (Private Automatic Branch Exchange) system. Here is the official US FCC warning about this scam.

In this very old scam, the scammer pretends to be a telco employee looking into a technical problem with your phone lines, and asks you to help him by either mailing 90# or transferring the call to an outside line. If you do that, you will enable the scammer to place premium-rate calls that will billed to your phone number.

To be clear – these codes do NOT work on mobile phones or smartphones, because they do not run on PBX or PABX systems.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

PayNow PDF Malware Scam : What You Need To Know!

Leave a reply

Is there a new malware scam involving a PayNow PDF?!

Take a look at the viral claim, and find out what the facts really are!

Claim : WhatsApp Block Button Is A Scam!

People are sharing this warning about a new malware scam involving a PayNow PDF. Take a look!

I just received below the latest and new scams Modus Operandi from my Uncle. Forward to warn and share.
======================

The scammers have changed their modus operandi. They don’t ask you to download the app.
My neighbour told me yesterday that her sister (a cancer patient) wanted a part-time helper to clean her house. Hence, she went to Facebook. I called the number and made the request. The advertiser asked whether she had a Paynow, and she said that she had. He directed her to make the partial payment, and he will send the invoice to confirm. (Note: He did not ask her to download an app, as people are getting alerts). When she received the invoice in the PDF format, she did not suspect any foul play and clicked it. The invoice showed the amount paid and the balance to be paid. After that, she went to sleep. The next morning, her phone could not be switched on.
She used her laptop to check her DBS bank account. Her $20K was gone, and her two fixed deposits of $25K, which had not reached the maturity date, were also gone—the total loss was $ 70K.
When she went to the bank and asked why her fixed deposit was also gone, the receptionist told her that digital banking allows you to transfer the amount back to your account to facilitate withdrawals without going to the bank.
Police told her the malware was embedded in the PDF document.
So folks, beware that the scammers are always changing their modus operandi to con your money $$$! 😡😡😡

No Evidence There Is Any PayNow PDF Scam!

This is likely another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of PayNow PDF Scam

First, let me just point out that there is no evidence that anyone was ever scammed by a PayNow PDF invoice.

There has been no actual news report of such a case, never mind multiple cases involving malicious PayNow PDF documents.

Frankly, I don’t know of any PDF malware that can shut down a phone, and transfer money from a bank account, including liquidating fixed deposits!

Fact #2 : PDF Malware Generally Target Computers

PDF documents can contain malware, but malicious PDFs generally target Windows computers. In fact, many aren’t actual PDF documents, but are instead executable files masquerading as PDF files – invoice.pdf.exe, for example.

Malicious PDF documents or executables targeted at Windows computers won’t work on smartphones. The malicious PDF must not only be specifically designed to target smartphones, it must target the right operating system – iOS or Android. A malicious PDF targeting Android won’t work on an Apple iPhone, for instance.

On top of that, many PDF malware actually exploit vulnerabilities in a specific PDF reader – most commonly, the industry-standard Adobe Acrobat Reader. Most smartphones do not have Adobe Acrobat Reader installed, and instead rely on a variety of PDF readers like Samsung Note, OneDrive, Google Drive, Kindle, etc.

Embedded PDF malware that target vulnerabilities in the Adobe Acrobat Reader won’t work with other PDF readers. That’s probably why it’s rare to see PDF malware that target smartphones.

Fact #3 : PayNow Scams So Far Involve Phishing

Singapore reported 477 cases of PayNow scams in 2021, with 133 more cases in 2022. However, they were not due to PDF malware. Rather, their victims were deceived into giving scammers their digital banking credentials.

In other words, PayNow scams have so far involved phishing attacks, in which victims are tricked into logging into fake websites, or giving up their Internet banking login details by phone.

In one of these scams, victims received phone calls from people pretending to be bank employees. The callers would ask for the victims’ personal details, such as their Internet banking usernames and passwords, under the pretext that the bank needed them to verify transactions in their accounts.

Fact #4 : Singapore Police Warned About Android Malware

It seems likely that the viral warning is based on a misunderstanding of a Singapore Police Force warning about Android malware withdrawing money through PayNow.

Issued on 17 June 2023, the Singaporean police warned that scammers were tricking victims into installing an Android Package Kit (APK) file through WhatsApp and Facebook Messenger. Once installed, the malware allows the scammers to remotely access the victims’ devices, and steal their passwords.

The victims are then directed to fake websites that mimic banks like DBS to key in their banking credentials. The login information obtained through this phishing attack then allows the scammers to withdraw their victims’ money through PayNow.

To be clear – this PayNow scam does NOT involve any PDF. It requires the victim to install an APK file – to gain access of your 2FA (Two-Factor Authentication) device, and provide bank login information through a fake (phishing) website.

This allows the scammers to log into your bank account using the login info you provided, and authenticate all transfers using your mobile phone.

Fact #5 : Here Are Some Common Cybersecurity Tips

Here are some simple cybersecurity tips to help you avoid getting scammed online:

Never install APK files (for Android) from unknown or untrustworthy sources.
Never sideload IPA files (for Apple iOS) from unknown or untrustworthy sources.
Always check the entire filename, including its file extension:
– PDF documents should end with .pdf, and not .pdf.apk or .pdf.ipa or .pdf.exe.
– Word documents should end with .doc or .docx, and not .doc.apk or .doc.ipa or .doc.exe.
Never click on any link to go to any bank website. Always type in the link yourself into a web browser, or better still – use the official app issued by the bank.
Never give your bank login details to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!
Never give your 2FA authentication code / TAC or OTP number to any person, even if they claim to be a police officer, a bank officer, or even a cybersecurity expert!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WhatsApp Block Button Scam : What You Need To Know!

Leave a reply

Will clicking on the WhatsApp block button install a malicious app that will hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

Claim : WhatsApp Block Button Is A Scam!

People are sharing this advice on a new WhatsApp scam involving the Block button in messages. Take a look!

New Type of Scam in Whatsapp.

Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message.

Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Whatsapp 中的新型诈骗。
不要按消息中的“阻止”按钮，因为当您按下该按钮时，您实际上是在下载此恶意应用程序，而是转到 WhatsApp 设置（右上角的 3 个点）并阻止该消息。
如果您在短信中收到此类消息，请执行相同的操作。

New Type of Scam in Whatsapp. Don’t press the “Block” button within the message because when you press on it then, you are effectively downloading this Malicious App. Instead go to WhatsApp setting (3 dots on the right hand top) and block the message. Do the same if you received this kind of message in your SMS. Someone already got scammed by this fake template.

Truth : WhatsApp Block Button Is New Feature!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : No Evidence Of WhatsApp Block Button Scam

First, let me just point out that there is no evidence that anyone was scammed by the WhatsApp block button in messages.

Even if an enterprising hacker / scammer was able to create a message with a fake block button that downloads an APK (Android Package Kit) file, it won’t automatically install that file. You will need to manually install the APK file from the Downloads folder.

Fact #2 : WhatsApp Block Button Is Part Of New Safety Tools

The truth is – the Block button that you may see in new messages from strangers is not a scam. It also does not download or install any APK file.

The Block button is actually part of the new Safety Tools feature that WhatsApp started introducing in July 2023.

The Safety Tools feature will only appear when you receive a message from an unknown number. You will be given some details about the safety of this new contact – whether you are in common groups, and in some cases – the country of origin.

You are given the option of either blocking this new contact, or adding it to your Contact list. You can also click on the Safety tools link for more details.

Fact #3 : Older Blocking Method Still Exists

The new WhatsApp Safety Tools offer an easy way to quickly block and remove obvious spammers and scammers. However, it may not be readily apparent whether the new contact is genuine, or just a spammer / scammer.

If you start messaging with this new contact – to find out if their identity / purpose, the Safety Tools option will disappear. But don’t worry – you can still block this new contact if you realise that he/she is a spammer / scammer.

Go to the messaging screen for the person you want to block.
Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
Select More > Block.
You can also select More > Report (to report block the scammer)

Alternatively, you can block multiple contacts using this method:

Open WhatsApp, and go to the Chats screen.
Tap on the kebab menu / vertical ellipsis (⋮) icon on the upper right corner.
Select Settings.
Tap on the Privacy option.
Scroll down and tap on Blocked contacts.
Tap on the Add Contacts () icon at the upper right corner.
Search for the contacts you want to remove, and select them.

Now, blocking people does not remove your contact details or profile photo from their phones and devices.

However, they will no longer be able to call you, or send you messages. They will also not be able to see changes to your status updates including when you’re online / last seen, or changes you make to your profile photo.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can StopNCII Remove All Nude / Deep Fake Photos?!

Leave a reply

Can the StopNCII website remove all of your nude or deep fake or Photoshopped photos from the Internet?!

Take a look at the viral claim, and find out what the facts really are!

Claim : StopNCII Can Remove All Nude / Deep Fake Photos!

People are sharing this advice on WhatsApp and social media platforms like X (formerly Twitter) and Facebook, claiming that the StopNCI website can remove all of your nude or deep fake or Photoshopped photos from the Internet!

Attention girls! If someone edits your photo with Al or Photoshop to create a nude photo, then you go to stopncii.org and submit the original photo and the edited photo.

They’ll remove the edited photo from all the places on the Internet and your identity will be confidential. Please immediately inform the cyber cell and file a case to take immediate action.

Truth : StopNCII Cannot Remove All Nude / Deep Fake Photos!

This is yet another example of FAKE NEWS circulating on WhatsApp and social media platforms, and here are reasons why…

Fact #1 : StopNCII Does Not Remove Photos / Videos

First, let me just point out that the StopNCII website is a project by the Revenge Porn Helpline, which is itself a part of the UK-based charity, SWGfL.

StopNCII is not a government organisation, or even a multinational / international organisation that controls what gets posted on the Internet. It does not have any power or authority or even capability to remove a single photo or video.

To be clear – StopNCII cannot remove all of your photos or videos from the Internet. No organisation can.

Fact #2 : You Don’t Upload Photos / Videos To StopNCII

The advice to upload your nude or edited photos or videos to the StopNCII website is nonsensical. So is the claim that you must also upload your original photos or videos.

StopNCII does not require you to upload your nude / edited photo or video, or your original photo or video.

In fact, StopNCII does not even require you to upload a single photo or video. It merely scans the photos or videos that you are concerned about.

Those photos or videos do not leave your devices (computers, tablets, and smartphones).

Fact #3 : StopNCII Only Generates Digital Hashes

StopNCII only scans the photos or videos that you select on your device, and generate their digital fingerprints (hashes). It does not download or keep your nude photos or videos.

Select the image(s)/video(s) on your device that you would like to protect. Remember, your image(s)/video(s) do not leave your device, they will only be scanned so a unique “hash,” or digital fingerprint, can be generated.

Fact #4 : Photos / Videos Are Only Removed On Certain Platforms

StopNCII itself does not remove any photos or videos, whether they are nude or edited. Instead, they rely on a limited number of partner platforms to do that:

Facebook
TikTok
Reddit
Instagram
Bumble
OnlyFans
Threads
Pornhub

Only these platforms will receive cases and the digital hashes (fingerprints) from StopNCII.

Fact #5 : Not All Photos / Videos Will Be Removed

Even on those supported platforms, it’s not a guarantee that those photos / videos submitted to StopNCII will be removed.

Those platforms will scan their systems for those digital hashes, and remove them if they are found to have violated their intimate image abuse policy.

This is to avoid the StopNCII system from being abused to remove photos or videos that are not sexual, abusive, personal, or illegal in any way.

Once generated the ‘hash’ will be shared with the participating companies.

Participating companies will look for matches to the hash and remove any matches within their system(s) if it violates their intimate image abuse policy.

The Revenge Porn Helpline reported a 90% removal rate on those platforms since 2015. While that is impressive, that tells us that some 10% of all reported photos or videos were determined not to have contravened the policies of those partner platforms.

Fact #6 : No One Can Remove All Photos / Videos From Internet

Even if StopNCII is able to partner with every single social media platform, large and small; or Internet service providers, it simply cannot help you remove all of your nude photos or videos from the Internet.

That’s because once released on the Internet, those photos or videos (whether nude or edited) can be transmitted through many means – messaging apps like WhatsApp or Telegram, or email and file-sharing services.

They can also be posted or stored on independent websites / servers on the Internet or the dark web, that no one can shut down. There are revenge porn websites and groups dedicated to this, and it is simply impossible to remove edited / nude photos and videos from those websites and groups.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Nurse Lost RM380K After Pressing Instagram ‘Like’ Button?!

Leave a reply

Did a Malaysian nurse lose RM380,000 after pressing the Instagram Like button?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Nurse Lost RM380K After Pressing Instagram Like Button!

People are sharing an article which claims that a Malaysian nurse lost RM380,000 after pressing the Like button in Instagram for RM5 commissions! Here is an excerpt from the article:

M’sian Nurse Loses RM380K After Pressing Instagram ‘Like’ Button For RM5 Commission

Too late to unlike

Recently, a nurse supervisor fell victim to an online part-time job scam and lost a staggering RM387,035 after she was tricked into thinking she could enjoy high earnings from it.

M’sian nurse loses RM380K after pressing Instagram ‘like’ button

According to a statement by Pahang police chief Datuk Seri Yahaya Othman, he said the 46-year-old victim received a message through WhatsApp offering her a part-time job on September 11.

The scammer then told her that she had to do was to simply press the ‘like’ button on Instagram and earn RM5 in commission for each task she completed.

Completely beguiled, the victim proceeded to accomplish five tasks and received a commission totaling RM25.

“She was then presented with a prepaid assignment which involved making a payment beforehand and was promised of greater profits.

“After making 36 transactions to 21 bank accounts amounting to RM387,035 across 13 days starting from Sept 11, the victim finally realised she had been deceived,” he said.

Show less

Nurse Did Not Lose RM380K After Pressing Instagram Like Button!

First of all, I would like to applaud the website for writing about job scams, but that’s really a misleading title.

Unfortunately, many people don’t read beyond the headlines. People are even asking if they will get “hacked” like the nurse if they like Instagram posts!

The truth is – the Malaysian nurse did not lose RM380,000 because she pressed on the Like button in Instagram. In fact, Instagram and its Like button have nothing to do with the actual scam!

Social Media Jobs Are An Easy Lure

As I have earlier written on how fake job syndicates operate, the “job” and “platform” are not important. These scammers generally offer social media jobs, because that’s what most people already use, so it’s easy to hook victims.

These syndicates will offer quick and easy tasks to do on social media, for example – liking Instagram photos and Facebook posts. Other (non-social media) tasks include liking YouTube videos and/or subscribing to YouTube channels, or even making comments on businesses in Google Maps.

Whether the job is on Instagram / Facebook / YouTube / Google Maps, etc. is irrelevant. The first few “jobs” you are given are the bait. You will be paid for those simple tasks, like RM5 for liking an Instagram post, or RM10 for subscribing to a YouTube channel. Such an easy way to make money!

Paying For Jobs Is The Scam!

After you get the first payment, you will be asked to participate in a “prepaid job”. All you have to do is pay a “deposit” for the opportunity to make a lot of money in high-paying “jobs”.

At this point, you may feel that this is a genuine side job opportunity. After all, they paid you for the earlier jobs, didn’t they? Real scammers wouldn’t pay their victims, right? WRONG!

Once you make that first deposit, you are “hooked”. The scammers will not let you withdraw the money, but insist that you must continue with the next “prepaid job”, which would require another deposit. Then, you will be asked to pay again to participate in another “prepaid task”, and so on.

On paper, you appear to be earning a lot of money, but you won’t be able to withdraw any of that money. By the time you realise it’s a scam, you would have lost a LOT of money. That is the scam, not pressing on the Instagram Like button.

Trying To Recover The Money Is The Scam!

In the nurse’s case, she fell for their trap to participate in the “prepaid assignment”. She ended up making 36 transactions worth RM387,000 to 21 different bank accounts over 13 days! She not only emptied her savings, she even loaned money from her friends and family members!

Why would any victim do that? Simple – the more money you invest in this fake job offer, the more desperate you will be to recover the money you “invested” and “earned”. To quit would mean losing everything, so you will feel that you have “no choice” but to continue.

To help you make that decision to “stick with the programme”, the syndicate have fake users in their Telegram group continuously posting bank deposit screenshots, while claiming that they just received their earnings.

The truth is – any money you send to their mule accounts will be quickly transferred to the scammers’ account. You will never see the money again.

As one student shared, he lost over RM22,000 in just two days, because he was so engrossed in trying to get back the money he “invested” earlier:

There’s one trick that this scammer is using. He let me start with a small investment, then proceed with stages.

They force me to continue because I want to rescue the money that I put in in the previous task. So it keeps getting bigger and bigger.

Just like that, two days, RM22300, gone.

Again, I’m glad to see more publicity about fake job scams. But it is important that YOU understand that the scam does not involve the pressing of the Like button in Instagram, or Facebook, or YouTube, or any other online platform.

This is ultimately just another case of a fake job scam. In this nurse’s case, the scammers used the simple job of liking Instagram posts as the lure, but it will be different for other victims. These scammers will use any convenient platform to give you simple jobs to trick you into falling for their scam.

Just remember – there is no such thing as easy social media jobs. Even unscrupulous social media promoters do not need to pay anyone to like a post, or follow someone. They simply use bots (automated software)!

Don’t fall for such fake job scams. No matter how enticing the offer is – NEVER pay for any job.

Please SHARE this article out, and WARN your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Israel Seismic Wave Card Hack Your Phone?!

Leave a reply

Can the Seismic Wave Card containing photos of the recent Hamas attacks on Israel hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Israel Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent Hamas attacks on Israel has gone viral on WhatsApp:

URGENT

Some people are going to upload pictures of the fighting in Jewish settlements on WhatsApp. The file is called Seismic Waves CARD.

Do not open it, it will hack your phone in 10 seconds and cannot be stopped in any way.

They talked about it on TV. A cyber attack on us from all kinds of directions is also starting.

Pass the information on to family and friends.

Truth : There Is No Israel Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every disaster that comes along, like these examples show:

They are going to upload some photos of the Moroccan earthquake on WhatsApp. The file is called Seismic Waves CARD, don’t open it and see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Share the information with your family and friends.
DO NOT OPEN IT. They also said it on TV

They are going to upload some photos of the Cariaco earthquake on Whatsapp. The file is called Waves Seismic CARD, do not open or see it, it will hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. DO NOT OPEN IT. They also said it on TV.

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

The scam message known as Seismic Waves Card is notorious for its disruptive behavior while surfing the web. Generally, scams like this, and other like Mintnav and Lookaside fbsbx, are crafted to meddle with your browser’s settings, replacing homepages and default search engines to promote affiliated sites and generate advertising revenue.

This transgression doesn’t end here; they siphon sensitive data and create vulnerabilities in your system’s security framework, providing a gateway for more perilous threats, such as malware and phishing schemes, to invade.

The protracted presence of Seismic Waves Card in your system exponentially escalates the risk of serious compromises, emphasizing the dire necessity for its immediate removal. Recognizing the malicious potential of such unwanted apps is essential in maintaining a secure and safe digital environment. Stay vigilant and prioritize your cybersecurity.

Show less

There is no evidence that a malware or browser hijacker called Seismic Waves Card exists. The article itself does not offer any evidence to prove its existence. In fact, the article and its guide on how to “remove” the malware appears to be generic, and may possibly be AI-generated.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website. Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fact Check : New WhatsApp Cyber Crime Rules?!

Leave a reply

Did WhatsApp just implement new cyber crime rules to help the government monitor and record your calls and messages?! Find out what the facts really are!

Updated @ 2023-10-08 : Updated after message went viral again.
Originally posted @ 2023-07-03

Claim : WhatsApp Has New Cyber Crime Rules!

People are sharing this warning about WhatsApp implementing new cyber crime rules, to help the government monitor and record all calls and messages!

Tʜᴇ ɴᴇᴡ ᴄᴏᴍᴍᴜɴɪᴄᴀᴛɪᴏɴ ʀᴜʟᴇs ғᴏʀ WʜᴀᴛsAᴘᴘ ᴀɴᴅ WʜᴀᴛsAᴘᴘ Cᴀʟʟs (Vᴏɪᴄᴇ ᴀɴᴅ Vɪᴅᴇᴏ Cᴀʟʟs) ᴡɪʟʟ ʙᴇ ɪᴍᴘʟᴇᴍᴇɴᴛᴇᴅ ғʀᴏᴍ ᴛᴏᴍᴏʀʀᴏᴡ: –

01. Aʟʟ ᴄᴀʟʟs ᴡɪʟʟ ʙᴇ ʀᴇᴄᴏʀᴅᴇᴅ.
02. Aʟʟ ᴄᴀʟʟ ʀᴇᴄᴏʀᴅɪɴɢs ᴡɪʟʟ ʙᴇ sᴀᴠᴇᴅ.
03. WʜᴀᴛsAᴘᴘ, FᴀᴄᴇBᴏᴏᴋ, Tᴡɪᴛᴛᴇʀ, Iɴsᴛᴀɢʀᴀᴍ ᴀɴᴅ ᴀʟʟ sᴏᴄɪᴀʟ ᴍᴇᴅɪᴀ ᴡɪʟʟ ʙᴇ ᴍᴏɴɪᴛᴏʀᴇᴅ.
04. Yᴏᴜʀ ᴅᴇᴠɪᴄᴇs ᴡɪʟʟ ᴄᴏɴɴᴇᴄᴛ ᴛᴏ ᴛʜᴇ Mɪɴɪsᴛʀʏ sʏsᴛᴇᴍ.
05. Tᴀᴋᴇ ᴄᴀʀᴇ ɴᴏᴛ ᴛᴏ sᴇɴᴅ ᴛʜᴇ ᴡʀᴏɴɢ ᴍᴇssᴀɢᴇ ᴛᴏ ᴀɴʏᴏɴᴇ.
06. Tᴇʟʟ ʏᴏᴜʀ ᴄʜɪʟᴅʀᴇɴ, sɪʙʟɪɴɢs, ʀᴇʟᴀᴛɪᴠᴇs, ғʀɪᴇɴᴅs, ᴀᴄϙᴜᴀɪɴᴛᴀɴᴄᴇs ᴛʜᴀᴛ ʏᴏᴜ sʜᴏᴜʟᴅ ᴛᴀᴋᴇ ᴄᴀʀᴇ ᴏғ ᴛʜᴇᴍ ᴀɴᴅ ʀᴀʀᴇʟʏ ʀᴜɴ sᴏᴄɪᴀʟ sɪᴛᴇs.
07. Dᴏ ɴᴏᴛ sᴇɴᴅ ᴀɴʏ ʙᴀᴅ ᴘᴏsᴛ ᴏʀ ᴠɪᴅᴇᴏ ᴀɢᴀɪɴsᴛ ᴛʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ᴏʀ ᴛʜᴇ Pʀɪᴍᴇ Mɪɴɪsᴛᴇʀ ʀᴇɢᴀʀᴅɪɴɢ ᴘᴏʟɪᴛɪᴄs ᴏʀ ᴛʜᴇ ᴄᴜʀʀᴇɴᴛ sɪᴛᴜᴀᴛɪᴏɴ.
08. Iᴛ ɪs ᴄᴜʀʀᴇɴᴛʟʏ ᴀ ᴄʀɪᴍᴇ ᴛᴏ ᴡʀɪᴛᴇ ᴏʀ sᴇɴᴅ ᴀ ʙᴀᴅ ᴍᴇssᴀɢᴇ ᴏɴ ᴀɴʏ ᴘᴏʟɪᴛɪᴄᴀʟ ᴏʀ ʀᴇʟɪɢɪᴏᴜs ɪssᴜᴇ, ᴅᴏɪɴɢ sᴏ ᴄᴀɴ ʟᴇᴀᴅ ᴛᴏ ᴀʀʀᴇsᴛ ᴡɪᴛʜᴏᴜᴛ ᴀ ᴡᴀʀʀᴀɴᴛ.
09. Tʜᴇ ᴘᴏʟɪᴄᴇ ᴡɪʟʟ ɪssᴜᴇ ᴀ ɴᴏᴛɪғɪᴄᴀᴛɪᴏɴ, ᴛʜᴇɴ ʙᴇ ᴘʀᴏsᴇᴄᴜᴛᴇᴅ ʙʏ Cʏʙᴇʀ Cʀɪᴍᴇ, ᴡʜɪᴄʜ ɪs ᴠᴇʀʏ sᴇʀɪᴏᴜs.
10. Aʟʟ ʏᴏᴜ ɢʀᴏᴜᴘ ᴍᴇᴍʙᴇʀs, ᴍᴏᴅᴇʀᴀᴛᴏʀs ᴘʟᴇᴀsᴇ ᴄᴏɴsɪᴅᴇʀ ᴛʜɪs ɪssᴜᴇ.
11. Bᴇ ᴄᴀʀᴇғᴜʟ ɴᴏᴛ ᴛᴏ sᴇɴᴅ ᴛʜᴇ ᴡʀᴏɴɢ ᴍᴇssᴀɢᴇ ᴀɴᴅ ʟᴇᴛ ᴇᴠᴇʀʏᴏɴᴇ ᴋɴᴏᴡ ᴀɴᴅ ᴛᴀᴋᴇ ᴄᴀʀᴇ ᴏғ ᴛʜᴇ sᴜʙᴊᴇᴄᴛ.

Bᴇ ᴍᴏʀᴇ ᴀᴡᴀʀᴇ ᴏғ ᴀʟʟ ɪɴ ᴛʜᴇ ɢʀᴏᴜᴘ …

Iᴍᴘᴏʀᴛᴀɴᴛ ɪɴғᴏʀᴍᴀᴛɪᴏɴ ᴀʙᴏᴜᴛ WʜᴀᴛsAᴘᴘ’s ɴᴇᴡ ʀᴜʟᴇs ᴛᴏ ɢʀᴏᴜᴘ ᴍᴇᴍʙᴇʀs …

1. ✓ = ᴍᴇssᴀɢᴇ sᴇɴᴛ.
2. ✓✓ = ᴍᴇssᴀɢᴇ ʀᴇᴀᴄʜᴇᴅ.
3. Tᴡᴏ ʙʟᴜᴇ ✓✓= ᴍᴇssᴀɢᴇ ʀᴇᴀᴅ.
Tʜʀᴇᴇ ʙʟᴜᴇ ✓✓✓ = Tʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ᴛᴏᴏᴋ ɴᴏᴛᴇ ᴏғ ᴛʜᴇ ᴍᴇssᴀɢᴇ.
5. Tᴡᴏ ʙʟᴜᴇ ✓✓ ᴀɴᴅ ᴏɴᴇ ʀᴇᴅ ✓= ᴛʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ᴄᴀɴ ᴛᴀᴋᴇ ᴀᴄᴛɪᴏɴ ᴀɢᴀɪɴsᴛ ʏᴏᴜ.
6. Oɴᴇ ʙʟᴜᴇ✓ ᴀɴᴅ ᴛᴡᴏ ʀᴇᴅ✓✓ = ᴛʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ɪs ᴄʜᴇᴄᴋɪɴɢ ʏᴏᴜʀ ɪɴғᴏʀᴍᴀᴛɪᴏɴ.
7. Tʜʀᴇᴇ ʀᴇᴅ ✓✓✓ = Tʜᴇ ɢᴏᴠᴇʀɴᴍᴇɴᴛ ʜᴀs sᴛᴀʀᴛᴇᴅ ᴘʀᴏᴄᴇᴇᴅɪɴɢs ᴀɢᴀɪɴsᴛ ʏᴏᴜ ᴀɴᴅ ʏᴏᴜ ᴡɪʟʟ ɢᴇᴛ ᴀ ᴄᴏᴜʀᴛ sᴜᴍᴍᴏɴs sᴏᴏɴ.

sʜᴀʀᴇ ᴡɪᴛʜ ʏᴏᴜʀ ғʀɪᴇɴᴅs …!!😀😀😀

Show less

Recommended : How To Block Facebook Ads + Pay Scammers!

Truth : WhatsApp Does Not Have New Cyber Crime Rules!

And here is why this is nothing more than yet another Internet hoax :

Fact #1 : Only China Can Do This

The only country that has accomplished most of what was shared above is China, but it took them decades to erect the Great Firewall of China.

It’s not just the massive infrastructure that needs to be created, it also requires legislation to be enacted, and considerable manpower and resources to maintain such a system.

That’s why China is leaning heavily on AI and cloud computing capabilities to automatically and quickly censor information it deems “sensitive”.

However, no other country has come close to spending the money and resources on a similar scale, although Russia, Cuba, Vietnam, Zimbabwe and Belarus have imported some surveillance technology from China.

Fact #2 : WhatsApp, Instagram + Facebook Messenger Have End-to-End Encryption

All three Facebook-owned apps now run on the same common platform, which provides end-to-end encryption.

End-to-end encryption protects messages as they travel through the Internet, and specifically prevents anyone (bad guys or your friendly government censor) from snooping into your conversations.

That is also why all three apps are banned in China…

Fact #3 : Governments Generally Have No Control Over Those Apps

Outside of authoritarian countries like China and Russia, governments generally have little to no control over social media and instant messaging apps. Even then, their control is generally limited to banning access if they don’t get their way.

The ability to keep conversations and messages safe and private is key to the success of instant messaging apps, in particular. So WhatsApp, Telegram and Signal would never allow governments access to user messages or voice calls, never mind record and monitor them for governments!

In fact, by implementing end-to-end encryption, these companies themselves do not have access to your messages and calls.

Fact #4 : WhatsApp Does Not Have Three Check Marks!

WhatsApp messages only have two ticks / check marks to notify users about the status of their messages:

: The message was successfully sent.
: The message was successfully delivered to the recipient’s phone or any of their linked devices.
: The recipient has read your message.

There is no third check mark, as claimed by the viral message.

Fact #5 : Governments Won’t Tip You About Investigations

It is illogical for WhatsApp to inform you when the government is checking your information, or when it has started proceedings against you.

In fact, it doesn’t make sense for any government to inform you by instant messaging check marks! If the government is charging you with a crime, it will send police officers, not check marks on WhatsApp!

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Internet | Fact Check | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can SIM swap attack empty bank account without warning?!

Leave a reply

Can a SIM swap attack empty your bank account without warning?! Take a look at the viral warnings, and find out what the facts really are!

Updated @ 2023-10-07 : Added new viral message, and other updates.
Originally posted @ 2022-01-16

Claim : SIM Swap Attack Can Empty Bank Account Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.

How does it work?
1 A new fraud called SIM SWAP has started. Your phone network will momentarily go blind / zero (No Signal / Zero Bars) and after a while a call will come through.

2 The Person on the other end of the call will tell you that he is calling from (your cell phone company) depending on your network and that there is a problem in your mobile network.

3 He will instruct you to Please press 1 on your phone to get the network back.

– Please at this stage don’t Press anything, Just cut or END the call.

If you press 1, the network will appear suddenly and almost immediately go blind again (Zero Bars) and by that action, your phone is #HACKED.

Within a second they will empty your bank account, and you won’t receive any alert.

What you will experience.
It will appear as though your line is without Network, meanwhile your SIM has been SWAPPED.
The danger here is that, you will not get any alert of any transactions, so please those of us doing USSD Banking and Mobile Banking BEWARE. Let’s be very careful.

Please, forward to your contacts, loved ones and friends. The fraud is increasing day by day.

Received from a #CybersecurityGroup

Don’t forget to share this post…… I repeat don’t forget to share this post. Many people’s Account as been emptied!

Please encourage more people to learn from this episode

Show less

Here is a new variant circulating in 2023:

My cousin received a call , asking if he had been vaccinated, if vaccinated to press 1.

If not vaccinated, press 2. As a result, he pressed 1, the phone was blocked and his online bank information/account were all transferred. Please be Alert and Careful and forward to more people to know about this new trick/scam. Forwarded as received.

Your BANK Account can be Empty without Notice.

There is a HIGH TECHNOLOGY SCAM going on at this time called SIM SWAP FRAUD, it is said that hundreds of people have been affected, they suddenly found that their bank accounts were EMPTY

Show less

Truth : SIM Swap Attack Is Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral messages claim.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not new. Scammers have been using SIM swap attacks since 2015, if not earlier.

Fact #2 : SIM Swap Warnings Are Mostly False

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

There’s no way your bank account will be emptied without any action on your part. Neither will your bank accounts be emptied because you participate in a COVID-19 vaccination SMS survey.

Fact #3 : No Evidence Of Such Fraud

There is no evidence of SIM swap attacks requiring users to complete the process by responding to an SMS survey about vaccination.

Neither is there any evidence that SIM swap attacks alone can lead to your bank accounts being emptied.

Fact #4 : Straits Times Article Was Not About SIM Swap Attack

One of the viral messages include a link to a Straits Time article to mislead you. That’s because the article was about a phishing attack, not a SIM swap attack.

In that phishing attack, the victim received an SMS with a link that took him to a fake website that “looked exactly like the OCBC login page“. He then keyed in his bank login details, thus handing over control of his bank account to the scammers.

The victim also ignored automated messages warning him that his “account was being setup on another phone“. That had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Fact #5 : SIM Swap Attacks Generally Do Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #6 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

The scammer will call the victim, claiming to be from their mobile service provider.
The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
The mobile service provider will automatically send an SMS to confirm the swap.
Once the victim confirms the swap, his/her SIM card will stop working.
The scammer now has access to the victim’s mobile number.

Fact #7 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Fact #8 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #9 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Putin Threaten To Release 9/11 Satellite Evidence?!

Leave a reply

Did Russian President Vladimir Putin threaten to release secret satellite evidence of US government’s involvement in the 9/11 attacks?!

Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-09-21 : Added new information on the Pravda article, and the Russian satellite.
Originally posted @ 2022-03-11

Claim : Putin Threatened To Release 9/11 Satellite Evidence!

People are sharing a long message which claims that Russian President Vladimir Putin threatened to release secret satellite evidence of US government involvement in the 9/11 attacks!

They appear to believe that Putin issued this threat in retaliation for US sanctions against Russia, and military assistance to Ukraine. It’s a long post, so please skip to the next section for the facts…

Putin is going to hit once, but he’s going to hit hard. Russia is preparing the release of evidence of the involvement of the US government and intelligence services in the September 11 attacks. The list of evidence includes satellite images.

Published material can prove the US government complicity in the 9/11 attacks and the successful manipulation of public opinion. The attack was planned by the US government, but exercised using her proxy, so that an attack on America and the people of the United States looked like an act of aggression by international terrorist organizations.

The motive for deception and murder its own citizens served US oil interests and the Middle East state corporations. The evidence will be so convincing that it utterly debunks the official 9/11 cover story supported by the US government.

Russia proves that America is no stranger to using false flag terrorism against its citizens in order to achieve a pretext for military intervention in a foreign country. In the case of “the September 11 attacks,” the evidence will be conclusive satellite imagery.

If successful, the consequences of Putin’s tactics would expose the US government’s secret terrorist policies. The government’s credibility will be undermined and should bring about mass protests in the cities leading to an uprising, according to American analysts..

And as the United States will look on the world political arena? The validity of America’s position as a leader in the fight against international terrorism will be totally undermined giving immediately advantage to rogue states and Islamic terrorists.

Show less

Truth : Putin Did Not Threaten To Release 9/11 Satellite Evidence!

This is yet another example of pro-Russia FAKE NEWS that are spamming social media, as well as WhatsApp and Telegram groups. Here are the reasons why…

Fact #1 : Pravda Article Was Posted In February 2015

The Pravda article (translated archive | original Russian) was actually posted on 7 February 2015, and updated on 10 February 2015. This was specifically mentioned in the 2015 examples :

VT Editor’s note: Russian satellite evidence proving the controlled demolition of the World Trade Center using “special weapons” was reviewed by a VT editor while in Moscow.

The article below was forwarded to us for publication in the US and translated from Russian. It is 3 days old, published on February 7, 2015.

The fake news creators removed that section, to mislead you into thinking that this was a new threat by Putin in 2022 and 2023.

Fact #2 : No Evidence Putin Threatened To Release 9/11 Satellite Photos

Even though the viral post is based on a Pravda article, there never was any evidence that Vladimir Putin himself actually threatened to release satellite photos, or evidence of any 9/11 conspiracy.

The Pravda article itself did not make that claim. It only claimed that Russia is “preparing” to release evidence of the involvement of the US government and intelligence services in the 9/11 attacks.

Fact #3 : Russia Did Not Release Any Evidence Of 9/11 Conspiracy

If the Pravda article is true, then Russia is taking an extraordinarily long time to release evidence of a 9/11 conspiracy by the US government and intelligence services.

Despite preparing for over 8.5 years – since February 2015 – the Russian government has never released any evidence of any conspiracy by the US government in the September 11 attacks.

No satellite imagery… no photos… no documents… no evidence in any form or manner. Why not? Does it take that long to develop and digitise the photos from Russian satellites?

Fact #3 : Russian Satellites Were Terrible In 2001

It would also be quite a feat for Russia to provide “conclusive satellite imagery” as the Pravda article alleges, as Russian electro-optical satellites were not quite “state-of-the-art” in 2001, and that’s being generous.

At that time, they used the Yantar-4K2 (Cobalt / Kobalt) satellite – a slightly improved version of the Yantar-4KS1M (Neman / Неман) satellite, which had a resolution of just under a meter using the Zhemchug-18 camera.

These satellites have a limited lifespan of just 26 to 32 weeks, and used film which could be returned using two small canisters mid-mission, and a larger reentry module at the end.

Russia only had one in operation at that time – (Космос 2377) Cosmos 2377, which was launched on 29 May 2001, and dropped out of orbit on 10 October 2001.

Cosmos 2377 could plausibly have taken photos of the September 11 attacks on the World Trade Center in New York City, but the images was likely only as good as the Maxar IKONOS commercial imaging satellite.

Note that the Kobalt satellite is different from the Kobalt-M (Yantar-4K2M) satellite, which features upgraded optics with reported image resolution of 30 cm (0.3m), and a modernised platform. The first Kobalt-M satellite was launched on 24 September 2004.

Fact #4 : There Are Many Satellite Images Of 9/11 Attack

There is no real need for the Russians to share their satellite photos, because there are many publicly-available satellite photos on the September 11 attacks.

The private satellite imaging company, Maxar, for example, shared this high-resolution photo of ground zero at the World Trade Center on 15 September, 2001.

Taken by IKONOS, which had a resolution of 0.82 to 1 metre, it gives you a good idea of the image quality and resolution that are already available for free to the public. So it begs the question – do the Russians really have better images than that?

Fact #5 : Satellites Have Limitations

Despite being extremely useful, imaging satellites not magical instruments. They have limitations in what they can and cannot do.

For example, they have to generally stay in a pre-determined orbit, and “fly through” an area – leaving large gaps during which there is no coverage.

They also cannot look inside or under solid objects – planes, buildings, trees; and their view can be obscured by smoke and clouds, unless they have multi-spectral ability.

You can see how the smoke obscures the picture in this Maxar image taken of the Manhattan financial district on September 11, 2001.

It is therefore highly improbable that any satellite image from way up high would have captured “incriminating evidence” of the US government’s involvement in the September 11 attacks.

Fact #6 : 9/11 Attack Was Committed By Al Qaeda

In the past 22 years, the many conspiracy theories have all been repeatedly looked into and debunked.

We now know, with absolute certainty, that the September 11 attacks were conceived by Khalid Sheikh Mohammed, approved by Osama bin Laden, and carried out by nineteen Al Qaeda terrorists.

There was no US government involvement in the terrorist attacks on September 11, 2001.

Osama bin Laden himself claimed responsibility for the 9/11 attacks on several occasions. You don’t need a satellite to know that.

Now that you know the truth, please help us FIGHT FAKE NEWS by sharing this fact check out!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Military | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Marshall Minor III Wireless Earphones Scam Alert!

Leave a reply

Please watch out for the Marshall Minor III wireless earphones scam! Take a look at the scam, and find out what the facts really are!

Marshall Minor III Wireless Earphones Scam Alert!

Scammers are running Facebook ads that promote an awesome discount for the Marshall Minor III wireless earphones! Here is one recent example:

😣”Frustrating” 😣I had to queue for 5 hours at IOI City Mall to buy MARSHALL MINOR III wireless headphones for only RM179 (original price RM596), I was surprised because I thought they only sold directly I heard it’s open for sale online in 2 more days https://www.marshall-ash.asia/ms And also get the same discount as buying at the store. Free shipping nationwide.

But the 4 hours of queuing was worth it. As a Marshall fan, I was very excited when I heard the news that the Minor III series was coming out. And don’t waste your time waiting, the design is very beautiful, more stylish than the old version 💯 Great sound quality. Clear bus, fast Bluetooth connection, suitable for all types of devices, super battery life, 5 hours of continuous use and 25 hours with charging box, waterproof. The best thing about these headphones is the close-to-ear design. Comfortable, can play sports without worrying about falling. If you don’t buy it, you will be very disappointed.

I let my colleagues borrow it to play games because it sounded so realistic. There is no delay in movement.
Many people ask me if the store still has promotions? I just saw information that the store has a discount in the next 2 days. Order quickly. At the end of the promotion, the price will return to the original price of RM596. I leave the purchase link here for those who want to buy: https://www.marshall-ash.asia/ms

Recommended : Bantuan Rakyat Malaysia Scam Alert!

Marshall Minor III Offer : Why Is It A Scam?!

This is yet another example of SCAMS circulating on Facebook, and here are there reasons why…

Fact #1 : Marshall Minor III Price Absurdly Low

The first thing about scams involving electronics, is that they often promise ridiculous great deals. If it’s too good to be true, it often is just a scam.

In this particular scam, scammers are offering the Marshall Minor III wireless earphones for just RM179 (US$39). That’s absurd, as the Marshall Minor II wireless earphones has an official retail price of $159 (approximately RM699)!

Marshall is a high-end audiophile brand, and its electronics are never cheap. Even if they offer a discount, it wouldn’t be anything like 70% to 75%. That’s just ridiculous.

For your safety, here are legit purchase options online for the Marshall Minor III earbuds :

Malaysia : Shopee | Shopee | Shopee
Singapore : Shopee
United States : Amazon | Amazon
United Kingdom : Amazon

Fact #2 : Facebook Advertisement Is Fake

The Facebook advertisement appears to be created by a handsome influencer called 𝐀𝐥𝐯𝐢𝐧𝐧 𝐂𝐡𝐨𝐧𝐠 瑾.鍾.瑾. with 5.5 million followers.

But that’s what the scammers put in the intro. If you look carefully, this scam page only has 13 followers!

Recommended : Warning – PDRM Parking Fine Scam Alert!

Fact #3 : That Is “Push” Puttichai Kasetsin

The page is not owned by any influencer or digital creator called 𝐀𝐥𝐯𝐢𝐧𝐧 𝐂𝐡𝐨𝐧𝐠 瑾.鍾.瑾.

Those are actually photos of Puttichai Kasetsin – a Thai actor, model, DJ and TV host who is also known as “Push”.

Fact #4 : IOI City Mall Does Not Have A Marshall Outlet

The claim by these scammers that Alvinn Chong queued up for 5 hours at the IOI City Mall to buy the Marshall Minor III wireless earphones is easily debunked.

If you check the IOI City Mall tenant listing, you will quickly discover that it does not have a Marshall outlet.

Fact #5 : Queue Photos Are From Vietnam

The two photos which claim to show long queues for the Marshall Minor III wireless earphones were not taken in Malaysia. They were actually taken in Vietnam.

This photo does not show people in IOI City Mall queueing up outside a Marshall outlet. It actually shows people queuing up for the opening of the 15th Pandora store at the Long Bien Aeon Mall, on 28 April 2022.

Incidentally, Pandora is a Danish jewellery brand, and does not sell Marshall audio products…

The second queue photo is also from Vietnam, but taken many years ago on 11 November 2017. It does not show people queuing up to buy any Marshall products either.

They were actually queuing up at Royal City Shopping Center in Hanoi, for the opening ceremony of the second H&M store in Vietnam.

Fact #6 : Scam Website Not Affiliated With ASH Asia

ASH Asia is an authorised distributor of Marshall products in Malaysia, Thailand and Vietnam.

However, the scam page (https://www.marshall-ash.asia/ms) has nothing to do with ASH Asia, whose official Marshall Minor III page is https://ash-asia.com/ms.

On top of that, ASH Asia does not sell the Marshall Minor III directly (like the scam page). Instead, ASH Asia sells the wireless earphones through Shopee and Lazada.

In fact, if you check the main domain itself, you will get an error message, stating:

Your domain name has been successfully pointed! Please publish a Landing Page with the above domain name to use the service. Thank you!

This not only gives it away as a scam website, it also suggests that the scammers are operating out of Vietnam.

Fact #7 : Scam Website Admits Selling Fake Marshall Minor III

Ironically, the scam website itself has a disclaimer, warning potential buyers that it is not selling genuine Marshall Minor III wireless earphones, but a replica instead…

Most people won’t notice it because if you click to order, the website is designed to skip past this warning.

Fact #8 : Package Apparently Contained “Trash”?

To assure you that this is safe, the scammers say that you only need to pay on delivery. Sounds good, doesn’t it? That guarantees that you will at least receive the item, doesn’t it?

Not quite, as one person who claimed to have purchased from this scam website explained…

I was attracted and clicked in, filling in my address and phone number. Three days later, I got a call saying that my package would arrive through DHL-COD, and asked me to make sure I was home.

I started looking forward to it, but when I thought about it, I became more suspicious. Since when does DHL provide Cash On Delivery service? I can’t believe they would dare to pay for first-class service without any payment from me. I figured it might be a scam!

What’s the scam? You may not have any doubts when you receive the package. When I open it immediately and take a look, then I realized it was full of garbage. [Unfortunately] I had already paid the delivery person, who ran away.

我被吸引点了进去，填了地址电话。跟着三天后有电话来说我的包裹会到，DHL-COD的，确定我在家等。我开始很期待。跟着想，越想越不对。DHL有COD的服务咩？我还没过账他们就这么敢与服务一流到我不敢相信。我猜可能是诈骗！骗什么？当你收到包裹时是不会怀疑，立刻打开来看的。然后才发现里面是垃圾。人跑了钱给了。。。

If true, the scam involves giving you an empty package filled with trash to receive your cash payment. After which, you have no recourse.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Mobile | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Mexico Did It Photo : Can It Infect Your Phone With Virus?!

Leave a reply

Can the “Mexico Did It” photo infect your phone with a virus in just 5 seconds?!

Take a look at the viral claim, and find out what the facts really are!

Updated @ 2023-09-13 : Revised for a new wave
Originally posted @ 2022-11-07

Claim : “Mexico Did It” Photo Will Infect Your Phone With A Virus!

The warning about the “Mexico Did It” photo or image that will infect your phone with a virus keeps going… viral on WhatsApp and social media.

There are two versions so far – in English, and in Spanish.

FYI: They are going to publish an image that shows how Covid 19 is cured in Mexico and it is called “Mexico did it”, do not open it because it enters the phone in 5 seconds and it cannot be stopped in any way. It’s a virus. Pass it on to your friends and family. Now they also said it on CNN and BBC. DO NOT OPEN IT

Pass it on

Van a publicar una imagen que muestra como el Covid 19 se cura en Mexico y se llama “Mexico lo hizo” no lo abran porque entra al telefono en 5 segundos y no se puede frenar de ninguna forma. Es un virus. Pasenlo a sus familiares y amigos. Ahora lo dijeron tambien en CNN y BBC

Truth : There Is No “Mexico Did It” Photo / Virus!

This is just another example of FAKE NEWS circulating on WhatsApp and social media like Facebook and Twitter, and here are the reasons why…

Fact #1 : This Viral Message Has Been Circulating Since 2021

The viral message about the “Mexico Did It” photo or virus has been circulating on Facebook, WhatsApp and Twitter since April 2021.

Fact #2 : This Is A Modified Version Of “Argentina Is Doing It”

This viral message is actually a modified version of an earlier fake message, which claims that a video on WhatsApp called “Argentina is doing it” will hack your phone in 10 seconds.

It just replaces Argentina with Mexico, a video with a photo, and changes it from a 10-second hack into a 5-second virus attack.

Those two fake news are, in turn, probably based on the even older fake claim that hackers are using greeting photos and videos to hack your phone.

Fact #3 : There Is No “Mexico Did It” Photo / Virus

There is no such thing as a “Mexico Did It” image or photo. Neither is there a virus called “Mexico Did It“.

There is also no known virus that can infect your phone with a virus simply using a photo or image.

Fact #4 : CNN + BBC Never Reported On Such A virus

It’s been over 2.5 years since this fake story first appeared on Facebook, Twitter and WhatsApp, but neither CNN nor BBC has ever reported on a “Mexico Did It” virus.

Fact #5 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Fact #6 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #7 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 5 seconds, as the hoax message claims.

Generally, malware won’t wait a few seconds before it infects your devices. Waiting will only increase the risk of detection.

Unless the malware creator designed it to only infect your phone when you are sleeping (like the early hours of the morning), it pays to execute immediately.

Now that you know the facts, please SHARE this article with your family and friends, and SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Morocco Earthquake Seismic Wave Card Hack Your Phone?!

Leave a reply

Can the Seismic Wave Card containing photos of the recent earthquake at Morocco hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

Claim : Morocco Earthquake Seismic Wave Card Can Hack Your Phone!

This warning about the Seismic Wave Card containing photos of the recent earthquake at Morocco has gone viral on WhatsApp:

他们将在WhatsApp上上传一些摩洛哥地震的照片。该文件称为地震波CARD，不要打开或看到它，它会在10秒内破解您的手机，并且无法以任何方式停止。与您的家人和朋友分享信息。
不要打开它。他们还在电视上说过

Truth : There Is No Morocco Earthquake Seismic Wave Card!

This is yet another example of FAKE NEWS circulating on WhatsApp, and here are reasons why…

Fact #1 : There Is No Seismic Wave Card!

First, let me just point out that there is no such thing as a Seismic Wave Card.

The Seismic Wave Card is an Internet hoax that keeps getting recycled for every earthquake that comes along, like these examples show:

They are going to upload some photos of the Calvario earthquake on WhatsApp. The file is called CARD Seismic Waves. Do not open them or see them, they hack your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends. Don’t open it. They also said it on TV.

Fact #2 : Photos Are Shared Directly On WhatsApp

There is no need to open any file, or install any app, to view photos on WhatsApp. You simply click to view photos shared by other people on WhatsApp.

Of course, people may sometimes share high-resolution photos in ZIP or RAR files, because WhatsApp greatly reduces the resolution of photos shared on its platform.

Those ZIP or RAR files may be opened using apps like WinZip (Android | iOS) or RAR (Android) or Unarchiver (iOS). However, you should be wary if you are asked to download and install any app.

Unless you know what you are doing, it’s best to only view photos and videos directly inside WhatsApp, and not download any compressed files at all.

Fact #3 : Seismic Waves Card Is Not A Browser Hijacker

Seismic Waves Card appears to be falsely labelled as a browser hijacker by at least one “cybersecurity” website:

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest… but it cannot hack your smartphone by itself.

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

This is an incredibly clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t take 10 seconds, as the hoax message claims.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bantuan Rakyat Malaysia Scam Alert!

Leave a reply

Watch out for the Bantuan Rakyat Malaysia scam on WhatsApp, Telegram, Facebook and Twitter!

Find out how this scam works, and WARN your family and friends!

Bantuan Rakyat Malaysia 2023 Scam Alert!

These scam messages about Bantuan Tunai Rakyat (BTR) 2023, or Bantuan Percuma Kerajaan Malaysia 2023, is going viral on WhatsApp, Telegram, and social media platforms like Facebook and Twitter.

CARA SEMAKAN TARIKH BAGI PENERIMA BANTUAN RM600 DIKREDITKAN SETIAP BULAN

Untuk mereka yang layak, anda boleh lakukan semakan dengan mengikuti cara yang diterangkan.

Baca Cara Semakan Bantuan 👇
https://bntuanrakyatmalaysia.lynk.eu.org/

SHARE INFO ini kepada rakan-rakan dan saudara mara untuk manfaat semua

HOW TO CHECK THE DATE FOR RECIPIENTS OF ASSISTANCE RM600 CREDIT EVERY MONTH

For those who are eligible, you can check by following the described method.

Read How to Check Help 👇
https://bntuanrakyatmalaysia.lynk.eu.org/

SHARE this INFO to friends and relatives for the benefit of all

As one lady shared in the video below, she got tricked by the scammers, who took over her Telegram account to send the same scam message to all of her contacts!

While she claimed that she did not click any link, I will show you how she got scammed…

Bantuan Rakyat Malaysia Scam : How Does It Work?

Warning : To show you how the scammers work, I will share the links they use. I will highlight those dangerous links in red. Do NOT go to those links.

Super Long Link

To trick people into clicking on the scam links, the scammers intentionally use a misleading and very long URL, so you are less likely to notice the domain.

This is the scam link : https://bntuanrakyatmalaysia.lynk.eu.org/

Note how the scammer used a long list of descriptive keywords – “bantuan“, “rakyat“, “malaysia“, “lynk“, which helps to mislead people, and make it more difficult for them to notice that the domain is “eu.org“.

Obviously, eu.org is not a Malaysian government domain (which ends with .gov.my), and it has nothing to do with Malaysia or financial aid. This domain also has nothing to do with the European Union.

EU.org provides free subdomains, and so scammers use it to not only run their scams, but to give their scams a more “legitimate-looking domain”.

Pro Tip : Always check the domain of a link before you click on it. Avoid super-long links like this because they are often used to mask the domain name.

Fake Telegram Invitation

After clicking to go to https://bntuanrakyatmalaysia.lynk.eu.org/, you will be taken to what looks like an invitation to join a Telegram group. But in reality, it is a fake Telegram invitation.

A real Telegram invitation will have a link like this – https://t.me/XXXXXXXX. But this scam page has the link – https://bntuanrakyatmalaysia.lynk.eu.org/my.php.

Also, a real Telegram invitation can detect if you are using Windows / Mac or Android / iOS, and suggest that the right download for your device.

The invitation also has a glaring typo – the link says Massage Now, rather than Message Now. Hilarious!

In any case, a real Telegram invitation will not ask you to Message Now. Rather, it will allow you to either View In Telegram, or Preview channel in the web browser itself.

Fake Telegram Login Page

If you click on Join Group, you will be taken to this Telegram login page. Even though it offers you a list of countries to select from, the only option is Malaysia.

WARNING – THIS IS A SCAM PAGE. This is what is known in cybersecurity as a “phishing attack”.

First of all, Telegram invitations will never ask you to log into your Telegram account. It will simply launch the Telegram app and load the group for you.

Secondly, if you look at the link, it leads to the same scam domain, specifically https://bntuanrakyatmalaysia.lynk.eu.org/my.php.

Do NOT log into your Telegram account in this page.

If you log into your Telegram account using this phishing page, then the scammers will gain access to your Telegram account, and take it over for their own use.

They can then use your Telegram account to send the same scam message, or worse, cheat your family and friends of their money!

The lady in the viral video likely logged into this phishing page, thus giving the scammers control of her Telegram account. That was likely how they were able to message everyone on her contact list.

She also likely did not enable Two-Step Verification in Telegram, which would let her recover her account even after scammers have gained access.

That is why people who were hit by this scam had to call and inform their relatives and friends, or publicly post about it to warn all of their contacts.

Unfortunately, it is not always possible to warn all of their contacts, and inevitably, someone will get cheated of their hard-earned money. That’s why these scams are so popular – they really work, and scammers are making a ton of money!

Help us fight against these scammers. SHARE this article out, and WARN your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Warning – PDRM Parking Fine Scam Alert!

Leave a reply

Scammers are targeting motorists with the PDRM parking fine scam! Make sure you warn your family and friends!

Here is what you need to know about the PDRM parking fine scam!

PDRM Parking Fine Scam Email

People are getting emails warning them that they just committed a parking violation, while offering them a cheap fine if they pay quickly.

Fines Inquiry and Payment

Dear recipient,

We are writing to draw your attention to a recent traffic violation in Malaysian jurisdiction.

Our traffic enforcement staff have observed your vehicle parked in a no-parking zone. This contravenes section (no. 2016-691] of the Road Traffic Act.

The fine is set at MYR 50. Payment of the fine is required within 7 days of the date of notification, to avoid further legal consequences.

If the fine is not paid within the time limit, you may be subject to legal action, resulting in an increase in the original fine.

Payment deadline: [08/26/2023]

Methods of payment accepted:

Cordially,

Malaysian Police Department

PDRM Parking Fine Email Is A Scam!

These PDRM parking fine emails are scam emails. This was confirmed by PDRM itself.

On 7 August 2023, the Cyber Crime division of the Royal Malaysia Police (PDRM) posted an alert warning motorists not to fall for the MyBayar scam.

These emails are designed to scare its victims into action. Hence, it offers a very cheap way to quickly “settle the problem”. However, if you take a breath, and analyse the email CAREFULLY, you will see many problems with it.

Letter is from PDRM : The Royal Malaysia Police (PDRM) will never write to you by email.
Letter is in English : The Royal Malaysia Police (PDRM) will never write to you in English.
Typo in the name : The fake email used My Bayar PDRM, instead of MyBayar PDRM.
Lack of name and personal details : The fake email refers generically to “Dear recipient“, without listing your full name and MyKad number.
Lack of vehicle details : The fake email doesn’t mention the vehicle make and plate number.
Lack of location details : The fake email does not mention where the offence occurred, or even when it occurred.
Fine is much too low : PDRM traffic fines are never as low as RM50. The cheapest fine is RM150 for Category 4 offences, but you can pay as low as RM70 within 15 days.
No such law : The fake email refers to the Road Traffic Act. There is no such act in Malaysia. The proper name is the Road Transport Act 1987 (Act 333).
No such section : If you look at the Malaysia Road Transport Act 1987 (PDF download), you will see that there is no such thing as Section 2016-691.

The email appears to be from My Bayar PDRM (typo in the name), but if you inspect the email address, you will see that it was sent by “in-to-no-reply@silverbackgames.xxx” or “hello@sooqr.com” or some other email address.

Obviously, this email did not originate from an official PDRM email address! This should immediately tell you that this is a fake or scam email!

If you click on the Pay My Fine link in the scam email, you will be taken to a fake My Bayar PDRM website (with the same typo in the name).

You may notice that you now have 7 days to pay the RM 50 fine, instead of just 5 days in the email. Odd, isn’t it?

Also odd is the fact that the page does not mention your name, your MyKad number, your vehicle type and model, or even its plate number! The page also doesn’t mention where the offence took place, or the time you were caught committing said offence.

Do NOT proceed after this point… This is a scam website!

But if you have itchy fingers, and click on the Pay The Fine button, you will be asked to pay for the RM50 fine using your debit or credit card.

Needless to say, PLEASE DO NOT SUBMIT YOUR DEBIT / CREDIT CARD DETAILS!!!

If you provide these scammers with your debit / credit card details and TAC / OTP numbers, they will be able to charge ANY AMOUNT they want to your credit card, or withdraw ANY AMOUNT they want from your bank account!

It’s even worse if you are asked to log into your bank account to pay the fine. DO NOT DO THAT!

If you provide them with your bank login and password, as well as OTP/TAC number, these scammers will be able to transfer money out of your bank account!

Please note – this is a scam! This is a phishing attack to gain access to your credit card and/or bank account.

Regardless of how you get any notification from PDRM about any traffic offence you may have committed, you should always check the status through these official MyBayar PDRM options:

MyBayar PDRM website : https://mybayar.rmp.gov.my/
MyBayar PDRM app for Android : Google Play Store
MyBayar PDRM app for iOS : Apple App Store

Please SHARE this warning with your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Automotive | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

Leave a reply

Watch out for the Bantuan Tunai Rakyat Malaysia 2023 scam on WhatsApp, Telegram, Facebook and Twitter!

Find out how this scam works, and WARN your family and friends!

Bantuan Tunai Rakyat Malaysia 2023 Scam Alert!

These scam messages about Bantuan Tunai Rakyat (BTR) 2023, or Bantuan Percuma Kerajaan Malaysia 2023, is going viral on WhatsApp, Telegram, and social media platforms like Facebook and Twitter.

Bantuan percuma kerajaan 2023 khas untuk yang mana bergelar usahawan,pendidik,suri rumah,kerani dan yang kerja sendiri di waktu sekarang, boleh dapatkan geran RM2500 😱 🧕👩‍🍳👩‍💻👷‍♂️👨‍🎓👨‍🌾
✅ Bantuan ni percuma
✅ Tak perlu bayar semula
✅ Maksimum sehingga RM2,500 / RM5,000
JOM CLAIM:

Free government assistance 2023 especially for those who are entrepreneurs, educators, housewives, clerks and self-employed at the moment, can get a grant of RM2500 😱 🧕👩‍🍳👩‍💻👷‍♂️👨‍🎓👨‍🌾
✅ This help is free
✅ No need to pay again
✅ Maximum up to RM2,500 / RM5,000
CLAIM HERE:

As one lady shared in the video below, she got tricked by the scammers, who took over her Telegram account to send the same scam message to all of her contacts!

While she claimed that she did not click any link, I will show you how she got scammed…

Bantuan Tunai Rakyat Malaysia Scam : How Does It Work?

Warning : To show you how the scammers work, I will share the links they use. I will highlight those dangerous links in red. Do NOT go to those links.

Super Long Link

To trick people into clicking on the scam links, the scammers intentionally use a misleading and very long URL, so you are less likely to notice the domain.

This is the scam link : http://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com

Note how the scammer used a long list of descriptive keywords – “bantuan“, “kerajaan“, “my“, “fase 3“, which helps to mislead people, and make it more difficult for them to notice that the domain is “financialanchorllc.com“.

Obviously, financialanchorllc.com is not a Malaysian government domain (which ends with .gov.my), and it has nothing to do with Malaysia or financial aid.

A quick WHOIS check reveals that the ownership of this domain is hidden by a paid service – which is not what a genuine government agency would do.

Pro Tip : Always check the domain of a link before you click on it. Avoid super-long links like this because they are often used to mask the domain name.

Fake Telegram Invitation

After clicking to go to https://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com, you will be taken to what looks like an invitation to join a Telegram group. But in reality, it is a fake Telegram invitation.

A real Telegram invitation will have a link like this – https://t.me/XXXXXXXX. But this scam page has the link – https://bantuan-kerajaan-my-fase-3-trd.financialanchorllc.com.

Also, a real Telegram invitation can detect if you are using Windows / Mac or Android / iOS, and suggest that the right download for your device.

A real Telegram invitation will not ask you to Join Group. Rather, it will allow you to either View In Telegram, or Preview channel in the web browser itself.

Fake Telegram Login Page

If you click on Join Group, you will be taken to this Telegram login page.

WARNING – THIS IS A SCAM PAGE. This is what is known in cybersecurity as a “phishing attack”.

First of all, Telegram invitations will never ask you to log into your Telegram account. It will simply launch the Telegram app and load the group for you.

Secondly, if you look at the link, it leads to the same scam domain, specifically https://bantuan-kerajaan-my-fase3-gcc.financialanchorllc.com/main/index.php.

Do NOT log into your Telegram account in this page.

If you log into your Telegram account using this phishing page, then the scammers will gain access to your Telegram account, and take it over for their own use.

They can then use your Telegram account to send the same scam message, or worse, cheat your family and friends of their money!

She also likely did not enable Two-Step Verification in Telegram, which would let her recover her account even after scammers have gained access.

That is why people who were hit by this scam had to call and inform their relatives and friends, or publicly post about it to warn all of their contacts.

Help us fight against these scammers. SHARE this article out, and WARN your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How WithSecure Offensive Security Drives Business Resilience!

Leave a reply

Find out how WithSecure harnesses the power of offensive security to drive business resilience and enhance protection for its clients!

WithSecure Drives Business Resilience Through Offensive Security!

WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the SPHERE security conference 2023, WithSecure’s Chief Product Officer, Antti Koskela, shed light on their game-changing offering called ‘attack surface management.’ This managed service offers a comprehensive view of vulnerabilities in a company’s cloud-based estate.

As a result, WithSecure’s focus on the digital perimeter empowers businesses to reduce their overall attack surface, enhancing their cybersecurity posture in the ever-evolving threat landscape.

How WithSecure Offensive Security Drives Business Resilience!

WithSecure also introduced three groundbreaking services that amplify their commitment to ‘outcome-based security’ and ‘co-security’. This groundbreaking development was revealed by WithSecure Executive Vice President (Solutions) Scott Reininga, also at the SPHERE security conference 2023.

Reininga underscored WithSecure’s unparalleled expertise in offensive security, revealing that they are the home of one of the world’s most proficient offensive security teams. This team, a fusion of penetration testers (pentesters), red, blue and purple teamers, has profound knowledge of adversary tactics, tradecraft, and techniques.

Penetration testing is a cybersecurity practice that aims to discover vulnerabilities in a system by simulating controlled attacks. Their goal is not to cause damage but to pinpoint weaknesses for rectification. This proactive method, which can involve exploiting software vulnerabilities or simulating social engineering tactics, is key in any comprehensive cybersecurity strategy, offering a practical evaluation of potential risks rather than a theoretical one.

Our relentless pursuit of research and system testing allows us to uncover system vulnerabilities proactively. This crucial data is the building block of our products that are proactive, minimally disruptive, and crafted from the perspective of an attacker.

– Scott Reininga, WithSecure Executive Vice President (Solutions)

These insights were unveiled by Reininga during his recent product launch event titled ‘Co-security and co-managed services for partners’. He was joined on stage by WithSecure Vice President (Offering and Customer Experience) Niko Isotalo.

Expanding on WithSecure’s strategic approach, Isotalo said that the company’s outcome-based security framework model “connects Chief Information Security Officers (CISOs) and board members, offering clarity about the interplay between security outcomes and business objectives.”

This alignment clarifies the indispensable role of security in the core business framework to board members.

– Niko Isotalo, WithSecure Vice President (Offering and Customer Experience)

Reininga and Isotalo unveiled the three new offerings during their joint session. The first, termed “co-monitoring,” is a partnership model. WithSecure validates the genuineness of security incidents before alerting the duty manager, effectively curbing false alarms.

WithSecure collaborates with clients to supervise their digital ecosystems, particularly during periods when they are stretched thin on resources. This service, providing support beyond standard working hours, can also deliver round-the-clock monitoring if necessary.

Isotalo further introduced the second service, incident readiness software, recognising that many organisations lack comprehensive incident readiness plans.

Our software simplifies the creation, testing, and updating of such plans, which serve as essential shields against cyber threats.

Focusing on the urgency of immediate incident response, Reininga introduced the third service, an incident response retainer.

Our incident response retainer provides unlimited incident response within the critical initial 72 hours of an event. We eliminate the need for negotiation about budget and resource allocation.

We engage consultants rapidly, supported by our globally lauded 24/7 incident response team and top-tier threat intelligence unit, guaranteeing our customers industry-leading service level agreements (SLAs).

By integrating offensive security acumen, co-monitoring capabilities, incident readiness software, and swift incident response, WithSecure empowers organisations to effectively safeguard their digital assets and curtail the impact of potential breaches.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

WithSecure Takes Offensive Security Approach To Cloud Threats!

Leave a reply

WithSecure is harnessing the power of the offensive security approach in tackling evolving cloud threats!

WithSecure Takes Offensive Security Approach For Cloud Threats!

In a shifting cybersecurity landscape, WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the recent SPHERE security conference 2023 in Helsinki, Finland, WithSecure’s Chief Product Officer, Antti Koskela, shed light on this approach.

We’ve done identity assessments for many cloud-based companies, unveiling weaknesses in their cloud platforms.

Our offensive security approach is about understanding the attack surface of a cloud-based estate. We focus on the digital perimeter, which is crucial to reducing the overall attack surface.

Koskela went on to explain that WithSecure has distilled this insight into an innovative managed service offering called ‘attack surface management’. This service provides a comprehensive view of a company’s vulnerabilities, including IP addresses, port vulnerabilities, exposed APIs and web services, identity matters, patching levels and more.

With more open architecture, control over your attack surface becomes paramount. ‘Zero trust’ alone isn’t the answer as human errors happen. Our holistic approach helps mitigate this.

WithSecure’s product suite integrates various cloud-native solutions to deliver protection based on specific client requirements. This collaborative process, termed ‘co-security’, is driven by the security and business outcomes defined by the clients. Koskela emphasised the tripartite focus of their solution:

It’s about process, people, and technology. We collaborate to secure the outcomes, letting company directors steer the course of business.

Our WithSecure Elements platform is the cornerstone of our technology, built collaboratively with our clients.

Koskela acknowledged the evolution of the IT industry, from client-server in the ‘90s to hosted services in the 2000s, cloud computing in the 2010s and cloud-native in the 2020s. He underscored the need for a new security approach to match the evolving business environments:

The cloud offers agility, speed, cost-efficiency. But with new technologies come new security considerations.

WithSecure has been proactive, creating solutions for every technological shift – be it firewalling and endpoint protection during the hosted services era, or data security and VPNs for the cloud computing era.

And now, with the rise of cloud-native tech, we’re helping clients to understand and secure their digital perimeter through our offensive security approach.

WithSecure Chief Product Officer, Antti Koskela (left), and APAC Regional Director Yong Meng Hong (right)

WithSecure Elements Picking Up In APAC

Since its mid-2021 debut, WithSecure’s Elements platform has gained considerable momentum here in Malaysia and the broader Asia-Pacific region. This comprehensive cybersecurity platform has made its mark by providing organisations with a unified solution to their security needs.

Elements equips enterprises with the insight, adaptability, and technology to tackle evolving threats and changing business environments.

Offering unified endpoint protection across devices, clouds and servers, Elements consolidates everything from vulnerability management and collaboration protection to detection and response into one easy-to-navigate security console.

– WithSecure Asia-Pacific Regional Director Yong Meng Hong

Yong further emphasised that the cloud-based Elements platform provides real-time visibility across an entire IT infrastructure, simplifying how enterprises manage their cybersecurity.

Flexible licensing options, including fixed-term subscriptions and usage-based billing, ensure that organizations can tailor their cybersecurity services according to their specific needs.

Elements offers centralised management capabilities, giving IT managers a comprehensive overview of their enterprise’s IT infrastructure, enhancing their reassurance and control.

Today, WithSecure is globally recognised, trusted by a myriad of enterprises to safeguard against cyber threats, while also protecting tens of millions of consumers through over two hundred service providers and telecommunications partners.

For organisations looking to navigate the cloud’s security challenges, WithSecure’s offensive security approach could be just the safeguard they need.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Malaysia To Ban SMS With Personal Details!

Leave a reply

Telcos in Malaysia will soon ban SMS messages with personal information, as part of the MCMC’s initiative to prevent scams! Here is what you need to know!

Malaysia To Ban SMS With Personal Details!

On Sunday, 2 July 2023, four Malaysian telcos – Maxis, Celcom, Digital and U Mobile will ban SMS messages containing personal information , as part of the MCMC’s initiative to prevent scams.

In addition to the May ban of SMS links, both local and international users will be prevented from sending any SMS message containing:

personal details
mobile or fixed line phone number
banking details like account number
MyKad number

All SMS messages containing these forbidden items will not be blocked, but their senders won’t be charged for those blocked messages.

No Ban For SMS With Personal Details Via Short Codes

It should be noted that this ban on SMS messages with personal details do NOT apply to businesses using legitimate Enterprise short codes. They will still be allowed to issue SMS messages with URLs (links), phone numbers, and personal details.

Here are the current Enterprise short codes for Celcom and DIGI, from which you “may” continue to receive SMS messages with hyperlinks (URLs) and personal information.

Telco	Enterprise Short Codes
Celcom	CelcomDigi / EASYRELOAD Celcom / CELCOM 2000 / 2901 / 20000 / 78888 28888 / 28882 / 22288 / 28282 / 22888 2001 / 22002 / 22009 / 21888 / 22022 / 22033 / 22162 / 22244 / 22262 / 22990 / 23000 / 23222 / 23777 / 25000 / 25555 / 26664 / 26668 / 26674 / 26680 / 26699 / 27100 / 27200 / 27999 / 28000 / 29888 / 29992 / 29999 / 39131 / 39140 / 39146 / 39170 / 39172 / 39230 / 39231 / 39240 / 39254 / 39258 / 39281 / 39291 / 39442 / 39466 / 39470 / 39471 / 39496 / 39504 / 39505 / 39506 / 39509 / 39513 / 39514 / 39515 / 39518 / 39881 / 39437 / 39132 / 39133 / 39144 / 39162 / 39177 / 39498 / 39502 / 39511 / 39512 / 39495
Digi	CelcomDigi / Digi / DigiRewards 200 / 2901 / 2691 / 5001 / 27676 20000 / 21000 / 28879 / 28888 / 28882 / 22288 / 28282 / 22888

Maxis has 5-digit short codes like 1XXXX, 2XXXX, and 6XXXX, but has chosen to block SMS messages containing personal information from their Enterprise short codes:

In order to prevent individuals from becoming online scam scams, the Malaysia Communication and Multimedia Commission (MCMC) has issued a directive to all telcos on 14 February 2023 to block sending and receiving of short messaging service (SMS) from local, international mobile numbers and applications containing below contents:

URL link and any clickable link e.g. shorten URL; shorten URL;
Request for user’s personal information e.g name, IC number, account number and
Mobile and fixed line number

Blockings are being implemented in stages; started from 2 May 2023 for SMS between individuals; the next and last stage is the blocking of SMS containing the above 3 elements from mobile and applications such as Enterprise SMS service and Maxis IoT SIM from 2 July 2023.

Risky SMS Ban Helpful, But Other Platforms Still A Risk

While this measure is really helpful in reducing scams, the ban is limited to SMS messages. It does not prevent scammers from sending similar scam messages through instant messaging platforms like WhatsApp, Telegram, Facebook Messenger, WeChat, etc.

I should also point out that links are not inherently bad. Links in messages, even SMS messages, are mostly safe.

Perfectly Fine

Clicking on a link to read an article / terms and conditions of a promotion
Clicking on a link to enrol in a promotion which does not require you to log into any website
Clicking on a link to check in for a flight, or get a travel update

However, they can be used to send you to a phishing website which is designed to look like a genuine bank / payment website. Hence, it is critical that you should NEVER log into any website through a link.

NEVER DO THIS

Clicking on a link to log into a bank website
Clicking on a link to make a purchase or payment
Clicking on a link to log into any account / email

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

If you click on a link, and you are asked to login – this is likely a phishing attack. But don’t worry – as long as you refuse to log into any website after clicking on a link, the phishing attack fails.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Mobile | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Wedding Invitation Scam : Don’t Install APK File!

Leave a reply

Please watch out for the wedding invitation scam, and find out why you should NEVER install any APK file from strangers!

Find out what’s going on, and warn your family and friends!

Wedding Invitation Scam Gone Viral!

A new scam has gone viral on social media in Malaysia – the wedding invitation scam. In this scam, scammers contact their victims on WhatsApp, pretending to send them an APK file as a wedding invitation!

Here is the Malay version of the scam messages, and their English translations.

Dengan rasa kesyukuran, Menjemput Tuan ZAITON OTHMAN Ke Majlis Perkawinan Anak Kami
Sila Klik instal Apk untuk dapatkan kad kahwin digital kami ⬇️⬇️
Sila klik instal nampak kad kahwin digital kami 🙏, agar nak tau Siapa 😀

With gratitude, Inviting Mr. Zaiton Othman to our Son’s Wedding
Please click install Apk to get our digital wedding card ⬇️⬇️
Please click install to see our digital wedding card 🙏, to know who this is 😀

Recommended : How To Block Facebook Ads + Pay Scammers!

Wedding Invitation Scam : Don’t Install APK File!

This is yet another example of a Mobile Application Scam, and here are the reasons why…

Fact #1 : APK Is Android Installation File

First, it is important to know that APK files are not used to deliver wedding invitations, or photos and videos.

Short for Android Package Kit, an APK file is used to install software in Android devices. Think of it as the Android equivalent of an EXE installation file for Windows software.

Fact #2 : You Should Never Install APK File, Unless You’re An Expert

APK files, by definition, are merely installation files for Android devices. They can be used for legitimate purposes, as well as nefarious purposes.

However, legitimate Android apps are mostly delivered through proper mobile app platforms like Google Play Store and the HUAWEI App Gallery, where they are often scanned for malware before people are allowed to download and install.

Therefore, you should never download and install an APK file outside of legitimate mobile app platforms, unless you are an expert who needs to “sideload” an APK for a specific reason.

Now, this does not mean that only Android devices are vulnerable. Apple is slated to offer the ability to sideload apps too with iOS 17.

Fact #3 : Scammers Use APK Files To Install Malware

In most, if not all, cases where you receive an APK file from a stranger on WhatsApp, Telegram, through email or social media platforms, it is likely to contain malware.

Scammers use APK files containing malware to gain access to your phone. After you install these malware APK files, scammers can do anything – read your messages, steal your photos and videos, gain access to your TAC / OTP alerts, etc.

Fact #4 : APK File Scam Not Limited To Wedding Invitations

These mobile application scams are not just limited to wedding invitations, or offers to deliver illicit photos and videos. Scammers have also convinced their victims to install these APK malware files to :

book cheap temporary maid / cleaning services
book cheap air-conditioning services
book exclusive restaurants
receive special discounts
make investment transactions

Fact #5 : Scammers Use Social Engineering + Stolen Data

It is important to remember that scammers will use a combination of social engineering and stolen / purchased data to convince you to install their APK malware.

They may know your name, your MyKad number, your address and your telephone number. They may even know who is in your family, and even have your bank account or credit card details. All that information can be purchased from unscrupulous sources.

In some cases, scammers have taken over social media accounts and used them to trick the account holder’s family and friends into installing such APK malware files.

No matter who tells you to do it – even if they are your family member or friend, NEVER download and install an APK file.

Fact #6 : Bank Negara Malaysia Warned About Mobile App Scam

Bank Negara Malaysia has long warned consumers about such mobile application scams.

Be wary of clickable hyperlinks that redirects you to a site, or downloads an application to your phone. Banks will no longer send you any clickable hyperlinks via SMS!

Only download applications from your smartphone’s official application platforms (e.g. Google Play Store, [Apple] App Store, Huawei App Gallery).

Fact #7 : PDRM Confirmed This Is A Scam

On Monday, 19 June 2023, PDRM Commercial Crimes Investigation Department (CCID) Director Datuk Seri Ramli Mohamed Yoosuf warned the public about this wedding invitation scam:

This new tactic asks for an individual to open the link prepared to receive the wedding invitation. However, that’s the trick to steal information from the public and to make online transfer. The public are advised to avoid getting caught up in any message from questionable sources.

Please help us FIGHT SCAMMERS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Jomo Kwame Sundaram Stock Advice Scam Alert!

Leave a reply

WATCH OUT for scammers pretending to be Jomo Kwame Sundaram offering stock advice on Facebook!

Find out what’s going on, and warn your family and friends!

Jomo Kwame Sundaram Stock Advice Scam Alert!

Scammers are running Facebook advertisements that claim that famed Malaysian economist, Jomo Kwame Sundaram, is created a WhatsApp group offering free stock investment advice!

I am Jomo Kwame Sundaram
A prominent Malaysian economist.
On June 14th, I said in the stock exchange group:
There have been abnormal transactions in the Southeast Asian stock market in the past two days
Indonesian stock market soars on the 15th, with huge volatility
Now the local exchange has access to supervise the stock movement
Next, Malaysia’s stock market will also experience abnormal fluctuations
Please pay attention to: ADVCON, KPSCE, ICON, MBL these stocks
Related stock abnormal information, I will continue to send in the group
If you haven’t joined the stock exchange group
Please join in time, I will share the stock information I have for free
Master stock information and avoid losing money in the stock market

I am Jomo Kwame Sundaram
A prominent Malaysian economist.
This is my one and only page on Facebook
As of May 2023, there will be an outflow of RM2.39 billion from the Malaysian stock market
This is the result of a large amount of foreign funds manipulating the Malaysian stock market
Since the collapse of the three largest U.S. banks in March,
About $76 billion has been withdrawn from U.S. stocks into stock markets around the world
If you do not grasp the stock inside information in time
Investing in the stock market can make you lose money
I created a stock exchange group
Share the insider information about the stock market that I can grasp for free
Hope these stock information can help you

Show less

Recommended : How To Block Facebook Ads + Pay Scammers!

Jomo Kwame Sundaram Stock Advice Scam : What You Need To Know!

These Jomo Kwame Sundaram stock investment scams are being promoted heavily on Facebook in 2023, so please alert your family and friends!

Fact #1 : Jomo Kwame Sundaram Reported These Fake Ads

These fake Jomo Kwame Sundaram stock advice advertisements have been promoted on Facebook for several months now. On April 15, 2023, Jomo himself posted about this scam:

*Warning Letter from Jomo Kwame Sundaram*

I regret to inform you that someone is impersonating me. They have established an official website in my name, with many old photographs and other material to give this impression.

I am presented as an education and investment consultant, neither of which is true. There is even a contact telephone number for my supposed assistant.

I have reported the impersonation to Facebook and MCMC with no indication of any action so far. This happened several years ago as well when there was an earlier effort of this type.

I have never given investment advice, and have no intention whatsoever of doing so. It is highly irresponsible for anyone to claim they know the future. Whatever I do on economic and other matters is free for the public, and I urge you not to pay money to anyone who claims to be advising you in my name.

As I have been giving lectures in Tsinghua University in the past week, when this problem began, I did not realize how quickly the problem was growing and failed to act more promptly.

Please warn your friends and loved ones.

Thank you for your cooperation.

jomo

Unfortunately, as many people have discovered, Meta / Facebook does not appear to care about these fake ads. You can report them till kingdom come, but they will just keep running on Facebook as long as these scammers pay for them!

Fact #2 : Jomo Kwame Sundaram Is A Renown Economist

Jomo Kwame Sundaram is a world-renown economist, who writes extensively on economic policies. However, as he explained above, he is not an investment consultant!

He has better things to do than to offer you free stock investment advice! In May 7, he just published an article called “Inflation phobia, myths and dogma exacerbate policy responses” in the Review of Keynesian Economics.

Fact #3 : One Victim Lost RM480K To Investment Scam!

In November 2022, a 60 year-old housewife from Port Dickson fell for a similar investment scam, and lost almost RM480,000 (about US$104,000).

After being offered the free book on Facebook, she was asked to join a WhatsApp group called Family Discussion, where she was asked to convinced to “invest”.

The WhatsApp group administrator instructed her to download an application called Forza, and open a savings account. She was then asked to deposit money into certain bank accounts, and upload the slips using that Forza app as proof.

The lady withdrew her savings and borrowed from her children and friends to invest RM476,100. However, when she wanted to withdraw the interest paid by the company, her account was blocked. The group administrator told her that she would need to deposit an additional RM427,200 to withdraw the interest.

That was when the lady realised she had been scammed, and lodged a police report.

Please help us FIGHT SCAMMERS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Bursa Malaysia Stock Investment Scam Alert!

Leave a reply

Warning – both Datuk Muhamad Umar Swift and Bursa Malaysia are NOT giving out free stock investment advice or books!

Find out what’s going on, and warn your family and friends!

Bursa Malaysia Stock Investment Scam Alert!

Scammers are running Facebook advertisements that claim that Datuk Muhamad Umar Swift and/or Bursa Malaysia are giving free investment advice, or free books on stock investing!

Hi everyone, I am Datuk Muhamad Umar Swift
The Chief Executive Officer of Bursa Malaysia Bhd.
Since 2023, the Malaysian stock market has been relatively sluggish🤕🤕🤕
This may be because many stock market investors do not understand stock market trading
I have been blindly following the investment, resulting in a lot of losses
I have also received many letters from investors recently:
Ask if I have improved my trading skills?
Here I recommend a few stock books to everyone!
This can effectively improve your trading skills 💖💖💖
I also prepared 2,000 stock books for everyone📖📖📖
Free gift to Malaysian stock market investors, yes, it’s free!
Please add my assistant’s wapp, she will mail you books for free👇👇👇

I am Datuk Muhamad Umar Swift
The Chief Executive Officer of Bursa Malaysia Bhd.
In the past 3 months, I have received many letters from stock market investors
They mainly explained the following issues:
1. Want to learn stock market investment, but don’t know where to start? Including opening an account and understanding stock market information, etc.!
2. Veteran investors have certain technical experience, but cannot grasp real-time information, and often miss the best buying or selling points?
3. For retail investors, if you can’t find a team to keep warm, you will never get the first wave of stock market dividends!
4. Novice stockholders want to sign up to learn stock diagnosis techniques. There are so many analysts in Malaysia. I don’t know what to choose?
5. Many stockholders are locked up after entering the market. Do you know how to get out?
6. The global epidemic is over and the economy is recovering. How will the stock market go in the second half of this year?
The above questions are the feedback from our Malaysian stock market investors.
I will create a Malaysian stock market investor exchange group
Answer questions about the stock market online for free in the next 3 days
If you also encounter the above problems, please join my classroom study 👇👇👇

Show less

Recommended : How To Block Facebook Ads + Pay Scammers!

Bursa Malaysia Investment Scam : What You Need To Know!

These Datuk Muhamad Umar Swift and/or Bursa Malaysia free book / investment group scams are being promoted heavily on Facebook in 2023, so please alert your family and friends!

Fact #1 : Bursa Malaysia Reported These Ads As Fake

Bursa Malaysia is aware of these fake advertisements on Facebook, posting this scam alert on May 17, 2023:

[SCAM ALERT] Don’t be fooled by Facebook ads or pages that offer stock advice. Scammers are known to impersonate Bursa Malaysia representatives to lure you into their fake investment schemes. If you have come across ads or pages like this, be sure to report it to Bursa2U along with a screenshot and source link at bursa2u@bursamalaysia.com or call Bursa Malaysia’s Help Centre at +603-2732 0067. Remember to check the Securities Commission Investor Alert List at http://sc.com.my/investor-alert before investing. Contact the National Scam Response Centre hotline 997 if you have been a victim of scam.

[AMARAN SCAM] Jangan terpedaya dengan iklan atau halaman Facebook yang menawarkan nasihat saham. “Scammer” seringkali menyamar sebagai wakil Bursa Malaysia untuk memujuk anda ke dalam skim pelaburan palsu mereka. Jika anda menjumpai iklan atau halaman seperti ini, pastikan anda melaporkannya kepada Bursa2U berserta tangkapan skrin dan sumber pautan ke bursa2u@bursamalaysia.com atau hubungi Pusat Khidmat Bursa Malaysia di talian +603-2732 0067 . Semak Senarai Amaran Pelabur Suruhanjaya Sekuriti di http://sc.com.my/investor-alert sebelum melabur. Hubungi talian hotline Pusat Respons Scam Kebangsaan 997 jika anda menjadi mangsa penipuan.

#StayAlert #ScamAlert #TakNakScam #JanganKenaScam

Fact #2 : Bursa Malaysia Is Not A Charity

Please do NOT be naive. Bursa Malaysia is not only the stock exchange of Malaysia, it is also a public listed company, whose focus is to make money, not a charity to give you free books or advice!

Datuk Muhamad Umar Swift is not only the CEO of Bursa Malaysia Berhad, he is also the director of its subsidiary companies. He certainly has more important (and profitable) things to do than to create a WhatsApp group to answer YOUR questions or advice YOU on what stocks to buy!

Fact #3 : Bursa Malaysia Does Not Use WhatsApp To Communicate

Bursa Malaysia offers a multitude of contact options by snail mail, online forms on their Bursa2U portal, email or telephone.

What it does not have is a WhatsApp account. So when scammers message you to collect your “free books” using WhatsApp, or ask you to join the Bursa Malaysia WhatsApp group, be warned!

Datuk Muhamad Umar Swift (fake) : I’m sorry because too many people have privately messaged me, please click to add administrator 👇whatsapp👇, send “PM” to join our company’s free communication group! https://wa.me/6019527xxxx

The real Datuk Muhamad Umar Swift, and Bursa Malaysia, will never ask you to join a WhatsApp group for any reason, whether it’s for investment advice, stock tips, or to buy and sell stocks, etc.

Fact #4 : One Victim Lost RM480K To Investment Scam!

In November 2022, a 60 year-old housewife from Port Dickson fell for a similar “free book” scam, and lost almost RM480,000.

After being offered the free book on Facebook, she was asked to join a WhatsApp group called Family Discussion, where she was asked to convinced to “invest”.

That was when the lady realised she had been scammed, and lodged a police report.

Please help us FIGHT SCAMMERS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : How Fake Job Syndicates Operate!

Leave a reply

Find out how fake job syndicates operate, and how they reel you into their scams, and cheat YOU of your hard-earned money!

Make sure you SHARE this article, to warn your family and friends to avoid the fake job scams!

Fake Job Scams : What Are They?

Fake job scams have been around for a long, long time. But fake job syndicates have become more active recently, probably because more people are getting laid off, and inflation is eating into our money.

Fake job scams come in a variety of ways, but most commonly, you get unsolicited messages through WhatsApp or iMessage, offering you the opportunity to make a lot of money through part-time work, in the comfort of your own home.

Good day YouTubers!! This is Alexa from Youtube Entertainment. We invite you to participate in our event by liking and subscribing to our channel and we will give you XXX. Please reply “YES” if you are interested. Thank you.

Hi, I’m the recruitment manager of XYZ company. XYZ invites you to do regular work at home.

You can easily earn [large amounts of money] with your mobile phone every day, and your salary will be settled on the same day.

Please add my WhatsApp to sign up. The number of places is limited, only for today.

Hey! You have been selected for a job. Daily salary XXXX to YYYYY. WhatsApp [number removed]. Reply YES to apply.

Recommended : How To Block Facebook Ads + Pay Scammers!

Scam Alert : How Fake Job Syndicates Operate!

I personally have received many of such fake job offers, and have always ignored them. But when I saw a sudden surge of fake job offers, I decided to look into it. I also wanted to find out how they worked.

So I took a dive into two different fake job scams last week, and here was what I found…

How They Reel Their Victims In

It all starts with scammers tasked with “fishing” for victims. They will try to contact you by email, Facebook Messenger, SMS, WhatsApp, Telegram, or iMessage. Regardless of the method, the hook is simple – we are offering you an EASY way to make A LOT of money!

Once you are suitably impressed, these “fishing” scammers will offer you a simple task to show you just how easy it is to make a lot of money. To entice me, the two scammers offered me a pretty good sum of money for a very simple task:

Syndicate A : Subscribe to this YouTube channel, and send me the screenshot to receive XXXX.

Syndicate B : Like this YouTube video, and send me the screenshot to receive YYYY.

Recommended : Watch Out For Telegram Phishing Attack!

The Fishing Scammer Hands You Over To The Syndicate

After you complete that task, the fishing scammer then hands you off to the actual fake job syndicate, ostensibly for payment. You are asked to contact the company secretary / account manager on Telegram, with a “payment code”.

From what I surmise, the “payment code” is actually the fishing scammer’s referral code – they get paid for every victim they send the syndicate.

This will be your last contact with these fishing scammers. They are off to reel in more victims!

Syndicate Baits You With Payment

The syndicate secretary / account manager will ask you to register your details with them, but they are not too particular with any details, except for your phone number. If you give them the fake number, they will know because they will check with the fishing scammer using their referral code. But feel free to give them other fake details – they won’t care.

The fake job syndicate will then send you the payment for that “test” job, using a mule account. If you ask them why they are sending you the money through a different company account or even a random person’s account, they will tell you that they have many bank accounts because of daily transaction limits.

Syndicate Baits You With Simple Tasks

The syndicate will then add you to their Telegram channel offering multiple tasks per day. Instead of YouTube channels or videos, you are tasked to very simple tasks like:

open a link to a product page on an online shopping platform
take a screenshot of that product page
post that screenshot to the Telegram group
share that screenshot with your syndicate agent

You will breeze through the first three tasks easily, and the fake job syndicate will pay you promptly.

Fantastic, isn’t it? What could go wrong? After all, there are hundreds of other people participating in the same tasks, and getting paid!

Syndicate Tempts You With Pay To Earn Scam

At this point, you have done some calculations, and realise that you can easily make good money every day doing these simple tasks.

That’s when the fake job syndicate offers you the opportunity to make some serious cash. But there’s one catch – you need to PAY them to get access to jobs with serious money.

For every dollar you prepay, the fake job syndicate promises that you will get that back PLUS 10% to 30%, within minutes. Just in case you are worried about losing your money, hey, they are offering a refund. Honest!

And how can they offer you so much money for so little work? The syndicate throws in the magic word – cryptocurrency! Of course! That’s the only way anyone can make tons of money easily, with both eyes closed!

Syndicate Pressurises You With Bots

To convince you that they are legit, you will see many people posting screenshots of their payments to the Telegram group. They will also publicly announce how much they are investing. In some cases, they also post excitedly about how much money they already made, and how much they plan to make today.

This is just a charade to make you believe that people are really making money through this scheme. Most of these “participants” appear to be bot accounts, with a few sock puppet accounts. If you monitor these accounts over time, you will see them change names. I even spotted one of these fake participants (mercado livre in the screenshot above) become the Telegram group admin!

The genuine victims are those asking questions in the group like “We have to prepay?” But oddly enough, no one else in the group (except the Telegram group admin) will respond. That’s not how real people behave.

And if you check their receipts, you will notice some discrepancies in their receipts, which suggest that they were edited:

transfers within the same bank were labelled as transfers “to other banks”.
account numbers are too short / long for that particular bank

The others are possibly genuine receipts (by people who were scammed earlier), with their dates and times changed.

Once You Pay, It’s Game Over

I managed to get in touch with two victims of this scam, who claimed that once they deposited the prepaid amount, they were ghosted and removed from the Telegram group.

So that appears to be the scam – they bait you with a bit of money, until you are convinced that they are real. Then once you prepay them for the “big job”, they dump you right away.

Your assigned syndicate agent will block you, and you will get kicked off the Telegram group, which often disappears after scamming a few victims. Often, you will find your Telegram conversations with them mysteriously deleted. By then, it’s much too late – you have already lost your money.

To ensure they don’t lose money, they will price the introductory offer low enough to entice victims, but high enough to cover their costs and then some. But they will inevitably score some big fish, which is why the fake job scam persists.

Now that you know how the fake job scam works, please DO NOT get trapped into it! NEVER pay to get a job. It is just a scam!

Please SHARE this article out, and WARN your family and friends!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Fact Check | Cybersecurity | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Restaurant Menu QR Code Hack Your Phone?!

Leave a reply

Did the FBI just warn people to avoid using the restaurant menu QR code, because it can hack your phone?!

Take a look at the viral claim, and find out what the facts really are!

Claim : FBI Says Restaurant QR Code Can Hack Your Phone!

People are sharing a Daily Mail article, or screenshots of it, which claims that the FBI just warned people not to use any restaurant menu QR code because it can allow hackers to steal your data!

Here is an excerpt from the Daily Mail article. Feel free to skip to the next section for the facts!

Why you should ALWAYS ask for a physical menu: FBI warns hackers are planting fake QR CODES in restaurants that steal your data when you click the link

Scammers are making fake QR codes to place on top of real ones
This is letting them access smartphones and steal personal data

QR codes have become the new default for accessing restaurant menus across the US post-Covid — but scammers are seizing upon the new practice.

The FBI warns thieves are creating fake QR codes and planting them at eateries, retail shops and even parking meters.

Instead of taking you to an online menu or checkout, the links instantly download malware onto your device, stealing your location and personal information

The FBI has urged consumers to look out for typos or misplaced letters in URLs accessed through QR codes and ask restaurants for a physical menu.

Truth : FBI Did Not Say Restaurant QR Code Can Hack Your Phone!

This appears to be a “misunderstanding” of an actual FBI warning about QR codes. Here is what you need to know about the risks of scanning a QR code for a restaurant menu.

Fact #1 : FBI Issued QR Code Warning In January 2022

I could find no reference to a recent QR code warning by the FBI, and oddly enough, The Daily Mail did not provide a source or link to the FBI warning its article was referring to.

The FBI only released one public service announcement (PSA) about QR codes, and that was Alert Number 1-011822-PSA which was released on January 18, 2022.

If that was the source for the Daily Mail article, then it’s more than a year old, and not recent as the article appears to suggest.

Fact #2 : FBI Warned About General QR Code Risk

The FBI advisory was a general warning about the risks of tampered QR codes. Specifically, it warned about cybercriminals tampering with both digital and physical QR codes.

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site…

Fact #3 : FBI Advisory Did Not Mention Restaurant / Menu

Interestingly, the entire FBI advisory did not once mention restaurants or menus, and that makes a lot of sense.

It is odd to focus on the risk of using QR codes for online menus in restaurants, when they are used in so many other ways today – from making mobile payments, as mobile tickets, login tokens, etc.

Any security risk involving restaurant menu QR codes would also apply to QR codes used for other purposes. So it really doesn’t make sense for the FBI to “pick on” restaurant menu QR codes.

Fact #4 : QR Code Is Not Malicious In Nature

QR code (which is short for Quick Response code) is not nefarious or malicious in nature. The FB advisory specifically pointed that out – “QR codes are not malicious in nature“.

The QR code is merely a type of two dimensional barcode that was invented in 1994 by the Japanese company, Denso Wave, to track automotive parts. It has since been adopted for other purposes because it is more efficient and can support more than just numbers. For example, Version 40 QR code can contain up to 7,089 numbers or 4,296 characters.

Ultimately, a QR code is nothing more than a series of numbers or characters – data which can be used for a variety of purposes, including providing a link to an online restaurant menu.

Fact #5 : QR Code Can Be Tampered With

It is true that QR codes can be tampered with. In fact, the FBI advisory was issued after Texas police departments discovered fraudulent QR code stickers on parking meters in San Antonio and Austin. Drivers who scanned those fake QR codes were taken to a scam website. instead of the real payment website.

Hence, the FBI issued that warning to remind people to check the URL link to make sure that it is the intended website, and not a phishing page with a similar link. For example, the fake website may use www.quikpay.com when the real website is www.quickpay.com.

To completely avoid this risk, avoid using QR code to access a payment website. Always go directly to the payment website on your smartphone’s web browser by keying in the link yourself. Genuine payment labels with a QR code will often include a direct URL link for you to use as a safer alternative.

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #6 : Restaurant Menu QR Code Is Low Risk

While scammers can place fraudulent QR codes over genuine ones at restaurants, bars, and other eateries, this is a very unlikely attack vector.

That’s because restaurants often use QR codes to redirect you to an online system to order food and drinks for your table. Imagine if you scan a fraudulent QR code and are asked to key in your credit card details. That would be absurd, and you would surely complain to the waiter since you haven’t even ordered your food!

In most cases, you are not expected to pay at the table using QR code. You either pay using cash / credit card / mobile payment using QR code at the payment counter. Even if that QR code is compromised, the cashier would notice it immediately as any payment made using that QR code would not reflect in the restaurant’s point-of-sale (POS) system.

And payment only occurs after dining – a fraudulent QR code that leads you to a fake website won’t allow you to actually order anything, since it’s not connected to the real restaurant and its ordering system. That’s why this attack vector is highly improbable.

In any case, many restaurants now generate temporary QR codes on disposable paper stubs to avoid this risk. The QR code is only valid for your dining session. The next person to dine at the same table will receive a different QR code.

Fact #7 : QR Code Can Potentially Inject Malware

It is possible for QR code to inject malware into the smartphone that you are using to scan. In fact, there are apps like QRGen that allow scammers / hackers to easily generate malicious QR codes. However, it isn’t quite as simple as the article makes it out to be.

For one thing – malware and exploits are limited to specific operating systems or phone models. For example, an Android exploit / malware won’t work on iPhones. Or an exploit / malware that makes use of an Android 11 vulnerability won’t work on newer / updated Android smartphones since they would have patched the exploit.

Second – any malware will require considerable amounts of code to load. The scammer / hacker will have to use an enormous QR code like the version 40 example below, or it will need to convince you to download and install the malware package itself.

Genuine restaurant menu QR codes are simple – like the version 1 / version 10 examples above, because they only serve a link to their online menu / ordering system. If you see a large and complex QR code like the version 40 example, avoid scanning it, and ask the restaurant staff to verify its authenticity.

Restaurant menu QR codes would also never ask you to download or install anything. They only serve to load a link to an online menu / ordering system, so if you are asked to download or install anything, do NOT proceed, and notify the restaurant.

These tips also apply to other businesses that use QR codes to show you a menu, discounts, offers, information, etc.

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Money | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can hackers use Good Morning greetings to hack you?!

Leave a reply

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?!

Find out what is happening, and what the FACTS really are!

Updated @ 2023-04-21 : Updated with a new 2023 version of the hoax
Originally posted @ 2022-11-01

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read all! Please send this message urgently to as many friends as possible to prevent illegal intrusion.
Warning from Olga Nikolaevnas lawyer:

ATTENTION! For those who like to send Good Morning pictures! Good day! Good evening! Do not send these “good” messages.

Today, Shanghai China International News sent SOS to all subscribers (this is the third reminder) that experts recommend: please do not send good morning, good night, pictures and videos,.

Reports show that hackers in China designed the images, the video is so beautiful to hide the phishing codes inside them, when everyone sends these messages, the hackers use your devices to steal personal information, such as bank card information and data to crack the phone.

It has been reported that more than 500,000 victims of fraud have already been deceived.

If you want to greet others, write your own message to protect yourself and your family and friends.

Important! Delete all greeting messages and pictures that you have on your phone for your own safety. If someone sent you such a picture, immediately remove it from the device. Malicious code takes time to deploy, so if you act immediately, no harm will be done.

Tell all your friends about this to prevent hacking.

Greet others by writing your own words, and send only images you create. The material you create yourself is completely safe.‼️‼️ ️‼️

Please understand me correctly! All have credit cards attached to their phone. Everyone has a lot of contacts in their phones. You will create a threat not only to yourself, but to all the contacts that you have on your phones, your friends and acquaintances. ‼️ ️‼️ ️‼️

Take this very carefully! This is a harsh reality‼️ ️‼️ ️‼️

ATTENTION !!!
Urgent information !!!

Some people have already restricted..!

Show less

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News – does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Recommended : How To Block Facebook Ads + Pay Scammers!

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Scam Alert : Watch Out For Telegram Phishing Attack!

Leave a reply

Watch out for the phishing attack that will allow scammers to take over your Telegram account!

Scam Alert : Watch Out For Telegram Phishing Attack!

Scammers are now targeting Telegram users with a phishing attack that is designed to trick them into giving up their accounts! The Telegram phishing attack works like this:

Step 1 : The scammer gains control of your friend’s Telegram account, and sends this message to you:

Dear Telegram users. The system detects that this account is abnormal and has potential security risks.

To ensure that you can log in to your account normally, you need to invite friends for auxiliary verification

The risk control account has not been verified. The system will cancel the account after 24 hours!

Personal Information Authentication：[link removed]

Step 2 : The scammer, masquerading as your friend, asks you to help him/her verify his/her Telegram account by clicking on the link.

There are security risks in my account, and I need friends to help me verify it. Please click on the official link to help me verify it and follow the prompts. thank you

Step 3 : If you click on the [removed] link to help your friend, you will be taken to a website that looks like an official Telegram website. DO NOT DO THIS.

Step 4 : You will be asked to log into your Telegram account on the fake website. DO NOT DO THIS.

Step 5 : The fake Telegram website will ask you to key in your Login code, or take and upload a screenshot of your Telegram. DO NOT DO THIS.

Step 6 : If you continue, the scammer will be able to take over your Telegram account, and use it to scam your friends by asking them for money, etc.

The scammer will also have access to your Telegram chats, and all associated media including photos and videos, which could potentially be leaked or used to extort you or other people.

How To Protect Against Telegram Phishing Attack

A phishing (pronounced as fishing) attack is a social engineering attack, that uses your trust for an institution (like a bank), authority (Telegram), or someone you know, to give up your login details.

Here are some ways you can protect yourself against any phishing attack on Telegram, or other platforms.

Verify Identity Before Trusting

Many people fall for phishing attacks because it is human nature to trust your friends and to help them. However, on instant messaging apps, you don’t actually know if it’s really your friend on the other end!

So if a friend messages you on Telegram, WhatsApp, Facebook, Twitter, Instagram, etc to ask for help, ALWAYS verify their identity before proceeding.

If possible, call or message your friend on the phone, or via a different platform (use WhatsApp if the request came on Telegram, for example).

But if you are unable to call your friend, try asking the other person something that only your real friend would know:

Do NOT ask questions like “Are you really Sarah??“
Do NOT ask questions that can be answered by reading previous chat messages.
Ask something that only you and your friend would know, like “Hey Sarah, what was that restaurant we went to last week?“
Ask a fake question that your friend would readily know is not true, like “Hey Sarah, are you coming over tonight?“

If the other person cannot answer or gives you the wrong answer, he/she is not your friend, and that account has likely been taken over by a scammer.

Recommended : How To Block Facebook Ads + Pay Scammers!

Look At The Link

Whenever you see a link being shared, always check if it leads to a legitimate website, or attempts to masquerade as a real website, by substituting characters in the link.

This Telegram phishing attack, for example, uses a link to telegram.0rg.ee. The real Telegram domain name is telegram.org. This is called domain spoofing.

If you see an attempt to impersonate a legitimate website by using a similar-looking domain name, do NOT click on it.

Never Login Via A Link

It is common for people to share links on Telegram, and in Telegram groups. Heck, we share links to our article in the Tech ARP Telegram group!

Clicking on links in Telegram, WhatsApp, emails, etc. is not dangerous, because most lead to legitimate websites that do NOT require you to log in.

What is dangerous is logging into any website through a link. I cannot hammer this enough – NEVER LOG INTO ANY WEBSITE through a link!

Phishing attacks work by tricking you into going into a fake website that looks like the real website. But you still have to log into the fake website to give the scammers your login details.

Turn On Two-Step Verification

All banking platforms, and many mobile apps now offer two-step verification to prevent scammers from taking over user accounts. However, this is often an optional feature that you must manually enable.

Telegram has a two-step verification feature, which prevents scammers and hackers from hijacking your account by requiring a secret password that only you will know.

Please follow our guide on how to turn on Two-Step Verification in Telegram.

Just make sure you do NOT give that password out to anyone, or key it into any website!

Warn Your Family + Friends!

It is important to publicise phishing attacks, whenever they happen. If people are alerted, they are less likely to fall for such attacks.

However, scammers and hackers can quickly change the way their phishing attack works, so it is important that people understand how phishing attacks work in general.

You can help prevent phishing attacks by sharing this articles, and other cybersecurity warnings, with your family and friends.

Please help us FIGHT SCAMMERS by sharing this cybersecurity article out, and please SUPPORT our work!

Please Support My Work!

Support my work through a bank transfer / PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

Recommended Reading

Go Back To > Business | Software | Tech ARP

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!